From 1cfe6678a3e4e116dcb8d6e8fa727c6a5821e813 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 27 Jun 2025 18:07:48 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .gitlab/ci/rules.gitlab-ci.yml | 5 +- .../gitlab/rspec/misplaced_ee_spec_file.yml | 1 - .rubocop_todo/rspec/named_subject.yml | 1 - .../javascripts/issues/list/issue_client.js | 10 +- .../pages/projects/blob/show/index.js | 33 --- app/assets/javascripts/repository/index.js | 48 ----- .../settings/merge_requests_controller.rb | 3 +- app/controllers/projects_controller.rb | 2 + app/graphql/types/project_type.rb | 4 + app/models/project.rb | 2 + app/models/project_setting.rb | 12 ++ app/views/projects/blob/_breadcrumb.html.haml | 2 - ...iguration_bot_management_for_namespaces.rb | 16 +- config/sidekiq_queues.yml | 2 + db/docs/packages_composer_metadata.yml | 12 +- ...e_regex_description_to_project_settings.rb | 11 + ...o_merge_request_title_regex_description.rb | 14 ++ ...s_composer_metadata_project_id_not_null.rb | 14 ++ db/schema_migrations/20250618125349 | 1 + db/schema_migrations/20250618125512 | 1 + db/schema_migrations/20250624162336 | 1 + db/structure.sql | 5 +- doc/api/graphql/reference/_index.md | 3 + doc/api/openapi/openapi_v2.yaml | 30 +++ doc/api/settings.md | 1 + doc/ci/jobs/job_control.md | 50 +++++ .../advanced_search/elasticsearch.md | 1 + doc/user/compliance/audit_event_types.md | 1 + .../compliance_standards.md | 19 +- doc/user/gitlab_duo/turn_on_off.md | 2 +- doc/user/permissions.md | 191 +++++++++--------- lib/api/entities/project.rb | 1 + lib/api/helpers/projects_helpers.rb | 2 + locale/gitlab.pot | 15 ++ spec/controllers/projects_controller_spec.rb | 4 +- spec/features/projects/compare_spec.rb | 2 +- .../failure_widget/failed_job_details_spec.js | 1 + spec/graphql/types/project_type_spec.rb | 2 +- .../import_export/safe_model_attributes.yml | 1 + spec/models/project_setting_spec.rb | 87 +++++++- spec/models/project_spec.rb | 2 + spec/requests/api/projects_spec.rb | 11 +- .../merge_requests/update_service_spec.rb | 4 +- spec/support/rspec_order_todo.yml | 2 +- workhorse/go.mod | 2 +- workhorse/go.sum | 4 +- 46 files changed, 416 insertions(+), 222 deletions(-) create mode 100644 db/migrate/20250618125349_add_merge_request_title_regex_description_to_project_settings.rb create mode 100644 db/migrate/20250618125512_add_text_limit_to_merge_request_title_regex_description.rb create mode 100644 db/post_migrate/20250624162336_add_packages_composer_metadata_project_id_not_null.rb create mode 100644 db/schema_migrations/20250618125349 create mode 100644 db/schema_migrations/20250618125512 create mode 100644 db/schema_migrations/20250624162336 diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 4b031c42fee..42236c12fdd 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -1036,7 +1036,7 @@ .db:rules:invalidate-old-pipeline-results: rules: - - <<: *if-not-canonical-namespace + - if: '$GITLABCOM_DATABASE_TESTING_TRIGGER_TOKEN == null' when: never - <<: *if-merge-request changes: *db-patterns @@ -1220,6 +1220,9 @@ - <<: *if-schedule-maintenance - <<: *if-dot-com-gitlab-org-default-branch changes: *assets-compilation-patterns + # push assets for stable branches (canonical & security) + - <<: *if-sync-changes-on-stable-branches + changes: *assets-compilation-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: - ".gitlab/ci/caching.gitlab-ci.yml" diff --git a/.rubocop_todo/gitlab/rspec/misplaced_ee_spec_file.yml b/.rubocop_todo/gitlab/rspec/misplaced_ee_spec_file.yml index 33bba1c905d..8f36af26d1d 100644 --- a/.rubocop_todo/gitlab/rspec/misplaced_ee_spec_file.yml +++ b/.rubocop_todo/gitlab/rspec/misplaced_ee_spec_file.yml @@ -279,7 +279,6 @@ Gitlab/RSpec/MisplacedEeSpecFile: - 'ee/spec/services/ide/schemas_config_service_spec.rb' - 'ee/spec/services/issues/build_service_spec.rb' - 'ee/spec/services/issues/export_csv_service_spec.rb' - - 'ee/spec/services/keys/create_service_spec.rb' - 'ee/spec/services/lfs/lock_file_service_spec.rb' - 'ee/spec/services/lfs/unlock_file_service_spec.rb' - 'ee/spec/services/merge_requests/approval_service_spec.rb' diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml index 979c0d96140..562406de9f5 100644 --- a/.rubocop_todo/rspec/named_subject.yml +++ b/.rubocop_todo/rspec/named_subject.yml @@ -910,7 +910,6 @@ RSpec/NamedSubject: - 'ee/spec/services/iterations/update_service_spec.rb' - 'ee/spec/services/jira/jql_builder_service_spec.rb' - 'ee/spec/services/jira/requests/issues/list_service_spec.rb' - - 'ee/spec/services/keys/create_service_spec.rb' - 'ee/spec/services/lfs/lock_file_service_spec.rb' - 'ee/spec/services/lfs/unlock_file_service_spec.rb' - 'ee/spec/services/llm/chat_service_spec.rb' diff --git a/app/assets/javascripts/issues/list/issue_client.js b/app/assets/javascripts/issues/list/issue_client.js index dbb952c4fb5..a60b758ba73 100644 --- a/app/assets/javascripts/issues/list/issue_client.js +++ b/app/assets/javascripts/issues/list/issue_client.js @@ -14,8 +14,12 @@ async function getIssuesClient() { } export async function getApolloProvider() { - const client = ['projects:issues:index', 'groups:issues'].includes(document.body.dataset.page) - ? await getIssuesClient() - : defaultClient; + // for now, we only enabled caching for legacy issues list so we use defaultClient for work items list + // when we add caching to work items list, we can remove the query selector check + const client = + ['projects:issues:index', 'groups:issues'].includes(document.body.dataset.page) && + !document.querySelector('#js-work-items, [data-testid="work-item-router-view"]') + ? await getIssuesClient() + : defaultClient; return new VueApollo({ defaultClient: client }); } diff --git a/app/assets/javascripts/pages/projects/blob/show/index.js b/app/assets/javascripts/pages/projects/blob/show/index.js index c6530d19889..fe7c80f0888 100644 --- a/app/assets/javascripts/pages/projects/blob/show/index.js +++ b/app/assets/javascripts/pages/projects/blob/show/index.js @@ -17,14 +17,10 @@ import CommitPipelineStatus from '~/projects/tree/components/commit_pipeline_sta import BlobContentViewer from '~/repository/components/blob_content_viewer.vue'; import '~/sourcegraph/load'; import createStore from '~/code_navigation/store'; -import { generateRefDestinationPath } from '~/repository/utils/ref_switcher_utils'; import { generateHistoryUrl } from '~/repository/utils/url_utility'; -import RefSelector from '~/ref/components/ref_selector.vue'; -import { joinPaths, visitUrl } from '~/lib/utils/url_utility'; import { parseBoolean } from '~/lib/utils/common_utils'; import HighlightWorker from '~/vue_shared/components/source_viewer/workers/highlight_worker?worker'; import initAmbiguousRefModal from '~/ref/init_ambiguous_ref_modal'; -import { InternalEvents } from '~/tracking'; import { HISTORY_BUTTON_CLICK } from '~/tracking/constants'; import { initFindFileShortcut } from '~/projects/behaviors'; import initHeaderApp from '~/repository/init_header_app'; @@ -51,34 +47,6 @@ const apolloProvider = new VueApollo({ const viewBlobEl = document.querySelector('#js-view-blob-app'); -const initRefSwitcher = () => { - const refSwitcherEl = document.getElementById('js-tree-ref-switcher'); - - if (!refSwitcherEl) return false; - - const { projectId, projectRootPath, ref, refType } = refSwitcherEl.dataset; - - return new Vue({ - el: refSwitcherEl, - render(createElement) { - return createElement(RefSelector, { - props: { - projectId, - value: refType ? joinPaths('refs', refType, ref) : ref, - useSymbolicRefNames: true, - queryParams: { sort: 'updated_desc' }, - }, - on: { - input(selectedRef) { - InternalEvents.trackEvent('click_ref_selector_on_blob_page'); - visitUrl(generateRefDestinationPath(projectRootPath, ref, selectedRef)); - }, - }, - }); - }, - }); -}; - const initLastCommitApp = (router) => { const lastCommitEl = document.getElementById('js-last-commit'); if (!lastCommitEl) return null; @@ -104,7 +72,6 @@ const initLastCommitApp = (router) => { }); }; -initRefSwitcher(); initAmbiguousRefModal(); initFindFileShortcut(); diff --git a/app/assets/javascripts/repository/index.js b/app/assets/javascripts/repository/index.js index d74499c9dd2..6090bdae024 100644 --- a/app/assets/javascripts/repository/index.js +++ b/app/assets/javascripts/repository/index.js @@ -2,11 +2,9 @@ import Vue from 'vue'; // eslint-disable-next-line no-restricted-imports import Vuex from 'vuex'; import { parseBoolean } from '~/lib/utils/common_utils'; -import { joinPaths, visitUrl } from '~/lib/utils/url_utility'; import initWebIdeLink from '~/pages/projects/shared/web_ide_link'; import PerformancePlugin from '~/performance/vue_performance_plugin'; import createStore from '~/code_navigation/store'; -import RefSelector from '~/ref/components/ref_selector.vue'; import HighlightWorker from '~/vue_shared/components/source_viewer/workers/highlight_worker?worker'; import CodeDropdown from '~/vue_shared/components/code_dropdown/code_dropdown.vue'; import CompactCodeDropdown from 'ee_else_ce/repository/components/code_dropdown/compact_code_dropdown.vue'; @@ -15,7 +13,6 @@ import App from './components/app.vue'; import Breadcrumbs from './components/header_area/breadcrumbs.vue'; import ForkInfo from './components/fork_info.vue'; import LastCommit from './components/last_commit.vue'; -import BlobControls from './components/header_area/blob_controls.vue'; import apolloProvider from './graphql'; import commitsQuery from './queries/commits.query.graphql'; import projectPathQuery from './queries/project_path.query.graphql'; @@ -24,7 +21,6 @@ import refsQuery from './queries/ref.query.graphql'; import createRouter from './router'; import { updateFormAction } from './utils/dom'; import { generateHistoryUrl } from './utils/url_utility'; -import { generateRefDestinationPath } from './utils/ref_switcher_utils'; import initHeaderApp from './init_header_app'; Vue.use(Vuex); @@ -140,48 +136,6 @@ export default function setupVueRepositoryList() { }, }); - const initBlobControlsApp = () => - new Vue({ - el: document.getElementById('js-blob-controls'), - router, - apolloProvider, - render(h) { - return h(BlobControls, { - props: { - projectPath, - refType: this.$route.meta.refType || this.$route.query.ref_type, - }, - }); - }, - }); - - const initRefSwitcher = () => { - const refSwitcherEl = document.getElementById('js-tree-ref-switcher'); - - if (!refSwitcherEl) return false; - - const { projectId, projectRootPath, refType: switcherRefType } = refSwitcherEl.dataset; - - return new Vue({ - el: refSwitcherEl, - render(createElement) { - return createElement(RefSelector, { - props: { - projectId, - value: switcherRefType ? joinPaths('refs', switcherRefType, ref) : ref, - useSymbolicRefNames: true, - queryParams: { sort: 'updated_desc' }, - }, - on: { - input(selectedRef) { - visitUrl(generateRefDestinationPath(projectRootPath, ref, selectedRef)); - }, - }, - }); - }, - }); - }; - const initCodeDropdown = () => { const codeDropdownEl = document.getElementById('js-code-dropdown'); @@ -226,8 +180,6 @@ export default function setupVueRepositoryList() { initHeaderApp({ router }); initCodeDropdown(); initLastCommitApp(); - initBlobControlsApp(); - initRefSwitcher(); initForkInfo(); const breadcrumbEl = document.getElementById('js-repo-breadcrumb'); diff --git a/app/controllers/projects/settings/merge_requests_controller.rb b/app/controllers/projects/settings/merge_requests_controller.rb index a34a9a88cb6..e394d65a16a 100644 --- a/app/controllers/projects/settings/merge_requests_controller.rb +++ b/app/controllers/projects/settings/merge_requests_controller.rb @@ -56,7 +56,8 @@ module Projects :merge_commit_template_or_default, :squash_commit_template_or_default, :suggestion_commit_message, - :merge_request_title_regex + :merge_request_title_regex, + :merge_request_title_regex_description ] + [project_setting_attributes: project_setting_attributes] end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 123efdb3b11..7e6c3e443a6 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -496,6 +496,7 @@ class ProjectsController < Projects::ApplicationController warn_about_potentially_unwanted_characters enforce_auth_checks_on_uploads merge_request_title_regex + merge_request_title_regex_description emails_enabled ] @@ -545,6 +546,7 @@ class ProjectsController < Projects::ApplicationController :merge_commit_template_or_default, :squash_commit_template_or_default, :merge_request_title_regex, + :merge_request_title_regex_description, { project_setting_attributes: project_setting_attributes, project_feature_attributes: project_feature_attributes } ] diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb index 386918a9fd8..c9d370d5c69 100644 --- a/app/graphql/types/project_type.rb +++ b/app/graphql/types/project_type.rb @@ -687,6 +687,10 @@ module Types null: true, description: 'Regex used to validate the title of merge requests.' + field :merge_request_title_regex_description, GraphQL::Types::String, + null: true, + description: 'Description of the regex used to validate the title of merge requests.' + field :labels, Types::LabelType.connection_type, null: true, description: 'Labels available on this project.', diff --git a/app/models/project.rb b/app/models/project.rb index 4e6b51bbf76..8b3608a2e50 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -88,6 +88,7 @@ class Project < ApplicationRecord MAX_SUGGESTIONS_TEMPLATE_LENGTH = 255 MAX_COMMIT_TEMPLATE_LENGTH = 500 MAX_MERGE_REQUEST_TITLE_REGEX = 255 + MAX_MERGE_REQUEST_TITLE_REGEX_DESCRIPTION = 255 INSTANCE_RUNNER_RUNNING_JOBS_MAX_BUCKET = 5 @@ -599,6 +600,7 @@ class Project < ApplicationRecord delegate :duo_features_enabled, :duo_features_enabled= delegate :model_prompt_cache_enabled, :model_prompt_cache_enabled= delegate :merge_request_title_regex, :merge_request_title_regex= + delegate :merge_request_title_regex_description, :merge_request_title_regex_description= delegate :web_based_commit_signing_enabled, :web_based_commit_signing_enabled= end end diff --git a/app/models/project_setting.rb b/app/models/project_setting.rb index c5ed8461aa5..1e38a8975a4 100644 --- a/app/models/project_setting.rb +++ b/app/models/project_setting.rb @@ -44,6 +44,8 @@ class ProjectSetting < ApplicationRecord validates :issue_branch_template, length: { maximum: Issue::MAX_BRANCH_TEMPLATE } validates :target_platforms, inclusion: { in: ALLOWED_TARGET_PLATFORMS } validates :suggested_reviewers_enabled, inclusion: { in: [true, false] } + validates :merge_request_title_regex_description, length: { maximum: + Project::MAX_MERGE_REQUEST_TITLE_REGEX_DESCRIPTION } validates :merge_request_title_regex, untrusted_regexp: true, length: { maximum: Project::MAX_MERGE_REQUEST_TITLE_REGEX } @@ -52,6 +54,8 @@ class ProjectSetting < ApplicationRecord presence: { if: :require_unique_domain? } validate :validates_mr_default_target_self + validate :presence_of_merge_request_title_regex_settings, + if: -> { Feature.enabled?(:merge_request_title_regex, project) } validate :pages_unique_domain_availability, if: :pages_unique_domain_changed? @@ -99,6 +103,14 @@ class ProjectSetting < ApplicationRecord private + def presence_of_merge_request_title_regex_settings + # Either both are present, or neither + if merge_request_title_regex.present? != merge_request_title_regex_description.present? + errors.add :merge_request_title_regex, _('and regex description must be either both set, or neither.') + errors.add :merge_request_title_regex_description, _('and regex must be either both set, or neither.') + end + end + def validates_mr_default_target_self if mr_default_target_self_changed? && !project.forked? errors.add :mr_default_target_self, _('This setting is allowed for forked projects only') diff --git a/app/views/projects/blob/_breadcrumb.html.haml b/app/views/projects/blob/_breadcrumb.html.haml index 65b8497f029..9467a0b8eb8 100644 --- a/app/views/projects/blob/_breadcrumb.html.haml +++ b/app/views/projects/blob/_breadcrumb.html.haml @@ -1,8 +1,6 @@ - blame = local_assigns.fetch(:blame, false) .nav-block .tree-ref-container - .tree-ref-holder.gl-max-w-26 - #js-tree-ref-switcher{ data: { project_id: @project.id, project_root_path: project_path(@project), ref: current_ref, ref_type: @ref_type.to_s } } %ul.breadcrumb.repo-breadcrumb %li.breadcrumb-item diff --git a/app/workers/concerns/security/orchestration_configuration_bot_management_for_namespaces.rb b/app/workers/concerns/security/orchestration_configuration_bot_management_for_namespaces.rb index cf6c97e08df..7dc605a1f0f 100644 --- a/app/workers/concerns/security/orchestration_configuration_bot_management_for_namespaces.rb +++ b/app/workers/concerns/security/orchestration_configuration_bot_management_for_namespaces.rb @@ -19,14 +19,14 @@ module Security return unless User.id_exists?(current_user_id) - project_ids = namespace.security_orchestration_policy_configuration.all_project_ids - - worker.bulk_perform_in_with_contexts( - PROJECTS_BATCH_SYNC_DELAY, - project_ids, - arguments_proc: ->(project_id) { [project_id, current_user_id] }, - context_proc: ->(namespace) { { namespace: namespace } } - ) + namespace.security_orchestration_policy_configuration.all_project_ids do |project_ids| + worker.bulk_perform_in_with_contexts( + PROJECTS_BATCH_SYNC_DELAY, + project_ids, + arguments_proc: ->(project_id) { [project_id, current_user_id] }, + context_proc: ->(namespace) { { namespace: namespace } } + ) + end after_perform(namespace, current_user_id) end diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index fd05fe09728..bbbac0ee409 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -29,6 +29,8 @@ - 1 - - admin_emails - 1 +- - ai_active_context_code_saas_initial_indexing_event + - 1 - - ai_knowledge_graph_indexing_task - 1 - - ai_repository_xray_scan_dependencies diff --git a/db/docs/packages_composer_metadata.yml b/db/docs/packages_composer_metadata.yml index 6f622df3ccf..c44c57c3aea 100644 --- a/db/docs/packages_composer_metadata.yml +++ b/db/docs/packages_composer_metadata.yml @@ -8,14 +8,6 @@ description: Composer package metadata introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30448 milestone: '13.1' gitlab_schema: gitlab_main_cell -desired_sharding_key: - project_id: - references: projects - backfill_via: - parent: - foreign_key: package_id - table: packages_packages - sharding_key: project_id - belongs_to: package -desired_sharding_key_migration_job_name: BackfillPackagesComposerMetadataProjectId +sharding_key: + project_id: projects table_size: small diff --git a/db/migrate/20250618125349_add_merge_request_title_regex_description_to_project_settings.rb b/db/migrate/20250618125349_add_merge_request_title_regex_description_to_project_settings.rb new file mode 100644 index 00000000000..6e23c7fa95c --- /dev/null +++ b/db/migrate/20250618125349_add_merge_request_title_regex_description_to_project_settings.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class AddMergeRequestTitleRegexDescriptionToProjectSettings < Gitlab::Database::Migration[2.3] + milestone '18.2' + + def change + # rubocop:disable Migration/AddLimitToTextColumns -- Limit is added in db/migrate/20250618125512_add_text_limit_to_merge_request_title_regex_description.rb + add_column :project_settings, :merge_request_title_regex_description, :text, null: true + # rubocop:enable Migration/AddLimitToTextColumns + end +end diff --git a/db/migrate/20250618125512_add_text_limit_to_merge_request_title_regex_description.rb b/db/migrate/20250618125512_add_text_limit_to_merge_request_title_regex_description.rb new file mode 100644 index 00000000000..aad9ab7ef14 --- /dev/null +++ b/db/migrate/20250618125512_add_text_limit_to_merge_request_title_regex_description.