Automatic merge of gitlab-org/gitlab master

e6bf45f1 · GitLab Bot · b52bf0ef · 747d771f · e6bf45f1 · e6bf45f1
Commit e6bf45f1 authored Mar 31, 2021 by GitLab Bot
14 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -274,7 +274,7 @@ gem 'licensee', '~> 9.14.1'
 gem 'charlock_holmes', '~> 0.7.7'

 # Detect mime content type from content
-gem 'ruby-magic-static', '~> 0.3.4'
+gem 'ruby-magic-static', '~> 0.3.5'

 # Fake version of the gem to trick bundler
 gem 'mimemagic', '0.3.7', path: 'vendor/shims/mimemagic', require: false

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1113,7 +1113,8 @@ GEM
      i18n
    ruby-fogbugz (0.2.1)
      crack (~> 0.4)
-    ruby-magic-static (0.3.4)
+    ruby-magic-static (0.3.5)
+      mini_portile2 (~> 2.5.0)
    ruby-prof (1.3.1)
    ruby-progressbar (1.11.0)
    ruby-saml (1.7.2)
@@ -1559,7 +1560,7 @@ DEPENDENCIES
  rspec_junit_formatter
  rspec_profiling (~> 0.0.6)
  ruby-fogbugz (~> 0.2.1)
-  ruby-magic-static (~> 0.3.4)
+  ruby-magic-static (~> 0.3.5)
  ruby-prof (~> 1.3.0)
  ruby-progressbar (~> 1.10)
  ruby_parser (~> 3.15)

--- a/app/views/shared/form_elements/_description.html.haml
+++ b/app/views/shared/form_elements/_description.html.haml
 - project = local_assigns.fetch(:project)
 - model = local_assigns.fetch(:model)
 - form = local_assigns.fetch(:form)
- placeholder = model.is_a?(MergeRequest) ? _('Describe the goal of the changes and what reviewers should be aware of.') : _('Write a comment or drag your files here…')
+- placeholder = model.is_a?(MergeRequest) ? _('Describe the goal of the changes and what reviewers should be aware of.') : _('Write a description or drag your files here…')

 - supports_quick_actions = true
 - preview_url = preview_markdown_path(project, target_type: model.class.name)

--- a/changelogs/unreleased/322449-write-description.yml
+++ b/changelogs/unreleased/322449-write-description.yml
+---
+title: Update New Issue form description copy from 'wite a comment' to 'wite a description'
+merge_request: 58068
+author:
+type: changed
--- a/changelogs/unreleased/sh-update-ruby-magic-static-0-3-5.yml
+++ b/changelogs/unreleased/sh-update-ruby-magic-static-0-3-5.yml
+---
+title: Update ruby-magic-static to v0.3.5
+merge_request: 57984
+author:
+type: changed
--- a/doc/user/project/integrations/jira_integrations.md
+++ b/doc/user/project/integrations/jira_integrations.md
@@ -6,30 +6,18 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Jira integrations **(FREE)**

-GitLab can be integrated with [Jira](https://www.atlassian.com/software/jira).
+If your organization uses [Jira](https://www.atlassian.com/software/jira) issues,
+you can [migrate](../../../user/project/import/jira.md) your issues from Jira and work
+exclusively in GitLab.

-[Issues](../issues/index.md) are a tool for discussing ideas, and planning and tracking work.
-However, your organization may already use Jira for these purposes, with extensive, established data
-and business processes they rely on.
+However, if you'd like to continue to use Jira, you can integrate it with GitLab.

-Although you can [migrate](../../../user/project/import/jira.md) your Jira issues and work
-exclusively in GitLab, you can also continue to use Jira by using the GitLab Jira integrations.
+There are two ways to use GitLab with Jira:

-## Integration types
-
-There are two different Jira integrations that allow different types of cross-referencing between
-GitLab activity and Jira issues, with additional features:
-
- [Jira integration](jira.md), built in to GitLab. In a given GitLab project, it can be configured
-  to connect to any Jira instance, either hosted by you or hosted in
-  [Atlassian cloud](https://www.atlassian.com/cloud).
- [Jira development panel integration](../../../integration/jira/index.md). Connects all
-  GitLab projects under a specified group or personal namespace.
-
-Jira development panel integration configuration depends on whether:
-
- You're using GitLab.com or a self-managed GitLab instance.
- You're using Jira on [Atlassian cloud](https://www.atlassian.com/cloud) or on your own server.
+- [Jira integration](jira.md). Connect a GitLab project
+  to a Jira instance. The Jira instance can be hosted by you or in [Atlassian cloud](https://www.atlassian.com/cloud).
+- [Jira Development panel integration](../../../integration/jira_development_panel.md).
+  Connect all GitLab projects under a group or personal namespace.

 The integration you choose depends on the capabilities you require.
 You can also install both at the same time.

--- a/ee/app/models/security/orchestration_policy_configuration.rb
+++ b/ee/app/models/security/orchestration_policy_configuration.rb
@@ -6,7 +6,8 @@ module Security

    self.table_name = 'security_orchestration_policy_configurations'

-    POLICIES_BASE_PATH = '.gitlab/security-policies/'
+    POLICY_PATH = '.gitlab/security-policies/policy.yml'
+    POLICY_LIMIT = 5

    ON_DEMAND_SCANS = %w[dast].freeze

@@ -23,12 +24,7 @@ module Security
    def active_policies
      return [] unless enabled?

-      security_policy_management_project
-        .repository
-        .ls_files(security_policy_management_project.default_branch_or_master)
-        .grep(/\A#{Regexp.escape(POLICIES_BASE_PATH)}.+\.(yml|yaml)\z/)
-        .map { |path| policy_at(path) }
-        .select { |config| config[:enabled] }
+      scan_execution_policy_at(POLICY_PATH).select { |config| config[:enabled] }.first(POLICY_LIMIT)
    end

    def on_demand_scan_actions(branch)
@@ -48,6 +44,14 @@ module Security

    private

+    def policy_repo
+      security_policy_management_project.repository
+    end
+
+    def default_branch_or_master
+      security_policy_management_project.default_branch_or_master
+    end
+
    def active_policy_names_with_dast_profiles
      strong_memoize(:active_policy_names_with_dast_profiles) do
        profiles = { site_profiles: Hash.new { Set.new }, scanner_profiles: Hash.new { Set.new } }
@@ -65,11 +69,9 @@ module Security
      end
    end

-    def policy_at(path)
-      security_policy_management_project
-        .repository
-        .blob_data_at(security_policy_management_project.default_branch_or_master, path)
-        .then { |config| Gitlab::Config::Loader::Yaml.new(config).load! }
+    def scan_execution_policy_at(path)
+      policy_repo.blob_data_at(default_branch_or_master, path)
+        .then { |config| Gitlab::Config::Loader::Yaml.new(config).load!.fetch(:scan_execution_policy, []) }
    end

    def applicable_for_branch?(policy, ref)

--- a/ee/spec/fixtures/security_orchestration.yml
+++ b/ee/spec/fixtures/security_orchestration.yml
+scan_execution_policy:
+  - name: Run DAST in every pipeline
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "production"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
+  - name: Run DAST in every pipeline_v1
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "master"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
+  - name: Disabled policy
+    description: This policy is disabled
+    enabled: false
+    rules: []
+    actions: []
+  - name: Disabled policy_v2
+    description: This policy is disabled v2
+    enabled: false
+    rules: []
+    actions: []
+  - name: Run DAST in every pipeline_v3
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "master"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
+  - name: Run DAST in every pipeline_v4
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "master"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
+  - name: Run DAST in every pipeline_v5
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "master"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
+  - name: Run DAST in every pipeline_v6
+    description: This policy enforces to run DAST for every pipeline within the project
+    enabled: true
+    rules:
+    - type: pipeline
+      branches:
+      - "master"
+    actions:
+    - scan: dast
+      site_profile: Site Profile
+      scanner_profile: Scanner Profile
\ No newline at end of file
--- a/ee/spec/models/security/orchestration_policy_configuration_spec.rb
+++ b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
--- a/lib/gitlab/ci/pipeline/chain/validate/external.rb
+++ b/lib/gitlab/ci/pipeline/chain/validate/external.rb
@@ -69,8 +69,12 @@ module Gitlab
            end

            def validate_service_request
+              headers = {}
+              headers['X-Gitlab-Token'] = validation_service_token if validation_service_token
+
              Gitlab::HTTP.post(
                validation_service_url, timeout: validation_service_timeout,
+                headers: headers,
                body: validation_service_payload.to_json
              )
            end
@@ -86,6 +90,10 @@ module Gitlab
              ENV['EXTERNAL_VALIDATION_SERVICE_URL']
            end

+            def validation_service_token
+              ENV['EXTERNAL_VALIDATION_SERVICE_TOKEN']
+            end
+
            def validation_service_payload
              {
                project: {

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -34656,6 +34656,9 @@ msgstr ""
 msgid "Write a comment…"
 msgstr ""

+msgid "Write a description or drag your files here…"
+msgstr ""
+
 msgid "Write milestone description..."
 msgstr ""


--- a/scripts/review_apps/base-config.yaml
+++ b/scripts/review_apps/base-config.yaml
@@ -136,8 +136,10 @@ postgresql:
  metrics:
    enabled: false
  resources:
+    requests:
      cpu: 600m
      memory: 1000M
+    limits:
      cpu: 1300m
      memory: 1500M
 prometheus:

--- a/spec/features/issues/user_creates_issue_spec.rb
+++ b/spec/features/issues/user_creates_issue_spec.rb
@@ -45,7 +45,7 @@ RSpec.describe "User creates issue" do
        .and have_no_content("Milestone")

        expect(page.find('#issue_title')['placeholder']).to eq 'Title'
-        expect(page.find('#issue_description')['placeholder']).to eq 'Write a comment or drag your files here…'
+        expect(page.find('#issue_description')['placeholder']).to eq 'Write a description or drag your files here…'
      end

      issue_title = "500 error on profile"

--- a/spec/lib/gitlab/ci/pipeline/chain/validate/external_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/validate/external_spec.rb
@@ -63,6 +63,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
      expect(::Gitlab::HTTP).to receive(:post) do |_url, params|
        expect(params[:body]).to match_schema('/external_validation')
        expect(params[:timeout]).to eq(described_class::DEFAULT_VALIDATION_REQUEST_TIMEOUT)
+        expect(params[:headers]).to eq({})
      end

      perform!
@@ -119,6 +120,20 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
      end
    end

+    context 'when EXTERNAL_VALIDATION_SERVICE_TOKEN is set' do
+      before do
+        stub_env('EXTERNAL_VALIDATION_SERVICE_TOKEN', '123')
+      end
+
+      it 'passes token in X-Gitlab-Token header' do
+        expect(::Gitlab::HTTP).to receive(:post) do |_url, params|
+          expect(params[:headers]).to eq({ 'X-Gitlab-Token' => '123' })
+        end
+
+        perform!
+      end
+    end
+
    context 'when validation returns 200 OK' do
      before do
        stub_request(:post, validation_service_url).to_return(status: 200, body: "{}")