Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/vendored-gems.gitlab-ci.yml

@@ -53,5 +53,5 @@ include:
       gem_path_prefix: "vendor/gems/"
   - local: .gitlab/ci/templates/gem.gitlab-ci.yml
     inputs:
-      gem_name: "sidekiq-7.1.6"
+      gem_name: "sidekiq-7.2.4"
       gem_path_prefix: "vendor/gems/"

Gemfile

@@ -279,7 +279,7 @@ end
 gem 'state_machines-activerecord', '~> 0.8.0' # rubocop:todo Gemfile/MissingFeatureCategory
 
 # Background jobs
-gem 'sidekiq', path: 'vendor/gems/sidekiq-7.1.6', require: 'sidekiq', feature_category: :scalability
+gem 'sidekiq', path: 'vendor/gems/sidekiq-7.2.4', require: 'sidekiq', feature_category: :scalability
 gem 'sidekiq-cron', '~> 1.12.0', feature_category: :scalability
 gem 'gitlab-sidekiq-fetcher',
   path: 'vendor/gems/sidekiq-reliable-fetch',

Gemfile.lock

@@ -194,13 +194,13 @@ PATH
       omniauth (~> 2.0)
 
 PATH
-  remote: vendor/gems/sidekiq-7.1.6
+  remote: vendor/gems/sidekiq-7.2.4
   specs:
-    sidekiq (7.1.6)
+    sidekiq (7.2.4)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
       rack (>= 2.2.4)
-      redis-client (>= 0.14.0)
+      redis-client (>= 0.19.0)
 
 PATH
   remote: vendor/gems/sidekiq-reliable-fetch

Gemfile.next.lock

@@ -194,13 +194,13 @@ PATH
       omniauth (~> 2.0)
 
 PATH
-  remote: vendor/gems/sidekiq-7.1.6
+  remote: vendor/gems/sidekiq-7.2.4
   specs:
-    sidekiq (7.1.6)
+    sidekiq (7.2.4)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
       rack (>= 2.2.4)
-      redis-client (>= 0.14.0)
+      redis-client (>= 0.19.0)
 
 PATH
   remote: vendor/gems/sidekiq-reliable-fetch

app/assets/javascripts/access_tokens/components/new_access_token_app.vue

@@ -52,6 +52,11 @@ export default {
     label() {
       return sprintf(this.$options.i18n.label, { accessTokenType: this.accessTokenType });
     },
+    isNameOrScopesSet() {
+      const urlParams = new URLSearchParams(window.location.search);
+
+      return urlParams.has('name') || urlParams.has('scopes');
+    },
   },
   mounted() {
     /** @type {HTMLFormElement} */
@@ -61,6 +66,14 @@ export default {
     this.submitButton = this.form.querySelector(
       'button[type=submit][data-testid=create-token-button]',
     );
+
+    // If param is set, open form on page load.
+    if (this.isNameOrScopesSet) {
+      document.querySelectorAll('.js-token-card').forEach((el) => {
+        el.querySelector('.js-add-new-token-form').style.display = 'block';
+        el.querySelector('.js-toggle-button').style.display = 'none';
+      });
+    }
   },
   methods: {
     beforeDisplayResults() {

app/assets/javascripts/ci/pipelines_page/components/failure_widget/failed_job_details.vue

@@ -149,6 +149,7 @@ export default {
             :loading="isLoadingAction"
             :title="$options.i18n.retry"
             :aria-label="$options.i18n.retry"
+            data-testid="retry-button"
             @click.stop="retryJob"
           />
         </span>

app/assets/javascripts/deploy_keys/components/keys_panel.vue

@@ -43,7 +43,7 @@ export default {
         :project-id="projectId"
       />
     </template>
-    <div v-else class="gl-new-card-empty gl-bg-gray-10 gl-p-5 gl-text-center">
+    <div v-else class="gl-text-subtle gl-bg-gray-10 gl-p-5" data-testid="empty-state">
       {{ s__('DeployKeys|No deploy keys found, start by adding a new one above.') }}
     </div>
   </div>

app/assets/stylesheets/framework/gfm.scss

@@ -11,12 +11,13 @@
 .gfm-project_member,
 .md a.gfm-project_member {
   padding: 0 2px;
-  background-color: $blue-100;
+  @apply gl-text-blue-700;
+  @apply gl-bg-blue-100;
   border-radius: $gl-border-radius-base;
-  color: $blue-700;
 
   &.current-user {
-    background-color: $orange-100;
+    @apply gl-text-orange-800;
+    @apply gl-bg-orange-100;
   }
 }
 

app/assets/stylesheets/page_bundles/notes/_system_notes_v2.scss

@@ -36,7 +36,7 @@
       @apply gl-text-blue-700;
 
       &.current-user {
-        @apply gl-text-orange-700;
+        @apply gl-text-orange-800;
       }
     }
   }

app/models/ci/runner.rb

@@ -72,7 +72,8 @@ class Runner < Ci::ApplicationRecord
 
     AVAILABLE_TYPES_LEGACY = %w[specific shared].freeze
     AVAILABLE_TYPES = runner_types.keys.freeze
-    AVAILABLE_STATUSES = %w[active paused online offline never_contacted stale].freeze # TODO: Remove in %16.0: active, paused. Relevant issue: https://gitlab.com/gitlab-org/gitlab/-/issues/344648
+    DEPRECATED_STATUSES = %w[active paused].freeze # TODO: Remove in REST v5. Relevant issue: https://gitlab.com/gitlab-org/gitlab/-/issues/344648
+    AVAILABLE_STATUSES = (DEPRECATED_STATUSES + %w[online offline never_contacted stale]).freeze
     AVAILABLE_SCOPES = (AVAILABLE_TYPES_LEGACY + AVAILABLE_TYPES + AVAILABLE_STATUSES).freeze
 
     FORM_EDITABLE = %i[description tag_list active run_untagged locked access_level maximum_timeout_human_readable].freeze

app/models/concerns/partitioned_table.rb

@@ -31,7 +31,7 @@ def partitioned_by(partitioning_key, strategy:, **kwargs)
     def _returning_columns_for_insert
       auto_populated_columns = []
       auto_populated_columns = super if Gitlab.next_rails?
-      auto_populated_columns.empty? ? Array(primary_key) : auto_populated_columns
+      auto_populated_columns + Array(primary_key)
     end
   end
 end

app/models/integration.rb

@@ -21,21 +21,27 @@ class Integration < ApplicationRecord
   INTEGRATION_NAMES = %w[
     asana assembla bamboo bugzilla buildkite campfire clickup confluence custom_issue_tracker
     datadog diffblue_cover discord drone_ci emails_on_push ewm external_wiki
-    gitlab_slack_application hangouts_chat harbor irker jira jira_cloud_app matrix
+    gitlab_slack_application hangouts_chat harbor irker jira matrix
     mattermost mattermost_slash_commands microsoft_teams packagist phorge pipelines_email
     pivotaltracker prometheus pumble pushover redmine slack slack_slash_commands squash_tm teamcity telegram
     unify_circuit webex_teams youtrack zentao
   ].freeze
 
-  INSTANCE_SPECIFIC_INTEGRATION_NAMES = %w[
+  # Integrations that can only be enabled on the instance-level
+  INSTANCE_LEVEL_ONLY_INTEGRATION_NAMES = %w[
     beyond_identity
   ].freeze
 
-  # See: https://gitlab.com/gitlab-org/gitlab/-/issues/345677
-  PROJECT_SPECIFIC_INTEGRATION_NAMES = %w[
+  # Integrations that can only be enabled on the project-level
+  PROJECT_LEVEL_ONLY_INTEGRATION_NAMES = %w[
     apple_app_store google_play jenkins
   ].freeze
 
+  # Integrations that cannot be enabled on the instance-level
+  PROJECT_AND_GROUP_LEVEL_ONLY_INTEGRATION_NAMES = %w[
+    jira_cloud_app
+  ].freeze
+
   # Fake integrations to help with local development.
   DEV_INTEGRATION_NAMES = %w[
     mock_ci mock_monitoring
@@ -134,7 +140,7 @@ def properties=(props)
   }
 
   scope :for_instance, -> {
-    types = available_integration_types(include_project_specific: false, include_instance_specific: true)
+    types = available_integration_types(include_project_specific: false, include_group_specific: false)
     where(instance: true, type: types)
   }
 
@@ -285,14 +291,18 @@ def self.event_description(event)
   end
 
   def self.find_or_initialize_non_project_specific_integration(name, instance: false, group_id: nil)
-    return unless name.in?(available_integration_names(include_project_specific: false,
+    return unless name.in?(available_integration_names(
+      include_project_specific: false,
+      include_group_specific: group_id.present?,
       include_instance_specific: instance))
 
     integration_name_to_model(name).find_or_initialize_by(instance: instance, group_id: group_id)
   end
 
   def self.find_or_initialize_all_non_project_specific(scope, include_instance_specific: false)
-    scope + build_nonexistent_integrations_for(scope, include_instance_specific: include_instance_specific)
+    scope + build_nonexistent_integrations_for(scope,
+      include_group_specific: !include_instance_specific,
+      include_instance_specific: include_instance_specific)
   end
 
   def self.build_nonexistent_integrations_for(...)
@@ -304,11 +314,12 @@ def self.build_nonexistent_integrations_for(...)
 
   # Returns a list of integration types that do not exist in the given scope.
   # Example: ["AsanaService", ...]
-  def self.nonexistent_integration_types_for(scope, include_instance_specific: false)
+  def self.nonexistent_integration_types_for(scope, include_group_specific: false, include_instance_specific: false)
     # Using #map instead of #pluck to save one query count. This is because
     # ActiveRecord loaded the object here, so we don't need to query again later.
     available_integration_types(
       include_project_specific: false,
+      include_group_specific: include_group_specific,
       include_instance_specific: include_instance_specific
     ) - scope.map(&:type)
   end
@@ -317,12 +328,14 @@ def self.nonexistent_integration_types_for(scope, include_instance_specific: fal
   # Returns a list of available integration names.
   # Example: ["asana", ...]
   def self.available_integration_names(
-    include_project_specific: true, include_dev: true, include_instance_specific: true, include_disabled: false
+    include_project_specific: true, include_group_specific: true, include_instance_specific: true, include_dev: true,
+    include_disabled: false
   )
-    names = integration_names
-    names += project_specific_integration_names if include_project_specific
-    names += dev_integration_names if include_dev
-    names += instance_specific_integration_names if include_instance_specific
+    names = integration_names.dup
+    names.concat(project_specific_integration_names) if include_project_specific
+    names.concat(dev_integration_names) if include_dev
+    names.concat(instance_specific_integration_names) if include_instance_specific
+    names.concat(project_and_group_specific_integration_names) if include_project_specific || include_group_specific
     names -= disabled_integration_names unless include_disabled
 
     names.sort_by(&:downcase)
@@ -336,13 +349,11 @@ def self.integration_names
       names.delete('gitlab_slack_application')
     end
 
-    names.delete('jira_cloud_app') unless Feature.enabled?(:enable_jira_connect_configuration) # rubocop:disable Gitlab/FeatureFlagWithoutActor -- flag must be global
-
     names
   end
 
   def self.instance_specific_integration_names
-    INSTANCE_SPECIFIC_INTEGRATION_NAMES
+    INSTANCE_LEVEL_ONLY_INTEGRATION_NAMES
   end
 
   def self.instance_specific_integration_types
@@ -356,7 +367,7 @@ def self.dev_integration_names
   end
 
   def self.project_specific_integration_names
-    names = PROJECT_SPECIFIC_INTEGRATION_NAMES.dup
+    names = PROJECT_LEVEL_ONLY_INTEGRATION_NAMES.dup
 
     if Feature.disabled?(:gitlab_for_slack_app_instance_and_group_level, type: :beta) &&
         (Gitlab::CurrentSettings.slack_app_enabled || Gitlab.dev_or_test_env?)
@@ -366,6 +377,13 @@ def self.project_specific_integration_names
     names
   end
 
+  def self.project_and_group_specific_integration_names
+    names = PROJECT_AND_GROUP_LEVEL_ONLY_INTEGRATION_NAMES.dup
+    names.delete('jira_cloud_app') unless Feature.enabled?(:enable_jira_connect_configuration) # rubocop:disable Gitlab/FeatureFlagWithoutActor -- flag must be global
+    names
+  end
+  private_class_method :project_and_group_specific_integration_names
+
   # Returns a list of available integration types.
   # Example: ["Integrations::Asana", ...]
   def self.available_integration_types(...)

app/models/namespace_setting.rb

@@ -18,7 +18,7 @@ class NamespaceSetting < ApplicationRecord
 
   enum jobs_to_be_done: { basics: 0, move_repository: 1, code_storage: 2, exploring: 3, ci: 4, other: 5 }, _suffix: true
   enum enabled_git_access_protocol: { all: 0, ssh: 1, http: 2 }, _suffix: true
-  enum seat_control: { off: 0, user_cap: 1 }, _prefix: true
+  enum seat_control: { off: 0, user_cap: 1, block_overages: 2 }, _prefix: true
 
   attribute :default_branch_protection_defaults, default: -> { {} }
 

app/views/user_settings/personal_access_tokens/index.html.haml

@@ -9,7 +9,7 @@
     .settings-sticky-header-inner
       %h4.gl-my-0
         = page_title
-  %p.gl-text-secondary
+  %p.gl-text-subtle
     = s_('AccessTokens|You can generate a personal access token for each application you use that needs access to the GitLab API.')
     = s_('AccessTokens|You can also use personal access tokens to authenticate against Git over HTTP.')
     = s_('AccessTokens|They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.')

config/application.rb

@@ -20,6 +20,7 @@
 module Gitlab
   class Application < Rails::Application
     config.load_defaults 7.0
+
     # This section contains configuration from Rails upgrades to override the new defaults so that we
     # keep existing behavior.
     #
@@ -37,7 +38,6 @@ class Application < Rails::Application
     config.active_record.automatic_scope_inversing = nil # New default is true
     config.active_record.verify_foreign_keys_for_fixtures = nil # New default is true
     config.active_record.partial_inserts = true # New default is false
-    config.active_support.cache_format_version = nil # New default is 7.0
     config.active_support.disable_to_s_conversion = false # New default is true
     config.active_support.executor_around_test_case = nil # New default is true
     config.active_support.isolation_level = nil # New default is thread
@@ -46,7 +46,6 @@ class Application < Rails::Application
 
     # Rails 6.1
     config.action_dispatch.cookies_same_site_protection = nil # New default is :lax
-    ActiveSupport.utc_to_local_returns_utc_offset_times = false
     config.action_view.preload_links_header = false
 
     # Rails 5.2
@@ -90,6 +89,11 @@ class Application < Rails::Application
     require_dependency Rails.root.join('lib/gitlab/patch/old_redis_cache_store')
     require_dependency Rails.root.join('lib/gitlab/exceptions_app')
 
+    unless ::Gitlab.next_rails?
+      config.active_support.cache_format_version = nil
+      ActiveSupport.utc_to_local_returns_utc_offset_times = false
+    end
+
     config.exceptions_app = Gitlab::ExceptionsApp.new(Gitlab.jh? ? Rails.root.join('jh/public') : Rails.public_path)
 
     # This preload is required to:

config/gitlab_loose_foreign_keys.yml

@@ -440,10 +440,6 @@ security_scans:
   - table: projects
     column: project_id
     on_delete: async_delete
-security_trainings:
-  - table: projects
-    column: project_id
-    on_delete: async_delete
 snippets:
   - table: organizations
     column: organization_id

config/initializers/sidekiq.rb

@@ -38,7 +38,7 @@ def load_cron_jobs!
 Sidekiq.strict_args!(strict_args_mode)
 
 # Perform version check before configuring server with the custome scheduled job enqueue class
-unless Gem::Version.new(Sidekiq::VERSION) == Gem::Version.new('7.1.6')
+unless Gem::Version.new(Sidekiq::VERSION) == Gem::Version.new('7.2.4')
   raise 'New version of Sidekiq detected, please either update the version for this check ' \
         'and update Gitlab::SidekiqSharding::ScheduledEnq is compatible.'
 end

db/docs/security_training_providers.yml

@@ -7,5 +7,4 @@ feature_categories:
 description: Stores information about the available security training providers
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78195
 milestone: '14.7'
-gitlab_schema: gitlab_sec
-sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/476672
+gitlab_schema: gitlab_main_clusterwide

db/docs/security_trainings.yml

@@ -7,7 +7,7 @@ feature_categories:
 description: Stores information about the primary security training provider for a given project
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78195
 milestone: '14.7'
-gitlab_schema: gitlab_sec
+gitlab_schema: gitlab_main_cell
 allow_cross_foreign_keys:
 - gitlab_main_clusterwide
 sharding_key: