Merge remote-tracking branch 'origin/main' into add-allowed-repositories-description-to-docs

Author: gilesgas

.buildkite/pipeline.deploy.yml

@@ -6,18 +6,22 @@ steps:
     if: |
       build.branch == "main"
     agents:
-      queue: deploy
+      queue: elastic-runners
     plugins:
-      ecr#v2.7.0:
-        login: true
-        account-ids: ${ECR_ACCOUNT_ID}
+      - aws-assume-role-with-web-identity#v1.0.0:
+          role-arn: arn:aws:iam::${ECR_ACCOUNT_ID}:role/pipeline-buildkite-docs-main
+      - ecr#v2.7.0:
+          login: true
+          account-ids: ${ECR_ACCOUNT_ID}
 
   - name: ":ecr: ECR Vulnerabilities Scan"
     command: "true"
     agents:
-      queue: deploy
+      queue: elastic-runners
     depends_on: "ecr-push"
     plugins:
+      - aws-assume-role-with-web-identity#v1.0.0:
+          role-arn: arn:aws:iam::${ECR_ACCOUNT_ID}:role/pipeline-buildkite-docs-main
       - buildkite/ecr-scan-results#v1.2.0:
           image-name: "${ECR_REPO}:${BUILDKITE_BUILD_NUMBER}"
           ignore:
@@ -38,6 +42,9 @@ steps:
             - CVE-2023-5678  # openssl 3.0.11-1~deb12u1
             - CVE-2023-50495 # ncurses 6.4-4
             - CVE-2024-0567 # gnutls28 3.7.9-2+deb12u1
+            - CVE-2023-50387 # systemd 252.17-1~deb12u1
+            - CVE-2024-0553 # gnutls28 3.7.9-2
+            - CVE-2024-0567 # gnutls28 3.7.9-2+deb12u1
 
   # If the current user is part of the deploy team, then wait for everything to
   # finish before deploying
@@ -61,8 +68,11 @@ steps:
     concurrency: 1
     concurrency_group: docs-deploy
     agents:
-      queue: deploy
+      queue: elastic-runners
     command: scripts/deploy-ecs
+    plugins:
+      - aws-assume-role-with-web-identity#v1.0.0:
+          role-arn: arn:aws:iam::${ECR_ACCOUNT_ID}:role/pipeline-buildkite-docs-main
 
   - wait
 

.markdownlint.yaml

@@ -21,11 +21,12 @@ MD005: true
 MD006: true
 
 # MD007/ul-indent - Unordered list indentation
-MD007:
+# (This setting is temporarily disabled. The intention is to make its value 4, as doing this would allow the nesting of 3 bullet points and improved code block handling)
+# MD007:
   # Spaces for indent
-  indent: 2
+  # indent: 2
   # Whether to indent the first level of the list
-  start_indented: false
+  # start_indented: false
 
 # MD009/no-trailing-spaces - Trailing spaces
 MD009:

README.md

@@ -58,7 +58,7 @@ After completing the relevant 'Before you start' steps above:
    foreman start
    ```
 
-   **Note:** After stopping the non-containerized server, simply run `foreman start` to re-start the server again.
+   **Note:** After stopping the non-containerized server, simply run `foreman start` to re-start the server again. If, however, the `foreman start` command fails to run successfully, try re-running the `bin/setup` command again to update any dependencies before running `foreman start` again.
 
    For containerized development, run the following:
 

app/models/beta_pages.rb

@@ -1,9 +1,7 @@
 class BetaPages
   def self.all
     [
-      'agent/clusters',
-      'apis/rest-api/clusters',
-      'apis/rest-api/pipeline-templates'
+      'pipelines/cluster-queue-metrics'
     ]
   end
 end

data/content/environment_variables.yaml

@@ -158,6 +158,11 @@ variables:
     values:
       - true
       - false
+  - name: BUILDKITE_CLUSTER_ID
+    desc: |
+      The UUID value of the cluster, but only if the build has an associated `cluster_queue`. Otherwise, this environment variable is not set.
+    modifiable: false
+    example: "4735ba57-80d0-46e2-8fa0-b28223a86586"
   - name: BUILDKITE_COMMAND
     desc: |
       The command that will be run for the job.

data/graphql/schema.graphql

@@ -507,6 +507,11 @@ type Annotation implements Node {
   createdAt: DateTime!
   id: ID!
 
+  """
+  The priority of the annotation
+  """
+  priority: Int!
+
   """
   The visual style of the annotation
   """
@@ -550,6 +555,21 @@ type AnnotationEdge {
   node: Annotation
 }
 
+"""
+The different orders you can sort annotations by
+"""
+enum AnnotationOrder {
+  """
+  Order by priority, then by the most recently created annotations first
+  """
+  PRIORITY_RECENTLY_CREATED
+
+  """
+  Order by the most recently created annotations first
+  """
+  RECENTLY_CREATED
+}
+
 """
 The visual style of the annotation
 """
@@ -701,12 +721,13 @@ type AuditActor {
 """
 Kinds of actors which can perform audit events
 """
-union AuditActorNode = User
+union AuditActorNode = Agent | User
 
 """
 All the possible types of actors in an Audit Event
 """
 enum AuditActorType {
+  AGENT
   USER
 }
 