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class AddTextLimitToMergeRequestTitleRegexDescription < Gitlab::Database::Migration[2.3] + milestone '18.2' + disable_ddl_transaction! + + def up + add_text_limit :project_settings, :merge_request_title_regex_description, 255 + end + + def down + remove_text_limit :project_settings, :merge_request_title_regex_description + end +end diff --git a/db/post_migrate/20250624162336_add_packages_composer_metadata_project_id_not_null.rb b/db/post_migrate/20250624162336_add_packages_composer_metadata_project_id_not_null.rb new file mode 100644 index 00000000000..800ac9fbdca --- /dev/null +++ b/db/post_migrate/20250624162336_add_packages_composer_metadata_project_id_not_null.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class AddPackagesComposerMetadataProjectIdNotNull < Gitlab::Database::Migration[2.3] + milestone '18.2' + disable_ddl_transaction! + + def up + add_not_null_constraint :packages_composer_metadata, :project_id + end + + def down + remove_not_null_constraint :packages_composer_metadata, :project_id + end +end diff --git a/db/schema_migrations/20250618125349 b/db/schema_migrations/20250618125349 new file mode 100644 index 00000000000..01462d1171f --- /dev/null +++ b/db/schema_migrations/20250618125349 @@ -0,0 +1 @@ +b584d83a36c5f0bcd1456ca5f9528246d384d9a3d941f20c164519a7ffcf5cde \ No newline at end of file diff --git a/db/schema_migrations/20250618125512 b/db/schema_migrations/20250618125512 new file mode 100644 index 00000000000..307615bce54 --- /dev/null +++ b/db/schema_migrations/20250618125512 @@ -0,0 +1 @@ +c0217acbf4d711f2d94852958e4e871a636a8e9b865c9f8b771db0f4dd19119e \ No newline at end of file diff --git a/db/schema_migrations/20250624162336 b/db/schema_migrations/20250624162336 new file mode 100644 index 00000000000..cfe14ce52f2 --- /dev/null +++ b/db/schema_migrations/20250624162336 @@ -0,0 +1 @@ +5cefea580c8ad338f3489271d37c6d37df7ba4d11515afaa9556325f24737d1a \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index f8d6b26afc2..afecf53a593 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -19291,7 +19291,8 @@ CREATE TABLE packages_composer_metadata ( target_sha bytea NOT NULL, composer_json jsonb DEFAULT '{}'::jsonb NOT NULL, version_cache_sha bytea, - project_id bigint + project_id bigint, + CONSTRAINT check_250f62a87a CHECK ((project_id IS NOT NULL)) ); CREATE TABLE packages_packages ( @@ -21799,7 +21800,9 @@ CREATE TABLE project_settings ( model_prompt_cache_enabled boolean, web_based_commit_signing_enabled boolean DEFAULT false NOT NULL, duo_context_exclusion_settings jsonb DEFAULT '{}'::jsonb NOT NULL, + merge_request_title_regex_description text, CONSTRAINT check_1a30456322 CHECK ((char_length(pages_unique_domain) <= 63)), + CONSTRAINT check_237486989c CHECK ((char_length(merge_request_title_regex_description) <= 255)), CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)), CONSTRAINT check_3ca5cbffe6 CHECK ((char_length(issue_branch_template) <= 255)), CONSTRAINT check_4b142e71f3 CHECK ((char_length(product_analytics_data_collector_host) <= 255)), diff --git a/doc/api/graphql/reference/_index.md b/doc/api/graphql/reference/_index.md index 4298e25ca74..ef4b4db1127 100644 --- a/doc/api/graphql/reference/_index.md +++ b/doc/api/graphql/reference/_index.md @@ -9813,6 +9813,7 @@ Input type: `ProjectSettingsUpdateInput` | `duoContextExclusionSettings` | [`DuoContextExclusionSettingsInput`](#duocontextexclusionsettingsinput) | Settings for excluding files from Duo context. | | `duoFeaturesEnabled` | [`Boolean`](#boolean) | Indicates whether GitLab Duo features are enabled for the project. | | `fullPath` | [`ID!`](#id) | Full Path of the project the settings belong to. | +| `webBasedCommitSigningEnabled` | [`Boolean`](#boolean) | Indicates whether web-based commit signing is enabled for the project. | #### Fields @@ -36133,6 +36134,7 @@ Project-level settings for product analytics provider. | `maxAccessLevel` | [`AccessLevel!`](#accesslevel) | Maximum access level of the current user in the project. | | `mergeCommitTemplate` | [`String`](#string) | Template used to create merge commit message in merge requests. | | `mergeRequestTitleRegex` | [`String`](#string) | Regex used to validate the title of merge requests. | +| `mergeRequestTitleRegexDescription` | [`String`](#string) | Description of the regex used to validate the title of merge requests. | | `mergeRequestsAccessLevel` | [`ProjectFeatureAccess`](#projectfeatureaccess) | Access level required for merge requests access. | | `mergeRequestsDisableCommittersApproval` | [`Boolean!`](#boolean) | Indicates that committers of the given merge request cannot approve. | | `mergeRequestsEnabled` | [`Boolean`](#boolean) | Indicates if Merge requests are enabled for the current user. | @@ -38857,6 +38859,7 @@ Represents the source of a security policy belonging to a project. | `duoContextExclusionSettings` | [`DuoContextExclusionSettings`](#duocontextexclusionsettings) | Settings for excluding files from Duo context. | | `duoFeaturesEnabled` | [`Boolean`](#boolean) | Indicates whether GitLab Duo features are enabled for the project. | | `project` | [`Project`](#project) | Project the settings belong to. | +| `webBasedCommitSigningEnabled` | [`Boolean!`](#boolean) | Indicates whether web-based commit signing is enabled for the project. | ### `ProjectStatistics` diff --git a/doc/api/openapi/openapi_v2.yaml b/doc/api/openapi/openapi_v2.yaml index 381710c11f7..4d72c915ab7 100644 --- a/doc/api/openapi/openapi_v2.yaml +++ b/doc/api/openapi/openapi_v2.yaml @@ -29712,6 +29712,11 @@ paths: description: The regex the Merge Request must adhere to type: string required: false + - in: formData + name: override_params[merge_request_title_regex_description] + description: The description for the regex the Merge Request must adhere to + type: string + required: false - in: formData name: override_params[only_allow_merge_if_all_status_checks_passed] description: Blocks merge requests from merging unless all status checks have @@ -30367,6 +30372,11 @@ paths: description: The regex the Merge Request must adhere to type: string required: false + - in: formData + name: override_params[merge_request_title_regex_description] + description: The description for the regex the Merge Request must adhere to + type: string + required: false - in: formData name: override_params[only_allow_merge_if_all_status_checks_passed] description: Blocks merge requests from merging unless all status checks have @@ -31101,6 +31111,11 @@ paths: description: The regex the Merge Request must adhere to type: string required: false + - in: formData + name: override_params[merge_request_title_regex_description] + description: The description for the regex the Merge Request must adhere to + type: string + required: false - in: formData name: override_params[only_allow_merge_if_all_status_checks_passed] description: Blocks merge requests from merging unless all status checks have @@ -45428,6 +45443,9 @@ definitions: merge_request_title_regex: type: string example: "/Title of merge request/" + merge_request_title_regex_description: + type: string + example: This requires the title to include a Jira label squash_option: type: string example: default_off @@ -60301,6 +60319,9 @@ definitions: merge_request_title_regex: type: string description: The regex the Merge Request must adhere to + merge_request_title_regex_description: + type: string + description: The description for the regex the Merge Request must adhere to only_allow_merge_if_all_status_checks_passed: type: boolean description: Blocks merge requests from merging unless all status checks have @@ -60710,6 +60731,9 @@ definitions: merge_request_title_regex: type: string description: The regex the Merge Request must adhere to + merge_request_title_regex_description: + type: string + description: The description for the regex the Merge Request must adhere to only_allow_merge_if_all_status_checks_passed: type: boolean description: Blocks merge requests from merging unless all status checks have @@ -61097,6 +61121,9 @@ definitions: merge_request_title_regex: type: string example: "/Title of merge request/" + merge_request_title_regex_description: + type: string + example: This requires the title to include a Jira label squash_option: type: string example: default_off @@ -61583,6 +61610,9 @@ definitions: merge_request_title_regex: type: string description: The regex the Merge Request must adhere to + merge_request_title_regex_description: + type: string + description: The description for the regex the Merge Request must adhere to only_allow_merge_if_all_status_checks_passed: type: boolean description: Blocks merge requests from merging unless all status checks have diff --git a/doc/api/settings.md b/doc/api/settings.md index 29fe7822c9a..df070fc547d 100644 --- a/doc/api/settings.md +++ b/doc/api/settings.md @@ -548,6 +548,7 @@ to configure other related settings. These requirements are | `elasticsearch_url` | string | no | The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, `http://localhost:9200, http://localhost:9201"`). Premium and Ultimate only. | | `elasticsearch_username` | string | no | The `username` of your Elasticsearch instance. Premium and Ultimate only. | | `elasticsearch_password` | string | no | The password of your Elasticsearch instance. Premium and Ultimate only. | +| `elasticsearch_prefix` | string | no | Custom prefix for Elasticsearch index names. Defaults to `gitlab`. Must be 1-100 characters, contain only lowercase alphanumeric characters, hyphens, and underscores, and cannot start or end with a hyphen or underscore. Premium and Ultimate only. | | `elasticsearch_retry_on_failure` | integer | no | Maximum number of possible