Automatic merge of gitlab-org/gitlab master

1843e310 · GitLab Bot · c66ec0b6 · b9470d9e · 1843e310 · 1843e310
Commit 1843e310 authored Apr 28, 2021 by GitLab Bot
8 changed files
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -121,7 +121,7 @@ rspec frontend_fixture as-if-foss:
 rspec-ee frontend_fixture:
  extends:
    - .frontend-fixtures-base
-    - .frontend:rules:default-frontend-jobs
+    - .frontend:rules:default-frontend-jobs-ee
  parallel: 2

 graphql-schema-dump:
@@ -169,8 +169,10 @@ karma:
  extends:
    - .karma-base
    - .frontend:rules:default-frontend-jobs
-  # Don't use `needs` since `rspec-ee frontend_fixture` doesn't exist in `gitlab-foss` pipelines.
-  dependencies: ["rspec frontend_fixture", "rspec-ee frontend_fixture"]
+  needs:
+    - job: "rspec frontend_fixture"
+    - job: "rspec-ee frontend_fixture"
+      optional: true
  coverage: '/^Statements *: (\d+\.\d+%)/'
  artifacts:
    name: coverage-javascript
@@ -201,8 +203,10 @@ jest:
  extends:
    - .jest-base
    - .frontend:rules:default-frontend-jobs
-  # Don't use `needs` since `rspec-ee frontend_fixture` doesn't exist in `gitlab-foss` pipelines.
-  dependencies: ["rspec frontend_fixture", "rspec-ee frontend_fixture"]
+  needs:
+    - job: "rspec frontend_fixture"
+    - job: "rspec-ee frontend_fixture"
+      optional: true
  artifacts:
    name: coverage-frontend
    expire_in: 31d
@@ -222,8 +226,11 @@ jest-integration:
  script:
    - *yarn-install
    - run_timed_command "yarn jest:integration --ci"
-  # Don't use `needs` since `rspec-ee frontend_fixture` doesn't exist in `gitlab-foss` pipelines.
-  dependencies: ["rspec frontend_fixture", "rspec-ee frontend_fixture", "graphql-schema-dump"]
+  needs:
+    - job: "rspec frontend_fixture"
+    - job: "rspec-ee frontend_fixture"
+      optional: true
+    - job: "graphql-schema-dump"

 jest-as-if-foss:
  extends:

--- a/.gitlab/ci/pages.gitlab-ci.yml
+++ b/.gitlab/ci/pages.gitlab-ci.yml
@@ -3,7 +3,7 @@ pages:
    - .default-retry
    - .pages:rules
  stage: pages
-  dependencies:
+  needs:
    - rspec:coverage
    - coverage-frontend
    - karma

--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -35,9 +35,6 @@ review-build-cng:
      artifacts: false
  script:
    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
-    # When the job is manual, review-deploy is also manual and we don't want people
-    # to have to manually start the jobs in sequence, so we do it for them.
-    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job.rb --job-name "review-deploy"'

 .review-workflow-base:
  extends:
@@ -59,7 +56,7 @@ review-deploy:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: review
-  dependencies: []
+  needs: ["review-build-cng"]
  resource_group: "review/${CI_COMMIT_REF_NAME}"
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
@@ -75,10 +72,6 @@ review-deploy:
    - date
    - deploy || (display_deployment_debug && exit 1)
    - disable_sign_ups || (delete_release && exit 1)
-    # When the job is manual, review-qa-smoke is also manual and we don't want people
-    # to have to manually start the jobs in sequence, so we do it for them.
-    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job.rb --job-name "review-qa-smoke"'
-    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job.rb --job-name "review-performance"'
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
@@ -123,9 +116,7 @@ review-stop:
    - .use-docker-in-docker
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.7
  stage: qa
-  # This is needed so that manual jobs with needs don't block the pipeline.
-  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
-  dependencies: ["review-deploy"]
+  needs: ["review-deploy"]
  variables:
    QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
    QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
@@ -175,9 +166,7 @@ review-performance:
    name: sitespeedio/sitespeed.io
    entrypoint: [""]
  stage: qa
-  # This is needed so that manual jobs with needs don't block the pipeline.
-  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
-  dependencies: ["review-deploy"]
+  needs: ["review-deploy"]
  before_script:
    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
@@ -200,7 +189,7 @@ parallel-spec-reports:
    - .review:rules:review-qa-all
  image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine
  stage: post-qa
-  dependencies: ["review-qa-all"]
+  needs: ["review-qa-all"]
  variables:
    NEW_PARALLEL_SPECS_REPORT: qa/report-new.html
    BASE_ARTIFACT_URL: "${CI_PROJECT_URL}/-/jobs/${CI_JOB_ID}/artifacts/file/qa/"

--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -424,6 +424,13 @@
    - <<: *if-default-refs
      changes: *code-backstage-patterns

+.frontend:rules:default-frontend-jobs-ee:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-default-refs
+      changes: *code-backstage-patterns
+
 .frontend:rules:default-frontend-jobs-as-if-foss:
  rules:
    - <<: *if-not-ee
@@ -1069,7 +1076,6 @@
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *code-patterns
-      when: manual
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *qa-patterns
@@ -1090,7 +1096,6 @@
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *code-qa-patterns
-      when: manual
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-schedule
      allow_failure: true
@@ -1113,7 +1118,6 @@
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *code-qa-patterns
-      when: manual
      allow_failure: true

 .review:rules:review-qa-all:

--- a/app/assets/javascripts/repository/components/upload_blob_modal.vue
+++ b/app/assets/javascripts/repository/components/upload_blob_modal.vue
@@ -93,7 +93,7 @@ export default {
        text: PRIMARY_OPTIONS_TEXT,
        attributes: [
          {
-            variant: 'success',
+            variant: 'confirm',
            loading: this.loading,
            disabled: !this.formCompleted || this.loading,
          },

--- a/changelogs/unreleased/remove-success-variant-upload-blob.yml
+++ b/changelogs/unreleased/remove-success-variant-upload-blob.yml
+---
+title: Remove success variant for primary button in upload file modal
+merge_request:
+author: Yogi (@yo)
+type: changed
--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
@@ -30,6 +30,8 @@ module Gitlab
      end

      def download(url, upload_path)
+        validate_url!(url)
+
        File.open(upload_path, 'w') do |file|
          # Download (stream) file from the uploader's location
          IO.copy_stream(URI.parse(url).open, file)
@@ -63,6 +65,19 @@ module Gitlab
        FileUtils.copy_entry(source, destination)
        true
      end
+
+      def validate_url!(url)
+        ::Gitlab::UrlBlocker.validate!(
+          url,
+          allow_localhost: allow_local_requests?,
+          allow_local_network: allow_local_requests?,
+          schemes: %w(http https)
+        )
+      end
+
+      def allow_local_requests?
+        ::Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
+      end
    end
  end
 end
--- a/spec/lib/gitlab/import_export/command_line_util_spec.rb
+++ b/spec/lib/gitlab/import_export/command_line_util_spec.rb
@@ -16,6 +16,10 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
      def initialize
        @shared = Gitlab::ImportExport::Shared.new(nil)
      end
+
+      def execute_download(url)
+        download(url, 'path')
+      end
    end.new
  end

@@ -35,4 +39,29 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
  it 'has the right mask for uploads' do
    expect(file_permissions("#{path}/uploads")).to eq(0755) # originally 555
  end
+
+  context 'validates the URL before executing the download' do
+    before do
+      stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
+    end
+
+    it 'raises error when the given URL is blocked' do
+      expect { subject.execute_download('http://localhost:3000/file') }
+        .to raise_error(Gitlab::UrlBlocker::BlockedUrlError, 'Requests to localhost are not allowed')
+    end
+
+    it 'executes the download when the URL is allowed' do
+      expect_next_instance_of(URI::HTTP) do |uri|
+        expect(uri)
+          .to receive(:open)
+          .and_return('file content')
+      end
+
+      expect(IO)
+        .to receive(:copy_stream)
+        .with('file content', instance_of(File))
+
+      subject.execute_download('http://some.url.remote/file')
+    end
+  end
 end