Merge remote-tracking branch 'ce/8-8-stable' into 8-8-stable-ee

a2c9f593 · Robert Speicher · 751d5756 · dbdeccdd · a2c9f593 · a2c9f593
Commit a2c9f593 authored May 22, 2016 by Robert Speicher
15 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.

+v 8.8.1
+  - Add documentation for the "Health Check" feature
+  - Allow anonymous users to access a public project's pipelines
+  - Fix MySQL compatibility in zero downtime migrations helpers
+  - Fix the CI login to Container Registry (the gitlab-ci-token user)
+
 v 8.8.0
  - Implement GFM references for milestones (Alejandro Rodríguez)
  - Snippets tab under user profile. !4001 (Long Nguyen)

--- a/VERSION
+++ b/VERSION
-8.8.0-ee
\ No newline at end of file
+8.8.0-ee
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -36,7 +36,7 @@ class JwtController < ApplicationController
  end

  def authenticate_project(login, password)
-    if login == 'gitlab_ci_token'
+    if login == 'gitlab-ci-token'
      Project.find_by(builds_enabled: true, runners_token: password)
    end
  end

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -144,6 +144,10 @@ module ProjectsHelper
      nav_tabs << :merge_requests
    end

+    if can?(current_user, :read_pipeline, project)
+      nav_tabs << :pipelines
+    end
+
    if can?(current_user, :read_build, project)
      nav_tabs << :builds
    end

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -74,6 +74,7 @@ class Ability
          :read_project_member,
          :read_merge_request,
          :read_note,
+          :read_pipeline,
          :read_commit_status,
          :read_container_image,
          :download_code

--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -6,7 +6,7 @@ module Auth
      return error('not found', 404) unless registry.enabled

      if params[:offline_token]
-        return error('unauthorized', 401) unless current_user
+        return error('unauthorized', 401) unless current_user || project
      else
        return error('forbidden', 403) unless scope
      end

--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
@@ -38,7 +38,7 @@
        %span
          Commits

-  - if project_nav_tab? :builds
+  - if project_nav_tab? :pipelines
    = nav_link(controller: :pipelines) do
      = link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do
        = icon('ship fw')
@@ -46,6 +46,7 @@
          Pipelines
          %span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count)

+  - if project_nav_tab? :builds
    = nav_link(controller: %w(builds)) do
      = link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do
        = icon('cubes fw')

--- a/doc/README.md
+++ b/doc/README.md
@@ -54,6 +54,7 @@
 - [GitLab Pages configuration](pages/administration.md)
 - [Elasticsearch](integration/elasticsearch.md) Enable Elasticsearch
 - [GitLab Performance Monitoring](monitoring/performance/introduction.md) Configure GitLab and InfluxDB for measuring performance metrics
+- [Monitoring uptime](monitoring/health_check.md) Check the server status using the health check endpoint
 - [Sidekiq Troubleshooting](administration/troubleshooting/sidekiq.md) Debug when Sidekiq appears hung and is not processing jobs
 - [High Availability](administration/high_availability/README.md) Configure multiple servers for scaling or high availability
 - [GitLab GEO](gitlab-geo/README.md) Configure GitLab GEO, a

--- a/doc/monitoring/health_check.md
+++ b/doc/monitoring/health_check.md
+# Health Check
+
+>**Note:** This feature was [introduced][ce-3888] in GitLab 8.8.
+
+GitLab provides a health check endpoint for uptime monitoring on the `health_check` web
+endpoint. The health check reports on the overall system status based on the status of
+the database connection, the state of the database migrations, and the ability to write
+and access the cache. This endpoint can be provided to uptime monitoring services like
+[Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health].
+
+## Access Token
+
+An access token needs to be provided while accessing the health check endpoint. The current
+accepted token can be found on the `admin/heath_check` page of your GitLab instance.
+
+![access token](img/health_check_token.png)
+
+The access token can be passed as a URL parameter:
+
+```
+https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN
+```
+
+or as an HTTP header:
+
+```bash
+curl -H "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json
+```
+
+## Using the Endpoint
+
+Once you have the access token, health information can be retrieved as plain text, JSON,
+or XML using the `health_check` endpoint:
+
+- `https://gitlab.example.com/health_check?token=ACCESS_TOKEN`
+- `https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN`
+- `https://gitlab.example.com/health_check.xml?token=ACCESS_TOKEN`
+
+You can also ask for the status of specific services:
+
+- `https://gitlab.example.com/health_check/cache.json?token=ACCESS_TOKEN`
+- `https://gitlab.example.com/health_check/database.json?token=ACCESS_TOKEN`
+- `https://gitlab.example.com/health_check/migrations.json?token=ACCESS_TOKEN`
+
+For example, the JSON output of the following health check:
+
+```bash
+curl -H "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json
+```
+
+would be like:
+
+```
+{"healthy":true,"message":"success"}
+```
+
+## Status
+
+On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint
+will return a valid successful HTTP status code, and a `success` message. Ideally your
+uptime monitoring should look for the success message.
+
+[ce-3888]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888
+[pingdom]: https://www.pingdom.com
+[nagios-health]: https://nagios-plugins.org/doc/man/check_http.html
+[newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring
--- a/doc/monitoring/img/health_check_token.png
+++ b/doc/monitoring/img/health_check_token.png
--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -39,7 +39,15 @@ module Gitlab
      def update_column_in_batches(table, column, value)
        quoted_table = quote_table_name(table)
        quoted_column = quote_column_name(column)
-        quoted_value = quote(value)
+
+        ##
+        # Workaround for #17711
+        #
+        # It looks like for MySQL `ActiveRecord::Base.conntection.quote(true)`
+        # returns correct value (1), but `ActiveRecord::Migration.new.quote`
+        # returns incorrect value ('true'), which causes migrations to fail.
+        #
+        quoted_value = connection.quote(value)
        processed = 0

        total = exec_query("SELECT COUNT(*) AS count FROM #{quoted_table}").

--- a/spec/features/pipelines_spec.rb
+++ b/spec/features/pipelines_spec.rb
@@ -24,6 +24,12 @@ describe "Pipelines" do
      end
    end

+    context 'anonymous access' do
+      before { visit namespace_project_pipelines_path(project.namespace, project) }
+
+      it { expect(page).to have_http_status(:success) }
+    end
+
    context 'cancelable pipeline' do
      let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') }


--- a/spec/lib/gitlab/database/migration_helpers_spec.rb
+++ b/spec/lib/gitlab/database/migration_helpers_spec.rb
@@ -2,15 +2,13 @@ require 'spec_helper'

 describe Gitlab::Database::MigrationHelpers, lib: true do
  let(:model) do
-    Class.new do
-      include Gitlab::Database::MigrationHelpers
-
-      def method_missing(name, *args, &block)
-        ActiveRecord::Base.connection.send(name, *args, &block)
-      end
-    end.new
+    ActiveRecord::Migration.new.extend(
+      Gitlab::Database::MigrationHelpers
+    )
  end

+  before { allow(model).to receive(:puts) }
+
  describe '#add_concurrent_index' do
    context 'outside a transaction' do
      before do
@@ -60,6 +58,12 @@ describe Gitlab::Database::MigrationHelpers, lib: true do

      expect(Project.where(import_error: 'foo').count).to eq(5)
    end
+
+    it 'updates boolean values correctly' do
+      model.update_column_in_batches(:projects, :archived, true)
+
+      expect(Project.where(archived: true).count).to eq(5)
+    end
  end

  describe '#add_column_with_default' do

--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -23,7 +23,7 @@ describe JwtController do
  context 'when using authorized request' do
    context 'using CI token' do
      let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) }
-      let(:headers) { { authorization: credentials('gitlab_ci_token', project.runners_token) } }
+      let(:headers) { { authorization: credentials('gitlab-ci-token', project.runners_token) } }

      subject! { get '/jwt/auth', parameters, headers }


--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
  context 'project authorization' do
    let(:current_project) { create(:empty_project) }

-    context 'disallow to use offline_token' do
+    context 'allow to use offline_token' do
      let(:current_params) do
        { offline_token: true }
      end

-      it_behaves_like 'an unauthorized'
+      it_behaves_like 'an authenticated'
    end

    context 'allow to pull and push images' do