Add latest changes from gitlab-org/gitlab@master

2022-07-07 21:09:22 +00:00 · 2022-07-07 21:09:22 +00:00 · 2f8483621e
parent 17b492274d
commit 2f8483621e
42 changed files with 204 additions and 20 deletions
--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
@ -37,6 +37,7 @@ build-qa-image:
        --destination=${QA_IMAGE_BRANCH} \
        --build-arg=CHROME_VERSION=${CHROME_VERSION} \
        --build-arg=DOCKER_VERSION=${DOCKER_VERSION} \
        --build-arg=QA_BUILD_TARGET=${QA_BUILD_TARGET:-qa} \
        --cache=true
 # This image is used by:
--- a/app/assets/javascripts/content_editor/components/bubble_menus/formatting.vue
+++ b/app/assets/javascripts/content_editor/components/bubble_menus/formatting.vue
@ -90,19 +90,6 @@ export default {
        :label="__('Code')"
        @execute="trackToolbarControlExecution"
      />
      <toolbar-button
        data-testid="link"
        content-type="link"
        icon-name="link"
        editor-command="toggleLink"
        :editor-command-params="/* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ {
          href: '',
        } /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */"
        category="tertiary"
        size="medium"
        :label="__('Insert link')"
        @execute="trackToolbarControlExecution"
      />
      <toolbar-button
        data-testid="superscript"
        content-type="superscript"
@ -123,6 +110,19 @@ export default {
        :label="__('Subscript')"
        @execute="trackToolbarControlExecution"
      />
      <toolbar-button
        data-testid="link"
        content-type="link"
        icon-name="link"
        editor-command="toggleLink"
        :editor-command-params="/* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ {
          href: '',
        } /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */"
        category="tertiary"
        size="medium"
        :label="__('Insert link')"
        @execute="trackToolbarControlExecution"
      />
    </gl-button-group>
  </bubble-menu>
 </template>
--- a/app/controllers/concerns/google_analytics_csp.rb
+++ b/app/controllers/concerns/google_analytics_csp.rb
@ -0,0 +1,24 @@
 # frozen_string_literal: true
 module GoogleAnalyticsCSP
  extend ActiveSupport::Concern
  included do
    content_security_policy do |policy|
      next unless helpers.google_tag_manager_enabled? || policy.directives.present?
      default_script_src = policy.directives['script-src'] || policy.directives['default-src']
      script_src_values = Array.wrap(default_script_src) | ['*.googletagmanager.com']
      policy.script_src(*script_src_values)
      default_img_src = policy.directives['img-src'] || policy.directives['default-src']
      img_src_values = Array.wrap(default_img_src) | ['*.google-analytics.com', '*.googletagmanager.com']
      policy.img_src(*img_src_values)
      default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
      connect_src_values =
        Array.wrap(default_connect_src) | ['*.google-analytics.com', '*.analytics.google.com', '*.googletagmanager.com']
      policy.connect_src(*connect_src_values)
    end
  end
 end
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@ -4,6 +4,7 @@ class ConfirmationsController < Devise::ConfirmationsController
  include AcceptsPendingInvitations
  include GitlabRecaptcha
  include OneTrustCSP
  include GoogleAnalyticsCSP
  prepend_before_action :check_recaptcha, only: :create
  before_action :load_recaptcha, only: :new
--- a/app/controllers/registrations/welcome_controller.rb
+++ b/app/controllers/registrations/welcome_controller.rb
@ -3,6 +3,7 @@
 module Registrations
  class WelcomeController < ApplicationController
    include OneTrustCSP
    include GoogleAnalyticsCSP
    layout 'minimal'
    skip_before_action :authenticate_user!, :required_signup_info, :check_two_factor_requirement, only: [:show, :update]
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@ -7,6 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
  include InvisibleCaptchaOnSignup
  include OneTrustCSP
  include BizibleCSP
  include GoogleAnalyticsCSP
  layout 'devise'
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -12,6 +12,7 @@ class SessionsController < Devise::SessionsController
  include OneTrustCSP
  include BizibleCSP
  include VerifiesWithEmail
  include GoogleAnalyticsCSP
  skip_before_action :check_two_factor_requirement, only: [:destroy]
  skip_before_action :check_password_expiration, only: [:destroy]
--- a/app/controllers/users/terms_controller.rb
+++ b/app/controllers/users/terms_controller.rb
@ -4,6 +4,7 @@ module Users
  class TermsController < ApplicationController
    include InternalRedirect
    include OneTrustCSP
    include GoogleAnalyticsCSP
    skip_before_action :authenticate_user!, only: [:index]
    skip_before_action :enforce_terms!
--- a/app/models/concerns/packages/fips.rb
+++ b/app/models/concerns/packages/fips.rb
@ -0,0 +1,11 @@
 # rubocop:disable Naming/FileName
 # frozen_string_literal: true
 module Packages
  module FIPS
    extend ActiveSupport::Concern
    DisabledError = Class.new(StandardError)
  end
 end
 # rubocop:enable Naming/FileName
--- a/app/models/packages/debian/file_entry.rb
+++ b/app/models/packages/debian/file_entry.rb
@ -4,6 +4,7 @@ module Packages
  module Debian
    class FileEntry
      include ActiveModel::Model
      include ::Packages::FIPS
      DIGESTS = %i[md5 sha1 sha256].freeze
      FILENAME_REGEX = %r{\A[a-zA-Z0-9][a-zA-Z0-9_.~+-]*\z}.freeze
@ -31,6 +32,8 @@ module Packages
      private
      def valid_package_file_digests
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        DIGESTS.each do |digest|
          package_file_digest = package_file["file_#{digest}"]
          sum = public_send("#{digest}sum") # rubocop:disable GitlabSecurity/PublicSend
--- a/app/services/packages/debian/create_package_file_service.rb
+++ b/app/services/packages/debian/create_package_file_service.rb
@ -3,12 +3,15 @@
 module Packages
  module Debian
    class CreatePackageFileService
      include ::Packages::FIPS
      def initialize(package, params)
        @package = package
        @params = params
      end
      def execute
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        raise ArgumentError, "Invalid package" unless package.present?
        # Debian package file are first uploaded to incoming with empty metadata,
--- a/app/services/packages/debian/extract_changes_metadata_service.rb
+++ b/app/services/packages/debian/extract_changes_metadata_service.rb
@ -4,6 +4,7 @@ module Packages
  module Debian
    class ExtractChangesMetadataService
      include Gitlab::Utils::StrongMemoize
      include ::Packages::FIPS
      ExtractionError = Class.new(StandardError)
@ -13,6 +14,8 @@ module Packages
      end
      def execute
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        {
          file_type: file_type,
          architecture: metadata[:architecture],
--- a/app/services/packages/debian/generate_distribution_service.rb
+++ b/app/services/packages/debian/generate_distribution_service.rb
@ -4,6 +4,7 @@ module Packages
  module Debian
    class GenerateDistributionService
      include Gitlab::Utils::StrongMemoize
      include ::Packages::FIPS
      include ExclusiveLeaseGuard
      ONE_HOUR = 1.hour.freeze
@ -70,6 +71,8 @@ module Packages
      end
      def execute
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        try_obtain_lease do
          @distribution.transaction do
            # We consider `apt-get update` can take at most one hour
--- a/app/workers/packages/debian/generate_distribution_worker.rb
+++ b/app/workers/packages/debian/generate_distribution_worker.rb
@ -4,6 +4,7 @@ module Packages
  module Debian
    class GenerateDistributionWorker
      include ApplicationWorker
      include ::Packages::FIPS
      data_consistency :always
      include Gitlab::Utils::StrongMemoize
@ -20,6 +21,8 @@ module Packages
      loggable_arguments 0
      def perform(container_type, distribution_id)
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        @container_type = container_type
        @distribution_id = distribution_id
--- a/app/workers/packages/debian/process_changes_worker.rb
+++ b/app/workers/packages/debian/process_changes_worker.rb
@ -4,6 +4,7 @@ module Packages
  module Debian
    class ProcessChangesWorker
      include ApplicationWorker
      include ::Packages::FIPS
      data_consistency :always
      include Gitlab::Utils::StrongMemoize
@ -15,6 +16,8 @@ module Packages
      feature_category :package_registry
      def perform(package_file_id, user_id)
        raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
        @package_file_id = package_file_id
        @user_id = user_id
@ -22,6 +25,8 @@ module Packages
        ::Packages::Debian::ProcessChangesService.new(package_file, user).execute
      rescue StandardError => e
        raise if e.instance_of?(DisabledError)
        Gitlab::ErrorTracking.log_exception(e, package_file_id: @package_file_id, user_id: @user_id)
        package_file.destroy!
