Automatic merge of gitlab-org/gitlab master

63e825a1 · GitLab Bot · 16d600cb · 32de17b6 · 63e825a1 · 63e825a1
Commit 63e825a1 authored Feb 10, 2021 by GitLab Bot
15 changed files
--- a/app/views/layouts/_matomo.html.haml
+++ b/app/views/layouts/_matomo.html.haml
 <!-- Matomo -->
- matomo_disable_cookies = extra_config.has_key?('matomo_disable_cookies') && extra_config.matomo_disable_cookies
 = javascript_tag do
  :plain
    var _paq = window._paq = window._paq || [];
    _paq.push(['trackPageView']);
    _paq.push(['enableLinkTracking']);
-    #{matomo_disable_cookies ? '_paq.push(["disableCookies"])' : ""};
+    #{extra_config.matomo_disable_cookies ? '_paq.push(["disableCookies"])' : ""};
    (function() {
      var u="//#{extra_config.matomo_url}/";
      _paq.push(['setTrackerUrl', u+'matomo.php']);

--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -59,7 +59,7 @@
            = f.hidden_field 'milestone_id', value: milestone[:id], id: nil
            = dropdown_tag('Milestone', options: { title: _('Assign milestone'), toggle_class: 'js-milestone-select js-extra-options', filter: true, dropdown_class: 'dropdown-menu-selectable', placeholder: _('Search milestones'), data: { show_no: true, field_name: "#{issuable_type}[milestone_id]", project_id: issuable_sidebar[:project_id], issuable_id: issuable_sidebar[:id], ability_name: issuable_type, issue_update: issuable_sidebar[:issuable_json_path], use_id: true, default_no: true, selected: milestone[:title], null_default: true, display: 'static' }})
          - if @project.group.present? && issuable_sidebar[:supports_iterations]
-            = render_if_exists 'shared/issuable/iteration_select', can_edit: can_edit_issuable, group_path: @project.group.full_path, project_path: issuable_sidebar[:project_full_path], issue_iid: issuable_sidebar[:iid], issuable_type: issuable_type
+            = render_if_exists 'shared/issuable/iteration_select', can_edit: can_edit_issuable.to_s, group_path: @project.group.full_path, project_path: issuable_sidebar[:project_full_path], issue_iid: issuable_sidebar[:iid], issuable_type: issuable_type
      - if issuable_sidebar[:supports_time_tracking]
        #issuable-time-tracker.block

--- a/config/feature_flags/development/group_ci_cd_analytics_page.yml
+++ b/config/feature_flags/development/group_ci_cd_analytics_page.yml
@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292601
 milestone: '13.8'
 type: development
 group: group::release
-default_enabled: false
+default_enabled: true
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -819,6 +819,7 @@ Settings.forti_token_cloud['enabled'] = false if Settings.forti_token_cloud['ena
 Settings['extra'] ||= Settingslogic.new({})
 Settings.extra['matomo_site_id'] ||= Settings.extra['piwik_site_id'] if Settings.extra['piwik_site_id'].present?
 Settings.extra['matomo_url'] ||= Settings.extra['piwik_url'] if Settings.extra['piwik_url'].present?
+Settings.extra['matomo_disable_cookies'] = false if Settings.extra['matomo_disable_cookies'].nil?
 #
 # Rack::Attack settings

--- a/doc/ci/runners/README.md
+++ b/doc/ci/runners/README.md
@@ -811,3 +811,38 @@ You can set them globally or per-job in the [`variables`](../yaml/README.md#vari
 ## System calls not available on GitLab.com shared runners
 GitLab.com shared runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
+## Artifact and cache settings
+> Introduced in GitLab Runner 13.9.
+Artifact and cache settings control the compression ratio of artifacts and caches.
+Use these settings to specify the size of the archive produced by a job.
+- On a slow network, uploads might be faster for smaller archives.
+- On a fast network where bandwidth and storage are not a concern, uploads might be faster using the fastest compression ratio, despite the archive produced being larger.
+For [GitLab Pages](../../user/project/pages/index.md) to serve
+[HTTP Range requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests), artifacts
+should use the `ARTIFACT_COMPRESSION_LEVEL: fastest` setting, as only uncompressed zip archives
+support this feature.
+A meter can also be enabled to provide the rate of transfer for uploads and downloads.
+```yaml
+variables:
+  # output upload and download progress every 2 seconds
+  TRANSFER_METER_FREQUENCY: "2s"
+  # Use fast compression for artifacts, resulting in larger archives
+  ARTIFACT_COMPRESSION_LEVEL: "fast"
+  # Use no compression for caches
+  CACHE_COMPRESSION_LEVEL: "fastest"
+```
+| Variable                        | Description                                            |
+|---------------------------------|--------------------------------------------------------|
+| `TRANSFER_METER_FREQUENCY`      | Specify how often to print the meter's transfer rate. It can be set to a duration (for example, `1s` or `1m30s`). A duration of `0` disables the meter (default). When a value is set, the pipeline shows a progress meter for artifact and cache uploads and downloads. |
+| `ARTIFACT_COMPRESSION_LEVEL`    | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |
+| `CACHE_COMPRESSION_LEVEL`       | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |
--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
@@ -4358,6 +4358,9 @@ You can use [CI/CD variables](../variables/README.md) to configure runner Git be
 - [`GIT_FETCH_EXTRA_FLAGS`](../runners/README.md#git-fetch-extra-flags)
 - [`GIT_DEPTH`](../runners/README.md#shallow-cloning) (shallow cloning)
 - [`GIT_CLONE_PATH`](../runners/README.md#custom-build-directories) (custom build directories)
+- [`TRANSFER_METER_FREQUENCY`](../runners/README.md#artifact-and-cache-settings) (artifact/cache meter update frequency)
+- [`ARTIFACT_COMPRESSION_LEVEL`](../runners/README.md#artifact-and-cache-settings) (artifact archiver compression level)
+- [`CACHE_COMPRESSION_LEVEL`](../runners/README.md#artifact-and-cache-settings) (cache archiver compression level)
 You can also use variables to configure how many times a runner
 [attempts certain stages of job execution](../runners/README.md#job-stages-attempts).

--- a/doc/development/transient/prevention-patterns.md
+++ b/doc/development/transient/prevention-patterns.md
@@ -8,6 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 This page will cover architectural patterns and tips for developers to follow to prevent [transient bugs.](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#transient-bugs)
+## Common root causes
+We've noticed a few root causes that come up frequently when addressing transient bugs. 
+- Needs better state management in the backend or frontend.
+- Frontend code needs improvements.
+- Lack of test coverage.
+- Race conditions.
 ## Frontend
 ### Don't rely on response order

