extends: extends:
- '@gitlab' - '@gitlab'
- plugin:promise/recommended - plugin:promise/recommended
- plugin:no-jquery/slim
- plugin:no-jquery/deprecated-3.4
globals: globals:
__webpack_public_path__: true __webpack_public_path__: true
gl: false gl: false
...@@ -30,7 +32,13 @@ rules: ...@@ -30,7 +32,13 @@ rules:
no-else-return: no-else-return:
- error - error
- allowElseIf: true - allowElseIf: true
import/no-unresolved:
- error
- ignore:
# https://gitlab.com/gitlab-org/gitlab/issues/38226
- '^ee_component/'
import/no-useless-path-segments: off import/no-useless-path-segments: off
import/order: off
lines-between-class-members: off lines-between-class-members: off
# Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother # Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother
vue/no-confusing-v-for-v-if: error vue/no-confusing-v-for-v-if: error
...@@ -38,11 +46,13 @@ rules: ...@@ -38,11 +46,13 @@ rules:
vue/no-use-v-if-with-v-for: off vue/no-use-v-if-with-v-for: off
vue/no-v-html: off vue/no-v-html: off
vue/use-v-on-exact: off vue/use-v-on-exact: off
no-jquery/no-ajax: error no-jquery/no-animate: off
no-jquery/no-ajax-events: error # all offenses of no-jquery/no-animate-toggle are false positives ( $toast.show() )
no-jquery/no-load: error no-jquery/no-animate-toggle: off
no-jquery/no-load-shorthand: error no-jquery/no-event-shorthand: off
no-jquery/no-fade: off
no-jquery/no-serialize: error no-jquery/no-serialize: error
no-jquery/no-sizzle: off
promise/always-return: off promise/always-return: off
promise/no-callback-in-promise: off promise/no-callback-in-promise: off
overrides: overrides:
... ...
......
VERSION merge=ours VERSION merge=ours
Dangerfile gitlab-language=ruby Dangerfile gitlab-language=ruby
*.pdf filter=lfs diff=lfs merge=lfs -text
...@@ -66,7 +66,7 @@ eslint-report.html ...@@ -66,7 +66,7 @@ eslint-report.html
/vendor/gitaly-ruby /vendor/gitaly-ruby
/builds* /builds*
/.gitlab_workhorse_secret /.gitlab_workhorse_secret
/.gitlab_pages_shared_secret /.gitlab_pages_secret
/webpack-report/ /webpack-report/
/knapsack/ /knapsack/
/rspec_flaky/ /rspec_flaky/
...@@ -84,3 +84,4 @@ jsdoc/ ...@@ -84,3 +84,4 @@ jsdoc/
.overcommit.yml .overcommit.yml
.projections.json .projections.json
/qa/.rakeTasks /qa/.rakeTasks
webpack-dev-server.json
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"
stages: stages:
- sync - sync
- prepare - prepare
- quick-test - quick-test
- test - test
- post-test
- review-prepare - review-prepare
- review - review
- qa - qa
- post-test - post-qa
- notification
- pages - pages
variables: variables:
RAILS_ENV: "test" RAILS_ENV: "test"
NODE_ENV: "test" NODE_ENV: "test"
SIMPLECOV: "true" SIMPLECOV: "true"
GIT_DEPTH: "50" GIT_DEPTH: "20"
GIT_SUBMODULE_STRATEGY: "none" GIT_SUBMODULE_STRATEGY: "none"
GET_SOURCES_ATTEMPTS: "3" GET_SOURCES_ATTEMPTS: "3"
KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
BUILD_ASSETS_IMAGE: "false" BUILD_ASSETS_IMAGE: "false"
ES_JAVA_OPTS: "-Xms256m -Xmx256m" ES_JAVA_OPTS: "-Xms256m -Xmx256m"
ELASTIC_URL: "http://elastic:changeme@docker.elastic.co-elasticsearch-elasticsearch:9200" ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
after_script: after_script:
- date - date
include: include:
- local: .gitlab/ci/cache-repo.gitlab-ci.yml
- local: .gitlab/ci/cng.gitlab-ci.yml - local: .gitlab/ci/cng.gitlab-ci.yml
- local: .gitlab/ci/docs.gitlab-ci.yml - local: .gitlab/ci/docs.gitlab-ci.yml
- local: .gitlab/ci/frontend.gitlab-ci.yml - local: .gitlab/ci/frontend.gitlab-ci.yml
- local: .gitlab/ci/global.gitlab-ci.yml - local: .gitlab/ci/global.gitlab-ci.yml
- local: .gitlab/ci/memory.gitlab-ci.yml - local: .gitlab/ci/memory.gitlab-ci.yml
- local: .gitlab/ci/notifications.gitlab-ci.yml
- local: .gitlab/ci/pages.gitlab-ci.yml - local: .gitlab/ci/pages.gitlab-ci.yml
- local: .gitlab/ci/qa.gitlab-ci.yml - local: .gitlab/ci/qa.gitlab-ci.yml
- local: .gitlab/ci/reports.gitlab-ci.yml - local: .gitlab/ci/reports.gitlab-ci.yml
... ...
......
# Builds a cached .tar.gz of the master branch with full history and
# uploads it to Google Cloud Storage. This archive is downloaded by a
# script defined by a CI/CD variable named CI_PRE_CLONE_SCRIPT. This has
# two benefits:
#
# 1. It speeds up builds. A 800 MB download only takes seconds.
# 2. It significantly reduces load on the file server. Smaller deltas
# means less time spent in git pack-objects.
#
# Since the destination directory of the archive depends on the project
# ID, this is only run on GitLab.com.
#
# CI_REPO_CACHE_CREDENTIALS contains the Google Cloud service account
# JSON for uploading to the gitlab-ci-git-repo-cache bucket. These
# credentials are stored in the Production vault.
#
# Note that this bucket should be located in the same continent as the
# runner, or network egress charges will apply:
# https://cloud.google.com/storage/pricing
cache-repo:
extends:
- .only:variables_refs-canonical-dot-com-schedules
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
stage: sync
allow_failure: true
variables:
GIT_DEPTH: 0
TAR_FILENAME: /tmp/gitlab-master.tar
script:
- gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS
- tar cf $TAR_FILENAME .
- gzip $TAR_FILENAME
- gsutil cp $TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/gitlab-master.tar.gz
...@@ -24,7 +24,8 @@ ...@@ -24,7 +24,8 @@
- apk add --update openssl - apk add --update openssl
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/trigger-build-docs - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/trigger-build-docs
- chmod 755 trigger-build-docs - chmod 755 trigger-build-docs
- gem install gitlab --no-document - gem install httparty --no-document --version 0.17.3
- gem install gitlab --no-document --version 4.13.0
# Always trigger a docs build in gitlab-docs only on docs-only branches. # Always trigger a docs build in gitlab-docs only on docs-only branches.
# Useful to preview the docs changes live. # Useful to preview the docs changes live.
... ...
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
- .default-before_script - .default-before_script
- .assets-compile-cache - .assets-compile-cache
- .only:changes-code-backstage-qa - .only:changes-code-backstage-qa
image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.22-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-18.06.1 image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1
stage: test stage: test
dependencies: ["setup-test-env"] dependencies: ["setup-test-env"]
needs: ["setup-test-env"] needs: ["setup-test-env"]
...@@ -74,7 +74,6 @@ gitlab:assets:compile pull-cache: ...@@ -74,7 +74,6 @@ gitlab:assets:compile pull-cache:
- .default-before_script - .default-before_script
- .assets-compile-cache - .assets-compile-cache
- .only:changes-code-backstage-qa - .only:changes-code-backstage-qa
- .use-pg9
stage: prepare stage: prepare
script: script:
- node --version - node --version
...@@ -83,6 +82,7 @@ gitlab:assets:compile pull-cache: ...@@ -83,6 +82,7 @@ gitlab:assets:compile pull-cache:
- retry bundle exec rake gitlab:assets:compile - retry bundle exec rake gitlab:assets:compile
- scripts/clean-old-cached-assets - scripts/clean-old-cached-assets
variables: variables:
SETUP_DB: "false"
# we override the max_old_space_size to prevent OOM errors # we override the max_old_space_size to prevent OOM errors
NODE_OPTIONS: --max_old_space_size=3584 NODE_OPTIONS: --max_old_space_size=3584
cache: cache:
...@@ -244,6 +244,12 @@ webpack-dev-server: ...@@ -244,6 +244,12 @@ webpack-dev-server:
dependencies: ["setup-test-env", "compile-assets pull-cache"] dependencies: ["setup-test-env", "compile-assets pull-cache"]
variables: variables:
WEBPACK_MEMORY_TEST: "true" WEBPACK_MEMORY_TEST: "true"
WEBPACK_VENDOR_DLL: "true"
script: script:
- node --version - yarn webpack-vendor
- node --expose-gc node_modules/.bin/webpack-dev-server --config config/webpack.config.js - node --expose-gc node_modules/.bin/webpack-dev-server --config config/webpack.config.js
artifacts:
name: webpack-dev-server
expire_in: 31d
paths:
- webpack-dev-server.json
...@@ -93,7 +93,7 @@ ...@@ -93,7 +93,7 @@
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}" - "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
.backstage-patterns: &backstage-patterns .backstage-patterns: &backstage-patterns
- "Dangerfile" - "Dangerfile"
...@@ -139,7 +139,7 @@ ...@@ -139,7 +139,7 @@
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}" - "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Backstage changes # Backstage changes
- "Dangerfile" - "Dangerfile"
- "danger/**/*" - "danger/**/*"
...@@ -163,7 +163,7 @@ ...@@ -163,7 +163,7 @@
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}" - "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# QA changes # QA changes
- ".dockerignore" - ".dockerignore"
- "qa/**/*" - "qa/**/*"
...@@ -183,7 +183,7 @@ ...@@ -183,7 +183,7 @@
- "config.ru" - "config.ru"
- "{package.json,yarn.lock}" - "{package.json,yarn.lock}"
- "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
- "doc/api/graphql/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
# Backstage changes # Backstage changes
- "Dangerfile" - "Dangerfile"
- "danger/**/*" - "danger/**/*"
...@@ -202,7 +202,7 @@ ...@@ -202,7 +202,7 @@
- name: redis:alpine - name: redis:alpine
.use-pg10: .use-pg10:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
services: services:
- name: postgres:10.9 - name: postgres:10.9
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
...@@ -213,15 +213,15 @@ ...@@ -213,15 +213,15 @@
- name: postgres:9.6 - name: postgres:9.6
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:alpine - name: redis:alpine
- name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12 - name: elasticsearch:5.6.12
.use-pg10-ee: .use-pg10-ee:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33" image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
services: services:
- name: postgres:10.9 - name: postgres:10.9
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- name: redis:alpine - name: redis:alpine
- name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12 - name: elasticsearch:5.6.12
.only-ee: .only-ee:
only: only:
... ...
......
.notify:
image: ruby:2.6-alpine
stage: notification
dependencies: []
cache: {}
before_script:
- apk update && apk add git curl bash
- source scripts/utils.sh
- source scripts/notifications.sh
- install_gitlab_gem
variables:
COMMIT_NOTES_URL: "https://${CI_SERVER_HOST}/${CI_PROJECT_PATH}/commit/${CI_COMMIT_SHA}#notes-list"
schedule:package-and-qa:notify-failure:
extends:
- .only:variables_refs-canonical-dot-com-schedules
- .notify
script:
- 'export NOTIFICATION_MESSAGE=":skull_and_crossbones: Scheduled QA against master failed! :skull_and_crossbones: See ${CI_PIPELINE_URL}. For downstream pipelines, see ${COMMIT_NOTES_URL}"'
- 'notify_on_job_failure schedule:package-and-qa qa-master "${NOTIFICATION_MESSAGE}" ci_failing'
needs: ["schedule:package-and-qa"]
allow_failure: true
when: always
--- ---
# Syncs any changes pushed to a stable branch to the corresponding CE stable # Syncs any changes pushed to a stable branch to the corresponding
# branch. We run this prior to any tests so that random failures don't prevent a # gitlab-foss/CE stable branch. We run this prior to any tests so that random
# sync. # failures don't prevent a sync.
sync-stable-branch: .merge-train-sync:
# We don't need/want any global before/after commands, so we overwrite these # We don't need/want any global before/after commands, so we overwrite these
# settings. # settings.
image: alpine:edge image: alpine:edge
stage: sync stage: sync
# This job should only run on EE stable branches on the canonical GitLab.com
# repository.
only:
variables:
- $CI_SERVER_HOST == "gitlab.com"
refs:
- /^[\d-]+-stable-ee$/@gitlab-org/gitlab
before_script: before_script:
- apk add --no-cache --update curl bash - apk add --no-cache --update curl bash
after_script: [] after_script: []
script: script:
- bash scripts/sync-stable-branch.sh - bash scripts/sync-stable-branch.sh
only:
variables:
- $CI_SERVER_HOST == "gitlab.com"
sync-stable-branch:
extends: .merge-train-sync
variables:
SOURCE_PROJECT: gitlab-org/gitlab
TARGET_PROJECT: gitlab-org/gitlab-foss
only:
refs:
- /^[\d-]+-stable-ee$/@gitlab-org/gitlab
sync-security-branch:
extends: .merge-train-sync
variables:
SOURCE_PROJECT: gitlab-org/security/gitlab
TARGET_PROJECT: gitlab-org/security/gitlab-foss
only:
refs:
- /^[\d-]+-stable-ee$/@gitlab-org/security/gitlab
...@@ -20,6 +20,7 @@ code_quality: ...@@ -20,6 +20,7 @@ code_quality:
variables: variables:
DOCKER_DRIVER: overlay2 DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "" DOCKER_TLS_CERTDIR: ""
CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/security-products/codequality:12-5-stable"
script: script:
- | - |
if ! docker info &>/dev/null; then if ! docker info &>/dev/null; then
...@@ -27,14 +28,17 @@ code_quality: ...@@ -27,14 +28,17 @@ code_quality:
export DOCKER_HOST='tcp://localhost:2375' export DOCKER_HOST='tcp://localhost:2375'
fi fi
fi fi
- docker pull --quiet "$CODE_QUALITY_IMAGE"
- docker run - docker run
--env SOURCE_CODE="$PWD" --env SOURCE_CODE="$PWD"
--volume "$PWD":/code --volume "$PWD":/code
--volume /var/run/docker.sock:/var/run/docker.sock --volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/codequality:12-0-stable" /code "$CODE_QUALITY_IMAGE" /code
artifacts: artifacts:
reports: reports:
codequality: gl-code-quality-report.json codequality: gl-code-quality-report.json
paths:
- gl-code-quality-report.json
expire_in: 1 week expire_in: 1 week
dependencies: [] dependencies: []
except: except:
...@@ -165,7 +169,6 @@ dependency_scanning: ...@@ -165,7 +169,6 @@ dependency_scanning:
DS_ANALYZER_IMAGE_TAG \ DS_ANALYZER_IMAGE_TAG \
DS_DEFAULT_ANALYZERS \ DS_DEFAULT_ANALYZERS \
DS_EXCLUDED_PATHS \ DS_EXCLUDED_PATHS \
DEP_SCAN_DISABLE_REMOTE_CHECKS \
DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
DS_PULL_ANALYZER_IMAGE_TIMEOUT \ DS_PULL_ANALYZER_IMAGE_TIMEOUT \
DS_RUN_ANALYZER_TIMEOUT \ DS_RUN_ANALYZER_TIMEOUT \
...@@ -231,9 +234,3 @@ dast: ...@@ -231,9 +234,3 @@ dast:
- gl-dast-report.json - gl-dast-report.json
reports: reports:
dast: gl-dast-report.json dast: gl-dast-report.json
only:
variables:
- $GITLAB_FEATURES =~ /\bdast\b/
except:
variables:
- $DAST_DISABLED
...@@ -23,8 +23,10 @@ build-qa-image: ...@@ -23,8 +23,10 @@ build-qa-image:
stage: prepare stage: prepare
script: script:
- '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
- export QA_MASTER_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:master"
- export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}"
- time docker build --cache-from gitlab/gitlab-${GITLAB_EDITION}-qa:nightly --tag ${QA_IMAGE} --file ./qa/Dockerfile ./ - time docker pull "${QA_MASTER_IMAGE}"
- time docker build --cache-from "${QA_MASTER_IMAGE}" --tag ${QA_IMAGE} --file ./qa/Dockerfile ./
- echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY} - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY}
- time docker push ${QA_IMAGE} - time docker push ${QA_IMAGE}
...@@ -94,10 +96,7 @@ schedule:review-build-cng: ...@@ -94,10 +96,7 @@ schedule:review-build-cng:
variables: variables:
HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
# v2.4.4 + two improvements: GITLAB_HELM_CHART_REF: "v2.5.1"
# - Allow to pass an EE license when installing the chart: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests/1008
# - Allow to customize the livenessProbe for `gitlab-shell`: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests/1021
GITLAB_HELM_CHART_REF: "6c655ed77e60f1f7f533afb97bef8c9cb7dc61eb"
GITLAB_EDITION: "ce" GITLAB_EDITION: "ce"
environment: environment:
name: review/${CI_COMMIT_REF_NAME} name: review/${CI_COMMIT_REF_NAME}
...@@ -135,13 +134,11 @@ review-deploy: ...@@ -135,13 +134,11 @@ review-deploy:
- .review-deploy-base - .review-deploy-base
- .only-review - .only-review
- .only:changes-code-qa - .only:changes-code-qa
needs: ["review-build-cng"]
schedule:review-deploy: schedule:review-deploy:
extends: extends:
- .review-deploy-base - .review-deploy-base
- .only-review-schedules - .only-review-schedules
needs: ["schedule:review-build-cng"]
.base-review-stop: .base-review-stop:
extends: extends:
...@@ -280,7 +277,7 @@ parallel-spec-reports: ...@@ -280,7 +277,7 @@ parallel-spec-reports:
- .only-review - .only-review
- .only:changes-code-qa - .only:changes-code-qa
image: ruby:2.6-alpine image: ruby:2.6-alpine
stage: post-test stage: post-qa
dependencies: ["review-qa-all"] dependencies: ["review-qa-all"]
variables: variables:
NEW_PARALLEL_SPECS_REPORT: qa/report-new.html NEW_PARALLEL_SPECS_REPORT: qa/report-new.html
... ...
......
## What is the productivity problem to solve?
<!--
Please describe the productivity problem that needs to be solved backed by charts from
https://about.gitlab.com/handbook/engineering/quality/engineering-productivity-team/#engineering-productivity-team-metrics.
-->
### Problem identification checklist
- [ ] The root cause of the problem is identified.
- [ ] The surface of the problem is as small as possible.
## What are the potential solutions?
<!--
Please provide potential solutions here. Example solutions could be:
- Dogfood a feature.
- Refactor/improve some workflow code.
- Throw more money at the problem.
Please provide pros/cons and a weight estimate for each solution.
-->
- [ ] All potential solutions are listed.
- [ ] A solution has been chosen for the first iteration: `PUT THE CHOSEN SOLUTION HERE`
## Who and when will the solution be implemented?
<!--
For history reason, please list the person that will implement the solution and
the planned milestone/date.
-->
## Verify that the solution has improved the situation
<!--
Ideally, looking at the charts from the first part, we should see an improvement
after the implementation is merged/deployed/released.
-->
- [ ] The solution improved the situation.
- If yes, check this box and close the issue. Well done! :tada:
- Otherwise, create a new "Productivity Improvement" issue. You can re-use the description from this issue, but obviously another solution should be chosen this time.
/label ~"Engineering Productivity" ~meta
/cc @gl-quality/eng-prod
...@@ -411,6 +411,7 @@ linters: ...@@ -411,6 +411,7 @@ linters:
- 'app/views/shared/snippets/_snippet.html.haml' - 'app/views/shared/snippets/_snippet.html.haml'
- 'app/views/shared/tokens/_scopes_list.html.haml' - 'app/views/shared/tokens/_scopes_list.html.haml'
- 'app/views/shared/web_hooks/_form.html.haml' - 'app/views/shared/web_hooks/_form.html.haml'
- 'app/views/shared/web_hooks/_hook.html.haml'
- 'app/views/shared/web_hooks/_test_button.html.haml' - 'app/views/shared/web_hooks/_test_button.html.haml'
- 'app/views/u2f/_authenticate.html.haml' - 'app/views/u2f/_authenticate.html.haml'
- 'app/views/u2f/_register.html.haml' - 'app/views/u2f/_register.html.haml'
...@@ -442,7 +443,7 @@ linters: ...@@ -442,7 +443,7 @@ linters:
- 'ee/app/views/groups/epics/_epic.html.haml' - 'ee/app/views/groups/epics/_epic.html.haml'
- 'ee/app/views/groups/group_members/_ldap_sync.html.haml' - 'ee/app/views/groups/group_members/_ldap_sync.html.haml'
- 'ee/app/views/groups/group_members/_sync_button.html.haml' - 'ee/app/views/groups/group_members/_sync_button.html.haml'
- 'ee/app/views/groups/hooks/_project_hook.html.haml' - 'ee/app/views/groups/hooks/edit.html.haml'
- 'ee/app/views/groups/hooks/index.html.haml' - 'ee/app/views/groups/hooks/index.html.haml'
- 'ee/app/views/groups/ldap_group_links/index.html.haml' - 'ee/app/views/groups/ldap_group_links/index.html.haml'
- 'ee/app/views/groups/pipeline_quota/index.html.haml' - 'ee/app/views/groups/pipeline_quota/index.html.haml'
... ...
......
...@@ -26,5 +26,102 @@ ...@@ -26,5 +26,102 @@
"first-line-h1": false, "first-line-h1": false,
"code-block-style": { "code-block-style": {
"style": "fenced" "style": "fenced"
},
"proper-names": {
"names": [
"Akismet",
"Alertmanager",
"API",
"Asana",
"Auth0",
"Authentiq",
"Azure",
"Bamboo",
"Bitbucket",
"Bugzilla",
"CAS",
"CentOS",
"Consul",
"Debian",
"Elasticsearch",
"Facebook",
"Git LFS",
"git-annex",
"Git",
"Gitaly",
"GitHub",
"GitLab Geo",
"GitLab Monitor",
"GitLab Operator",
"GitLab Pages",
"GitLab Rails",
"GitLab Runner",
"GitLab Shell",
"GitLab Workhorse",
"GitLab",
"Gmail",
"Google",
"Grafana",
"Helm",
"HipChat",
"Ingress",
"jasmine-jquery",
"JavaScript",
"Jaeger",
"Jenkins",
"Jira",
"Jira Cloud",
"Jira Server",
"jQuery",
"JupyterHub",
"Karma",
"Kerberos",
"Knative",
"Kubernetes",
"LDAP",
"Let's Encrypt",
"Markdown",
"markdownlint",
"Mattermost",
"Microsoft",
"MinIO",
"NGINX Ingress",
"NGINX",
"OAuth",
"OAuth 2",
"OmniAuth",
"Omnibus GitLab",
"OpenID",
"OpenShift",
"PgBouncer",
"PostgreSQL",
"Prometheus",
"Puma",
"Python",
"Redis",
"Redmine",
"reCAPTCHA",
"runit",
"Salesforce",
"SAML",
"Sentry",
"Sidekiq",
"Shibboleth",
"Slack",
"SMTP",
"SSH",
"Tiller",
"Trello",
"Trello Power-Ups",
"TypeScript",
"Twitter",
"Ubuntu",
"Ultra Auth",
"Unicorn",
"unicorn-worker-killer",
"WebdriverIO",
"YouTrack"
],
"code_blocks": false
} }
} }
12.4.0 12.10.0
...@@ -56,7 +56,6 @@ Style/FrozenStringLiteralComment: ...@@ -56,7 +56,6 @@ Style/FrozenStringLiteralComment:
- 'qa/**/*' - 'qa/**/*'
- 'rubocop/**/*' - 'rubocop/**/*'
- 'scripts/**/*' - 'scripts/**/*'
- 'spec/lib/gitlab/**/*'
RSpec/FilePath: RSpec/FilePath:
Exclude: Exclude:
... ...
......
...@@ -22,10 +22,6 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -22,10 +22,6 @@ Please view this file on the master branch, on stable branches it's out of date.
- Geo - Does not schedule duplicated jobs while backfilling uploads, LFS objects and job artifacts. !20324 - Geo - Does not schedule duplicated jobs while backfilling uploads, LFS objects and job artifacts. !20324
## 12.5.2
- No changes.
## 12.5.1 ## 12.5.1
### Security (6 changes) ### Security (6 changes)
...@@ -124,6 +120,18 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -124,6 +120,18 @@ Please view this file on the master branch, on stable branches it's out of date.
- Remove IIFEs from jira_connect.js file. !19248 (nuwe1) - Remove IIFEs from jira_connect.js file. !19248 (nuwe1)
## 12.4.5
- No changes.
## 12.4.3
### Fixed (2 changes)
- Fix admin welcome image not found. !19676
- Revert ES support for public/internal project snippets. !19715
## 12.4.2 ## 12.4.2
### Fixed (1 change) ### Fixed (1 change)
...@@ -254,6 +262,25 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -254,6 +262,25 @@ Please view this file on the master branch, on stable branches it's out of date.
- Docs for protected branch code owner approval API. !17132 - Docs for protected branch code owner approval API. !17132
## 12.3.9
### Security (1 change)
- Fix stale Elasticsearch permissions when moving group from public group to private parent group.
## 12.3.7
### Security (6 changes)
- Protect Jira integration endpoints from guest users.
- Fix private comment Elasticsearch leak on project search scope.
- Filter snippet search results by feature visibility.
- Hide AWS secret on Admin Integration page.
- Fail pull mirror when mirror user is blocked.
- Prevent IDOR when adding users to protected environments.
## 12.3.4 ## 12.3.4
### Fixed (2 changes) ### Fixed (2 changes)
...@@ -457,6 +484,13 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -457,6 +484,13 @@ Please view this file on the master branch, on stable branches it's out of date.
- Fixes style-lint errors and warnings for EE builds.scss file. - Fixes style-lint errors and warnings for EE builds.scss file.
## 12.2.11
### Fixed (1 change)
- Backport the new reliable fetcher. !21198
## 12.2.8 ## 12.2.8
### Fixed (1 change) ### Fixed (1 change)
...@@ -805,6 +839,21 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -805,6 +839,21 @@ Please view this file on the master branch, on stable branches it's out of date.
- Don't send CI usage email notifications for self-hosted instances. !14809 - Don't send CI usage email notifications for self-hosted instances. !14809
## 12.0.12
### Fixed (1 change)
- Backport the new reliable fetcher to 12.0.9. !20532
## 12.0.10
- No changes.
### Fixed (1 change)
- Backport the new reliable fetcher to 12.0.9. !20532
## 12.0.7 ## 12.0.7
### Security (3 changes) ### Security (3 changes)
... ...
......
...@@ -4,7 +4,6 @@ entry. ...@@ -4,7 +4,6 @@ entry.
   
## 12.5.5 ## 12.5.5
   
- No changes.
### Security (1 change) ### Security (1 change)
   
- Upgrade Akismet gem to v3.0.0. !21786 - Upgrade Akismet gem to v3.0.0. !21786
...@@ -36,13 +35,6 @@ entry. ...@@ -36,13 +35,6 @@ entry.
- Flatten exception details in API and controller logs. !20434 - Flatten exception details in API and controller logs. !20434
   
   
## 12.5.2
### Security (1 change)
- Fix 500 error caused by invalid byte sequences in links.
## 12.5.1 ## 12.5.1
   
### Security (11 changes) ### Security (11 changes)
...@@ -411,6 +403,18 @@ entry. ...@@ -411,6 +403,18 @@ entry.
- Change selects from default browser style to custom style. - Change selects from default browser style to custom style.
   
   
## 12.4.5
- No changes.
## 12.4.3
### Fixed (2 changes)
- Only enable protected paths for POST requests. !19184
- Fix Bitbucket Cloud importer pull request state. !19734
## 12.4.2 ## 12.4.2
   
### Fixed (10 changes) ### Fixed (10 changes)
...@@ -771,6 +775,31 @@ entry. ...@@ -771,6 +775,31 @@ entry.
- Remove Postgresql specific setup tasks and move to schema.rb. - Remove Postgresql specific setup tasks and move to schema.rb.
   
   
## 12.3.9
### Security (1 change)
- Update maven_file_name_regex for full string match.
## 12.3.7
### Security (12 changes)
- Do not create todos for approvers without access. !1442
- Limit potential for DNS rebind SSRF in chat notifications.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Add maven file_name regex validation on incoming files.
- Hide commit counts from guest users in Cycle Analytics.
- Check permissions before showing a forked project's source.
- Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
- Add authorization to using filter vulnerable in Dependency List.
## 12.3.4 ## 12.3.4
   
### Fixed (2 changes) ### Fixed (2 changes)
...@@ -1076,6 +1105,10 @@ entry. ...@@ -1076,6 +1105,10 @@ entry.
- Updates tooltip of 'detached' label/state. - Updates tooltip of 'detached' label/state.
   
   
## 12.2.11
- No changes.
## 12.2.8 ## 12.2.8
   
### Security (1 change) ### Security (1 change)
...@@ -1790,6 +1823,15 @@ entry. ...@@ -1790,6 +1823,15 @@ entry.
- Removes EE differences for app/views/admin/users/show.html.haml. - Removes EE differences for app/views/admin/users/show.html.haml.
   
   
## 12.0.12
- No changes.
## 12.0.10
- No changes.
- No changes.
## 12.0.7 ## 12.0.7
   
### Security (22 changes) ### Security (22 changes)
... ...
......
...@@ -5,6 +5,7 @@ require_relative 'lib/gitlab/danger/request_helper' ...@@ -5,6 +5,7 @@ require_relative 'lib/gitlab/danger/request_helper'
danger.import_plugin('danger/plugins/helper.rb') danger.import_plugin('danger/plugins/helper.rb')
danger.import_plugin('danger/plugins/roulette.rb') danger.import_plugin('danger/plugins/roulette.rb')
danger.import_plugin('danger/plugins/changelog.rb')
unless helper.release_automation? unless helper.release_automation?
GitlabDanger.new(helper.gitlab_helper).rule_names.each do |file| GitlabDanger.new(helper.gitlab_helper).rule_names.each do |file|
... ...
......