diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index cec54c38b4e..495fdcd50e2 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -551,6 +551,28 @@ CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1 CLICKHOUSE_DB: gitlab_clickhouse_test +.use-pg16-clickhouse24: + extends: .use-pg16 + services: + - !reference [.db-services-with-auto-explain, services] + - name: clickhouse/clickhouse-server:24.9.1.3278-alpine + alias: clickhouse + variables: + CLICKHOUSE_USER: default + CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1 + CLICKHOUSE_DB: gitlab_clickhouse_test + +.use-pg16-clickhouse25: + extends: .use-pg16 + services: + - !reference [.db-services-with-auto-explain, services] + - name: clickhouse/clickhouse-server:25.4-alpine + alias: clickhouse + variables: + CLICKHOUSE_USER: default + CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: 1 + CLICKHOUSE_DB: gitlab_clickhouse_test + .as-if-foss: variables: FOSS_ONLY: '1' diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 02c710fa92c..13f391d9f33 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -393,17 +393,39 @@ rspec ci-config-validation mr-pipelines: - !reference [.base-script, script] - rspec_section rspec_simple_job "--tag ci_config_validation -- spec/dot_gitlab_ci/ci_configuration_validation/merge_request_pipeline_spec.rb" -gitlab:clickhouse:rollback:main: +gitlab:clickhouse-23:rollback:main: extends: - .rspec-base - - .production # Disable webmock from test environment + - .production - .use-pg16-clickhouse23 - .rails:rules:clickhouse-changes script: - - cp config/click_house.yml.example config/click_house.yml - - 'sed -i "s|url:.*$|url: http://clickhouse:8123|g" config/click_house.yml' + - !reference [.clickhouse-setup, script] + - 'sed -i "s|test:$|production:|g" config/click_house.yml' + - bundle exec rake gitlab:clickhouse:migrate && + bundle exec rake gitlab:clickhouse:rollback:main VERSION=0 + +gitlab:clickhouse-24:rollback:main: + extends: + - .rspec-base + - .production + - .use-pg16-clickhouse24 + - .rails:rules:clickhouse-changes + script: + - !reference [.clickhouse-setup, script] + - 'sed -i "s|test:$|production:|g" config/click_house.yml' + - bundle exec rake gitlab:clickhouse:migrate && + bundle exec rake gitlab:clickhouse:rollback:main VERSION=0 + +gitlab:clickhouse-25:rollback:main: + extends: + - .rspec-base + - .production + - .use-pg16-clickhouse25 + - .rails:rules:clickhouse-changes + script: + - !reference [.clickhouse-setup, script] - 'sed -i "s|test:$|production:|g" config/click_house.yml' - - !reference [.base-script, script] - bundle exec rake gitlab:clickhouse:migrate && bundle exec rake gitlab:clickhouse:rollback:main VERSION=0 diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index b814074b96e..b609d4a365a 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -34,6 +34,12 @@ include: variables: USE_REDIS_CLUSTER: "false" +.clickhouse-setup: + script: + - !reference [.base-script, script] + - cp config/click_house.yml.example config/click_house.yml + - 'sed -i "s|url:.*$|url: http://clickhouse:8123|g" config/click_house.yml' + .single-db: variables: DECOMPOSED_DB: "false" @@ -248,9 +254,23 @@ include: - .rspec-base - .use-pg16-clickhouse23 script: - - cp config/click_house.yml.example config/click_house.yml - - 'sed -i "s|url:.*$|url: http://clickhouse:8123|g" config/click_house.yml' - - !reference [.base-script, script] + - !reference [.clickhouse-setup, script] + - rspec_section rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag click_house" + +.rspec-base-pg16-clickhouse24: + extends: + - .rspec-base + - .use-pg16-clickhouse24 + script: + - !reference [.clickhouse-setup, script] + - rspec_section rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag click_house" + +.rspec-base-pg16-clickhouse25: + extends: + - .rspec-base + - .use-pg16-clickhouse25 + script: + - !reference [.clickhouse-setup, script] - rspec_section rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag click_house" .rspec-base-pg14: diff --git a/.rubocop_todo/rspec/no_expectation_example.yml b/.rubocop_todo/rspec/no_expectation_example.yml index a80f71c3ad8..3b4ff04e582 100644 --- a/.rubocop_todo/rspec/no_expectation_example.yml +++ b/.rubocop_todo/rspec/no_expectation_example.yml @@ -47,9 +47,6 @@ RSpec/NoExpectationExample: - 'qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_inheritable_when_forward_pipeline_variables_true_spec.rb' - 'qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_non_inheritable_when_forward_pipeline_variables_false_spec.rb' - 'qa/qa/specs/features/ee/api/2_plan/epics_to_work_items_sync_spec.rb' - - 'qa/qa/specs/features/ee/browser_ui/10_govern/change_vulnerability_status_spec.rb' - - 'qa/qa/specs/features/ee/browser_ui/10_govern/group/group_ldap_sync_spec.rb' - - 'qa/qa/specs/features/ee/browser_ui/10_govern/security_reports_spec.rb' - 'qa/qa/specs/features/ee/browser_ui/12_systems/geo/wiki_ssh_push_spec.rb' - 'qa/spec/specs/helpers/context_selector_spec.rb' - 'qa/spec/specs/helpers/feature_flag_spec.rb' diff --git a/DUO_WORKFLOW_EXECUTOR_VERSION b/DUO_WORKFLOW_EXECUTOR_VERSION index 155069a391d..1435d6cfcc3 100644 --- a/DUO_WORKFLOW_EXECUTOR_VERSION +++ b/DUO_WORKFLOW_EXECUTOR_VERSION @@ -1 +1 @@ -0.0.35 +0.0.37 diff --git a/app/assets/javascripts/groups/your_work/constants.js b/app/assets/javascripts/groups/your_work/constants.js index c4cd796cd2e..7904f2f5a82 100644 --- a/app/assets/javascripts/groups/your_work/constants.js +++ b/app/assets/javascripts/groups/your_work/constants.js @@ -23,6 +23,7 @@ const baseTab = { query: groupsQuery, queryPath: 'groups', listComponent: NestedGroupsProjectsList, + queryErrorMessage: __("Your groups couldn't be loaded. Refresh the page to try again."), }; export const MEMBER_TAB = { diff --git a/app/assets/javascripts/groups_projects/components/tab_view.vue b/app/assets/javascripts/groups_projects/components/tab_view.vue index a9f988e7549..224c46fbadc 100644 --- a/app/assets/javascripts/groups_projects/components/tab_view.vue +++ b/app/assets/javascripts/groups_projects/components/tab_view.vue @@ -21,11 +21,6 @@ export default { PAGINATION_TYPE_KEYSET, PAGINATION_TYPE_OFFSET, name: 'TabView', - i18n: { - errorMessage: __( - 'An error occurred loading the projects. Please refresh the page to try again.', - ), - }, components: { GlLoadingIcon, GlKeysetPagination, @@ -131,7 +126,7 @@ export default { this.$emit('query-complete'); }, error(error) { - createAlert({ message: this.$options.i18n.errorMessage, error, captureError: true }); + createAlert({ message: this.queryErrorMessage, error, captureError: true }); }, }; }, @@ -207,6 +202,9 @@ export default { return baseProps; }, + queryErrorMessage() { + return this.tab.queryErrorMessage || __('An error occurred. Refresh the page to try again.'); + }, }, watch: { 'items.count': function watchCount(newCount) { @@ -275,7 +273,7 @@ export default { item.children = this.tab.formatter(nodes); } catch (error) { - createAlert({ message: this.$options.i18n.errorMessage, error, captureError: true }); + createAlert({ message: this.queryErrorMessage, error, captureError: true }); } finally { item.childrenLoading = false; } diff --git a/app/assets/javascripts/projects/your_work/constants.js b/app/assets/javascripts/projects/your_work/constants.js index 693f302990e..aa42bb10e22 100644 --- a/app/assets/javascripts/projects/your_work/constants.js +++ b/app/assets/javascripts/projects/your_work/constants.js @@ -26,6 +26,7 @@ const baseTab = { type: TYPES.filter, }, formatter: formatProjects, + queryErrorMessage: __("Your projects couldn't be loaded. Refresh the page to try again."), }; export const CONTRIBUTED_TAB = { diff --git a/db/click_house/migrate/main/20240115122100_drop_audit_events.rb b/db/click_house/migrate/main/20240115122100_drop_audit_events.rb index 198e83ff7ee..9e0b50e160c 100644 --- a/db/click_house/migrate/main/20240115122100_drop_audit_events.rb +++ b/db/click_house/migrate/main/20240115122100_drop_audit_events.rb @@ -28,10 +28,5 @@ class DropAuditEvents < ClickHouse::Migration PARTITION BY toYear(created_at) ORDER BY (entity_type, entity_id, author_id, created_at, id); SQL - - execute <<~SQL - ALTER TABLE audit_events - ADD PROJECTION IF NOT EXISTS by_id (SELECT * ORDER BY id); - SQL end end diff --git a/db/click_house/migrate/main/20240618120011_create_duo_chat_events_table.rb b/db/click_house/migrate/main/20240618120011_create_duo_chat_events_table.rb index 9f8068e7978..cb327db4355 100644 --- a/db/click_house/migrate/main/20240618120011_create_duo_chat_events_table.rb +++ b/db/click_house/migrate/main/20240618120011_create_duo_chat_events_table.rb @@ -17,7 +17,7 @@ class CreateDuoChatEventsTable < ClickHouse::Migration def down execute <<~SQL - DROP VIEW IF EXISTS duo_chat_events + DROP TABLE IF EXISTS duo_chat_events SQL end end diff --git a/doc/ci/ci_cd_for_external_repos/bitbucket_integration.md b/doc/ci/ci_cd_for_external_repos/bitbucket_integration.md index eb1efb75772..cbddd96af70 100644 --- a/doc/ci/ci_cd_for_external_repos/bitbucket_integration.md +++ b/doc/ci/ci_cd_for_external_repos/bitbucket_integration.md @@ -65,7 +65,7 @@ To use GitLab CI/CD with a Bitbucket Cloud repository: 1. In GitLab, from **Settings > CI/CD > Variables**, add variables to allow communication with Bitbucket through the Bitbucket API: - - `BITBUCKET_ACCESS_TOKEN`: The Bitbucket app password created above. This variable should be [masked](../variables/_index.md#mask-a-cicd-variable). + - `BITBUCKET_ACCESS_TOKEN`: The Bitbucket app password created previously. This variable should be [masked](../variables/_index.md#mask-a-cicd-variable). - `BITBUCKET_USERNAME`: The username of the Bitbucket account. - `BITBUCKET_NAMESPACE`: Set this variable if your GitLab and Bitbucket namespaces differ. - `BITBUCKET_REPOSITORY`: Set this variable if your GitLab and Bitbucket project names differ. @@ -128,7 +128,7 @@ To use GitLab CI/CD with a Bitbucket Cloud repository: ``` 1. In Bitbucket, create a `.gitlab-ci.yml` file to use the script to push - pipeline success and failures to Bitbucket. Similar to the script added above, + pipeline success and failures to Bitbucket. Similar to the script added previously, this file is copied to the GitLab repository as part of the mirroring process. ```yaml diff --git a/doc/ci/cloud_services/azure/_index.md b/doc/ci/cloud_services/azure/_index.md index dd254258290..2b2c4fa8f3f 100644 --- a/doc/ci/cloud_services/azure/_index.md +++ b/doc/ci/cloud_services/azure/_index.md @@ -67,7 +67,7 @@ Instead of the Azure CLI, you can [use the Azure Portal to create these resource ## Create Azure AD federated identity credentials -To create the federated identity credentials for the above Azure AD application +To create the federated identity credentials for the previous Azure AD application for a specific branch in `/`: ```shell @@ -157,7 +157,7 @@ az rest --method POST --uri "https://graph.microsoft.com/beta/applications/$obje ## Grant permissions for the service principal After you create the credentials, use [`role assignment`](https://learn.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#az-role-assignment-create) -to grant permissions to the above service principal to access to Azure resources: +to grant permissions to the previous service principal so it gets access to the Azure resources: ```shell az role assignment create --assignee $appId --role Reader --scope /subscriptions/ @@ -168,7 +168,7 @@ You can find your subscription ID in: - The [Azure Portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription). - The [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/manage-azure-subscriptions-azure-cli#get-the-active-subscription). -The command above grants read-only permissions to the entire subscription. For more information on applying the principle of least privilege in the context of your organization, read [Best practices for Azure AD roles](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices). +The previous command grants read-only permissions to the entire subscription. For more information on applying the principle of least privilege in the context of your organization, read [Best