VladPolskiy/gitlab-ce
1
0
Fork 0
mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-07-20 16:42:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

Browse Source
This commit is contained in:
GitLab Bot
2023-08-30 09:10:38 +00:00
parent bb12213187
commit 4310bd9b3d
19 changed files with 696 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.rubocop.yml
View File

@ -166,6 +166,11 @@ RSpec/MultipleMemoizedHelpers:
Max: 25
AllowSubject: true
Capybara/TestidFinders:
Include:
- 'spec/features/**/*'
- 'ee/spec/features/**/*'
Naming/FileName:
ExpectMatchingDefinition: true
CheckDefinitionPathHierarchy: false

251
.rubocop_todo/capybara/testid_finders.yml Normal file
View File

@ -0,0 +1,251 @@
---
Capybara/TestidFinders:
Details: grace period
Exclude:
- 'ee/spec/features/admin/admin_dev_ops_reports_spec.rb'
- 'ee/spec/features/admin/admin_merge_requests_approvals_spec.rb'
- 'ee/spec/features/admin/admin_sends_notification_spec.rb'
- 'ee/spec/features/admin/admin_settings_spec.rb'
- 'ee/spec/features/admin/geo/admin_geo_projects_spec.rb'
- 'ee/spec/features/admin/groups/admin_subscription_alerts_spec.rb'
- 'ee/spec/features/admin/subscriptions/admin_views_subscription_spec.rb'
- 'ee/spec/features/billings/billing_plans_spec.rb'
- 'ee/spec/features/boards/boards_licensed_features_spec.rb'
- 'ee/spec/features/boards/boards_spec.rb'
- 'ee/spec/features/boards/group_boards/board_deletion_spec.rb'
- 'ee/spec/features/boards/new_issue_spec.rb'
- 'ee/spec/features/boards/scoped_issue_board_spec.rb'
- 'ee/spec/features/boards/sidebar_spec.rb'
- 'ee/spec/features/boards/swimlanes/epics_swimlanes_drag_drop_spec.rb'
- 'ee/spec/features/boards/swimlanes/epics_swimlanes_sidebar_labels_spec.rb'
- 'ee/spec/features/boards/swimlanes/epics_swimlanes_sidebar_spec.rb'
- 'ee/spec/features/boards/swimlanes/epics_swimlanes_spec.rb'
- 'ee/spec/features/boards/user_adds_lists_to_board_spec.rb'
- 'ee/spec/features/ci/ci_catalog_spec.rb'
- 'ee/spec/features/ci/ci_minutes_spec.rb'
- 'ee/spec/features/epic_boards/epic_boards_sidebar_spec.rb'
- 'ee/spec/features/epic_boards/epic_boards_spec.rb'
- 'ee/spec/features/epics/epic_labels_spec.rb'
- 'ee/spec/features/epics/epic_related_epics_spec.rb'
- 'ee/spec/features/epics/epic_show_spec.rb'
- 'ee/spec/features/epics/update_epic_spec.rb'
- 'ee/spec/features/gitlab_subscriptions/seat_count_alert_spec.rb'
- 'ee/spec/features/groups/analytics/ci_cd_analytics_spec.rb'
- 'ee/spec/features/groups/analytics/cycle_analytics/charts_spec.rb'
- 'ee/spec/features/groups/analytics/cycle_analytics/filters_and_data_spec.rb'
- 'ee/spec/features/groups/analytics/cycle_analytics/multiple_value_streams_spec.rb'
- 'ee/spec/features/groups/contribution_analytics_spec.rb'
- 'ee/spec/features/groups/group_roadmap_spec.rb'
- 'ee/spec/features/groups/group_settings_spec.rb'
- 'ee/spec/features/groups/iterations/user_edits_iteration_cadence_spec.rb'
- 'ee/spec/features/groups/security/compliance_dashboards_spec.rb'
- 'ee/spec/features/groups/settings/user_configures_analytics_dashboards_spec.rb'
- 'ee/spec/features/groups/settings/user_configures_insights_spec.rb'
- 'ee/spec/features/groups/settings/user_configures_vsd_aggregation_spec.rb'
- 'ee/spec/features/groups/show_spec.rb'
- 'ee/spec/features/groups/usage_quotas/pipelines_tab_spec.rb'
- 'ee/spec/features/groups/usage_quotas/seats_tab_spec.rb'
- 'ee/spec/features/groups/usage_quotas/usage_quotas_spec.rb'
- 'ee/spec/features/incidents/incident_details_spec.rb'
- 'ee/spec/features/incidents/user_uploads_metric_images_spec.rb'
- 'ee/spec/features/issues/blocking_issues_spec.rb'
- 'ee/spec/features/issues/epic_in_issue_sidebar_spec.rb'
- 'ee/spec/features/issues/issue_sidebar_spec.rb'
- 'ee/spec/features/merge_request/draft_comments_spec.rb'
- 'ee/spec/features/merge_request/user_merges_immediately_spec.rb'
- 'ee/spec/features/merge_request/user_sees_approval_widget_spec.rb'
- 'ee/spec/features/merge_request/user_sees_status_checks_widget_spec.rb'
- 'ee/spec/features/merge_request/user_sets_approval_rules_spec.rb'
- 'ee/spec/features/merge_request/user_sets_approvers_spec.rb'
- 'ee/spec/features/merge_request/user_views_blocked_merge_request_spec.rb'
- 'ee/spec/features/merge_trains/user_adds_to_merge_train_when_pipeline_succeeds_spec.rb'
- 'ee/spec/features/profiles/usage_quotas_spec.rb'
- 'ee/spec/features/projects/analytics/visualization_designer_spec.rb'
- 'ee/spec/features/projects/audit_events_spec.rb'
- 'ee/spec/features/projects/issues/user_creates_issue_spec.rb'
- 'ee/spec/features/projects/jobs/blocked_deployment_job_page_spec.rb'
- 'ee/spec/features/projects/pipelines/pipeline_spec.rb'
- 'ee/spec/features/projects/product_analytics/dashboards_shared_examples.rb'
- 'ee/spec/features/projects/security/vulnerability_report_spec.rb'
- 'ee/spec/features/projects/settings/analytics/user_configures_analytics_custom_dashboards_spec.rb'
- 'ee/spec/features/projects/settings/ee/service_desk_setting_spec.rb'
- 'ee/spec/features/projects/settings/merge_requests_settings_spec.rb'
- 'ee/spec/features/projects/settings/pipeline_subscriptions_spec.rb'
- 'ee/spec/features/projects/settings/protected_environments_spec.rb'
- 'ee/spec/features/projects/work_items/okr_spec.rb'
- 'ee/spec/features/protected_branches_spec.rb'
- 'ee/spec/features/registrations/combined_registration_spec.rb'
- 'ee/spec/features/registrations/identity_verification_spec.rb'
- 'ee/spec/features/remote_development/workspaces_dropdown_group_spec.rb'
- 'ee/spec/features/remote_development/workspaces_spec.rb'
- 'ee/spec/features/search/elastic/group_search_spec.rb'
- 'ee/spec/features/search/zoekt/search_spec.rb'
- 'ee/spec/features/tanuki_bot_chat_spec.rb'
- 'ee/spec/features/trials/saas/creation_with_multiple_existing_namespace_flow_spec.rb'
- 'ee/spec/features/trials/show_trial_banner_spec.rb'
- 'spec/features/admin/admin_deploy_keys_spec.rb'
- 'spec/features/admin/admin_dev_ops_reports_spec.rb'
- 'spec/features/admin/admin_groups_spec.rb'
- 'spec/features/admin/admin_projects_spec.rb'
- 'spec/features/admin/admin_runners_spec.rb'
- 'spec/features/admin/admin_settings_spec.rb'
- 'spec/features/admin/admin_uses_repository_checks_spec.rb'
- 'spec/features/admin/broadcast_messages_spec.rb'
- 'spec/features/admin/users/user_spec.rb'
- 'spec/features/admin/users/users_spec.rb'
- 'spec/features/alert_management/alert_details_spec.rb'
- 'spec/features/boards/board_filters_spec.rb'
- 'spec/features/boards/boards_spec.rb'
- 'spec/features/boards/issue_ordering_spec.rb'
- 'spec/features/boards/new_issue_spec.rb'
- 'spec/features/boards/sidebar_assignee_spec.rb'
- 'spec/features/broadcast_messages_spec.rb'
- 'spec/features/callouts/registration_enabled_spec.rb'
- 'spec/features/clusters/create_agent_spec.rb'
- 'spec/features/commits_spec.rb'
- 'spec/features/dashboard/group_spec.rb'
- 'spec/features/dashboard/issues_spec.rb'
- 'spec/features/dashboard/merge_requests_spec.rb'
- 'spec/features/dashboard/milestones_spec.rb'
- 'spec/features/dashboard/projects_spec.rb'
- 'spec/features/dashboard/todos/todos_spec.rb'
- 'spec/features/groups/board_sidebar_spec.rb'
- 'spec/features/groups/board_spec.rb'
- 'spec/features/groups/clusters/user_spec.rb'
- 'spec/features/groups/dependency_proxy_spec.rb'
- 'spec/features/groups/group_settings_spec.rb'
- 'spec/features/groups/members/leave_group_spec.rb'
- 'spec/features/groups/members/manage_groups_spec.rb'
- 'spec/features/groups/members/master_adds_member_with_expiration_date_spec.rb'
- 'spec/features/groups/members/search_members_spec.rb'
- 'spec/features/groups/members/sort_members_spec.rb'
- 'spec/features/groups/members/tabs_spec.rb'
- 'spec/features/groups/merge_requests_spec.rb'
- 'spec/features/groups/milestone_spec.rb'
- 'spec/features/groups/packages_spec.rb'
- 'spec/features/groups/settings/ci_cd_spec.rb'
- 'spec/features/groups/settings/packages_and_registries_spec.rb'
- 'spec/features/groups/show_spec.rb'
- 'spec/features/groups_spec.rb'
- 'spec/features/incidents/incident_details_spec.rb'
- 'spec/features/incidents/incident_timeline_events_spec.rb'
- 'spec/features/issuables/shortcuts_issuable_spec.rb'
- 'spec/features/issues/form_spec.rb'
- 'spec/features/issues/incident_issue_spec.rb'
- 'spec/features/issues/issue_detail_spec.rb'
- 'spec/features/issues/issue_sidebar_spec.rb'
- 'spec/features/issues/issue_state_spec.rb'
- 'spec/features/issues/user_creates_issue_spec.rb'
- 'spec/features/issues/user_edits_issue_spec.rb'
- 'spec/features/issues/user_resets_their_incoming_email_token_spec.rb'
- 'spec/features/issues/user_sees_live_update_spec.rb'
- 'spec/features/issues/user_sees_sidebar_updates_in_realtime_spec.rb'
- 'spec/features/issues/user_toggles_subscription_spec.rb'
- 'spec/features/labels_hierarchy_spec.rb'
- 'spec/features/merge_request/merge_request_discussion_lock_spec.rb'
- 'spec/features/merge_request/user_accepts_merge_request_spec.rb'
- 'spec/features/merge_request/user_assigns_themselves_spec.rb'
- 'spec/features/merge_request/user_comments_on_diff_spec.rb'
- 'spec/features/merge_request/user_comments_on_whitespace_hidden_diff_spec.rb'
- 'spec/features/merge_request/user_creates_mr_spec.rb'
- 'spec/features/merge_request/user_customizes_merge_commit_message_spec.rb'
- 'spec/features/merge_request/user_edits_mr_spec.rb'
- 'spec/features/merge_request/user_expands_diff_spec.rb'
- 'spec/features/merge_request/user_interacts_with_batched_mr_diffs_spec.rb'
- 'spec/features/merge_request/user_manages_subscription_spec.rb'
- 'spec/features/merge_request/user_merges_immediately_spec.rb'
- 'spec/features/merge_request/user_posts_notes_spec.rb'
- 'spec/features/merge_request/user_resolves_conflicts_spec.rb'
- 'spec/features/merge_request/user_reverts_merge_request_spec.rb'
- 'spec/features/merge_request/user_sees_merge_widget_spec.rb'
- 'spec/features/merge_request/user_sees_pipelines_spec.rb'
- 'spec/features/merge_request/user_sees_suggest_pipeline_spec.rb'
- 'spec/features/merge_request/user_sees_versions_spec.rb'
