Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.rubocop_todo/layout/line_end_string_concatenation_indentation.yml

@@ -311,7 +311,6 @@ Layout/LineEndStringConcatenationIndentation:
     - 'ee/spec/requests/users/registrations_identity_verification_controller_spec.rb'
     - 'ee/spec/serializers/integrations/field_entity_spec.rb'
     - 'ee/spec/services/boards/epic_lists/destroy_service_spec.rb'
-    - 'ee/spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'ee/spec/services/clusters/agent_tokens/create_service_audit_log_spec.rb'
     - 'ee/spec/services/clusters/agent_tokens/revoke_service_audit_log_spec.rb'
     - 'ee/spec/services/ee/auth/container_registry_authentication_service_spec.rb'

.rubocop_todo/rspec/context_wording.yml

@@ -2361,7 +2361,6 @@ RSpec/ContextWording:
     - 'spec/services/ci/create_pipeline_service/tags_spec.rb'
     - 'spec/services/ci/create_pipeline_service_spec.rb'
     - 'spec/services/ci/create_web_ide_terminal_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/ci/destroy_secure_file_service_spec.rb'
     - 'spec/services/ci/expire_pipeline_cache_service_spec.rb'
     - 'spec/services/ci/find_exposed_artifacts_service_spec.rb'

.rubocop_todo/rspec/named_subject.yml

@@ -2937,7 +2937,6 @@ RSpec/NamedSubject:
     - 'spec/services/ci/create_pipeline_service/parameter_content_spec.rb'
     - 'spec/services/ci/create_web_ide_terminal_service_spec.rb'
     - 'spec/services/ci/deployments/destroy_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/ci/destroy_secure_file_service_spec.rb'
     - 'spec/services/ci/drop_pipeline_service_spec.rb'
     - 'spec/services/ci/expire_pipeline_cache_service_spec.rb'

.rubocop_todo/rspec/scattered_let.yml

@@ -191,7 +191,6 @@ RSpec/ScatteredLet:
     - 'spec/services/ci/create_downstream_pipeline_service_spec.rb'
     - 'spec/services/ci/create_pipeline_service/rules_spec.rb'
     - 'spec/services/ci/create_pipeline_service_spec.rb'
-    - 'spec/services/ci/destroy_pipeline_service_spec.rb'
     - 'spec/services/design_management/delete_designs_service_spec.rb'
     - 'spec/services/design_management/save_designs_service_spec.rb'
     - 'spec/services/discussions/capture_diff_note_positions_service_spec.rb'

app/assets/stylesheets/framework/sidebar.scss

@@ -774,7 +774,7 @@
 .reviewer-merge-icon,
 .assignee .merge-icon,
 .reviewer .merge-icon {
-  color: $orange-400;
+  color: var(--gl-status-warning-icon-color);
   position: absolute;
   bottom: -3px;
   right: -3px;

app/services/ci/destroy_pipeline_service.rb

@@ -5,6 +5,10 @@ class DestroyPipelineService < BaseService
     def execute(pipeline)
       raise Gitlab::Access::AccessDeniedError unless can?(current_user, :destroy_pipeline, pipeline)
 
+      unsafe_execute(pipeline)
+    end
+
+    def unsafe_execute(pipeline)
       Ci::ExpirePipelineCacheService.new.execute(pipeline, delete: true)
 
       # ensure cancellation happens sync so we accumulate compute minutes successfully

data/deprecations/17-3-codeclimate.yml

@@ -7,8 +7,8 @@
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/471677  # (required) Link to the deprecation issue in GitLab
   body: |  # (required) Do not modify this line, instead modify the lines below.
     In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning.
-    However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today.
-    In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality.
+    In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job).
+    Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality).
 
     We expect to implement this change by:
 
@@ -19,4 +19,4 @@
     After End of Support in GitLab 18.0, we won't provide further updates.
     However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions.
 
-    For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required).
+    For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations).

doc/ci/testing/code_quality.md

@@ -43,7 +43,9 @@ You can also [integrate multiple tools](#integrate-multiple-tools).
 Many development teams already use linters, style checkers, or other tools in their CI/CD pipelines to automatically detect violations of coding standards.
 You can make the findings from these tools easier to see and fix by integrating them with Code Quality.
 
-To integrate a tool with Code Quality:
+To see if your tool already has a documented integration, see [Integrate common tools with Code Quality](#integrate-common-tools-with-code-quality).
+
+To integrate a different tool with Code Quality:
 
 1. Add the tool to your CI/CD pipeline.
 1. Configure the tool to output a report as a file.
@@ -76,19 +78,6 @@ You can capture results from multiple tools in a single pipeline.
 For example, you can run a code linter to scan your code along with a language linter to scan your documentation, or you can use a standalone tool along with CodeClimate-based scanning.
 Code Quality combines all of the reports so you see all of them when you [view results](#view-code-quality-results).
 
