diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..f1c41c9bb7 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +Dangerfile gitlab-language=ruby diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 70f5351a91..fd02d72b4c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-golang-1.9-git-2.17-chrome-67.0-node-8.x-yarn-1.2-postgresql-9.6-graphicsmagick-1.3.29" +image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-golang-1.9-git-2.18-chrome-67.0-node-8.x-yarn-1.2-postgresql-9.6-graphicsmagick-1.3.29" .dedicated-runner: &dedicated-runner retry: 1 @@ -86,7 +86,9 @@ stages: .rails5: &rails5 allow_failure: true only: - - /rails5/ + variables: + - $CI_COMMIT_REF_NAME =~ /rails5/ + - $RAILS5_ENABLED variables: BUNDLE_GEMFILE: "Gemfile.rails5" RAILS5: "true" @@ -436,6 +438,26 @@ setup-test-env: - config/secrets.yml - vendor/gitaly-ruby +danger-review: + image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger + stage: test + allow_failure: true + cache: {} + dependencies: [] + before_script: [] + only: + variables: + - $DANGER_GITLAB_API_TOKEN + except: + refs: + - master + variables: + - $CI_COMMIT_REF_NAME =~ /^ce-to-ee-.*/ + - $CI_COMMIT_REF_NAME =~ /.*-stable(-ee)?-prepare-.*/ + script: + - git version + - danger --fail-on-errors=true + rspec-pg 0 30: *rspec-metadata-pg rspec-pg 1 30: *rspec-metadata-pg rspec-pg 2 30: *rspec-metadata-pg diff --git a/.gitlab/merge_request_templates/Database changes.md b/.gitlab/merge_request_templates/Database changes.md index d14d52e1b6..e636ec313d 100644 --- a/.gitlab/merge_request_templates/Database changes.md +++ b/.gitlab/merge_request_templates/Database changes.md @@ -34,17 +34,17 @@ When removing columns, tables, indexes or other structures: ## General checklist - [ ] [Changelog entry](https://docs.gitlab.com/ee/development/changelog.html) added, if necessary -- [ ] [Documentation created/updated](https://docs.gitlab.com/ee/development/doc_styleguide.html) -- [ ] API support added -- [ ] Tests added for this feature/bug -- Conform by the [code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - - [ ] Has been reviewed by a Backend maintainer - - [ ] Has been reviewed by a Database specialist -- [ ] Conform by the [merge request performance guides](https://docs.gitlab.com/ee/development/merge_request_performance_guidelines.html) -- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/CONTRIBUTING.md#style-guides) +- [ ] [Documentation created/updated](https://docs.gitlab.com/ee/development/documentation/index.html#contributing-to-docs) +- [ ] [API support added](https://docs.gitlab.com/ee/development/api_styleguide.html) +- [ ] [Tests added for this feature/bug](https://docs.gitlab.com/ee/development/testing_guide/index.html) +- Conforms to the [code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) + - [ ] Has been reviewed by a Backend [maintainer](https://about.gitlab.com/handbook/engineering/#maintainer) + - [ ] Has been reviewed by a Database [specialist](https://about.gitlab.com/team/structure/#specialist) +- [ ] Conforms to the [merge request performance guidelines](https://docs.gitlab.com/ee/development/merge_request_performance_guidelines.html) +- [ ] Conforms to the [style guides](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/CONTRIBUTING.md#style-guides) - [ ] If you have multiple commits, please combine them into a few logically organized commits by [squashing them](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) -- [ ] Internationalization required/considered -- [ ] If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan -- [ ] End-to-end tests pass (`package-and-qa` manual pipeline job) +- [ ] [Internationalization required/considered](https://docs.gitlab.com/ee/development/i18n/index.html) +- [ ] For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? +- [ ] [End-to-end tests](https://docs.gitlab.com/ee/development/testing_guide/end_to_end_tests.html#testing-code-in-merge-requests) pass (`package-and-qa` manual pipeline job) /label ~database diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index da38a703c3..531035b376 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -1,4 +1,4 @@ - + ## What does this MR do? @@ -13,17 +13,17 @@ Closes ## Moving docs to a new location? Read the guidelines: -https://docs.gitlab.com/ce/development/writing_documentation.html#changing-document-location +https://docs.gitlab.com/ee/development/documentation/#changing-document-location - [ ] Make sure the old link is not removed and has its contents replaced with a link to the new location. - [ ] Make sure internal links pointing to the document in question are not broken. -- [ ] Search and replace any links referring to old docs in GitLab Rails app, - specifically under the `app/views/` and `ee/app/views` (for GitLab EE) directories. -- [ ] Make sure to add [`redirect_from`](https://docs.gitlab.com/ce/development/writing_documentation.html#redirections-for-pages-with-disqus-comments) +- [ ] Search and replace any links referring to the old docs in the GitLab Rails app, + specifically under the `app/views/` and `ee/app/views` (for GitLab EE) directories. +- [ ] Make sure to add [`redirect_from`](https://docs.gitlab.com/ee/development/documentation/index.html#redirections-for-pages-with-disqus-comments) to the new document if there are any Disqus comments on the old document thread. -- [ ] If working on CE and the `ee-compat-check` jobs fails, submit an MR to EE - with the changes as well (https://docs.gitlab.com/ce/development/writing_documentation.html#cherry-picking-from-ce-to-ee). +- [ ] If working on CE and the `ee-compat-check` jobs fails, [submit an MR to EE + with the changes](https://docs.gitlab.com/ee/development/documentation/index.html#cherry-picking-from-ce-to-ee) as well. - [ ] Ping one of the technical writers for review. /label ~Documentation diff --git a/.rubocop.yml b/.rubocop.yml index 0582bfe8d7..c8b1ce327e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -10,9 +10,9 @@ AllCops: Exclude: - 'vendor/**/*' - 'node_modules/**/*' - - 'db/**/*' - 'db/fixtures/**/*' - - 'ee/db/**/*' + - 'db/schema.rb' + - 'ee/db/geo/schema.rb' - 'tmp/**/*' - 'bin/**/*' - 'generator_templates/**/*' @@ -34,6 +34,8 @@ Style/MutableConstant: Naming/FileName: ExpectMatchingDefinition: true Exclude: + - 'db/**/*' + - 'ee/db/**/*' - 'spec/**/*' - 'features/**/*' - 'ee/spec/**/*' diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 3e1713f845..8a1ca6747a 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -199,12 +199,6 @@ Naming/HeredocDelimiterCase: Naming/HeredocDelimiterNaming: Enabled: false -# Offense count: 27 -# Cop supports --auto-correct. -# Configuration parameters: AutoCorrect. -Performance/HashEachMethods: - Enabled: false - # Offense count: 1 Performance/UnfreezeString: Exclude: diff --git a/CHANGELOG.md b/CHANGELOG.md index 7aef16f162..41c3450370 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,16 +2,38 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. -## 11.1.8 (2018-10-05) +## 11.2.8 (2018-10-31) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.2.7 (2018-10-27) + +- No changes. + +## 11.2.6 (2018-10-26) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2558 +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Persist only SHA digest of PersonalAccessToken#token. +- Prevent SSRF attacks in HipChat integration. + + +## 11.2.5 (2018-10-05) ### Security (3 changes) -- Filter user sensitive data from discussions JSON. !2539 +- Filter user sensitive data from discussions JSON. !2538 - Properly filter private references from system notes. - Markdown API no longer displays