From 99454db49e04656e8df692c5a1c4582fec50eee3 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 28 Apr 2020 06:09:49 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../components/file_icon/file_icon_map.js | 1 + app/services/git/branch_hooks_service.rb | 2 +- .../raketasks/uploads/migrate.md | 104 +++++++++------- .../raketasks/uploads/sanitize.md | 55 +++++---- .../gitlab_rails_cheat_sheet.md | 8 ++ doc/raketasks/user_management.md | 115 ++++++++++-------- doc/raketasks/web_hooks.md | 52 +++++--- doc/raketasks/x509_signatures.md | 11 +- doc/user/project/push_options.md | 8 +- .../Security/Secure-Binaries.gitlab-ci.yml | 10 +- 10 files changed, 208 insertions(+), 158 deletions(-) diff --git a/app/assets/javascripts/vue_shared/components/file_icon/file_icon_map.js b/app/assets/javascripts/vue_shared/components/file_icon/file_icon_map.js index 2f6640232dd..1f31cd11aee 100644 --- a/app/assets/javascripts/vue_shared/components/file_icon/file_icon_map.js +++ b/app/assets/javascripts/vue_shared/components/file_icon/file_icon_map.js @@ -575,6 +575,7 @@ const fileNameIcons = { '.prettierrc.json': 'prettier', '.prettierrc.yaml': 'prettier', '.prettierrc.yml': 'prettier', + '.prettierignore': 'prettier', 'nodemon.json': 'nodemon', '.sonarrc': 'sonar', browserslist: 'browserlist', diff --git a/app/services/git/branch_hooks_service.rb b/app/services/git/branch_hooks_service.rb index e1cc1f8c834..92e7702727c 100644 --- a/app/services/git/branch_hooks_service.rb +++ b/app/services/git/branch_hooks_service.rb @@ -112,7 +112,7 @@ module Git end def enqueue_update_signatures - unsigned = unsigned_x509_shas(commits) & unsigned_gpg_shas(commits) + unsigned = unsigned_x509_shas(limited_commits) & unsigned_gpg_shas(limited_commits) return if unsigned.empty? signable = Gitlab::Git::Commit.shas_with_signatures(project.repository, unsigned) diff --git a/doc/administration/raketasks/uploads/migrate.md b/doc/administration/raketasks/uploads/migrate.md index 851305d433f..e8ca70ef856 100644 --- a/doc/administration/raketasks/uploads/migrate.md +++ b/doc/administration/raketasks/uploads/migrate.md @@ -1,21 +1,26 @@ -# Uploads Migrate Rake Tasks +# Uploads migrate Rake tasks -## Migrate to Object Storage +`gitlab:uploads:migrate` migrates uploads between different storage types. -After [configuring the object storage](../../uploads.md#using-object-storage-core-only) for GitLab's uploads, you may use this task to migrate existing uploads from the local storage to the remote storage. +## Migrate to object storage ->**Note:** -All of the processing will be done in a background worker and requires **no downtime**. +After [configuring the object storage](../../uploads.md#using-object-storage-core-only) for GitLab's +uploads, use this task to migrate existing uploads from the local storage to the remote storage. + +Read more about using [object storage with GitLab](../../object_storage.md). -[Read more about using object storage with GitLab](../../object_storage.md). +NOTE: **Note:** +All of the processing will be done in a background worker and requires **no downtime**. ### All-in-one Rake task -GitLab provides a wrapper Rake task that migrates all uploaded files - avatars, -logos, attachments, favicon, etc. - to object storage in one go. Under the hood, -it invokes individual Rake tasks to migrate files falling under each of this -category one by one. The specifications of these individual Rake tasks are -described in the next section. +GitLab provides a wrapper Rake task that migrates all uploaded files (for example avatars, logos, +attachments, and favicon) to object storage in one step. The wrapper task invokes individual Rake +tasks to migrate files falling under each of these categories one by one. + +These [individual Rake tasks](#individual-rake-tasks) are described in the next section. + +To migrate all uploads from local storage to object storage, run: **Omnibus Installation** @@ -31,26 +36,29 @@ sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:migrate:all ### Individual Rake tasks ->**Note:** -If you already ran the Rake task mentioned above, no need to run these individual Rake tasks as that has been done automatically. +If you already ran the [all-in-one Rake task](#all-in-one-rake-task), there is no need to run these +individual tasks. + +The Rake task uses three parameters to find uploads to migrate: -The Rake task uses 3 parameters to find uploads to migrate. +| Parameter | Type | Description | +|:-----------------|:--------------|:-------------------------------------------------------| +| `uploader_class` | string | Type of the uploader to migrate from. | +| `model_class` | string | Type of the model to migrate from. | +| `mount_point` | string/symbol | Name of the model's column the uploader is mounted on. | -Parameter | Type | Description ---------- | ---- | ----------- -`uploader_class` | string | Type of the uploader to migrate from -`model_class` | string | Type of the model to migrate from -`mount_point` | string/symbol | Name of the model's column on which the uploader is mounted on. +NOTE: **Note:** +These parameters are mainly internal to GitLab's structure, you may want to refer to the task list +instead below. ->**Note:** -These parameters are mainly internal to GitLab's structure, you may want to refer to the task list instead below. +This task also accepts an environment variable which you can use to override +the default batch size: -This task also accepts some environment variables which you can use to override -certain values: +| Variable | Type | Description | +|:---------|:--------|:--------------------------------------------------| +| `BATCH` | integer | Specifies the size of the batch. Defaults to 200. | -Variable | Type | Description --------- | ---- | ----------- -`BATCH` | integer | Specifies the size of the batch. Defaults to 200. +The following shows how to run `gitlab:uploads:migrate` for individual types of uploads. **Omnibus Installation** @@ -82,7 +90,7 @@ gitlab-rake "gitlab:uploads:migrate[DesignManagement::DesignV432x230Uploader, De **Source Installation** ->**Note:** +NOTE: **Note:** Use `RAILS_ENV=production` for every task. ```shell @@ -111,12 +119,10 @@ sudo -u git -H bundle exec rake "gitlab:uploads:migrate[FileUploader, MergeReque sudo -u git -H bundle exec rake "gitlab:uploads:migrate[DesignManagement::DesignV432x230Uploader, DesignManagement::Action]" ``` -## Migrate from object storage to local storage +## Migrate to local storage -If you need to disable Object Storage for any reason, first you need to migrate -your data out of Object Storage and back into your local storage. - -**Before proceeding, it is important to disable both `direct_upload` and `background_upload` under `uploads` settings in `gitlab.rb`** +If you need to disable [object storage](../../object_storage.md) for any reason, you must first +migrate your data out of object storage and back into your local storage. CAUTION: **Warning:** **Extended downtime is required** so no new files are created in object storage during @@ -126,23 +132,29 @@ To follow progress, see the [relevant issue](https://gitlab.com/gitlab-org/gitla ### All-in-one Rake task -GitLab provides a wrapper Rake task that migrates all uploaded files - avatars, -logos, attachments, favicon, etc. - to local storage in one go. Under the hood, -it invokes individual Rake tasks to migrate files falling under each of this -category one by one. For details on these Rake tasks please [refer to the section above](#individual-rake-tasks), +GitLab provides a wrapper Rake task that migrates all uploaded files (for example, avatars, logos, +attachments, and favicon) to local storage in one step. The wrapper task invokes individual Rake +tasks to migrate files falling under each of these categories one by one. + +For details on these Rake tasks, refer to [Individual Rake tasks](#individual-rake-tasks), keeping in mind the task name in this case is `gitlab:uploads:migrate_to_local`. -**Omnibus Installation** +To migrate uploads from object storage to local storage: -```shell -gitlab-rake "gitlab:uploads:migrate_to_local:all" -``` +1. Disable both `direct_upload` and `background_upload` under `uploads` settings in `gitlab.rb`. +1. Run the Rake task: -**Source Installation** + **Omnibus Installation** -```shell -sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:migrate_to_local:all -``` + ```shell + gitlab-rake "gitlab:uploads:migrate_to_local:all" + ``` + + **Source Installation** + + ```shell + sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:migrate_to_local:all + ``` -After this is done, you may disable Object Storage by undoing the changes described -in the instructions to [configure object storage](../../uploads.md#using-object-storage-core-only) +After running the Rake task, you can disable object storage by undoing the changes described +in the instructions to [configure object storage](../../uploads.md#using-object-storage-core-only). diff --git a/doc/administration/raketasks/uploads/sanitize.md b/doc/administration/raketasks/uploads/sanitize.md index c00399a27cf..e3a8c62a167 100644 --- a/doc/administration/raketasks/uploads/sanitize.md +++ b/doc/administration/raketasks/uploads/sanitize.md @@ -1,8 +1,13 @@ -# Uploads Sanitize tasks +# Uploads sanitize Rake tasks + +Since GitLab 11.9, EXIF data is automatically stripped from JPG or TIFF image uploads. + +EXIF data may contain sensitive information (for example, GPS location), so you +can remove EXIF data from existing images that were uploaded to an earlier version of GitLab. ## Requirements -You need `exiftool` installed on your system. If you installed GitLab: +To run this Rake task, you need `exiftool` installed on your system. If you installed GitLab: - Using the Omnibus package, you're all set. - From source, make sure `exiftool` is installed: @@ -17,48 +22,48 @@ You need `exiftool` installed on your system. If you installed GitLab: ## Remove EXIF data from existing uploads -Since 11.9 EXIF data are automatically stripped from JPG or TIFF image uploads. -Because EXIF data may contain sensitive information (e.g. GPS location), you -can remove EXIF data also from existing images which were uploaded before -with the following command: +To remove EXIF data from existing uploads, run the following command: ```shell sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif ``` -This command by default runs in dry mode and it doesn't remove EXIF data. It can be used for +By default, this command runs in "dry run" mode and doesn't remove EXIF data. It can be used for checking if (and how many) images should be sanitized. The Rake task accepts following parameters. -Parameter | Type | Description ---------- | ---- | ----------- -`start_id` | integer | Only uploads with equal or greater ID will be processed -`stop_id` | integer | Only uploads with equal or smaller ID will be processed -`dry_run` | boolean | Do not remove EXIF data, only check if EXIF data are present or not, default: true -`sleep_time` | float | Pause for number of seconds after processing each image, default: 0.3 seconds -`uploader` | string | Run sanitization only for uploads of the given uploader (`FileUploader`, `PersonalFileUploader`, `NamespaceFileUploader`) -`since` | date | Run sanitization only for uploads newer than given date (e.g. `2019-05-01`) +| Parameter | Type | Description | +|:-------------|:--------|:----------------------------------------------------------------------------------------------------------------------------| +| `start_id` | integer | Only uploads with equal or greater ID will be processed | +| `stop_id` | integer | Only uploads with equal or smaller ID will be processed | +| `dry_run` | boolean | Do not remove EXIF data, only check if EXIF data are present or not. Defaults to `true` | +| `sleep_time` | float | Pause for number of seconds after processing each image. Defaults to 0.3 seconds | +| `uploader` | string | Run sanitization only for uploads of the given uploader: `FileUploader`, `PersonalFileUploader`, or `NamespaceFileUploader` | +| `since` | date | Run sanitization only for uploads newer than given date. For example, `2019-05-01` | -If you have too many uploads, you can speed up sanitization by setting -`sleep_time` to a lower value or by running multiple Rake tasks in parallel, -each with a separate range of upload IDs (by setting `start_id` and `stop_id`). +If you have too many uploads, you can speed up sanitization by: -To run the command without dry mode and remove EXIF data from all uploads, you can use: +- Setting `sleep_time` to a lower value. +- Running multiple Rake tasks in parallel, each with a separate range of upload IDs (by setting + `start_id` and `stop_id`). + +To remove EXIF data from all uploads, use: ```shell sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[,,false,] 2>&1 | tee exif.log ``` -To run the command without dry mode on uploads with ID between 100 and 5000 and pause for 0.1 second, you can use: +To remove EXIF data on uploads with an ID between 100 and 5000 and pause for 0.1 second after each file, use: ```shell sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[100,5000,false,0.1] 2>&1 | tee exif.log ``` -Because the output of commands will be probably long, the output is written also into exif.log file. +The output is written into an `exif.log` file because it will probably be long. + +If sanitization fails for an upload, an error message should be in the output of the Rake task. +Typical reasons include that the file is missing in the storage or it's not a valid image. -If sanitization fails for an upload, an error message should be in the output of the Rake task (typical reasons may -be that the file is missing in the storage or it's not a valid image). Please -[report](https://gitlab.com/gitlab-org/gitlab-foss/issues/new) any issues at `gitlab.com` and use -prefix 'EXIF' in issue title with the error output and (if possible) the image. +[Report](https://gitlab.com/gitlab-org/gitlab/issues/new) any issues and use the prefix 'EXIF' in +the issue title with the error output and (if possible) the image. diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index ba2224e3fc7..b1d61a08552 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -603,6 +603,14 @@ m = project.merge_requests.find_by(iid: ) m.project.try(:ci_service) ``` +### Validate the `.gitlab-ci.yml` + +```ruby +project = Project.find_by_full_path 'group/project' +content = project.repository.gitlab_ci_yml_for(project.repository.root_ref_sha) +Gitlab::Ci::YamlProcessor.validation_message(content, user: User.first) +``` + ### Disable AutoDevOps on Existing Projects ```ruby diff --git a/doc/raketasks/user_management.md b/doc/raketasks/user_management.md index ffb1baa0b6e..117240c20c4 100644 --- a/doc/raketasks/user_management.md +++ b/doc/raketasks/user_management.md @@ -1,7 +1,11 @@ # User management +GitLab provides Rake tasks for user management. + ## Add user as a developer to all projects +To add a user as a developer to all projects, run: + ```shell # omnibus-gitlab sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld] @@ -12,9 +16,7 @@ bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=p ## Add all users to all projects -Notes: - -- admin users are added as maintainers +To add all users to all projects, run: ```shell # omnibus-gitlab @@ -24,8 +26,13 @@ sudo gitlab-rake gitlab:import:all_users_to_all_projects bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production ``` +NOTE: **Note:** +Admin users are added as maintainers. + ## Add user as a developer to all groups +To add a user as a developer to all groups, run: + ```shell # omnibus-gitlab sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld] @@ -36,9 +43,7 @@ bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=pro ## Add all users to all groups -Notes: - -- admin users are added as owners so they can add additional users to the group +To add all users to all groups, run: ```shell # omnibus-gitlab @@ -48,19 +53,25 @@ sudo gitlab-rake gitlab:import:all_users_to_all_groups bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production ``` -## Maintain tight control over the number of active users on your GitLab installation +NOTE: **Note:** +Admin users are added as owners so they can add additional users to the group. + +## Control the number of active users -- Enable this setting to keep new users blocked until they have been cleared by the admin (default: false). +Enable this setting to keep new users blocked until they have been cleared by the administrator. +Defaults to `false`: ```plaintext block_auto_created_users: false ``` -## Disable Two-factor Authentication (2FA) for all users +## Disable two-factor authentication for all users -This task will disable 2FA for all users that have it enabled. This can be +This task disables two-factor authentication (2FA) for all users that have it enabled. This can be useful if GitLab's `config/secrets.yml` file has been lost and users are unable -to login, for example. +to log in, for example. + +To disable two-factor authentication for all users, run: ```shell # omnibus-gitlab @@ -70,65 +81,65 @@ sudo gitlab-rake gitlab:two_factor:disable_for_all_users bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production ``` -## Rotate Two-factor Authentication (2FA) encryption key +## Rotate two-factor authentication encryption key -GitLab stores the secret data enabling 2FA to work in an encrypted database -column. The encryption key for this data is known as `otp_key_base`, and is +GitLab stores the secret data required for two-factor authentication (2FA) in an encrypted +database column. The encryption key for this data is known as `otp_key_base`, and is stored in `config/secrets.yml`. If that file is leaked, but the individual 2FA secrets have not, it's possible to re-encrypt those secrets with a new encryption key. This allows you to change the leaked key without forcing all users to change their 2FA details. -First, look up the old key. This is in the `config/secrets.yml` file, but -**make sure you're working with the production section**. The line you're -interested in will look like this: +To rotate the two-factor authentication encryption key: -```yaml -production: - otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff -``` +1. Look up the old key. This is in the `config/secrets.yml` file, but **make sure you're working + with the production section**. The line you're interested in will look like this: -Next, generate a new secret: + ```yaml + production: + otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ``` -```shell -# omnibus-gitlab -sudo gitlab-rake secret +1. Generate a new secret: -# installation from source -bundle exec rake secret RAILS_ENV=production -``` + ```shell + # omnibus-gitlab + sudo gitlab-rake secret -Now you need to stop the GitLab server, back up the existing secrets file and -update the database: + # installation from source + bundle exec rake secret RAILS_ENV=production + ``` -```shell -# omnibus-gitlab -sudo gitlab-ctl stop -sudo cp config/secrets.yml config/secrets.yml.bak -sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key= new_key= +1. Stop the GitLab server, back up the existing secrets file, and update the database: -# installation from source -sudo /etc/init.d/gitlab stop -cp config/secrets.yml config/secrets.yml.bak -bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key= new_key= RAILS_ENV=production -``` + ```shell + # omnibus-gitlab + sudo gitlab-ctl stop + sudo cp config/secrets.yml config/secrets.yml.bak + sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key= new_key= -The `` value can be read from `config/secrets.yml`; `` was -generated earlier. The **encrypted** values for the user 2FA secrets will be -written to the specified `filename` - you can use this to rollback in case of -error. + # installation from source + sudo /etc/init.d/gitlab stop + cp config/secrets.yml config/secrets.yml.bak + bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key= new_key= RAILS_ENV=production + ``` -Finally, change `config/secrets.yml` to set `otp_key_base` to `` and -restart. Again, make sure you're operating in the **production** section. + The `` value can be read from `config/secrets.yml` (`` was + generated earlier). The **encrypted** values for the user 2FA secrets will be + written to the specified `filename`. You can use this to rollback in case of + error. -```shell -# omnibus-gitlab -sudo gitlab-ctl start +1. Change `config/secrets.yml` to set `otp_key_base` to `` and restart. Again, make sure + you're operating in the **production** section. -# installation from source -sudo /etc/init.d/gitlab start -``` + ```shell + # omnibus-gitlab + sudo gitlab-ctl start + + # installation from source + sudo /etc/init.d/gitlab start + ``` If there are any problems (perhaps using the wrong value for `old_key`), you can restore your backup of `config/secrets.yml` and rollback the changes: diff --git a/doc/raketasks/web_hooks.md b/doc/raketasks/web_hooks.md index 22084c862ba..7bd2ed311d2 100644 --- a/doc/raketasks/web_hooks.md +++ b/doc/raketasks/web_hooks.md @@ -1,60 +1,78 @@ # Webhooks administration **(CORE ONLY)** -## Add a webhook for **ALL** projects +GitLab provides Rake tasks for webhooks management. + +Requests to the [local network by webhooks](../security/webhooks.md) can be allowed or blocked by an +administrator. + +## Add a webhook to all projects + +To add a webhook to all projects, run: ```shell # omnibus-gitlab sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" + # source installations bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" RAILS_ENV=production ``` -## Add a webhook for projects in a given **NAMESPACE** +## Add a webhook to projects in a namespace + +To add a webhook to all projects in a specific namespace, run: ```shell # omnibus-gitlab -sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme +sudo gitlab-rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE= + # source installations -bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production +bundle exec rake gitlab:web_hook:add URL="http://example.com/hook" NAMESPACE= RAILS_ENV=production ``` -## Remove a webhook from **ALL** projects using +## Remove a webhook from projects + +To remove a webhook from all projects, run: ```shell # omnibus-gitlab sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" + # source installations bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" RAILS_ENV=production ``` -## Remove a webhook from projects in a given **NAMESPACE** +## Remove a webhook from projects in a namespace + +To remove a webhook from projects in a specific namespace, run: ```shell # omnibus-gitlab -sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme +sudo gitlab-rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE= + # source installations -bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE=acme RAILS_ENV=production +bundle exec rake gitlab:web_hook:rm URL="http://example.com/hook" NAMESPACE= RAILS_ENV=production ``` -## List **ALL** webhooks +## List all webhooks + +To list all webhooks, run: ```shell # omnibus-gitlab sudo gitlab-rake gitlab:web_hook:list + # source installations bundle exec rake gitlab:web_hook:list RAILS_ENV=production ``` -## List the webhooks from projects in a given **NAMESPACE** +## List webhooks for projects in a namespace + +To list all webhook for projects in a specified namespace, run: ```shell # omnibus-gitlab -sudo gitlab-rake gitlab:web_hook:list NAMESPACE=acme +sudo gitlab-rake gitlab:web_hook:list NAMESPACE= + # source installations -bundle exec rake gitlab:web_hook:list NAMESPACE=acme RAILS_ENV=production +bundle exec rake gitlab:web_hook:list NAMESPACE= RAILS_ENV=production ``` - -## Local requests in webhooks - -[Requests to local network by webhooks](../security/webhooks.md) can be allowed -or blocked by an administrator. diff --git a/doc/raketasks/x509_signatures.md b/doc/raketasks/x509_signatures.md index dd518997f7b..438e28361fa 100644 --- a/doc/raketasks/x509_signatures.md +++ b/doc/raketasks/x509_signatures.md @@ -1,13 +1,14 @@ # X509 signatures -When [signing commits with x509](../user/project/repository/x509_signed_commits/index.md) -the trust anchor might change and the signatures stored within the database have -to be updated. +When [signing commits with x509](../user/project/repository/x509_signed_commits/index.md), +the trust anchor might change and the signatures stored within the database must be updated. ## Update all x509 signatures -This task loops through all X509 signed commits and updates their verification -based on current certificate store. +This task loops through all X509 signed commits and updates their verification based on current +certificate store. + +To update all x509 signatures, run: **Omnibus Installation** diff --git a/doc/user/project/push_options.md b/doc/user/project/push_options.md index e8d94a05e7e..eab88d59867 100644 --- a/doc/user/project/push_options.md +++ b/doc/user/project/push_options.md @@ -33,10 +33,10 @@ git push -o You can use push options to skip a CI/CD pipeline, or pass environment variables. -| Push option | Description | -| ------------------------------ | ------------------------------------------------------------------------------------------- | -| `ci.skip` | Do not create a CI pipeline for the latest push. | -| `ci.variable="="` | Provide [environment variables](../../ci/variables/README.md) to be used in a CI pipeline, if one is created due to the push. | +| Push option | Description | Introduced in version | +| ------------------------------ | ------------------------------------------------------------------------------------------- |---------------------- | +| `ci.skip` | Do not create a CI pipeline for the latest push. | [11.7](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/15643) | +| `ci.variable="="` | Provide [environment variables](../../ci/variables/README.md) to be used in a CI pipeline, if one is created due to the push. | [12.6](https://gitlab.com/gitlab-org/gitlab/issues/27983) | An example of using `ci.skip`: diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml index 479ca363ed3..5a29ced2314 100644 --- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml @@ -44,9 +44,8 @@ variables: - mkdir -p output/$(dirname ${CI_JOB_NAME}) - | if [ "$SECURE_BINARIES_SAVE_ARTIFACTS" = "true" ]; then - docker save ${SECURE_BINARIES_IMAGE} -o output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar - gzip output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar - sha256sum output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar.gz > output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tag.gz.sha256sum + docker save ${SECURE_BINARIES_IMAGE} | gzip > output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar.gz + sha256sum output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar.gz > output/${CI_JOB_NAME}_${SECURE_BINARIES_ANALYZER_VERSION}.tar.gz.sha256sum fi - | if [ "$SECURE_BINARIES_PUSH_IMAGES" = "true" ]; then @@ -86,9 +85,6 @@ analyzers/gosec: analyzers/spotbugs: extends: .download_images - variables: - # TODO: Spotbugs is > 1GB, disabling for now - SECURE_BINARIES_SAVE_ARTIFACTS: "false" only: variables: - $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" && @@ -231,8 +227,6 @@ license-management: extends: .download_images variables: SECURE_BINARIES_ANALYZER_VERSION: "3" - # TODO: license-management is > 1GB, disabling for now - SECURE_BINARIES_SAVE_ARTIFACTS: "false" only: variables: - $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" && -- GitLab