Skip to content
Snippets Groups Projects
Commit 18b84353 authored by GitLab Bot's avatar GitLab Bot
Browse files

Add latest changes from gitlab-org/gitlab@master

parent 4359b965
No related branches found
No related tags found
No related merge requests found
Showing
with 76 additions and 52 deletions
Loading
Loading
@@ -58,7 +58,7 @@ gem 'akismet', '~> 3.0'
gem 'invisible_captcha', '~> 0.12.1'
 
# Two-factor authentication
gem 'devise-two-factor', '~> 3.0.0'
gem 'devise-two-factor', '~> 3.1.0'
gem 'rqrcode-rails3', '~> 0.1.7'
gem 'attr_encrypted', '~> 3.1.0'
gem 'u2f', '~> 0.2.1'
Loading
Loading
Loading
Loading
@@ -229,11 +229,11 @@ GEM
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise-two-factor (3.0.0)
activesupport
devise-two-factor (3.1.0)
activesupport (< 6.1)
attr_encrypted (>= 1.3, < 4, != 2)
devise (~> 4.0)
railties
railties (< 6.1)
rotp (~> 2.0)
diff-lcs (1.3)
diff_match_patch (0.1.0)
Loading
Loading
@@ -1193,7 +1193,7 @@ DEPENDENCIES
derailed_benchmarks
device_detector
devise (~> 4.6)
devise-two-factor (~> 3.0.0)
devise-two-factor (~> 3.1.0)
diff_match_patch (~> 0.1.0)
diffy (~> 3.1.0)
discordrb-webhooks-blackst0ne (~> 3.3)
Loading
Loading
Loading
Loading
@@ -638,13 +638,8 @@ Crossplane runs inside your Kubernetes cluster and supports secure connectivity
:status-reason="applications.elastic_stack.statusReason"
:request-status="applications.elastic_stack.requestStatus"
:request-reason="applications.elastic_stack.requestReason"
:version="applications.elastic_stack.version"
:chart-repo="applications.elastic_stack.chartRepo"
:update-available="applications.elastic_stack.updateAvailable"
:installed="applications.elastic_stack.installed"
:install-failed="applications.elastic_stack.installFailed"
:update-successful="applications.elastic_stack.updateSuccessful"
:update-failed="applications.elastic_stack.updateFailed"
:uninstallable="applications.elastic_stack.uninstallable"
:uninstall-successful="applications.elastic_stack.uninstallSuccessful"
:uninstall-failed="applications.elastic_stack.uninstallFailed"
Loading
Loading
Loading
Loading
@@ -2,6 +2,7 @@
import $ from 'jquery';
import '~/behaviors/markdown/render_gfm';
import { GlLink, GlLoadingIcon } from '@gitlab/ui';
import { handleLocationHash } from '~/lib/utils/common_utils';
import getReadmeQuery from '../../queries/getReadme.query.graphql';
 
export default {
Loading
Loading
@@ -36,6 +37,7 @@ export default {
readme(newVal) {
if (newVal) {
this.$nextTick(() => {
handleLocationHash();
$(this.$refs.readme).renderGFM();
});
}
Loading
Loading
Loading
Loading
@@ -6,6 +6,9 @@ module Groups
skip_cross_project_access_check :show
before_action :authorize_admin_group!
before_action :authorize_update_max_artifacts_size!, only: [:update]
before_action do
push_frontend_feature_flag(:new_variables_ui, @group)
end
 
def show
define_ci_variables
Loading
Loading
Loading
Loading
@@ -5,6 +5,9 @@ module Projects
class CiCdController < Projects::ApplicationController
before_action :authorize_admin_pipeline!
before_action :define_variables
before_action do
push_frontend_feature_flag(:new_variables_ui, @project)
end
 
def show
end
Loading
Loading
Loading
Loading
@@ -5,27 +5,34 @@
- link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protected-variables') }
= s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
 
.row
.col-lg-12.js-ci-variable-list-section{ data: { save_endpoint: save_endpoint, maskable_regex: ci_variable_maskable_regex } }
.hide.alert.alert-danger.js-ci-variable-error-box
- if Feature.enabled?(:new_variables_ui, @project || @group)
- is_group = !@group.nil?
 
%ul.ci-variable-list
= render 'ci/variables/variable_header'
- @variables.each.each do |variable|
= render 'ci/variables/variable_row', form_field: 'variables', variable: variable
= render 'ci/variables/variable_row', form_field: 'variables'
.prepend-top-20
%button.btn.btn-success.js-ci-variables-save-button{ type: 'button' }
%span.hide.js-ci-variables-save-loading-icon
= icon('spinner spin')
= _('Save variables')
%button.btn.btn-info.btn-inverted.prepend-left-10.js-secret-value-reveal-button{ type: 'button', data: { secret_reveal_status: "#{@variables.size == 0}" } }
- if @variables.size == 0
= n_('Hide value', 'Hide values', @variables.size)
- else
= n_('Reveal value', 'Reveal values', @variables.size)
- if !@group && @project.group
.settings-header.border-top.prepend-top-20
= render 'ci/group_variables/header'
.settings-content.pr-0
= render 'ci/group_variables/index'
#js-ci-project-variables{ data: { endpoint: save_endpoint, project_id: @project&.id || '', group: is_group.to_s, maskable_regex: ci_variable_maskable_regex} }
- else
.row
.col-lg-12.js-ci-variable-list-section{ data: { save_endpoint: save_endpoint, maskable_regex: ci_variable_maskable_regex } }
.hide.alert.alert-danger.js-ci-variable-error-box
%ul.ci-variable-list
= render 'ci/variables/variable_header'
- @variables.each.each do |variable|
= render 'ci/variables/variable_row', form_field: 'variables', variable: variable
= render 'ci/variables/variable_row', form_field: 'variables'
.prepend-top-20
%button.btn.btn-success.js-ci-variables-save-button{ type: 'button' }
%span.hide.js-ci-variables-save-loading-icon
= icon('spinner spin')
= _('Save variables')
%button.btn.btn-info.btn-inverted.prepend-left-10.js-secret-value-reveal-button{ type: 'button', data: { secret_reveal_status: "#{@variables.size == 0}" } }
- if @variables.size == 0
= n_('Hide value', 'Hide values', @variables.size)
- else
= n_('Reveal value', 'Reveal values', @variables.size)
- if !@group && @project.group
.settings-header.border-top.prepend-top-20
= render 'ci/group_variables/header'
.settings-content.pr-0
= render 'ci/group_variables/index'
---
title: Project repositories are no longer cloned by default when running DAST
merge_request: 25320
author:
type: performance
---
# Checks for the lack of an Oxford comma. In some cases, will catch overly
# complex sentence structures with lots of commas.
#
# For a list of all options, see https://errata-ai.github.io/vale/styles/
extends: existence
message: Use a comma before the last "and" in a list of three or more items.
message: Use a comma before the last "and" or "or" in a list of four or more items.
link: https://docs.gitlab.com/ee/development/documentation/styleguide.html#punctuation
level: warning
tokens:
- '(?:[^,]+,){1,}\s\w+\sand'
raw:
- '(?:[\w-_` ]+,){2,}(?:[\w-_` ]+) (and|or)'
Loading
Loading
@@ -66,7 +66,10 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
 
On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the icon to begin the authentication process.
 
- If the user has the Authentiq ID app installed in their iOS or Android device, they can scan the QR code, decide what personal details to share and sign in to your GitLab installation.
- If the user has the Authentiq ID app installed in their iOS or Android device, they can:
1. Scan the QR code.
1. Decide what personal details to share.
1. Sign in to your GitLab installation.
- If not they will be prompted to download the app and then follow the procedure above.
 
If everything goes right, the user will be returned to GitLab and will be signed in.
Loading
Loading
Loading
Loading
@@ -392,7 +392,7 @@ Group sync was written to be as performant as possible. Data is cached, database
queries are optimized, and LDAP queries are minimized. The last benchmark run
revealed the following metrics:
 
For 20,000 LDAP users, 11,000 LDAP groups and 1,000 GitLab groups with 10
For 20000 LDAP users, 11000 LDAP groups and 1000 GitLab groups with 10
LDAP group links each:
 
- Initial sync (no existing members assigned in GitLab) took 1.8 hours
Loading
Loading
Loading
Loading
@@ -461,7 +461,8 @@ LDAP email address, and then sign into GitLab via their LDAP credentials.
 
## Enabling LDAP username lowercase
 
Some LDAP servers, depending on their configurations, can return uppercase usernames. This can lead to several confusing issues like, for example, creating links or namespaces with uppercase names.
Some LDAP servers, depending on their configurations, can return uppercase usernames.
This can lead to several confusing issues such as creating links or namespaces with uppercase names.
 
GitLab can automatically lowercase usernames provided by the LDAP server by enabling
the configuration option `lowercase_usernames`. By default, this configuration option is `false`.
Loading
Loading
Loading
Loading
@@ -14,6 +14,6 @@ GitLab’s [security features](../security/README.md) may also help you meet rel
|**[Lock project membership to group](../user/group/index.md#member-lock-starter)**<br>Group owners can prevent new members from being added to projects within a group.|Starter+|✓|
|**[LDAP group sync](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition gives admins the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools.|Starter+||
|**[LDAP group sync filters](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions.|Premium+||
|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze and track every change.|Premium+||
|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze, and track every change.|Premium+||
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.|Premium+||
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. |Ultimate||
Loading
Loading
@@ -176,7 +176,7 @@ progress to include them in [ee-1430]. For now, you can verify their integrity
manually by following [these instructions][foreground-verification] on both
nodes, and comparing the output between them.
 
In GitLab EE 12.1, Geo calculates checksums for attachments, LFS objects and
In GitLab EE 12.1, Geo calculates checksums for attachments, LFS objects, and
archived traces on secondary nodes after the transfer, compares it with the
stored checksums, and rejects transfers if mismatched. Please note that Geo
currently does not support an automatic way to verify these data if they have
Loading
Loading
Loading
Loading
@@ -187,7 +187,7 @@ access to the **primary** node during the maintenance window.
1. On the **secondary** node, navigate to **Admin Area > Monitoring > Background Jobs > Queues**
and wait for all the `geo` queues to drop to 0 queued and 0 running jobs.
1. On the **secondary** node, use [these instructions][foreground-verification]
to verify the integrity of CI artifacts, LFS objects and uploads in file
to verify the integrity of CI artifacts, LFS objects, and uploads in file
storage.
 
At this point, your **secondary** node will contain an up-to-date copy of everything the
Loading
Loading
Loading
Loading
@@ -13,7 +13,7 @@ We currently distinguish between three different data types:
- [Blobs](#blobs)
- [Database](#database)
 
See the list below of each feature or component we replicate, its corresponding data type, replication and
See the list below of each feature or component we replicate, its corresponding data type, replication, and
verification methods:
 
| Type | Feature / component | Replication method | Verification method |
Loading
Loading
Loading
Loading
@@ -12,7 +12,8 @@ Replication with Geo is the solution for widely distributed development teams.
 
Fetching large repositories can take a long time for teams located far from a single GitLab instance.
 
Geo provides local, read-only instances of your GitLab instances, reducing the time it takes to clone and fetch large repositories and speeding up development.
Geo provides local, read-only instances of your GitLab instances. This can reduce the time it takes
to clone and fetch large repositories, speeding up development.
 
NOTE: **Note:**
Check the [requirements](#requirements-for-running-geo) carefully before setting up Geo.
Loading
Loading
@@ -269,7 +270,7 @@ For answers to common questions, see the [Geo FAQ](faq.md).
 
Since GitLab 9.5, Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`.
 
This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into Elasticsearch, Splunk, etc.
This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into, for example, Elasticsearch or Splunk.
 
For example:
 
Loading
Loading
Loading
Loading
@@ -18,7 +18,7 @@ you can.
 
Not being able to version control large binaries is a big problem for many
larger organizations.
Videos, photos, audio, compiled binaries and many other types of files are too
Videos, photos, audio, compiled binaries, and many other types of files are too
large. As a workaround, people keep artwork-in-progress in a Dropbox folder and
only check in the final result. This results in using outdated files, not
having a complete history and increases the risk of losing work.
Loading
Loading
@@ -41,13 +41,13 @@ configuration options required to enable it.
 
`git-annex` needs to be installed both on the server and the client side.
 
For Debian-like systems (e.g., Debian, Ubuntu) this can be achieved by running:
For Debian-like systems (for example, Debian and Ubuntu) this can be achieved by running:
 
```
sudo apt-get update && sudo apt-get install git-annex
```
 
For RedHat-like systems (e.g., CentOS, RHEL) this can be achieved by running:
For RedHat-like systems (for example, CentOS and RHEL) this can be achieved by running:
 
```
sudo yum install epel-release && sudo yum install git-annex
Loading
Loading
Loading
Loading
@@ -81,7 +81,7 @@ incoming email domain to `hooli.com`, an attacker could abuse the "Create new
issue by email" or
"[Create new merge request by email](../user/project/merge_requests/creating_merge_requests.md#new-merge-request-by-email-core-only)"
features by using a project's unique address as the email when signing up for
Slack, which would send a confirmation email, which would create a new issue or
Slack. This would send a confirmation email, which would create a new issue or
merge request on the project owned by the attacker, allowing them to click the
confirmation link and validate their account on your company's private Slack
instance.
Loading
Loading
Loading
Loading
@@ -76,7 +76,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
 
### Maintaining GitLab
 
- [Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, etc.
- [Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, and more.
- [Backup and restore](../raketasks/backup_restore.md): Backup and restore your GitLab instance.
- [Operations](operations/index.md): Keeping GitLab up and running (clean up Redis sessions, moving repositories, Sidekiq MemoryKiller, Unicorn).
- [Restart GitLab](restart_gitlab.md): Learn how to restart GitLab and its components.
Loading
Loading
@@ -107,7 +107,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
- [Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
- [Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
- [Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
- [Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS and additional providers.
- [Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS, and additional providers.
- [Sync LDAP](auth/ldap-ee.md) **(STARTER ONLY)**
- [Kerberos authentication](../integration/kerberos.md) **(STARTER ONLY)**
- See also other [authentication](../topics/authentication/index.md#gitlab-administrators) topics (for example, enforcing 2FA).
Loading
Loading
@@ -230,4 +230,3 @@ who are aware of the risks.
- [Strace zine](https://wizardzines.com/zines/strace/)
- GitLab.com-specific resources:
- [Group SAML/SCIM setup](troubleshooting/group_saml_scim.md)
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment