Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/version.yml

@@ -14,7 +14,7 @@ variables:
   NODE_VERSION: "20.12"
   OS_VERSION: "bookworm"
   RUBY_VERSION_DEFAULT: "3.2.6"
-  RUBY_VERSION_NEXT: "3.3.6"
+  RUBY_VERSION_NEXT: "3.3.7"
   RUBYGEMS_VERSION: "3.6"
   RUST_VERSION: "1.73"
   UBI_VERSION: "9.5"

.gitlab/issue_templates/Security developer workflow.md

@@ -70,6 +70,7 @@ After your merge request has been approved according to our [approval guidelines
 |-------------------------------------|------------|-----------------------------------------------------------|
 | Version affected                    | X.Y        |                                                           |
 | Date introduced on .com             | YYYY-MM-DD | #TODO for Engineering - please follow the format          |
+| MR that introduced the bug          |            | #TODO for Engineering - Link to the MR that introduced the bug|
 | Date detected                       | YYYY-MM-DD | #TODO for AppSec - please follow the format               |
 | GitLab EE only                      | Yes/No     |                                                           |
 | Upgrade notes                       |            |                                                           |

app/assets/javascripts/ci/merge_requests/utils.js

@@ -51,7 +51,7 @@ export const formatPipelinesGraphQLDataToREST = (project) => {
         stuck: pipeline.stuck,
         auto_devops: pipeline.configSource === SOURCE_AUTO_DEVOPS,
         merge_request: true,
-        yaml_errors: pipeline.yamlErrors,
+        yaml_errors: Boolean(pipeline.errorMessages?.nodes?.length),
         retryable: pipeline.retryable,
         cancelable: pipeline.cancelable,
         failure_reason: pipeline.failureReason,

app/assets/javascripts/clusters_list/components/agent_table.vue

@@ -94,6 +94,7 @@ export default {
         {
           key: 'name',
           label: this.$options.i18n.nameLabel,
+          isRowHeader: true,
           tdClass,
           thClass,
         },
@@ -260,7 +261,9 @@ export default {
       data-testid="cluster-agent-list-table"
     >
       <template #cell(name)="{ item }">
-        <div class="gl-flex gl-flex-wrap gl-justify-end gl-gap-3 md:gl-justify-start">
+        <div
+          class="gl-flex gl-flex-wrap gl-justify-end gl-gap-3 gl-font-normal md:gl-justify-start"
+        >
           <gl-link :href="item.webPath" data-testid="cluster-agent-name-link">{{
             item.name
           }}</gl-link

app/assets/javascripts/clusters_list/components/agents_configs_table.vue

@@ -49,6 +49,7 @@ export default {
         {
           key: 'configuration',
           label: this.$options.i18n.configurationLabel,
+          isRowHeader: true,
           tdClass: `${tdClass} md:gl-w-4/5`,
           thClass,
         },
@@ -96,7 +97,7 @@ export default {
       class="!gl-mb-4"
     >
       <template #cell(configuration)="{ item }">
-        <gl-link :href="item.webPath">{{ item.path }}</gl-link>
+        <gl-link class="gl-font-normal" :href="item.webPath">{{ item.path }}</gl-link>
       </template>
 
       <template #cell(actions)="{ item }">

app/assets/javascripts/clusters_list/components/clusters.vue

@@ -76,6 +76,7 @@ export default {
         {
           key: 'name',
           label: __('Kubernetes cluster'),
+          isRowHeader: true,
           tdClass,
         },
         {
@@ -252,7 +253,7 @@ export default {
             class="gl-flex gl-h-6 gl-w-6 gl-items-center"
           />
 
-          <gl-link :href="item.path" class="gl-px-3">
+          <gl-link :href="item.path" class="gl-px-3 gl-font-normal">
             {{ item.name }}
           </gl-link>
 

app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/tags_list_row.vue

@@ -7,6 +7,7 @@ import {
   GlDisclosureDropdown,
   GlBadge,
   GlLink,
+  GlPopover,
 } from '@gitlab/ui';
 import { localeDateFormat, newDate } from '~/lib/utils/datetime_utility';
 import { numberToHumanSize } from '~/lib/utils/number_utils';
@@ -15,6 +16,7 @@ import ClipboardButton from '~/vue_shared/components/clipboard_button.vue';
 import DetailsRow from '~/vue_shared/components/registry/details_row.vue';
 import ListItem from '~/vue_shared/components/registry/list_item.vue';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 import {
   REMOVE_TAG_BUTTON_TITLE,
   DIGEST_LABEL,
@@ -47,10 +49,12 @@ export default {
     TimeAgoTooltip,
     DetailsRow,
     SignatureDetailsModal,
+    GlPopover,
   },
   directives: {
     GlTooltip: GlTooltipDirective,
   },
+  mixins: [glFeatureFlagsMixin()],
   props: {
     tag: {
       type: Object,
@@ -157,6 +161,22 @@ export default {
     isDockerOrOciMediaType() {
       return this.tag.mediaType === DOCKER_MEDIA_TYPE || this.tag.mediaType === OCI_MEDIA_TYPE;
     },
+    isProtected() {
+      return (
+        (this.tag.protection?.minimumAccessLevelForDelete != null ||
+          this.tag.protection?.minimumAccessLevelForPush != null) &&
+        this.glFeatures.containerRegistryProtectedTags
+      );
+    },
+    tagRowId() {
+      return `${this.tag.name}_badge`;
+    },
+    accessLevelForDelete() {
+      return this.tag.protection?.minimumAccessLevelForDelete;
+    },
+    accessLevelForPush() {
+      return this.tag.protection?.minimumAccessLevelForPush;
+    },
   },
 };
 </script>
@@ -183,6 +203,26 @@ export default {
           {{ tag.name }}
         </div>
 
+        <template v-if="isProtected">
+          <gl-badge
+            :id="tagRowId"
+            boundary="viewport"
+            class="gl-ml-4"
+            data-testid="protected-badge"
+          >
+            {{ __('protected') }}
+          </gl-badge>
+          <gl-popover :target="tagRowId" data-testid="protected-popover">
+            <strong>{{ s__('ContainerRegistry|This tag is protected') }}</strong>
+            <br />
+            <br />
+            <strong>{{ s__('ContainerRegistry|Minimum role to push: ') }}</strong>
+            {{ accessLevelForPush }}
+            <strong>{{ s__('ContainerRegistry|Minimum role to delete: ') }}</strong>
+            {{ accessLevelForDelete }}
+          </gl-popover>
+        </template>
+
         <clipboard-button
           v-if="tag.location"
           :title="$options.i18n.COPY_IMAGE_PATH_TITLE"
@@ -204,7 +244,11 @@ export default {
     </template>
 
     <template v-if="signatures.length" #left-after-toggle>
-      <gl-badge v-gl-tooltip.d0="$options.i18n.SIGNATURE_BADGE_TOOLTIP" class="gl-ml-4">
+      <gl-badge
+        v-gl-tooltip.d0="$options.i18n.SIGNATURE_BADGE_TOOLTIP"
+        class="gl-ml-4"
+        data-testid="signed-badge"
+      >
         {{ s__('ContainerRegistry|Signed') }}
       </gl-badge>
     </template>

app/assets/javascripts/packages_and_registries/container_registry/explorer/graphql/queries/get_container_repository_tags.query.graphql

@@ -39,6 +39,10 @@ query getContainerRepositoryTags(
         userPermissions {
           destroyContainerRepositoryTag
         }
+        protection {
+          minimumAccessLevelForPush
+          minimumAccessLevelForDelete
+        }
         referrers {
           artifactType
           digest

app/assets/javascripts/packages_and_registries/settings/project/components/container_protection_tag_rule_form.vue

@@ -10,11 +10,12 @@ import {
   GlSprintf,
 } from '@gitlab/ui';
 import createProtectionTagRuleMutation from '~/packages_and_registries/settings/project/graphql/mutations/create_container_protection_tag_rule.mutation.graphql';
+import updateProtectionTagRuleMutation from '~/packages_and_registries/settings/project/graphql/mutations/update_container_protection_tag_rule.mutation.graphql';
 import {
   MinimumAccessLevelOptions,
   GRAPHQL_ACCESS_LEVEL_VALUE_MAINTAINER,
 } from '~/packages_and_registries/settings/project/constants';
-import { s__ } from '~/locale';
+import { __, s__ } from '~/locale';
 import { InternalEvents } from '~/tracking';
 import * as Sentry from '~/sentry/sentry_browser_wrapper';
 
@@ -31,13 +32,22 @@ export default {
   },
   mixins: [InternalEvents.mixin()],
   inject: ['projectPath'],
+  props: {
+    rule: {
+      type: Object,
+      required: false,
+      default: null,
+    },
+  },
   data() {
     return {
       alertErrorMessages: [],
       protectionRuleFormData: {
-        tagNamePattern: '',
-        minimumAccessLevelForPush: GRAPHQL_ACCESS_LEVEL_VALUE_MAINTAINER,
-        minimumAccessLevelForDelete: GRAPHQL_ACCESS_LEVEL_VALUE_MAINTAINER,
+        tagNamePattern: this.rule?.tagNamePattern ?? '',
+        minimumAccessLevelForPush:
+          this.rule?.minimumAccessLevelForPush ?? GRAPHQL_ACCESS_LEVEL_VALUE_MAINTAINER,
+        minimumAccessLevelForDelete:
+          this.rule?.minimumAccessLevelForDelete ?? GRAPHQL_ACCESS_LEVEL_VALUE_MAINTAINER,
       },
       showValidation: false,
       updateInProgress: false,
@@ -47,9 +57,7 @@ export default {
     createProtectionRuleMutationInput() {
       return {
         projectPath: this.projectPath,
-        tagNamePattern: this.protectionRuleFormData.tagNamePattern,
-        minimumAccessLevelForPush: this.protectionRuleFormData.minimumAccessLevelForPush,
-        minimumAccessLevelForDelete: this.protectionRuleFormData.minimumAccessLevelForDelete,
+        ...this.protectionRuleFormData,
       };
     },
     isTagNamePatternValid() {
@@ -64,9 +72,24 @@ export default {
       }
       return s__('ContainerRegistry|This field is required.');
     },
+    mutation() {
+      return this.rule ? updateProtectionTagRuleMutation : createProtectionTagRuleMutation;
+    },
+    mutationKey() {
+      return this.rule ? 'updateContainerProtectionTagRule' : 'createContainerProtectionTagRule';
+    },
     tagNamePattern() {
       return this.protectionRuleFormData.tagNamePattern;
     },
+    submitButtonText() {
+      return this.rule ? __('Save changes') : s__('ContainerRegistry|Add rule');
+    },
+    updateProtectionTagRuleMutationInput() {
+      return {
+        id: this.rule?.id,
+        ...this.protectionRuleFormData,
+      };
+    },
   },
   methods: {
     submit() {
@@ -76,25 +99,32 @@ export default {
 
       this.clearAlertErrorMessages();
       this.updateInProgress = true;
+      const input = this.rule
+        ? this.updateProtectionTagRuleMutationInput
+        : this.createProtectionRuleMutationInput;
 
       this.$apollo
         .mutate({
-          mutation: createProtectionTagRuleMutation,
+          mutation: this.mutation,
           variables: {
-            input: this.createProtectionRuleMutationInput,
+            input,
           },
         })
         .then(({ data }) => {
-          const errorMessages = data?.createContainerProtectionTagRule?.errors ?? [];
+          const errorMessages = data?.[this.mutationKey]?.errors ?? [];
           if (errorMessages?.length) {
             this.alertErrorMessages = Array.isArray(errorMessages)
               ? errorMessages
               : [errorMessages];
             return;
           }
 
-          this.$emit('submit', data.createContainerProtectionTagRule.containerProtectionTagRule);
-          this.trackEvent('container_protection_tag_rule_created');
+          this.$emit('submit', data[this.mutationKey].containerProtectionTagRule);
+          if (this.rule) {
+            this.trackEvent('container_protection_tag_rule_created');
+          } else {
+            this.trackEvent('container_protection_tag_rule_updated');
+          }
         })
         .catch((error) => {
           this.handleError(error);
@@ -174,10 +204,10 @@ export default {
 
     <gl-form-group
       :label="s__('ContainerRegistry|Minimum role allowed to push')"
-      label-for="input-minimum-access-level-for-push"
+      label-for="select-minimum-access-level-for-push"
     >
       <gl-form-select
-        id="input-minimum-access-level-for-push"
+        id="select-minimum-access-level-for-push"
         v-model="protectionRuleFormData.minimumAccessLevelForPush"
         :options="$options.minimumAccessLevelOptions"
       />
@@ -192,12 +222,13 @@ export default {
 
     <gl-form-group
       :label="s__('ContainerRegistry|Minimum role allowed to delete')"
-      label-for="input-minimum-access-level-for-delete"
+      label-for="select-minimum-access-level-for-delete"
     >
       <gl-form-select
-        id="input-minimum-access-level-for-delete"
+        id="select-minimum-access-level-for-delete"
         v-model="protectionRuleFormData.minimumAccessLevelForDelete"
         :options="$options.minimumAccessLevelOptions"
+        data-testid="select-minimum-access-level-for-delete"
       />
       <template #description>
         {{
@@ -213,9 +244,9 @@ export default {
         class="js-no-auto-disable"
         variant="confirm"
         type="submit"
-        data-testid="add-rule-btn"
+        data-testid="submit-btn"
         :loading="updateInProgress"
-        >{{ s__('ContainerRegistry|Add rule') }}</gl-button
+        >{{ submitButtonText }}</gl-button
       >
       <gl-button type="reset">{{ __('Cancel') }}</gl-button>
     </div>