Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/CODEOWNERS

@@ -7,10 +7,10 @@
 .gitlab/CODEOWNERS @gitlab-org/development-leaders @gitlab-org/tw-leadership
 
 ## Allows release tooling and Gitaly team members to update the Gitaly Version
-/GITALY_SERVER_VERSION @project_278964_bot_77e28085fcec07f14dfd31c689824b5b @gitlab-org/maintainers/rails-backend @gitlab-org/delivery @gl-gitaly
+/GITALY_SERVER_VERSION @project_278964_bot_e2e6cca5e3b0076fdecec369cccb9e18 @gitlab-org/maintainers/rails-backend @gitlab-org/delivery @gl-gitaly
 
 ## Allows release tooling, KAS version maintainers and the delivery team to update the KAS version
-/GITLAB_KAS_VERSION @project_278964_bot_77e28085fcec07f14dfd31c689824b5b @gitlab-org/maintainers/kas-version-maintainers @gitlab-org/maintainers/rails-backend @gitlab-org/delivery
+/GITLAB_KAS_VERSION @project_278964_bot_e2e6cca5e3b0076fdecec369cccb9e18 @gitlab-org/maintainers/kas-version-maintainers @gitlab-org/maintainers/rails-backend @gitlab-org/delivery
 
 ## Allows automated updates to E2E test knapsack reports
 /qa/knapsack/**/*.json @project_278964_bot_bd38289efeb650826d995b5f830ca9cb @gl-dx

app/assets/javascripts/glql/components/presenters/table.vue

@@ -76,7 +76,6 @@ export default {
     persist-collapsed-state
     class="!gl-mt-5 gl-overflow-hidden"
     :body-class="{ '!gl-m-[-1px] !gl-p-0': items.length || isPreview }"
-    footer-class="!gl-border-t-0"
     @collapsed="isCollapsed = true"
     @expanded="isCollapsed = false"
   >

app/finders/groups/user_groups_finder.rb

@@ -11,6 +11,7 @@
 #     permissions: string (see Types::Groups::UserPermissionsEnum)
 #     search: string used for search on path and group name
 #     sort: string (see Types::Namespaces::GroupSortEnum)
+#     exact_matches_first: boolean used to enable priotization of exact matches
 #
 # Initially created to filter user groups and descendants where the user can create projects
 module Groups
@@ -26,8 +27,11 @@ def execute
       return Group.none if target_user.blank?
 
       items = by_permission_scope
-      items = by_search(items)
 
+      # Search will perform an ORDER BY to ensure exact matches are returned first.
+      return by_search(items, exact_matches_first: true) if exact_matches_first_enabled?
+
+      items = by_search(items)
       sort(items)
     end
 
@@ -68,5 +72,10 @@ def sort(items)
 
       items.sort_by_attribute(params[:sort])
     end
+
+    def exact_matches_first_enabled?
+      params[:exact_matches_first] && params[:search].present? &&
+        Feature.enabled?(:exact_matches_first_project_transfer, current_user)
+    end
   end
 end

app/finders/notes_finder.rb

@@ -193,7 +193,6 @@ def redact_internal(notes)
   end
 
   def without_hidden_notes?
-    return false unless Feature.enabled?(:hidden_notes)
     return false if @current_user&.can_admin_all_resources?
 
     true

app/models/note.rb

@@ -171,11 +171,7 @@ class Note < ApplicationRecord
   scope :with_metadata, -> { includes(:system_note_metadata) }
 
   scope :without_hidden, -> {
-    if Feature.enabled?(:hidden_notes)
-      where_not_exists(Users::BannedUser.where('notes.author_id = banned_users.user_id'))
-    else
-      all
-    end
+    where_not_exists(Users::BannedUser.where('notes.author_id = banned_users.user_id'))
   }
 
   scope :for_note_or_capitalized_note, ->(text) { where(note: [text, text.capitalize]) }

app/policies/base_policy.rb

@@ -77,6 +77,12 @@ class BasePolicy < DeclarativePolicy::Base
   with_options scope: :global, score: 0
   condition(:can_create_organization) { Gitlab::CurrentSettings.can_create_organization }
 