retries for Elasticsearch search requests. Premium and Ultimate only. | | `email_additional_text` | string | no | Additional text added to the bottom of every email for legal/auditing/compliance reasons. Premium and Ultimate only. | | `email_author_in_body` | boolean | no | Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead. | diff --git a/doc/ci/jobs/job_control.md b/doc/ci/jobs/job_control.md index f45a3e16e4e..9115fe5adcf 100644 --- a/doc/ci/jobs/job_control.md +++ b/doc/ci/jobs/job_control.md @@ -391,6 +391,56 @@ The jobs have three paths of execution: `mac:build: [vultr, data]` jobs finish, without waiting for `linux:build` to finish. - The `production` job runs as soon as all previous jobs finish. +## Specify needs between parallelized jobs + +You can further define the order of each parallel matrix job using [`needs:parallel:matrix`](../yaml/_index.md#needsparallelmatrix). + +For example: + +```yaml +build_job: + stage: build + script: + # ensure that other parallel job other than build_job [1, A] runs longer + - '[[ "$VERSION" == "1" && "$MODE" == "A" ]] || sleep 30' + - echo build $VERSION $MODE + parallel: + matrix: + - VERSION: [1,2] + MODE: [A, B] + +deploy_job: + stage: deploy + script: echo deploy $VERSION $MODE + parallel: + matrix: + - VERSION: [3,4] + MODE: [C, D] + +'deploy_job: [3, D]': + stage: deploy + script: echo something + needs: + - 'build_job: [1, A]' +``` + +This example generates several jobs. The parallel jobs each have different values +for `VERSION` and `MODE`. + +- 4 parallel `build_job` jobs: + - `build_job: [1, A]` + - `build_job: [1, B]` + - `build_job: [2, A]` + - `build_job: [2, B]` +- 4 parallel `deploy_job` jobs: + - `deploy_job: [3, C]` + - `deploy_job: [3, D]` + - `deploy_job: [4, C]` + - `deploy_job: [4, D]` + +The `deploy_job: [3, D]` job runs as soon as `build_job: [1, A]` job finishes, +without waiting for the other `build_job` jobs to finish. + ## Troubleshooting ### Inconsistent user assignment when running manual jobs diff --git a/doc/integration/advanced_search/elasticsearch.md b/doc/integration/advanced_search/elasticsearch.md index c0fe376da9c..9dea4b517f9 100644 --- a/doc/integration/advanced_search/elasticsearch.md +++ b/doc/integration/advanced_search/elasticsearch.md @@ -555,6 +555,7 @@ The following Elasticsearch settings are available: | `Client request timeout` | Elasticsearch HTTP client request timeout value in seconds. `0` means using the system default timeout value, which depends on the libraries that GitLab application is built upon. | | `Code indexing concurrency` | Maximum number of Elasticsearch code indexing background jobs allowed to run concurrently. This only applies to repository indexing operations. | | `Retry on failure` | Maximum number of possible retries for Elasticsearch search requests. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/486935) in GitLab 17.6. | +| `Index prefix` | Custom prefix for Elasticsearch index names. Defaults to `gitlab`. When changed, all indices will use this prefix instead of `gitlab` (for example, `custom-production-issues` instead of `gitlab-production-issues`). Must be 1-100 characters, contain only lowercase alphanumeric characters, hyphens, and underscores, and cannot start or end with a hyphen or underscore. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3421) in GitLab 18.2. | {{< alert type="warning" >}} diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md index 78d9af2078d..be44acd8dab 100644 --- a/doc/user/compliance/audit_event_types.md +++ b/doc/user/compliance/audit_event_types.md @@ -682,6 +682,7 @@ Audit event types belong to the following product categories. | Type name | Event triggered when | Saved to database | Introduced in | Scope | |:----------|:---------------------|:------------------|:--------------|:------| +| [`add_ssh_key`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/195379) | An SSH key is added to a user's profile. Group scope is only available for enterprise users. | {{< icon name="check-circle" >}} Yes | GitLab [18.2](https://gitlab.com/gitlab-org/gitlab/-/issues/361778) | User, Group | | [`email_confirmation_sent`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129261) | Users add or change an email address and it must be confirmed | {{< icon name="dotted-circle" >}} No | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377625) | User | | [`remove_ssh_key`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65615) | An SSH key is removed from a user's profile. Group scope was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/195390) for enterprise users in GitLab 18.2. | {{< icon name="check-circle" >}} Yes | GitLab [14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) | User, Group | | [`user_admin_status_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65168) | A user is either made an administrator or removed as an administrator | {{< icon name="check-circle" >}} Yes | GitLab [14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323905) | User | diff --git a/doc/user/compliance/compliance_frameworks/compliance_standards.md b/doc/user/compliance/compliance_frameworks/compliance_standards.md index 4f54448dd8e..7325a3c1219 100644 --- a/doc/user/compliance/compliance_frameworks/compliance_standards.md +++ b/doc/user/compliance/compliance_frameworks/compliance_standards.md @@ -238,7 +238,7 @@ the requirements. | 03.04.05 Access Restrictions for Change | a) Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. | | | 03.04.10 System Component Inventory | a) Develop and document an inventory of system components. b) Review and update the system component inventory. c) Update the system component inventory as part of installations, removals, and system updates. | | | 03.05.07 Password Management | b) Verify that passwords are not found on the list of commonly used, expected, or compromised passwords when users create or update passwords. c) Transmit passwords only over cryptographically protected channels. d) Store passwords in a cryptographically protected form. | | -| 03.11.02 Vulnerability Monitoring and Scanning | a) Monitor and scan the system for vulnerabilities and when new vulnerabilities affecting the system are identified. c) Update system vulnerabilities to be scanned and when new vulnerabilities are identified and reported. | | +| 03.11.02 Vulnerability Monitoring and Scanning | a) Monitor and scan the system for vulnerabilities and when new vulnerabilities affecting the system are identified. c) Update system vulnerabilities to be scanned and when new vulnerabilities are identified and reported. | | ### NIST CSF 2.0 compliance requirements @@ -264,6 +264,23 @@ The following table lists the requirements supported by GitLab for NIST SP 800-2 | PW.8 Test Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements | PW.8.2: Scope the testing, design the tests, perform the testing, and document the results, including recording and triaging all discovered issues and recommended remediations in the development team's workflow or issue tracking system. | | | RV.1 Identify and Confirm Vulnerabilities on an Ongoing Basis | RV.1.1: Gather information from software acquirers, users, and public sources on potential vulnerabilities in the software and third-party components that the software uses, and investigate all credible reports. | | +## SOC 2 compliance requirements + +SOC is the System and Organization Controls. + +The following table lists the requirements supported by GitLab for SOC 2 and the controls for the requirements. + +| SOC 2 requirement | Description | Supported controls | +|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------| +| CC3.2 - COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. | POF 7: Identifies Vulnerability of System Components - The entity identifies the vulnerabilities of system components, including system processes, infrastructure, software, and other information assets. | | +| CC3.4 - COSO Principle 9: The entity identifies and assesses changes that could significantly impact the system of internal control. | POF 4: Assesses Changes in Systems and Technology - The risk identification process considers changes arising from changes in the entity's systems and changes in the technology environment. POF 6: Assesses Changes in Threats and Vulnerabilities - The risk identification process assesses changes in (1) internal and external threats to and vulnerabilities of the components of the entity's systems and (2) the likelihood and magnitude of the resultant risks to the achievement of the entity's objectives. | | +| CC5.1 - COSO Principle 10: The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. | POF 6: Addresses Segregation of Duties - Management segregates incompatible duties and, where such segregation is not practical, management selects and develops alternative control activities. | | +| CC6.6 - The entity implements logical access security measures to protect against threats from sources outside its system boundaries. | POF 2: Protects Identification and Authentication Credentials - Identification and authentication credentials are protected during transmission outside its system boundaries. | | +| CC6.8 - The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity's objectives. | POF 2: Detects Unauthorized Changes to Software and Configuration Parameters - Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | | +| CC7.1 - To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities. | POF 5: Conducts Vulnerability Scans - The entity conducts infrastructure and software vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after significant changes are made to the environment. Action is taken to remediate identified deficiencies in a timely manner to support the achievement of the entity's objectives. | | +| CC7.2 - The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events. | POF 1: Implements Detection Policies, Procedures, and Tools - Detection policies, procedures, and tools are defined and implemented on infrastructure and software to identify potential intrusions, inappropriate access, and anomalies in the operation of or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management; (2) use of intelligence sources to identify newly discovered threats and vulnerabilities; and (3) logging of unusual system activities. | | +| CC8.1 - The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives. | POF 2: Authorizes Changes - A process is in place to authorize system and architecture changes prior to design, development, or acquisition and configuration. POF 7: Tests System Changes - A process is in place to test internally developed and acquired system changes prior to implementation into the production environment. Examples of testing may include unit, integration, regression, static and dynamic application source code, quality assurance, or automated testing (whether point in time or continuous). POF 8: Approves System Changes - A process is in place to approve system changes prior to implementation. POF 16: Protects Confidential Information - The entity protects confidential information during system design, development, testing, implementation, and change processes to support the achievement of the entity's objectives related to confidentiality. | | + ## TISAX compliance requirements TISAX is the Trusted Information Security Assessment Exchange. diff --git a/doc/user/gitlab_duo/turn_on_off.md b/doc/user/gitlab_duo/turn_on_off.md index 54cdf903159..9895982f361 100644 --- a/doc/user/gitlab_duo/turn_on_off.md +++ b/doc/user/gitlab_duo/turn_on_off.md @@ -16,7 +16,7 @@ Depending on your add-on, you can turn GitLab Duo on and off for a group, projec {{< history >}} -- [Introduced](https://link-to-issue) in GitLab 18.0. +- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/538857) in GitLab 18.0. {{< /history >}} diff --git a/doc/user/permissions.md b/doc/user/permissions.md index c7a9d369583..1c0872abe88 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -70,15 +70,15 @@ Group permission for [analytics](analytics/_index.md) features including value s | Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | | ------------------------------------------------------------------ | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| View [Insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View [Insights](project/insights/_index.md) charts | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View [Issue analytics](group/issues_analytics/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View Contribution analytics | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [insights](project/insights/_index.md) charts | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [issue analytics](group/issues_analytics/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View contribution analytics | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | View value stream analytics | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View [Productivity analytics](analytics/productivity_analytics.md) | | | ✓ | ✓ | ✓ | ✓ | -| View [Group DevOps Adoption](group/devops_adoption/_index.md) | | | ✓ | ✓ | ✓ | ✓ | +| View [productivity analytics](analytics/productivity_analytics.md) | | | ✓ | ✓ | ✓ | ✓ | +| View [group DevOps adoption](group/devops_adoption/_index.md) | | | ✓ | ✓ | ✓ | ✓ | | View metrics dashboard annotations | | | ✓ | ✓ | ✓ | ✓ | -| Create/edit/delete metrics dashboard annotations | | | | ✓ | ✓ | ✓ | +| Manage metrics dashboard annotations | | | | ✓ | ✓ | ✓ | ### Application security group permissions @@ -111,8 +111,8 @@ Group permissions for [compliance](compliance/_index.md) features including comp | Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | | -------------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | | View [audit events](compliance/audit_events.md) 1 | | | | ✓ | ✓ | ✓ | -| View licenses in the [dependency list](application_security/dependency_list/_index.md) | | | | ✓ | ✓ | ✓ | -| View the [compliance center](compliance/compliance_center/_index.md) | | | | | | ✓ | +| View licenses in [dependency list](application_security/dependency_list/_index.md) | | | | ✓ | ✓ | ✓ | +| View [compliance center](compliance/compliance_center/_index.md) | | | | | | ✓ | | Manage [compliance frameworks](compliance/compliance_frameworks/_index.md) | | | | | | ✓ | | Assign [compliance frameworks](compliance/compliance_frameworks/_index.md) to projects | | | | | | ✓ | | Manage [audit streams](compliance/audit_event_streaming.md) | | | | | | ✓ | @@ -125,18 +125,18 @@ Group permissions for [compliance](compliance/_index.md) features including comp Group permissions for [GitLab Duo](gitlab_duo/_index.md): -| Action | Non-member | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| --------------------------------------------------------------------------------------------------------- | :--------: | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| Use Duo features 1 | | | | ✓ | ✓ | ✓ | ✓ | -| Configure [Duo feature availability](gitlab_duo/turn_on_off.md#for-a-group-or-subgroup) | | | | | | ✓ | ✓ | -| Configure [GitLab Duo Self Hosted](../administration/gitlab_duo_self_hosted/configure_duo_features.md) | | | | | | | ✓ | -| Enable [beta and experimental features](gitlab_duo/turn_on_off.md#turn-on-beta-and-experimental-features) | | | | | | | ✓ | -| Purchase [Duo seats](../subscriptions/subscription-add-ons.md#purchase-additional-gitlab-duo-seats) | | | | | | | ✓ | +| Action | Non-member | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ---------------------------------------------------------------------------------------------------------- | :--------: | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| Use GitLab Duo features 1 | | | | ✓ | ✓ | ✓ | ✓ | +| Configure [GitLab Duo feature availability](gitlab_duo/turn_on_off.md#for-a-group-or-subgroup) | | | | | | ✓ | ✓ | +| Configure [GitLab Duo Self Hosted](../administration/gitlab_duo_self_hosted/configure_duo_features.md) | | | | | | | ✓ | +| Enable [beta and experimental features](gitlab_duo/turn_on_off.md#turn-on-beta-and-experimental-features) | | | | | | | ✓ | +| Purchase [GitLab Duo seats](../subscriptions/subscription-add-ons.md#purchase-additional-gitlab-duo-seats) | | | | | | | ✓ | **Footnotes** 1. If the user has GitLab Duo Pro or Enterprise, the - [user must be assigned a seat to gain access to that Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). + [user must be assigned a seat to gain access to that GitLab Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). If the user has GitLab Duo Core, there are no other requirements. ### Groups group permissions @@ -181,17 +181,17 @@ Group permissions for [group features](group/_index.md): ### Project planning group permissions -| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| ------------------------------------------------------------------------------------------ | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| View epic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| [Search](search/_index.md) epics 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Create epic | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Edit epic, including metadata, item locking, and resolving threads | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Delete epic | | ✓ | | | | ✓ | -| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Add issue to an [epic](group/epics/_index.md) 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Add/remove [child epics](group/epics/manage_epics.md#multi-level-child-epics) 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ----------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| View epic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| [Search](search/_index.md) epics 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Add issues to an [epic](group/epics/_index.md) 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Add [child epics](group/epics/manage_epics.md#multi-level-child-epics) 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Add internal notes | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Create epics | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Update epic details | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Delete epics | | ✓ | | | | ✓ | **Footnotes** @@ -214,15 +214,15 @@ Group permissions for [wikis](project/wiki/group.md): 1. Guests: In addition, if your group is public or internal, all users who can see the group can also see group wiki pages. 