Add latest changes from gitlab-org/gitlab@master

2022-03-24 21:08:50 +00:00 · 2022-03-24 21:08:50 +00:00 · 09b154dce0
commit 09b154dce0
parent 80c12cd5b2
31 changed files with 188 additions and 156 deletions
--- a/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue
+++ b/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue
@ -111,7 +111,7 @@ export default {
    },
    getFullDestinationUrl(params) {
-      return joinPaths(gon.relative_url_root || '', this.getDestinationUrl(params));
+      return joinPaths(gon.relative_url_root || '', '/', this.getDestinationUrl(params));
    },
  },
--- a/app/controllers/concerns/wiki_actions.rb
+++ b/app/controllers/concerns/wiki_actions.rb
@ -312,7 +312,7 @@ module WikiActions
  end
  def load_content?
-    return false if params[:action] == 'history'
+    return false if %w[history destroy diff].include?(params[:action])
    return false if params[:action] == 'show' && Feature.enabled?(:wiki_async_load, container, default_enabled: :yaml)
    true
--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
@ -43,12 +43,7 @@ class Projects::RefsController < Projects::ApplicationController
  end
  def logs_tree
    tree_summary = ::Gitlab::TreeSummary.new(
      @commit, @project, current_user,
      path: @path, offset: permitted_params[:offset], limit: 25)
    respond_to do |format|
      format.html { render_404 }
      format.json do
        logs, next_offset = tree_summary.fetch_logs
@ -61,6 +56,13 @@ class Projects::RefsController < Projects::ApplicationController
  private
  def tree_summary
    ::Gitlab::TreeSummary.new(
      @commit, @project, current_user,
      path: @path, offset: permitted_params[:offset], limit: 25
    )
  end
  def validate_ref_id
    return not_found if permitted_params[:id].present? && permitted_params[:id] !~ Gitlab::PathRegex.git_reference_regex
  end
--- a/doc/api/api_resources.md
+++ b/doc/api/api_resources.md
@ -103,10 +103,10 @@ The following API resources are available in the group context:
 | [Custom attributes](custom_attributes.md)                        | `/groups/:id/custom_attributes` (also available for projects and users) |
 | [Debian distributions](packages/debian_group_distributions.md)   | `/groups/:id/-/packages/debian` (also available for projects) |
 | [Deploy tokens](deploy_tokens.md)                                | `/groups/:id/deploy_tokens` (also available for projects and standalone) |
-| [Discussions](discussions.md) (threaded comments) **(ULTIMATE)** | `/groups/:id/epics/.../discussions` (also available for projects) |
+| [Discussions](discussions.md) (comments and threads)             | `/groups/:id/epics/.../discussions` (also available for projects) |
-| [Epic issues](epic_issues.md) **(ULTIMATE)**                     | `/groups/:id/epics/.../issues` |
+| [Epic issues](epic_issues.md) **(PREMIUM)**                      | `/groups/:id/epics/.../issues` |
-| [Epic links](epic_links.md) **(ULTIMATE)**                       | `/groups/:id/epics/.../epics` |
+| [Epic links](epic_links.md) **(PREMIUM)**                        | `/groups/:id/epics/.../epics` |
-| [Epics](epics.md) **(ULTIMATE)**                                 | `/groups/:id/epics` |
+| [Epics](epics.md) **(PREMIUM)**                                  | `/groups/:id/epics` |
 | [Groups](groups.md)                                              | `/groups`, `/groups/.../subgroups` |
 | [Group badges](group_badges.md)                                  | `/groups/:id/badges` |
 | [Group issue boards](group_boards.md)                            | `/groups/:id/boards` |
--- a/doc/api/discussions.md
+++ b/doc/api/discussions.md
@ -11,13 +11,14 @@ Discussions are a set of related notes on:
 - Snippets
 - Issues
- Epics **(ULTIMATE)**
+- [Epics](../user/group/epics/index.md)
 - Merge requests
 - Commits
-This includes system notes, which are notes about changes to the object (for example,
+This includes [comments and threads](../user/discussions/index.md) and system notes.
-when a milestone changes, a corresponding system note is added). Label notes are
+System notes are notes about changes to the object (for example, when a milestone changes).
-not part of this API, but recorded as separate events in [resource label events](resource_label_events.md).
+Label notes are not part of this API, but recorded as separate events in
 [resource label events](resource_label_events.md).
 ## Discussions pagination
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@ -4380,7 +4380,7 @@ Input type: `SecurityPolicyProjectCreateInput`
 ### `Mutation.securityPolicyProjectUnassign`
-Unassigns the security policy project for the given project(`project_path`).
+Unassigns the security policy project for the given project (`full_path`).
 Input type: `SecurityPolicyProjectUnassignInput`
@ -4389,7 +4389,8 @@ Input type: `SecurityPolicyProjectUnassignInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationsecuritypolicyprojectunassignclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
-| <a id="mutationsecuritypolicyprojectunassignprojectpath"></a>`projectPath` | [`ID!`](#id) | Full path of the project. |
+| <a id="mutationsecuritypolicyprojectunassignfullpath"></a>`fullPath` | [`String`](#string) | Full path of the project. |
 | <a id="mutationsecuritypolicyprojectunassignprojectpath"></a>`projectPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Use `fullPath`. Deprecated in 14.10. |
 #### Fields
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@ -249,7 +249,7 @@ Avoid:
  [_explain why, not what_](https://blog.codinghorror.com/code-tells-you-how-comments-tell-you-why/).
 - Requesting maintainer reviews of merge requests with failed tests. If the tests are failing and you have to request a review, ensure you leave a comment with an explanation.
 - Excessively mentioning maintainers through email or Slack (if the maintainer is reachable
-through Slack). If you can't add a reviewer for a merge request, `@` mentioning a maintainer in a comment is acceptable and in all other cases adding a reviewer is sufficient.
+through Slack). If you can't add a reviewer for a merge request, it's acceptable to `@` mention a maintainer in a comment. In all other cases, it's sufficient to add a reviewer or [request their attention](../user/project/merge_requests/index.md#request-attention-to-a-merge-request) if they're already a reviewer.
 This saves reviewers time and helps authors catch mistakes earlier.
@ -259,10 +259,8 @@ This saves reviewers time and helps authors catch mistakes earlier.
 that it meets all requirements, you should:
 - Click the Approve button.
- `@` mention the author to generate a to-do notification, and advise them that their merge request has been reviewed and approved.
+- Request a review from a maintainer or [request their attention](../user/project/merge_requests/index.md#request-attention-to-a-merge-request) if they're already a reviewer. Default to requests for a maintainer with [domain expertise](#domain-experts),
 - Request a review from a maintainer. Default to requests for a maintainer with [domain expertise](#domain-experts),
 however, if one isn't available or you think the merge request doesn't need a review by a [domain expert](#domain-experts), feel free to follow the [Reviewer roulette](#reviewer-roulette) suggestion.
 - Remove yourself as a reviewer.
 ### The responsibility of the maintainer
@ -290,7 +288,7 @@ If a developer who happens to also be a maintainer was involved in a merge reque
 as a reviewer, it is recommended that they are not also picked as the maintainer to ultimately approve and merge it.
 Maintainers should check before merging if the merge request is approved by the
-required approvers. If still awaiting further approvals from others, remove yourself as a reviewer then `@` mention the author and explain why in a comment. Stay as reviewer if you're merging the code.
+required approvers. If still awaiting further approvals from others, explain that in a comment and [request attention](../user/project/merge_requests/index.md#request-attention-to-a-merge-request) from other reviewers as appropriate. Do not remove yourself as a reviewer.
 Maintainers must check before merging if the merge request is introducing new
 vulnerabilities, by inspecting the list in the merge request
@ -312,14 +310,20 @@ After merging, a maintainer should stay as the reviewer listed on the merge requ
 ### Dogfooding the Reviewers feature
-On March 18th 2021, an updated process was put in place aimed at efficiently and consistently dogfooding the Reviewers feature.
