diff --git a/.eslintrc.yml b/.eslintrc.yml index a954bb4ff3..fe0d5f5dce 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -1,90 +1,28 @@ ---- -env: - browser: true - es6: true extends: - - airbnb-base - - plugin:vue/recommended + - '@gitlab' globals: __webpack_public_path__: true gl: false gon: false localStorage: false -parserOptions: - parser: babel-eslint plugins: - - filenames - import - html - - promise settings: html/html-extensions: - - ".html" - - ".html.raw" + - '.html' + - '.html.raw' import/resolver: webpack: - config: "./config/webpack.config.js" + config: './config/webpack.config.js' rules: - filenames/match-regex: - - error - - "^[a-z0-9_]+$" import/no-commonjs: error - no-multiple-empty-lines: - - error - - max: 1 - promise/catch-or-return: error - no-param-reassign: - - error - - props: true - ignorePropertyModificationsFor: - - "acc" # for reduce accumulators - - "accumulator" # for reduce accumulators - - "el" # for DOM elements - - "element" # for DOM elements - - "state" # for Vuex mutations no-underscore-dangle: - error - allow: - - __ - - _links - no-mixed-operators: off - vue/html-self-closing: - - error - - html: - void: always - normal: never - component: always - svg: always - math: always - camelcase: - - error - - properties: never - ignoreDestructuring: true - ## Conflicting rules with prettier: - space-before-function-paren: off - curly: off - arrow-parens: off - function-paren-newline: off - object-curly-newline: off - padded-blocks: off - # Disabled for now, to make the eslint 3 -> eslint 5 update smoother - ## Indent rule. We are using the old for now: https://eslint.org/docs/user-guide/migrating-to-4.0.0#indent-rewrite - indent: off - indent-legacy: - - error - - 2 - - SwitchCase: 1 - VariableDeclarator: 1 - outerIIFEBody: 1 - FunctionDeclaration: - parameters: 1 - body: 1 - FunctionExpression: - parameters: 1 - body: 1 + - __ + - _links # Disabled for now, to make the airbnb-base 12.1.0 -> 13.1.0 update smoother - operator-linebreak: off - implicit-arrow-linebreak: off no-else-return: - error - allowElseIf: true diff --git a/.gitattributes b/.gitattributes index f1c41c9bb7..7282c9e61b 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ Dangerfile gitlab-language=ruby +db/schema.rb merge=merge_db_schema diff --git a/.gitignore b/.gitignore index 82b3d08f7a..aecaae95b8 100644 --- a/.gitignore +++ b/.gitignore @@ -40,6 +40,7 @@ eslint-report.html /config/redis.queues.yml /config/redis.shared_state.yml /config/unicorn.rb +/config/puma.rb /config/secrets.yml /config/sidekiq.yml /config/registry.key diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c652b6c75e..558ca8b6e8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-golang-1.9-git-2.18-chrome-69.0-node-8.x-yarn-1.2-postgresql-9.6-graphicsmagick-1.3.29" +image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.5-golang-1.9-git-2.18-chrome-69.0-node-8.x-yarn-1.2-postgresql-9.6-graphicsmagick-1.3.29" .dedicated-runner: &dedicated-runner retry: 1 @@ -6,7 +6,7 @@ image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-golang-1.9-git - gitlab-org .default-cache: &default-cache - key: "ruby-2.4.4-debian-stretch-with-yarn" + key: "ruby-2.4.5-debian-stretch-with-yarn" paths: - vendor/ruby - .yarn-cache/ @@ -75,11 +75,6 @@ stages: - mysql:5.7 - redis:alpine -.rails5-variables: &rails5-variables - script: - - export RAILS5=${RAILS5} - - export BUNDLE_GEMFILE=${BUNDLE_GEMFILE} - .rails5: &rails5 allow_failure: true only: @@ -139,7 +134,7 @@ stages: - export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}" - apk add --update openssl - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME - - chmod 755 $SCRIPT_NAME + - chmod 755 $(basename $SCRIPT_NAME) .rake-exec: &rake-exec <<: *dedicated-no-docs-no-db-pull-cache-job @@ -150,7 +145,6 @@ stages: <<: *dedicated-runner <<: *except-docs-and-qa <<: *pull-cache - <<: *rails5-variables stage: test script: - JOB_NAME=( $CI_JOB_NAME ) @@ -271,7 +265,7 @@ package-and-qa: SCRIPT_NAME: trigger-build-docs environment: name: review-docs/$CI_COMMIT_REF_SLUG - # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are secret variables + # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables # Discussion: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14236/diffs#note_40140693 url: http://$CI_ENVIRONMENT_SLUG.$DOCS_REVIEW_APPS_DOMAIN/$DOCS_GITLAB_REPO_SUFFIX on_stop: review-docs-cleanup @@ -324,7 +318,8 @@ review-docs-cleanup: cloud-native-image: image: ruby:2.4-alpine before_script: [] - stage: test + dependencies: [] + stage: post-test allow_failure: true variables: GIT_DEPTH: "1" @@ -594,7 +589,7 @@ static-analysis: script: - scripts/static-analysis cache: - key: "ruby-2.4.4-debian-stretch-with-yarn-and-rubocop" + key: "ruby-2.4.5-debian-stretch-with-yarn-and-rubocop" paths: - vendor/ruby - .yarn-cache/ @@ -700,7 +695,10 @@ gitlab:setup-mysql: # Frontend-related jobs gitlab:assets:compile: <<: *dedicated-no-docs-and-no-qa-pull-cache-job + image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-git-2.18-chrome-69.0-node-8.x-yarn-1.2-graphicsmagick-1.3.29-docker-18.06.1 dependencies: [] + services: + - docker:stable-dind variables: NODE_ENV: "production" RAILS_ENV: "production" @@ -709,21 +707,26 @@ gitlab:assets:compile: WEBPACK_REPORT: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 + DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 script: - date - yarn install --frozen-lockfile --production --cache-folder .yarn-cache - date - free -m - bundle exec rake gitlab:assets:compile + - scripts/build_assets_image artifacts: name: webpack-report expire_in: 31d paths: - webpack-report/ - public/assets/ + tags: + - docker karma: - <<: *dedicated-no-docs-and-no-qa-pull-cache-job + <<: *dedicated-no-docs-pull-cache-job <<: *use-pg dependencies: - compile-assets @@ -929,3 +932,93 @@ no_ee_check: - scripts/no-ee-check only: - //@gitlab-org/gitlab-ce + +# GitLab Review apps +review: + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base + stage: test + allow_failure: true + before_script: + - gem install gitlab --no-document + variables: + GIT_DEPTH: "1" + HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG" + DOMAIN: "-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN" + GITLAB_HELM_CHART_REF: "master" + script: + - export GITLAB_SHELL_VERSION=$( -| | Simple | Secure | Responsive | Obvious | Stable | -|------------|:------:|:------:|:----------:|:-------:|:------:| -| Admin | | | | | | -| Groups | | | | | | -| Project | | | | | | -| Repository | | | | | | -| Issues | | | | | | -| MRs | | | | | | -| CI/CD | | | | | | -| Ops | | | | | | -| Registry | | | | | | -| Wiki | | | | | | -| Snippets | | | | | | -| Settings | | | | | | -| Tracking | | | | | | -| API | | | | | | +| | Secure | Responsive | Intuitive | Reliable | +|------------|:------:|:----------:|:---------:|:--------:| +| Admin | | | | | +| Groups | | | | | +| Project | | | | | +| Repository | | | | | +| Issues | | | | | +| MRs | | | | | +| CI/CD | | | | | +| Ops | | | | | +| Registry | | | | | +| Wiki | | | | | +| Snippets | | | | | +| Settings | | | | | +| Tracking | | | | | +| API | | | | | ## Capabilities @@ -65,7 +65,7 @@ more complex features could involve multiple or even all. Example (from https://gitlab.com/gitlab-org/gitlab-ce/issues/50353): * Respository is - * Simple + * Intuitive * It's easy to select the desired file template * It doesn't require unnecessary actions to save the change * It's easy to undo the change after selecting a template @@ -93,4 +93,4 @@ When adding new automated tests, please keep [testing levels](https://docs.gitla in mind. --> -/label ~Quality \ No newline at end of file +/label ~Quality ~"test plan" \ No newline at end of file diff --git a/.gitlab/merge_request_templates/Database changes.md b/.gitlab/merge_request_templates/Database changes.md index e636ec313d..354393b60e 100644 --- a/.gitlab/merge_request_templates/Database changes.md +++ b/.gitlab/merge_request_templates/Database changes.md @@ -1,8 +1,23 @@ -Add a description of your merge request here. Merge requests without an adequate -description will not be reviewed until one is added. +## What does this MR do? + + + +Add a description of your merge request here. ## Database checklist +- [ ] Conforms to the [database guides](https://docs.gitlab.com/ee/development/README.html#databases-guides) + When adding migrations: - [ ] Updated `db/schema.rb` @@ -35,16 +50,9 @@ When removing columns, tables, indexes or other structures: - [ ] [Changelog entry](https://docs.gitlab.com/ee/development/changelog.html) added, if necessary - [ ] [Documentation created/updated](https://docs.gitlab.com/ee/development/documentation/index.html#contributing-to-docs) -- [ ] [API support added](https://docs.gitlab.com/ee/development/api_styleguide.html) - [ ] [Tests added for this feature/bug](https://docs.gitlab.com/ee/development/testing_guide/index.html) -- Conforms to the [code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - - [ ] Has been reviewed by a Backend [maintainer](https://about.gitlab.com/handbook/engineering/#maintainer) - - [ ] Has been reviewed by a Database [specialist](https://about.gitlab.com/team/structure/#specialist) +- [ ] Conforms to the [code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - [ ] Conforms to the [merge request performance guidelines](https://docs.gitlab.com/ee/development/merge_request_performance_guidelines.html) - [ ] Conforms to the [style guides](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/CONTRIBUTING.md#style-guides) -- [ ] If you have multiple commits, please combine them into a few logically organized commits by [squashing them](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) -- [ ] [Internationalization required/considered](https://docs.gitlab.com/ee/development/i18n/index.html) -- [ ] For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -- [ ] [End-to-end tests](https://docs.gitlab.com/ee/development/testing_guide/end_to_end_tests.html#testing-code-in-merge-requests) pass (`package-and-qa` manual pipeline job) /label ~database diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index ca38c881c6..8b7e711979 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -19,6 +19,7 @@ Closes - [ ] [Apply the correct labels and milestone](https://docs.gitlab.com/ee/development/documentation/workflow.html#2-developer-s-role-in-the-documentation-process) - [ ] Crosslink the document from the higher-level index - [ ] Crosslink the document from other subject-related docs +- [ ] Feature moving tiers? Make sure the change is also reflected in [`features.yml`](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/features.yml) - [ ] Correctly apply the product [badges](https://docs.gitlab.com/ee/development/documentation/styleguide.html#product-badges) and [tiers](https://docs.gitlab.com/ee/development/documentation/styleguide.html#gitlab-versions-and-tiers) - [ ] [Port the MR to EE (or backport from CE)](https://docs.gitlab.com/ee/development/documentation/index.html#cherry-picking-from-ce-to-ee): _always recommended, required when the `ee-compat-check` job fails_ diff --git a/.prettierignore b/.prettierignore index b674ccd50c..dc9e572ab5 100644 --- a/.prettierignore +++ b/.prettierignore @@ -3,3 +3,7 @@ /public/ /vendor/ /tmp/ + +# ignore stylesheets for now as this clashes with our linter +*.css +*.scss diff --git a/.rubocop.yml b/.rubocop.yml index b7aec5b8b1..a95ded8af1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -3,7 +3,9 @@ inherit_gem: - rubocop-default.yml inherit_from: .rubocop_todo.yml -require: ./rubocop/rubocop +require: + - ./rubocop/rubocop + - rubocop-rspec AllCops: TargetRailsVersion: 4.2 @@ -48,12 +50,20 @@ Style/FrozenStringLiteralComment: - 'danger/**/*' - 'db/**/*' - 'ee/**/*' - - 'lib/**/*' + - 'lib/gitlab/**/*' + - 'lib/tasks/**/*' - 'qa/**/*' - 'rubocop/**/*' - 'scripts/**/*' - 'spec/**/*' +RSpec/FilePath: + Exclude: + - 'qa/**/*' + - 'spec/javascripts/fixtures/*' + - 'ee/spec/javascripts/fixtures/*' + - 'spec/requests/api/v3/*' + Naming/FileName: ExpectMatchingDefinition: true Exclude: @@ -66,15 +76,20 @@ Naming/FileName: - 'qa/qa/specs/**/*' - 'qa/bin/*' - 'config/**/*' + - 'ee/config/**/*' - 'lib/generators/**/*' - 'locale/unfound_translations.rb' - 'ee/locale/unfound_translations.rb' - 'ee/lib/generators/**/*' + - 'qa/qa/scenario/test/integration/ldap_no_tls.rb' + - 'qa/qa/scenario/test/integration/ldap_tls.rb' + IgnoreExecutableScripts: true AllowedAcronyms: - EE - JSON - LDAP + - SAML - IO - HMAC - QA diff --git a/.ruby-version b/.ruby-version index 79a614418f..59aa62c1fa 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.4.4 +2.4.5 diff --git a/CHANGELOG.md b/CHANGELOG.md index 15aee2e993..a6c6729a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,53 +2,312 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. -## 11.4.9 (2018-12-03) +## 11.5.3 (2018-12-06) -### Fixed (2 changes) +### Security (1 change) + +- Prevent a path traversal attack on global file templates. + + +## 11.5.2 (2018-12-03) + +### Removed (1 change) + +- Removed Site Statistics optimization as it was causing problems. !23314 + +### Fixed (6 changes, 1 of them is from the community) - Display impersonation token value only after creation. !22916 +- Fix not render emoji in filter dropdown. !23112 (Hiroyuki Sato) +- Fixes stuck tooltip on stop env button. !23244 - Correctly handle data-loss scenarios when encrypting columns. !23306 +- Clear BatchLoader context between Sidekiq jobs. !23308 +- Fix handling of filenames with hash characters in tree view. !23368 -## 11.4.8 (2018-11-27) +## 11.5.1 (2018-11-26) -### Security (24 changes) +### Security (17 changes) -- Escape entity title while autocomplete template rendering to prevent XSS. !2571 -- Resolve reflected XSS in Ouath authorize window. -- Fix XSS in merge request source branch name. - Escape user fullname while rendering autocomplete template to prevent XSS. - Fix CRLF vulnerability in Project hooks. - Fix possible XSS attack in Markdown urls with spaces. - Redact sensitive information on gitlab-workhorse log. - Do not follow redirects in Prometheus service when making http requests to the configured api url. -- Persist only SHA digest of PersonalAccessToken#token. - Don't expose confidential information in commit message list. - Provide email notification when a user changes their email address. - Restrict Personal Access Tokens to API scope on web requests. -- Redact personal tokens in unsubscribe links. +- Resolve reflected XSS in Ouath authorize window. - Fix SSRF in project integrations. - Fixed ability to comment on locked/confidential issues. - Fixed ability of guest users to edit/delete comments on locked or confidential issues. - Fix milestone promotion authorization check. -- Monkey kubeclient to not follow any redirects. - Configure mermaid to not render HTML content in diagrams. - Fix a possible symlink time of check to time of use race condition in GitLab Pages. - Removed ability to see private group names when the group id is entered in the url. - Fix stored XSS for Environments. -- Prevent SSRF attacks in HipChat integration. -- Validate Wiki attachments are valid temporary files. -## 11.4.7 (2018-11-20) +## 11.5.0 (2018-11-22) -- No changes. - -## 11.4.6 (2018-11-18) - -### Security (1 change) +### Security (10 changes, 1 of them is from the community) +- Escape entity title while autocomplete template rendering to prevent XSS. !2556 +- Update moment to 2.22.2. !22648 (Takuya Noguchi) +- Redact personal tokens in unsubscribe links. - Escape user fullname while rendering autocomplete template to prevent XSS. +- Persist only SHA digest of PersonalAccessToken#token. +- Monkey kubeclient to not follow any redirects. +- Prevent SSRF attacks in HipChat integration. +- Prevent templated services from being imported. +- Validate Wiki attachments are valid temporary files. +- Fix XSS in merge request source branch name. + +### Removed (2 changes) + +- Remove Git circuit breaker. !22212 +- Remove Koding integration and documentation. !22334 + +### Fixed (74 changes, 15 of them are from the community) + +- Hide all tables on Pipeline when no Jobs for the Pipeline. !18540 (Takuya Noguchi) +- Fixing count on Milestones. !21446 +- Use case insensitve username lookups. !21728 (William George) +- Correctly process Bamboo API result array. !21970 (Alex Lossent) +- Fix 'merged with' UI being displayed when merge request has no merge commit. !22022 +- Fix broken file name navigation on MRs. !22109 +- Fix incorrect spacing between buttons when commenting on a MR. !22135 +- Vertical align Pipeline Graph in Commit Page. !22173 (Johann Hubert Sonntagbauer) +- Reject invalid branch names in repository compare controller. !22186 +- Fix size of emojis of user status in user menu. !22194 +- Use the standard PIP_CACHE_DIR for Python dependency caching template. !22211 (Takuya Noguchi) +- Fix bug with wiki attachments content disposition. !22220 +- Does not allow a SSH URI when importing new projects. !22309 +- fix duplicated key in license management job auto devops gitlab ci template. !22311 (Adam Lemanski) +- Fix commit signature error when project is disabled. !22344 +- Show available clusters when installed or updated. !22356 +- Fix auto-corrected upload URLs in webhooks. !22361 +- Fix a bug displaying certain wiki pages. !22377 +- Fix prometheus graphs in firefox. !22400 +- Resolve assign-me quick action doesn't work if there is extra white space. !22402 +- Remove base64 encoding from files that contain plain text. !22425 +- Strip whitespace around GitHub personal access tokens. !22432 +- Fix 500 error when testing webhooks with redirect loops. !22447 (Heinrich Lee Yu) +- Fix rendering of 'Protected' value on Runner details page. !22459 +- Fix bug stopping non-admin users from changing visibility level on group creation. !22468 +- Make Issue Board sidebar show project-specific labels based on selected Issue. !22475 +- Fix EOF detection with CI artifacts metadata. !22479 +- Fix transient spec error in the bar_chart component. !22495 +- Resolve LFS not correctly showing enabled. !22501 +- If user was not found, service hooks won't run on post receive background job. !22519 +- Fix broken "Show whitespace changes" button on MRs. !22539 +- Always show new issue button in boards' Open list. !22557 (Heinrich Lee Yu) +- Add transparent background to markdown header tabs. !22565 (George Tsiolis) +- Use gitlab_environment for ldap rake task. !22582 +- Add commit message to commit tree anchor title. !22585 +- Cache pipeline status per SHA. !22589 +- Change HELM_HOST in Auto-DevOps template to work behind proxy. !22596 (Sergej Nikolaev ) +- Show user status for label events in system notes. !22609 +- Fix extra merge request versions created from forked merge requests. !22611 +- Remove PersonalAccessTokensFinder#find_by method. !22617 +- Fix search "all in GitLab" not working with relative URLs. !22644 +- Fix quick links button styles. !22657 (George Tsiolis) +- Fix #53298: JupyterHub restarts should work without errors. !22671 (Amit Rathi) +- Fix incompatibility with IE11 due to non-transpiled gitlab-ui components. !22695 +- Fix bug when links in tabs of the labels index pages ends with .html. !22716 +- Fixed label removal from issue. !22762 +- Align toggle sidebar button across all browsers and OSs. !22771 +- Disable replication lag check for Aurora PostgreSQL databases. !22786 +- Render unescaped link for failed pipeline status. !22807 +- Fix misaligned approvers dropdown. !22832 +- Fix bug with wiki page create message. !22849 +- Fix rendering of filter bar tokens for special values. !22865 (Heinrich Lee Yu) +- Align sign in button. !22888 (George Tsiolis) +- Fix error handling bugs in kubernetes integration. !22922 +- Fix deployment jobs using nil KUBE_TOKEN due to migration issue. !23009 +- Avoid returning deployment metrics url to MR widget when the deployment is not successful. !23010 +- Fix a race condition intermittently breaking GitLab startup. !23028 +- Adds margin after a deleted branch name in the activity feed. !23038 +- Ignore environment validation failure. !23100 +- Fixes broken borders for reports section in MR widget. +- Adds CI favicon back to jobs page. +- Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova) +- Fixed diff stats not showing when performance bar is enabled. +- Show expand all diffs button when a single diff file is collapsed. +- Clear fetched file templates when changing template type in Web IDE. +- Fix bug causing not all emails to show up in commit email selectbox. +- Remove duplicate escape in job sidebar. +- Fixing styling issues on the scheduled pipelines page. +- Renders stuck block when runners are stuck. +- Removes extra border from test reports in the merge request widget. +- Only render link to branch when branch still exists in pipeline page. +- Fixed source project not filtering in merge request creation compare form. +- Do not reload self on hooks when creating deployment. +- Fixes broken test in master. + +### Changed (38 changes, 12 of them are from the community) + +- Link button in markdown editor recognize URLs. !1983 (Johann Hubert Sonntagbauer) +- Replace i to icons in vue components. !20748 (George Tsiolis) +- Remove Linguist gem, reducing Rails memory usage by 128MB per process. !21008 +- Issue board card design. !21229 +- On deletion of a file in sub directory in web IDE redirect to the sub directory instead of project root. !21465 (George Thomas @thegeorgeous) +- Change single-item breadcrumbs to page titles. !22155 +- Improving branch filter sorting by listing exact matches first and added support for begins_with (^) and ends_with ($) matching. !22166 (Jason Rutherford) +- Remove legacy unencrypted webhook columns from the database. !22199 +- Show canary status in the performance bar. !22222 +- Add failure reason for execution timeout. !22224 +- Rename "scheduled" label/badge of delayed jobs to "delayed". !22245 +- Update the empty state on wiki-only projects to display an empty state that is more consistent with the rest of the system. !22262 +- Add IID headers to E-Mail notifications. !22263 +- Allow finding the common ancestor for multiple revisions through the API. !22295 +- Add status to Deployment. !22380 +- Add dynamic timer to delayed jobs. !22382 +- No longer require a deploy to start Prometheus monitoring. !22401 +- Secret Variables renamed to CI Variables in the codebase, to match UX. !22414 (Marcel Amirault @ravlen) +- Automatically navigate to last board visited. !22430 +- Use merge request prefix symbol in event feed title. !22449 (George Tsiolis) +- Update Ruby version in README. !22466 (J.D. Bean) +- Reword error message for internal CI unknown pipeline status. !22474 +- Bump mermaid to 8.0.0-rc.8. !22509 (@blackst0ne) +- Update Todo icons in collapsed sidebar for Issues and MRs. !22534 +- Support backward compatibility when introduce new failure reason. !22566 +- Add dynamic timer for delayed jobs in pipelines list. !22621 +- Truncate milestone title on collapsed sidebar. !22624 (George Tsiolis) +- Standardize milestones filter in APIs to None / Any. !22637 (Heinrich Lee Yu) +- Add dynamic timer for delayed jobs in job list. !22656 +- Allowing issues with single letter identifiers to be linked to external issue tracker (f.ex T-123). !22717 (Dídac Rodríguez Arbonès) +- Update project and group labels empty state. !22745 (George Tsiolis) +- Fix environment status in merge request widget. !22799 +- Paginate Bitbucket Server importer projects. !22825 +- Drop `allow_overflow` option in `TimeHelper.duration_in_numbers`. !52284 +- Add 'only history' option to notes filter. +- Adds filtered dropdown with changed files in review. +- Expose {closed,merged}_{at,by} in merge requests API index. +- Make all legacy security reports to use raw format. + +### Performance (27 changes, 6 of them are from the community) + +- Add preload for routes and namespaces for issues controller. !21651 +- Enhance performance of counting local LFS objects. !22143 +- Use cached readme contents when available. !22325 +- Experimental support for running Puma multithreaded web-server. !22372 +- Enhance performance of counting local Uploads. !22522 +- Reduce SQL queries needed to load open merge requests. !22709 +- Significantly cut memory usage and SQL queries when reloading diffs. !22725 +- Optimize merge request refresh by using the database to check commit SHAs. !22731 +- Remove dind from license_management auto-devops job definition. !22732 +- Add index to find stuck merge requests. !22749 +- Allow Rails concurrency when running in Puma. !22751 +- Improve performance of rendering large reports. !22835 +- Improves performance of stuck import jobs detection. !22879 +- Rewrite SnippetsFinder to improve performance by a factor of 1500. +- Enable more frozen string in lib/**/*.rb. (gfyoung) +- Enable some frozen string in lib/gitlab. (gfyoung) +- Enable even more frozen string in lib/**/*.rb. (gfyoung) +- Improve performance of tree rendering in repositories with lots of items. +- Remove gitlab-ui's tooltip from global. +- Remove gitlab-ui's progress bar from global. +- Remove gitlab-ui's pagination from global. +- Remove gitlab-ui's modal from global. +- Remove gitlab-ui's loading icon from global. +- Enable frozen string for lib/gitlab/*.rb. (gfyoung) +- Enable frozen string for lib/gitlab/ci. (gfyoung) +- Enable frozen string for remaining lib/gitlab/ci/**/*.rb. (gfyoung) +- Adds pagination to pipelines table in merge request page. + +### Added (33 changes, 11 of them are from the community) + +- Add endpoint to update a git submodule reference. !20949 +- Add license data to projects endpoint. !21606 (J.D. Bean (@jdbean)) +- Allow to configure when to retry failed CI jobs. !21758 (Markus Doits) +- Add API endpoint to list issue related merge requests. !21806 (Helmut Januschka) +- Add the Play button for delayed jobs in environment page. !22106 +- Switch between tree list & file list in diffs file browser. !22191 +- Re-arrange help-related user menu items into new Help menu. !22195 +- Adds trace of each access check when git push times out. !22265 +- Add email for milestone change. !22279 +- Show post-merge pipeline in merge request page. !22292 +- Add Applications API endpoints for listing and deleting entries. !22296 (Jean-Baptiste Vasseur) +- Added `Any` option to milestones filter. !22351 (Heinrich Lee Yu) +- Improve validation errors for external CI/CD configuration. !22394 +- Introduce new model to persist specific cluster information. !22404 +- Add background migration to populate Kubernetes namespaces. !22433 +- Add support for JSON logging for audit events. !22471 +- Adds option to override commit email with a noreply private email. !22560 +- Add None/Any option for assignee_id in Issues and Merge Requests API. !22598 (Heinrich Lee Yu) +- Add None/Any option for assignee_id in search bar. !22599 (Heinrich Lee Yu) +- Implement parallel job keyword. !22631 +- Add None / Any options to reactions filter. !22638 (Heinrich Lee Yu) +- Make index.* render like README.* when it's present in a repository. !22639 (Jakub Jirutka) +- Allow adding patches when creating a merge request via email. !22723 (Serdar Dogruyol) +- Bump Gitaly to 0.129.0. !22868 +- Allow commenting on any diff line in Merge Requests. !22914 +- Add revert to commits API. !22919 +- Introduce Knative support. !43959 (Chris Baumbauer) +- Reimplemented image commenting in merge request diffs. +- Soft-archive old jobs. +- Renders warning info when job is archieved. +- Support licenses and performance. +- Filter notes by comments or activity for issues and merge requests. +- Bump Gitaly to 0.128.0. + +### Other (54 changes, 18 of them are from the community) + +- Remove .card-title from .card-header for BS4 migration. !19335 (Takuya Noguchi) +- Update group settings/edit page to new design. !21115 +- Change markdown header tab anchor links to buttons. !21988 (George Tsiolis) +- Replace tooltip in markdown component with gl-tooltip. !21989 (George Tsiolis) +- Extend RBAC by having a service account restricted to project's namespace. !22011 +- Update images in group docs. !22031 (Marc Schwede) +- Add gitlab:gitaly:check task for Gitaly health check. !22063 +- Add new sort option "most_stars" to "Group > Children" pages. !22121 (Rene Hennig) +- Fix inaccessible dropdown for code-less projects. !22137 +- Rails5: fix user edit profile clear status spec. !22169 (Jasper Maes) +- Rails 5: fix mysql milliseconds problems in scheduled build specs. !22170 (Jasper Maes) +- Focus project slug on tab navigation. !22198 +- Redesign activity feed. !22217 +- Update used version of Runner Helm Chart to 0.1.34. !22274 +- Update environments empty state. !22297 (George Tsiolis) +- Adds model and migrations to enable group level clusters. !22307 +- Use literal instead of constructor for creating regex. !22367 +- Remove prometheus configuration help text. !22413 (George Tsiolis) +- Rails5: fix deployment model spec. !22428 (Jasper Maes) +- Change to top level controller for clusters so that we can use it for project clusters (now) and group clusters (later). !22438 +- Remove empty spec describe blocks. !22451 (George Tsiolis) +- Change branch font type in tag creation. !22454 (George Tsiolis) +- Rails5: fix delete blob. !22456 (Jasper Maes) +- Start tracking shards and pool repositories in the database. !22482 +- Allow kubeclient to call RoleBinding methods. !22524 +- Introduce new kubernetes helpers. !22525 +- Adds container to pager to enable scoping. !22529 +- Update used version of Runner Helm Chart to 0.1.35. !22541 +- Removes experimental labels from cluster views. !22550 +- Combine all datetime library functions into 'datetime_utility.js'. !22570 +- Upgrade Prometheus to 2.4.3 and Alertmanager to 0.15.2. !22600 +- Fix stage dropdown not rendering in different languages. !22604 +- Remove asset_sync gem from Gemfile and related code from codebase. !22610 +- Use key-value pair arrays for API query parameter logging instead of hashes. !22623 +- Replace deprecated uniq on a Relation with distinct. !22625 (Jasper Maes) +- Remove mousetrap-rails gem. !22647 (Takuya Noguchi) +- Fix IDE typos in props. !22685 (George Tsiolis) +- Add scheduled flag to job entity. !22710 +- Remove `ci_enable_scheduled_build` feature flag. !22742 +- Add endpoints for simulating certain failure modes in the application. !22746 +- Bump KUBERNETES_VERSION for Auto DevOps to latest 1.10 series. !22757 +- Fix statement timeouts in RemoveRestrictedTodos migration. !22795 +- Rails5: fix mysql milliseconds issue in deployment model specs. !22850 (Jasper Maes) +- Update GitLab-Workhorse to v7.1.0. !22883 +- Update JIRA service UI to accept email and API token. +- Update wiki empty state. (George Tsiolis) +- Only renders dropdown for review app changes when we have a list of files to show. Otherwise will render the regular review app button. +- Associate Rakefile with Ruby icon in diffs. +- Uses gitlab-ui components in jobs components. +- Create new group: Rename form fields and update UI. +- Transform job page into a single Vue+Vuex application. +- Updates svg dependency. +- Adds missing i18n to pipelines table. +- Disables stop environment button while the deploy is in progress. ## 11.4.5 (2018-11-04) @@ -320,6 +579,41 @@ entry. - Check frozen string in style builds. (gfyoung) +## 11.3.9 (2018-10-31) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.3.8 (2018-10-27) + +- No changes. + +## 11.3.7 (2018-10-26) + +### Security (6 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2557 +- Persist only SHA digest of PersonalAccessToken#token. +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Prevent SSRF attacks in HipChat integration. +- Validate Wiki attachments are valid temporary files. + + +## 11.3.6 (2018-10-17) + +- No changes. + +## 11.3.5 (2018-10-15) + +### Fixed (2 changes) + +- Fix loading issue on some merge request discussion. !21982 +- Fix project deletion when there is a export available. !22276 + + ## 11.3.3 (2018-10-04) - No changes. @@ -597,6 +891,28 @@ entry. - Creates Vue component for artifacts block on job page. +## 11.2.8 (2018-10-31) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.2.7 (2018-10-27) + +- No changes. + +## 11.2.6 (2018-10-26) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2558 +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Persist only SHA digest of PersonalAccessToken#token. +- Prevent SSRF attacks in HipChat integration. + + ## 11.2.5 (2018-10-05) ### Security (3 changes) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 81fc46c2b6..2dc8ac40dd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,184 +64,56 @@ As of July 2018, all the documentation for contributing to the GitLab project ha ## Contribute to GitLab -Thank you for your interest in contributing to GitLab. This guide details how -to contribute to GitLab in a way that is easy for everyone. - -For a first-time step-by-step guide to the contribution process, please see -["Contributing to GitLab"](https://about.gitlab.com/contributing/). - -Looking for something to work on? Look for issues in the [Backlog (Accepting merge requests) milestone](#i-want-to-contribute). - -GitLab comes in two flavors, GitLab Community Edition (CE) our free and open -source edition, and GitLab Enterprise Edition (EE) which is our commercial -edition. Throughout this guide you will see references to CE and EE for -abbreviation. - -To get an overview of GitLab community membership including those that would be reviewing or merging your contributions, please visit [the community roles page](doc/development/contributing/community_roles.md). - -If you want to know how the GitLab [core team] -operates please see [the GitLab contributing process](PROCESS.md). - -[GitLab Inc engineers should refer to the engineering workflow document](https://about.gitlab.com/handbook/engineering/workflow/) +This [documentation](doc/development/contributing/index.md#contribute-to-gitlab) has been moved. ## Security vulnerability disclosure -Please report suspected security vulnerabilities in private to -`support@gitlab.com`, also see the -[disclosure section on the GitLab.com website](https://about.gitlab.com/disclosure/). -Please do **NOT** create publicly viewable issues for suspected security -vulnerabilities. +This [documentation](doc/development/contributing/index.md#security-vulnerability-disclosure) has been moved. -## Code of conduct +## Code of Conduct -As contributors and maintainers of this project, we pledge to respect all -people who contribute through reporting issues, posting feature requests, -updating documentation, submitting pull requests or patches, and other -activities. - -We are committed to making participation in this project a harassment-free -experience for everyone, regardless of level of experience, gender, gender -identity and expression, sexual orientation, disability, personal appearance, -body size, race, ethnicity, age, or religion. - -Examples of unacceptable behavior by participants include the use of sexual -language or imagery, derogatory comments or personal attacks, trolling, public -or private harassment, insults, or other unprofessional conduct. - -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct. Project maintainers who do not -follow the Code of Conduct may be removed from the project team. - -This code of conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. - -Instances of abusive, harassing, or otherwise unacceptable behavior can be -reported by emailing `contact@gitlab.com`. - -This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0, -available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/). +This [documentation](https://about.gitlab.com/contributing/code-of-conduct/) has been moved. ## Closing policy for issues and merge requests -GitLab is a popular open source project and the capacity to deal with issues -and merge requests is limited. Out of respect for our volunteers, issues and -merge requests not in line with the guidelines listed in this document may be -closed without notice. - -Please treat our volunteers with courtesy and respect, it will go a long way -towards getting your issue resolved. - -Issues and merge requests should be in English and contain appropriate language -for audiences of all ages. - -If a contributor is no longer actively working on a submitted merge request -we can decide that the merge request will be finished by one of our -[Merge request coaches][team] or close the merge request. We make this decision -based on how important the change is for our product vision. If a Merge request -coach is going to finish the merge request we assign the -~"coach will finish" label. +This [documentation](doc/development/contributing/index.md#closing-policy-for-issues-and-merge-requests) has been moved. ## Helping others -Please help other GitLab users when you can. -The methods people will use to seek help can be found on the [getting help page][getting-help]. - -Sign up for the mailing list, answer GitLab questions on StackOverflow or -respond in the IRC channel. You can also sign up on [CodeTriage][codetriage] to help with -the remaining issues on the GitHub issue tracker. +This [documentation](doc/development/contributing/index.md#helping-others) has been moved. ## I want to contribute! -If you want to contribute to GitLab, [issues in the Backlog (Accepting merge requests)](https://gitlab.com/gitlab-org/gitlab-ce/issues?scope=all&utf8=✓&state=opened&assignee_id=0&milestone_title=Backlog%20(Accepting%20merge%20requests)) -are a great place to start. Issues with a lower weight (1 or 2) are deemed -suitable for beginners. These issues will be of reasonable size and challenge, -for anyone to start contributing to GitLab. If you have any questions or need help visit [Getting Help](https://about.gitlab.com/getting-help/#discussion) to -learn how to communicate with GitLab. If you're looking for a Gitter or Slack channel -please consider we favor -[asynchronous communication](https://about.gitlab.com/handbook/communication/#internal-communication) over real time communication. Thanks for your contribution! +This [documentation](doc/development/contributing/index.md#i-want-to-contribute) has been moved. ## Contribution Flow -When contributing to GitLab, your merge request is subject to review by merge request maintainers of a particular specialty. - -When you submit code to GitLab, we really want it to get merged, but there will be times when it will not be merged. - -When maintainers are reading through a merge request they may request guidance from other maintainers. If merge request maintainers conclude that the code should not be merged, our reasons will be fully disclosed. If it has been decided that the code quality is not up to GitLab’s standards, the merge request maintainer will refer the author to our docs and code style guides, and provide some guidance. - -Sometimes style guides will be followed but the code will lack structural integrity, or the maintainer will have reservations about the code’s overall quality. When there is a reservation the maintainer will inform the author and provide some guidance. The author may then choose to update the merge request. Once the merge request has been updated and reassigned to the maintainer, they will review the code again. Once the code has been resubmitted any number of times, the maintainer may choose to close the merge request with a summary of why it will not be merged, as well as some guidance. If the merge request is closed the maintainer will be open to discussion as to how to improve the code so it can be approved in the future. - -GitLab will do its best to review community contributions as quickly as possible. Specially appointed developers review community contributions daily. You may take a look at the [team page](https://about.gitlab.com/team/) for the merge request coach who specializes in the type of code you have written and mention them in the merge request. For example, if you have written some JavaScript in your code then you should mention the frontend merge request coach. If your code has multiple disciplines you may mention multiple merge request coaches. - -GitLab receives a lot of community contributions, so if your code has not been reviewed within 4 days of its initial submission feel free to re-mention the appropriate merge request coach. - -When submitting code to GitLab, you may feel that your contribution requires the aid of an external library. If your code includes an external library please provide a link to the library, as well as reasons for including it. - -When your code contains more than 500 changes, any major breaking changes, or an external library, `@mention` a maintainer in the merge request. If you are not sure who to mention, the reviewer will add one early in the merge request process. - -[core team]: https://about.gitlab.com/core-team/ -[team]: https://about.gitlab.com/team/ -[getting-help]: https://about.gitlab.com/getting-help/ -[codetriage]: http://www.codetriage.com/gitlabhq/gitlabhq -[accepting-mrs-weight]: https://gitlab.com/gitlab-org/gitlab-ce/issues?assignee_id=0&label_name[]=Accepting%20Merge%20Requests&sort=weight_asc -[ce-tracker]: https://gitlab.com/gitlab-org/gitlab-ce/issues -[ee-tracker]: https://gitlab.com/gitlab-org/gitlab-ee/issues -[google-group]: https://groups.google.com/forum/#!forum/gitlabhq -[stackoverflow]: https://stackoverflow.com/questions/tagged/gitlab -[fpl]: https://gitlab.com/gitlab-org/gitlab-ce/issues?label_name=feature+proposal -[accepting-mrs-ce]: https://gitlab.com/gitlab-org/gitlab-ce/issues?label_name=Accepting+Merge+Requests -[accepting-mrs-ee]: https://gitlab.com/gitlab-org/gitlab-ee/issues?label_name=Accepting+Merge+Requests -[gitlab-mr-tracker]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests -[gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit -[git-squash]: https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits -[closed-merge-requests]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests?assignee_id=&label_name=&milestone_id=&scope=&sort=&state=closed -[definition-of-done]: http://guide.agilealliance.org/guide/definition-of-done.html -[contributor-covenant]: http://contributor-covenant.org -[rss-source]: https://github.com/bbatsov/ruby-style-guide/blob/master/README.md#source-code-layout -[rss-naming]: https://github.com/bbatsov/ruby-style-guide/blob/master/README.md#naming -[changelog]: doc/development/changelog.md "Generate a changelog entry" -[doc-guidelines]: doc/development/documentation/index.md "Documentation guidelines" -[js-styleguide]: doc/development/fe_guide/style_guide_js.md "JavaScript styleguide" -[scss-styleguide]: doc/development/fe_guide/style_guide_scss.md "SCSS styleguide" -[newlines-styleguide]: doc/development/newlines_styleguide.md "Newlines styleguide" -[UX Guide for GitLab]: http://docs.gitlab.com/ce/development/ux_guide/ -[license-finder-doc]: doc/development/licensing.md -[GitLab Inc engineering workflow]: https://about.gitlab.com/handbook/engineering/workflow/#labelling-issues -[polling-etag]: https://docs.gitlab.com/ce/development/polling.html -[testing]: doc/development/testing_guide/index.md -[us-english]: https://en.wikipedia.org/wiki/American_English - +This [documentation](doc/development/contributing/index.md) has been moved. ## Workflow labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Type labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Subject labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Team labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Release Scoping labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Priority labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Severity labels This [documentation](doc/development/contributing/issue_workflow.md) has been moved. @@ -250,17 +122,14 @@ This [documentation](doc/development/contributing/issue_workflow.md) has been mo This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Label for community contributors This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ## Implement design & UI elements This [documentation](doc/development/contributing/design.md) has been moved. - ## Issue tracker This [documentation](doc/development/contributing/issue_workflow.md) has been moved. @@ -269,7 +138,6 @@ This [documentation](doc/development/contributing/issue_workflow.md) has been mo This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Feature proposals This [documentation](doc/development/contributing/issue_workflow.md) has been moved. @@ -278,32 +146,26 @@ This [documentation](doc/development/contributing/issue_workflow.md) has been mo This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Issue weight This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Regression issues This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Technical and UX debt This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ### Stewardship This [documentation](doc/development/contributing/issue_workflow.md) has been moved. - ## Merge requests This [documentation](doc/development/contributing/merge_request_workflow.md) has been moved. - ### Merge request guidelines This [documentation](doc/development/contributing/merge_request_workflow.md) has been moved. @@ -313,12 +175,10 @@ This [documentation](doc/development/contributing/merge_request_workflow.md) has This [documentation](doc/development/contributing/merge_request_workflow.md) has been moved. - ## Definition of done This [documentation](doc/development/contributing/merge_request_workflow.md) has been moved. - ## Style guides This [documentation](doc/development/contributing/design.md) has been moved. diff --git a/Dangerfile b/Dangerfile index 10caacff4c..469e77b251 100644 --- a/Dangerfile +++ b/Dangerfile @@ -1,3 +1,4 @@ +danger.import_plugin('danger/plugins/helper.rb') danger.import_dangerfile(path: 'danger/metadata') danger.import_dangerfile(path: 'danger/changes_size') danger.import_dangerfile(path: 'danger/changelog') diff --git a/Dockerfile.assets b/Dockerfile.assets new file mode 100644 index 0000000000..403d16cc4a --- /dev/null +++ b/Dockerfile.assets @@ -0,0 +1,4 @@ +# Simple container to store assets for later use +FROM scratch +ADD public/assets /assets/ +CMD /bin/true diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 33e061fe7a..4db8830b11 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -0.125.1 +0.129.0 diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION index 524cb55242..3a3cd8cc8b 100644 --- a/GITLAB_PAGES_VERSION +++ b/GITLAB_PAGES_VERSION @@ -1 +1 @@ -1.1.1 +1.3.1 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index d127a0ff9f..6da4de57dc 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -8.3.3 +8.4.1 diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION index 9fe9ff9d99..1996c50447 100644 --- a/GITLAB_WORKHORSE_VERSION +++ b/GITLAB_WORKHORSE_VERSION @@ -1 +1 @@ -7.0.1 +7.1.3 diff --git a/Gemfile b/Gemfile index ecbfba0827..c7efa790cf 100644 --- a/Gemfile +++ b/Gemfile @@ -79,13 +79,6 @@ gem 'gpgme' gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap' gem 'net-ldap' -# Git Wiki -# Only used to compute wiki page slugs -gem 'gitlab-gollum-lib', '~> 4.2', require: false - -# Language detection -gem 'github-linguist', '~> 5.3.3', require: 'linguist' - # API gem 'grape', '~> 1.1' gem 'grape-entity', '~> 0.7.1' @@ -146,6 +139,7 @@ gem 'rouge', '~> 3.1' gem 'truncato', '~> 0.7.9' gem 'bootstrap_form', '~> 2.7.0' gem 'nokogiri', '~> 1.8.2' +gem 'escape_utils', '~> 1.1' # Calendar rendering gem 'icalendar' @@ -159,6 +153,11 @@ group :unicorn do gem 'unicorn-worker-killer', '~> 0.4.4' end +group :puma do + gem 'puma', '~> 3.12', require: false + gem 'puma_worker_killer', require: false +end + # State machine gem 'state_machines-activerecord', '~> 0.5.1' @@ -212,7 +211,7 @@ gem 'hipchat', '~> 1.5.0' gem 'jira-ruby', '~> 1.4' # Flowdock integration -gem 'gitlab-flowdock-git-hook', '~> 1.0.1' +gem 'flowdock', '~> 0.7' # Slack integration gem 'slack-notifier', '~> 1.5.1' @@ -245,9 +244,6 @@ gem 'rack-attack', '~> 4.4.1' # Ace editor gem 'ace-rails-ap', '~> 4.1.0' -# Keyboard shortcuts -gem 'mousetrap-rails', '~> 1.4.6' - # Detect and convert string character encoding gem 'charlock_holmes', '~> 0.7.5' @@ -420,11 +416,10 @@ group :ed25519 do end # Gitaly GRPC client -gem 'gitaly-proto', '~> 0.118.1', require: 'gitaly' -gem 'grpc', '~> 1.11.0' +gem 'gitaly-proto', '~> 0.123.0', require: 'gitaly' +gem 'grpc', '~> 1.15.0' -# Locked until https://github.com/google/protobuf/issues/4210 is closed -gem 'google-protobuf', '= 3.5.1' +gem 'google-protobuf', '~> 3.6' gem 'toml-rb', '~> 1.0.0', require: false @@ -436,6 +431,3 @@ gem 'flipper-active_support_cache_store', '~> 0.13.0' # Structured logging gem 'lograge', '~> 0.5' gem 'grape_logging', '~> 1.7' - -# Asset synchronization -gem 'asset_sync', '~> 2.4' diff --git a/Gemfile.lock b/Gemfile.lock index 9837a195d8..50e3ddef1e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -58,11 +58,6 @@ GEM asciidoctor (1.5.6.2) asciidoctor-plantuml (0.0.8) asciidoctor (~> 1.5) - asset_sync (2.4.0) - activemodel (>= 4.1.0) - fog-core - mime-types (>= 2.99) - unf ast (2.4.0) atomic (1.1.99) attr_encrypted (3.1.0) @@ -274,32 +269,9 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.118.1) - google-protobuf (~> 3.1) - grpc (~> 1.10) - github-linguist (5.3.3) - charlock_holmes (~> 0.7.5) - escape_utils (~> 1.1.0) - mime-types (>= 1.19) - rugged (>= 0.25.1) + gitaly-proto (0.123.0) + grpc (~> 1.0) github-markup (1.7.0) - gitlab-flowdock-git-hook (1.0.1) - flowdock (~> 0.7) - gitlab-grit (>= 2.4.1) - multi_json - gitlab-gollum-lib (4.2.7.5) - gemojione (~> 3.2) - github-markup (~> 1.6) - gollum-grit_adapter (~> 1.0) - nokogiri (>= 1.6.1, < 2.0) - rouge (~> 3.1) - sanitize (~> 4.6.4) - stringex (~> 2.6) - gitlab-grit (2.8.2) - charlock_holmes (~> 0.6) - diff-lcs (~> 1.1) - mime-types (>= 1.16) - posix-spawn (~> 0.3) gitlab-markup (1.6.4) gitlab-sidekiq-fetcher (0.3.0) sidekiq (~> 5) @@ -314,8 +286,6 @@ GEM rubyntlm (~> 0.5) globalid (0.4.1) activesupport (>= 4.2.0) - gollum-grit_adapter (1.0.1) - gitlab-grit (~> 2.7, >= 2.7.1) gon (6.2.0) actionpack (>= 3.0) multi_json @@ -327,16 +297,15 @@ GEM mime-types (~> 3.0) representable (~> 3.0) retriable (>= 2.0, < 4.0) - google-protobuf (3.5.1) - googleapis-common-protos-types (1.0.1) + google-protobuf (3.6.1) + googleapis-common-protos-types (1.0.2) google-protobuf (~> 3.0) - googleauth (0.6.2) + googleauth (0.6.6) faraday (~> 0.12) jwt (>= 1.4, < 3.0) - logging (~> 2.0) memoist (~> 0.12) multi_json (~> 1.11) - os (~> 0.9) + os (>= 0.9, < 2.0) signet (~> 0.7) gpgme (2.0.13) mini_portile2 (~> 2.1) @@ -360,10 +329,9 @@ GEM railties sprockets-rails graphql (1.8.1) - grpc (1.11.0) + grpc (1.15.0) google-protobuf (~> 3.1) googleapis-common-protos-types (~> 1.0.0) - googleauth (>= 0.5.1, < 0.7) haml (5.0.4) temple (>= 0.8.0) tilt @@ -465,11 +433,7 @@ GEM xml-simple licensee (8.9.2) rugged (~> 0.24) - little-plugger (1.1.4) locale (2.1.2) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) lograge (0.10.0) actionpack (>= 4) activesupport (>= 4) @@ -493,7 +457,6 @@ GEM mini_mime (1.0.1) mini_portile2 (2.3.0) minitest (5.7.0) - mousetrap-rails (1.4.6) msgpack (1.2.4) multi_json (1.13.1) multi_xml (0.6.0) @@ -575,9 +538,9 @@ GEM org-ruby (0.9.12) rubypants (~> 0.2) orm_adapter (0.5.0) - os (0.9.6) + os (1.0.0) parallel (1.12.1) - parser (2.5.1.0) + parser (2.5.3.0) ast (~> 2.4.0) parslet (1.8.2) peek (1.0.1) @@ -605,7 +568,6 @@ GEM pg (0.18.4) po_to_json (1.0.1) json (>= 1.6.0) - posix-spawn (0.3.13) powerpack (0.1.1) premailer (1.10.4) addressable @@ -629,6 +591,10 @@ GEM pry-rails (0.3.6) pry (>= 0.10.4) public_suffix (3.0.3) + puma (3.12.0) + puma_worker_killer (0.1.0) + get_process_mem (~> 0.2) + puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) rack (1.6.10) rack-accept (0.4.5) @@ -797,7 +763,7 @@ GEM rubyzip (1.2.2) rufus-scheduler (3.4.0) et-orbi (~> 1.0) - rugged (0.27.4) + rugged (0.27.5) safe_yaml (1.0.4) sanitize (4.6.6) crass (~> 1.0.2) @@ -843,7 +809,7 @@ GEM sidekiq-cron (0.6.0) rufus-scheduler (>= 3.3.0) sidekiq (>= 4.2.1) - signet (0.8.1) + signet (0.11.0) addressable (~> 2.3) faraday (~> 0.9) jwt (>= 1.5, < 3.0) @@ -876,7 +842,6 @@ GEM state_machines-activerecord (0.5.1) activerecord (>= 4.1, < 6.0) state_machines-activemodel (>= 0.5.0) - stringex (2.8.4) sys-filesystem (1.1.6) ffi sysexits (1.2.0) @@ -968,7 +933,6 @@ DEPENDENCIES asana (~> 0.6.0) asciidoctor (~> 1.5.6) asciidoctor-plantuml (= 0.0.8) - asset_sync (~> 2.4) attr_encrypted (~> 3.1.0) awesome_print babosa (~> 1.0.2) @@ -1006,6 +970,7 @@ DEPENDENCIES ed25519 (~> 1.2) email_reply_trimmer (~> 0.1) email_spec (~> 2.2.0) + escape_utils (~> 1.1) factory_bot_rails (~> 4.8.2) faraday (~> 0.12) fast_blank @@ -1013,6 +978,7 @@ DEPENDENCIES flipper (~> 0.13.0) flipper-active_record (~> 0.13.0) flipper-active_support_cache_store (~> 0.13.0) + flowdock (~> 0.7) fog-aliyun (~> 0.2.0) fog-aws (~> 2.0.1) fog-core (~> 1.44) @@ -1027,18 +993,15 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.118.1) - github-linguist (~> 5.3.3) + gitaly-proto (~> 0.123.0) github-markup (~> 1.7.0) - gitlab-flowdock-git-hook (~> 1.0.1) - gitlab-gollum-lib (~> 4.2) gitlab-markup (~> 1.6.4) gitlab-sidekiq-fetcher gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.23) - google-protobuf (= 3.5.1) + google-protobuf (~> 3.6) gpgme grape (~> 1.1) grape-entity (~> 0.7.1) @@ -1046,7 +1009,7 @@ DEPENDENCIES grape_logging (~> 1.7) graphiql-rails (~> 1.4.10) graphql (~> 1.8.0) - grpc (~> 1.11.0) + grpc (~> 1.15.0) haml_lint (~> 0.26.0) hamlit (~> 2.8.8) hangouts-chat (~> 0.0.5) @@ -1075,7 +1038,6 @@ DEPENDENCIES method_source (~> 0.8) mini_magick minitest (~> 5.7.0) - mousetrap-rails (~> 1.4.6) mysql2 (~> 0.4.10) net-ldap net-ssh (~> 5.0) @@ -1109,6 +1071,8 @@ DEPENDENCIES prometheus-client-mmap (~> 0.9.4) pry-byebug (~> 3.4.1) pry-rails (~> 0.3.4) + puma (~> 3.12) + puma_worker_killer rack-attack (~> 4.4.1) rack-cors (~> 1.0.0) rack-oauth2 (~> 1.2.1) @@ -1187,4 +1151,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.16.4 + 1.17.1 diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock index 9eab07d965..181f2db95b 100644 --- a/Gemfile.rails5.lock +++ b/Gemfile.rails5.lock @@ -61,11 +61,6 @@ GEM asciidoctor (1.5.6.2) asciidoctor-plantuml (0.0.8) asciidoctor (~> 1.5) - asset_sync (2.4.0) - activemodel (>= 4.1.0) - fog-core - mime-types (>= 2.99) - unf ast (2.4.0) atomic (1.1.99) attr_encrypted (3.1.0) @@ -277,32 +272,9 @@ GEM gettext_i18n_rails (>= 0.7.1) po_to_json (>= 1.0.0) rails (>= 3.2.0) - gitaly-proto (0.118.1) - google-protobuf (~> 3.1) - grpc (~> 1.10) - github-linguist (5.3.3) - charlock_holmes (~> 0.7.5) - escape_utils (~> 1.1.0) - mime-types (>= 1.19) - rugged (>= 0.25.1) + gitaly-proto (0.123.0) + grpc (~> 1.0) github-markup (1.7.0) - gitlab-flowdock-git-hook (1.0.1) - flowdock (~> 0.7) - gitlab-grit (>= 2.4.1) - multi_json - gitlab-gollum-lib (4.2.7.5) - gemojione (~> 3.2) - github-markup (~> 1.6) - gollum-grit_adapter (~> 1.0) - nokogiri (>= 1.6.1, < 2.0) - rouge (~> 3.1) - sanitize (~> 4.6.4) - stringex (~> 2.6) - gitlab-grit (2.8.2) - charlock_holmes (~> 0.6) - diff-lcs (~> 1.1) - mime-types (>= 1.16) - posix-spawn (~> 0.3) gitlab-markup (1.6.4) gitlab-sidekiq-fetcher (0.3.0) sidekiq (~> 5) @@ -317,8 +289,6 @@ GEM rubyntlm (~> 0.5) globalid (0.4.1) activesupport (>= 4.2.0) - gollum-grit_adapter (1.0.1) - gitlab-grit (~> 2.7, >= 2.7.1) gon (6.2.0) actionpack (>= 3.0) multi_json @@ -330,16 +300,15 @@ GEM mime-types (~> 3.0) representable (~> 3.0) retriable (>= 2.0, < 4.0) - google-protobuf (3.5.1) - googleapis-common-protos-types (1.0.1) + google-protobuf (3.6.1) + googleapis-common-protos-types (1.0.2) google-protobuf (~> 3.0) - googleauth (0.6.2) + googleauth (0.6.6) faraday (~> 0.12) jwt (>= 1.4, < 3.0) - logging (~> 2.0) memoist (~> 0.12) multi_json (~> 1.11) - os (~> 0.9) + os (>= 0.9, < 2.0) signet (~> 0.7) gpgme (2.0.13) mini_portile2 (~> 2.1) @@ -363,10 +332,9 @@ GEM railties sprockets-rails graphql (1.8.1) - grpc (1.11.0) + grpc (1.15.0) google-protobuf (~> 3.1) googleapis-common-protos-types (~> 1.0.0) - googleauth (>= 0.5.1, < 0.7) haml (5.0.4) temple (>= 0.8.0) tilt @@ -468,11 +436,7 @@ GEM xml-simple licensee (8.9.2) rugged (~> 0.24) - little-plugger (1.1.4) locale (2.1.2) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) lograge (0.10.0) actionpack (>= 4) activesupport (>= 4) @@ -496,7 +460,6 @@ GEM mini_mime (1.0.1) mini_portile2 (2.3.0) minitest (5.7.0) - mousetrap-rails (1.4.6) msgpack (1.2.4) multi_json (1.13.1) multi_xml (0.6.0) @@ -579,9 +542,9 @@ GEM org-ruby (0.9.12) rubypants (~> 0.2) orm_adapter (0.5.0) - os (0.9.6) + os (1.0.0) parallel (1.12.1) - parser (2.5.1.0) + parser (2.5.1.2) ast (~> 2.4.0) parslet (1.8.2) peek (1.0.1) @@ -609,7 +572,6 @@ GEM pg (0.18.4) po_to_json (1.0.1) json (>= 1.6.0) - posix-spawn (0.3.13) powerpack (0.1.1) premailer (1.10.4) addressable @@ -633,6 +595,10 @@ GEM pry-rails (0.3.6) pry (>= 0.10.4) public_suffix (3.0.3) + puma (3.12.0) + puma_worker_killer (0.1.0) + get_process_mem (~> 0.2) + puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) rack (2.0.5) rack-accept (0.4.5) @@ -805,7 +771,7 @@ GEM rubyzip (1.2.2) rufus-scheduler (3.4.0) et-orbi (~> 1.0) - rugged (0.27.4) + rugged (0.27.5) safe_yaml (1.0.4) sanitize (4.6.6) crass (~> 1.0.2) @@ -851,7 +817,7 @@ GEM sidekiq-cron (0.6.0) rufus-scheduler (>= 3.3.0) sidekiq (>= 4.2.1) - signet (0.8.1) + signet (0.11.0) addressable (~> 2.3) faraday (~> 0.9) jwt (>= 1.5, < 3.0) @@ -884,7 +850,6 @@ GEM state_machines-activerecord (0.5.1) activerecord (>= 4.1, < 6.0) state_machines-activemodel (>= 0.5.0) - stringex (2.8.4) sys-filesystem (1.1.6) ffi sysexits (1.2.0) @@ -977,7 +942,6 @@ DEPENDENCIES asana (~> 0.6.0) asciidoctor (~> 1.5.6) asciidoctor-plantuml (= 0.0.8) - asset_sync (~> 2.4) attr_encrypted (~> 3.1.0) awesome_print babosa (~> 1.0.2) @@ -1015,6 +979,7 @@ DEPENDENCIES ed25519 (~> 1.2) email_reply_trimmer (~> 0.1) email_spec (~> 2.2.0) + escape_utils (~> 1.1) factory_bot_rails (~> 4.8.2) faraday (~> 0.12) fast_blank @@ -1022,6 +987,7 @@ DEPENDENCIES flipper (~> 0.13.0) flipper-active_record (~> 0.13.0) flipper-active_support_cache_store (~> 0.13.0) + flowdock (~> 0.7) fog-aliyun (~> 0.2.0) fog-aws (~> 2.0.1) fog-core (~> 1.44) @@ -1036,18 +1002,15 @@ DEPENDENCIES gettext (~> 3.2.2) gettext_i18n_rails (~> 1.8.0) gettext_i18n_rails_js (~> 1.3) - gitaly-proto (~> 0.118.1) - github-linguist (~> 5.3.3) + gitaly-proto (~> 0.123.0) github-markup (~> 1.7.0) - gitlab-flowdock-git-hook (~> 1.0.1) - gitlab-gollum-lib (~> 4.2) gitlab-markup (~> 1.6.4) gitlab-sidekiq-fetcher gitlab-styles (~> 2.4) gitlab_omniauth-ldap (~> 2.0.4) gon (~> 6.2) google-api-client (~> 0.23) - google-protobuf (= 3.5.1) + google-protobuf (~> 3.6) gpgme grape (~> 1.1) grape-entity (~> 0.7.1) @@ -1055,7 +1018,7 @@ DEPENDENCIES grape_logging (~> 1.7) graphiql-rails (~> 1.4.10) graphql (~> 1.8.0) - grpc (~> 1.11.0) + grpc (~> 1.15.0) haml_lint (~> 0.26.0) hamlit (~> 2.8.8) hangouts-chat (~> 0.0.5) @@ -1084,7 +1047,6 @@ DEPENDENCIES method_source (~> 0.8) mini_magick minitest (~> 5.7.0) - mousetrap-rails (~> 1.4.6) mysql2 (~> 0.4.10) net-ldap net-ssh (~> 5.0) @@ -1118,6 +1080,8 @@ DEPENDENCIES prometheus-client-mmap (~> 0.9.4) pry-byebug (~> 3.4.1) pry-rails (~> 0.3.4) + puma (~> 3.12) + puma_worker_killer rack-attack (~> 4.4.1) rack-cors (~> 1.0.0) rack-oauth2 (~> 1.2.1) @@ -1196,4 +1160,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.16.4 + 1.17.1 diff --git a/PROCESS.md b/PROCESS.md index 38ec01f9de..5fc2c4cf1d 100644 --- a/PROCESS.md +++ b/PROCESS.md @@ -208,6 +208,7 @@ the stable branch are: * Fixes or improvements to automated QA scenarios * [Documentation updates](https://docs.gitlab.com/ee/development/documentation/workflow.html#documentation-shipped-late) for changes in the same release * New or updated translations (as long as they do not touch application code) +* Changes that are behind a feature flag and have the ~"feature flag" label During the feature freeze all merge requests that are meant to go into the upcoming release should have the correct milestone assigned _and_ the diff --git a/README.md b/README.md index 335736e53f..133c15a83a 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Instructions on how to start GitLab and how to run the tests can be found in the GitLab is a Ruby on Rails application that runs on the following software: - Ubuntu/Debian/CentOS/RHEL/OpenSUSE -- Ruby (MRI) 2.3 +- Ruby (MRI) 2.4 - Git 2.8.4+ - Redis 2.8+ - PostgreSQL (preferred) or MySQL diff --git a/VERSION b/VERSION index 27cb33e955..39eb3b4fbf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -11.4.9 +11.5.3 diff --git a/app/assets/images/cluster_app_logos/knative.png b/app/assets/images/cluster_app_logos/knative.png new file mode 100644 index 0000000000..0a2510c854 Binary files /dev/null and b/app/assets/images/cluster_app_logos/knative.png differ diff --git a/app/assets/images/koding-logo.svg b/app/assets/images/koding-logo.svg deleted file mode 100644 index ad89d684d9..0000000000 --- a/app/assets/images/koding-logo.svg +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/app/assets/javascripts/activities.js b/app/assets/javascripts/activities.js index de4566bb11..05de970e38 100644 --- a/app/assets/javascripts/activities.js +++ b/app/assets/javascripts/activities.js @@ -6,10 +6,12 @@ import Pager from './pager'; import { localTimeAgo } from './lib/utils/datetime_utility'; export default class Activities { - constructor() { - Pager.init(20, true, false, data => data, this.updateTooltips); + constructor(container = '') { + this.container = container; - $('.event-filter-link').on('click', (e) => { + Pager.init(20, true, false, data => data, this.updateTooltips, this.container); + + $('.event-filter-link').on('click', e => { e.preventDefault(); this.toggleFilter(e.currentTarget); this.reloadActivities(); @@ -22,7 +24,7 @@ export default class Activities { reloadActivities() { $('.content_list').html(''); - Pager.init(20, true, false, data => data, this.updateTooltips); + Pager.init(20, true, false, data => data, this.updateTooltips, this.container); } toggleFilter(sender) { diff --git a/app/assets/javascripts/badges/components/badge.vue b/app/assets/javascripts/badges/components/badge.vue index 97232d7f78..8512bf9dd7 100644 --- a/app/assets/javascripts/badges/components/badge.vue +++ b/app/assets/javascripts/badges/components/badge.vue @@ -1,12 +1,14 @@