Add latest changes from gitlab-org/gitlab@master

app/views/admin/groups/_group.html.haml

@@ -1,30 +1,11 @@
 - group = local_assigns.fetch(:group)
-- css_class = 'no-description' if group.description.blank?
+- css_class = "gl-display-flex!#{' no-description' if group.description.blank?}"
 
-%li.group-row.py-3{ class: css_class, data: { qa_selector: 'group_row_content' } }
+%li.group-row.gl-py-3.gl-align-items-center{ class: css_class, data: { qa_selector: 'group_row_content' } }
-  .controls
+  .avatar-container.rect-avatar.s40.gl-flex-shrink-0
-    = link_to _('Edit'), admin_group_edit_path(group), id: "edit_#{dom_id(group)}", class: 'btn'
+    = group_icon(group, class: "avatar s40")
-    = link_to _('Delete'), [:admin, group], data: { confirm: _("Are you sure you want to remove %{group_name}?") % { group_name: group.name } }, method: :delete, class: 'btn btn-remove'
-  .stats
-    %span.badge.badge-pill
-      = storage_counter(group.storage_size)
 
-    = render_if_exists 'admin/namespace_plan_badge', namespace: group
+  .gl-min-w-0.gl-flex-grow-1
-    = render_if_exists 'admin/groups/marked_for_deletion_badge', group: group
-
-    %span
-      = icon('bookmark')
-      = number_with_delimiter(group.projects.count)
-
-    %span
-      = icon('users')
-      = number_with_delimiter(group.users.count)
-
-    %span.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
-      = visibility_level_icon(group.visibility_level, fw: false)
-
-  .avatar-container.rect-avatar.s40
-    = group_icon(group, class: "avatar s40 d-none d-sm-block")
     .title
       = link_to [:admin, group], class: 'group-name', data: { qa_selector: 'group_name_link' } do
         = group.full_name
@@ -32,3 +13,25 @@
     - if group.description.present?
       .description
         = markdown_field(group, :description)
+
+  .stats.gl-text-gray-700.gl-flex-shrink-0.gl-display-none.gl-display-sm-flex
+    %span.badge.badge-pill
+      = storage_counter(group.storage_size)
+
+    = render_if_exists 'admin/namespace_plan_badge', namespace: group, css_class: 'gl-ml-5 gl-mr-0'
+    = render_if_exists 'admin/groups/marked_for_deletion_badge', group: group, css_class: 'gl-ml-5'
+
+    %span.gl-ml-5
+      = icon('bookmark')
+      = number_with_delimiter(group.projects.count)
+
+    %span.gl-ml-5
+      = icon('users')
+      = number_with_delimiter(group.users.count)
+
+    %span.gl-ml-5.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
+      = visibility_level_icon(group.visibility_level, fw: false)
+
+  .controls.gl-flex-shrink-0.gl-ml-5
+    = link_to _('Edit'), admin_group_edit_path(group), id: "edit_#{dom_id(group)}", class: 'btn'
+    = link_to _('Delete'), [:admin, group], data: { confirm: _("Are you sure you want to remove %{group_name}?") % { group_name: group.name } }, method: :delete, class: 'btn btn-remove'

app/views/shared/groups/_group.html.haml

@@ -1,22 +1,11 @@
 - user = local_assigns.fetch(:user, current_user)
 - access = user&.max_member_access_for_group(group.id)
 
-%li.group-row.py-3{ class: ('no-description' if group.description.blank?) }
+%li.group-row.py-3.gl-align-items-center{ class: "gl-display-flex!#{' no-description' if group.description.blank?}" }
-  .stats
+  .avatar-container.rect-avatar.s40.gl-flex-shrink-0
-    %span
-      = icon('bookmark')
-      = number_with_delimiter(group.projects.non_archived.count)
-
-    %span
-      = icon('users')
-      = number_with_delimiter(group.users.count)
-
-    %span.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
-      = visibility_level_icon(group.visibility_level, fw: false)
-
-  .avatar-container.rect-avatar.s40
     = link_to group do
       = group_icon(group, class: "avatar s40")
+  .gl-min-w-0.gl-flex-grow-1
     .title
       = link_to group.full_name, group, class: 'group-name'
 
@@ -26,3 +15,15 @@
     - if group.description.present?
       .description
         = markdown_field(group, :description)
+
+  .stats.gl-text-gray-700.gl-flex-shrink-0
+    %span.gl-ml-5
+      = icon('bookmark')
+      = number_with_delimiter(group.projects.non_archived.count)
+
+    %span.gl-ml-5
+      = icon('users')
+      = number_with_delimiter(group.users.count)
+
+    %span.gl-ml-5.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
+      = visibility_level_icon(group.visibility_level, fw: false)

changelogs/unreleased/214607-ci-jwt-signing-key-check.yml

@@ -1,5 +0,0 @@
----
-title: Add system check for CI JWT signing key
-merge_request: 33920
-author:
-type: added

changelogs/unreleased/bump_cluster_applications_version.yml

@@ -0,0 +1,5 @@
+---
+title: Bump cluster-applications version to v0.20.0
+merge_request: 34569
+author:
+type: added

doc/administration/packages/container_registry.md

@@ -720,6 +720,8 @@ no longer directly accessible via the `:latest` tag.
 
 ### Recycling unused tags
 
+> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/987) in Omnibus GitLab 8.12.
+
 There are a couple of considerations you need to note before running the
 built-in command:
 
@@ -775,6 +777,8 @@ that you have backed up all registry data.
 
 ### Performing garbage collection without downtime
 
+> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/764) in GitLab 8.8.
+
 You can perform a garbage collection without stopping the Container Registry by setting
 it into a read-only mode and by not using the built-in command. During this time,
 you will be able to pull from the Container Registry, but you will not be able to

doc/api/feature_flag_specs.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Progressive Delivery
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Feature Flag Specs API **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9566) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.5.

doc/api/feature_flag_user_lists.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Progressive Delivery
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Feature flag user lists API **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/205409) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.10.

doc/api/feature_flags.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Progressive Delivery
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Feature Flags API **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9566) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.5.

doc/api/feature_flags_legacy.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Progressive Delivery
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Legacy Feature Flags API **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9566) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.5.

doc/api/features.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Progressive Delivery
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Features flags API
 
 This API is for managing Flipper-based [feature flags used in development of GitLab](../development/feature_flags/index.md).

doc/api/merge_trains.md

@@ -1,3 +1,9 @@
+---
+stage: Verify
+group: Continuous Integration
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Merge Trains API **(PREMIUM)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36146) in GitLab 12.9.

doc/api/packages.md

@@ -1,3 +1,9 @@
+---
+stage: Package
+group: Package
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Packages API **(PREMIUM)**
 
 This is the API docs of [GitLab Packages](../administration/packages/index.md).

doc/api/pages.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Pages API
 
 Endpoints for managing [GitLab Pages](https://about.gitlab.com/stages-devops-lifecycle/pages/).

doc/api/pages_domains.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Pages domains API
 
 Endpoints for connecting custom domain(s) and TLS certificates in [GitLab Pages](https://about.gitlab.com/stages-devops-lifecycle/pages/).

doc/api/releases/index.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Releases API
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41766) in GitLab 11.7.

doc/api/releases/links.md

@@ -1,3 +1,9 @@
+---
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Release links API
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41766) in GitLab 11.7.

doc/api/runners.md

@@ -1,3 +1,9 @@
+---
+stage: Verify
+group: Runner
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # Runners API
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/2640) in GitLab 8.5

doc/ci/yaml/README.md

@@ -3451,7 +3451,7 @@ variables:
 
 `none` also re-uses the local working copy, but skips all Git operations
 (including GitLab Runner's pre-clone script, if present). It's mostly useful
-for jobs that operate exclusively on artifacts (for examples `deploy`). Git repository
+for jobs that operate exclusively on artifacts (for example, `deploy`). Git repository
 data may be present, but it's certain to be out of date, so you should only
 rely on files brought into the local working copy from cache or artifacts.
 

doc/user/admin_area/settings/continuous_integration.md

@@ -1,4 +1,7 @@
 ---
+stage: Verify
+group: Continuous Integration
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 type: reference
 ---
 

doc/user/clusters/applications.md

@@ -483,7 +483,7 @@ For information on configuring Crossplane installed on the cluster, see
 [Crossplane configuration](crossplane.md).
 
 NOTE: **Note:**
-[`alpha/crossplane`](https://charts.crossplane.io/alpha/) chart v0.4.1 is used to
+[`alpha/crossplane`](https://github.com/crossplane/crossplane/tree/v0.4.1/cluster/charts/crossplane) chart v0.4.1 is used to
 install Crossplane using the
 [`values.yaml`](https://github.com/crossplane/crossplane/blob/master/cluster/charts/crossplane/values.yaml.tmpl)
 file.
@@ -1121,7 +1121,7 @@ You can customize the installation of JupyterHub by defining a
 `.gitlab/managed-apps/jupyterhub/values.yaml` file in your cluster management project.
 
 Refer to the
-[chart reference](https://zero-to-jupyterhub.readthedocs.io/en/stable/reference.html) for the
+[chart reference](https://zero-to-jupyterhub.readthedocs.io/en/stable/reference/reference.html) for the
 available configuration options.
 
 ### Install Elastic Stack using GitLab CI/CD

doc/user/packages/composer_repository/index.md

@@ -1,3 +1,9 @@
+---
+stage: Package
+group: Package
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # GitLab Composer Repository **(PREMIUM)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15886) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.1.

doc/user/packages/go_proxy/index.md

@@ -1,3 +1,9 @@
+---
+stage: Package
+group: Package
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
 # GitLab Go Proxy **(PREMIUM)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/27376) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.1.

lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml

@@ -1,6 +1,6 @@
 apply:
   stage: deploy
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.17.0"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.20.0"
   environment:
     name: production
   variables:
@@ -20,6 +20,8 @@ apply:
     FLUENTD_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/fluentd/values.yaml
     KNATIVE_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/knative/values.yaml
     POSTHOG_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/posthog/values.yaml
+    FALCO_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/falco/values.yaml
+    APPARMOR_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/apparmor/values.yaml
   script:
     - gitlab-managed-apps /usr/local/share/gitlab-managed-apps/helmfile.yaml
   only:

lib/gitlab/usage_data_concerns/topology.rb

@@ -5,6 +5,17 @@ module Gitlab
     module Topology
       include Gitlab::Utils::UsageData
 
+      JOB_TO_SERVICE_NAME = {
+        'gitlab-rails' => 'web',
+        'gitlab-sidekiq' => 'sidekiq',
+        'gitlab-workhorse' => 'workhorse',
+        'redis' => 'redis',
+        'postgres' => 'postgres',
+        'gitaly' => 'gitaly',
+        'prometheus' => 'prometheus',
+        'node' => 'node-exporter'
+      }.freeze
+
       def topology_usage_data
         topology_data, duration = measure_duration do
           alt_usage_data(fallback: {}) do
@@ -50,12 +61,12 @@ module Gitlab
       def topology_all_service_memory(client)
         aggregate_many(
           client,
-          'avg ({__name__=~"ruby_process_(resident|unique|proportional)_memory_bytes"}) by (instance, job, __name__)'
+          'avg ({__name__ =~ "(ruby_){0,1}process_(resident|unique|proportional)_memory_bytes", job != "gitlab_exporter_process"}) by (instance, job, __name__)'
         )
       end
 
       def topology_all_service_process_count(client)
-        aggregate_many(client, 'count (ruby_process_start_time_seconds) by (instance, job)')
+        aggregate_many(client, 'count ({__name__ =~ "(ruby_){0,1}process_start_time_seconds", job != "gitlab_exporter_process"}) by (instance, job)')
       end
 
       def topology_node_services(instance, all_process_counts, all_process_memory)
@@ -64,28 +75,32 @@ module Gitlab
           topology_instance_service_process_count(instance, all_process_counts)
             .deep_merge(topology_instance_service_memory(instance, all_process_memory))
 
-        # map to list of hashes where service name becomes a value instead
+        # map to list of hashes where service names become values instead, and remove
-        instance_service_data.map do |service, data|
+        # unknown services, since they might not be ours
-          { name: service.to_s }.merge(data)
+        instance_service_data.each_with_object([]) do |entry, list|
+          service, service_metrics = entry
+          gitlab_service = JOB_TO_SERVICE_NAME[service.to_s]
+          next unless gitlab_service
+
+          list << { name: gitlab_service }.merge(service_metrics)
         end
       end
 
       def topology_instance_service_process_count(instance, all_instance_data)
         topology_data_for_instance(instance, all_instance_data).to_h do |metric, count|
-          job = metric['job'].underscore.to_sym
+          [metric['job'], { process_count: count }]
-          [job, { process_count: count }]
         end
       end
 
       def topology_instance_service_memory(instance, all_instance_data)
         topology_data_for_instance(instance, all_instance_data).each_with_object({}) do |entry, hash|
           metric, memory = entry
-          job = metric['job'].underscore.to_sym
+          job = metric['job']
           key =
             case metric['__name__']
-            when 'ruby_process_resident_memory_bytes' then :process_memory_rss
+            when match_process_memory_metric_for_type('resident') then :process_memory_rss
-            when 'ruby_process_unique_memory_bytes' then :process_memory_uss
+            when match_process_memory_metric_for_type('unique') then :process_memory_uss
-            when 'ruby_process_proportional_memory_bytes' then :process_memory_pss
+            when match_process_memory_metric_for_type('proportional') then :process_memory_pss
             end
 
           hash[job] ||= {}
@@ -93,6 +108,10 @@ module Gitlab
         end
       end
 
+      def match_process_memory_metric_for_type(type)
+        /(ruby_){0,1}process_#{type}_memory_bytes/
+      end
+
       def topology_data_for_instance(instance, all_instance_data)
         all_instance_data.filter { |metric, _value| metric['instance'] == instance }
       end

lib/system_check/app/ci_jwt_signing_key_check.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-module SystemCheck
-  module App
-    class CiJwtSigningKeyCheck < SystemCheck::BaseCheck
-      set_name 'Valid CI JWT signing key?'
-
-      def check?
-        key_data = Rails.application.secrets.ci_jwt_signing_key
-        return false unless key_data.present?
-
-        OpenSSL::PKey::RSA.new(key_data)
-
-        true
-      rescue OpenSSL::PKey::RSAError
-        false
-      end
-
-      def show_error
-        $stdout.puts '  Rails.application.secrets.ci_jwt_signing_key is missing or not a valid RSA key.'.color(:red)
-        $stdout.puts '  CI_JOB_JWT will not be generated for CI jobs.'.color(:red)
-
-        for_more_information(
-          'doc/ci/variables/predefined_variables.md',
-          'doc/ci/examples/authenticating-with-hashicorp-vault/index.md'
-        )
-      end
-    end
-  end
-end

lib/system_check/rake_task/app_task.rb

@@ -33,8 +33,7 @@ module SystemCheck
           SystemCheck::App::ActiveUsersCheck,
           SystemCheck::App::AuthorizedKeysPermissionCheck,
           SystemCheck::App::HashedStorageEnabledCheck,
-          SystemCheck::App::HashedStorageAllProjectsCheck,
+          SystemCheck::App::HashedStorageAllProjectsCheck
-          SystemCheck::App::CiJwtSigningKeyCheck
         ]
       end
     end

spec/lib/gitlab/usage_data_concerns/topology_spec.rb

@@ -42,14 +42,14 @@ describe Gitlab::UsageDataConcerns::Topology do
                 node_cpus: 8,
                 node_services: [
                   {
-                    name: 'gitlab_rails',
+                    name: 'web',
                     process_count: 10,
                     process_memory_rss: 300,
                     process_memory_uss: 301,
                     process_memory_pss: 302
                   },
                   {
-                    name: 'gitlab_sidekiq',
+                    name: 'sidekiq',
                     process_count: 5,
                     process_memory_rss: 303
                   }
@@ -60,10 +60,15 @@ describe Gitlab::UsageDataConcerns::Topology do
                 node_cpus: 16,
                 node_services: [
                   {
-                    name: 'gitlab_sidekiq',
+                    name: 'sidekiq',
                     process_count: 15,
                     process_memory_rss: 400,
                     process_memory_pss: 401
+                  },
+                  {
+                    name: 'redis',
+                    process_count: 1,
+                    process_memory_rss: 402
                   }
                 ]
               }
@@ -118,7 +123,7 @@ describe Gitlab::UsageDataConcerns::Topology do
 
   def receive_node_memory_query(result: nil)
     receive(:query)
-      .with('avg (node_memory_MemTotal_bytes) by (instance)', an_instance_of(Hash))
+      .with(/node_memory_MemTotal_bytes/, an_instance_of(Hash))
       .and_return(result || [
         {
           'metric' => { 'instance' => 'instance1:8080' },
@@ -133,7 +138,7 @@ describe Gitlab::UsageDataConcerns::Topology do
 
   def receive_node_cpu_count_query(result: nil)
     receive(:query)
-      .with('count (node_cpu_seconds_total{mode="idle"}) by (instance)', an_instance_of(Hash))
+      .with(/node_cpu_seconds_total/, an_instance_of(Hash))
       .and_return(result || [
         {
           'metric' => { 'instance' => 'instance2:8090' },
@@ -148,7 +153,7 @@ describe Gitlab::UsageDataConcerns::Topology do
 
   def receive_node_service_memory_query(result: nil)
     receive(:query)
-      .with('avg ({__name__=~"ruby_process_(resident|unique|proportional)_memory_bytes"}) by (instance, job, __name__)', an_instance_of(Hash))
+      .with(/process_.+_memory_bytes/, an_instance_of(Hash))
       .and_return(result || [
         # instance 1: runs Puma + a small Sidekiq
         {
@@ -167,7 +172,7 @@ describe Gitlab::UsageDataConcerns::Topology do
           'metric' => { 'instance' => 'instance1:8090', 'job' => 'gitlab-sidekiq', '__name__' => 'ruby_process_resident_memory_bytes' },
           'value' => [1000, '303']
         },
-        # instance 2: runs a dedicated Sidekiq
+        # instance 2: runs a dedicated Sidekiq + Redis (which uses a different metric name)
         {
           'metric' => { 'instance' => 'instance2:8090', 'job' => 'gitlab-sidekiq', '__name__' => 'ruby_process_resident_memory_bytes' },
           'value' => [1000, '400']
@@ -175,13 +180,17 @@ describe Gitlab::UsageDataConcerns::Topology do
         {
           'metric' => { 'instance' => 'instance2:8090', 'job' => 'gitlab-sidekiq', '__name__' => 'ruby_process_proportional_memory_bytes' },
           'value' => [1000, '401']
+        },
+        {
+          'metric' => { 'instance' => 'instance2:9121', 'job' => 'redis', '__name__' => 'process_resident_memory_bytes' },
+          'value' => [1000, '402']
         }
       ])
   end
 
   def receive_node_service_process_count_query(result: nil)
     receive(:query)
-      .with('count (ruby_process_start_time_seconds) by (instance, job)', an_instance_of(Hash))
+      .with(/process_start_time_seconds/, an_instance_of(Hash))
       .and_return(result || [
         # instance 1
         {
@@ -196,6 +205,15 @@ describe Gitlab::UsageDataConcerns::Topology do
         {
           'metric' => { 'instance' => 'instance2:8090', 'job' => 'gitlab-sidekiq' },
           'value' => [1000, '15']
+        },
+        {
+          'metric' => { 'instance' => 'instance2:9121', 'job' => 'redis' },
+          'value' => [1000, '1']
+        },
+        # unknown service => should be stripped out
+        {
+          'metric' => { 'instance' => 'instance2:9000', 'job' => 'not-a-gitlab-service' },
+          'value' => [1000, '42']
         }
       ])
   end

spec/lib/system_check/app/ci_jwt_signing_key_check_spec.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe SystemCheck::App::CiJwtSigningKeyCheck do
-  subject(:system_check) { described_class.new }
-
-  describe '#check?' do
-    it 'returns false when key is not present' do
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(nil)
-
-      expect(system_check.check?).to eq(false)
-    end
-
-    it 'returns false when key is not valid RSA key' do
-      invalid_key = OpenSSL::PKey::RSA.new(1024).to_s.delete("\n")
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(invalid_key)
-
-      expect(system_check.check?).to eq(false)
-    end
-
-    it 'returns true when key is valid RSA key' do
-      valid_key = OpenSSL::PKey::RSA.new(1024).to_s
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(valid_key)
-
-      expect(system_check.check?).to eq(true)
-    end
-  end
-end