confidential title references unless authorized. -## 11.1.7 (2018-09-26) +## 11.2.4 (2018-09-26) ### Security (6 changes) @@ -23,11 +45,11 @@ entry. - Block loopback addresses in UrlBlocker. -## 11.1.6 (2018-08-28) +## 11.2.3 (2018-08-28) - No changes. -## 11.1.5 (2018-08-27) +## 11.2.2 (2018-08-27) ### Security (3 changes) @@ -35,32 +57,271 @@ entry. - Adding CSRF protection to Hooks resend action. - Block link-local addresses in URLBlocker. -### Fixed (1 change, 1 of them is from the community) +## 11.2.1 (2018-08-22) + +### Fixed (2 changes) + +- Fix wrong commit count in push event payload. !21338 +- Fix broken Git over HTTP clones with LDAP users. !21352 + +### Performance (1 change) + +- Eliminate unnecessary and duplicate system hook fires. !21337 + + +## 11.2.0 (2018-08-22) + +### Security (5 changes) + +- Bump Gitaly to 0.117.1 for Rouge update. !21277 +- Fix symlink vulnerability in project import. +- Bump rugged to 0.27.4 for security fixes. +- Fixed XSS in branch name in Web IDE. +- Adding CSRF protection to Hooks test action. + +### Removed (1 change) + +- Remove gitlab:user:check_repos, gitlab:check_repo, gitlab:git:prune, gitlab:git:gc, and gitlab:git:repack. !20806 + +### Fixed (81 changes, 26 of them are from the community) + +- Fix namespace move callback behavior, especially to fix Geo replication of namespace moves during certain exceptions. !19297 +- Fix breadcrumbs in Admin/User interface. !19608 (Robin Naundorf) +- Remove changes_count from MR API documentation where necessary. !19745 (Jan Beckmann) +- Fix email confirmation bug when user adds additional email to account. !20084 (muhammadn) +- Add support for daylight savings time to pipleline schedules. !20145 +- Fixing milestone date change when editing. !20279 (Orlando Del Aguila) +- Add missing maximum_timeout parameter. !20355 (gfyoung) +- [Rails5] Fix 'Invalid single-table inheritance type: Group is not a subclass of Gitlab::BackgroundMigration::FixCrossProjectLabelLinks::Namespace'. !20462 (@blackst0ne) +- Rails5 fix mysql milliseconds problem in specs. !20464 (Jasper Maes) +- Update Gemfile.rails5.lock with latest Gemfile.lock changes. !20466 (Jasper Maes) +- Rails5 mysql fix milliseconds problem in pull request importer spec. !20475 (Jasper Maes) +- Rails5 MySQL fix rename_column as part of cleanup_concurrent_column_type_change. !20514 (Jasper Maes) +- Process commits as normal in forks when the upstream project is deleted. !20534 +- Fix project visibility tooltip. !20535 (Jamie Schembri) +- Fix archived parameter for projects API. !20566 (Peter Marko) +- Limit maximum project build timeout setting to 1 month. !20591 +- Fix GitLab project imports not loading due to API timeouts. !20599 +- Avoid process deadlock in popen by consuming input pipes. !20600 +- Disable SAML and Bitbucket if OmniAuth is disabled. !20608 +- Support multiple scopes when authing container registry scopes. !20617 +- Adds the ability to view group milestones on the dashboard milestone page. !20618 +- Allow issues API to receive an internal ID (iid) on create. !20626 (Jamie Schembri) +- Fix typo in CSS transform property for Memory Graph component. !20650 +- Update design for system metrics popovers. !20655 +- Toggle Show / Hide Button for Kubernetes Password. !20659 (gfyoung) +- Board label edit dropdown shows incorrect selected labels summary. !20673 +- Resolve "Unable to save user profile update with Safari". !20676 +- Escape username and password in UrlSanitizer#full_url. !20684 +- Remove background color from card-body style. !20689 (George Tsiolis) +- Update total storage size when changing size of artifacts. !20697 (Peter Marko) +- Rails5 fix user sees revert modal spec. !20706 (Jasper Maes) +- Fix Web IDE crashing on directories named 'blob'. !20712 +- Fix accessing imported pipeline builds. !20713 +- Fixed bug with invalid repository reference using the wiki search. !20722 +- Resolve Copy diff file path as GFM is broken. !20725 +- Chart versions for applications installed by one click install buttons should be version locked. !20765 +- Fix misalignment of broadcast message on login page. !20794 (Robin Naundorf) +- Fix Vue datatype errors for markdownVersion parsing. !20800 +- Fix authorization for interactive web terminals. !20811 +- Increase width of Web IDE sidebar resize handles. !20818 +- Fix new MR card styles. !20822 +- Fix link color in markdown code brackets. !20841 +- Rails5 update Gemfile.rails5.lock. !20858 (Jasper Maes) +- fix height of full-width Metrics charts on large screens. !20866 +- Fix sorting by name on milestones page. !20881 +- Permit concurrent loads in gpg keychain mutex. !20894 (Jasper Maes) +- Prevent editing and updating wiki pages with non UTF-8 encoding via web interface. !20906 +- Retrieve merge request closing issues from database cache. !20911 +- Fix LFS uploads not working with git-lfs 2.5.0. !20923 +- Fix bug setting http headers in Files API. !20938 +- Rails5: fix flaky spec. !20953 (Jasper Maes) +- Fixed list of projects not loading in group boards. !20955 +- Fix autosave and ESC confirmation issues for MR discussions. !20968 +- Fix navigation to First and Next discussion on MR Changes tab. !20968 +- Fix rendering of the context lines in MR diffs page. !20968 +- fix error caused when using the search bar while unauthenticated. !20970 +- Fix GPG status badge loading regressions. !20987 +- Ensure links in notifications footer are not escaped. !21000 +- Rails5: update Rails5 lock for forgotten gem rouge. !21010 (Jasper Maes) +- Fix UI error whereby prometheus application status is updated. !21029 +- Solves group dashboard line height is too tall for group names. !21033 +- Fix rendering of pipeline failure view when directly navigationg to it. !21043 +- Fix missing and duplicates on project milestone listing page. !21058 +- Fix merge requests not showing any diff files for big patches. !21125 +- Auto-DevOps.gitlab-ci.yml: Update glibc package signing key URL. !21182 (sgerrand) +- Fix issue stopping Instance Statistics javascript to be executed. !21211 +- Fix broken JavaScript in IE11. !21214 +- Improve JUnit test reports in merge request widgets. !49966 +- Properly handle colons in URL passwords. +- Renders test reports for resolved failures and resets error state. +- Fix handling of annotated tags when Gitaly is not in use. +- Fix serialization of LegacyDiffNote. +- Escapes milestone and label's names on flash notice when promoting them. +- Allow to toggle notifications for issues due soon. - Sanitize git URL in import errors. (Jamie Schembri) +- Add missing predefined variable and fix docs. +- Allow updating a project's avatar without other params. (Jamie Schembri) +- Fix the UI for listing system-level labels. +- Update hamlit to fix ruby 2.5 incompatibilities, fixes #42045. (Matthew Dawson) +- Fix updated_at if created_at is set for Note API. +- Fix search bar text input alignment. + +### Changed (32 changes, 7 of them are from the community) + +- Rack attack is now disabled by default. !16669 +- Include full image URL in webhooks for uploaded images. !18109 (Satish Perala) +- Enable hashed storage for all newly created or renamed projects. !19747 +- Support manually stopping any environment from the UI. !20077 +- Close revert and cherry pick modal on escape keypress. !20341 (George Tsiolis) +- Adds with_projects optional parameter to GET /groups/:id API endpoint. !20494 +- Improve feedback when a developer is unable to push to an empty repository. !20519 +- Display GPG status on repository and blob pages. !20524 +- Updated design of new entry dropdown in Web IDE. !20526 +- UX