diff --git a/app/assets/javascripts/members/placeholders/components/placeholder_actions.vue b/app/assets/javascripts/members/placeholders/components/placeholder_actions.vue index 8d2563e5196..47b9cd55ad4 100644 --- a/app/assets/javascripts/members/placeholders/components/placeholder_actions.vue +++ b/app/assets/javascripts/members/placeholders/components/placeholder_actions.vue @@ -12,6 +12,7 @@ import { PLACEHOLDER_STATUS_AWAITING_APPROVAL, PLACEHOLDER_STATUS_REASSIGNING, } from '~/import_entities/import_groups/constants'; +import importSourceUsersQuery from '../graphql/queries/import_source_users.query.graphql'; import importSourceUserReassignMutation from '../graphql/mutations/reassign.mutation.graphql'; import importSourceUserKeepAsPlaceholderMutation from '../graphql/mutations/keep_as_placeholder.mutation.graphql'; import importSourceUseResendNotificationMutation from '../graphql/mutations/resend_notification.mutation.graphql'; @@ -49,7 +50,7 @@ export default { isLoadingMore: false, isValidated: false, search: '', - selectedUser: null, + selectedUserToReassign: null, }; }, @@ -90,7 +91,7 @@ export default { }, userSelectInvalid() { - return this.isValidated && !this.selectedUser; + return this.isValidated && !this.selectedUserToReassign; }, userItems() { @@ -98,7 +99,7 @@ export default { }, dontReassignSelected() { - return !isNull(this.selectedUser) && isEmpty(this.selectedUser); + return !isNull(this.selectedUserToReassign) && isEmpty(this.selectedUserToReassign); }, toggleText() { @@ -106,15 +107,15 @@ export default { return s__("UserMapping|Don't reassign"); } - if (this.selectedUser) { - return `@${this.selectedUser.username}`; + if (this.selectedUserToReassign) { + return `@${this.selectedUserToReassign.username}`; } return s__('UserMapping|Select user'); }, selectedUserValue() { - return this.selectedUser?.value; + return this.selectedUserToReassign?.value; }, confirmText() { @@ -131,7 +132,7 @@ export default { created() { if (this.statusIsAwaitingApproval || this.statusIsReassigning) { - this.selectedUser = this.sourceUser.reassignToUser; + this.selectedUserToReassign = this.sourceUser.reassignToUser; } this.debouncedSetSearch = debounce(this.setSearch, DEFAULT_DEBOUNCE_AND_THROTTLE_MS); @@ -174,14 +175,14 @@ export default { onSelect(value) { if (value === '') { - this.selectedUser = {}; + this.selectedUserToReassign = {}; try { this.$refs.userSelect.closeAndFocus(); } catch { // ignore when we can't close listbox } } else { - this.selectedUser = this.userItems.find((user) => user.value === value); + this.selectedUserToReassign = this.userItems.find((user) => user.value === value); } }, @@ -242,23 +243,24 @@ export default { onConfirm() { this.isValidated = true; if (!this.userSelectInvalid) { - const hasSelectedUser = Boolean(this.selectedUser.id); + const hasSelectedUserToReassign = Boolean(this.selectedUserToReassign.id); this.isConfirmLoading = true; this.$apollo .mutate({ - mutation: hasSelectedUser + mutation: hasSelectedUserToReassign ? importSourceUserReassignMutation : importSourceUserKeepAsPlaceholderMutation, variables: { id: this.sourceUser.id, - ...(hasSelectedUser ? { userId: this.selectedUser.id } : {}), + ...(hasSelectedUserToReassign ? { userId: this.selectedUserToReassign.id } : {}), }, + refetchQueries: [hasSelectedUserToReassign ? {} : importSourceUsersQuery], }) .then(({ data }) => { const { errors } = getFirstPropertyValue(data); if (errors?.length) { createAlert({ message: errors.join() }); - } else if (!hasSelectedUser) { + } else if (!hasSelectedUserToReassign) { this.$emit('confirm'); } }) diff --git a/app/assets/javascripts/sidebar/components/reviewers/sidebar_reviewers.vue b/app/assets/javascripts/sidebar/components/reviewers/sidebar_reviewers.vue index f06de09f3a7..e9bcae8e066 100644 --- a/app/assets/javascripts/sidebar/components/reviewers/sidebar_reviewers.vue +++ b/app/assets/javascripts/sidebar/components/reviewers/sidebar_reviewers.vue @@ -215,7 +215,7 @@ export default { size="small" category="tertiary" variant="confirm" - class="gl-ml-3" + class="gl-ml-2 !gl-text-sm" @click="toggleDrawerOpen()" > {{ __('Assign') }} diff --git a/app/models/concerns/protected_branch_access.rb b/app/models/concerns/protected_branch_access.rb index aa1d0fa5644..66160912571 100644 --- a/app/models/concerns/protected_branch_access.rb +++ b/app/models/concerns/protected_branch_access.rb @@ -7,7 +7,7 @@ module ProtectedBranchAccess included do belongs_to :protected_branch - delegate :project, to: :protected_branch, allow_nil: true + delegate :project, to: :protected_branch, allow_nil: true, prefix: :protected_ref # We cannot delegate to :protected_branch here (even with allow_nil: true) # like above because it results in @@ -17,5 +17,3 @@ module ProtectedBranchAccess end end end - -ProtectedBranchAccess.prepend_mod_with('ProtectedBranchAccess') diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb index 864c98b9b9c..ca3dca70770 100644 --- a/app/models/concerns/protected_ref_access.rb +++ b/app/models/concerns/protected_ref_access.rb @@ -52,10 +52,6 @@ module ProtectedRefAccess if: :role? end - def humanize - self.class.humanize(access_level) - end - def type :role end @@ -64,17 +60,31 @@ module ProtectedRefAccess type == :role end - def check_access(current_user, current_project = project) + def humanize + # humanize_role + # humanize_user + # humanize_group + # humanize_deploy_key + send(:"humanize_#{type}") # rubocop:disable GitlabSecurity/PublicSend -- Intentional meta programming to direct to correct type + end + + def check_access(current_user, current_project = protected_ref_project) return false if current_user.nil? || no_access? return current_user.admin? if admin_access? - yield if block_given? - - user_can_access?(current_user, current_project) + # role_access_allowed? + # user_access_allowed? + # group_access_allowed? + # deploy_key_access_allowed? + send(:"#{type}_access_allowed?", current_user, current_project) # rubocop:disable GitlabSecurity/PublicSend -- Intentional meta programming to direct check to correct type end private + def humanize_role + self.class.humanize(access_level) + end + def admin_access? role? && access_level == ::Gitlab::Access::ADMIN end @@ -83,12 +93,12 @@ module ProtectedRefAccess role? && access_level == Gitlab::Access::NO_ACCESS end - def user_can_access?(current_user, current_project) + def role_access_allowed?(current_user, current_project) # NOTE: A user could be a group member which would be inherited in - # projects, however, the same user can have direct membership to a project - # with a higher role. For this reason we need to check group-level rules - # against the current project when merging an MR or pushing changes to a - # protected branch. + # projects, however, the same user can have direct membership to a + # project with a higher role. For this reason we need to check group-level + # rules against the current project when merging an MR or pushing changes + # to a protected branch. if current_project current_user.can?(:push_code, current_project) && current_project.team.max_member_access(current_user.id) >= access_level diff --git a/app/models/concerns/protected_ref_deploy_key_access.rb b/app/models/concerns/protected_ref_deploy_key_access.rb index 56112badac3..0afd0383b52 100644 --- a/app/models/concerns/protected_ref_deploy_key_access.rb +++ b/app/models/concerns/protected_ref_deploy_key_access.rb @@ -19,31 +19,15 @@ module ProtectedRefDeployKeyAccess end def type - return :deploy_key if deploy_key_id.present? || deploy_key.present? + return :deploy_key if deploy_key_id || deploy_key super end - def humanize - return humanize_deploy_key if deploy_key? - - super - end - - def check_access(current_user, current_project = project) - super do - break deploy_key_access_allowed?(current_user) if deploy_key? - - yield if block_given? - end - end - private def humanize_deploy_key - return deploy_key.title if deploy_key.present? - - 'Deploy key' + deploy_key&.title || 'Deploy key' end def deploy_key? @@ -56,7 +40,10 @@ module ProtectedRefDeployKeyAccess errors.add(:deploy_key, 'is not enabled for this project') end - def deploy_key_access_allowed?(current_user) + # current_project is only available when evaluating a group-level protected + # branch. We only allow role based access levels at the group-level so we can + # ignore it here. + def deploy_key_access_allowed?(current_user, _current_project) deploy_key_owned_by?(current_user) && valid_deploy_key_status? end @@ -65,16 +52,16 @@ module ProtectedRefDeployKeyAccess end def valid_deploy_key_status? - deploy_key.user.can?