Group items tagged

The [[ double square brackets ]] work essentially the same as [ single square brackets ], albeit with some more superpowers like more powerful regex support.

The (( double parentheses )) are actually a construct that allow arithmetic inside Bash.

If the results inside are zero, it returns an exit code of 1. (Essentially, zero is "falsey.")

the greater and less-than symbols work just fine inside arithmetic parens.

If the regex works out, the return code of the double square brackets is 0, and thus the function returns 0. If not, everything returns 1. This is a really great way to name regexes.

the stuff immediately after the if can be any command in the whole wide world, as long as it provides an exit code, which is pretty much always.

use all rules keywords, like if, changes, and exists, in the same rule. The rule evaluates to true only when all included keywords evaluate to true.

use parentheses with && and || to build more complicated variable expressions.

Use workflow to specify which types of pipelines can run.

every push to an open merge request’s source branch causes duplicated pipelines.

avoid duplicate pipelines by changing the job rules to avoid either push (branch) pipelines or merge request pipelines.

For behavior similar to the only/except keywords, you can check the value of the $CI_PIPELINE_SOURCE variable

commonly used variables for if clauses

rules:changes expressions to determine when to add jobs to a pipeline

Use !reference tags to reuse rules in different jobs.

Use except to define when a job does not run.

only or except used without refs is the same as only:refs / except/refs

If you change multiple files, but only one file ends in .md, the build job is still skipped.

If you use multiple keywords with only or except, the keywords are evaluated as a single conjoined expression.

only includes the job if all of the keys have at least one condition that matches.

except excludes the job if any of the keys have at least one condition that matches.

To specify a job as manual, add when: manual to the job in the .gitlab-ci.yml file.

Use protected environments to define a list of users authorized to run a manual job.

Use when: delayed to execute scripts after a waiting period, or if you want to avoid jobs immediately entering the pending state.

To split a large job into multiple smaller jobs that run in parallel, use the parallel keyword

run a trigger job multiple times in parallel in a single pipeline, but with different variable values for each instance of the job.

The @ symbol denotes the beginning of a ref’s repository path. To match a ref name that contains the @ character in a regular expression, you must use the hex character code match \x40.

Compare a variable to a string

Check if a variable is undefined

Check if a variable is empty

Check if a variable exists

Check if a variable is empty

Matches are found when using =~.

Matches are not found when using !~.

Join variable expressions together with && or ||

native database constraints

client-side validations

controller-level validations

Database constraints and/or stored procedures make the validation mechanisms database-dependent and can make testing and maintenance more difficult

Client-side validations can be useful, but are generally unreliable

combined with other techniques, client-side validation can be a convenient way to provide users with immediate feedback

it's a good idea to keep your controllers skinny

Active Record uses the new_record? instance method to determine whether an object is already in the database or not.

Creating and saving a new record will send an SQL INSERT operation to the database. Updating an existing record will send an SQL UPDATE operation instead. Validations are typically run before these commands are sent to the database

The bang versions (e.g. save!) raise an exception if the record is invalid.

save and update return false

create just returns the object

be used with caution

update_all

save also has the ability to skip validations if passed validate: false as argument.

valid? triggers your validations and returns true if no errors

After Active Record has performed validations, any errors found can be accessed through the errors.messages instance method

By definition, an object is valid if this collection is empty after running validations.

validations are not run when using new.

invalid? is simply the inverse of valid?.

To verify whether or not a particular attribute of an object is valid, you can use errors[:attribute]. I

Every time a validation fails, an error message is added to the object's errors collection,

All of them accept the :on and :message options, which define when the validation should be run and what message should be added to the errors collection if it fails, respectively.

validates that a checkbox on the user interface was checked when a form was submitted.

agree to your application's terms of service

use this helper when your model has associations with other models and they also need to be validated

valid? will be called upon each one of the associated objects.

work with all of the association types

Don't use validates_associated on both ends of your associations.

each associated object will contain its own errors collection

errors do not bubble up to the calling model

when you have two text fields that should receive exactly the same content

This validation creates a virtual attribute whose name is the name of the field that has to be confirmed with "_confirmation" appended.

To require confirmation, make sure to add a presence check for the confirmation attribute

this set can be any enumerable object.

The exclusion helper has an option :in that receives the set of values that will not be accepted for the validated attributes.

:in option has an alias called :within

validates the attributes' values by testing whether they match a given regular expression, which is specified using the :with option.

attribute does not match the regular expression by using the :without option.

validates that the attributes' values are included in a given set

:in option has an alias called :within

specify length constraints

:minimum

:maximum

:in (or :within)

:is - The attribute length must be equal to the given value.

