Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml

@@ -167,7 +167,6 @@ e2e-test-report:
 upload-knapsack-report:
   extends:
     - .upload-knapsack-report
-    - .rules:report:process-results
 
 export-test-metrics:
   extends:
@@ -177,6 +176,10 @@ relate-test-failures:
   extends:
     - .relate-test-failures
 
+generate-test-session:
+  extends:
+    - .generate-test-session
+
 notify-slack:
   extends:
     - .notify-slack

.gitlab/ci/package-and-test/main.gitlab-ci.yml

@@ -502,7 +502,6 @@ e2e-test-report:
 upload-knapsack-report:
   extends:
     - .upload-knapsack-report
-    - .rules:report:process-results
 
 export-test-metrics:
   extends:

.gitlab/ci/rules.gitlab-ci.yml

@@ -1475,13 +1475,16 @@
       allow_failure: true
       variables:
         SKIP_REPORT_IN_ISSUES: "false"
+        PROCESS_TEST_RESULTS: "true"
         QA_SAVE_TEST_METRICS: "true"
         QA_EXPORT_TEST_METRICS: "false"
 
 .qa:rules:e2e:test-on-gdk:
   rules:
     - if: '$QA_RUN_TESTS_ON_GDK !~ /true|yes|1/i'
       when: never
+    - <<: *if-default-branch-schedule-nightly # already executed in the 2-hourly schedule
+      when: never
     - !reference [".qa:rules:package-and-test-common", rules]
     - !reference [".qa:rules:package-and-test-schedule", rules]
 
@@ -1506,6 +1509,7 @@
       allow_failure: true
       variables:
         KNAPSACK_GENERATE_REPORT: "true"
+        PROCESS_TEST_RESULTS: "true"
         SKIP_REPORT_IN_ISSUES: "false"
         QA_SAVE_TEST_METRICS: "true"
         QA_EXPORT_TEST_METRICS: "false"

GITALY_SERVER_VERSION

@@ -1 +1 @@
-da80ab3efcbf3dc0289aacf698ffeabc3c381275
+e66b5c2f3d56234280470d45f769779619553280

app/models/abuse/trust_score.rb

@@ -3,6 +3,7 @@
 module Abuse
   class TrustScore < ApplicationRecord
     MAX_EVENTS = 100
+    SPAMCHECK_HAM_THRESHOLD = 0.5
 
     self.table_name = 'abuse_trust_scores'
 

app/models/user.rb

@@ -1670,7 +1670,7 @@ def delete_async(deleted_by:, params: {})
       new_note = format(_("User deleted own account on %{timestamp}"), timestamp: Time.zone.now)
       self.note = "#{new_note}\n#{note}".strip
 
-      block
+      block_or_ban
 
       DeleteUserWorker.perform_in(DELETION_DELAY_IN_DAYS, deleted_by.id, id, params.to_h)
     else
@@ -2256,6 +2256,10 @@ def namespace_commit_email_for_project(project)
       namespace_commit_emails.find_by(namespace: project.root_namespace)
   end
 
+  def spammer?
+    spam_score > Abuse::TrustScore::SPAMCHECK_HAM_THRESHOLD
+  end
+
   def spam_score
     abuse_trust_scores.spamcheck.average(:score) || 0.0
   end
@@ -2313,6 +2317,30 @@ def consume_otp!
 
   private
 
+  def block_or_ban
+    if spammer? && account_age_in_days < 7
+      ban_and_report
+    else
+      block
+    end
+  end
+
+  def ban_and_report
+    msg = 'Potential spammer account deletion'
+    attrs = { user_id: id, reporter: User.security_bot, category: 'spam' }
+    abuse_report = AbuseReport.find_by(attrs)
+
+    if abuse_report.nil?
+      abuse_report = AbuseReport.create!(attrs.merge(message: msg))
+    else
+      abuse_report.update(message: "#{abuse_report.message}\n\n#{msg}")
+    end
+
+    UserCustomAttribute.set_banned_by_abuse_report(abuse_report)
+
+    ban
+  end
+
   def pbkdf2?
     return false unless otp_backup_codes&.any?
 

app/models/user_custom_attribute.rb

@@ -35,6 +35,14 @@ def sessions
         .select(:value)
     end
 
+    def set_banned_by_abuse_report(abuse_report)
+      return unless abuse_report
+
+      custom_attribute = { user_id: abuse_report.user.id, key: AUTO_BANNED_BY_ABUSE_REPORT_ID, value: abuse_report.id }
+
+      upsert_custom_attributes([custom_attribute])
+    end
+
     private
 
     def blocked_users

app/views/shared/notes/_notes_with_form.html.haml

@@ -1,7 +1,7 @@
 - issuable = @issue || @merge_request
 - discussion_locked = issuable&.discussion_locked?
 
