Leonardo da Rosa activity

Leonardo da Rosa pushed to project branch master at GitLab.org / GitLab

2026-03-13T22:09:51Z

Leonardo da Rosa (f70d2ee8) at 13 Mar 22:09

Merge branch 'morefice/bbo-finalize-operation-max-cursor-reached' i...

... and 1 more commit

Leonardo da Rosa deleted project branch morefice/bbo-finalize-operation-max-cursor-reached at GitLab.org / GitLab

2026-03-13T22:09:27Z

Leonardo da Rosa (5bee4ff7) at 13 Mar 22:09

Leonardo da Rosa accepted merge request !226845: BBO - Handle stale running jobs at GitLab.org / GitLab

2026-03-13T22:08:59Z

Ref: #593371

What does this MR do and why?

This MR fixes a bug where a BBO worker gets stuck because a job remains in running state indefinitely.

When a Sidekiq process is killed mid-execution, the job never transitions to succeeded or failed and the worker can't finalize while this stale job exists.

This adds a stale scope (running jobs older than 1 hour) and includes it in retriable, matching how BBM handles it in batched_job.rb

Stale jobs will now get retried automatically, allowing the worker to finalize once all jobs complete.

We observed this in production where a job is stuck in running since Feb 23.

Leonardo da Rosa pushed to project branch master at GitLab.org / GitLab

2026-03-13T21:44:06Z

Leonardo da Rosa (e9de2163) at 13 Mar 21:44

Merge branch 'add-sharding-keys-snippet-repository-states' into 'ma...

... and 1 more commit

Leonardo da Rosa deleted project branch add-sharding-keys-snippet-repository-states at GitLab.org / GitLab

2026-03-13T21:43:54Z

Leonardo da Rosa (562bc012) at 13 Mar 21:43

Leonardo da Rosa accepted merge request !224563: Add and backfill sharding keys for snippet_repository_states at GitLab.org / GitLab

2026-03-13T21:43:22Z

What does this MR do and why?

Add and backfill snippet_project_id and snippet_organization_id sharding keys for the snippet_repository_states table to support organization isolation.

References

Closes #587561

How to set up and validate locally

Run bin/rails db:migrate and verify the new columns exist with \d snippet_repository_states in psql.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Leonardo da Rosa approved merge request !224563: Add and backfill sharding keys for snippet_repository_states at GitLab.org / GitLab

2026-03-13T21:43:04Z

What does this MR do and why?

Add and backfill snippet_project_id and snippet_organization_id sharding keys for the snippet_repository_states table to support organization isolation.

References

Closes #587561

How to set up and validate locally

Run bin/rails db:migrate and verify the new columns exist with \d snippet_repository_states in psql.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Leonardo da Rosa approved merge request !226845: BBO - Handle stale running jobs at GitLab.org / GitLab

2026-03-13T19:13:37Z

Ref: #593371

What does this MR do and why?

This MR fixes a bug where a BBO worker gets stuck because a job remains in running state indefinitely.

When a Sidekiq process is killed mid-execution, the job never transitions to succeeded or failed and the worker can't finalize while this stale job exists.

This adds a stale scope (running jobs older than 1 hour) and includes it in retriable, matching how BBM handles it in batched_job.rb

Stale jobs will now get retried automatically, allowing the worker to finalize once all jobs complete.

We observed this in production where a job is stuck in running since Feb 23.

Leonardo da Rosa commented on merge request !226845 at GitLab.org / GitLab

2026-03-13T19:13:36Z

@morefice, great solution! 👏

Leonardo da Rosa pushed to project branch master at GitLab.org / GitLab

2026-03-13T17:45:57Z

Leonardo da Rosa (3f52aa77) at 13 Mar 17:45

Merge branch 'revert-e0def9f8' into 'master'

... and 1 more commit

Leonardo da Rosa deleted project branch revert-e0def9f8 at GitLab.org / GitLab

2026-03-13T17:45:13Z

Leonardo da Rosa (5723497d) at 13 Mar 17:45

Leonardo da Rosa accepted merge request !227275: Revert BBO - Disable UnconfirmedSecondaryEmailsDeletionCronWorker at GitLab.org / GitLab

2026-03-13T17:44:41Z

What does this MR do and why?

