Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.rubocop_todo/layout/line_end_string_concatenation_indentation.yml

@@ -311,7 +311,6 @@ Layout/LineEndStringConcatenationIndentation:
     - 'ee/spec/requests/users/registrations_identity_verification_controller_spec.rb'
     - 'ee/spec/serializers/integrations/field_entity_spec.rb'
     - 'ee/spec/services/boards/epic_lists/destroy_service_spec.rb'
-    - 'ee/spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'ee/spec/services/clusters/agent_tokens/create_service_audit_log_spec.rb'
     - 'ee/spec/services/clusters/agent_tokens/revoke_service_audit_log_spec.rb'
     - 'ee/spec/services/ee/auth/container_registry_authentication_service_spec.rb'

.rubocop_todo/rspec/context_wording.yml

@@ -2361,7 +2361,6 @@ RSpec/ContextWording:
     - 'spec/services/ci/create_pipeline_service/tags_spec.rb'
     - 'spec/services/ci/create_pipeline_service_spec.rb'
     - 'spec/services/ci/create_web_ide_terminal_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/ci/destroy_secure_file_service_spec.rb'
     - 'spec/services/ci/expire_pipeline_cache_service_spec.rb'
     - 'spec/services/ci/find_exposed_artifacts_service_spec.rb'

.rubocop_todo/rspec/named_subject.yml

@@ -2937,7 +2937,6 @@ RSpec/NamedSubject:
     - 'spec/services/ci/create_pipeline_service/parameter_content_spec.rb'
     - 'spec/services/ci/create_web_ide_terminal_service_spec.rb'
     - 'spec/services/ci/deployments/destroy_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/ci/destroy_secure_file_service_spec.rb'
     - 'spec/services/ci/drop_pipeline_service_spec.rb'
     - 'spec/services/ci/expire_pipeline_cache_service_spec.rb'

.rubocop_todo/rspec/scattered_let.yml

@@ -191,7 +191,6 @@ RSpec/ScatteredLet:
     - 'spec/services/ci/create_downstream_pipeline_service_spec.rb'
     - 'spec/services/ci/create_pipeline_service/rules_spec.rb'
     - 'spec/services/ci/create_pipeline_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/design_management/delete_designs_service_spec.rb'
     - 'spec/services/design_management/save_designs_service_spec.rb'
     - 'spec/services/discussions/capture_diff_note_positions_service_spec.rb'

app/assets/stylesheets/framework/sidebar.scss

@@ -774,7 +774,7 @@
 .reviewer-merge-icon,
 .assignee .merge-icon,
 .reviewer .merge-icon {
-  color: $orange-400;
+  color: var(--gl-status-warning-icon-color);
   position: absolute;
   bottom: -3px;
   right: -3px;

app/services/ci/destroy_pipeline_service.rb

@@ -5,6 +5,10 @@ class DestroyPipelineService < BaseService
     def execute(pipeline)
       raise Gitlab::Access::AccessDeniedError unless can?(current_user, :destroy_pipeline, pipeline)
 
+      unsafe_execute(pipeline)
+    end
+
+    def unsafe_execute(pipeline)
       Ci::ExpirePipelineCacheService.new.execute(pipeline, delete: true)
 
       # ensure cancellation happens sync so we accumulate compute minutes successfully

data/deprecations/17-3-codeclimate.yml

@@ -7,8 +7,8 @@
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/471677  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning.
-    However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today.
-    In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality.
+    In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job).
+    Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality).
 
     We expect to implement this change by:
 
@@ -19,4 +19,4 @@
     After End of Support in GitLab 18.0, we won't provide further updates.
     However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions.
 
-    For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required).
+    For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations).

doc/ci/testing/code_quality.md

@@ -43,7 +43,9 @@ You can also [integrate multiple tools](#integrate-multiple-tools).
 Many development teams already use linters, style checkers, or other tools in their CI/CD pipelines to automatically detect violations of coding standards.
 You can make the findings from these tools easier to see and fix by integrating them with Code Quality.
 
-To integrate a tool with Code Quality:
+To see if your tool already has a documented integration, see [Integrate common tools with Code Quality](#integrate-common-tools-with-code-quality).
+
+To integrate a different tool with Code Quality:
 
 1. Add the tool to your CI/CD pipeline.
 1. Configure the tool to output a report as a file.
@@ -76,19 +78,6 @@ You can capture results from multiple tools in a single pipeline.
 For example, you can run a code linter to scan your code along with a language linter to scan your documentation, or you can use a standalone tool along with CodeClimate-based scanning.
 Code Quality combines all of the reports so you see all of them when you [view results](#view-code-quality-results).
 
-Here is an example that returns ESLint output in the necessary format:
-
-```yaml
-eslint:
-  image: node:18-alpine
-  script:
-    - npm ci
-    - npx eslint --format gitlab .
-  artifacts:
-    reports:
-      codequality: gl-code-quality-report.json
-```
-
 ## View Code Quality results
 
 Code Quality results are shown in the:

doc/update/deprecations.md

@@ -209,8 +209,8 @@ This is one small step towards moving away from CI/CD templates in preference of
 </div>
 
 In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning.
-However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today.
-In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality.
+In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job).
+Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality).
 
 We expect to implement this change by:
 
@@ -221,7 +221,7 @@ Effective immediately, CodeClimate-based scanning will receive only [limited upd
 After End of Support in GitLab 18.0, we won't provide further updates.
 However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions.
 
-For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required).
+For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations).
 
 </div>
 

doc/user/compliance/license_scanning_of_cyclonedx_files/index.md

@@ -14,6 +14,7 @@ DETAILS:
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/385176) in GitLab 16.4. Feature flags `license_scanning_sbom_scanner` and `package_metadata_synchronization` removed.
 > - The legacy License Compliance analyzer (`License-Scanning.gitlab-ci.yml`) was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/439162) in GitLab 17.0.
 > - In GitLab 17.5 we introduced the ability to use a CycloneDX report artifact as a source of data for license information behind the feature flag `license_scanning_with_sbom_licenses`, disabled by default.
+> - In GitLab 17.6 the ability to use a CycloneDX report artifact as a source of data for license information has been enabled by default. The feature flag `license_scanning_with_sbom_licenses` is still present to disable the feature if necessary.
 
 To detect the licenses in use, License Compliance relies on running the
 [Dependency Scanning CI Jobs](../../application_security/dependency_scanning/index.md),
@@ -210,14 +211,16 @@ CycloneDX reports for licenses. For more information, see the offline [quick sta
 
 ## Use CycloneDX report as a source of license information
 
-The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses`.
+The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses` and enabled by default in 17.6.
 
 When the feature flag `license_scanning_with_sbom_licenses` is enabled, the License Scanning uses the [licenses](https://cyclonedx.org/use-cases/#license-compliance) field of the CycloneDX JSON SBOM when available. If the license information is unavailable, the license information imported from the external license database will be used(current behavior).
 License information can be provided using a valid SPDX identifier or a license name. However, providing a license using an SPDX License Expression is not supported.
 More information about the license field format can be found on the [CycloneDX](https://cyclonedx.org/use-cases/#license-compliance) specification.
 
 Compatible CycloneDX SBOM generators that provide the licenses field can be found in the [CycloneDX Tool Center](https://cyclonedx.org/tool-center/).
 
+Only licenses providing an SPDX identifier are currently supported. Extending this feature beyond SDPX licenses is tracked in [issue 505677](https://gitlab.com/gitlab-org/gitlab/-/issues/505677).
+
 ## Troubleshooting
 
 ### A CycloneDX file is not being scanned and appears to provide no results