diff --git a/CHANGELOG.md b/CHANGELOG.md index 243f6fe57c..cb4b2a3507 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,59 @@ The latest version of this file can be found at the master branch of the omnibus-gitlab repository. +## 18.2.4 (2025-08-18) + +### Changed (1 change) + +- [Build with Go 1.24.5](gitlab-org/omnibus-gitlab@96c74dfe2a4245c05cfebf061d0f17c0c56b01f9) ([merge request](gitlab-org/omnibus-gitlab!8658)) + +## 18.2.3 (2025-08-18) + +No changes. + +## 18.2.2 (2025-08-12) + +### Fixed (1 change) + +- [Fix deprecation check failing on nil values](gitlab-org/security/omnibus-gitlab@529d34fbbffca1f4877e8fb58bef3a0e1d9c3034) + +## 18.2.1 (2025-07-22) + +No changes. + +## 18.2.0 (2025-07-16) + +### Added (1 change) + +- [Preinstall: Optionally skip config check](gitlab-org/omnibus-gitlab@b5ba64498620a8c1017b8468e80e2537c3561ba1) ([merge request](gitlab-org/omnibus-gitlab!8470)) + +### Fixed (2 changes) + +- [Remove X-Content-Type-Options header for assets](gitlab-org/omnibus-gitlab@959185aa2008aeec2d864d02f180897e22886b8b) ([merge request](gitlab-org/omnibus-gitlab!8537)) +- [Change SIGTERM behaviour for PgBouncer](gitlab-org/omnibus-gitlab@96d6b822e077935d5f50224396cb9213de39bc93) ([merge request](gitlab-org/omnibus-gitlab!8511)) + +### Changed (11 changes) + +- [Bump Mattermost to version 10.9.1](gitlab-org/omnibus-gitlab@31dfc5be91fd4ff49740bbced37d3db5c04a3fd4) by @christian.hueser.hzdr ([merge request](gitlab-org/omnibus-gitlab!8517)) +- [Update dependency gitlab-exporter to v15.6.0](gitlab-org/omnibus-gitlab@47a59243762e08c57a902728c222ba9842a4125f) ([merge request](gitlab-org/omnibus-gitlab!8550)) +- [Update dependency container-registry to v4.24.0-gitlab](gitlab-org/omnibus-gitlab@2843fa1c1a075cf43572e2a2d530f2ceaeb1d735) ([merge request](gitlab-org/omnibus-gitlab!8542)) +- [Update dependency bundler to v2.6.9](gitlab-org/omnibus-gitlab@20a775e0a6982d0ac94976eb32a33104856f4ae0) ([merge request](gitlab-org/omnibus-gitlab!8456)) +- [Update dependency curl to 8.14.1](gitlab-org/omnibus-gitlab@9c437e166947f4effbb4c5cecce27a177a83fe69) ([merge request](gitlab-org/omnibus-gitlab!8497)) +- [Use `openssl rehash` instead of `c_rehash`](gitlab-org/omnibus-gitlab@82ff0c22abc337336c161b815b701d4515bd56f7) ([merge request](gitlab-org/omnibus-gitlab!8306)) +- [Update dependency gitlab-exporter to v15.5.0](gitlab-org/omnibus-gitlab@e0a3573cc852c11df6859a30025b6eed27196b38) ([merge request](gitlab-org/omnibus-gitlab!8514)) +- [Update dependency container-registry to v4.23.2-gitlab](gitlab-org/omnibus-gitlab@ff62051a1008c080ce12d2af078b67c342d2c754) ([merge request](gitlab-org/omnibus-gitlab!8512)) +- [Bump libxml2 to 2.14.4](gitlab-org/omnibus-gitlab@f4295a656944436ca167dcdeb73e205d24b4a6a7) ([merge request](gitlab-org/omnibus-gitlab!8362)) +- [Bump libarchive to 3.8.1](gitlab-org/omnibus-gitlab@11a980bf1c4b6fc3e4d038ce2ce5d16e189b0c87) ([merge request](gitlab-org/omnibus-gitlab!8430)) +- [Update dependency pgbouncer_exporter to v0.11.0](gitlab-org/omnibus-gitlab@a1c3af7a9d0b8e07439f62b9ba72716bf2fc891e) ([merge request](gitlab-org/omnibus-gitlab!8482)) + +### Removed (1 change) + +- [Stop building for SLES 15.2](gitlab-org/omnibus-gitlab@33b035b6f648e90f103ca25363835f6d71abab88) ([merge request](gitlab-org/omnibus-gitlab!8524)) + +### Security (1 change) + +- [Update rsync from 3.2.7 to 3.4.1](gitlab-org/omnibus-gitlab@5deb671cb00cef4a22f0abd0000e2657658ecd4c) + ## 