Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

GITALY_SERVER_VERSION

@@ -1 +1 @@
-9b1bb2480275c22dd2157e08a2ec2f7db835657b
+dfcd599808bc659ab4fdf0efaadb606e2fe95542

Gemfile

@@ -436,7 +436,7 @@ group :development, :test do
 end
 
 group :development, :test, :danger do
-  gem 'gitlab-dangerfiles', '~> 3.6.7', require: false
+  gem 'gitlab-dangerfiles', '~> 3.7.0', require: false
 end
 
 group :development, :test, :coverage do

Gemfile.checksum

@@ -200,7 +200,7 @@
 {"name":"gitaly","version":"15.9.0.pre.rc3","platform":"ruby","checksum":"6ac64320a70417131a4b97f5dd45d4e203d60703cc3cba156561e7f8c50a4abe"},
 {"name":"gitlab","version":"4.19.0","platform":"ruby","checksum":"3f645e3e195dbc24f0834fbf83e8ccfb2056d8e9712b01a640aad418a6949679"},
 {"name":"gitlab-chronic","version":"0.10.5","platform":"ruby","checksum":"f80f18dc699b708870a80685243331290bc10cfeedb6b99c92219722f729c875"},
-{"name":"gitlab-dangerfiles","version":"3.6.7","platform":"ruby","checksum":"ebd898ec0e8ed3edea281b2f703000c502c6b412cbcadc1265ddbc31ffb0c579"},
+{"name":"gitlab-dangerfiles","version":"3.7.0","platform":"ruby","checksum":"35c5bc42e60c575ab5701192ca2384ab414b14c2963602b39e143b1aaeb7e54d"},
 {"name":"gitlab-experiment","version":"0.7.1","platform":"ruby","checksum":"166dddb3aa83428bcaa93c35684ed01dc4d61f321fd2ae40b020806dc54a7824"},
 {"name":"gitlab-fog-azure-rm","version":"1.4.0","platform":"ruby","checksum":"af4163c32b028aa5208814a3f4765a5817d50527e6c61931f766bf18a2e0eb7e"},
 {"name":"gitlab-labkit","version":"0.30.1","platform":"ruby","checksum":"bdedbd86014c83dfd6a50d20dbc1709697bba2bb9e3666383e5f28cbd312b113"},

Gemfile.lock

@@ -570,7 +570,7 @@ GEM
       terminal-table (>= 1.5.1)
     gitlab-chronic (0.10.5)
       numerizer (~> 0.2)
-    gitlab-dangerfiles (3.6.7)
+    gitlab-dangerfiles (3.7.0)
       danger (>= 8.4.5)
       danger-gitlab (>= 8.0.0)
       rake
@@ -1676,7 +1676,7 @@ DEPENDENCIES
   gettext_i18n_rails_js (~> 1.3)
   gitaly (~> 15.9.0.pre.rc3)
   gitlab-chronic (~> 0.10.5)
-  gitlab-dangerfiles (~> 3.6.7)
+  gitlab-dangerfiles (~> 3.7.0)
   gitlab-experiment (~> 0.7.1)
   gitlab-fog-azure-rm (~> 1.4.0)
   gitlab-labkit (~> 0.30.1)

app/graphql/mutations/achievements/create.rb

@@ -28,10 +28,6 @@ class Create < BaseMutation
                 required: false,
                 description: 'Description of or notes for the achievement.'
 
-      argument :revokeable, GraphQL::Types::Boolean,
-                required: true,
-                description: 'Revokeability for the achievement.'
-
       authorize :admin_achievement
 
       def resolve(args)

app/graphql/types/achievements/achievement_type.rb

@@ -32,11 +32,6 @@ class AchievementType < BaseObject
             null: true,
             description: 'Description or notes for the achievement.'
 
-      field :revokeable,
-            GraphQL::Types::Boolean,
-            null: false,
-            description: 'Revokeability of the achievement.'
-
       field :created_at,
             Types::TimeType,
             null: false,

app/models/achievements/achievement.rb

@@ -4,6 +4,9 @@ module Achievements
   class Achievement < ApplicationRecord
     include Avatarable
     include StripAttribute
+    include IgnorableColumns
+
+    ignore_column :revokable, remove_with: '15.11', remove_after: '2023-04-22'
 