      end
--- a/doc/administration/monitoring/prometheus/gitlab_metrics.md
+++ b/doc/administration/monitoring/prometheus/gitlab_metrics.md
@ -138,8 +138,8 @@ The following metrics are available:
 | `pipeline_graph_links_per_job_ratio`                             | Histogram   | 13.9    | Ratio of links to job per graph                                                                                       |                                                           |
 | `gitlab_ci_pipeline_security_orchestration_policy_processing_duration_seconds` | Histogram   | 13.12    | Time in seconds it takes to process Security Policies in CI/CD pipeline                                |                                                           |
 | `gitlab_spamcheck_request_duration_seconds`                      | Histogram   | 13.12   | The duration for requests between Rails and the anti-spam engine                                                      |                                                           |
-| `service_desk_thank_you_email`                                   | Counter     | 14.0    | Total number of email responses to new service desk emails                                                            |                                                           |
+| `service_desk_thank_you_email`                                   | Counter     | 14.0    | Total number of email responses to new Service Desk emails                                                            |                                                           |
-| `service_desk_new_note_email`                                    | Counter     | 14.0    | Total number of email notifications on new service desk comment                                                       |                                                           |
+| `service_desk_new_note_email`                                    | Counter     | 14.0    | Total number of email notifications on new Service Desk comment                                                       |                                                           |
 | `email_receiver_error`                                           | Counter     | 14.1    | Total number of errors when processing incoming emails                                                                |                                                           |
 | `gitlab_snowplow_events_total`                                   | Counter     | 14.1    | Total number of GitLab Snowplow product intelligence events emitted                                                   |                                                           |
 | `gitlab_snowplow_failed_events_total`                            | Counter     | 14.1    | Total number of GitLab Snowplow product intelligence events emission failures                                         |                                                           |
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@ -927,9 +927,9 @@ these controls should migrate to the GitLab interface.
 Users who have the [Maintainer role](../../user/permissions.md) for the project can
 [delete Container Registry tags in bulk](../../api/container_registry.md#delete-registry-repository-tags-in-bulk)
-periodically based on their own criteria, however, this alone does not recycle data,
+periodically based on their own criteria. However, deleting the tags alone does not recycle data,
 it only unlinks tags from manifests and image blobs. To recycle the Container
-Registry data in the whole GitLab instance, you can use the built-in command
+Registry data in the whole GitLab instance, you can use the built-in garbage collection command
 provided by `gitlab-ctl`.
 Prerequisites:
--- a/doc/api/packages/debian.md
+++ b/doc/api/packages/debian.md
@ -21,6 +21,10 @@ for production use due to limited functionality.
 For instructions on how to upload and install Debian packages from the GitLab
 package registry, see the [Debian registry documentation](../../user/packages/debian_repository/index.md).
 NOTE:
 The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
 These endpoints will all return `404 Not Found`.
 NOTE:
 These endpoints do not adhere to the standard API authentication methods.
 See the [Debian registry documentation](../../user/packages/debian_repository/index.md)
--- a/doc/api/packages/debian_group_distributions.md
+++ b/doc/api/packages/debian_group_distributions.md
@ -18,6 +18,10 @@ This API is under development and is not meant for production use.
 For more information about working with Debian packages, see the
 [Debian package registry documentation](../../user/packages/debian_repository/index.md).
 NOTE:
 The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
 These endpoints will all return `404 Not Found`.
 ## Enable the Debian group API
 Debian group repository support is still a work in progress. It's gated behind a feature flag that's
--- a/doc/api/packages/debian_project_distributions.md
+++ b/doc/api/packages/debian_project_distributions.md
@ -18,6 +18,10 @@ This API is under development and is not meant for production use.
 For more information about working with Debian packages, see the
 [Debian package registry documentation](../../user/packages/debian_repository/index.md).
 NOTE:
 The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled.
 These endpoints will all return `404 Not Found`.
 ## Enable the Debian API
 The Debian API is behind a feature flag that is disabled by default.
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@ -125,6 +125,12 @@ GitLab database. [Read more about this requirement, and troubleshooting](postgre
 | `btree_gist` | 13.1                   |
 | `plpgsql`    | 11.7                   |
 The following managed PostgreSQL services are known to be incompatible and should not be used:
 | GitLab version | Managed service                                       |
 |----------------|-------------------------------------------------------|
 | 14.4+          | Amazon Aurora (see [14.4.0](../update/index.md#1440)) |
 NOTE:
 Support for [PostgreSQL 9.6 and 10 was removed in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/#postgresql-11-is-now-the-minimum-required-version-to-install-gitlab) so that GitLab can benefit from PostgreSQL 11 improvements, such as partitioning.
--- a/doc/subscriptions/gitlab_dedicated/index.md
+++ b/doc/subscriptions/gitlab_dedicated/index.md
@ -42,7 +42,7 @@ Features that are not available but we plan to support in the future:
 - GitLab-managed runners
 - FortiAuthenticator/FortiToken 2FA
 - Reply-by email
- Service desk
+- Service Desk
 Features that we do not plan to offer at all:
--- a/doc/update/index.md
+++ b/doc/update/index.md
@ -703,6 +703,10 @@ or [init scripts](upgrading_from_source.md#configure-sysv-init-script) by [follo
  as Sidekiq would continue using a bad connection. Geo and other features that rely on
  cron jobs running regularly do not work until Sidekiq is restarted. We recommend
  upgrading to GitLab 14.4.3 and later if this issue affects you.
 - After enabling database load balancing by default in 14.4.0, we found an issue where
  [Database load balancing does not work with an AWS Aurora cluster](https://gitlab.com/gitlab-org/gitlab/-/issues/220617).
  We recommend moving your databases from Aurora to RDS for PostgreSQL before
  upgrading. Refer to [Moving GitLab databases to a different PostgreSQL instance](../administration/postgresql/moving.md).
 - GitLab 14.4.0 includes a
 [background migration `PopulateTopicsTotalProjectsCountCache`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/71033)
 that may remain stuck permanently in a **pending** state when the instance lacks records that match the migration's target.
--- a/doc/user/packages/debian_repository/index.md
+++ b/doc/user/packages/debian_repository/index.md
@ -15,6 +15,9 @@ The Debian package registry for GitLab is under development and isn't ready for
 limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6057) details the remaining
 work and timelines to make it production ready.
 NOTE:
 The Debian registry is not FIPS compliant and is disabled when [FIPS mode](../../../development/fips_compliance.md) is enabled.
 Publish Debian packages in your project's Package Registry. Then install the
 packages whenever you need to use them as a dependency.
--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@ -145,6 +145,9 @@ If you encounter an error with [Yarn](https://classic.yarnpkg.com/en/), view
 #### Instance-level npm endpoint
 NOTE:
 Note: Using `CI_JOB_TOKEN` to install npm packages with dependencies in another project will give you 404 errors. You can use a [personal access token](../../profile/personal_access_tokens.md) as a workaround. [GitLab-#352962](https://gitlab.com/gitlab-org/gitlab/-/issues/352962) proposes a fix to this bug. 
 To use the [instance-level](#use-the-gitlab-endpoint-for-npm-packages) npm endpoint, set your npm configuration:
 ```shell
--- a/lib/api/debian_group_packages.rb
+++ b/lib/api/debian_group_packages.rb
@ -6,6 +6,10 @@ module API
      project_id: %r{[0-9]+}.freeze
    ).freeze
    before do
      not_found! if Gitlab::FIPS.enabled?
    end
    resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      helpers do
        def user_project
--- a/lib/api/debian_project_packages.rb
+++ b/lib/api/debian_project_packages.rb
@ -14,6 +14,10 @@ module API
      file_name: API::NO_SLASH_URL_PART_REGEX
    }.freeze
    before do
      not_found! if Gitlab::FIPS.enabled?
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      helpers do
        def project_or_group
--- a/lib/api/group_debian_distributions.rb
+++ b/lib/api/group_debian_distributions.rb
@ -6,6 +6,10 @@ module API
      requires :id, type: String, desc: 'The ID of a group'
    end
    before do
      not_found! if Gitlab::FIPS.enabled?
    end
    resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      after_validation do
        require_packages_enabled!
--- a/lib/api/project_debian_distributions.rb
+++ b/lib/api/project_debian_distributions.rb
@ -6,6 +6,10 @@ module API
      requires :id, type: String, desc: 'The ID of a project'
    end
    before do
      not_found! if Gitlab::FIPS.enabled?
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      after_validation do
        require_packages_enabled!
