Add latest changes from gitlab-org/gitlab@master

.gitlab-ci.yml

@@ -57,15 +57,15 @@ variables:
   BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3 --quiet"
   # we override the max_old_space_size to prevent OOM errors
   NODE_OPTIONS: --max_old_space_size=3584
-  SIMPLECOV: "true"
   GIT_DEPTH: "20"
   GIT_SUBMODULE_STRATEGY: "none"
   GET_SOURCES_ATTEMPTS: "3"
+
   KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
   FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json
   RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
   RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
-  BUILD_ASSETS_IMAGE: "false"
+
   ES_JAVA_OPTS: "-Xms256m -Xmx256m"
   ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
   DOCKER_VERSION: "20.10.1"
@@ -73,6 +73,17 @@ variables:
   CHECK_PRECOMPILED_ASSETS: "true"
   FF_USE_FASTZIP: "true"
 
+  DOCS_REVIEW_APPS_DOMAIN: "178.62.207.141.nip.io"
+  DOCS_GITLAB_REPO_SUFFIX: "ee"
+
+  REVIEW_APPS_DOMAIN: "gitlab-review.app"
+  REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
+  REVIEW_APPS_GCP_REGION: "us-central1"
+
+  BUILD_ASSETS_IMAGE: "true"  # Set it to "false" to disable assets image building, used in `build-assets-image`
+  RSPEC_FAIL_FAST_ENABLED: "true"  # Set it to "false" to disable RSpec fail-fast
+  SIMPLECOV: "true"
+
   # Preparing custom clone path to reduce space used by all random forks
   # on GitLab.com's Shared Runners. Our main forks - especially the security
   # ones - will have this variable overwritten in the project settings, so that

.gitlab/ci/cache-repo.gitlab-ci.yml

@@ -28,9 +28,9 @@ cache-repo:
   before_script:
     - '[ -z "$CI_REPO_CACHE_CREDENTIALS" ] || gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS'
   script:
-    # Enable shallow repo caching only if the $ENABLE_SHALLOW_REPO_CACHING variable exists
+    # Enable shallow repo caching unless the $DISABLE_SHALLOW_REPO_CACHING variable exists (in the case the shallow clone caching isn't working well)
     # The `git repack` call works around a Git bug with shallow clones: https://gitlab.com/gitlab-org/git/-/issues/86
-    - if [ -n "$ENABLE_SHALLOW_REPO_CACHING" ]; then
+    - if [ -z "$DISABLE_SHALLOW_REPO_CACHING" ]; then
         cd .. && rm -rf $CI_PROJECT_NAME;
         today=$(date +%Y-%m-%d);
         year=$(date +%Y);
@@ -47,8 +47,8 @@ cache-repo:
         time gzip /tmp/$SHALLOW_CLONE_TAR_FILENAME;
         [ -z "$CI_REPO_CACHE_CREDENTIALS" ] || (echo "Uploading /tmp/$SHALLOW_CLONE_TAR_FILENAME.gz to GCloud." && time gsutil cp /tmp/$SHALLOW_CLONE_TAR_FILENAME.gz gs://gitlab-ci-git-repo-cache/project-$CI_PROJECT_ID/$SHALLOW_CLONE_TAR_FILENAME.gz);
       fi
-    # By default, we want to cache the full repo, unless the $DISABLE_FULL_REPO_CACHING variable exists (in the case the shallow clone caching is working well)
-    - if [ -z "$DISABLE_FULL_REPO_CACHING" ]; then
+    # Disable the full repo caching unless the $DISABLE_SHALLOW_REPO_CACHING variable exists (in the case the shallow clone caching isn't working well)
+    - if [ -n "$DISABLE_SHALLOW_REPO_CACHING" ]; then
         cd .. && rm -rf $CI_PROJECT_NAME;
         echo "Cloning $CI_REPOSITORY_URL into $CI_PROJECT_NAME.";
         time git clone --progress $CI_REPOSITORY_URL $CI_PROJECT_NAME;

.gitlab/ci/cng.gitlab-ci.yml

@@ -7,4 +7,4 @@ cloud-native-image:
     GIT_DEPTH: "1"
   script:
     - install_gitlab_gem
-    - CNG_PROJECT_PATH="gitlab-org/build/CNG" BUILD_TRIGGER_TOKEN=$CI_JOB_TOKEN ./scripts/trigger-build cng
+    - CNG_PROJECT_PATH="gitlab-org/build/CNG" ./scripts/trigger-build cng

.gitlab/ci/review.gitlab-ci.yml

@@ -34,7 +34,7 @@ review-build-cng:
     - job: compile-production-assets
       artifacts: false
   script:
-    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
+    - ./scripts/trigger-build cng
 
 .review-workflow-base:
   extends:
@@ -42,7 +42,6 @@ review-build-cng:
   image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
   variables:
     HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
-    REVIEW_APPS_DOMAIN: "temp.gitlab-review.app"  # FIXME: using temporary domain
     DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
     GITLAB_HELM_CHART_REF: "v4.6.3"
   environment:

GITALY_SERVER_VERSION

@@ -1 +1 @@
-b9d60f9accc991a8d05f5679cb5645c1e041c1b2
+2be01682b4a0ba12cad12b30bad4dc8876503f22

GITLAB_KAS_VERSION

@@ -1 +1 @@
-13.11.1
+13.12.0

app/assets/javascripts/packages/list/constants.js

@@ -93,3 +93,5 @@ export const LIST_TITLE_TEXT = s__('PackageRegistry|Package Registry');
 export const LIST_INTRO_TEXT = s__(
   'PackageRegistry|Publish and share packages for a variety of common package managers. %{docLinkStart}More information%{docLinkEnd}',
 );
+
+export const TERRAFORM_SEARCH_TYPE = Object.freeze({ value: { data: 'terraform_module' } });

app/assets/javascripts/packages/list/stores/actions.js

@@ -8,6 +8,7 @@ import {
   DEFAULT_PAGE,
   DEFAULT_PAGE_SIZE,
   MISSING_DELETE_PATH_ERROR,
+  TERRAFORM_SEARCH_TYPE,
 } from '../constants';
 import { getNewPaginationPage } from '../utils';
 import * as types from './mutation_types';
@@ -27,8 +28,9 @@ export const requestPackagesList = ({ dispatch, state }, params = {}) => {
 
   const { page = DEFAULT_PAGE, per_page = DEFAULT_PAGE_SIZE } = params;
   const { sort, orderBy } = state.sorting;
-
-  const type = state.filter.find((f) => f.type === 'type');
+  const type = state.config.forceTerraform
+    ? TERRAFORM_SEARCH_TYPE
+    : state.filter.find((f) => f.type === 'type');
   const name = state.filter.find((f) => f.type === 'filtered-search-term');
   const packageFilters = { package_type: type?.value?.data, package_name: name?.value?.data };
 

app/assets/javascripts/packages/list/stores/mutations.js

@@ -4,9 +4,8 @@ import * as types from './mutation_types';
 
 export default {
   [types.SET_INITIAL_STATE](state, config) {
-    const { comingSoonJson, ...rest } = config;
     state.config = {
-      ...rest,
+      ...config,
       isGroupPage: config.pageType === GROUP_PAGE_TYPE,
     };
   },

app/assets/javascripts/packages_and_registries/infrastructure_registry/list_app_bundle.js

@@ -9,7 +9,7 @@ Vue.use(Translate);
 export default () => {
   const el = document.getElementById('js-vue-packages-list');
   const store = createStore();
-  store.dispatch('setInitialState', el.dataset);
+  store.dispatch('setInitialState', { ...el.dataset, forceTerraform: true });
 
   return new Vue({
     el,

app/finders/issuable_finder.rb

@@ -334,8 +334,7 @@ class IssuableFinder
     return items if items.is_a?(ActiveRecord::NullRelation)
 
     if use_cte_for_search?
-      cte = Gitlab::SQL::RecursiveCTE.new(klass.table_name)
-      cte << items
+      cte = Gitlab::SQL::CTE.new(klass.table_name, items)
 
       items = klass.with(cte.to_arel).from(klass.table_name)
     end

app/graphql/types/permission_types/project.rb

@@ -27,3 +27,5 @@ module Types
     end
   end
 end
+
+::Types::PermissionTypes::Project.prepend_mod_with('Types::PermissionTypes::Project')

changelogs/unreleased/331089-issue-search-materialized-cte.yml

@@ -0,0 +1,5 @@
+---
+title: Fix issuable search optimization in PG12
+merge_request: 61880
+author:
+type: fixed

config/puma.example.development.rb

@@ -80,14 +80,10 @@ tag 'gitlab-puma-worker'
 worker_timeout 60
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#lower-latency-better-throughput
-if defined?(wait_for_less_busy_worker)
-  wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
-end
+wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#nakayoshi_fork
-if defined?(nakayoshi_fork)
-  nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
-end
+nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
 
 # Use json formatter
 require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"

config/puma.rb.example

@@ -70,14 +70,10 @@ tag 'gitlab-puma-worker'
 worker_timeout 60
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#lower-latency-better-throughput
-if defined?(wait_for_less_busy_worker)
-  wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
-end
+wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#nakayoshi_fork
-if defined?(nakayoshi_fork)
-  nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
-end
+nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
 
 # Use json formatter
 require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"

config/puma_actioncable.example.development.rb

@@ -80,14 +80,10 @@ tag 'gitlab-actioncable-puma-worker'
 worker_timeout 60
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#lower-latency-better-throughput
-if defined?(wait_for_less_busy_worker)
-  wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
-end
+wait_for_less_busy_worker ENV.fetch('PUMA_WAIT_FOR_LESS_BUSY_WORKER', 0.001).to_f
 
 # https://github.com/puma/puma/blob/master/5.0-Upgrade.md#nakayoshi_fork
-if defined?(nakayoshi_fork)
-  nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
-end
+nakayoshi_fork unless ENV['DISABLE_PUMA_NAKAYOSHI_FORK'] == 'true'
 
 # Use json formatter
 require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"

doc/api/graphql/reference/index.md

@@ -85,7 +85,7 @@ Returns [`DesignManagement!`](#designmanagement).
 
 ### `Query.devopsAdoptionSegments`
 
-Get configured DevOps adoption segments on the instance.
+Get configured DevOps adoption segments on the instance. **BETA** This endpoint is subject to change without notice.
 
 Returns [`DevopsAdoptionSegmentConnection`](#devopsadoptionsegmentconnection).
 
@@ -742,6 +742,8 @@ Input type: `BoardListUpdateLimitMetricsInput`
 
 ### `Mutation.bulkFindOrCreateDevopsAdoptionSegments`
 
+**BETA** This endpoint is subject to change without notice.
+
 Input type: `BulkFindOrCreateDevopsAdoptionSegmentsInput`
 
 #### Arguments
@@ -1074,6 +1076,8 @@ Input type: `CreateCustomEmojiInput`
 
 ### `Mutation.createDevopsAdoptionSegment`
 
+**BETA** This endpoint is subject to change without notice.
+
 Input type: `CreateDevopsAdoptionSegmentInput`
 
 #### Arguments
@@ -1655,6 +1659,8 @@ Input type: `DeleteAnnotationInput`
 
 ### `Mutation.deleteDevopsAdoptionSegment`
 
+**BETA** This endpoint is subject to change without notice.
+
 Input type: `DeleteDevopsAdoptionSegmentInput`
 
 #### Arguments
@@ -5800,6 +5806,29 @@ The edge type for [`PackageTag`](#packagetag).
 | <a id="packagetagedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
 | <a id="packagetagedgenode"></a>`node` | [`PackageTag`](#packagetag) | The item at the end of the edge. |
 
+#### `PathLockConnection`
+
+The connection type for [`PathLock`](#pathlock).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pathlockconnectionedges"></a>`edges` | [`[PathLockEdge]`](#pathlockedge) | A list of edges. |
+| <a id="pathlockconnectionnodes"></a>`nodes` | [`[PathLock]`](#pathlock) | A list of nodes. |
+| <a id="pathlockconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `PathLockEdge`
+
+The edge type for [`PathLock`](#pathlock).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pathlockedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| <a id="pathlockedgenode"></a>`node` | [`PathLock`](#pathlock) | The item at the end of the edge. |
+
 #### `PipelineArtifactRegistryConnection`
 
 The connection type for [`PipelineArtifactRegistry`](#pipelineartifactregistry).
@@ -10626,6 +10655,18 @@ Information about pagination in a connection.
 | <a id="pageinfohaspreviouspage"></a>`hasPreviousPage` | [`Boolean!`](#boolean) | When paginating backwards, are there more items?. |
 | <a id="pageinfostartcursor"></a>`startCursor` | [`String`](#string) | When paginating backwards, the cursor to continue. |
 
+### `PathLock`
+
+Represents a file or directory in the project repository that has been locked.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pathlockid"></a>`id` | [`PathLockID!`](#pathlockid) | ID of the path lock. |
+| <a id="pathlockpath"></a>`path` | [`String`](#string) | The locked path. |
+| <a id="pathlockuser"></a>`user` | [`UserCore`](#usercore) | The user that has locked this path. |
+
 ### `Pipeline`
 
 #### Fields
@@ -10841,6 +10882,7 @@ Represents vulnerability finding of a security report on the pipeline.
 | <a id="projectonlyallowmergeifpipelinesucceeds"></a>`onlyAllowMergeIfPipelineSucceeds` | [`Boolean`](#boolean) | Indicates if merge requests of the project can only be merged with successful jobs. |
 | <a id="projectopenissuescount"></a>`openIssuesCount` | [`Int`](#int) | Number of open issues for the project. |
 | <a id="projectpath"></a>`path` | [`String!`](#string) | Path of the project. |
+| <a id="projectpathlocks"></a>`pathLocks` | [`PathLockConnection`](#pathlockconnection) | The project's path locks. (see [Connections](#connections)) |
 | <a id="projectpipelineanalytics"></a>`pipelineAnalytics` | [`PipelineAnalytics`](#pipelineanalytics) | Pipeline analytics. |
 | <a id="projectprintingmergerequestlinkenabled"></a>`printingMergeRequestLinkEnabled` | [`Boolean`](#boolean) | Indicates if a link to create or view a merge request should display after a push to Git repositories of the project from the command line. |
 | <a id="projectpublicjobs"></a>`publicJobs` | [`Boolean`](#boolean) | Indicates if there is public access to pipelines and job details of the project, including output logs and artifacts. |
@@ -11655,6 +11697,7 @@ Represents a Project Membership.
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="projectpermissionsadminoperations"></a>`adminOperations` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_operations` on this resource. |
+| <a id="projectpermissionsadminpathlocks"></a>`adminPathLocks` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_path_locks` on this resource. |
 | <a id="projectpermissionsadminproject"></a>`adminProject` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_project` on this resource. |
 | <a id="projectpermissionsadminremotemirror"></a>`adminRemoteMirror` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_remote_mirror` on this resource. |
 | <a id="projectpermissionsadminwiki"></a>`adminWiki` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_wiki` on this resource. |
@@ -15056,6 +15099,12 @@ A `PackagesPackageID` is a global ID. It is encoded as a string.
 
 An example `PackagesPackageID` is: `"gid://gitlab/Packages::Package/1"`.
 
+### `PathLockID`
+
+A `PathLockID` is a global ID. It is encoded as a string.
+
+An example `PathLockID` is: `"gid://gitlab/PathLock/1"`.
+
 ### `PayloadAlertFieldPathSegment`
 
 String or integer.

locale/gitlab.pot

@@ -5099,10 +5099,7 @@ msgstr ""
 msgid "BillingPlan|Upgrade for free"
 msgstr ""
 
-msgid "Billings|To use free pipeline minutes on shared runners, you’ll need to validate your account with a credit card. If you prefer not to provide a credit card, you can run pipelines by bringing your own runners and disabling shared runners for your project. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge or store your credit card, it will only be used for validation.%{strongEnd}"
-msgstr ""
-
-msgid "Billings|To use free pipeline minutes on shared runners, you’ll need to validate your account with a credit card. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge or store your credit card, it will only be used for validation.%{strongEnd}"
+msgid "Billings|To use free pipeline minutes, you'll need to validate your account with a credit card. This is required to discourage and reduce abuse on GitLab infrastructure. %{strongStart}GitLab will not charge or store your credit card, it will only be used for validation.%{strongEnd}"
 msgstr ""
 
 msgid "Billings|User successfully validated"

scripts/review_apps/review-apps.sh

@@ -261,15 +261,14 @@ function create_application_secret() {
     echoinfo "The 'shared-gitlab-initial-root-password' secret already exists in the ${namespace} namespace."
   fi
 
-  if [ -z "${REVIEW_APPS_EE_LICENSE}" ]; then echo "License not found" && return; fi
+  if [ -z "${REVIEW_APPS_EE_LICENSE_FILE}" ]; then echo "License not found" && return; fi
 
   gitlab_license_shared_secret=$(kubectl get secret --namespace ${namespace} --no-headers -o=custom-columns=NAME:.metadata.name shared-gitlab-license | tail -n 1)
   if [[ "${gitlab_license_shared_secret}" == "" ]]; then
     echoinfo "Creating the 'shared-gitlab-license' secret in the ${namespace} namespace..." true
-    echo "${REVIEW_APPS_EE_LICENSE}" > /tmp/license.gitlab
     kubectl create secret generic --namespace "${namespace}" \
       "shared-gitlab-license" \
-      --from-file=license=/tmp/license.gitlab \
+      --from-file=license="${REVIEW_APPS_EE_LICENSE_FILE}" \
       --dry-run -o json | kubectl apply -f -
   else
     echoinfo "The 'shared-gitlab-license' secret already exists in the ${namespace} namespace."
@@ -359,7 +358,7 @@ HELM_CMD=$(cat << EOF
 EOF
 )
 
-if [ -n "${REVIEW_APPS_EE_LICENSE}" ]; then
+if [ -n "${REVIEW_APPS_EE_LICENSE_FILE}" ]; then
 HELM_CMD=$(cat << EOF
   ${HELM_CMD} \
   --set global.gitlab.license.secret="shared-gitlab-license"

scripts/trigger-build

@@ -172,7 +172,7 @@ module Trigger
     end
 
     def trigger_token
-      ENV['BUILD_TRIGGER_TOKEN']
+      ENV['CI_JOB_TOKEN']
     end
 
     def extra_variables

spec/finders/issues_finder_spec.rb

@@ -1178,6 +1178,7 @@ RSpec.describe IssuesFinder do
 
         it 'returns true' do
           expect(finder.use_cte_for_search?).to be_truthy
+          expect(finder.execute.to_sql).to match(/^WITH "issues" AS #{Gitlab::Database::AsWithMaterialized.materialized_if_supported}/)
         end
       end
 
@@ -1186,6 +1187,7 @@ RSpec.describe IssuesFinder do
 
         it 'returns true' do
           expect(finder.use_cte_for_search?).to be_truthy
+          expect(finder.execute.to_sql).to match(/^WITH "issues" AS #{Gitlab::Database::AsWithMaterialized.materialized_if_supported}/)
         end
       end
     end

spec/frontend/packages/list/stores/actions_spec.js

@@ -121,6 +121,32 @@ describe('Actions Package list store', () => {
         },
       );
     });
+
+    it('should force the terraform_module type when forceTerraform is true', (done) => {
+      testAction(
+        actions.requestPackagesList,
+        undefined,
+        { config: { isGroupPage: false, resourceId: 1, forceTerraform: true }, sorting, filter },
+        [],
+        [
+          { type: 'setLoading', payload: true },
+          { type: 'receivePackagesListSuccess', payload: { data: 'foo', headers } },
+          { type: 'setLoading', payload: false },
+        ],
+        () => {
+          expect(Api.projectPackages).toHaveBeenCalledWith(1, {
+            params: {
+              page: 1,
+              per_page: 20,
+              sort: sorting.sort,
+              order_by: sorting.orderBy,
+              package_type: 'terraform_module',
+            },
+          });
+          done();
+        },
+      );
+    });
   });
 
   describe('receivePackagesListSuccess', () => {

vendor/gems/mail-smtp_pool/.gitlab-ci.yml

@@ -12,6 +12,7 @@ workflow:
     - ruby -v                                   # Print out ruby version for debugging
     - gem install bundler --no-document         # Bundler is not installed with the image
     - bundle config set --local path 'vendor'   # Install dependencies into ./vendor/ruby
+    - bundle config set with 'development'
     - bundle install -j $(nproc)
   script:
     - bundle exec rspec