From 724aa82801f38e6ca34196e3d7bc99ec1eba0c4c Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 28 Apr 2025 03:12:32 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- data/deprecations/15-9-insecure-ci-job-token.yml | 2 +- doc/administration/package_information/supported_os.md | 4 ++-- doc/ci/jobs/job_control.md | 10 ++++++++++ doc/update/breaking_windows.md | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/data/deprecations/15-9-insecure-ci-job-token.yml b/data/deprecations/15-9-insecure-ci-job-token.yml index fdc5e6b9a72..1e37a8ed8a6 100644 --- a/data/deprecations/15-9-insecure-ci-job-token.yml +++ b/data/deprecations/15-9-insecure-ci-job-token.yml @@ -5,7 +5,7 @@ announcement_milestone: "15.9" # (required) The milestone when this feature was first announced as deprecated. removal_milestone: "18.0" # (required) The milestone when this feature is planned to be removed breaking_change: true # (required) If this deprecation is a breaking change, set this value to true - window: 1 + window: 3 impact: high # Can be one of: [critical, high, medium, low] scope: project # Can be one or a combination of: [instance, group, project] reporter: jocelynjane # (required) GitLab username of the person reporting the deprecation diff --git a/doc/administration/package_information/supported_os.md b/doc/administration/package_information/supported_os.md index 08b57274fb9..abc11733f48 100644 --- a/doc/administration/package_information/supported_os.md +++ b/doc/administration/package_information/supported_os.md @@ -86,8 +86,8 @@ These versions of Red Hat Enterprise Linux are supported. | Operating system version | First supported GitLab version | Architecture | Installation documentation | Operating system EOL | Details | |:---------------------------|:-------------------------------|:------------------|:------------------------------------------------------------------------------------|:---------------------|:--------| -| Red Hat Enterprise Linux 8 | GitLab CE / GitLab EE 12.8.1 | `x86_64`, `arm64` | [Use CentOS installation documentation](https://about.gitlab.com/install/#centos-7) | May 2029 | [Red Hat Enterprise Linux details](https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates) | -| Red Hat Enterprise Linux 9 | GitLab CE / GitLab EE 16.0.0 | `x86_64`, `arm64` | [Use CentOS installation documentation](https://about.gitlab.com/install/#centos-7) | May 2032 | [Red Hat Enterprise Linux details](https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates) | +| Red Hat Enterprise Linux 8 | GitLab CE / GitLab EE 12.8.1 | `x86_64`, `arm64` | [Use AlmaLinux installation documentation](https://about.gitlab.com/install/#almalinux) | May 2029 | [Red Hat Enterprise Linux details](https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates) | +| Red Hat Enterprise Linux 9 | GitLab CE / GitLab EE 16.0.0 | `x86_64`, `arm64` | [Use AlmaLinux installation documentation](https://about.gitlab.com/install/#almalinux) | May 2032 | [Red Hat Enterprise Linux details](https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates) | ## Ubuntu diff --git a/doc/ci/jobs/job_control.md b/doc/ci/jobs/job_control.md index 067cfea1a5c..a75067fabb9 100644 --- a/doc/ci/jobs/job_control.md +++ b/doc/ci/jobs/job_control.md @@ -385,3 +385,13 @@ The jobs have three paths of execution: - macOS path: The `mac:rspec` job runs as soon as the `mac:build: [gcp, data]` and `mac:build: [vultr, data]` jobs finish, without waiting for `linux:build` to finish. - The `production` job runs as soon as all previous jobs finish. + +## Troubleshooting + +### Inconsistent user assignment when running manual jobs + +In some edge cases, the user that runs a manual job does not get assigned as the user for later jobs +that depend on the manual job. + +If you need strict security over who is assigned as the user for jobs that depend on a manual job, +you should [protect the manual job](#protect-manual-jobs). diff --git a/doc/update/breaking_windows.md b/doc/update/breaking_windows.md index 62951331f16..5ca8ad98f4a 100644 --- a/doc/update/breaking_windows.md +++ b/doc/update/breaking_windows.md @@ -24,7 +24,6 @@ This window takes place on April 21 - 23, 2025 from 09:00 UTC to 22:00 UTC. | Deprecation | Impact | Stage | Scope | Check potential impact | |-------------|--------|-------|-------|------------------------| -| [CI/CD job token - **Limit access from your project** setting removal](deprecations.md#cicd-job-token---limit-access-from-your-project-setting-removal) | High | Software supply chain security | Project | Refer to the [Understanding this change](https://gitlab.com/gitlab-org/gitlab/-/issues/395708#understanding-this-change) section for details. | | [CI/CD job token - **Authorized groups and projects** allowlist enforcement](deprecations.md#cicd-job-token---authorized-groups-and-projects-allowlist-enforcement) | High | Software supply chain security | Project | Refer to the [Understanding this change](https://gitlab.com/gitlab-org/gitlab/-/issues/383084#understanding-this-change) section for details. | | [Deprecation of `name` field in `ProjectMonthlyUsageType` GraphQL API](deprecations.md#deprecation-of-name-field-in-projectmonthlyusagetype-graphql-api) | Low | Fulfillment | Project | | | [Deprecation of `STORAGE` enum in `NamespaceProjectSortEnum` GraphQL API](deprecations.md#deprecation-of-storage-enum-in-namespaceprojectsortenum-graphql-api) | Low | Fulfillment | Group | | @@ -49,6 +48,7 @@ This window takes place on May 5 - 7, 2025 from 09:00 UTC to 22:00 UTC. | Deprecation | Impact | Stage | Scope | Check potential impact | |-------------|--------|-------|-------|------------------------| +| [CI/CD job token - **Limit access from your project** setting removal](deprecations.md#cicd-job-token---limit-access-from-your-project-setting-removal) | High | Software supply chain security | Project | Refer to the [Understanding this change](https://gitlab.com/gitlab-org/gitlab/-/issues/395708#understanding-this-change) section for details. | | [Deprecate Terraform CI/CD templates](deprecations.md#deprecate-terraform-cicd-templates) | Medium | Deploy | Project | | | [Deprecate license metadata format V1](deprecations.md#deprecate-license-metadata-format-v1) | Low | Secure | Instance | | | [The `direction` GraphQL argument for `ciJobTokenScopeRemoveProject` is deprecated](deprecations.md#the-direction-graphql-argument-for-cijobtokenscoperemoveproject-is-deprecated) | Low | Govern | Project | |