Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/rails.gitlab-ci.yml

@@ -617,8 +617,6 @@ rspec:feature-flags:
   needs:
     - job: "feature-flags-usage"
     - job: "haml-lint"
-    - job: "haml-lint ee"
-      optional: true
   before_script:
     - source scripts/utils.sh
   script:

.gitlab/ci/rules.gitlab-ci.yml

@@ -2626,17 +2626,8 @@
       changes: *static-analysis-patterns
     - <<: *if-default-refs
       changes: *code-backstage-qa-patterns
-
-.static-analysis:rules:haml-lint-ee:
-  rules:
-    - <<: *if-not-ee
-      when: never
-    - <<: *if-default-refs
-      changes: *rubocop-patterns
-    - <<: *if-default-refs
-      changes: *static-analysis-patterns
     - <<: *if-default-refs
-      changes: *code-backstage-qa-patterns
+      changes: *docs-patterns
 
 .semgrep-appsec-custom-rules:rules:
   rules:

.gitlab/ci/static-analysis.gitlab-ci.yml

@@ -129,20 +129,13 @@ haml-lint:
     - .ruby-cache
     - .static-analysis:rules:haml-lint
   script:
-    - bundle exec haml-lint --parallel app/views
+    - bundle exec haml-lint --parallel
   artifacts:
     expire_in: 31d
     when: always
     paths:
       - tmp/feature_flags/
 
-haml-lint ee:
-  extends:
-    - "haml-lint"
-    - .static-analysis:rules:haml-lint-ee
-  script:
-    - bundle exec haml-lint --parallel ee/app/views
-
 rubocop:
   extends:
     - .static-analysis-base

GITLAB_KAS_VERSION

@@ -1 +1 @@
-b5461d072019d242cca5f98cf94c56e990d08e7b
+d0c4eaaa71db47143b6147c7282569f19024f01d

app/assets/javascripts/merge_request_dashboard/components/config_dropdown.vue

@@ -102,7 +102,7 @@ export default {
           },
         });
 
-        window.navigation.reload();
+        window.location.reload();
       } catch (error) {
         this.savingPreferences = false;
 

app/assets/javascripts/packages_and_registries/package_registry/components/details/package_history_loader.vue

@@ -5,20 +5,18 @@ export default {
   components: {
     GlSkeletonLoader,
   },
-  loader: {
-    width: 580,
-    height: 80,
-  },
 };
 </script>
 
 <template>
-  <div class="gl-ml-5 md:gl-max-w-7/10">
-    <gl-skeleton-loader :width="$options.loader.width" :height="$options.loader.height">
-      <rect x="49" y="9" width="531" height="16" rx="4" />
-      <circle cx="16" cy="16" r="16" />
-      <rect x="49" y="57" width="302" height="16" rx="4" />
-      <circle cx="16" cy="64" r="16" />
-    </gl-skeleton-loader>
+  <div class="gl-my-5 gl-ml-2 gl-flex gl-h-11 gl-max-w-30 gl-flex-col gl-gap-5">
+    <div class="-gl-mt-1">
+      <gl-skeleton-loader :width="240" :height="64">
+        <circle cx="12" cy="12" r="12" />
+        <rect x="32" y="4" :width="208" height="16" rx="4" />
+        <circle cx="12" cy="52" r="12" />
+        <rect x="32" y="44" :width="200" height="16" rx="4" />
+      </gl-skeleton-loader>
+    </div>
   </div>
 </template>

app/assets/javascripts/work_items/components/design_management/design_management_widget.vue

@@ -519,8 +519,8 @@ export default {
             </li>
           </vue-draggable>
         </design-dropzone>
-        <router-view :key="$route.fullPath" :all-designs="designs" :all-versions="allVersions" />
       </template>
     </crud-component>
+    <router-view :key="$route.fullPath" :all-designs="designs" :all-versions="allVersions" />
   </div>
 </template>

app/controllers/projects/commit_controller.rb

@@ -308,11 +308,11 @@ def diffs_resource
   end
 
   def complete_diff_path
-    project_commit_path(project, commit, format: :patch)
+    project_commit_path(project, commit, format: :diff)
   end
 
   def email_format_path
-    project_commit_path(project, commit, format: :diff)
+    project_commit_path(project, commit, format: :patch)
   end
 end
 

app/controllers/projects/merge_requests_controller.rb

@@ -709,11 +709,11 @@ def diffs_resource
   end
 
   def complete_diff_path
-    merge_request_path(merge_request, format: :patch)
+    merge_request_path(merge_request, format: :diff)
   end
 
   def email_format_path
-    merge_request_path(merge_request, format: :diff)
+    merge_request_path(merge_request, format: :patch)
   end
 end
 

app/helpers/projects_helper.rb

@@ -586,6 +586,7 @@ def import_from_bitbucket_message
 
   def show_archived_project_banner?(project)
     return false unless project.present? && project.saved?
+    return false if project.marked_for_deletion?
 
     project.archived?
   end

app/views/projects/edit.html.haml

@@ -69,7 +69,7 @@
 
         = render 'export', project: @project
 
-        = render_if_exists 'projects/settings/archive'
+        = render 'projects/settings/archive'
 
         = render Pajamas::CardComponent.new do |c|
           - c.with_header do
@@ -107,7 +107,7 @@
         = render 'delete'
 - else
   - if can?(current_user, :archive_project, @project)
-    = render_if_exists 'projects/settings/archive'
+    = render 'projects/settings/archive'
   - if can?(current_user, :remove_project, @project)
     = render 'delete'
 

app/views/projects/issues/new.html.haml

@@ -1,3 +1,4 @@
+- use_work_item = Feature.enabled?(:work_item_view_for_issues, @project.group) || (Feature.enabled?(:work_items_view_preference, current_user) && current_user&.user_preference&.use_work_items_view)
 - add_page_specific_style 'page_bundles/merge_request'
 - add_page_specific_style 'page_bundles/labels'
 - add_page_specific_style 'page_bundles/issuable_list'
@@ -6,7 +7,7 @@
 - add_work_items_stylesheet
 - add_page_specific_style 'page_bundles/design_management'
 - page_title _("New Issue")
-- if Feature.disabled?(:work_items_view_preference, current_user) || !current_user&.user_preference&.use_work_items_view
+- if !use_work_item
   - add_to_breadcrumbs _("Issues"), project_issues_path(@project)
   - breadcrumb_title _("New issue")
 
@@ -23,7 +24,7 @@
   .follow-up-description
     = @issue.description
 
-- if Feature.enabled?(:work_item_view_for_issues, @project.group) || (Feature.enabled?(:work_items_view_preference, current_user) && current_user&.user_preference&.use_work_items_view)
+- if use_work_item
   #js-work-items{ data: work_items_data(@project, current_user) }
 - else
   .page-title-holder

app/views/projects/settings/_archive.html.haml

@@ -1,3 +1,4 @@
+- return if @project.marked_for_deletion?
 - return unless can?(current_user, :archive_project, @project)
 
 = render Pajamas::CardComponent.new do |c|

config/coverband.rb

@@ -15,4 +15,8 @@
   # By default Puma starts in the tmp directory to mimic Omnibus GitLab, but
   # this root path needs to be set for Coverband to identify application code.
   config.root = Rails.root.to_s
+  # This effectively disables Content Security Policy (CSP) rules for the /-/coverage endpoint.
+  # https://github.com/danmayer/coverband/issues/585 is needed to enforce CSP.
+  config.csp_policy = true
+  config.web_enable_clear = true
 end

config/routes.rb

@@ -244,6 +244,10 @@
       get '/external_redirect' => 'external_redirect/external_redirect#index'
 
       post '/collect_events', to: 'event_forward/event_forward#forward', as: :event_forwarding
+
+      if Gitlab::Utils.to_boolean(ENV['COVERBAND_ENABLED'], default: false)
+        mount Coverband::Reporters::Web.new, at: '/coverage'
+      end
     end
     # End of the /-/ scope.
 

