Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.rubocop_todo/gitlab/bounded_contexts.yml

@@ -2553,7 +2553,6 @@ Gitlab/BoundedContexts:
     - 'ee/app/graphql/types/move_type_enum.rb'
     - 'ee/app/graphql/types/negated_iteration_wildcard_id_enum.rb'
     - 'ee/app/graphql/types/path_lock_type.rb'
-    - 'ee/app/graphql/types/pending_group_member_type.rb'
     - 'ee/app/graphql/types/permission_types/dast_site_profile.rb'
     - 'ee/app/graphql/types/permission_types/epic.rb'
     - 'ee/app/graphql/types/permission_types/pipeline_security_report_finding.rb'

GITALY_SERVER_VERSION

@@ -1 +1 @@
-7d588faba97dfbf48c39a3dc600eee66499cf065
+af0566ee3ca5075025da8442a44ba7e411caa530

GITLAB_KAS_VERSION

@@ -1 +1 @@
-449014dfd52c9b1e0f6e8f7b4158e17d20d36971
+65cc901765eab78be34876e6aed8b7857de7a5bf

app/assets/javascripts/graphql_shared/possible_types.json

@@ -90,6 +90,7 @@
   "MemberInterface": [
     "GroupMember",
     "PendingGroupMember",
+    "PendingProjectMember",
     "ProjectMember"
   ],
   "NoteableInterface": [
@@ -127,6 +128,10 @@
     "PypiMetadata",
     "TerraformModuleMetadata"
   ],
+  "PendingMemberInterface": [
+    "PendingGroupMember",
+    "PendingProjectMember"
+  ],
   "Registrable": [
     "CiSecureFileRegistry",
     "ContainerRepositoryRegistry",

app/models/ci/job_token/group_scope_link.rb

@@ -15,6 +15,8 @@ class GroupScopeLink < Ci::ApplicationRecord
       belongs_to :target_group, class_name: '::Group'
       belongs_to :added_by, class_name: 'User'
 
+      validates :job_token_policies, json_schema: { filename: 'ci_job_token_policies' }, allow_blank: true
+
       scope :with_source, ->(project) { where(source_project: project) }
       scope :with_target, ->(group) { where(target_group: group) }
 

app/models/ci/job_token/project_scope_link.rb

@@ -15,6 +15,8 @@ class ProjectScopeLink < Ci::ApplicationRecord
       belongs_to :target_project, class_name: 'Project'
       belongs_to :added_by, class_name: 'User'
 
+      validates :job_token_policies, json_schema: { filename: 'ci_job_token_policies' }, allow_blank: true
+
       scope :with_access_direction, ->(direction) { where(direction: direction) }
       scope :with_source, ->(project)   { where(source_project: project) }
       scope :with_target, ->(project)   { where(target_project: project) }

app/models/identity.rb

@@ -7,7 +7,12 @@ class Identity < ApplicationRecord
   belongs_to :user
 
   validates :provider, presence: true
-  validates :extern_uid, allow_blank: true, uniqueness: { scope: UniquenessScopes.scopes, case_sensitive: false }
+  validates :extern_uid, allow_blank: true, uniqueness: {
+    scope: UniquenessScopes.scopes,
+    case_sensitive: false,
+    message: "has already been taken. Please contact your administrator to generate a unique extern_uid / NameID"
+  }
+
   validates :user, uniqueness: { scope: UniquenessScopes.scopes }
 
   before_save :ensure_normalized_extern_uid, if: :extern_uid_changed?

app/validators/json_schemas/ci_job_token_policies.json

@@ -0,0 +1,46 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Policies that can be assigned to a CI_JOB_TOKEN",
+  "type": "array",
+  "items": {
+    "type": "string",
+    "enum": [
+      "admin_container_image",
+      "admin_secure_files",
+      "admin_terraform_state",
+      "build_create_container_image",
+      "build_destroy_container_image",
+      "build_download_code",
+      "build_push_code",
+      "build_read_container_image",
+      "create_deployment",
+      "create_environment",
+      "create_on_demand_dast_scan",
+      "create_package",
+      "create_release",
+      "destroy_container_image",
+      "destroy_deployment",
+      "destroy_environment",
+      "destroy_package",
+      "destroy_release",
+      "read_build",
+      "read_container_image",
+      "read_deployment",
+      "read_environment",
+      "read_group",
+      "read_job_artifacts",
+      "read_pipeline",
+      "read_project",
+      "read_release",
+      "read_secure_files",
+      "read_terraform_state",
+      "stop_environment",
+      "update_deployment",
+      "update_environment",
+      "update_pipeline",
+      "update_release"
+    ]
+  },
+  "uniqueItems": true,
+  "additionalItems": false
+}

config/initializers/0_marginalia.rb

@@ -13,8 +13,8 @@
 # matching against the raw SQL, and prepending the comment prevents color
 # coding from working in the development log.
 Marginalia::Comment.prepend_comment = true if Rails.env.production?
-Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id, :db_config_name,
-  :console_hostname, :console_username]
+Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id, :db_config_database,
+  :db_config_name, :console_hostname, :console_username]
 
 # As mentioned in https://github.com/basecamp/marginalia/pull/93/files,
 # adding :line has some overhead because a regexp on the backtrace has

data/deprecations/17-5-deprecate-merge-train-graphql-fields.yml

@@ -0,0 +1,40 @@
+- title: "`mergeTrainIndex` and `mergeTrainsCount` GraphQL fields deprecated"
+  # The milestones for the deprecation announcement, and the removal.
+  removal_milestone: "18.0"
+  announcement_milestone: "17.5"
+  # Change breaking_change to false if needed.
+  breaking_change: true
+  # The stage and GitLab username of the person reporting the change,
+  # and a link to the deprecation issue
+  reporter: rutshah
+  stage: verify
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/473759
+  # Use the impact calculator https://gitlab-com.gitlab.io/gl-infra/breaking-change-impact-calculator/?
+  impact: low  # Can be one of: [critical, high, medium, low]
+  scope: project  # Can be one or a combination of: [instance, group, project]
+  resolution_role: Developer  # Can be one of: [Admin, Owner, Maintainer, Developer]
+  manual_task: true  # Can be true or false. Use this to denote whether a resolution action must be performed manually (true), or if it can be automated by using the API or other automation (false).
+  body: |  # (required) Don't change this line.
+    The GraphQL field `mergeTrainIndex` and `mergeTrainsCount` in `MergeRequest` are deprecated. To
+    determine the position of the merge request on the merge train use the
+    `index` field in `MergeTrainCar` instead. To get the count of MRs in a merge train,
+    use `count` from `cars` in `MergeTrains::TrainType` instead.
+
+# ==============================
+# OPTIONAL END-OF-SUPPORT FIELDS
+# ==============================
+#
+# If an End of Support period applies:
+# 1) Share this announcement in the `#spt_managers` Support channel in Slack
+# 2) Mention `@gitlab-com/support` in this merge request.
+#
+  # When support for this feature ends, in XX.YY milestone format.
+  end_of_support_milestone:
+  # Array of tiers the feature is currently available to,
+  # like [Free, Silver, Gold, Core, Premium, Ultimate]
+  tiers:
+  # Links to documentation and thumbnail image
+  documentation_url:
+  image_url:
+  # Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
+  video_url: