Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.rubocop_manual_todo.yml

@@ -16,8 +16,6 @@ FactoryBot/InlineAssociation:
     - 'spec/factories/import_export_uploads.rb'
     - 'spec/factories/merge_requests.rb'
     - 'spec/factories/notes.rb'
-    - 'spec/factories/packages.rb'
-    - 'spec/factories/packages/package_file.rb'
     - 'spec/factories/sent_notifications.rb'
     - 'spec/factories/uploads.rb'
     - 'spec/factories/wiki_pages.rb'

GITALY_SERVER_VERSION

@@ -1 +1 @@
-194a9f58926793ade53152de90b474d66804e21e
+506c44cc07dcb804ce970ec1c02bb6e0d52320d8

app/assets/javascripts/vue_shared/components/dropdown/dropdown_button.vue

@@ -1,10 +1,11 @@
 <script>
-import { GlLoadingIcon } from '@gitlab/ui';
+import { GlLoadingIcon, GlIcon } from '@gitlab/ui';
 import { __ } from '~/locale';
 
 export default {
   components: {
     GlLoadingIcon,
+    GlIcon,
   },
   props: {
     isDisabled: {
@@ -39,8 +40,10 @@ export default {
       <slot v-if="$slots.default"></slot>
       <span v-else class="dropdown-toggle-text"> {{ toggleText }} </span>
     </template>
-    <span v-show="!isLoading" class="dropdown-toggle-icon">
-      <i class="fa fa-chevron-down" aria-hidden="true" data-hidden="true"></i>
-    </span>
+    <gl-icon
+      v-show="!isLoading"
+      class="gl-absolute gl-top-3 gl-right-3 gl-text-gray-500"
+      name="chevron-down"
+    />
   </button>
 </template>

app/controllers/application_controller.rb

@@ -266,6 +266,12 @@ def no_cache_headers
     end
   end
 
+  def stream_headers
+    headers['Content-Length'] = nil
+    headers['X-Accel-Buffering'] = 'no' # Disable buffering on Nginx
+    headers['Last-Modified'] = '0' # Prevent buffering via Rack::ETag middleware
+  end
+
   def default_headers
     headers['X-Frame-Options'] = 'DENY'
     headers['X-XSS-Protection'] = '1; mode=block'

app/controllers/registrations_controller.rb

@@ -3,7 +3,7 @@
 class RegistrationsController < Devise::RegistrationsController
   include Recaptcha::Verify
   include AcceptsPendingInvitations
-  include RecaptchaExperimentHelper
+  include RecaptchaHelper
   include InvisibleCaptchaOnSignup
 
   BLOCKED_PENDING_APPROVAL_STATE = 'blocked_pending_approval'.freeze
@@ -176,5 +176,3 @@ def set_invite_params
     @invite_email = ActionController::Base.helpers.sanitize(params[:invite_email])
   end
 end
-
-RegistrationsController.prepend_if_ee('EE::RegistrationsController')

app/helpers/recaptcha_experiment_helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module RecaptchaHelper
+  def show_recaptcha_sign_up?
+    !!Gitlab::Recaptcha.enabled?
+  end
+end

app/helpers/recaptcha_helper.rb

@@ -5,8 +5,6 @@ class ReopenService < Issues::BaseService
     def execute(issue)
       return issue unless can?(current_user, :reopen_issue, issue)
 
-      before_reopen(issue)
-
       if issue.reopen
         event_service.reopen_issue(issue, current_user)
         create_note(issue, 'reopened')
@@ -23,14 +21,8 @@ def execute(issue)
 
     private
 
-    def before_reopen(issue)
-      # Overriden in EE
-    end
-
     def create_note(issue, state = issue.state)
       SystemNoteService.change_status(issue, issue.project, current_user, state, nil)
     end
   end
 end
-
-Issues::ReopenService.prepend_if_ee('EE::Issues::ReopenService')

app/services/issues/reopen_service.rb

@@ -4,7 +4,7 @@ module JiraConnectSubscriptions
   class CreateService < ::JiraConnectSubscriptions::BaseService
     include Gitlab::Utils::StrongMemoize
     MERGE_REQUEST_SYNC_BATCH_SIZE = 20
-    MERGE_REQUEST_SYNC_BATCH_delay = 1.minute.freeze
+    MERGE_REQUEST_SYNC_BATCH_DELAY = 1.minute.freeze
 
     def execute
       unless namespace && can?(current_user, :create_jira_connect_subscription, namespace)
@@ -39,7 +39,7 @@ def schedule_sync_project_jobs
 
       namespace.all_projects.each_batch(of: MERGE_REQUEST_SYNC_BATCH_SIZE) do |projects, index|
         JiraConnect::SyncProjectWorker.bulk_perform_in_with_contexts(
-          index * MERGE_REQUEST_SYNC_BATCH_delay,
+          index * MERGE_REQUEST_SYNC_BATCH_DELAY,
           projects,
           arguments_proc: -> (project) { [project.id, Atlassian::JiraConnect::Client.generate_update_sequence_id] },
           context_proc: -> (project) { { project: project } }

app/services/jira_connect_subscriptions/create_service.rb

@@ -3,7 +3,7 @@
   .settings-header
     %h4
       = _('Amazon EKS')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded ? 'Collapse' : 'Expand'
     %p
       = _('Amazon EKS integration allows you to provision EKS clusters from GitLab.')

app/views/admin/application_settings/_eks.html.haml

@@ -5,7 +5,7 @@
   .settings-header
     %h4
       = _('Gitpod')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded ? _('Collapse') : _('Expand')
     %p
       %integration-help-text{ "id" => "js-gitpod-settings-help-text", "message" => gitpod_enable_description, "message-url" => "https://gitpod.io/" }

app/views/admin/application_settings/_gitpod.html.haml

@@ -3,7 +3,7 @@
   .settings-header
     %h4
       = _('PlantUML')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded ? _('Collapse') : _('Expand')
     %p
       = _('Allow rendering of PlantUML diagrams in Asciidoc documents.')

app/views/admin/application_settings/_plantuml.html.haml

@@ -3,7 +3,7 @@
   .settings-header
     %h4
       = _('Snowplow')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded ? _('Collapse') : _('Expand')
     %p
       = _('Configure the %{link} integration.').html_safe % { link: link_to('Snowplow', 'https://snowplowanalytics.com/', target: '_blank') }

app/views/admin/application_settings/_snowplow.html.haml

@@ -3,7 +3,7 @@
   .settings-header
     %h4
       = _('Third party offers')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded ? _('Collapse') : _('Expand')
     %p
       = _('Control the display of third party offers.')

app/views/admin/application_settings/_third_party_offers.html.haml

@@ -6,7 +6,7 @@
   .settings-header
     %h4
       = _('Visibility and access controls')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Set default and restrict visibility levels. Configure import sources and git access protocol.')
@@ -17,7 +17,7 @@
   .settings-header
     %h4
       = _('Account and limit')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan.')
@@ -28,7 +28,7 @@
   .settings-header
     %h4
       = _('Diff limits')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Diff content limits')
@@ -39,7 +39,7 @@
   .settings-header
     %h4
       = _('Sign-up restrictions')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Configure the way a user creates a new account.')
@@ -50,7 +50,7 @@
   .settings-header
     %h4
       = _('Sign-in restrictions')
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Set requirements for a user to sign-in. Enable mandatory two-factor authentication.')
@@ -61,7 +61,7 @@
   .settings-header
     %h4
       = _('Terms of Service and Privacy Policy')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Include a Terms of Service agreement and Privacy Policy that all users must accept.')
@@ -74,7 +74,7 @@
   .settings-header
     %h4
       = _('Web terminal')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Set max session time for web terminal.')
@@ -85,7 +85,7 @@
   .settings-header
     %h4
       = _('Web IDE')
-    %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+    %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
       = _('Manage Web IDE features')
@@ -108,7 +108,7 @@
     .settings-header
       %h4
         = _('Maintenance mode')
-      %button.btn.btn-default.js-settings-toggle{ type: 'button' }
+      %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
         = expanded_by_default? ? _('Collapse') : _('Expand')
       %p
         = _('Prevent users from performing write operations on GitLab while performing maintenance.')

app/views/admin/application_settings/general.html.haml

@@ -52,11 +52,11 @@
 
   %p.browser-limitations-notice
     %strong Browser limitations:
-    Adding a namespace currently works only in browsers that allow cross site cookies. Please make sure to use
+    Adding a namespace currently works only in browsers that allow cross‑site cookies. Please make sure to use
     %a{ href: 'https://www.mozilla.org/en-US/firefox/', target: '_blank', rel: 'noopener noreferrer' } Firefox
     or
     %a{ href: 'https://www.google.com/chrome/index.html', target: '_blank', rel: 'noopener noreferrer' } Google Chrome
-    or enable cross-site cookies in your browser when adding a namespace.
+    or enable cross‑site cookies in your browser when adding a namespace.
     %a{ href: 'https://gitlab.com/gitlab-org/gitlab/-/issues/263509', target: '_blank', rel: 'noopener noreferrer' } Learn more
 
 = webpack_bundle_tag 'performance_bar' if performance_bar_enabled?

app/views/jira_connect/subscriptions/index.html.haml

@@ -0,0 +1,5 @@
+---
+title: Rename "cycle analytics" with "value stream analytics" under /spec
+merge_request: 46613
+author: Takuya Noguchi
+type: other

changelogs/unreleased/273813-rename-cycle-analytics-with-value-stream-analytics-in-strings-unde.yml

@@ -0,0 +1,5 @@
+---
+title: Stop finding commit with empty ref
+merge_request: 47497
+author:
+type: fixed

changelogs/unreleased/280795-stop-finding-commit-empty-ref.yml

@@ -0,0 +1,5 @@
+---
+title: Bump versions of secrets and klar in the Secure-Binaries template
+merge_request: 47531
+author:
+type: fixed

changelogs/unreleased/47531-fix-secure-bin-tmpl.yml

@@ -0,0 +1,5 @@
+---
+title: Replace fa-chevron-down in dropdown button
+merge_request: 47758
+author:
+type: changed

changelogs/unreleased/mw-replace-fa-chevron-down-dropdown-button.yml

@@ -0,0 +1,7 @@
+---
+name: pat_creation_api_for_admin
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45152
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/267553
+type: development
+group: group::access
+default_enabled: false

config/feature_flags/development/pat_creation_api_for_admin.yml

@@ -239,7 +239,7 @@ The first row contains the headers, which are listed in the following table alon
 
 ### Limitation
 
-The Audit Log CSV file size is limited to a maximum of `15 MB`.
+The Audit Log CSV file size is limited to a maximum of `100,000` events.
 The remaining records are truncated when this limit is reached.
 
 ### Enable or disable Audit Log Export to CSV

doc/administration/audit_events.md

@@ -93,3 +93,7 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
 
 - `204: No Content` if successfully revoked.
 - `400 Bad Request` if not revoked successfully.
+
+## Create a personal access token (admin only)
+
+See the [Users API documentation](users.md#create-a-personal-access-token-admin-only) for information on creating a personal access token.

doc/api/personal_access_tokens.md

@@ -1441,7 +1441,54 @@ Parameters:
 | `user_id`                | integer | yes      | The ID of the user                |
 | `impersonation_token_id` | integer | yes      | The ID of the impersonation token |
 
-### Get user activities (admin only)
+## Create a personal access token (admin only)
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/17176) in GitLab 13.6.
+> - It's [deployed behind a feature flag](../user/feature_flags.md), disabled by default.
+> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-an-administrators-ability-to-use-the-api-to-create-personal-access-tokens). **(CORE)**
+
+CAUTION: **Warning:**
+This feature might not be available to you. Check the **version history** note above for details.
+
+> Requires admin permissions.
+> Token values are returned once. Make sure you save it - you won't be able to access it again.
+
+It creates a new personal access token.
+
+```plaintext
+POST /users/:user_id/personal_access_tokens
+```
+
+| Attribute    | Type    | Required | Description                                                                                                              |
+| ------------ | ------- | -------- | ------------------------------------------------------------------------------------------------------------------------ |
+| `user_id`    | integer | yes      | The ID of the user                                                                                                       |
+| `name`       | string  | yes      | The name of the personal access token                                                                                    |
+| `expires_at` | date    | no       | The expiration date of the personal access token in ISO format (`YYYY-MM-DD`)                                            |
+| `scopes`     | array   | yes      | The array of scopes of the personal access token (`api`, `read_user`, `read_api`, `read_repository`, `write_repository`) |
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "name=mytoken" --data "expires_at=2017-04-04" --data "scopes[]=api" "https://gitlab.example.com/api/v4/users/42/personal_access_tokens"
+```
+
+Example response:
+
+```json
+{
+    "id": 3,
+    "name": "mytoken",
+    "revoked": false,
+    "created_at": "2020-10-14T11:58:53.526Z",
+    "scopes": [
+        "api"
+    ],
+    "user_id": 42,
+    "active": true,
+    "expires_at": "2020-12-31",
+    "token": "ggbfKkC4n-Lujy8jwCR2"
+}
+```
+
+## Get user activities (admin only)
 
 NOTE: **Note:**
 This API endpoint is only available on 8.15 (EE) and 9.1 (CE) and above.
@@ -1546,3 +1593,22 @@ Example response:
   },
 ]
 ```
+
+## Enable or disable an administrator's ability to use the API to create personal access tokens **(CORE)**
+
+An administrator's ability to create personal access tokens through the API is
+deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md)
+can enable it.
+
+To enable it:
+
+```ruby
+Feature.enable(:pat_creation_api_for_admin)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:pat_creation_api_for_admin)
+```