diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index df65acf634c28b425d4239491eb301cd80515494..52e0c225173a7667896f5e8aea34f4912ed1e3df 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -1735,6 +1735,10 @@ lib/api/entities/project_identity.rb lib/api/entities/project.rb ee/lib/ee/api/entities/project.rb +[Category:Groups & Projects] @gitlab-com/gl-infra/tenant-scale/organizations/groups-and-projects +app/views/admin/projects/_projects.html.haml +app/views/admin/groups/_groups_.html.haml + [Compliance] @gitlab-org/software-supply-chain-security/compliance/engineering /app/services/audit_events/build_service.rb /ee/app/services/ee/audit_events/build_service.rb diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 6b53723bc95c698f326c9bdc54ec2d13f89e1d70..5aa3667feb52da9ff4f7349ec66df2e8b04d098c 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -157,6 +157,9 @@ .if-merge-request-labels-skip-undercoverage: &if-merge-request-labels-skip-undercoverage if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-undercoverage/' +.if-merge-request-labels-skip-check-deprecated-files: &if-merge-request-labels-skip-check-deprecated-files + if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:skip-check-deprecated-files/' + .if-merge-request-labels-jh-contribution: &if-merge-request-labels-jh-contribution if: '($CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_EVENT_TYPE != "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /JiHu contribution/' @@ -2712,6 +2715,13 @@ - <<: *if-default-refs changes: *docs-patterns +.static-analysis:rules:check-deprecated-files: + rules: + - <<: *if-merge-request-labels-skip-check-deprecated-files + when: never + - <<: *if-merge-request + changes: *code-patterns + .semgrep-appsec-custom-rules:rules: rules: - <<: *if-not-ee diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml index 7f7ebfe67e69c81691ca99e5907c75d7e40483c0..e13b10e6a1ddd88e26a85b717e24add67ea675a7 100644 --- a/.gitlab/ci/static-analysis.gitlab-ci.yml +++ b/.gitlab/ci/static-analysis.gitlab-ci.yml @@ -331,3 +331,13 @@ ping-appsec-for-dependency-review: script: - docker run --interactive --rm "$DEPENDENCY_REVIEW_BOT_CI_REG:latest" -t "$DEPENDENCY_REVIEW_PAT" -p "$CI_PROJECT_ID" -m "$CI_MERGE_REQUEST_IID" -s "$DISABLE_SCORING" -a "$DISABLE_MENTIONS" -c "$DISABLE_COMMENTING" allow_failure: true + +check-deprecated-files: + extends: + - .static-analysis-base + - .static-analysis:rules:check-deprecated-files + variables: + USE_BUNDLE_INSTALL: "false" + SETUP_DB: "false" + script: + - scripts/check_deprecated_files.sh diff --git a/app/views/admin/groups/_group.html.haml b/app/views/admin/groups/_group.html.haml index 0aca7d3fefbdce43433e663e74db96b2d3370ef3..0342eeae5cc28d77030f679e05cf627cae2af9d9 100644 --- a/app/views/admin/groups/_group.html.haml +++ b/app/views/admin/groups/_group.html.haml @@ -1,3 +1,18 @@ +-# STOP! DO NOT EDIT THIS FILE! +-# +-# This file is deprecated and scheduled for removal. +-# +-# Details: +-# - Feature Issue: https://gitlab.com/groups/gitlab-org/-/epics/17782 +-# - Owner: @gitlab-com/gl-infra/tenant-scale/organizations/groups-and-projects +-# +-# If you ABSOLUTELY MUST edit this file: +-# 1. Understand the implications of your changes +-# 2. Follow the deprecated features guidelines: +-# 3. Request approval from a DRI when creating a merge request +-# +-# Thank you! + - group = local_assigns.fetch(:group) - remove_form_id = "js-remove-group-#{group.id}-form" diff --git a/app/views/admin/projects/_projects.html.haml b/app/views/admin/projects/_projects.html.haml index 8120e88a93a9402ccac4c6a01ae882a9d52d741e..34bd88a7977260dc5d157aae8b8138d3331905be 100644 --- a/app/views/admin/projects/_projects.html.haml +++ b/app/views/admin/projects/_projects.html.haml @@ -1,3 +1,20 @@ +-# STOP! DO NOT EDIT THIS FILE! +-# +-# This file is deprecated and scheduled for removal. +-# +-# Details: +-# - Feature Issue: https://gitlab.com/groups/gitlab-org/-/epics/17782 +-# - Owner: @gitlab-com/gl-infra/tenant-scale/organizations/groups-and-projects +-# +-# If you ABSOLUTELY MUST edit this file: +-# 1. Understand the implications of your changes +-# 2. Follow the deprecated features guidelines: +-# 3. Request approval from a DRI when creating a merge request +-# +-# Thank you! + +-# test modification + .js-projects-list-holder - if @projects.any? %ul.content-list diff --git a/danger/check_deprecated_files/Dangerfile b/danger/check_deprecated_files/Dangerfile new file mode 100644 index 0000000000000000000000000000000000000000..71b7e1f2d68a0d0784ff994fbf9ee9e0b4441775 --- /dev/null +++ b/danger/check_deprecated_files/Dangerfile @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +skip_label = "pipeline:skip-check-deprecated-files" +return if helper.mr_labels.include?(skip_label) + +script_output = `DANGER=true ./scripts/check_deprecated_files.sh 2>&1` +script_success = $?.success? + +unless script_success + message = script_output.gsub(/\e\[[0-9;]*m/, '') + warn(message) +end diff --git a/deprecations.yml b/deprecations.yml new file mode 100644 index 0000000000000000000000000000000000000000..15badb6bb1cdfb8039d3dc5cc197f3cfc0689bb1 --- /dev/null +++ b/deprecations.yml @@ -0,0 +1,10 @@ +- path: app/views/admin/projects/_projects.html.haml + reason: "Ongoing migration to Vue" + feature_issue: https://gitlab.com/groups/gitlab-org/-/epics/17782 + removal_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/549452 + feature_category: groups_and_projects +- path: app/views/admin/groups/_groups_.html.haml + reason: "Ongoing migration to Vue" + feature_issue: https://gitlab.com/groups/gitlab-org/-/epics/17782 + removal_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/549452 + feature_category: groups_and_projects diff --git a/lefthook.yml b/lefthook.yml index 4e4808cbf77562a666bddd94e109e5121ff525ee..bcd4b8c1f8d608c1e53eb434791ceb8d3d08a5ad 100644 --- a/lefthook.yml +++ b/lefthook.yml @@ -151,6 +151,9 @@ pre-push: secrets-detection: tags: secrets run: .lefthook/gitleaks.sh pre-push + check-deprecated-files: + tags: backend frontend view haml + run: scripts/check_deprecated_files.sh scripts: 'merge_conflicts': diff --git a/scripts/check_deprecated_files.sh b/scripts/check_deprecated_files.sh new file mode 100755 index 0000000000000000000000000000000000000000..72e257e0413ed8c2370a9abfad0ea605373b8ffd --- /dev/null +++ b/scripts/check_deprecated_files.sh @@ -0,0 +1,98 @@ +#!/usr/bin/env bash + +BRed='\033[1;31m' +BCyan='\033[1;36m' +BGreen='\033[1;32m' +Color_Off='\033[0m' + +DEPRECATION_REGISTRY="deprecations.yml" + +if [ ! -f "$DEPRECATION_REGISTRY" ]; then + exit 0 +fi + +# Determine script environment +if [ "$DANGER" = "true" ]; then + SCRIPT_ENV="danger" +elif [ -n "$GITLAB_CI" ]; then + SCRIPT_ENV="ci" +else + SCRIPT_ENV="local" +fi + +get_changed_files_local() { + current_branch=$(git rev-parse --abbrev-ref HEAD) + upstream=$(git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null) + + if [ $? -eq 0 ] && [ -n "$upstream" ]; then + base_branch="$upstream" + else + base_branch="origin/master" + fi + + merge_base=$(git merge-base "$base_branch" HEAD) + git diff --name-only --diff-filter=d "${merge_base}..HEAD" +} + +get_changed_files_ci() { + base_branch="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-${GITHUB_BASE_REF:-${CI_DEFAULT_BRANCH:-master}}}" + + if [ -n "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]; then + git diff --name-only --diff-filter=d "${CI_MERGE_REQUEST_DIFF_BASE_SHA}..HEAD" + elif [ -n "$GITHUB_BASE_REF" ]; then + git diff --name-only --diff-filter=d "origin/${GITHUB_BASE_REF}..HEAD" + else + git fetch origin "$base_branch" --depth=50 2>/dev/null || true + merge_base=$(git merge-base "origin/$base_branch" HEAD 2>/dev/null || echo "origin/$base_branch") + git diff --name-only --diff-filter=d "${merge_base}..HEAD" + fi +} + +deprecated_files=$(grep "^[[:space:]]*- path:" "$DEPRECATION_REGISTRY" | sed 's/^[[:space:]]*- path:[[:space:]]*//') + +# Get changed files based on environment +if [ "$SCRIPT_ENV" = "local" ]; then + changed_files=$(get_changed_files_local) +else + # Both 'ci' and 'danger' use CI method + changed_files=$(get_changed_files_ci) +fi + +deprecated_list="" +while IFS= read -r file; do + if [ -n "$file" ] && grep -qx "$file" <<< "$deprecated_files"; then + deprecated_list="${deprecated_list} ${BRed}• ${file}${Color_Off}\n" + fi +done <<< "$changed_files" + +if [ -n "$deprecated_list" ]; then + if [ "$SCRIPT_ENV" = "danger" ]; then + echo -e "\n**Deprecated files modified:**\n" + echo -e "$deprecated_list" + echo -e "\n**To proceed:**\n" + echo -e " • Get approval from one of the DRIs specified in [deprecations.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/master/deprecations.yml)" + echo -e " • Add ~\"pipeline:skip-check-deprecated-files\" label to your MR\n" + else + echo -e "${BRed}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${Color_Off}" + echo -e "${BRed}⚠️ WARNING: You are pushing changes to deprecated files! ⚠️${Color_Off}" + echo -e "${BRed}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${Color_Off}" + echo -e "The following deprecated files have been modified:" + echo -e "$deprecated_list" + echo -e "To proceed with this change:" + echo -e " • Get approval from a DRI (add as reviewer)" + echo -e " • Explain why this change is necessary in your MR" + echo + echo -e "To bypass this check:" + if [ "$SCRIPT_ENV" = "ci" ]; then + echo -e " • Add ${BCyan}~\"pipeline:skip-check-deprecated-files\"${Color_Off} label to your MR" + else + echo -e " • Push with: ${BCyan}LEFTHOOK_EXCLUDE=check-deprecated-files git push${Color_Off}" + fi + echo + echo -e "See deprecation details in: ${BGreen}$DEPRECATION_REGISTRY${Color_Off}" + echo -e "${BRed}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${Color_Off}" + fi + exit 1 +fi + +exit 0