Add latest changes from gitlab-org/gitlab@master

GITALY_SERVER_VERSION

@@ -1 +1 @@
-b2c8eaa672c9f2dc4b55477a3876f957e2c9a768
+5aa9d4d29c49ebe427a4a895158e195725cda2da

app/assets/javascripts/profile/account/components/update_username.vue

@@ -60,7 +60,7 @@ Please update your Git repository remotes as soon as possible.`),
       return {
         text: __('Update username'),
         attributes: [
-          { variant: 'warning' },
+          { variant: 'confirm' },
           { category: 'primary' },
           { disabled: this.isRequestPending },
         ],
@@ -127,8 +127,7 @@ Please update your Git repository remotes as soon as possible.`),
       v-gl-modal-directive="$options.modalId"
       :disabled="newUsername === username"
       :loading="isRequestPending"
-      category="primary"
+      variant="confirm"
-      variant="warning"
       data-testid="username-change-confirmation-modal"
       >{{ $options.buttonText }}</gl-button
     >

app/assets/stylesheets/framework/forms.scss

@@ -110,6 +110,7 @@ label {
   }
 
   &:focus {
+    border-color: $gray-400;
     @include gl-focus;
   }
 }

app/assets/stylesheets/framework/timeline.scss

@@ -49,7 +49,7 @@
   }
 
   img.avatar {
-    margin-right: $gl-padding;
+    margin-right: $gl-padding-12;
 
     @include media-breakpoint-down(sm) {
       width: $gl-spacing-scale-6;

app/assets/stylesheets/page_bundles/issues_show.scss

@@ -22,9 +22,10 @@
       inset-inline-start: 1rem;
     }
 
-    /* The inside bullet aligns itself to the bottom, which we see when text to its right wraps.
+    /* The inside bullet aligns itself to the bottom, which we see when text to the right of
-     * We fix this by aligning it to the top. Targeting ::marker doesn't seem to work. */
+     * a multi-line list item wraps. We fix this by aligning it to the top, and excluding
-    > * {
+     * other elements adversely affected by this. Targeting ::marker doesn't seem to work. */
+    > *:not(code):not(input):not(.gl-label) {
       vertical-align: top;
     }
 
@@ -38,7 +39,23 @@
 
     /* We fix the other paragraphs not indenting to the
      * right of the bullet due to the inside bullet. */
-    > :not(p:first-of-type):not(.drag-icon):not(.task-list-item-checkbox):not(.gfm-issue):not(.js-add-task) {
+    p ~ a,
+    p ~ blockquote,
+    p ~ code,
+    p ~ details,
+    p ~ dl,
+    p ~ h1,
+    p ~ h2,
+    p ~ h3,
+    p ~ h4,
+    p ~ h5,
+    p ~ h6,
+    p ~ hr,
+    p ~ ol,
+    p ~ p,
+    p ~ table:not(.code), /* We need :not(.code) to override typography.scss */
+    p ~ ul,
+    p ~ .markdown-code-block {
       margin-inline-start: 1rem;
     }
   }

app/assets/stylesheets/pages/note_form.scss

@@ -77,6 +77,10 @@
   }
 }
 
+.md-area:focus-within {
+  @include gl-focus;
+}
+
 .md-header .nav-links {
   display: flex;
   flex-flow: row wrap;
@@ -427,7 +431,11 @@ table {
 }
 
 .comment-warning-wrapper {
+  transition: border-color ease-in-out 0.15s,
+    box-shadow ease-in-out 0.15s;
+
   .md-area {
     border: 0;
+    box-shadow: none;
   }
 }

app/assets/stylesheets/pages/notes.scss

@@ -199,6 +199,7 @@ $system-note-svg-size: 16px;
     }
 
     .note-body {
+      padding: $gl-padding-4;
       overflow-x: auto;
       overflow-y: hidden;
 
@@ -615,6 +616,7 @@ $system-note-svg-size: 16px;
 
 .note-header-info {
   min-width: 0;
+  padding-left: $gl-padding-4;
 
   &.discussion {
     padding-bottom: 0;
@@ -623,7 +625,7 @@ $system-note-svg-size: 16px;
 
 .note-header-info,
 .note-actions {
-  padding-bottom: $gl-padding-8;
+  padding-bottom: $gl-padding-4;
 }
 
 .system-note .note-header-info {

config/feature_flags/development/force_no_sharing_primary_model.yml

@@ -1,8 +0,0 @@
----
-name: force_no_sharing_primary_model
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76188
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/347286
-milestone: '14.8'
-type: development
-group: group::sharding
-default_enabled: false

config/mail_room.yml

@@ -46,6 +46,7 @@
       :delivery_method: postback
       :delivery_options:
         :delivery_url: <%= config[:gitlab_url] %>/api/v4/internal/mail_room/<%= key %>
+        :content_type: text/plain
         :jwt_auth_header: <%= Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER %>
         :jwt_issuer: <%= Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER %>
         :jwt_algorithm: "HS256"

data/deprecations/14-9-background-upload.yml

@@ -6,7 +6,7 @@
   breaking_change: true
   reporter: fzimmer
   body: |  # Do not modify this line, instead modify the lines below.
-    To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+    To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. Review the [15.0 specific changes](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html) for the [removed background uploads settings for object storage](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html#removed-background-uploads-settings-for-object-storage).
 
     This impacts a small subset of object storage providers:
 

db/post_migrate/20220510192117_index_expirable_unknown_artifacts_for_removal.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class IndexExpirableUnknownArtifactsForRemoval < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  TABLE_NAME = 'ci_job_artifacts'
+  INDEX_NAME = 'tmp_index_ci_job_artifacts_on_expire_at_where_locked_unknown'
+  CONDITIONS = 'locked = 2 AND expire_at IS NOT NULL'
+
+  def up
+    prepare_async_index TABLE_NAME, [:expire_at, :job_id], name: INDEX_NAME, where: CONDITIONS
+  end
+
+  def down
+    unprepare_async_index_by_name TABLE_NAME, INDEX_NAME
+  end
+end

db/post_migrate/20220523171107_drop_deploy_tokens_token_column.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class DropDeployTokensTokenColumn < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  COMPOSITE_INDEX_NAME = 'index_deploy_tokens_on_token_and_expires_at_and_id'
+
+  def up
+    remove_column :deploy_tokens, :token
+  end
+
+  def down
+    unless column_exists?(:deploy_tokens, :token)
+      add_column :deploy_tokens, :token, :string
+    end
+
+    add_concurrent_index(:deploy_tokens, :token, unique: true)
+    add_concurrent_index(:deploy_tokens, %i[token expires_at id], where: 'revoked IS FALSE', name: COMPOSITE_INDEX_NAME)
+  end
+end

db/schema_migrations/20220510192117

@@ -0,0 +1 @@
+bb3c52967d818984d1f5350c8fefa6e83e38f2c105e89ebd7ceb39f59587f2b2

db/schema_migrations/20220523171107

@@ -0,0 +1 @@
+5b21dda35554a77388dae289e24df405852ae60bb5947edd061bc3dc595b000d

db/structure.sql

@@ -14350,7 +14350,6 @@ CREATE TABLE deploy_tokens (
     expires_at timestamp with time zone NOT NULL,
     created_at timestamp with time zone NOT NULL,
     name character varying NOT NULL,
-    token character varying,
     username character varying,
     token_encrypted character varying(255),
     deploy_token_type smallint DEFAULT 2 NOT NULL,
@@ -27634,10 +27633,6 @@ CREATE INDEX index_deploy_keys_projects_on_project_id ON deploy_keys_projects US
 
 CREATE INDEX index_deploy_tokens_on_creator_id ON deploy_tokens USING btree (creator_id);
 
-CREATE UNIQUE INDEX index_deploy_tokens_on_token ON deploy_tokens USING btree (token);
-
-CREATE INDEX index_deploy_tokens_on_token_and_expires_at_and_id ON deploy_tokens USING btree (token, expires_at, id) WHERE (revoked IS FALSE);
-
 CREATE UNIQUE INDEX index_deploy_tokens_on_token_encrypted ON deploy_tokens USING btree (token_encrypted);
 
