Commit c39af3e8 authored by Niklas's avatar Niklas Committed by Reuben Pereira

Add option to disable seperated caches

Changelog: added
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/361643
parent c594ad6d
...@@ -87,7 +87,7 @@ module Projects ...@@ -87,7 +87,7 @@ module Projects
def permitted_project_params def permitted_project_params
[ [
:runners_token, :builds_enabled, :build_allow_git_fetch, :runners_token, :builds_enabled, :build_allow_git_fetch,
:build_timeout_human_readable, :build_coverage_regex, :public_builds, :build_timeout_human_readable, :build_coverage_regex, :public_builds, :ci_separated_caches,
:auto_cancel_pending_pipelines, :ci_config_path, :auto_rollback_enabled, :auto_cancel_pending_pipelines, :ci_config_path, :auto_rollback_enabled,
auto_devops_attributes: [:id, :domain, :enabled, :deploy_strategy], auto_devops_attributes: [:id, :domain, :enabled, :deploy_strategy],
ci_cd_settings_attributes: [:default_git_depth, :forward_deployment_enabled] ci_cd_settings_attributes: [:default_git_depth, :forward_deployment_enabled]
......
...@@ -451,6 +451,7 @@ class ProjectsController < Projects::ApplicationController ...@@ -451,6 +451,7 @@ class ProjectsController < Projects::ApplicationController
:initialize_with_sast, :initialize_with_sast,
:initialize_with_readme, :initialize_with_readme,
:autoclose_referenced_issues, :autoclose_referenced_issues,
:ci_separated_caches,
:suggestion_commit_message, :suggestion_commit_message,
:packages_enabled, :packages_enabled,
:service_desk_enabled, :service_desk_enabled,
......
...@@ -911,6 +911,8 @@ module Ci ...@@ -911,6 +911,8 @@ module Ci
end end
end end
return cache unless project.ci_separated_caches
type_suffix = pipeline.protected_ref? ? 'protected' : 'non_protected' type_suffix = pipeline.protected_ref? ? 'protected' : 'non_protected'
cache.map do |entry| cache.map do |entry|
entry.merge(key: "#{entry[:key]}-#{type_suffix}") entry.merge(key: "#{entry[:key]}-#{type_suffix}")
......
...@@ -471,6 +471,7 @@ class Project < ApplicationRecord ...@@ -471,6 +471,7 @@ class Project < ApplicationRecord
delegate :job_token_scope_enabled, :job_token_scope_enabled=, to: :ci_cd_settings, prefix: :ci, allow_nil: true delegate :job_token_scope_enabled, :job_token_scope_enabled=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
delegate :keep_latest_artifact, :keep_latest_artifact=, to: :ci_cd_settings, allow_nil: true delegate :keep_latest_artifact, :keep_latest_artifact=, to: :ci_cd_settings, allow_nil: true
delegate :restrict_user_defined_variables, :restrict_user_defined_variables=, to: :ci_cd_settings, allow_nil: true delegate :restrict_user_defined_variables, :restrict_user_defined_variables=, to: :ci_cd_settings, allow_nil: true
delegate :separated_caches, :separated_caches=, to: :ci_cd_settings, prefix: :ci, allow_nil: true
delegate :runner_token_expiration_interval, :runner_token_expiration_interval=, :runner_token_expiration_interval_human_readable, :runner_token_expiration_interval_human_readable=, to: :ci_cd_settings, allow_nil: true delegate :runner_token_expiration_interval, :runner_token_expiration_interval=, :runner_token_expiration_interval_human_readable, :runner_token_expiration_interval_human_readable=, to: :ci_cd_settings, allow_nil: true
delegate :actual_limits, :actual_plan_name, :actual_plan, to: :namespace, allow_nil: true delegate :actual_limits, :actual_plan_name, :actual_plan, to: :namespace, allow_nil: true
delegate :allow_merge_on_skipped_pipeline, :allow_merge_on_skipped_pipeline?, delegate :allow_merge_on_skipped_pipeline, :allow_merge_on_skipped_pipeline?,
......
...@@ -18,6 +18,7 @@ class ProjectCiCdSetting < ApplicationRecord ...@@ -18,6 +18,7 @@ class ProjectCiCdSetting < ApplicationRecord
allow_nil: true allow_nil: true
default_value_for :forward_deployment_enabled, true default_value_for :forward_deployment_enabled, true
default_value_for :separated_caches, true
chronic_duration_attr :runner_token_expiration_interval_human_readable, :runner_token_expiration_interval chronic_duration_attr :runner_token_expiration_interval_human_readable, :runner_token_expiration_interval
......
- help_link_public_pipelines = link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'change-which-users-can-view-your-pipelines'), target: '_blank', rel: 'noopener noreferrer' - help_link_public_pipelines = link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'change-which-users-can-view-your-pipelines'), target: '_blank', rel: 'noopener noreferrer'
- help_link_auto_canceling = link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'auto-cancel-redundant-pipelines'), target: '_blank', rel: 'noopener noreferrer' - help_link_auto_canceling = link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'auto-cancel-redundant-pipelines'), target: '_blank', rel: 'noopener noreferrer'
- help_link_skip_outdated =link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'skip-outdated-deployment-jobs'), target: '_blank', rel: 'noopener noreferrer' - help_link_skip_outdated = link_to sprite_icon('question-o'), help_page_path('ci/pipelines/settings', anchor: 'skip-outdated-deployment-jobs'), target: '_blank', rel: 'noopener noreferrer'
- help_link_separated_caches = link_to sprite_icon('question-o'), help_page_path('ci/caching/index', anchor: 'cache-key-names'), target: '_blank', rel: 'noopener noreferrer'
.row.gl-mt-3 .row.gl-mt-3
.col-lg-12 .col-lg-12
...@@ -24,6 +25,11 @@ ...@@ -24,6 +25,11 @@
= form.gitlab_ui_checkbox_component :forward_deployment_enabled, _("Skip outdated deployment jobs"), = form.gitlab_ui_checkbox_component :forward_deployment_enabled, _("Skip outdated deployment jobs"),
help_text: (_('When a deployment job is successful, skip older deployment jobs that are still pending.') + ' ' + help_link_skip_outdated).html_safe help_text: (_('When a deployment job is successful, skip older deployment jobs that are still pending.') + ' ' + help_link_skip_outdated).html_safe
.form-group
= f.gitlab_ui_checkbox_component :ci_separated_caches,
s_("CICD|Use separate caches for protected branches"),
help_text: (s_('CICD|Unprotected branches will not have access to the cache from protected branches.') + ' ' + help_link_separated_caches).html_safe
.form-group .form-group
= f.label :ci_config_path, _('CI/CD configuration file'), class: 'label-bold' = f.label :ci_config_path, _('CI/CD configuration file'), class: 'label-bold'
= f.text_field :ci_config_path, class: 'form-control', placeholder: '.gitlab-ci.yml' = f.text_field :ci_config_path, class: 'form-control', placeholder: '.gitlab-ci.yml'
......
# frozen_string_literal: true
class AddSeparatedCachesOptionToProjectCiSettings < Gitlab::Database::Migration[2.0]
enable_lock_retries!
def change
add_column :project_ci_cd_settings, :separated_caches, :boolean, default: true, null: false
end
end
8014dcf24ac2f1171240daa349e0552cb313b06f756b84e09a16d76a8810132a
\ No newline at end of file
...@@ -19054,7 +19054,8 @@ CREATE TABLE project_ci_cd_settings ( ...@@ -19054,7 +19054,8 @@ CREATE TABLE project_ci_cd_settings (
keep_latest_artifact boolean DEFAULT true NOT NULL, keep_latest_artifact boolean DEFAULT true NOT NULL,
restrict_user_defined_variables boolean DEFAULT false NOT NULL, restrict_user_defined_variables boolean DEFAULT false NOT NULL,
job_token_scope_enabled boolean DEFAULT false NOT NULL, job_token_scope_enabled boolean DEFAULT false NOT NULL,
runner_token_expiration_interval integer runner_token_expiration_interval integer,
separated_caches boolean DEFAULT true NOT NULL
); );
CREATE SEQUENCE project_ci_cd_settings_id_seq CREATE SEQUENCE project_ci_cd_settings_id_seq
...@@ -31,7 +31,7 @@ can't link to files outside it. ...@@ -31,7 +31,7 @@ can't link to files outside it.
- Subsequent pipelines can use the cache. - Subsequent pipelines can use the cache.
- Subsequent jobs in the same pipeline can use the cache, if the dependencies are identical. - Subsequent jobs in the same pipeline can use the cache, if the dependencies are identical.
- Different projects cannot share the cache. - Different projects cannot share the cache.
- Protected and non-protected branches do not share the cache. - By default, protected and non-protected branches [do not share the cache](#cache-key-names). However, you can [change this behavior](#use-the-same-cache-for-all-branches).
### Artifacts ### Artifacts
...@@ -463,6 +463,24 @@ and `feature`, then the following table represents the resulting cache keys: ...@@ -463,6 +463,24 @@ and `feature`, then the following table represents the resulting cache keys:
| `main` | `main-protected` | | `main` | `main-protected` |
| `feature` | `feature-non_protected` | | `feature` | `feature-non_protected` |
##### Use the same cache for all branches
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361643) in GitLab 15.0.
If you do not want to use [cache key names](#cache-key-names),
you can have all branches (protected and unprotected) use the same cache.
The cache separation with [cache key names](#cache-key-names) is a security feature
and should only be disabled in an environment where all users with Developer role are highly trusted.
To use the same cache for all branches:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Settings > CI/CD**.
1. Expand **General pipelines**.
1. Clear the **Use separate caches for protected branches** checkbox.
1. Select **Save changes**.
### How archiving and extracting works ### How archiving and extracting works
This example shows two jobs in two consecutive stages: This example shows two jobs in two consecutive stages:
......
...@@ -99,6 +99,7 @@ module API ...@@ -99,6 +99,7 @@ module API
expose :ci_default_git_depth expose :ci_default_git_depth
expose :ci_forward_deployment_enabled expose :ci_forward_deployment_enabled
expose :ci_job_token_scope_enabled expose :ci_job_token_scope_enabled
expose :ci_separated_caches
expose :public_builds, as: :public_jobs expose :public_builds, as: :public_jobs
expose :build_git_strategy, if: lambda { |project, options| options[:user_can_admin_project] } do |project, options| expose :build_git_strategy, if: lambda { |project, options| options[:user_can_admin_project] } do |project, options|
project.build_allow_git_fetch ? 'fetch' : 'clone' project.build_allow_git_fetch ? 'fetch' : 'clone'
......
...@@ -6660,6 +6660,12 @@ msgstr "" ...@@ -6660,6 +6660,12 @@ msgstr ""
msgid "CICD|The Auto DevOps pipeline runs if no alternative CI configuration file is found." msgid "CICD|The Auto DevOps pipeline runs if no alternative CI configuration file is found."
msgstr "" msgstr ""
msgid "CICD|Unprotected branches will not have access to the cache from protected branches."
msgstr ""
msgid "CICD|Use separate caches for protected branches"
msgstr ""
msgid "CICD|group enabled" msgid "CICD|group enabled"
msgstr "" msgstr ""
......
...@@ -1069,6 +1069,32 @@ RSpec.describe Ci::Build do ...@@ -1069,6 +1069,32 @@ RSpec.describe Ci::Build do
is_expected.to all(a_hash_including(key: a_string_matching(/-non_protected$/))) is_expected.to all(a_hash_including(key: a_string_matching(/-non_protected$/)))
end end
end end
context 'when separated caches are disabled' do
before do
allow_any_instance_of(Project).to receive(:ci_separated_caches).and_return(false)
end
context 'running on protected ref' do
before do
allow(build.pipeline).to receive(:protected_ref?).and_return(true)
end
it 'is expected to have no type suffix' do
is_expected.to match([a_hash_including(key: 'key-1'), a_hash_including(key: 'key2-1')])
end
end
context 'running on not protected ref' do
before do
allow(build.pipeline).to receive(:protected_ref?).and_return(false)
end
it 'is expected to have no type suffix' do
is_expected.to match([a_hash_including(key: 'key-1'), a_hash_including(key: 'key2-1')])
end
end
end
end end
context 'when project has jobs_cache_index' do context 'when project has jobs_cache_index' do
......
...@@ -99,6 +99,7 @@ ci_cd_settings: ...@@ -99,6 +99,7 @@ ci_cd_settings:
default_git_depth: ci_default_git_depth default_git_depth: ci_default_git_depth
forward_deployment_enabled: ci_forward_deployment_enabled forward_deployment_enabled: ci_forward_deployment_enabled
job_token_scope_enabled: ci_job_token_scope_enabled job_token_scope_enabled: ci_job_token_scope_enabled
separated_caches: ci_separated_caches
build_import_state: # import_state build_import_state: # import_state
unexposed_attributes: unexposed_attributes:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment