Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

app/models/ci/pipeline.rb

@@ -1216,9 +1216,17 @@ def codequality_reports
     end
 
     def terraform_reports
-      ::Gitlab::Ci::Reports::TerraformReports.new.tap do |terraform_reports|
-        latest_report_builds(::Ci::JobArtifact.of_report_type(:terraform)).each do |build|
-          build.collect_terraform_reports!(terraform_reports)
+      if Feature.enabled?(:show_child_reports_in_mr_page, project)
+        ::Gitlab::Ci::Reports::TerraformReports.new.tap do |terraform_reports|
+          latest_report_builds_in_self_and_project_descendants(::Ci::JobArtifact.of_report_type(:terraform)).each do |build|
+            build.collect_terraform_reports!(terraform_reports)
+          end
+        end
+      else
+        ::Gitlab::Ci::Reports::TerraformReports.new.tap do |terraform_reports|
+          latest_report_builds(::Ci::JobArtifact.of_report_type(:terraform)).each do |build|
+            build.collect_terraform_reports!(terraform_reports)
+          end
         end
       end
     end

app/models/merge_request.rb

@@ -2003,7 +2003,11 @@ def has_coverage_reports?
   end
 
   def has_terraform_reports?
-    diff_head_pipeline&.has_reports?(Ci::JobArtifact.of_report_type(:terraform))
+    if Feature.enabled?(:show_child_reports_in_mr_page, project)
+      diff_head_pipeline&.latest_report_builds_in_self_and_project_descendants(Ci::JobArtifact.of_report_type(:terraform))&.any?
+    else
+      diff_head_pipeline&.has_reports?(Ci::JobArtifact.of_report_type(:terraform))
+    end
   end
 
   def compare_accessibility_reports

config/feature_flags/wip/show_child_reports_in_mr_page.yml

@@ -0,0 +1,10 @@
+---
+name: show_child_reports_in_mr_page
+description: Propagate artifacts in child pipelines to the merge request page
+feature_issue_url: https://gitlab.com/groups/gitlab-org/-/epics/4019
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/189676
+rollout_issue_url:
+milestone: '18.0'
+group: group::pipeline execution
+type: wip
+default_enabled: false

db/docs/batched_background_migrations/update_require_dpop_for_manage_api_endpoints_to_false.yml

@@ -0,0 +1,8 @@
+---
+migration_job_name: UpdateRequireDpopForManageApiEndpointsToFalse
+description: Batched migration to update all the existing values in the require_dpop_for_manage_api_endpoints column from true to false
+feature_category: system_access
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/188396
+milestone: '18.0'
+queued_migration_version: 20250415203448
+finalized_by: # version of the migration that finalized this BBM

db/post_migrate/20250415203448_queue_update_require_dpop_for_manage_api_endpoints_to_false.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class QueueUpdateRequireDpopForManageApiEndpointsToFalse < Gitlab::Database::Migration[2.2]
+  milestone '18.0'
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  MIGRATION = 'UpdateRequireDpopForManageApiEndpointsToFalse'
+
+  DELAY_INTERVAL = 2.minutes
+  BATCH_SIZE = 1000
+  SUB_BATCH_SIZE = 100
+
+  TABLE_NAME = :namespace_settings
+  COLUMN_NAME = :namespace_id
+
+  # Only numeric or time-based columns can be used to divide tables for batching so,
+  # the :namespace_id is used in place of the :require_dpop_for_manage_api_endpoints column
+  def up
+    queue_batched_background_migration(
+      MIGRATION,
+      TABLE_NAME,
+      COLUMN_NAME,
+      job_interval: DELAY_INTERVAL,
+      batch_size: BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+  end
+
+  def down
+    delete_batched_background_migration(MIGRATION, TABLE_NAME, COLUMN_NAME, [])
+  end
+end

db/schema_migrations/20250415203448

@@ -0,0 +1 @@
+aa3482fe2ad4d3c563567d60732e330d7f97733c98ff5e0cac3936e154f63226

doc/administration/appearance.md

@@ -2,14 +2,15 @@
 stage: none
 group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 description: Customize your GitLab instance appearance, including logos, favicons, sign-in pages, Progressive Web App settings, system messages, and color themes.
-title: GitLab Appearance
+title: GitLab appearance
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 
@@ -103,6 +104,12 @@ You can add also add a [customized help message](settings/help_page.md) below th
 
 ### Disable cookie-based language selector
 
+{{< details >}}
+
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
 {{< history >}}
 
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144484) in GitLab 16.10.
@@ -195,6 +202,12 @@ GitLab supports [Libravatar](https://www.libravatar.org) is for avatar images, b
 
 ## Change the color theme for all new users
 
+{{< details >}}
+
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
 To [change the default color theme](../user/profile/preferences.md#change-the-color-theme) for all new users:
 
 1. Add `gitlab_rails['gitlab_default_theme']` to your GitLab configuration file at `/etc/gitlab/gitlab.rb`:

doc/administration/custom_project_templates.md

@@ -2,14 +2,15 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 description: Configure project templates and make them available to all projects on your GitLab instance.
 title: Custom instance-level project templates
 ---
 
 {{< details >}}
 
 - Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/diff_limits.md

@@ -2,18 +2,19 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 description: Configure the maximum diff size to display on GitLab Self-Managed.
 title: Diff limits administration
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 
-You can set a maximum size for display of diff files (patches) in GitLab Self-Managed.
+You can set a maximum size for display of diff files (patches) in GitLab Self-Managed and GitLab Dedicated.
 [Diff limits cannot be configured](../user/gitlab_com/_index.md#diff-display-limits) on GitLab.com.
 
 For details about diff files, [view changes between files](../user/project/merge_requests/changes.md).

doc/administration/email_from_gitlab.md

@@ -2,13 +2,14 @@
 stage: none
 group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Email from GitLab
 ---
 
 {{< details >}}
 
 - Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/inactive_project_deletion.md

@@ -2,13 +2,14 @@
 stage: Tenant Scale
 group: Organizations
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Inactive project deletion
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/incoming_email.md

@@ -225,8 +225,7 @@ Reply by email should now be working.
 
    {{< alert type="note" >}}
 
-   This step is necessary to avoid thread deadlocks and to support the latest MailRoom features. See
-   [this explanation](../development/emails.md#mailroom-gem-updates) for more details.
+   This step is necessary to avoid thread deadlocks and to support the latest MailRoom features.
 
    {{< /alert >}}
 

doc/administration/integration/plantuml.md

@@ -20,7 +20,7 @@ To set up the integration on your GitLab Self-Managed instance, you must [config
 
 After completing the integration, PlantUML converts `plantuml`
 blocks to an HTML image tag, with the source pointing to the PlantUML instance. The PlantUML
-diagram delimiters `@startuml`/`@enduml` aren't required, as these are replaced
+diagram delimiters `@startuml`/`@enduml` aren't required because they are replaced
 by the `plantuml` block:
 
 - Markdown files with the extension `.md`:

doc/administration/labels.md

@@ -2,13 +2,14 @@
 stage: Plan
 group: Project Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Labels administration
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/merge_requests_approvals.md

@@ -2,14 +2,15 @@
 stage: Create
 group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 description: Configure merge request approvals for your GitLab instance.
 title: Merge request approvals
 ---
 
 {{< details >}}
 
 - Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/moderate_users.md

@@ -2,13 +2,14 @@
 stage: Fulfillment
 group: Provision
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Moderate users
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 
@@ -429,6 +430,12 @@ The user is untrusted.
 
 ## Troubleshooting
 
+{{< details >}}
+
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
 When moderating users, you may need to perform bulk actions on them based on certain conditions. The following rails console scripts show some examples of this. You may [start a rails console session](operations/rails_console.md#starting-a-rails-console-session) and use scripts similar to the following:
 
 ### Deactivate users that have no recent activity

doc/administration/monitoring/performance/performance_bar.md

@@ -2,13 +2,14 @@
 stage: Systems
 group: Cloud Connector
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Performance bar
 ---
 
 {{< details >}}
 
 - Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}
 

doc/administration/monitoring/prometheus/_index.md

@@ -45,7 +45,7 @@ Prometheus runs as the `gitlab-prometheus` user and listen on
 Each exporter is automatically set up as a
 monitoring target for Prometheus, unless individually disabled.
 