improvements to top nav search bar. !20537 +- Update issue closing pattern. !20554 (George Tsiolis) +- Add merge request header branch actions left margin. !20643 (George Tsiolis) +- Rubix, scikit-learn, tensorflow & other useful libraries pre-installed with JupyterHub. !20714 (Amit Rathi) +- Show decimal place up to single digit in Stacked Progress Bar. !20776 +- Wrap job name on pipeline job sidebar. !20804 (George Tsiolis) +- Redesign Web IDE back button and context header. !20850 +- Removes "show all" on reports and adds an actionButtons slot. !20855 +- Put fallback reply-key address first in the References header. !20871 +- Allow non-admins to view instance statistics (if permitted by the instance admins). !20874 +- Adds the project and group name to the return type for project and group milestones. !20890 +- Restyle status message input on profile settings. !20903 +- Ensure installed Helm Tiller For GitLab Managed Apps Is protected by mutual auth. !20928 +- Allow multiple JIRA transition ids. !20939 +- Use Helm 2.7.2 for GitLab Managed Apps. !20956 +- Create branch and MR picker for Web IDE. !20978 +- Update commit message styles with monospace font and overflow-x. !20988 +- Update to Rouge 3.2.0, including Terraform and Crystal lexer and bug fixes. !20991 +- Update design of project templates. !21012 +- Update to Rouge 3.2.1, which includes a critical fix to the Perl Lexer. !21263 +- Add a 10 ms bucket for SQL timings. +- Show one digit after dot in commit_per_day value in charts page. (msdundar) +- Redesign GCP offer banner. + +### Performance (30 changes, 10 of them are from the community) + +- Stop dynamically creating project and namespace routes. !20313 +- Tracking the number of repositories and wikis with a cached counter for site-wide statistics. !20413 +- Optimize ProjectWiki#empty? check. !20573 +- Delete UserActivities and related workers. !20597 +- Enable frozen string in app/services/**/*.rb. !20656 (gfyoung) +- Enable more frozen string in app/services/**/*.rb. !20677 (gfyoung) +- Limit the TTL for anonymous sessions to 1 hour. !20700 +- Enable even more frozen string in app/services/**/*.rb. !20702 (gfyoung) +- Enable frozen string in app/serializers/**/*.rb. !20726 (gfyoung) +- Enable frozen string in newly added files to previously processed directories. !20763 (gfyoung) +- Use limit parameter to retrieve Wikis from Gitaly. !20764 +- Add Dangerfile for frozen_string_literal. !20767 (gfyoung) +- Remove method instrumentation for Banzai filters and reference parsers. !20770 +- Enable frozen strings in lib/banzai/filter/*.rb. !20775 +- Enable frozen strings in remaining lib/banzai/filter/*.rb files. !20777 +- DNS prefetching if asset_host for CDN hosting is set. !20781 +- Bump nokogiri to 1.8.4 and sanitize to 4.6.6 for performance. !20795 +- Enable frozen string in app/presenters and app/policies. !20819 (gfyoung) +- Bump haml gem to 5.0.4. !20847 +- Enable frozen string in app/models/*.rb. !20851 (gfyoung) +- Performing Commit GPG signature calculation in bulk. !20870 +- Fix /admin/jobs failing to load due to statement timeout. !20909 +- refactor pipeline job log animation to reduce CPU usage. !20915 +- Improve performance when fetching collapsed diffs and commenting in merge requests. !20940 +- Enable frozen string for app/models/**/*.rb. !21001 (gfyoung) +- Don't set gon variables in JSON requests. !21016 (Peter Leitzen) +- Improve performance and memory footprint of Changes tab of Merge Requests. !21028 +- Avoid N+1 on MRs page when metrics merging date cannot be found. !21053 +- Bump Gitaly to 0.117.0. !21055 +- Access metadata directly from Object Storage. + +### Added (41 changes, 18 of them are from the community) + +- Show repository languages for projects. !19480 +- Adds API endpoint /api/v4/(project/group)/:id/members/all to list also inherited members. !19748 (Jacopo Beschi @jacopo-beschi) +- Added live preview for JavaScript projects in the Web IDE. !19764 +- Add support for SSH certificate authentication. !19911 (Ævar Arnfjörð Bjarmason) +- Add Hangouts Chat integration. !20290 (Kukovskii Vladimir) +- Add ability to import multiple repositories by uploading a manifest file. !20304 +- Show Project ID on project home panel. !20305 (Tuğçe Nur Taş) +- Add an option to have a private profile on GitLab. !20387 (jxterry) +- Extend gitlab-ci.yml to request junit.xml test reports. !20390 +- Add the first mutations for merge requests to GraphQL. !20443 +- Add /-/health basic health check endpoint. !20456 +- Add filter for minimal access level in groups and projects API. !20478 (Marko, Peter) +- Add download button for single file (including raw files) in repository. !20480 (Kia Mei Somabes) +- Gitaly Servers link into Admin > Overview navigation menu. !20550 +- Adds foreign key to notification_settings.user_id. !20567 (Jacopo Beschi @jacopo-beschi) +- JUnit XML Test Summary In MR widget. !20576 +- Cleans up display of Deploy Tokens to match Personal Access Tokens. !20578 (Marcel Amirault) +- Users can set a status message and emoji. !20614 (niedermyer & davamr) +- Add emails delivery Prometheus metrics. !20638 +- Verify runner feature set. !20664 +- Add more comprehensive metrics tracking authentication activity. !20668 +- Add support for tar.gz AUTO_DEVOPS_CHART charts (#49324). !20691 (@kondi1) +- Adds Vuex store for reports section in MR widget. !20709 +- Redirect commits to root if no ref is provided (31576). !20738 (Kia Mei Somabes) +- Search for labels by title or description on project labels page. !20749 +- Add object storage logic to project import. !20773 +- Enable renaming files and folders in Web IDE. !20835 +- Warn user when reload IDE with staged changes. !20857 +- Add local project uploads cleanup task. !20863 +- Improve error message when adding invalid user to a project. !20885 (Jacopo Beschi @jacopo-beschi) +- Add link to homepage on static http status pages (404, 500, etc). !20898 (Jason Funk) +- Clean orphaned files in object storage. !20918 +- Adds frontend support to render test reports on the MR widget. !20936 +- Trigger system hooks when project is archived/unarchived. !20995 +- Custom Wiki Sidebar Support Issue 14995. (Josh Sooter) +- Emails on push recipients now accepts formats like John Doe . (George Thomas) +- Add new model for tracking label events. +- Improve danger confirmation modals by focusing input field. (Jamie Schembri) +- Clicking CI icon in Web IDE now opens up pipelines panel. +- Enabled deletion of files in the Web IDE. +- Added button to regenerate 2FA codes. (Luke Picciau) + +### Other (26 changes, 7 of them are from the community) + +- Update specific runners help URL. !20213 (George Tsiolis) +- Enable frozen string in apps/uploaders/*.rb. !20401 (gfyoung) +- Update docs of Helm Tiller. !20515 (Takuya Noguchi) +- Persist 'Auto DevOps' banner dismissal globally. !20540 +- Move xterm to a node dependency and remove it from vendor's folder. !20588 +- Upgrade grape-path-helpers to 1.0.6. !20601 +- Delete todos when user loses access to read the target. !20665 +- Remove tooltips from commit author avatar and name in commit lists. !20674 +- Allow cloning LFS repositories through DeployTokens. !20729 +- Replace 'Sidekiq::Testing.inline!' with 'perform_enqueued_jobs'. !20768 (@blackst0ne) +- Replace author_link snake case in stylesheets, specs, and helpers. !20797 (George Tsiolis) +- Replace snake case in SCSS variables. !20799 (George Tsiolis) +- Add rbtrace to Gemfile. !20831 +- Add support for searching users by confirmed e-mails. !20893 +- Changes poll.js to keep polling on any 2xx http status code. !20904 +- Remove todos of users without access to targets migration. !20927 +- Improve and simplify Auto DevOps settings flow. !20946 +- Keep admin settings sections open after submitting forms. !21040 +- CE port of "List groups with developer maintainer access on project creation". !21051 +- Update git rerere link in docs. !21060 (gfyoung) +- Add 'tabindex' attribute support on Icon component to show BS4 popover on trigger type 'focus'. !21066 +- Add a Gitlab::Profiler.print_by_total_time convenience method for profiling from a Rails console. +- Automatically expand runner's settings block when linking to the runner's settings page. +- Increases title column on modal for reports. +- Disables toggle comments button if diff has no discussions. +- Moves help_popover component to a common location. ## 11.1.4 (2018-07-30) -- No changes. - -## 11.1.3 (2018-07-27) - -### Fixed (8 changes, 1 of them is from the community) +### Fixed (4 changes, 1 of them is from the community) - Rework some projects table indexes around repository_storage field. !20377 -- Fix navigation to First and Next discussion on MR Changes tab. !20434 -- Fix showing outdated discussions on Changes tab. !20445 -- Fix autosave and ESC confirmation issues for MR discussions. !20569 -- Fix rendering of the context lines in MR diffs page. !20642 - Don't overflow project/group dropdown results. !20704 (gfyoung) - Fixed IDE not opening JSON files. !20798 - Disable Gitaly timeouts when creating or restoring backups. !20810 -### Performance (1 change) - -- Reduces the client side memory footprint on merge requests. !20744 +## 11.1.3 (2018-07-27) +- Not released. ## 11.1.2 (2018-07-26) @@ -331,6 +592,27 @@ entry. - Use monospaced font for MR diff commit link ref on GFM. +## 11.0.5 (2018-07-26) + +### Security (4 changes) + +- Don't expose project names in various counters. +- Don't expose project names in GitHub counters. +- Adding CSRF protection to Hooks test action. +- Fixed XSS in branch name in Web IDE. + +### Fixed (1 change) + +- Escapes milestone and label's names on flash notice when promoting them. + + +## 11.0.4 (2018-07-17) + +### Security (1 change) + +- Fix symlink vulnerability in project import. + + ## 11.0.3 (2018-07-05) ### Fixed (14 changes, 1 of them is from the community) @@ -624,6 +906,14 @@ entry. - Workhorse to send raw diff and patch for commits. +## 10.8.6 (2018-07-17) + +### Security (2 changes) + +- Fix symlink vulnerability in project import. +- Merge branch 'fix-mr-widget-border' into 'master'. + + ## 10.8.5 (2018-06-21) ### Security (5 changes) @@ -853,6 +1143,13 @@ entry. - Gitaly handles repository forks by default. +## 10.7.7 (2018-07-17) + +### Security (1 change) + +- Fix symlink vulnerability in project import. + + ## 10.7.6 (2018-06-21) ### Security (6 changes) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fd4e769ece..0bf8cba76f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,6 +50,7 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._ - [Definition of done](#definition-of-done) - [Style guides](#style-guides) - [Code of conduct](#code-of-conduct) +- [Contribution Flow](#contribution-flow) @@ -132,7 +133,7 @@ Most issues will have labels for at least one of the following: - Type: ~"feature proposal", ~bug, ~customer, etc. - Subject: ~wiki, ~"container registry", ~ldap, ~api, ~frontend, etc. -- Team: ~"CI/CD", ~Discussion, ~Quality, ~Platform, etc. +- Team: ~"CI/CD", ~Plan, ~Manage, ~Quality, etc. - Release Scoping: ~Deliverable, ~Stretch, ~"Next Patch Release" - Priority: ~P1, ~P2, ~P3, ~P4 - Severity: ~S1, ~S2, ~S3, ~S4 @@ -186,16 +187,17 @@ The current team labels are: - ~Configuration - ~"CI/CD" -- ~Discussion +- ~Create - ~Distribution - ~Documentation - ~Geo - ~Gitaly +- ~Manage - ~Monitoring -- ~Platform +- ~Plan - ~Quality - ~Release -- ~"Security Products" +- ~Secure - ~UX The descriptions on the [labels page][labels-page] explain what falls under the @@ -225,24 +227,24 @@ Each issue scheduled for the current milestone should be labeled ~Deliverable or ~"Stretch". Any open issue for a previous milestone should be labeled ~"Next Patch Release", or otherwise rescheduled to a different milestone. -### Bug Priority labels +### Priority labels -Bug Priority labels help us define the time a ~bug fix should be completed. Priority determines how quickly the defect turnaround time must be. +Priority labels help us define the time a ~bug fix should be completed. Priority determines how quickly the defect turnaround time must be. If there are multiple defects, the priority decides which defect has to be fixed immediately versus later. This label documents the planned timeline & urgency which is used to measure against our actual SLA on delivering ~bug fixes. -| Label | Meaning | Estimate time to fix | Guidance | -|-------|-----------------|------------------------------------------------------------------|----------| -| ~P1 | Urgent Priority | The current release + potentially immediate hotfix to GitLab.com | | -| ~P2 | High Priority | The next release | | -| ~P3 | Medium Priority | Within the next 3 releases (approx one quarter) | | -| ~P4 | Low Priority | Anything outside the next 3 releases (approx beyond one quarter) | The issue is prominent but does not impact user workflow and a workaround is documented | +| Label | Meaning | Estimate time to fix | +|-------|-----------------|------------------------------------------------------------------| +| ~P1 | Urgent Priority | The current release + potentially immediate hotfix to GitLab.com | +| ~P2 | High Priority | The next release | +| ~P3 | Medium Priority | Within the next 3 releases (approx one quarter) | +| ~P4 | Low Priority | Anything outside the next 3 releases (approx beyond one quarter) | -### Bug Severity labels +### Severity labels Severity labels help us clearly communicate the impact of a ~bug on users. -| Label | Meaning | Impact of the defect | Example | +| Label | Meaning | Impact on Functionality | Example | |-------|-------------------|-------------------------------------------------------|---------| | ~S1 | Blocker | Outage, broken feature with no workaround | Unable to create an issue. Data corruption/loss. Security breach. | | ~S2 | Critical Severity | Broken Feature, workaround too complex & unacceptable | Can push commits, but only via the command line. | @@ -251,12 +253,14 @@ Severity labels help us clearly communicate the impact of a ~bug on users. #### Severity impact guidance -| Label | Security Impact | Availability / Performance Impact | -|-------|---------------------------------------------------------------------|--------------------------------------------------------------| -| ~S1 | >50% users impacted (possible company extinction level event) | | -| ~S2 | Many users or multiple paid customers impacted (but not apocalyptic)| The issue is (almost) guaranteed to occur in the near future | -| ~S3 | A few users or a single paid customer impacted | The issue is likely to occur in the near future | -| ~S4 | No paid users/customer impacted, or expected impact within 30 days | The issue _may_ occur but it's not likely | +Severity levels can be applied further depending on the facet of the impact; e.g. Affected customers, GitLab.com availability, performance and etc. The below is a guideline. + +| Severity | Affected Customers/Users | GitLab.com Availability | Performance Degradation | +|----------|---------------------------------------------------------------------|----------------------------------------------------|------------------------------| +| ~S1 | >50% users affected (possible company extinction level event) | Significant impact on all of GitLab.com | | +| ~S2 | Many users or multiple paid customers affected (but not apocalyptic)| Significant impact on large portions of GitLab.com | Degradation is guaranteed to occur in the near future | +| ~S3 | A few users or a single paid customer affected | Limited impact on important portions of GitLab.com | Degradation is likely to occur in the near future | +| ~S4 | No paid users/customer affected, or expected to in the near future | Minor impact on on GitLab.com | Degradation _may_ occur but it's not likely | ### Label for community contributors @@ -372,8 +376,15 @@ on those issues. Please select someone with relevant experience from the [GitLab team][team]. If there is nobody mentioned with that expertise look in the commit history for the affected files to find someone. +We also use [GitLab Triage] to automate some triaging policies. This is +currently setup as a [scheduled pipeline] running on [quality/triage-ops] +project. + [described in our handbook]: https://about.gitlab.com/handbook/engineering/issue-triage/ [issue bash events]: https://gitlab.com/gitlab-org/gitlab-ce/issues/17815 +[GitLab Triage]: https://gitlab.com/gitlab-org/gitlab-triage +[scheduled pipeline]: https://gitlab.com/gitlab-org/quality/triage-ops/pipeline_schedules/10512/edit +[quality/triage-ops]: https://gitlab.com/gitlab-org/quality/triage-ops ### Feature proposals @@ -729,6 +740,24 @@ reported by emailing `contact@gitlab.com`. This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0, available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/). +## Contribution Flow + +When contributing to GitLab, your merge request is subject to review by merge request maintainers of a particular specialty. + +When you submit code to GitLab, we really want it to get merged, but there will be times when it will not be merged. + +When maintainers are reading through a merge request they may request guidance from other maintainers. If merge request maintainers conclude that the code should not be merged, our reasons will be fully disclosed. If it has been decided that the code quality is not up to GitLab’s standards, the merge request maintainer will refer the author to our docs and code style guides, and provide some guidance. + +Sometimes style guides will be followed but the code will lack structural integrity, or the maintainer will have reservations about the code’s overall quality. When there is a reservation the maintainer will inform the author and provide some guidance. The author may then choose to update the merge request. Once the merge request has been updated and reassigned to the maintainer, they will review the code again. Once the code has been resubmitted any number of times, the maintainer may choose to close the merge request with a summary of why it will not be merged, as well as some guidance. If the merge request is closed the maintainer will be open to discussion as to how to improve the code so it can be approved in the future. + +GitLab will do its best to review community contributions as quickly as possible. Specially appointed developers review community contributions daily. You may take a look at the [team page](https://about.gitlab.com/team/) for the merge request coach who specializes in the type of code you have written and mention them in the merge request. For example, if you have written some JavaScript in your code then you should mention the frontend merge request coach. If your code has multiple disciplines you may mention multiple merge request coaches. + +GitLab receives a lot of community contributions, so if your code has not been reviewed within 4 days of its initial submission feel free to re-mention the appropriate merge request coach. + +When submitting code to GitLab, you may feel that your contribution requires the aid of an external library. If your code includes an external library please provide a link to the library, as well as reasons for including it. + +When your code contains more than 500 changes, any major breaking changes, or an external library, `@mention` a maintainer in the merge request. If you are not sure who to mention, the reviewer will add one early in the merge request process. + [core team]: https://about.gitlab.com/core-team/ [team]: https://about.gitlab.com/team/ [getting-help]: https://about.gitlab.com/getting-help/ diff --git a/Dangerfile b/Dangerfile new file mode 100644 index 0000000000..9217610da8 --- /dev/null +++ b/Dangerfile @@ -0,0 +1,7 @@ +danger.import_dangerfile(path: 'danger/metadata') +danger.import_dangerfile(path: 'danger/changes_size') +danger.import_dangerfile(path: 'danger/changelog') +danger.import_dangerfile(path: 'danger/specs') +danger.import_dangerfile(path: 'danger/gemfile') +danger.import_dangerfile(path: 'danger/database') +danger.import_dangerfile(path: 'danger/frozen_string') diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index e11e94c5da..8387e21a25 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -0.111.4 +0.117.3 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index b7f8ee41e6..0e79152459 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -7.1.4 +8.1.1 diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index 0062ac9718..831446cbd2 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -5.0.0 +5.1.0 diff --git a/Gemfile b/Gemfile index 1fbc240bf6..dfa42680c2 100644 --- a/Gemfile +++ b/Gemfile @@ -104,7 +104,7 @@ gem 'hashie-forbidden_attributes' gem 'kaminari', '~> 1.0' # HAML -gem 'hamlit', '~> 2.6.1' +gem 'hamlit', '~> 2.8.8' # Files attachments gem 'carrierwave', '~> 1.2' @@ -220,6 +220,9 @@ gem 'gemnasium-gitlab-service', '~> 0.2' # Slack integration gem 'slack-notifier', '~> 1.5.1' +# Hangouts Chat integration +gem 'hangouts-chat', '~> 0.0.5' + # Asana integration gem 'asana', '~> 0.6.0' @@ -230,7 +233,7 @@ gem 'ruby-fogbugz', '~> 0.2.1' gem 'kubeclient', '~> 3.1.0' # Sanitize user input -gem 'sanitize', '~> 4.6.5' +gem 'sanitize', '~> 4.6' gem 'babosa', '~> 1.0.2' # Sanitizes SVG input @@ -303,7 +306,7 @@ group :metrics do gem 'influxdb', '~> 0.2', require: false # Prometheus - gem 'prometheus-client-mmap', '~> 0.9.3' + gem 'prometheus-client-mmap', '~> 0.9.4' gem 'raindrops', '~> 0.18' end @@ -323,6 +326,7 @@ group :development do end group :development, :test do + gem 'bootsnap', '~> 1.3' gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET'] gem 'pry-byebug', '~> 3.4.1', platform: :mri gem 'pry-rails', '~> 0.3.4' @@ -351,9 +355,9 @@ group :development, :test do gem 'spring', '~> 2.0.0' gem 'spring-commands-rspec', '~> 1.0.4' - gem 'gitlab-styles', '~> 2.3', require: false + gem 'gitlab-styles', '~> 2.4', require: false # Pin these dependencies, otherwise a new rule could break the CI pipelines - gem 'rubocop', '~> 0.52.1' + gem 'rubocop', '~> 0.54.0' gem 'rubocop-rspec', '~> 1.22.1' gem 'scss_lint', '~> 0.56.0', require: false @@ -396,6 +400,7 @@ gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' gem 'ruby-prof', '~> 0.17.0' +gem 'rbtrace', '~> 0.4', require: false # OAuth gem 'oauth2', '~> 1.4' @@ -418,7 +423,7 @@ group :ed25519 do end # Gitaly GRPC client -gem 'gitaly-proto', '~> 0.105.0', require: 'gitaly' +gem 'gitaly-proto', '~> 0.113.0', require: 'gitaly' gem 'grpc', '~> 1.11.0' # Locked until https://github.com/google/protobuf/issues/4210 is closed diff --git a/Gemfile.lock b/Gemfile.lock index a889c4dc3a..acb2cc95bb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -87,6 +87,8 @@ GEM binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) blankslate (2.1.2.4) + bootsnap (1.3.1) + msgpack (~> 1.0) bootstrap_form (2.7.0) brakeman (4.2.1) browser (2.2.0) @@ -282,7 +284,7 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.105.0) + gitaly-proto (0.113.0) google-protobuf (~> 3.1) grpc (~> 1.10) github-linguist (5.3.3) @@ -312,8 +314,8 @@ GEM mime-types (>= 1.16) posix-spawn (~> 0.3) gitlab-markup (1.6.4) - gitlab-styles (2.3.2) - rubocop (~> 0.51) + gitlab-styles (2.4.1) + rubocop (~> 0.54.0) rubocop-gitlab-security (~> 0.1.0) rubocop-rspec (~> 1.19) gitlab_omniauth-ldap (2.0.4) @@ -359,7 +361,7 @@ GEM grape-entity (0.7.1) activesupport (>= 4.0) multi_json (>= 1.3.2) - grape-path-helpers (1.0.5) + grape-path-helpers (1.0.6) activesupport (>= 4, < 5.1) grape (~> 1.0) rake (~> 12) @@ -373,7 +375,8 @@ GEM google-protobuf (~> 3.1) googleapis-common-protos-types (~> 1.0.0) googleauth (>= 0.5.1, < 0.7) - haml (4.0.7) + haml (5.0.4) + temple (>= 0.8.0) tilt haml_lint (0.26.0) haml (>= 4.0, < 5.1) @@ -381,10 +384,11 @@ GEM rake (>= 10, < 13) rubocop (>= 0.49.0) sysexits (~> 1.1) - hamlit (2.6.1) - temple (~> 0.7.6) + hamlit (2.8.8) + temple (>= 0.8.0) thor tilt + hangouts-chat (0.0.5) hashdiff (0.3.4) hashie (3.5.7) hashie-forbidden_attributes (0.1.1) @@ -394,7 +398,7 @@ GEM hipchat (1.5.2) httparty mimemagic - html-pipeline (2.8.3) + html-pipeline (2.8.4) activesupport (>= 2) nokogiri (>= 1.4) html2text (0.2.0) @@ -500,6 +504,7 @@ GEM mini_portile2 (2.3.0) minitest (5.7.0) mousetrap-rails (1.4.6) + msgpack (1.2.4) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) @@ -510,7 +515,7 @@ GEM net-ldap (0.16.0) net-ssh (5.0.1) netrc (0.11.0) - nokogiri (1.8.3) + nokogiri (1.8.4) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -630,7 +635,7 @@ GEM parser unparser procto (0.0.3) - prometheus-client-mmap (0.9.3) + prometheus-client-mmap (0.9.4) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -696,6 +701,10 @@ GEM ffi (>= 0.5.0, < 2) rblineprof (0.3.6) debugger-ruby_core_source (~> 1.3) + rbtrace (0.4.10) + ffi (>= 1.0.6) + msgpack (>= 0.4.3) + trollop (>= 1.16.2) rdoc (6.0.4) re2 (1.1.1) recaptcha (3.0.0) @@ -736,7 +745,7 @@ GEM retriable (3.1.1) rinku (2.0.0) rotp (2.1.2) - rouge (3.1.1) + rouge (3.2.1) rqrcode (0.7.0) chunky_png rqrcode-rails3 (0.1.7) @@ -776,16 +785,16 @@ GEM pg rails sqlite3 - rubocop (0.52.1) + rubocop (0.54.0) parallel (~> 1.10) - parser (>= 2.4.0.2, < 3.0) + parser (>= 2.5) powerpack (~> 0.1) rainbow (>= 2.2.2, < 4.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) rubocop-gitlab-security (0.1.1) rubocop (>= 0.51) - rubocop-rspec (1.22.1) + rubocop-rspec (1.22.2) rubocop (>= 0.52.1) ruby-enum (0.7.2) i18n @@ -802,9 +811,9 @@ GEM rubyzip (1.2.1) rufus-scheduler (3.4.0) et-orbi (~> 1.0) - rugged (0.27.2) + rugged (0.27.4) safe_yaml (1.0.4) - sanitize (4.6.5) + sanitize (4.6.6) crass (~> 1.0.2) nokogiri (>= 1.4.4) nokogumbo (~> 1.4) @@ -889,7 +898,7 @@ GEM sys-filesystem (1.1.6) ffi sysexits (1.2.0) - temple (0.7.7) + temple (0.8.0) test-prof (0.2.5) test_after_commit (1.1.0) activerecord (>= 3.2) @@ -900,13 +909,14 @@ GEM rack (>= 1, < 3) thor (0.19.4) thread_safe (0.3.6) - tilt (2.0.6) + tilt (2.0.8) timecop (0.8.1) timfel-krb5-auth (0.8.3) toml (0.1.2) parslet (~> 1.5.0) toml-rb (1.0.0) citrus (~> 3.0, > 3.0) + trollop (2.1.3) truncato (0.7.10) htmlentities (~> 4.3.1) nokogiri (~> 1.8.0, >= 1.7.0) @@ -986,6 +996,7 @@ DEPENDENCIES benchmark-ips (~> 2.3.0) better_errors (~> 2.1.0) binding_of_caller (~> 0.7.2) + bootsnap (~> 1.3) bootstrap_form (~> 2.7.0) brakeman (~> 4.2) browser (~> 2.2) @@ -1037,13 +1048,13 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.105.0) + gitaly-proto (~> 0.113.0) github-linguist (~> 5.3.3) gitlab-flowdock-git-hook (~> 1.0.1) gitlab-gollum-lib (~> 4.2) gitlab-gollum-rugged_adapter (~> 0.4.4) gitlab-markup (~> 1.6.4) - gitlab-styles (~> 2.3) + gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.19.8) @@ -1057,7 +1068,8 @@ DEPENDENCIES graphql (~> 1.8.0) grpc (~> 1.11.0) haml_lint (~> 0.26.0) - hamlit (~> 2.6.1) + hamlit (~> 2.8.8) + hangouts-chat (~> 0.0.5) hashie-forbidden_attributes health_check (~> 2.6.0) hipchat (~> 1.5.0) @@ -1114,7 +1126,7 @@ DEPENDENCIES peek-sidekiq (~> 1.0.3) pg (~> 0.18.2) premailer-rails (~> 1.9.7) - prometheus-client-mmap (~> 0.9.3) + prometheus-client-mmap (~> 0.9.4) pry-byebug (~> 3.4.1) pry-rails (~> 0.3.4) rack-attack (~> 4.4.1) @@ -1127,6 +1139,7 @@ DEPENDENCIES rainbow (~> 2.2) raindrops (~> 0.18) rblineprof (~> 0.3.6) + rbtrace (~> 0.4) rdoc (~> 6.0) re2 (~> 1.1.1) recaptcha (~> 3.0) @@ -1143,7 +1156,7 @@ DEPENDENCIES rspec-retry (~> 0.4.5) rspec-set (~> 0.1.3) rspec_profiling (~> 0.0.5) - rubocop (~> 0.52.1) + rubocop (~> 0.54.0) rubocop-rspec (~> 1.22.1) ruby-fogbugz (~> 0.2.1) ruby-prof (~> 0.17.0) @@ -1151,7 +1164,7 @@ DEPENDENCIES ruby_parser (~> 3.8) rufus-scheduler (~> 3.4) rugged (~> 0.27) - sanitize (~> 4.6.5) + sanitize (~> 4.6) sass-rails (~> 5.0.6) scss_lint (~> 0.56.0) seed-fu (~> 2.3.7) diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock index 8c46b8c591..dff3a436a0 100644 --- a/Gemfile.rails5.lock +++ b/Gemfile.rails5.lock @@ -79,7 +79,7 @@ GEM babosa (1.0.2) base32 (0.3.2) batch-loader (1.2.1) - bcrypt (3.1.11) + bcrypt (3.1.12) bcrypt_pbkdf (1.0.0) benchmark-ips (2.3.0) better_errors (2.1.1) @@ -90,6 +90,8 @@ GEM binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) blankslate (2.1.2.4) + bootsnap (1.3.1) + msgpack (~> 1.0) bootstrap_form (2.7.0) brakeman (4.2.1) browser (2.2.0) @@ -111,7 +113,7 @@ GEM capybara-screenshot (1.0.14) capybara (>= 1.0, < 3) launchy - carrierwave (1.2.1) + carrierwave (1.2.3) activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) @@ -285,7 +287,7 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.105.0) + gitaly-proto (0.113.0) google-protobuf (~> 3.1) grpc (~> 1.10) github-linguist (5.3.3) @@ -315,8 +317,8 @@ GEM mime-types (>= 1.16) posix-spawn (~> 0.3) gitlab-markup (1.6.4) - gitlab-styles (2.3.2) - rubocop (~> 0.51) + gitlab-styles (2.4.1) + rubocop (~> 0.54.0) rubocop-gitlab-security (~> 0.1.0) rubocop-rspec (~> 1.19) gitlab_omniauth-ldap (2.0.4) @@ -362,7 +364,7 @@ GEM grape-entity (0.7.1) activesupport (>= 4.0) multi_json (>= 1.3.2) - grape-path-helpers (1.0.5) + grape-path-helpers (1.0.6) activesupport (>= 4, < 5.1) grape (~> 1.0) rake (~> 12) @@ -376,7 +378,8 @@ GEM google-protobuf (~> 3.1) googleapis-common-protos-types (~> 1.0.0) googleauth (>= 0.5.1, < 0.7) - haml (4.0.7) + haml (5.0.4) + temple (>= 0.8.0) tilt haml_lint (0.26.0) haml (>= 4.0, < 5.1) @@ -384,10 +387,11 @@ GEM rake (>= 10, < 13) rubocop (>= 0.49.0) sysexits (~> 1.1) - hamlit (2.6.1) - temple (~> 0.7.6) + hamlit (2.8.8) + temple (>= 0.8.0) thor tilt + hangouts-chat (0.0.5) hashdiff (0.3.4) hashie (3.5.7) hashie-forbidden_attributes (0.1.1) @@ -397,7 +401,7 @@ GEM hipchat (1.5.2) httparty mimemagic - html-pipeline (2.8.3) + html-pipeline (2.8.4) activesupport (>= 2) nokogiri (>= 1.4) html2text (0.2.0) @@ -503,6 +507,7 @@ GEM mini_portile2 (2.3.0) minitest (5.7.0) mousetrap-rails (1.4.6) + msgpack (1.2.4) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) @@ -514,7 +519,7 @@ GEM net-ssh (5.0.1) netrc (0.11.0) nio4r (2.3.1) - nokogiri (1.8.2) + nokogiri (1.8.4) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -634,7 +639,7 @@ GEM parser unparser procto (0.0.3) - prometheus-client-mmap (0.9.3) + prometheus-client-mmap (0.9.4) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -705,6 +710,10 @@ GEM ffi (>= 0.5.0, < 2) rblineprof (0.3.6) debugger-ruby_core_source (~> 1.3) + rbtrace (0.4.10) + ffi (>= 1.0.6) + msgpack (>= 0.4.3) + trollop (>= 1.16.2) rdoc (6.0.4) re2 (1.1.1) recaptcha (3.0.0) @@ -745,7 +754,7 @@ GEM retriable (3.1.1) rinku (2.0.0) rotp (2.1.2) - rouge (3.1.1) + rouge (3.2.0) rqrcode (0.7.0) chunky_png rqrcode-rails3 (0.1.7) @@ -785,16 +794,16 @@ GEM pg rails sqlite3 - rubocop (0.52.1) + rubocop (0.54.0) parallel (~> 1.10) - parser (>= 2.4.0.2, < 3.0) + parser (>= 2.5) powerpack (~> 0.1) rainbow (>= 2.2.2, < 4.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) rubocop-gitlab-security (0.1.1) rubocop (>= 0.51) - rubocop-rspec (1.22.1) + rubocop-rspec (1.22.2) rubocop (>= 0.52.1) ruby-enum (0.7.2) i18n @@ -811,9 +820,9 @@ GEM rubyzip (1.2.1) rufus-scheduler (3.4.0) et-orbi (~> 1.0) - rugged (0.27.1) + rugged (0.27.2) safe_yaml (1.0.4) - sanitize (4.6.5) + sanitize (4.6.6) crass (~> 1.0.2) nokogiri (>= 1.4.4) nokogumbo (~> 1.4) @@ -877,7 +886,7 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -898,7 +907,7 @@ GEM sys-filesystem (1.1.6) ffi sysexits (1.2.0) - temple (0.7.7) + temple (0.8.0) test-prof (0.2.5) text (1.3.1) thin (1.7.0) @@ -907,13 +916,14 @@ GEM rack (>= 1, < 3) thor (0.19.4) thread_safe (0.3.6) - tilt (2.0.6) + tilt (2.0.8) timecop (0.8.1) timfel-krb5-auth (0.8.3) toml (0.1.2) parslet (~> 1.5.0) toml-rb (1.0.0) citrus (~> 3.0, > 3.0) + trollop (2.1.3) truncato (0.7.10) htmlentities (~> 4.3.1) nokogiri (~> 1.8.0, >= 1.7.0) @@ -996,6 +1006,7 @@ DEPENDENCIES benchmark-ips (~> 2.3.0) better_errors (~> 2.1.0) binding_of_caller (~> 0.7.2) + bootsnap (~> 1.3) bootstrap_form (~> 2.7.0) brakeman (~> 4.2) browser (~> 2.2) @@ -1047,13 +1058,13 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.105.0) + gitaly-proto (~> 0.113.0) github-linguist (~> 5.3.3) gitlab-flowdock-git-hook (~> 1.0.1) gitlab-gollum-lib (~> 4.2) gitlab-gollum-rugged_adapter (~> 0.4.4) gitlab-markup (~> 1.6.4) - gitlab-styles (~> 2.3) + gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.19.8) @@ -1067,7 +1078,8 @@ DEPENDENCIES graphql (~> 1.8.0) grpc (~> 1.11.0) haml_lint (~> 0.26.0) - hamlit (~> 2.6.1) + hamlit (~> 2.8.8) + hangouts-chat (~> 0.0.5) hashie-forbidden_attributes health_check (~> 2.6.0) hipchat (~> 1.5.0) @@ -1124,7 +1136,7 @@ DEPENDENCIES peek-sidekiq (~> 1.0.3) pg (~> 0.18.2) premailer-rails (~> 1.9.7) - prometheus-client-mmap (~> 0.9.3) + prometheus-client-mmap (~> 0.9.4) pry-byebug (~> 3.4.1) pry-rails (~> 0.3.4) rack-attack (~> 4.4.1) @@ -1138,6 +1150,7 @@ DEPENDENCIES rainbow (~> 2.2) raindrops (~> 0.18) rblineprof (~> 0.3.6) + rbtrace (~> 0.4) rdoc (~> 6.0) re2 (~> 1.1.1) recaptcha (~> 3.0) @@ -1154,7 +1167,7 @@ DEPENDENCIES rspec-retry (~> 0.4.5) rspec-set (~> 0.1.3) rspec_profiling (~> 0.0.5) - rubocop (~> 0.52.1) + rubocop (~> 0.54.0) rubocop-rspec (~> 1.22.1) ruby-fogbugz (~> 0.2.1) ruby-prof (~> 0.17.0) @@ -1162,7 +1175,7 @@ DEPENDENCIES ruby_parser (~> 3.8) rufus-scheduler (~> 3.4) rugged (~> 0.27) - sanitize (~> 4.6.5) + sanitize (~> 4.6) sass-rails (~> 5.0.6) scss_lint (~> 0.56.0) seed-fu (~> 2.3.7) @@ -1204,4 +1217,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.16.2 + 1.16.3 diff --git a/README.md b/README.md index 77f03b791f..b6e1cc9a43 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,5 @@ # GitLab -[![Build status](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-ce/commits/master) -[![Overall test coverage](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/coverage.svg)](https://gitlab.com/gitlab-org/gitlab-ce/pipelines) -[![Code Climate](https://codeclimate.com/github/gitlabhq/gitlabhq.svg)](https://codeclimate.com/github/gitlabhq/gitlabhq) -[![Core Infrastructure Initiative Best Practices](https://bestpractices.coreinfrastructure.org/projects/42/badge)](https://bestpractices.coreinfrastructure.org/projects/42) -[![Gitter](https://badges.gitter.im/gitlabhq/gitlabhq.svg)](https://gitter.im/gitlabhq/gitlabhq?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) - ## Test coverage - [![Ruby coverage](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/coverage.svg?job=coverage)](https://gitlab-org.gitlab.io/gitlab-ce/coverage-ruby) Ruby diff --git a/Rakefile b/Rakefile index 85fff2d51e..de0d6695c7 100755 --- a/Rakefile +++ b/Rakefile @@ -2,9 +2,9 @@ # Add your own tasks in files placed in lib/tasks ending in .rake, # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. -require File.expand_path('../config/application', __FILE__) +require File.expand_path('config/application', __dir__) -relative_url_conf = File.expand_path('../config/initializers/relative_url', __FILE__) +relative_url_conf = File.expand_path('config/initializers/relative_url', __dir__) require relative_url_conf if File.exist?("#{relative_url_conf}.rb") Gitlab::Application.load_tasks diff --git a/VERSION b/VERSION index 52fdd1cddd..c52c4031ab 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -11.1.8 +11.2.8 diff --git a/app/assets/javascripts/api.js b/app/assets/javascripts/api.js index 422becb7db..25fe2ae553 100644 --- a/app/assets/javascripts/api.js +++ b/app/assets/javascripts/api.js @@ -244,6 +244,18 @@ const Api = { }); }, + branches(id, query = '', options = {}) { + const url = Api.buildUrl(this.createBranchPath).replace(':id', encodeURIComponent(id)); + + return axios.get(url, { + params: { + search: query, + per_page: 20, + ...options, + }, + }); + }, + createBranch(id, { ref, branch }) { const url = Api.buildUrl(this.createBranchPath).replace(':id', encodeURIComponent(id)); diff --git a/app/assets/javascripts/autosave.js b/app/assets/javascripts/autosave.js index fa00a3cf38..e8c59fab60 100644 --- a/app/assets/javascripts/autosave.js +++ b/app/assets/javascripts/autosave.js @@ -53,4 +53,8 @@ export default class Autosave { return window.localStorage.removeItem(this.key); } + + dispose() { + this.field.off('input'); + } } diff --git a/app/assets/javascripts/awards_handler.js b/app/assets/javascripts/awards_handler.js index 70f20c5c7c..e34db89398 100644 --- a/app/assets/javascripts/awards_handler.js +++ b/app/assets/javascripts/awards_handler.js @@ -33,19 +33,24 @@ const categoryLabelMap = { const IS_VISIBLE = 'is-visible'; const IS_RENDERED = 'is-rendered'; -class AwardsHandler { +export class AwardsHandler { constructor(emoji) { this.emoji = emoji; this.eventListeners = []; + this.toggleButtonSelector = '.js-add-award'; + this.menuClass = 'js-award-emoji-menu'; + } + + bindEvents() { // If the user shows intent let's pre-build the menu this.registerEventListener( 'one', $(document), 'mouseenter focus', - '.js-add-award', + this.toggleButtonSelector, 'mouseenter focus', () => { - const $menu = $('.emoji-menu'); + const $menu = $(`.${this.menuClass}`); if ($menu.length === 0) { requestAnimationFrame(() => { this.createEmojiMenu(); @@ -53,7 +58,7 @@ class AwardsHandler { } }, ); - this.registerEventListener('on', $(document), 'click', '.js-add-award', e => { + this.registerEventListener('on', $(document), 'click', this.toggleButtonSelector, e => { e.stopPropagation(); e.preventDefault(); this.showEmojiMenu($(e.currentTarget)); @@ -61,15 +66,17 @@ class AwardsHandler { this.registerEventListener('on', $('html'), 'click', e => { const $target = $(e.target); - if (!$target.closest('.emoji-menu').length) { + if (!$target.closest(`.${this.menuClass}`).length) { $('.js-awards-block.current').removeClass('current'); - if ($('.emoji-menu').is(':visible')) { - $('.js-add-award.is-active').removeClass('is-active'); - this.hideMenuElement($('.emoji-menu')); + if ($(`.${this.menuClass}`).is(':visible')) { + $(`${this.toggleButtonSelector}.is-active`).removeClass('is-active'); + this.hideMenuElement($(`.${this.menuClass}`)); } } }); - this.registerEventListener('on', $(document), 'click', '.js-emoji-btn', e => { + + const emojiButtonSelector = `.js-awards-block .js-emoji-btn, .${this.menuClass} .js-emoji-btn`; + this.registerEventListener('on', $(document), 'click', emojiButtonSelector, e => { e.preventDefault(); const $target = $(e.currentTarget); const $glEmojiElement = $target.find('gl-emoji'); @@ -101,7 +108,7 @@ class AwardsHandler { $addBtn.closest('.js-awards-block').addClass('current'); } - const $menu = $('.emoji-menu'); + const $menu = $(`.${this.menuClass}`); const $thumbsBtn = $menu.find('[data-name="thumbsup"], [data-name="thumbsdown"]').parent(); const $userAuthored = this.isUserAuthored($addBtn); if ($menu.length) { @@ -118,7 +125,7 @@ class AwardsHandler { } else { $addBtn.addClass('is-loading is-active'); this.createEmojiMenu(() => { - const $createdMenu = $('.emoji-menu'); + const $createdMenu = $(`.${this.menuClass}`); $addBtn.removeClass('is-loading'); this.positionMenu($createdMenu, $addBtn); return setTimeout(() => { @@ -156,7 +163,7 @@ class AwardsHandler { } const emojiMenuMarkup = ` -
+
@@ -185,7 +192,7 @@ class AwardsHandler { // Avoid the jank and render the remaining categories separately // This will take more time, but makes UI more responsive - const menu = document.querySelector('.emoji-menu'); + const menu = document.querySelector(`.${this.menuClass}`); const emojiContentElement = menu.querySelector('.emoji-menu-content'); const remainingCategories = Object.keys(categoryMap).slice(1); const allCategoriesAddedPromise = remainingCategories.reduce( @@ -270,9 +277,9 @@ class AwardsHandler { if (isInVueNoteablePage() && !isMainAwardsBlock) { const id = votesBlock.attr('id').replace('note_', ''); - this.hideMenuElement($('.emoji-menu')); + this.hideMenuElement($(`.${this.menuClass}`)); - $('.js-add-award.is-active').removeClass('is-active'); + $(`${this.toggleButtonSelector}.is-active`).removeClass('is-active'); const toggleAwardEvent = new CustomEvent('toggleAward', { detail: { awardName: emoji, @@ -291,9 +298,9 @@ class AwardsHandler { return typeof callback === 'function' ? callback() : undefined; }); - this.hideMenuElement($('.emoji-menu')); + this.hideMenuElement($(`.${this.menuClass}`)); - return $('.js-add-award.is-active').removeClass('is-active'); + return $(`${this.toggleButtonSelector}.is-active`).removeClass('is-active'); } addAwardToEmojiBar(votesBlock, emoji, checkForMutuality) { @@ -321,7 +328,7 @@ class AwardsHandler { getVotesBlock() { if (isInVueNoteablePage()) { - const $el = $('.js-add-award.is-active').closest('.note.timeline-entry'); + const $el = $(`${this.toggleButtonSelector}.is-active`).closest('.note.timeline-entry'); if ($el.length) { return $el; @@ -458,7 +465,7 @@ class AwardsHandler { } createEmoji(votesBlock, emoji) { - if ($('.emoji-menu').length) { + if ($(`.${this.menuClass}`).length) { this.createAwardButtonForVotesBlock(votesBlock, emoji); } this.createEmojiMenu(() => { @@ -538,7 +545,7 @@ class AwardsHandler { this.searchEmojis(term); }); - const $menu = $('.emoji-menu'); + const $menu = $(`.${this.menuClass}`); this.registerEventListener('on', $menu, transitionEndEventString, e => { if (e.target === e.currentTarget) { // Clear the search @@ -608,7 +615,7 @@ class AwardsHandler { this.eventListeners.forEach(entry => { entry.element.off.call(entry.element, ...entry.args); }); - $('.emoji-menu').remove(); + $(`.${this.menuClass}`).remove(); } } @@ -616,7 +623,11 @@ let awardsHandlerPromise = null; export default function loadAwardsHandler(reload = false) { if (!awardsHandlerPromise || reload) { awardsHandlerPromise = import(/* webpackChunkName: 'emoji' */ './emoji').then( - Emoji => new AwardsHandler(Emoji), + Emoji => { + const awardsHandler = new AwardsHandler(Emoji); + awardsHandler.bindEvents(); + return awardsHandler; + }, ); } return awardsHandlerPromise; diff --git a/app/assets/javascripts/badges/components/badge.vue b/app/assets/javascripts/badges/components/badge.vue index b4bfaee1d8..155c348286 100644 --- a/app/assets/javascripts/badges/components/badge.vue +++ b/app/assets/javascripts/badges/components/badge.vue @@ -93,7 +93,7 @@ export default {
diff --git a/app/assets/javascripts/boards/components/board.js b/app/assets/javascripts/boards/components/board.js index a2355d7fd5..9ad451fa37 100644 --- a/app/assets/javascripts/boards/components/board.js +++ b/app/assets/javascripts/boards/components/board.js @@ -2,6 +2,9 @@ import Sortable from 'sortablejs'; import Vue from 'vue'; +import { n__ } from '~/locale'; +import Icon from '~/vue_shared/components/icon.vue'; +import Tooltip from '~/vue_shared/directives/tooltip'; import AccessorUtilities from '../../lib/utils/accessor'; import boardList from './board_list.vue'; import BoardBlankState from './board_blank_state.vue'; @@ -17,6 +20,10 @@ gl.issueBoards.Board = Vue.extend({ boardList, 'board-delete': gl.issueBoards.BoardDelete, BoardBlankState, + Icon, + }, + directives: { + Tooltip, }, props: { list: { @@ -46,6 +53,12 @@ gl.issueBoards.Board = Vue.extend({ filter: Store.filter, }; }, + computed: { + counterTooltip() { + const { issuesSize } = this.list; + return `${n__('%d issue', '%d issues', issuesSize)}`; + }, + }, watch: { filter: { handler() { diff --git a/app/assets/javascripts/boards/components/board_list.vue b/app/assets/javascripts/boards/components/board_list.vue index 5c7565234d..3e610a4088 100644 --- a/app/assets/javascripts/boards/components/board_list.vue +++ b/app/assets/javascripts/boards/components/board_list.vue @@ -112,12 +112,20 @@ export default { if (e.target) { const containerEl = e.target.closest('.js-board-list') || e.target.querySelector('.js-board-list'); const toBoardType = containerEl.dataset.boardType; + const cloneActions = { + label: ['milestone', 'assignee'], + assignee: ['milestone', 'label'], + milestone: ['label', 'assignee'], + }; if (toBoardType) { const fromBoardType = this.list.type; + // For each list we check if the destination list is + // a the list were we should clone the issue + const shouldClone = Object.entries(cloneActions).some(entry => ( + fromBoardType === entry[0] && entry[1].includes(toBoardType))); - if ((fromBoardType === 'assignee' && toBoardType === 'label') || - (fromBoardType === 'label' && toBoardType === 'assignee')) { + if (shouldClone) { return 'clone'; } } @@ -145,7 +153,8 @@ export default { }); }, onUpdate: (e) => { - const sortedArray = this.sortable.toArray().filter(id => id !== '-1'); + const sortedArray = this.sortable.toArray() + .filter(id => id !== '-1'); gl.issueBoards.BoardsStore .moveIssueInList(this.list, Store.moving.issue, e.oldIndex, e.newIndex, sortedArray); }, diff --git a/app/assets/javascripts/boards/components/board_new_issue.vue b/app/assets/javascripts/boards/components/board_new_issue.vue index ec23b1e7c1..1e3cd43d1f 100644 --- a/app/assets/javascripts/boards/components/board_new_issue.vue +++ b/app/assets/javascripts/boards/components/board_new_issue.vue @@ -105,7 +105,7 @@ export default {
@@ -115,6 +115,7 @@ export default { :id="list.id + '-title'" class="form-control" type="text" + name="issue_title" autocomplete="off" /> l.title).join(',') : ''; + } }, watch: { detail: { diff --git a/app/assets/javascripts/boards/components/project_select.vue b/app/assets/javascripts/boards/components/project_select.vue index eb335f352d..ef9844d556 100644 --- a/app/assets/javascripts/boards/components/project_select.vue +++ b/app/assets/javascripts/boards/components/project_select.vue @@ -46,7 +46,7 @@ export default { selectable: true, data: (term, callback) => { this.loading = true; - return Api.groupProjects(this.groupId, term, projects => { + return Api.groupProjects(this.groupId, term, {}, projects => { this.loading = false; callback(projects); }); @@ -68,7 +68,7 @@ export default {