+Replaced with [dogfooding the attention request feature](#dogfooding-the-attention-request-feature).
 ### Dogfooding the attention request feature
 In March of 2022, an updated process was put in place aimed at efficiently and consistently dogfooding the
 [attention requests feature](../user/project/merge_requests/index.md#request-attention-to-a-merge-request) under `Merge requests` -> `Need your attention`. This replaces previous guidance on [dogfooding the reviewers feature](#dogfooding-the-reviewers-feature).
 Here is a summary of the changes, also reflected in this section above.
- Merge request authors and DRIs stay as Assignees
+- Merge request authors and DRIs stay as assignees
- Authors request a review from Reviewers when they are expected to review
+- Assignees request a review from reviewer(s) when they are expected to review
- Reviewers remove themselves after they're done reviewing/approving
+- Reviewers stay assigned for the entire duration of the merge request
- The last approver stays as Reviewer upon merging
+- Reviewers request attention from the assignee or other reviewer(s) after they've done reviewing, depending on who needs to take action
 - Assignees request attention from the reviewer(s) when changes are made
 ## Best practices
--- a/doc/development/gemfile.md
+++ b/doc/development/gemfile.md
@ -58,9 +58,9 @@ to a gem, go through these steps:
   the [`gitlab-org/ruby/gems` namespace](https://gitlab.com/gitlab-org/ruby/gems/).
   - To create this project:
-       1. Follow the [instructions for new projects](https://about.gitlab.com/handbook/engineering/#creating-a-new-project).
+       1. Follow the [instructions for new projects](https://about.gitlab.com/handbook/engineering/gitlab-repositories/#creating-a-new-project).
-       1. Follow the instructions for setting up a [CI/CD configuration](https://about.gitlab.com/handbook/engineering/#cicd-configuration).
+       1. Follow the instructions for setting up a [CI/CD configuration](https://about.gitlab.com/handbook/engineering/gitlab-repositories/#cicd-configuration).
-       1. Follow the instructions for [publishing a project](https://about.gitlab.com/handbook/engineering/#publishing-a-project).
+       1. Follow the instructions for [publishing a project](https://about.gitlab.com/handbook/engineering/gitlab-repositories/#publishing-a-project).
   - See [issue
     #325463](https://gitlab.com/gitlab-org/gitlab/-/issues/325463)
     for an example.
--- a/doc/tutorials/index.md
+++ b/doc/tutorials/index.md
@ -31,6 +31,7 @@ the most out of GitLab.
 | Topic | Description | Good for beginners |
 |-------|-------------|--------------------|
 | [Make your first Git commit](make_your_first_git_commit.md) | Create a project, edit a file, and commit changes to a Git repository from the command line. | **{star}** |
 | [Start using Git on the command line](../gitlab-basics/start-using-git.md) | Learn how to set up Git, clone repositories, and work with branches. | **{star}** |
 | [Git cheat sheet](https://about.gitlab.com/images/press/git-cheat-sheet.pdf) | Download a PDF of common Git commands. | |
--- a/doc/user/clusters/agent/ci_cd_tunnel.md
+++ b/doc/user/clusters/agent/ci_cd_tunnel.md
@ -8,6 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327409) in GitLab 14.1.
 > - The pre-configured `KUBECONFIG` was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/324275) in GitLab 14.2.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) the `ci_access` attribute in GitLab 14.3.
 > - The ability to authorize groups was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
 > - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/6290) to GitLab Free in 14.5.
 > - Support for Omnibus installations was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5686) in GitLab 14.5.
--- a/doc/user/clusters/agent/gitops.md
+++ b/doc/user/clusters/agent/gitops.md
@ -6,7 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Using a GitOps workflow for Kubernetes **(PREMIUM)**
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7.
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/332227) in GitLab 14.0, the `resource_inclusions` and `resource_exclusions` attributes were removed and `reconcile_timeout`, `dry_run_strategy`, `prune`, `prune_timeout`, `prune_propagation_policy`, and `inventory_policy` attributes were added.
 With GitOps, you can manage containerized clusters and applications from a Git repository that:
--- a/doc/user/clusters/agent/index.md
+++ b/doc/user/clusters/agent/index.md
@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/223061) in GitLab 13.4.
 > - Support for `grpcs` [introduced](https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/issues/7) in GitLab 13.6.
 > - Agent server [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/300960) on GitLab.com under `wss://kas.gitlab.com` through an Early Adopter Program in GitLab 13.10.
-> - The agent became available to every project on GitLab.com in GitLab 13.11.
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3834) in GitLab 13.11, the GitLab agent became available on GitLab.com.
 > - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/6290) from GitLab Premium to GitLab Free in 14.5.
 > - [Renamed](https://gitlab.com/groups/gitlab-org/-/epics/7167) from "GitLab Kubernetes Agent" to "GitLab agent for Kubernetes" in GitLab 14.6.
--- a/doc/user/clusters/agent/repository.md
+++ b/doc/user/clusters/agent/repository.md
@ -6,11 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Working with the agent for Kubernetes **(FREE)**
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7.
+Use the following tasks when working with the agent for Kubernetes.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3834) in GitLab 13.11, the GitLab agent became available on GitLab.com.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) the `ci_access` attribute in GitLab 14.3.
 > - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/6290) from GitLab Premium to GitLab Free in 14.5.
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/332227) in GitLab 14.0, the `resource_inclusions` and `resource_exclusions` attributes were removed and `reconcile_timeout`, `dry_run_strategy`, `prune`, `prune_timeout`, `prune_propagation_policy`, and `inventory_policy` attributes were added.
 ## View your agents
--- a/doc/user/project/merge_requests/img/attention_filter_v14_10.png
+++ b/doc/user/project/merge_requests/img/attention_filter_v14_10.png
--- a/doc/user/project/merge_requests/img/attention_request_list_v14_10.png
+++ b/doc/user/project/merge_requests/img/attention_request_list_v14_10.png
--- a/doc/user/project/merge_requests/img/attention_request_sidebar_v14_10.png
+++ b/doc/user/project/merge_requests/img/attention_request_sidebar_v14_10.png
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@ -70,6 +70,53 @@ change and whether you need access to a development environment:
 - [Push changes from the command line](../../../gitlab-basics/start-using-git.md), if you are
  familiar with Git and the command line.
 ## Request attention to a merge request
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/343528) in GitLab 14.10 [with a flag](../../../administration/feature_flags.md) named `mr_attention_requests`. Disabled by default.
 FLAG:
 On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `mr_attention_requests`.
 On GitLab.com, this feature is dependent on the enablement status of the feature flag. Refer to the [enablement issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343528) for details.
 To tell a merge request's assignee or reviewer that their attention is
 needed on a merge request, you can request their attention. If an assignee or a
 reviewer has their attention requested on a merge request, the **Attention request**
 icon (**{attention}**) is displayed as a solid icon (**{attention-solid}**) on
 the merge request list page:
 ![Attention request icon](img/attention_request_list_v14_10.png)
 To view a list of merge requests that need your attention:
 1. On the top bar, select **Merge requests**. (**{merge-request}**)
 1. Select **Attention requests**.
 To request attention from another user:
 1. Go to the merge request.
 1. On the right sidebar, identify the user you want to request attention from.
 1. Next to the user's name, select **Request attention**, and the appearance
   of the icon changes:
   ![Attention request toggle](img/attention_request_sidebar_v14_10.png)
 ### Remove an attention request
 If your attention was requested as an assignee or reviewer, it's removed when you:
 - You manually remove the attention request by selecting **Remove attention request** (**{attention-solid}**).
 - Approve the merge request.
 - Add a new user as an assignee or reviewer.
 - Request the attention of a different assignee or reviewer.
 - Remove yourself (or are removed by someone else) as an assignee or reviewer.
 - Merge or close the merge request.
 - Manually remove the attention request by selecting **Remove attention request**. (**{attention-solid}**)
 If you are both the assignee and a reviewer on a merge request, you receive
 only one attention request, which is synced across both duties. If the
 attention request is removed from you, either as an assignee or a reviewer,
 it is removed from both your duties.
 ## Close a merge request
 If you decide to permanently stop work on a merge request,
--- a/doc/user/project/service_desk.md
+++ b/doc/user/project/service_desk.md
@ -347,20 +347,6 @@ Note that:
 - The project's visibility (private, internal, public) does not affect Service Desk.
 - The path to the project, including its group or namespace, is shown in emails.
 #### Issues created on someone's behalf
 To allow third party applications and ticketing systems to interface with Service Desk,
 when the email contains the `Reply-To` email header, this email address is used as the address of the
 issue author.
 Because the `Reply-To` header can be set to arbitrary values, do not blindly trust that an issue
 created on behalf of `someone@example.com` was indeed created by the real owner of such email address.
 For example, an email with headers `To: support@example.com` and `Reply-To:someone@example.com`
 creates an issue with the following note:
 > Created (…) by `support@example.com` (reply to: `someone@example.com`) (…)
 #### Privacy considerations
 Service Desk issues are confidential, but the project owner can
--- a/doc/user/project/settings/import_export.md
+++ b/doc/user/project/settings/import_export.md
@ -154,9 +154,9 @@ The default is `0` (unlimited).
 Imported users can be mapped by their public email addresses on self-managed instances, if an administrator (not an owner) does the import.
- Public email addresses are not set by default. Users must
+- The project must be exported by a project or group member with the Owner role.
-[set it in their profiles](../../profile/index.md#set-your-public-email)
+- Public email addresses are not set by default. Users must [set it in their profiles](../../profile/index.md#set-your-public-email)
-for mapping to work correctly.
+  for mapping to work correctly.
 - For contributions to be mapped correctly, users must be an existing member of the namespace,
  or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original author and the MRs, notes, or issues that are owned by the importer.
 - Imported users are set as [direct members](../members/index.md)
--- a/lib/gitlab/email/handler/service_desk_handler.rb
+++ b/lib/gitlab/email/handler/service_desk_handler.rb
@ -34,7 +34,7 @@ module Gitlab
          create_issue_or_note
-          if issue_creator_address
+          if from_address
            add_email_participant
            send_thank_you_email unless reply_email?
          end
@ -98,7 +98,7 @@ module Gitlab
              title: mail.subject,
              description: message_including_template,
              confidential: true,
-              external_author: external_author
+              external_author: from_address
            },
            spam_params: nil
          ).execute
@ -176,22 +176,8 @@ module Gitlab
          ).execute
        end
        def issue_creator_address
          reply_to_address || from_address
        end
        def from_address
-          mail.from.first || mail.sender
+          (mail.reply_to || []).first || mail.from.first || mail.sender
        end
        def reply_to_address
          (mail.reply_to || []).first
        end
        def external_author
          return issue_creator_address unless reply_to_address && from_address
          _("%{from_address} (reply to: %{reply_to_address})") % { from_address: from_address, reply_to_address: reply_to_address }
        end
        def can_handle_legacy_format?
@ -205,7 +191,7 @@ module Gitlab
        def add_email_participant
          return if reply_email? && !Feature.enabled?(:issue_email_participants, @issue.project)
-          @issue.issue_email_participants.create(email: issue_creator_address)
+          @issue.issue_email_participants.create(email: from_address)
        end
      end
    end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -664,9 +664,6 @@ msgstr ""
 msgid "%{firstMilestoneName} + %{numberOfOtherMilestones} more"
 msgstr ""
 msgid "%{from_address} (reply to: %{reply_to_address})"
 msgstr ""
 msgid "%{gitlab_experience_text}. Don't worry, this information isn't shared outside of your self-managed GitLab instance."
 msgstr ""
@ -33087,6 +33084,12 @@ msgstr ""
 msgid "SecurityOrchestration|%{branches} and %{lastBranch} %{plural}"
 msgstr ""
 msgid "SecurityOrchestration|%{scanners}"
 msgstr ""
 msgid "SecurityOrchestration|%{scanners} %{severities} in an open merge request targeting %{branches}."
 msgstr ""
 msgid "SecurityOrchestration|.yaml preview"
 msgstr ""
@ -33102,6 +33105,9 @@ msgstr ""
 msgid "SecurityOrchestration|All policies"
 msgstr ""
 msgid "SecurityOrchestration|All scanners find"
 msgstr ""
 msgid "SecurityOrchestration|Allow all inbound traffic to all pods from all pods on ports 443/TCP."
 msgstr ""
@ -33297,9 +33303,6 @@ msgstr ""
 msgid "SecurityOrchestration|Summary"
 msgstr ""
 msgid "SecurityOrchestration|The %{scanners} %{severities} in an open merge request targeting %{branches}."
 msgstr ""
 msgid "SecurityOrchestration|There was a problem creating the new security policy"
 msgstr ""
--- a/qa/.confiner/master.yml
+++ b/qa/.confiner/master.yml
@ -0,0 +1,34 @@
 - name: Quarantine E2E tests in Master that fail consistently
  plugin:
    name: gitlab # https://gitlab.com/gitlab-org/quality/confiner/-/blob/main/doc/plugins/gitlab.md
    args:
      threshold: 3 # 3 failures
      private_token: $QA_GITLAB_CI_TOKEN
      project_id: gitlab-org/gitlab-qa-mirror # https://gitlab.com/gitlab-org/gitlab-qa-mirror/
      target_project: gitlab-org/gitlab
      failure_issue_labels: QA,Quality
      failure_issue_prefix: "Failure in "
      pwd: qa # E2E specs reside in the qa subdirectory
      timeout: 30
      ref: master
  actions:
    - quarantine
 - name: Dequarantine E2E tests in Master that pass consistently
  plugin:
    name: gitlab # https://gitlab.com/gitlab-org/quality/confiner/-/blob/main/doc/plugins/gitlab.md
    args:
      threshold: 10 # at least 10 passes consecutively with no failures to be a candidate for dequarantine
      private_token: $QA_GITLAB_CI_TOKEN
      # we do not run quarantined jobs automatically on master, but we still commit to master
      project_id: gitlab-org/quality/nightly # https://gitlab.com/gitlab-org/quality/nightly/
      target_project: gitlab-org/gitlab # https://gitlab.com/gitlab-org/gitlab
      failure_issue_labels: QA,Quality
      failure_issue_prefix: "Failure in "
      pwd: qa # E2E specs reside in the qa subdirectory
      timeout: 30
      ref: master
      job_pattern: '.+-quarantine'
  actions:
    - dequarantine
--- a/qa/.confiner/quarantine.yml
+++ b/qa/.confiner/quarantine.yml
@ -1,15 +0,0 @@
 - name: Quarantine E2E tests that fail consistently
  plugin:
    name: gitlab # https://gitlab.com/gitlab-org/quality/confiner/-/blob/main/doc/plugins/gitlab.md
    args:
      threshold: 3 # 3 failures
      private_token: $QA_GITLAB_CI_TOKEN
      project_id: gitlab-org/gitlab-qa-mirror # https://gitlab.com/gitlab-org/gitlab-qa-mirror/
      target_project: gitlab-org/gitlab
      failure_issue_labels: QA,Quality
      failure_issue_prefix: "Failure in "
      pwd: qa # E2E specs reside in the qa subdirectory
      timeout: 30
      ref: master
  actions:
    - quarantine
--- a/qa/Gemfile
+++ b/qa/Gemfile
@ -30,7 +30,7 @@ gem 'terminal-table', '~> 3.0.0', require: false
 gem 'slack-notifier', '~> 2.4', require: false
 gem 'fog-google', '~> 1.17', require: false
-gem 'confiner', '~> 0.2'
+gem 'confiner', '~> 0.3'
 gem 'chemlab', '~> 0.9'
 gem 'chemlab-library-www-gitlab-com', '~> 0.1'
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@ -58,7 +58,7 @@ GEM
      adamantium (~> 0.2.0)
      equalizer (~> 0.0.9)
    concurrent-ruby (1.1.9)
-    confiner (0.2.3)
+    confiner (0.3.0)
      gitlab (>= 4.17)
      zeitwerk (~> 2.5.1)
    declarative (0.0.20)
@ -364,7 +364,7 @@ DEPENDENCIES
  capybara-screenshot (~> 1.0.23)
  chemlab (~> 0.9)
  chemlab-library-www-gitlab-com (~> 0.1)
-  confiner (~> 0.2)
+  confiner (~> 0.3)
  deprecation_toolkit (~> 1.5.1)
  faker (~> 2.19, >= 2.19.0)
  fog-google (~> 1.17)
--- a/qa/qa/specs/features/browser_ui/3_create/merge_request/merge_merge_request_from_fork_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/merge_request/merge_merge_request_from_fork_spec.rb
@ -3,7 +3,7 @@
 module QA
  RSpec.describe 'Create' do
    describe 'Merge request creation from fork', quarantine: {
-      only: { subdomain: %i[canary production] },
+      only: :production,
      issue: "https://gitlab.com/gitlab-org/gitlab/-/issues/343801",
      type: :investigation
    } do
--- a/spec/fixtures/emails/service_desk_reply_to_and_from.eml
+++ b/spec/fixtures/emails/service_desk_reply_to_and_from.eml
@ -1,28 +0,0 @@
 Delivered-To: incoming+email-test-project_id-issue-@appmail.adventuretime.ooo
 Return-Path: <jake@adventuretime.ooo>
 Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400
 Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400
 Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+email-test-project_id-issue-@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700
 Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
 Date: Thu, 13 Jun 2013 17:03:48 -0400
 Reply-To: Marceline <marceline@adventuretime.ooo>
 From: Finn the Human <finn@adventuretime.ooo>
 Sender: Jake the Dog <jake@adventuretime.ooo>
 To: support@adventuretime.ooo
 Delivered-To: support@adventuretime.ooo
 Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
 Subject: The message subject! @all
 Mime-Version: 1.0
 Content-Type: text/plain;
 charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 X-Sieve: CMU Sieve 2.2
 X-Received: by 10.0.0.1 with SMTP id n7mr11234144ipb.85.1371157428600; Thu,
 13 Jun 2013 14:03:48 -0700 (PDT)
 X-Scanned-By: MIMEDefang 2.69 on IPv6:2001:470:1d:165::1
 Service desk stuff!
 ```
 a = b
 ```
--- a/spec/frontend/pages/import/bulk_imports/history/components/bulk_imports_history_app_spec.js
+++ b/spec/frontend/pages/import/bulk_imports/history/components/bulk_imports_history_app_spec.js
@ -137,6 +137,16 @@ describe('BulkImportsHistoryApp', () => {
    );
  });
  it('renders correct url for destination group when relative_url is empty', async () => {
    mock.onGet(API_URL).reply(200, DUMMY_RESPONSE, DEFAULT_HEADERS);
    createComponent({ shallow: false });
    await axios.waitForAll();
    expect(wrapper.find('tbody tr a').attributes().href).toBe(
      `/${DUMMY_RESPONSE[0].destination_namespace}/${DUMMY_RESPONSE[0].destination_name}`,
    );
  });
  describe('details button', () => {
    beforeEach(() => {
      mock.onGet(API_URL).reply(200, DUMMY_RESPONSE, DEFAULT_HEADERS);
--- a/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb
+++ b/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb
@ -477,20 +477,6 @@ RSpec.describe Gitlab::Email::Handler::ServiceDeskHandler do
      end
    end
    context 'when there is a reply-to address and a from address' do
      let(:email_raw) { email_fixture('emails/service_desk_reply_to_and_from.eml') }
      it 'shows both from and reply-to addresses in the issue header' do
        setup_attachment
        expect { receiver.execute }.to change { Issue.count }.by(1)
        new_issue = Issue.last
        expect(new_issue.external_author).to eq('finn@adventuretime.ooo (reply to: marceline@adventuretime.ooo)')
      end
    end
    context 'when service desk is not enabled for project' do
      before do
        allow(Gitlab::ServiceDesk).to receive(:enabled?).and_return(false)
--- a/spec/services/ci/job_artifacts/destroy_all_expired_service_spec.rb
+++ b/spec/services/ci/job_artifacts/destroy_all_expired_service_spec.rb
@ -19,8 +19,23 @@ RSpec.describe Ci::JobArtifacts::DestroyAllExpiredService, :clean_gitlab_redis_s
      let!(:artifact) { create(:ci_job_artifact, :expired, job: job, locked: job.pipeline.locked) }
      context 'with preloaded relationships' do
        let(:second_artifact) { create(:ci_job_artifact, :expired, :junit, job: job) }
        let(:more_artifacts) do
          [
            create(:ci_job_artifact, :expired, :sast, job: job),
            create(:ci_job_artifact, :expired, :metadata, job: job),
            create(:ci_job_artifact, :expired, :codequality, job: job),
            create(:ci_job_artifact, :expired, :accessibility, job: job)
          ]
        end
        before do
          stub_const("#{described_class}::LARGE_LOOP_LIMIT", 1)
          # This artifact-with-file is created before the control execution to ensure
          # that the DeletedObject operations are accounted for in the query count.
          second_artifact
        end
        context 'with ci_destroy_unlocked_job_artifacts feature flag disabled' do
@ -28,19 +43,12 @@ RSpec.describe Ci::JobArtifacts::DestroyAllExpiredService, :clean_gitlab_redis_s
            stub_feature_flags(ci_destroy_unlocked_job_artifacts: false)
          end
-          it 'performs the smallest number of queries for job_artifacts' do
+          it 'performs a consistent number of queries' do
-            log = ActiveRecord::QueryRecorder.new { subject }
+            control = ActiveRecord::QueryRecorder.new { service.execute }
-            # SELECT expired ci_job_artifacts - 3 queries from each_batch
+            more_artifacts
            # PRELOAD projects, routes, project_statistics
            # BEGIN
            # INSERT into ci_deleted_objects
            # DELETE loaded ci_job_artifacts
            # DELETE security_findings  -- for EE
            # COMMIT
            # SELECT next expired ci_job_artifacts
-            expect(log.count).to be_within(1).of(10)
+            expect { subject }.not_to exceed_query_limit(control.count)
          end
        end
@ -49,9 +57,12 @@ RSpec.describe Ci::JobArtifacts::DestroyAllExpiredService, :clean_gitlab_redis_s
            stub_feature_flags(ci_destroy_unlocked_job_artifacts: true)
          end
-          it 'performs the smallest number of queries for job_artifacts' do
+          it 'performs a consistent number of queries' do
-            log = ActiveRecord::QueryRecorder.new { subject }
+            control = ActiveRecord::QueryRecorder.new { service.execute }
-            expect(log.count).to be_within(1).of(8)
+
            more_artifacts
            expect { subject }.not_to exceed_query_limit(control.count)
          end
        end
      end
--- a/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb
@ -150,6 +150,7 @@ RSpec.shared_examples 'wiki controller actions' do
        expect(response).to render_template('shared/wikis/diff')
        expect(assigns(:diffs)).to be_a(Gitlab::Diff::FileCollection::Base)
        expect(assigns(:diff_notes_disabled)).to be(true)
        expect(assigns(:page).content).to be_empty
      end
    end
@ -475,9 +476,13 @@ RSpec.shared_examples 'wiki controller actions' do
    context 'when page exists' do
      shared_examples 'deletes the page' do
        specify do
-          expect do
+          aggregate_failures do
-            request
+            expect do
-          end.to change { wiki.list_pages.size }.by(-1)
+              request
            end.to change { wiki.list_pages.size }.by(-1)
            expect(assigns(:page).content).to be_empty
          end
        end
      end