- 20 Sep, 2016 23 commits
-
-
Jacob Vosmaer (GitLab) authored
Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907 Conflicts: GITLAB_WORKHORSE_VERSION doc/install/installation.md doc/update/8.11-to-8.12.md lib/gitlab/workhorse.rb spec/lib/gitlab/workhorse_spec.rb spec/requests/ci/api/builds_spec.rb spec/requests/git_http_spec.rb
-
Rémy Coutable authored
Allow the Rails cookie to be used for API authentication Makes the Rails cookie into a valid authentication token for the Grape API, and uses it instead of token authentication in frontend code that uses the API. Rendering the private token into client-side javascript is a security risk; it may be stolen through XSS or other attacks. In general, re-using API code in the frontend is more desirable than implementing endless actions that return JSON. Closes #18302 See merge request !1995
-
Rémy Coutable authored
Allow to set request_access_enabled for groups and projects using API Closes #20978 See merge request !6359
-
Rémy Coutable authored
Only create a protected branch upon a push to a new branch if a rule for that branch doesn't exist A customer ran into an issue where a Sidekiq task retried over and over, leading to duplicate master branches in their protected branch list. Closes #22177 See merge request !6399
-
Jacob Schatz authored
Fixes labels multi-encode and selecting labels with single quotes ## What does this MR do? Replaced single quotes with escaped single quotes when setting item `.is-active` and when removing its field. Adds a test to test selecting 2 different labels _(one with a single quote)_ with a full page load inbetween, it checks the labels are selected as well as shown as `.is-active` in the list. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? The javascript handles the url encoding when it is sent to the server so we shouldn't let the javascript begin processing an already encoded string but we needed to stop single quotes from breaking a jquery selector. ## Screenshots (if relevant) https://youtu.be/-H0_L2hV9tM ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #21961 Closes #21880 Closes #21248 Closes #20759 Closes #21935 See merge request !6313
-
Jacob Schatz authored
Improve build trace scroll controls ## What does this MR do? The trace step buttons now correctly scroll to the top or bottom of the build trace, rather than jumping inconsistently and never full reaching the top due to the fixed position of the header/navigation area. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? Build trace UX ## Screenshots (if relevant) ![2016-09-09_20.04.32](/uploads/efee5145fb505f8c9ae2a4cf24d842d3/2016-09-09_20.04.32.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Contributes to #21832. See merge request !6288
-
Jacob Schatz authored
Fixed large comments messing with diff table widths ## What does this MR do? Fixes the width of the diff table so that the content inside it can't increase or decrease the width of the table cells. ## Screenshots (if relevant) ![Screen_Shot_2016-09-12_at_14.44.44](/uploads/2ca483399d867153e6ae608360ffea5f/Screen_Shot_2016-09-12_at_14.44.44.png) ## What are the relevant issue numbers? Closes #20694 See merge request !6309
-
Robert Speicher authored
Ensure invitees are not returned in Members API ## What are the relevant issue numbers? Closes #22065 See merge request !6370
-
Douwe Maan authored
Use gitlab-workhorse 0.8.2 Fixes rejected API git archive extensions; improves Sentry errors. https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/CHANGELOG See merge request !6388
-
Rémy Coutable authored
Fix broken spec due to last_activity_at updates being throttled In https://gitlab.com/gitlab-org/gitlab-ce/builds/4218398, the build failed because the last_activity_at column was only being updated once per hour. We can fix this spec by stubbing out the throttling and adjusting the spec to test the right event timestamp. See merge request !6424
-
Robert Speicher authored
Strip comments before sending keys to gitlab-shell ## Why was this MR needed? https://gitlab.com/gitlab-org/gitlab-ce/issues/22167 encoding issues in comment text. ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/22167 See merge request !6381
-
Robert Speicher authored
Hide jump to next discussion button on commit notes ## What are the relevant issue numbers? Closes #22354 See merge request !6428
-
Douwe Maan authored
Fix "Unsubscribe" link in notification emails that is triggered by anti-virus ## What does this MR do? * The unsubscribe link in an email body only unsubscribes automatically when logged in, otherwise the user is asked for a confirmation. * The unsubscribe link in an email header unsubscribes automatically whether logged in or not. ## Are there points in the code the reviewer needs to double check? This addresses all the comments from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5241, I think! ## Why was this MR needed? People were getting unsubscribed automatically by AV software. ## Screenshot ![Screen_Shot_2016-09-20_at_09.51.30](/uploads/083ee2865f1ad6c08e2ed97f1c4e7d0d/Screen_Shot_2016-09-20_at_09.51.30.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #17198. See merge request !6223
-
Rémy Coutable authored
Lets the user choose a namespace and name on Github imports Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/14971 See merge request !5728
-
Yorick Peterse authored
Use a ConnectionPool for Rails.cache on Sidekiq servers See merge request !6429
-
Rémy Coutable authored
Restrict last_activity_at updates to one per hour This MR reduces the number of updates to `projects.last_activity_at` to once per hour. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22213 See merge request !6391
-
Douwe Maan authored
LFS support for ssh enabled ## What does this MR do? This is follow-up after https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043 which is falsely shown as merged due to: https://gitlab.com/gitlab-org/gitlab-ce/issues/22334 ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !6413
-
Douwe Maan authored
Fix download artifacts button link ## What does this MR do? Fix download artifacts button link. ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug ## What are the relevant issue numbers? Closes #22294 See merge request !6407
-
Rémy Coutable authored
Render stages in valid order Currently stages in stages dropdown on builds page are not in valid order. It is important to display stages in other those are defined in the pipeline. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/21133 See merge request !6430
-
Jacob Schatz authored
Frontend for Merge Request Diff This merge request improves the UX for the merge request diff feature which was recently implemented here (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6127). Specifically, it styles various parts of the diff feature to match the designs, it disables comment-related buttons in states where comments are disabled, and it adds a 'Show latest version' button for convenience. ## Are there points in the code the reviewer needs to double check? I could use feedback on this MR's fidelity to the design. ## Why was this MR needed? Neccessary styling improvements for basic UX of this feature, and enabled comment buttons are not functional and thus need to be disabled in certain states. ## Screenshots (if relevant) ![57dd0755f0b14342305909](/uploads/318a44a3bc8b7fc5c9c6ef92ba92e511/57dd0755f0b14342305909.gif) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/21427 https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6127 cc: @jschatz1 See merge request !6343
-
Rémy Coutable authored
Fix processing of events when build finished. Update pipeline after processing builds. Otherwise we can get into scenario where pipeline will be marked as running. This solves a quite significant regression in Pipeline processing. Proper fix is to move all this to Sidekiq Worker and process pipeline there. I'll do it after 8.12 release. See merge request !6410
-
Robert Speicher authored
Fix note form hint showing slash commands supported for commits ## What are the relevant issue numbers? Closes #22218 See merge request !6368
-
Rémy Coutable authored
Add optional 'author' param when making commits This fulfills https://gitlab.com/gitlab-org/gitlab-ce/issues/20789 by adding the ability to specify a user's ID to be used as the author of a commit. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20789 See merge request !5822
-
- 19 Sep, 2016 17 commits
-
-
Ruben Davila authored
-
Ruben Davila authored
-
Rémy Coutable authored
Make CI to use the permission of the user who is trigger the build This is continuation of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5735, but with removed all LFS code that is added by: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043. This also incorporates most of LFS code added in !6043 to simplify further merge. See merge request !6409
-
Rémy Coutable authored
Fix import/export database errors Fixes protected branches errors when importing a project including them Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/21295 Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/21799 See merge request !6099
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Rémy Coutable authored
Add support for dynamic environments Implements proposal described in https://gitlab.com/gitlab-org/gitlab-ce/issues/21971. Specifically: - it adds a `.gitlab-ci.yml` configuration, - it allows environment name to have slashes, - it allows environment names to use CI predefined variables, - it allows to specify URL from `.gitlab-ci.yml`, - it allows the URL to use CI predefined variables, - it introduces `environment_type` to allow to easily group environments in the future See merge request !6323
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Rémy Coutable authored
Ensure validation messages are shown within the milestone form Fixes a bug where upon entering data to create an invalid milestone via the Web UI or the API would raise an exception rather than render the validation messages We'd rather render the validation messages to inform the user than raise an exception and result in a 422 error being displayed Closes #22033 See merge request !6345
-