diff --git a/.eslintignore b/.eslintignore index f78840e67b..9a5e15c86a 100644 --- a/.eslintignore +++ b/.eslintignore @@ -9,5 +9,6 @@ /scripts/ /tmp/ /vendor/ +jest.config.js karma.config.js webpack.config.js diff --git a/.eslintrc.yml b/.eslintrc.yml index b0794bb743..98a497aa12 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -9,9 +9,6 @@ plugins: - import - html settings: - html/html-extensions: - - '.html' - - '.html.raw' import/resolver: webpack: config: './config/webpack.config.js' diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1f0e798e8a..4eb17656ed 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,7 @@ -image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-golang-1.11-git-2.18-chrome-71.0-node-10.x-yarn-1.12-postgresql-9.6-graphicsmagick-1.3.29" +image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-golang-1.11-git-2.18-chrome-73.0-node-10.x-yarn-1.12-postgresql-9.6-graphicsmagick-1.3.29" + +include: + - local: /lib/gitlab/ci/templates/Code-Quality.gitlab-ci.yml .dedicated-runner: &dedicated-runner retry: 1 @@ -66,6 +69,7 @@ stages: paths: - knapsack/ - rspec_flaky/ + - rspec_profiling/ .use-pg: &use-pg services: @@ -159,6 +163,7 @@ stages: - coverage/ - knapsack/ - rspec_flaky/ + - rspec_profiling/ - tmp/capybara/ reports: junit: junit_rspec.xml @@ -244,8 +249,8 @@ package-and-qa: - ./scripts/trigger-build omnibus when: manual only: - - //@gitlab-org/gitlab-ce - - //@gitlab-org/gitlab-ee + - /.+/@gitlab-org/gitlab-ce + - /.+/@gitlab-org/gitlab-ee # Review docs base .review-docs: &review-docs @@ -336,6 +341,7 @@ retrieve-tests-metadata: - wget -O $KNAPSACK_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$KNAPSACK_RSPEC_SUITE_REPORT_PATH || rm $KNAPSACK_RSPEC_SUITE_REPORT_PATH - '[[ -f $KNAPSACK_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}' - mkdir -p rspec_flaky/ + - mkdir -p rspec_profiling/ - wget -O $FLAKY_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$FLAKY_RSPEC_SUITE_REPORT_PATH || rm $FLAKY_RSPEC_SUITE_REPORT_PATH - '[[ -f $FLAKY_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_SUITE_REPORT_PATH}' @@ -350,7 +356,7 @@ update-tests-metadata: - rspec_flaky/ policy: push script: - - retry gem install fog-aws mime-types activesupport --no-document + - retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec-pg_node_*.json - scripts/merge-reports ${FLAKY_RSPEC_SUITE_REPORT_PATH} rspec_flaky/all_*_*.json - FLAKY_RSPEC_GENERATE_REPORT=1 scripts/prune-old-flaky-specs ${FLAKY_RSPEC_SUITE_REPORT_PATH} @@ -358,6 +364,7 @@ update-tests-metadata: - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $FLAKY_RSPEC_SUITE_REPORT_PATH' - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json - rm -f rspec_flaky/all_*.json rspec_flaky/new_*.json + - scripts/insert-rspec-profiling-data flaky-examples-check: <<: *dedicated-runner @@ -388,13 +395,11 @@ flaky-examples-check: .assets-compile-cache: &assets-compile-cache cache: - key: "assets-compile:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:v4" + key: "assets-compile:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:v5" paths: - vendor/ruby/ - .yarn-cache/ - # We have disabled caching of sprockets for now, as it fails to pick up changes in SCSS: - # https://gitlab.com/gitlab-org/gitlab-ce/issues/57431 - # - tmp/cache/assets/sprockets + - tmp/cache/assets/sprockets compile-assets: <<: *dedicated-runner @@ -446,6 +451,17 @@ setup-test-env: - master - /(^docs[\/-].*|.*-docs$)/ +.review-schedules-only: &review-schedules-only + only: + refs: + - schedules@gitlab-org/gitlab-ce + - schedules@gitlab-org/gitlab-ee + kubernetes: active + except: + refs: + - tags + - /(^docs[\/-].*|.*-docs$)/ + .review-base: &review-base <<: *dedicated-no-docs-no-db-pull-cache-job <<: *review-only @@ -475,6 +491,9 @@ setup-test-env: build-qa-image: <<: *review-docker + variables: + <<: *review-docker-variables + GIT_DEPTH: "20" stage: prepare script: - time docker build --cache-from ${LATEST_QA_IMAGE} --tag ${QA_IMAGE} ./qa/ @@ -511,6 +530,7 @@ rspec-mysql: parallel: 50 .rspec-quarantine: &rspec-quarantine + retry: 0 script: - export CACHE_CLASSES=true - scripts/gitaly-test-spawn @@ -635,7 +655,7 @@ gitlab:setup-mysql: # Frontend-related jobs gitlab:assets:compile: <<: *dedicated-no-docs-pull-cache-job - image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-git-2.18-chrome-71.0-node-8.x-yarn-1.12-graphicsmagick-1.3.29-docker-18.06.1 + image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.5.3-git-2.18-chrome-73.0-node-8.x-yarn-1.12-graphicsmagick-1.3.29-docker-18.06.1 dependencies: - setup-test-env services: @@ -665,13 +685,43 @@ gitlab:assets:compile: - public/assets/ <<: *assets-compile-cache only: - - //@gitlab-org/gitlab-ce - - //@gitlab-org/gitlab-ee - - //@gitlab/gitlabhq - - //@gitlab/gitlab-ee + - /.+/@gitlab-org/gitlab-ce + - /.+/@gitlab-org/gitlab-ee + - /.+/@gitlab/gitlabhq + - /.+/@gitlab/gitlab-ee tags: - - gitlab-org-delivery - - high-cpu + - docker + - gitlab-org + +gitlab:ui:visual: + tags: + - gitlab-org + before_script: [] + allow_failure: true + dependencies: + - compile-assets + script: + # Remove node modules from GitLab that may conflict with gitlab-ui + - rm -r node_modules + - git clone https://gitlab.com/gitlab-org/gitlab-ui.git + - cp public/assets/application-*.css gitlab-ui/styles/application.css + - cd gitlab-ui + - yarn install + - CSS_URL=./application.css yarn test + only: + changes: + - app/assets/stylesheets/*.scss + - app/assets/stylesheets/**/*.scss + - app/assets/stylesheets/**/**/*.scss + except: + refs: + - /(^docs[\/-].*|.*-docs$)/ + - master + variables: + - $CI_COMMIT_MESSAGE =~ /\[skip visual\]/i + artifacts: + paths: + - tests/__image_snapshots__/ karma: <<: *dedicated-no-docs-pull-cache-job @@ -727,31 +777,14 @@ jest: code_quality: <<: *dedicated-no-docs-no-db-pull-cache-job - image: docker:stable - allow_failure: true # gitlab-org runners set `privileged: false` but we need to have it set to true # since we're using Docker in Docker tags: [] before_script: [] - services: - - docker:stable-dind - variables: - SETUP_DB: "false" - DOCKER_DRIVER: overlay2 cache: {} dependencies: [] - script: - # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable" for Security Products - - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - - docker run - --env SOURCE_CODE="$PWD" - --volume "$PWD":/code - --volume /var/run/docker.sock:/var/run/docker.sock - "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code - artifacts: - reports: - codequality: gl-code-quality-report.json - expire_in: 1 week + variables: + SETUP_DB: "false" sast: <<: *dedicated-no-docs-no-db-pull-cache-job @@ -819,8 +852,6 @@ qa:selectors: .qa-frontend-node: &qa-frontend-node <<: *dedicated-no-docs-no-db-pull-cache-job stage: test - variables: - NODE_OPTIONS: --max_old_space_size=3584 cache: key: "$CI_JOB_NAME" paths: @@ -957,18 +988,16 @@ no_ee_check: script: - scripts/no-ee-check only: - - //@gitlab-org/gitlab-ce + - /.+/@gitlab-org/gitlab-ce # GitLab Review apps -review-build-cng: - <<: *review-only +.review-build-cng-base: &review-build-cng-base image: ruby:2.5-alpine stage: test before_script: [] dependencies: [] cache: {} variables: - GIT_DEPTH: "1" API_TOKEN: "${GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN}" script: - apk add --update openssl curl jq @@ -977,12 +1006,18 @@ review-build-cng: - wait_for_job_to_be_done "gitlab:assets:compile" - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng -review-deploy: +review-build-cng: + <<: *review-only + <<: *review-build-cng-base + +schedule:review-build-cng: + <<: *review-schedules-only + <<: *review-build-cng-base + +.review-deploy-base: &review-deploy-base <<: *review-base - retry: 2 allow_failure: true variables: - GIT_DEPTH: "1" HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" GITLAB_HELM_CHART_REF: "master" @@ -999,13 +1034,17 @@ review-deploy: - source ./scripts/review_apps/review-apps.sh script: - wait_for_job_to_be_done "review-build-cng" - - check_kube_domain - - download_gitlab_chart - - ensure_namespace - - install_tiller - - install_external_dns - - time deploy - - add_license + - perform_review_app_deployment + +review-deploy: + <<: *review-deploy-base + +schedule:review-deploy: + <<: *review-deploy-base + <<: *review-schedules-only + script: + - wait_for_job_to_be_done "schedule:review-build-cng" + - perform_review_app_deployment .review-qa-base: &review-qa-base <<: *review-docker @@ -1033,19 +1072,39 @@ review-deploy: - apk update && apk add curl jq - source ./scripts/review_apps/review-apps.sh - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}} - - wait_for_job_to_be_done "review-deploy" review-qa-smoke: <<: *review-qa-base script: + - wait_for_job_to_be_done "review-deploy" - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" review-qa-all: <<: *review-qa-base script: + - wait_for_job_to_be_done "review-deploy" - gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" when: manual + +.review-performance-base: &review-performance-base + <<: *review-qa-base + script: + - wait_for_job_to_be_done "review-deploy" + - mkdir -p gitlab-exporter + - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js + - mkdir sitespeed-results + - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "$CI_ENVIRONMENT_URL" + - mv sitespeed-results/data/performance.json performance.json + artifacts: + paths: + - sitespeed-results/ + reports: + performance: performance.json + +review-performance: + <<: *review-performance-base + review-stop: <<: *review-base <<: *single-script-job @@ -1065,21 +1124,21 @@ review-stop: schedule:review-cleanup: <<: *review-base + <<: *review-schedules-only stage: build allow_failure: true variables: GIT_DEPTH: "1" environment: name: review/auto-cleanup - only: - refs: - - schedules@gitlab-org/gitlab-ce - - schedules@gitlab-org/gitlab-ee - kubernetes: active - except: - - tags - - /(^docs[\/-].*|.*-docs$)/ before_script: - gem install gitlab --no-document script: - ruby -rrubygems scripts/review_apps/automated_cleanup.rb + +schedule:review-performance: + <<: *review-performance-base + <<: *review-schedules-only + script: + - wait_for_job_to_be_done "schedule:review-deploy" + diff --git a/.gitlab/CODEOWNERS.disabled b/.gitlab/CODEOWNERS.disabled index b9f886c1d4..89a9696d3e 100644 --- a/.gitlab/CODEOWNERS.disabled +++ b/.gitlab/CODEOWNERS.disabled @@ -1,6 +1,6 @@ # Backend Maintainers are the default for all ruby files -*.rb @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @nick.thomas @rspeicher @rymai @smcgivern -*.rake @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @nick.thomas @rspeicher @rymai @smcgivern +*.rb @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @mkozono @nick.thomas @rspeicher @rymai @smcgivern +*.rake @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @mkozono @nick.thomas @rspeicher @rymai @smcgivern # Technical writing team are the default reviewers for everything in `doc/` /doc/ @axil @marcia diff --git a/.gitlab/issue_templates/Database Reviewer.md b/.gitlab/issue_templates/Database Reviewer.md new file mode 100644 index 0000000000..a5e7e42fd1 --- /dev/null +++ b/.gitlab/issue_templates/Database Reviewer.md @@ -0,0 +1,32 @@ +#### Database Reviewer Checklist + +Thank you for becoming a ~database reviewer! Please work on the list below to complete your setup. For any question, reach out to #database an mention @abrandl. + +- [ ] Change issue title to include your name: `Database Reviewer Checklist: Your Name` +- [ ] Review general [code review guide](https://docs.gitlab.com/ee/development/code_review.html) +- [ ] Review [database review documentation](https://about.gitlab.com/handbook/engineering/workflow/code-review/database.html) +- [ ] Familiarize with [migration helpers](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/database/migration_helpers.rb) and review usage in existing migrations +- [ ] Read [database migration style guide](https://docs.gitlab.com/ee/development/migration_style_guide.html) +- [ ] Familiarize with best practices in [database guides](https://docs.gitlab.com/ee/development/#database-guides) +- [ ] Watch [Optimising Rails Database Queries: Episode 1](https://www.youtube.com/watch?v=79GurlaxhsI) +- [ ] Read [Understanding EXPLAIN plans](https://docs.gitlab.com/ee/development/understanding_explain_plans.html) +- [ ] Review [database best practices](https://docs.gitlab.com/ee/development/#best-practices) +- [ ] Review how we use [database instances restored from a backup](https://ops.gitlab.net/gitlab-com/gl-infra/gitlab-restore/postgres-gprd) for testing and make sure you're set up to execute pipelines (check [README.md](https://ops.gitlab.net/gitlab-com/gl-infra/gitlab-restore/postgres-gprd/blob/master/README.md) and reach out to @abrandl since this is currently subject to being changed) +- [ ] Get yourself added to [@gl-database](https://gitlab.com/groups/gl-database/-/group_members) group and respond to @-mentions to the group (reach out to any maintainer on the group to get added). You will get TODOs on gitlab.com for group mentions. +- [ ] Make sure you have proper access to at least a read-only replica in staging and production +- [ ] Indicate in `data/team.yml` your role as a database reviewer ([example MR](https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/19600/diffs)). Assign MR to your manager for merge. +- [ ] Send one MR to improve the [review documentation](https://about.gitlab.com/handbook/engineering/workflow/code-review/database.html) or the [issue template](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab/issue_templates/Database%20Reviewer.md) + +Note that *approving and accepting* merge requests is *restricted* to +Database Maintainers only. As a reviewer, pass the MR to a maintainer +for approval. + +You're all set! Watch out for TODOs on GitLab.com. + +###### Where to go for questions? + +Reach out to `#database` on Slack and mention @abrandl for any questions. + +cc @abrandl + +/label ~meta ~database diff --git a/.gitlab/issue_templates/Doc Review.md b/.gitlab/issue_templates/Doc Review.md new file mode 100644 index 0000000000..14ab0c82d5 --- /dev/null +++ b/.gitlab/issue_templates/Doc Review.md @@ -0,0 +1,20 @@ + + + + + +## References + +Merged MR that introduced documentation requiring review: + +Related issue(s): + +## Further Details + + + + +/label ~Documentation ~docs-review diff --git a/.gitlab/issue_templates/Documentation.md b/.gitlab/issue_templates/Documentation.md index b33ed5bcaa..67602b7b2d 100644 --- a/.gitlab/issue_templates/Documentation.md +++ b/.gitlab/issue_templates/Documentation.md @@ -1,54 +1,53 @@ - + +* Use this issue template for suggesting new docs or updates to existing docs. + Note: Doc work as part of feature development is covered in the Feature Request template. + +* For issues related to features of the docs.gitlab.com site, see + https://gitlab.com/gitlab-com/gitlab-docs/issues/ - +* For information about documentation content and process, see + https://docs.gitlab.com/ee/development/documentation/ --> - + -- [ ] Documents Feature A -- [ ] Follow-up from: #XXX, !YYY + + + + + + -## New doc or update? +### Problem to solve - + -- [ ] New documentation -- [ ] Update existing documentation +### Further details -## Checklists + -### Product Manager +### Proposal - + -- [ ] Add the correct labels -- [ ] Add the correct milestone -- [ ] Indicate the correct document/directory for this feature -- [ ] Fill the doc blurb below +### Who can address the issue -#### Documentation blurb + - +### Other links/references -- Doc **title** - - - -- Feature **overview/description** - - - -- Feature **use cases** - - - -### Developer - - - -- [ ] Copy the doc blurb above and paste it into the doc -- [ ] Write the tutorial - explain how to use the feature -- [ ] Submit the MR using the appropriate MR description template + /label ~Documentation diff --git a/.gitlab/issue_templates/Feature proposal.md b/.gitlab/issue_templates/Feature proposal.md index 1bb8d33ff6..8a49715e0e 100644 --- a/.gitlab/issue_templates/Feature proposal.md +++ b/.gitlab/issue_templates/Feature proposal.md @@ -1,45 +1,36 @@ ### Problem to solve - + -### Target audience +### Intended users - + ### Further details - + ### Proposal - + + +### Permissions and Security + + + +### Documentation + + + +### Testing + + ### What does success look like, and how can we measure that? - + ### Links / references diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index aaa1614539..9946651075 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -30,6 +30,7 @@ Set the title to: `Description of the original issue` #### Documentation and final details - [ ] Check the topic on #security to see when the next release is going to happen and add a link to the [links section](#links) +- [ ] Add links to this issue and your MRs in the description of the security release issue - [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details) - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details) - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details) diff --git a/.gitlab/issue_templates/Test plan.md b/.gitlab/issue_templates/Test plan.md index a3c3f4a650..3aedd5859d 100644 --- a/.gitlab/issue_templates/Test plan.md +++ b/.gitlab/issue_templates/Test plan.md @@ -93,4 +93,4 @@ When adding new automated tests, please keep [testing levels](https://docs.gitla in mind. --> -/label ~Quality ~"test plan" +/label ~Quality ~"test\-plan" diff --git a/.gitlab/merge_request_templates/Change documentation location.md b/.gitlab/merge_request_templates/Change documentation location.md index b4a6d2bd3b..c80af95d5e 100644 --- a/.gitlab/merge_request_templates/Change documentation location.md +++ b/.gitlab/merge_request_templates/Change documentation location.md @@ -26,7 +26,7 @@ https://docs.gitlab.com/ce/development/documentation/index.html#changing-documen to the new document if there are any Disqus comments on the old document thread. - [ ] Update the link in `features.yml` (if applicable) - [ ] If working on CE and the `ee-compat-check` jobs fails, submit an MR to EE - with the changes as well (https://docs.gitlab.com/ce/development/writing_documentation.html#cherry-picking-from-ce-to-ee). + with the changes as well (https://docs.gitlab.com/ce/development/documentation/index.html#cherry-picking-from-ce-to-ee). - [ ] Ping one of the technical writers for review. /label ~Documentation diff --git a/.gitlab/merge_request_templates/Database changes.md b/.gitlab/merge_request_templates/Database changes.md index 354393b60e..3f45717449 100644 --- a/.gitlab/merge_request_templates/Database changes.md +++ b/.gitlab/merge_request_templates/Database changes.md @@ -16,7 +16,7 @@ Add a description of your merge request here. ## Database checklist -- [ ] Conforms to the [database guides](https://docs.gitlab.com/ee/development/README.html#databases-guides) +- [ ] Conforms to the [database guides](https://docs.gitlab.com/ee/development/README.html#database-guides) When adding migrations: @@ -49,10 +49,10 @@ When removing columns, tables, indexes or other structures: ## General checklist - [ ] [Changelog entry](https://docs.gitlab.com/ee/development/changelog.html) added, if necessary -- [ ] [Documentation created/updated](https://docs.gitlab.com/ee/development/documentation/index.html#contributing-to-docs) +- [ ] [Documentation created/updated](https://docs.gitlab.com/ee/development/documentation/) - [ ] [Tests added for this feature/bug](https://docs.gitlab.com/ee/development/testing_guide/index.html) - [ ] Conforms to the [code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - [ ] Conforms to the [merge request performance guidelines](https://docs.gitlab.com/ee/development/merge_request_performance_guidelines.html) -- [ ] Conforms to the [style guides](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/CONTRIBUTING.md#style-guides) +- [ ] Conforms to the [style guides](https://docs.gitlab.com/ee/development/contributing/style_guides.html) /label ~database diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index 8b7e711979..ba9624aeea 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -1,33 +1,39 @@ - + + - - + ## What does this MR do? - + ## Related issues - - -Closes + ## Author's checklist -- [ ] [Apply the correct labels and milestone](https://docs.gitlab.com/ee/development/documentation/workflow.html#2-developer-s-role-in-the-documentation-process) -- [ ] Crosslink the document from the higher-level index -- [ ] Crosslink the document from other subject-related docs -- [ ] Feature moving tiers? Make sure the change is also reflected in [`features.yml`](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/features.yml) -- [ ] Correctly apply the product [badges](https://docs.gitlab.com/ee/development/documentation/styleguide.html#product-badges) and [tiers](https://docs.gitlab.com/ee/development/documentation/styleguide.html#gitlab-versions-and-tiers) -- [ ] [Port the MR to EE (or backport from CE)](https://docs.gitlab.com/ee/development/documentation/index.html#cherry-picking-from-ce-to-ee): _always recommended, required when the `ee-compat-check` job fails_ +- [ ] Follow the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide.html). +- [ ] Link docs to and from the higher-level index page, plus other related docs where helpful. +- [ ] Apply the ~Documentation label. ## Review checklist -- [ ] Your team's review (required) -- [ ] PM's review (recommended, but not a blocker) -- [ ] Technical writer's review (required) -- [ ] Merge the EE-MR first, CE-MR afterwards +All reviewers can help ensure accuracy, clarity, completeness, and adherence to the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide.html). + +**1. Primary Reviewer** + +* [ ] Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes. + +**2. Technical Writer** + +* [ ] Optional: Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages). + +**3. Maintainer** + +1. [ ] Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review. +1. [ ] Ensure a release milestone is set and that you merge the equivalent EE MR before the CE MR if both exist. +1. [ ] If there has not been a technical writer review, [create an issue for one using the Doc Review template](https://gitlab.com/gitlab-org/gitlab-ce/issues/new?issuable_template=Doc%20Review). /label ~Documentation diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md index 246f2dae00..42314f9b2d 100644 --- a/.gitlab/merge_request_templates/Security Release.md +++ b/.gitlab/merge_request_templates/Security Release.md @@ -7,6 +7,10 @@ See [the general developer security release guidelines](https://gitlab.com/gitla This merge request _must not_ close the corresponding security issue _unless_ it targets master. +When submitting a merge request for CE, a corresponding EE merge request is +always required. This makes it easier to merge security merge requests, as +manually merging CE into EE is no longer required. + --> ## Related issues @@ -20,8 +24,8 @@ targets master. - [ ] Title of this MR is the same as for all backports - [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security` - [ ] Add a link to this MR in the `links` section of related issue -- [ ] Add a link to an EE MR if required -- [ ] Assign to a reviewer +- [ ] Set up an EE MR (always required for CE merge requests): EE_MR_LINK_HERE +- [ ] Assign to a reviewer (that is not a release manager) ## Reviewer checklist diff --git a/.prettierrc b/.prettierrc index 3384551aea..5e2863a11f 100644 --- a/.prettierrc +++ b/.prettierrc @@ -1,13 +1,5 @@ { "printWidth": 100, "singleQuote": true, - "trailingComma": "es5", - "overrides": [ - { - "files": ["**/app/**/*", "**/spec/**/*"], - "options": { - "trailingComma": "all" - } - } - ] + "trailingComma": "all" } diff --git a/.rubocop.yml b/.rubocop.yml index bcff67ded8..648d59e806 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -8,6 +8,7 @@ require: - rubocop-rspec AllCops: + TargetRubyVersion: 2.5 TargetRailsVersion: 5.0 Exclude: - 'vendor/**/*' @@ -145,6 +146,20 @@ Naming/FileName: - XSS - GRPC +Rails/ApplicationRecord: + Enabled: true + Exclude: + # Models in database migrations should not subclass from ApplicationRecord + # as they need to be as decoupled from application code as possible + - db/**/*.rb + - lib/gitlab/background_migration/**/*.rb + - lib/gitlab/database/**/*.rb + - spec/**/*.rb + - ee/db/**/*.rb + - ee/lib/gitlab/background_migration/**/*.rb + - ee/lib/ee/gitlab/background_migration/**/*.rb + - ee/spec/**/*.rb + # GitLab ################################################################### Gitlab/ModuleWithInstanceVariables: @@ -181,3 +196,11 @@ Cop/InjectEnterpriseEditionModule: Exclude: - 'spec/**/*' - 'ee/spec/**/*' + +Style/ReturnNil: + Enabled: true + +# It isn't always safe to replace `=~` with `.match?`, especially when there are +# nil values on the left hand side +Performance/RegexpMatch: + Enabled: false diff --git a/.scss-lint.yml b/.scss-lint.yml index 3df66033fa..2a1fa27fdb 100644 --- a/.scss-lint.yml +++ b/.scss-lint.yml @@ -1,7 +1,9 @@ # Linter Documentation: # https://github.com/brigade/scss-lint/blob/master/lib/scss_lint/linter/README.md -scss_files: 'app/assets/stylesheets/**/*.scss' +scss_files: + - 'app/assets/stylesheets/**/*.scss' + - 'ee/app/assets/stylesheets/**/*.scss' exclude: - 'app/assets/stylesheets/pages/emojis.scss' diff --git a/.stylelintrc b/.stylelintrc new file mode 100644 index 0000000000..59ee0e879e --- /dev/null +++ b/.stylelintrc @@ -0,0 +1,111 @@ +{ + "plugins":[ + "./scripts/frontend/stylelint/stylelint-duplicate-selectors.js", + "./scripts/frontend/stylelint/stylelint-utility-classes.js", + "stylelint-scss", + ], + "rules":{ + "at-rule-blacklist":[ + "debug" + ], + "at-rule-no-unknown":null, + "at-rule-no-vendor-prefix":true, + "block-no-empty":true, + "block-opening-brace-space-before":"always", + "color-hex-case":"lower", + "color-hex-length":"short", + "color-named":"never", + "color-no-invalid-hex":true, + "declaration-bang-space-after":"never", + "declaration-bang-space-before":"always", + "declaration-block-semicolon-newline-after":"always", + "declaration-block-semicolon-space-before":"never", + "declaration-block-single-line-max-declarations":1, + "declaration-block-trailing-semicolon":"always", + "declaration-colon-space-after":"always-single-line", + "declaration-colon-space-before":"never", + "declaration-property-value-blacklist":{ + "border":[ + "none" + ], + "border-top":[ + "none" + ], + "border-right":[ + "none" + ], + "border-bottom":[ + "none" + ], + "border-left":[ + "none" + ] + }, + "function-comma-space-after":"always-single-line", + "function-parentheses-space-inside":"never", + "function-url-quotes":"always", + "indentation":2, + "length-zero-no-unit":true, + "max-nesting-depth":[ + 3, + { + "ignoreAtRules":[ + "each", + "media", + "supports", + "include" + ], + "severity":"warning" + } + ], + "media-feature-name-no-vendor-prefix":true, + "media-feature-parentheses-space-inside":"never", + "no-missing-end-of-source-newline":true, + "number-leading-zero":"always", + "number-no-trailing-zeros":true, + "property-no-unknown":true, + "property-no-vendor-prefix": [true, { "ignoreProperties": ["user-select"] }], + "rule-empty-line-before":[ + "always-multi-line", + { + "except":[ + "first-nested" + ], + "ignore":[ + "after-comment" + ] + } + ], + "scss/at-extend-no-missing-placeholder":[true,{ "severity": "warning" }], + "scss/at-function-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$", + "scss/at-import-no-partial-leading-underscore":true, + "scss/at-import-partial-extension-blacklist":[ + "scss" + ], + "scss/at-mixin-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$", + "scss/at-rule-no-unknown":true, + "scss/dollar-variable-colon-space-after":"always", + "scss/dollar-variable-colon-space-before":"never", + "scss/dollar-variable-pattern":"^[_]?[a-z]+([a-z0-9-]+[a-z0-9]+)?$", + "scss/percent-placeholder-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$", + "scss/selector-no-redundant-nesting-selector":true, + "selector-class-pattern":[ + "^[a-z0-9\\-]+$", + { + "message":"Selector should be written in lowercase with hyphens (selector-class-pattern)", + "severity": "warning" + }, + ], + "selector-list-comma-newline-after":"always", + "selector-max-compound-selectors":[3, { "severity": "warning" }], + "selector-max-id":1, + "selector-no-vendor-prefix":true, + "selector-pseudo-element-colon-notation":"double", + "selector-pseudo-element-no-unknown":true, + "shorthand-property-no-redundant-values":true, + "string-quotes":"single", + "value-no-vendor-prefix":[true, { ignoreValues: ["sticky"] }], + "stylelint-gitlab/duplicate-selectors":[true,{ "severity": "warning" }], + "stylelint-gitlab/utility-classes":[true,{ "severity": "warning" }], + } +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 2edfb07981..1d73e94d73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,53 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.10.8 (2019-06-27) + +- No changes. +### Security (10 changes) + +- Fix Denial of Service for comments when rendering issues/MR comments. +- Gate MR head_pipeline behind read_pipeline ability. +- Fix DoS vulnerability in color validation regex. +- Expose merge requests count based on user access. +- Persist tmp snippet uploads at users. +- Add missing authorizations in GraphQL. +- Disable Rails SQL query cache when applying service templates. +- Prevent Billion Laughs attack. +- Correctly check permissions when creating snippet notes. +- Prevent the detection of merge request templates by unauthorized users. + +### Performance (1 change) + +- Add improvements to global search of issues and merge requests. !27817 + + +## 11.10.7 (2019-06-26) + +### Fixed (3 changes) + +- Remove a default git depth in Pipelines for merge requests. !28926 +- Fix label click scrolling to top. !29202 +- Fix scrolling to top on assignee change. !29500 + + +## 11.10.6 (2019-06-04) + +### Fixed (7 changes, 1 of them is from the community) + +- Allow a member to have an access level equal to parent group. !27913 +- Fix uploading of LFS tracked file through UI. !28052 +- Use 3-way merge for squashing commits. !28078 +- Use a path for the related merge requests endpoint. !28171 +- Fix project visibility level validation. !28305 (Peter Marko) +- Fix Rugged get_tree_entries recursive flag not working. !28494 +- Use source ref in pipeline webhook. !28772 + +### Other (1 change) + +- Fix input group height. + + ## 11.10.5 (2019-05-30) ### Security (12 changes, 1 of them is from the community) @@ -50,63 +97,597 @@ entry. - Allow to see project events only with api scope token. -## 11.8.9 (2019-04-25) +## 11.10.2 (2019-04-25) -### Security (5 changes) +### Security (4 changes) -- Improve credentials sanitization on repository mirror integration. !3078 -- Stop sending emails to users who can't read commit. +- Loosen regex for exception sanitization. !3076 +- Resolve: moving an issue to private repo leaks namespace and project name. - Escape path in new merge request mail. -- Only allow modification of content when note is edited. -- Upgrade Rails to 5.0.7.2. +- Stop sending emails to users who can't read commit. -## 11.8.8 (2019-04-23) +## 11.10.1 (2019-04-23) -### Fixed (5 changes) +### Fixed (2 changes) -- Bring back Rugged implementation of find_commit. !25477 -- Fix bug in BitBucket imports with SHA shorter than 40 chars. !26050 -- Fix health checks not working behind load balancers. !26055 -- Fix error creating a merge request when diff includes a null byte. !26190 -- Avoid excessive recursive calls with Rugged TreeEntries. !26813 +- Upgrade Gitaly to 1.34.0. !27494 +- Fix filtering of labels from system note link. !27507 + +### Changed (1 change) + +- Disable just-in-time Kubernetes resource creation for project level clusters. !27352 ### Performance (1 change) - Bring back Rugged implementation of ListCommitsByOid. !27441 -### Other (4 changes) +### Other (1 change) -- Bring back Rugged implementation of GetTreeEntries. !25674 -- Bring back Rugged implementation of CommitIsAncestor. !25702 -- Bring back Rugged implementation of TreeEntry. !25706 -- Bring back Rugged implementation of commit_tree_entry. !25896 +- Bump required Ruby version check to 2.5.3. !27495 -## 11.8.7 (2019-04-09) +## 11.10.0 (2019-04-22) -- No changes. +### Security (9 changes) -## 11.8.6 (2019-03-28) +- Update Rails to 5.0.7.2. !27022 +- Disallow guest users from accessing Releases. +- Return cached languages if they've been detected before. +- Added rake task for removing EXIF data from existing uploads. +- Disallow updating namespace when updating a project. +- Fix XSS in resolve conflicts form. +- Hide "related branches" when user does not have permission. +- Fix PDF.js vulnerability. +- Use UntrustedRegexp for matching refs policy. -### Security (7 changes) +### Fixed (81 changes, 21 of them are from the community) + +- Update `border-radius` of form controls and remove extra space above page titles. !24497 +- Disallow reopening of a locked merge request. !24882 (Jan Beckmann) +- Align EmailValidator to validate_email gem implementation. !24971 (Horatiu Eugen Vlad) +- add a uniq constraints on issues and mrs labels. !25435 (Antoine Huret) +- Display draft when toggling replies. !25563 +- Fix markdown table header and table content borders. !25666 +- Fix authorized application count. !25715 (moyuru) +- Added "Add List" checkbox to create label dropdown to make creation of list optional. !25716 (Tucker Chapman) +- Makes emoji picker full width on mobile. !25883 (Jacopo Beschi @jacopo-beschi) +- Don't cutoff letters in MR and Issue links. !25910 (gfyoung) +- Fix unwanted character replacement on project members page caused by usage of sanitize function. !25946 (Elias Werberich) +- Fix UI for closed MR when source project is removed. !25967 (Takuya Noguchi) +- Keep inline as much as possible in system notes on issuable. !25968 (Takuya Noguchi) +- Fixes long review app subdomains. !25990 (walkafwalka) +- Fix counting of groups in admin dashboard. !26009 +- Disable inaccessible navigation links upon archiving a project. !26020 (Elias Werberich) +- Fixed - Create project label window is cut off at the bottom. !26049 +- Fix error shown when loading links to specific comments. !26092 +- Fix group transfer selection possibilities. !26123 (Peter Marko) +- Fix UI layout on Commits on mobile. !26133 (Takuya Noguchi) +- Fix continuous bitbucket import loading spinner. !26175 +- Resolves Branch name is lost if I change commit mode in Web IDE. !26180 +- Fix removing remote mirror failure which leaves unnecessary refs behind. !26213 +- Fix Error 500 when user commits Wiki page with no commit message. !26247 +- Handle missing keys in sentry api response. !26264 +- Implemented whitespace-trimming for file names in Web IDE. !26270 +- Fix misalignment of group overview page buttons. !26292 +- Reject HEAD requests to info/refs endpoint. !26334 +- Prevent namespace dropdown in new project form from exceeding container. !26343 +- Fix hover animation consistency in top navbar items. !26345 +- Exclude system notes from commits in merge request discussions. !26396 +- Resolve Code in other column of side-by-side diff is highlighted when selecting code on one side. !26423 +- Prevent fade out transition on loading-button component. !26428 +- Fix merge commits being used as default squash commit messages. !26445 +- Expand resolved discussion when linking to a comment in the discussion. !26483 +- Show statistics also when repository is disabled. !26509 (Peter Marko) +- Fix multiple series queries on metrics dashboard. !26514 +- Releases will now be automatically deleted when deleting corresponding tag. !26530 +- Make stylistic improvements to diff nav header. !26557 +- Clear pipeline status cache after destruction of pipeline. !26575 +- Update fugit which fixes a potential infinite loop. !26579 +- Fixes job link in artifacts page breadcrumb. !26592 +- Fix quick actions add label name middle word overlaps. !26602 (Jacopo Beschi @jacopo-beschi) +- Fix Auto DevOps missing domain error handling. !26627 +- Fix jupyter rendering bug that ended in an infinite loop. !26656 (ROSPARS Benoit) +- Use a fixed git abbrev parameter when we fetch a git revision. !26707 +- Enabled text selection highlighting in diffs in Web IDE. !26721 (Isaac Smith) +- Remove `path` and `branch` labels from metrics. !26744 +- Resolve "Hide Kubernetes cluster warning if project has cluster related". !26749 +- Fix long label overflow on metrics dashboard. !26775 +- Group transfer now properly redirects to edit on failure. !26837 +- Only execute system hooks once when pushing tags. !26888 +- Fix UI anchor links after docs refactor. !26890 +- Fix MWPS does not work for merge request pipelines. !26906 +- Create pipelines for merge requests only when source branch is updated. !26921 +- Fix notfication emails having wrong encoding. !26931 +- Allow task lists that follow a blockquote to work correctly. !26937 +- Fix image diff swipe view on commit and compare pages. !26968 (ftab) +- Fix IDE detection of MR from fork with same branch name. !26986 +- Fix single string values for the 'include' keyword validation of gitlab-ci.yml. !26998 (Paul Bonaud (@paulrbr)) +- Do not display Ingress IP help text when there isn’t an Ingress IP assigned. !27057 +- Fix real-time updates for projects that contain a reserved word. !27060 +- Remove duplicates from issue related merge requests. !27067 +- Add to white-space nowrap to all buttons. !27069 +- Handle possible HTTP exception for Sentry client. !27080 +- Guard against nil dereferenced_target. !27192 +- Update GitLab Workhorse to v8.5.1. !27217 +- Fix long file header names bug in diffs. !27233 +- Always return the deployment in the UpdateDeploymentService#execute method. !27322 +- Fix remove_source_branch merge request API handling. !27392 +- Fixed bug with hashes in urls in WebIDE. !54376 (Kieran Andrews) +- Fix bug where MR popover doesn't go away on mouse leave. +- Only consider active milestones when using the special Started milestone filter. +- Scroll to diff file content when clicking on file header name and it is not a link to other page. +- Remove non-functional add issue button on welcome list. +- Fixed expand full file button showing on images. +- Fixed Web IDE web workers not working with relative URLs. +- Fixed Web IDE not loading merge request files. +- Fixed duplicated diff too large error message. +- Fixed sticky headers in merge request creation diffs. +- Fix bug when reopening milestone from index page. + +### Deprecated (1 change) + +- Allow to use untrusted Regexp via feature flag. !26905 + +### Changed (35 changes, 4 of them are from the community) + +- Create MR pipelines with `refs/merge-requests/:iid/head`. !25504 +- Create Kubernetes resources for projects when their deployment jobs run. !25586 +- Remove unnecessary folder prefix from environment name. !25600 +- Update deploy boards to additionally select on "app.gitlab.com" annotations. !25623 +- Allow failed custom hook script errors to safely appear in GitLab UI by filtering error messages by the prefix GL-HOOK-ERR:. !25625 +- Add link on two-factor authorization settings page to leave group that enforces two-factor authorization. !25731 +- Reduce height of instance system header and footer. !25752 +- Unify behaviour of 'Copy commit SHA to clipboard' to use full commit SHA. !25829 (Max Winterstein) +- Show loading spinner while Ingress/Knative IP is being assigned. !25912 +- Hashed Storage: Prevent a migration and rollback running at the same time. !25976 +- Make time counters show 'just now' for everything under one minute. !25992 (Sergiu Marton) +- Allow filtering labels list by one or two characters. !26012 +- Implements the creation strategy for multi-line suggestions. !26057 +- Automate base domain help text on Clusters page. !26124 +- Set user.name limit to 128 characters. !26146 +- Update gitlab-markup to 1.7.0 which requies python3. !26246 +- Update system message banner font size to 12px. !26293 +- Extend timezone dropdown. !26311 +- Upgrade to Gitaly v1.29.0. !26406 +- Automatically set Prometheus step interval. !26441 +- Knative version bump 0.2.2 -> 0.3.0. !26459 (Chris Baumbauer) +- Display cluster form validation error messages inline. !26502 +- Split Auto-DevOps.gitlab-ci.yml into reusable templates. !26520 +- Update spinners in group list component. !26572 +- Allow removing last owner from subgroup if parent group has owners. !26718 +- Check mergeability in MergeToRefService. !26757 +- Show download diff links for closed MRs. !26772 +- Fix Container Scanning in Kubernetes Runners. !26793 +- Move "Authorize project access with external service" to Core. !26823 +- Localize notifications dropdown. !26844 +- Order labels alphabetically in issue boards. !26927 +- Upgrade to Gitaly v1.32.0. !26989 +- Upgrade to Gitaly v1.33.0. !27065 +- collapse file tree by default if the merge request changes only one file. (Riccardo Padovani ) +- Removes the undescriptive CI Charts header. + +### Performance (17 changes) + +- Drop legacy artifacts usage as there are no leftovers. !24294 +- Cache Repository#root_ref within a request. !25903 +- Allow ref name caching CommitService#find_commit. !26248 +- Avoid loading pipeline status in project search. !26342 +- Fix some N+1s in loading routes and counting members for groups in @-autocomplete. !26491 +- GitHub import: Run housekeeping after initial import. !26600 +- Add initial complexity limits to GraphQL queries. !26629 +- Cache FindCommit results in pipelines view. !26776 +- Fix and expand Gitaly FindCommit caching. !27018 +- Enable FindCommit caching for project and commits pages. !27048 +- Expand FindCommit caching to blob and refs. !27084 +- Enable Gitaly FindCommit caching for TreeController. !27100 +- Improve performance of PR import. !27121 +- Process at most 4 pipelines during push. !27205 +- Disable method instrumentation for diffs. !27235 +- Speed up filtering issues in a project when searching. +- Speed up generation of avatar URLs when using object storage. + +### Added (35 changes, 6 of them are from the community) + +- Add users search results to global search. !21197 (Alexis Reigel) +- Add target branch filter to merge requests search bar. !24380 (Hiroyuki Sato) +- Add Knative metrics to Prometheus. !24663 (Chris Baumbauer ) +- Support multi-line suggestions. !25211 +- Allow to sort wiki pages by date and title. !25365 +- Allow external diffs to be used conditionally. !25432 +- Add usage counts for error tracking feature. !25472 +- Enable/disable Auto DevOps at the Group level. !25533 +- Update pipeline list view to accommodate post-merge pipeline information. !25690 +- GraphQL Types can be made to always authorize access to resources of that Type. !25724 +- Update clair-local-scan to 2.0.6. !25743 (Takuya Noguchi) +- Update pipeline block on merge request page to accommodate post-merge pipeline information. !25745 +- Support multiple queries per chart on metrics dash. !25758 +- Update pipeline detail view to accommodate post-merge pipelines. !25775 +- Update job detail sidebar to accommodate post-merge pipeline information. !25777 +- Add merge request pipeline flag to pipeline entity. !25846 +- Expose group id on home panel. !25897 (Peter Marko) +- Move allow developers to create projects in groups to Core. !25975 +- Add two new warning messages to the MR widget about merge request pipelines. !25983 +- Support installing Group runner on group-level cluster. !26260 +- Improve the Knative installation on Clusters. !26339 +- Show error when namespace/svc account missing. !26362 +- Add select by title to milestones API. !26573 +- Implemented support for creation of new files from URL in Web IDE. !26622 +- Add control for masking variable values in runner logs. !26751 +- Allow merge requests to be created via git push options. !26752 +- Create a shortcut for a new MR in the Web IDE. !26792 +- Allow reactive caching to be used in services. !26839 +- Add a Prometheus API per environment. !26841 +- Allow merge requests to be set to merge when pipeline succeeds via git push options. !26842 +- Use gitlabktl to build and deploy GitLab Serverless Functions. !26926 +- Make touch events work on image diff swipe view and onion skin. !26971 (ftab) +- Add extended merge request tooltip. +- Added prometheus monitoring to GraphQL. +- Adding highest role property to admin's user details page. + +### Other (29 changes, 6 of them are from the community) + +- Update rack-oauth2 1.2.1 -> 1.9.3. !17868 +- Merge the gitlab-shell "gitlab-keys" functionality into GitLab CE. !25598 +- Refactor all_pipelines in Merge request. !25676 +- Show error backtrace when logging errors to kubernetes.log. !25726 +- Apply recaptcha API change in 4.0. !25921 (Praveen Arimbrathodiyil) +- Remove fake repository_path response. !25942 (Fabio Papa) +- Use curl silent/show-error options on Auto DevOps. !25954 (Takuya Noguchi) +- Explicitly set master_auth setting to enable basic auth and client certificate for new GKE clusters. !26018 +- Project: Improve empty repository state UI. !26024 +- Externalize strings from `/app/views/projects/pipelines`. !26035 (George Tsiolis) +- Prepare multi-line suggestions for rendering in Markdown. !26107 +- Improve mobile UI on User Profile page. !26240 (Takuya Noguchi) +- Update GitLab Runner Helm Chart to 0.3.0/11.9.0. !26467 +- Improve project merge request settings. !26495 +- Bump kubectl to 1.11.9 and Helm to 2.13.1 in Auto-DevOps.gitlab-ci.yml. !26534 +- Upgrade bootstrap_form Gem. !26568 +- Add API access check to Graphql. !26570 +- Change project avatar remove button to a link. !26589 +- Log Gitaly RPC duration to api_json.log and production_json.log. !26652 +- Add cluster domain to Project Cluster API. !26735 +- Move project tags to separate line. !26797 +- Changed button label at /pipelines/new. !26893 (antfobe,leonardofl) +- Update GitLab Shell to v9.0.0. !27002 +- Migrate clusters tests to jest. !27013 +- Rewrite related MRs widget with Vue. !27027 +- Restore HipChat project service. !27172 +- Externalize admin deploy keys strings. +- Removes EE differences for environments_table.vue. +- Removes EE differences for environment_item.vue. + + +## 11.9.6 (2019-04-04) + +### Fixed (3 changes) + +- Force to recreate all MR diffs on import. !26480 +- Fix API /project/:id/branches not returning correct merge status. !26785 +- Avoid excessive recursive calls with Rugged TreeEntries. !26813 + +### Performance (1 change) + +- Force a full GC after importing a project. !26803 + + +## 11.9.5 (2019-04-03) + +### Fixed (3 changes) + +- Force to recreate all MR diffs on import. !26480 +- Fix API /project/:id/branches not returning correct merge status. !26785 +- Avoid excessive recursive calls with Rugged TreeEntries. !26813 + +### Performance (1 change) + +- Force a full GC after importing a project. !26803 + + +## 11.9.3 (2019-03-27) + +### Security (8 changes) - Disallow guest users from accessing Releases. - Fix PDF.js vulnerability. - Hide "related branches" when user does not have permission. - Fix XSS in resolve conflicts form. - Added rake task for removing EXIF data from existing uploads. +- Return cached languages if they've been detected before. - Disallow updating namespace when updating a project. - Use UntrustedRegexp for matching refs policy. -## 11.8.5 (2019-03-27) +## 11.9.2 (2019-03-26) -- Unreleased due to QA failure. +### Security (8 changes) -## 11.8.4 (2019-03-26) +- Disallow guest users from accessing Releases. +- Fix PDF.js vulnerability. +- Hide "related branches" when user does not have permission. +- Fix XSS in resolve conflicts form. +- Added rake task for removing EXIF data from existing uploads. +- Return cached languages if they've been detected before. +- Disallow updating namespace when updating a project. +- Use UntrustedRegexp for matching refs policy. + + +## 11.9.1 (2019-03-25) + +### Fixed (7 changes) + +- Fix issue that caused the "Show all activity" button to appear on top of the mini pipeline status dropdown on the merge request page. !26274 +- Fix duplicated bottom match line on merge request parallel diff view. !26402 +- Allow users who can push to protected branches to create protected branches via CLI. !26413 +- Add missing .gitlab-ci.yml to Android template. !26415 +- Refresh commit count after repository head changes. !26473 +- Set proper default-branch for repository on GitHub Import. !26476 +- GitHub importer: Use the project creator to create branches from forks. !26510 + +### Changed (1 change) + +- Upgrade to Gitaly v1.27.1. !26533 + + +## 11.9.0 (2019-03-22) + +### Security (24 changes) + +- Use encrypted runner tokens. !25532 +- Stop linking to unrecognized package sources. !55518 +- Disable issue boards API when issues are disabled. +- Forbid creating discussions for users with restricted access. +- Fix leaking private repository information in API. +- Fixed ability to see private groups by users not belonging to given group. +- Prevent releases links API to leak tag existance. +- Display the correct number of MRs a user has access to. +- Block local URLs for Kubernetes integration. +- Fix arbitrary file read via diffs during import. +- Check if desired milestone for an issue is available. +- Don't allow non-members to see private related MRs. +- Check snippet attached file to be moved is within designated directory. +- Fix blind SSRF in Prometheus integration by checking URL before querying. +- Fix git clone revealing private repo's presence. +- Remove project serialization in quick actions response. +- Don't show new issue link after move when a user does not have permissions. +- Limit mermaid rendering to 5K characters. +- Show only merge requests visible to user on milestone detail page. +- Display only information visible to current user on the Milestone page. +- Do not display impersonated sessions under active sessions and remove ability to revoke session. +- Validate session key when authorizing with GCP to create a cluster. +- Do not disclose milestone titles for unauthorized users. +- Remove the possibility to share a project with a group that a user is not a member of. + +### Removed (1 change) + +- Remove HipChat integration from GitLab. !22223 + +### Fixed (86 changes, 21 of them are from the community) + +- Fixes issue with AWS V4 signatures not working with some S3 providers. !21788 +- Validate 'include' keywords in gitlab-ci.yml configuration files. !24098 (Paul Bonaud) +- Close More Actions tooltip when menu opens. !24285 +- API: Support Jira transition ID as string. !24400 (Robert Schilling) +- Fixed navigation