+  desc "Only admins can destroy projects"
+  condition(:owner_cannot_destroy_project, scope: :global) do
+    ::Gitlab::CurrentSettings.current_application_settings
+      .default_project_deletion_protection
+  end
+
   desc "The application is restricted from public visibility"
   condition(:restricted_public_level, scope: :global) do
     Gitlab::CurrentSettings.current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)

app/services/click_house/sync_strategies/base_sync_strategy.rb

@@ -74,12 +74,12 @@ def next_batch
       def process_batch(context)
         Enumerator.new do |yielder|
           has_more_data = false
-          batching_scope.each_batch(of: BATCH_SIZE) do |relation|
-            records = relation.select(projections).to_a
+          batching_scope.each_batch(of: BATCH_SIZE, column: primary_key) do |relation|
+            records = relation.select(*projections, "#{primary_key} AS id_for_cursor").to_a
             has_more_data = records.size == BATCH_SIZE
             records.each do |row|
               yielder << transform_row(row)
-              context.last_processed_id = row.id
+              context.last_processed_id = row.id_for_cursor
 
               break if context.record_limit_reached?
             end
@@ -112,6 +112,12 @@ def projections
         raise NotImplementedError, "Subclasses must implement `projections`"
       end
 
+      # UInt type primary key used for cursor management,
+      # override if necessary.
+      def primary_key
+        :id
+      end
+
       def csv_mapping
         raise NotImplementedError, "Subclasses must implement `csv_mapping`"
       end

app/views/groups/settings/_remove.html.haml

@@ -1,3 +1,4 @@
+- return unless can?(current_user, :remove_group, group)
 - remove_form_id = local_assigns.fetch(:remove_form_id, nil)
 
 - if group.adjourned_deletion?

config/feature_flags/development/hidden_notes.yml

@@ -0,0 +1,10 @@
+---
+name: exact_matches_first_project_transfer
+description: Prioritize exact matches when searching for groups in project transfer
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/536745
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/188711
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/536751
+milestone: '18.0'
+group: group::project management
+type: gitlab_com_derisk
+default_enabled: false

config/feature_flags/gitlab_com_derisk/exact_matches_first_project_transfer.yml

@@ -5,4 +5,4 @@ rollout_issue_url:
 milestone: '13.5'
 type: ops
 group: group::database
-default_enabled: false
+default_enabled: true

config/feature_flags/ops/database_reindexing.yml

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class SyncDropArtifactsPartitionIdJobIdIndex < Gitlab::Database::Migration[2.2]
+  include Gitlab::Database::PartitioningMigrationHelpers
+
+  milestone '18.0'
+  disable_ddl_transaction!
+
+  INDEX_NAME = :p_ci_job_artifacts_partition_id_job_id_idx
+
+  def up
+    remove_concurrent_partitioned_index_by_name :p_ci_job_artifacts, INDEX_NAME
+  end
+
+  def down
+    add_concurrent_partitioned_index :p_ci_job_artifacts, [:partition_id, :job_id], name: INDEX_NAME
+  end
+end

db/post_migrate/20250411093351_sync_drop_artifacts_partition_id_job_id_index.rb

@@ -0,0 +1 @@
+3edf57d181e9c073e472b33eac4b599afd3bddca2d99130e08fb58457f187cb2

db/schema_migrations/20250411093351

@@ -34490,10 +34490,6 @@ CREATE INDEX p_ci_job_artifacts_project_id_file_type_id_idx ON ONLY p_ci_job_art
 
 CREATE INDEX index_ci_job_artifacts_on_id_project_id_and_file_type ON ci_job_artifacts USING btree (project_id, file_type, id);
 
-CREATE INDEX p_ci_job_artifacts_partition_id_job_id_idx ON ONLY p_ci_job_artifacts USING btree (partition_id, job_id);
-
-CREATE INDEX index_ci_job_artifacts_on_partition_id_job_id ON ci_job_artifacts USING btree (partition_id, job_id);
-
 CREATE INDEX p_ci_job_artifacts_project_id_id_idx1 ON ONLY p_ci_job_artifacts USING btree (project_id, id);
 
 CREATE INDEX index_ci_job_artifacts_on_project_id_and_id ON ci_job_artifacts USING btree (project_id, id);
@@ -40986,8 +40982,6 @@ ALTER INDEX p_ci_job_artifacts_project_id_created_at_id_idx ATTACH PARTITION ind
 
 ALTER INDEX p_ci_job_artifacts_project_id_file_type_id_idx ATTACH PARTITION index_ci_job_artifacts_on_id_project_id_and_file_type;
 
-ALTER INDEX p_ci_job_artifacts_partition_id_job_id_idx ATTACH PARTITION index_ci_job_artifacts_on_partition_id_job_id;
-
 ALTER INDEX p_ci_job_artifacts_project_id_id_idx1 ATTACH PARTITION index_ci_job_artifacts_on_project_id_and_id;
 
 ALTER INDEX p_ci_job_artifacts_project_id_idx1 ATTACH PARTITION index_ci_job_artifacts_on_project_id_for_security_reports;

db/structure.sql

@@ -257,7 +257,7 @@ echo $AIGW_CUSTOM_MODELS__ENABLED # must be true
 ```
 
 If the environment variables are not set up correctly, set them by
-[creating a container](../../install/install_ai_gateway.md#find-the-ai-gateway-release).
+[creating a container](../../install/install_ai_gateway.md#find-the-ai-gateway-image).
 
 ## Check if the model is reachable from AI gateway
 
@@ -295,7 +295,7 @@ If not successful, verify your network configurations.
 
 ## The image's platform does not match the host
 
-When [finding the AI gateway release](../../install/install_ai_gateway.md#find-the-ai-gateway-release),
+When [finding the AI gateway release](../../install/install_ai_gateway.md#find-the-ai-gateway-image),
 you might get an error that states `The requested image's platform (linux/amd64) does not match the detected host`.
 
 To work around this error, add `--platform linux/amd64` to the `docker run` command:

doc/administration/gitlab_duo_self_hosted/troubleshooting.md

@@ -387,16 +387,17 @@ Starting with GitLab 17.1, migrations are executed in an
 
 ## Rebuild database indexes
 
-{{< details >}}
+{{< history >}}
 
-- Status: Experiment
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42705) in GitLab 13.5 [with a flag](../../administration/feature_flags.md) named `database_reindexing`. Disabled by default.
+- [Enabled on GitLab.com](https://gitlab.com/groups/gitlab-org/-/epics/3989) in GitLab 13.9.
+- [Enabled on GitLab Self-Managed and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/188548) in GitLab 18.0.
 
-{{< /details >}}
+{{< /history >}}
 
 {{< alert type="warning" >}}
 
-This feature is experimental, and isn't enabled by default. Use caution when
-running in a production environment, and run during off-peak times.
+Use with caution when running in a production environment, and run during off-peak times.
 
 {{< /alert >}}
 
@@ -410,7 +411,6 @@ Prerequisites:
 
 - This feature requires PostgreSQL 12 or later.
 - These index types are **not supported**: expression indexes and indexes used for constraint exclusion.
-- Not enabled by default. A feature flag must be set for this task to work: `Feature.enable("database_reindexing")`
 
 ### Run reindexing
 

doc/administration/raketasks/maintenance.md

@@ -60,7 +60,7 @@ curl "https://gitlab.com/api/graphql" --header "Authorization: Bearer $GRAPHQL_T
 ```
 
 To nest strings in the query string,
-wrap the data in single quotes or escape the strings with <code>&#92;&#92;</code>:
+wrap the data in single quotes or escape the strings with ` \\ `:
 
 ```shell
 curl "https://gitlab.com/api/graphql" --header "Authorization: Bearer $GRAPHQL_TOKEN" \

doc/api/graphql/getting_started.md

@@ -26431,6 +26431,7 @@ Relationship between an epic and an issue.
 | <a id="epicissueseverity"></a>`severity` | [`IssuableSeverity`](#issuableseverity) | Severity level of the incident. |
 | <a id="epicissuesladueat"></a>`slaDueAt` | [`Time`](#time) | Timestamp of when the issue SLA expires. |
 | <a id="epicissuestate"></a>`state` | [`IssueState!`](#issuestate) | State of the issue. |
+| <a id="epicissuestatus"></a>`status` {{< icon name="warning-solid" >}} | [`WorkItemStatus`](#workitemstatus) | **Introduced** in GitLab 18.0. **Status**: Experiment. Status of the issue. |
 | <a id="epicissuestatuspagepublishedincident"></a>`statusPagePublishedIncident` | [`Boolean`](#boolean) | Indicates whether an issue is published to the status page. |
 | <a id="epicissuesubscribed"></a>`subscribed` | [`Boolean!`](#boolean) | Indicates the currently logged in user is subscribed to the issue. |
 | <a id="epicissuetaskcompletionstatus"></a>`taskCompletionStatus` | [`TaskCompletionStatus!`](#taskcompletionstatus) | Task completion status of the issue. |
@@ -29829,6 +29830,7 @@ Describes an issuable resource link for incident issues.
 | <a id="issueseverity"></a>`severity` | [`IssuableSeverity`](#issuableseverity) | Severity level of the incident. |
 | <a id="issuesladueat"></a>`slaDueAt` | [`Time`](#time) | Timestamp of when the issue SLA expires. |
 | <a id="issuestate"></a>`state` | [`IssueState!`](#issuestate) | State of the issue. |
+| <a id="issuestatus"></a>`status` {{< icon name="warning-solid" >}} | [`WorkItemStatus`](#workitemstatus) | **Introduced** in GitLab 18.0. **Status**: Experiment. Status of the issue. |
 | <a id="issuestatuspagepublishedincident"></a>`statusPagePublishedIncident` | [`Boolean`](#boolean) | Indicates whether an issue is published to the status page. |
 | <a id="issuesubscribed"></a>`subscribed` | [`Boolean!`](#boolean) | Indicates the currently logged in user is subscribed to the issue. |
 | <a id="issuetaskcompletionstatus"></a>`taskCompletionStatus` | [`TaskCompletionStatus!`](#taskcompletionstatus) | Task completion status of the issue. |

doc/api/graphql/reference/_index.md

@@ -314,7 +314,7 @@ Use one of the following methods to determine the value for `DOCKER_AUTH_CONFIG`
 
   {{< alert type="note" >}}
 
-  If your username includes special characters like `@`, you must escape them with a backslash (<code>&#92;</code>) to prevent authentication problems.
+  If your username includes special characters like `@`, you must escape them with a backslash (` \ `) to prevent authentication problems.
 
   {{< /alert >}}
 

doc/ci/docker/using_docker_images.md

@@ -233,7 +233,7 @@ with the CI/CD configuration in that file.
 The artifact path is parsed by GitLab, not the runner, so the path must match the
 syntax for the OS running GitLab. If GitLab is running on Linux but using a Windows
 runner for testing, the path separator for the trigger job is `/`. Other CI/CD
-configuration for jobs that use the Windows runner, like scripts, use <code>&#92;</code>.
+configuration for jobs that use the Windows runner, like scripts, use ` \ `.
 
 You cannot use CI/CD variables in an `include` section in a dynamic child pipeline's configuration.
 [Issue 378717](https://gitlab.com/gitlab-org/gitlab/-/issues/378717) proposes fixing

doc/ci/pipelines/downstream_pipelines.md

@@ -4153,7 +4153,7 @@ job:
   You can use CI/CD variables to define the description, but some shells
   [use different syntax](../variables/_index.md#use-cicd-variables-in-job-scripts)
   to reference variables. Similarly, some shells might require special characters
-  to be escaped. For example, backticks (`` ` ``) might need to be escaped with a backslash (<code>&#92;</code>).
+  to be escaped. For example, backticks (`` ` ``) might need to be escaped with a backslash (` \ `).
 
 #### `release:ref`