Move Gitlab::SidekiqMonitor to namespace Gitlab::SidekiqDaemon::Monitor
 - Class name and file name change
 - File path change to lib/gitlab/sidekiq_daemon/monitor.rb
 - Update class usage/reference in other files, including documentation

JSON logs include arguments by default, and they're easier to
parse/filter.

Basic `/internal/pages` endpoint that will be used for Pages virtual
domains internal API. The endpoint is currently behind feature flag and
provides authetication similar to how Workhorse is authenticating with
the GitLab.

Detect if pipeline runs for a GitHub pull request

When using a mirror for CI/CD only we register a pull_request
webhook. When a pull_request webhook is received, if the
source branch SHA matches the actual head of the branch in the
repository we create immediately a new pipeline for the
external pull request. Otherwise we store the
pull request info for when the push webhook is received.

When using "only/except: external_pull_requests" we can detect
if the pipeline has a open pull request on GitHub and create or
not the job based on that.

Patches ChronicDuration to use our custom conversions
when parsing months

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

This is the same as gitlab-shell's default. This is to ensure
that it's always set.

It needs to be the same as gitlab-shell's default because we
don't set a default value in omnibus-gitlab. If users don't
set the value of that config in their install and they upgraded,
we must ensure that it's still going to point to the same
authorized keys file.

This key is useful to reduce the amount of logic needed on the frontend:
if `has_warnings` is true, then the frontend knows that the request in
question has warnings for some metric.

(cherry picked from commit 897a9d308db46b620b738b98f2b0e5630ac7d2dd)

allow_bypass_two_factor configration dose not work with saml provider

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

Remove the visual review toolbar code
in favor of using the NPM package.

Andrew Newdigate authored 5 years ago and Nick Thomas committed 5 years ago

This change adds Distributed Tracing support for two new types of events

1. Redis Calls
1. ActiveSupport (Rails) Caching Operations

The intention is to help application developers and infrastructure
SREs to understand the pressure that caching operations can have on
the application when running at scale.

The Redis and Caching spans can be viewed in the Jaeger UI by clicking
the "Trace" link in the performance bar when running on GDK.

`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.

Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449

This enables CSP in dev and CI

Adds a time series component for line and area charts.
Displays new charts in the dashboard.

- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels

Transform `CancelledError` into `JobRetry::Skip`

This makes:
- very shallow `Middleware::Monitor` to only request tracking
  of sidekiq jobs,
- `SidekiqStatus::Monitor` to be responsible to maintain persistent
  connection to receive messages,
- `SidekiqStatus::Monitor` to always use structured logging
  and instance variables

Kamil Trzcińśki authored 5 years ago and Qingyu Zhao committed 5 years ago

This adds a middleware to track all threads
for running jobs.

This makes sidekiq to watch for redis-delivered notifications.

This makes be able to send notification to interrupt
running sidekiq jobs.

This does not take into account any native code,
as `Thread.raise` generates exception once the control gets
back to Ruby.

The separate measure should be taken to interrupt gRPC, shellouts,
or anything else that escapes Ruby.

Doc for multi-indices archtecture

Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.

Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works

Previously we asked a user to enter a new slug before taking them to
the Create Page page.

As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.

https://gitlab.com/gitlab-org/gitlab-ce/issues/46299

Stan Hu authored 5 years ago and Mayra Cabrera committed 5 years ago

Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167

- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files