- 'spec/features/merge_request/user_squashes_merge_request_spec.rb'
- 'spec/features/merge_request/user_toggles_whitespace_changes_spec.rb'
- 'spec/features/merge_request/user_views_open_merge_request_spec.rb'
- 'spec/features/milestone_spec.rb'
- 'spec/features/nav/new_nav_callout_spec.rb'
- 'spec/features/nav/new_nav_toggle_spec.rb'
- 'spec/features/nav/pinned_nav_items_spec.rb'
- 'spec/features/nav/top_nav_responsive_spec.rb'
- 'spec/features/nav/top_nav_spec.rb'
- 'spec/features/populate_new_pipeline_vars_with_params_spec.rb'
- 'spec/features/profile_spec.rb'
- 'spec/features/profiles/account_spec.rb'
- 'spec/features/profiles/keys_spec.rb'
- 'spec/features/profiles/oauth_applications_spec.rb'
- 'spec/features/profiles/password_spec.rb'
- 'spec/features/profiles/personal_access_tokens_spec.rb'
- 'spec/features/profiles/user_creates_comment_template_spec.rb'
- 'spec/features/profiles/user_deletes_comment_template_spec.rb'
- 'spec/features/profiles/user_edit_profile_spec.rb'
- 'spec/features/profiles/user_updates_comment_template_spec.rb'
- 'spec/features/project_group_variables_spec.rb'
- 'spec/features/project_variables_spec.rb'
- 'spec/features/projects/blobs/blame_spec.rb'
- 'spec/features/projects/branches/user_deletes_branch_spec.rb'
- 'spec/features/projects/branches_spec.rb'
- 'spec/features/projects/ci/editor_spec.rb'
- 'spec/features/projects/ci/lint_spec.rb'
- 'spec/features/projects/clusters/gcp_spec.rb'
- 'spec/features/projects/clusters/user_spec.rb'
- 'spec/features/projects/commit/cherry_pick_spec.rb'
- 'spec/features/projects/commit/user_sees_pipelines_tab_spec.rb'
- 'spec/features/projects/commits/user_browses_commits_spec.rb'
- 'spec/features/projects/compare_spec.rb'
- 'spec/features/projects/environments/environment_spec.rb'
- 'spec/features/projects/environments/environments_spec.rb'
- 'spec/features/projects/feature_flags/user_sees_feature_flag_list_spec.rb'
- 'spec/features/projects/features_visibility_spec.rb'
- 'spec/features/projects/fork_spec.rb'
- 'spec/features/projects/integrations/user_activates_jira_spec.rb'
- 'spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb'
- 'spec/features/projects/jobs/permissions_spec.rb'
- 'spec/features/projects/jobs/user_browses_job_spec.rb'
- 'spec/features/projects/jobs/user_browses_jobs_spec.rb'
- 'spec/features/projects/jobs/user_triggers_manual_job_with_variables_spec.rb'
- 'spec/features/projects/jobs_spec.rb'
- 'spec/features/projects/members/group_member_cannot_leave_group_project_spec.rb'
- 'spec/features/projects/members/groups_with_access_list_spec.rb'
- 'spec/features/projects/members/master_adds_member_with_expiration_date_spec.rb'
- 'spec/features/projects/members/sorting_spec.rb'
- 'spec/features/projects/packages_spec.rb'
- 'spec/features/projects/pipeline_schedules_spec.rb'
- 'spec/features/projects/pipelines/pipeline_spec.rb'
- 'spec/features/projects/pipelines/pipelines_spec.rb'
- 'spec/features/projects/releases/user_creates_release_spec.rb'
- 'spec/features/projects/releases/user_views_releases_spec.rb'
- 'spec/features/projects/settings/merge_requests_settings_spec.rb'
- 'spec/features/projects/settings/monitor_settings_spec.rb'
- 'spec/features/projects/settings/project_settings_spec.rb'
- 'spec/features/projects/settings/registry_settings_cleanup_tags_spec.rb'
- 'spec/features/projects/settings/registry_settings_spec.rb'
- 'spec/features/projects/settings/repository_settings_spec.rb'
- 'spec/features/projects/settings/secure_files_spec.rb'
- 'spec/features/projects/settings/service_desk_setting_spec.rb'
- 'spec/features/projects/settings/slack_application_spec.rb'
- 'spec/features/projects/settings/user_manages_merge_requests_settings_spec.rb'
- 'spec/features/projects/settings/user_transfers_a_project_spec.rb'
- 'spec/features/projects/show/user_sees_collaboration_links_spec.rb'
- 'spec/features/projects/sub_group_issuables_spec.rb'
- 'spec/features/projects/terraform_spec.rb'
- 'spec/features/projects/tree/create_directory_spec.rb'
- 'spec/features/projects/tree/create_file_spec.rb'
- 'spec/features/projects/user_uses_shortcuts_spec.rb'
- 'spec/features/projects/work_items/work_item_children_spec.rb'
- 'spec/features/projects/work_items/work_item_spec.rb'
- 'spec/features/protected_branches_spec.rb'
- 'spec/features/runners_spec.rb'
- 'spec/features/search/user_searches_for_code_spec.rb'
- 'spec/features/search/user_searches_for_issues_spec.rb'
- 'spec/features/search/user_searches_for_merge_requests_spec.rb'
- 'spec/features/search/user_searches_for_milestones_spec.rb'
- 'spec/features/search/user_searches_for_wiki_pages_spec.rb'
- 'spec/features/search/user_uses_header_search_field_spec.rb'
- 'spec/features/search/user_uses_search_filters_spec.rb'
- 'spec/features/tags/developer_deletes_tag_spec.rb'
- 'spec/features/tags/maintainer_deletes_protected_tag_spec.rb'
- 'spec/features/triggers_spec.rb'
- 'spec/features/uploads/user_uploads_avatar_to_profile_spec.rb'
- 'spec/features/user_sees_revert_modal_spec.rb'

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
357e09f248881f0461a5ec8989ca01ccd9b2a860
a135d096227e2169aa6b15fa2c5a67d688d44a16

8
app/assets/stylesheets/utilities.scss
View File

@ -133,14 +133,6 @@
}
// Will be moved to @gitlab/ui in https://gitlab.com/gitlab-org/gitlab-ui/-/merge_requests/3569
.gl-mb-n5 {
margin-bottom: -$gl-spacing-scale-5;
}
.gl-mb-n7 {
margin-bottom: -$gl-spacing-scale-7;
}
.gl-mb-n8 {
margin-bottom: -$gl-spacing-scale-8;
}

4
danger/qa_selector/Dangerfile
View File

@ -2,13 +2,15 @@
return if helper.stable_branch?
data_testids = /testid|data-testid|find_by_testid|within_testid/
data_testids = /testid/
deprecated_qa_selectors = /(?=qa_selector|data-qa-selector)|(?!.*\bdata-qa-)(?=class=.*qa-.*|class: .*qa-.*)/
def filter_changed_lines(files, pattern)
lines = []
files.each do |file|
next if file.start_with?('spec/', 'ee/spec/', 'qa/')
testid_changed_lines = helper.changed_lines(file).select { |line| line =~ pattern }
next unless testid_changed_lines.any?

60
doc/administration/troubleshooting/postgresql.md
View File

@ -18,14 +18,70 @@ If you're on a [paid tier](https://about.gitlab.com/pricing/) and aren't sure
how to use these commands, [contact Support](https://about.gitlab.com/support/)
for assistance with any issues you're having.
## Start a database console
::Tabs
:::TabTitle Linux package (Omnibus)
Recommended for:
- Single-node instances.
- Scaled out or hybrid environments, on the Patroni nodes, usually the leader.
- Scaled out or hybrid environments, on the server running the PostgreSQL service.
```shell
sudo gitlab-psql
```
On a single-node instance, or a web or Sidekiq node you can also use the Rails database console, but
it takes longer to initialize:
- In [GitLab 14.2 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/341210):
```shell
sudo gitlab-rails db-console --database main
```
- In GitLab 14.1 and earlier:
```shell
sudo gitlab-rails db-console
```
:::TabTitle Docker
```shell
docker exec -it <container-id> gitlab-psql
```
:::TabTitle Self-compiled (source)
Use the `psql` command that's part of [your PostgreSQL installation](../../install/installation.md#7-database).
```shell
sudo -u git -H psql -d gitlabhq_production
```
:::TabTitle Helm chart (Kubernetes)
- If you run a hybrid environment, and PostgreSQL runs on a Linux packaged installation (Omnibus),
the recommended approach is to use the database console locally on those servers. Refer to the details
for Linux package.
- Use the console that's part of your external third-party PostgreSQL service.
- Run `gitlab-rails db-console` in the toolbox pod.
- Refer to our [Kubernetes cheat sheet](https://docs.gitlab.com/charts/troubleshooting/kubernetes_cheat_sheet.html#gitlab-specific-kubernetes-information) for details.
::EndTabs
To exit the console, type: `quit`.
## Other GitLab PostgreSQL documentation
This section is for links to information elsewhere in the GitLab documentation.
### Procedures
- [Connect to the PostgreSQL console](https://docs.gitlab.com/omnibus/settings/database.html#connecting-to-the-bundled-postgresql-database).
- [Database procedures for Linux package installations](https://docs.gitlab.com/omnibus/settings/database.html) including:
- SSL: enabling, disabling, and verifying.
- Enabling Write Ahead Log (WAL) archiving.

4
doc/api/users.md
View File

@ -326,6 +326,10 @@ Get a single user.
### For user
Prerequisites:
- You must be signed in to use this endpoint.
```plaintext
GET /users/:id
```

5
doc/security/rate_limits.md
View File

@ -121,6 +121,9 @@ The **rate limit** is 20 calls per minute per IP address.
### Project Jobs API endpoint
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/382985) in GitLab 15.7 [with a flag](../administration/feature_flags.md) named `ci_enforce_rate_limits_jobs_api`. Disabled by default.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/384186) in GitLab 16.0. Feature flag `ci_enforce_rate_limits_jobs_api` removed.
There is a rate limit for the endpoint `project/:id/jobs`, which is enforced to reduce timeouts when retrieving jobs.
The **rate limit** is 600 calls per minute per authenticated user.
@ -186,7 +189,7 @@ To remove a blocked IP:
keys *rack::attack*
```
By default, the [`keys` command is disabled](https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands).
By default, the [`keys` command is disabled](https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands).
1. Optionally, add [the IP to the allowlist](https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-rack-attack)
to prevent it being denylisted again.

76
doc/update/versions/gitlab_14_changes.md
View File

@ -34,6 +34,17 @@ For more information about upgrading GitLab Helm Chart, see [the release notes f
A workaround exists to [complete the data change and the upgrade manually](../package/index.md#mixlibshelloutcommandtimeout-rails_migrationgitlab-rails--command-timed-out-after-3600s).
### Linux package installations
- In GitLab 14.10, Gitaly has introduced a new runtime directory. This directory is intended to hold all files and
directories Gitaly needs to create at runtime to operate correctly. This includes, for example, internal sockets, the
Git execution environment, or the temporary hooks directory.
This new configuration can be set via `gitaly['runtime_dir']`. It replaces the old `gitaly['internal_socket_dir']`
configuration. If the internal socket directory is not explicitly configured, sockets will be created in the runtime directory.
Support for `gitaly['internal_socket_dir']` will be removed in 15.0.
## 14.9.0
- Database changes made by the upgrade to GitLab 14.9 can take hours or days to complete on larger GitLab instances.
@ -144,6 +155,13 @@ that may remain stuck permanently in a **pending** state.
This issue is fixed in GitLab 14.10 and later when using the [Gitaly runtime directory](https://docs.gitlab.com/omnibus/update/gitlab_14_changes.html#gitaly-runtime-directory)
to specify a location to store persistent files.
### Linux package installations
- In GitLab 14.8, we are upgrading Redis from 6.0.16 to 6.2.6. This upgrade is expected to be fully backwards compatible.
If your instance has Redis HA with Sentinel, follow the upgrade steps documented in
[Redis HA (using Sentinel)](../zero_downtime.md#redis-ha-using-sentinel).
## 14.6.0
- See [LFS objects import and mirror issue in GitLab 14.6.0 to 14.7.2](../index.md#lfs-objects-import-and-mirror-issue-in-gitlab-1460-to-1472).
@ -250,6 +268,16 @@ that may remain stuck permanently in a **pending** state when the instance lacks
end
```
### Linux package installations
- In GitLab 14.4, the provided Grafana version is 7.5, this is a downgrade from the Grafana 8.1 version introduced in
GitLab 14.3. This was reverted to an Apache-licensed Grafana release to allow time to consider the implications of the
newer AGPL-licensed releases.
Users that have customized their Grafana install with plugins or library panels may experience errors in Grafana after
the downgrade. If the errors persist after a Grafana restart you may need to reset the Grafana db and re-add the
customizations. The Grafana database can be reset with `sudo gitlab-ctl reset-grafana`.
## 14.3.0
- [Instances running 14.0.0 - 14.0.4 should not upgrade directly to GitLab 14.2 or later](#upgrading-to-later-14y-releases).
@ -503,6 +531,54 @@ Other issues:
update users set password_expires_at = null where username='<USERNAME>';
```
### Linux package installations
- In GitLab 13.0, `sidekiq-cluster` was enabled by default and the `sidekiq` service ran `sidekiq-cluster` under the hood.
However, users could control this behavior using `sidekiq['cluster']` setting to run Sidekiq directly instead. Users
could also run `sidekiq-cluster` separately using the various `sidekiq_cluster[*]` settings available in `gitlab.rb`.
However these features were deprecated and are now being removed.
Starting with GitLab 14.0, `sidekiq-cluster` becomes the only way to run Sidekiq in Linux package installations. As
part of this process, support for the following settings in `gitlab.rb` is being removed:
- `sidekiq['cluster']` setting. Sidekiq can only be run using `sidekiq-cluster` now.
- `sidekiq_cluster[*]` settings. They should be set via respective `sidekiq[*]` counterparts.
- `sidekiq['concurrency']` setting. The limits should be controlled using the two settings `sidekiq['min_concurrency']`
and `sidekiq['max_concurrency']`.
- In GitLab 13.0, Puma became the default web server for GitLab, but users were still able to continue using Unicorn if
needed. Starting with GitLab 14.0, Unicorn is no longer supported as a webserver for GitLab and is no longer shipped
with the Linux package.
Users must migrate to Puma following [the documentation](../../administration/operations/puma.md) to upgrade to GitLab
14.0.
- The Consul version has been updated from 1.6.10 to 1.9.6 for Geo and multi-node PostgreSQL installs. Its important
that Consul nodes be upgraded and restarted one at a time.
For more information, see [Upgrade the Consul nodes](../../administration/consul.md#upgrade-the-consul-nodes).
- Starting with GitLab 14.0, GitLab automatically generates a password for initial administrator user (`root`) and stores
this value to `/etc/gitlab/initial_root_password`.
For more information, see
[Set up the initial password](https://docs.gitlab.com/omnibus/installation/index.html#set-up-the-initial-password).
- The binaries for PostgreSQL 11 and repmgr have been removed. Prior to upgrading, administrators of Linux package
installations must:
1. Ensure the installation is using [PostgreSQL 12](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server).
1. If using repmgr, [convert to using patroni](../../administration/postgresql/replication_and_failover.md#switching-from-repmgr-to-patroni).
- Two configuration options for Redis were deprecated in GitLab 13 and removed in GitLab 14:
- `redis_slave_role` is replaced with `redis_replica_role`.
- `redis['client_output_buffer_limit_slave']` is replaced with `redis['client_output_buffer_limit_replica']`.
Redis Cache nodes being upgraded from GitLab 13.12 to 14.0 that still refer to `redis_slave_role` in `gitlab.rb` will
encounter an error in the output of `gitlab-ctl reconfigure`:
```plaintext
There was an error running gitlab-ctl reconfigure:
The following invalid roles have been set in 'roles': redis_slave_role
```
### Upgrading to later 14.Y releases
- Instances running 14.0.0 - 14.0.4 should not upgrade directly to GitLab 14.2 or later,

146
doc/update/versions/gitlab_16_changes.md
View File

@ -12,11 +12,18 @@ Ensure you review these instructions for:
- Your installation type.
- All versions between your current version and your target version.
Some GitLab installations must upgrade to GitLab 16.0 before upgrading to any other version. For more information, see
[Long-running user type data change](#long-running-user-type-data-change).
For more information about upgrading GitLab Helm Chart, see [the release notes for 7.0](https://docs.gitlab.com/charts/releases/7_0.html).
## Issues to be aware of when upgrading from 15.11
- Some GitLab installations must upgrade to GitLab 16.0 before upgrading to any other version. For more information, see
[Long-running user type data change](#long-running-user-type-data-change).
- Other installations can skip 16.0, 16.1, and 16.2 as the first required stop on the upgrade path is 16.3. Review the notes for those intermediate
versions.
- If your GitLab instance upgraded first to 15.11.0, 15.11.1, or 15.11.2 the database schema is incorrect.
Recommended: perform the workaround before upgrading to 16.x.
See [the details and workaround](#undefined-column-error-upgrading-to-162-or-later).
## 16.3.0
- For Go applications, [`crypto/tls`: verifying certificate chains containing large RSA keys is slow (CVE-2023-29409)](https://github.com/golang/go/issues/61460)
@ -67,6 +74,15 @@ Specific information applies to Linux package installations:
- Impacted versions: GitLab versions 16.1.0 - 16.1.3 and 16.2.0 - 16.2.2.
- If you deployed an affected version, after upgrading to a fixed GitLab version, follow [these instructions](https://gitlab.com/gitlab-org/gitlab/-/issues/419742#to-fix-data)
to resync the affected job artifacts.
- If your GitLab database was created by or upgraded via versions 15.11.0 - 15.11.2 inclusive, upgrading to GitLab 16.2 fails with:
```plaintext
PG::UndefinedColumn: ERROR: column "id_convert_to_bigint" of relation "ci_build_needs" does not exist
LINE 1: ...db_config_name:main*/ UPDATE "ci_build_needs" SET "id_conver...
```
See [the details and workaround](#undefined-column-error-upgrading-to-162-or-later).
- You might encounter the following error while upgrading to GitLab 16.2 or later:
```plaintext
@ -219,3 +235,127 @@ an unusable state, generating `500` errors. The errors are caused by Sidekiq and
application code that is incompatible with the database schema.
At the end of the workaround process, Sidekiq and Puma are restarted to resolve that issue.
## Undefined column error upgrading to 16.2 or later
A bug in GitLab 15.11 incorrectly disabled a database change on self-managed instances.
For more information, see [issue 408835](https://gitlab.com/gitlab-org/gitlab/-/issues/408835).
If your GitLab instance upgraded first to 15.11.0, 15.11.1, or 15.11.2 the database schema is
incorrect and upgrading to GitLab 16.2 or later fails with an error. A database change
requires the earlier modification to be in place:
```plaintext
PG::UndefinedColumn: ERROR: column "id_convert_to_bigint" of relation "ci_build_needs" does not exist
LINE 1: ...db_config_name:main*/ UPDATE "ci_build_needs" SET "id_conver...
```
GitLab 15.11.3 shipped a fix for this bug, but it doesn't correct the problem on
instances already running the earlier 15.11 releases.
If you're not sure if an instance is affected, check for the column on the
[database console](../../administration/troubleshooting/postgresql.md#start-a-database-console):
```sql
select pg_typeof (id_convert_to_bigint) from public.ci_build_needs limit 1;
```
If you need the workaround, this query fails:
```plaintext
ERROR: column "id_convert_to_bigintd" does not exist
LINE 1: select pg_typeof (id_convert_to_bigintd) from public.ci_buil...
```
Unaffected instances return:
```plaintext
pg_typeof
-----------
bigint
```
The workaround for this issue differs if your GitLab instance's database schema
was recently created:
| Installation version | Workaround |
| -------------------- | ---------- |
| 15.9 or earlier | [15.9](#workaround-instance-created-with-159-or-earlier) |
| 15.10 | [15.10](#workaround-instance-created-with-1510) |
| 15.11 | [15.11](#workaround-instance-created-with-1511) |
Most instances should use the 15.9 procedure. Only very new instances require the
the 15.10 or 15.11 procedures. If you've migrated GitLab using backup and restore,
the database schema comes from the original instance. Select the workaround based
on the source instance.
The commands in the following sections are for Linux package installations, and
differ for other installation types:
::Tabs
:::TabTitle Docker
- Omit `sudo`
- Shell into the GitLab container and run the same commands:
```shell
docker exec -it <container-id> bash
```
:::TabTitle Self-compiled (source)
- Use `sudo -u git -H bundle exec rake` instead of `sudo gitlab-rake`
- Run the SQL on [your PostgreSQL database console](../../administration/troubleshooting/postgresql.md#start-a-database-console)
:::TabTitle Helm chart (Kubernetes)
- Omit `sudo`.
- Shell into the `toolbox` pod to run the Rake commands: `gitlab-rake` is in `/usr/local/bin` if not in the `PATH`.
- Refer to our [Kubernetes cheat sheet](https://docs.gitlab.com/charts/troubleshooting/kubernetes_cheat_sheet.html#gitlab-specific-kubernetes-information) for details.
- Run the SQL on [your PostgreSQL database console](../../administration/troubleshooting/postgresql.md#start-a-database-console)
::EndTabs
### Workaround: instance created with 15.9 or earlier
```shell
# Restore schema
sudo gitlab-psql -c "DELETE FROM schema_migrations WHERE version IN ('20230130175512', '20230130104819');"
sudo gitlab-rake db:migrate:up VERSION=20230130175512
sudo gitlab-rake db:migrate:up VERSION=20230130104819
# Re-schedule background migrations
sudo gitlab-rake db:migrate:down VERSION=20230130202201
sudo gitlab-rake db:migrate:down VERSION=20230130110855
sudo gitlab-rake db:migrate:up VERSION=20230130202201
sudo gitlab-rake db:migrate:up VERSION=20230130110855
```
### Workaround: instance created with 15.10
```shell
# Restore schema for sent_notifications
sudo gitlab-psql -c "DELETE FROM schema_migrations WHERE version = '20230130175512';"
sudo gitlab-rake db:migrate:up VERSION=20230130175512
# Re-schedule background migration for sent_notifications
sudo gitlab-rake db:migrate:down VERSION=20230130202201
sudo gitlab-rake db:migrate:up VERSION=20230130202201
# Restore schema for ci_build_needs
sudo gitlab-rake db:migrate:down VERSION=20230321163547
sudo gitlab-psql -c "INSERT INTO schema_migrations (version) VALUES ('20230321163547');"
```
### Workaround: instance created with 15.11
```shell
# Restore schema for sent_notifications
sudo gitlab-rake db:migrate:down VERSION=20230411153310
sudo gitlab-psql -c "INSERT INTO schema_migrations (version) VALUES ('20230411153310');"
# Restore schema for ci_build_needs
sudo gitlab-rake db:migrate:down VERSION=20230321163547
sudo gitlab-psql -c "INSERT INTO schema_migrations (version) VALUES ('20230321163547');"
```

8
doc/user/group/access_and_permissions.md
View File

@ -103,6 +103,14 @@ Keep in mind that restricting group access by IP address has the following impli
with [PROXY protocol](../../administration/operations/gitlab_sshd.md#proxy-protocol-support) enabled.
- IP restriction is not applicable to shared resources belonging to a group. Any shared resource is accessible to a user even if that user is not able to access the group.
### GitLab.com access restrictions
On GitLab.com shared runners are added to the [global allowlist](../../administration/settings/visibility_and_access_controls.md#configure-globally-allowed-ip-address-ranges), so that they are available regardless of IP restrictions.
Artifact and Registry downloading from runners is sourced from any Google or, in the case of MacOS runners, Amazon IP address in that region.
The download is therefore not added to the global allowlist.
To allow runner downloading, add the [outbound runner CIDR ranges](../gitlab_com/index.md#ip-range) to your group allowlist.
## Restrict group access by domain **(PREMIUM ALL)**
> - Support for specifying multiple email domains [added](https://gitlab.com/gitlab-org/gitlab/-/issues/33143) in GitLab 13.1.

2
package.json
View File

@ -59,7 +59,7 @@
"@gitlab/favicon-overlay": "2.0.0",
"@gitlab/fonts": "^1.3.0",
"@gitlab/svgs": "3.61.0",
"@gitlab/ui": "66.0.1",
"@gitlab/ui": "66.1.0",
"@gitlab/visual-review-tools": "1.7.3",
"@gitlab/web-ide": "0.0.1-dev-20230821141730",
"@mattiasbuelens/web-streams-adapter": "^0.1.0",

44
qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb
View File

@ -2,12 +2,7 @@
module QA
RSpec.shared_examples 'registration and login' do
it 'allows the user to register and login',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
it 'allows the user to register and login' do
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Resource::User.fabricate_via_browser_ui! do |user_resource|
@ -22,7 +17,12 @@ module QA
RSpec.describe 'Manage', :skip_signup_disabled, :requires_admin, product_group: :authentication_and_authorization do
describe 'while LDAP is enabled', :orchestrated, :ldap_no_tls,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934' do
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
before do
# When LDAP is enabled, a previous test might have created a token for the LDAP 'tanuki' user who is not an admin
# So we need to set it to nil in order to create a new token for admin user so that we are able to set_application_settings
@ -48,7 +48,12 @@ module QA
end
describe 'standard', :reliable, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347867' do
context 'when admin approval is not required' do
context 'when admin approval is not required',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
before(:all) do
set_require_admin_approval_after_user_signup(false)
end
@ -80,12 +85,7 @@ module QA
end
it 'allows recreating with same credentials', :reliable,
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347868',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347868' do
expect(Page::Main::Menu.perform(&:signed_in?)).to be_falsy
Flow::Login.sign_in(as: user, skip_page_validation: true)
@ -107,7 +107,13 @@ module QA
end
end
context 'when admin approval is required' do
context 'when admin approval is required',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347871',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
let(:signed_up_waiting_approval_text) do
'You have signed up successfully. However, we could not sign you in because your account is awaiting approval from your GitLab administrator.'
end
@ -131,13 +137,7 @@ module QA
set_require_admin_approval_after_user_signup(false)
end
it 'allows user login after approval',
testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347871',
quarantine: {
only: { job: 'airgapped' },
issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/414247',
type: :investigating
} do
it 'allows user login after approval' do
user # sign up user
expect(page).to have_text(signed_up_waiting_approval_text)