1. Guests: In addition, if your group is public or internal, all users who can see the group can also search group wiki pages. -#### Packages and registries group permissions +### Packages and registries group permissions Group permissions for [container registry](packages/_index.md): -| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| ------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| Pull a container registry image 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Pull a container image using the dependency proxy | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Delete a container registry image | | | | ✓ | ✓ | ✓ | +| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ----------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| Pull container registry images 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Pull container images with the dependency proxy | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Delete container registry images | | | | ✓ | ✓ | ✓ | **Footnotes** @@ -239,7 +239,7 @@ Group permissions for [package registry](packages/_index.md): | Manage dependency proxy cleanup policies | | | | | | ✓ | | Enable dependency proxy | | | | | | ✓ | | Disable dependency proxy | | | | | | ✓ | -| Purge the dependency proxy for a group | | | | | | ✓ | +| Purge the group dependency proxy | | | | | | ✓ | | Enable package request forwarding | | | | | | ✓ | | Disable package request forwarding | | | | | | ✓ | @@ -260,10 +260,10 @@ Group permissions for user management: | Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | | ------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | | View 2FA status of members | | | | | | ✓ | +| Filter members by 2FA status | | | | | | ✓ | | Manage group members | | | | | | ✓ | | Manage group-level custom roles | | | | | | ✓ | | Share (invite) groups to groups | | | | | | ✓ | -| Filter members by 2FA status | | | | | | ✓ | ### Workspace group permissions @@ -326,7 +326,8 @@ Project permissions for [application security](application_security/secure_your_ | Delete [individual security policies](application_security/policies/_index.md) | | | | ✓ | ✓ | ✓ | | Create [CVE ID request](application_security/cve_id_request.md) | | | | | ✓ | ✓ | | Change vulnerability status 1 | | | | | ✓ | ✓ | -| Create or assign [security policy project](application_security/policies/_index.md) | | | | | | ✓ | +| Create [security policy project](application_security/policies/_index.md) | | | | | | ✓ | +| Assign [security policy project](application_security/policies/_index.md) | | | | | | ✓ | | Manage [security configurations](application_security/detect/security_configuration.md) | | | | | | ✓ | **Footnotes** @@ -449,6 +450,19 @@ Project permissions for [compliance](compliance/_index.md) features including co visibility is not available. 1. Users can only view events based on their individual actions. For more details, see the [prerequisites](compliance/audit_events.md#prerequisites). +### GitLab Duo + +Project permissions for [GitLab Duo](gitlab_duo/_index.md): + +| Action | Non-member | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ------------------------------------------------------------------------------------ | :--------: | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| Use GitLab Duo features 1 | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Configure [GitLab Duo feature availability](gitlab_duo/turn_on_off.md#for-a-project) | | | | | | ✓ | ✓ | + +**Footnotes** + +1. Code Suggestions requires a [user being assigned a seat to gain access to a GitLab Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). + ### Machine learning model registry and experiment Project permissions for [model registry](project/ml/model_registry/_index.md) and [model experiments](project/ml/experiment_tracking/_index.md). @@ -458,9 +472,11 @@ Project permissions for [model registry](project/ml/model_registry/_index.md) an | View [models and versions](project/ml/model_registry/_index.md) 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | View [model experiments](project/ml/experiment_tracking/_index.md) 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | Create models, versions, and artifacts 3 | | | | ✓ | ✓ | ✓ | -| Edit & delete models, versions, and artifacts | | | | ✓ | ✓ | ✓ | +| Edit models, versions, and artifacts | | | | ✓ | ✓ | ✓ | +| Delete models, versions, and artifacts | | | | ✓ | ✓ | ✓ | | Create experiments and candidates | | | | ✓ | ✓ | ✓ | -| Edit & delete experiments and candidates | | | | ✓ | ✓ | ✓ | +| Edit experiments and candidates | | | | ✓ | ✓ | ✓ | +| Delete experiments and candidates | | | | ✓ | ✓ | ✓ | **Footnotes** @@ -505,7 +521,7 @@ Project permissions for [issues](project/issues/_index.md): | View [confidential issues](project/issues/confidential_issues.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | | [Search](search/_index.md) confidential issues and comments | | | ✓ | ✓ | ✓ | ✓ | | Edit issues, including metadata, item locking, and resolving threads 1 | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Add internal notes | | ✓ | ✓ | ✓ | ✓ | ✓ | | Close and reopen issues 2 | | ✓ | ✓ | ✓ | ✓ | ✓ | | Manage [design management](project/issues/design_management.md) files | | ✓ | ✓ | ✓ | ✓ | ✓ | | Manage [issue boards](project/issue_board.md) | | ✓ | ✓ | ✓ | ✓ | ✓ | @@ -581,14 +597,14 @@ Project permissions for [wikis](project/wiki/_index.md): Project permissions for [container registry](packages/_index.md): -| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| ----------------------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| Pull an image from the container registry 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Push an image to the container registry | | | | ✓ | ✓ | ✓ | -| Delete a container registry image | | | | ✓ | ✓ | ✓ | -| Manage cleanup policies | | | | | ✓ | ✓ | -| Create [tag protection](packages/container_registry/protected_container_tags.md) rule | | | | | ✓ | ✓ | -| Create [immutable tag protection](packages/container_registry/immutable_container_tags.md) rule | | | | | | ✓ | +| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ------------------------------------------------------------------------------------------------ | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| Pull container registry images 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Push container registry images | | | | ✓ | ✓ | ✓ | +| Delete container registry images | | | | ✓ | ✓ | ✓ | +| Manage cleanup policies | | | | | ✓ | ✓ | +| Create [tag protection](packages/container_registry/protected_container_tags.md) rules | | | | | ✓ | ✓ | +| Create [immutable tag protection](packages/container_registry/immutable_container_tags.md) rules | | | | | | ✓ | **Footnotes**: @@ -598,10 +614,10 @@ Project permissions for [package registry](packages/_index.md): | Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | | --------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| Pull a package 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Publish a package | | | | ✓ | ✓ | ✓ | -| Delete a package | | | | | ✓ | ✓ | -| Delete a file associated with a package | | | | | ✓ | ✓ | +| Pull packages 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Publish packages | | | | ✓ | ✓ | ✓ | +| Delete packages | | | | | ✓ | ✓ | +| Delete files associated with a package | | | | | ✓ | ✓ | **Footnotes** @@ -620,8 +636,8 @@ Project permissions for [project features](project/organize_work_with_projects.m | Download project 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | Reposition comments on images (posted by any user) 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View [Insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| View [Requirements](project/requirements/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [insights](project/insights/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [requirements](project/requirements/_index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | View [time tracking](project/time_tracking.md) reports 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | View [snippets](snippets.md) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | [Search](search/_index.md) [snippets](snippets.md) and comments | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | @@ -637,9 +653,9 @@ Project permissions for [project features](project/organize_work_with_projects.m | Edit project settings | | | | | ✓ | ✓ | | Change [project features visibility](public_access.md) level 6 | | | | | ✓ | ✓ | | Change custom settings for [project integrations](project/integrations/_index.md) | | | | | ✓ | ✓ | -| Edit comments (posted by any user) | | | | | ✓ | ✓ | +| Edit comments posted by other users | | | | | ✓ | ✓ | | Add [deploy keys](project/deploy_keys/_index.md) | | | | | ✓ | ✓ | -| Manage [Project Operations](../operations/_index.md) | | | | | ✓ | ✓ | +| Manage [project operations](../operations/_index.md) | | | | | ✓ | ✓ | | View [Usage Quotas](storage_usage_quotas.md) page | | | | | ✓ | ✓ | | Globally delete [snippets](snippets.md) | | | | | ✓ | ✓ | | Globally edit [snippets](snippets.md) | | | | | ✓ | ✓ | @@ -689,20 +705,20 @@ Project permissions for [repository](project/repository/_index.md) features incl | --------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | | View project code 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | [Search](search/_index.md) project code 2 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Pull project code 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| [Search](search/_index.md) commits and comments 3 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Pull project code 4 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | View commit status | | | ✓ | ✓ | ✓ | ✓ | -| Create commit status 4 | | | | ✓ | ✓ | ✓ | -| Update commit status 4 | | | | ✓ | ✓ | ✓ | -| [Search](search/_index.md) commits and comments 5 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Create commit status 5 | | | | ✓ | ✓ | ✓ | +| Update commit status 5 | | | | ✓ | ✓ | ✓ | | Create [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | | Delete [Git tags](project/repository/tags/_index.md) | | | | ✓ | ✓ | ✓ | | Create new [branches](project/repository/branches/_index.md) | | | | ✓ | ✓ | ✓ | -| Delete non-protected branches | | | | ✓ | ✓ | ✓ | -| Force push to non-protected branches | | | | ✓ | ✓ | ✓ | | Push to non-protected branches | | | | ✓ | ✓ | ✓ | +| Force push to non-protected branches | | | | ✓ | ✓ | ✓ | +| Delete non-protected branches | | | | ✓ | ✓ | ✓ | | Manage [protected branches](project/repository/branches/protected.md) | | | | | ✓ | ✓ | +| Push to protected branches 5 | | | | | ✓ | ✓ | | Delete protected branches | | | | | ✓ | ✓ | -| Push to protected branches 4 | | | | | ✓ | ✓ | | Manage [protected