@@ -825,6 +846,11 @@ enum AuditEventType {
   SCM_SERVICE_CREATED
   SCM_SERVICE_DELETED
   SCM_SERVICE_UPDATED
+  SECRET_CREATED
+  SECRET_DELETED
+  SECRET_QUERIED
+  SECRET_READ
+  SECRET_UPDATED
   SSO_PROVIDER_CREATED
   SSO_PROVIDER_DELETED
   SSO_PROVIDER_DISABLED
@@ -899,7 +925,7 @@ type AuditSubject {
 """
 Kinds of subjects which can have audit events performed on them
 """
-union AuditSubjectNode = APIAccessToken | AgentToken | AuthorizationBitbucket | AuthorizationGitHub | AuthorizationGitHubEnterprise | Cluster | ClusterPermission | ClusterQueue | ClusterQueueToken | ClusterToken | Email | NotificationServiceSlack | NotificationServiceWebhook | Organization | OrganizationBanner | OrganizationInvitation | OrganizationMember | Pipeline | PipelineSchedule | PipelineTemplate | SCMPipelineSettings | SCMRepositoryHost | SCMService | SSOProviderGitHubApp | SSOProviderGoogleGSuite | SSOProviderSAML | Subscription | Suite | TOTP | Team | TeamMember | TeamPipeline | TeamSuite | User
+union AuditSubjectNode = APIAccessToken | AgentToken | AuthorizationBitbucket | AuthorizationGitHub | AuthorizationGitHubEnterprise | Cluster | ClusterPermission | ClusterQueue | ClusterQueueToken | ClusterToken | Email | NotificationServiceSlack | NotificationServiceWebhook | Organization | OrganizationBanner | OrganizationInvitation | OrganizationMember | Pipeline | PipelineSchedule | PipelineTemplate | SCMPipelineSettings | SCMRepositoryHost | SCMService | SSOProviderGitHubApp | SSOProviderGoogleGSuite | SSOProviderSAML | Secret | Subscription | Suite | TOTP | Team | TeamMember | TeamPipeline | TeamSuite | User
 
 """
 All the possible types of subjects in an Audit Event
@@ -924,6 +950,7 @@ enum AuditSubjectType {
   SCM_PIPELINE_SETTINGS
   SCM_REPOSITORY_HOST
   SCM_SERVICE
+  SECRET
   SSO_PROVIDER
   SUBSCRIPTION
   SUITE
@@ -1104,6 +1131,11 @@ type Build implements Node {
     Returns the last _n_ elements from the list.
     """
     last: Int
+
+    """
+    Order the annotations
+    """
+    order: AnnotationOrder = RECENTLY_CREATED
     style: [AnnotationStyle!]
   ): AnnotationConnection
 
@@ -1275,6 +1307,13 @@ input BuildAnnotateInput {
   """
   context: String = "default"
 
+  """
+  Priority of the annotation. By default annotations have a priority of 3.
+  Annotations with a priority of 10 will be shown first, and annotations with a
+  priority of 1 will be shown last.
+  """
+  priority: Int = 3
+
   """
   The style of the annotation. The default is `DEFAULT`
   """
@@ -1484,46 +1523,6 @@ type BuildRebuildPayload {
   rebuild: Build!
 }
 
-"""
-All the possible build retention periods, depending on your billing plan
-"""
-enum BuildRetentionPeriods {
-  """
-  30 days
-  """
-  DAYS_30
-
-  """
-  60 days
-  """
-  DAYS_60
-
-  """
-  90 days
-  """
-  DAYS_90
-
-  """
-  12 months
-  """
-  MONTHS_12
-
-  """
-  18 months
-  """
-  MONTHS_18
-
-  """
-  6 months
-  """
-  MONTHS_6
-
-  """
-  2 years
-  """
-  YEARS_2
-}
-
 interface BuildSource {
   name: String!
 }
@@ -6324,22 +6323,6 @@ type Pipeline implements Node {
   """
   branchConfiguration: String
 
-  """
-  Choose to keep builds or remove them after a set time period. Pipelines are
-  scanned once a day for builds that can be removed according to these settings.
-  """
-  buildRetentionEnabled: Boolean @deprecated(reason: "Build retention is now determined by your billing plan. This field is no longer used and always returns null.")
-
-  """
-  The minimum number of builds to keep in the pipeline regardless of how old the builds are.
-  """
-  buildRetentionNumber: Int @deprecated(reason: "Build retention is now determined by your billing plan. This field is no longer used and always returns null.")
-
-  """
-  How long is a build kept before it is automatically removed.
-  """
-  buildRetentionPeriod: BuildRetentionPeriods @deprecated(reason: "Build retention is now determined by your billing plan. This field is no longer used and always returns null.")
-
   """
   Returns the builds for this pipeline
   """
@@ -7759,6 +7742,16 @@ type Query {
     uuid: ID!
   ): PipelineTemplate
 
+  """
+  Find a secret via its uuid. This does not contain the value of the secret or encrypted material.
+  """
+  secret(
+    """
+    The UUID for the secret i.e. `0bd5ea7c-89b3-4f40-8ca3-ffac805771eb`
+    """
+    uuid: ID!
+  ): Secret
+
   """
   Find an sso provider either using it's slug, or UUID
   """
@@ -8943,6 +8936,52 @@ type SSOProviderUpdatePayload {
   ssoProvider: SSOProvider!
 }
 
+"""
+A secret hosted by Buildkite. This does not contain the secret value or encrypted material.
+"""
+type Secret implements Node {
+  """
+  The cluster that the secret belongs to
+  """
+  cluster: Cluster
+
+  """
+  The time this secret was created
+  """
+  createdAt: DateTime
+
+  """
+  A description about what this secret is used for
+  """
+  description: String
+
+  """
+  The time this secret was destroyed
+  """
+  destroyedAt: DateTime
+  id: ID!
+
+  """
+  The key value used to name the secret
+  """
+  key: String!
+
+  """
+  The organization that the secret belongs to
+  """
+  organization: Organization!
+
+  """
+  The time this secret was updated
+  """
+  updatedAt: DateTime
+
+  """
+  The public UUID for the secret
+  """
+  uuid: ID!
+}
+
 interface Step {
   """
   The conditional evaluated for this step