--- a/qa/Dockerfile
+++ b/qa/Dockerfile
@ -1,7 +1,8 @@
 ARG DOCKER_VERSION=20.10.14
 ARG CHROME_VERSION=101
 ARG QA_BUILD_TARGET=qa
-FROM registry.gitlab.com/gitlab-org/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
+FROM registry.gitlab.com/gitlab-org/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 AS qa
 LABEL maintainer="GitLab Quality Department <quality@gitlab.com>"
 ENV DEBIAN_FRONTEND="noninteractive"
@ -50,3 +51,11 @@ COPY ./INSTALLATION_TYPE ./VERSION /home/gitlab/
 COPY ./qa /home/gitlab/qa
 ENTRYPOINT ["bin/test"]
 # Add JH files when pass the parameter: `--build-arg QA_BUILD_TARGET=jhqa`
 FROM qa AS jhqa
 ONBUILD COPY ./jh/qa /home/gitlab/jh/qa
 ONBUILD COPY ./jh/lib /home/gitlab/jh/lib
 ONBUILD COPY ./jh/config/feature_flags /home/gitlab/jh/config/feature_flags
 FROM $QA_BUILD_TARGET
--- a/spec/features/users/google_analytics_csp_spec.rb
+++ b/spec/features/users/google_analytics_csp_spec.rb
@ -0,0 +1,15 @@
 # frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe 'Google Analytics 4 content security policy' do
  it 'includes the GA4 content security policy headers' do
    visit root_path
    expect(response_headers['Content-Security-Policy']).to include(
      '*.googletagmanager.com',
      '*.google-analytics.com',
      '*.analytics.google.com'
    )
  end
 end
--- a/spec/frontend/content_editor/components/bubble_menus/formatting_spec.js
+++ b/spec/frontend/content_editor/components/bubble_menus/formatting_spec.js
@ -51,9 +51,9 @@ describe('content_editor/components/bubble_menus/formatting', () => {
    ${'italic'}      | ${{ contentType: 'italic', iconName: 'italic', label: 'Italic text', editorCommand: 'toggleItalic' }}
    ${'strike'}      | ${{ contentType: 'strike', iconName: 'strikethrough', label: 'Strikethrough', editorCommand: 'toggleStrike' }}
    ${'code'}        | ${{ contentType: 'code', iconName: 'code', label: 'Code', editorCommand: 'toggleCode' }}
    ${'link'}        | ${{ contentType: 'link', iconName: 'link', label: 'Insert link', editorCommand: 'toggleLink', editorCommandParams: { href: '' } }}
    ${'superscript'} | ${{ contentType: 'superscript', iconName: 'superscript', label: 'Superscript', editorCommand: 'toggleSuperscript' }}
    ${'subscript'}   | ${{ contentType: 'subscript', iconName: 'subscript', label: 'Subscript', editorCommand: 'toggleSubscript' }}
    ${'link'}        | ${{ contentType: 'link', iconName: 'link', label: 'Insert link', editorCommand: 'toggleLink', editorCommandParams: { href: '' } }}
  `('given a $testId toolbar control', ({ testId, controlProps }) => {
    beforeEach(() => {
      buildWrapper();
--- a/spec/models/packages/debian/file_entry_spec.rb
+++ b/spec/models/packages/debian/file_entry_spec.rb
@ -31,6 +31,13 @@ RSpec.describe Packages::Debian::FileEntry, type: :model do
  describe 'validations' do
    it { is_expected.to be_valid }
    context 'with FIPS mode', :fips_mode do
      it 'raises an error' do
        expect { subject.validate! }
          .to raise_error(::Packages::FIPS::DisabledError, 'Debian registry is not FIPS compliant')
      end
    end
    describe '#filename' do
      it { is_expected.to validate_presence_of(:filename) }
      it { is_expected.not_to allow_value('Hé').for(:filename) }
--- a/spec/services/packages/debian/create_package_file_service_spec.rb
+++ b/spec/services/packages/debian/create_package_file_service_spec.rb
@ -102,5 +102,13 @@ RSpec.describe Packages::Debian::CreatePackageFileService do
        expect { subject.execute }.to raise_error(ActiveRecord::RecordInvalid)
      end
    end
    context 'FIPS mode enabled', :fips_mode do
      let(:file) { nil }
      it 'raises an error' do
        expect { subject.execute }.to raise_error(::Packages::FIPS::DisabledError)
      end
    end
  end
 end
--- a/spec/services/packages/debian/extract_changes_metadata_service_spec.rb
+++ b/spec/services/packages/debian/extract_changes_metadata_service_spec.rb
@ -13,6 +13,12 @@ RSpec.describe Packages::Debian::ExtractChangesMetadataService do
    subject { service.execute }
    context 'with FIPS mode enabled', :fips_mode do
      it 'raises an error' do
        expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
      end
    end
    context 'with valid package file' do
      it 'extract metadata', :aggregate_failures do