(:read_project, project) && + deploy_key.user.can?(:read_project, protected_ref_project) && deploy_key_owner_project_member? && deploy_key_has_write_access_to_project? end def deploy_key_owner_project_member? - project.member?(deploy_key.user) + protected_ref_project.member?(deploy_key.user) end def deploy_key_has_write_access_to_project? - DeployKey.with_write_access_for_project(project, deploy_key: deploy_key).exists? + DeployKey.with_write_access_for_project(protected_ref_project, deploy_key: deploy_key).exists? end end diff --git a/app/models/concerns/protected_tag_access.rb b/app/models/concerns/protected_tag_access.rb index d2428813092..e905d0c6f96 100644 --- a/app/models/concerns/protected_tag_access.rb +++ b/app/models/concerns/protected_tag_access.rb @@ -7,6 +7,6 @@ module ProtectedTagAccess included do belongs_to :protected_tag - delegate :project, to: :protected_tag, allow_nil: true + delegate :project, to: :protected_tag, allow_nil: true, prefix: :protected_ref end end diff --git a/db/docs/batched_background_migrations/backfill_boards_epic_user_preferences_group_id.yml b/db/docs/batched_background_migrations/backfill_boards_epic_user_preferences_group_id.yml index 91db8a03671..357376d536f 100644 --- a/db/docs/batched_background_migrations/backfill_boards_epic_user_preferences_group_id.yml +++ b/db/docs/batched_background_migrations/backfill_boards_epic_user_preferences_group_id.yml @@ -5,4 +5,4 @@ feature_category: portfolio_management introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153684 milestone: '17.1' queued_migration_version: 20240521094917 -finalized_by: # version of the migration that finalized this BBM +finalized_by: '20241015232221' diff --git a/db/post_migrate/20241015232221_finalize_backfill_boards_epic_user_preferences_group_id.rb b/db/post_migrate/20241015232221_finalize_backfill_boards_epic_user_preferences_group_id.rb new file mode 100644 index 00000000000..55243f108fa --- /dev/null +++ b/db/post_migrate/20241015232221_finalize_backfill_boards_epic_user_preferences_group_id.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class FinalizeBackfillBoardsEpicUserPreferencesGroupId < Gitlab::Database::Migration[2.2] + milestone '17.6' + + disable_ddl_transaction! + + restrict_gitlab_migration gitlab_schema: :gitlab_main_cell + + def up + ensure_batched_background_migration_is_finished( + job_class_name: 'BackfillBoardsEpicUserPreferencesGroupId', + table_name: :boards_epic_user_preferences, + column_name: :id, + job_arguments: [:group_id, :epics, :group_id, :epic_id], + finalize: true + ) + end + + def down; end +end diff --git a/db/schema_migrations/20241015232221 b/db/schema_migrations/20241015232221 new file mode 100644 index 00000000000..b234219233c --- /dev/null +++ b/db/schema_migrations/20241015232221 @@ -0,0 +1 @@ +63f617491241ac99c8247c6c97f729bdb437761b55fb00c23f57677ed24bf6fc \ No newline at end of file diff --git a/doc/user/group/import/direct_transfer_migrations.md b/doc/user/group/import/direct_transfer_migrations.md index 4ef1bfd428a..6bdb2f4a29a 100644 --- a/doc/user/group/import/direct_transfer_migrations.md +++ b/doc/user/group/import/direct_transfer_migrations.md @@ -79,8 +79,11 @@ DETAILS: > - Full support for mapping inherited membership [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/458834) in GitLab 17.1. > - Removed from GitLab.com direct transfer migrations in GitLab 17.5 in favor of [the alternative](../../project/import/index.md#user-contribution-and-membership-mapping). -This method of user contributions and membership mapping is for self-managed GitLab instances. For the method available -on GitLab.com, see [User contribution and membership mapping](../../project/import/index.md#user-contribution-and-membership-mapping). +This method of user contributions and membership mapping is available for +GitLab self-managed without enabled feature flags. +For information on the other method available for GitLab self-managed +with enabled feature flags and for GitLab.com, +see [User contribution and membership mapping](../../project/import/index.md#user-contribution-and-membership-mapping). Users are never created during a migration. Instead, contributions and membership of users on the source instance are mapped to users on the destination instance. The type of mapping of a user's membership depends on the diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md index 23cb0e71e81..540a05e6d3f 100644 --- a/doc/user/profile/account/two_factor_authentication.md +++ b/doc/user/profile/account/two_factor_authentication.md @@ -277,6 +277,9 @@ Configure FortiToken Cloud in GitLab. On your GitLab server: ### Set up a WebAuthn device +> - Optional one-time password authentication for WebAuthn devices [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/378844) in GitLab 15.10 [with a feature flag](../../../administration/feature_flags.md) named `webauthn_without_totp`. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/396931) in GitLab 17.6. Feature flag `webauthn_without_totp` removed. + WebAuthn is [supported by](https://caniuse.com/#search=webauthn) the following: - Desktop browsers: diff --git a/doc/user/profile/achievements.md b/doc/user/profile/achievements.md index 4c5616bc177..4b262941347 100644 --- a/doc/user/profile/achievements.md +++ b/doc/user/profile/achievements.md @@ -16,7 +16,6 @@ DETAILS: FLAG: On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../../administration/feature_flags.md) named `achievements`. -This feature is not ready for production use. Achievements are a way to reward users for their activity on GitLab. As a namespace maintainer or owner, you can create custom achievements for specific contributions. You can award these diff --git a/doc/user/project/import/index.md b/doc/user/project/import/index.md index 73bb60a99af..09f271dd051 100644 --- a/doc/user/project/import/index.md +++ b/doc/user/project/import/index.md @@ -84,7 +84,7 @@ difficult, but several tools exist including: DETAILS: **Tier:** Free, Premium, Ultimate -**Offering:** GitLab.com +**Offering:** GitLab.com, Self-managed > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/443557) to direct transfer migrations for self-managed instances in GitLab 17.4 [with flags](../../../administration/feature_flags.md) named `importer_user_mapping` and `bulk_import_importer_user_mapping`. Disabled by default. @@ -92,8 +92,14 @@ FLAG: The availability of this feature is controlled by feature flags. For more information, see the history. -This method of user contributions and membership mapping is enabled for GitLab.com [direct transfer migrations](../../group/import/index.md). For the method available on -self-managed GitLab instances, see [User contributions and membership mapping](../../group/import/direct_transfer_migrations.md#user-contributions-and-membership-mapping). +This method of user contributions and membership mapping is available for +[direct transfer migrations](../../group/import/index.md) on: + +- GitLab.com +- GitLab self-managed when two feature flags are enabled + +For information on the other method available for GitLab self-managed without enabled feature flags, +see [User contributions and membership mapping](../../group/import/direct_transfer_migrations.md#user-contributions-and-membership-mapping). With user contribution and membership mapping, you can assign imported contributions and memberships to users on the destination instance after import has completed. Unlike the previous method of user contribution and membership mapping, @@ -108,9 +114,6 @@ Each user on the destination instance that is assigned a mapping can: attributed to them. - Reject the assignment. -This feature is an [experiment](../../../policy/experiment-beta-support.md). If you find a bug, open an issue in -[epic 12378](https://gitlab.com/groups/gitlab-org/-/epics/12378). - ### Requirements - You must be able to create enough users, subject to [user limits](#placeholder-user-limits). diff --git a/gems/gitlab-backup-cli/README.md b/gems/gitlab-backup-cli/README.md index 0d6b12b65aa..2bba6e48634 100644 --- a/gems/gitlab-backup-cli/README.md +++ b/gems/gitlab-backup-cli/README.md @@ -1,6 +1,32 @@ -# Gitlab::Backup::Cli +# GitLab Backup CLI -This gem will contain the Backup CLI logic. +## Overview + +The GitLab Backup CLI is the new Backup tool for all GitLab installations. + +The previous implementation relied on a couple of different approaches to implement backup. + +Some relied on rake tasks shipped along with the main codebase. Extra functionality was implemented as part of Omnibus GitLab, and a different implementation was done for Kubernetes. + +In this new implementation, we have a Unified approach: + +- All the Backup logic is implemented in a single tool. +- The same tool works across the different installation types. +- It provides a similar UX no matter which installation type it is running from. + +It aims to eventually supersede the previous backup mechanisms: + +- [gitlab-backup](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#command-line-interface) +- [backup-utility](https://docs.gitlab.com/charts/backup-restore/backup.html) +- [alternative strategies](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#alternative-backup-strategies) + +In addition, the new tool will add a new way of performing Backups when used with supported Cloud providers: + +- It will rely on Cloud providers' APIs to perform Backups at scale. +- It will provide a Unified UX across different Cloud providers' backup capability. + +Please check the Blueprint for additional information: +https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/backup_and_restore/ ## License diff --git a/scripts/verify-tff-mapping b/scripts/verify-tff-mapping index 5fc0f33638a..8716d83e6c5 100755 --- a/scripts/verify-tff-mapping +++ b/scripts/verify-tff-mapping @@ -480,6 +480,78 @@ tests = [ ] }, + { + explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2131393513', + changed_file: 'ee/app/policies/ee/group_policy.rb', + expected: %w[ + spec/policies/group_policy_spec.rb + ee/spec/policies/group_policy_spec.rb + ee/spec/features/groups/groups_security_credentials_spec.rb + ] + }, + + { + explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2132805842', + changed_file: 'lib/gitlab/ci/mask_secret.rb', + expected: %w[ + ee/spec/lib/gitlab/ci/google_cloud/generate_build_environment_variables_service_spec.rb + ee/spec/models/dast_site_profile_spec.rb + ee/spec/models/ee/project_spec.rb + spec/features/admin_variables_spec.rb + spec/features/group_variables_spec.rb + spec/features/project_group_variables_spec.rb + spec/features/project_variables_spec.rb + spec/lib/expand_variables_spec.rb + spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb + spec/lib/gitlab/ci/config/external/file/artifact_spec.rb + spec/lib/gitlab/ci/config/external/file/base_spec.rb + spec/lib/gitlab/ci/config/external/file/local_spec.rb + spec/lib/gitlab/ci/config/external/file/project_spec.rb + spec/lib/gitlab/ci/config/external/file/remote_spec.rb + spec/lib/gitlab/ci/config/external/file/template_spec.rb + spec/lib/gitlab/ci/config/external/mapper/matcher_spec.rb + spec/lib/gitlab/ci/config/interpolation/functions/expand_vars_spec.rb + spec/lib/gitlab/ci/mask_secret_spec.rb + spec/lib/gitlab/ci/variables/collection/item_spec.rb + spec/models/ci/build_spec.rb + spec/models/clusters/kubernetes_namespace_spec.rb + spec/models/clusters/platforms/kubernetes_spec.rb + spec/models/integrations/apple_app_store_spec.rb + spec/models/integrations/diffblue_cover_spec.rb + spec/models/integrations/google_play_spec.rb + spec/models/integrations/harbor_spec.rb + spec/models/project_spec.rb + spec/requests/api/admin/ci/variables_spec.rb + spec/requests/api/ci/variables_spec.rb + spec/requests/api/graphql/ci/group_variables_spec.rb + spec/requests/api/graphql/ci/inherited_ci_variables_spec.rb + spec/requests/api/graphql/ci/instance_variables_spec.rb + spec/requests/api/graphql/ci/project_variables_spec.rb + spec/requests/api/group_variables_spec.rb + spec/services/ci/change_variable_service_spec.rb + spec/services/ci/create_pipeline_service/creation_errors_and_warnings_spec.rb + ] + }, + + { + explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2132808426', + changed_file: 'lib/gitlab/ci/build/rules/rule/clause/changes.rb', + expected: %w[ + spec/lib/gitlab/ci/build/rules/rule/clause/changes_spec.rb + spec/lib/gitlab/ci/build/rules/rule_spec.rb + spec/lib/gitlab/ci/config/external/rules_spec.rb + ] + }, + + { + explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2138440847', + changed_file: 'app/services/merge_requests/mergeability/check_open_status_service.rb', + expected: %w[ + ee/spec/graphql/ee/types/merge_request_type_spec.rb + spec/services/merge_requests/mergeability/check_open_status_service_spec.rb + ] + }, + # Why is it commented out? # # We cannot uncomment this, as this "spec" would fail as soon as we add/remove a file in @@ -516,6 +588,38 @@ tests = [ # ] # }, + # Why is it commented out? + # + # We cannot uncomment this, as this "spec" would fail as soon as we add/remove a file in + # the "spec/features" folder hierarchy that would contain the word navbar/sidebar. + # + # { + # explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_1939569462', + # changed_file: 'lib/api/hooks/events.rb', + # expected: %w[ + # ee/spec/requests/api/group_hooks_spec.rb + # ee/spec/requests/api/project_hooks_spec.rb + # spec/requests/api/project_hooks_spec.rb + # spec/requests/api/system_hooks_spec.rb + # ] + # } + + # Why is it commented out? + # + # We cannot uncomment this, as this "spec" would fail as soon as we add/remove a file in + # the "spec/features" folder hierarchy that would contain the word navbar/sidebar. + # + # { + # explanation: 'https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_1939569462', + # changed_file: 'ee/lib/api/group_hooks.rb', + # expected: %w[ + # ee/spec/requests/api/group_hooks_spec.rb + # ee/spec/requests/api/project_hooks_spec.rb + # spec/requests/api/project_hooks_spec.rb + # spec/requests/api/system_hooks_spec.rb + # ] + # }, + { explanation: 'Run database dictionary related specs on db/docs changes.', changed_file: 'db/docs/design_management_repositories.yml', diff --git a/spec/frontend/members/placeholders/components/placeholder_actions_spec.js b/spec/frontend/members/placeholders/components/placeholder_actions_spec.js index 97787190974..f509c8a09cd 100644 --- a/spec/frontend/members/placeholders/components/placeholder_actions_spec.js +++ b/spec/frontend/members/placeholders/components/placeholder_actions_spec.js @@ -177,6 +177,10 @@ describe('PlaceholderActions', () => { await waitForPromises(); expect(wrapper.emitted('confirm')[0]).toEqual([]); }); + + it('refetches sourceUsersQuery', () => { + expect(sourceUsersQueryHandler).toHaveBeenCalledTimes(2); + }); }); }); @@ -218,6 +222,10 @@ describe('PlaceholderActions', () => { await waitForPromises(); expect(wrapper.emitted('confirm')).toBeUndefined(); }); + + it('does not refetch sourceUsersQuery', () => { + expect(sourceUsersQueryHandler).toHaveBeenCalledTimes(1); + }); }); }); }); diff --git a/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb index 4703ac6a33d..2beabe7be2f 100644 --- a/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb +++ b/spec/support/shared_examples/models/concerns/protected_branch_access_shared_examples.rb @@ -5,19 +5,19 @@ RSpec.shared_examples 'protected branch access' do it { is_expected.to belong_to(:protected_branch) } - describe '#project' do + describe '#protected_ref_project' do include_context 'for protected ref access' - it 'delegates project to protected_branch association' do + it 'delegates to protected_branch.project' do allow(protected_ref).to receive(:project) - described_class.new(protected_branch: protected_ref).project + described_class.new(protected_branch: protected_ref).protected_ref_project expect(protected_ref).to have_received(:project) end it 'does not error when protected_branch is nil' do - expect(described_class.new.project).to be_nil + expect(described_class.new.protected_ref_project).to be_nil end end diff --git a/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb b/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb index 3c6e6033470..1bc45ea2e88 100644 --- a/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb +++ b/spec/support/shared_examples/models/concerns/protected_tag_access_shared_examples.rb @@ -5,19 +5,19 @@ RSpec.shared_examples 'protected tag access' do it { is_expected.to belong_to(:protected_tag) } - describe '#project' do + describe '#protected_ref_project' do let_it_be(:protected_tag) { create(:protected_tag) } - it 'delegates project to protected_tag association' do + it 'delegates to protected_tag.project' do allow(protected_tag).to receive(:project) - described_class.new(protected_tag: protected_tag).project + described_class.new(protected_tag: protected_tag).protected_ref_project expect(protected_tag).to have_received(:project) end it 'does not error when protected_tag is nil' do - expect(described_class.new.project).to be_nil + expect(described_class.new.protected_ref_project).to be_nil end end end diff --git a/tests.yml b/tests.yml index 8e74693fb3b..f31eea367a2 100644 --- a/tests.yml +++ b/tests.yml @@ -222,3 +222,73 @@ mapping: # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_1988359861 - source: '(?ee/)?lib/sidebars/(?.