Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/docs.gitlab-ci.yml

@@ -10,8 +10,8 @@
     # because some repos are private and CI_JOB_TOKEN cannot access files.
     # See https://gitlab.com/gitlab-org/gitlab/issues/191273
     GIT_DEPTH: 1
-    # By default, deploy the Review App using the `master` branch of the `gitlab-org/gitlab-docs` project
+    # By default, deploy the Review App using the `main` branch of the `gitlab-org/gitlab-docs` project
-    DOCS_BRANCH: master
+    DOCS_BRANCH: main
   environment:
     name: review-docs/mr-${CI_MERGE_REQUEST_IID}
     # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables

app/controllers/projects/forks_controller.rb

@@ -56,7 +56,13 @@ class Projects::ForksController < Projects::ApplicationController
           can_fork_to?(current_user.namespace)
 
         render json: {
-          namespaces: ForkNamespaceSerializer.new.represent(namespaces, project: project, current_user: current_user, memberships: memberships_hash)
+          namespaces: ForkNamespaceSerializer.new.represent(
+            namespaces,
+            project: project,
+            current_user: current_user,
+            memberships: memberships_hash,
+            forked_projects: forked_projects_by_namespace(namespaces)
+          )
         }
       end
     end
@@ -129,6 +135,10 @@ class Projects::ForksController < Projects::ApplicationController
   def memberships_hash
     current_user.members.where(source: load_namespaces_with_associations).index_by(&:source_id)
   end
+
+  def forked_projects_by_namespace(namespaces)
+    project.forks.where(namespace: namespaces).includes(:namespace).index_by(&:namespace_id)
+  end
 end
 
 Projects::ForksController.prepend_mod_with('Projects::ForksController')

app/controllers/projects/issues_controller.rb

@@ -160,7 +160,7 @@ class Projects::IssuesController < Projects::ApplicationController
       new_project = Project.find(params[:move_to_project_id])
       return render_404 unless issue.can_move?(current_user, new_project)
 
-      @issue = ::Issues::UpdateService.new(project: project, current_user: current_user, params: { target_project: new_project }).execute(issue)
+      @issue = ::Issues::MoveService.new(project: project, current_user: current_user).execute(issue, new_project)
     end
 
     respond_to do |format|

app/models/hooks/web_hook.rb

@@ -73,6 +73,8 @@ class WebHook < ApplicationRecord
   end
 
   def enable!
+    return if recent_failures == 0 && disabled_until.nil? && backoff_count == 0
+
     update!(recent_failures: 0, disabled_until: nil, backoff_count: 0)
   end
 

app/serializers/fork_namespace_entity.rb

@@ -13,7 +13,7 @@ class ForkNamespaceEntity < Grape::Entity
   end
 
   expose :forked_project_path do |namespace, options|
-    if forked_project = namespace.find_fork_of(options[:project])
+    if forked_project = options.dig(:forked_projects, namespace.id)
       project_path(forked_project)
     end
   end

doc/administration/troubleshooting/group_saml_scim.md

@@ -42,6 +42,10 @@ SCIM mapping:
 
 ![Azure AD SCIM](img/AzureAD-scim_attribute_mapping.png)
 
+Group Sync:
+
+![Azure Group Claims](img/azure_configure_group_claim.png)
+
 ## Okta
 
 Basic SAML app configuration:

doc/ci/jobs/index.md

@@ -29,7 +29,7 @@ jobs, where each of the jobs executes a different command.
 Of course a command can execute code directly (`./configure;make;make install`)
 or run a script (`test.sh`) in the repository.
 
-Jobs are picked up by [runners](../runners/README.md) and executed within the
+Jobs are picked up by [runners](../runners/README.md) and executed in the
 environment of the runner. What is important is that each job is run
 independently from each other.
 

doc/user/group/saml_sso/index.md

@@ -152,6 +152,10 @@ We recommend:
 - **Unique User Identifier (Name identifier)** set to `user.objectID`.
 - **nameid-format** set to persistent.
 
+If using [Group Sync](#group-sync), customize the name of the group claim to match the required attribute.
+
+See the [troubleshooting page](../../../administration/troubleshooting/group_saml_scim.md#azure-active-directory) for an example configuration.
+
 ### Okta setup notes
 
 Please follow the Okta documentation on [setting up a SAML application in Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/overview/) with the notes below for consideration.

doc/user/project/settings/project_access_tokens.md

@@ -81,6 +81,8 @@ the following table.
 
 ## Enable or disable project access token creation
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/287707) in GitLab 13.11.
+
 You may enable or disable project access token creation for all projects in a group in **Group > Settings > General > Permissions, LFS, 2FA > Allow project access token creation**.
 Even when creation is disabled, you can still use and revoke existing project access tokens.
 This setting is available only on top-level groups.

scripts/trigger-build

@@ -255,7 +255,7 @@ module Trigger
     end
 
     def ref
-      ENV['DOCS_BRANCH'] || 'master'
+      ENV['DOCS_BRANCH'] || 'main'
     end
 
     # `gitlab-org/gitlab-docs` pipeline trigger "Triggered from gitlab-org/gitlab 'review-docs-deploy' job"

spec/controllers/projects/forks_controller_spec.rb

@@ -195,6 +195,29 @@ RSpec.describe Projects::ForksController do
           expect(json_response['namespaces'].length).to eq(1)
           expect(json_response['namespaces'][0]['id']).to eq(group.id)
         end
+
+        context 'N+1 queries' do
+          before do
+            create(:fork_network, root_project: project)
+          end
+
+          it 'avoids N+1 queries' do
+            do_request = -> { get :new, format: format, params: { namespace_id: project.namespace, project_id: project } }
+
+            # warm up
+            do_request.call
+
+            control = ActiveRecord::QueryRecorder.new { do_request.call }
+
+            create(:group, :public).add_owner(user)
+
+            # TODO: There is another N+1 caused by user.can?(:create_projects, namespace)
+            # Defined in ForkNamespaceEntity
+            extra_count = 1
+
+            expect { do_request.call }.not_to exceed_query_limit(control.count + extra_count)
+          end
+        end
       end
     end
 

spec/models/hooks/web_hook_spec.rb

@@ -268,11 +268,29 @@ RSpec.describe WebHook do
   end
 
   describe '#enable!' do
-    it 'makes a hook executable' do
+    it 'makes a hook executable if it was marked as failed' do
       hook.recent_failures = 1000
 
       expect { hook.enable! }.to change(hook, :executable?).from(false).to(true)
     end
+
+    it 'makes a hook executable if it is currently backed off' do
+      hook.disabled_until = 1.hour.from_now
+
+      expect { hook.enable! }.to change(hook, :executable?).from(false).to(true)
+    end
+
+    it 'does not update hooks unless necessary' do
+      expect(hook).not_to receive(:update!)
+
+      hook.enable!
+    end
+
+    it 'is idempotent on executable hooks' do
+      expect(hook).not_to receive(:update!)
+
+      expect { hook.enable! }.not_to change(hook, :executable?)
+    end
   end
 
   describe 'backoff!' do
@@ -298,6 +316,7 @@ RSpec.describe WebHook do
 
     it 'does not allow the failure count to exceed the maximum value' do
       hook.recent_failures = described_class::MAX_FAILURES
+      expect(hook).not_to receive(:update!)
 
       expect { hook.failed! }.not_to change(hook, :recent_failures)
     end

spec/serializers/fork_namespace_entity_spec.rb

@@ -9,12 +9,15 @@ RSpec.describe ForkNamespaceEntity do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project) }
   let_it_be(:namespace) { create(:group, :with_avatar, description: 'test') }
+  let_it_be(:forked_project) { build(:project) }
 
   let(:memberships) do
     user.members.index_by(&:source_id)
   end
 
-  let(:entity) { described_class.new(namespace, current_user: user, project: project, memberships: memberships) }
+  let(:forked_projects) { { namespace.id => forked_project } }
+
+  let(:entity) { described_class.new(namespace, current_user: user, project: project, memberships: memberships, forked_projects: forked_projects) }
 
   subject(:json) { entity.as_json }
 
@@ -46,10 +49,7 @@ RSpec.describe ForkNamespaceEntity do
   end
 
   it 'exposes forked_project_path when fork exists in namespace' do
-    namespace.add_maintainer(user)
+    expect(json[:forked_project_path]).to eql project_path(forked_project)
-    fork_in_namespace = fork_project(project, user, namespace: namespace)
-
-    expect(json[:forked_project_path]).to eql project_path(fork_in_namespace)
   end
 
   it 'exposes relative path to the namespace' do