        expected_fields = { 'Architecture' => 'source amd64', 'Binary' => 'libsample0 sample-dev sample-udeb' }
--- a/spec/services/packages/debian/generate_distribution_service_spec.rb
+++ b/spec/services/packages/debian/generate_distribution_service_spec.rb
@ -15,6 +15,12 @@ RSpec.describe Packages::Debian::GenerateDistributionService do
      context "for #{container_type}" do
        include_context 'with Debian distribution', container_type
        context 'with FIPS mode enabled', :fips_mode do
          it 'raises an error' do
            expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
          end
        end
        it_behaves_like 'Generate Debian Distribution and component files'
      end
    end
--- a/spec/support/shared_examples/requests/api/debian_common_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/debian_common_shared_examples.rb
@ -15,3 +15,9 @@ RSpec.shared_examples 'rejects Debian access with unknown container id' do |anon
    end
  end
 end
 RSpec.shared_examples 'Debian API FIPS mode' do
  context 'when FIPS mode is enabled', :fips_mode do
    it_behaves_like 'returning response status', :not_found
  end
 end
--- a/spec/support/shared_examples/requests/api/debian_distributions_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/debian_distributions_shared_examples.rb
@ -3,6 +3,8 @@
 RSpec.shared_examples 'Debian distributions GET request' do |status, body = nil|
  and_body = body.nil? ? '' : ' and expected body'
  it_behaves_like 'Debian API FIPS mode'
  it "returns #{status}#{and_body}" do
    subject
@ -17,6 +19,8 @@ end
 RSpec.shared_examples 'Debian distributions PUT request' do |status, body|
  and_body = body.nil? ? '' : ' and expected body'
  it_behaves_like 'Debian API FIPS mode'
  if status == :success
    it 'updates distribution', :aggregate_failures do
      expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
@ -49,6 +53,8 @@ end
 RSpec.shared_examples 'Debian distributions DELETE request' do |status, body|
  and_body = body.nil? ? '' : ' and expected body'
  it_behaves_like 'Debian API FIPS mode'
  if status == :success
    it 'updates distribution', :aggregate_failures do
      expect { subject }
--- a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
@ -3,6 +3,8 @@
 RSpec.shared_examples 'Debian packages GET request' do |status, body = nil|
  and_body = body.nil? ? '' : ' and expected body'
  it_behaves_like 'Debian API FIPS mode'
  it "returns #{status}#{and_body}" do
    subject
@ -17,6 +19,8 @@ end
 RSpec.shared_examples 'Debian packages upload request' do |status, body = nil|
  and_body = body.nil? ? '' : ' and expected body'
  it_behaves_like 'Debian API FIPS mode'
  if status == :created
    it 'creates package files', :aggregate_failures do
      expect(::Packages::Debian::FindOrCreateIncomingService).to receive(:new).with(container, user).and_call_original
--- a/spec/workers/packages/debian/generate_distribution_worker_spec.rb
+++ b/spec/workers/packages/debian/generate_distribution_worker_spec.rb
@ -18,6 +18,12 @@ RSpec.describe Packages::Debian::GenerateDistributionWorker, type: :worker do
      context "for #{container_type}" do
        include_context 'with Debian distribution', container_type
        context 'with FIPS mode enabled', :fips_mode do
          it 'raises an error' do
            expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
          end
        end
        context 'with mocked service' do
          it 'calls GenerateDistributionService' do
            expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
--- a/spec/workers/packages/debian/process_changes_worker_spec.rb
+++ b/spec/workers/packages/debian/process_changes_worker_spec.rb
@ -16,6 +16,12 @@ RSpec.describe Packages::Debian::ProcessChangesWorker, type: :worker do
    subject { worker.perform(package_file_id, user_id) }
    context 'with FIPS mode enabled', :fips_mode do
      it 'raises an error' do
        expect { subject }.to raise_error(::Packages::FIPS::DisabledError)
      end
    end
    context 'with mocked service' do
      it 'calls ProcessChangesService' do
        expect(Gitlab::ErrorTracking).not_to receive(:log_exception)
--- a/vendor/project_templates/gatsby.tar.gz
+++ b/vendor/project_templates/gatsby.tar.gz