Add latest changes from gitlab-org/gitlab@master

GITALY_SERVER_VERSION

@@ -1 +1 @@
-f8946a7c774dc0a2cffec5ec3456024fca6d808c
+bdd6fb3bb684094932da2dfd01f9c6bc2b7eb63b

app/assets/javascripts/reports/codequality_report/components/codequality_issue_body.vue

@@ -33,17 +33,20 @@ export default {
     issueName() {
       return `${this.severityLabel} - ${this.issue.name}`;
     },
+    issueSeverity() {
+      return this.issue.severity.toLowerCase();
+    },
     isStatusSuccess() {
       return this.status === STATUS_SUCCESS;
     },
     severityClass() {
-      return SEVERITY_CLASSES[this.issue.severity] || SEVERITY_CLASSES.unknown;
+      return SEVERITY_CLASSES[this.issueSeverity] || SEVERITY_CLASSES.unknown;
     },
     severityIcon() {
-      return SEVERITY_ICONS[this.issue.severity] || SEVERITY_ICONS.unknown;
+      return SEVERITY_ICONS[this.issueSeverity] || SEVERITY_ICONS.unknown;
     },
     severityLabel() {
-      return this.$options.severityText[this.issue.severity] || this.$options.severityText.unknown;
+      return this.$options.severityText[this.issueSeverity] || this.$options.severityText.unknown;
     },
   },
   severityText: {

app/assets/javascripts/reports/codequality_report/store/utils/codequality_parser.js

@@ -1,14 +1,16 @@
-export const parseCodeclimateMetrics = (issues = [], path = '') => {
+export const parseCodeclimateMetrics = (issues = [], blobPath = '') => {
   return issues.map((issue) => {
+    // the `file_path` attribute from the artifact is returned as `file` by GraphQL
+    const issuePath = issue.file_path || issue.path;
     const parsedIssue = {
       name: issue.description,
-      path: issue.file_path,
+      path: issuePath,
-      urlPath: `${path}/${issue.file_path}#L${issue.line}`,
+      urlPath: `${blobPath}/${issuePath}#L${issue.line}`,
       ...issue,
     };
 
     if (issue?.location?.path) {
-      let parseCodeQualityUrl = `${path}/${issue.location.path}`;
+      let parseCodeQualityUrl = `${blobPath}/${issue.location.path}`;
       parsedIssue.path = issue.location.path;
 
       if (issue?.location?.lines?.begin) {

app/helpers/commits_helper.rb

@@ -17,6 +17,15 @@ module CommitsHelper
     commit_person_link(commit, options.merge(source: :committer))
   end
 
+  def commit_committer_avatar(committer, options = {})
+    user_avatar(options.merge({
+      user: committer,
+      user_name: committer.name,
+      user_email: committer.email,
+      css_class: 'd-none d-sm-inline-block float-none gl-mr-0! gl-vertical-align-text-bottom'
+    }))
+  end
+
   def commit_to_html(commit, ref, project)
     render 'projects/commits/commit.html',
       commit: commit,

app/helpers/groups_helper.rb

@@ -178,7 +178,7 @@ module GroupsHelper
   end
 
   def default_help
-    s_("GroupSettings|This setting will be applied to all subgroups unless overridden by a group owner. Groups that already have access to the project will continue to have access unless removed manually.")
+    s_("GroupSettings|This setting is applied to all subgroups unless overridden by a group owner. Groups that have already been added to the project lose access.")
   end
 
   def ancestor_locked_but_you_can_override(group)

app/models/application_setting.rb

@@ -10,7 +10,6 @@ class ApplicationSetting < ApplicationRecord
 
   ignore_columns %i[elasticsearch_shards elasticsearch_replicas], remove_with: '14.4', remove_after: '2021-09-22'
   ignore_column :seat_link_enabled, remove_with: '14.4', remove_after: '2021-09-22'
-  ignore_column :cloud_license_enabled, remove_with: '14.4', remove_after: '2021-09-22'
 
   INSTANCE_REVIEW_MIN_USERS = 50
   GRAFANA_URL_ERROR_MESSAGE = 'Please check your Grafana URL setting in ' \

app/models/instance_configuration.rb

@@ -98,6 +98,11 @@ class InstanceConfiguration
         requests_per_period: application_settings[:throttle_authenticated_packages_api_requests_per_period],
         period_in_seconds: application_settings[:throttle_authenticated_packages_api_period_in_seconds]
       },
+      authenticated_git_lfs_api: {
+        enabled: application_settings[:throttle_authenticated_git_lfs_enabled],
+        requests_per_period: application_settings[:throttle_authenticated_git_lfs_requests_per_period],
+        period_in_seconds: application_settings[:throttle_authenticated_git_lfs_period_in_seconds]
+      },
       issue_creation: application_setting_limit_per_minute(:issues_create_limit),
       note_creation: application_setting_limit_per_minute(:notes_create_limit),
       project_export: application_setting_limit_per_minute(:project_export_limit),

app/views/help/instance_configuration/_rate_limits.html.haml

@@ -24,6 +24,7 @@
           = render 'help/instance_configuration/rate_limit_row', title: _('Protected Paths: requests'), rate_limit: rate_limits[:protected_paths]
           = render 'help/instance_configuration/rate_limit_row', title: _('Package Registry: unauthenticated API requests'), rate_limit: rate_limits[:unauthenticated_packages_api], public_visible: true
           = render 'help/instance_configuration/rate_limit_row', title: _('Package Registry: authenticated API requests'), rate_limit: rate_limits[:authenticated_packages_api]
+          = render 'help/instance_configuration/rate_limit_row', title: _('Authenticated Git LFS requests'), rate_limit: rate_limits[:authenticated_git_lfs_api]
           = render 'help/instance_configuration/rate_limit_row', title: _('Issue creation requests'), rate_limit: rate_limits[:issue_creation]
           = render 'help/instance_configuration/rate_limit_row', title: _('Note creation requests'), rate_limit: rate_limits[:note_creation]
           = render 'help/instance_configuration/rate_limit_row', title: _('Project export requests'), rate_limit: rate_limits[:project_export]

app/views/projects/commits/_commit.html.haml

@@ -39,8 +39,14 @@
 
       .committer
         - commit_author_link = commit_author_link(commit, avatar: false, size: 24)
-        - commit_timeago = time_ago_with_tooltip(commit.authored_date, placement: 'bottom')
+        - commit_authored_timeago = time_ago_with_tooltip(commit.authored_date, placement: 'bottom')
-        - commit_text =  _('%{commit_author_link} authored %{commit_timeago}') % { commit_author_link: commit_author_link, commit_timeago: commit_timeago }
+        - if commit.different_committer? && commit.committer
+          - commit_committer_link = commit_committer_link(commit)
+          - commit_committer_timeago = time_ago_with_tooltip(commit.committed_date, placement: 'bottom')
+          - commit_committer_avatar = commit_committer_avatar(commit.committer, size: 18, has_tooltip: false)
+          - commit_text =  _('%{commit_author_link} authored %{commit_authored_timeago} and %{commit_committer_avatar} %{commit_committer_link} committed %{commit_committer_timeago}') % { commit_author_link: commit_author_link, commit_authored_timeago: commit_authored_timeago, commit_committer_avatar: commit_committer_avatar, commit_committer_link: commit_committer_link, commit_committer_timeago: commit_committer_timeago }
+        - else
+          - commit_text =  _('%{commit_author_link} authored %{commit_authored_timeago}') % { commit_author_link: commit_author_link, commit_authored_timeago: commit_authored_timeago }
         #{ commit_text.html_safe }
       = render_if_exists 'projects/commits/project_namespace', show_project_name: show_project_name, project: project
 

config/initializers/sidekiq.rb

@@ -38,11 +38,11 @@ Sidekiq.configure_server do |config|
 
   config.redis = queues_config_hash
 
-  config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator({
+  config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator(
     metrics: Settings.monitoring.sidekiq_exporter,
     arguments_logger: SidekiqLogArguments.enabled? && !enable_json_logs,
     memory_killer: enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer
-  }))
+  ))
 
   config.client_middleware(&Gitlab::SidekiqMiddleware.client_configurator)
 

doc/administration/raketasks/maintenance.md

@@ -247,7 +247,7 @@ have been corrupted, you should reinstall the omnibus package.
 
 Sometimes you need to know if your GitLab installation can connect to a TCP
 service on another machine (for example a PostgreSQL or web server)
-in order to troubleshoot proxy issues.
+to troubleshoot proxy issues.
 A Rake task is included to help you with this.
 
 **Omnibus Installation**
@@ -334,13 +334,13 @@ This is an experimental feature that isn't enabled by default. It requires Postg
 
 Database indexes can be rebuilt regularly to reclaim space and maintain healthy levels of index bloat over time.
 
-In order to rebuild the two indexes with the highest estimated bloat, use the following Rake task:
+To rebuild the two indexes with the highest estimated bloat, use the following Rake task:
 
 ```shell
 sudo gitlab-rake gitlab:db:reindex
 ```
 
-In order to target a specific index, use the following Rake task:
+To target a specific index, use the following Rake task:
 
 ```shell
 sudo gitlab-rake gitlab:db:reindex['public.a_specific_index']
@@ -352,7 +352,7 @@ The following index types are not supported:
 1. Partitioned indexes
 1. Expression indexes
 
-Optionally, this Rake task sends annotations to a Grafana (4.6 or later) endpoint. Use the following custom environment variables in order to enable annotations:
+Optionally, this Rake task sends annotations to a Grafana (4.6 or later) endpoint. Use the following custom environment variables to enable annotations:
 
 1. `GRAFANA_API_URL` - Grafana's base URL, for example `http://some-host:3000`.
 1. `GRAFANA_API_KEY` - Grafana API key with at least `Editor role`.

doc/development/testing_guide/end_to_end/rspec_metadata_tests.md

@@ -34,7 +34,7 @@ This is a partial list of the [RSpec metadata](https://relishapp.com/rspec/rspec
 | `:relative_url`   | The test requires a GitLab instance to be installed under a [relative URL](../../../install/relative_url.md). |
 | `:reliable`       | The test has been [promoted to a reliable test](https://about.gitlab.com/handbook/engineering/quality/guidelines/reliable-tests/#promoting-an-existing-test-to-reliable) meaning it passes consistently in all pipelines, including merge requests. |
 | `:repository_storage` |  The test requires a GitLab instance to be configured to use multiple [repository storage paths](../../../administration/repository_storage_paths.md). Paired with the `:orchestrated` tag. |
-| `:requires_admin` | The test requires an admin account. Tests with the tag are excluded when run against Canary and Production environments. |
+| `:requires_admin` | The test requires an administrator account. Tests with the tag are excluded when run against Canary and Production environments. |
 | `:requires_git_protocol_v2`   | The test requires that Git protocol version 2 is enabled on the server. It's assumed to be enabled by default but if not the test can be skipped by setting `QA_CAN_TEST_GIT_PROTOCOL_V2` to `false`. |
 | `:requires_praefect`   | The test requires that the GitLab instance uses [Gitaly Cluster](../../../administration/gitaly/praefect.md) (a.k.a. Praefect) as the repository storage . It's assumed to be used by default but if not the test can be skipped by setting `QA_CAN_TEST_PRAEFECT` to `false`. |
 | `:runner`         | The test depends on and sets up a GitLab Runner instance, typically to run a pipeline. |

doc/integration/saml.md

@@ -729,7 +729,7 @@ If you have any questions on configuring the SAML app, please contact your provi
 
 The following guidance is based on this Okta article, on adding a [SAML Application with an Okta Developer account](https://support.okta.com/help/s/article/Why-can-t-I-add-a-SAML-Application-with-an-Okta-Developer-account?language=en_US):
 
-1. In the Okta admin section, make sure to select Classic UI view in the top left corner. From there, choose to **Add an App**.
+1. In the Okta administrator section, make sure to select Classic UI view in the top left corner. From there, choose to **Add an App**.
 1. When the app screen comes up you see another button to **Create an App** and
    choose SAML 2.0 on the next screen.
 1. Optionally, you can add a logo

doc/user/admin_area/index.md

@@ -8,7 +8,7 @@ type: reference
 # GitLab Admin Area **(FREE SELF)**
 
 The Admin Area provides a web UI to manage and configure some features of GitLab
-self-managed instances. If you are an Admin user, you can access the Admin Area
+self-managed instances. If you are an administrator, you can access the Admin Area
 by visiting `/admin` on your self-managed instance. You can also access it through
 the UI:
 
@@ -16,7 +16,7 @@ the UI:
 - GitLab versions 13.12 and earlier: on the top bar, select the Admin Area icon (**{admin}**).
 
 NOTE:
-Only admin users can access the Admin Area.
+Only administrators can access the Admin Area.
 
 ## Admin Area sections
 

locale/gitlab.pot

@@ -465,7 +465,10 @@ msgstr ""
 msgid "%{code_open}Protected:%{code_close} Only exposed to protected branches or tags."
 msgstr ""
 
-msgid "%{commit_author_link} authored %{commit_timeago}"
+msgid "%{commit_author_link} authored %{commit_authored_timeago}"
+msgstr ""
+
+msgid "%{commit_author_link} authored %{commit_authored_timeago} and %{commit_committer_avatar} %{commit_committer_link} committed %{commit_committer_timeago}"
 msgstr ""
 
 msgid "%{completedCount} completed weight"
@@ -4771,6 +4774,9 @@ msgstr ""
 msgid "Authenticated Git LFS request rate limit"
 msgstr ""
 
+msgid "Authenticated Git LFS requests"
+msgstr ""
+
 msgid "Authenticated web rate limit period in seconds"
 msgstr ""
 
@@ -16393,10 +16399,10 @@ msgstr ""
 msgid "GroupSettings|This setting is applied on %{ancestor_group}. You can override the setting or %{remove_ancestor_share_with_group_lock}."
 msgstr ""
 
-msgid "GroupSettings|This setting is only available on the top-level group and it applies to all subgroups. Groups that have already been shared with a group outside %{group} will still be shared, and this access will have to be revoked manually."
+msgid "GroupSettings|This setting is applied to all subgroups unless overridden by a group owner. Groups that have already been added to the project lose access."
 msgstr ""
 
-msgid "GroupSettings|This setting will be applied to all subgroups unless overridden by a group owner. Groups that already have access to the project will continue to have access unless removed manually."
+msgid "GroupSettings|This setting is only available on the top-level group and it applies to all subgroups. Groups that have already been shared with a group outside %{group} will still be shared, and this access will have to be revoked manually."
 msgstr ""
 
 msgid "GroupSettings|This setting will override user notification preferences for all members of the group, subgroups, and projects."

spec/frontend/reports/codequality_report/components/codequality_issue_body_spec.js

@@ -38,6 +38,12 @@ describe('code quality issue body issue body', () => {
   describe('severity rating', () => {
     it.each`
       severity      | iconClass               | iconName
+      ${'INFO'}     | ${'text-primary-400'}   | ${'severity-info'}
+      ${'MINOR'}    | ${'text-warning-200'}   | ${'severity-low'}
+      ${'CRITICAL'} | ${'text-danger-600'}    | ${'severity-high'}
+      ${'BLOCKER'}  | ${'text-danger-800'}    | ${'severity-critical'}
+      ${'UNKNOWN'}  | ${'text-secondary-400'} | ${'severity-unknown'}
+      ${'INVALID'}  | ${'text-secondary-400'} | ${'severity-unknown'}
       ${'info'}     | ${'text-primary-400'}   | ${'severity-info'}
       ${'minor'}    | ${'text-warning-200'}   | ${'severity-low'}
       ${'major'}    | ${'text-warning-400'}   | ${'severity-medium'}

spec/frontend/reports/codequality_report/store/utils/codequality_parser_spec.js

@@ -25,6 +25,18 @@ describe('Codequality report store utils', () => {
       });
     });
 
+    describe('when an issue has a non-nested path', () => {
+      const issue = { description: 'Insecure Dependency', path: 'Gemfile.lock' };
+
+      beforeEach(() => {
+        [result] = parseCodeclimateMetrics([issue], 'path');
+      });
+
+      it('is parsed', () => {
+        expect(result.name).toEqual(issue.description);
+      });
+    });
+
     describe('when an issue has a path but no line', () => {
       const issue = { description: 'Insecure Dependency', location: { path: 'Gemfile.lock' } };
 

spec/helpers/groups_helper_spec.rb

@@ -146,7 +146,7 @@ RSpec.describe GroupsHelper do
 
       let(:possible_help_texts) do
         {
-          default_help: "This setting will be applied to all subgroups unless overridden by a group owner",
+          default_help: "This setting is applied to all subgroups unless overridden by a group owner",
           ancestor_locked_but_you_can_override: %r{This setting is applied on <a .+>.+</a>\. You can override the setting or .+},
           ancestor_locked_so_ask_the_owner: /This setting is applied on .+\. To share projects in this group with another group, ask the owner to override the setting or remove the share with group lock from .+/,
           ancestor_locked_and_has_been_overridden: /This setting is applied on .+ and has been overridden on this subgroup/

spec/models/instance_configuration_spec.rb

@@ -175,6 +175,9 @@ RSpec.describe InstanceConfiguration do
             throttle_authenticated_packages_api_enabled: true,
             throttle_authenticated_packages_api_requests_per_period: 1011,
             throttle_authenticated_packages_api_period_in_seconds: 1012,
+            throttle_authenticated_git_lfs_enabled: true,
+            throttle_authenticated_git_lfs_requests_per_period: 1022,
+            throttle_authenticated_git_lfs_period_in_seconds: 1023,
             issues_create_limit: 1013,
             notes_create_limit: 1014,
             project_export_limit: 1015,
@@ -196,6 +199,7 @@ RSpec.describe InstanceConfiguration do
           expect(rate_limits[:protected_paths]).to eq({ enabled: true, requests_per_period: 1007, period_in_seconds: 1008 })
           expect(rate_limits[:unauthenticated_packages_api]).to eq({ enabled: false, requests_per_period: 1009, period_in_seconds: 1010 })
           expect(rate_limits[:authenticated_packages_api]).to eq({ enabled: true, requests_per_period: 1011, period_in_seconds: 1012 })
+          expect(rate_limits[:authenticated_git_lfs_api]).to eq({ enabled: true, requests_per_period: 1022, period_in_seconds: 1023 })
           expect(rate_limits[:issue_creation]).to eq({ enabled: true, requests_per_period: 1013, period_in_seconds: 60 })
           expect(rate_limits[:note_creation]).to eq({ enabled: true, requests_per_period: 1014, period_in_seconds: 60 })
           expect(rate_limits[:project_export]).to eq({ enabled: true, requests_per_period: 1015, period_in_seconds: 60 })

spec/views/projects/commits/_commit.html.haml_spec.rb

@@ -11,6 +11,24 @@ RSpec.describe 'projects/commits/_commit.html.haml' do
     allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 
+  context 'with different committer' do
+    let(:ref) { 'master' }
+    let(:committer) { create(:user) }
+
+    it 'renders committed by user' do
+      allow(commit).to receive(:different_committer?).and_return(true)
+      allow(commit).to receive(:committer).and_return(committer)
+
+      render partial: template, locals: {
+        project: project,
+        ref: ref,
+        commit: commit
+      }
+
+      expect(rendered).to have_text("#{committer.name} committed")
+    end
+  end
+
   context 'with a signed commit' do
     let(:ref) { GpgHelpers::SIGNED_COMMIT_SHA }