:wrong_length, :too_long, and :too_short options and %{count} as a placeholder for the number corresponding to the length constraint being used.

split the value in a different way using the :tokenizer option:

validates that your attributes have only numeric values

By default, it will match an optional sign followed by an integral or floating point number.

set :only_integer to true.

allows a trailing newline character.

:greater_than

:greater_than_or_equal_to

:equal_to

:less_than

:less_than_or_equal_to

:odd - Specifies the value must be an odd number if set to true.

:even - Specifies the value must be an even number if set to true.

validates that the specified attributes are not empty

if the value is either nil or a blank string

validate associated records whose presence is required, you must specify the :inverse_of option for the association

an association is present, you'll need to test whether the associated object itself is present, and not the foreign key used to map the association

false.blank? is true

ensure the value will NOT be nil

validates that the specified attributes are absent

not either nil or a blank string

be sure that an association is absent

false.present? is false

validate the absence of a boolean field you should use validates :field_name, exclusion: { in: [true, false] }.

validates that the attribute's value is unique right before the object gets saved

a :scope option that you can use to specify other attributes that are used to limit the uniqueness check

a :case_sensitive option that you can use to define whether the uniqueness constraint will be case sensitive or not.

There is no default error message for validates_with.

To implement the validate method, you must have a record parameter defined, which is the record to be validated.

passes the record to a separate class for validation

validates attributes against a block

The block receives the record, the attribute's name and the attribute's value. You can do anything you like to check for valid data within the block

will let validation pass if the attribute's value is blank?, like nil or an empty string

the :message option lets you specify the message that will be added to the errors collection when validation fails

skips the validation when the value being validated is nil

specify when the validation should happen

raise ActiveModel::StrictValidationFailed when the object is invalid

You can do that by using the :if and :unless options, which can take a symbol, a string, a Proc or an Array.

use the :if option when you want to specify when the validation should happen

using eval and needs to contain valid Ruby code.

Using a Proc object gives you the ability to write an inline condition instead of a separate method

have multiple validations use one condition, it can be easily achieved using with_options.

implement a validate method which takes a record as an argument and performs the validation on it

validates_with method

implement a validate_each method which takes three arguments: record, attribute, and value

combine standard validations with your own custom validators.

:expiration_date_cannot_be_in_the_past,    :discount_cannot_be_greater_than_total_value

By default such validations will run every time you call valid?

errors[] is used when you want to check the error messages for a specific attribute.

Returns an instance of the class ActiveModel::Errors containing all errors.

lets you manually add messages that are related to particular attributes

using []= setter

errors[:base] is an array, you can simply add a string to it and it will be used as an error message.

use this method when you want to say that the object is invalid, no matter the values of its attributes.

clear all the messages in the errors collection

calling errors.clear upon an invalid object won't actually make it valid: the errors collection will now be empty, but the next time you call valid? or any method that tries to save this object to the database, the validations will run again.

the total number of error messages for the object.

.errors.full_messages.each

.field_with_errors

Auto DevOps works with any Kubernetes cluster;

using the Docker or Kubernetes executor, with privileged mode enabled.

Base domain (needed for Auto Review Apps and Auto Deploy)

Kubernetes (needed for Auto Review Apps, Auto Deploy, and Auto Monitoring)

Prometheus (needed for Auto Monitoring)

scrape your Kubernetes cluster.

project level as a variable: KUBE_INGRESS_BASE_DOMAIN

A wildcard DNS A record matching the base domain(s) is required

Once set up, all requests will hit the load balancer, which in turn will route them to the Kubernetes pods that run your application(s).

review/ (every environment starting with review/)

staging

production

need to define a separate KUBE_INGRESS_BASE_DOMAIN variable for all the above based on the environment.

Continuous deployment to production: Enables Auto Deploy with master branch directly deployed to production.

Continuous deployment to production using timed incremental rollout

Automatic deployment to staging, manual deployment to production

Auto Build creates a build of the application using an existing Dockerfile or Heroku buildpacks.

If a project’s repository contains a Dockerfile, Auto Build will use docker build to create a Docker image.

Each buildpack requires certain files to be in your project’s repository for Auto Build to successfully build your application.

Auto Test automatically runs the appropriate tests for your application using Herokuish and Heroku buildpacks by analyzing your project to detect the language and framework.

Auto Code Quality uses the Code Quality image to run static analysis and other code checks on the current code.

Static Application Security Testing (SAST) uses the SAST Docker image to run static analysis on the current code and checks for potential security issues.

Dependency Scanning uses the Dependency Scanning Docker image to run analysis on the project dependencies and checks for potential security issues.

License Management uses the License Management Docker image to search the project dependencies for their license.

Vulnerability Static Analysis for containers uses Clair to run static analysis on a Docker image and checks for potential security issues.

Review Apps are temporary application environments based on the branch’s code so developers, designers, QA, product managers, and other reviewers can actually see and interact with code changes as part of the review process. Auto Review Apps create a Review App for each branch. Auto Review Apps will deploy your app to your Kubernetes cluster only. When no cluster is available, no deployment will occur.

The Review App will have a unique URL based on the project ID, the branch or tag name, and a unique number, combined with the Auto DevOps base domain.

Your apps should not be manipulated outside of Helm (using Kubernetes directly).

Dynamic Application Security Testing (DAST) uses the popular open source tool OWASP ZAProxy to perform an analysis on the current code and checks for potential security issues.

Auto Browser Performance Testing utilizes the Sitespeed.io container to measure the performance of a web page.

add the paths to a file named .gitlab-urls.txt in the root directory, one per line.

After a branch or merge request is merged into the project’s default branch (usually master), Auto Deploy deploys the application to a production environment in the Kubernetes cluster, with a namespace based on the project name and unique project ID

Auto Deploy doesn’t include deployments to staging or canary by default, but the Auto DevOps template contains job definitions for these tasks if you want to enable them.

For internal and private projects a GitLab Deploy Token will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved.

If the GitLab Deploy Token cannot be found, CI_REGISTRY_PASSWORD is used. Note that CI_REGISTRY_PASSWORD is only valid during deployment.

If present, DB_INITIALIZE will be run as a shell command within an application pod as a helm post-install hook.

a post-install hook means that if any deploy succeeds, DB_INITIALIZE will not be processed thereafter.

DB_MIGRATE will be run as a shell command within an application pod as a helm pre-upgrade hook.

Once your application is deployed, Auto Monitoring makes it possible to monitor your application’s server and response metrics right out of the box.

annotate the NGINX Ingress deployment to be scraped by Prometheus using prometheus.io/scrape: "true" and prometheus.io/port: "10254"

While Auto DevOps provides great defaults to get you started, you can customize almost everything to fit your needs; from custom buildpacks, to Dockerfiles, Helm charts, or even copying the complete CI/CD configuration into your project to enable staging and canary deployments, and more.

Auto DevOps uses Helm to deploy your application to Kubernetes.

make use of the HELM_UPGRADE_EXTRA_ARGS environment variable to override the default values in the values.yaml file in the default Helm chart.

specify the use of a custom Helm chart per environment by scoping the environment variable to the desired environment.

Your additions will be merged with the Auto DevOps template using the behaviour described for include

copy and paste the contents of the Auto DevOps template into your project and edit this as needed.

In order to support applications that require a database, PostgreSQL is provisioned by default.

Set up the replica variables using a project variable and scale your application by just redeploying it!

You should not scale your application using Kubernetes directly.

Some applications need to define secret variables that are accessible by the deployed application.

Auto DevOps pipelines will take your application secret variables to populate a Kubernetes secret.

Environment variables are generally considered immutable in a Kubernetes pod.

If STAGING_ENABLED is defined in your project (e.g., set STAGING_ENABLED to 1 as a CI/CD variable), then the application will be automatically deployed to a staging environment, and a production_manual job will be created for you when you’re ready to manually deploy to production.

If CANARY_ENABLED is defined in your project (e.g., set CANARY_ENABLED to 1 as a CI/CD variable) then two manual jobs will be created: canary which will deploy the application to the canary environment production_manual which is to be used by you when you’re ready to manually deploy to production.

If INCREMENTAL_ROLLOUT_MODE is set to manual in your project, then instead of the standard production job, 4 different manual jobs will be created: rollout 10% rollout 25% rollout 50% rollout 100%

To start a job, click on the play icon next to the job’s name.

not all buildpacks support Auto Test yet

When a project has been marked as private, GitLab’s Container Registry requires authentication when downloading containers.

Authentication credentials will be valid while the pipeline is running, allowing for a successful initial deployment.

We strongly advise using GitLab Container Registry with Auto DevOps in order to simplify configuration and prevent any unforeseen issues.

ACLs allows flexible network traffic forwarding based on a variety of factors like pattern-matching and the number of connections to a backend

A backend is a set of servers that receives forwarded requests

adding more servers to your backend will increase your potential load capacity by spreading the load over multiple servers

mode http specifies that layer 7 proxying will be used

specifies the load balancing algorithm

health checks

A frontend defines how requests should be forwarded to backends

use_backend rules, which define which backends to use depending on which ACL conditions are matched, and/or a default_backend rule that handles every other case

A frontend can be configured to various types of network traffic

Load balancing this way will forward user traffic based on IP range and port

Generally, all of the servers in the web-backend should be serving identical content--otherwise the user might receive inconsistent content.

Using layer 7 allows the load balancer to forward requests to different backend servers based on the content of the user's request.

allows you to run multiple web application servers under the same domain and port

acl url_blog path_beg /blog matches a request if the path of the user's request begins with /blog.

Round Robin selects servers in turns

Selects the server with the least number of connections--it is recommended for longer sessions

This selects which server to use based on a hash of the source IP

ensure that a user will connect to the same server

require that a user continues to connect to the same backend server. This persistence is achieved through sticky sessions, using the appsession parameter in the backend that requires it.

HAProxy uses health checks to determine if a backend server is available to process requests.

The default health check is to try to establish a TCP connection to the server

If a server fails a health check, and therefore is unable to serve requests, it is automatically disabled in the backend

However, your load balancer is a single point of failure in these setups; if it goes down or gets overwhelmed with requests, it can cause high latency or downtime for your service.

A high availability (HA) setup is an infrastructure without a single point of failure

a static IP address that can be remapped from one server to another.

If that load balancer fails, your failover mechanism will detect it and automatically reassign the IP address to one of the passive servers.

Modifiers and matchers

Matcher rules determine if a particular request should be forwarded to a backend

if any rule matches

if all rules match

Use a *Prefix* matcher if your backend listens on a particular base path but also serves requests on sub-paths. For instance, PathPrefix: /products would match /products but also /products/shoes and /products/shirts. Since the path is forwarded as-is, your backend is expected to listen on /products

Use Path if your backend listens on the exact path only. For instance, Path: /products would match /products but not /products/shoes.

A backend is responsible to load-balance the traffic coming from one or more frontends to a set of http servers

wrr: Weighted Round Robin

drr: Dynamic Round Robin: increases weights on servers that perform better than others.

A circuit breaker can also be applied to a backend, preventing high loads on failing servers.

To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can also be applied to each backend.

Sticky sessions are supported with both load balancers.

When sticky sessions are enabled, a cookie is set on the initial request.

The check is defined by a path appended to the backend URL and an interval (given in a format understood by time.ParseDuration) specifying how often the health check should be executed (the default being 30 seconds). Each backend must respond to the health check within 5 seconds.

The static configuration is the global configuration which is setting up connections to configuration backends and entrypoints.

We only need to enable watch option to make Træfik watch configuration backend changes and generate its configuration automatically.

a comma-separated key/value pair where both key and value must be literals.

namespacing of your backends happens on the basis of hosts in addition to paths

Modifiers will be applied in a pre-determined order regardless of their order in the rule configuration section.

customize priority

Custom headers can be configured through the frontends, to add headers to either requests or responses that match the frontend's rules.

Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.

Servers are simply defined using a url. You can also apply a custom weight to each server (this will be used by load-balancing).

Maximum connections can be configured by specifying an integer value for maxconn.amount and maxconn.extractorfunc which is a strategy used to determine how to categorize requests in order to evaluate the maximum connections.

Nginx is one of the most popular web servers in the world. It can successfully handle high loads with many concurrent client connections, and can easily function as a web server, a mail server, or a reverse proxy server.

The main server block directives that Nginx is concerned with during this process are the listen directive, and the server_name directive.

The listen directive typically defines which IP address and port that the server block will respond to.

Nginx translates all “incomplete” listen directives by substituting missing values with their default values so that each block can be evaluated by its IP address and port.

In any case, the port must be matched exactly.

If there are multiple server blocks with the same level of specificity matching, Nginx then begins to evaluate the server_name directive of each server block.

Nginx checks the request’s “Host” header. This value holds the domain or IP address that the client was actually trying to reach.

Nginx will first try to find a server block with a server_name that matches the value in the “Host” header of the request exactly.

If no exact match is found, Nginx will then try to find a server block with a server_name that matches using a leading wildcard (indicated by a * at the beginning of the name in the config).

If no match is found using a leading wildcard, Nginx then looks for a server block with a server_name that matches using a trailing wildcard (indicated by a server name ending with a * in the config)

If no match is found using a trailing wildcard, Nginx then evaluates server blocks that define the server_name using regular expressions (indicated by a ~ before the name).

If no regular expression match is found, Nginx then selects the default server block for that IP address and port.

If no modifiers are present, the location is interpreted as a prefix match.

=: If an equal sign is used, this block will be considered a match if the request URI exactly matches the location given.

~: If a tilde modifier is present, this location will be interpreted as a case-sensitive regular expression match.

~*: If a tilde and asterisk modifier is used, the location block will be interpreted as a case-insensitive regular expression match.

^~: If a carat and tilde modifier is present, and if this block is selected as the best non-regular expression match, regular expression matching will not take place.

Keep in mind that if this block is selected and the request is fulfilled using an index page, an internal redirect will take place to another location that will be the actual handler of the request

Keeping in mind the types of location declarations we described above, Nginx evaluates the possible location contexts by comparing the request URI to each of the locations.

Nginx begins by checking all prefix-based location matches (all location types not involving a regular expression).

First, Nginx looks for an exact match.

If no exact (with the = modifier) location block matches are found, Nginx then moves on to evaluating non-exact prefixes.

After the longest matching prefix location is determined and stored, Nginx moves on to evaluating the regular expression locations (both case sensitive and insensitive).

by default, Nginx will serve regular expression matches in preference to prefix matches.

regular expression matches within the longest prefix match will “jump the line” when Nginx evaluates regex locations.

The exceptions to the “only one location block” rule may have implications on how the request is actually served and may not align with the expectations you had when designing your location blocks.

The index directive always leads to an internal redirect if it is used to handle the request.

In the case above, if you really need the execution to stay in the first block, you will have to come up with a different method of satisfying the request to the directory.

one way of preventing an index from switching contexts, but it’s probably not useful for most configurations

the try_files directive. This directive tells Nginx to check for the existence of a named set of files or directories.

the rewrite directive. When using the last parameter with the rewrite directive, or when using no parameter at all, Nginx will search for a new matching location based on the results of the rewrite.

The error_page directive can lead to an internal redirect similar to that created by try_files.

when certain status codes are encountered.

Associations are implemented using macro-style calls, so that you can declaratively add features to your models

A belongs_to association sets up a one-to-one connection with another model, such that each instance of the declaring model "belongs to" one instance of the other model.

belongs_to

A has_one association also sets up a one-to-one connection with another model, but with somewhat different semantics (and consequences).

belongs_to

A has_many association indicates a one-to-many connection with another model.

This association indicates that each instance of the model has zero or more instances of another model.

belongs_to

A has_many :through association is often used to set up a many-to-many connection with another model

This association indicates that the declaring model can be matched with zero or more instances of another model by proceeding through a third model.

through:

through:

The collection of join models can be managed via the API

new join models are created for newly associated objects, and if some are gone their rows are deleted.

The has_many :through association is also useful for setting up "shortcuts" through nested has_many associations

A has_one :through association sets up a one-to-one connection with another model. This association indicates that the declaring model can be matched with one instance of another model by proceeding through a third model.

A has_and_belongs_to_many association creates a direct many-to-many connection with another model, with no intervening model.

id: false

The has_one relationship says that one of something is yours

using t.references :supplier instead.

declare a many-to-many relationship is to use has_many :through. This makes the association indirectly, through a join model

set up a has_many :through relationship if you need to work with the relationship model as an independent entity

set up a has_and_belongs_to_many relationship (though you'll need to remember to create the joining table in the database).

use has_many :through if you need validations, callbacks, or extra attributes on the join model

With polymorphic associations, a model can belong to more than one other model, on a single association.

a polymorphic belongs_to declaration as setting up an interface that any other model can use.

In designing a data model, you will sometimes find a model that should have a relation to itself

add a references column to the model itself

All of the association methods are built around caching, which keeps the result of the most recent query available for further operations.

it is a bad idea to give an association a name that is already used for an instance method of ActiveRecord::Base. The association method would override the base method and break things.

belongs_to associations you need to create foreign keys

has_and_belongs_to_many associations you need to create the appropriate join table

So a join between customer and order models will give the default join table name of "customers_orders" because "c" outranks "o" in lexical ordering.

For example, one would expect the tables "paper_boxes" and "papers" to generate a join table name of "papers_paper_boxes" because of the length of the name "paper_boxes", but it in fact generates a join table name of "paper_boxes_papers" (because the underscore '' is lexicographically _less than 's' in common encodings).

id: false

pass id: false to create_table because that table does not represent a model

By default, associations look for objects only within the current module's scope.

will work fine, because both the Supplier and the Account class are defined within the same scope.

To associate a model with a model in a different namespace, you must specify the complete class name in your association declaration:

class_name

class_name

Active Record provides the :inverse_of option

Every association will attempt to automatically find the inverse association and set the :inverse_of option heuristically (based on the association name)

In database terms, this association says that this class contains the foreign key.

In all of these methods, association is replaced with the symbol passed as the first argument to belongs_to.

(force_reload = false)

The association method returns the associated object, if any. If no associated object is found, it returns nil.