Add latest changes from gitlab-org/gitlab@master

GITLAB_KAS_VERSION

@@ -1 +1 @@
-14.4.0
+14.5.0

app/models/concerns/has_integrations.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-module HasIntegrations
-  extend ActiveSupport::Concern
-
-  class_methods do
-    def without_integration(integration)
-      integrations = Integration
-        .select('1')
-        .where("#{Integration.table_name}.project_id = projects.id")
-        .where(type: integration.type)
-
-      Project
-        .where('NOT EXISTS (?)', integrations)
-        .where(pending_delete: false)
-        .where(archived: false)
-    end
-  end
-end

app/models/concerns/integrations/push_data_validations.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# This concern is used by registered integrations such as Integrations::TeamCity and
+# Integrations::DroneCi and adds methods to perform validations on the received
+# data.
+module Integrations
+  module PushDataValidations
+    extend ActiveSupport::Concern
+
+    def merge_request_valid?(data)
+      data.dig(:object_attributes, :state) == 'opened' && merge_request_unchecked?(data)
+    end
+
+    def push_valid?(data)
+      data[:total_commits_count] > 0 &&
+        !branch_removed?(data) &&
+        # prefer merge request trigger over push to avoid double builds
+        !opened_merge_requests?(data)
+    end
+
+    def tag_push_valid?(data)
+      data[:total_commits_count] > 0 && !branch_removed?(data)
+    end
+
+    private
+
+    def branch_removed?(data)
+      Gitlab::Git.blank_ref?(data[:after])
+    end
+
+    def opened_merge_requests?(data)
+      project.merge_requests
+        .opened
+        .from_project(project)
+        .from_source_branches(Gitlab::Git.ref_name(data[:ref]))
+        .exists?
+    end
+
+    def merge_request_unchecked?(data)
+      MergeRequest.state_machines[:merge_status]
+        .check_state?(data.dig(:object_attributes, :merge_status))
+    end
+  end
+end

app/models/concerns/service_push_data_validations.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-# This concern is used by registered integrations such as Integrations::TeamCity and
-# Integrations::DroneCi and adds methods to perform validations on the received
-# data.
-
-module ServicePushDataValidations
-  extend ActiveSupport::Concern
-
-  def merge_request_valid?(data)
-    data.dig(:object_attributes, :state) == 'opened' && merge_request_unchecked?(data)
-  end
-
-  def push_valid?(data)
-    data[:total_commits_count] > 0 &&
-      !branch_removed?(data) &&
-      # prefer merge request trigger over push to avoid double builds
-      !opened_merge_requests?(data)
-  end
-
-  def tag_push_valid?(data)
-    data[:total_commits_count] > 0 && !branch_removed?(data)
-  end
-
-  private
-
-  def branch_removed?(data)
-    Gitlab::Git.blank_ref?(data[:after])
-  end
-
-  def opened_merge_requests?(data)
-    project.merge_requests
-      .opened
-      .from_project(project)
-      .from_source_branches(Gitlab::Git.ref_name(data[:ref]))
-      .exists?
-  end
-
-  def merge_request_unchecked?(data)
-    MergeRequest.state_machines[:merge_status]
-      .check_state?(data.dig(:object_attributes, :merge_status))
-  end
-end

app/models/integrations/drone_ci.rb

@@ -3,8 +3,8 @@
 module Integrations
   class DroneCi < BaseCi
     include HasWebHook
+    include PushDataValidations
     include ReactivelyCached
-    include ServicePushDataValidations
     extend Gitlab::Utils::Override
 
     prop_accessor :drone_url, :token

app/models/integrations/teamcity.rb

@@ -2,8 +2,8 @@
 
 module Integrations
   class Teamcity < BaseCi
+    include PushDataValidations
     include ReactivelyCached
-    include ServicePushDataValidations
 
     prop_accessor :teamcity_url, :build_type, :username, :password
 

app/models/project.rb

@@ -19,7 +19,6 @@ class Project < ApplicationRecord
   include Presentable
   include HasRepository
   include HasWiki
-  include HasIntegrations
   include CanMoveRepositoryStorage
   include Routable
   include GroupDescendant
@@ -860,6 +859,18 @@ class Project < ApplicationRecord
     rescue ActionController::RoutingError, URI::InvalidURIError
       nil
     end
+
+    def without_integration(integration)
+      integrations = Integration
+        .select('1')
+        .where("#{Integration.table_name}.project_id = projects.id")
+        .where(type: integration.type)
+
+      Project
+        .where('NOT EXISTS (?)', integrations)
+        .where(pending_delete: false)
+        .where(archived: false)
+    end
   end
 
   def initialize(attributes = nil)

data/deprecations/14-0-nfs-fot-git-repository-storage.yml

@@ -1,7 +1,7 @@
 - name: "NFS for Git repository storage deprecated" # The name of the feature to be deprecated
   announcement_milestone: "14.0" # The milestone when this feature was first announced as deprecated.
   announcement_date: "2021-06-22" # The date of the milestone release when this feature was first announced as deprecated
-  removal_milestone: "15.2" # The milestone when this feature is planned to be removed
+  removal_milestone: "15.0" # The milestone when this feature is planned to be removed
   body: | # Do not modify this line, instead modify the lines below.
     With the general availability of Gitaly Cluster ([introduced in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/)), we have deprecated development (bugfixes, performance improvements, etc) for NFS for Git repository storage in GitLab 14.0. We will continue to provide technical support for NFS for Git repositories throughout 14.x, but we will remove all support for NFS in GitLab 15.0. Please see our official [Statement of Support](https://about.gitlab.com/support/statement-of-support.html#gitaly-and-nfs) for further information.
 

doc/update/deprecations.md

@@ -120,6 +120,20 @@ This deprecation mainly impacts users compiling GitLab from source because Omnib
 
 Announced: 2021-09-22
 
+### NFS for Git repository storage deprecated
+
+With the general availability of Gitaly Cluster ([introduced in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/)), we have deprecated development (bugfixes, performance improvements, etc) for NFS for Git repository storage in GitLab 14.0. We will continue to provide technical support for NFS for Git repositories throughout 14.x, but we will remove all support for NFS in GitLab 15.0. Please see our official [Statement of Support](https://about.gitlab.com/support/statement-of-support.html#gitaly-and-nfs) for further information.
+
+Gitaly Cluster offers tremendous benefits for our customers such as:
+
+- [Variable replication factors](https://docs.gitlab.com/ee/administration/gitaly/index.html#replication-factor).
+- [Strong consistency](https://docs.gitlab.com/ee/administration/gitaly/index.html#strong-consistency).
+- [Distributed read capabilities](https://docs.gitlab.com/ee/administration/gitaly/index.html#distributed-reads).
+
+We encourage customers currently using NFS for Git repositories to plan their migration by reviewing our documentation on [migrating to Gitaly Cluster](https://docs.gitlab.com/ee/administration/gitaly/index.html#migrate-to-gitaly-cluster).
+
+Announced: 2021-06-22
+
 ### OmniAuth Kerberos gem
 
 The `omniauth-kerberos` gem will be removed in our next major release, GitLab 15.0.
@@ -200,19 +214,3 @@ Announced: 2021-11-22
 The GraphQL API field `defaultMergeCommitMessageWithDescription` has been deprecated and will be removed in GitLab 15.0. For projects with a commit message template set, it will ignore the template.
 
 Announced: 2021-11-22
-
-## 15.2
-
-### NFS for Git repository storage deprecated
-
-With the general availability of Gitaly Cluster ([introduced in GitLab 13.0](https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/)), we have deprecated development (bugfixes, performance improvements, etc) for NFS for Git repository storage in GitLab 14.0. We will continue to provide technical support for NFS for Git repositories throughout 14.x, but we will remove all support for NFS in GitLab 15.0. Please see our official [Statement of Support](https://about.gitlab.com/support/statement-of-support.html#gitaly-and-nfs) for further information.
-
-Gitaly Cluster offers tremendous benefits for our customers such as:
-
-- [Variable replication factors](https://docs.gitlab.com/ee/administration/gitaly/index.html#replication-factor).
-- [Strong consistency](https://docs.gitlab.com/ee/administration/gitaly/index.html#strong-consistency).
-- [Distributed read capabilities](https://docs.gitlab.com/ee/administration/gitaly/index.html#distributed-reads).
-
-We encourage customers currently using NFS for Git repositories to plan their migration by reviewing our documentation on [migrating to Gitaly Cluster](https://docs.gitlab.com/ee/administration/gitaly/index.html#migrate-to-gitaly-cluster).
-
-Announced: 2021-06-22

doc/user/permissions.md

@@ -230,7 +230,8 @@ The following table lists project permissions available for each role:
    [project visibility](../public_access/public_access.md) is set to private.
 1. Attached design files are moved together with the issue even if the user doesn't have the
    Developer role.
-1. Guest users can set metadata (for example, labels, assignees, or milestones) when creating an issue.
+1. Guest users can only set metadata (for example, labels, assignees, or milestones)
+   when creating an issue. They cannot change the metadata on existing issues.
 1. In GitLab 14.5 or later, Guests are not allowed to [create incidents](../operations/incident_management/incidents.md#incident-creation).
 
 ## Project features permissions

doc/user/profile/account/two_factor_authentication.md

@@ -238,6 +238,9 @@ GitLab officially only supports [YubiKey](https://www.yubico.com/products/)
 U2F devices, but users have successfully used [SoloKeys](https://solokeys.com/)
 or [Google Titan Security Key](https://cloud.google.com/titan-security-key).
 
+NOTE:
+2FA must be configured before U2F.
+
 The U2F workflow is [supported by](https://caniuse.com/#search=U2F) the
 following desktop browsers:
 

spec/models/concerns/has_integrations_spec.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe HasIntegrations do
-  let_it_be(:project_1) { create(:project) }
-  let_it_be(:project_2) { create(:project) }
-  let_it_be(:project_3) { create(:project) }
-  let_it_be(:project_4) { create(:project) }
-  let_it_be(:instance_integration) { create(:jira_integration, :instance) }
-
-  before do
-    create(:jira_integration, project: project_1, inherit_from_id: instance_integration.id)
-    create(:jira_integration, project: project_2, inherit_from_id: nil)
-    create(:jira_integration, :group, group: create(:group), inherit_from_id: nil)
-    create(:jira_integration, project: project_3, inherit_from_id: nil)
-    create(:integrations_slack, project: project_4, inherit_from_id: nil)
-  end
-
-  describe '.without_integration' do
-    it 'returns projects without integration' do
-      expect(Project.without_integration(instance_integration)).to contain_exactly(project_4)
-    end
-  end
-end

spec/models/project_spec.rb

@@ -1864,6 +1864,20 @@ RSpec.describe Project, factory_default: :keep do
     end
   end
 
+  describe '.without_integration' do
+    it 'returns projects without the integration' do
+      project_1, project_2, project_3, project_4 = create_list(:project, 4)
+      instance_integration = create(:jira_integration, :instance)
+      create(:jira_integration, project: project_1, inherit_from_id: instance_integration.id)
+      create(:jira_integration, project: project_2, inherit_from_id: nil)
+      create(:jira_integration, group: create(:group), project: nil, inherit_from_id: nil)
+      create(:jira_integration, project: project_3, inherit_from_id: nil)
+      create(:integrations_slack, project: project_4, inherit_from_id: nil)
+
+      expect(Project.without_integration(instance_integration)).to contain_exactly(project_4)
+    end
+  end
+
   context 'repository storage by default' do
     let(:project) { build(:project) }