1. 06 Jun, 2019 3 commits
  2. 22 May, 2019 1 commit
    • Douwe Maan's avatar
      Protect Gitlab::HTTP against DNS rebinding attack · e2051df6
      Douwe Maan authored
      Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
      blocked, and then uses the same IP to perform the actual request, while
      passing the original hostname in the `Host` header and SSL SNI field.
      e2051df6
  3. 11 Apr, 2019 5 commits
  4. 13 Mar, 2019 1 commit
  5. 07 Mar, 2019 1 commit
  6. 05 Mar, 2019 1 commit
    • João Cunha's avatar
      Creates Clusterss::ApplciationsController update endpoint · f8234d9a
      João Cunha authored
      - Creates new route
      - Creates new controller action
      - Creates call stack:
        Clusterss::ApplciationsController calls -->
        Clusters::Applications::UpdateService calls -->
        Clusters::Applications::ScheduleUpdateService calls -->
        ClusterUpdateAppWorker calls -->
        Clusters::Applications::PatchService -->
        ClusterWaitForAppInstallationWorker
      
      DRY req params
      
      Adds gcp_cluster:cluster_update_app queue
      
      Schedule_update_service is uneeded
      
      Extract common logic to a parent class (UpdateService will need it)
      
      Introduce new UpdateService
      
      Fix rescue class namespace
      
      Fix RuboCop offenses
      
      Adds BaseService for create and update services
      
      Remove request_handler code duplication
      
      Fixes update command
      
      Move update_command to ApplicationCore so all apps can use it
      
      Adds tests for Knative update_command
      
      Adds specs for PatchService
      
      Raise error if update receives an unistalled app
      
      Adds update_service spec
      
      Fix RuboCop offense
      
      Use subject in favor of go
      
      Adds update endpoint specs for project namespace
      
      Adds update endpoint specs for group namespace
      f8234d9a
  7. 04 Mar, 2019 3 commits
    • Nick Thomas's avatar
      sidekiq: terminate child processes at shutdown · f0c52df5
      Nick Thomas authored
      Sidekiq jobs frequently spawn long-lived child processes to do work.
      In some circumstances, these can be reparented to init when sidekiq is
      terminated, leading to duplication of work and strange concurrency
      problems.
      
      This commit changes sidekiq so that, if run as a process group leader,
      it will forward `INT` and `TERM` signals to the whole process group. If
      the memory killer is active, it will also use the process group when
      resorting to `kill -9` to shut down.
      
      These changes mean that a naive `kill <pid-of-sidekiq>` will now do the
      right thing, killing any child processes spawned by sidekiq, as long as
      the process supervisor placed it in its own process group.
      
      If sidekiq isn't a process group leader, this new code is skipped.
      f0c52df5
    • Drew Blessing's avatar
      Allow raw `tls_options` to be passed in LDAP configuration · f6350fac
      Drew Blessing authored
      We've previously exposed ca_file and ssl_version but there are many
      possible options that can be used inside tls_options. Instead of
      exposing individual ones, simply expose the entire hash so it can
      be passed in and we won't have to add things in the future.
      f6350fac
    • Bob Van Landuyt's avatar
      Types::BaseField accepts authorize after reload · 58aaa766
      Bob Van Landuyt authored
      When working on files in `app/graphql` the code correctly gets
      autoloaded.
      
      However, the redefined `Types::BaseField` would never receive the
      `.accepts_definition` call, causing all queries after a reload to
      fail. Calling `.accepts_definition` on its superclass makes sure the
      reloaded version also has the `authorize` definition specified.
      58aaa766
  8. 01 Mar, 2019 6 commits
  9. 28 Feb, 2019 2 commits
  10. 27 Feb, 2019 3 commits
  11. 25 Feb, 2019 2 commits
    • Luke Duncalfe's avatar
      Improve GraphQL Authorization DSL · ccb4edbc
      Luke Duncalfe authored
      Previously GraphQL field authorization happened like this:
      
          class ProjectType
            field :my_field, MyFieldType do
              authorize :permission
            end
          end
      
      This change allowed us to authorize like this instead:
      
          class ProjectType
            field :my_field, MyFieldType, authorize: :permission
          end
      
      A new initializer registers the `authorize` metadata keyword on GraphQL
      Schema Objects and Fields, and we can collect this data within the
      context of Instrumentation like this:
      
          field.metadata[:authorize]
      
      The previous functionality of authorize is still being used for
      mutations, as the #authorize method here is called at during the code
      that executes during the mutation, rather than when a field resolves.
      
      https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
      ccb4edbc
    • Thong Kuah's avatar
      Turn on backtrace for sidekiq in development · f09399fc
      Thong Kuah authored
      This enables easier debugging in GDK
      f09399fc
  12. 22 Feb, 2019 1 commit
  13. 20 Feb, 2019 1 commit
  14. 19 Feb, 2019 1 commit
  15. 15 Feb, 2019 1 commit
    • Simon Knox's avatar
      Only load selected syntax highlight CSS · 5996fd14
      Simon Knox authored
      Compile highlight CSS separately
      Move highlight-specific mixins out of mixins.scss
      Rename solarized themes to match theme name as this was a smaller
      change than changing all instances to snake_case
      5996fd14
  16. 14 Feb, 2019 2 commits
  17. 13 Feb, 2019 1 commit
    • Luke Bennett's avatar
      Improve the GitHub and Gitea import feature table interface · 534a6117
      Luke Bennett authored
      These are backend changes.
      Use Vue for the import feature UI for "githubish"
      providers (GitHub and Gitea).
      Add "Go to project" button after a successful import.
      Use CI-style status icons and improve spacing of the
      table and its component.
      Adds ETag polling to the github and gitea import
      jobs endpoint.
      534a6117
  18. 12 Feb, 2019 1 commit
    • Stan Hu's avatar
      Log queue duration in production_json.log · 51ca7922
      Stan Hu authored
      `queue_duration` is a useful metric that is currently in api_json.log
      but not in production_json.log. We should add it because it tells us how
      long the request sat in Workhorse before Unicorn processed it. Having
      this field enables the support team to better troubleshoot when delays
      began to happen.
      51ca7922
  19. 10 Feb, 2019 1 commit
    • Peter Leitzen's avatar
      Fix error when reloading code in Sidekiq · 1931c3ef
      Peter Leitzen authored
      This commit fixes the following error in development:
      
          ArgumentError: A copy of Gitlab::Metrics::Transaction has been
          removed from the module tree but is still active!
      1931c3ef
  20. 08 Feb, 2019 2 commits
    • Nick Thomas's avatar
      Remove HipChat integration from GitLab · a5378665
      Nick Thomas authored
      a5378665
    • Andrew Newdigate's avatar
      Provide a performance bar link to the Jaeger UI · 48bcd524
      Andrew Newdigate authored
      Jaeger is a distributed tracing tool. This change adds a "Tracing" link
      to the performance bar to directly link to a current request in Jaeger.
      
      This is useful for two reasons: 1 - it provides affordance to developers
      that the distributed tracing tool is available, so that it can quickly
      be discovered. 2 - it allows developers to quickly find a specific trace
      without having to manually navigate to a second user-interface.
      48bcd524
  21. 06 Feb, 2019 1 commit