tags](project/protected_tags.md) | | | | | ✓ | ✓ | | Manage [push rules](project/repository/push_rules.md) | | | | | ✓ | ✓ | | Remove fork relationship | | | | | | ✓ | @@ -755,18 +771,18 @@ Project permissions for [repository](project/repository/_index.md) features incl Project permissions for [merge requests](project/merge_requests/_index.md): -| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| -------------------------------------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| [View](project/merge_requests/_index.md#view-merge-requests) a merge request 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| [Search](search/_index.md) merge requests and comments 1 | ✓ | | ✓ | ✓ | ✓ | ✓ | -| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | -| Create [merge request](project/merge_requests/creating_merge_requests.md) 2 | | | | ✓ | ✓ | ✓ | -| Comment and add suggestions to a merge request | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Update merge request including assign, review, approve, labels, lock threads, and resolve threads 3 | | | | ✓ | ✓ | ✓ | -| Manage [merge request settings](project/merge_requests/approvals/settings.md) | | | | | ✓ | ✓ | -| Manage [merge request approval rules](project/merge_requests/approvals/rules.md) | | | | | ✓ | ✓ | -| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | -| Delete merge request | | | | | | ✓ | +| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ----------------------------------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| [View](project/merge_requests/_index.md#view-merge-requests) a merge request 1 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| [Search](search/_index.md) merge requests and comments 1 | ✓ | | ✓ | ✓ | ✓ | ✓ | +| Add internal note | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Comment and add suggestions | | ✓ | ✓ | ✓ | ✓ | ✓ | +| Create [snippets](snippets.md) | | | ✓ | ✓ | ✓ | ✓ | +| Create [merge request](project/merge_requests/creating_merge_requests.md) 2 | | | | ✓ | ✓ | ✓ | +| Update merge request details 3 | | | | ✓ | ✓ | ✓ | +| Manage [merge request settings](project/merge_requests/approvals/settings.md) | | | | | ✓ | ✓ | +| Manage [merge request approval rules](project/merge_requests/approvals/rules.md) | | | | | ✓ | ✓ | +| Delete merge request | | | | | | ✓ | **Footnotes** @@ -780,17 +796,17 @@ Project permissions for [merge requests](project/merge_requests/_index.md): [cannot clone private projects](public_access.md#private-projects-and-groups). For **internal** projects, includes users with read-only access to the project, as [they can clone internal projects](public_access.md#internal-projects-and-groups). -1. For information on eligible approvers for merge requests, see [Eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). +1. For information on eligible approvers for merge requests, see [eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). ### User management Project permissions for [user management](project/members/_index.md). -| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| ------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | -| Manage [team members](project/members/_index.md) 1 | | | | | ✓ | ✓ | -| Share (invite) projects with groups 2 | | | | | ✓ | ✓ | -| View 2FA status of members | | | | | ✓ | ✓ | +| Action | Guest | Planner | Reporter | Developer | Maintainer | Owner | +| ---------------------------------------------------------------- | :---: | :-----: | :------: | :-------: | :--------: | :---: | +| View 2FA status of members | | | | | ✓ | ✓ | +| Manage [project members](project/members/_index.md) 1 | | | | | ✓ | ✓ | +| Share (invite) projects with groups 2 | | | | | ✓ | ✓ | **Footnotes** @@ -799,19 +815,6 @@ Project permissions for [user management](project/members/_index.md). 1. When [Share Group Lock](project/members/sharing_projects_groups.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing. -### GitLab Duo - -Project permissions for [GitLab Duo](gitlab_duo/_index.md): - -| Action | Non-member | Guest | Planner | Reporter | Developer | Maintainer | Owner | -| -------------------------------------------------------------------------------------- | ---------- | ----- | ------- | -------- | --------- | ---------- | ----- | -| Use Duo features 1 | | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -| Configure [Duo feature availability](gitlab_duo/turn_on_off.md#for-a-project) | | | | | | ✓ | ✓ | - -**Footnotes** - -1. Code Suggestions requires a [user being assigned a seat to gain access to a Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). - ## Subgroup permissions When you add a member to a subgroup, they inherit the membership and diff --git a/lib/api/entities/project.rb b/lib/api/entities/project.rb index e2278e7129f..fb511a7a936 100644 --- a/lib/api/entities/project.rb +++ b/lib/api/entities/project.rb @@ -162,6 +162,7 @@ module API expose :printing_merge_request_link_enabled, documentation: { type: 'boolean' } expose :merge_method, documentation: { type: 'string', example: 'merge' } expose :merge_request_title_regex, documentation: { type: 'string', example: '/Title of merge request/' } + expose :merge_request_title_regex_description, documentation: { type: 'string', example: 'This requires the title to include a Jira label' } expose :squash_option, documentation: { type: 'string', example: 'default_off' } expose :enforce_auth_checks_on_uploads, documentation: { type: 'boolean' } expose :suggestion_commit_message, documentation: { type: 'string', example: 'Suggestion message' } diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb index 30db1af6a85..86dbb61303a 100644 --- a/lib/api/helpers/projects_helpers.rb +++ b/lib/api/helpers/projects_helpers.rb @@ -82,6 +82,7 @@ module API optional :mr_default_target_self, type: Boolean, desc: 'Merge requests of this forked project targets itself by default' optional :warn_about_potentially_unwanted_characters, type: Boolean, desc: 'Warn about potentially unwanted characters' optional :merge_request_title_regex, type: String, desc: 'The regex the Merge Request must adhere to' + optional :merge_request_title_regex_description, type: String, desc: 'The description for the regex the Merge Request must adhere to' end params :optional_project_params_ee do @@ -178,6 +179,7 @@ module API :merge_trains_enabled, :merge_method, :merge_request_title_regex, + :merge_request_title_regex_description, :name, :only_allow_merge_if_all_discussions_are_resolved, :only_allow_merge_if_pipeline_succeeds, diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 225c6a3a087..9e0345d1ccd 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -16893,6 +16893,9 @@ msgstr "" msgid "ComplianceViolations|Your Compliance Violations CSV export for the group %{group_link} has been attached to this email." msgstr "" +msgid "ComplianceViolation|Audit event captured" +msgstr "" + msgid "ComplianceViolation|Detected" msgstr "" @@ -16902,6 +16905,9 @@ msgstr "" msgid "ComplianceViolation|In review" msgstr "" +msgid "ComplianceViolation|Registered event IP" +msgstr "" + msgid "ComplianceViolation|Resolved" msgstr "" @@ -23410,6 +23416,9 @@ msgstr "" msgid "DuoAgentsPlatform|Convert Jenkins to CI" msgstr "" +msgid "DuoAgentsPlatform|Could not display logs. Please try again" +msgstr "" + msgid "DuoAgentsPlatform|Enter the path to your Jenkinsfile." msgstr "" @@ -72854,6 +72863,12 @@ msgstr "" msgid "and" msgstr "" +msgid "and regex description must be either both set, or neither." +msgstr "" + +msgid "and regex must be either both set, or neither." +msgstr "" + msgid "any-approver for the group already exists" msgstr "" diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 2b3b782f6dc..23a00b8eea3 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -1038,7 +1038,8 @@ RSpec.describe ProjectsController, feature_category: :groups_and_projects do id: project.path, project: { project_setting_attributes: { - merge_request_title_regex: 'aaa' + merge_request_title_regex: 'aaa', + merge_request_title_regex_description: 'Test description' } } } @@ -1046,6 +1047,7 @@ RSpec.describe ProjectsController, feature_category: :groups_and_projects do project.reload expect(project.merge_request_title_regex).to eq('aaa') + expect(project.merge_request_title_regex_description).to eq('Test description') end end diff --git a/spec/features/projects/compare_spec.rb b/spec/features/projects/compare_spec.rb index 184902de150..5fd37e0f1d6 100644 --- a/spec/features/projects/compare_spec.rb +++ b/spec/features/projects/compare_spec.rb @@ -85,7 +85,7 @@ RSpec.describe "Compare", :js, feature_category: :source_code_management do ) end - it 'compares branches' do + it 'compares branches', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/547867' do visit project_compare_index_path(project) select_using_dropdown('from', 'master') diff --git a/spec/frontend/ci/pipelines_page/components/failure_widget/failed_job_details_spec.js b/spec/frontend/ci/pipelines_page/components/failure_widget/failed_job_details_spec.js index 3946ac43f98..eafcf268590 100644 --- a/spec/frontend/ci/pipelines_page/components/failure_widget/failed_job_details_spec.js +++ b/spec/frontend/ci/pipelines_page/components/failure_widget/failed_job_details_spec.js @@ -29,6 +29,7 @@ describe('FailedJobDetails component', () => { const defaultProps = { job, + canTroubleshootJob: true, }; const createComponent = ({ props = {} } = {}) => { diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb index 88606a32558..f1da54bdb82 100644 --- a/spec/graphql/types/project_type_spec.rb +++ b/spec/graphql/types/project_type_spec.rb @@ -50,7 +50,7 @@ RSpec.describe GitlabSchema.types['Project'], feature_category: :groups_and_proj protectable_branches available_deploy_keys explore_catalog_path container_protection_tag_rules pages_force_https