Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -296,7 +296,7 @@ gem 'rack-attack', '~> 6.2.0'
 # Sentry integration
 gem 'sentry-raven', '~> 2.9'
 
-gem 'premailer-rails', '~> 1.9.7'
+gem 'premailer-rails', '~> 1.10.3'
 
 # LabKit: Tracing and Correlation
 gem 'gitlab-labkit', '~> 0.5'

Gemfile.lock

@@ -175,7 +175,7 @@ GEM
       safe_yaml (~> 1.0.0)
     crass (1.0.5)
     creole (0.5.0)
-    css_parser (1.5.0)
+    css_parser (1.7.0)
       addressable
     daemons (1.2.6)
     danger (6.0.9)
@@ -584,7 +584,7 @@ GEM
     mime-types-data (3.2019.0331)
     mimemagic (0.3.2)
     mini_magick (4.9.5)
-    mini_mime (1.0.1)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     minitest (5.11.3)
     msgpack (1.3.1)
@@ -703,12 +703,12 @@ GEM
     pg (1.1.4)
     po_to_json (1.0.1)
       json (>= 1.6.0)
-    premailer (1.10.4)
+    premailer (1.11.1)
       addressable
-      css_parser (>= 1.4.10)
+      css_parser (>= 1.6.0)
       htmlentities (>= 4.0.0)
-    premailer-rails (1.9.7)
-      actionmailer (>= 3, < 6)
+    premailer-rails (1.10.3)
+      actionmailer (>= 3)
       premailer (~> 1.7, >= 1.7.9)
     proc_to_ast (0.1.0)
       coderay
@@ -724,7 +724,7 @@ GEM
       pry (~> 0.10)
     pry-rails (0.3.6)
       pry (>= 0.10.4)
-    public_suffix (3.1.0)
+    public_suffix (3.1.1)
     puma (3.12.0)
     puma_worker_killer (0.1.0)
       get_process_mem (~> 0.2)
@@ -1248,7 +1248,7 @@ DEPENDENCIES
   omniauth_openid_connect (~> 0.3.3)
   org-ruby (~> 0.9.12)
   pg (~> 1.1)
-  premailer-rails (~> 1.9.7)
+  premailer-rails (~> 1.10.3)
   prometheus-client-mmap (~> 0.9.10)
   pry-byebug (~> 3.5.1)
   pry-rails (~> 0.3.4)

app/assets/javascripts/blob/blob_utils.js

-// capture anything starting with http:// or https:// which is not already part of a html link
+// capture anything starting with http:// or https://
 // up until a disallowed character or whitespace
-export const blobLinkRegex = /(?<!<a href=")https?:\/\/[^"<>\\^`{|}\s]+/g;
+export const blobLinkRegex = /https?:\/\/[^"<>\\^`{|}\s]+/g;
 
 export default { blobLinkRegex };

app/services/projects/container_repository/delete_tags_service.rb

@@ -22,10 +22,18 @@ module Projects
       def smart_delete(container_repository, tag_names)
         # generates the blobs for the dummy image
         dummy_manifest = container_repository.client.generate_empty_manifest(container_repository.path)
+        return error('could not generate manifest') if dummy_manifest.nil?
 
         # update the manifests of the tags with the new dummy image
-        tag_digests = tag_names.map do |name|
-          container_repository.client.put_tag(container_repository.path, name, dummy_manifest)
+        deleted_tags = []
+        tag_digests = []
+
+        tag_names.each do |name|
+          digest = container_repository.client.put_tag(container_repository.path, name, dummy_manifest)
+          next unless digest
+
+          deleted_tags << name
+          tag_digests << digest
         end
 
         # make sure the digests are the same (it should always be)
@@ -37,8 +45,8 @@ module Projects
         # Deletes the dummy image
         # All created tag digests are the same since they all have the same dummy image.
         # a single delete is sufficient to remove all tags with it
-        if container_repository.delete_tag_by_digest(tag_digests.first)
-          success(deleted: tag_names)
+        if tag_digests.any? && container_repository.delete_tag_by_digest(tag_digests.first)
+          success(deleted: deleted_tags)
         else
           error('could not delete tags')
         end

app/views/clusters/clusters/user/_header.html.haml

 %h4
   = s_('ClusterIntegration|Enter the details for your Kubernetes cluster')
 %p
-  - link_to_help_page = link_to(s_('ClusterIntegration|documentation'), help_page_path('user/project/clusters/add_remove_cluster', anchor: 'add-existing-cluster'), target: '_blank', rel: 'noopener noreferrer')
+  - link_to_help_page = link_to(s_('ClusterIntegration|documentation'), help_page_path('user/project/clusters/add_remove_clusters', anchor: 'add-existing-cluster'), target: '_blank', rel: 'noopener noreferrer')
   = s_('ClusterIntegration|Please enter access information for your Kubernetes cluster. If you need help, you can read our %{link_to_help_page} on Kubernetes').html_safe % { link_to_help_page: link_to_help_page }

changelogs/unreleased/34827-delete-container-registry-tag-undefined-method-success-for-nil.yml

+---
+title: Fix crash when docker fails deleting tags
+merge_request: 19208
+author:
+type: fixed

changelogs/unreleased/add-default-plan.yml

+---
+title: Create explicit Default and Free plans
+merge_request: 19033
+author:
+type: other

changelogs/unreleased/mermaid-update.yml

+---
+title: Update to Mermaid v8.4.2 to support more graph types
+merge_request: 19444
+author:
+type: changed

config/dependency_decisions.yml

@@ -620,3 +620,9 @@
     :why: https://github.com/hexorx/countries/blob/master/LICENSE
     :versions: []
     :when: 2019-09-11 13:08:28.431132000 Z
+- - :whitelist
+  - "(MIT OR CC0-1.0)"
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2019-11-08 10:03:31.787226000 Z

db/migrate/20191023152913_add_default_and_free_plans.rb

+# frozen_string_literal: true
+
+class AddDefaultAndFreePlans < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  class Plan < ApplicationRecord
+  end
+
+  def up
+    plan_names.each do |plan_name|
+      Plan.create_with(title: plan_name.titleize).find_or_create_by(name: plan_name)
+    end
+  end
+
+  def down
+    Plan.where(name: plan_names).delete_all
+  end
+
+  private
+
+  def plan_names
+    [
+      ('free' if Gitlab.com?),
+      'default'
+    ].compact
+  end
+end

doc/user/application_security/sast/index.md

@@ -196,8 +196,7 @@ The following are Docker image-related variables.
 |------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `SAST_ANALYZER_IMAGES`       | Comma separated list of custom images. Default images are still enabled. Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast). |
 | `SAST_ANALYZER_IMAGE_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md).                                                                                    |
-| `SAST_ANALYZER_IMAGE_TAG`    | Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast).                           |
-| `SAST_MAJOR_VERSION`         | Override the Docker tag of the default images. Only available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast).                                                                                 |
+| `SAST_ANALYZER_IMAGE_TAG`    | Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md).                                                                                                                    |
 | `SAST_DEFAULT_ANALYZERS`     | Override the names of default images. Read more about [customizing analyzers](analyzers.md).                                                                                                                             |
 | `SAST_DISABLE_DIND`          | Disable Docker in Docker and run analyzers [individually](#disabling-docker-in-docker-for-sast).                                                                                                                         |
 | `SAST_PULL_ANALYZER_IMAGES`  | Pull the images from the Docker registry (set to 0 to disable). Read more about [customizing analyzers](analyzers.md). Not available when [Docker in Docker is disabled](#disabling-docker-in-docker-for-sast).          |

lib/container_registry/client.rb

@@ -51,7 +51,7 @@ module ContainerRegistry
 
     def upload_blob(name, content, digest)
       upload = faraday.post("/v2/#{name}/blobs/uploads/")
-      return unless upload.success?
+      return upload unless upload.success?
 
       location = URI(upload.headers['location'])
 

lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

@@ -7,7 +7,7 @@
 variables:
   SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
   SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, tslint, secrets, sobelow, pmd-apex"
-  SAST_MAJOR_VERSION: 2
+  SAST_ANALYZER_IMAGE_TAG: 2
   SAST_DISABLE_DIND: "false"
 
 sast:
@@ -61,7 +61,7 @@ sast:
 bandit-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -71,7 +71,7 @@ bandit-sast:
 brakeman-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -81,7 +81,7 @@ brakeman-sast:
 eslint-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -91,7 +91,7 @@ eslint-sast:
 flawfinder-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -101,7 +101,7 @@ flawfinder-sast:
 gosec-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -111,7 +111,7 @@ gosec-sast:
 nodejs-scan-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -121,7 +121,7 @@ nodejs-scan-sast:
 phpcs-security-audit-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -131,7 +131,7 @@ phpcs-security-audit-sast:
 pmd-apex-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -141,7 +141,7 @@ pmd-apex-sast:
 secrets-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -150,7 +150,7 @@ secrets-sast:
 security-code-scan-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -160,7 +160,7 @@ security-code-scan-sast:
 sobelow-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -170,7 +170,7 @@ sobelow-sast:
 spotbugs-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&
@@ -180,7 +180,7 @@ spotbugs-sast:
 tslint-sast:
   extends: .analyzer
   image:
-    name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_MAJOR_VERSION"
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint:$SAST_ANALYZER_IMAGE_TAG"
   only:
     variables:
       - $GITLAB_FEATURES =~ /\bsast\b/ &&

package.json

@@ -99,7 +99,7 @@
     "jszip-utils": "^0.0.2",
     "katex": "^0.10.0",
     "marked": "^0.3.12",
-    "mermaid": "^8.2.6",
+    "mermaid": "^8.4.2",
     "monaco-editor": "^0.15.6",
     "monaco-editor-webpack-plugin": "^1.7.0",
     "mousetrap": "^1.4.6",

spec/javascripts/blob/viewer/index_spec.js

@@ -176,36 +176,19 @@ describe('Blob viewer', () => {
     });
   });
 
-  describe('linkifyURLs', () => {
-    it('renders a plain url as a link in simple view', done => {
+  describe('a URL inside the blob content', () => {
+    beforeEach(() => {
       mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
         html:
           '<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><span class="c1">To install gitlab-shell you also need a Go compiler version 1.8 or newer. https://golang.org/dl/</span></span></code></pre></div>',
       });
-
-      asyncClick()
-        .then(() => {
-          expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
-            '<a href="https://golang.org/dl/">https://golang.org/dl/</a>',
-          );
-          done();
-        })
-        .catch(() => {
-          fail();
-          done();
-        });
     });
 
-    it('leaves an unescaped url untouched', done => {
-      mock.onGet('http://test.host/snippets/1.json?viewer=simple').reply(200, {
-        html:
-          '<div class="js-blob-content"><pre class="code"><code><span class="line" lang="yaml"><a href="https://golang.org/dl/">golang</a></span></span></code></pre></div>',
-      });
-
+    it('is rendered as a link in simple view', done => {
       asyncClick()
         .then(() => {
           expect(document.querySelector('.blob-viewer[data-type="simple"]').innerHTML).toContain(
-            '<a href="https://golang.org/dl/">golang</a>',
+            '<a href="https://golang.org/dl/">https://golang.org/dl/</a>',
           );
           done();
         })

spec/lib/container_registry/client_spec.rb

@@ -99,8 +99,8 @@ describe ContainerRegistry::Client do
         stub_upload('path', 'content', 'sha256:123', 400)
       end
 
-      it 'returns nil' do
-        expect(subject).to be nil
+      it 'returns a failure' do
+        expect(subject).not_to be_success
       end
     end
   end
@@ -125,6 +125,14 @@ describe ContainerRegistry::Client do
 
       expect(subject).to eq(result_manifest)
     end
+
+    context 'when upload fails' do
+      before do
+        stub_upload('path', "{\n  \"config\": {\n  }\n}", 'sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3', 500)
+      end
+
+      it { is_expected.to be nil }
+    end
   end
 
   describe '#put_tag' do

spec/migrations/add_default_and_free_plans_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+require Rails.root.join('db', 'migrate', '20191023152913_add_default_and_free_plans.rb')
+
+describe AddDefaultAndFreePlans, :migration do
+  describe 'migrate' do
+    let(:plans) { table(:plans) }
+
+    context 'when on Gitlab.com' do
+      before do
+        expect(Gitlab).to receive(:com?) { true }
+      end
+
+      it 'creates free and default plans' do
+        expect { migrate! }.to change { plans.count }.by 2
+
+        expect(plans.last(2).pluck(:name)).to eq %w[free default]
+      end
+    end
+
+    context 'when on self-hosted' do
+      before do
+        expect(Gitlab).to receive(:com?) { false }
+      end
+
+      it 'creates only a default plan' do
+        expect { migrate! }.to change { plans.count }.by 1
+
+        expect(plans.last.name).to eq 'default'
+      end
+    end
+  end
+end

spec/services/projects/container_repository/delete_tags_service_spec.rb

@@ -88,6 +88,33 @@ describe Projects::ContainerRepository::DeleteTagsService do
 
           is_expected.to include(status: :success)
         end
+
+        context 'with failures' do
+          context 'when the dummy manifest generation fails' do
+            before do
+              stub_upload("{\n  \"config\": {\n  }\n}", 'sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3', success: false)
+            end
+
+            it { is_expected.to include(status: :error) }
+          end
+
+          context 'when updating the tags fails' do
+            before do
+              stub_upload("{\n  \"config\": {\n  }\n}", 'sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3')
+
+              stub_request(:put, "http://registry.gitlab/v2/#{repository.path}/manifests/A")
+                .to_return(status: 500, body: "", headers: { 'docker-content-digest' => 'sha256:dummy' })
+
+              stub_request(:put, "http://registry.gitlab/v2/#{repository.path}/manifests/Ba")
+                .to_return(status: 500, body: "", headers: { 'docker-content-digest' => 'sha256:dummy' })
+
+              stub_request(:delete, "http://registry.gitlab/v2/#{repository.path}/manifests/sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3")
+                .to_return(status: 200, body: "", headers: {})
+            end
+
+            it { is_expected.to include(status: :error) }
+          end
+        end
       end
     end
   end
@@ -107,10 +134,10 @@ describe Projects::ContainerRepository::DeleteTagsService do
     end
   end
 
-  def stub_upload(content, digest)
+  def stub_upload(content, digest, success: true)
     expect_any_instance_of(ContainerRegistry::Client)
       .to receive(:upload_blob)
-      .with(repository.path, content, digest) { double(success?: true ) }
+      .with(repository.path, content, digest) { double(success?: success ) }
   end
 
   def expect_delete_tag(digest)