     belongs_to :namespace, inverse_of: :achievements, optional: false
 

data/deprecations/15-9-secure-analyzers-bump.yml

@@ -0,0 +1,55 @@
+#
+# REQUIRED FIELDS
+#
+- title: "Secure analyzers major version update"  # (required) Clearly explain the change, or planned change. For example, "The `confidential` field for a `Note` is deprecated" or "CI/CD job names will be limited to 250 characters."
+  announcement_milestone: "15.9"  # (required) The milestone when this feature was first announced as deprecated.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  breaking_change: true  # (required) Change to false if this is not a breaking change.
+  reporter: gonzoyumo  # (required) GitLab username of the person reporting the change
+  stage: secure  # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/390912  # (required) Link to the deprecation issue in GitLab
+  body: | # Do not modify this line, instead modify the lines below.
+    The Secure stage will be bumping the major versions of its analyzers in tandem with the GitLab 16.0 release. This bump will enable a clear delineation for analyzers, between:
+
+    - Those released prior to May 22, 2023
+    - Those released after May 22, 2023
+
+    If you are not using the default included templates, or have pinned your analyzer versions you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
+    Users of GitLab 13.0-15.10 will continue to experience analyzer updates as normal until the release of GitLab 16.0, following which all newly fixed bugs and released features will be released only in the new major version of the analyzers. We do not backport bugs and features to deprecated versions as per our [maintenance policy](https://docs.gitlab.com/ee/policy/maintenance.html). As required, security patches will be backported within the latest 3 minor releases.
+    Specifically, the following are being deprecated and will no longer be updated after 16.0 GitLab release:
+
+    - API Fuzzing: version 2
+    - Container Scanning: version 5
+    - Coverage-guided fuzz testing: version 3
+    - Dependency Scanning: version 3
+    - Dynamic Application Security Testing (DAST): version 3
+    - DAST API: version 2
+    - IaC Scanning: version 3
+    - License Scanning: version 4
+    - Secret Detection: version 4
+    - Static Application Security Testing (SAST): version 3 of [all analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks)
+      - `brakeman`: version 3
+      - `flawfinder`: version 3
+      - `kubesec`: version 3
+      - `mobsf`: version 3
+      - `nodejs-scan`: version 3
+      - `phpcs-security-audit`: version 3
+      - `pmd-apex`: version 3
+      - `security-code-scan`: version 3
+      - `semgrep`: version 3
+      - `sobelow`: version 3
+      - `spotbugs`: version 3
+#
+# OPTIONAL END OF SUPPORT FIELDS
+#
+# If an End of Support period applies, the announcement should be shared with GitLab Support
+# in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
+#
+  end_of_support_milestone: # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  #
+  # OTHER OPTIONAL FIELDS
+  #
+  tiers: [Free, Silver, Gold, Core, Premium, Ultimate] # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url: # (optional) This is a link to the current documentation page
+  image_url: # (optional) This is a link to a thumbnail image depicting the feature
+  video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg

data/deprecations/15-9-source-code-route-deprecation.yml

@@ -0,0 +1,30 @@
+- title: "Legacy URLs replaced or removed"
+  announcement_milestone: "15.9"
+  removal_milestone: "16.0"
+  breaking_change: true
+  reporter: tlinz
+  stage: Create
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/214217
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    GitLab 16.0 removes legacy URLs from the GitLab application.
+
+    When subgroups were introduced in GitLab 9.0, a `/-/` delimiter was added to URLs to signify the end of a group path. All GitLab URLs now use this delimiter for project, group, and instance level features.
+
+    URLs that do not use the `/-/` delimiter are planned for removal in GitLab 16.0. For the full list of these URLs, along with their replacements, see [issue 28848](https://gitlab.com/gitlab-org/gitlab/-/issues/28848#release-notes).
+
+    Update any scripts or bookmarks that reference the legacy URLs. GitLab APIs are not affected by this change.
+
+#
+# OPTIONAL END OF SUPPORT FIELDS
+#
+# If an End of Support period applies, the announcement should be shared with GitLab Support
+# in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR.
+#
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  #
+  # OTHER OPTIONAL FIELDS
+  #
+  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url:  # (optional) This is a link to the current documentation page
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:

doc/api/graphql/reference/index.md

@@ -742,7 +742,6 @@ Input type: `AchievementsCreateInput`
 | <a id="mutationachievementscreatedescription"></a>`description` | [`String`](#string) | Description of or notes for the achievement. |
 | <a id="mutationachievementscreatename"></a>`name` | [`String!`](#string) | Name for the achievement. |
 | <a id="mutationachievementscreatenamespaceid"></a>`namespaceId` | [`NamespaceID!`](#namespaceid) | Namespace for the achievement. |
-| <a id="mutationachievementscreaterevokeable"></a>`revokeable` | [`Boolean!`](#boolean) | Revokeability for the achievement. |
 