pages_use_unique_domain ci_pipeline_creation_request ci_pipeline_creation_inputs marked_for_deletion_on permanent_deletion_date - merge_request_title_regex + merge_request_title_regex merge_request_title_regex_description ] expect(described_class).to include_graphql_fields(*expected_fields) diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml index 0de163942df..516c94336f4 100644 --- a/spec/lib/gitlab/import_export/safe_model_attributes.yml +++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml @@ -693,6 +693,7 @@ Project: - squash_commit_template - issue_branch_template - merge_request_title_regex +- merge_request_title_regex_description Author: - name ProjectFeature: diff --git a/spec/models/project_setting_spec.rb b/spec/models/project_setting_spec.rb index 2ffbb21944a..7e28af80fd1 100644 --- a/spec/models/project_setting_spec.rb +++ b/spec/models/project_setting_spec.rb @@ -26,6 +26,85 @@ RSpec.describe ProjectSetting, type: :model, feature_category: :groups_and_proje it { is_expected.to allow_value([]).for(:target_platforms) } it { is_expected.to validate_length_of(:issue_branch_template).is_at_most(255) } + it 'validates the length of merge_request_title_regex_description' do + is_expected.to validate_length_of(:merge_request_title_regex_description) + .is_at_most(Project::MAX_MERGE_REQUEST_TITLE_REGEX_DESCRIPTION) + end + + it 'validates the length of merge_request_title_regex' do + is_expected.to validate_length_of(:merge_request_title_regex) + .is_at_most(Project::MAX_MERGE_REQUEST_TITLE_REGEX) + end + + describe '#presence_of_merge_request_title_regex_settings' do + subject(:project_setting) do + build(:project_setting, merge_request_title_regex: regex, + merge_request_title_regex_description: description) + end + + let(:regex) { '/aaa/' } + let(:description) { 'Must be aaa' } + + context 'when only the regex is set' do + let(:description) { nil } + + it 'is not valid' do + expect(project_setting).not_to be_valid + expect(project_setting.errors[:merge_request_title_regex]) + .to include("and regex description must be either both set, or neither.") + expect(project_setting.errors[:merge_request_title_regex_description]) + .to include("and regex must be either both set, or neither.") + end + + context 'when is off' do + before do + stub_feature_flags(merge_request_title_regex: false) + end + + it 'is valid' do + expect(project_setting).to be_valid + end + end + end + + context 'when only the description is set' do + let(:regex) { nil } + + it 'is not valid' do + expect(project_setting).not_to be_valid + expect(project_setting.errors[:merge_request_title_regex]) + .to include("and regex description must be either both set, or neither.") + expect(project_setting.errors[:merge_request_title_regex_description]) + .to include("and regex must be either both set, or neither.") + end + + context 'when is off' do + before do + stub_feature_flags(merge_request_title_regex: false) + end + + it 'is valid' do + expect(project_setting).to be_valid + end + end + end + + context 'when neither are set' do + let(:regex) { nil } + let(:description) { nil } + + it 'is valid' do + expect(project_setting).to be_valid + end + end + + context 'when both are set' do + it 'is valid' do + expect(project_setting).to be_valid + end + end + end + it 'allows any combination of the allowed target platforms' do valid_target_platform_combinations.each do |target_platforms| expect(subject).to allow_value(target_platforms).for(:target_platforms) @@ -118,15 +197,15 @@ RSpec.describe ProjectSetting, type: :model, feature_category: :groups_and_proje it 'enqueues a auto merge process worker' do expect(AutoMergeProcessWorker).to receive(:perform_async).with({ 'project_id' => project_1.id }) - project_setting.update!(merge_request_title_regex: '/asa/') + project_setting.update!(merge_request_title_regex_description: '1', merge_request_title_regex: '/asa/') end context 'when regex is updated with the same value' do it 'enqueues a auto merge process worker only one' do expect(AutoMergeProcessWorker).to receive(:perform_async).with({ 'project_id' => project_1.id }).once - project_setting.update!(merge_request_title_regex: '/asa/') - project_setting.update!(merge_request_title_regex: '/asa/') + project_setting.update!(merge_request_title_regex_description: '1', merge_request_title_regex: '/asa/') + project_setting.update!(merge_request_title_regex_description: '1', merge_request_title_regex: '/asa/') end end @@ -138,7 +217,7 @@ RSpec.describe ProjectSetting, type: :model, feature_category: :groups_and_proje it 'does not enqueue the worker' do expect(AutoMergeProcessWorker).not_to receive(:perform_async) - project_setting.update!(merge_request_title_regex: '/asa/') + project_setting.update!(merge_request_title_regex_description: '1', merge_request_title_regex: '/asa/') end end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index e64e1fd2d90..25149b5411d 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -1558,6 +1558,7 @@ RSpec.describe Project, factory_default: :keep, feature_category: :groups_and_pr enforce_auth_checks_on_uploads enforce_auth_checks_on_uploads? merge_request_title_regex + merge_request_title_regex_description web_based_commit_signing_enabled ].each do |method| it { is_expected.to delegate_method(method).to(:project_setting).allow_nil } @@ -1570,6 +1571,7 @@ RSpec.describe Project, factory_default: :keep, feature_category: :groups_and_pr warn_about_potentially_unwanted_characters= enforce_auth_checks_on_uploads= merge_request_title_regex= + merge_request_title_regex_description= web_based_commit_signing_enabled= ].each do |method| it { is_expected.to delegate_method(method).to(:project_setting).with_arguments(:args).allow_nil } diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 87f19b3c508..2ddf150b0ec 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -4823,18 +4823,19 @@ RSpec.describe API::Projects, :aggregate_failures, feature_category: :groups_and expect(json_response['topics']).to eq(%w[topic2]) end - it 'updates the merge_request_title_regex' do + it 'updates the merge_request_title_regex and description' do project3.update!(merge_request_title_regex: nil) - project_param = { merge_request_title_regex: '/aaa/' } + project_param = { merge_request_title_regex: '/aaa/', merge_request_title_regex_description: 'Description of regex' } expect { put api("/projects/#{project3.id}", user), params: project_param } - .to change { project3.reload.merge_request_title_regex } - .from(nil) - .to(/aaa/) + .to change { [project3.reload.merge_request_title_regex, project3.merge_request_title_regex_description] } + .from([nil, nil]) + .to([/aaa/, "Description of regex"]) expect(response).to have_gitlab_http_status(:ok) expect(json_response['merge_request_title_regex']).to eq("/aaa/") + expect(json_response['merge_request_title_regex_description']).to eq("Description of regex") end it 'updates enforce_auth_checks_on_uploads' do diff --git a/spec/services/merge_requests/update_service_spec.rb b/spec/services/merge_requests/update_service_spec.rb index e44ebfeb7be..235df5d9b8d 100644 --- a/spec/services/merge_requests/update_service_spec.rb +++ b/spec/services/merge_requests/update_service_spec.rb @@ -1120,10 +1120,11 @@ RSpec.describe MergeRequests::UpdateService, :mailer, feature_category: :code_re describe 'AutoMerge::TitleDescriptionUpdateEvent' do let(:auto_merge_enabled) { true } let(:title_regex) { 'test' } + let(:description) { 'description' } before do merge_request.update!(auto_merge_enabled: true, merge_user: user) if auto_merge_enabled - project.update!(merge_request_title_regex: title_regex) + project.update!(merge_request_title_regex_description: description, merge_request_title_regex: title_regex) end context 'when the title changes' do @@ -1151,6 +1152,7 @@ RSpec.describe MergeRequests::UpdateService, :mailer, feature_category: :code_re context 'when project has no required regex' do let(:title_regex) { nil } + let(:description) { nil } it_behaves_like 'it does not publish the AutoMerge::TitleDescriptionUpdateEvent' end diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml index e778c2726ec..2fba34d6ef7 100644 --- a/spec/support/rspec_order_todo.yml +++ b/spec/support/rspec_order_todo.yml @@ -1955,6 +1955,7 @@ - './ee/spec/services/ee/issues/after_create_service_spec.rb' - './ee/spec/services/ee/issues/create_service_spec.rb' - './ee/spec/services/ee/issues/update_service_spec.rb' +- './ee/spec/services/ee/keys/create_service_spec.rb' - './ee/spec/services/ee/keys/destroy_service_spec.rb' - './ee/spec/services/ee/labels/promote_service_spec.rb' - './ee/spec/services/ee/members/create_service_spec.rb' @@ -2096,7 +2097,6 @@ - './ee/spec/services/iterations/update_service_spec.rb' - './ee/spec/services/jira/jql_builder_service_spec.rb' - './ee/spec/services/jira/requests/issues/list_service_spec.rb' -- './ee/spec/services/keys/create_service_spec.rb' - './ee/spec/services/keys/last_used_service_spec.rb' - './ee/spec/services/ldap_group_reset_service_spec.rb' - './ee/spec/services/lfs/lock_file_service_spec.rb' diff --git a/workhorse/go.mod b/workhorse/go.mod index 6e7d74fd02f..9c1a00f373a 100644 --- a/workhorse/go.mod +++ b/workhorse/go.mod @@ -5,7 +5,7 @@ go 1.23.0 toolchain go1.23.2 require ( - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.1 github.com/BurntSushi/toml v1.4.0 github.com/alecthomas/chroma/v2 v2.18.0 diff --git a/workhorse/go.sum b/workhorse/go.sum index 2ce856b38b7..e064827346b 100644 --- a/workhorse/go.sum +++ b/workhorse/go.sum @@ -72,8 +72,8 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 h1:OVoM452qUFBrX+URdH3VpR299ma4kfom0yB0URYky9g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0/go.mod h1:kUjrAo8bgEwLeZ/CmHqNl3Z/kPm7y6FKfxxK0izYUg4= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=