54
rubocop/cop/capybara/testid_finders.rb Normal file
View File

@ -0,0 +1,54 @@
# frozen_string_literal: true
require 'rubocop-rspec'
module RuboCop
module Cop
module Capybara
# Prefer to use data-testid helpers for Capybara
#
# @example
# # bad
# find('[data-testid="some-testid"]')
# within('[data-testid="some-testid"]')
#
# # good
# find_by_testid('some-testid')
# within_testid('some-testid')
#
class TestidFinders < RuboCop::Cop::Base
MSG = 'Prefer to use custom helper method `%{replacement}(%{testid})`.'
METHOD_MAP = {
find: 'find_by_testid',
within: 'within_testid'
}.freeze
RESTRICT_ON_SEND = METHOD_MAP.keys.to_set.freeze
# @!method find_argument(node)
def_node_matcher :argument, <<~PATTERN
(send _ ${RESTRICT_ON_SEND} (str $_) ...)
PATTERN
def on_send(node)
argument(node) do |method, arg|
selector = data_testid_selector(arg)
next unless selector
replacement = METHOD_MAP.fetch(method)
msg = format(MSG, testid: selector, replacement: replacement)
add_offense(node, message: msg)
end
end
private
def data_testid_selector(arg)
arg[/^\[data-testid=[",'](.+)[",']\]$/, 1]
end
end
end
end
end

2
scripts/gitaly-test-spawn
View File

@ -10,6 +10,8 @@ class GitalyTestSpawn
include GitalySetup
def run
ensure_gitlab_shell_secret!
# Run Praefect migrations
setup_praefect

2
spec/features/admin/admin_abuse_reports_spec.rb
View File

@ -27,7 +27,7 @@ RSpec.describe "Admin::AbuseReports", :js, feature_category: :insider_threat do
expect_report_shown(open_report, open_report2)
within '[data-testid="abuse-reports-filtered-search-bar"]' do
within_testid('abuse-reports-filtered-search-bar') do
expect(page).to have_content 'Status = Open'
end
end

50
spec/rubocop/cop/capybara/testid_finders_spec.rb Normal file
View File

@ -0,0 +1,50 @@
# frozen_string_literal: true
require 'rubocop_spec_helper'
require 'rspec-parameterized'
require_relative '../../../../rubocop/cop/capybara/testid_finders'
RSpec.describe RuboCop::Cop::Capybara::TestidFinders, feature_category: :shared do
let(:source_file) { 'spec/features/foo_spec.rb' }
describe 'good examples' do
where(:code) do
[
"find_by_testid('some-testid')",
"find_by_testid('\#{testid}')",
"find('[data-testid=\"some-testid\"] > input')",
"find('[data-tracking=\"render\"]')",
"within_testid('some-testid')",
"within_testid('\#{testid}')",
"within('[data-testid=\"some-testid\"] > input')",
"within('[data-tracking=\"render\"]')"
]
end
with_them do
it 'does not register an offense' do
expect_no_offenses(code)
end
end
end
describe 'bad examples' do
where(:code) do
[
"find('[data-testid=\"some-testid\"]')",
"find(\"[data-testid='some-testid']\")",
"within('[data-testid=\"some-testid\"]')",
"within(\"[data-testid='some-testid']\")"
]
end
with_them do
it 'does not register an offense' do
expect_offense(<<~CODE, node: code)
%{node}
^{node} Prefer to use custom helper method[...]
CODE
end
end
end
end

14
spec/support/helpers/stub_gitlab_calls.rb
View File

@ -23,13 +23,17 @@ module StubGitlabCalls
end
def stub_ci_pipeline_yaml_file(ci_yaml_content)
allow_any_instance_of(Gitlab::Ci::ProjectConfig::Repository)
.to receive(:file_in_repository?)
.and_return(ci_yaml_content.present?)
blob = instance_double(Blob, empty?: ci_yaml_content.blank?, data: ci_yaml_content)
allow(blob).to receive(:load_all_data!)
allow_any_instance_of(Repository)
.to receive(:gitlab_ci_yml_for)
.and_return(ci_yaml_content)
.to receive(:blob_at)
.and_call_original
allow_any_instance_of(Repository)
.to receive(:blob_at)
.with(String, '.gitlab-ci.yml')
.and_return(blob)
# Ensure we don't hit auto-devops when config not found in repository
unless ci_yaml_content

8
yarn.lock
View File

@ -1147,10 +1147,10 @@
resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.61.0.tgz#2434d429db1d22e128a1401a9735afab82275e0c"
integrity sha512-GhryK81FA5NPisJjuwiCpZVALUBi6meg9njeIRLtKUuRDdp/DuaRC3WJFRtSXxVN+RG5HtUZrmv9dUQzKSZ2ZA==
"@gitlab/ui@66.0.1":
version "66.0.1"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.0.1.tgz#8ad2fb8197eff2230654323e776f28c7fbe9e299"
integrity sha512-LHAqBAiXfoXL8B61xtVLdGhQH9XvuH1F2VQdArqfamXmj05w8BVMr66KgssTYyXCmLZiBq0qPjRDTyO7qt0V+A==
"@gitlab/ui@66.1.0":
version "66.1.0"
resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.1.0.tgz#93e30977d45155952fb882227785662c5b1631d7"
integrity sha512-JGXyfdIbAoDLuRtekti5+chh9QelZd9ACgO0ZzeMcmt9DaLkqZpItwjp9+UVgxVtSph+TY7RGwF1G4jIPZtxog==
dependencies:
"@floating-ui/dom" "1.2.9"
bootstrap-vue "2.23.1"