In two month we have to upgrade to GitLab version 17. This tasks tracks all deprecation.
A list of all deprecation in version 17: https://docs.gitlab.com/ee/update/deprecations.html?removal_milestone=17.0
Deprecation affecting us:
Deprecated parameters related to custom text in the sign-in page- gitlab-settings uses the description field already
JWT /-/jwks instance endpoint is deprecatedOld versions of JSON web tokens are deprecated ?- fixed by T337474
PostgreSQL 13 no longer supported T365768- Test GitLab Account Approval Bot
Deprecation NOT affecting us:
- 'repository_download_operation’ audit event type for public projects
- Agent for Kubernetes option ca-cert-file renamed
- Auto DevOps support for Herokuish is deprecated
- Autogenerated Markdown anchor links with dash (-) characters
- CiRunner.projects default sort is changing to id_desc
- Compliance framework in general settings
- Container registry support for the Swift and OSS storage drivers
- DAST ZAP advanced configuration variables deprecation
- Dependency Scanning incorrect SBOM metadata properties
- Dependency Scanning support for sbt 1.0.X
- Deprecate GraphQL fields related to the temporary storage increase
- Deprecate Grype scanner for Container Scanning
- Deprecate License Scanning CI templates
- Deprecate Python 3.9 in Dependency Scanning and License Scanning
- Deprecate Windows CMD in GitLab Runner
- Deprecate CiRunner GraphQL fields duplicated in CiRunnerManager
- Deprecate fmt job in Terraform Module CI/CD template
- Deprecate message field from Vulnerability Management features
- Deprecate terminationGracePeriodSeconds in the GitLab Runner Kubernetes executor
- Deprecate version field in feature flag API
- Deprecate change vulnerability status from the Developer role
- Deprecate custom role creation for group owners on self-managed
- Deprecate field hasSolutions from GraphQL VulnerabilityType
- Deprecate legacy shell escaping and quoting runner shell executor
- Deprecating Windows Server 2019 in favor of 2022
- DingTalk OmniAuth provider
- Duplicate storages in Gitaly configuration
- File type variable expansion fixed in downstream pipelines
- Geo: Legacy replication details routes for designs and projects deprecated
- GitLab Helm chart values gitlab.kas.privateApi.tls.* are deprecated
- GitLab Runner provenance metadata SLSA v0.2 statement
- GraphQL API access through unsupported methods
- GraphQL deprecation of dependencyProxyTotalSizeInBytes field
- GraphQL field confidential changed to internal on notes
- GraphQL field registrySizeEstimated has been deprecated
- GraphQL field totalWeight is deprecated
- GraphQL networkPolicies resource deprecated
- GraphQL type, RunnerMembershipFilter renamed to CiRunnerMembershipFilter
- GraphQL: The DISABLED_WITH_OVERRIDE value of the SharedRunnersSetting enum is deprecated. Use DISABLED_AND_OVERRIDABLE instead
- GraphQL: deprecate support for canDestroy and canDelete
- HashiCorp Vault integration will no longer use CI_JOB_JWT by default
- Heroku image upgrade in Auto DevOps build
- Internal container registry API tag deletion endpoint
- Legacy Geo Prometheus metrics
- Deprecated metric Replacement metric
- License List is deprecated
- License Scanning support for sbt 1.0.X
- Linux packages for Ubuntu 18.04
- List repository directories Rake task
- Maintainer role providing the ability to change Package settings using GraphQL API
- Maven versions below 3.8.8 support in Dependency Scanning and License Scanning
- Min concurrency and max concurrency in Sidekiq options
- Offset pagination for /users REST API endpoint is deprecated
- OmniAuth Facebook is deprecated
- Package pipelines in API payload is paginated
- PipelineSecurityReportFinding projectFingerprint GraphQL field
- Proxy-based DAST deprecated
- Queue selector for running Sidekiq is deprecated
- Removal of tags from small SaaS runners on Linux
- Rename the ‘require_password_to_approve’ field
- Required Pipeline Configuration is deprecated
- SAST analyzer coverage changing in GitLab 17.0
- Scan execution policies enforcing scans with an _EXCLUDED_ANALYZERS variable will override project variables
- Secure analyzers major version update
- Security policy field match_on_inclusion is deprecated
- Security policy field newly_detected is deprecated
- Support for self-hosted Sentry versions 21.4.1 and earlier
- The deprecated support is for GitLab instance error tracking features for administrators. The deprecated support does not relate to GitLab error tracking for developers’ own deployed applications.
- Support for setting custom schema for backup is deprecated
- The GitHub importer Rake task
- The Visual Reviews tool is deprecated
- The gitlab-runner exec command is deprecated
- The pull-based deployment features of the GitLab agent for Kubernetes is deprecated
- Trigger jobs can mirror downstream pipeline status exactly
- Twitter OmniAuth login option is deprecated from self-managed GitLab
- Unified approval rules are deprecated
- Upgrading the operating system version of GitLab SaaS runners on Linux
- Vulnerability confidence field
- after_script keyword will run for cancelled jobs
- dependency_files is deprecated
- metric filter and value field for DORA API
- omniauth-azure-oauth2 gem is deprecated
- omnibus_gitconfig configuration item is deprecated
- postgres_exporter['per_table_stats'] configuration setting
- npm package uploads now occur asynchronously
Upgraded hosts:
Test instance:
- gitlab-prod-1002.devtools.eqiad1.wikimedia.cloud
- gitlab-runner-1002.devtools.eqiad1.wikimedia.cloud
- gitlab-runner-1003.devtools.eqiad1.wikimedia.cloud
- gitlab-runner-1005.devtools.eqiad1.wikimedia.cloud - This runner is on bookworm and is not using wmf apt package T367717
Replicas:
- gitlab1003.wikimedia.org
- gitlab1004.wikimedia.org
Production:
- gitlab2002.wikimedia.org
- Trusted runners
- Shared runners - will be upgraded by unattended upgrades
- Cloud runners