Commit a2c9f593 authored by Robert Speicher's avatar Robert Speicher

Merge remote-tracking branch 'ce/8-8-stable' into 8-8-stable-ee

parents 751d5756 dbdeccdd
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.8.1
- Add documentation for the "Health Check" feature
- Allow anonymous users to access a public project's pipelines
- Fix MySQL compatibility in zero downtime migrations helpers
- Fix the CI login to Container Registry (the gitlab-ci-token user)
v 8.8.0 v 8.8.0
- Implement GFM references for milestones (Alejandro Rodríguez) - Implement GFM references for milestones (Alejandro Rodríguez)
- Snippets tab under user profile. !4001 (Long Nguyen) - Snippets tab under user profile. !4001 (Long Nguyen)
......
...@@ -36,7 +36,7 @@ class JwtController < ApplicationController ...@@ -36,7 +36,7 @@ class JwtController < ApplicationController
end end
def authenticate_project(login, password) def authenticate_project(login, password)
if login == 'gitlab_ci_token' if login == 'gitlab-ci-token'
Project.find_by(builds_enabled: true, runners_token: password) Project.find_by(builds_enabled: true, runners_token: password)
end end
end end
......
...@@ -144,6 +144,10 @@ module ProjectsHelper ...@@ -144,6 +144,10 @@ module ProjectsHelper
nav_tabs << :merge_requests nav_tabs << :merge_requests
end end
if can?(current_user, :read_pipeline, project)
nav_tabs << :pipelines
end
if can?(current_user, :read_build, project) if can?(current_user, :read_build, project)
nav_tabs << :builds nav_tabs << :builds
end end
......
...@@ -74,6 +74,7 @@ class Ability ...@@ -74,6 +74,7 @@ class Ability
:read_project_member, :read_project_member,
:read_merge_request, :read_merge_request,
:read_note, :read_note,
:read_pipeline,
:read_commit_status, :read_commit_status,
:read_container_image, :read_container_image,
:download_code :download_code
......
...@@ -6,7 +6,7 @@ module Auth ...@@ -6,7 +6,7 @@ module Auth
return error('not found', 404) unless registry.enabled return error('not found', 404) unless registry.enabled
if params[:offline_token] if params[:offline_token]
return error('unauthorized', 401) unless current_user return error('unauthorized', 401) unless current_user || project
else else
return error('forbidden', 403) unless scope return error('forbidden', 403) unless scope
end end
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
%span %span
Commits Commits
- if project_nav_tab? :builds - if project_nav_tab? :pipelines
= nav_link(controller: :pipelines) do = nav_link(controller: :pipelines) do
= link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do = link_to project_pipelines_path(@project), title: 'Pipelines', class: 'shortcuts-pipelines' do
= icon('ship fw') = icon('ship fw')
...@@ -46,6 +46,7 @@ ...@@ -46,6 +46,7 @@
Pipelines Pipelines
%span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count) %span.count.ci_counter= number_with_delimiter(@project.ci_commits.running_or_pending.count)
- if project_nav_tab? :builds
= nav_link(controller: %w(builds)) do = nav_link(controller: %w(builds)) do
= link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do = link_to project_builds_path(@project), title: 'Builds', class: 'shortcuts-builds' do
= icon('cubes fw') = icon('cubes fw')
......
...@@ -54,6 +54,7 @@ ...@@ -54,6 +54,7 @@
- [GitLab Pages configuration](pages/administration.md) - [GitLab Pages configuration](pages/administration.md)
- [Elasticsearch](integration/elasticsearch.md) Enable Elasticsearch - [Elasticsearch](integration/elasticsearch.md) Enable Elasticsearch
- [GitLab Performance Monitoring](monitoring/performance/introduction.md) Configure GitLab and InfluxDB for measuring performance metrics - [GitLab Performance Monitoring](monitoring/performance/introduction.md) Configure GitLab and InfluxDB for measuring performance metrics
- [Monitoring uptime](monitoring/health_check.md) Check the server status using the health check endpoint
- [Sidekiq Troubleshooting](administration/troubleshooting/sidekiq.md) Debug when Sidekiq appears hung and is not processing jobs - [Sidekiq Troubleshooting](administration/troubleshooting/sidekiq.md) Debug when Sidekiq appears hung and is not processing jobs
- [High Availability](administration/high_availability/README.md) Configure multiple servers for scaling or high availability - [High Availability](administration/high_availability/README.md) Configure multiple servers for scaling or high availability
- [GitLab GEO](gitlab-geo/README.md) Configure GitLab GEO, a - [GitLab GEO](gitlab-geo/README.md) Configure GitLab GEO, a
......
# Health Check
>**Note:** This feature was [introduced][ce-3888] in GitLab 8.8.
GitLab provides a health check endpoint for uptime monitoring on the `health_check` web
endpoint. The health check reports on the overall system status based on the status of
the database connection, the state of the database migrations, and the ability to write
and access the cache. This endpoint can be provided to uptime monitoring services like
[Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health].
## Access Token
An access token needs to be provided while accessing the health check endpoint. The current
accepted token can be found on the `admin/heath_check` page of your GitLab instance.
![access token](img/health_check_token.png)
The access token can be passed as a URL parameter:
```
https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN
```
or as an HTTP header:
```bash
curl -H "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json
```
## Using the Endpoint
Once you have the access token, health information can be retrieved as plain text, JSON,
or XML using the `health_check` endpoint:
- `https://gitlab.example.com/health_check?token=ACCESS_TOKEN`
- `https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN`
- `https://gitlab.example.com/health_check.xml?token=ACCESS_TOKEN`
You can also ask for the status of specific services:
- `https://gitlab.example.com/health_check/cache.json?token=ACCESS_TOKEN`
- `https://gitlab.example.com/health_check/database.json?token=ACCESS_TOKEN`
- `https://gitlab.example.com/health_check/migrations.json?token=ACCESS_TOKEN`
For example, the JSON output of the following health check:
```bash
curl -H "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json
```
would be like:
```
{"healthy":true,"message":"success"}
```
## Status
On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint
will return a valid successful HTTP status code, and a `success` message. Ideally your
uptime monitoring should look for the success message.
[ce-3888]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888
[pingdom]: https://www.pingdom.com
[nagios-health]: https://nagios-plugins.org/doc/man/check_http.html
[newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring
...@@ -39,7 +39,15 @@ module Gitlab ...@@ -39,7 +39,15 @@ module Gitlab
def update_column_in_batches(table, column, value) def update_column_in_batches(table, column, value)
quoted_table = quote_table_name(table) quoted_table = quote_table_name(table)
quoted_column = quote_column_name(column) quoted_column = quote_column_name(column)
quoted_value = quote(value)
##
# Workaround for #17711
#
# It looks like for MySQL `ActiveRecord::Base.conntection.quote(true)`
# returns correct value (1), but `ActiveRecord::Migration.new.quote`
# returns incorrect value ('true'), which causes migrations to fail.
#
quoted_value = connection.quote(value)
processed = 0 processed = 0
total = exec_query("SELECT COUNT(*) AS count FROM #{quoted_table}"). total = exec_query("SELECT COUNT(*) AS count FROM #{quoted_table}").
......
...@@ -24,6 +24,12 @@ describe "Pipelines" do ...@@ -24,6 +24,12 @@ describe "Pipelines" do
end end
end end
context 'anonymous access' do
before { visit namespace_project_pipelines_path(project.namespace, project) }
it { expect(page).to have_http_status(:success) }
end
context 'cancelable pipeline' do context 'cancelable pipeline' do
let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') } let!(:running) { create(:ci_build, :running, commit: pipeline, stage: 'test', commands: 'test') }
......
...@@ -2,15 +2,13 @@ require 'spec_helper' ...@@ -2,15 +2,13 @@ require 'spec_helper'
describe Gitlab::Database::MigrationHelpers, lib: true do describe Gitlab::Database::MigrationHelpers, lib: true do
let(:model) do let(:model) do
Class.new do ActiveRecord::Migration.new.extend(
include Gitlab::Database::MigrationHelpers Gitlab::Database::MigrationHelpers
)
def method_missing(name, *args, &block)
ActiveRecord::Base.connection.send(name, *args, &block)
end
end.new
end end
before { allow(model).to receive(:puts) }
describe '#add_concurrent_index' do describe '#add_concurrent_index' do
context 'outside a transaction' do context 'outside a transaction' do
before do before do
...@@ -60,6 +58,12 @@ describe Gitlab::Database::MigrationHelpers, lib: true do ...@@ -60,6 +58,12 @@ describe Gitlab::Database::MigrationHelpers, lib: true do
expect(Project.where(import_error: 'foo').count).to eq(5) expect(Project.where(import_error: 'foo').count).to eq(5)
end end
it 'updates boolean values correctly' do
model.update_column_in_batches(:projects, :archived, true)
expect(Project.where(archived: true).count).to eq(5)
end
end end
describe '#add_column_with_default' do describe '#add_column_with_default' do
......
...@@ -23,7 +23,7 @@ describe JwtController do ...@@ -23,7 +23,7 @@ describe JwtController do
context 'when using authorized request' do context 'when using authorized request' do
context 'using CI token' do context 'using CI token' do
let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) } let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) }
let(:headers) { { authorization: credentials('gitlab_ci_token', project.runners_token) } } let(:headers) { { authorization: credentials('gitlab-ci-token', project.runners_token) } }
subject! { get '/jwt/auth', parameters, headers } subject! { get '/jwt/auth', parameters, headers }
......
...@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do ...@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'project authorization' do context 'project authorization' do
let(:current_project) { create(:empty_project) } let(:current_project) { create(:empty_project) }
context 'disallow to use offline_token' do context 'allow to use offline_token' do
let(:current_params) do let(:current_params) do
{ offline_token: true } { offline_token: true }
end end
it_behaves_like 'an unauthorized' it_behaves_like 'an authenticated'
end end
context 'allow to pull and push images' do context 'allow to pull and push images' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment