Automatic merge of gitlab-org/gitlab master

334f887e · GitLab Bot · a828892d · b19f2af9 · 334f887e · 334f887e
Commit 334f887e authored Feb 02, 2022 by GitLab Bot
9 changed files
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -173,10 +173,7 @@ module UsersHelper
  end

  def display_public_email?(user)
-    return false if user.public_email.blank?
-    return true unless user.provisioned_by_group
-
-    !Feature.enabled?(:hide_public_email_on_profile, user.provisioned_by_group)
+    user.public_email.present?
  end

  private

--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -157,9 +157,9 @@ module Ci
      from_union(
        [
          belonging_to_project(project_id),
-          belonging_to_parent_group_of_project(project_id),
+          project.group_runners_enabled? ? belonging_to_parent_group_of_project(project_id) : nil,
          project.shared_runners
-        ],
+        ].compact,
        remove_duplicates: false
      )
    end

--- a/doc/administration/packages/dependency_proxy.md
+++ b/doc/administration/packages/dependency_proxy.md
@@ -199,6 +199,21 @@ This section describes the earlier configuration format.

 1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect.

+### Migrate from local storage to object storage
+
+GitLab currently [doesn't support](https://gitlab.com/gitlab-org/gitlab/-/issues/343064)
+migrating the existing cache to object storage.
+
+To switch from local storage to object storage:
+
+1. [Reconfigure GitLab to use object storage](#using-object-storage).
+1. Purge the dependency proxy cache (on both local and object storage)
+   using the [Dependency Proxy API](../../api/dependency_proxy.md#purge-the-dependency-proxy-for-a-group).
+
+Object storage now caches container images when they're requested. This also
+[reduces the size of dependency proxy storage](../../user/packages/dependency_proxy/reduce_dependency_proxy_storage.md)
+by removing unused images.
+
 ## Disabling Authentication

 Authentication was introduced in 13.7 as part of [enabling private groups to use the

--- a/ee/app/helpers/ee/users_helper.rb
+++ b/ee/app/helpers/ee/users_helper.rb
@@ -2,6 +2,16 @@

 module EE
  module UsersHelper
+    extend ::Gitlab::Utils::Override
+
+    override :display_public_email?
+    def display_public_email?(user)
+      return false if user.public_email.blank?
+      return true unless user.provisioned_by_group
+
+      !::Feature.enabled?(:hide_public_email_on_profile, user.provisioned_by_group)
+    end
+
    def users_sentence(users, link_class: nil)
      users.map { |user| link_to(user.name, user, class: link_class) }.to_sentence.html_safe
    end

--- a/ee/spec/models/user_detail_spec.rb
+++ b/ee/spec/models/user_detail_spec.rb
@@ -10,11 +10,11 @@ RSpec.describe UserDetail do

    subject { user.user_detail.provisioned_by_group? }

-    it 'returns true when user is provisoned by group' do
+    it 'returns true when user is provisioned by group' do
      expect(subject).to eq(true)
    end

-    it 'returns true when user is provisoned by group' do
+    it 'returns true when user is provisioned by group' do
      user.user_detail.update!(provisioned_by_group: nil)

      expect(subject).to eq(false)

--- a/lib/banzai/filter/external_link_filter.rb
+++ b/lib/banzai/filter/external_link_filter.rb
@@ -64,8 +64,8 @@ module Banzai

      def internal_url?(uri)
        return false if uri.nil?
-        # Relative URLs miss a hostname
-        return true unless uri.hostname
+        # Relative URLs miss a hostname AND a scheme
+        return true if !uri.hostname && !uri.scheme

        uri.hostname == internal_url.hostname
      end

--- a/spec/helpers/users_helper_spec.rb
+++ b/spec/helpers/users_helper_spec.rb
@@ -11,6 +11,20 @@ RSpec.describe UsersHelper do
    badges.reject { |badge| badge[:text] == 'Is using seat' }
  end

+  describe 'display_public_email?' do
+    let_it_be(:user) { create(:user, :public_email) }
+
+    subject { helper.display_public_email?(user) }
+
+    it { is_expected.to be true }
+
+    context 'when user public email is blank' do
+      let_it_be(:user) { create(:user, public_email: '') }
+
+      it { is_expected.to be false }
+    end
+  end
+
  describe '#user_link' do
    subject { helper.user_link(user) }


--- a/spec/lib/banzai/filter/external_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/external_link_filter_spec.rb
@@ -71,6 +71,13 @@ RSpec.describe Banzai::Filter::ExternalLinkFilter do

      expect(doc.to_html).to eq(expected)
    end
+
+    it 'adds rel and target attributes to improperly formatted protocols' do
+      doc = filter %q(<p><a target="_blank" href="http:evil.com">Reverse Tabnabbing</a></p>)
+      expected = %q(<p><a target="_blank" href="http:evil.com" rel="nofollow noreferrer noopener">Reverse Tabnabbing</a></p>)
+
+      expect(doc.to_html).to eq(expected)
+    end
  end

  context 'for links with a username' do

--- a/spec/models/ci/runner_spec.rb
+++ b/spec/models/ci/runner_spec.rb
@@ -302,20 +302,38 @@ RSpec.describe Ci::Runner do
  context 'with instance runners sharing disabled' do
    # group specific
    let_it_be(:group) { create(:group, shared_runners_enabled: false) }
-    let_it_be(:project) { create(:project, group: group, shared_runners_enabled: false) }
    let_it_be(:group_runner) { create(:ci_runner, :group, groups: [group]) }

+    let(:group_runners_enabled) { true }
+    let(:project) { create(:project, group: group, shared_runners_enabled: false) }
+
    # project specific
-    let_it_be(:project_runner) { create(:ci_runner, :project, projects: [project]) }
+    let(:project_runner) { create(:ci_runner, :project, projects: [project]) }

    # globally shared
    let_it_be(:shared_runner) { create(:ci_runner, :instance) }

+    before do
+      project.update!(group_runners_enabled: group_runners_enabled)
+    end
+
    describe '.owned_or_instance_wide' do
      subject { described_class.owned_or_instance_wide(project.id) }

-      it 'returns a project specific and a group specific runner' do
-        is_expected.to contain_exactly(group_runner, project_runner)
+      context 'with group runners disabled' do
+        let(:group_runners_enabled) { false }
+
+        it 'returns only the project specific runner' do
+          is_expected.to contain_exactly(project_runner)
+        end
+      end
+
+      context 'with group runners enabled' do
+        let(:group_runners_enabled) { true }
+
+        it 'returns a project specific and a group specific runner' do
+          is_expected.to contain_exactly(group_runner, project_runner)
+        end
      end
    end