+)\.rb' test: '%{prefix}spec/features/**/{navbar,sidebar}_spec.rb' + + # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2131393513 + - source: 'ee/app/policies/ee/group_policy\.rb' + test: 'ee/spec/features/groups/groups_security_credentials_spec.rb' + + # Any change to lib/gitlab/ci/mask_secret.rb should trigger any spec relying on masking CI secrets + # The list below was computed by searching for the following terms: + # + # - `[MASKED]` in any `spec` folder + # - `masked: true` in any `spec` folder + # + # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2132805842 + - source: 'lib/gitlab/ci/mask_secret\.rb' + test: + - ee/spec/lib/gitlab/ci/google_cloud/generate_build_environment_variables_service_spec.rb + - ee/spec/models/dast_site_profile_spec.rb + - ee/spec/models/ee/project_spec.rb + - spec/features/admin_variables_spec.rb + - spec/features/group_variables_spec.rb + - spec/features/project_group_variables_spec.rb + - spec/features/project_variables_spec.rb + - spec/lib/expand_variables_spec.rb + - spec/lib/gitlab/ci/build/rules/rule/clause/exists_spec.rb + - spec/lib/gitlab/ci/config/external/file/artifact_spec.rb + - spec/lib/gitlab/ci/config/external/file/base_spec.rb + - spec/lib/gitlab/ci/config/external/file/local_spec.rb + - spec/lib/gitlab/ci/config/external/file/project_spec.rb + - spec/lib/gitlab/ci/config/external/file/remote_spec.rb + - spec/lib/gitlab/ci/config/external/file/template_spec.rb + - spec/lib/gitlab/ci/config/external/mapper/matcher_spec.rb + - spec/lib/gitlab/ci/config/interpolation/functions/expand_vars_spec.rb + - spec/lib/gitlab/ci/mask_secret_spec.rb + - spec/lib/gitlab/ci/variables/collection/item_spec.rb + - spec/models/ci/build_spec.rb + - spec/models/clusters/kubernetes_namespace_spec.rb + - spec/models/clusters/platforms/kubernetes_spec.rb + - spec/models/integrations/apple_app_store_spec.rb + - spec/models/integrations/diffblue_cover_spec.rb + - spec/models/integrations/google_play_spec.rb + - spec/models/integrations/harbor_spec.rb + - spec/models/project_spec.rb + - spec/requests/api/admin/ci/variables_spec.rb + - spec/requests/api/ci/variables_spec.rb + - spec/requests/api/graphql/ci/group_variables_spec.rb + - spec/requests/api/graphql/ci/inherited_ci_variables_spec.rb + - spec/requests/api/graphql/ci/instance_variables_spec.rb + - spec/requests/api/graphql/ci/project_variables_spec.rb + - spec/requests/api/group_variables_spec.rb + - spec/services/ci/change_variable_service_spec.rb + - spec/services/ci/create_pipeline_service/creation_errors_and_warnings_spec.rb + + # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2132808426 + - source: 'lib/gitlab/ci/build/rules/(?.+)\.rb' + test: + - spec/lib/gitlab/ci/build/rules/rule_spec.rb + - spec/lib/gitlab/ci/config/external/rules_spec.rb + + # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_2138440847 + - source: 'app/services/merge_requests/mergeability/(?.+)\.rb' + test: ee/spec/graphql/ee/types/merge_request_type_spec.rb + + # Any change to the (ee/)lib/api/hooks folder, or any files in (ee/)lib/api/ with the `hook` substring in them + # should map to specs that contain the words `hook` in both {ee/,}spec/requests/api + # + # See https://gitlab.com/gitlab-org/gitlab/-/issues/466068#note_1939569462 + - source: + - '(?ee/)?lib/api/hooks/(?.+)\.rb' + - '(?ee/)?lib/api/(?.+hook.+)\.rb' + test: + - '{ee/,}spec/requests/api/**/*hook*_spec.rb' diff --git a/tooling/lib/tooling/find_tests.rb b/tooling/lib/tooling/find_tests.rb index 3257e4fd89d..547a3ffe8e0 100644 --- a/tooling/lib/tooling/find_tests.rb +++ b/tooling/lib/tooling/find_tests.rb @@ -15,7 +15,7 @@ module Tooling def execute tff = TestFileFinder::FileFinder.new(paths: changed_files).tap do |file_finder| if ENV['RSPEC_TESTS_MAPPING_ENABLED'] == 'true' - # Run 50% of the predictive backend tests for any file changed, with a minimum of 20 backend test files. + # Run 50% of the predictive backend tests for any file changed, with a minimum of 14 backend test files. # # See https://gitlab.com/gitlab-org/gitlab/-/issues/450374#note_1836131381 file_finder.use TestFileFinder::MappingStrategies::DirectMatching.load_json(