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -776,7 +776,7 @@ A site profile contains the following:
 - **Profile name**: A name you assign to the site to be scanned.
 - **Target URL**: The URL that DAST runs against.
-## Site profile validation
+### Site profile validation
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233020) in GitLab 13.8.
@@ -799,37 +799,51 @@ To create a site profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Select **Manage** in the **DAST Profiles** row.
-1. Select **New Profile > Site Profile**.
+1. Select **New > Site Profile**.
-1. Type in a unique **Profile name** and **Target URL** then select **Save profile**.
+1. Complete the fields then select **Save profile**.
+The site profile is created.
 ### Edit a site profile
 To edit an existing site profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
-1. Select **Edit** in the row of the profile to edit.
+1. Select the **Site Profiles** tab.
-1. Edit the **Profile name** and **Target URL**, then select **Save profile**.
+1. In the profile's row select the **More actions** (**{ellipsis_v}**) menu, then select **Edit**.
+1. Edit the fields then select **Save profile**.
+The site profile is updated with the edited details.
 ### Delete a site profile
 To delete an existing site profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
-1. Select **{remove}** (Delete profile) in the row of the profile to delete.
+1. Select the **Site Profiles** tab.
+1. In the profile's row select the **More actions** (**{ellipsis_v}**) menu, then select **Delete**.
+1. Select **Delete** to confirm the deletion.
+The site profile is deleted.
 ### Validate a site profile
+Prerequisites:
+- A site profile.
 To validate a site profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
-1. Select **Validate target site** beside the profile to validate.
+1. Select the **Site Profiles** tab.
+1. In the profile's row select **Validate** or **Retry validation**.
 1. Select the validation method.
   1. For **Text file validation**:
      1. Download the validation file listed in **Step 2**.
-      1. Upload the validation file to the host. You can upload the file to the location in
+      1. Upload the validation file to the host. Upload the file to the location in
         **Step 3** or any location you prefer.
      1. Select **Validate**.
   1. For **Header validation**:
@@ -840,22 +854,23 @@ To validate a site profile:
 The site is validated and an active scan can run against it.
-If a validated site profile's target URL is edited, the site is no longer validated.
+If a validated site profile's target URL is edited, the site's validation status is revoked.
-### Revoke a site validation
+### Revoke a site profile's validation status
-To revoke validation from a site profile:
+Note that all site profiles with the same URL have their validation status revoked.
+To revoke a site profile's validation status:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
 1. Select **Revoke validation** beside the validated profile.
-1. Select **Revoke validation**.
-The site profile's validation is revoked. An active scan cannot be run against it or any other profile with the same URL.
+The site profile's validation status is revoked.
 #### Validated site profile headers
-The following are code samples of how you could provide the required site profile header in your
+The following are code samples of how you can provide the required site profile header in your
 application.
 ##### Ruby on Rails example for on-demand scan
@@ -900,27 +915,26 @@ app.get('/dast-website-target', function(req, res) {
 ## Scanner profile
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/222767) in GitLab 13.4.
+> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/225804) in GitLab 13.5: scan mode, AJAX spider, debug messages.
 A scanner profile defines the scanner settings used to run an on-demand scan:
 - **Profile name:** A name you give the scanner profile. For example, "Spider_15".
+- **Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
 - **Spider timeout:** The maximum number of minutes allowed for the spider to traverse the site.
 - **Target timeout:** The maximum number of seconds DAST waits for the site to be available before
  starting the scan.
- **Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
 - **AJAX spider:**  Run the AJAX spider, in addition to the traditional spider, to crawl the target site.
 - **Debug messages:** Include debug messages in the DAST console output.
-Scan mode, AJAX spider, Debug messages are [added in GitLab 13.5](https://gitlab.com/gitlab-org/gitlab/-/issues/225804)
 ### Create a scanner profile
 To create a scanner profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Click **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
-1. Click **New Profile > Scanner Profile**.
+1. Select **New > Scanner Profile**.
-1. Enter a unique **Profile name**, the desired **Spider timeout**, and the **Target timeout**.
+1. Complete the form. For details of each field, see [Scanner profile](#scanner-profile).
 1. Click **Save profile**.
 ### Edit a scanner profile
@@ -929,7 +943,12 @@ To edit a scanner profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Click **Manage** in the **DAST Profiles** row.
-1. Click **Edit** in the scanner profile's row.
+1. Select the **Scanner Profiles** tab.
+1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Edit**.
+1. Edit the form.
+1. Select **Save profile**.
+The scanner profile is updated with the edited details.
 ### Delete a scanner profile
@@ -937,7 +956,11 @@ To delete a scanner profile:
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Click **Manage** in the **DAST Profiles** row.
-1. Click **{remove}** (Delete profile) in the scanner profile's row.
+1. Select the **Scanner Profiles** tab.
+1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Delete**.
+1. Select **Delete**.
+The scanner profile is deleted.
 ## Reports

--- a/doc/user/project/clusters/add_remove_clusters.md
+++ b/doc/user/project/clusters/add_remove_clusters.md
@@ -387,3 +387,13 @@ If you encounter this error while adding a Kubernetes cluster, ensure you're
 properly pasting the service token. Some shells may add a line break to the
 service token, making it invalid. Ensure that there are no line breaks by
 pasting your token into an editor and removing any additional spaces.
+You may also experience this error if your certificate is not valid. To check that your certificate's
+subject alternative names contain the correct domain for your cluster's API, run this:
+```shell
+echo | openssl s_client -showcerts -connect kubernetes.example.com:443 2>/dev/null |
+openssl x509 -inform pem -noout -text
+```
+Note that the `-connect` argument expects a `host:port` combination. For example, `https://kubernetes.example.com` would be `kubernetes.example.com:443`.
--- a/ee/app/assets/javascripts/sidebar/mount_sidebar.js
+++ b/ee/app/assets/javascripts/sidebar/mount_sidebar.js
@@ -101,7 +101,7 @@ function mountIterationSelect() {
      createElement('iteration-select', {
        props: {
          groupPath,
-          canEdit,
+          canEdit: parseBoolean(canEdit),
          projectPath,
          issueIid,
        },

--- a/ee/app/controllers/groups/analytics/ci_cd_analytics_controller.rb
+++ b/ee/app/controllers/groups/analytics/ci_cd_analytics_controller.rb
@@ -8,6 +8,6 @@ class Groups::Analytics::CiCdAnalyticsController < Groups::Analytics::Applicatio
  before_action -> { authorize_view_by_action!(:view_group_ci_cd_analytics) }
  def show
-    render_404 unless Feature.enabled?(:group_ci_cd_analytics_page, @group)
+    render_404 unless Feature.enabled?(:group_ci_cd_analytics_page, @group, default_enabled: true)
  end
 end
--- a/ee/app/helpers/ee/groups_helper.rb
+++ b/ee/app/helpers/ee/groups_helper.rb
@@ -147,7 +147,7 @@ module EE
        links << :iterations
      end
-      if ::Feature.enabled?(:group_ci_cd_analytics_page, @group) && @group.feature_available?(:group_ci_cd_analytics) && can?(current_user, :view_group_ci_cd_analytics, @group)
+      if ::Feature.enabled?(:group_ci_cd_analytics_page, @group, default_enabled: true) && @group.feature_available?(:group_ci_cd_analytics) && can?(current_user, :view_group_ci_cd_analytics, @group)
        links << :group_ci_cd_analytics
      end

--- a/ee/changelogs/unreleased/nfriend-enable-group_ci_cd_analytics-f.yml
+++ b/ee/changelogs/unreleased/nfriend-enable-group_ci_cd_analytics-f.yml
+---
+title: Add group-level CI/CD Analytics page with release stats
+merge_request: 53295
+author:
+type: added
--- a/ee/changelogs/unreleased/use-parse-boolean-for-iteration-can-edit-value.yml
+++ b/ee/changelogs/unreleased/use-parse-boolean-for-iteration-can-edit-value.yml
+---
+title: Fix invalid prop error for canEdit prop in issue sidebar when user cannot edit iteration
+merge_request: 53819
+author:
+type: fixed
--- a/spec/views/layouts/_head.html.haml_spec.rb
+++ b/spec/views/layouts/_head.html.haml_spec.rb
@@ -92,7 +92,8 @@ RSpec.describe 'layouts/_head' do
    before do
      stub_config(extra: {
                    matomo_url: matomo_host,
-                    matomo_site_id: 12345
+                    matomo_site_id: 12345,
+                    matomo_disable_cookies: false
                  })
    end
@@ -101,43 +102,18 @@ RSpec.describe 'layouts/_head' do
      expect(rendered).to match(/<script.*>.*var u="\/\/#{matomo_host}\/".*<\/script>/m)
      expect(rendered).to match(%r(<noscript>.*<img src="//#{matomo_host}/matomo.php.*</noscript>))
+      expect(rendered).not_to include('_paq.push(["disableCookies"])')
    end
-    context 'matomo_disable_cookies' do
+    context 'when matomo_disable_cookies is true' do
-      context 'when true' do
+      before do
-        before do
+        stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: true })
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: true })
-        end
-        it 'disables cookies' do
-          render
-          expect(rendered).to include('_paq.push(["disableCookies"])')
-        end
      end
-      context 'when false' do
+      it 'disables cookies' do
-        before do
+        render
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: false })
-        end
-        it 'does not disable cookies' do
-          render
-          expect(rendered).not_to include('_paq.push(["disableCookies"])')
-        end
-      end
-      context 'when absent' do
-        before do
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345 })
-        end
-        it 'does not disable cookies' do
-          render
-          expect(rendered).not_to include('_paq.push(["disableCookies"])')
+        expect(rendered).to include('_paq.push(["disableCookies"])')
-        end
      end
    end
  end