BigW Consortium Gitlab

  1. 26 Jan, 2018 1 commit
  2. 24 Jan, 2018 3 commits
  3. 22 Jan, 2018 1 commit
  4. 19 Jan, 2018 1 commit
  5. 18 Jan, 2018 1 commit
  6. 17 Jan, 2018 4 commits
    • Initial work to add notification reason to emails · 23a20c20
      Mario de la Ossa authored
      Adds `#build_notification_recipients` to `NotificationRecipientService`
      that returns the `NotificationRecipient` objects in order to be able to
      access the new attribute `reason`.
      
      This new attribute is used in the different notifier methods in order to
      add the reason as a header: `X-GitLab-NotificationReason`.
      
      Only the reason with the most priority gets sent.
    • Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' · 4493ec08
      Robert Speicher authored
      [10.3] Prevent login with disabled OAuth providers
      
      See merge request gitlab/gitlabhq!2296
      
      (cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)
      
      a0f9d222 Prevents login with disabled OAuth providers
    • Merge branch '41567-projectfix' into 'security-10-3' · 3fc0564a
      Sean McGivern authored
      check project access on MR create
      
      See merge request gitlab/gitlabhq!2273
      
      (cherry picked from commit 1fe2325d6ef2bced4c5e97b57691c894f38b2834)
      
      43e85f49 check project access on MR create
    • Merge branch… · 0424801e
      Stan Hu authored
      Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
      
      Filter out sensitive fields from the project services API
      
      See merge request gitlab/gitlabhq!2281
      
      (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)
      
      2bcbbda0 Filter out sensitive fields from the project services API
  7. 15 Jan, 2018 1 commit
  8. 11 Jan, 2018 2 commits
  9. 05 Jan, 2018 3 commits
  10. 04 Jan, 2018 3 commits
  11. 03 Jan, 2018 1 commit
  12. 22 Dec, 2017 3 commits
  13. 21 Dec, 2017 2 commits
  14. 19 Dec, 2017 1 commit
    • Only include the user's ID in the time_spent command's update hash · 3e4b45fc
      Robert Speicher authored
      Previously, this would include the entire User record in the update
      hash, which was rendered in the response using `to_json`, erroneously
      exposing every attribute of that record, including their (now removed)
      private token.
      
      Now we only include the user ID, and perform the lookup on-demand.
  15. 16 Dec, 2017 1 commit
  16. 15 Dec, 2017 1 commit
    • Don't use Markdown cache for stubbed settings in specs · 10885edf
      Sean McGivern authored
      The ApplicationSetting model uses the CacheMarkdownField concern, which updates
      the cached HTML when the field is updated in the database. However, in specs,
      when we want to test conditions using ApplicationSetting, we stub it, because
      this is accessed in different ways throughout the application.
      
      This means that if a spec runs that caches one of the Markdown fields, and a
      later spec uses `stub_application_setting` to set the raw value of that field,
      the cached value was still the original one. We can work around this by ignoring
      the Markdown cache in contexts where we're using `stub_application_setting`.
      
      We could be smarter, and only do this on the Markdown fields of the model, but
      this is probably fine.
  17. 14 Dec, 2017 3 commits
  18. 08 Dec, 2017 1 commit
    • Move the circuitbreaker check out in a separate process · f1ae1e39
      Bob Van Landuyt authored
      Moving the check out of the general requests, makes sure we don't have
      any slowdown in the regular requests.
      
      To keep the process performing this checks small, the check is still
      performed inside a unicorn. But that is called from a process running
      on the same server.
      
      Because the checks are now done outside normal request, we can have a
      simpler failure strategy:
      
      The check is now performed in the background every
      `circuitbreaker_check_interval`. Failures are logged in redis. The
      failures are reset when the check succeeds. Per check we will try
      `circuitbreaker_access_retries` times within
      `circuitbreaker_storage_timeout` seconds.
      
      When the number of failures exceeds
      `circuitbreaker_failure_count_threshold`, we will block access to the
      storage.
      
      After `failure_reset_time` of no checks, we will clear the stored
      failures. This could happen when the process that performs the checks
      is not running.
  19. 07 Dec, 2017 1 commit
  20. 06 Dec, 2017 3 commits
    • Rename GKE as Kubernetes Engine · c21b488e
      Takuya Noguchi authored
    • Fix specs after rebase · 03cba8c0
      Michael Kozono authored
      Later migrations added fields to the EE DB which were used by factories which were used in these specs.
      
      And in CE on MySQL, a single appearance row is enforced.
      
      The migration and migration specs should not depend on the codebase staying the same.
    • Throttle the number of UPDATEs triggered by touch · 856447cc
      Yorick Peterse authored
      This throttles the number of UPDATE queries that can be triggered by
      calling "touch" on a Note, Issue, or MergeRequest. For Note objects we
      also take care of updating the associated "noteable" relation in a
      smarter way than Rails does by default.
  21. 04 Dec, 2017 1 commit
  22. 03 Dec, 2017 1 commit
  23. 01 Dec, 2017 1 commit
    • Move temp table creation into the prepare job · 87529ce5
      Michael Kozono authored
      * Hopefully fixes spec failures in which the table doesn’t exist
      * Decouples the background migration from the post-deploy migration, e.g. we could easily run it again even though the table is dropped when finished.