Add latest changes from gitlab-org/gitlab@master

iweb3dev · Jun 18, 2020 · aed2039 · aed2039
1 parent 16210ba
commit aed2039
Show file tree

Hide file tree

Showing 35 changed files with 464 additions and 52 deletions.
diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss
@@ -570,7 +570,7 @@
 }
 
 .header-user-notification-dot {
-  background-color: $orange-500;
+  background-color: $orange-300;
   height: 12px;
   width: 12px;
   right: 8px;

diff --git a/app/graphql/mutations/container_expiration_policies/update.rb b/app/graphql/mutations/container_expiration_policies/update.rb
@@ -34,6 +34,16 @@ class Update < Mutations::BaseMutation
                required: false,
                description: copy_field_description(Types::ContainerExpirationPolicyType, :keep_n)
 
+      argument :name_regex,
+               Types::UntrustedRegexp,
+               required: false,
+               description: copy_field_description(Types::ContainerExpirationPolicyType, :name_regex)
+
+      argument :name_regex_keep,
+               Types::UntrustedRegexp,
+               required: false,
+               description: copy_field_description(Types::ContainerExpirationPolicyType, :name_regex_keep)
+
       field :container_expiration_policy,
             Types::ContainerExpirationPolicyType,
             null: true,

diff --git a/app/graphql/types/container_expiration_policy_type.rb b/app/graphql/types/container_expiration_policy_type.rb
@@ -14,8 +14,8 @@ class ContainerExpirationPolicyType < BaseObject
     field :older_than, Types::ContainerExpirationPolicyOlderThanEnum, null: true, description: 'Tags older that this will expire'
     field :cadence, Types::ContainerExpirationPolicyCadenceEnum, null: false, description: 'This container expiration policy schedule'
     field :keep_n, Types::ContainerExpirationPolicyKeepEnum, null: true, description: 'Number of tags to retain'
-    field :name_regex, GraphQL::STRING_TYPE, null: true, description: 'Tags with names matching this regex pattern will expire'
-    field :name_regex_keep, GraphQL::STRING_TYPE, null: true, description: 'Tags with names matching this regex pattern will be preserved'
+    field :name_regex, Types::UntrustedRegexp, null: true, description: 'Tags with names matching this regex pattern will expire'
+    field :name_regex_keep, Types::UntrustedRegexp, null: true, description: 'Tags with names matching this regex pattern will be preserved'
     field :next_run_at, Types::TimeType, null: true, description: 'Next time that this container expiration policy will get executed'
   end
 end
diff --git a/app/graphql/types/untrusted_regexp.rb b/app/graphql/types/untrusted_regexp.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Types
+  class UntrustedRegexp < Types::BaseScalar
+    description 'A regexp containing patterns sourced from user input'
+
+    def self.coerce_input(input_value, _)
+      return unless input_value
+
+      Gitlab::UntrustedRegexp.new(input_value)
+
+      input_value
+    rescue RegexpError => e
+      message = "#{input_value} is an invalid regexp: #{e.message}"
+      raise GraphQL::CoercionError, message
+    end
+
+    def self.coerce_result(ruby_value, _)
+      ruby_value.to_s
+    end
+  end
+end
diff --git a/.../unreleased/220789-10io-add-missing-attributes-to-graphql-container-expiration-policy.yml b/.../unreleased/220789-10io-add-missing-attributes-to-graphql-container-expiration-policy.yml
@@ -0,0 +1,5 @@
+---
+title: Add regex fields to the container expiration policy update mutation
+merge_request: 34389
+author:
+type: added
diff --git a/changelogs/unreleased/implement_vulnerability_stats_model.yml b/changelogs/unreleased/implement_vulnerability_stats_model.yml
@@ -0,0 +1,5 @@
+---
+title: Create vulnerability_statistics table
+merge_request: 34289
+author:
+type: added
diff --git a/changelogs/unreleased/jcunha-bump-helm-version-to-2-16-7.yml b/changelogs/unreleased/jcunha-bump-helm-version-to-2-16-7.yml
@@ -0,0 +1,5 @@
+---
+title: Updates Helm version to 2.16.7, which has some fixes
+merge_request: 34452
+author:
+type: fixed
diff --git a/db/migrate/20200610130002_create_vulnerability_statistics.rb b/db/migrate/20200610130002_create_vulnerability_statistics.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class CreateVulnerabilityStatistics < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    with_lock_retries do
+      create_table :vulnerability_statistics do |t|
+        t.timestamps_with_timezone null: false
+        t.references :project, null: false, foreign_key: { on_delete: :cascade }
+        t.integer :total, default: 0, null: false
+        t.integer :critical, default: 0, null: false
+        t.integer :high, default: 0, null: false
+        t.integer :medium, default: 0, null: false
+        t.integer :low, default: 0, null: false
+        t.integer :unknown, default: 0, null: false
+        t.integer :info, default: 0, null: false
+        t.integer :letter_grade, limit: 1, index: true, null: false
+      end
+    end
+  end
+
+  def down
+    with_lock_retries do
+      drop_table :vulnerability_statistics # rubocop:disable Migration/DropTable
+    end
+  end
+end
diff --git a/db/structure.sql b/db/structure.sql
@@ -7268,6 +7268,30 @@ CREATE SEQUENCE public.vulnerability_scanners_id_seq
 
