Add latest changes from gitlab-org/gitlab@master

2022-09-19 09:13:01 +00:00 · 2022-09-19 09:13:01 +00:00 · bffc536bf8
parent f6b8b8fcdc
commit bffc536bf8
41 changed files with 367 additions and 129 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -577,7 +577,7 @@ GEM
      redis (> 3.0.0, < 5.0.0)
    gitlab-license (2.2.1)
    gitlab-mail_room (0.0.9)
-    gitlab-markup (1.8.0)
+    gitlab-markup (1.8.1)
    gitlab-net-dns (0.9.1)
    gitlab-omniauth-openid-connect (0.10.0)
      addressable (~> 2.7)
--- a/app/assets/javascripts/analytics/shared/components/daterange.vue
+++ b/app/assets/javascripts/analytics/shared/components/daterange.vue
@ -1,13 +1,10 @@
 <script>
-import { GlDaterangePicker, GlSprintf } from '@gitlab/ui';
-import { getDayDifference } from '~/lib/utils/datetime_utility';
-import { __, sprintf } from '~/locale';
-import { OFFSET_DATE_BY_ONE } from '../constants';
+import { GlDaterangePicker } from '@gitlab/ui';
+import { n__, __, sprintf } from '~/locale';

 export default {
  components: {
    GlDaterangePicker,
-    GlSprintf,
  },
  props: {
    show: {
@ -69,9 +66,10 @@ export default {
        this.$emit('change', { startDate, endDate });
      },
    },
-    numberOfDays() {
-      const dayDifference = getDayDifference(this.startDate, this.endDate);
-      return this.includeSelectedDate ? dayDifference + OFFSET_DATE_BY_ONE : dayDifference;
+  },
+  methods: {
+    numberOfDays(daysSelected) {
+      return n__('1 day selected', '%d days selected', daysSelected);
    },
  },
 };
@ -96,9 +94,9 @@ export default {
      end-picker-class="js-daterange-picker-to gl-display-flex gl-flex-direction-column gl-lg-flex-direction-row gl-lg-align-items-center gl-mb-2 gl-lg-mb-0"
      label-class="gl-mb-2 gl-lg-mb-0"
    >
-      <gl-sprintf :message="n__('1 day selected', '%d days selected', numberOfDays)">
-        <template #numberOfDays>{{ numberOfDays }}</template>
-      </gl-sprintf>
+      <template #default="{ daysSelected }">
+        {{ numberOfDays(daysSelected) }}
+      </template>
    </gl-daterange-picker>
  </div>
 </template>
--- a/app/assets/javascripts/analytics/shared/constants.js
+++ b/app/assets/javascripts/analytics/shared/constants.js
@ -2,7 +2,6 @@ import { masks } from '~/lib/dateformat';
 import { s__ } from '~/locale';

 export const DATE_RANGE_LIMIT = 180;
-export const OFFSET_DATE_BY_ONE = 1;
 export const PROJECTS_PER_PAGE = 50;

 const { isoDate, mediumDate } = masks;
--- a/app/assets/javascripts/cycle_analytics/components/value_stream_filters.vue
+++ b/app/assets/javascripts/cycle_analytics/components/value_stream_filters.vue
@ -57,6 +57,10 @@ export default {
        includeSubgroups: true,
      };
    },
+    currentDate() {
+      const now = new Date();
+      return new Date(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate());
+    },
  },
  multiProjectSelect: true,
  maxDateRange: DATE_RANGE_LIMIT,
@ -93,6 +97,7 @@ export default {
          v-if="hasDateRangeFilter"
          :start-date="startDate"
          :end-date="endDate"
+          :max-date="currentDate"
          :max-date-range="$options.maxDateRange"
          :include-selected-date="true"
          class="js-daterange-picker"
--- a/app/controllers/admin/hooks_controller.rb
+++ b/app/controllers/admin/hooks_controller.rb
@ -27,7 +27,7 @@ class Admin::HooksController < Admin::ApplicationController
  end

  def hook_logs
-    @hook_logs ||= hook.web_hook_logs.recent.page(params[:page])
+    @hook_logs ||= hook.web_hook_logs.recent.page(params[:page]).without_count
  end

  def hook_param_names
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@ -35,7 +35,7 @@ class Projects::HooksController < Projects::ApplicationController
  end

  def hook_logs
-    @hook_logs ||= hook.web_hook_logs.recent.page(params[:page])
+    @hook_logs ||= hook.web_hook_logs.recent.page(params[:page]).without_count
  end

  def trigger_values
--- a/app/controllers/projects/settings/integrations_controller.rb
+++ b/app/controllers/projects/settings/integrations_controller.rb
@ -124,7 +124,7 @@ module Projects
      def web_hook_logs
        return unless integration.try(:service_hook).present?

-        @web_hook_logs ||= integration.service_hook.web_hook_logs.recent.page(params[:page])
+        @web_hook_logs ||= integration.service_hook.web_hook_logs.recent.page(params[:page]).without_count
      end

      def ensure_integration_enabled
--- a/app/graphql/types/merge_request_type.rb
+++ b/app/graphql/types/merge_request_type.rb
@ -94,9 +94,10 @@ module Types
          method: :public_merge_status, null: true,
          description: 'Merge status of the merge request.'

-    field :detailed_merge_status, ::Types::MergeRequests::DetailedMergeStatusEnum, method: :detailed_merge_status, null: true,
+    field :detailed_merge_status, ::Types::MergeRequests::DetailedMergeStatusEnum, null: true,
                                                                                   calls_gitaly: true,
-                                                                                   description: 'Detailed merge status of the merge request.', alpha: { milestone: '15.3' }
+                                                                                   description: 'Detailed merge status of the merge request.',
+                                                                                   alpha: { milestone: '15.3' }

    field :mergeable_discussions_state, GraphQL::Types::Boolean, null: true,
                                                                 calls_gitaly: true,
@ -280,6 +281,10 @@ module Types
    def merge_user
      object.metrics&.merged_by || object.merge_user
    end
+
+    def detailed_merge_status
+      ::MergeRequests::Mergeability::DetailedMergeStatusService.new(merge_request: object).execute
+    end
  end
 end

--- a/app/graphql/types/merge_requests/detailed_merge_status_enum.rb
+++ b/app/graphql/types/merge_requests/detailed_merge_status_enum.rb
@ -21,6 +21,9 @@ module Types
      value 'CI_MUST_PASS',
            value: :ci_must_pass,
            description: 'Pipeline must succeed before merging.'
+      value 'CI_STILL_RUNNING',
+            value: :ci_still_running,
+            description: 'Pipeline is still running.'
      value 'DISCUSSIONS_NOT_RESOLVED',
            value: :discussions_not_resolved,
            description: 'Discussions must be resolved before merging.'
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@ -87,7 +87,7 @@ module LabelsHelper
      '#013220' => s_('SuggestedColors|Dark green'),
      '#6699cc' => s_('SuggestedColors|Blue-gray'),
      '#0000ff' => s_('SuggestedColors|Blue'),
-      '#e6e6fa' => s_('SuggestedColors|Lavendar'),
+      '#e6e6fa' => s_('SuggestedColors|Lavender'),
      '#9400d3' => s_('SuggestedColors|Dark violet'),
      '#330066' => s_('SuggestedColors|Deep violet'),
      '#808080' => s_('SuggestedColors|Gray'),
--- a/app/models/hooks/web_hook_log.rb
+++ b/app/models/hooks/web_hook_log.rb
@ -25,7 +25,7 @@ class WebHookLog < ApplicationRecord
  before_save :redact_author_email

  def self.recent
-    where('created_at >= ?', 2.days.ago.beginning_of_day)
+    where(created_at: 2.days.ago.beginning_of_day..Time.zone.now)
      .order(created_at: :desc)
  end

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@ -1180,22 +1180,6 @@ class MergeRequest < ApplicationRecord
    ]
  end

-  def detailed_merge_status
-    if cannot_be_merged_rechecking? || preparing? || checking?
-      return :checking
-    elsif unchecked?
-      return :unchecked
-    end
-
-    checks = execute_merge_checks
-
-    if checks.success?
-      :mergeable
-    else
-      checks.failure_reason
-    end
-  end
-
  def mergeable_state?(skip_ci_check: false, skip_discussions_check: false)
    additional_checks = execute_merge_checks(params: {
                                               skip_ci_check: skip_ci_check,
@ -1999,6 +1983,12 @@ class MergeRequest < ApplicationRecord
    false # Overridden in EE
  end

+  def execute_merge_checks(params: {})
+    # rubocop: disable CodeReuse/ServiceClass
+    MergeRequests::Mergeability::RunChecksService.new(merge_request: self, params: params).execute
+    # rubocop: enable CodeReuse/ServiceClass
+  end
+
  private

  attr_accessor :skip_fetch_ref
@ -2052,12 +2042,6 @@ class MergeRequest < ApplicationRecord
  def report_type_enabled?(report_type)
    !!actual_head_pipeline&.batch_lookup_report_artifact_for_file_type(report_type)
  end
-
-  def execute_merge_checks(params: {})
-    # rubocop: disable CodeReuse/ServiceClass
-    MergeRequests::Mergeability::RunChecksService.new(merge_request: self, params: params).execute
-    # rubocop: enable CodeReuse/ServiceClass
-  end
 end

 MergeRequest.prepend_mod_with('MergeRequest')
--- a/app/services/merge_requests/mergeability/detailed_merge_status_service.rb
+++ b/app/services/merge_requests/mergeability/detailed_merge_status_service.rb
@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module MergeRequests
+  module Mergeability
+    class DetailedMergeStatusService
+      include ::Gitlab::Utils::StrongMemoize
+
+      def initialize(merge_request:)
+        @merge_request = merge_request
+      end
+
+      def execute
+        return :checking if checking?
+        return :unchecked if unchecked?
+
+        if check_results.success?
+
+          # If everything else is mergeable, but CI is not, the frontend expects two potential states to be returned
+          # See discussion: gitlab.com/gitlab-org/gitlab/-/merge_requests/96778#note_1093063523
+          if check_ci_results.success?
+            :mergeable
+          else
+            ci_check_failure_reason
+          end
+        else
+          check_results.failure_reason
+        end
+      end
+
+      private
+
+      attr_reader :merge_request, :checks, :ci_check
+
+      def checking?
+        merge_request.cannot_be_merged_rechecking? || merge_request.preparing? || merge_request.checking?
+      end
+
+      def unchecked?
+        merge_request.unchecked?
+      end
+
+      def check_results
+        strong_memoize(:check_results) do
+          merge_request.execute_merge_checks(params: { skip_ci_check: true })
+        end
+      end
+
+      def check_ci_results
+        strong_memoize(:check_ci_results) do
+          ::MergeRequests::Mergeability::CheckCiStatusService.new(merge_request: merge_request, params: {}).execute
+        end
+      end
+
+      def ci_check_failure_reason
+        if merge_request.actual_head_pipeline&.running?
+          :ci_still_running
+        else
+          check_ci_results.payload.fetch(:reason)
+        end
+      end
+    end
+  end
+end
--- a/app/views/shared/hook_logs/_recent_deliveries_table.html.haml
+++ b/app/views/shared/hook_logs/_recent_deliveries_table.html.haml
@ -23,7 +23,7 @@


 - if hook_logs.present?
-  = paginate hook_logs, theme: 'gitlab'
+  = paginate_without_count hook_logs
 - else
  .gl-text-center.gl-mt-7
    %h4= _('No webhook events')
--- a/config/feature_flags/development/rate_limit_namespace_exists_api.yml
+++ b/config/feature_flags/development/rate_limit_namespace_exists_api.yml
@ -1,8 +0,0 @@
---
-name: rate_limit_namespace_exists_api
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96133
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/371723
-milestone: '15.4'
-type: development
-group: group::workspace
-default_enabled: false
--- a/db/migrate/20220913082930_rename_iterations_cadences_last_run_date_to_next_run_date.rb
+++ b/db/migrate/20220913082930_rename_iterations_cadences_last_run_date_to_next_run_date.rb
@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class RenameIterationsCadencesLastRunDateToNextRunDate < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  def up
+    rename_column_concurrently :iterations_cadences, :last_run_date, :next_run_date
+  end
+
+  def down
+    undo_rename_column_concurrently :iterations_cadences, :last_run_date, :next_run_date
+  end
+end
--- a/db/post_migrate/20220824114218_add_tmp_index_approval_merge_request_rules.rb
+++ b/db/post_migrate/20220824114218_add_tmp_index_approval_merge_request_rules.rb
@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AddTmpIndexApprovalMergeRequestRules < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  TMP_INDEX_NAME = 'tmp_index_approval_merge_request_rules_on_report_type_equal_one'
+
+  def up
+    # to be removed as part of https://gitlab.com/gitlab-org/gitlab/-/issues/372224
+    add_concurrent_index :approval_merge_request_rules,
+      [:id, :report_type],
+      name: TMP_INDEX_NAME,
+      where: "report_type = 1"
+  end
+
+  def down
+    remove_concurrent_index_by_name :approval_merge_request_rules, TMP_INDEX_NAME
+  end
+end
--- a/db/post_migrate/20220831132802_delete_approval_rules_for_vulnerability.rb
+++ b/db/post_migrate/20220831132802_delete_approval_rules_for_vulnerability.rb
@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class DeleteApprovalRulesForVulnerability < Gitlab::Database::Migration[2.0]
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+  disable_ddl_transaction!
+
+  BATCH_SIZE = 500
+  MAX_BATCH_SIZE = 1_000
+  SUB_BATCH_SIZE = 10
+  MIGRATION = 'DeleteApprovalRulesWithVulnerability'
+  INTERVAL = 2.minutes
+
+  def up
+    return unless Gitlab.ee?
+
+    queue_batched_background_migration(
+      MIGRATION,
+      :approval_project_rules,
+      :id,
+      job_interval: INTERVAL,
+      batch_size: BATCH_SIZE,
+      max_batch_size: MAX_BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+
+    queue_batched_background_migration(
+      MIGRATION,
+      :approval_merge_request_rules,
+      :id,
+      job_interval: INTERVAL,
+      batch_size: BATCH_SIZE,
+      max_batch_size: MAX_BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+  end
+
+  def down
+    # the data deleted is related to a feature removed in 15.0: https://gitlab.com/gitlab-org/gitlab/-/issues/357300
+    delete_batched_background_migration(MIGRATION, :approval_project_rules, :id, [])
+    delete_batched_background_migration(MIGRATION, :approval_merge_request_rules, :id, [])
+  end
+end
--- a/db/post_migrate/20220913082728_drop_index_cadence_create_iterations_automation.rb
+++ b/db/post_migrate/20220913082728_drop_index_cadence_create_iterations_automation.rb
@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class DropIndexCadenceCreateIterationsAutomation < Gitlab::Database::Migration[2.0]
+  INDEX_NAME = 'cadence_create_iterations_automation'
+
+  disable_ddl_transaction!
+
+  def up
+    remove_concurrent_index_by_name :iterations_cadences, INDEX_NAME
+  end
+
+  def down
+    execute(
+      <<-SQL
+        CREATE INDEX CONCURRENTLY #{INDEX_NAME} ON iterations_cadences
+        USING BTREE(automatic, duration_in_weeks, (DATE ((COALESCE("iterations_cadences"."last_run_date", DATE('01-01-1970')) + "iterations_cadences"."duration_in_weeks" * INTERVAL '1 week')))) 
+        WHERE duration_in_weeks IS NOT NULL
+      SQL
+    )
+  end
+end
--- a/db/post_migrate/20220913083015_clean_up_rename_iterations_cadences_last_run_date_to_next_run_date.rb
+++ b/db/post_migrate/20220913083015_clean_up_rename_iterations_cadences_last_run_date_to_next_run_date.rb
@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CleanUpRenameIterationsCadencesLastRunDateToNextRunDate < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  def up
+    cleanup_concurrent_column_rename :iterations_cadences, :last_run_date, :next_run_date
+  end
+
+  def down
+    undo_cleanup_concurrent_column_rename :iterations_cadences, :last_run_date, :next_run_date
+  end
+end
--- a/db/schema_migrations/20220824114218
+++ b/db/schema_migrations/20220824114218
@ -0,0 +1 @@
+7674883ca0ee06d9e70841ca8e01a8e4e74eb5958797032a134afa6790699c86
--- a/db/schema_migrations/20220831132802
+++ b/db/schema_migrations/20220831132802
@ -0,0 +1 @@
+ce0fdbed5966929816028cdd27f597ebb722ff0058d4e78b700a96952dd1274f
--- a/db/schema_migrations/20220913082728
+++ b/db/schema_migrations/20220913082728
@ -0,0 +1 @@
+0143a083e7083e9324a0e27a3a42083b56939cf841eb3d9c26d26b4b774d55d0
--- a/db/schema_migrations/20220913082930
+++ b/db/schema_migrations/20220913082930
@ -0,0 +1 @@
+3ae91ffae238c36a8e5ea021acfca8faa1c817d87078a5df9cf8213f259548a7
--- a/db/schema_migrations/20220913083015
+++ b/db/schema_migrations/20220913083015
@ -0,0 +1 @@
+19012eef52669209fa487d8a72d3e4363a6588250d9cb068ce7ffed72f95ac11
--- a/db/structure.sql
+++ b/db/structure.sql
@ -16823,7 +16823,6 @@ CREATE TABLE iterations_cadences (
    created_at timestamp with time zone NOT NULL,
    updated_at timestamp with time zone NOT NULL,
    start_date date,
-    last_run_date date,
    duration_in_weeks integer,
    iterations_in_advance integer,
    active boolean DEFAULT true NOT NULL,
@ -16831,6 +16830,7 @@ CREATE TABLE iterations_cadences (
    title text NOT NULL,
    roll_over boolean DEFAULT false NOT NULL,
    description text,
+    next_run_date date,
    CONSTRAINT check_5c5d2b44bd CHECK ((char_length(description) <= 5000)),
    CONSTRAINT check_fedff82d3b CHECK ((char_length(title) <= 255))
 );
@ -27516,8 +27516,6 @@ CREATE INDEX ca_aggregations_last_full_run_at ON analytics_cycle_analytics_aggre

 CREATE INDEX ca_aggregations_last_incremental_run_at ON analytics_cycle_analytics_aggregations USING btree (last_incremental_run_at NULLS FIRST) WHERE (enabled IS TRUE);

-CREATE INDEX cadence_create_iterations_automation ON iterations_cadences USING btree (automatic, duration_in_weeks, date((COALESCE(last_run_date, '1970-01-01'::date) + ((duration_in_weeks)::double precision * '7 days'::interval)))) WHERE (duration_in_weeks IS NOT NULL);
-
 CREATE INDEX ci_builds_gitlab_monitor_metrics ON ci_builds USING btree (status, created_at, project_id) WHERE ((type)::text = 'Ci::Build'::text);

 CREATE INDEX ci_pipeline_artifacts_on_expire_at_for_removal ON ci_pipeline_artifacts USING btree (expire_at) WHERE ((locked = 0) AND (expire_at IS NOT NULL));
@ -30866,6 +30864,8 @@ CREATE UNIQUE INDEX taggings_idx ON taggings USING btree (tag_id, taggable_id, t

 CREATE UNIQUE INDEX term_agreements_unique_index ON term_agreements USING btree (user_id, term_id);

+CREATE INDEX tmp_index_approval_merge_request_rules_on_report_type_equal_one ON approval_merge_request_rules USING btree (id, report_type) WHERE (report_type = 1);
+
 CREATE INDEX tmp_index_ci_job_artifacts_on_expire_at_where_locked_unknown ON ci_job_artifacts USING btree (expire_at, job_id) WHERE ((locked = 2) AND (expire_at IS NOT NULL));

 CREATE INDEX tmp_index_ci_job_artifacts_on_id_expire_at_file_type_trace ON ci_job_artifacts USING btree (id) WHERE (((date_part('day'::text, timezone('UTC'::text, expire_at)) = ANY (ARRAY[(21)::double precision, (22)::double precision, (23)::double precision])) AND (date_part('minute'::text, timezone('UTC'::text, expire_at)) = ANY (ARRAY[(0)::double precision, (30)::double precision, (45)::double precision])) AND (date_part('second'::text, timezone('UTC'::text, expire_at)) = (0)::double precision)) OR (file_type = 3));
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@ -158,13 +158,19 @@ Set the limit to `0` to disable it.

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80631) in GitLab 14.9.

-This setting limits global search requests.
+This setting limits global search requests as follows:

 | Limit                   | Default (requests per minute) |
 |-------------------------|-------------------------------|
 | Authenticated user      | 30 |
 | Unauthenticated user    | 10 |

+Depending on the number of enabled [scopes](../user/search/advanced_search.md#global-search-scopes), a global search request can consume two to seven requests per minute. You may want to disable one or more scopes to use fewer requests. Global search requests that exceed the search rate limit per minute return the following error:
+
+```plaintext
+This endpoint has been requested too many times. Try again later.
+```
+
 ### Pipeline creation rate limit

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/362475) in GitLab 15.0.
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@ -13200,8 +13200,10 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).

 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="groupvulnerabilityseveritiescountclusteragentid"></a>`clusterAgentId` | [`[ClustersAgentID!]`](#clustersagentid) | Filter vulnerabilities by `cluster_agent_id`. Vulnerabilities with a `reportType` of `cluster_image_scanning` are only included with this filter. |
 | <a id="groupvulnerabilityseveritiescounthasissues"></a>`hasIssues` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have issues. |
 | <a id="groupvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
+| <a id="groupvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="groupvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="groupvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="groupvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
@ -13461,8 +13463,10 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).

 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="instancesecuritydashboardvulnerabilityseveritiescountclusteragentid"></a>`clusterAgentId` | [`[ClustersAgentID!]`](#clustersagentid) | Filter vulnerabilities by `cluster_agent_id`. Vulnerabilities with a `reportType` of `cluster_image_scanning` are only included with this filter. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescounthasissues"></a>`hasIssues` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have issues. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
+| <a id="instancesecuritydashboardvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
@ -16981,8 +16985,10 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).

 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="projectvulnerabilityseveritiescountclusteragentid"></a>`clusterAgentId` | [`[ClustersAgentID!]`](#clustersagentid) | Filter vulnerabilities by `cluster_agent_id`. Vulnerabilities with a `reportType` of `cluster_image_scanning` are only included with this filter. |
 | <a id="projectvulnerabilityseveritiescounthasissues"></a>`hasIssues` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have issues. |
 | <a id="projectvulnerabilityseveritiescounthasresolution"></a>`hasResolution` | [`Boolean`](#boolean) | Filter vulnerabilities that do or do not have a resolution. |
+| <a id="projectvulnerabilityseveritiescountimage"></a>`image` | [`[String!]`](#string) | Filter vulnerabilities by location image. When this filter is present, the response only matches entries for a `reportType` that includes `container_scanning`, `cluster_image_scanning`. |
 | <a id="projectvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="projectvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="projectvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
@ -20095,6 +20101,7 @@ Detailed representation of whether a GitLab merge request can be merged.
 | <a id="detailedmergestatusbroken_status"></a>`BROKEN_STATUS` | Can not merge the source into the target branch, potential conflict. |
 | <a id="detailedmergestatuschecking"></a>`CHECKING` | Currently checking for mergeability. |
 | <a id="detailedmergestatusci_must_pass"></a>`CI_MUST_PASS` | Pipeline must succeed before merging. |
+| <a id="detailedmergestatusci_still_running"></a>`CI_STILL_RUNNING` | Pipeline is still running. |
 | <a id="detailedmergestatusdiscussions_not_resolved"></a>`DISCUSSIONS_NOT_RESOLVED` | Discussions must be resolved before merging. |
 | <a id="detailedmergestatusdraft_status"></a>`DRAFT_STATUS` | Merge request must not be draft before merging. |
 | <a id="detailedmergestatusmergeable"></a>`MERGEABLE` | Branch can be merged. |
--- a/doc/user/project/releases/release_cli.md
+++ b/doc/user/project/releases/release_cli.md
@ -46,7 +46,7 @@ Once installed, [the `release` keyword](../../../ci/yaml/index.md#release) is av
   Or from the GitLab Package Registry:

   ```shell
-   curl --location --output /usr/local/bin/release-cli "https://gitlab.com/api/v4/projects/gitlab-org%2Frelease-cli/packages/generic/release-cli/latest/release-cli-darwin-amd64"
+   curl --location --output /usr/local/bin/release-cli "https://gitlab.com/api/v4/projects/gitlab-org%2Frelease-cli/packages/generic/release-cli/latest/release-cli-linux-amd64"
   ```

 1. Give it permissions to execute:
--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@ -66,7 +66,7 @@ module API
        optional :parent_id, type: Integer, desc: "The ID of the parent namespace. If no ID is specified, only top-level namespaces are considered."
      end
      get ':namespace/exists', requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS, feature_category: :subgroups, urgency: :low do
-        check_rate_limit!(:namespace_exists, scope: current_user) if Feature.enabled?(:rate_limit_namespace_exists_api)
+        check_rate_limit!(:namespace_exists, scope: current_user)

        namespace_path = params[:namespace]
        existing_namespaces_within_the_parent = Namespace.without_project_namespaces.by_parent(params[:parent_id])
--- a/lib/gitlab/background_migration/delete_approval_rules_with_vulnerability.rb
+++ b/lib/gitlab/background_migration/delete_approval_rules_with_vulnerability.rb
@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # This class doesn't delete approval rules
+    # as this feature exists only in EE
+    class DeleteApprovalRulesWithVulnerability < BatchedMigrationJob
+      def perform
+      end
+    end
+  end
+end
+
+# rubocop:disable Layout/LineLength
+Gitlab::BackgroundMigration::DeleteApprovalRulesWithVulnerability.prepend_mod_with('Gitlab::BackgroundMigration::DeleteApprovalRulesWithVulnerability')
+# rubocop:enable Layout/LineLength
--- a/lib/gitlab/import_export/group/import_export.yml
+++ b/lib/gitlab/import_export/group/import_export.yml
@ -66,7 +66,7 @@ excluded_attributes:
    - :state_id
  iterations_cadence: &iterations_cadence_definition
    - :id
-    - :last_run_date
+    - :next_run_date
    - :duration_in_weeks
    - :iterations_in_advance
    - :automatic
--- a/lib/gitlab/import_export/group/legacy_import_export.yml
+++ b/lib/gitlab/import_export/group/legacy_import_export.yml
@ -29,7 +29,7 @@ included_attributes:
    - :created_at
    - :updated_at
    - :start_date
-    - :last_run_date
+    - :next_run_date
    - :duration_in_weeks
    - :iterations_in_advance
    - :active
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -38612,7 +38612,7 @@ msgstr ""
 msgid "SuggestedColors|Green-cyan"
 msgstr ""

-msgid "SuggestedColors|Lavendar"
+msgid "SuggestedColors|Lavender"
 msgstr ""

 msgid "SuggestedColors|Magenta-pink"
--- a/qa/qa/resource/group.rb
+++ b/qa/qa/resource/group.rb
@ -26,6 +26,8 @@ module QA
      def initialize
        @description = "QA test run at #{Runtime::Namespace.time}"
        @require_two_factor_authentication = false
+        # Add visibility to enable create private group
+        @visibility = 'public'
      end

      def fabricate!
@ -39,6 +41,7 @@ module QA

            Page::Group::New.perform do |group_new|
              group_new.set_path(path)
+              group_new.set_visibility(@visibility)
              group_new.create_subgroup
            end

@ -73,7 +76,7 @@ module QA
          parent_id: sandbox.id,
          path: path,
          name: name,
-          visibility: 'public',
+          visibility: @visibility.downcase,
          require_two_factor_authentication: @require_two_factor_authentication,
          avatar: avatar
        }
--- a/qa/qa/resource/group_base.rb
+++ b/qa/qa/resource/group_base.rb
@ -14,7 +14,9 @@ module QA
      attributes :id,
                 :runners_token,
                 :name,
-                 :full_path
+                 :full_path,
+                 # Add visibility to enable create private group
+                 :visibility

      # Get group projects
      #
--- a/qa/qa/resource/sandbox.rb
+++ b/qa/qa/resource/sandbox.rb
@ -20,6 +20,8 @@ module QA

      def initialize
        @path = Runtime::Namespace.sandbox_name
+        # Visibility should be public by default for backward compatibility
+        @visibility = 'public'
      end

      alias_method :full_path, :path
@ -38,7 +40,7 @@ module QA
            Page::Group::New.perform do |group|
              group.click_create_group
              group.set_path(path)
-              group.set_visibility('Public')
+              group.set_visibility(@visibility)
              group.create
            end

@ -68,7 +70,7 @@ module QA
        {
          path: path,
          name: path,
-          visibility: 'public',
+          visibility: @visibility.downcase,
          avatar: avatar
        }
      end
--- a/spec/frontend/analytics/shared/components/daterange_spec.js
+++ b/spec/frontend/analytics/shared/components/daterange_spec.js
@ -1,5 +1,5 @@
-import { GlDaterangePicker, GlSprintf } from '@gitlab/ui';
-import { shallowMount, mount } from '@vue/test-utils';
+import { GlDaterangePicker } from '@gitlab/ui';
+import { shallowMountExtended, mountExtended } from 'helpers/vue_test_utils_helper';
 import { useFakeDate } from 'helpers/fake_date';
 import Daterange from '~/analytics/shared/components/daterange.vue';

@ -13,13 +13,12 @@ describe('Daterange component', () => {

  let wrapper;

-  const factory = (props = defaultProps, mountFn = shallowMount) => {
+  const factory = (props = defaultProps, mountFn = shallowMountExtended) => {
    wrapper = mountFn(Daterange, {
      propsData: {
        ...defaultProps,
        ...props,
      },
-      stubs: { GlSprintf },
    });
  };

@ -28,7 +27,7 @@ describe('Daterange component', () => {
  });

  const findDaterangePicker = () => wrapper.findComponent(GlDaterangePicker);
-  const findDateRangeIndicator = () => wrapper.findComponent(GlSprintf);
+  const findDateRangeIndicator = () => wrapper.findByTestId('daterange-picker-indicator');

  describe('template', () => {
    describe('when show is false', () => {
@ -52,7 +51,7 @@ describe('Daterange component', () => {
        const endDate = new Date('2019-09-30');
        const minDate = new Date('2019-06-01');

-        factory({ show: true, startDate, endDate, minDate }, mount);
+        factory({ show: true, startDate, endDate, minDate }, mountExtended);
        const input = findDaterangePicker().find('input');

        input.setValue('2019-01-01');
@ -64,7 +63,7 @@ describe('Daterange component', () => {

    describe('with a maxDateRange being set', () => {
      beforeEach(() => {
-        factory({ maxDateRange: 30 });
+        factory({ maxDateRange: 30 }, mountExtended);
      });

      it('displays the max date range indicator', () => {
@ -72,7 +71,7 @@ describe('Daterange component', () => {
      });

      it('displays the correct number of selected days in the indicator', () => {
-        expect(findDateRangeIndicator().text()).toMatchInterpolatedText('10 days selected');
+        expect(findDateRangeIndicator().text()).toBe('10 days selected');
      });

      it('sets the tooltip', () => {
--- a/spec/frontend/vue_shared/components/sidebar/labels_select_widget/mock_data.js
+++ b/spec/frontend/vue_shared/components/sidebar/labels_select_widget/mock_data.js
@ -56,7 +56,7 @@ export const mockSuggestedColors = {
  '#013220': 'Dark green',
  '#6699cc': 'Blue-gray',
  '#0000ff': 'Blue',
-  '#e6e6fa': 'Lavendar',
+  '#e6e6fa': 'Lavender',
  '#9400d3': 'Dark violet',
  '#330066': 'Deep violet',
  '#808080': 'Gray',
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@ -3227,62 +3227,6 @@ RSpec.describe MergeRequest, factory_default: :keep do
    end
  end

-  describe '#detailed_merge_status' do
-    subject(:detailed_merge_status) { merge_request.detailed_merge_status }
-
-    context 'when merge status is cannot_be_merged_rechecking' do
-      let(:merge_request) { create(:merge_request, merge_status: :cannot_be_merged_rechecking) }
-
-      it 'returns :checking' do
-        expect(detailed_merge_status).to eq(:checking)
-      end
-    end
-
-    context 'when merge status is preparing' do
-      let(:merge_request) { create(:merge_request, merge_status: :preparing) }
-
-      it 'returns :checking' do
-        expect(detailed_merge_status).to eq(:checking)
-      end
-    end
-
-    context 'when merge status is checking' do
-      let(:merge_request) { create(:merge_request, merge_status: :checking) }
-
-      it 'returns :checking' do
-        expect(detailed_merge_status).to eq(:checking)
-      end
-    end
-
-    context 'when merge status is unchecked' do
-      let(:merge_request) { create(:merge_request, merge_status: :unchecked) }
-
-      it 'returns :unchecked' do
-        expect(detailed_merge_status).to eq(:unchecked)
-      end
-    end
-
-    context 'when merge checks are a success' do
-      let(:merge_request) { create(:merge_request) }
-
-      it 'returns :mergeable' do
-        expect(detailed_merge_status).to eq(:mergeable)
-      end
-    end
-
-    context 'when merge status have a failure' do
-      let(:merge_request) { create(:merge_request) }
-
-      before do
-        merge_request.close!
-      end
-
-      it 'returns the failure reason' do
-        expect(detailed_merge_status).to eq(:not_open)
-      end
-    end
-  end
-
  describe '#mergeable_state?' do
    it_behaves_like 'for mergeable_state'

--- a/spec/services/merge_requests/mergeability/detailed_merge_status_service_spec.rb
+++ b/spec/services/merge_requests/mergeability/detailed_merge_status_service_spec.rb
@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::MergeRequests::Mergeability::DetailedMergeStatusService do
+  subject(:detailed_merge_status) { described_class.new(merge_request: merge_request).execute }
+
+  context 'when merge status is cannot_be_merged_rechecking' do
+    let(:merge_request) { create(:merge_request, merge_status: :cannot_be_merged_rechecking) }
+
+    it 'returns :checking' do
+      expect(detailed_merge_status).to eq(:checking)
+    end
+  end
+
+  context 'when merge status is preparing' do
+    let(:merge_request) { create(:merge_request, merge_status: :preparing) }
+
+    it 'returns :checking' do
+      expect(detailed_merge_status).to eq(:checking)
+    end
+  end
+
+  context 'when merge status is checking' do
+    let(:merge_request) { create(:merge_request, merge_status: :checking) }
+
+    it 'returns :checking' do
+      expect(detailed_merge_status).to eq(:checking)
+    end
+  end
+
+  context 'when merge status is unchecked' do
+    let(:merge_request) { create(:merge_request, merge_status: :unchecked) }
+
+    it 'returns :unchecked' do
+      expect(detailed_merge_status).to eq(:unchecked)
+    end
+  end
+
+  context 'when merge checks are a success' do
+    let(:merge_request) { create(:merge_request) }
+
+    it 'returns :mergeable' do
+      expect(detailed_merge_status).to eq(:mergeable)
+    end
+  end
+
+  context 'when merge status have a failure' do
+    let(:merge_request) { create(:merge_request) }
+
+    before do
+      merge_request.close!
+    end
+
+    it 'returns the failure reason' do
+      expect(detailed_merge_status).to eq(:not_open)
+    end
+  end
+
+  context 'when all but the ci check fails' do
+    let(:merge_request) { create(:merge_request) }
+
+    before do
+      merge_request.project.update!(only_allow_merge_if_pipeline_succeeds: true)
+    end
+
+    context 'when pipeline does not exist' do
+      it 'returns the failure reason' do
+        expect(detailed_merge_status).to eq(:ci_must_pass)
+      end
+    end
+
+    context 'when pipeline exists' do
+      before do
+        create(:ci_pipeline, ci_status, merge_request: merge_request,
+                                        project: merge_request.project, sha: merge_request.source_branch_sha,
+                                        head_pipeline_of: merge_request)
+      end
+
+      context 'when the pipeline is running' do
+        let(:ci_status) { :running }
+
+        it 'returns the failure reason' do
+          expect(detailed_merge_status).to eq(:ci_still_running)
+        end
+      end
+
+      context 'when the pipeline is not running' do
+        let(:ci_status) { :failed }
+
+        it 'returns the failure reason' do
+          expect(detailed_merge_status).to eq(:ci_must_pass)
+        end
+      end
+    end
+  end
+end
				`@ -0,0 +1 @@`
				`7674883ca0ee06d9e70841ca8e01a8e4e74eb5958797032a134afa6790699c86`
				`@ -0,0 +1 @@`
				`ce0fdbed5966929816028cdd27f597ebb722ff0058d4e78b700a96952dd1274f`
				`@ -0,0 +1 @@`
				`0143a083e7083e9324a0e27a3a42083b56939cf841eb3d9c26d26b4b774d55d0`
				`@ -0,0 +1 @@`
				`3ae91ffae238c36a8e5ea021acfca8faa1c817d87078a5df9cf8213f259548a7`
				`@ -0,0 +1 @@`
				`19012eef52669209fa487d8a72d3e4363a6588250d9cb068ce7ffed72f95ac11`