Add latest changes from gitlab-org/gitlab@master

app/services/security/ci_configuration/dependency_scanning_create_service.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Security
+  module CiConfiguration
+    class DependencyScanningCreateService < ::Security::CiConfiguration::BaseCreateService
+      private
+
+      def action
+        Security::CiConfiguration::DependencyScanningBuildAction.new(project.auto_devops_enabled?, existing_gitlab_ci_content).generate
+      end
+
+      def next_branch
+        'set-dependency-scanning-config'
+      end
+
+      def message
+        _('Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist')
+      end
+
+      def description
+        _('Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings.')
+      end
+    end
+  end
+end

db/migrate/20210610153556_delete_legacy_operations_feature_flags.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class DeleteLegacyOperationsFeatureFlags < ActiveRecord::Migration[6.1]
+  LEGACY_FEATURE_FLAG_VERSION = 1
+
+  def up
+    execute("DELETE FROM operations_feature_flags WHERE version = #{LEGACY_FEATURE_FLAG_VERSION}")
+  end
+
+  def down
+    # no-op
+  end
+end

db/schema_migrations/20210610153556

@@ -0,0 +1 @@
+39ca841ce1de3faadee41fbb756d80c98efd853fbbffa7cb3f8f9de56752078b

doc/api/graphql/reference/index.md

@@ -909,6 +909,30 @@ Input type: `CommitCreateInput`
 | <a id="mutationcommitcreatecontent"></a>`content` | [`[String!]`](#string) | Contents of the commit. |
 | <a id="mutationcommitcreateerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
 
+### `Mutation.configureDependencyScanning`
+
+Configure Dependency Scanning for a project by enabling Dependency Scanning in a new or modified
+`.gitlab-ci.yml` file in a new branch. The new branch and a URL to
+create a Merge Request are a part of the response.
+
+Input type: `ConfigureDependencyScanningInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationconfiguredependencyscanningclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationconfiguredependencyscanningprojectpath"></a>`projectPath` | [`ID!`](#id) | Full path of the project. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationconfiguredependencyscanningbranch"></a>`branch` | [`String`](#string) | Branch that has the new/modified `.gitlab-ci.yml` file. |
+| <a id="mutationconfiguredependencyscanningclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationconfiguredependencyscanningerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| <a id="mutationconfiguredependencyscanningsuccesspath"></a>`successPath` | [`String`](#string) | Redirect path to use when the response is successful. |
+
 ### `Mutation.configureSast`
 
 Configure SAST for a project by enabling SAST in a new or modified

lib/api/entities/label.rb

@@ -18,7 +18,9 @@ module API
       end
 
       expose :subscribed do |label, options|
-        label.subscribed?(options[:current_user], options[:parent])
+        label.subscribed?(options[:current_user]) || (
+          options[:parent].is_a?(::Project) && label.subscribed?(options[:current_user], options[:parent])
+        )
       end
     end
   end

lib/security/ci_configuration/base_build_action.rb

@@ -41,6 +41,7 @@ module Security
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+          # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
           # Note that environment variables can be set in several places
           # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
         YAML

lib/security/ci_configuration/dependency_scanning_build_action.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Security
+  module CiConfiguration
+    class DependencyScanningBuildAction < BaseBuildAction
+      private
+
+      def update_existing_content!
+        @existing_gitlab_ci_content['include'] = generate_includes
+      end
+
+      def template
+        return 'Auto-DevOps.gitlab-ci.yml' if @auto_devops_enabled
+
+        'Security/Dependency-Scanning.gitlab-ci.yml'
+      end
+    end
+  end
+end

locale/gitlab.pot

@@ -8286,6 +8286,12 @@ msgstr ""
 msgid "Configure %{repository_checks_link_start}repository checks%{link_end} and %{housekeeping_link_start}housekeeping%{link_end} on repositories."
 msgstr ""
 
+msgid "Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings."
+msgstr ""
+
+msgid "Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist"
+msgstr ""
+
 msgid "Configure GitLab runners to start using the Web Terminal. %{helpStart}Learn more.%{helpEnd}"
 msgstr ""
 

spec/lib/security/ci_configuration/sast_build_action_spec.rb

@@ -323,6 +323,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
     # You can override the included template(s) by including variable overrides
     # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
     # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+    # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
     # Note that environment variables can be set in several places
     # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
     stages:
@@ -342,6 +343,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
     # You can override the included template(s) by including variable overrides
     # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
     # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+    # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
     # Note that environment variables can be set in several places
     # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
     stages:
@@ -358,6 +360,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -380,6 +383,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -415,6 +419,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -439,6 +444,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -461,6 +467,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -484,6 +491,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:
@@ -507,6 +515,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       # You can override the included template(s) by including variable overrides
       # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
       # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+      # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
       # Note that environment variables can be set in several places
       # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
       stages:

spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb

@@ -16,6 +16,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+          # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
           # Note that environment variables can be set in several places
           # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
           stages:
@@ -62,6 +63,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+          # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
           # Note that environment variables can be set in several places
           # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
           stages:
@@ -111,6 +113,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+          # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
           # Note that environment variables can be set in several places
           # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
           include:
@@ -131,6 +134,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+          # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
           # Note that environment variables can be set in several places
           # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
           include:

spec/migrations/20210610153556_delete_legacy_operations_feature_flags_spec.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!('delete_legacy_operations_feature_flags')
+
+RSpec.describe DeleteLegacyOperationsFeatureFlags do
+  let(:namespace) { table(:namespaces).create!(name: 'foo', path: 'bar') }
+  let(:project) { table(:projects).create!(namespace_id: namespace.id) }
+  let(:issue) { table(:issues).create!(id: 123, project_id: project.id) }
+  let(:operations_feature_flags) { table(:operations_feature_flags) }
+  let(:operations_feature_flag_scopes) { table(:operations_feature_flag_scopes) }
+  let(:operations_strategies) { table(:operations_strategies) }
+  let(:operations_scopes) { table(:operations_scopes) }
+  let(:operations_feature_flags_issues) { table(:operations_feature_flags_issues) }
+
+  it 'correctly deletes legacy feature flags' do
+    # Legacy version of a feature flag - dropped support in GitLab 14.0.
+    legacy_flag = operations_feature_flags.create!(project_id: project.id, version: 1, name: 'flag_a', active: true, iid: 1)
+    operations_feature_flag_scopes.create!(feature_flag_id: legacy_flag.id, active: true)
+    operations_feature_flags_issues.create!(feature_flag_id: legacy_flag.id, issue_id: issue.id)
+    # New version of a feature flag.
+    new_flag = operations_feature_flags.create!(project_id: project.id, version: 2, name: 'flag_b', active: true, iid: 2)
+    new_strategy = operations_strategies.create!(feature_flag_id: new_flag.id, name: 'default')
+    operations_scopes.create!(strategy_id: new_strategy.id, environment_scope: '*')
+    operations_feature_flags_issues.create!(feature_flag_id: new_flag.id, issue_id: issue.id)
+
+    expect(operations_feature_flags.all.pluck(:version)).to contain_exactly(1, 2)
+    expect(operations_feature_flag_scopes.count).to eq(1)
+    expect(operations_strategies.count).to eq(1)
+    expect(operations_scopes.count).to eq(1)
+    expect(operations_feature_flags_issues.all.pluck(:feature_flag_id)).to contain_exactly(legacy_flag.id, new_flag.id)
+
+    migrate!
+
+    # Legacy flag is deleted.
+    expect(operations_feature_flags.all.pluck(:version)).to contain_exactly(2)
+    # The associated entries of the legacy flag are deleted too.
+    expect(operations_feature_flag_scopes.count).to eq(0)
+    # The associated entries of the new flag stay instact.
+    expect(operations_strategies.count).to eq(1)
+    expect(operations_scopes.count).to eq(1)
+    expect(operations_feature_flags_issues.all.pluck(:feature_flag_id)).to contain_exactly(new_flag.id)
+  end
+end

spec/requests/api/group_labels_spec.rb

@@ -29,6 +29,32 @@ RSpec.describe API::GroupLabels do
         let(:expected_labels) { [group_label1.name] }
 
         it_behaves_like 'fetches labels'
+
+        context 'and is subscribed' do
+          before do
+            group_label1.subscribe(user)
+          end
+
+          it 'returns true' do
+            get api("/groups/#{group.id}/labels?search=#{group_label1.name}", user)
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response[0]['subscribed']).to be true
+          end
+        end
+
+        context 'and is unsubscribed' do
+          before do
+            group_label1.unsubscribe(user)
+          end
+
+          it 'returns false' do
+            get api("/groups/#{group.id}/labels?search=#{group_label1.name}", user)
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response[0]['subscribed']).to be false
+          end
+        end
       end
 
       context 'when the with_counts parameter is set' do

spec/requests/api/labels_spec.rb

@@ -200,6 +200,36 @@ RSpec.describe API::Labels do
       expect(json_response.map { |l| l['name'] }).to match_array([group_label.name, priority_label.name, label1.name])
     end
 
+    context 'when search param is provided' do
+      context 'and user is subscribed' do
+        before do
+          priority_label.subscribe(user)
+        end
+
+        it 'returns subscribed true' do
+          get api("/projects/#{project.id}/labels?search=#{priority_label.name}", user)
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response[0]['name']).to eq(priority_label.name)
+          expect(json_response[0]['subscribed']).to be true
+        end
+      end
+
+      context 'and user is not subscribed' do
+        before do
+          priority_label.unsubscribe(user)
+        end
+
+        it 'returns subscribed false' do
+          get api("/projects/#{project.id}/labels?search=#{priority_label.name}", user)
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response[0]['name']).to eq(priority_label.name)
+          expect(json_response[0]['subscribed']).to be false
+        end
+      end
+    end
+
     context 'when the with_counts parameter is set' do
       before do
         create(:labeled_issue, project: project, labels: [group_label], author: user)