practices for Azure AD roles](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices). ## Retrieve a temporary credential diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index 97856af43b7..5830a44e1dd 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -364,7 +364,7 @@ To use Docker-in-Docker with TLS enabled in Kubernetes: ##### Docker-in-Docker with TLS disabled in Kubernetes -To use Docker-in-Docker with TLS disabled in Kubernetes, you must adapt the example above to: +To use Docker-in-Docker with TLS disabled in Kubernetes, you must adapt the previous example to: - Remove the `[[runners.kubernetes.volumes.empty_dir]]` section from the `values.yml` file. - Change the port from `2376` to `2375` with `DOCKER_HOST: tcp://docker:2375`. diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md index 9e29137275d..49093698f2f 100644 --- a/doc/ci/docker/using_docker_images.md +++ b/doc/ci/docker/using_docker_images.md @@ -355,11 +355,11 @@ follow these steps: image: registry.example.com:5000/namespace/image:tag ``` - In the example above, GitLab Runner looks at `registry.example.com:5000` for the + In the previous example, GitLab Runner looks at `registry.example.com:5000` for the image `namespace/image:tag`. You can add configuration for as many registries as you want, adding more -registries to the `"auths"` hash as described above. +registries to the `"auths"` hash as described previously. The full `hostname:port` combination is required everywhere for the runner to match the `DOCKER_AUTH_CONFIG`. For example, if @@ -418,7 +418,7 @@ To configure a Credentials Store: } ``` - - Or, if you're running self-managed runners, add the above JSON to + - Or, if you're running self-managed runners, add the JSON to `${GITLAB_RUNNER_HOME}/.docker/config.json`. GitLab Runner reads this configuration file and uses the needed helper for this specific repository. diff --git a/doc/ci/resource_groups/_index.md b/doc/ci/resource_groups/_index.md index 63434ffa17e..b8006511ebc 100644 --- a/doc/ci/resource_groups/_index.md +++ b/doc/ci/resource_groups/_index.md @@ -249,7 +249,7 @@ first check that the resource group is working correctly: - If the status is `running` or `pending`, the feature is working correctly. Wait until the job finishes and releases the resource. - If the status is `created` and the [process mode](#process-modes) is either **Oldest first** or **Newest first**, the feature is working correctly. Visit the pipeline page of the job and check which upstream stage or job is blocking the execution. - - If none of the above conditions are met, the feature might not be working correctly. [Report the issue to GitLab](#report-an-issue). + - If none of the previous conditions are met, the feature might not be working correctly. [Report the issue to GitLab](#report-an-issue). 1. If **View job currently using resource** is not available, the resource is not assigned to a job. Instead, check the resource's upcoming jobs. diff --git a/doc/ci/secrets/convert-to-id-tokens.md b/doc/ci/secrets/convert-to-id-tokens.md index 61fa5055f35..870676c3b38 100644 --- a/doc/ci/secrets/convert-to-id-tokens.md +++ b/doc/ci/secrets/convert-to-id-tokens.md @@ -172,8 +172,8 @@ $ vault write auth/jwt/role/myproject-staging - <`. - - Ping the engineering managers responsible for [the projects listed below](#known-dependencies-using-go). - - Most engineering managers can be identified on - [the product page](https://handbook.gitlab.com/handbook/product/categories/) or the - [feature page](https://handbook.gitlab.com/handbook/product/categories/features/). - - If you still can't find the engineering manager, use - [Git blame](../../user/project/repository/files/git_blame.md) to identify a maintainer - involved in the project. - -1. Create an upgrade issue for each dependency in the - [location indicated below](#known-dependencies-using-go) titled - `Support building with Go `. Add the proper labels to each issue - for easier triage. These should include the stage, group and section. - - The issue should be assigned by a member of the maintaining group. - - The milestone should be assigned by a member of the maintaining group. - - {{< alert type="note" >}} - - Some overlap exists between project dependencies. When creating an issue for a - dependency that is part of a larger product, note the relationship in the issue - body. For example: Projects built in the context of Omnibus GitLab have their - runtime Go version managed by Omnibus, but "support" and compatibility should - be a concern of the individual project. Issues in the parent project's dependencies - issue should be about adding support for the updated Go version. - - {{< /alert >}} - - {{< alert type="note" >}} - - The upgrade issues must include [upgrade validation items](#upgrade-validation) - in their definition of done. Creating a second [performance testing issue](#upgrade-validation) - titled `Validate operation and performance at scale with Go ` - is strongly recommended to help with scheduling tasks and managing workloads. - {{< /alert >}} - -1. Schedule an update with the [GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit/-/issues): - - Title the issue `Support using Go version `. - - Set the issue as related to every issue created in the previous step. -1. Schedule one issue per Sec Section team that maintains Go based Security Analyzers and add the `section::sec` label to each: - - [Static Analysis tracker](https://gitlab.com/gitlab-org/gitlab/-/issues). - - [Composition Analysis tracker](https://gitlab.com/gitlab-org/gitlab/-/issues). - - [Container Security tracker](https://gitlab.com/gitlab-org/gitlab/-/issues). - - {{< alert type="note" >}} - - Updates to these Security analyzers should not block upgrades to Charts or Omnibus since - the analyzers are built independently as separate container images. - - {{< /alert >}} - -1. Schedule builder updates with Distribution projects: - - Dependency and GitLab Development Kit issues created in previous steps should be set as blockers. - - Each issue should have the title `Support building with Go ` and description as noted: - - [Cloud-Native GitLab](https://gitlab.com/gitlab-org/charts/gitlab/-/issues) - - ```plaintext - Update the `GO_VERSION` in `ci_files/variables.yml`. - ``` - - - [Omnibus GitLab Builder](https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues) - - ```plaintext - Update `GO_VERSION` in `docker/VERSIONS`. - ``` - - - [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues) - - ```plaintext - Update `BUILDER_IMAGE_REVISION` in `.gitlab-ci.yml` to match tag from builder. - ``` - - {{< alert type="note" >}} - - If the component is not automatically upgraded for [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues) - and [Cloud Native GitLab](https://gitlab.com/gitlab-org/charts/gitlab/-/issues), - issues should be opened in their respective trackers titled `Updated bundled version of COMPONENT_NAME` - and set as blocked by the component's upgrade issue. - - {{< /alert >}} +1. Navigate to the [Build Architecture Configuration pipelines page](https://gitlab.com/gitlab-org/distribution/build-architecture/framework/configuration/-/pipelines). +1. Create a new pipeline for a dry run with these variables: + - Set `COMPONENT_UPGRADE` to `true`. + - Set `COMPONENT_NAME` to `golang.` + - Set `COMPONENT_VERSION` to the target upgrade version. +1. Run the pipeline. +1. Check for errors in the dry run pipeline. If any subscriber files throw errors because labels changed or directly responsible individuals are no + longer valid, contact the subscriber project and request they update their configuration. +1. After a successful dry-run pipeline, create another pipeline with these variables to create the upgrade epic and all associated issues: + - Set `COMPONENT_UPGRADE` to `true`. + - Set `COMPONENT_NAME` to `golang.` + - Set `COMPONENT_VERSION` to the target upgrade version. + - Set `EPIC_DRY_RUN` to `false`. +1. Run the pipeline. #### Known dependencies using Go diff --git a/doc/user/application_security/dependency_scanning/static_reachability.md b/doc/user/application_security/dependency_scanning/static_reachability.md index 4140e991da8..4611b3b2ac2 100644 --- a/doc/user/application_security/dependency_scanning/static_reachability.md +++ b/doc/user/application_security/dependency_scanning/static_reachability.md @@ -54,16 +54,30 @@ Prerequisites: Make sure you follow the [pip](dependency_scanning_sbom/_index.md#pip) or [pipenv](dependency_scanning_sbom/_index.md#pipenv) related instructions for dependency scanning using SBOM. You can also use any other Python package manager that is [supported](https://gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning#supported-files) by the DS analyzer. -To enable static reachability analysis: +To enable static reachability analysis from GitLab 18.0 and later: -- Set the CI/CD variable DS_STATIC_REACHABILITY_ENABLED to `true` +- Set the CI/CD variable `DS_STATIC_REACHABILITY_ENABLED` to `true` -
If you are using GitLab release `17.11.x` continue with these instructions +Static reachability is integrated into the `dependency-scanning` job of the latest Dependency-Scanning template. +Alternatively you can enable Static Reachability by including the [Dependency Scanning component](https://gitlab.com/components/dependency-scanning) rather than using the standard Dependency-Scanning template. + +```yaml +include: + - component: ${CI_SERVER_FQDN}/components/dependency-scanning/main@0 + inputs: + enable_static_reachability: true + rules: + - if: $CI_SERVER_HOST == "gitlab.com" +``` + +Please notice that to use GitLab.com components on a GitLab Self-Managed instance, you [must mirror](../../../ci/components/_index.md#use-a-gitlabcom-component-on-gitlab-self-managed) the component project. + +Static reachability analysis functionality is supported in [Dependency Scanning analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning) version `0.23.0` and all subsequent versions. + +
If you are using GitLab 17.11 follow these instructions to enable Static Reachability Analysis - Make sure you extend `dependency-scanning-with-reachability` needs section to depend on the build job that creates the artifact required by the DS analyzer. -Enabling static reachability for non SaaS users using `17.11.x` release: - ```yaml stages: - build @@ -100,7 +114,7 @@ dependency-scanning-with-reachability: artifacts: true ``` -Static reachability introduces two key jobs: +Static reachability in 17.11 introduces two key jobs: - `gitlab-static-reachability`: Performs Static Reachability Analysis (SRA) on your Python files. - `dependency-scanning-with-reachability`: Executes dependency scanning and generates an SBOM report enriched with reachability data. This job requires the artifact output from the `gitlab-static-reachability` job. @@ -116,16 +130,6 @@ dependency scanning without adding reachability data to the SBOM.
-Static reachability is currently integrated into the `dependency-scanning` job of the latest dependency scanning template for GitLab.com users, and will be available to all GitLab users with the 18.0 release. - -Static reachability analysis functionality is supported in [Dependency Scanning analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning) version `0.23.0` and all subsequent versions. - -{{< alert type="warning" >}} - -Changes to the CI/CD configuration for static reachability integration are proposed for the GA release. - -{{< /alert >}} - ## How static reachability analysis works Static reachability analysis requires two key components: diff --git a/gems/activerecord-gitlab/lib/active_record/gitlab_patches.rb b/gems/activerecord-gitlab/lib/active_record/gitlab_patches.rb index b70de557046..1b55c25bbd7 100644 --- a/gems/activerecord-gitlab/lib/active_record/gitlab_patches.rb +++ b/gems/activerecord-gitlab/lib/active_record/gitlab_patches.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true require "active_record" +require_relative "gitlab_patches/abstract_adapter" +require_relative "gitlab_patches/attribute_methods" require_relative "gitlab_patches/version" require_relative "gitlab_patches/rescue_from" require_relative "gitlab_patches/relation/find_or_create_by" diff --git a/gems/activerecord-gitlab/lib/active_record/gitlab_patches/abstract_adapter.rb b/gems/activerecord-gitlab/lib/active_record/gitlab_patches/abstract_adapter.rb new file mode 100644 index 00000000000..7266bd9fedc --- /dev/null +++ b/gems/activerecord-gitlab/lib/active_record/gitlab_patches/abstract_adapter.rb @@ -0,0 +1,103 @@ +# frozen_string_literal: true + +if defined?(Gitlab) && ActiveRecord.version.to_s != '7.1.5.1' + raise "This patch is only needed in Rails 7.1.5.1 for https://github.com/rails/rails/issues/51780" +end + +# rubocop:disable Lint/RescueException -- This is copied directly from Rails. +# rubocop:disable Lint/AmbiguousOperatorPrecedence -- This is a Rails patch. +# rubocop:disable Naming/RescuedExceptionsVariableName -- This is a Rails patch. +# rubocop:disable Style/NumericPredicate -- This is a Rails patch. +# rubocop:disable Cop/AvoidReturnFromBlocks -- This is a Rails patch. +# rubocop:disable Style/RescueStandardError -- This is a Rails patch. +module ActiveRecord + module ConnectionAdapters + class AbstractAdapter + # Add the new method that wraps configure_connection with exception handling + def attempt_configure_connection + configure_connection + rescue Exception # Need to handle things such as Timeout::ExitException + disconnect! + raise + end + + # Disconnects from the database if already connected, and establishes a new + # connection with the database. Implementors should define private #reconnect + # instead. + def reconnect!(restore_transactions: false) + retries_available = connection_retries + deadline = retry_deadline && Process.clock_gettime(Process::CLOCK_MONOTONIC) + retry_deadline + + @lock.synchronize do + reconnect + + enable_lazy_transactions! + @raw_connection_dirty = false + @verified = true + + reset_transaction(restore: restore_transactions) do + clear_cache!(new_connection: true) + attempt_configure_connection + end + rescue => original_exception + translated_exception = translate_exception_class(original_exception, nil, nil) + retry_deadline_exceeded = deadline && deadline < Process.clock_gettime(Process::CLOCK_MONOTONIC) + + if !retry_deadline_exceeded && retries_available > 0 + retries_available -= 1 + + if retryable_connection_error?(translated_exception) + backoff(connection_retries - retries_available) + retry + end + end + + @verified = false + + raise translated_exception + end + end + + # Reset the state of this connection, directing the DBMS to clear + # transactions and other connection-related server-side state. Usually a + # database-dependent operation. + # + # If a database driver or protocol does not support such a feature, + # implementors may alias this to #reconnect!. Otherwise, implementors + # should call super immediately after resetting the connection (and while + # still holding @lock). + def reset! + clear_cache!(new_connection: true) + reset_transaction + attempt_configure_connection + end + + # Checks whether the connection to the database is still active (i.e. not stale). + # This is done under the hood by calling #active?. If the connection + # is no longer active, then this method will reconnect to the database. + def verify! + unless active? + @lock.synchronize do + if @unconfigured_connection + @raw_connection = @unconfigured_connection + @unconfigured_connection = nil + attempt_configure_connection + @verified = true + return + end + + reconnect!(restore_transactions: true) + end + end + + @verified = true + end + end + end +end +# rubocop:enable Lint/RescueException +# rubocop:enable Lint/AmbiguousOperatorPrecedence +# rubocop:enable Naming/RescuedExceptionsVariableName +# rubocop:enable Style/NumericPredicate +# rubocop:enable Cop/AvoidReturnFromBlocks +# rubocop:enable Style/RescueStandardError diff --git a/gems/activerecord-gitlab/lib/active_record/gitlab_patches/attribute_methods.rb b/gems/activerecord-gitlab/lib/active_record/gitlab_patches/attribute_methods.rb new file mode 100644 index 00000000000..1d5ec50ec8d --- /dev/null +++ b/gems/activerecord-gitlab/lib/active_record/gitlab_patches/attribute_methods.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +if defined?(Gitlab) && ActiveRecord.version.to_s != '7.1.5.1' + raise "This patch is only needed in Rails 7.1.5.1 for https://github.com/rails/rails/issues/51780" +end + +# rubocop:disable Layout/EmptyLinesAroundAccessModifier -- This is copied directly from Rails. +# rubocop:disable Layout/IndentationWidth -- This is copied directly from Rails. +# rubocop:disable Layout/IndentationConsistency -- This is copied directly from Rails. +# rubocop:disable Style/MissingRespondToMissing -- This is copied directly from Rails. +# rubocop:disable Cop/LineBreakAroundConditionalBlock -- This is copied directly from Rails. +# rubocop:disable Style/IfUnlessModifier -- This is copied directly from Rails. +# rubocop:disable GitlabSecurity/PublicSend -- This is copied directly from Rails. +module ActiveRecord + module AttributeMethods + private + def method_missing(name, ...) + unless self.class.attribute_methods_generated? + if self.class.method_defined?(name) + # The method is explicitly defined in the model, but calls a generated + # method with super. So we must resume the call chain at the right setp. + last_method = method(name) + last_method = last_method.super_method while last_method.super_method + self.class.define_attribute_methods + if last_method.super_method + return last_method.super_method.call(...) + end + elsif self.class.define_attribute_methods | self.class.generate_alias_attributes + # Some attribute methods weren't generated yet, we retry the call + return public_send(name, ...) + end + end + + super + end + end +end +# rubocop:enable Layout/EmptyLinesAroundAccessModifier +# rubocop:enable Layout/IndentationWidth +# rubocop:enable Layout/IndentationConsistency +# rubocop:enable Style/MissingRespondToMissing +# rubocop:enable Cop/LineBreakAroundConditionalBlock +# rubocop:enable Style/IfUnlessModifier +# rubocop:enable GitlabSecurity/PublicSend diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 087737435cb..c55abdd2cb6 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -4048,6 +4048,9 @@ msgstr "" msgid "AdminAIPoweredFeatures|Feature" msgstr "" +msgid "AdminAIPoweredFeatures|GitLab Default" +msgstr "" + msgid "AdminAIPoweredFeatures|GitLab Duo Chat" msgstr "" @@ -6995,9 +6998,6 @@ msgstr "" msgid "An error occurred loading the project counts." msgstr "" -msgid "An error occurred loading the projects. Please refresh the page to try again." -msgstr "" - msgid "An error occurred loading the tab counts." msgstr "" @@ -7346,6 +7346,9 @@ msgstr "" msgid "An error occurred. Please try again." msgstr "" +msgid "An error occurred. Refresh the page to try again." +msgstr "" + msgid "An error occurred. Unable to reopen this merge request." msgstr "" @@ -35539,6 +35542,9 @@ msgstr "" msgid "LDAP|Default, minimum permission level for LDAP group members of %{group_name}." msgstr "" +msgid "LDAP|Group cn" +msgstr "" + msgid "LDAP|If you do not belong to this LDAP user filter you will lose ownership of %{group_name}." msgstr "" @@ -35575,6 +35581,9 @@ msgstr "" msgid "LDAP|This query must use valid %{ldap_link_start}LDAP Search Filter Syntax%{ldap_link_end}. Synchronize %{group_name}'s members with this LDAP user filter." msgstr "" +msgid "LDAP|User filter" +msgstr "" + msgid "LDAP|You can manage permission levels for individual group members in the Members tab." msgstr "" @@ -39514,6 +39523,12 @@ msgstr "" msgid "ModelRegistry|versions" msgstr "" +msgid "ModelSelection|Manage GitLab Duo by configuring and assigning models to AI-native features." +msgstr "" + +msgid "ModelSelection|Model Selection" +msgstr "" + msgid "Modified" msgstr "" @@ -71325,6 +71340,9 @@ msgstr[1] "" msgid "Your group %{group_name} has been marked for deletion and will be removed in %{days}." msgstr "" +msgid "Your groups couldn't be loaded. Refresh the page to try again." +msgstr "" + msgid "Your instance has %{remaining_user_count} users remaining of the %{total_user_count} in your subscription. When there are no more seats, users cannot be invited or added to the instance." msgstr "" @@ -71436,6 +71454,9 @@ msgstr "" msgid "Your projects" msgstr "" +msgid "Your projects couldn't be loaded. Refresh the page to try again." +msgstr "" + msgid "Your public email will be displayed on your public profile." msgstr "" diff --git a/qa/qa/specs/features/api/10_govern/group_access_token_spec.rb b/qa/qa/specs/features/api/10_software_supply_chain_security/group_access_token_spec.rb similarity index 97% rename from qa/qa/specs/features/api/10_govern/group_access_token_spec.rb rename to qa/qa/specs/features/api/10_software_supply_chain_security/group_access_token_spec.rb index 9ba06127080..6d3aab405d6 100644 --- a/qa/qa/specs/features/api/10_govern/group_access_token_spec.rb +++ b/qa/qa/specs/features/api/10_software_supply_chain_security/group_access_token_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'Group access token', product_group: :authentication do include QA::Support::Helpers::Project diff --git a/qa/qa/specs/features/api/10_govern/project_access_token_spec.rb b/qa/qa/specs/features/api/10_software_supply_chain_security/project_access_token_spec.rb similarity index 98% rename from qa/qa/specs/features/api/10_govern/project_access_token_spec.rb rename to qa/qa/specs/features/api/10_software_supply_chain_security/project_access_token_spec.rb index fba418c0209..1142575a0e5 100644 --- a/qa/qa/specs/features/api/10_govern/project_access_token_spec.rb +++ b/qa/qa/specs/features/api/10_software_supply_chain_security/project_access_token_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'Project access token', product_group: :authentication do include QA::Support::Helpers::Project diff --git a/qa/qa/specs/features/browser_ui/10_govern/group/group_access_token_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/group/group_access_token_spec.rb similarity index 91% rename from qa/qa/specs/features/browser_ui/10_govern/group/group_access_token_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/group/group_access_token_spec.rb index a354052d73d..ffb91dc3ef2 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/group/group_access_token_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/group/group_access_token_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'Group access tokens', product_group: :authentication do let(:group_access_token) { QA::Resource::GroupAccessToken.fabricate_via_browser_ui! } diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/2fa_recovery_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_recovery_spec.rb similarity index 96% rename from qa/qa/specs/features/browser_ui/10_govern/login/2fa_recovery_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_recovery_spec.rb index cc52262ae5c..a02bf548cec 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/2fa_recovery_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_recovery_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :requires_admin, :skip_live_env do + RSpec.describe 'Software Supply Chain Security', :requires_admin, :skip_live_env do describe '2FA', product_group: :authentication do let(:owner_user) { Runtime::User::Store.test_user } let(:owner_api_client) { owner_user.api_client } diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/2fa_ssh_recovery_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_ssh_recovery_spec.rb similarity index 96% rename from qa/qa/specs/features/browser_ui/10_govern/login/2fa_ssh_recovery_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_ssh_recovery_spec.rb index dba3836b3aa..48bf8ed5e11 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/2fa_ssh_recovery_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/2fa_ssh_recovery_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :requires_admin, :skip_live_env, + RSpec.describe 'Software Supply Chain Security', :requires_admin, :skip_live_env, product_group: :authentication do describe '2FA' do let!(:user) { Runtime::User::Store.test_user } diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/log_in_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_spec.rb similarity index 84% rename from qa/qa/specs/features/browser_ui/10_govern/login/log_in_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_spec.rb index 94079be9872..ca9138d2ccb 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/log_in_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :smoke, :health_check, :mobile, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :smoke, :health_check, :mobile, product_group: :authentication do describe 'basic user login' do it 'user logs in using basic credentials and logs out', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347880' do diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/log_in_with_2fa_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_with_2fa_spec.rb similarity index 97% rename from qa/qa/specs/features/browser_ui/10_govern/login/log_in_with_2fa_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_with_2fa_spec.rb index 5615461899b..1fd8436459e 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/log_in_with_2fa_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_in_with_2fa_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :requires_admin, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :requires_admin, product_group: :authentication do describe '2FA' do let!(:owner_user) { create(:user, :with_personal_access_token, username: "owner_user_#{SecureRandom.hex(4)}") } let!(:owner_api_client) { owner_user.api_client } diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/log_into_gitlab_via_ldap_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_gitlab_via_ldap_spec.rb similarity index 74% rename from qa/qa/specs/features/browser_ui/10_govern/login/log_into_gitlab_via_ldap_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_gitlab_via_ldap_spec.rb index c5cd11cd8a0..429c29613d4 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/log_into_gitlab_via_ldap_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_gitlab_via_ldap_spec.rb @@ -1,7 +1,8 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :orchestrated, :ldap_no_tls, :ldap_tls, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :orchestrated, :ldap_no_tls, :ldap_tls, + product_group: :authentication do describe 'LDAP login' do it 'user logs into GitLab using LDAP credentials', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347892' do diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/log_into_mattermost_via_gitlab_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_mattermost_via_gitlab_spec.rb similarity index 85% rename from qa/qa/specs/features/browser_ui/10_govern/login/log_into_mattermost_via_gitlab_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_mattermost_via_gitlab_spec.rb index ea7bad5205a..774af89fe3e 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/log_into_mattermost_via_gitlab_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/log_into_mattermost_via_gitlab_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :orchestrated, :mattermost, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :orchestrated, :mattermost, product_group: :authentication do describe 'Mattermost login' do it 'user logs into Mattermost using GitLab OAuth', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347891' do diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/login_via_instance_wide_saml_sso_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_instance_wide_saml_sso_spec.rb similarity index 84% rename from qa/qa/specs/features/browser_ui/10_govern/login/login_via_instance_wide_saml_sso_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_instance_wide_saml_sso_spec.rb index df2ea63c650..6b3520e693d 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/login_via_instance_wide_saml_sso_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_instance_wide_saml_sso_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :orchestrated, :instance_saml, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :orchestrated, :instance_saml, product_group: :authentication do describe 'Instance wide SAML SSO' do it( 'user logs in to gitlab with SAML SSO', diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb similarity index 97% rename from qa/qa/specs/features/browser_ui/10_govern/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb index 65025c9c2d7..5b27cc0f4f3 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/login_via_oauth_and_oidc_with_gitlab_as_idp_spec.rb @@ -1,7 +1,8 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :skip_live_env, requires_admin: 'creates users and instance OAuth application', + RSpec.describe 'Software Supply Chain Security', :skip_live_env, + requires_admin: 'creates users and instance OAuth application', only: { condition: -> { Runtime::Env.release } }, product_group: :authentication, quarantine: { type: :investigating, diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/oauth_login_with_github_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/oauth_login_with_github_spec.rb similarity index 81% rename from qa/qa/specs/features/browser_ui/10_govern/login/oauth_login_with_github_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/oauth_login_with_github_spec.rb index 4fa3201d7fa..21f952f8c12 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/oauth_login_with_github_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/oauth_login_with_github_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :orchestrated, :oauth, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :orchestrated, :oauth, product_group: :authentication do describe 'OAuth' do it 'connects and logs in with GitHub OAuth', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/402405' do diff --git a/qa/qa/specs/features/browser_ui/10_govern/login/register_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/register_spec.rb similarity index 97% rename from qa/qa/specs/features/browser_ui/10_govern/login/register_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/register_spec.rb index 92e40e44642..d989a1e2dc6 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/login/register_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/login/register_spec.rb @@ -1,7 +1,8 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern', :skip_signup_disabled, :requires_admin, product_group: :authentication do + RSpec.describe 'Software Supply Chain Security', :skip_signup_disabled, :requires_admin, + product_group: :authentication do describe 'while LDAP is enabled', :orchestrated, :ldap_no_tls, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934' do it 'allows the user to register and login' do diff --git a/qa/qa/specs/features/browser_ui/10_govern/project/project_access_token_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/project/project_access_token_spec.rb similarity index 91% rename from qa/qa/specs/features/browser_ui/10_govern/project/project_access_token_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/project/project_access_token_spec.rb index edee3f7534f..75f91d5268f 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/project/project_access_token_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/project/project_access_token_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'Project access tokens', :smoke, :health_check, product_group: :authentication do let(:project_access_token) { QA::Resource::ProjectAccessToken.fabricate_via_browser_ui! } diff --git a/qa/qa/specs/features/browser_ui/10_govern/user/impersonation_token_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/impersonation_token_spec.rb similarity index 94% rename from qa/qa/specs/features/browser_ui/10_govern/user/impersonation_token_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/impersonation_token_spec.rb index 142d4857d10..60668ac0296 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/user/impersonation_token_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/impersonation_token_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'Impersonation tokens', :requires_admin, product_group: :authentication do let(:admin_api_client) { Runtime::API::Client.as_admin } diff --git a/qa/qa/specs/features/browser_ui/10_govern/user/user_access_termination_spec.rb b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/user_access_termination_spec.rb similarity index 98% rename from qa/qa/specs/features/browser_ui/10_govern/user/user_access_termination_spec.rb rename to qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/user_access_termination_spec.rb index 734c18dea1e..d220f6a2ec7 100644 --- a/qa/qa/specs/features/browser_ui/10_govern/user/user_access_termination_spec.rb +++ b/qa/qa/specs/features/browser_ui/10_software_supply_chain_security/user/user_access_termination_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Govern' do + RSpec.describe 'Software Supply Chain Security' do describe 'User', :requires_admin, :skip_live_env, product_group: :authentication do let!(:project) { create(:project, :with_readme, name: 'project-for-user-group-access-termination', group: group) } diff --git a/spec/frontend/groups_projects/components/tab_view_spec.js b/spec/frontend/groups_projects/components/tab_view_spec.js index 78747698e4b..16a588b7b53 100644 --- a/spec/frontend/groups_projects/components/tab_view_spec.js +++ b/spec/frontend/groups_projects/components/tab_view_spec.js @@ -190,8 +190,7 @@ describe('TabView', () => { it('displays error alert', () => { expect(createAlert).toHaveBeenCalledWith({ - message: - 'An error occurred loading the projects. Please refresh the page to try again.', + message: "Your projects couldn't be loaded. Refresh the page to try again.", error, captureError: true, }); @@ -200,6 +199,26 @@ describe('TabView', () => { }, ); + describe('when queryErrorMessage is not defined', () => { + const error = new Error(); + + beforeEach(async () => { + createComponent({ + handlers: [[CONTRIBUTED_TAB.query, jest.fn().mockRejectedValue(error)]], + propsData: { tab: { ...CONTRIBUTED_TAB, queryErrorMessage: undefined } }, + }); + await waitForPromises(); + }); + + it('displays error alert with fallback message', () => { + expect(createAlert).toHaveBeenCalledWith({ + message: 'An error occurred. Refresh the page to try again.', + error, + captureError: true, + }); + }); + }); + describe('when tab.listComponent is NestedGroupsProjectsList', () => { beforeEach(() => { mockAxios.onGet(endpoint).replyOnce(200, dashboardGroupsResponse); @@ -290,8 +309,7 @@ describe('TabView', () => { it('displays error alert', () => { expect(createAlert).toHaveBeenCalledWith({ - message: - 'An error occurred loading the projects. Please refresh the page to try again.', + message: "Your groups couldn't be loaded. Refresh the page to try again.", error: new Error('Network Error'), captureError: true, }); diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index f2d126f61d3..46588c7fda1 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -5672,7 +5672,7 @@ RSpec.describe API::Users, '(API behavior when Current.organization is nil)', fe post api("/users", admin_no_org_context, admin_mode: true), params: user_creation_params expect(response).to have_gitlab_http_status(:internal_server_error) - expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil\)/) + expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil/) end end @@ -5684,7 +5684,7 @@ RSpec.describe API::Users, '(API behavior when Current.organization is nil)', fe params: { name: 'Test Token For Target No Org', scopes: ['api'] } expect(response).to have_gitlab_http_status(:internal_server_error) - expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil\)/) + expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil/) end end @@ -5699,7 +5699,7 @@ RSpec.describe API::Users, '(API behavior when Current.organization is nil)', fe } expect(response).to have_gitlab_http_status(:internal_server_error) - expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil\)/) + expect(json_response['message']).to match(/NoMethodError \(undefined method `id' for nil/) end end end