This MR reverts !225654.

It enables back the old worker UnconfirmedSecondaryEmailsDeletionCronWorker to make sure we continue to delete secondary emails.

Leonardo da Rosa pushed to project branch main at Leonardo da Rosa - O.O.O From Aug. 22 to Aug 20 O.O.O until Jul. 10th / l.rosa

2026-03-13T14:34:36Z

Leonardo da Rosa (d3253e39) at 13 Mar 14:34

Edit README.md

Leonardo da Rosa approved merge request !227275: Revert BBO - Disable UnconfirmedSecondaryEmailsDeletionCronWorker at GitLab.org / GitLab

2026-03-13T14:32:26Z

What does this MR do and why?

This MR reverts !225654.

It enables back the old worker UnconfirmedSecondaryEmailsDeletionCronWorker to make sure we continue to delete secondary emails.

Leonardo da Rosa commented on merge request !227275 at GitLab.org / GitLab

2026-03-13T14:32:25Z

Thanks, @morefice 🚀

Leonardo da Rosa closed issue #596: Database Group Triage for week ending 2026-03-06 at GitLab.org / Database Team / team-tasks

2026-03-13T14:13:42Z

Leonardo da Rosa commented on merge request !224292 at GitLab.org / GitLab

2026-03-13T14:02:12Z

!224292 (comment 3157939165)

Leonardo da Rosa approved merge request !224292: Added backfill migration for owasp_top_10 from identifiers at GitLab.org / GitLab

2026-03-13T14:01:39Z

What does this MR do and why?

Queues a Batched Background Migration to backfill the owasp_2017 classification for existing vulnerability records by deriving it from their associated identifiers.

References

Relates to: #583076

Database

UPDATE vulnerability_reads
SET owasp_top_10 = CASE
  WHEN 'A1:2017 - Injection' = ANY(identifier_names) THEN 1
  WHEN 'A2:2017 - Broken Authentication' = ANY(identifier_names) THEN 2
  WHEN 'A3:2017 - Sensitive Data Exposure' = ANY(identifier_names) THEN 3
  WHEN 'A4:2017 - XML External Entities (XXE)' = ANY(identifier_names) THEN 4
  WHEN 'A5:2017 - Broken Access Control' = ANY(identifier_names) THEN 5
  WHEN 'A6:2017 - Security Misconfiguration' = ANY(identifier_names) THEN 6
  WHEN 'A7:2017 - Cross-Site Scripting (XSS)' = ANY(identifier_names) THEN 7
  WHEN 'A8:2017 - Insecure Deserialization' = ANY(identifier_names) THEN 8
  WHEN 'A9:2017 - Using Components with Known Vulnerabilities' = ANY(identifier_names) THEN 9
  WHEN 'A10:2017 - Insufficient Logging & Monitoring' = ANY(identifier_names) THEN 10
  ELSE -1
END
WHERE id IN (
  SELECT id 
  FROM vulnerability_reads 
  WHERE owasp_top_10 IN (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
  LIMIT 100
)

https://console.postgres.ai/gitlab/gitlab-production-sec/sessions/49173/commands/146855

How to set up and validate locally

Run the following:

job = Gitlab::BackgroundMigration::BackfillOwasp2017FromIdentifiers.new(
  start_id: Vulnerabilities::Read.minimum(:id),
  end_id: Vulnerabilities::Read.maximum(:id),
  batch_table: :vulnerability_reads,
  batch_column: :id,
  sub_batch_size: 500,
  pause_ms: 0,
  connection: SecApplicationRecord.connection
)

job.perform

The following query should return 0:

Vulnerabilities::Read.where(owasp_top_10: ::Enums::Vulnerability::OWASP_TOP_10_BY_YEAR["2021"].values).count
# Should return 0

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #590989