18.1.2 (2025-07-09) ### Security (1 change) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 1f7391f92b..523096c786 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -master +18.2.4 \ No newline at end of file diff --git a/GITLAB_ELASTICSEARCH_INDEXER_VERSION b/GITLAB_ELASTICSEARCH_INDEXER_VERSION index ba2906d066..3b867ccd76 100644 --- a/GITLAB_ELASTICSEARCH_INDEXER_VERSION +++ b/GITLAB_ELASTICSEARCH_INDEXER_VERSION @@ -1 +1 @@ -main +5.7.0 \ No newline at end of file diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION index 1f7391f92b..523096c786 100644 --- a/GITLAB_KAS_VERSION +++ b/GITLAB_KAS_VERSION @@ -1 +1 @@ -master +18.2.4 \ No newline at end of file diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION index 1f7391f92b..523096c786 100644 --- a/GITLAB_PAGES_VERSION +++ b/GITLAB_PAGES_VERSION @@ -1 +1 @@ -master +18.2.4 \ No newline at end of file diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index ba2906d066..5c5b951eaf 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -main +14.44.0 \ No newline at end of file diff --git a/VERSION b/VERSION index 1f7391f92b..58ab14e41f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -master +18.2.4-ee \ No newline at end of file diff --git a/config/software/curl.rb b/config/software/curl.rb index 5115f89c54..eebbe7c256 100644 --- a/config/software/curl.rb +++ b/config/software/curl.rb @@ -69,7 +69,8 @@ "--without-ca-bundle", "--with-ca-fallback", "--without-zstd", - "-without-libpsl" + "--without-libpsl", + "--without-brotli" ] openssl_library_path = "=#{install_dir}/embedded" unless Build::Check.use_system_ssl? diff --git a/files/gitlab-cookbooks/package/libraries/deprecations.rb b/files/gitlab-cookbooks/package/libraries/deprecations.rb index 35635631fb..f576bf0f42 100644 --- a/files/gitlab-cookbooks/package/libraries/deprecations.rb +++ b/files/gitlab-cookbooks/package/libraries/deprecations.rb @@ -90,7 +90,7 @@ def next_major_version def applicable_deprecations(incoming_version, existing_config, type) # Return the list of deprecations or removals that are applicable with # a given list of configuration for a specific version. - incoming_version = next_major_version if incoming_version.empty? + incoming_version = next_major_version if incoming_version&.empty? return [] unless incoming_version version = Gem::Version.new(incoming_version) diff --git a/gitlab-ci-config/variables.yml b/gitlab-ci-config/variables.yml index 3b7dc7021b..de3d784158 100644 --- a/gitlab-ci-config/variables.yml +++ b/gitlab-ci-config/variables.yml @@ -1,59 +1,49 @@ --- variables: - # BUILDER_IMAGE_REGISTRY is set to - # `dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder` in the project - # settings of omnibus-gitlab mirror in dev.gitlab.org so that builds there - # will use images from that registry and not depend on GitLab.com - BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder" - # To be used for images that exist only on dev.gitlab.org - DEV_BUILDER_IMAGE_REGISTRY: 'dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder' - PUBLIC_BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder" - BUILDER_IMAGE_REVISION: "5.34.0" - # The registry to pull the assets image from + BUILDER_IMAGE_REGISTRY: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder + DEV_BUILDER_IMAGE_REGISTRY: dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder + PUBLIC_BUILDER_IMAGE_REGISTRY: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder + BUILDER_IMAGE_REVISION: 5.39.0 ASSET_REGISTRY: "${CI_REGISTRY}" - ASSET_SYNC_EXISTING_REMOTE_FILES: "keep" - ASSET_SYNC_GZIP_COMPRESSION: "true" - ASSET_PATH: "assets-${CI_COMMIT_REF_SLUG}" - COMPILE_ASSETS: "false" - BUNDLE_PATH__SYSTEM: "false" - # CI images - DOCKERHUB_PREFIX: "docker.io" # Set to dependency proxy if rate limits become a problem. + ASSET_SYNC_EXISTING_REMOTE_FILES: keep + ASSET_SYNC_GZIP_COMPRESSION: 'true' + ASSET_PATH: assets-${CI_COMMIT_REF_SLUG} + COMPILE_ASSETS: 'false' + BUNDLE_PATH__SYSTEM: 'false' + DOCKERHUB_PREFIX: docker.io RUBY_IMAGE: "${DOCKERHUB_PREFIX}/ruby:3.2" RUBY_ALPINE_IMAGE: "${RUBY_IMAGE}-alpine" BASH_IMAGE: "${DOCKERHUB_PREFIX}/bash:5.2-alpine3.20" ALPINE_IMAGE: "${DOCKERHUB_PREFIX}/alpine:3.21" UBUNTU_IMAGE: "${DOCKERHUB_PREFIX}/ubuntu:24.04" DOCKER_DIND_IMAGE: "${DOCKERHUB_PREFIX}/docker:28.0.4-dind" - DEPENDENCY_PROXY_LOGIN: "false" - # Format of the auto-deploy tag for auto-deploy builds. - # https://gitlab.com/gitlab-org/release/docs/blob/master/general/deploy/auto-deploy.md#auto-deploy-tagging - AUTO_DEPLOY_TAG_REGEX: '^\d+\.\d+\.\d+\+[^ ]{7,}\.[^ ]{7,}$' - # Default environment for auto-deploy - AUTO_DEPLOY_ENVIRONMENT: 'pre' - OMNIBUS_GITLAB_MIRROR_ID: "14588374" - DOCS_GITLAB_REPO_SUFFIX: "omnibus" + DEPENDENCY_PROXY_LOGIN: 'false' + AUTO_DEPLOY_TAG_REGEX: "^\\d+\\.\\d+\\.\\d+\\+[^ ]{7,}\\.[^ ]{7,}$" + AUTO_DEPLOY_ENVIRONMENT: pre + OMNIBUS_GITLAB_MIRROR_ID: '14588374' + DOCS_GITLAB_REPO_SUFFIX: omnibus DOCS_LINT_IMAGE: registry.gitlab.com/gitlab-org/technical-writing/docs-gitlab-com/lint-markdown:alpine-3.21-vale-3.11.2-markdownlint2-0.17.2-lychee-0.18.1 - CACHE_KEY_SUFFIX: '-v3' - CACHE_EDITION: "CE" - CACHE_POLICY: 'pull-push' - ISSUE_BOT_LABELS_EXTRA: "group::distribution" - BUNDLER_VERSION: "2.6.9" - GET_GEO_TAG: "0.7.4" - GITLAB_NAMESPACE: "gitlab-org" - CANONICAL_PROJECT_PATH: 'gitlab-org/omnibus-gitlab' - SECURITY_PROJECT_PATH: 'gitlab-org/security/omnibus-gitlab' - DEV_PROJECT_PATH: 'gitlab/omnibus-gitlab' - QA_PROJECT_PATH: 'gitlab-org/build/omnibus-gitlab-mirror' - ARM64_RUNNER_TAG: 'arm64' - PACKAGE_PROMOTION_RUNNER_TAG: 'promotion' - NIGHTLY_REPO: 'nightly-builds' - NIGHTLY_FIPS_REPO: 'nightly-fips-builds' - QA_TESTS_UPSTREAM_PROJECT: 'gitlab-org/gitlab' - QA_TESTS_REF: 'master' - OPENSSL_VERSION: '3.4.1' + CACHE_KEY_SUFFIX: "-v3" + CACHE_EDITION: CE + CACHE_POLICY: pull-push + ISSUE_BOT_LABELS_EXTRA: group::distribution + BUNDLER_VERSION: 2.6.9 + GET_GEO_TAG: 0.7.4 + GITLAB_NAMESPACE: gitlab-org + CANONICAL_PROJECT_PATH: gitlab-org/omnibus-gitlab + SECURITY_PROJECT_PATH: gitlab-org/security/omnibus-gitlab + DEV_PROJECT_PATH: gitlab/omnibus-gitlab + QA_PROJECT_PATH: gitlab-org/build/omnibus-gitlab-mirror + ARM64_RUNNER_TAG: arm64 + PACKAGE_PROMOTION_RUNNER_TAG: promotion + NIGHTLY_REPO: nightly-builds + NIGHTLY_FIPS_REPO: nightly-fips-builds + QA_TESTS_UPSTREAM_PROJECT: gitlab-org/gitlab + QA_TESTS_REF: 18-2-stable-ee + OPENSSL_VERSION: 3.4.1 FF_TIMESTAMPS: true - OPENSSL_GEM_VERSION: '~> 3.2.0' - RAT_PROJECT_PATH: 'gitlab-org/distribution/reference-architecture-tester' + OPENSSL_GEM_VERSION: "~> 3.2.0" + RAT_PROJECT_PATH: gitlab-org/distribution/reference-architecture-tester DISABLE_RPI_BUILDS: 'true' - PUBLIC_IMAGE_ARCHIVE_REGISTRY: 'registry.gitlab.com' - PUBLIC_IMAGE_ARCHIVE_REGISTRY_PATH: 