Commit dbd7309a authored by Mike Lewis's avatar Mike Lewis
Browse files

Merge branch 'master' into 'reply-to-comment-documentation'

# Conflicts:
#   doc/user/discussions/index.md
parents 7be24833 b63efb09

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.
......@@ -444,6 +444,17 @@ setup-test-env:
- master
- /(^docs[\/-].*|.*-docs$)/
.review-schedules-only: &review-schedules-only
only:
refs:
- schedules@gitlab-org/gitlab-ce
- schedules@gitlab-org/gitlab-ee
kubernetes: active
except:
refs:
- tags
- /(^docs[\/-].*|.*-docs$)/
.review-base: &review-base
<<: *dedicated-no-docs-no-db-pull-cache-job
<<: *review-only
......@@ -672,6 +683,30 @@ gitlab:assets:compile:
- docker
- gitlab-org
gitlab:ui:visual:
<<: *except-docs
tags:
- gitlab-org
before_script: []
dependencies:
- compile-assets
script:
# Remove node modules from GitLab that may conflict with gitlab-ui
- rm -r node_modules
- git clone https://gitlab.com/gitlab-org/gitlab-ui.git
- cp public/assets/application-*.css gitlab-ui/styles/application.css
- cd gitlab-ui
- yarn install
- CSS_URL=./application.css yarn test
only:
changes:
- app/assets/stylesheets/*.scss
- app/assets/stylesheets/**/*.scss
- app/assets/stylesheets/**/**/*.scss
artifacts:
paths:
- tests/__image_snapshots__/
karma:
<<: *dedicated-no-docs-pull-cache-job
<<: *use-pg
......@@ -959,8 +994,7 @@ no_ee_check:
- //@gitlab-org/gitlab-ce
# GitLab Review apps
review-build-cng:
<<: *review-only
.review-build-cng-base: &review-build-cng-base
image: ruby:2.5-alpine
stage: test
before_script: []
......@@ -976,7 +1010,15 @@ review-build-cng:
- wait_for_job_to_be_done "gitlab:assets:compile"
- BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
review-deploy:
review-build-cng:
<<: *review-only
<<: *review-build-cng-base
schedule:review-build-cng:
<<: *review-schedules-only
<<: *review-build-cng-base
.review-deploy-base: &review-deploy-base
<<: *review-base
retry: 2
allow_failure: true
......@@ -998,6 +1040,8 @@ review-deploy:
- source ./scripts/review_apps/review-apps.sh
script:
- wait_for_job_to_be_done "review-build-cng"
after_script:
- source ./scripts/review_apps/review-apps.sh
- check_kube_domain
- download_gitlab_chart
- ensure_namespace
......@@ -1006,6 +1050,15 @@ review-deploy:
- time deploy
- add_license
review-deploy:
<<: *review-deploy-base
schedule:review-deploy:
<<: *review-deploy-base
<<: *review-schedules-only
script:
- wait_for_job_to_be_done "schedule:review-build-cng"
.review-qa-base: &review-qa-base
<<: *review-docker
allow_failure: true
......@@ -1032,19 +1085,40 @@ review-deploy:
- apk update && apk add curl jq
- source ./scripts/review_apps/review-apps.sh
- gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}}
- wait_for_job_to_be_done "review-deploy"
review-qa-smoke:
<<: *review-qa-base
script:
- wait_for_job_to_be_done "review-deploy"
- gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
review-qa-all:
<<: *review-qa-base
script:
- wait_for_job_to_be_done "review-deploy"
- gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
when: manual
.review-performance-base: &review-performance-base
<<: *review-qa-base
script:
- wait_for_job_to_be_done "review-deploy"
after_script:
- mkdir gitlab-exporter
- wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
- mkdir sitespeed-results
- docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "$CI_ENVIRONMENT_URL"
- mv sitespeed-results/data/performance.json performance.json
artifacts:
paths:
- sitespeed-results/
reports:
performance: performance.json
review-performance:
<<: *review-performance-base
review-stop:
<<: *review-base
<<: *single-script-job
......@@ -1064,21 +1138,20 @@ review-stop:
schedule:review-cleanup:
<<: *review-base
<<: *review-schedules-only
stage: build
allow_failure: true
variables:
GIT_DEPTH: "1"
environment:
name: review/auto-cleanup
only:
refs:
- schedules@gitlab-org/gitlab-ce
- schedules@gitlab-org/gitlab-ee
kubernetes: active
except:
- tags
- /(^docs[\/-].*|.*-docs$)/
before_script:
- gem install gitlab --no-document
script:
- ruby -rrubygems scripts/review_apps/automated_cleanup.rb
schedule:review-performance:
<<: *review-performance-base
<<: *review-schedules-only
script:
- wait_for_job_to_be_done "schedule:review-deploy"
......@@ -39,7 +39,7 @@ Existing personas are: (copy relevant personas out of this comment, and delete a
### Permissions and Security
What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?
<!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? -->
### Documentation
......
......@@ -181,3 +181,6 @@ Cop/InjectEnterpriseEditionModule:
Exclude:
- 'spec/**/*'
- 'ee/spec/**/*'
Style/ReturnNil:
Enabled: true
{
"extends": "stylelint-config-recommended",
"plugins": [
"stylelint-scss"
],
"rules": {
"no-descending-specificity": null,
"font-family-no-missing-generic-family-keyword": null,
"at-rule-no-unknown": [ true, {
ignoreAtRules: ["include", "each", "mixin", "extend", "if", "function", "for", "else", "return"]
}],
"selector-type-no-unknown": [true, {
"ignoreTypes": ["gl-emoji"]
}],
"unit-no-unknown" : [true, {
"ignoreFunctions": ["-webkit-image-set"]
}],
"scss/at-extend-no-missing-placeholder": null,
"scss/at-function-pattern": "^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/at-import-no-partial-leading-underscore": true,
"scss/at-import-partial-extension-blacklist": ["scss"],
"scss/at-mixin-pattern": "^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/at-rule-no-unknown": true,
"scss/dollar-variable-colon-space-after": "always",
"scss/dollar-variable-colon-space-before": "never",
"scss/dollar-variable-pattern": "^[_]?[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/percent-placeholder-pattern": "^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/selector-no-redundant-nesting-selector": true,
}
"plugins":[
"stylelint-scss"
],
"rules":{
"at-rule-blacklist":[
"debug"
],
"at-rule-no-unknown":null,
"at-rule-no-vendor-prefix":true,
"block-no-empty":true,
"block-opening-brace-space-before":"always",
"color-hex-case":"lower",
"color-hex-length":"short",
"color-named":"never",
"color-no-invalid-hex":true,
"declaration-bang-space-after":"never",
"declaration-bang-space-before":"always",
"declaration-block-semicolon-newline-after":"always",
"declaration-block-semicolon-space-before":"never",
"declaration-block-single-line-max-declarations":1,
"declaration-block-trailing-semicolon":"always",
"declaration-colon-space-after":"always-single-line",
"declaration-colon-space-before":"never",
"declaration-property-value-blacklist":{
"border":[
"none"
],
"border-top":[
"none"
],
"border-right":[
"none"
],
"border-bottom":[
"none"
],
"border-left":[
"none"
]
},
"function-comma-space-after":"always-single-line",
"function-parentheses-space-inside":"never",
"function-url-quotes":"always",
"indentation":2,
"length-zero-no-unit":true,
"max-nesting-depth":[
3,
{
"ignoreAtRules":[
"each",
"media",
"supports",
"include"
],
"severity":"warning"
}
],
"media-feature-name-no-vendor-prefix":true,
"media-feature-parentheses-space-inside":"never",
"no-missing-end-of-source-newline":true,
"number-leading-zero":"always",
"number-no-trailing-zeros":true,
"property-no-unknown":true,
"property-no-vendor-prefix":true,
"rule-empty-line-before":[
"always-multi-line",
{
"except":[
"first-nested"
],
"ignore":[
"after-comment"
]
}
],
"scss/at-extend-no-missing-placeholder":[true,{ "severity": "warning" }],
"scss/at-function-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/at-import-no-partial-leading-underscore":true,
"scss/at-import-partial-extension-blacklist":[
"scss"
],
"scss/at-mixin-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/at-rule-no-unknown":true,
"scss/dollar-variable-colon-space-after":"always",
"scss/dollar-variable-colon-space-before":"never",
"scss/dollar-variable-pattern":"^[_]?[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/percent-placeholder-pattern":"^[a-z]+([a-z0-9-]+[a-z0-9]+)?$",
"scss/selector-no-redundant-nesting-selector":true,
"selector-class-pattern":[
"^[a-z0-9\\-]+$",
{
"message":"Selector should be written in lowercase with hyphens (selector-class-pattern)",
"severity": "warning"
},
],
"selector-list-comma-newline-after":"always",
"selector-max-compound-selectors":[5, { "severity": "warning" }],
"selector-max-id":1,
"selector-no-vendor-prefix":true,
"selector-pseudo-element-colon-notation":"double",
"selector-pseudo-element-no-unknown":true,
"shorthand-property-no-redundant-values":true,
"string-quotes":"single",
"value-no-vendor-prefix":true
}
}
......@@ -486,6 +486,33 @@ entry.
- Update url placeholder for the sentry configuration page. !24338
## 11.6.10 (2019-02-28)
### Security (21 changes)
- Stop linking to unrecognized package sources. !55518
- Check snippet attached file to be moved is within designated directory.
- Fix potential Addressable::URI::InvalidURIError.
- Do not display impersonated sessions under active sessions and remove ability to revoke session.
- Display only information visible to current user on the Milestone page.
- Show only merge requests visible to user on milestone detail page.
- Disable issue boards API when issues are disabled.
- Don't show new issue link after move when a user does not have permissions.
- Fix git clone revealing private repo's presence.
- Fix blind SSRF in Prometheus integration by checking URL before querying.
- Check if desired milestone for an issue is available.
- Don't allow non-members to see private related MRs.
- Fix arbitrary file read via diffs during import.
- Display the correct number of MRs a user has access to.
- Forbid creating discussions for users with restricted access.
- Do not disclose milestone titles for unauthorized users.
- Validate session key when authorizing with GCP to create a cluster.
- Block local URLs for Kubernetes integration.
- Limit mermaid rendering to 5K characters.
- Remove the possibility to share a project with a group that a user is not a member of.
- Fix leaking private repository information in API.
## 11.6.8 (2019-01-30)
- No changes.
......
......@@ -68,7 +68,7 @@ gem 'gpgme', '~> 2.0.18'
# LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes
# see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
gem 'gitlab_omniauth-ldap', '~> 2.0.4', require: 'omniauth-ldap'
gem 'gitlab_omniauth-ldap', '~> 2.1.1', require: 'omniauth-ldap'
gem 'net-ldap'
# API
......@@ -94,13 +94,15 @@ gem 'carrierwave', '~> 1.3'
gem 'mini_magick'
# for backups
gem 'fog-aws', '~> 2.0.1'
gem 'fog-core', '~> 1.44'
gem 'fog-google', '~> 1.7.1'
gem 'fog-local', '~> 0.3'
gem 'fog-openstack', '~> 0.1'
gem 'fog-aws', '~> 3.3'
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
# Also see config/initializers/fog_core_patch.rb.
gem 'fog-core', '= 2.1.0'
gem 'fog-google', '~> 1.8'
gem 'fog-local', '~> 0.6'
gem 'fog-openstack', '~> 1.0'
gem 'fog-rackspace', '~> 0.1.1'
gem 'fog-aliyun', '~> 0.2.0'
gem 'fog-aliyun', '~> 0.3'
# for Google storage
gem 'google-api-client', '~> 0.23'
......@@ -323,7 +325,7 @@ group :development do
end
group :development, :test do
gem 'bootsnap', '~> 1.3'
gem 'bootsnap', '~> 1.4'
gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']
gem 'pry-byebug', '~> 3.5.1', platform: :mri
gem 'pry-rails', '~> 0.3.4'
......@@ -419,7 +421,7 @@ group :ed25519 do
end
# Gitaly GRPC client
gem 'gitaly-proto', '~> 1.12.0', require: 'gitaly'
gem 'gitaly-proto', '~> 1.13.0', require: 'gitaly'
gem 'grpc', '~> 1.15.0'
......
......@@ -85,7 +85,7 @@ GEM
binding_ninja (0.2.2)
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
bootsnap (1.3.2)
bootsnap (1.4.1)
msgpack (~> 1.0)
bootstrap_form (2.7.0)
brakeman (4.2.1)
......@@ -218,32 +218,33 @@ GEM
flowdock (0.7.1)
httparty (~> 0.7)
multi_json
fog-aliyun (0.2.0)
fog-core (~> 1.27)
fog-json (~> 1.0)
fog-aliyun (0.3.3)
fog-core
fog-json
ipaddress (~> 0.8)
xml-simple (~> 1.1)
fog-aws (2.0.1)
fog-core (~> 1.38)
fog-json (~> 1.0)
fog-aws (3.3.0)
fog-core (~> 2.1)
fog-json (~> 1.1)
fog-xml (~> 0.1)
ipaddress (~> 0.8)
fog-core (1.45.0)
fog-core (2.1.0)
builder
excon (~> 0.58)
formatador (~> 0.2)
fog-google (1.7.1)
fog-core
fog-json
fog-xml
mime-types
fog-google (1.8.2)
fog-core (<= 2.1.0)
fog-json (~> 1.2)
fog-xml (~> 0.1.0)
google-api-client (~> 0.23.0)
fog-json (1.0.2)
fog-core (~> 1.0)
fog-json (1.2.0)
fog-core
multi_json (~> 1.10)
fog-local (0.3.1)
fog-core (~> 1.27)
fog-openstack (0.1.21)
fog-core (>= 1.40)
fog-local (0.6.0)
fog-core (>= 1.27, < 3.0)
fog-openstack (1.0.8)
fog-core (~> 2.1)
fog-json (>= 1.0)
ipaddress (>= 0.8)
fog-rackspace (0.1.1)
......@@ -278,7 +279,7 @@ GEM
gettext_i18n_rails (>= 0.7.1)
po_to_json (>= 1.0.0)
rails (>= 3.2.0)
gitaly-proto (1.12.0)
gitaly-proto (1.13.0)
grpc (~> 1.0)
github-markup (1.7.0)
gitlab-default_value_for (3.1.1)
......@@ -290,7 +291,7 @@ GEM
rubocop (~> 0.54.0)
rubocop-gitlab-security (~> 0.1.0)
rubocop-rspec (~> 1.19)
gitlab_omniauth-ldap (2.0.4)
gitlab_omniauth-ldap (2.1.1)
net-ldap (~> 0.16)
omniauth (~> 1.3)
pyu-ruby-sasl (>= 0.0.3.3, < 0.1)
......@@ -309,7 +310,7 @@ GEM
representable (~> 3.0)
retriable (>= 2.0, < 4.0)
google-protobuf (3.6.1)
googleapis-common-protos-types (1.0.2)
googleapis-common-protos-types (1.0.3)
google-protobuf (~> 3.0)
googleauth (0.6.6)
faraday (~> 0.12)
......@@ -965,7 +966,7 @@ DEPENDENCIES
benchmark-ips (~> 2.3.0)
better_errors (~> 2.5.0)
binding_of_caller (~> 0.8.0)
bootsnap (~> 1.3)
bootsnap (~> 1.4)
bootstrap_form (~> 2.7.0)
brakeman (~> 4.2)
browser (~> 2.5)
......@@ -1002,12 +1003,12 @@ DEPENDENCIES
flipper-active_record (~> 0.13.0)
flipper-active_support_cache_store (~> 0.13.0)
flowdock (~> 0.7)
fog-aliyun (~> 0.2.0)
fog-aws (~> 2.0.1)
fog-core (~> 1.44)
fog-google (~> 1.7.1)
fog-local (~> 0.3)
fog-openstack (~> 0.1)
fog-aliyun (~> 0.3)
fog-aws (~> 3.3)
fog-core (= 2.1.0)
fog-google (~> 1.8)
fog-local (~> 0.6)
fog-openstack (~> 1.0)
fog-rackspace (~> 0.1.1)
font-awesome-rails (~> 4.7)
foreman (~> 0.84.0)
......@@ -1017,13 +1018,13 @@ DEPENDENCIES
gettext (~> 3.2.2)
gettext_i18n_rails (~> 1.8.0)
gettext_i18n_rails_js (~> 1.3)
gitaly-proto (~> 1.12.0)
gitaly-proto (~> 1.13.0)
github-markup (~> 1.7.0)
gitlab-default_value_for (~> 3.1.1)
gitlab-markup (~> 1.6.5)
gitlab-sidekiq-fetcher (~> 0.4.0)
gitlab-styles (~> 2.4)
gitlab_omniauth-ldap (~> 2.0.4)
gitlab_omniauth-ldap (~> 2.1.1)
gon (~> 6.2)
google-api-client (~> 0.23)
google-protobuf (~> 3.6)
......
......@@ -12,6 +12,7 @@ const Api = {
projectsPath: '/api/:version/projects.json',
projectPath: '/api/:version/projects/:id',
projectLabelsPath: '/:namespace_path/:project_path/labels',
projectMergeRequestsPath: '/api/:version/projects/:id/merge_requests',
projectMergeRequestPath: '/api/:version/projects/:id/merge_requests/:mrid',
projectMergeRequestChangesPath: '/api/:version/projects/:id/merge_requests/:mrid/changes',
projectMergeRequestVersionsPath: '/api/:version/projects/:id/merge_requests/:mrid/versions',
......@@ -111,6 +112,22 @@ const Api = {
return axios.get(url);
},
/**
* Get all Merge Requests for a project, eventually filtering based on
* supplied parameters
* @param projectPath
* @param params
* @returns {Promise}
*/
projectMergeRequests(projectPath, params = {}) {
const url = Api.buildUrl(Api.projectMergeRequestsPath).replace(
':id',
encodeURIComponent(projectPath),
);
return axios.get(url, { params });
},
// Return Merge Request for project
projectMergeRequest(projectPath, mergeRequestId, params = {}) {
const url = Api.buildUrl(Api.projectMergeRequestPath)
......
......@@ -615,10 +615,18 @@ export class AwardsHandler {
let awardsHandlerPromise = null;
export default function loadAwardsHandler(reload = false) {
if (!awardsHandlerPromise || reload) {
awardsHandlerPromise = import(/* webpackChunkName: 'emoji' */ './emoji').then(Emoji => {
const awardsHandler = new AwardsHandler(Emoji);
awardsHandler.bindEvents();
return awardsHandler;
awardsHandlerPromise = new Promise((resolve, reject) => {
import(/* webpackChunkName: 'emoji' */ './emoji')
.then(Emoji => {
Emoji.initEmojiMap()
.then(() => {
const awardsHandler = new AwardsHandler(Emoji);
awardsHandler.bindEvents();
resolve(awardsHandler);
})
.catch(() => reject);
})
.catch(() => reject);
});
}
return awardsHandlerPromise;
......
import 'document-register-element';
import isEmojiUnicodeSupported from '../emoji/support';
import { initEmojiMap, getEmojiInfo, emojiFallbackImageSrc, emojiImageTag } from '../emoji';
class GlEmoji extends HTMLElement {
constructor() {
super();
const emojiUnicode = this.textContent.trim();
const { name, unicodeVersion, fallbackSrc, fallbackSpriteClass } = this.dataset;
const isEmojiUnicode =
this.childNodes &&
Array.prototype.every.call(this.childNodes, childNode => childNode.nodeType === 3);
const hasImageFallback = fallbackSrc && fallbackSrc.length > 0;
const hasCssSpriteFalback = fallbackSpriteClass && fallbackSpriteClass.length > 0;
if (emojiUnicode && isEmojiUnicode && !isEmojiUnicodeSupported(emojiUnicode, unicodeVersion)) {
// CSS sprite fallback takes precedence over image fallback
if (hasCssSpriteFalback) {