GitLab Upgrade Alert - Security Upgrade Alert
What does this MR do and why?
Work towards #344682 (closed)
Closes #379130 (closed)
This change adds a Non-Dismissible Alert for instance admins to upgrade when their instance is behind a Security Release. We use the existing Version Check application to determine the severity of an upgrade and only render the alert when the severity is danger
.
There is a lot of discussion and context about this initiative on this issue: #344682 (closed)
Additionally some snowplow tracking has been added to the rendering of this component and the links.
Screenshots or screen recordings
Description | Screenshot |
---|---|
Up to date | ![]() |
Update available | ![]() |
Update ASAP | ![]() |
Alert | ![]() |
How to set up and validate locally
Important
- Ensure
Gitlab::CurrentSettings.version_check_enabled
is set to true (it defaults to true) - Version Check uses
ReactiveCache
so the first time you navigate to a place where the badge should be, it may not be in the cache and required a single reload.
Patch to spoof Security Patch
diff --git a/app/helpers/version_check_helper.rb b/app/helpers/version_check_helper.rb
index 0bb92dfd118..e0b156a1700 100644
--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
@@ -13,7 +13,8 @@ def show_version_check?
end
def gitlab_version_check
- VersionCheck.new.response
+ # VersionCheck.new.response
+ { 'severity' => SECURITY_ALERT_SEVERITY }
end
strong_memoize_attr :gitlab_version_check
How to test
- Log in as NON-ADMIN
- Click ? dropdown
- Ensure the Version Check Badge DOES NOT show up
- Ensure the Security Patch Alert DOES NOT show up
- Apply patch above
⬆ - Ensure the Security Patch Alert DOES NOT show up
- Log in as ADMIN
- Click ? dropdown
- Ensure the Version Check Badge DOES show up
- Ensure the Security Patch Alert DOES NOT show up
- Apply patch above
⬆ - Ensure the Security Patch Alert DOES show up
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #379130 (closed)
Edited by Zack Cuddy