config/sidekiq_queues.yml

@@ -895,6 +895,8 @@
   - 1
 - - security_persist_security_policies
   - 1
+- - security_pipeline_analyzers_status_update
+  - 1
 - - security_pipeline_execution_policies_run_schedule
   - 1
 - - security_process_scan_result_policy

data/whats_new/202504170001_17_11.yml

@@ -0,0 +1,59 @@
+- name: Customize compliance frameworks with requirements and compliance controls
+  description: |  # Do not modify this line, instead modify the lines below.
+    Previously, compliance frameworks in GitLab could be created as a label to identify that your project has certain compliance requirements or needs additional oversight. This label could then be used as a scoping mechanism to ensure that security policies could be enforced on all projects within a group. In this release, we are introducing a new way for compliance managers to get more in-depth compliance monitoring in GitLab through 'requirements'. With requirements, as part of a custom compliance framework, you can define specific requirements from a number of different compliance standards, laws, and regulations that must be followed as an organization. We are also expanding the number of compliance controls (previously known as compliance checks) that we offer from five to over 50! These 50 out-of-the-box (OOTB) controls can be mapped to the compliance framework requirements. These controls check particular project, security, and merge request settings across your GitLab instance to help you meet requirements under a number of different compliance standards, laws, and regulations such as SOC2, NIST, ISO 27001, and the GitLab CIS Benchmark. Adherence to these controls is reflected in standard adherence report, which is redesigned to take into account requirements and the mapping of controls to those requirements. In addition to expanding our OOTB controls, we now allow users to map requirements to external controls, which can be for items, programs, or systems that exist outside the GitLab platform. These mappings allow you to use the GitLab compliance centre as the single source of truth when it comes to your compliance monitoring and audit evidence needs.
+  stage: software_supply_chain_security
+  self-managed: true
+  gitlab-com: true
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/user/compliance/compliance_center/compliance_status_report
+  image_url: https://about.gitlab.com/images/17_11/custom_compliance_frameworks.png
+  published_at: 2025-04-17
+  release: 17.11
+- name: More AI features on GitLab Duo Self-Hosted
+  description: |  # Do not modify this line, instead modify the lines below.
+    You can now use more [GitLab Duo](https://about.gitlab.com/gitlab-duo/) features with GitLab Duo Self-Hosted in your GitLab Self-Managed instance. The following features are available in beta:
+
+      - [Root Cause Analysis](https://docs.gitlab.com/user/gitlab_duo_chat/examples/#troubleshoot-failed-cicd-jobs-with-root-cause-analysis)
+      - [Vulnerability Explanation](https://docs.gitlab.com/user/application_security/vulnerabilities/#explaining-a-vulnerability)
+      - [Vulnerability Resolution](https://docs.gitlab.com/user/application_security/vulnerabilities/#vulnerability-resolution)
+      - [AI Impact Dashboard](https://docs.gitlab.com/user/analytics/ai_impact_analytics/)
+      - [Discussion Summary](https://docs.gitlab.com/user/discussions/#summarize-issue-discussions-with-duo-chat)
+      - [Merge Request Commit Message](https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/#generate-a-merge-commit-message)
+      - [Merge Request Summary](https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/#generate-a-description-by-summarizing-code-changes)
+      - [GitLab Duo for the CLI](https://docs.gitlab.com/editor_extensions/gitlab_cli/#gitlab-duo-for-the-cli)
+
+      [Code Review Summary](https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/#summarize-a-code-review) is also available on GitLab Duo Self-Hosted as an experiment.
+  stage: ai-powered
+  self-managed: true
+  gitlab-com: false
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/administration/gitlab_duo_self_hosted/#supported-gitlab-duo-features
+  image_url: https://about.gitlab.com/images/17_11/ResizedExpandedDuoFeaturesImage.jpg
+  published_at: 2025-04-17
+  release: 17.11
+- name: Epic, issue, and task custom fields
+  description: |  # Do not modify this line, instead modify the lines below.
+    With this release, you can configure text, number, single-select, and multi-select custom fields for issues, epics, tasks, objectives, and key results. While labels have been the primary way to categorize work items up to this point, custom fields provide a more user-friendly approach for adding structured metadata to your planning artifacts.
+
+    Custom fields are configured in your top-level group and cascade to all subgroups and projects. You can map fields to one or more work item types and filter by custom field values in the issues and epics lists.
+  stage: plan
+  self-managed: true
+  gitlab-com: true
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/user/work_items/custom_fields
+  image_url: https://about.gitlab.com/images/17_11/work-items-custom-fields.png
+  published_at: 2025-04-17
+  release: 17.11
+- name: CI/CD pipeline inputs
+  description: |  # Do not modify this line, instead modify the lines below.
+    CI/CD variables are essential for dynamic CI/CD workflows, and are used for many things, including as environment variables, context variables, tool configuration, and matrix variables. But developers sometimes rely on CI/CD variables to inject [pipeline variables](https://docs.gitlab.com/ci/variables/#use-pipeline-variables) into pipelines to manually modify pipeline behavior, which have some risks due to the higher precedence of pipeline variables.
+
+    In GitLab 17.11 and later, you can now use `inputs` to safely modify pipeline behavior instead of using pipeline variables, including in scheduled pipelines, downstream pipelines, triggered pipelines, and other cases. Inputs provide developers with a more structured and flexible solution for injecting dynamic content at CI/CD job runtime. After you switch to inputs, you can completely [disable access to pipeline variables](https://docs.gitlab.com/ci/variables/#restrict-pipeline-variables).
+  stage: verify
+  self-managed: true
+  gitlab-com: true
+  available_in: [Ultimate]
+  documentation_link: https://docs.gitlab.com/ci/inputs/#for-a-pipeline
+  image_url: https://about.gitlab.com/images/17_11/run_new_pipeline_spec_input.png
+  published_at: 2025-04-17
+  release: 17.11

