Add latest changes from gitlab-org/gitlab@master

2022-10-10 12:10:24 +00:00 · 2022-10-10 12:10:24 +00:00 · e55ef824f5
parent c1d4ac2519
commit e55ef824f5
29 changed files with 190 additions and 31 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -54,6 +54,7 @@ workflow:
      variables:
        RUBY_VERSION: "3.0"
        NOTIFY_PIPELINE_FAILURE_CHANNEL: "f_ruby3"
+        OMNIBUS_GITLAB_RUBY3_BUILD: "true"
    # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    # For tags, create a pipeline.
--- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml
@ -47,6 +47,7 @@ stages:
      echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV
      for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done
+      echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV
      echo "Built environment file for omnibus build:"
      cat $BUILD_ENV
  artifacts:
@ -116,6 +117,7 @@ trigger-omnibus:
    TOP_UPSTREAM_SOURCE_PROJECT: $CI_PROJECT_PATH
    SECURITY_SOURCES: $SECURITY_SOURCES
    CACHE_UPDATE: $OMNIBUS_GITLAB_CACHE_UPDATE
+    RUBY3_BUILD: $OMNIBUS_GITLAB_RUBY3_BUILD
    SKIP_QA_DOCKER: "true"
    SKIP_QA_TEST: "true"
    ee: "true"
--- a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml
@ -4,6 +4,7 @@ variables:
  RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}"
  SKIP_REPORT_IN_ISSUES: "true"
  OMNIBUS_GITLAB_CACHE_UPDATE: "false"
+  OMNIBUS_GITLAB_RUBY3_BUILD: "false"
  QA_LOG_LEVEL: "info"
  QA_TESTS: ""
  QA_FEATURE_FLAGS: ""
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -130,6 +130,9 @@
 .if-dot-com-gitlab-org-and-security-tag: &if-dot-com-gitlab-org-and-security-tag
  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE =~ /^gitlab-org($|\/security$)/ && $CI_COMMIT_TAG'

+.if-ruby3-branch: &if-ruby3-branch
+  if: '$CI_COMMIT_BRANCH == "ruby3"'
+
 # For Security merge requests, the gitlab-release-tools-bot triggers a new
 # pipeline for the "Pipelines for merged results" feature. If the pipeline
 # fails, we notify release managers.
@ -652,6 +655,7 @@
    - <<: *if-default-branch-or-tag
    - <<: *if-dot-com-gitlab-org-schedule
    - <<: *if-force-ci
+    - <<: *if-ruby3-branch

 .build-images:rules:build-assets-image:
  rules:
@ -660,6 +664,7 @@
    - <<: *if-merge-request-targeting-stable-branch
    - <<: *if-merge-request-labels-run-review-app
    - <<: *if-auto-deploy-branches
+    - <<: *if-ruby3-branch
    - changes: *ci-build-images-patterns
    - changes: *code-qa-patterns

@ -964,6 +969,7 @@
      allow_failure: true
    - <<: *if-force-ci
      allow_failure: true
+    - <<: *if-ruby3-branch

 .qa:rules:package-and-test:
  rules:
@ -975,6 +981,7 @@
      when: never
    - <<: *if-merge-request-targeting-stable-branch
      allow_failure: true
+    - <<: *if-ruby3-branch
    - <<: *if-dot-com-gitlab-org-and-security-merge-request-manual-ff-package-and-e2e
      changes: *feature-flag-development-config-patterns
      when: manual
--- a/2
+++ b/2
@ -1 +1 @@
-1d200302f736b50b48bf7e9ec7eb28f0e01dc559
+e49ea29543b2d8e71bfe4bdc3b295f785bd24fb1
--- a/2
+++ b/2
@ -364,7 +364,7 @@ gem 'prometheus-client-mmap', '~> 0.16', require: 'prometheus/client'
 gem 'warning', '~> 1.3.0'

 group :development do
-  gem 'lefthook', '~> 1.1.1', require: false
+  gem 'lefthook', '~> 1.1.2', require: false
  gem 'rubocop'
  gem 'solargraph', '~> 0.47.2', require: false

--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@ -299,7 +299,7 @@
 {"name":"kramdown-parser-gfm","version":"1.1.0","platform":"ruby","checksum":"fb39745516427d2988543bf01fc4cf0ab1149476382393e0e9c48592f6581729"},
 {"name":"kubeclient","version":"4.9.3","platform":"ruby","checksum":"d5d38e719fbac44f396851aa57cd1b9f4f7dab4410ab680ccd21c9b741230046"},
 {"name":"launchy","version":"2.5.0","platform":"ruby","checksum":"954243c4255920982ce682f89a42e76372dba94770bf09c23a523e204bdebef5"},
-{"name":"lefthook","version":"1.1.1","platform":"ruby","checksum":"fa7dcd2c55dc14f6f164f96cf1404e712be84a2ac256e75947213093e080d05b"},
+{"name":"lefthook","version":"1.1.2","platform":"ruby","checksum":"fdbe2a62faf6ae2a9f9be64e105ca8f06c527c5ba9a3edb2cdcf024025227897"},
 {"name":"letter_opener","version":"1.7.0","platform":"ruby","checksum":"095bc0d58e006e5b43ea7d219e64ecf2de8d1f7d9dafc432040a845cf59b4725"},
 {"name":"letter_opener_web","version":"2.0.0","platform":"ruby","checksum":"33860ad41e1785d75456500e8ca8bba8ed71ee6eaf08a98d06bbab67c5577b6f"},
 {"name":"libyajl2","version":"1.2.0","platform":"ruby","checksum":"1117cd1e48db013b626e36269bbf1cef210538ca6d2e62d3fa3db9ded005b258"},
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -802,7 +802,7 @@ GEM
      rest-client (~> 2.0)
    launchy (2.5.0)
      addressable (~> 2.7)
-    lefthook (1.1.1)
+    lefthook (1.1.2)
    letter_opener (1.7.0)
      launchy (~> 2.2)
    letter_opener_web (2.0.0)
@ -1673,7 +1673,7 @@ DEPENDENCIES
  knapsack (~> 1.21.1)
  kramdown (~> 2.3.1)
  kubeclient (~> 4.9.3)
-  lefthook (~> 1.1.1)
+  lefthook (~> 1.1.2)
  letter_opener_web (~> 2.0.0)
  license_finder (~> 7.0)
  licensee (~> 9.15)
--- a/app/assets/javascripts/notes/components/discussion_notes.vue
+++ b/app/assets/javascripts/notes/components/discussion_notes.vue
@ -142,7 +142,7 @@ export default {
              :edited-at="discussion.resolved_at"
              :edited-by="discussion.resolved_by"
              :action-text="resolvedText"
-              class-name="discussion-headline-light js-discussion-headline discussion-resolved-text gl-mb-2"
+              class-name="discussion-headline-light js-discussion-headline discussion-resolved-text gl-mb-2 gl-ml-3"
            />
          </template>
          <template #avatar-badge>
--- a/app/assets/stylesheets/pages/notes.scss
+++ b/app/assets/stylesheets/pages/notes.scss
@ -442,6 +442,18 @@ $system-note-svg-size: 1rem;
  }
 }

+.card .notes {
+  .system-note {
+    margin: 0;
+    padding: 0;
+  }
+
+  .timeline-icon {
+    margin: 8px 0 0 14px;
+  }
+}
+
+
 // Diff code in discussion view
 .discussion-body .diff-file {
  .file-title {
@ -1085,6 +1097,16 @@ $system-note-svg-size: 1rem;
    }
  }

+  .draft-note-component .draft-note.timeline-entry {
+    .timeline-content:not(.flash-container) {
+      padding: $gl-padding-8 $gl-padding-8 $gl-padding-8 $gl-padding;
+    }
+
+    .timeline-avatar {
+      margin: $gl-padding-8 0 0 $gl-padding;
+    }
+  }
+
  .diff-comment-form {
    display: block;
  }
--- a/app/services/members/destroy_service.rb
+++ b/app/services/members/destroy_service.rb
@ -2,6 +2,8 @@

 module Members
  class DestroyService < Members::BaseService
+    include Gitlab::ExclusiveLeaseHelpers
+
    def execute(member, skip_authorization: false, skip_subresources: false, unassign_issuables: false, destroy_bot: false)
      unless skip_authorization
        raise Gitlab::Access::AccessDeniedError unless authorized?(member, destroy_bot)
@ -11,13 +13,26 @@ module Members
      end

      @skip_auth = skip_authorization
+      last_owner = true

-      return member if member.is_a?(GroupMember) && member.source.last_owner?(member.user)
+      in_lock("delete_members:#{member.source.class}:#{member.source.id}") do
+        break if member.is_a?(GroupMember) && member.source.last_owner?(member.user)

-      member.destroy
+        last_owner = false
+        member.destroy
+        member.user&.invalidate_cache_counts
+      end

-      member.user&.invalidate_cache_counts
+      unless last_owner
+        delete_member_associations(member, skip_subresources, unassign_issuables)
+      end

+      member
+    end
+
+    private
+
+    def delete_member_associations(member, skip_subresources, unassign_issuables)
      if member.request? && member.user != current_user
        notification_service.decline_access_request(member)
      end
@ -28,12 +43,8 @@ module Members
      enqueue_unassign_issuables(member) if unassign_issuables

      after_execute(member: member)
-
-      member
    end

-    private
-
    def authorized?(member, destroy_bot)
      return can_destroy_bot_member?(member) if destroy_bot

--- a/db/migrate/20220914130800_add_jitsu_key_to_projects.rb
+++ b/db/migrate/20220914130800_add_jitsu_key_to_projects.rb
@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+# rubocop:disable Migration/AddLimitToTextColumns
+# limit is added in 20220914131449_add_text_limit_to_projects_jitsu_key.rb
+class AddJitsuKeyToProjects < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      add_column :project_settings, :jitsu_key, :text
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :project_settings, :jitsu_key
+    end
+  end
+end
+# rubocop:enable Migration/AddLimitToTextColumns
--- a/db/migrate/20220914131449_add_text_limit_to_projects_jitsu_key.rb
+++ b/db/migrate/20220914131449_add_text_limit_to_projects_jitsu_key.rb
@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddTextLimitToProjectsJitsuKey < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :project_settings, :jitsu_key, 100
+  end
+
+  def down
+    remove_text_limit :project_settings, :jitsu_key
+  end
+end
--- a/db/schema_migrations/20220914130800
+++ b/db/schema_migrations/20220914130800
@ -0,0 +1 @@
+c0a3269fbd44428439932f3b12b154425eafaab0b0638f7f27a03e784d0f0e32
--- a/db/schema_migrations/20220914131449
+++ b/db/schema_migrations/20220914131449
@ -0,0 +1 @@
+205f1fee1ed33a2b069e51a76b94c72702300c72c4705569be2368f8804f3bce
--- a/db/structure.sql
+++ b/db/structure.sql
@ -20099,7 +20099,9 @@ CREATE TABLE project_settings (
    enforce_auth_checks_on_uploads boolean DEFAULT true NOT NULL,
    selective_code_owner_removals boolean DEFAULT false NOT NULL,
    show_diff_preview_in_email boolean DEFAULT true NOT NULL,
+    jitsu_key text,
    suggested_reviewers_enabled boolean DEFAULT false NOT NULL,
+    CONSTRAINT check_2981f15877 CHECK ((char_length(jitsu_key) <= 100)),
    CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)),
    CONSTRAINT check_b09644994b CHECK ((char_length(squash_commit_template) <= 500)),
    CONSTRAINT check_bde223416c CHECK ((show_default_award_emojis IS NOT NULL)),
--- a/doc/user/group/insights/img/insights_example_stacked_bar_chart_v13_11.png
+++ b/doc/user/group/insights/img/insights_example_stacked_bar_chart_v13_11.png
--- a/doc/user/group/insights/img/insights_example_stacked_bar_chart_v15_4.png
+++ b/doc/user/group/insights/img/insights_example_stacked_bar_chart_v15_4.png
--- a/doc/user/group/insights/index.md
+++ b/doc/user/group/insights/index.md
@ -8,11 +8,12 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/725) in GitLab 12.0.

-Configure Insights to explore data about you group's activity, such as
+Configure insights to explore data about you group's activity, such as
 triage hygiene, issues created or closed in a given period, and average time for merge
 requests to be merged.
+You can also create custom insights reports that are relevant for your group.

-## View your group's Insights
+## View group insights

 Prerequisites:

@ -20,20 +21,47 @@ Prerequisites:
 - You must have access to a project to view information about its merge requests and issues,
  and permission to view them if they are confidential.

-To access your group's Insights:
+To access your group's insights:

 1. On the top bar, select **Main menu > Groups** and find your group.
 1. On the left sidebar, select **Analytics > Insights**.

-![Insights example stacked bar chart](img/insights_example_stacked_bar_chart_v13_11.png)
+## Interact with insights charts

-## Configure your Insights
+You can interact with the insights charts to view details about your group's activity.