 CREATE INDEX index_deployment_approvals_on_approval_rule_id ON deployment_approvals USING btree (approval_rule_id);

doc/administration/pages/index.md

@@ -257,7 +257,6 @@ control over how the Pages daemon runs and serves content in your environment.
 | `auth_scope`                            | The OAuth application scope to use for authentication. Must match GitLab Pages OAuth application settings. Leave blank to use `api` scope by default. |
 | `gitlab_server`                         | Server to use for authentication when access control is enabled; defaults to GitLab `external_url`. |
 | `headers`                               | Specify any additional http headers that should be sent to the client with each response. Multiple headers can be given as an array, header and value as one string, for example `['my-header: myvalue', 'my-other-header: my-other-value']` |
-| `inplace_chroot`                        | [REMOVED in GitLab 14.3.](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561) On [systems that don't support bind-mounts](index.md#gitlab-pages-fails-to-start-in-docker-container), this instructs GitLab Pages to `chroot` into its `pages_path` directory. Some caveats exist when using in-place `chroot`; refer to the GitLab Pages [README](https://gitlab.com/gitlab-org/gitlab-pages/blob/master/README.md#caveats) for more information. |
 | `enable_disk`                           | Allows the GitLab Pages daemon to serve content from disk. Shall be disabled if shared disk storage isn't available. |
 | `insecure_ciphers`                      | Use default list of cipher suites, may contain insecure ones like 3DES and RC4. |
 | `internal_gitlab_server`                | Internal GitLab server address used exclusively for API requests. Useful if you want to send that traffic over an internal load balancer. Defaults to GitLab `external_url`. |
@@ -1208,72 +1207,6 @@ sudo gitlab-ctl tail gitlab-pages
 
 You can also find the log file in `/var/log/gitlab/gitlab-pages/current`.
 
-### `open /etc/ssl/ca-bundle.pem: permission denied`
-
-WARNING:
-This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first.
-
-GitLab Pages runs inside a `chroot` jail, usually in a uniquely numbered directory like
-`/tmp/gitlab-pages-*`.
-
-In the jail, a bundle of trusted certificates is
-provided at `/etc/ssl/ca-bundle.pem`. It's
-[copied there](https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/51)
-from `/opt/gitlab/embedded/ssl/certs/cacert.pem`
-as part of starting up Pages.
-
-If the permissions on the source file are incorrect (they should be `0644`), then
-the file inside the `chroot` jail is also wrong.
-
-Pages logs errors in `/var/log/gitlab/gitlab-pages/current` like:
-
-```plaintext
-x509: failed to load system roots and no roots provided
-open /etc/ssl/ca-bundle.pem: permission denied
-```
-
-The use of a `chroot` jail makes this error misleading, as it is not
-referring to `/etc/ssl` on the root file system.
-
-The fix is to correct the source file permissions and restart Pages:
-
-```shell
-sudo chmod 644 /opt/gitlab/embedded/ssl/certs/cacert.pem
-sudo gitlab-ctl restart gitlab-pages
-```
-
-### `dial tcp: lookup gitlab.example.com` and `x509: certificate signed by unknown authority`
-
-WARNING:
-This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first.
-
-When setting both `inplace_chroot` and `access_control` to `true`, you might encounter errors like:
-
-```plaintext
-dial tcp: lookup gitlab.example.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address
-```
-
-Or:
-
-```plaintext
-open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory
-x509: certificate signed by unknown authority
-```
-
-The reason for those errors is that the files `resolv.conf`, `/etc/hosts/`, `/etc/nsswitch.conf` and `ca-bundle.pem` are missing inside the `chroot`.
-The fix is to copy these files inside the `chroot`:
-
-```shell
-sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl
-sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
-
-sudo cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/
-sudo cp /etc/hosts /var/opt/gitlab/gitlab-rails/shared/pages/etc/
-sudo cp /etc/nsswitch.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/
-sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
-sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem
-```
-
 ### `unsupported protocol scheme \"\""`
 
 If you see the following error:
@@ -1552,28 +1485,6 @@ To do that:
 
 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
 
-### GitLab Pages fails to start in Docker container
-
-WARNING:
-This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first.
-
-The GitLab Pages daemon doesn't have permissions to bind mounts when it runs
-in a Docker container. To overcome this issue, you must change the `chroot`
-behavior:
-
-1. Edit `/etc/gitlab/gitlab.rb`.
-1. Set the `inplace_chroot` to `true` for GitLab Pages:
-
-   ```ruby
-   gitlab_pages['inplace_chroot'] = true
-   ```
-
-1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
-
-NOTE:
-`inplace_chroot` option might not work with the other features, such as [Pages Access Control](#access-control).
-The [GitLab Pages README](https://gitlab.com/gitlab-org/gitlab-pages#caveats) has more information about caveats and workarounds.
-
 ### GitLab Pages deploy job fails with error "is not a recognized provider"
 
 If the **pages** job succeeds but the **deploy** job gives the error "is not a recognized provider":

doc/administration/reference_architectures/10k_users.md

@@ -1620,18 +1620,12 @@ and on all Praefect clients that communicate with it following the procedure des
 
 Note the following:
 
-- The certificate must specify the address you use to access the Praefect server. If
+- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP
-  addressing the Praefect server by:
+  address as a Subject Alternative Name to the certificate.
-
-  - Hostname, you can either use the Common Name field for this, or add it as a Subject
-    Alternative Name.
-  - IP address, you must add it as a Subject Alternative Name to the certificate.
-
 - You can configure Praefect servers with both an unencrypted listening address
   `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.
   This allows you to do a gradual transition from unencrypted to encrypted traffic, if
-  necessary.
+  necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`.
-
 - The Internal Load Balancer will also access to the certificates and need to be configured
   to allow for TLS pass-through.
   Refer to the load balancers documentation on how to configure this.

doc/administration/reference_architectures/25k_users.md

@@ -1624,18 +1624,12 @@ and on all Praefect clients that communicate with it following the procedure des
 
 Note the following:
 
-- The certificate must specify the address you use to access the Praefect server. If
+- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP
-  addressing the Praefect server by:
+  address as a Subject Alternative Name to the certificate.
-
-  - Hostname, you can either use the Common Name field for this, or add it as a Subject
-    Alternative Name.
-  - IP address, you must add it as a Subject Alternative Name to the certificate.
-
 - You can configure Praefect servers with both an unencrypted listening address
   `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.
   This allows you to do a gradual transition from unencrypted to encrypted traffic, if
-  necessary.
+  necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`.
-
 - The Internal Load Balancer will also access to the certificates and need to be configured
   to allow for TLS passthrough.
   Refer to the load balancers documentation on how to configure this.

doc/administration/reference_architectures/2k_users.md

@@ -527,11 +527,9 @@ that communicate with it following the procedure described in
 
 NOTE:
 The self-signed certificate must specify the address you use to access the
-Gitaly server. If you are addressing the Gitaly server by a hostname, you can
+Gitaly server. If you are addressing the Gitaly server by a hostname, add it as a Subject Alternative
-either use the Common Name field for this, or add it as a Subject Alternative
 Name. If you are addressing the Gitaly server by its IP address, you must add it
 as a Subject Alternative Name to the certificate.
-[gRPC does not support using an IP address as Common Name in a certificate](https://github.com/grpc/grpc/issues/2691).
 
