This cop prevents you from using file in API, it points you to the
development documentation about workhorse file acceleration.

Prevent using `be_success` call in controller specs to avoid
getting following deprecation warning:

```
DEPRECATION WARNING: The success? predicate is deprecated and
will be removed in Rails 6.0.
Please use successful? as provided by Rack::Response::Helpers.
```

This cop will analyze migrations that add columns with string, and
report an offense if the string has no limit enforced

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/64505

The RSpec/FilePath cop checks that a spec file's path is correct, but
only if the file describes a constant. We want to check, for any file
with a top-level `describe`, whether the file path ends in
`_spec.rb`. We don't care what comes before that; just that it will be
executed by RSpec at all.

Suggests to use a JSON structured log instead

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102

The `#reload` makes to load all objects into memory,
and the main purpose of `#reload` is to drop the association cache.

The `#reset` seems to solve exactly that case.

This Cop enforces the rule that injecting EE modules (using prepend,
include, or extend) is done by placing the injection on the last line of
a file, instead of somewhere in the middle. By placing these lines at
the very end, merge conflicts will not happen.

This cop forbids the use of `element :foo, 'pattern'` and
`element :bar, /pattern/` in QA files.

Signed-off-by: Rémy Coutable <remy@rymai.me>

This commit adds the module `FromUnion`, which provides the class method
`from_union`. This simplifies the process of selecting data from the
result of a UNION, and reduces the likelihood of making mistakes. As a
result, instead of this:

    union = Gitlab::SQL::Union.new([foo, bar])

    Foo.from("(#{union.to_sql}) #{Foo.table_name}")

We can now write this instead:

    Foo.from_union([foo, bar])

This commit also includes some changes to make this new setup work
properly. For example, a bug in Rails 4
(https://github.com/rails/rails/issues/24193) would break the use of
`from("sub-query-here").includes(:relation)` in certain cases. There was
also a CI query which appeared to repeat a lot of conditions from an
outer query on an inner query, which isn't necessary.

Finally, we include a RuboCop cop to ensure developers use this new
module, instead of using Gitlab::SQL::Union directly.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/51307

These Cops enforces the code reuse rules as defined in merge request
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21254.

When using ruby interpolation in externalized strings, they can't be
detected. Which means they will never be presented to be translated.

To mix variables into translations we need to use `sprintf`
instead.

Instead of:

    _("Hello #{subject}")

Use:

    _("Hello %{subject}) % { subject: 'world' }

This method usually has really bad performance implications, as it loads
rows into memory and deletes them one by one.

This notifies developers when calling `find(_by!)` chained on
`execute`. And suggests using the methods from `FinderMethods`. These
will perform the correct authorization checks on the resource when it
is found.

This reverts the addition of the "goldiloader" Gem and all use of it.
While this Gem is very promising it's causing a variety of problems on
GitLab.com due to it eager-loading too much data in places where we
don't expect/can handle this. At least for the time being this means we
have to go back to manually fixing N+1 query problems, but at least
those should not cause a negative impact on availability.

Goldiloader is great, but has several issues with has_many :through relations:

* https://github.com/salsify/goldiloader/issues/12
* https://github.com/salsify/goldiloader/issues/14
* https://github.com/salsify/goldiloader/issues/18

Rather than try to figure out which applies in each case, we should just do the
drudge work of manually disabling autoloading for all relations of this type. We
can always use regular preloading for specific cases, but this way we avoid
generating invalid queries through Goldiloader's magic.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Douwe Maan authored 6 years ago and Mark Fletcher committed 6 years ago

Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337