-GitLab reads Insights from the
+![Insights example stacked bar chart](img/insights_example_stacked_bar_chart_v15_4.png)
+
+### Display different reports
+
+To display one of the available reports on the insights page, from the **Select report** dropdown list,
+select the report you want to display.
+
+### View bar chart annotations
+
+To view annotations, hover over each bar in the chart.
+
+### Zoom in on chart
+
+Insights display data from the last 90 days. You can zoom in to display data only from a subset of the 90-day range.
+
+To do this, select the pause icons (**{status-paused}**) and slide them along the horizontal axis:
+
+- To select a later start date, slide the left pause icon to the right.
+- To select an earlier end date, slide the right pause icon to the left.
+
+### Exclude dimensions from charts
+
+By default, insights display all available dimensions on the chart.
+
+To exclude a dimension, from the legend below the chart, select the name of the dimension.
+
+## Configure group insights
+
+GitLab reads insights from the
 [default configuration file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/fixtures/insights/default.yml).
-You can also create custom Insights charts that are more relevant for your group.

-To customize your Insights:
+To configure group insights:

 1. Create a new file [`.gitlab/insights.yml`](../../project/insights/index.md#configure-project-insights)
 in a project that belongs to your group.
--- a/doc/user/project/insights/index.md
+++ b/doc/user/project/insights/index.md
@ -34,7 +34,7 @@ Prerequisites:

 - Depending on your project configuration, you must have at least the Developer role.

-Project insights are configured with the [`.gitlab/insights.yml`](#insights-configuration-file) file in the project. If a project doesn't have a configuration file, it uses the [group configuration](../../group/insights/index.md#configure-your-insights).
+Project insights are configured with the [`.gitlab/insights.yml`](#insights-configuration-file) file in the project. If a project doesn't have a configuration file, it uses the [group configuration](../../group/insights/index.md#configure-group-insights).

 The `.gitlab/insights.yml` file is a YAML file where you define:

@ -52,7 +52,7 @@ To configure project insights, either:
  1. Select **Commit changes**.

 After you create the configuration file, you can also
-[use it for the project's group](../../group/insights/index.md#configure-your-insights).
+[use it for the project's group](../../group/insights/index.md#configure-group-insights).

 ## Insights configuration file

@ -396,7 +396,7 @@ Use `query.environment_tiers` to define an array of environments to include the

 Use `projects` to limit where issuables are queried from:

- If `.gitlab/insights.yml` is used for a [group's insights](../../group/insights/index.md#configure-your-insights), use `projects` to define the projects from which to query issuables. By default, all projects under the group are used.
+- If `.gitlab/insights.yml` is used for a [group's insights](../../group/insights/index.md#configure-group-insights), use `projects` to define the projects from which to query issuables. By default, all projects under the group are used.
 - If `.gitlab/insights.yml` is used for a project's insights, specifying other projects does not yield results. By default, the project is used.

 #### `projects.only`
--- a/doc/user/project/repository/push_rules.md
+++ b/doc/user/project/repository/push_rules.md
@ -78,6 +78,15 @@ Use these rules for your commit messages.
  the expression. To allow any commit message, leave empty.
  Uses multiline mode, which can be disabled by using `(?-m)`.

+## Reject commits that aren't DCO certified
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98810) in GitLab 15.5.
+
+Commits signed with the [Developer Certificate of Origin](https://developercertificate.org/) (DCO)
+certify the contributor wrote, or has the right to submit, the code contributed in that commit.
+You can require all commits to your project to comply with the DCO. This push rule requires a
+`Signed-off-by:` trailer in every commit message, and rejects any commits that lack it.
+
 ## Validate branch names

 To validate your branch names, enter a regular expression for **Branch name**.
--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@ -108,7 +108,7 @@ module Gitlab
      end

      def branch_protection(repo_name, branch_name)
-        with_rate_limit { octokit.branch_protection(repo_name, branch_name) }
+        with_rate_limit { octokit.branch_protection(repo_name, branch_name).to_h }
      end

      # Fetches data from the GitHub API and yields a Page object for every page
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -31683,6 +31683,9 @@ msgstr ""
 msgid "ProjectSettings|Note: The container registry is always visible when a project is public and the container registry is set to '%{access_level_description}'"
 msgstr ""

+msgid "ProjectSettings|Only commits that include a %{code_block_start}Signed-off-by:%{code_block_end} element can be pushed to this repository."
+msgstr ""
+
 msgid "ProjectSettings|Only signed commits can be pushed to this repository."
 msgstr ""

@ -32814,6 +32817,9 @@ msgstr ""
 msgid "PushRules|Reject any files likely to contain secrets. %{secret_files_link_start}What secret files are rejected?%{secret_files_link_end}"
 msgstr ""

+msgid "PushRules|Reject commits that aren't DCO certified"
+msgstr ""
+
 msgid "PushRules|Reject expression in commit messages"
 msgstr ""

--- a/package.json
+++ b/package.json
@ -59,7 +59,7 @@
    "@rails/actioncable": "6.1.4-7",
    "@rails/ujs": "6.1.4-7",
    "@sentry/browser": "5.30.0",
-    "@sourcegraph/code-host-integration": "0.0.82",
+    "@sourcegraph/code-host-integration": "0.0.60",
    "@tiptap/core": "^2.0.0-beta.182",
    "@tiptap/extension-blockquote": "^2.0.0-beta.29",
    "@tiptap/extension-bold": "^2.0.0-beta.28",
--- a/spec/lib/gitlab/github_import/client_spec.rb
+++ b/spec/lib/gitlab/github_import/client_spec.rb
@ -148,7 +148,9 @@ RSpec.describe Gitlab::GithubImport::Client do
        .to receive(:branch_protection).with('org/repo', 'bar')
      expect(client).to receive(:with_rate_limit).and_yield

-      client.branch_protection('org/repo', 'bar')
+      branch_protection = client.branch_protection('org/repo', 'bar')
+
+      expect(branch_protection).to be_a(Hash)
    end
  end

--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@ -546,6 +546,7 @@ project:
 - path_locks
 - approver_groups
 - repository_state
+- wiki_repository_state
 - source_pipelines
 - sourced_pipelines
 - prometheus_metrics
--- a/spec/requests/api/project_attributes.yml
+++ b/spec/requests/api/project_attributes.yml
@ -160,6 +160,7 @@ project_setting:
    - selective_code_owner_removals
    - show_diff_preview_in_email
    - suggested_reviewers_enabled
+    - jitsu_key

 build_service_desk_setting: # service_desk_setting
  unexposed_attributes:
--- a/spec/services/members/destroy_service_spec.rb
+++ b/spec/services/members/destroy_service_spec.rb
@ -95,6 +95,37 @@ RSpec.describe Members::DestroyService do
    end
  end

+  context 'With ExclusiveLeaseHelpers' do
+    let(:service_object) { described_class.new(current_user) }
+    let!(:member) { group_project.add_developer(member_user) }
+
+    subject(:destroy_member) { service_object.execute(member, **opts) }
+
+    before do
+      group_project.add_maintainer(current_user)
+
+      allow(service_object).to receive(:in_lock) do |_, &block|
+        block.call if lock_obtained
+      end
+    end
+
+    context 'when lock is obtained' do
+      let(:lock_obtained) { true }
+
+      it 'destroys the membership' do
+        expect { destroy_member }.to change { group_project.members.count }.by(-1)
+      end
+    end
+
+    context 'when the lock can not be obtained' do
+      let(:lock_obtained) { false }
+
+      it 'does not destroy the membership' do
+        expect { destroy_member }.not_to change { group_project.members.count }
+      end
+    end
+  end
+
  context 'with a member with access' do
    before do
      group_project.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
--- a/yarn.lock
+++ b/yarn.lock
@ -1668,10 +1668,10 @@
  dependencies:
    "@sinonjs/commons" "^1.7.0"

-"@sourcegraph/code-host-integration@0.0.82":
-  version "0.0.82"
-  resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.82.tgz#9bf45d9a4bfb44be2ecbf86a63028df169f9dfc4"
-  integrity sha512-HOdCo1SZ5H2AXIdao77G+Hh4nJW6UVNA3b1TrcXXHqfYvXoWn6yzEoI9aZjRVR6K5gBk5FD7amd/FKmqLmyo5A==
+"@sourcegraph/code-host-integration@0.0.60":
+  version "0.0.60"
+  resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.60.tgz#2043877fabb7eb986fcb61b67ee480afbb29f4f0"
+  integrity sha512-T+MvM8SUF7daA279hyQgwmva3J5LvPqwgQ/mWwxdVshehOQIPLUd310I0c6x6nZ0F/x4UjDWgRWzAqy6NLwV1w==

 "@testing-library/dom@^7.16.2":
  version "7.24.5"
				`@ -0,0 +1 @@`
				`c0a3269fbd44428439932f3b12b154425eafaab0b0638f7f27a03e784d0f0e32`
				`@ -0,0 +1 @@`
				`205f1fee1ed33a2b069e51a76b94c72702300c72c4705569be2368f8804f3bce`