 #### Fields
 
@@ -10507,7 +10506,6 @@ Representation of a GitLab user.
 | <a id="achievementid"></a>`id` | [`AchievementsAchievementID!`](#achievementsachievementid) | ID of the achievement. |
 | <a id="achievementname"></a>`name` | [`String!`](#string) | Name of the achievement. |
 | <a id="achievementnamespace"></a>`namespace` | [`Namespace!`](#namespace) | Namespace of the achievement. |
-| <a id="achievementrevokeable"></a>`revokeable` | [`Boolean!`](#boolean) | Revokeability of the achievement. |
 | <a id="achievementupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp the achievement was last updated. |
 
 ### `AgentConfiguration`

doc/api/projects.md

@@ -2606,6 +2606,7 @@ POST /projects/:id/housekeeping
 | Attribute | Type           | Required               | Description |
 |-----------|----------------|------------------------|-------------|
 | `id`      | integer or string | **{check-circle}** Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
+| `task`   | string           | **{dotted-circle}** No | `prune` to trigger manual prune of unreachable objects or `eager` to trigger eager housekeeping. |
 
 ## Push rules **(PREMIUM)**
 

doc/development/contributing/merge_request_workflow.md

@@ -132,7 +132,7 @@ Commit messages should follow the guidelines below, for reasons explained by Chr
 - The commit subject or body must not contain Emojis.
 - Commits that change 30 or more lines across at least 3 files should
   describe these changes in the commit body.
-- Use issues and merge requests' full URLs instead of short references,
+- Use issues, milestones, and merge requests' full URLs instead of short references,
   as they are displayed as plain text outside of GitLab.
 - The merge request should not contain more than 10 commit messages.
 - The commit subject should contain at least 3 words.

doc/update/deprecations.md

@@ -254,6 +254,26 @@ To be prepared for this change, you should do the following before GitLab 16.0:
 
 </div>
 
+<div class="deprecation removal-160 breaking-change">
+
+### Legacy URLs replaced or removed
+
+Planned removal: GitLab <span class="removal-milestone">16.0</span> <span class="removal-date"></span>
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+GitLab 16.0 removes legacy URLs from the GitLab application.
+
+When subgroups were introduced in GitLab 9.0, a `/-/` delimiter was added to URLs to signify the end of a group path. All GitLab URLs now use this delimiter for project, group, and instance level features.
+
+URLs that do not use the `/-/` delimiter are planned for removal in GitLab 16.0. For the full list of these URLs, along with their replacements, see [issue 28848](https://gitlab.com/gitlab-org/gitlab/-/issues/28848#release-notes).
+
+Update any scripts or bookmarks that reference the legacy URLs. GitLab APIs are not affected by this change.
+
+</div>
+
 <div class="deprecation removal-170 breaking-change">
 
 ### Load Performance Testing is deprecated
@@ -322,6 +342,49 @@ that is available now. We recommend this alternative solution because it provide
 
 </div>
 
+<div class="deprecation removal-160 breaking-change">
+
+### Secure analyzers major version update
+
+Planned removal: GitLab <span class="removal-milestone">16.0</span> <span class="removal-date"></span>
+
+WARNING:
+This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
+Review the details carefully before upgrading.
+
+The Secure stage will be bumping the major versions of its analyzers in tandem with the GitLab 16.0 release. This bump will enable a clear delineation for analyzers, between:
+
+- Those released prior to May 22, 2023
+- Those released after May 22, 2023
+
+If you are not using the default included templates, or have pinned your analyzer versions you will need to update your CI/CD job definition to either remove the pinned version or to update the latest major version.
+Users of GitLab 13.0-15.10 will continue to experience analyzer updates as normal until the release of GitLab 16.0, following which all newly fixed bugs and released features will be released only in the new major version of the analyzers. We do not backport bugs and features to deprecated versions as per our [maintenance policy](https://docs.gitlab.com/ee/policy/maintenance.html). As required, security patches will be backported within the latest 3 minor releases.
+Specifically, the following are being deprecated and will no longer be updated after 16.0 GitLab release:
+
+- API Fuzzing: version 2
+- Container Scanning: version 5
+- Coverage-guided fuzz testing: version 3
+- Dependency Scanning: version 3
+- Dynamic Application Security Testing (DAST): version 3
+- DAST API: version 2
+- IaC Scanning: version 3
+- License Scanning: version 4
+- Secret Detection: version 4
+- Static Application Security Testing (SAST): version 3 of [all analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks)
+  - `brakeman`: version 3
+  - `flawfinder`: version 3
+  - `kubesec`: version 3
+  - `mobsf`: version 3
+  - `nodejs-scan`: version 3
+  - `phpcs-security-audit`: version 3
+  - `pmd-apex`: version 3
+  - `security-code-scan`: version 3
+  - `semgrep`: version 3
+  - `sobelow`: version 3
+  - `spotbugs`: version 3
+
+</div>
+
 <div class="deprecation removal-170 breaking-change">
 
 ### Single database connection is deprecated

lib/api/projects.rb

@@ -868,11 +868,14 @@ def add_import_params(params)
         ]
         tags %w[projects]
       end
+      params do
+        optional :task, type: Symbol, default: :eager, values: %i[eager prune], desc: '`prune` to trigger manual prune of unreachable objects or `eager` to trigger eager housekeeping.'
+      end
       post ':id/housekeeping', feature_category: :source_code_management do
         authorize_admin_project
 
         begin
-          ::Repositories::HousekeepingService.new(user_project, :eager).execute
+          ::Repositories::HousekeepingService.new(user_project, params[:task]).execute
         rescue ::Repositories::HousekeepingService::LeaseTaken => error
           conflict!(error.message)
         end

spec/bin/feature_flag_spec.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
-require 'fast_spec_helper'
-require 'rspec-parameterized'
+require 'spec_helper'
 
 load File.expand_path('../../bin/feature-flag', __dir__)
 
-RSpec.describe 'bin/feature-flag' do
+RSpec.describe 'bin/feature-flag', feature_category: :feature_flags do
   using RSpec::Parameterized::TableSyntax
 
   describe FeatureFlagCreator do

spec/graphql/types/achievements/achievement_type_spec.rb

@@ -12,7 +12,6 @@
       name
       avatar_url
       description
-      revokeable
       created_at
       updated_at
     ]

spec/lib/gitlab/ci/build/rules/rule/clause/if_spec.rb

@@ -1,10 +1,8 @@
 # frozen_string_literal: true
 
-require 'fast_spec_helper'
-require 'support/helpers/stubbed_feature'
-require 'support/helpers/stub_feature_flags'
+require 'spec_helper'
 
-RSpec.describe Gitlab::Ci::Build::Rules::Rule::Clause::If do
+RSpec.describe Gitlab::Ci::Build::Rules::Rule::Clause::If, feature_category: :continuous_integration do
   include StubFeatureFlags
 
   subject(:if_clause) { described_class.new(expression) }

spec/lib/gitlab/ci/pipeline/expression/lexeme/matches_spec.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-require 'fast_spec_helper'
-require 'support/helpers/stubbed_feature'
-require 'support/helpers/stub_feature_flags'
-require_dependency 're2'
+require 'spec_helper'
 
-RSpec.describe Gitlab::Ci::Pipeline::Expression::Lexeme::Matches do
+RSpec.describe Gitlab::Ci::Pipeline::Expression::Lexeme::Matches, feature_category: :continuous_integration do
   include StubFeatureFlags
 
   let(:left) { double('left') }

spec/lib/gitlab/ci/pipeline/expression/lexeme/not_matches_spec.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-require 'fast_spec_helper'
-require 'support/helpers/stubbed_feature'
-require 'support/helpers/stub_feature_flags'
-require_dependency 're2'
+require 'spec_helper'
 
-RSpec.describe Gitlab::Ci::Pipeline::Expression::Lexeme::NotMatches do
+RSpec.describe Gitlab::Ci::Pipeline::Expression::Lexeme::NotMatches, feature_category: :continuous_integration do
   include StubFeatureFlags
 
   let(:left) { double('left') }

spec/requests/api/graphql/mutations/achievements/create_spec.rb

@@ -13,15 +13,13 @@
   let(:mutation) { graphql_mutation(:achievements_create, params) }
   let(:name) { 'Name' }
   let(:description) { 'Description' }
-  let(:revokeable) { false }
   let(:avatar) { fixture_file_upload("spec/fixtures/dk.png") }
   let(:params) do
     {
       namespace_id: group.to_global_id,
       name: name,
       avatar: avatar,
-      description: description,
-      revokeable: revokeable
+      description: description
     }
   end
 
@@ -70,8 +68,7 @@ def mutation_response
       expect(graphql_data_at(:achievements_create, :achievement)).to match a_hash_including(
         'name' => name,
         'namespace' => a_hash_including('id' => group.to_global_id.to_s),
-        'description' => description,
-        'revokeable' => revokeable
+        'description' => description
       )
     end
   end