 It's possible to configure Gitaly servers with both an unencrypted listening
 address (`listen_addr`) and an encrypted listening address (`tls_listen_addr`)

doc/administration/reference_architectures/3k_users.md

@@ -1564,18 +1564,12 @@ and on all Praefect clients that communicate with it following the procedure des
 
 Note the following:
 
-- The certificate must specify the address you use to access the Praefect server. If
+- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP
-  addressing the Praefect server by:
+  address as a Subject Alternative Name to the certificate.
-
-  - Hostname, you can either use the Common Name field for this, or add it as a Subject
-    Alternative Name.
-  - IP address, you must add it as a Subject Alternative Name to the certificate.
-
 - You can configure Praefect servers with both an unencrypted listening address
   `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.
   This allows you to do a gradual transition from unencrypted to encrypted traffic, if
-  necessary.
+  necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`.
-
 - The Internal Load Balancer will also access to the certificates and need to be configured
   to allow for TLS passthrough.
   Refer to the load balancers documentation on how to configure this.

doc/administration/reference_architectures/50k_users.md

@@ -1633,18 +1633,12 @@ and on all Praefect clients that communicate with it following the procedure des
 
 Note the following:
 
-- The certificate must specify the address you use to access the Praefect server. If
+- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP
-  addressing the Praefect server by:
+  address as a Subject Alternative Name to the certificate.
-
-  - Hostname, you can either use the Common Name field for this, or add it as a Subject
-    Alternative Name.
-  - IP address, you must add it as a Subject Alternative Name to the certificate.
-
 - You can configure Praefect servers with both an unencrypted listening address
   `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.
   This allows you to do a gradual transition from unencrypted to encrypted traffic, if
-  necessary.
+  necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`.
-
 - The Internal Load Balancer will also access to the certificates and need to be configured
   to allow for TLS passthrough.
   Refer to the load balancers documentation on how to configure this.

doc/administration/reference_architectures/5k_users.md

@@ -1562,18 +1562,12 @@ and on all Praefect clients that communicate with it following the procedure des
 
 Note the following:
 
-- The certificate must specify the address you use to access the Praefect server. If
+- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP
-  addressing the Praefect server by:
+  address as a Subject Alternative Name to the certificate.
-
-  - Hostname, you can either use the Common Name field for this, or add it as a Subject
-    Alternative Name.
-  - IP address, you must add it as a Subject Alternative Name to the certificate.
-
 - You can configure Praefect servers with both an unencrypted listening address
   `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time.
   This allows you to do a gradual transition from unencrypted to encrypted traffic, if
-  necessary.
+  necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`.
-
 - The Internal Load Balancer will also access to the certificates and need to be configured
   to allow for TLS passthrough.
   Refer to the load balancers documentation on how to configure this.

doc/update/deprecations.md

@@ -239,7 +239,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 
-To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. Review the [15.0 specific changes](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html) for the [removed background uploads settings for object storage](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html#removed-background-uploads-settings-for-object-storage).
 
 This impacts a small subset of object storage providers:
 

lib/api/internal/mail_room.rb

@@ -12,6 +12,10 @@ module API
     class MailRoom < ::API::Base
       feature_category :service_desk
 
+      format :json
+      content_type :txt, 'text/plain'
+      default_format :txt
+
       before do
         authenticate_gitlab_mailroom_request!
       end

lib/gitlab/database.rb

@@ -223,8 +223,11 @@ module Gitlab
     def self.db_config_for_connection(connection)
       return unless connection
 
+      # For a ConnectionProxy we want to avoid ambiguous db_config as it may
+      # sometimes default to replica so we always return the primary config
+      # instead.
       if connection.is_a?(::Gitlab::Database::LoadBalancing::ConnectionProxy)
-        return connection.load_balancer.configuration.primary_db_config
+        return connection.load_balancer.configuration.db_config
       end
 
       # During application init we might receive `NullPool`

lib/gitlab/database/load_balancing/configuration.rb

@@ -41,8 +41,6 @@ module Gitlab
             end
           end
 
-          config.reuse_primary_connection!
-
           config
         end
 
@@ -61,44 +59,17 @@ module Gitlab
             disconnect_timeout: 120,
             use_tcp: false
           }
-
-          # Temporary model for GITLAB_LOAD_BALANCING_REUSE_PRIMARY_
-          # To be removed with FF
-          @primary_model = nil
         end
 
         def db_config_name
           @model.connection_db_config.name.to_sym
         end
 
-        # With connection re-use the primary connection can be overwritten
+        def connection_specification_name
-        # to be used from different model
+          @model.connection_specification_name
-        def primary_connection_specification_name
-          primary_model_or_model_if_enabled.connection_specification_name
         end
 
-        def primary_model_or_model_if_enabled
+        def db_config
-          if use_dedicated_connection?
-            @model
-          else
-            @primary_model || @model
-          end
-        end
-
-        def use_dedicated_connection?
-          return true unless @primary_model # We can only use dedicated connection, if re-use of connections is disabled
-          return false unless ::Gitlab::SafeRequestStore.active?
-
-          ::Gitlab::SafeRequestStore.fetch(:force_no_sharing_primary_model) do
-            ::Feature::FlipperFeature.table_exists? && ::Feature.enabled?(:force_no_sharing_primary_model)
-          end
-        end
-
-        def primary_db_config
-          primary_model_or_model_if_enabled.connection_db_config
-        end
-
-        def replica_db_config
           @model.connection_db_config
         end
 
@@ -131,30 +102,6 @@ module Gitlab
 
           service_discovery[:record].present?
         end
-
-        # TODO: This is temporary code to allow re-use of primary connection
-        # if the two connections are pointing to the same host. This is needed
-        # to properly support transaction visibility.
-        #
-        # This behavior is required to support [Phase 3](https://gitlab.com/groups/gitlab-org/-/epics/6160#progress).
-        # This method is meant to be removed as soon as it is finished.
-        #
-        # The remapping is done as-is:
-        #   export GITLAB_LOAD_BALANCING_REUSE_PRIMARY_<name-of-connection>=<new-name-of-connection>
-        #
-        # Ex.:
-        #   export GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main
-        #
-        def reuse_primary_connection!
-          new_connection = ENV["GITLAB_LOAD_BALANCING_REUSE_PRIMARY_#{db_config_name}"]
-          return unless new_connection.present?
-
-          @primary_model = Gitlab::Database.database_base_models[new_connection.to_sym]
-
-          unless @primary_model
-            raise "Invalid value for 'GITLAB_LOAD_BALANCING_REUSE_PRIMARY_#{db_config_name}=#{new_connection}'"
-          end
-        end
       end
     end
   end

lib/gitlab/database/load_balancing/load_balancer.rb

@@ -232,14 +232,14 @@ module Gitlab
         # host - An optional host name to use instead of the default one.
         # port - An optional port to connect to.
         def create_replica_connection_pool(pool_size, host = nil, port = nil)
-          db_config = @configuration.replica_db_config
+          db_config = @configuration.db_config
 
           env_config = db_config.configuration_hash.dup
           env_config[:pool] = pool_size
           env_config[:host] = host if host
           env_config[:port] = port if port
 
-          replica_db_config = ActiveRecord::DatabaseConfigurations::HashConfig.new(
+          db_config = ActiveRecord::DatabaseConfigurations::HashConfig.new(
             db_config.env_name,
             db_config.name + REPLICA_SUFFIX,
             env_config
@@ -249,7 +249,7 @@ module Gitlab
           # as it will rewrite ActiveRecord::Base.connection
           ActiveRecord::ConnectionAdapters::ConnectionHandler
             .new
-            .establish_connection(replica_db_config)
+            .establish_connection(db_config)
         end
 
         # ActiveRecord::ConnectionAdapters::ConnectionHandler handles fetching,
@@ -258,7 +258,7 @@ module Gitlab
         # rubocop:disable Database/MultipleDatabases
         def pool
           ActiveRecord::Base.connection_handler.retrieve_connection_pool(
-            @configuration.primary_connection_specification_name,
+            @configuration.connection_specification_name,
             role: ActiveRecord::Base.writing_role,
             shard: ActiveRecord::Base.default_shard
           ) || raise(::ActiveRecord::ConnectionNotEstablished)

lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb

@@ -27,15 +27,9 @@ module Gitlab
             # to reduce amount of labels sort schemas used
             gitlab_schemas = gitlab_schemas.to_a.sort.join(",")
 
-            # Temporary feature to observe relation of `gitlab_schemas` to `db_config_name`
-            # depending on primary model
-            ci_dedicated_primary_connection = ::Ci::ApplicationRecord.connection_class? &&
-              ::Ci::ApplicationRecord.load_balancer.configuration.use_dedicated_connection?
-
             schemas_metrics.increment({
               gitlab_schemas: gitlab_schemas,
-              db_config_name: db_config_name,
+              db_config_name: db_config_name
-              ci_dedicated_primary_connection: ci_dedicated_primary_connection
             })
           end
 

lib/gitlab/metrics/samplers/database_sampler.rb

@@ -72,7 +72,7 @@ module Gitlab
           {
             host: host.host,
             port: host.port,
-            class: load_balancer.configuration.primary_connection_specification_name,
+            class: load_balancer.configuration.connection_specification_name,
             db_config_name: Gitlab::Database.db_config_name(host.connection)
           }
         end

package.json

@@ -57,7 +57,7 @@
     "@gitlab/at.js": "1.5.7",
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/svgs": "2.14.0",
-    "@gitlab/ui": "40.6.2",
+    "@gitlab/ui": "40.6.3",
     "@gitlab/visual-review-tools": "1.7.3",
     "@rails/actioncable": "6.1.4-7",
     "@rails/ujs": "6.1.4-7",
@@ -109,7 +109,7 @@
     "codesandbox-api": "0.0.23",
     "compression-webpack-plugin": "^5.0.2",
     "copy-webpack-plugin": "^6.4.1",
-    "core-js": "^3.22.6",
+    "core-js": "^3.22.7",
     "cron-validator": "^1.1.1",
     "cronstrue": "^1.122.0",
     "cropper": "^2.3.0",

spec/factories/merge_requests.rb

@@ -25,10 +25,6 @@ FactoryBot.define do
       title { generate(:draft_title) }
     end
 
-    trait :wip_merge_request do
-      title { generate(:wip_title) }
-    end
-
     trait :jira_title do
       title { generate(:jira_title) }
     end

spec/factories/sequences.rb

@@ -16,7 +16,6 @@ FactoryBot.define do
   sequence(:oid) { |n| Digest::SHA2.hexdigest("oid-like-#{n}") }
   sequence(:variable) { |n| "var#{n}" }
   sequence(:draft_title) { |n| "Draft: #{n}" }
-  sequence(:wip_title) { |n| "WIP: #{n}" }
   sequence(:jira_title) { |n| "[PROJ-#{n}]: fix bug" }
   sequence(:jira_description) { |n| "This is a description\n here is the description\n Related to: PROJ-#{n}" }
   sequence(:jira_branch) { |n| "feature/PROJ-#{n}" }

spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json

@@ -1,5 +1,5 @@
 {
-  "version": "3.0",
+  "version": "14.1.2",
   "vulnerabilities": [],
   "remediations": []
 }

spec/fixtures/security_reports/master/gl-sast-missing-scanner.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.2",
+  "version": "14.1.2",
   "vulnerabilities": [
     {
       "category": "sast",

spec/fixtures/security_reports/master/gl-secret-detection-report.json

@@ -1,5 +1,5 @@
 {
-  "version": "3.0",
+  "version": "14.1.2",
   "vulnerabilities": [
     {
       "id": "27d2322d519c94f803ffed1cf6d14e455df97e5a0668e229eb853fdb0d277d2c",

spec/frontend/content_editor/components/__snapshots__/toolbar_link_button_spec.js.snap

@@ -16,15 +16,13 @@ exports[`content_editor/components/toolbar_link_button renders dropdown componen
         <!---->
         <li role=\\"presentation\\" class=\\"gl-px-3!\\">
           <form tabindex=\\"-1\\" class=\\"b-dropdown-form gl-p-0\\">
-            <div placeholder=\\"Link URL\\">
+            <div role=\\"group\\" class=\\"input-group\\" placeholder=\\"Link URL\\">
-              <div role=\\"group\\" class=\\"input-group\\">
+              <!---->
-                <!---->
+              <!----> <input type=\\"text\\" placeholder=\\"Link URL\\" class=\\"form-control gl-form-input\\">
-                <!----> <input type=\\"text\\" placeholder=\\"Link URL\\" class=\\"form-control gl-form-input\\">
+              <div class=\\"input-group-append\\"><button type=\\"button\\" class=\\"btn btn-confirm btn-md gl-button\\">
-                <div class=\\"input-group-append\\"><button type=\\"button\\" class=\\"btn btn-confirm btn-md gl-button\\">
+                  <!---->
-                    <!---->
+                  <!----> <span class=\\"gl-button-text\\">Apply</span></button></div>
-                    <!----> <span class=\\"gl-button-text\\">Apply</span></button></div>
+              <!---->
-                <!---->
-              </div>
             </div>
           </form>
         </li>

spec/frontend/error_tracking_settings/components/app_spec.js

@@ -177,7 +177,7 @@ describe('error tracking settings app', () => {
           const clipBoardButton = findDsnSettings().findComponent(ClipboardButton);
 
           expect(clipBoardInput.props('value')).toBe(TEST_GITLAB_DSN);
-          expect(clipBoardInput.attributes('readonly')).toBeTruthy();
+          expect(clipBoardInput.attributes('readonly')).toBe('');
           expect(clipBoardButton.props('text')).toBe(TEST_GITLAB_DSN);
         });
       });

spec/frontend/profile/account/components/update_username_spec.js

@@ -52,7 +52,7 @@ describe('UpdateUsername component', () => {
       openModalBtn: wrapper.find('[data-testid="username-change-confirmation-modal"]'),
       modalBody: modal.find('.modal-body'),
       modalHeader: modal.find('.modal-title'),
-      confirmModalBtn: wrapper.find('.btn-warning'),
+      confirmModalBtn: wrapper.find('.btn-confirm'),
     };
   };
 

spec/frontend/projects/new/components/new_project_push_tip_popover_spec.js

@@ -57,7 +57,7 @@ describe('New project push tip popover', () => {
     });
     expect(findFormInput().attributes()).toMatchObject({
       'aria-label': 'Push project from command line',
-      readonly: 'readonly',
+      readonly: '',
     });
   });
 

spec/frontend/vue_shared/components/__snapshots__/clone_dropdown_spec.js.snap

@@ -24,41 +24,38 @@ exports[`Clone Dropdown Button rendering matches the snapshot 1`] = `
     <div
       class="mx-3"
     >
-      <div
+      <b-input-group-stub
-        readonly="readonly"
+        readonly=""
+        tag="div"
       >
-        <b-input-group-stub
+        <!---->
+         
+        <b-form-input-stub
+          class="gl-form-input"
+          debounce="0"
+          formatter="[Function]"
+          readonly="true"
+          type="text"
+          value="ssh://foo.bar"
+        />
+         
+        <b-input-group-append-stub
           tag="div"
         >
-          <!---->
+          <gl-button-stub
-           
+            aria-label="Copy URL"
-          <b-form-input-stub
+            buttontextclasses=""
-            class="gl-form-input"
+            category="primary"
-            debounce="0"
+            class="d-inline-flex"
-            formatter="[Function]"
+            data-clipboard-text="ssh://foo.bar"
-            readonly="true"
+            data-qa-selector="copy_ssh_url_button"
-            type="text"
+            icon="copy-to-clipboard"
-            value="ssh://foo.bar"
+            size="medium"
+            title="Copy URL"
+            variant="default"
           />
-           
+        </b-input-group-append-stub>
-          <b-input-group-append-stub
+      </b-input-group-stub>
-            tag="div"
-          >
-            <gl-button-stub
-              aria-label="Copy URL"
-              buttontextclasses=""
-              category="primary"
-              class="d-inline-flex"
-              data-clipboard-text="ssh://foo.bar"
-              data-qa-selector="copy_ssh_url_button"
-              icon="copy-to-clipboard"
-              size="medium"
-              title="Copy URL"
-              variant="default"
-            />
-          </b-input-group-append-stub>
-        </b-input-group-stub>
-      </div>
     </div>
      
     <gl-dropdown-section-header-stub>
@@ -68,41 +65,38 @@ exports[`Clone Dropdown Button rendering matches the snapshot 1`] = `
     <div
       class="mx-3"
     >
-      <div
+      <b-input-group-stub
-        readonly="readonly"
+        readonly=""
+        tag="div"
       >
-        <b-input-group-stub
+        <!---->
+         
+        <b-form-input-stub
+          class="gl-form-input"
+          debounce="0"
+          formatter="[Function]"
+          readonly="true"
+          type="text"
+          value="http://foo.bar"
+        />
+         
+        <b-input-group-append-stub
           tag="div"
         >
-          <!---->
+          <gl-button-stub
-           
+            aria-label="Copy URL"
-          <b-form-input-stub
+            buttontextclasses=""
-            class="gl-form-input"
+            category="primary"
-            debounce="0"
+            class="d-inline-flex"
-            formatter="[Function]"
+            data-clipboard-text="http://foo.bar"
-            readonly="true"
+            data-qa-selector="copy_http_url_button"
-            type="text"
+            icon="copy-to-clipboard"
-            value="http://foo.bar"
+            size="medium"
+            title="Copy URL"
+            variant="default"
           />
-           
+        </b-input-group-append-stub>
-          <b-input-group-append-stub
+      </b-input-group-stub>
-            tag="div"
-          >
-            <gl-button-stub
-              aria-label="Copy URL"
-              buttontextclasses=""
-              category="primary"
-              class="d-inline-flex"
-              data-clipboard-text="http://foo.bar"
-              data-qa-selector="copy_http_url_button"
-              icon="copy-to-clipboard"
-              size="medium"
-              title="Copy URL"
-              variant="default"
-            />
-          </b-input-group-append-stub>
-        </b-input-group-stub>
-      </div>
     </div>
   </div>
 </gl-dropdown-stub>

spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb

@@ -39,7 +39,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::SecretDetection do
         end
 
         it "generates expected metadata_version" do
-          expect(report.findings.first.metadata_version).to eq('3.0')
+          expect(report.findings.first.metadata_version).to eq('14.1.2')
         end
       end
     end

spec/lib/gitlab/database/load_balancing/configuration_spec.rb

@@ -100,14 +100,6 @@ RSpec.describe Gitlab::Database::LoadBalancing::Configuration, :request_store do
         expect(config.pool_size).to eq(4)
       end
     end
-
-    it 'calls reuse_primary_connection!' do
-      expect_next_instance_of(described_class) do |subject|
-        expect(subject).to receive(:reuse_primary_connection!).and_call_original
-      end
-
-      described_class.for_model(model)
-    end
   end
 
   describe '#load_balancing_enabled?' do
@@ -203,61 +195,12 @@ RSpec.describe Gitlab::Database::LoadBalancing::Configuration, :request_store do
     end
   end
 
-  describe '#replica_db_config' do
+  describe '#db_config' do
     let(:model) { double(:model, connection_db_config: db_config, connection_specification_name: 'Ci::ApplicationRecord') }
     let(:config) { described_class.for_model(model) }
 
     it 'returns exactly db_config' do
-      expect(config.replica_db_config).to eq(db_config)
+      expect(config.db_config).to eq(db_config)
-    end
-
-    context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do
-      it 'does not change replica_db_config' do
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-
-        expect(config.replica_db_config).to eq(db_config)
-      end
-    end
-  end
-
-  describe 'reuse_primary_connection!' do
-    let(:model) { double(:model, connection_db_config: db_config, connection_specification_name: 'Ci::ApplicationRecord') }
-    let(:config) { described_class.for_model(model) }
-
-    context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_* not configured' do
-      it 'the primary connection uses default specification' do
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil)
-
-        expect(config.primary_connection_specification_name).to eq('Ci::ApplicationRecord')
-      end
-    end
-
-    context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do
-      before do
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-      end
-
-      it 'the primary connection uses main connection' do
-        expect(config.primary_connection_specification_name).to eq('ActiveRecord::Base')
-      end
-
-      context 'when force_no_sharing_primary_model feature flag is enabled' do
-        before do
-          stub_feature_flags(force_no_sharing_primary_model: true)
-        end
-
-        it 'the primary connection uses ci connection' do
-          expect(config.primary_connection_specification_name).to eq('Ci::ApplicationRecord')
-        end
-      end
-    end
-
-    context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=unknown' do
-      it 'raises exception' do
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'unknown')
-
-        expect { config.reuse_primary_connection! }.to raise_error /Invalid value for/
-      end
     end
   end
 end

spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb

@@ -487,46 +487,6 @@ RSpec.describe Gitlab::Database::LoadBalancing::LoadBalancer, :request_store do
     end
   end
 
-  describe 'primary connection re-use', :reestablished_active_record_base, :add_ci_connection do
-    let(:model) { Ci::ApplicationRecord }
-
-    describe '#read' do
-      it 'returns ci replica connection' do
-        expect { |b| lb.read(&b) }.to yield_with_args do |args|
-          expect(args.pool.db_config.name).to eq('ci_replica')
-        end
-      end
-
-      context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do
-        it 'returns ci replica connection' do
-          stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-
-          expect { |b| lb.read(&b) }.to yield_with_args do |args|
-            expect(args.pool.db_config.name).to eq('ci_replica')
-          end
-        end
-      end
-    end
-
-    describe '#read_write' do
-      it 'returns Ci::ApplicationRecord connection' do
-        expect { |b| lb.read_write(&b) }.to yield_with_args do |args|
-          expect(args.pool.db_config.name).to eq('ci')
-        end
-      end
-
-      context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do
-        it 'returns ActiveRecord::Base connection' do
-          stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-
-          expect { |b| lb.read_write(&b) }.to yield_with_args do |args|
-            expect(args.pool.db_config.name).to eq('main')
-          end
-        end
-      end
-    end
-  end
-
   describe '#wal_diff' do
     it 'returns the diff between two write locations' do
       loc1 = lb.send(:get_write_location, lb.pool.connection)

spec/lib/gitlab/database/load_balancing/setup_spec.rb

@@ -122,123 +122,68 @@ RSpec.describe Gitlab::Database::LoadBalancing::Setup do
   context 'uses correct base models', :reestablished_active_record_base do
     using RSpec::Parameterized::TableSyntax
 
-    where do
+    let(:ci_class) do
+      Class.new(ActiveRecord::Base) do
+        def self.name
+          'Ci::ApplicationRecordTemporary'
+        end
+
+        establish_connection ActiveRecord::DatabaseConfigurations::HashConfig.new(
+          Rails.env,
+          'ci',
+          ActiveRecord::Base.connection_db_config.configuration_hash
+        )
+      end
+    end
+
+    let(:models) do
       {
-        "it picks a dedicated CI connection" => {
+        main: ActiveRecord::Base,
-          env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: nil,
+        ci: ci_class
-          request_store_active: false,
-          ff_force_no_sharing_primary_model: false,
-          expectations: {
-            main: { read: 'main_replica', write: 'main' },
-            ci: { read: 'ci_replica', write: 'ci' }
-          }
-        },
-        "with re-use of primary connection it uses CI connection for reads" => {
-          env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main',
-          request_store_active: false,
-          ff_force_no_sharing_primary_model: false,
-          expectations: {
-            main: { read: 'main_replica', write: 'main' },
-            ci: { read: 'ci_replica', write: 'main' }
-          }
-        },
-        "with re-use and FF force_no_sharing_primary_model enabled with RequestStore it sticks FF and uses CI connection for reads and writes" => {
-          env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main',
-          request_store_active: true,
-          ff_force_no_sharing_primary_model: true,
-          expectations: {
-            main: { read: 'main_replica', write: 'main' },
-            ci: { read: 'ci_replica', write: 'ci' }
-          }
-        },
-        "with re-use and FF force_no_sharing_primary_model enabled without RequestStore it doesn't use FF and uses CI connection for reads only" => {
-          env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main',
-          request_store_active: true,
-          ff_force_no_sharing_primary_model: false,
-          expectations: {
-            main: { read: 'main_replica', write: 'main' },
-            ci: { read: 'ci_replica', write: 'main' }
-          }
-        }
       }
     end
 
-    with_them do
+    before do
-      let(:ci_class) do
+      allow(Gitlab).to receive(:dev_or_test_env?).and_return(false)
-        Class.new(ActiveRecord::Base) do
-          def self.name
-            'Ci::ApplicationRecordTemporary'
-          end
 
-          establish_connection ActiveRecord::DatabaseConfigurations::HashConfig.new(
+      # Rewrite `class_attribute` to use rspec mocking and prevent modifying the objects
-            Rails.env,
+      allow_next_instance_of(described_class) do |setup|
-            'ci',
+        allow(setup).to receive(:configure_connection)
-            ActiveRecord::Base.connection_db_config.configuration_hash
+
-          )
+        allow(setup).to receive(:setup_class_attribute) do |attribute, value|
+          allow(setup.model).to receive(attribute) { value }
         end
       end
 
-      let(:models) do
+      # Make load balancer to force init with a dedicated replicas connections
+      models.each do |_, model|
+        described_class.new(model).tap do |subject|
+          subject.configuration.hosts = [subject.configuration.db_config.host]
+          subject.setup
+        end
+      end
+    end
+
+    it 'results match expectations' do
+      result = models.transform_values do |model|
+        load_balancer = model.connection.instance_variable_get(:@load_balancer)
+
         {
-          main: ActiveRecord::Base,
+          read: load_balancer.read { |connection| connection.pool.db_config.name },
-          ci: ci_class
+          write: load_balancer.read_write { |connection| connection.pool.db_config.name }
         }
       end
 
-      around do |example|
+      expect(result).to eq({
-        if request_store_active
+        main: { read: 'main_replica', write: 'main' },
-          Gitlab::WithRequestStore.with_request_store do
+        ci: { read: 'ci_replica', write: 'ci' }
-            stub_feature_flags(force_no_sharing_primary_model: ff_force_no_sharing_primary_model)
+      })
-            RequestStore.clear!
+    end
 
-            example.run
+    it 'does return load_balancer assigned to a given connection' do
-          end
+      models.each do |name, model|
-        else
+        expect(model.load_balancer.name).to eq(name)
-          example.run
+        expect(model.sticking.instance_variable_get(:@load_balancer)).to eq(model.load_balancer)
-        end
-      end
-
-      before do
-        allow(Gitlab).to receive(:dev_or_test_env?).and_return(false)
-
-        # Rewrite `class_attribute` to use rspec mocking and prevent modifying the objects
-        allow_next_instance_of(described_class) do |setup|
-          allow(setup).to receive(:configure_connection)
-
-          allow(setup).to receive(:setup_class_attribute) do |attribute, value|
-            allow(setup.model).to receive(attribute) { value }
-          end
-        end
-
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci)
-
-        # Make load balancer to force init with a dedicated replicas connections
-        models.each do |_, model|
-          described_class.new(model).tap do |subject|
-            subject.configuration.hosts = [subject.configuration.replica_db_config.host]
-            subject.setup
-          end
-        end
-      end
-
-      it 'results match expectations' do
-        result = models.transform_values do |model|
-          load_balancer = model.connection.instance_variable_get(:@load_balancer)
-
-          {
-            read: load_balancer.read { |connection| connection.pool.db_config.name },
-            write: load_balancer.read_write { |connection| connection.pool.db_config.name }
-          }
-        end
-
-        expect(result).to eq(expectations)
-      end
-
-      it 'does return load_balancer assigned to a given connection' do
-        models.each do |name, model|
-          expect(model.load_balancer.name).to eq(name)
-          expect(model.sticking.instance_variable_get(:@load_balancer)).to eq(model.load_balancer)
-        end
       end
     end
   end

spec/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics_spec.rb

@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
     process_sql(ActiveRecord::Base, "SELECT 1 FROM projects")
   end
 
-  context 'properly observes all queries', :add_ci_connection, :request_store do
+  context 'properly observes all queries', :add_ci_connection do
     using RSpec::Parameterized::TableSyntax
 
     where do
@@ -28,8 +28,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
           expectations: {
             gitlab_schemas: "gitlab_main",
             db_config_name: "main"
-          },
+          }
-          setup: nil
         },
         "for query accessing gitlab_ci and gitlab_main" => {
           model: ApplicationRecord,
@@ -37,8 +36,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
           expectations: {
             gitlab_schemas: "gitlab_ci,gitlab_main",
             db_config_name: "main"
-          },
+          }
-          setup: nil
         },
         "for query accessing gitlab_ci and gitlab_main the gitlab_schemas is always ordered" => {
           model: ApplicationRecord,
@@ -46,8 +44,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
           expectations: {
             gitlab_schemas: "gitlab_ci,gitlab_main",
             db_config_name: "main"
-          },
+          }
-          setup: nil
         },
         "for query accessing CI database" => {
           model: Ci::ApplicationRecord,
@@ -56,62 +53,6 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
             gitlab_schemas: "gitlab_ci",
             db_config_name: "ci"
           }
-        },
-        "for query accessing CI database with re-use and disabled sharing" => {
-          model: Ci::ApplicationRecord,
-          sql: "SELECT 1 FROM ci_builds",
-          expectations: {
-            gitlab_schemas: "gitlab_ci",
-            db_config_name: "ci",
-            ci_dedicated_primary_connection: true
-          },
-          setup: ->(_) do
-            skip_if_multiple_databases_not_setup
-            stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-            stub_feature_flags(force_no_sharing_primary_model: true)
-          end
-        },
-        "for query accessing CI database with re-use and enabled sharing" => {
-          model: Ci::ApplicationRecord,
-          sql: "SELECT 1 FROM ci_builds",
-          expectations: {
-            gitlab_schemas: "gitlab_ci",
-            db_config_name: "ci",
-            ci_dedicated_primary_connection: false
-          },
-          setup: ->(_) do
-            skip_if_multiple_databases_not_setup
-            stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main')
-            stub_feature_flags(force_no_sharing_primary_model: false)
-          end
-        },
-        "for query accessing CI database without re-use and disabled sharing" => {
-          model: Ci::ApplicationRecord,
-          sql: "SELECT 1 FROM ci_builds",
-          expectations: {
-            gitlab_schemas: "gitlab_ci",
-            db_config_name: "ci",
-            ci_dedicated_primary_connection: true
-          },
-          setup: ->(_) do
-            skip_if_multiple_databases_not_setup
-            stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil)
-            stub_feature_flags(force_no_sharing_primary_model: true)
-          end
-        },
-        "for query accessing CI database without re-use and enabled sharing" => {
-          model: Ci::ApplicationRecord,
-          sql: "SELECT 1 FROM ci_builds",
-          expectations: {
-            gitlab_schemas: "gitlab_ci",
-            db_config_name: "ci",
-            ci_dedicated_primary_connection: true
-          },
-          setup: ->(_) do
-            skip_if_multiple_databases_not_setup
-            stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil)
-            stub_feature_flags(force_no_sharing_primary_model: false)
-          end
         }
       }
     end
@@ -122,15 +63,11 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana
       end
 
       it do
-        stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil)
-
-        instance_eval(&setup) if setup
-
         allow(::Ci::ApplicationRecord.load_balancer).to receive(:configuration)
           .and_return(Gitlab::Database::LoadBalancing::Configuration.for_model(::Ci::ApplicationRecord))
 
         expect(described_class.schemas_metrics).to receive(:increment)
-          .with({ ci_dedicated_primary_connection: anything }.merge(expectations)).and_call_original
+          .with(expectations).and_call_original
 
         process_sql(model, sql)
       end

spec/lib/gitlab/database_spec.rb

@@ -160,13 +160,15 @@ RSpec.describe Gitlab::Database do
       end
     end
 
-    context 'when the connection is LoadBalancing::ConnectionProxy' do
+    context 'when the connection is LoadBalancing::ConnectionProxy', :database_replica do
-      it 'returns primary_db_config' do
+      it 'returns primary db config even if ambiguous queries default to replica' do
-        lb_config = ::Gitlab::Database::LoadBalancing::Configuration.new(ActiveRecord::Base)
+        Gitlab::Database::LoadBalancing::Session.current.use_primary!
-        lb = ::Gitlab::Database::LoadBalancing::LoadBalancer.new(lb_config)
+        primary_config = described_class.db_config_for_connection(ActiveRecord::Base.connection)
-        proxy = ::Gitlab::Database::LoadBalancing::ConnectionProxy.new(lb)
 
-        expect(described_class.db_config_for_connection(proxy)).to eq(lb_config.primary_db_config)
+        Gitlab::Database::LoadBalancing::Session.clear_session
+        Gitlab::Database::LoadBalancing::Session.current.fallback_to_replicas_for_ambiguous_queries do
+          expect(described_class.db_config_for_connection(ActiveRecord::Base.connection)).to eq(primary_config)
+        end
       end
     end
 
@@ -223,9 +225,6 @@ RSpec.describe Gitlab::Database do
 
   describe '.gitlab_schemas_for_connection' do
     it 'does return a valid schema depending on a base model used', :request_store do
-      # FF due to lib/gitlab/database/load_balancing/configuration.rb:92
-      stub_feature_flags(force_no_sharing_primary_model: true)
-
       expect(described_class.gitlab_schemas_for_connection(Project.connection)).to include(:gitlab_main, :gitlab_shared)
       expect(described_class.gitlab_schemas_for_connection(Ci::Build.connection)).to include(:gitlab_ci, :gitlab_shared)
     end

spec/lib/gitlab/mail_room/mail_room_spec.rb

@@ -303,6 +303,7 @@ RSpec.describe Gitlab::MailRoom do
             delivery_method: 'postback',
             delivery_options: {
               delivery_url: "http://gitlab.example/api/v4/internal/mail_room/incoming_email",
+              content_type: "text/plain",
               jwt_auth_header: Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER,
               jwt_issuer: Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER,
               jwt_algorithm: 'HS256',
@@ -316,6 +317,7 @@ RSpec.describe Gitlab::MailRoom do
             delivery_method: 'postback',
             delivery_options: {
               delivery_url: "http://gitlab.example/api/v4/internal/mail_room/service_desk_email",
+              content_type: "text/plain",
               jwt_auth_header: Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER,
               jwt_issuer: Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER,
               jwt_algorithm: 'HS256',

spec/lib/gitlab/metrics/samplers/database_sampler_spec.rb

@@ -66,7 +66,7 @@ RSpec.describe Gitlab::Metrics::Samplers::DatabaseSampler do
         let(:main_replica_host) { main_load_balancer.host }
 
         let(:ci_load_balancer) { double(:load_balancer, host_list: ci_host_list, configuration: configuration) }
-        let(:configuration) { double(:configuration, primary_connection_specification_name: 'Ci::ApplicationRecord') }
+        let(:configuration) { double(:configuration, connection_specification_name: 'Ci::ApplicationRecord') }
         let(:ci_host_list) { double(:host_list, hosts: [ci_replica_host]) }
         let(:ci_replica_host) { double(:host, connection: ci_connection) }
         let(:ci_connection) { double(:connection, pool: Ci::ApplicationRecord.connection_pool) }
@@ -121,7 +121,7 @@ RSpec.describe Gitlab::Metrics::Samplers::DatabaseSampler do
         let(:main_replica_host) { main_load_balancer.host }
 
         let(:ci_load_balancer) { double(:load_balancer, host_list: ci_host_list, configuration: configuration) }
-        let(:configuration) { double(:configuration, primary_connection_specification_name: 'Ci::ApplicationRecord') }
+        let(:configuration) { double(:configuration, connection_specification_name: 'Ci::ApplicationRecord') }
         let(:ci_host_list) { double(:host_list, hosts: [ci_replica_host]) }
         let(:ci_replica_host) { double(:host, connection: ci_connection) }
         let(:ci_connection) { double(:connection, pool: Ci::ApplicationRecord.connection_pool) }

spec/lib/marginalia_spec.rb

@@ -59,7 +59,7 @@ RSpec.describe 'Marginalia spec' do
           "application"    => "test",
           "endpoint_id"    => "MarginaliaTestController#first_user",
           "correlation_id" => correlation_id,
-          "db_config_name" => ENV['GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci'] == 'main' ? 'main' : 'ci'
+          "db_config_name" => 'ci'
         }
       end
 

spec/migrations/20220523171107_drop_deploy_tokens_token_column_spec.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe DropDeployTokensTokenColumn do
+  let(:deploy_tokens) { table(:deploy_tokens) }
+
+  it 'correctly migrates up and down' do
+    reversible_migration do |migration|
+      migration.before -> {
+        expect(deploy_tokens.column_names).to include('token')
+      }
+
+      migration.after -> {
+        deploy_tokens.reset_column_information
+
+        expect(deploy_tokens.column_names).not_to include('token')
+      }
+    end
+  end
+end

spec/models/merge_request_spec.rb

@@ -1394,81 +1394,68 @@ RSpec.describe MergeRequest, factory_default: :keep do
       end
     end
 
-    [
+    context "returns false" do
-      'WIP:', 'WIP: ', '[WIP]', '[WIP] ', ' [WIP] WIP: [WIP] WIP:',
+      # We have removed support for variations of "WIP", and additionally need
-      "WIP ", "(WIP)",
+      #   to test unsupported variations of "Draft" that we have seen users
-      "draft", "Draft", "Draft -", "draft - ", "Draft ", "draft "
+      #   attempt.
-    ].each do |draft_prefix|
+      #
-      it "doesn't detect '#{draft_prefix}' at the start of the title as a draft" do
+      [
-        subject.title = "#{draft_prefix}#{subject.title}"
+        'WIP:', 'WIP: ', '[WIP]', '[WIP] ', ' [WIP] WIP: [WIP] WIP:',
+        "WIP ", "(WIP)",
+        "draft", "Draft", "Draft -", "draft - ", "Draft ", "draft "
+      ].each do |trigger|
+        it "when '#{trigger}' prefixes the title" do
+          subject.title = "#{trigger}#{subject.title}"
 
-        expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
+        end
       end
-    end
 
-    it "doesn't detect merge request title just saying 'wip'" do
+      ["WIP", "Draft"].each do |trigger| # rubocop:disable Style/WordArray
-      subject.title = "wip"
+        it "when merge request title is simply '#{trigger}'" do
+          subject.title = trigger
 
-      expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
-    end
+        end
 
-    it "does not detect merge request title just saying 'draft'" do
+        it "when #{trigger} is in the middle of the title" do
-      subject.title = "draft"
+          subject.title = "Something with #{trigger} in the middle"
 
-      expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
-    end
+        end
 
-    it 'does not detect WIP in the middle of the title' do
+        it "when #{trigger} is at the end of the title" do
-      subject.title = 'Something with WIP in the middle'
+          subject.title = "Something ends with #{trigger}"
 
-      expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
-    end
+        end
 
-    it 'does not detect Draft in the middle of the title' do
+        it "when title contains words starting with #{trigger}" do
-      subject.title = 'Something with Draft in the middle'
+          subject.title = "#{trigger}foo #{subject.title}"
 
-      expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
-    end
+        end
 
-    it 'does not detect Draft: in the middle of the title' do
+        it "when title contains words containing with #{trigger}" do
-      subject.title = 'Something with Draft: in the middle'
+          subject.title = "Foo#{trigger}Bar #{subject.title}"
 
-      expect(subject.work_in_progress?).to eq false
+          expect(subject.draft?).to eq false
-    end
+        end
+      end
 
-    it 'does not detect WIP at the end of the title' do
+      it 'when Draft: in the middle of the title' do
-      subject.title = 'Something ends with WIP'
+        subject.title = 'Something with Draft: in the middle'
 
-      expect(subject.work_in_progress?).to eq false
+        expect(subject.draft?).to eq false
-    end
+      end
 
-    it 'does not detect Draft at the end of the title' do
+      it "when the title does not contain draft" do
-      subject.title = 'Something ends with Draft'
+        expect(subject.draft?).to eq false
+      end
 
-      expect(subject.work_in_progress?).to eq false
+      it "is aliased to #draft?" do
-    end
+        expect(subject.method(:work_in_progress?)).to eq(subject.method(:draft?))
-
+      end
-    it "doesn't detect WIP for words starting with WIP" do
-      subject.title = "Wipwap #{subject.title}"
-      expect(subject.work_in_progress?).to eq false
-    end
-
-    it "doesn't detect WIP for words containing with WIP" do
-      subject.title = "WupWipwap #{subject.title}"
-      expect(subject.work_in_progress?).to eq false
-    end
-
-    it "doesn't detect draft for words containing with draft" do
-      subject.title = "Drafting #{subject.title}"
-      expect(subject.work_in_progress?).to eq false
-    end
-
-    it "doesn't detect WIP by default" do
-      expect(subject.work_in_progress?).to eq false
-    end
-
-    it "is aliased to #draft?" do
-      expect(subject.method(:work_in_progress?)).to eq(subject.method(:draft?))
     end
   end
 

spec/requests/api/internal/mail_room_spec.rb

@@ -215,5 +215,29 @@ RSpec.describe API::Internal::MailRoom do
         expect(job).to match a_hash_including('args' => [encoded_email_content])
       end
     end
+
+    context 'handle text/plain request content type' do
+      let(:auth_headers) do
+        jwt_token = JWT.encode(auth_payload, incoming_email_secret, 'HS256')
+        {
+          Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER => jwt_token,
+          'Content-Type' => 'text/plain'
+        }
+      end
+
+      it 'schedules a EmailReceiverWorker job with email content encoded to utf-8 forcefully' do
+        Sidekiq::Testing.fake! do
+          expect do
+            post api("/internal/mail_room/incoming_email"), headers: auth_headers, params: email_content
+          end.to change { EmailReceiverWorker.jobs.size }.by(1)
+        end
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.content_type).to eql('application/json')
+
+        job = EmailReceiverWorker.jobs.last
+        expect(job).to match a_hash_including('args' => [email_content])
+      end
+    end
   end
 end

spec/spec_helper.rb

@@ -256,16 +256,6 @@ RSpec.configure do |config|
   end
 
   config.around do |example|
-    if example.metadata.fetch(:stub_feature_flags, true)
-      # It doesn't make sense for this to default to enabled as we only plan to
-      # use this temporarily to override an environment variable but eventually
-      # we'll just use the environment variable value when we've completed the
-      # gradual rollout. This stub must happen in around block as there are other
-      # around blocks in tests that will run before this and get the wrong
-      # database connection.
-      stub_feature_flags(force_no_sharing_primary_model: false)
-    end
-
     example.run
   end
 

workhorse/go.mod

@@ -29,7 +29,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	gitlab.com/gitlab-org/gitaly/v14 v14.10.0-rc1.0.20220426135705-ccfab390f7c3
 	gitlab.com/gitlab-org/golang-archive-zip v0.1.1
-	gitlab.com/gitlab-org/labkit v1.14.0
+	gitlab.com/gitlab-org/labkit v1.15.0
 	gocloud.dev v0.23.0
 	golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616

workhorse/go.sum

@@ -956,8 +956,8 @@ gitlab.com/gitlab-org/labkit v0.0.0-20200908084045-45895e129029/go.mod h1:SNfxkf
 gitlab.com/gitlab-org/labkit v1.0.0/go.mod h1:nohrYTSLDnZix0ebXZrbZJjymRar8HeV2roWL5/jw2U=
 gitlab.com/gitlab-org/labkit v1.4.1/go.mod h1:x5JO5uvdX4t6e/TZXLXZnFL5AcKz2uLLd3uKXZcuO4k=
 gitlab.com/gitlab-org/labkit v1.5.0/go.mod h1:1ZuVZpjSpCKUgjLx8P6jzkkQFxJI1thUKr6yKV3p0vY=
-gitlab.com/gitlab-org/labkit v1.14.0 h1:LSrvHgybidPyH8fHnsy1GBghrLR4kFObFrtZwUfCgAI=
+gitlab.com/gitlab-org/labkit v1.15.0 h1:rMdhIdONc7bcd5qGRtWav6iInpeDmavDmP9A1tai92k=
-gitlab.com/gitlab-org/labkit v1.14.0/go.mod h1:bcxc4ZpAC+WyACgyKl7FcvT2XXAbl8CrzN6UY+w8cMc=
+gitlab.com/gitlab-org/labkit v1.15.0/go.mod h1:bcxc4ZpAC+WyACgyKl7FcvT2XXAbl8CrzN6UY+w8cMc=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0=

workhorse/internal/upload/destination/objectstore/s3_session.go

@@ -10,6 +10,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws/session"
 
 	"gitlab.com/gitlab-org/gitlab/workhorse/internal/config"
+
+	"gitlab.com/gitlab-org/labkit/fips"
 )
 
 type s3Session struct {
@@ -61,8 +63,9 @@ func setupS3Session(s3Credentials config.S3Credentials, s3Config config.S3Config
 	}
 
 	cfg := &aws.Config{
-		Region:           aws.String(s3Config.Region),
+		Region:                        aws.String(s3Config.Region),
-		S3ForcePathStyle: aws.Bool(s3Config.PathStyle),
+		S3ForcePathStyle:              aws.Bool(s3Config.PathStyle),
+		S3DisableContentMD5Validation: aws.Bool(fips.Enabled()),
 	}
 
 	// In case IAM profiles aren't being used, use the static credentials

yarn.lock

@@ -968,10 +968,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-2.14.0.tgz#92b36bc98ccbed49a4dbca310862146275091cb2"
   integrity sha512-U9EYmEIiTMl7R3X5DmCrw6fz7gz8c1kjvQtaF6HfJ15xDtR7trRAyCNbn3z7YGk1QJ8Cv/Ifw2/T5SxXwYd7dw==
 
-"@gitlab/ui@40.6.2":
+"@gitlab/ui@40.6.3":
-  version "40.6.2"
+  version "40.6.3"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-40.6.2.tgz#196529ed0fcf372402d74042fc828b0b469aeaf2"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-40.6.3.tgz#94f3a46054f3b4d8eb40116b20d23827d9473039"
-  integrity sha512-mOalOdFxjdtCMGUEmzeH1nSN0SCaqIkJQYbtX2x7PI2pyjHAA+8urUeCGC5JlpqDy8a4OmBmZtXTuhvweoOIew==
+  integrity sha512-BWmal3iaBjI16BT9aMWRdYYhuRBAfzvG4/0EbKMS3smlo9yKFd81OdSEfhgFRiJENohk+tEMgR6YqB6V5DOGpw==
   dependencies:
     "@popperjs/core" "^2.11.2"
     bootstrap-vue "2.20.1"
@@ -3876,10 +3876,10 @@ core-js-pure@^3.0.0:
   resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.6.5.tgz#c79e75f5e38dbc85a662d91eea52b8256d53b813"
   integrity sha512-lacdXOimsiD0QyNf9BC/mxivNJ/ybBGJXQFKzRekp1WTHoVUWsUHEn+2T8GJAzzIhyOuXA+gOxCVN3l+5PLPUA==
 
-core-js@^3.22.6:
+core-js@^3.22.7:
-  version "3.22.6"
+  version "3.22.7"
-  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.22.6.tgz#294dd824b4cae2c24725a36baa4a791ed00bb0de"
+  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.22.7.tgz#8d6c37f630f6139b8732d10f2c114c3f1d00024f"
-  integrity sha512-2IGcGH00z9I4twgNWU4uGCNEsBFG1s2JudVQrgSCoVhOfwoTwQjxC8aMo9exrpTMOxvobggEpaHnGMmQY4cfBQ==
+  integrity sha512-Jt8SReuDKVNZnZEzyEQT5eK6T2RRCXkfTq7Lo09kpm+fHjgGewSbNjV+Wt4yZMhPDdzz2x1ulI5z/w4nxpBseg==
 
 core-js@~2.3.0:
   version "2.3.0"