 ALTER SEQUENCE public.vulnerability_scanners_id_seq OWNED BY public.vulnerability_scanners.id;
 
+CREATE TABLE public.vulnerability_statistics (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    project_id bigint NOT NULL,
+    total integer DEFAULT 0 NOT NULL,
+    critical integer DEFAULT 0 NOT NULL,
+    high integer DEFAULT 0 NOT NULL,
+    medium integer DEFAULT 0 NOT NULL,
+    low integer DEFAULT 0 NOT NULL,
+    unknown integer DEFAULT 0 NOT NULL,
+    info integer DEFAULT 0 NOT NULL,
+    letter_grade smallint NOT NULL
+);
+
+CREATE SEQUENCE public.vulnerability_statistics_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE public.vulnerability_statistics_id_seq OWNED BY public.vulnerability_statistics.id;
+
 CREATE TABLE public.vulnerability_user_mentions (
     id bigint NOT NULL,
     vulnerability_id bigint NOT NULL,
@@ -8087,6 +8111,8 @@ ALTER TABLE ONLY public.vulnerability_occurrences ALTER COLUMN id SET DEFAULT ne
 
 ALTER TABLE ONLY public.vulnerability_scanners ALTER COLUMN id SET DEFAULT nextval('public.vulnerability_scanners_id_seq'::regclass);
 
+ALTER TABLE ONLY public.vulnerability_statistics ALTER COLUMN id SET DEFAULT nextval('public.vulnerability_statistics_id_seq'::regclass);
+
 ALTER TABLE ONLY public.vulnerability_user_mentions ALTER COLUMN id SET DEFAULT nextval('public.vulnerability_user_mentions_id_seq'::regclass);
 
 ALTER TABLE ONLY public.web_hook_logs ALTER COLUMN id SET DEFAULT nextval('public.web_hook_logs_id_seq'::regclass);
@@ -9128,6 +9154,9 @@ ALTER TABLE ONLY public.vulnerability_occurrences
 ALTER TABLE ONLY public.vulnerability_scanners
     ADD CONSTRAINT vulnerability_scanners_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.vulnerability_statistics
+    ADD CONSTRAINT vulnerability_statistics_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY public.vulnerability_user_mentions
     ADD CONSTRAINT vulnerability_user_mentions_pkey PRIMARY KEY (id);
 
@@ -11165,6 +11194,10 @@ CREATE INDEX index_vulnerability_occurrences_on_vulnerability_id ON public.vulne
 
 CREATE UNIQUE INDEX index_vulnerability_scanners_on_project_id_and_external_id ON public.vulnerability_scanners USING btree (project_id, external_id);
 
+CREATE INDEX index_vulnerability_statistics_on_letter_grade ON public.vulnerability_statistics USING btree (letter_grade);
+
+CREATE INDEX index_vulnerability_statistics_on_project_id ON public.vulnerability_statistics USING btree (project_id);
+
 CREATE UNIQUE INDEX index_vulnerability_user_mentions_on_note_id ON public.vulnerability_user_mentions USING btree (note_id) WHERE (note_id IS NOT NULL);
 
 CREATE UNIQUE INDEX index_vulns_user_mentions_on_vulnerability_id ON public.vulnerability_user_mentions USING btree (vulnerability_id) WHERE (note_id IS NULL);
@@ -12629,6 +12662,9 @@ ALTER TABLE ONLY public.metrics_dashboard_annotations
 ALTER TABLE ONLY public.pool_repositories
     ADD CONSTRAINT fk_rails_af3f8c5d62 FOREIGN KEY (shard_id) REFERENCES public.shards(id) ON DELETE RESTRICT;
 
+ALTER TABLE ONLY public.vulnerability_statistics
+    ADD CONSTRAINT fk_rails_af61a7df4c FOREIGN KEY (project_id) REFERENCES public.projects(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY public.resource_label_events
     ADD CONSTRAINT fk_rails_b126799f57 FOREIGN KEY (label_id) REFERENCES public.labels(id) ON DELETE SET NULL;
 
@@ -14004,6 +14040,7 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200609142507
 20200609142508
 20200609212701
+20200610130002
 20200613104045
 20200615083635
 20200615101135

diff --git a/doc/administration/gitaly/img/praefect_storage_v12_10.png b/doc/administration/gitaly/img/praefect_storage_v12_10.png
diff --git a/doc/administration/gitaly/img/praefect_storage_v13_1.png b/doc/administration/gitaly/img/praefect_storage_v13_1.png
diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md
@@ -656,10 +656,10 @@ Particular attention should be shown to:
    Repository > Repository storage** to make the newly configured Praefect
    cluster the storage location for new Git repositories.
 
-   - The default option is unchecked.
-   - The Praefect option is checked.
+   - The default weight is 0.
+   - The Praefect weight is 100.
 
-   ![Update repository storage](img/praefect_storage_v12_10.png)
+   ![Update repository storage](img/praefect_storage_v13_1.png)
 
 1. Verify everything is still working by creating a new project. Check the
    "Initialize repository with a README" box so that there is content in the

diff --git a/doc/administration/img/repository_storages_admin_ui_v12_10.png b/doc/administration/img/repository_storages_admin_ui_v12_10.png
diff --git a/doc/administration/img/repository_storages_admin_ui_v13_1.png b/doc/administration/img/repository_storages_admin_ui_v13_1.png
diff --git a/doc/administration/repository_storage_paths.md b/doc/administration/repository_storage_paths.md
@@ -110,7 +110,10 @@ Once you set the multiple storage paths, you can choose where new repositories
 will be stored under **Admin Area > Settings > Repository >
 Repository storage > Storage nodes for new repositories**.
 
-![Choose repository storage path in Admin Area](img/repository_storages_admin_ui_v12_10.png)
+Each storage can be assigned a weight from 0-100. When a new project is created, these weights will be used
+to determine the storage location the repository will be created.
+
+![Choose repository storage path in Admin Area](img/repository_storages_admin_ui_v13_1.png)
 
 Beginning with GitLab 8.13.4, multiple paths can be chosen. New repositories
 will be randomly placed on one of the selected paths.
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -1248,12 +1248,12 @@ type ContainerExpirationPolicy {
   """
   Tags with names matching this regex pattern will expire
   """
-  nameRegex: String
+  nameRegex: UntrustedRegexp
 
   """
   Tags with names matching this regex pattern will be preserved
   """
-  nameRegexKeep: String
+  nameRegexKeep: UntrustedRegexp
 
   """
   Next time that this container expiration policy will get executed
@@ -12507,6 +12507,11 @@ enum TypeEnum {
   project
 }
 
+"""
+A regexp containing patterns sourced from user input
+"""
+scalar UntrustedRegexp
+
 """
 Autogenerated input type of UpdateAlertStatus
 """
@@ -12581,6 +12586,16 @@ input UpdateContainerExpirationPolicyInput {
   """
   keepN: ContainerExpirationPolicyKeepEnum
 
+  """
+  Tags with names matching this regex pattern will expire
+  """
+  nameRegex: UntrustedRegexp
+
+  """
+  Tags with names matching this regex pattern will be preserved
+  """
+  nameRegexKeep: UntrustedRegexp
+
   """
   Tags older that this will expire
   """

diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json
@@ -3322,7 +3322,7 @@
               ],
               "type": {
                 "kind": "SCALAR",
-                "name": "String",
+                "name": "UntrustedRegexp",
                 "ofType": null
               },
               "isDeprecated": false,
@@ -3336,7 +3336,7 @@
               ],
               "type": {
                 "kind": "SCALAR",
-                "name": "String",
+                "name": "UntrustedRegexp",
                 "ofType": null
               },
               "isDeprecated": false,
@@ -37028,6 +37028,16 @@
           ],
           "possibleTypes": null
         },
+        {
+          "kind": "SCALAR",
+          "name": "UntrustedRegexp",
+          "description": "A regexp containing patterns sourced from user input",
+          "fields": null,
+          "inputFields": null,
+          "interfaces": null,
+          "enumValues": null,
+          "possibleTypes": null
+        },
         {
           "kind": "INPUT_OBJECT",
           "name": "UpdateAlertStatusInput",
@@ -37232,6 +37242,26 @@
               },
               "defaultValue": null
             },
+            {
+              "name": "nameRegex",
+              "description": "Tags with names matching this regex pattern will expire",
+              "type": {
+                "kind": "SCALAR",
+                "name": "UntrustedRegexp",
+                "ofType": null
+              },
+              "defaultValue": null
+            },
+            {
+              "name": "nameRegexKeep",
+              "description": "Tags with names matching this regex pattern will be preserved",
+              "type": {
+                "kind": "SCALAR",
+                "name": "UntrustedRegexp",
+                "ofType": null
+              },
+              "defaultValue": null
+            },
             {
               "name": "clientMutationId",
               "description": "A unique identifier for the client performing the mutation.",

diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
@@ -217,8 +217,8 @@ A tag expiration policy designed to keep only the images that matter most
 | `createdAt` | Time! | Timestamp of when the container expiration policy was created |
 | `enabled` | Boolean! | Indicates whether this container expiration policy is enabled |
 | `keepN` | ContainerExpirationPolicyKeepEnum | Number of tags to retain |
-| `nameRegex` | String | Tags with names matching this regex pattern will expire |
-| `nameRegexKeep` | String | Tags with names matching this regex pattern will be preserved |
+| `nameRegex` | UntrustedRegexp | Tags with names matching this regex pattern will expire |
+| `nameRegexKeep` | UntrustedRegexp | Tags with names matching this regex pattern will be preserved |
 | `nextRunAt` | Time | Next time that this container expiration policy will get executed |
 | `olderThan` | ContainerExpirationPolicyOlderThanEnum | Tags older that this will expire |
 | `updatedAt` | Time! | Timestamp of when the container expiration policy was updated |

diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md
@@ -2818,7 +2818,7 @@ job:
 expire and are therefore deleted, counting from the time they are uploaded and
 stored on GitLab. If the expiry time is not defined, it defaults to the
 [instance wide setting](../../user/admin_area/settings/continuous_integration.md#default-artifacts-expiration-core-only)
-(30 days by default, forever on GitLab.com).
+(30 days by default).
 
 You can use the **Keep** button on the job page to override expiration and
 keep artifacts forever.

diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md
@@ -717,11 +717,49 @@ will be returned as the result of the mutation.
 
 ### Naming conventions
 
-Always provide a consistent GraphQL-name to the mutation, this name is
-used to generate the input types and the field the mutation is mounted
-on. The name should look like `<Resource being modified><Mutation
-class name>`, for example the `Mutations::MergeRequests::SetWip`
-mutation has GraphQL name `MergeRequestSetWip`.
+Each mutation must define a `graphql_name`, which is the name of the
+mutation in the GraphQL schema.
+
+Example:
+
+```ruby
+class UserUpdateMutation < BaseMutation
+  graphql_name 'UserUpdate'
+end
+```
+
+Our GraphQL mutation names are historically inconsistent, but new
+mutation names should follow the convention `'{Resource}{Action}'`
+or `'{Resource}{Action}{Attribute}'`.
+
+Mutations that **create** new resources should use the verb `Create`.
+
+Example:
+
+- `CommitCreate`
+
+Mutations that **update** data should use the verb `Update` or a
+domain-specific verb like `Set`, `Add`, or `Toggle` if more
+appropriate.
+
+Examples:
+
+- `EpicTreeReorder`
+- `IssueSetWeight`
+- `IssueUpdate`
+- `TodoMarkDone`
+
+Mutations that **remove** data should use the verb `Delete` rather than
+`Destroy`. Or use a domain-specific verb like `Remove` if more
+appropriate.
+
+Examples:
+
+- `AwardEmojiRemove`
+- `NoteDelete`
+
+If you need advice for mutation naming, canvass the Slack `#graphql`
+channel for feedback.
 
 ### Arguments