-Here is an example that returns ESLint output in the necessary format:
-
-```yaml
-eslint:
-  image: node:18-alpine
-  script:
-    - npm ci
-    - npx eslint --format gitlab .
-  artifacts:
-    reports:
-      codequality: gl-code-quality-report.json
-```
-
 ## View Code Quality results
 
 Code Quality results are shown in the:

doc/update/deprecations.md

@@ -209,8 +209,8 @@ This is one small step towards moving away from CI/CD templates in preference of
 </div>
 
 In GitLab 18.0, we will remove CodeClimate-based Code Quality scanning.
-However, you'll still be able to import results from quality tools by [providing a report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool), just as you can today.
-In addition, you can also see this [epic](https://gitlab.com/groups/gitlab-org/-/epics/8790) for new directions considered for Code Quality.
+In its place, you should use quality tools directly in your CI/CD pipeline and [provide the tool's report as an artifact](https://docs.gitlab.com/ee/ci/testing/code_quality.html#import-code-quality-results-from-a-cicd-job).
+Many tools already support the required report format, and you can integrate them by following the [documented steps](https://docs.gitlab.com/ee/ci/testing/code_quality.html#integrate-common-tools-with-code-quality).
 
 We expect to implement this change by:
 
@@ -221,7 +221,7 @@ Effective immediately, CodeClimate-based scanning will receive only [limited upd
 After End of Support in GitLab 18.0, we won't provide further updates.
 However, we won't delete previously published container images or remove the ability to run them by using custom CI/CD pipeline job definitions.
 
-For more details and required actions, see the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/471677#action-required).
+For more details, see [Scan code for quality violations](https://docs.gitlab.com/ee/ci/testing/code_quality.html#scan-code-for-quality-violations).
 
 </div>
 

doc/user/compliance/license_scanning_of_cyclonedx_files/index.md

@@ -14,6 +14,7 @@ DETAILS:
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/385176) in GitLab 16.4. Feature flags `license_scanning_sbom_scanner` and `package_metadata_synchronization` removed.
 > - The legacy License Compliance analyzer (`License-Scanning.gitlab-ci.yml`) was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/439162) in GitLab 17.0.
 > - In GitLab 17.5 we introduced the ability to use a CycloneDX report artifact as a source of data for license information behind the feature flag `license_scanning_with_sbom_licenses`, disabled by default.
+> - In GitLab 17.6 the ability to use a CycloneDX report artifact as a source of data for license information has been enabled by default. The feature flag `license_scanning_with_sbom_licenses` is still present to disable the feature if necessary.
 
 To detect the licenses in use, License Compliance relies on running the
 [Dependency Scanning CI Jobs](../../application_security/dependency_scanning/index.md),
@@ -210,14 +211,16 @@ CycloneDX reports for licenses. For more information, see the offline [quick sta
 
 ## Use CycloneDX report as a source of license information
 
-The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses`.
+The ability to use a CI report artifact as a source of license information data was introduced in GitLab 17.5 behind the feature flag `license_scanning_with_sbom_licenses` and enabled by default in 17.6.
 
 When the feature flag `license_scanning_with_sbom_licenses` is enabled, the License Scanning uses the [licenses](https://cyclonedx.org/use-cases/#license-compliance) field of the CycloneDX JSON SBOM when available. If the license information is unavailable, the license information imported from the external license database will be used(current behavior).
 License information can be provided using a valid SPDX identifier or a license name. However, providing a license using an SPDX License Expression is not supported.
 More information about the license field format can be found on the [CycloneDX](https://cyclonedx.org/use-cases/#license-compliance) specification.
 
 Compatible CycloneDX SBOM generators that provide the licenses field can be found in the [CycloneDX Tool Center](https://cyclonedx.org/tool-center/).
 
+Only licenses providing an SPDX identifier are currently supported. Extending this feature beyond SDPX licenses is tracked in [issue 505677](https://gitlab.com/gitlab-org/gitlab/-/issues/505677).
+
 ## Troubleshooting
 
 ### A CycloneDX file is not being scanned and appears to provide no results

doc/user/duo_workflow/index.md

@@ -99,23 +99,6 @@ Other risks to be aware of when using Duo Workflow:
    goals or messages, as there is a chance it might end up using those in code
    or other API calls.
 
-## Duo Workflow use cases
-
-Automate tasks and help increase productivity in your development workflow by using GitLab Duo Workflow.
-GitLab Duo Workflow, currently only in your IDE, takes the information you provide
-and uses AI to walk you through an implementation plan.
-
-GitLab Duo Workflow supports a wide variety of use cases. Here are a few examples:
-
-- Bootstrap a new project
-- Write tests
-- Fix a failed pipeline
-- Implement a proof of concept for an existing issue
-- Comment on a merge request with suggestions
-- Optimize CI configuration
-
-These are examples of successful use cases, but it can be used for many more.
-
 ## Prerequisites
 
 Before you can use GitLab Duo Workflow:

spec/services/ci/destroy_pipeline_service_spec.rb

@@ -4,16 +4,13 @@
 
 RSpec.describe ::Ci::DestroyPipelineService, feature_category: :continuous_integration do
   let_it_be(:project) { create(:project, :repository) }
+  let_it_be_with_refind(:pipeline) { create(:ci_pipeline, :success, project: project, sha: project.commit.id) }
 
-  let!(:pipeline) { create(:ci_pipeline, :success, project: project, sha: project.commit.id) }
-
-  subject { described_class.new(project, user).execute(pipeline) }
-
-  context 'user is owner' do
-    let(:user) { project.first_owner }
+  let(:service) { described_class.new(project, user) }
 
+  shared_examples 'unsafe_execute' do
     it 'destroys the pipeline' do
-      subject
+      response
 
       expect { pipeline.reload }.to raise_error(ActiveRecord::RecordNotFound)
     end
@@ -23,7 +20,7 @@
 
       expect(project.pipeline_status.has_status?).to be_truthy
 
-      subject
+      response
 
       # We need to reset lazy_latest_pipeline cache to simulate a new request
       BatchLoader::Executor.clear_current
@@ -33,22 +30,22 @@
     end
 
     it 'does not log an audit event' do
-      expect { subject }.not_to change { AuditEvent.count }
+      expect { response }.not_to change { AuditEvent.count }
     end
 
     context 'when the pipeline has jobs' do
       let!(:build) { create(:ci_build, project: project, pipeline: pipeline) }
 
       it 'destroys associated jobs' do
-        subject
+        response
 
         expect { build.reload }.to raise_error(ActiveRecord::RecordNotFound)
       end
 
       it 'destroys associated stages' do
         stages = pipeline.stages
 
-        subject
+        response
 
         expect(stages).to all(raise_error(ActiveRecord::RecordNotFound))
       end
@@ -57,35 +54,34 @@
         let!(:artifact) { create(:ci_job_artifact, :archive, job: build) }
 
         it 'destroys associated artifacts' do
-          subject
+          response
 
           expect { artifact.reload }.to raise_error(ActiveRecord::RecordNotFound)
         end
 
         it 'inserts deleted objects for object storage files' do
-          expect { subject }.to change { Ci::DeletedObject.count }
+          expect { response }.to change { Ci::DeletedObject.count }
         end
       end
 
       context 'when job has trace chunks' do
-        let(:connection_params) { Gitlab.config.artifacts.object_store.connection.symbolize_keys }
-        let(:connection) { ::Fog::Storage.new(connection_params) }
-
         before do
           stub_object_storage(connection_params: connection_params, remote_directory: 'artifacts')
           stub_artifacts_object_storage
         end
 
+        let(:connection_params) { Gitlab.config.artifacts.object_store.connection.symbolize_keys }
+        let(:connection) { ::Fog::Storage.new(connection_params) }
         let!(:trace_chunk) { create(:ci_build_trace_chunk, :fog_with_data, build: build) }
 
         it 'destroys associated trace chunks' do
-          subject
+          response
 
           expect { trace_chunk.reload }.to raise_error(ActiveRecord::RecordNotFound)
         end
 
         it 'removes data from object store' do
-          expect { subject }.to change { Ci::BuildTraceChunks::Fog.new.data(trace_chunk) }
+          expect { response }.to change { Ci::BuildTraceChunks::Fog.new.data(trace_chunk) }
         end
       end
     end
@@ -104,16 +100,34 @@
 
         expect(cancel_pipeline_service).to receive(:force_execute)
 
-        subject
+        response
       end
     end
   end
 
-  context 'user is not owner' do
-    let(:user) { create(:user) }
+  describe '#execute' do
+    subject(:response) { service.execute(pipeline) }
+
+    context 'when user is owner' do
+      let(:user) { project.first_owner }
 
-    it 'raises an exception' do
-      expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
+      it_behaves_like 'unsafe_execute'
     end
+
+    context 'when user is not owner' do
+      let(:user) { create(:user) }
+
+      it 'raises an exception' do
+        expect { response }.to raise_error(Gitlab::Access::AccessDeniedError)
+      end
+    end
+  end
+
+  describe '#unsafe_execute' do
+    subject(:response) { service.unsafe_execute(pipeline) }
+
+    let(:user) { nil }
+
+    it_behaves_like 'unsafe_execute'
   end
 end