db/docs/batched_background_migrations/backfill_issue_assignment_events_namespace_id.yml

@@ -5,4 +5,4 @@ feature_category: value_stream_management
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/174500
 milestone: '17.7'
 queued_migration_version: 20241203073525
-finalized_by: # version of the migration that finalized this BBM
+finalized_by: '20250416231848'

db/post_migrate/20250416231848_finalize_hk_backfill_issue_assignment_events_namespace_id.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class FinalizeHkBackfillIssueAssignmentEventsNamespaceId < Gitlab::Database::Migration[2.2]
+  milestone '18.0'
+
+  disable_ddl_transaction!
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main_cell
+
+  def up
+    ensure_batched_background_migration_is_finished(
+      job_class_name: 'BackfillIssueAssignmentEventsNamespaceId',
+      table_name: :issue_assignment_events,
+      column_name: :id,
+      job_arguments: [:namespace_id, :issues, :namespace_id, :issue_id],
+      finalize: true
+    )
+  end
+
+  def down; end
+end

db/schema_migrations/20250416231848

@@ -0,0 +1 @@
+2dadac9027f39659f1c8d64b5b1396c2d4c90ffef6567d0a81f8a335c1831c2b

doc/api/cluster_agents.md

@@ -604,10 +604,10 @@ Example response:
 
 ```json
 {
-"id": 1,
-"agent_id": 5,
-"url": "grpcs://agent.example.com:4242",
-"public_key": "..."
+  "id": 1,
+  "agent_id": 5,
+  "url": "grpcs://agent.example.com:4242",
+  "public_key": "..."
 }
 ```
 
@@ -667,10 +667,10 @@ Example response for JWT authentication:
 
 ```json
 {
-"id": 1,
-"agent_id": 5,
-"url": "grpcs://agent.example.com:4242",
-"public_key": "..."
+  "id": 1,
+  "agent_id": 5,
+  "url": "grpcs://agent.example.com:4242",
+  "public_key": "..."
 }
 ```
 
@@ -686,10 +686,10 @@ Example response for mTLS:
 
 ```json
 {
-"id": 1,
-"agent_id": 5,
-"url": "grpcs://agent.example.com:4242",
-"client_cert": "..."
+  "id": 1,
+  "agent_id": 5,
+  "url": "grpcs://agent.example.com:4242",
+  "client_cert": "..."
 }
 ```