diff --git a/.babelrc.js b/.babelrc.js index 27caf378b9..bfcc7d9663 100644 --- a/.babelrc.js +++ b/.babelrc.js @@ -35,4 +35,10 @@ if (BABEL_ENV === 'karma' || BABEL_ENV === 'coverage') { plugins.push('babel-plugin-rewire'); } +// Jest is running in node environment +if (BABEL_ENV === 'jest') { + plugins.push('transform-es2015-modules-commonjs'); + plugins.push('dynamic-import-node'); +} + module.exports = { presets, plugins }; diff --git a/.eslintignore b/.eslintignore index 33a8186fad..f78840e67b 100644 --- a/.eslintignore +++ b/.eslintignore @@ -2,6 +2,7 @@ /config/ /builds/ /coverage/ +/coverage-frontend/ /coverage-javascript/ /node_modules/ /public/ diff --git a/.eslintrc.yml b/.eslintrc.yml index fe0d5f5dce..ecd9f57b07 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -29,8 +29,6 @@ rules: import/no-useless-path-segments: off lines-between-class-members: off # Disabled for now, to make the plugin-vue 4.5 -> 5.0 update smoother - vue/html-closing-bracket-newline: off - vue/html-closing-bracket-spacing: off vue/no-confusing-v-for-v-if: error vue/no-unused-components: off vue/no-use-v-if-with-v-for: off diff --git a/.gitignore b/.gitignore index aecaae95b8..65f61e1fad 100644 --- a/.gitignore +++ b/.gitignore @@ -78,5 +78,5 @@ eslint-report.html /plugins/* /.gitlab_pages_secret package-lock.json -/junit_rspec.xml -/junit_karma.xml +/junit_*.xml +/coverage-frontend/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 558ca8b6e8..4ae319d64d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.5-golang-1.9-git-2.18-chrome-69.0-node-8.x-yarn-1.2-postgresql-9.6-graphicsmagick-1.3.29" +image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-golang-1.9-git-2.18-chrome-69.0-node-10.x-yarn-1.12-postgresql-9.6-graphicsmagick-1.3.29" .dedicated-runner: &dedicated-runner retry: 1 @@ -6,7 +6,7 @@ image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.5-golang-1.9-git - gitlab-org .default-cache: &default-cache - key: "ruby-2.4.5-debian-stretch-with-yarn" + key: "debian-stretch-ruby-2.5.3-node-10.x" paths: - vendor/ruby - .yarn-cache/ @@ -32,6 +32,7 @@ variables: GET_SOURCES_ATTEMPTS: "3" KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/${CI_PROJECT_NAME}/rspec_report-master.json FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json + BUILD_ASSETS_IMAGE: "false" before_script: - bundle --version @@ -47,6 +48,7 @@ after_script: stages: - build - prepare + - merge - test - post-test - pages @@ -75,15 +77,17 @@ stages: - mysql:5.7 - redis:alpine -.rails5: &rails5 - allow_failure: true - only: +.rails4: &rails4 + allow_failure: false + except: variables: - - $CI_COMMIT_REF_NAME =~ /rails5/ - - $RAILS5_ENABLED + - $CI_COMMIT_REF_NAME =~ /(^docs[\/-].*|.*-docs$)/ + - $CI_COMMIT_REF_NAME =~ /(^qa[\/-].*|.*-qa$)/ + - $CI_COMMIT_REF_NAME =~ /norails4/ + - $RAILS5_DISABLED variables: - BUNDLE_GEMFILE: "Gemfile.rails5" - RAILS5: "true" + BUNDLE_GEMFILE: "Gemfile.rails4" + RAILS5: "false" # Skip all jobs except the ones that begin with 'docs/'. # Used for commits including ONLY documentation changes. @@ -121,7 +125,7 @@ stages: <<: *except-docs-and-qa .single-script-job: &single-script-job - image: ruby:2.4-alpine + image: ruby:2.5-alpine stage: test cache: {} dependencies: [] @@ -148,13 +152,12 @@ stages: stage: test script: - JOB_NAME=( $CI_JOB_NAME ) - - export CI_NODE_INDEX=${JOB_NAME[-2]} - - export CI_NODE_TOTAL=${JOB_NAME[-1]} - - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${JOB_NAME[0]}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json + - TEST_TOOL=${JOB_NAME[0]} + - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${TEST_TOOL}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export KNAPSACK_GENERATE_REPORT=true - export SUITE_FLAKY_RSPEC_REPORT_PATH=${FLAKY_RSPEC_SUITE_REPORT_PATH} - - export FLAKY_RSPEC_REPORT_PATH=rspec_flaky/all_${JOB_NAME[0]}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - - export NEW_FLAKY_RSPEC_REPORT_PATH=rspec_flaky/new_${JOB_NAME[0]}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json + - export FLAKY_RSPEC_REPORT_PATH=rspec_flaky/all_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json + - export NEW_FLAKY_RSPEC_REPORT_PATH=rspec_flaky/new_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json - export FLAKY_RSPEC_GENERATE_REPORT=true - export CACHE_CLASSES=true - cp ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} ${KNAPSACK_REPORT_PATH} @@ -177,17 +180,17 @@ stages: <<: *rspec-metadata <<: *use-pg -.rspec-metadata-pg-rails5: &rspec-metadata-pg-rails5 +.rspec-metadata-pg-rails4: &rspec-metadata-pg-rails4 <<: *rspec-metadata-pg - <<: *rails5 + <<: *rails4 .rspec-metadata-mysql: &rspec-metadata-mysql <<: *rspec-metadata <<: *use-mysql -.rspec-metadata-mysql-rails5: &rspec-metadata-mysql-rails5 +.rspec-metadata-mysql-rails4: &rspec-metadata-mysql-rails4 <<: *rspec-metadata-mysql - <<: *rails5 + <<: *rails4 .only-canonical-masters: &only-canonical-masters only: @@ -227,6 +230,8 @@ stages: script: - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v9.3.0 - git checkout -f FETCH_HEAD + - sed -i "s/gem 'oj', '~> 2.17.4'//" Gemfile + - bundle update google-protobuf grpc - bundle install $BUNDLE_INSTALL_FLAGS - date - cp config/gitlab.yml.example config/gitlab.yml @@ -316,7 +321,7 @@ review-docs-cleanup: # Trigger a docker image build in CNG (Cloud Native GitLab) repository # cloud-native-image: - image: ruby:2.4-alpine + image: ruby:2.5-alpine before_script: [] dependencies: [] stage: post-test @@ -369,7 +374,7 @@ update-tests-metadata: flaky-examples-check: <<: *dedicated-runner - image: ruby:2.4-alpine + image: ruby:2.5-alpine services: [] before_script: [] variables: @@ -427,7 +432,7 @@ setup-test-env: script: - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init' - scripts/gitaly-test-build # Do not use 'bundle exec' here - - BUNDLE_GEMFILE=Gemfile.rails5 bundle install $BUNDLE_INSTALL_FLAGS + - BUNDLE_GEMFILE=Gemfile.rails4 bundle install $BUNDLE_INSTALL_FLAGS artifacts: expire_in: 7d paths: @@ -435,11 +440,54 @@ setup-test-env: - config/secrets.yml - vendor/gitaly-ruby +# GitLab Review apps +.review-base: &review-base + <<: *dedicated-no-docs-no-db-pull-cache-job + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base + stage: test + cache: {} + dependencies: [] + environment: &review-environment + name: review/${CI_COMMIT_REF_NAME} + url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} + only: + refs: + - branches@gitlab-org/gitlab-ce + - branches@gitlab-org/gitlab-ee + kubernetes: active + except: + refs: + - master + - /(^docs[\/-].*|.*-docs$)/ + before_script: [] + +.review-docker: &review-docker + <<: *review-base + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine + services: + - docker:stable-dind + tags: + - gitlab-org + - docker + variables: &review-docker-variables + GIT_DEPTH: "1" + DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + LATEST_QA_IMAGE: "gitlab/${CI_PROJECT_NAME}-qa:nightly" + QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/${CI_PROJECT_NAME}-qa:${CI_COMMIT_REF_SLUG}" + +build-qa-image: + <<: *review-docker + stage: prepare + script: + - time docker build --cache-from ${LATEST_QA_IMAGE} --tag ${QA_IMAGE} ./qa/ + - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY} + - time docker push ${QA_IMAGE} + danger-review: <<: *pull-cache image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger stage: test - allow_failure: true dependencies: [] before_script: [] only: @@ -457,129 +505,21 @@ danger-review: - yarn install --frozen-lockfile --cache-folder .yarn-cache - danger --fail-on-errors=true -rspec-pg 0 30: *rspec-metadata-pg -rspec-pg 1 30: *rspec-metadata-pg -rspec-pg 2 30: *rspec-metadata-pg -rspec-pg 3 30: *rspec-metadata-pg -rspec-pg 4 30: *rspec-metadata-pg -rspec-pg 5 30: *rspec-metadata-pg -rspec-pg 6 30: *rspec-metadata-pg -rspec-pg 7 30: *rspec-metadata-pg -rspec-pg 8 30: *rspec-metadata-pg -rspec-pg 9 30: *rspec-metadata-pg -rspec-pg 10 30: *rspec-metadata-pg -rspec-pg 11 30: *rspec-metadata-pg -rspec-pg 12 30: *rspec-metadata-pg -rspec-pg 13 30: *rspec-metadata-pg -rspec-pg 14 30: *rspec-metadata-pg -rspec-pg 15 30: *rspec-metadata-pg -rspec-pg 16 30: *rspec-metadata-pg -rspec-pg 17 30: *rspec-metadata-pg -rspec-pg 18 30: *rspec-metadata-pg -rspec-pg 19 30: *rspec-metadata-pg -rspec-pg 20 30: *rspec-metadata-pg -rspec-pg 21 30: *rspec-metadata-pg -rspec-pg 22 30: *rspec-metadata-pg -rspec-pg 23 30: *rspec-metadata-pg -rspec-pg 24 30: *rspec-metadata-pg -rspec-pg 25 30: *rspec-metadata-pg -rspec-pg 26 30: *rspec-metadata-pg -rspec-pg 27 30: *rspec-metadata-pg -rspec-pg 28 30: *rspec-metadata-pg -rspec-pg 29 30: *rspec-metadata-pg +rspec-pg: + <<: *rspec-metadata-pg + parallel: 50 -rspec-mysql 0 30: *rspec-metadata-mysql -rspec-mysql 1 30: *rspec-metadata-mysql -rspec-mysql 2 30: *rspec-metadata-mysql -rspec-mysql 3 30: *rspec-metadata-mysql -rspec-mysql 4 30: *rspec-metadata-mysql -rspec-mysql 5 30: *rspec-metadata-mysql -rspec-mysql 6 30: *rspec-metadata-mysql -rspec-mysql 7 30: *rspec-metadata-mysql -rspec-mysql 8 30: *rspec-metadata-mysql -rspec-mysql 9 30: *rspec-metadata-mysql -rspec-mysql 10 30: *rspec-metadata-mysql -rspec-mysql 11 30: *rspec-metadata-mysql -rspec-mysql 12 30: *rspec-metadata-mysql -rspec-mysql 13 30: *rspec-metadata-mysql -rspec-mysql 14 30: *rspec-metadata-mysql -rspec-mysql 15 30: *rspec-metadata-mysql -rspec-mysql 16 30: *rspec-metadata-mysql -rspec-mysql 17 30: *rspec-metadata-mysql -rspec-mysql 18 30: *rspec-metadata-mysql -rspec-mysql 19 30: *rspec-metadata-mysql -rspec-mysql 20 30: *rspec-metadata-mysql -rspec-mysql 21 30: *rspec-metadata-mysql -rspec-mysql 22 30: *rspec-metadata-mysql -rspec-mysql 23 30: *rspec-metadata-mysql -rspec-mysql 24 30: *rspec-metadata-mysql -rspec-mysql 25 30: *rspec-metadata-mysql -rspec-mysql 26 30: *rspec-metadata-mysql -rspec-mysql 27 30: *rspec-metadata-mysql -rspec-mysql 28 30: *rspec-metadata-mysql -rspec-mysql 29 30: *rspec-metadata-mysql +rspec-mysql: + <<: *rspec-metadata-mysql + parallel: 50 -rspec-pg-rails5 0 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 1 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 2 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 3 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 4 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 5 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 6 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 7 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 8 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 9 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 10 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 11 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 12 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 13 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 14 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 15 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 16 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 17 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 18 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 19 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 20 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 21 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 22 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 23 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 24 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 25 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 26 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 27 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 28 30: *rspec-metadata-pg-rails5 -rspec-pg-rails5 29 30: *rspec-metadata-pg-rails5 +rspec-pg-rails4: + <<: *rspec-metadata-pg-rails4 + parallel: 50 -rspec-mysql-rails5 0 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 1 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 2 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 3 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 4 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 5 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 6 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 7 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 8 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 9 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 10 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 11 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 12 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 13 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 14 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 15 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 16 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 17 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 18 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 19 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 20 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 21 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 22 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 23 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 24 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 25 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 26 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 27 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 28 30: *rspec-metadata-mysql-rails5 -rspec-mysql-rails5 29 30: *rspec-metadata-mysql-rails5 +rspec-mysql-rails4: + <<: *rspec-metadata-mysql-rails4 + parallel: 50 static-analysis: <<: *dedicated-no-docs-no-db-pull-cache-job @@ -589,7 +529,7 @@ static-analysis: script: - scripts/static-analysis cache: - key: "ruby-2.4.5-debian-stretch-with-yarn-and-rubocop" + key: "debian-stretch-ruby-2.5.3-node-10.x-and-rubocop" paths: - vendor/ruby - .yarn-cache/ @@ -614,7 +554,8 @@ docs lint: # Build HTML from Markdown - bundle exec nanoc # Check the internal links - - bundle exec nanoc check internal_links + # Disabled until https://gitlab.com/gitlab-com/gitlab-docs/issues/305 is resolved + # - bundle exec nanoc check internal_links downtime_check: <<: *rake-exec @@ -625,14 +566,15 @@ downtime_check: - /(^docs[\/-].*|.*-docs$)/ - /(^qa[\/-].*|.*-qa$)/ -rails5_gemfile_lock_check: +rails4_gemfile_lock_check: <<: *dedicated-no-docs-no-db-pull-cache-job <<: *except-docs-and-qa script: - - scripts/rails5-gemfile-lock-check + - scripts/rails4-gemfile-lock-check ee_compat_check: <<: *rake-exec + dependencies: [] except: - master - tags @@ -695,7 +637,7 @@ gitlab:setup-mysql: # Frontend-related jobs gitlab:assets:compile: <<: *dedicated-no-docs-and-no-qa-pull-cache-job - image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-git-2.18-chrome-69.0-node-8.x-yarn-1.2-graphicsmagick-1.3.29-docker-18.06.1 + image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-git-2.18-chrome-69.0-node-8.x-yarn-1.2-graphicsmagick-1.3.29-docker-18.06.1 dependencies: [] services: - docker:stable-dind @@ -722,8 +664,14 @@ gitlab:assets:compile: paths: - webpack-report/ - public/assets/ + only: + - //@gitlab-org/gitlab-ce + - //@gitlab-org/gitlab-ee + - //@gitlab/gitlabhq + - //@gitlab/gitlab-ee tags: - - docker + - gitlab-org-delivery + - high-cpu karma: <<: *dedicated-no-docs-pull-cache-job @@ -751,6 +699,32 @@ karma: reports: junit: junit_karma.xml +jest: + <<: *dedicated-no-docs-and-no-qa-pull-cache-job + <<: *use-pg + dependencies: + - compile-assets + - setup-test-env + script: + - scripts/gitaly-test-spawn + - date + - bundle exec rake karma:fixtures + - date + - yarn jest --ci --coverage + artifacts: + name: coverage-frontend + expire_in: 31d + when: always + paths: + - coverage-frontend/ + - junit_jest.xml + reports: + junit: junit_jest.xml + cache: + key: jest + paths: + - tmp/jest/jest/ + code_quality: <<: *dedicated-no-docs-no-db-pull-cache-job image: docker:stable @@ -775,7 +749,8 @@ code_quality: --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code artifacts: - paths: [gl-code-quality-report.json] + reports: + codequality: gl-code-quality-report.json expire_in: 1 week sast: @@ -799,7 +774,8 @@ sast: --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code artifacts: - paths: [gl-sast-report.json] + reports: + sast: gl-sast-report.json dependency_scanning: <<: *dedicated-no-docs-no-db-pull-cache-job @@ -821,7 +797,8 @@ dependency_scanning: --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code artifacts: - paths: [gl-dependency-scanning-report.json] + reports: + dependency_scanning: gl-dependency-scanning-report.json qa:internal: <<: *dedicated-no-docs-no-db-pull-cache-job @@ -839,6 +816,40 @@ qa:selectors: - bundle install - bundle exec bin/qa Test::Sanity::Selectors +.qa-frontend-node: &qa-frontend-node + stage: test + variables: + NODE_OPTIONS: --max_old_space_size=3584 + cache: + key: "$CI_JOB_NAME" + paths: + - .yarn-cache/ + dependencies: [] + before_script: [] + script: + - date + - yarn install --frozen-lockfile --cache-folder .yarn-cache + - date + - yarn run webpack-prod + <<: *except-docs + +qa-frontend-node:6: + <<: *qa-frontend-node + image: node:6-alpine + +qa-frontend-node:8: + <<: *qa-frontend-node + image: node:8-alpine + +qa-frontend-node:10: + <<: *qa-frontend-node + image: node:10-alpine + +qa-frontend-node:latest: + <<: *qa-frontend-node + image: node:alpine + allow_failure: true + coverage: # Don't include dedicated-no-docs-no-db-pull-cache-job here since we need to # download artifacts from all the rspec jobs instead of from setup-test-env only @@ -861,9 +872,7 @@ coverage: lint:javascript:report: <<: *dedicated-no-docs-and-no-qa-pull-cache-job stage: post-test - dependencies: - - compile-assets - - setup-test-env + dependencies: [] before_script: [] script: - date @@ -890,6 +899,8 @@ pages: - mv coverage-javascript/ public/coverage-javascript/ || true - mv eslint-report.html public/ || true - mv webpack-report/ public/webpack-report/ || true + - cp .public/assets/application-*.css public/application.css || true + - cp .public/assets/application-*.css.gz public/application.css.gz || true artifacts: paths: - public @@ -917,6 +928,7 @@ gitlab_git_test: variables: SETUP_DB: "false" before_script: [] + dependencies: [] cache: {} script: - spec/support/prepare-gitlab-git-test-for-commit --check-for-changes @@ -927,6 +939,7 @@ no_ee_check: variables: SETUP_DB: "false" before_script: [] + dependencies: [] cache: {} script: - scripts/no-ee-check @@ -934,86 +947,102 @@ no_ee_check: - //@gitlab-org/gitlab-ce # GitLab Review apps -review: - image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base - stage: test +review-deploy: + <<: *review-base + retry: 2 allow_failure: true - before_script: - - gem install gitlab --no-document variables: GIT_DEPTH: "1" - HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG" - DOMAIN: "-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN" + HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" + DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" GITLAB_HELM_CHART_REF: "master" + API_TOKEN: "${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}" + environment: + <<: *review-environment + on_stop: review-stop + before_script: + - apk update && apk add jq + - gem install gitlab --no-document script: - export GITLAB_SHELL_VERSION=$( + +### Target audience + + + ### Further details -(Include use cases, benefits, and/or goals) + ### Proposal + + ### What does success look like, and how can we measure that? -(If no way to measure success, link to an issue that will implement a way to measure this) + ### Links / references diff --git a/.gitlab/issue_templates/Research proposal.md b/.gitlab/issue_templates/Research proposal.md deleted file mode 100644 index 5676656793..0000000000 --- a/.gitlab/issue_templates/Research proposal.md +++ /dev/null @@ -1,17 +0,0 @@ -### Background: - -(Include problem, use cases, benefits, and/or goals) - -**What questions are you trying to answer?** - -**Are you looking to verify an existing hypothesis or uncover new issues you should be exploring?** - -**What is the backstory of this project and how does it impact the approach?** - -**What do you already know about the areas you are exploring?** - -**What does success look like at the end of the project?** - -### Links / references: - -/label ~"UX research" diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index 69cf7fe154..08651195d9 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -16,6 +16,7 @@ Set the title to: `[Security] Description of the original issue` - [ ] Add a link to the MR to the [links section](#links) - [ ] Add a link to an EE MR if required - [ ] Make sure the MR remains in-progress and gets approved after the review cycle, **but never merged**. +- [ ] Add a link to this issue on the original security issue. #### Backports @@ -37,6 +38,7 @@ Set the title to: `[Security] Description of the original issue` - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details) - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details) - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details) +- [ ] Once your `master` MR is merged, comment on the original security issue with a link to that MR indicating the issue is fixed. ### Summary diff --git a/.gitlab/issue_templates/Test plan.md b/.gitlab/issue_templates/Test plan.md index db8e30c419..a3c3f4a650 100644 --- a/.gitlab/issue_templates/Test plan.md +++ b/.gitlab/issue_templates/Test plan.md @@ -64,7 +64,7 @@ Some features might be simple enough that they only involve one Component, while more complex features could involve multiple or even all. Example (from https://gitlab.com/gitlab-org/gitlab-ce/issues/50353): -* Respository is +* Repository is * Intuitive * It's easy to select the desired file template * It doesn't require unnecessary actions to save the change @@ -93,4 +93,4 @@ When adding new automated tests, please keep [testing levels](https://docs.gitla in mind. --> -/label ~Quality ~"test plan" \ No newline at end of file +/label ~Quality ~"test plan" diff --git a/.nvmrc b/.nvmrc index dba04c1e17..db24ab967f 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -8.11.3 +10.13.0 diff --git a/.rubocop.yml b/.rubocop.yml index a95ded8af1..741403af00 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -50,7 +50,6 @@ Style/FrozenStringLiteralComment: - 'danger/**/*' - 'db/**/*' - 'ee/**/*' - - 'lib/gitlab/**/*' - 'lib/tasks/**/*' - 'qa/**/*' - 'rubocop/**/*' diff --git a/.ruby-version b/.ruby-version index 59aa62c1fa..aedc15bb0c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.4.5 +2.5.3 diff --git a/CHANGELOG.md b/CHANGELOG.md index 9de77431eb..c38e0242b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,18 +2,281 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. -## 11.5.5 (2018-12-20) +## 11.6.0 (2018-12-22) -### Security (1 change) +### Security (24 changes, 1 of them is from the community) +- Fix possible XSS attack in Markdown urls with spaces. !2599 +- Update rack to 2.0.6 (for QA environments). !23171 (Takuya Noguchi) +- Bump nokogiri, loofah, and rack gems for security updates. !23204 +- Encrypt runners tokens. !23412 +- Encrypt CI/CD builds authentication tokens. !23436 +- Configure mermaid to not render HTML content in diagrams. +- Fix a possible symlink time of check to time of use race condition in GitLab Pages. +- Removed ability to see private group names when the group id is entered in the url. +- Fix stored XSS for Environments. - Fix persistent symlink in project import. - - -## 11.5.4 (2018-12-13) - -### Security (1 change) - +- Fixed ability of guest users to edit/delete comments on locked or confidential issues. +- Fixed ability to comment on locked/confidential issues. +- Fix CRLF vulnerability in Project hooks. +- Fix SSRF in project integrations. +- Resolve reflected XSS in Ouath authorize window. +- Restrict Personal Access Tokens to API scope on web requests. +- Provide email notification when a user changes their email address. +- Don't expose confidential information in commit message list. - Validate LFS hrefs before downloading them. +- Do not follow redirects in Prometheus service when making http requests to the configured api url. +- Escape user fullname while rendering autocomplete template to prevent XSS. +- Redact sensitive information on gitlab-workhorse log. +- Fix milestone promotion authorization check. +- Prevent a path traversal attack on global file templates. + +### Removed (1 change) + +- Remove obsolete gitlab_shell rake tasks. !22417 + +### Fixed (86 changes, 13 of them are from the community) + +- Remove limit of 100 when searching repository code. !8671 +- Show error message when attempting to reopen an MR and there is an open MR for the same branch. !16447 (Akos Gyimesi) +- Fix a bug where internal email pattern wasn't respected. !22516 +- Fix project selector consistency in groups issues / MRs / boards pages. !22612 (Heinrich Lee Yu) +- Add empty state for graphs with no values. !22630 +- Fix navigating by unresolved discussions on Merge Request page. !22789 +- Fix "merged with [commit]" info for merge requests being merged automatically by other actions. !22794 +- Fixing regression issues on pages settings and details. !22821 +- Remove duplicate primary button in dashboard snippets on small viewports. !22902 (George Tsiolis) +- Fix API::Namespaces routing to accept namepaces with dots. !22912 +- Switch kubernetes:active with checking in Auto-DevOps.gitlab-ci.yml. !22929 +- Avoid Gitaly RPC errors when fetching diff stats. !22995 +- Removes promote to group label for anonymous user. !23042 (Jacopo Beschi @jacopo-beschi) +- Fix enabling project deploy key for admins. !23043 +- Align issue status label and confidential icon. !23046 (George Tsiolis) +- Fix default sorting for subgroups and projects list. !23058 (Jacopo Beschi @jacopo-beschi) +- Hashed Storage: allow migration to be retried in partially migrated projects. !23087 +- Fix line height of numbers in file blame view. !23090 (Johann Hubert Sonntagbauer) +- Fixes an issue where default values from models would override values set in the interface (e.g. users would be set to external even though their emails matches the internal email address pattern). !23114 +- Remove display of local Sidekiq process in /admin/sidekiq. !23118 +- Fix unrelated deployment status in MR widget. !23175 +- Respect confirmed flag on secondary emails. !23181 +- Restrict member access level to be higher than that of any parent group. !23226 +- Return real deployment status to frontend. !23270 +- Handle force_remove_source_branch when creating merge request. !23281 +- Avoid creating invalid refs using rugged, shelling out for writing refs. !23286 +- Remove needless auto-capitalization on Wiki page titles. !23288 +- Modify the wording for the knative cluster application to match upstream. !23289 (Chris Baumbauer) +- Change container width for project import. !23318 (George Tsiolis) +- Validate chunk size when persist. !23341 +- Resolve Main navbar is broken in certain viewport widths. !23348 +- Gracefully handle references with null bytes. !23365 +- Display commit ID for commit diff discussion on merge request. !23370 +- Pass commit when posting diff discussions. !23371 +- Fix flash notice styling for fluid layout. !23382 +- Add monkey patch to unicorn to fix eof? problem. !23385 +- Commits API: Preserve file content in move operations if unspecified. !23387 +- Disable password autocomplete in mirror form fill. !23402 +- Fix "protected branches only" checkbox not set properly at init. !23409 +- Support RSA and ECDSA algorithms in Omniauth JWT provider. !23411 (Michael Tsyganov) +- Make KUBECONFIG nil if KUBE_TOKEN is nil. !23414 +- Allow search and sort users at same time on admin users page. !23439 +- Fix: Unstar icon button is misaligned. !23444 +- Fix error when searching for group issues with priority or popularity sort. !23445 +- Fix Order By dropdown menu styling in tablet and mobile screens. !23446 +- Fix collapsing discussion replies. !23462 +- Gracefully handle unknown/invalid GPG keys. !23492 +- Fix multiple commits shade overlapping vertical discussion line. !23515 +- Use read_repository scope on read-only files API. !23534 +- Avoid 500's when serializing legacy diff notes. !23544 +- Fix web hook functionality when the database encryption key is too short. !23573 +- Hide Knative from group cluster applications until supported. !23577 +- Add top padding for nested environment items loading icon. !23580 (George Tsiolis) +- Improve help and validation sections of maximum build timeout inputs. !23586 +- Fix milestone select in issue sidebar of issue boards. !23625 +- Fix gitlab:web_hook tasks. !23635 +- Avoid caching BroadcastMessage as an ActiveRecord object. !23662 +- Only allow strings in URL::Sanitizer.valid?. !23675 +- Fix a frozen string error in app/mailers/notify.rb. !23683 +- Fix a frozen string error in lib/gitlab/utils.rb. !23690 +- Fix MR resolved discussion counts being too low. !23710 +- Fix a potential frozen string error in app/mailers/notify.rb. !23728 +- Remove unnecessary div from MarkdownField to apply list styles correctly. !23733 +- Display reply field if resolved discussion has no replies. !23801 +- Restore kubernetes:active in Auto-DevOps.gitlab-ci.yml (reverts 22929). !23826 +- Fix mergeUrlParams with fragment URL. !54218 (Thomas Holder) +- Fixed multiple diff line discussions not expanding. +- Fixed diff files expanding not loading commit content. +- Fixed styling of image comment badges on commits. +- Resolve possible cherry pick API race condition. +- When user clicks linenumber in MR changes, highlight that line. +- Remove old webhook logs after 90 days, as documented, instead of after 2. +- Add an external IP address to the knative cluster application page. (Chris Baumbauer) +- Fixed duplicate discussions getting added to diff lines. +- Fix deadlock on ChunkedIO. +- Show tree collapse button for merge request commit diffs. +- Use approximate count for big tables for usage statistics. +- Lock writes to trace stream. +- Ensure that SVG sprite icons are properly rendered in IE11. +- Make new branch form fields' fonts consistent. +- Open first 10 merge request files in IDE. +- Prevent user from navigating away from file edit without commit. +- Prevent empty button being rendered in empty state. +- Adds margins between tags when a job is stuck. +- Fix Image Lazy Loader for some older browsers. +- Correctly styles tags in sidebar for job page. + +### Changed (34 changes, 9 of them are from the community) + +- Include new link in breadcrumb for issues, merge requests, milestones, and labels. !18515 (George Tsiolis) +- Allow sorting issues and MRs in reverse order. !21438 +- Design improvements to project overview page. !22196 +- Remove auto deactivation when failed to create a pipeline via pipeline schedules. !22243 +- Use group clusters when deploying (DeploymentPlatform). !22308 +- Improve initial discussion rendering performance. !22607 +- removes partially matching of No Label filter and makes it case-insensitive. !22622 (Jacopo Beschi @jacopo-beschi) +- Use search bar for filtering in dashboard issues / MRs. !22641 (Heinrich Lee Yu) +- Show different empty state for filtered issues and MRs. !22775 (Heinrich Lee Yu) +- Relocate JSONWebToken::HMACToken from EE. !22906 +- Resolve Add border around the repository file tree. !23018 +- Change breadcrumb title for contribution charts. !23071 (George Tsiolis) +- Update environments metrics empty state. !23074 (George Tsiolis) +- Refine cursor positioning in Markdown Editor for wrap tags. !23085 (Johann Hubert Sonntagbauer) +- Use reports syntax for SAST in Auto DevOps. !23163 +- SystemCheck: Use a more reliable way to detect current Ruby version. !23291 +- Changed frontmatter filtering to support YAML, JSON, TOML, and arbitrary languages. !23331 (Travis Miller) +- Don't remove failed install pods after installing GitLab managed applications. !23350 +- Expose merge request pipeline variables. !23398 +- Scope default MR search in WebIDE dropdown to current project. !23400 +- Show user contributions in correct timezone within user profile. !23419 +- Redesign of MR header sections (CE). !23465 +- Auto DevOps: Add echo for each branch of the deploy() function where we run helm upgrade. !23499 +- Updates service to update Kubernetes project namespaces and restricted service account if present. !23525 +- Adjust divider margin to comply with design specs. !23548 +- Adjust dropdown item and header padding to comply with design specs. !23552 +- Truncate merge request titles with periods instead of ellipsis. !23558 +- Remove close icon from projects dropdown in issue boards. !23567 +- Change dropdown divider color to gray-200 (#dfdfdf). !23592 +- Define the default value for only/except policies. !23765 +- Don't show Memory Usage for unmerged MRs. +- reorder notification settings by noisy-ness. (C.J. Jameson) +- Changed merge request filtering to be by path instead of name. +- Make diff file headers sticky. + +### Performance (22 changes, 6 of them are from the community) + +- Upgrade to Ruby 2.5.3. !2806 +- Removes all the irrelevant code and columns that were migrated from the Project table over to the ProjectImportState table. !21497 +- Approximate counting strategy with TABLESAMPLE. !22650 +- Replace tooltip directive with gl-tooltip diretive in badges, cycle analytics, and diffs. !22770 (George Tsiolis) +- Validate foreign keys being created and indexed for column with _id. !22808 +- Remove monospace extend. !23089 (George Tsiolis) +- Use Nokogiri as the ActiveSupport XML backend. !23136 +- Improve memory performance by reducing dirty pages after fork(). !23169 +- Add partial index for ci_builds on project_id and status. !23268 +- Reduce Gitaly calls in projects dashboard. !23307 +- Batch load only data from same repository when lazy object is accessed. !23309 +- Add index for events on project_id and created_at. !23354 +- Remove index for notes on updated_at. !23356 +- Improves performance of Project#readme_url by caching the README path. !23357 +- Populate MR metrics with events table information (migration). !23564 +- Remove unused data from discussions endpoint. !23570 +- Speed up issue board lists in groups with many projects. +- Use cached size when passing artifacts to Runner. +- Enable even more frozen string for lib/gitlab. (gfyoung) +- Enable even more frozen string in lib/gitlab/**/*.rb. (gfyoung) +- Enable even more frozen string in lib/gitlab/**/*.rb. (gfyoung) +- Enable even more frozen string for lib/gitlab. (gfyoung) + +### Added (32 changes, 13 of them are from the community) + +- Add ability to create group level clusters and install gitlab managed applications. !22450 +- Creates /create_merge_request quickaction. !22485 (Jacopo Beschi @jacopo-beschi) +- Filter by None/Any for labels in issues/mrs API. !22622 (Jacopo Beschi @jacopo-beschi) +- Chat message push notifications now include links back to GitLab branches. !22651 (Tony Castrogiovanni) +- Added feature flag to signal content headers detection by Workhorse. !22667 +- Add Discord integration. !22684 (@blackst0ne) +- Upgrade helm to 2.11.0 and upgrade on every install. !22693 +- Add knative client to kubeclient library. !22968 (cab105) +- Allow SSH public-key authentication for push mirroring. !22982 +- Allow deleting a Pipeline via the API. !22988 +- #40635: Adds support for cert-manager. !23036 (Amit Rathi) +- WebIDE: Pressing Ctrl-Enter while typing on the commit message now performs the commit action. !23049 (Thomas Pathier) +- Adds Any option to label filters. !23111 (Jacopo Beschi @jacopo-beschi) +- Added glob for CI changes detection. !23128 (Kirill Zaitsev) +- Add model and relation to store repo full path in database. !23143 +- Add ability to render suggestions. !23147 +- Introduce Knative and Serverless Components. !23174 (Chris Baumbauer) +- Use BFG object maps to clean projects. !23189 +- Merge request pipelines. !23217 +- Extended user centric tooltips on issue and MR page. !23231 +- Add a rebase API endpoint for merge requests. !23296 +- Add config to prohibit impersonation. !23338 +- Merge request pipeline tag, and adds tags to pipeline view. !23364 +- #52753: HTTPS for JupyterHub installation. !23479 (Amit Rathi) +- Fill project_repositories for hashed storage projects. !23482 +- Ability to override email for cert-manager. !23503 (Amit Rathi) +- Allow public forks to be deduplicated. !23508 +- Pipeline trigger variable values are hidden in the UI by default. Maintainers have the option to reveal them. !23518 (jhampton) +- Add new endpoint to download single artifact file for a ref. !23538 +- Log and pass correlation-id between Unicorn, Sidekiq and Gitaly. +- Allow user to scroll to top of tab on MR page. +- Adds states to the deployment widget. + +### Other (54 changes, 30 of them are from the community) + +- Switch to Rails 5. !21492 +- Migration to write fullpath in all repository configs. !22322 +- Rails5: env is deprecated and will be removed from Rails 5.1. !22626 (Jasper Maes) +- Update haml_lint to 0.28.0. !22660 (Takuya Noguchi) +- Update ffaker to 2.10.0. !22661 (Takuya Noguchi) +- Drop gcp_clusters table. !22713 +- Upgrade minimum required Git version to 2.18.0. !22803 +- Adds new icon size to Vue icon component. !22899 +- Make sure there's only one slash as path separator. !22954 +- Show HTTP response code for Kubernetes errors. !22964 +- Update config map for gitlab managed application if already present on install. !22969 +- Drop default value on status column in deployments table. !22971 +- UI improvements to user's profile. !22977 +- Update asana to 0.8.1. !23039 (Takuya Noguchi) +- Update asciidoctor to 1.5.8. !23047 (Takuya Noguchi) +- Make auto-generated icons for subgroups in the breadcrumb dropdown display as a circle. !23062 (Thomas Pathier) +- Make reply shortcut only quote selected discussion text. !23096 (Thomas Pathier) +- Fix typo in notebook props. !23103 (George Tsiolis) +- Fix typos in lib. !23106 (George Tsiolis) +- Rename diffs store variable. !23123 (George Tsiolis) +- Fix overlapping navbar separator and overflowing navbar dropdown on small displays. !23126 (Thomas Pathier) +- Show what RPC is called in the performance bar. !23140 +- Updated Gitaly to v0.133.0. !23148 +- Rails5: Passing a class as a value in an Active Record query is deprecated. !23164 (Jasper Maes) +- Fix project identicon aligning Harry Kiselev. !23166 (Harry Kiselev) +- Fix horizontal scrollbar overlapping on horizontal scrolling-tabs. !23167 (Harry Kiselev) +- Fix bottom paddings of profile header and some markup updates of profile. !23168 (Harry Kiselev) +- Fixes to AWS documentation spelling and grammar. !23198 (Brendan O'Leary) +- Adds a PHILOSOPHY.md which references GitLab Product Handbook. !23200 +- Externalize strings from `/app/views/invites`. !23205 (Tao Wang) +- Externalize strings from `/app/views/project/runners`. !23208 (Tao Wang) +- Fix typo for scheduled pipeline. !23218 (Davy Defaud) +- Force content disposition attachment to several endpoints. !23223 +- Upgrade kubeclient to 4.0.0. !23261 (Praveen Arimbrathodiyil @pravi) +- Update used version of Runner Helm Chart to 0.1.38. !23304 +- render :nothing option is deprecated, Use head method to respond with empty response body. !23311 (Jasper Maes) +- Passing an argument to force an association to reload is now deprecated. !23334 (Jasper Maes) +- Externalize strings from `/app/views/snippets`. !23351 (Tao Wang) +- Fix deprecation: You are passing an instance of ActiveRecord::Base to. !23369 (Jasper Maes) +- Resolve status emoji being replaced by avatar on mobile. !23408 +- Fix deprecation: render :text is deprecated because it does not actually render a text/plain response. !23425 (Jasper Maes) +- Fix lack of documentation on how to fetch a snippet's content using API. !23448 (Colin Leroy) +- Upgrade GitLab Workhorse to v7.3.0. !23489 +- Fallback to admin KUBE_TOKEN for project clusters only. !23527 +- Update used version of Runner Helm Chart to 0.1.39. !23633 +- Show primary button when all labels are prioritized. !23648 (George Tsiolis) +- Upgrade workhorse to 7.6.0. !23694 +- Upgrade Gitaly to v1.7.1 for correlation-id logging. !23732 +- Fix due date test. !23845 +- Remove unused project method. !54103 (George Tsiolis) +- Uses new gitlab-ui components in Jobs and Pipelines components. +- Replaces tooltip directive with the new gl-tooltip directive for consistency in some ci/cd code. +- Bump gpgme gem version from 2.0.13 to 2.0.18. (asaparov) +- Enable Rubocop on lib/gitlab. (gfyoung) ## 11.5.3 (2018-12-06) @@ -324,6 +587,55 @@ entry. - Disables stop environment button while the deploy is in progress. +## 11.4.9 (2018-12-03) + +### Fixed (2 changes) + +- Display impersonation token value only after creation. !22916 +- Correctly handle data-loss scenarios when encrypting columns. !23306 + + +## 11.4.8 (2018-11-27) + +### Security (24 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2571 +- Resolve reflected XSS in Ouath authorize window. +- Fix XSS in merge request source branch name. +- Escape user fullname while rendering autocomplete template to prevent XSS. +- Fix CRLF vulnerability in Project hooks. +- Fix possible XSS attack in Markdown urls with spaces. +- Redact sensitive information on gitlab-workhorse log. +- Do not follow redirects in Prometheus service when making http requests to the configured api url. +- Persist only SHA digest of PersonalAccessToken#token. +- Don't expose confidential information in commit message list. +- Provide email notification when a user changes their email address. +- Restrict Personal Access Tokens to API scope on web requests. +- Redact personal tokens in unsubscribe links. +- Fix SSRF in project integrations. +- Fixed ability to comment on locked/confidential issues. +- Fixed ability of guest users to edit/delete comments on locked or confidential issues. +- Fix milestone promotion authorization check. +- Monkey kubeclient to not follow any redirects. +- Configure mermaid to not render HTML content in diagrams. +- Fix a possible symlink time of check to time of use race condition in GitLab Pages. +- Removed ability to see private group names when the group id is entered in the url. +- Fix stored XSS for Environments. +- Prevent SSRF attacks in HipChat integration. +- Validate Wiki attachments are valid temporary files. + + +## 11.4.7 (2018-11-20) + +- No changes. + +## 11.4.6 (2018-11-18) + +### Security (1 change) + +- Escape user fullname while rendering autocomplete template to prevent XSS. + + ## 11.4.5 (2018-11-04) ### Fixed (4 changes, 1 of them is from the community) @@ -593,6 +905,59 @@ entry. - Check frozen string in style builds. (gfyoung) +## 11.3.12 (2018-12-06) + +### Security (1 change) + +- Prevent a path traversal attack on global file templates. + + +## 11.3.11 (2018-11-26) + +### Security (33 changes) + +- Filter user sensitive data from discussions JSON. !2537 +- Escape entity title while autocomplete template rendering to prevent XSS. !2557 +- Restrict Personal Access Tokens to API scope on web requests. +- Fix XSS in merge request source branch name. +- Escape user fullname while rendering autocomplete template to prevent XSS. +- Fix CRLF vulnerability in Project hooks. +- Fix possible XSS attack in Markdown urls with spaces. +- Redact sensitive information on gitlab-workhorse log. +- Set timeout for syntax highlighting. +- Do not follow redirects in Prometheus service when making http requests to the configured api url. +- Persist only SHA digest of PersonalAccessToken#token. +- Sanitize JSON data properly to fix XSS on Issue details page. +- Don't expose confidential information in commit message list. +- Markdown API no longer displays confidential title references unless authorized. +- Provide email notification when a user changes their email address. +- Properly filter private references from system notes. +- Redact personal tokens in unsubscribe links. +- Resolve reflected XSS in Ouath authorize window. +- Fix SSRF in project integrations. +- Fix stored XSS in merge requests from imported repository. +- Fixed ability to comment on locked/confidential issues. +- Fixed ability of guest users to edit/delete comments on locked or confidential issues. +- Fix milestone promotion authorization check. +- Monkey kubeclient to not follow any redirects. +- Configure mermaid to not render HTML content in diagrams. +- Redact confidential events in the API. +- Fix xss vulnerability sourced from package.json. +- Fix a possible symlink time of check to time of use race condition in GitLab Pages. +- Removed ability to see private group names when the group id is entered in the url. +- Fix stored XSS for Environments. +- Block loopback addresses in UrlBlocker. +- Prevent SSRF attacks in HipChat integration. +- Validate Wiki attachments are valid temporary files. + + +## 11.3.10 (2018-11-18) + +### Security (1 change) + +- Escape user fullname while rendering autocomplete template to prevent XSS. + + ## 11.3.9 (2018-10-31) ### Security (1 change) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2dc8ac40dd..4304f6c874 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -181,4 +181,4 @@ This [documentation](doc/development/contributing/merge_request_workflow.md) has ## Style guides -This [documentation](doc/development/contributing/design.md) has been moved. +This [documentation](doc/development/contributing/style_guides.md) has been moved. diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 4db8830b11..943f9cbc4e 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -0.129.0 +1.7.1 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 6da4de57dc..016dac34bf 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -8.4.1 +8.4.3 diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index 1996c50447..93c8ddab9f 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -7.1.3 +7.6.0 diff --git a/Gemfile b/Gemfile index c7efa790cf..3d25195f96 100644 --- a/Gemfile +++ b/Gemfile @@ -1,13 +1,17 @@ # --- Special code for migrating to Rails 5.0 --- def rails5? - %w[1 true].include?(ENV["RAILS5"]) + !%w[0 false].include?(ENV["RAILS5"]) end gem_versions = {} -gem_versions['activerecord_sane_schema_dumper'] = rails5? ? '1.0' : '0.2' -gem_versions['default_value_for'] = rails5? ? '~> 3.0.5' : '~> 3.0.0' -gem_versions['rails'] = rails5? ? '5.0.7' : '4.2.10' -gem_versions['rails-i18n'] = rails5? ? '~> 5.1' : '~> 4.0.9' +gem_versions['activerecord_sane_schema_dumper'] = rails5? ? '1.0' : '0.2' +gem_versions['rails'] = rails5? ? '5.0.7' : '4.2.11' +gem_versions['rails-i18n'] = rails5? ? '~> 5.1' : '~> 4.0.9' + +# The 2.0.6 version of rack requires monkeypatch to be present in +# `config.ru`. This can be removed once a new update for Rack +# is available that contains https://github.com/rack/rack/pull/1201. +gem_versions['rack'] = rails5? ? '2.0.6' : '1.6.11' # --- The end of special code for migrating to Rails 5.0 --- source 'https://rubygems.org' @@ -15,13 +19,20 @@ source 'https://rubygems.org' gem 'rails', gem_versions['rails'] gem 'rails-deprecated_sanitizer', '~> 1.0.3' +# Improves copy-on-write performance for MRI +gem 'nakayoshi_fork', '~> 0.0.4' + # Responders respond_to and respond_with gem 'responders', '~> 2.0' gem 'sprockets', '~> 3.7.0' # Default values for AR models -gem 'default_value_for', gem_versions['default_value_for'] +if rails5? + gem 'gitlab-default_value_for', '~> 3.1.1', require: 'default_value_for' +else + gem 'default_value_for', '~> 3.0.0' +end # Supported DBs gem 'mysql2', '~> 0.4.10', group: :mysql @@ -71,7 +82,7 @@ gem 'validates_hostname', '~> 1.0.6' gem 'browser', '~> 2.5' # GPG -gem 'gpgme' +gem 'gpgme', '~> 2.0.18' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes @@ -80,7 +91,7 @@ gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap' gem 'net-ldap' # API -gem 'grape', '~> 1.1' +gem 'grape', '~> 1.1.0' gem 'grape-entity', '~> 0.7.1' gem 'rack-cors', '~> 1.0.0', require: 'rack/cors' @@ -124,7 +135,7 @@ gem 'seed-fu', '~> 2.3.7' # Markdown and HTML processing gem 'html-pipeline', '~> 2.8' gem 'deckar01-task_list', '2.0.0' -gem 'gitlab-markup', '~> 1.6.4' +gem 'gitlab-markup', '~> 1.6.5' gem 'github-markup', '~> 1.7.0', require: 'github/markup' gem 'redcarpet', '~> 3.4' gem 'commonmarker', '~> 0.17' @@ -133,7 +144,7 @@ gem 'rdoc', '~> 6.0' gem 'org-ruby', '~> 0.9.12' gem 'creole', '~> 0.5.0' gem 'wikicloth', '0.8.1' -gem 'asciidoctor', '~> 1.5.6' +gem 'asciidoctor', '~> 1.5.8' gem 'asciidoctor-plantuml', '0.0.8' gem 'rouge', '~> 3.1' gem 'truncato', '~> 0.7.9' @@ -148,6 +159,8 @@ gem 'icalendar' gem 'diffy', '~> 3.1.0' # Application server +gem 'rack', gem_versions['rack'] + group :unicorn do gem 'unicorn', '~> 5.1.0' gem 'unicorn-worker-killer', '~> 0.4.4' @@ -168,6 +181,7 @@ gem 'acts-as-taggable-on', '~> 5.0' gem 'sidekiq', '~> 5.2.1' gem 'sidekiq-cron', '~> 0.6.0' gem 'redis-namespace', '~> 1.6.0' +gem 'gitlab-sidekiq-fetcher', '~> 0.1.0', require: 'sidekiq-reliable-fetch' # Cron Parser gem 'rufus-scheduler', '~> 3.4' @@ -204,6 +218,9 @@ gem 'redis-rails', '~> 5.0.2' gem 'redis', '~> 3.2' gem 'connection_pool', '~> 2.0' +# Discord integration +gem 'discordrb-webhooks-blackst0ne', '~> 3.3', require: false + # HipChat integration gem 'hipchat', '~> 1.5.0' @@ -220,13 +237,13 @@ gem 'slack-notifier', '~> 1.5.1' gem 'hangouts-chat', '~> 0.0.5' # Asana integration -gem 'asana', '~> 0.6.0' +gem 'asana', '~> 0.8.1' # FogBugz integration gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration -gem 'kubeclient', '~> 3.1.0' +gem 'kubeclient', '~> 4.0.0' # Sanitize user input gem 'sanitize', '~> 4.6' @@ -247,6 +264,9 @@ gem 'ace-rails-ap', '~> 4.1.0' # Detect and convert string character encoding gem 'charlock_holmes', '~> 0.7.5' +# Detect mime content type from content +gem 'mimemagic', '~> 0.3.2' + # Faster blank gem 'fast_blank' @@ -282,7 +302,7 @@ gem 'gettext_i18n_rails', '~> 1.8.0' gem 'gettext_i18n_rails_js', '~> 1.3' gem 'gettext', '~> 3.2.2', require: false, group: :development -gem 'batch-loader', '~> 1.2.1' +gem 'batch-loader', '~> 1.2.2' # Perf bar gem 'peek', '~> 1.0.1' @@ -291,7 +311,6 @@ gem 'peek-mysql2', '~> 1.1.0', group: :mysql gem 'peek-pg', '~> 1.3.0', group: :postgres gem 'peek-rblineprof', '~> 0.2.0' gem 'peek-redis', '~> 1.2.0' -gem 'gitlab-sidekiq-fetcher', require: 'sidekiq-reliable-fetch' # Metrics group :metrics do @@ -311,8 +330,8 @@ group :development do gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false # Better errors handler - gem 'better_errors', '~> 2.1.0' - gem 'binding_of_caller', '~> 0.7.2' + gem 'better_errors', '~> 2.5.0' + gem 'binding_of_caller', '~> 0.8.0' # thin instead webrick gem 'thin', '~> 1.7.0' @@ -339,7 +358,7 @@ group :development, :test do gem 'minitest', '~> 5.7.0' # Generate Fake data - gem 'ffaker', '~> 2.4' + gem 'ffaker', '~> 2.10' gem 'capybara', '~> 2.15' gem 'capybara-screenshot', '~> 1.0.0' @@ -354,14 +373,14 @@ group :development, :test do gem 'rubocop-rspec', '~> 1.22.1' gem 'scss_lint', '~> 0.56.0', require: false - gem 'haml_lint', '~> 0.26.0', require: false + gem 'haml_lint', '~> 0.28.0', require: false gem 'simplecov', '~> 0.14.0', require: false gem 'bundler-audit', '~> 0.5.0', require: false gem 'benchmark-ips', '~> 2.3.0', require: false gem 'license_finder', '~> 5.4', require: false - gem 'knapsack', '~> 1.16' + gem 'knapsack', '~> 1.17' gem 'activerecord_sane_schema_dumper', gem_versions['activerecord_sane_schema_dumper'] @@ -380,7 +399,7 @@ group :test do gem 'rails-controller-testing' if rails5? # Rails5 only gem. gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0. gem 'sham_rack', '~> 1.3.6' - gem 'concurrent-ruby', '~> 1.0.5' + gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.2.5' gem 'rspec_junit_formatter' end @@ -416,7 +435,7 @@ group :ed25519 do end # Gitaly GRPC client -gem 'gitaly-proto', '~> 0.123.0', require: 'gitaly' +gem 'gitaly-proto', '~> 1.3.0', require: 'gitaly' gem 'grpc', '~> 1.15.0' gem 'google-protobuf', '~> 3.6' diff --git a/Gemfile.lock b/Gemfile.lock index 50e3ddef1e..7bc8fdbcb0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,41 +4,44 @@ GEM RedCloth (4.3.2) abstract_type (0.0.7) ace-rails-ap (4.1.2) - actionmailer (4.2.10) - actionpack (= 4.2.10) - actionview (= 4.2.10) - activejob (= 4.2.10) + actioncable (5.0.7) + actionpack (= 5.0.7) + nio4r (>= 1.2, < 3.0) + websocket-driver (~> 0.6.1) + actionmailer (5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.10) - actionview (= 4.2.10) - activesupport (= 4.2.10) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) + rails-dom-testing (~> 2.0) + actionpack (5.0.7) + actionview (= 5.0.7) + activesupport (= 5.0.7) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.10) - activesupport (= 4.2.10) + actionview (5.0.7) + activesupport (= 5.0.7) builder (~> 3.1) erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.10) - activesupport (= 4.2.10) - globalid (>= 0.3.0) - activemodel (4.2.10) - activesupport (= 4.2.10) - builder (~> 3.1) - activerecord (4.2.10) - activemodel (= 4.2.10) - activesupport (= 4.2.10) - arel (~> 6.0) - activerecord_sane_schema_dumper (0.2) - rails (>= 4, < 5) - activesupport (4.2.10) - i18n (~> 0.7) + activejob (5.0.7) + activesupport (= 5.0.7) + globalid (>= 0.3.6) + activemodel (5.0.7) + activesupport (= 5.0.7) + activerecord (5.0.7) + activemodel (= 5.0.7) + activesupport (= 5.0.7) + arel (~> 7.0) + activerecord_sane_schema_dumper (1.0) + rails (>= 5, < 6) + activesupport (5.0.7) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) acts-as-taggable-on (5.0.0) activerecord (>= 4.2.8) @@ -49,13 +52,13 @@ GEM public_suffix (>= 2.0.2, < 4.0) aes_key_wrap (1.0.1) akismet (2.0.0) - arel (6.0.4) - asana (0.6.0) + arel (7.1.4) + asana (0.8.1) faraday (~> 0.9) faraday_middleware (~> 0.9) faraday_middleware-multi_json (~> 0.0) oauth2 (~> 1.0) - asciidoctor (1.5.6.2) + asciidoctor (1.5.8) asciidoctor-plantuml (0.0.8) asciidoctor (~> 1.5) ast (2.4.0) @@ -70,16 +73,17 @@ GEM thread_safe (~> 0.3, >= 0.3.1) babosa (1.0.2) base32 (0.3.2) - batch-loader (1.2.1) + batch-loader (1.2.2) bcrypt (3.1.12) bcrypt_pbkdf (1.0.0) benchmark-ips (2.3.0) - better_errors (2.1.1) + better_errors (2.5.0) coderay (>= 1.0.0) - erubis (>= 2.6.6) + erubi (>= 1.0.0) rack (>= 0.9.0) bindata (2.4.3) - binding_of_caller (0.7.2) + binding_ninja (0.2.2) + binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) bootsnap (1.3.2) msgpack (~> 1.0) @@ -125,9 +129,9 @@ GEM concord (0.1.5) adamantium (~> 0.2.0) equalizer (~> 0.0.9) - concurrent-ruby (1.0.5) - concurrent-ruby-ext (1.0.5) - concurrent-ruby (= 1.0.5) + concurrent-ruby (1.1.3) + concurrent-ruby-ext (1.1.3) + concurrent-ruby (= 1.1.3) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) @@ -137,14 +141,12 @@ GEM addressable daemons (1.2.6) database_cleaner (1.5.3) - debug_inspector (0.0.2) + debug_inspector (0.0.3) debugger-ruby_core_source (1.3.8) deckar01-task_list (2.0.0) html-pipeline declarative (0.0.10) declarative-option (0.1.0) - default_value_for (3.0.2) - activerecord (>= 3.2.0, < 5.1) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) device_detector (1.0.0) @@ -162,6 +164,8 @@ GEM rotp (~> 2.0) diff-lcs (1.3) diffy (3.1.0) + discordrb-webhooks-blackst0ne (3.3.0) + rest-client (~> 2.0) docile (1.1.5) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) @@ -178,8 +182,9 @@ GEM mail (~> 2.7) encryptor (3.0.0) equalizer (0.0.11) + erubi (1.7.1) erubis (2.7.0) - escape_utils (1.1.1) + escape_utils (1.2.1) et-orbi (1.0.3) tzinfo eventmachine (1.2.7) @@ -200,7 +205,7 @@ GEM multi_json fast_blank (1.0.0) fast_gettext (1.6.0) - ffaker (2.4.0) + ffaker (2.10.0) ffi (1.9.25) flipper (0.13.0) flipper-active_record (0.13.0) @@ -269,11 +274,13 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.123.0) + gitaly-proto (1.3.0) grpc (~> 1.0) github-markup (1.7.0) - gitlab-markup (1.6.4) - gitlab-sidekiq-fetcher (0.3.0) + gitlab-default_value_for (3.1.1) + activerecord (>= 3.2.0, < 6.0) + gitlab-markup (1.6.5) + gitlab-sidekiq-fetcher (0.1.0) sidekiq (~> 5) gitlab-styles (2.4.1) rubocop (~> 0.54.0) @@ -307,8 +314,8 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.7) - gpgme (2.0.13) - mini_portile2 (~> 2.1) + gpgme (2.0.18) + mini_portile2 (~> 2.3) grape (1.1.0) activesupport builder @@ -335,11 +342,11 @@ GEM haml (5.0.4) temple (>= 0.8.0) tilt - haml_lint (0.26.0) + haml_lint (0.28.0) haml (>= 4.0, < 5.1) rainbow rake (>= 10, < 13) - rubocop (>= 0.49.0) + rubocop (>= 0.50.0) sysexits (~> 1.1) hamlit (2.8.8) temple (>= 0.8.0) @@ -361,20 +368,20 @@ GEM html2text (0.2.0) nokogiri (~> 1.6) htmlentities (4.3.4) - http (2.2.2) + http (3.3.0) addressable (~> 2.3) http-cookie (~> 1.0) - http-form_data (~> 1.0.1) + http-form_data (~> 2.0) http_parser.rb (~> 0.6.0) http-cookie (1.0.3) domain_name (~> 0.5) - http-form_data (1.0.3) + http-form_data (2.1.1) http_parser.rb (0.6.0) httparty (0.13.7) json (~> 1.8) multi_xml (>= 0.5.2) httpclient (2.8.3) - i18n (0.9.5) + i18n (1.1.1) concurrent-ruby (~> 1.0) icalendar (2.4.1) ice_nine (0.11.2) @@ -410,10 +417,10 @@ GEM kaminari-core (= 1.0.1) kaminari-core (1.0.1) kgio (2.10.0) - knapsack (1.16.0) + knapsack (1.17.0) rake - kubeclient (3.1.0) - http (~> 2.2.2) + kubeclient (4.0.0) + http (~> 3.0) recursive-open-struct (~> 1.0, >= 1.0.4) rest-client (~> 2.0) launchy (2.4.3) @@ -439,7 +446,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) @@ -448,11 +455,11 @@ GEM memoist (0.16.0) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) - method_source (0.9.0) - mime-types (3.1) + method_source (0.9.2) + mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mimemagic (0.3.0) + mime-types-data (3.2018.0812) + mimemagic (0.3.2) mini_magick (4.8.0) mini_mime (1.0.1) mini_portile2 (2.3.0) @@ -465,10 +472,12 @@ GEM mustermann-grape (1.0.0) mustermann (~> 1.0.0) mysql2 (0.4.10) + nakayoshi_fork (0.0.4) net-ldap (0.16.0) net-ssh (5.0.1) netrc (0.11.0) - nokogiri (1.8.4) + nio4r (2.3.1) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -596,7 +605,7 @@ GEM get_process_mem (~> 0.2) puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) - rack (1.6.10) + rack (2.0.6) rack-accept (0.4.5) rack (>= 0.4) rack-attack (4.4.1) @@ -608,37 +617,42 @@ GEM httpclient (>= 2.4) multi_json (>= 1.3.6) rack (>= 1.1) - rack-protection (2.0.3) + rack-protection (2.0.4) rack rack-proxy (0.6.0) rack rack-test (0.6.3) rack (>= 1.0) - rails (4.2.10) - actionmailer (= 4.2.10) - actionpack (= 4.2.10) - actionview (= 4.2.10) - activejob (= 4.2.10) - activemodel (= 4.2.10) - activerecord (= 4.2.10) - activesupport (= 4.2.10) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.10) - sprockets-rails + rails (5.0.7) + actioncable (= 5.0.7) + actionmailer (= 5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) + activemodel (= 5.0.7) + activerecord (= 5.0.7) + activesupport (= 5.0.7) + bundler (>= 1.3.0) + railties (= 5.0.7) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.2) + actionpack (~> 5.x, >= 5.0.1) + actionview (~> 5.x, >= 5.0.1) + activesupport (~> 5.x) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.9) - activesupport (>= 4.2.0, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - rails-i18n (4.0.9) - i18n (~> 0.7) - railties (~> 4.0) - railties (4.2.10) - actionpack (= 4.2.10) - activesupport (= 4.2.10) + rails-i18n (5.1.1) + i18n (>= 0.7, < 2) + railties (>= 5.0, < 6) + railties (5.0.7) + actionpack (= 5.0.7) + activesupport (= 5.0.7) + method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (3.0.0) @@ -676,7 +690,7 @@ GEM redis-actionpack (>= 5.0, < 6) redis-activesupport (>= 5.0, < 6) redis-store (>= 1.2, < 2) - redis-store (1.4.1) + redis-store (1.6.0) redis (>= 2.2, < 5) regexp_parser (0.5.0) representable (3.0.4) @@ -711,8 +725,8 @@ GEM rspec-mocks (3.7.0) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) - rspec-parameterized (0.4.0) - binding_of_caller + rspec-parameterized (0.4.1) + binding_ninja (>= 0.2.1) parser proc_to_ast rspec (>= 2.13, < 4) @@ -729,8 +743,7 @@ GEM rspec-core rspec-set (0.1.3) rspec-support (3.7.1) - rspec_junit_formatter (0.2.3) - builder (< 4) + rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rspec_profiling (0.0.5) activerecord @@ -756,8 +769,8 @@ GEM ruby-progressbar (1.9.0) ruby-saml (1.7.2) nokogiri (>= 1.5.10) - ruby_parser (3.9.0) - sexp_processor (~> 4.1) + ruby_parser (3.11.0) + sexp_processor (~> 4.9) rubyntlm (0.6.2) rubypants (0.2.0) rubyzip (1.2.2) @@ -794,15 +807,15 @@ GEM selenium-webdriver (3.12.0) childprocess (~> 0.5) rubyzip (~> 1.2) - sentry-raven (2.7.2) + sentry-raven (2.7.4) faraday (>= 0.7.6, < 1.0) settingslogic (2.0.9) - sexp_processor (4.9.0) + sexp_processor (4.11.0) sham_rack (1.3.6) rack shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - sidekiq (5.2.1) + sidekiq (5.2.3) connection_pool (~> 2.2, >= 2.2.2) rack-protection (>= 1.5.0) redis (>= 3.3.5, < 5) @@ -847,8 +860,6 @@ GEM sysexits (1.2.0) temple (0.8.0) test-prof (0.2.5) - test_after_commit (1.1.0) - activerecord (>= 3.2) text (1.3.1) thin (1.7.2) daemons (~> 1.0, >= 1.0.9) @@ -885,7 +896,7 @@ GEM get_process_mem (~> 0) unicorn (>= 4, < 6) uniform_notifier (1.10.0) - unparser (0.2.7) + unparser (0.4.2) abstract_type (~> 0.0.7) adamantium (~> 0.2.0) concord (~> 0.1.5) @@ -911,6 +922,9 @@ GEM hashdiff webpack-rails (0.9.11) railties (>= 3.2.0) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.3) wikicloth (0.8.1) builder expression_parser @@ -926,22 +940,22 @@ PLATFORMS DEPENDENCIES RedCloth (~> 4.3.2) ace-rails-ap (~> 4.1.0) - activerecord_sane_schema_dumper (= 0.2) + activerecord_sane_schema_dumper (= 1.0) acts-as-taggable-on (~> 5.0) addressable (~> 2.5.2) akismet (~> 2.0) - asana (~> 0.6.0) - asciidoctor (~> 1.5.6) + asana (~> 0.8.1) + asciidoctor (~> 1.5.8) asciidoctor-plantuml (= 0.0.8) attr_encrypted (~> 3.1.0) awesome_print babosa (~> 1.0.2) base32 (~> 0.3.0) - batch-loader (~> 1.2.1) + batch-loader (~> 1.2.2) bcrypt_pbkdf (~> 1.0) benchmark-ips (~> 2.3.0) - better_errors (~> 2.1.0) - binding_of_caller (~> 0.7.2) + better_errors (~> 2.5.0) + binding_of_caller (~> 0.8.0) bootsnap (~> 1.3) bootstrap_form (~> 2.7.0) brakeman (~> 4.2) @@ -955,16 +969,16 @@ DEPENDENCIES chronic (~> 0.10.2) chronic_duration (~> 0.10.6) commonmarker (~> 0.17) - concurrent-ruby (~> 1.0.5) + concurrent-ruby (~> 1.1) connection_pool (~> 2.0) creole (~> 0.5.0) database_cleaner (~> 1.5.0) deckar01-task_list (= 2.0.0) - default_value_for (~> 3.0.0) device_detector devise (~> 4.4) devise-two-factor (~> 3.0.0) diffy (~> 3.1.0) + discordrb-webhooks-blackst0ne (~> 3.3) doorkeeper (~> 4.3) doorkeeper-openid_connect (~> 1.5) ed25519 (~> 1.2) @@ -974,7 +988,7 @@ DEPENDENCIES factory_bot_rails (~> 4.8.2) faraday (~> 0.12) fast_blank - ffaker (~> 2.4) + ffaker (~> 2.10) flipper (~> 0.13.0) flipper-active_record (~> 0.13.0) flipper-active_support_cache_store (~> 0.13.0) @@ -993,24 +1007,25 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.123.0) + gitaly-proto (~> 1.3.0) github-markup (~> 1.7.0) - gitlab-markup (~> 1.6.4) - gitlab-sidekiq-fetcher + gitlab-default_value_for (~> 3.1.1) + gitlab-markup (~> 1.6.5) + gitlab-sidekiq-fetcher (~> 0.1.0) gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.23) google-protobuf (~> 3.6) - gpgme - grape (~> 1.1) + gpgme (~> 2.0.18) + grape (~> 1.1.0) grape-entity (~> 0.7.1) grape-path-helpers (~> 1.0) grape_logging (~> 1.7) graphiql-rails (~> 1.4.10) graphql (~> 1.8.0) grpc (~> 1.15.0) - haml_lint (~> 0.26.0) + haml_lint (~> 0.28.0) hamlit (~> 2.8.8) hangouts-chat (~> 0.0.5) hashie-forbidden_attributes @@ -1027,8 +1042,8 @@ DEPENDENCIES json-schema (~> 2.8.0) jwt (~> 1.5.6) kaminari (~> 1.0) - knapsack (~> 1.16) - kubeclient (~> 3.1.0) + knapsack (~> 1.17) + kubeclient (~> 4.0.0) letter_opener_web (~> 1.3.0) license_finder (~> 5.4) licensee (~> 8.9) @@ -1036,9 +1051,11 @@ DEPENDENCIES loofah (~> 2.2) mail_room (~> 0.9.1) method_source (~> 0.8) + mimemagic (~> 0.3.2) mini_magick minitest (~> 5.7.0) mysql2 (~> 0.4.10) + nakayoshi_fork (~> 0.0.4) net-ldap net-ssh (~> 5.0) nokogiri (~> 1.8.2) @@ -1073,13 +1090,15 @@ DEPENDENCIES pry-rails (~> 0.3.4) puma (~> 3.12) puma_worker_killer + rack (= 2.0.6) rack-attack (~> 4.4.1) rack-cors (~> 1.0.0) rack-oauth2 (~> 1.2.1) rack-proxy (~> 0.6.0) - rails (= 4.2.10) + rails (= 5.0.7) + rails-controller-testing rails-deprecated_sanitizer (~> 1.0.3) - rails-i18n (~> 4.0.9) + rails-i18n (~> 5.1) rainbow (~> 3.0) raindrops (~> 0.18) rblineprof (~> 0.3.6) @@ -1132,7 +1151,6 @@ DEPENDENCIES state_machines-activerecord (~> 0.5.1) sys-filesystem (~> 1.1.6) test-prof (~> 0.2.5) - test_after_commit (~> 1.1) thin (~> 1.7.0) timecop (~> 0.8.0) toml-rb (~> 1.0.0) diff --git a/Gemfile.rails5 b/Gemfile.rails4 similarity index 56% rename from Gemfile.rails5 rename to Gemfile.rails4 index 2b526b19ba..0ec00e702a 100644 --- a/Gemfile.rails5 +++ b/Gemfile.rails4 @@ -1,6 +1,6 @@ -# BUNDLE_GEMFILE=Gemfile.rails5 bundle install +# BUNDLE_GEMFILE=Gemfile.rails4 bundle install -ENV["RAILS5"] = "true" +ENV["RAILS5"] = "false" gemfile = File.expand_path("../Gemfile", __FILE__) diff --git a/Gemfile.rails5.lock b/Gemfile.rails4.lock similarity index 88% rename from Gemfile.rails5.lock rename to Gemfile.rails4.lock index 181f2db95b..15c188e9d6 100644 --- a/Gemfile.rails5.lock +++ b/Gemfile.rails4.lock @@ -4,44 +4,41 @@ GEM RedCloth (4.3.2) abstract_type (0.0.7) ace-rails-ap (4.1.2) - actioncable (5.0.7) - actionpack (= 5.0.7) - nio4r (>= 1.2, < 3.0) - websocket-driver (~> 0.6.1) - actionmailer (5.0.7) - actionpack (= 5.0.7) - actionview (= 5.0.7) - activejob (= 5.0.7) + actionmailer (4.2.11) + actionpack (= 4.2.11) + actionview (= 4.2.11) + activejob (= 4.2.11) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.0.7) - actionview (= 5.0.7) - activesupport (= 5.0.7) - rack (~> 2.0) - rack-test (~> 0.6.3) - rails-dom-testing (~> 2.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (4.2.11) + actionview (= 4.2.11) + activesupport (= 4.2.11) + rack (~> 1.6) + rack-test (~> 0.6.2) + rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.7) - activesupport (= 5.0.7) + actionview (4.2.11) + activesupport (= 4.2.11) builder (~> 3.1) erubis (~> 2.7.0) - rails-dom-testing (~> 2.0) + rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.7) - activesupport (= 5.0.7) - globalid (>= 0.3.6) - activemodel (5.0.7) - activesupport (= 5.0.7) - activerecord (5.0.7) - activemodel (= 5.0.7) - activesupport (= 5.0.7) - arel (~> 7.0) - activerecord_sane_schema_dumper (1.0) - rails (>= 5, < 6) - activesupport (5.0.7) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) + activejob (4.2.11) + activesupport (= 4.2.11) + globalid (>= 0.3.0) + activemodel (4.2.11) + activesupport (= 4.2.11) + builder (~> 3.1) + activerecord (4.2.11) + activemodel (= 4.2.11) + activesupport (= 4.2.11) + arel (~> 6.0) + activerecord_sane_schema_dumper (0.2) + rails (>= 4, < 5) + activesupport (4.2.11) + i18n (~> 0.7) minitest (~> 5.1) + thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) acts-as-taggable-on (5.0.0) activerecord (>= 4.2.8) @@ -52,13 +49,13 @@ GEM public_suffix (>= 2.0.2, < 4.0) aes_key_wrap (1.0.1) akismet (2.0.0) - arel (7.1.4) - asana (0.6.0) + arel (6.0.4) + asana (0.8.1) faraday (~> 0.9) faraday_middleware (~> 0.9) faraday_middleware-multi_json (~> 0.0) oauth2 (~> 1.0) - asciidoctor (1.5.6.2) + asciidoctor (1.5.8) asciidoctor-plantuml (0.0.8) asciidoctor (~> 1.5) ast (2.4.0) @@ -73,16 +70,17 @@ GEM thread_safe (~> 0.3, >= 0.3.1) babosa (1.0.2) base32 (0.3.2) - batch-loader (1.2.1) + batch-loader (1.2.2) bcrypt (3.1.12) bcrypt_pbkdf (1.0.0) benchmark-ips (2.3.0) - better_errors (2.1.1) + better_errors (2.5.0) coderay (>= 1.0.0) - erubis (>= 2.6.6) + erubi (>= 1.0.0) rack (>= 0.9.0) bindata (2.4.3) - binding_of_caller (0.7.2) + binding_ninja (0.2.2) + binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) bootsnap (1.3.2) msgpack (~> 1.0) @@ -128,9 +126,9 @@ GEM concord (0.1.5) adamantium (~> 0.2.0) equalizer (~> 0.0.9) - concurrent-ruby (1.0.5) - concurrent-ruby-ext (1.0.5) - concurrent-ruby (= 1.0.5) + concurrent-ruby (1.1.3) + concurrent-ruby-ext (1.1.3) + concurrent-ruby (= 1.1.3) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) @@ -140,14 +138,14 @@ GEM addressable daemons (1.2.6) database_cleaner (1.5.3) - debug_inspector (0.0.2) + debug_inspector (0.0.3) debugger-ruby_core_source (1.3.8) deckar01-task_list (2.0.0) html-pipeline declarative (0.0.10) declarative-option (0.1.0) - default_value_for (3.0.5) - activerecord (>= 3.2.0, < 5.2) + default_value_for (3.0.2) + activerecord (>= 3.2.0, < 5.1) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) device_detector (1.0.0) @@ -165,6 +163,8 @@ GEM rotp (~> 2.0) diff-lcs (1.3) diffy (3.1.0) + discordrb-webhooks-blackst0ne (3.3.0) + rest-client (~> 2.0) docile (1.1.5) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) @@ -181,8 +181,9 @@ GEM mail (~> 2.7) encryptor (3.0.0) equalizer (0.0.11) + erubi (1.7.1) erubis (2.7.0) - escape_utils (1.1.1) + escape_utils (1.2.1) et-orbi (1.0.3) tzinfo eventmachine (1.2.7) @@ -203,7 +204,7 @@ GEM multi_json fast_blank (1.0.0) fast_gettext (1.6.0) - ffaker (2.4.0) + ffaker (2.10.0) ffi (1.9.25) flipper (0.13.0) flipper-active_record (0.13.0) @@ -272,11 +273,11 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.123.0) + gitaly-proto (1.3.0) grpc (~> 1.0) github-markup (1.7.0) - gitlab-markup (1.6.4) - gitlab-sidekiq-fetcher (0.3.0) + gitlab-markup (1.6.5) + gitlab-sidekiq-fetcher (0.1.0) sidekiq (~> 5) gitlab-styles (2.4.1) rubocop (~> 0.54.0) @@ -310,8 +311,8 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.7) - gpgme (2.0.13) - mini_portile2 (~> 2.1) + gpgme (2.0.18) + mini_portile2 (~> 2.3) grape (1.1.0) activesupport builder @@ -338,11 +339,11 @@ GEM haml (5.0.4) temple (>= 0.8.0) tilt - haml_lint (0.26.0) + haml_lint (0.28.0) haml (>= 4.0, < 5.1) rainbow rake (>= 10, < 13) - rubocop (>= 0.49.0) + rubocop (>= 0.50.0) sysexits (~> 1.1) hamlit (2.8.8) temple (>= 0.8.0) @@ -364,20 +365,20 @@ GEM html2text (0.2.0) nokogiri (~> 1.6) htmlentities (4.3.4) - http (2.2.2) + http (3.3.0) addressable (~> 2.3) http-cookie (~> 1.0) - http-form_data (~> 1.0.1) + http-form_data (~> 2.0) http_parser.rb (~> 0.6.0) http-cookie (1.0.3) domain_name (~> 0.5) - http-form_data (1.0.3) + http-form_data (2.1.1) http_parser.rb (0.6.0) httparty (0.13.7) json (~> 1.8) multi_xml (>= 0.5.2) httpclient (2.8.3) - i18n (1.1.0) + i18n (0.9.5) concurrent-ruby (~> 1.0) icalendar (2.4.1) ice_nine (0.11.2) @@ -413,10 +414,10 @@ GEM kaminari-core (= 1.0.1) kaminari-core (1.0.1) kgio (2.10.0) - knapsack (1.16.0) + knapsack (1.17.0) rake - kubeclient (3.1.0) - http (~> 2.2.2) + kubeclient (4.0.0) + http (~> 3.0) recursive-open-struct (~> 1.0, >= 1.0.4) rest-client (~> 2.0) launchy (2.4.3) @@ -442,7 +443,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) @@ -452,10 +453,10 @@ GEM memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) method_source (0.9.0) - mime-types (3.1) + mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mimemagic (0.3.0) + mime-types-data (3.2018.0812) + mimemagic (0.3.2) mini_magick (4.8.0) mini_mime (1.0.1) mini_portile2 (2.3.0) @@ -468,11 +469,11 @@ GEM mustermann-grape (1.0.0) mustermann (~> 1.0.0) mysql2 (0.4.10) + nakayoshi_fork (0.0.4) net-ldap (0.16.0) net-ssh (5.0.1) netrc (0.11.0) - nio4r (2.3.1) - nokogiri (1.8.4) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -544,7 +545,7 @@ GEM orm_adapter (0.5.0) os (1.0.0) parallel (1.12.1) - parser (2.5.1.2) + parser (2.5.3.0) ast (~> 2.4.0) parslet (1.8.2) peek (1.0.1) @@ -600,7 +601,7 @@ GEM get_process_mem (~> 0.2) puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) - rack (2.0.5) + rack (1.6.11) rack-accept (0.4.5) rack (>= 0.4) rack-attack (4.4.1) @@ -612,47 +613,42 @@ GEM httpclient (>= 2.4) multi_json (>= 1.3.6) rack (>= 1.1) - rack-protection (2.0.3) + rack-protection (2.0.4) rack rack-proxy (0.6.0) rack rack-test (0.6.3) rack (>= 1.0) - rails (5.0.7) - actioncable (= 5.0.7) - actionmailer (= 5.0.7) - actionpack (= 5.0.7) - actionview (= 5.0.7) - activejob (= 5.0.7) - activemodel (= 5.0.7) - activerecord (= 5.0.7) - activesupport (= 5.0.7) - bundler (>= 1.3.0) - railties (= 5.0.7) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.2) - actionpack (~> 5.x, >= 5.0.1) - actionview (~> 5.x, >= 5.0.1) - activesupport (~> 5.x) + rails (4.2.11) + actionmailer (= 4.2.11) + actionpack (= 4.2.11) + actionview (= 4.2.11) + activejob (= 4.2.11) + activemodel (= 4.2.11) + activerecord (= 4.2.11) + activesupport (= 4.2.11) + bundler (>= 1.3.0, < 2.0) + railties (= 4.2.11) + sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) + rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - rails-i18n (5.1.1) - i18n (>= 0.7, < 2) - railties (>= 5.0, < 6) - railties (5.0.7) - actionpack (= 5.0.7) - activesupport (= 5.0.7) - method_source + rails-i18n (4.0.9) + i18n (~> 0.7) + railties (~> 4.0) + railties (4.2.11) + actionpack (= 4.2.11) + activesupport (= 4.2.11) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (3.0.0) raindrops (0.18.0) - rake (12.3.1) + rake (12.3.2) rb-fsevent (0.10.2) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) @@ -685,7 +681,7 @@ GEM redis-actionpack (>= 5.0, < 6) redis-activesupport (>= 5.0, < 6) redis-store (>= 1.2, < 2) - redis-store (1.4.1) + redis-store (1.6.0) redis (>= 2.2, < 5) regexp_parser (0.5.0) representable (3.0.4) @@ -720,8 +716,8 @@ GEM rspec-mocks (3.7.0) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) - rspec-parameterized (0.4.0) - binding_of_caller + rspec-parameterized (0.4.1) + binding_ninja (>= 0.2.1) parser proc_to_ast rspec (>= 2.13, < 4) @@ -738,7 +734,8 @@ GEM rspec-core rspec-set (0.1.3) rspec-support (3.7.1) - rspec_junit_formatter (0.4.1) + rspec_junit_formatter (0.2.3) + builder (< 4) rspec-core (>= 2, < 4, != 2.12.0) rspec_profiling (0.0.5) activerecord @@ -764,8 +761,8 @@ GEM ruby-progressbar (1.9.0) ruby-saml (1.7.2) nokogiri (>= 1.5.10) - ruby_parser (3.9.0) - sexp_processor (~> 4.1) + ruby_parser (3.11.0) + sexp_processor (~> 4.9) rubyntlm (0.6.2) rubypants (0.2.0) rubyzip (1.2.2) @@ -805,12 +802,12 @@ GEM sentry-raven (2.7.2) faraday (>= 0.7.6, < 1.0) settingslogic (2.0.9) - sexp_processor (4.9.0) + sexp_processor (4.11.0) sham_rack (1.3.6) rack shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - sidekiq (5.2.1) + sidekiq (5.2.3) connection_pool (~> 2.2, >= 2.2.2) rack-protection (>= 1.5.0) redis (>= 3.3.5, < 5) @@ -855,6 +852,8 @@ GEM sysexits (1.2.0) temple (0.8.0) test-prof (0.2.5) + test_after_commit (1.1.0) + activerecord (>= 3.2) text (1.3.1) thin (1.7.2) daemons (~> 1.0, >= 1.0.9) @@ -891,7 +890,7 @@ GEM get_process_mem (~> 0) unicorn (>= 4, < 6) uniform_notifier (1.10.0) - unparser (0.2.7) + unparser (0.4.2) abstract_type (~> 0.0.7) adamantium (~> 0.2.0) concord (~> 0.1.5) @@ -917,9 +916,6 @@ GEM hashdiff webpack-rails (0.9.11) railties (>= 3.2.0) - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) wikicloth (0.8.1) builder expression_parser @@ -935,22 +931,22 @@ PLATFORMS DEPENDENCIES RedCloth (~> 4.3.2) ace-rails-ap (~> 4.1.0) - activerecord_sane_schema_dumper (= 1.0) + activerecord_sane_schema_dumper (= 0.2) acts-as-taggable-on (~> 5.0) addressable (~> 2.5.2) akismet (~> 2.0) - asana (~> 0.6.0) - asciidoctor (~> 1.5.6) + asana (~> 0.8.1) + asciidoctor (~> 1.5.8) asciidoctor-plantuml (= 0.0.8) attr_encrypted (~> 3.1.0) awesome_print babosa (~> 1.0.2) base32 (~> 0.3.0) - batch-loader (~> 1.2.1) + batch-loader (~> 1.2.2) bcrypt_pbkdf (~> 1.0) benchmark-ips (~> 2.3.0) - better_errors (~> 2.1.0) - binding_of_caller (~> 0.7.2) + better_errors (~> 2.5.0) + binding_of_caller (~> 0.8.0) bootsnap (~> 1.3) bootstrap_form (~> 2.7.0) brakeman (~> 4.2) @@ -964,16 +960,17 @@ DEPENDENCIES chronic (~> 0.10.2) chronic_duration (~> 0.10.6) commonmarker (~> 0.17) - concurrent-ruby (~> 1.0.5) + concurrent-ruby (~> 1.1) connection_pool (~> 2.0) creole (~> 0.5.0) database_cleaner (~> 1.5.0) deckar01-task_list (= 2.0.0) - default_value_for (~> 3.0.5) + default_value_for (~> 3.0.0) device_detector devise (~> 4.4) devise-two-factor (~> 3.0.0) diffy (~> 3.1.0) + discordrb-webhooks-blackst0ne (~> 3.3) doorkeeper (~> 4.3) doorkeeper-openid_connect (~> 1.5) ed25519 (~> 1.2) @@ -983,7 +980,7 @@ DEPENDENCIES factory_bot_rails (~> 4.8.2) faraday (~> 0.12) fast_blank - ffaker (~> 2.4) + ffaker (~> 2.10) flipper (~> 0.13.0) flipper-active_record (~> 0.13.0) flipper-active_support_cache_store (~> 0.13.0) @@ -1002,24 +999,24 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.123.0) + gitaly-proto (~> 1.3.0) github-markup (~> 1.7.0) - gitlab-markup (~> 1.6.4) - gitlab-sidekiq-fetcher + gitlab-markup (~> 1.6.5) + gitlab-sidekiq-fetcher (~> 0.1.0) gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.23) google-protobuf (~> 3.6) - gpgme - grape (~> 1.1) + gpgme (~> 2.0.18) + grape (~> 1.1.0) grape-entity (~> 0.7.1) grape-path-helpers (~> 1.0) grape_logging (~> 1.7) graphiql-rails (~> 1.4.10) graphql (~> 1.8.0) grpc (~> 1.15.0) - haml_lint (~> 0.26.0) + haml_lint (~> 0.28.0) hamlit (~> 2.8.8) hangouts-chat (~> 0.0.5) hashie-forbidden_attributes @@ -1036,8 +1033,8 @@ DEPENDENCIES json-schema (~> 2.8.0) jwt (~> 1.5.6) kaminari (~> 1.0) - knapsack (~> 1.16) - kubeclient (~> 3.1.0) + knapsack (~> 1.17) + kubeclient (~> 4.0.0) letter_opener_web (~> 1.3.0) license_finder (~> 5.4) licensee (~> 8.9) @@ -1045,9 +1042,11 @@ DEPENDENCIES loofah (~> 2.2) mail_room (~> 0.9.1) method_source (~> 0.8) + mimemagic (~> 0.3.2) mini_magick minitest (~> 5.7.0) mysql2 (~> 0.4.10) + nakayoshi_fork (~> 0.0.4) net-ldap net-ssh (~> 5.0) nokogiri (~> 1.8.2) @@ -1082,14 +1081,14 @@ DEPENDENCIES pry-rails (~> 0.3.4) puma (~> 3.12) puma_worker_killer + rack (= 1.6.11) rack-attack (~> 4.4.1) rack-cors (~> 1.0.0) rack-oauth2 (~> 1.2.1) rack-proxy (~> 0.6.0) - rails (= 5.0.7) - rails-controller-testing + rails (= 4.2.11) rails-deprecated_sanitizer (~> 1.0.3) - rails-i18n (~> 5.1) + rails-i18n (~> 4.0.9) rainbow (~> 3.0) raindrops (~> 0.18) rblineprof (~> 0.3.6) @@ -1142,6 +1141,7 @@ DEPENDENCIES state_machines-activerecord (~> 0.5.1) sys-filesystem (~> 1.1.6) test-prof (~> 0.2.5) + test_after_commit (~> 1.1) thin (~> 1.7.0) timecop (~> 0.8.0) toml-rb (~> 1.0.0) diff --git a/PHILOSOPHY.md b/PHILOSOPHY.md new file mode 100644 index 0000000000..e966d88ef7 --- /dev/null +++ b/PHILOSOPHY.md @@ -0,0 +1 @@ +This document is intended to communicate the product philosophy GitLab uses in creating GitLab Community Edition. The principles can be found in the [Product Section of the GitLab Handbook](https://about.gitlab.com/handbook/product/#product-at-gitlab). \ No newline at end of file diff --git a/PROCESS.md b/PROCESS.md index 5fc2c4cf1d..aadd6a321f 100644 --- a/PROCESS.md +++ b/PROCESS.md @@ -95,6 +95,12 @@ picked into the stable branches) up to the 19th of the month. Such merge requests should have the ~"feature flag" label assigned, and don't require a corresponding exception request to be created. +In order to build the final package and present the feature for self-hosted +customers, the feature flag should be removed. This should happen before the +22nd, ideally _at least_ 2 days before. That means MRs with feature +flags being picked at the 19th would have a quite tight schedule, so picking +these _earlier_ is preferable. + While rare, release managers may decide to reject picking a change into a stable branch, even when feature flags are used. This might be necessary if the changes are deemed problematic, too invasive, or there simply isn't enough time to diff --git a/VERSION b/VERSION index b0525db05f..146d5de797 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -11.5.5 +11.6.0 diff --git a/app/assets/images/cluster_app_logos/cert_manager.png b/app/assets/images/cluster_app_logos/cert_manager.png new file mode 100644 index 0000000000..bbc867858d Binary files /dev/null and b/app/assets/images/cluster_app_logos/cert_manager.png differ diff --git a/app/assets/javascripts/api.js b/app/assets/javascripts/api.js index 3f7a1ef1bf..7607c4b3b7 100644 --- a/app/assets/javascripts/api.js +++ b/app/assets/javascripts/api.js @@ -5,22 +5,27 @@ import axios from './lib/utils/axios_utils'; const Api = { groupsPath: '/api/:version/groups.json', groupPath: '/api/:version/groups/:id', + subgroupsPath: '/api/:version/groups/:id/subgroups', namespacesPath: '/api/:version/namespaces.json', groupProjectsPath: '/api/:version/groups/:id/projects.json', projectsPath: '/api/:version/projects.json', projectPath: '/api/:version/projects/:id', projectLabelsPath: '/:namespace_path/:project_path/labels', - mergeRequestPath: '/api/:version/projects/:id/merge_requests/:mrid', + projectMergeRequestPath: '/api/:version/projects/:id/merge_requests/:mrid', + projectMergeRequestChangesPath: '/api/:version/projects/:id/merge_requests/:mrid/changes', + projectMergeRequestVersionsPath: '/api/:version/projects/:id/merge_requests/:mrid/versions', + projectRunnersPath: '/api/:version/projects/:id/runners', mergeRequestsPath: '/api/:version/merge_requests', - mergeRequestChangesPath: '/api/:version/projects/:id/merge_requests/:mrid/changes', - mergeRequestVersionsPath: '/api/:version/projects/:id/merge_requests/:mrid/versions', groupLabelsPath: '/groups/:namespace_path/-/labels', issuableTemplatePath: '/:namespace_path/:project_path/templates/:type/:key', projectTemplatePath: '/api/:version/projects/:id/templates/:type/:key', projectTemplatesPath: '/api/:version/projects/:id/templates/:type', usersPath: '/api/:version/users.json', - userStatusPath: '/api/:version/user/status', + userPath: '/api/:version/users/:id', + userStatusPath: '/api/:version/users/:id/status', + userPostStatusPath: '/api/:version/user/status', commitPath: '/api/:version/projects/:id/repository/commits', + applySuggestionPath: '/api/:version/suggestions/:id/apply', commitPipelinesPath: '/:project_id/commit/:sha/pipelines', branchSinglePath: '/api/:version/projects/:id/repository/branches/:branch', createBranchPath: '/api/:version/projects/:id/repository/branches', @@ -99,36 +104,45 @@ const Api = { }, // Return Merge Request for project - mergeRequest(projectPath, mergeRequestId, params = {}) { - const url = Api.buildUrl(Api.mergeRequestPath) + projectMergeRequest(projectPath, mergeRequestId, params = {}) { + const url = Api.buildUrl(Api.projectMergeRequestPath) .replace(':id', encodeURIComponent(projectPath)) .replace(':mrid', mergeRequestId); return axios.get(url, { params }); }, + projectMergeRequestChanges(projectPath, mergeRequestId) { + const url = Api.buildUrl(Api.projectMergeRequestChangesPath) + .replace(':id', encodeURIComponent(projectPath)) + .replace(':mrid', mergeRequestId); + + return axios.get(url); + }, + + projectMergeRequestVersions(projectPath, mergeRequestId) { + const url = Api.buildUrl(Api.projectMergeRequestVersionsPath) + .replace(':id', encodeURIComponent(projectPath)) + .replace(':mrid', mergeRequestId); + + return axios.get(url); + }, + + projectRunners(projectPath, config = {}) { + const url = Api.buildUrl(Api.projectRunnersPath).replace( + ':id', + encodeURIComponent(projectPath), + ); + + return axios.get(url, config); + }, + mergeRequests(params = {}) { const url = Api.buildUrl(Api.mergeRequestsPath); return axios.get(url, { params }); }, - mergeRequestChanges(projectPath, mergeRequestId) { - const url = Api.buildUrl(Api.mergeRequestChangesPath) - .replace(':id', encodeURIComponent(projectPath)) - .replace(':mrid', mergeRequestId); - - return axios.get(url); - }, - - mergeRequestVersions(projectPath, mergeRequestId) { - const url = Api.buildUrl(Api.mergeRequestVersionsPath) - .replace(':id', encodeURIComponent(projectPath)) - .replace(':mrid', mergeRequestId); - - return axios.get(url); - }, - newLabel(namespacePath, projectPath, data, callback) { let url; @@ -172,6 +186,12 @@ const Api = { }); }, + applySuggestion(id) { + const url = Api.buildUrl(Api.applySuggestionPath).replace(':id', encodeURIComponent(id)); + + return axios.put(url); + }, + commitPipelines(projectId, sha) { const encodedProjectId = projectId .split('/') @@ -243,6 +263,20 @@ const Api = { }); }, + user(id, options) { + const url = Api.buildUrl(this.userPath).replace(':id', encodeURIComponent(id)); + return axios.get(url, { + params: options, + }); + }, + + userStatus(id, options) { + const url = Api.buildUrl(this.userStatusPath).replace(':id', encodeURIComponent(id)); + return axios.get(url, { + params: options, + }); + }, + branches(id, query = '', options = {}) { const url = Api.buildUrl(this.createBranchPath).replace(':id', encodeURIComponent(id)); @@ -265,7 +299,7 @@ const Api = { }, postUserStatus({ emoji, message }) { - const url = Api.buildUrl(this.userStatusPath); + const url = Api.buildUrl(this.userPostStatusPath); return axios.put(url, { emoji, diff --git a/app/assets/javascripts/badges/components/badge.vue b/app/assets/javascripts/badges/components/badge.vue index 8512bf9dd7..ae2916e3a3 100644 --- a/app/assets/javascripts/badges/components/badge.vue +++ b/app/assets/javascripts/badges/components/badge.vue @@ -1,17 +1,15 @@