'gitlab-org/public-image-archive' + PUBLIC_IMAGE_ARCHIVE_REGISTRY: registry.gitlab.com + PUBLIC_IMAGE_ARCHIVE_REGISTRY_PATH: gitlab-org/public-image-archive diff --git a/lib/gitlab/build/check.rb b/lib/gitlab/build/check.rb index 227518658b..1dee1ea069 100644 --- a/lib/gitlab/build/check.rb +++ b/lib/gitlab/build/check.rb @@ -97,7 +97,15 @@ def no_changes? system(*%w[git diff --quiet]) end + def run_on_ci? + Gitlab::Util.get_env('GITLAB_CI') + end + def on_tag? + # On GitLab CI, check if it is a tag pipeline + return ci_commit_tag? if run_on_ci? + + # Fallback to git describe for local/non-CI environments system('git describe --exact-match > /dev/null 2>&1') end diff --git a/spec/chef/cookbooks/package/libraries/deprecations_spec.rb b/spec/chef/cookbooks/package/libraries/deprecations_spec.rb index 148b3f952c..5879975ca5 100644 --- a/spec/chef/cookbooks/package/libraries/deprecations_spec.rb +++ b/spec/chef/cookbooks/package/libraries/deprecations_spec.rb @@ -98,6 +98,10 @@ expect(described_class.check_config("11.0", valid_config)).to eq([]) end + it 'handles nil incoming version' do + expect(described_class.check_config(nil, valid_config)).to eq([]) + end + it 'detects deprecated configuration for specified version and ignores not yet deprecated ones' do message_1 = "* nginx['listen_address'] has been deprecated since 8.10 and was removed in 11.0. Use nginx['listen_addresses'] instead." message_2 = "* gitlab_rails['stuck_ci_builds_worker_cron'] has been deprecated since 9.0 and was removed in 12.0. Use gitlab_rails['stuck_ci_jobs_worker_cron'] instead." diff --git a/spec/lib/gitlab/build/check_spec.rb b/spec/lib/gitlab/build/check_spec.rb index 0fe9d63f43..cb5557b424 100644 --- a/spec/lib/gitlab/build/check_spec.rb +++ b/spec/lib/gitlab/build/check_spec.rb @@ -172,6 +172,52 @@ end end + describe 'run_on_ci?' do + it 'returns true when GITLAB_CI environment variable is set' do + allow(Gitlab::Util).to receive(:get_env).with('GITLAB_CI').and_return('true') + expect(described_class.run_on_ci?).to be_truthy + end + + it 'returns false when GITLAB_CI environment variable is not set' do + allow(Gitlab::Util).to receive(:get_env).with('GITLAB_CI').and_return(nil) + expect(described_class.run_on_ci?).to be_falsey + end + end + + describe 'on_tag?' do + context 'when running on CI' do + before do + allow(described_class).to receive(:run_on_ci?).and_return(true) + end + + it 'returns the correct value based on ci_commit_tag? result' do + [ + { ci_commit_tag_result: true, expected: be_truthy }, + { ci_commit_tag_result: false, expected: be_falsey } + ].each do |test_case| + allow(described_class).to receive(:ci_commit_tag?).and_return(test_case[:ci_commit_tag_result]) + expect(described_class.on_tag?).to test_case[:expected] + end + end + end + + context 'when not running on CI' do + before do + allow(described_class).to receive(:run_on_ci?).and_return(false) + end + + it 'returns the correct value based on git describe --exact-match result' do + [ + { git_result: true, expected: be_truthy }, + { git_result: false, expected: be_falsey } + ].each do |test_case| + allow(described_class).to receive(:system).with('git describe --exact-match > /dev/null 2>&1').and_return(test_case[:git_result]) + expect(described_class.on_tag?).to test_case[:expected] + end + end + end + end + describe 'on_stable_branch?' do context 'when on a stable branch' do before do