-To disable Prometheus and all of its exporters, as well as any added in the future:
+To disable Prometheus and all of its exporters, and any exporters added in the future:
 
 1. Edit `/etc/gitlab/gitlab.rb`
 1. Add or find and uncomment the following lines, making sure they are set to `false`:
@@ -65,8 +65,8 @@ To disable Prometheus and all of its exporters, as well as any added in the futu
 
 {{< alert type="warning" >}}
 
-Although possible, it's not recommended to change the port Prometheus listens
-on, as this might affect or conflict with other services running on the GitLab
+You can change the port Prometheus listens on, but you should not.
+This change might affect or conflict with other services that run on the GitLab
 server. Proceed at your own risk.
 
 {{< /alert >}}
@@ -369,7 +369,7 @@ You can visit `http://localhost:9090` for the dashboard that Prometheus offers b
 
 If SSL has been enabled on your GitLab instance, you may not be able to access
 Prometheus on the same browser as GitLab if using the same FQDN due to [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security).
-[A test project exists](https://gitlab.com/gitlab-org/multi-user-prometheus) to provide access via GitLab, but in the interim there are
+[A GitLab test project exists](https://gitlab.com/gitlab-org/multi-user-prometheus) to provide access, but in the interim there are
 some workarounds: using a separate FQDN, using server IP, using a separate browser for Prometheus, resetting HSTS, or
 having [NGINX proxy it](https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-nginx-settings-into-the-gitlab-server-block).
 

doc/administration/operations/fast_ssh_key_lookup.md

@@ -101,7 +101,7 @@ To set up fast lookup with OpenSSH:
    - Self-compiled installations: If you followed the instructions for
    [installing GitLab Shell from source](../../install/installation.md#install-gitlab-shell), the command should be
    located at `/home/git/gitlab-shell/bin/gitlab-shell-authorized-keys-check`.
-   Consider creating a wrapper script somewhere else, as this command must be owned by `root`,
+   Consider creating a wrapper script somewhere else because this command must be owned by `root`,
    and not be writable by a group or others.
    Also consider changing the ownership of this command as needed, but this might require temporary
    ownership changes during `gitlab-shell` upgrades.
@@ -126,7 +126,7 @@ To set up fast lookup with OpenSSH:
       ```
 
       A successful pull or [welcome message](../../user/ssh.md#verify-that-you-can-connect)
-      means that GitLab found the key in the database, as the key is not present in the file.
+      means that GitLab found the key in the database because the key is not present in the file.
 
 If there are lookup failures, the `authorized_keys` file is still scanned.
 Git SSH performance might still be slow for many users, as long as the large file exists.
@@ -172,7 +172,7 @@ GitLab supports `authorized_keys` database lookups with [SELinux](https://en.wik
 
 Because the SELinux policy is static, GitLab doesn't support changing
 internal web server ports. Administrators would have to create a special `.te`
-file for the environment, as it isn't generated dynamically.
+file for the environment because it isn't generated dynamically.
 
 ### Additional documentation
 

doc/administration/operations/rails_console.md

@@ -530,7 +530,7 @@ user.password_confirmation = 'hunter2'
 user.save!(validate: false)
 ```
 
-This is not recommended, as validations are usually put in place to ensure the
+This is not recommended because validations are usually put in place to ensure the
 integrity and consistency of user-provided data.
 
 A validation error prevents the entire object from being saved to

doc/administration/reporting/git_abuse_rate_limit.md

@@ -2,13 +2,14 @@
 stage: Software Supply Chain Security
 group: Authorization
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+gitlab_dedicated: yes
 title: Git abuse rate limit (administration)
 ---
 
 {{< details >}}
 
 - Tier: Ultimate
-- Offering: GitLab Self-Managed
+- Offering: GitLab Self-Managed, GitLab Dedicated
 
 {{< /details >}}