Skip to content
Snippets Groups Projects
Commit adf423b9 authored by 🤖 GitLab Bot 🤖's avatar 🤖 GitLab Bot 🤖
Browse files

Automatic merge of gitlab-org/gitlab master

parents a83c0106 8aed3c62
No related branches found
No related tags found
No related merge requests found
Showing
with 288 additions and 72 deletions
......@@ -42,7 +42,8 @@ workflow:
# If `$FORCE_GITLAB_CI` is set, create a pipeline.
- if: '$FORCE_GITLAB_CI'
variables:
RUBY_VERSION: "3.0"
<<: *ruby3-variables
PIPELINE_NAME: 'Ruby 3 forced pipeline'
# As part of the process of creating RCs automatically, we update stable
# branches with the changes of the most recent production deployment. The
# merge requests used for this merge a branch release-tools/X into a stable
......@@ -55,6 +56,11 @@ workflow:
variables:
<<: *ruby2-variables
PIPELINE_NAME: 'Ruby 2 $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline'
- if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/'
variables:
<<: *ruby3-variables
GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
PIPELINE_NAME: 'Ruby 3 $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline (community contribution)'
# For (detached) merge request pipelines.
- if: '$CI_MERGE_REQUEST_IID'
variables:
......@@ -66,13 +72,13 @@ workflow:
<<: *ruby3-variables
<<: *default-branch-incident-variables
CRYSTALBALL: "true"
PIPELINE_NAME: 'Scheduled $CI_COMMIT_BRANCH pipeline'
PIPELINE_NAME: 'Scheduled Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
# Run pipelines for ruby2 branch
- if: '$CI_COMMIT_BRANCH == "ruby2" && $CI_PIPELINE_SOURCE == "schedule"'
variables:
<<: *ruby2-variables
NOTIFY_PIPELINE_FAILURE_CHANNEL: "f_ruby3"
PIPELINE_NAME: 'Scheduled ruby 2 pipeline'
PIPELINE_NAME: 'Scheduled Ruby 2 $CI_COMMIT_BRANCH branch pipeline'
# This work around https://gitlab.com/gitlab-org/gitlab/-/issues/332411 whichs prevents usage of dependency proxy
# when pipeline is triggered by a project access token.
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/'
......@@ -80,15 +86,18 @@ workflow:
<<: *ruby3-variables
<<: *default-branch-incident-variables
GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline (trigerred by a project token)'
# For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
variables:
<<: *ruby3-variables
<<: *default-branch-incident-variables
PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
variables:
<<: *ruby2-variables
PIPELINE_NAME: 'Ruby 2 $CI_COMMIT_TAG tag pipeline'
# If `$GITLAB_INTERNAL` isn't set, don't create a pipeline.
- if: '$GITLAB_INTERNAL == null'
when: never
......@@ -97,12 +106,15 @@ workflow:
variables:
<<: *ruby2-variables
NOTIFY_PIPELINE_FAILURE_CHANNEL: "releases"
PIPELINE_NAME: 'Ruby 2 $CI_COMMIT_BRANCH branch pipeline'
- if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
variables:
<<: *ruby2-variables
PIPELINE_NAME: 'Ruby 2 $CI_COMMIT_BRANCH branch pipeline'
- if: '$CI_COMMIT_BRANCH =~ /^security\//'
variables:
<<: *ruby2-variables
PIPELINE_NAME: 'Ruby 2 $CI_COMMIT_BRANCH branch pipeline'
variables:
PG_VERSION: "12"
......
......@@ -10,7 +10,7 @@ add-jh-files:
extends:
- .shared-as-if-jh
- .as-if-jh:rules:prepare-as-if-jh
image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
stage: prepare
before_script:
- source ./scripts/utils.sh
......
......@@ -56,7 +56,7 @@ packages-cleanup:
extends:
- .default-retry
- .caching:rules:packages-cleanup
image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
stage: prepare
before_script:
- source scripts/utils.sh
......
......@@ -32,7 +32,7 @@ review-build-cng-env:
extends:
- .default-retry
- .review:rules:review-build-cng
image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.16
image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
stage: prepare
needs:
# We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
......@@ -108,7 +108,7 @@ review-deploy:
- .review-workflow-base
- .review:rules:review-deploy
stage: deploy
image: ${GITLAB_DEPENDENCY_PROXY}dtzar/helm-kubectl:3.10.3
image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.10.3
needs:
- review-build-cng
- review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
......
......@@ -4,7 +4,7 @@ import { s__ } from '~/locale';
import { helpPagePath } from '~/helpers/help_page_helper';
export const i18n = {
allowedToPush: s__('BranchRules|Allowed to push'),
allowedToPush: s__('BranchRules|Allowed to push and merge'),
forcePushTitle: s__(
'BranchRules|Allow all users with push access to %{linkStart}force push%{linkEnd}.',
),
......
......@@ -30,7 +30,7 @@ export const I18N = {
),
statusChecksLinkTitle: s__('BranchRules|Manage in status checks'),
statusChecksHeader: s__('BranchRules|Status checks (%{total})'),
allowedToPushHeader: s__('BranchRules|Allowed to push (%{total})'),
allowedToPushHeader: s__('BranchRules|Allowed to push and merge (%{total})'),
allowedToMergeHeader: s__('BranchRules|Allowed to merge (%{total})'),
approvalsHeader: s__('BranchRules|Required approvals (%{total})'),
noData: s__('BranchRules|No data to display'),
......
......@@ -13,7 +13,7 @@ export const i18n = {
approvalRules: s__('BranchRules|%{total} approval %{subject}'),
matchingBranches: s__('BranchRules|%{total} matching %{subject}'),
pushAccessLevels: s__('BranchRules|Allowed to merge'),
mergeAccessLevels: s__('BranchRules|Allowed to push'),
mergeAccessLevels: s__('BranchRules|Allowed to push and merge'),
};
export default {
......
......@@ -15,6 +15,8 @@ class Runner < Ci::ApplicationRecord
include EachBatch
include Ci::HasRunnerExecutor
extend ::Gitlab::Utils::Override
add_authentication_token_field :token, encrypted: :optional, expires_at: :compute_token_expiration
enum access_level: {
......@@ -28,6 +30,9 @@ class Runner < Ci::ApplicationRecord
project_type: 3
}
# Prefix assigned to runners created from the UI, instead of registered via the command line
CREATED_RUNNER_TOKEN_PREFIX = 'glrt-'
# This `ONLINE_CONTACT_TIMEOUT` needs to be larger than
# `RUNNER_QUEUE_EXPIRY_TIME+UPDATE_CONTACT_COLUMN_EVERY`
#
......@@ -191,6 +196,8 @@ class Runner < Ci::ApplicationRecord
cached_attr_reader :version, :revision, :platform, :architecture, :ip_address, :contacted_at, :executor_type
attr_writer :legacy_registered
chronic_duration_attr :maximum_timeout_human_readable, :maximum_timeout,
error_message: 'Maximum job timeout has a value which could not be accepted'
......@@ -290,6 +297,13 @@ def runner_matcher
end
end
def initialize(params)
@legacy_registered = params&.delete(:legacy_registered)
@legacy_registered = true if @legacy_registered.nil?
super(params)
end
def assign_to(project, current_user = nil)
if instance_type?
raise ArgumentError, 'Transitioning an instance runner to a project runner is not supported'
......@@ -474,6 +488,13 @@ def compute_token_expiration
end
end
override :format_token
def format_token(token)
return token if @legacy_registered
"#{CREATED_RUNNER_TOKEN_PREFIX}#{token}"
end
private
scope :with_upgrade_status, ->(upgrade_status) do
......
......@@ -696,14 +696,22 @@ def head_commit
end
def head_tree(skip_flat_paths: true)
if head_commit
if Feature.enabled?(:optimized_head_tree)
return if empty? || root_ref.nil?
@head_tree ||= Tree.new(self, root_ref, nil, skip_flat_paths: skip_flat_paths)
elsif head_commit
@head_tree ||= Tree.new(self, head_commit.sha, nil, skip_flat_paths: skip_flat_paths)
end
end
def tree(sha = :head, path = nil, recursive: false, skip_flat_paths: true, pagination_params: nil)
if sha == :head
return unless head_commit
if Feature.enabled?(:optimized_head_tree)
return if empty? || root_ref.nil?
else
return unless head_commit
end
if path.nil?
return head_tree(skip_flat_paths: skip_flat_paths)
......
......@@ -22,7 +22,7 @@
%th
= s_("ProtectedBranch|Allowed to merge")
%th
= s_("ProtectedBranch|Allowed to push")
= s_("ProtectedBranch|Allowed to push and merge")
%th
= s_("ProtectedBranch|Allowed to force push")
%span.has-tooltip{ data: { container: 'body' }, title: s_('ProtectedBranch|Allow all users with push access to force push.'), 'aria-hidden': 'true' }
......
......@@ -25,7 +25,7 @@
.col-sm-12
= yield :merge_access_levels
.form-group.row
= f.label :push_access_levels_attributes, s_("ProtectedBranch|Allowed to push:"), class: 'col-sm-12'
= f.label :push_access_levels_attributes, s_("ProtectedBranch|Allowed to push and merge:"), class: 'col-sm-12'
.col-sm-12
= yield :push_access_levels
.form-group.row
......
---
name: optimized_head_tree
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110248
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/389448
milestone: '15.9'
type: development
group: group::source code
default_enabled: false
fragment Url on VulnerabilityDetailUrl {
type: __typename
name
href
}
fragment Diff on VulnerabilityDetailDiff {
type: __typename
name
before
after
}
fragment Code on VulnerabilityDetailCode {
type: __typename
name
value
}
fragment FileLocation on VulnerabilityDetailFileLocation {
type: __typename
name
fileName
lineStart
lineEnd
}
fragment ModuleLocation on VulnerabilityDetailModuleLocation {
type: __typename
name
moduleName
offset
}
fragment Commit on VulnerabilityDetailCommit {
type: __typename
name
value
}
fragment Text on VulnerabilityDetailText {
type: __typename
name
value
}
fragment Markdown on VulnerabilityDetailMarkdown {
type: __typename
name
value
}
fragment Boolean on VulnerabilityDetailBoolean {
type: __typename
name
value
}
fragment Int on VulnerabilityDetailInt {
type: __typename
name
value
}
fragment NonNestedReportTypes on VulnerabilityDetail {
...FileLocation
...Url
...Diff
...Code
...Commit
...Markdown
...Text
}
fragment ListFields on VulnerabilityDetailList {
type: __typename
name
}
fragment List on VulnerabilityDetailList {
...ListFields
items {
...NonNestedReportTypes
... on VulnerabilityDetailList {
...ListFields
items {
...NonNestedReportTypes
}
}
}
}
#import "../fragments/vulnerability_detail.fragment.graphql"
query getSecurityReportFinding($projectFullPath: ID!, $pipelineIid: ID!, $findingUuid: String!) {
project(fullPath: $projectFullPath) {
id
......@@ -62,60 +64,15 @@ query getSecurityReportFinding($projectFullPath: ID!, $pipelineIid: ID!, $findin
url
}
details {
... on VulnerabilityDetailUrl {
type: __typename
name
href
}
... on VulnerabilityDetailDiff {
type: __typename
name
before
after
}
... on VulnerabilityDetailCode {
type: __typename
name
value
}
... on VulnerabilityDetailFileLocation {
type: __typename
name
fileName
lineStart
lineEnd
}
... on VulnerabilityDetailModuleLocation {
type: __typename
name
moduleName
offset
}
... on VulnerabilityDetailCommit {
type: __typename
name
value
}
... on VulnerabilityDetailText {
type: __typename
name
value
}
... on VulnerabilityDetailMarkdown {
type: __typename
name
value
}
... on VulnerabilityDetailBoolean {
type: __typename
name
value
}
... on VulnerabilityDetailInt {
type: __typename
name
value
}
...FileLocation
...Url
...Diff
...Code
...Commit
...List
...Int
...Boolean
...ModuleLocation
}
}
}
......
......@@ -11,6 +11,7 @@ const GRAPHQL_TYPENAME_TO_COMPONENT_MAP = {
VulnerabilityDetailMarkdown: () => import('./types/markdown.vue'),
VulnerabilityDetailBoolean: () => import('./types/value.vue'),
VulnerabilityDetailInt: () => import('./types/value.vue'),
VulnerabilityDetailList: () => import('./types/list_graphql.vue'),
};
export const GRAPHQL_TYPENAMES = Object.keys(GRAPHQL_TYPENAME_TO_COMPONENT_MAP);
......
<script>
export default {
components: {
ReportItem: () => import('../report_item_graphql.vue'),
},
inheritAttrs: false,
props: {
items: {
type: Array,
required: true,
},
},
computed: {
hasNestedListItems() {
return this.items.some(this.isOfTypeList);
},
},
methods: {
isOfTypeList(item) {
return item.type === 'VulnerabilityDetailList';
},
},
};
</script>
<template>
<ul
data-testid="generic-report-type-list"
class="generic-report-list"
:class="{ 'generic-report-list-nested': hasNestedListItems }"
>
<li
v-for="item in items"
:key="item.name"
data-testid="generic-report-type-list-item"
:class="{ 'gl-list-style-none!': isOfTypeList(item) }"
>
<report-item :item="item" data-testid="report-item" />
</li>
</ul>
</template>
......@@ -414,6 +414,11 @@ export const vulnerabilityDetails = {
name: 'Integer value',
value: 'true',
},
list: {
type: 'VulnerabilityDetailList',
name: 'List',
items: [],
},
};
export const pipelineSecurityReportFinding = {
......
import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
import List from 'ee/vulnerabilities/components/generic_report/types/list_graphql.vue';
const TEST_DATA = {
items: [
{ type: 'VulnerabilityDetailsUrl', href: 'https://foo.bar' },
{ type: 'VulnerabilityDetailsUrl', href: 'https://bar.baz' },
],
listItem: { type: 'VulnerabilityDetailList', items: [] },
};
describe('ee/vulnerabilities/components/generic_report/types/list_graphql.vue', () => {
let wrapper;
const createWrapper = (options = {}) =>
shallowMountExtended(List, {
propsData: {
items: TEST_DATA.items,
},
// manual stubbing is needed because the component is dynamically imported
stubs: {
ReportItem: true,
},
...options,
});
const findList = () => wrapper.findByTestId('generic-report-type-list');
const findListItems = () => wrapper.findAllByTestId('generic-report-type-list-item');
const findReportItems = () => wrapper.findAllByTestId('report-item');
afterEach(() => {
wrapper.destroy();
});
it('renders a list', () => {
wrapper = createWrapper();
expect(findList().exists()).toBe(true);
});
it('renders a report-item for each item', () => {
wrapper = createWrapper();
expect(findReportItems()).toHaveLength(TEST_DATA.items.length);
});
describe.each([true, false])('when containing a nested list is "%s"', (hasNestedList) => {
const items = [...TEST_DATA.items];
if (hasNestedList) {
items.push(TEST_DATA.listItem);
}
beforeEach(() => {
wrapper = createWrapper({
propsData: {
items,
},
});
});
it('applies the correct classes to the list', () => {
expect(findList().classes().includes('generic-report-list-nested')).toBe(hasNestedList);
});
it('applies the correct classes to the list items', () => {
const lastItem = findListItems().at(-1);
expect(lastItem.classes().includes('gl-list-style-none!')).toBe(hasNestedList);
});
});
});
......@@ -7037,10 +7037,10 @@ msgstr ""
msgid "BranchRules|Allowed to merge (%{total})"
msgstr ""
 
msgid "BranchRules|Allowed to push"
msgid "BranchRules|Allowed to push and merge"
msgstr ""
 
msgid "BranchRules|Allowed to push (%{total})"
msgid "BranchRules|Allowed to push and merge (%{total})"
msgstr ""
 
msgid "BranchRules|An error occurred while fetching branches."
......@@ -34202,10 +34202,10 @@ msgstr ""
msgid "ProtectedBranch|Allowed to merge:"
msgstr ""
 
msgid "ProtectedBranch|Allowed to push"
msgid "ProtectedBranch|Allowed to push and merge"
msgstr ""
 
msgid "ProtectedBranch|Allowed to push:"
msgid "ProtectedBranch|Allowed to push and merge:"
msgstr ""
 
msgid "ProtectedBranch|An error occurred while loading branch rules. Please try again."
......@@ -58,6 +58,10 @@
end
end
trait :created_in_ui do
legacy_registered { false }
end
trait :without_projects do
# we use that to create invalid runner:
# the one without projects
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment