gitlab-triage 1.42.2 → 1.43.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d705552fab77f42d9e1ebda9904fe44eb20e492fbafd90974d9128a386f6a13
-  data.tar.gz: a2f2ee59444bed7c6a1f9216f166bf5c859e805bbd2ab67d18e6d39defbd6f41
+  metadata.gz: 95d1d38e50b3032593baffe5e3122da139f542294529cadaaffa5e2861d0a428
+  data.tar.gz: 83ac90f1c5815c5a39a6cb5d3d84b34112a1a3a72f2dd9a9481291bc171648c3
 SHA512:
-  metadata.gz: 410ee77b0892b8ab5de4bf8f143e1dd4b6a0957288f2b4022e562fb8cdd1f8b1c089b3466a9140dc4cab1aa6e46ff3f1eea7689953691deac905191d7390f863
-  data.tar.gz: 0dd940ceca61a8966f1feb4d9c9442e06f71538fed657703720b7e118674900419c1af26e4d479b59f97dbc8386b94e90ebb95bdee8a86138406a355bb2c5783
+  metadata.gz: 8d0aef0429e6892959468c199b0bddbb18ecf02bf864ee038f59b01f35e779a200724e8841b3f603add6267a5a6b3c7746520d10bc48d77c2a6a025e5d3ddaa2
+  data.tar.gz: 70ea6376e7855ce5ac2207d0f0dc779d8d4e32eb800192c5d3ec8cbfa546425797087525c6a281bfd5513b4d8d4619cf6a81e7fd2e59b7c48d77972653ca5b37

data/.git-blame-ignore-revs

@@ -0,0 +1,43 @@
+# This file contains revisions to be ignored by git blame.
+# These revisions are expected to be formatting-only changes.
+#
+# Calling `git blame --ignore-revs-file .git-blame-ignore-revs` will
+# tell git blame to ignore changes made by these revisions when
+# assigning blame, as if the change never happened.
+#
+# You can enable this as a default for your local repository by running
+# `git config blame.ignoreRevsFile .git-blame-ignore-revs`
+# This will probably be automatically picked by your IDE
+# (VSCode+GitLens and JetBrains products are confirmed to this)
+#
+# Important: if you are switching to the branch without this file,
+# `git blame` will fail with an error
+#
+# Guidelines:
+# - Only large automated refactorings are expected to be included in this file.
+#   Do not add a new revision just because it is deemed trivial or unimportant
+# - When adding a single revision, use inline comments to link relevant issues and merge requests
+#   Example:
+# 
+# # d4a8b7307acc2dc8a8833ccfa65426ad28b3ffc9 # https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/60
+#
+# - When adding multiple revisions precede each addition (this could be multiple revisions) with a link to
+#   line with word START and link to relevant issue/MR/epic and conclude with line END and link to the
+#   same issue/MR/epic
+#   Example:
+#   # START https://gitlab.com/gitlab-org/issues/12345
+#   6f0bd2d8a1e6cd2e794cd39976e9756e0c85ac66
+#   d53974df11dbc22cbea9dc7dcbc9896c25979a27
+#   ... <rest of the list>
+#   # END https://gitlab.com/gitlab-org/issues/12345
+# - Please append new lines to the end of the file, no matter of real chronological
+#   order of revisions
+# - Since this is using hashes for reformatting it might be a good idea to update
+#   this file in separate MR when relevant changes already landed in master. By
+#   utilizing this manner you will be safe from random rebase/squash issues
+# - Only put full 40-character hashes on this list
+
+# START https://gitlab.com/gitlab-org/ruby/gems/gitlab-triage/-/issues/340
+49e0b4f890c4f38ae586c6b1bdca5ff3b0c04af1
+aba491f68f0d4a6c088deb6cb281755d6c7a7f0b
+# END https://gitlab.com/gitlab-org/ruby/gems/gitlab-triage/-/issues/340

data/.gitlab-ci.yml

@@ -5,9 +5,10 @@ stages:
   - deploy
 
 default:
-  image: ruby:3.0
   tags:
     - gitlab-org
+ 
+.ruby-cache: &ruby-cache
   cache:
     key:
       files:
@@ -17,9 +18,13 @@ default:
       - vendor/ruby
       - Gemfile.lock
     policy: pull
+
+.use-ruby:
+  image: ruby:3.2
+  <<: *ruby-cache
   before_script:
     - ruby --version
-    - gem install bundler --no-document --version 2.0.2
+    - gem install bundler --no-document
     - bundle --version
     - bundle install --jobs $(nproc) --path=vendor --retry 3 --quiet
     - bundle check
@@ -33,23 +38,11 @@ workflow:
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
 
-.use-docker-in-docker:
-  image: docker:${DOCKER_VERSION}
-  services:
-    - docker:${DOCKER_VERSION}-dind
-  variables:
-    DOCKER_VERSION: "19.03.0"
-    DOCKER_DRIVER: overlay2
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_TLS_CERTDIR: ""
-  tags:
-    # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions
-    - gitlab-org-docker
-
 ###################
 ## Prepare stage ##
 ###################
 setup-test-env:
+  extends: .use-ruby
   stage: prepare
   script:
     - echo "Setup done!"
@@ -63,6 +56,7 @@ setup-test-env:
 ## Test stage ##
 ################
 rubocop:
+  extends: .use-ruby
   stage: test
   needs: ["setup-test-env"]
   dependencies: ["setup-test-env"]
@@ -73,43 +67,26 @@ rubocop:
     paths:
       - .cache/rubocop_cache/
 
-# We need to copy this job's definition from the Code-Quality.gitlab-ci.yml
-# template because `only` is set without `refs`, so it takes precedence over default workflow rules.
-# See https://gitlab.com/gitlab-org/gitlab-ce/issues/66767.
-code_quality:
-  extends: .use-docker-in-docker
-  stage: test
-  allow_failure: true
-  variables:
-    DOCKER_TLS_CERTDIR: ""
-  before_script: []
-  script:
-    - |
-      if ! docker info &>/dev/null; then
-        if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
-          export DOCKER_HOST='tcp://localhost:2375'
-        fi
-      fi
-    - docker run
-        --env SOURCE_CODE="$PWD"
-        --volume "$PWD":/code
-        --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/codequality:12-0-stable" /code
-  artifacts:
-    reports:
-      codequality: gl-code-quality-report.json
-    expire_in: 1 week
-
 specs:
+  extends: .use-ruby
   needs: ["setup-test-env"]
   stage: test
   script:
     - bundle exec rake spec
+  image: $RUBY_IMAGE
+  parallel:
+    matrix:
+      - RUBY_IMAGE:
+        - ruby:3.0
+        - ruby:3.1
+        - ruby:3.2
+        - ruby:3.3
 
 ##################
 ## Triage stage ##
 ##################
 dry-run:gitlab-triage:
+  extends: .use-ruby
   needs: ["setup-test-env"]
   stage: triage
   script:
@@ -129,11 +106,35 @@ dry-run:custom:
       allow_failure: true
 
 include:
-  - template: Security/Dependency-Scanning.gitlab-ci.yml
-  - template: Security/License-Scanning.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml
-  - template: Security/Secret-Detection.gitlab-ci.yml
-  - project: 'gitlab-org/quality/pipeline-common'
-    file:
-      - '/ci/danger-review.yml'
-      - '/ci/gem-release.yml'
+  - component: gitlab.com/components/code-quality/code-quality@~latest
+  - component: gitlab.com/components/sast/sast@~latest
+  - component: gitlab.com/components/secret-detection/secret-detection@~latest
+  - component: gitlab.com/gitlab-org/components/danger-review/danger-review@~latest
+  - component: gitlab.com/gitlab-org/components/gem-release/gem-release@~latest
+  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
+
+.component-general-rules: &component-general-rules
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+code_quality:
+  # We explicitly set dependencies here as the component sets them to []
+  # This allows us to get the cache from the setup job that includes the Gemfile.lock
+  dependencies: ["setup-test-env"]
+  tags:
+    - gitlab-org-docker
+  # We explicitly override allow_failure here as the component sets it to true
+  # Can be moved to a component input after: https://gitlab.com/components/code-quality/-/merge_requests/8
+  allow_failure: false
+  <<: *ruby-cache
+  <<: *component-general-rules
+
+semgrep-sast:
+  <<: *component-general-rules
+
+gemnasium-dependency_scanning:
+  <<: *component-general-rules
+
+secret_detection:
+  <<: *component-general-rules

data/.rubocop.yml

@@ -24,3 +24,30 @@ GitlabSecurity/PublicSend:
     # FIXME: this is not an entirely good practice and we should aim to correct these!
     # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-triage/-/issues/342
     - 'spec/**/*.rb'
+
+# rationale: no easy autocorrection, makes the specs fail.
+# should be possible to fix with some additional work, but
+# the gains do not seem to be worth the effort.
+RSpec/Rails/TravelAround:
+  Enabled: false
+
+# rationale: we upload via CI - so this is currently not supported in our workflow.
+# context: https://gitlab.com/gitlab-org/ruby/gems/gitlab-triage/-/merge_requests/313#note_1601520801
+Gemspec/RequireMFA:
+  Enabled: false
+
+# rationale: it's okay to have empty blocks in specs
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/**/*.rb'
+
+# rationale: these files do not seem overly harmful to violate this rule,
+# but overall, seems good to keep enabled
+RSpec/IndexedLet:
+  Exclude:
+    - 'spec/integration/select_issues_by_weight_spec.rb'
+    - 'spec/integration/select_merge_requests_by_source_branch_spec.rb'
+
+# rationale: Maybe we should? For now, let's keep it disabled and revisit at a later point.
+Rails/Output:
+  Enabled: false