sidebar flashing open on page load. !24555 +- Fix username escaping when using assign to me for issues. !24673 +- commit page info-well overflow fix #56436. !24799 (Gokhan Apaydin) +- Fix error tracking list page. !24806 +- Fix overlapping empty-header logo. !24868 (Jonas L.) +- Resolve Jobs tab border top in pipeline's page is 1px off. !24878 +- Require maintainer access to show pages domain settings. !24926 +- Display error message when API call to list Sentry issues fails. !24936 +- Fix rollout status for statefulsets and daemonsets. !24972 (Sergej Nikolaev ) +- Display job names consistently on pipelines and environments list. !24984 +- Update new password breadcrumb. !25037 (George Tsiolis) +- Fixes functions finder for upgraded Knative app. !25067 +- Provide expires_in in LFS authentication payload. !25082 +- Fix validation of certain ed25519 keys. !25115 (Merlijn B. W. Wajer) +- Timer and action name aligned vertically for delayed jobs in pipeline actions. !25117 (Gokhan Apaydin) +- Fix the border style of CONTRIBUTING button when it exists. !25124 (Takuya Noguchi) +- Change badges.svg example to pipeline.svg. !25157 (Aviad Levy) +- API: Fix docs and parameters for hangouts-chat service. !25180 (Robert Schilling) +- API: Expose full commit title. !25189 (Robert Schilling) +- API: Require only one parameter when updating a wiki. !25191 (Robert Schilling) +- Hide pipeline status when pipelines are disabled on project. !25204 +- Fix alignment of dropdown icon on issuable on mobile. !25205 (Takuya Noguchi) +- Add left margin to 1st time contributor badge. !25216 (Gokhan Apaydin) +- Use limited counter for runner build count in admin page. !25220 +- API: Ensure that related merge requests are referenced cross-project. !25222 (Robert Schilling) +- Ensure the base pipeline of a Merge Request belongs to its target branch. !25226 +- Fix import_jid error on project import. !25239 +- Fix commenting on commits having SHA1 starting with a large number. !25278 +- Allow empty values such as [] to be stored in reactive cache. !25283 +- Remove vertical connecting line placeholder from diff discussion notes. !25292 +- Fix hover and active state colors of award emoji button. !25295 +- Fix author layouts in issuable meta line UIs on mobile. !25332 (Takuya Noguchi) +- Fix bug where project topics truncate. !25398 +- Fix ETag caching not being used for AJAX requests. !25400 +- Doc - fix the url of pipeline status badge. !25404 (Aviad Levy) +- Fix pipeline status icon mismatch. !25407 +- Allow users to compare branches on a read-only instance. !25414 +- Fix 404s when C++ .gitignore template selected. !25416 +- Always fetch MR latest version when creating suggestions. !25441 +- Only show borders for markdown images in notes. !25448 +- Bring back Rugged implementation of find_commit. !25477 +- Remove duplicate units from metrics graph. !25485 +- Fix project import error importing releases. !25495 +- Remove duplicate XHR request when requesting new pipeline page. !25506 +- Properly handle multiple X-Forwarded-For addresses in runner IP. !25511 +- Fix weekday shift in issue board cards for UTC+X timezones by removing local timezone to UTC conversion. !25512 (Elias Werberich) +- Fix large table horizontal scroll and prevent side-by-side tables. !25520 (Dany Jupille) +- Fix error when viewing group issue boards when user doesn't have explicit group permissions. !25524 +- Respect the should_remove_source_branch parameter to the merge API. !25525 +- Externalize markdown toolbar buttons tooltips. !25529 +- Fix method to mark a project repository as writable. !25546 +- fix group without owner after transfer. !25573 (Peter Marko) +- Fix pagination and duplicate requests in environments page. !25582 +- Improve the JS pagination to handle the case when the `X-Total` and `X-Total-Pages` headers aren't present. !25601 +- Add right padding to the repository mirror action buttons. !25606 +- Use 'folder-open' from sprite icons for Browse Files button in Tag page. !25635 +- Make merge to refs/merge-requests/:iid/merge not raise when FF-only enabled. !25653 +- Fixed "Copying comment with ordered list includes extraneous newlines". !25695 +- Fix bridge jobs only/except variables policy. !25710 +- Allow GraphQL requests without CSRF token. !25719 +- Skip Project validation during Hashed Storage migration or rollback. !25753 +- Resolve showing squash commit edit issue when only single commit is present. !25807 +- Fix the last-ditch memory killer pgroup SIGKILL. !25940 +- Disable timeout on merge request merging poll. !25988 +- Allow modifying squash commit message for fast-forward only merge method. !26017 +- Fix bug in BitBucket imports with SHA shorter than 40 chars. !26050 +- Fix health checks not working behind load balancers. !26055 +- Fix 500 error caused by CODEOWNERS with no matches. !26072 +- Fix notes being marked as edited after resolving. !26143 +- Fix error creating a merge request when diff includes a null byte. !26190 +- Fix undefined variable error on json project views. !26297 +- GitHub import: Create new branches as project owner. !26335 +- Gracefully handles excluded fields from attributes during serialization on JsonCache. !26368 +- Admin section finds users case-insensitively. +- Fixes not working dropdowns in pipelines page. +- Do not show file templates when creating a new directory in WebIDE. +- Allow project members to see private group if the project is in the group namespace. +- Allow maintainers to remove pages. +- Fix inconsistent pagination styles. +- Fixed blob editor deleting file content for certain file paths. +- Fix upcoming milestone when there are milestones with far-future due dates. +- Fixed alignment of changed icon in Web IDE. + +### Changed (31 changes, 10 of them are from the community) + +- Improve snippets empty state. !18348 (George Tsiolis) +- Remove second primary button on wiki edit. !19959 (George Tsiolis) +- Allow raw `tls_options` to be passed in LDAP configuration. !20678 +- Remove undigested token column from personal_access_tokens table from the database. !22743 +- Update activity filter for issues. !23423 (George Tsiolis) +- Use auto-build-image for build job in Auto-DevOps.gitlab-ci.yml. !24279 +- Error tracking configuration - add a Sentry project selection dropdown. !24701 +- Move ChatOps to Core. !24780 +- Implement new arguments `state`, `closed_before` and `closed_after` for `IssuesResolver` in GraphQL. !24910 +- Validate kubernetes cluster CA certificate. !24990 +- Review App Link to Changed Page if Only One Change Present. !25048 +- Show pipeline ID, commit, and branch name on modal while stopping pipeline. !25059 +- Improve empty state for starred projects. !25138 +- Capture due date when importing milestones from Github. !25182 (dstanley) +- Add a spinner icon which is rendered using pure css. !25186 +- Make emoji picker bigger. !25187 (Jacopo Beschi @jacopo-beschi) +- API: Sort tie breaker with id DESC. !25311 (Nermin Vehabovic) +- Add iOS-fastlane template for .gitlab-ci.yml. !25395 +- Move language setting to preferences. !25427 (Fabian Schneider @fabsrc) +- Resolve Create Project Template for Netlify. !25453 +- Sort labels alphabetically on issues and merge requests list. !25470 +- Add Project template for .NET Core. !25486 +- Update operations settings breadcrumb trail. !25539 (George Tsiolis) +- Add Project template for go-micro. !25553 +- Jira: make issue links title compact. !25609 (Elan Ruusamäe @glensc) +- Project level filtering for JupyterHub. !25684 (Amit Rathi (amit1rrr)) +- Clean up vendored templates. !25794 +- Mask all TOKEN and PASSWORD CI variables. !25868 +- Add project template for Android. !25870 +- Add iOS project template. !25872 +- Upgrade to Gitaly v1.26.0. !25890 + +### Performance (11 changes) + +- Improve performance for diverging commit counts. !24287 +- Optimize Redis usage in User::ActivityService. !25005 +- Only load syntax highlight CSS of selected theme. !25232 +- Improve label select rendering. !25281 +- Enable persisted pipeline stages by default. !25347 +- Speed up group issue search counts. !25411 +- Load repository language from the database if detected before. !25518 +- Remove N+1 query for tags in /admin/runners page. !25572 +- Eliminate most N+1 queries loading UserController#calendar_activities. !25697 +- Improve Web IDE launch performance. !25700 +- Significantly reduce N+1 queries in /api/v4/todos endpoint. !25711 + +### Added (55 changes, 18 of them are from the community) + +- Add a tag filter to the admin runners view. !19740 (Alexis Reigel) +- Add project fetch statistics. !23596 (Jacopo Beschi @jacopo-beschi) +- Hashed Storage rollback mechanism. !23955 +- Allow to recursively expand includes. !24356 +- Allow expanding a diff to display full file. !24406 +- Support `only: changes:` on MR pipelines. !24490 (Hiroyuki Sato) +- Expose additional merge request pipeline variables. !24595 (Hiroyuki Sato) +- Add metadata about the GitLab server to GraphQL. !24636 +- Support merge ref writing (without merging to target branch). !24692 +- Add field mergeRequests for project in GraphQL. !24805 +- API support for MR merge to temporary merge ref path. !24918 +- Ability to filter confidential issues. !24960 (Robert Schilling) +- Allow creation of branches that match a wildcard protection, except directly through git. !24969 +- Add related merge request count to api response. !24974 +- Add realtime validation for user fullname and username on validation. !25017 (Ehsan Abdulqader @EhsanZ) +- Allow setting feature flags per GitLab group through the API. !25022 +- Add API endpoint to get a commit's GPG signature. !25032 +- Add support for FTP assets for releases. !25071 (Robert Schilling) +- Add Confirmation Modal to Rollback on Environment. !25110 +- add title attribute to display file name. !25154 (Satoshi Nakamatsu @satoshicano) +- API: Expose text_color for project and group labels. !25172 (Robert Schilling) +- Added support for ingress hostnames. !25181 (walkafwalka) +- API: Promote project milestone to a group milestone. !25203 (Nermin Vehabovic) +- API: Expose if the current user can merge a MR. !25207 (Robert Schilling) +- add readme to changelogs directory. !25209 (@glensc) +- API: Indicate if label is a project label. !25219 (Robert Schilling) +- Expose refspecs and depth to runner. !25233 +- Port System Header and Footer feature to Core. !25241 +- Sort Environments by Last Updated. !25260 +- Accept force option to overwrite branch on commit via API. !25286 +- Add support for masking CI variables. !25293 +- Add Link from Closed (moved) Issues to Moved Issue. !25300 +- Next/previous navigation between files in MR review. !25355 +- Add YouTrack integration service. !25361 (Yauhen Kotau @bessorion) +- Add ability to set path and name for project on fork using API. !25363 +- Add project level config for merge pipelines. !25385 +- Edit Knative domain after it has been deployed. !25386 +- Add zoom and scroll to metrics dashboard. !25388 +- Persist source sha and target sha for merge pipelines. !25417 +- Add support for toggling discussion filter from notes section. !25426 +- Resolve Move files in the Web IDE. !25431 +- Show header and footer system messages in email. !25474 +- Allow configuring POSTGRES_VERSION in Auto DevOps. !25500 +- Add Saturday to Localization first day of the week. !25509 (Ahmad Haghighi) +- Extend the Gitlab API for deletion of job_artifacts of a single job. !25522 (rroger) +- Simplify CI/CD configuration on serverless projects. !25523 +- Add button to start discussion from single comment. !25575 +- sidekiq: terminate child processes at shutdown. !25669 +- Expose merge request entity for pipelines. !25679 +- Link to most recent MR from a branch. !25689 +- Adds Auto DevOps build job for tags. !25718 (walkafwalka) +- Allow all snippets to be accessed by API. !25772 +- Make file tree in merge requests resizable. +- Make the Web IDE the default editor. +- File uploads are deleted asynchronously when deleting a project or group. + +### Other (28 changes, 6 of them are from the community) + +- Improve GitHub and Gitea project import table UI. !24606 +- Externalize strings from `/app/views/projects/commit`. !24668 (George Tsiolis) +- Correct non-standard unicode spaces to regular unicode. !24795 (Marcel Amirault) +- Provide a performance bar link to the Jaeger UI. !24902 +- Remove BATCH_SIZE from WikiFileFinder. !24933 +- Use export-import svgs from gitlab-svgs. !24954 +- Fix N+1 query in Issues and MergeRequest API when issuable_metadata is present. !25042 (Alex Koval) +- Directly inheriting from ActiveRecord::Migration is deprecated. !25066 (Jasper Maes) +- Bump Helm and kubectl in Auto DevOps to 2.12.3 and 1.11.7 respectively. !25072 +- Log queue duration in production_json.log. !25075 +- Extracted ResolveWithIssueButton to its own component. !25093 (Martin Hobert) +- Add rectangular project and group avatars. !25098 +- Include note in the Rails filter_parameters configuration. !25238 +- Bump Helm and kubectl used in Kubernetes integration to 2.12.3 and 1.11.7 respectively. !25268 +- Include gl_project_path in API /internal/allowed response. !25314 +- Fix incorrect Pages Domains checkbox description. !25392 (Anton Melser) +- Update GitLab Runner Helm Chart to 0.2.0. !25493 +- Add suffix (`_event`) to merge request source. !25508 +- Creates a helper function to check if repo is EE. !25647 +- If chpst is available, make fron-source installations run sidekiq as a process group leader. !25654 +- Bring back Rugged implementation of GetTreeEntries. !25674 +- Moves EE util into the CE file. !25680 +- Bring back Rugged implementation of CommitIsAncestor. !25702 +- Bring back Rugged implementation of TreeEntry. !25706 +- Enable syntax highlighting to other supported markups. !25761 +- Update GitLab Shell to v8.7.1. !25801 +- Bring back Rugged implementation of commit_tree_entry. !25896 +- Removes EE differences for jobs/getters.js. -- Unreleased due to QA failure. ## 11.8.3 (2019-03-19) @@ -130,33 +711,6 @@ entry. - Allow project members to see private group if the project is in the group namespace. -## 11.8.1 (2019-02-28) - -### Security (21 changes) - -- Stop linking to unrecognized package sources. !55518 -- Don't allow non-members to see private related MRs. -- Do not display impersonated sessions under active sessions and remove ability to revoke session. -- Display only information visible to current user on the Milestone page. -- Show only merge requests visible to user on milestone detail page. -- Disable issue boards API when issues are disabled. -- Don't show new issue link after move when a user does not have permissions. -- Fix git clone revealing private repo's presence. -- Fix blind SSRF in Prometheus integration by checking URL before querying. -- Check snippet attached file to be moved is within designated directory. -- Check if desired milestone for an issue is available. -- Fix arbitrary file read via diffs during import. -- Display the correct number of MRs a user has access to. -- Forbid creating discussions for users with restricted access. -- Do not disclose milestone titles for unauthorized users. -- Validate session key when authorizing with GCP to create a cluster. -- Block local URLs for Kubernetes integration. -- Limit mermaid rendering to 5K characters. -- Remove the possibility to share a project with a group that a user is not a member of. -- Fix leaking private repository information in API. -- Prevent releases links API to leak tag existance. - - ## 11.8.0 (2019-02-22) ### Security (7 changes, 1 of them is from the community) @@ -404,6 +958,40 @@ entry. - Creates mixin to reduce code duplication between CE and EE in graph component. +## 11.7.10 (2019-03-28) + +### Security (7 changes) + +- Disallow guest users from accessing Releases. +- Fix PDF.js vulnerability. +- Hide "related branches" when user does not have permission. +- Fix XSS in resolve conflicts form. +- Added rake task for removing EXIF data from existing uploads. +- Disallow updating namespace when updating a project. +- Use UntrustedRegexp for matching refs policy. + + +## 11.7.8 (2019-03-26) + +### Security (7 changes) + +- Disallow guest users from accessing Releases. +- Fix PDF.js vulnerability. +- Hide "related branches" when user does not have permission. +- Fix XSS in resolve conflicts form. +- Added rake task for removing EXIF data from existing uploads. +- Disallow updating namespace when updating a project. +- Use UntrustedRegexp for matching refs policy. + + +## 11.7.7 (2019-03-19) + +### Security (2 changes) + +- Remove project serialization in quick actions response. +- Fixed ability to see private groups by users not belonging to given group. + + ## 11.7.5 (2019-02-06) ### Fixed (8 changes) @@ -641,6 +1229,33 @@ entry. - Update url placeholder for the sentry configuration page. !24338 +## 11.6.10 (2019-02-28) + +### Security (21 changes) + +- Stop linking to unrecognized package sources. !55518 +- Check snippet attached file to be moved is within designated directory. +- Fix potential Addressable::URI::InvalidURIError. +- Do not display impersonated sessions under active sessions and remove ability to revoke session. +- Display only information visible to current user on the Milestone page. +- Show only merge requests visible to user on milestone detail page. +- Disable issue boards API when issues are disabled. +- Don't show new issue link after move when a user does not have permissions. +- Fix git clone revealing private repo's presence. +- Fix blind SSRF in Prometheus integration by checking URL before querying. +- Check if desired milestone for an issue is available. +- Don't allow non-members to see private related MRs. +- Fix arbitrary file read via diffs during import. +- Display the correct number of MRs a user has access to. +- Forbid creating discussions for users with restricted access. +- Do not disclose milestone titles for unauthorized users. +- Validate session key when authorizing with GCP to create a cluster. +- Block local URLs for Kubernetes integration. +- Limit mermaid rendering to 5K characters. +- Remove the possibility to share a project with a group that a user is not a member of. +- Fix leaking private repository information in API. + + ## 11.6.8 (2019-01-30) - No changes. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 97dbe2f512..82e16b4fbf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,7 +18,7 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._ ## Contributing Documentation has been moved As of July 2018, all the documentation for contributing to the GitLab project has been moved to a new location. -[view the new documentation](doc/development/contributing/index.md) to find the latest information. +[View the new documentation](doc/development/contributing/index.md) to find the latest information. ## Contribute to GitLab diff --git a/Dangerfile b/Dangerfile index 6a2c5cf277..3e8cb45600 100644 --- a/Dangerfile +++ b/Dangerfile @@ -1,13 +1,19 @@ danger.import_plugin('danger/plugins/helper.rb') -danger.import_dangerfile(path: 'danger/metadata') -danger.import_dangerfile(path: 'danger/changes_size') -danger.import_dangerfile(path: 'danger/changelog') -danger.import_dangerfile(path: 'danger/specs') -danger.import_dangerfile(path: 'danger/gemfile') -danger.import_dangerfile(path: 'danger/database') -danger.import_dangerfile(path: 'danger/documentation') -danger.import_dangerfile(path: 'danger/frozen_string') -danger.import_dangerfile(path: 'danger/commit_messages') -danger.import_dangerfile(path: 'danger/duplicate_yarn_dependencies') -danger.import_dangerfile(path: 'danger/prettier') -danger.import_dangerfile(path: 'danger/eslint') + +unless helper.release_automation? + danger.import_dangerfile(path: 'danger/metadata') + danger.import_dangerfile(path: 'danger/changes_size') + danger.import_dangerfile(path: 'danger/changelog') + danger.import_dangerfile(path: 'danger/specs') + danger.import_dangerfile(path: 'danger/gemfile') + danger.import_dangerfile(path: 'danger/database') + danger.import_dangerfile(path: 'danger/documentation') + danger.import_dangerfile(path: 'danger/frozen_string') + danger.import_dangerfile(path: 'danger/commit_messages') + danger.import_dangerfile(path: 'danger/duplicate_yarn_dependencies') + danger.import_dangerfile(path: 'danger/prettier') + danger.import_dangerfile(path: 'danger/eslint') + danger.import_dangerfile(path: 'danger/roulette') + danger.import_dangerfile(path: 'danger/single_codebase') + danger.import_dangerfile(path: 'danger/gitlab_ui_wg') +end diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 0044d6cb96..7e3856fe87 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.20.1 +1.34.3 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 917d38ec9f..f7ee06693c 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -8.4.4 +9.0.0 diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index d127a0ff9f..85e2cd5309 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -8.3.3 +8.5.2 diff --git a/Gemfile b/Gemfile index 80565aaff4..00f90bdf7e 100644 --- a/Gemfile +++ b/Gemfile @@ -18,7 +18,7 @@ gem 'gitlab-default_value_for', '~> 3.1.1', require: 'default_value_for' gem 'mysql2', '~> 0.4.10', group: :mysql gem 'pg', '~> 1.1', group: :postgres -gem 'rugged', '~> 0.27' +gem 'rugged', '~> 0.28' gem 'grape-path-helpers', '~> 1.0' gem 'faraday', '~> 0.12' @@ -42,11 +42,11 @@ gem 'omniauth-shibboleth', '~> 1.3.0' gem 'omniauth-twitter', '~> 1.4' gem 'omniauth_crowd', '~> 2.2.0' gem 'omniauth-authentiq', '~> 0.3.3' -gem 'rack-oauth2', '~> 1.2.1' +gem 'rack-oauth2', '~> 1.9.3' gem 'jwt', '~> 2.1.0' # Spam and anti-bot protection -gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' +gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails' gem 'akismet', '~> 2.0' # Two-factor authentication @@ -68,7 +68,7 @@ gem 'gpgme', '~> 2.0.18' # LDAP Auth # GitLab fork with several improvements to original library. For full list of changes # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master -gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap' +gem 'gitlab_omniauth-ldap', '~> 2.1.1', require: 'omniauth-ldap' gem 'net-ldap' # API @@ -94,13 +94,15 @@ gem 'carrierwave', '~> 1.3' gem 'mini_magick' # for backups -gem 'fog-aws', '~> 2.0.1' -gem 'fog-core', '~> 1.44' -gem 'fog-google', '~> 1.7.1' -gem 'fog-local', '~> 0.3' -gem 'fog-openstack', '~> 0.1' +gem 'fog-aws', '~> 3.3' +# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421. +# Also see config/initializers/fog_core_patch.rb. +gem 'fog-core', '= 2.1.0' +gem 'fog-google', '~> 1.8' +gem 'fog-local', '~> 0.6' +gem 'fog-openstack', '~> 1.0' gem 'fog-rackspace', '~> 0.1.1' -gem 'fog-aliyun', '~> 0.2.0' +gem 'fog-aliyun', '~> 0.3' # for Google storage gem 'google-api-client', '~> 0.23' @@ -114,7 +116,7 @@ gem 'seed-fu', '~> 2.3.7' # Markdown and HTML processing gem 'html-pipeline', '~> 2.8' gem 'deckar01-task_list', '2.2.0' -gem 'gitlab-markup', '~> 1.6.5' +gem 'gitlab-markup', '~> 1.7.0' gem 'github-markup', '~> 1.7.0', require: 'github/markup' gem 'commonmarker', '~> 0.17' gem 'RedCloth', '~> 4.3.2' @@ -126,7 +128,7 @@ gem 'asciidoctor', '~> 1.5.8' gem 'asciidoctor-plantuml', '0.0.8' gem 'rouge', '~> 3.1' gem 'truncato', '~> 0.7.11' -gem 'bootstrap_form', '~> 2.7.0' +gem 'bootstrap_form', '~> 4.2.0' gem 'nokogiri', '~> 1.10.1' gem 'escape_utils', '~> 1.1' @@ -137,13 +139,10 @@ gem 'icalendar' gem 'diffy', '~> 3.1.0' # Application server -# The 2.0.6 version of rack requires monkeypatch to be present in -# `config.ru`. This can be removed once a new update for Rack -# is available that contains https://github.com/rack/rack/pull/1201. -gem 'rack', '2.0.6' +gem 'rack', '~> 2.0.7' group :unicorn do - gem 'unicorn', '~> 5.1.0' + gem 'unicorn', '~> 5.4.1' gem 'unicorn-worker-killer', '~> 0.4.4' end @@ -156,7 +155,7 @@ end gem 'state_machines-activerecord', '~> 0.5.1' # Issue tags -gem 'acts-as-taggable-on', '~> 5.0' +gem 'acts-as-taggable-on', '~> 6.0' # Background jobs gem 'sidekiq', '~> 5.2.1' @@ -168,7 +167,7 @@ gem 'gitlab-sidekiq-fetcher', '~> 0.4.0', require: 'sidekiq-reliable-fetch' gem 'fugit', '~> 1.1' # HTTP requests -gem 'httparty', '~> 0.13.3' +gem 'httparty', '~> 0.16.4' # Colored output to console gem 'rainbow', '~> 3.0' @@ -184,7 +183,7 @@ gem 're2', '~> 1.1.1' # Misc -gem 'version_sorter', '~> 2.1.0' +gem 'version_sorter', '~> 2.2.4' # Export Ruby Regex to Javascript gem 'js_regex', '~> 3.1' @@ -266,9 +265,7 @@ gem 'addressable', '~> 2.5.2' gem 'font-awesome-rails', '~> 4.7' gem 'gemojione', '~> 3.3' gem 'gon', '~> 6.2' -gem 'jquery-atwho-rails', '~> 1.3.2' gem 'request_store', '~> 1.3' -gem 'select2-rails', '~> 3.5.9' gem 'virtus', '~> 1.0.1' gem 'base32', '~> 0.3.0' @@ -326,7 +323,7 @@ group :development do end group :development, :test do - gem 'bootsnap', '~> 1.3' + gem 'bootsnap', '~> 1.4' gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] gem 'pry-byebug', '~> 3.5.1', platform: :mri gem 'pry-rails', '~> 0.3.4' @@ -383,7 +380,7 @@ group :test do gem 'shoulda-matchers', '~> 3.1.2', require: false gem 'email_spec', '~> 2.2.0' gem 'json-schema', '~> 2.8.0' - gem 'webmock', '~> 2.3.2' + gem 'webmock', '~> 3.5.1' gem 'rails-controller-testing' gem 'sham_rack', '~> 1.3.6' gem 'concurrent-ruby', '~> 1.1' @@ -413,7 +410,7 @@ gem 'sys-filesystem', '~> 1.1.6' # SSH host key support gem 'net-ssh', '~> 5.0' -gem 'sshkey', '~> 1.9.0' +gem 'sshkey', '~> 2.0' # Required for ED25519 SSH host key support group :ed25519 do @@ -422,7 +419,8 @@ group :ed25519 do end # Gitaly GRPC client -gem 'gitaly-proto', '~> 1.10.0', require: 'gitaly' +gem 'gitaly-proto', '~> 1.22.1', require: 'gitaly' + gem 'grpc', '~> 1.15.0' gem 'google-protobuf', '~> 3.6' diff --git a/Gemfile.lock b/Gemfile.lock index 0ba8c3ef4c..d498172b02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,8 +43,8 @@ GEM i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - acts-as-taggable-on (5.0.0) - activerecord (>= 4.2.8) + acts-as-taggable-on (6.0.0) + activerecord (~> 5.0) adamantium (0.2.0) ice_nine (~> 0.11.0) memoizable (~> 0.4.0) @@ -65,7 +65,7 @@ GEM atomic (1.1.99) attr_encrypted (3.1.0) encryptor (~> 3.0.0) - attr_required (1.0.0) + attr_required (1.0.1) awesome_print (1.8.0) axiom-types (0.1.1) descendants_tracker (~> 0.0.4) @@ -85,9 +85,11 @@ GEM binding_ninja (0.2.2) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) - bootsnap (1.3.2) + bootsnap (1.4.1) msgpack (~> 1.0) - bootstrap_form (2.7.0) + bootstrap_form (4.2.0) + actionpack (>= 5.0) + activemodel (>= 5.0) brakeman (4.2.1) browser (2.5.3) builder (3.2.3) @@ -218,32 +220,33 @@ GEM flowdock (0.7.1) httparty (~> 0.7) multi_json - fog-aliyun (0.2.0) - fog-core (~> 1.27) - fog-json (~> 1.0) + fog-aliyun (0.3.3) + fog-core + fog-json ipaddress (~> 0.8) xml-simple (~> 1.1) - fog-aws (2.0.1) - fog-core (~> 1.38) - fog-json (~> 1.0) + fog-aws (3.3.0) + fog-core (~> 2.1) + fog-json (~> 1.1) fog-xml (~> 0.1) ipaddress (~> 0.8) - fog-core (1.45.0) + fog-core (2.1.0) builder excon (~> 0.58) formatador (~> 0.2) - fog-google (1.7.1) - fog-core - fog-json - fog-xml + mime-types + fog-google (1.8.2) + fog-core (<= 2.1.0) + fog-json (~> 1.2) + fog-xml (~> 0.1.0) google-api-client (~> 0.23.0) - fog-json (1.0.2) - fog-core (~> 1.0) + fog-json (1.2.0) + fog-core multi_json (~> 1.10) - fog-local (0.3.1) - fog-core (~> 1.27) - fog-openstack (0.1.21) - fog-core (>= 1.40) + fog-local (0.6.0) + fog-core (>= 1.27, < 3.0) + fog-openstack (1.0.8) + fog-core (~> 2.1) fog-json (>= 1.0) ipaddress (>= 0.8) fog-rackspace (0.1.1) @@ -259,7 +262,7 @@ GEM foreman (0.84.0) thor (~> 0.19.1) formatador (0.2.5) - fugit (1.1.7) + fugit (1.1.9) et-orbi (~> 1.1, >= 1.1.7) raabro (~> 1.1) fuubar (2.2.0) @@ -278,19 +281,19 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (1.10.0) + gitaly-proto (1.22.1) grpc (~> 1.0) github-markup (1.7.0) gitlab-default_value_for (3.1.1) activerecord (>= 3.2.0, < 6.0) - gitlab-markup (1.6.5) + gitlab-markup (1.7.0) gitlab-sidekiq-fetcher (0.4.0) sidekiq (~> 5) gitlab-styles (2.5.1) rubocop (~> 0.54.0) rubocop-gitlab-security (~> 0.1.0) rubocop-rspec (~> 1.19) - gitlab_omniauth-ldap (2.0.4) + gitlab_omniauth-ldap (2.1.1) net-ldap (~> 0.16) omniauth (~> 1.3) pyu-ruby-sasl (>= 0.0.3.3, < 0.1) @@ -309,7 +312,7 @@ GEM representable (~> 3.0) retriable (>= 2.0, < 4.0) google-protobuf (3.6.1) - googleapis-common-protos-types (1.0.2) + googleapis-common-protos-types (1.0.3) google-protobuf (~> 3.0) googleauth (0.6.6) faraday (~> 0.12) @@ -357,7 +360,7 @@ GEM thor tilt hangouts-chat (0.0.5) - hashdiff (0.3.4) + hashdiff (0.3.8) hashie (3.5.7) hashie-forbidden_attributes (0.1.1) hashie (>= 3.0) @@ -381,8 +384,8 @@ GEM domain_name (~> 0.5) http-form_data (2.1.1) http_parser.rb (0.6.0) - httparty (0.13.7) - json (~> 1.8) + httparty (0.16.4) + mime-types (~> 3.0) multi_xml (>= 0.5.2) httpclient (2.8.3) i18n (1.6.0) @@ -400,7 +403,6 @@ GEM activesupport multipart-post oauth (~> 0.5, >= 0.5.0) - jquery-atwho-rails (1.3.2) js_regex (3.1.1) character_set (~> 1.1) regexp_parser (~> 1.1) @@ -425,7 +427,7 @@ GEM activerecord kaminari-core (= 1.0.1) kaminari-core (1.0.1) - kgio (2.10.0) + kgio (2.11.2) knapsack (1.17.0) rake kubeclient (4.2.2) @@ -586,7 +588,7 @@ GEM atomic (>= 1.0.0) peek redis - pg (1.1.3) + pg (1.1.4) po_to_json (1.0.1) json (>= 1.6.0) powerpack (0.1.1) @@ -618,18 +620,18 @@ GEM puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) raabro (1.1.6) - rack (2.0.6) + rack (2.0.7) rack-accept (0.4.5) rack (>= 0.4) rack-attack (4.4.1) rack rack-cors (1.0.2) - rack-oauth2 (1.2.3) - activesupport (>= 2.3) - attr_required (>= 0.0.5) - httpclient (>= 2.4) - multi_json (>= 1.3.6) - rack (>= 1.1) + rack-oauth2 (1.9.3) + activesupport + attr_required + httpclient + json-jwt (>= 1.9.0) + rack rack-protection (2.0.5) rack rack-proxy (0.6.0) @@ -669,7 +671,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (3.0.0) - raindrops (0.18.0) + raindrops (0.19.0) rake (12.3.2) rb-fsevent (0.10.2) rb-inotify (0.9.10) @@ -682,7 +684,7 @@ GEM optimist (>= 3.0.0) rdoc (6.0.4) re2 (1.1.1) - recaptcha (3.0.0) + recaptcha (4.13.1) json recursive-open-struct (1.1.0) redis (3.3.5) @@ -787,7 +789,7 @@ GEM rubyntlm (0.6.2) rubypants (0.2.0) rubyzip (1.2.2) - rugged (0.27.5) + rugged (0.28.1) safe_yaml (1.0.4) sanitize (4.6.6) crass (~> 1.0.2) @@ -813,12 +815,10 @@ GEM seed-fu (2.3.7) activerecord (>= 3.1) activesupport (>= 3.1) - select2-rails (3.5.9.3) - thor (~> 0.14) selenium-webdriver (3.12.0) childprocess (~> 0.5) rubyzip (~> 1.2) - sentry-raven (2.7.4) + sentry-raven (2.9.0) faraday (>= 0.7.6, < 1.0) settingslogic (2.0.9) sexp_processor (4.11.0) @@ -858,7 +858,7 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - sshkey (1.9.0) + sshkey (2.0.0) stackprof (0.2.10) state_machines (0.5.0) state_machines-activemodel (0.5.1) @@ -901,7 +901,7 @@ GEM unf_ext unf_ext (0.0.7.5) unicode-display_width (1.3.2) - unicorn (5.1.0) + unicorn (5.4.1) kgio (~> 2.6) raindrops (~> 0.7) unicorn-worker-killer (0.4.4) @@ -919,7 +919,7 @@ GEM validates_hostname (1.0.6) activerecord (>= 3.0) activesupport (>= 3.0) - version_sorter (2.1.0) + version_sorter (2.2.4) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -928,7 +928,7 @@ GEM vmstat (2.3.0) warden (1.2.7) rack (>= 1.0) - webmock (2.3.2) + webmock (3.5.1) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff @@ -953,7 +953,7 @@ DEPENDENCIES RedCloth (~> 4.3.2) ace-rails-ap (~> 4.1.0) activerecord_sane_schema_dumper (= 1.0) - acts-as-taggable-on (~> 5.0) + acts-as-taggable-on (~> 6.0) addressable (~> 2.5.2) akismet (~> 2.0) asana (~> 0.8.1) @@ -968,8 +968,8 @@ DEPENDENCIES benchmark-ips (~> 2.3.0) better_errors (~> 2.5.0) binding_of_caller (~> 0.8.0) - bootsnap (~> 1.3) - bootstrap_form (~> 2.7.0) + bootsnap (~> 1.4) + bootstrap_form (~> 4.2.0) brakeman (~> 4.2) browser (~> 2.5) bullet (~> 5.5.0) @@ -1005,12 +1005,12 @@ DEPENDENCIES flipper-active_record (~> 0.13.0) flipper-active_support_cache_store (~> 0.13.0) flowdock (~> 0.7) - fog-aliyun (~> 0.2.0) - fog-aws (~> 2.0.1) - fog-core (~> 1.44) - fog-google (~> 1.7.1) - fog-local (~> 0.3) - fog-openstack (~> 0.1) + fog-aliyun (~> 0.3) + fog-aws (~> 3.3) + fog-core (= 2.1.0) + fog-google (~> 1.8) + fog-local (~> 0.6) + fog-openstack (~> 1.0) fog-rackspace (~> 0.1.1) font-awesome-rails (~> 4.7) foreman (~> 0.84.0) @@ -1020,13 +1020,13 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 1.10.0) + gitaly-proto (~> 1.22.1) github-markup (~> 1.7.0) gitlab-default_value_for (~> 3.1.1) - gitlab-markup (~> 1.6.5) + gitlab-markup (~> 1.7.0) gitlab-sidekiq-fetcher (~> 0.4.0) gitlab-styles (~> 2.4) - gitlab_omniauth-ldap (~> 2.0.4) + gitlab_omniauth-ldap (~> 2.1.1) gon (~> 6.2) google-api-client (~> 0.23) google-protobuf (~> 3.6) @@ -1046,12 +1046,11 @@ DEPENDENCIES hipchat (~> 1.5.0) html-pipeline (~> 2.8) html2text - httparty (~> 0.13.3) + httparty (~> 0.16.4) icalendar influxdb (~> 0.2) jaeger-client (~> 0.10.0) jira-ruby (~> 1.4) - jquery-atwho-rails (~> 1.3.2) js_regex (~> 3.1) json-schema (~> 2.8.0) jwt (~> 2.1.0) @@ -1105,10 +1104,10 @@ DEPENDENCIES pry-rails (~> 0.3.4) puma (~> 3.12) puma_worker_killer - rack (= 2.0.6) + rack (~> 2.0.7) rack-attack (~> 4.4.1) rack-cors (~> 1.0.0) - rack-oauth2 (~> 1.2.1) + rack-oauth2 (~> 1.9.3) rack-proxy (~> 0.6.0) rails (= 5.0.7.2) rails-controller-testing @@ -1120,7 +1119,7 @@ DEPENDENCIES rbtrace (~> 0.4) rdoc (~> 6.0) re2 (~> 1.1.1) - recaptcha (~> 3.0) + recaptcha (~> 4.11) redis (~> 3.2) redis-namespace (~> 1.6.0) redis-rails (~> 5.0.2) @@ -1141,13 +1140,12 @@ DEPENDENCIES ruby-progressbar ruby_parser (~> 3.8) rubyzip (~> 1.2.2) - rugged (~> 0.27) + rugged (~> 0.28) sanitize (~> 4.6) sass (~> 3.5) sass-rails (~> 5.0.6) scss_lint (~> 0.56.0) seed-fu (~> 2.3.7) - select2-rails (~> 3.5.9) selenium-webdriver (~> 3.12) sentry-raven (~> 2.7) settingslogic (~> 2.0.9) @@ -1161,7 +1159,7 @@ DEPENDENCIES spring (~> 2.0.0) spring-commands-rspec (~> 1.0.4) sprockets (~> 3.7.0) - sshkey (~> 1.9.0) + sshkey (~> 2.0) stackprof (~> 0.2.10) state_machines-activerecord (~> 0.5.1) sys-filesystem (~> 1.1.6) @@ -1173,13 +1171,13 @@ DEPENDENCIES u2f (~> 0.2.1) uglifier (~> 2.7.2) unf (~> 0.1.4) - unicorn (~> 5.1.0) + unicorn (~> 5.4.1) unicorn-worker-killer (~> 0.4.4) validates_hostname (~> 1.0.6) - version_sorter (~> 2.1.0) + version_sorter (~> 2.2.4) virtus (~> 1.0.1) vmstat (~> 2.3.0) - webmock (~> 2.3.2) + webmock (~> 3.5.1) webpack-rails (~> 0.9.10) wikicloth (= 0.8.1) diff --git a/PROCESS.md b/PROCESS.md index 7fdac09880..1f99cebe08 100644 --- a/PROCESS.md +++ b/PROCESS.md @@ -108,7 +108,19 @@ Merge requests that make changes hidden behind a feature flag, or remove an existing feature flag because a feature is deemed stable, may be merged (and picked into the stable branches) up to the 19th of the month. Such merge requests should have the ~"feature flag" label assigned, and don't require a -corresponding exception request to be created. +corresponding exception request to be created. + +A level of common sense should be applied when deciding whether to have a feature +behind a feature flag off or on by default. + +The following guideliness can be applied to help make this decision: + +* If the feature is not fully ready or functioning, the feature flag should be disabled by default. +* If the feature is ready but there are concerns about performance or impact, the feature flag should be enabled by default, but +disabled via chatops before deployment on GitLab.com environments. If the performance concern is confirmed, the final release should have the feature flag disabled by default. +* In most other cases, the feature flag can be enabled by default. + +For more information on rolling out changes using feature flags, read [through the documentation](https://docs.gitlab.com/ee/development/rolling_out_changes_using_feature_flags.html). In order to build the final package and present the feature for self-hosted customers, the feature flag should be removed. This should happen before the @@ -156,8 +168,12 @@ on behalf of the community member. Every new feature or change should be shipped with its corresponding documentation in accordance with the -[documentation process](https://docs.gitlab.com/ee/development/documentation/workflow.html) -and [structure](https://docs.gitlab.com/ee/development/documentation/structure.html). +[documentation process](https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html) +and [structure](https://docs.gitlab.com/ee/development/documentation/structure.html) guides. +Note that a technical writer will review all changes to documentation. This can occur +in the same MR as the feature code, but [if there is not sufficient time or need, +it can be planned via a follow-up issue for doc review](https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#1-product-managers-role), +and another MR, if needed. Regardless, complete docs must be merged with code by the freeze. #### What happens if these deadlines are missed? @@ -186,8 +202,6 @@ and to prevent any last minute surprises. Merge requests should still be complete, following the [definition of done][done]. -#### Feature merge requests - If a merge request is not ready, but the developers and Product Manager responsible for the feature think it is essential that it is in the release, they can [ask for an exception](#asking-for-an-exception) in advance. This is @@ -202,34 +216,17 @@ information, see [Automatic CE->EE merge][automatic_ce_ee_merge] and [Guidelines for implementing Enterprise Edition features][ee_features]. -#### Documentation merge requests - -Documentation is part of the product and must be shipped with the feature. - -The single exception for the feature freeze is documentation, and it can -be left to be **merged up to the 14th** if: - -* There is a follow-up issue to add documentation. -* It is assigned to the developer writing documentation for this feature, and they - are aware of it. -* It is in the correct milestone, with the labels ~Documentation, ~Deliverable, -~missed-deliverable, and "pick into X.Y" applied. -* It must be reviewed and approved by a technical writer. - -For more information read the process for -[documentation shipped late](https://docs.gitlab.com/ee/development/documentation/workflow.html#documentation-shipped-late). - ### After the 7th Once the stable branch is frozen, the only MRs that can be cherry-picked into the stable branch are: * Fixes for [regressions](#regressions) where the affected version `xx.x` in `regression:xx.x` is the current release. See [Managing bugs](#managing-bugs) section. -* Fixes for security issues -* Fixes or improvements to automated QA scenarios -* [Documentation updates](https://docs.gitlab.com/ee/development/documentation/workflow.html#documentation-shipped-late) for changes in the same release -* New or updated translations (as long as they do not touch application code) -* Changes that are behind a feature flag and have the ~"feature flag" label +* Fixes for security issues. +* Fixes or improvements to automated QA scenarios. +* [Documentation improvements](https://docs.gitlab.com/ee/development/documentation/workflow.html) for feature changes made in the same release, though initial docs for these features should have already been merged by the freeze, as required. +* New or updated translations (as long as they do not touch application code). +* Changes that are behind a feature flag and have the ~"feature flag" label. During the feature freeze all merge requests that are meant to go into the upcoming release should have the correct milestone assigned _and_ the diff --git a/Pipfile b/Pipfile new file mode 100644 index 0000000000..2afbe5fc3f --- /dev/null +++ b/Pipfile @@ -0,0 +1,12 @@ +[[source]] +name = "pypi" +url = "https://pypi.org/simple" +verify_ssl = true + +[dev-packages] + +[packages] +docutils = "==0.13.1" + +[requires] +python_version = "3.4" diff --git a/Pipfile.lock b/Pipfile.lock new file mode 100644 index 0000000000..dc23ca89ed --- /dev/null +++ b/Pipfile.lock @@ -0,0 +1,30 @@ +{ + "_meta": { + "hash": { + "sha256": "ec82d5e7c10fd591aeebbc9b7b62d730f7fd70dc52e4e4818834891aa4194c73" + }, + "pipfile-spec": 6, + "requires": { + "python_version": "3.4" + }, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "docutils": { + "hashes": [ + "sha256:718c0f5fb677be0f34b781e04241c4067cbd9327b66bdd8e763201130f5175be", + "sha256:cb3ebcb09242804f84bdbf0b26504077a054da6772c6f4d625f335cc53ebf94d", + "sha256:de454f1015958450b72641165c08afe7023cd7e3944396448f2fb1b0ccba9d77" + ], + "index": "pypi", + "version": "==0.13.1" + } + }, + "develop": {} +} diff --git a/VERSION b/VERSION index 5413747c68..31265f292c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -11.10.5 +11.10.8 diff --git a/app/assets/images/select2-spinner.gif b/app/assets/images/select2-spinner.gif new file mode 100644 index 0000000000..5b33f7e54f Binary files /dev/null and b/app/assets/images/select2-spinner.gif differ diff --git a/app/assets/images/select2.png b/app/assets/images/select2.png new file mode 100644 index 0000000000..1d804ffb99 Binary files /dev/null and b/app/assets/images/select2.png differ diff --git a/app/assets/images/select2x2.png b/app/assets/images/select2x2.png new file mode 100644 index 0000000000..4bdd5c961d Binary files /dev/null and b/app/assets/images/select2x2.png differ diff --git a/app/assets/javascripts/api.js b/app/assets/javascripts/api.js index 85eb08cc97..8754c25388 100644 --- a/app/assets/javascripts/api.js +++ b/app/assets/javascripts/api.js @@ -12,6 +12,7 @@ const Api = { projectsPath: '/api/:version/projects.json', projectPath: '/api/:version/projects/:id', projectLabelsPath: '/:namespace_path/:project_path/labels', + projectMergeRequestsPath: '/api/:version/projects/:id/merge_requests', projectMergeRequestPath: '/api/:version/projects/:id/merge_requests/:mrid', projectMergeRequestChangesPath: '/api/:version/projects/:id/merge_requests/:mrid/changes', projectMergeRequestVersionsPath: '/api/:version/projects/:id/merge_requests/:mrid/versions', @@ -111,6 +112,22 @@ const Api = { return axios.get(url); }, + /** + * Get all Merge Requests for a project, eventually filtering based on + * supplied parameters + * @param projectPath + * @param params + * @returns {Promise} + */ + projectMergeRequests(projectPath, params = {}) { + const url = Api.buildUrl(Api.projectMergeRequestsPath).replace( + ':id', + encodeURIComponent(projectPath), + ); + + return axios.get(url, { params }); + }, + // Return Merge Request for project projectMergeRequest(projectPath, mergeRequestId, params = {}) { const url = Api.buildUrl(Api.projectMergeRequestPath) diff --git a/app/assets/javascripts/group_avatar.js b/app/assets/javascripts/avatar_picker.js similarity index 54% rename from app/assets/javascripts/group_avatar.js rename to app/assets/javascripts/avatar_picker.js index dcda625f58..d38e0b4aba 100644 --- a/app/assets/javascripts/group_avatar.js +++ b/app/assets/javascripts/avatar_picker.js @@ -1,11 +1,12 @@ import $ from 'jquery'; -export default function groupAvatar() { - $('.js-choose-group-avatar-button').on('click', function onClickGroupAvatar() { +export default function initAvatarPicker() { + $('.js-choose-avatar-button').on('click', function onClickAvatar() { const form = $(this).closest('form'); - return form.find('.js-group-avatar-input').click(); + return form.find('.js-avatar-input').click(); }); - $('.js-group-avatar-input').on('change', function onChangeAvatarInput() { + + $('.js-avatar-input').on('change', function onChangeAvatarInput() { const form = $(this).closest('form'); const filename = $(this) .val() diff --git a/app/assets/javascripts/awards_handler.js b/app/assets/javascripts/awards_handler.js index 73ce3e760a..743f11625b 100644 --- a/app/assets/javascripts/awards_handler.js +++ b/app/assets/javascripts/awards_handler.js @@ -8,6 +8,7 @@ import { updateTooltipTitle } from './lib/utils/common_utils'; import { isInVueNoteablePage } from './lib/utils/dom_utils'; import flash from './flash'; import axios from './lib/utils/axios_utils'; +import bp from './breakpoints'; const animationEndEventString = 'animationend webkitAnimationEnd MSAnimationEnd oAnimationEnd'; const transitionEndEventString = 'transitionend webkitTransitionEnd oTransitionEnd MSTransitionEnd'; @@ -264,7 +265,10 @@ export class AwardsHandler { const css = { top: `${$addBtn.offset().top + $addBtn.outerHeight()}px`, }; - if (position === 'right') { + // for xs screen we position the element on center + if (bp.getBreakpointSize() === 'xs') { + css.left = '5%'; + } else if (position === 'right') { css.left = `${$addBtn.offset().left - $menu.outerWidth() + 20}px`; $menu.addClass('is-aligned-right'); } else { diff --git a/app/assets/javascripts/badges/components/badge_form.vue b/app/assets/javascripts/badges/components/badge_form.vue index 85a15b38de..df74eb2c2f 100644 --- a/app/assets/javascripts/badges/components/badge_form.vue +++ b/app/assets/javascripts/badges/components/badge_form.vue @@ -90,7 +90,7 @@ export default { }, badgeImageUrlExample() { const exampleUrl = - 'https://example.gitlab.com/%{project_path}/badges/%{default_branch}/badge.svg'; + 'https://example.gitlab.com/%{project_path}/badges/%{default_branch}/pipeline.svg'; return sprintf(s__('Badges|e.g. %{exampleUrl}'), { exampleUrl, }); diff --git a/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js b/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js index 9482a9f166..318b7f77c7 100644 --- a/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js +++ b/app/assets/javascripts/behaviors/markdown/copy_as_gfm.js @@ -10,10 +10,10 @@ export class CopyAsGFM { const isIOS = /\b(iPad|iPhone|iPod)(?=;)/.test(userAgent); if (isIOS) return; - $(document).on('copy', '.md, .wiki', e => { + $(document).on('copy', '.md', e => { CopyAsGFM.copyAsGFM(e, CopyAsGFM.transformGFMSelection); }); - $(document).on('copy', 'pre.code.highlight, .diff-content .line_content', e => { + $(document).on('copy', 'pre.code.highlight, table.code td.line_content', e => { CopyAsGFM.copyAsGFM(e, CopyAsGFM.transformCodeSelection); }); $(document).on('paste', '.js-gfm-input', CopyAsGFM.pasteGFM); @@ -99,7 +99,7 @@ export class CopyAsGFM { } static transformGFMSelection(documentFragment) { - const gfmElements = documentFragment.querySelectorAll('.md, .wiki'); + const gfmElements = documentFragment.querySelectorAll('.md'); switch (gfmElements.length) { case 0: { return documentFragment; @@ -173,7 +173,9 @@ export class CopyAsGFM { wrapEl.appendChild(node.cloneNode(true)); const doc = DOMParser.fromSchema(schema.default).parse(wrapEl); - const res = markdownSerializer.default.serialize(doc); + const res = markdownSerializer.default.serialize(doc, { + tightLists: true, + }); return res; }) .catch(() => {}); diff --git a/app/assets/javascripts/behaviors/markdown/render_gfm.js b/app/assets/javascripts/behaviors/markdown/render_gfm.js index fc9286d15e..bfb073fdcd 100644 --- a/app/assets/javascripts/behaviors/markdown/render_gfm.js +++ b/app/assets/javascripts/behaviors/markdown/render_gfm.js @@ -4,6 +4,7 @@ import renderMath from './render_math'; import renderMermaid from './render_mermaid'; import highlightCurrentUser from './highlight_current_user'; import initUserPopovers from '../../user_popovers'; +import initMRPopovers from '../../mr_popover'; // Render GitLab flavoured Markdown // @@ -15,6 +16,7 @@ $.fn.renderGFM = function renderGFM() { renderMermaid(this.find('.js-render-mermaid')); highlightCurrentUser(this.find('.gfm-project_member').get()); initUserPopovers(this.find('.gfm-project_member').get()); + initMRPopovers(this.find('.gfm-merge_request').get()); return this; }; diff --git a/app/assets/javascripts/behaviors/shortcuts/shortcuts_issuable.js b/app/assets/javascripts/behaviors/shortcuts/shortcuts_issuable.js index 680f203140..670f66b005 100644 --- a/app/assets/javascripts/behaviors/shortcuts/shortcuts_issuable.js +++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts_issuable.js @@ -37,7 +37,7 @@ export default class ShortcutsIssuable extends Shortcuts { } // Sanity check: Make sure the selected text comes from a discussion : it can either contain a message... - let foundMessage = !!documentFragment.querySelector('.md, .wiki'); + let foundMessage = !!documentFragment.querySelector('.md'); // ... Or come from a message if (!foundMessage) { @@ -46,7 +46,7 @@ export default class ShortcutsIssuable extends Shortcuts { let node = e; do { // Text nodes don't define the `matches` method - if (node.matches && node.matches('.md, .wiki')) { + if (node.matches && node.matches('.md')) { foundMessage = true; } node = node.parentNode; diff --git a/app/assets/javascripts/blob_edit/blob_bundle.js b/app/assets/javascripts/blob_edit/blob_bundle.js index 5f64175362..6aaf5bf729 100644 --- a/app/assets/javascripts/blob_edit/blob_bundle.js +++ b/app/assets/javascripts/blob_edit/blob_bundle.js @@ -13,7 +13,7 @@ export default () => { if (editBlobForm.length) { const urlRoot = editBlobForm.data('relativeUrlRoot'); const assetsPath = editBlobForm.data('assetsPrefix'); - const filePath = editBlobForm.data('blobFilename'); + const filePath = `${editBlobForm.data('blobFilename')}`; const currentAction = $('.js-file-title').data('currentAction'); const projectId = editBlobForm.data('project-id'); const isMarkdown = editBlobForm.data('is-markdown'); diff --git a/app/assets/javascripts/boards/components/board.js b/app/assets/javascripts/boards/components/board.js index fb6e5291a6..45b9e57f9a 100644 --- a/app/assets/javascripts/boards/components/board.js +++ b/app/assets/javascripts/boards/components/board.js @@ -54,7 +54,10 @@ export default Vue.extend({ return `${n__('%d issue', '%d issues', issuesSize)}`; }, isNewIssueShown() { - return this.list.type === 'backlog' || (!this.disabled && this.list.type !== 'closed'); + return ( + this.list.type === 'backlog' || + (!this.disabled && this.list.type !== 'closed' && this.list.type !== 'blank') + ); }, }, watch: { diff --git a/app/assets/javascripts/boards/components/issue_card_inner.vue b/app/assets/javascripts/boards/components/issue_card_inner.vue index 90ab3a7634..206573dd44 100644 --- a/app/assets/javascripts/boards/components/issue_card_inner.vue +++ b/app/assets/javascripts/boards/components/issue_card_inner.vue @@ -1,4 +1,5 @@ @@ -247,31 +279,36 @@ export default { -
+
{{ - s__(`ClusterIntegration|GitLab Runner connects to this - project's repository and executes CI/CD jobs, - pushing results back and deploying, + s__(`ClusterIntegration|GitLab Runner connects to the + repository and executes CI/CD jobs, + pushing results back and deploying applications to production.`) }}
@@ -401,7 +439,7 @@ export default { }}

-