diff --git a/app/services/security/ci_configuration/dependency_scanning_create_service.rb b/app/services/security/ci_configuration/dependency_scanning_create_service.rb
new file mode 100644
index 00000000000..71e8d5025ae
--- /dev/null
+++ b/app/services/security/ci_configuration/dependency_scanning_create_service.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Security
+ module CiConfiguration
+ class DependencyScanningCreateService < ::Security::CiConfiguration::BaseCreateService
+ private
+
+ def action
+ Security::CiConfiguration::DependencyScanningBuildAction.new(project.auto_devops_enabled?, existing_gitlab_ci_content).generate
+ end
+
+ def next_branch
+ 'set-dependency-scanning-config'
+ end
+
+ def message
+ _('Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist')
+ end
+
+ def description
+ _('Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings.')
+ end
+ end
+ end
+end
diff --git a/db/migrate/20210610153556_delete_legacy_operations_feature_flags.rb b/db/migrate/20210610153556_delete_legacy_operations_feature_flags.rb
new file mode 100644
index 00000000000..f0bcbe5e472
--- /dev/null
+++ b/db/migrate/20210610153556_delete_legacy_operations_feature_flags.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class DeleteLegacyOperationsFeatureFlags < ActiveRecord::Migration[6.1]
+ LEGACY_FEATURE_FLAG_VERSION = 1
+
+ def up
+ execute("DELETE FROM operations_feature_flags WHERE version = #{LEGACY_FEATURE_FLAG_VERSION}")
+ end
+
+ def down
+ # no-op
+ end
+end
diff --git a/db/schema_migrations/20210610153556 b/db/schema_migrations/20210610153556
new file mode 100644
index 00000000000..71b71a671c4
--- /dev/null
+++ b/db/schema_migrations/20210610153556
@@ -0,0 +1 @@
+39ca841ce1de3faadee41fbb756d80c98efd853fbbffa7cb3f8f9de56752078b
\ No newline at end of file
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 68090650496..7fadc6e5cce 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -909,6 +909,30 @@ Input type: `CommitCreateInput`
| `content` | [`[String!]`](#string) | Contents of the commit. |
| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+### `Mutation.configureDependencyScanning`
+
+Configure Dependency Scanning for a project by enabling Dependency Scanning in a new or modified
+`.gitlab-ci.yml` file in a new branch. The new branch and a URL to
+create a Merge Request are a part of the response.
+
+Input type: `ConfigureDependencyScanningInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| `projectPath` | [`ID!`](#id) | Full path of the project. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| `branch` | [`String`](#string) | Branch that has the new/modified `.gitlab-ci.yml` file. |
+| `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| `errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+| `successPath` | [`String`](#string) | Redirect path to use when the response is successful. |
+
### `Mutation.configureSast`
Configure SAST for a project by enabling SAST in a new or modified
diff --git a/lib/api/entities/label.rb b/lib/api/entities/label.rb
index ca9a0912331..dc147f33671 100644
--- a/lib/api/entities/label.rb
+++ b/lib/api/entities/label.rb
@@ -18,7 +18,9 @@ module API
end
expose :subscribed do |label, options|
- label.subscribed?(options[:current_user], options[:parent])
+ label.subscribed?(options[:current_user]) || (
+ options[:parent].is_a?(::Project) && label.subscribed?(options[:current_user], options[:parent])
+ )
end
end
end
diff --git a/lib/security/ci_configuration/base_build_action.rb b/lib/security/ci_configuration/base_build_action.rb
index e7a1b4770b9..880bfa6d61d 100644
--- a/lib/security/ci_configuration/base_build_action.rb
+++ b/lib/security/ci_configuration/base_build_action.rb
@@ -41,6 +41,7 @@ module Security
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
YAML
diff --git a/lib/security/ci_configuration/dependency_scanning_build_action.rb b/lib/security/ci_configuration/dependency_scanning_build_action.rb
new file mode 100644
index 00000000000..3ee4ce4da62
--- /dev/null
+++ b/lib/security/ci_configuration/dependency_scanning_build_action.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Security
+ module CiConfiguration
+ class DependencyScanningBuildAction < BaseBuildAction
+ private
+
+ def update_existing_content!
+ @existing_gitlab_ci_content['include'] = generate_includes
+ end
+
+ def template
+ return 'Auto-DevOps.gitlab-ci.yml' if @auto_devops_enabled
+
+ 'Security/Dependency-Scanning.gitlab-ci.yml'
+ end
+ end
+ end
+end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 03dab1985b1..5c259a6fb70 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8286,6 +8286,12 @@ msgstr ""
msgid "Configure %{repository_checks_link_start}repository checks%{link_end} and %{housekeeping_link_start}housekeeping%{link_end} on repositories."
msgstr ""
+msgid "Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings."
+msgstr ""
+
+msgid "Configure Dependency Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist"
+msgstr ""
+
msgid "Configure GitLab runners to start using the Web Terminal. %{helpStart}Learn more.%{helpEnd}"
msgstr ""
diff --git a/spec/lib/security/ci_configuration/sast_build_action_spec.rb b/spec/lib/security/ci_configuration/sast_build_action_spec.rb
index 5337e8d9c39..d93175249f5 100644
--- a/spec/lib/security/ci_configuration/sast_build_action_spec.rb
+++ b/spec/lib/security/ci_configuration/sast_build_action_spec.rb
@@ -323,6 +323,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -342,6 +343,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -358,6 +360,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -380,6 +383,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -415,6 +419,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -439,6 +444,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -461,6 +467,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -484,6 +491,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -507,6 +515,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
diff --git a/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb b/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb
index f6181c6ef7a..146c60ffb6e 100644
--- a/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb
+++ b/spec/lib/security/ci_configuration/secret_detection_build_action_spec.rb
@@ -16,6 +16,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -62,6 +63,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
@@ -111,6 +113,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
include:
@@ -131,6 +134,7 @@ RSpec.describe Security::CiConfiguration::SecretDetectionBuildAction do
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+ # Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
include:
diff --git a/spec/migrations/20210610153556_delete_legacy_operations_feature_flags_spec.rb b/spec/migrations/20210610153556_delete_legacy_operations_feature_flags_spec.rb
new file mode 100644
index 00000000000..4f621d0670c
--- /dev/null
+++ b/spec/migrations/20210610153556_delete_legacy_operations_feature_flags_spec.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!('delete_legacy_operations_feature_flags')
+
+RSpec.describe DeleteLegacyOperationsFeatureFlags do
+ let(:namespace) { table(:namespaces).create!(name: 'foo', path: 'bar') }
+ let(:project) { table(:projects).create!(namespace_id: namespace.id) }
+ let(:issue) { table(:issues).create!(id: 123, project_id: project.id) }
+ let(:operations_feature_flags) { table(:operations_feature_flags) }
+ let(:operations_feature_flag_scopes) { table(:operations_feature_flag_scopes) }
+ let(:operations_strategies) { table(:operations_strategies) }
+ let(:operations_scopes) { table(:operations_scopes) }
+ let(:operations_feature_flags_issues) { table(:operations_feature_flags_issues) }
+
+ it 'correctly deletes legacy feature flags' do
+ # Legacy version of a feature flag - dropped support in GitLab 14.0.
+ legacy_flag = operations_feature_flags.create!(project_id: project.id, version: 1, name: 'flag_a', active: true, iid: 1)
+ operations_feature_flag_scopes.create!(feature_flag_id: legacy_flag.id, active: true)
+ operations_feature_flags_issues.create!(feature_flag_id: legacy_flag.id, issue_id: issue.id)
+ # New version of a feature flag.
+ new_flag = operations_feature_flags.create!(project_id: project.id, version: 2, name: 'flag_b', active: true, iid: 2)
+ new_strategy = operations_strategies.create!(feature_flag_id: new_flag.id, name: 'default')
+ operations_scopes.create!(strategy_id: new_strategy.id, environment_scope: '*')
+ operations_feature_flags_issues.create!(feature_flag_id: new_flag.id, issue_id: issue.id)
+
+ expect(operations_feature_flags.all.pluck(:version)).to contain_exactly(1, 2)
+ expect(operations_feature_flag_scopes.count).to eq(1)
+ expect(operations_strategies.count).to eq(1)
+ expect(operations_scopes.count).to eq(1)
+ expect(operations_feature_flags_issues.all.pluck(:feature_flag_id)).to contain_exactly(legacy_flag.id, new_flag.id)
+
+ migrate!
+
+ # Legacy flag is deleted.
+ expect(operations_feature_flags.all.pluck(:version)).to contain_exactly(2)
+ # The associated entries of the legacy flag are deleted too.
+ expect(operations_feature_flag_scopes.count).to eq(0)
+ # The associated entries of the new flag stay instact.
+ expect(operations_strategies.count).to eq(1)
+ expect(operations_scopes.count).to eq(1)
+ expect(operations_feature_flags_issues.all.pluck(:feature_flag_id)).to contain_exactly(new_flag.id)
+ end
+end
diff --git a/spec/requests/api/group_labels_spec.rb b/spec/requests/api/group_labels_spec.rb
index c677e68b285..11738e3cba8 100644
--- a/spec/requests/api/group_labels_spec.rb
+++ b/spec/requests/api/group_labels_spec.rb
@@ -29,6 +29,32 @@ RSpec.describe API::GroupLabels do
let(:expected_labels) { [group_label1.name] }
it_behaves_like 'fetches labels'
+
+ context 'and is subscribed' do
+ before do
+ group_label1.subscribe(user)
+ end
+
+ it 'returns true' do
+ get api("/groups/#{group.id}/labels?search=#{group_label1.name}", user)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response[0]['subscribed']).to be true
+ end
+ end
+
+ context 'and is unsubscribed' do
+ before do
+ group_label1.unsubscribe(user)
+ end
+
+ it 'returns false' do
+ get api("/groups/#{group.id}/labels?search=#{group_label1.name}", user)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response[0]['subscribed']).to be false
+ end
+ end
end
context 'when the with_counts parameter is set' do
diff --git a/spec/requests/api/labels_spec.rb b/spec/requests/api/labels_spec.rb
index 26377c40b73..4b6868f42bc 100644
--- a/spec/requests/api/labels_spec.rb
+++ b/spec/requests/api/labels_spec.rb
@@ -200,6 +200,36 @@ RSpec.describe API::Labels do
expect(json_response.map { |l| l['name'] }).to match_array([group_label.name, priority_label.name, label1.name])
end
+ context 'when search param is provided' do
+ context 'and user is subscribed' do
+ before do
+ priority_label.subscribe(user)
+ end
+
+ it 'returns subscribed true' do
+ get api("/projects/#{project.id}/labels?search=#{priority_label.name}", user)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response[0]['name']).to eq(priority_label.name)
+ expect(json_response[0]['subscribed']).to be true
+ end
+ end
+
+ context 'and user is not subscribed' do
+ before do
+ priority_label.unsubscribe(user)
+ end
+
+ it 'returns subscribed false' do
+ get api("/projects/#{project.id}/labels?search=#{priority_label.name}", user)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response[0]['name']).to eq(priority_label.name)
+ expect(json_response[0]['subscribed']).to be false
+ end
+ end
+ end
+
context 'when the with_counts parameter is set' do
before do
create(:labeled_issue, project: project, labels: [group_label], author: user)