Add latest changes from gitlab-org/gitlab@master

app/controllers/import/bulk_imports_controller.rb

@@ -84,11 +84,9 @@ class Import::BulkImportsController < ApplicationController
   def verify_blocked_uri
     Gitlab::UrlBlocker.validate!(
       session[url_key],
-      **{
-        allow_localhost: allow_local_requests?,
-        allow_local_network: allow_local_requests?,
-        schemes: %w(http https)
-      }
+      allow_localhost: allow_local_requests?,
+      allow_local_network: allow_local_requests?,
+      schemes: %w(http https)
     )
   rescue Gitlab::UrlBlocker::BlockedUrlError => e
     clear_session_data

app/controllers/import/fogbugz_controller.rb

@@ -136,11 +136,9 @@ class Import::FogbugzController < Import::BaseController
   def verify_blocked_uri
     Gitlab::UrlBlocker.validate!(
       params[:uri],
-      **{
-        allow_localhost: allow_local_requests?,
-        allow_local_network: allow_local_requests?,
-        schemes: %w(http https)
-      }
+      allow_localhost: allow_local_requests?,
+      allow_local_network: allow_local_requests?,
+      schemes: %w(http https)
     )
   rescue Gitlab::UrlBlocker::BlockedUrlError => e
     redirect_to new_import_fogbugz_url, alert: _('Specified URL cannot be used: "%{reason}"') % { reason: e.message }

app/controllers/import/gitea_controller.rb

@@ -72,11 +72,9 @@ class Import::GiteaController < Import::GithubController
   def verify_blocked_uri
     Gitlab::UrlBlocker.validate!(
       provider_url,
-      {
-        allow_localhost: allow_local_requests?,
-        allow_local_network: allow_local_requests?,
-        schemes: %w(http https)
-      }
+      allow_localhost: allow_local_requests?,
+      allow_local_network: allow_local_requests?,
+      schemes: %w(http https)
     )
   rescue Gitlab::UrlBlocker::BlockedUrlError => e
     session[access_token_key] = nil

app/controllers/projects/pipelines_controller.rb

@@ -186,12 +186,15 @@ class Projects::PipelinesController < Projects::ApplicationController
 
   def charts
     @charts = {}
+    @counts = {}
+
+    return unless Feature.enabled?(:graphql_pipeline_analytics)
+
     @charts[:week] = Gitlab::Ci::Charts::WeekChart.new(project)
     @charts[:month] = Gitlab::Ci::Charts::MonthChart.new(project)
     @charts[:year] = Gitlab::Ci::Charts::YearChart.new(project)
     @charts[:pipeline_times] = Gitlab::Ci::Charts::PipelineTime.new(project)
 
-    @counts = {}
     @counts[:total] = @project.all_pipelines.count(:all)
     @counts[:success] = @project.all_pipelines.success.count(:all)
     @counts[:failed] = @project.all_pipelines.failed.count(:all)

app/services/import/bitbucket_server_service.rb

@@ -81,11 +81,9 @@ module Import
     def blocked_url?
       Gitlab::UrlBlocker.blocked_url?(
         url,
-        {
-          allow_localhost: allow_local_requests?,
-          allow_local_network: allow_local_requests?,
-          schemes: %w(http https)
-        }
+        allow_localhost: allow_local_requests?,
+        allow_local_network: allow_local_requests?,
+        schemes: %w(http https)
       )
     end
 

app/services/import/github_service.rb

@@ -70,11 +70,9 @@ module Import
     def blocked_url?
       Gitlab::UrlBlocker.blocked_url?(
         url,
-        {
-          allow_localhost: allow_local_requests?,
-          allow_local_network: allow_local_requests?,
-          schemes: %w(http https)
-        }
+        allow_localhost: allow_local_requests?,
+        allow_local_network: allow_local_requests?,
+        schemes: %w(http https)
       )
     end
 

app/views/admin/application_settings/_eks.html.haml

@@ -25,12 +25,12 @@
           = f.label :eks_access_key_id, 'Access key ID', class: 'label-bold'
           = f.text_field :eks_access_key_id, class: 'form-control'
           .form-text.text-muted
-            = _('AWS Access Key.  Only required if not using role instance credentials')
+            = _('AWS Access Key. Only required if not using role instance credentials')
 
         .form-group
           = f.label :eks_secret_access_key, 'Secret access key', class: 'label-bold'
           = f.password_field :eks_secret_access_key, autocomplete: 'off', class: 'form-control'
           .form-text.text-muted
-            = _('AWS Secret Access Key.  Only required if not using role instance credentials')
+            = _('AWS Secret Access Key. Only required if not using role instance credentials')
 
       = f.submit 'Save changes', class: "gl-button btn btn-success"

app/views/projects/edit.html.haml

@@ -7,7 +7,7 @@
   .settings-header
     %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Naming, topics, avatar')
     %button.btn.btn-default.js-settings-toggle{ type: 'button' }= _('Collapse')
-    %p= _('Update your project name, topics, description and avatar.')
+    %p= _('Update your project name, topics, description, and avatar.')
   .settings-content= render 'projects/settings/general'
 
 %section.settings.sharing-permissions.no-animate#js-shared-permissions{ class: ('expanded' if expanded), data: { qa_selector: 'visibility_features_permissions_content' } }

app/views/shared/_choose_avatar_button.html.haml

@@ -1 +1 @@
-= render 'shared/file_picker_button', f: f, field: :avatar, help_text: _("The maximum file size allowed is 200KB.")
+= render 'shared/file_picker_button', f: f, field: :avatar, help_text: _("Max file size is 200 KB.")

changelogs/unreleased/dont_crash_whole_background_job.yml

@@ -0,0 +1,6 @@
+---
+title: Do not crash the ingestion of all security reports if there is an invalid report
+  artifact
+merge_request: 49181
+author:
+type: fixed

changelogs/unreleased/mjang-update-naming-topics-avatar-ui-text.yml

@@ -0,0 +1,5 @@
+---
+title: Updated UI text to match style guidelines
+merge_request: 49275
+author:
+type: other

doc/ci/cloud_deployment/index.md

@@ -311,6 +311,9 @@ build_artifact:
       - <built artifact>
 ```
 
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
+For a video walkthrough of this configuration process, see [Auto Deploy to EC2](https://www.youtube.com/watch?v=4B-qSwKnacA).
+
 ### Deploy to Amazon EKS
 
 - [How to deploy your application to a GitLab-managed Amazon EKS cluster with Auto DevOps](https://about.gitlab.com/blog/2020/05/05/deploying-application-eks/)

doc/user/project/deploy_keys/index.md

@@ -27,7 +27,7 @@ repository in automation, it's a simple solution.
 
 A drawback is that your repository could become vulnerable if a remote machine is compromised
 by a hacker. You should limit access to the remote machine before a deploy key is
-enabled on your repository. A good rule to follow is to access only to trusted users,
+enabled on your repository. A good rule to follow is to provide access only to trusted users,
 and make sure that the allowed users have [maintainer permissions or higher](../../permissions.md)
 in the GitLab project.
 

lib/api/internal/kubernetes.rb

@@ -121,3 +121,5 @@ module API
     end
   end
 end
+
+API::Internal::Kubernetes.prepend_if_ee('EE::API::Internal::Kubernetes')

lib/gitlab/alert_management/payload.rb

@@ -4,7 +4,8 @@ module Gitlab
   module AlertManagement
     module Payload
       MONITORING_TOOLS = {
-        prometheus: 'Prometheus'
+        prometheus: 'Prometheus',
+        cilium: 'Cilium'
       }.freeze
 
       class << self

lib/gitlab/database_importers/self_monitoring/project/create_service.rb

@@ -147,7 +147,7 @@ module Gitlab
               initialize_with_readme: true,
               visibility_level: VISIBILITY_LEVEL,
               name: PROJECT_NAME,
-              description: "This project is automatically generated and will be used to help monitor this GitLab instance. [More information](#{docs_path})",
+              description: "This project is automatically generated and helps monitor this GitLab instance. [Learn more](#{docs_path}).",
               namespace_id: group.id
             }
           end

locale/gitlab.pot

@@ -1328,13 +1328,13 @@ msgstr ""
 msgid "AWS Access Key"
 msgstr ""
 
-msgid "AWS Access Key.  Only required if not using role instance credentials"
+msgid "AWS Access Key. Only required if not using role instance credentials"
 msgstr ""
 
 msgid "AWS Secret Access Key"
 msgstr ""
 
-msgid "AWS Secret Access Key.  Only required if not using role instance credentials"
+msgid "AWS Secret Access Key. Only required if not using role instance credentials"
 msgstr ""
 
 msgid "AWS service error: %{error}"
@@ -16765,6 +16765,9 @@ msgstr ""
 msgid "Max access level"
 msgstr ""
 
+msgid "Max file size is 200 KB."
+msgstr ""
+
 msgid "Max role"
 msgstr ""
 
@@ -27417,9 +27420,6 @@ msgstr ""
 msgid "The maximum file size allowed is %{size}."
 msgstr ""
 
-msgid "The maximum file size allowed is 200KB."
-msgstr ""
-
 msgid "The merge conflicts for this merge request cannot be resolved through GitLab. Please try to resolve them locally."
 msgstr ""
 
@@ -29614,7 +29614,7 @@ msgstr ""
 msgid "Update your group name, description, avatar, and visibility."
 msgstr ""
 
-msgid "Update your project name, topics, description and avatar."
+msgid "Update your project name, topics, description, and avatar."
 msgstr ""
 
 msgid "UpdateProject|Cannot rename project because it contains container registry tags!"

spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb

@@ -118,8 +118,8 @@ RSpec.describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService
         expect(result[:status]).to eq(:success)
         expect(project.name).to eq(described_class::PROJECT_NAME)
         expect(project.description).to eq(
-          'This project is automatically generated and will be used to help monitor this GitLab instance. ' \
-          "[More information](#{docs_path})"
+          'This project is automatically generated and helps monitor this GitLab instance. ' \
+          "[Learn more](#{docs_path})."
         )
         expect(File).to exist("doc/#{path}.md")
       end

spec/requests/api/internal/kubernetes_spec.rb

@@ -87,7 +87,7 @@ RSpec.describe API::Internal::Kubernetes do
     end
   end
 
-  describe "GET /internal/kubernetes/agent_info" do
+  describe 'GET /internal/kubernetes/agent_info' do
     def send_request(headers: {}, params: {})
       get api('/internal/kubernetes/agent_info'), params: params, headers: headers.reverse_merge(jwt_auth_headers)
     end

spec/support/shared_examples/services/alert_management_shared_examples.rb

@@ -16,6 +16,38 @@ RSpec.shared_examples 'creates an alert management alert' do
   end
 end
 
+# This shared_example requires the following variables:
+# - last_alert_attributes, last created alert
+# - project, project that alert created
+# - payload_raw, hash representation of payload
+# - environment, project's environment
+# - fingerprint, fingerprint hash
+RSpec.shared_examples 'assigns the alert properties' do
+  it 'ensures that created alert has all data properly assigned' do
+    subject
+
+    expect(last_alert_attributes).to match(
+      project_id: project.id,
+      title: payload_raw.fetch(:title),
+      started_at: Time.zone.parse(payload_raw.fetch(:start_time)),
+      severity: payload_raw.fetch(:severity),
+      status: AlertManagement::Alert.status_value(:triggered),
+      events: 1,
+      domain: domain,
+      hosts: payload_raw.fetch(:hosts),
+      payload: payload_raw.with_indifferent_access,
+      issue_id: nil,
+      description: payload_raw.fetch(:description),
+      monitoring_tool: payload_raw.fetch(:monitoring_tool),
+      service: payload_raw.fetch(:service),
+      fingerprint: Digest::SHA1.hexdigest(fingerprint),
+      environment_id: environment.id,
+      ended_at: nil,
+      prometheus_alert_id: nil
+    )
+  end
+end
+
 RSpec.shared_examples 'does not an create alert management alert' do
   it 'does not create alert' do
     expect { subject }.not_to change(AlertManagement::Alert, :count)