-%ul#notes-list.notes.main-notes-list.timeline
+%ul#notes-list.notes.main-notes-list.timeline{ data: { 'qa_selector': 'notes_list' } }
   = render "shared/notes/notes"
 
 = render 'shared/notes/edit_form', project: @project

doc/administration/geo/setup/index.md

@@ -21,14 +21,24 @@ type: howto
 
 ## Using Omnibus GitLab
 
-If you installed GitLab using the Omnibus packages (highly recommended):
+If you installed GitLab using the Omnibus packages (highly recommended), the process for setting up Geo depends on whether you need to set up
+a single-node Geo site or a multi-node Geo site.
+
+### Single-node Geo sites
+
+If both Geo sites are based on the [1K reference architecture](../../reference_architectures/1k_users.md):
 
 1. [Set up the database replication](database.md) (`primary (read-write) <-> secondary (read-only)` topology).
 1. [Configure GitLab](../replication/configuration.md) to set the **primary** and **secondary** sites.
 1. Optional: [Configure Object storage](../../object_storage.md)
 1. Optional: [Configure a secondary LDAP server](../../auth/ldap/index.md) for the **secondary** sites. See [notes on LDAP](../index.md#ldap).
 1. Optional: [Configure Geo secondary proxying](../secondary_proxy/index.md) to use a single, unified URL for all Geo sites. This step is recommended to accelerate most read requests while transparently proxying writes to the primary Geo site.
 1. Follow the [Using a Geo Site](../replication/usage.md) guide.
+ 
+### Multi-node Geo sites
+
+If one or more of your sites is using the [2K reference architecture](../../reference_architectures/2k_users.md) or larger, see
+[Configure Geo for multiple nodes](../replication/multiple_servers.md).
 
 ## Using GitLab Charts
 

locale/gitlab.pot

@@ -39754,7 +39754,7 @@ msgstr ""
 msgid "ScanExecutionPolicy|Run a %{scan} scan on runner that %{tags}"
 msgstr ""
 
-msgid "ScanExecutionPolicy|Run a %{scan} scan with %{dastProfiles} with tags %{tags}"
+msgid "ScanExecutionPolicy|Run a %{scan} scan with %{dastProfiles} on runner that %{tags}"
 msgstr ""
 
 msgid "ScanExecutionPolicy|Scanner profile"

qa/qa/page/component/snippet.rb

@@ -70,6 +70,10 @@ def self.included(base)
             element :note_author_content
           end
 
+          base.view 'app/views/shared/notes/_notes_with_form.html.haml' do
+            element :notes_list
+          end
+
           base.view 'app/views/projects/notes/_more_actions_dropdown.html.haml' do
             element :more_actions_dropdown
             element :delete_comment_button
@@ -216,6 +220,10 @@ def has_comment_content?(comment_content)
           end
         end
 
+        def within_notes_list(&block)
+          within_element :notes_list, &block
+        end
+
         def has_syntax_highlighting?(language)
           within_element(:blob_viewer_file_content) do
             find('.line')['lang'].to_s == language

qa/qa/page/group/menu.rb

@@ -16,6 +16,8 @@ class Menu < Page::Base
         end
 
         def click_group_members_item
+          return go_to_members if Runtime::Env.super_sidebar_enabled?
+
           hover_group_information do
             within_submenu do
               click_element(:sidebar_menu_item_link, menu_item: 'Members')

qa/qa/specs/features/browser_ui/3_create/snippet/add_comment_to_snippet_spec.rb

@@ -66,15 +66,19 @@ def delete_comment
       end
 
       def verify_comment_content(author, comment_content)
-        Page::Dashboard::Snippet::Show.perform do |comment|
-          expect(comment).to have_comment_author(author)
-          expect(comment).to have_comment_content(comment_content)
+        Page::Dashboard::Snippet::Show.perform do |snippet|
+          expect(snippet).to have_comment_author(author)
+          expect(snippet).to have_comment_content(comment_content)
         end
       end
 
       def verify_comment_deleted
-        expect(page).not_to have_content(comment_author.username)
-        expect(page).not_to have_content(edited_comment_content)
+        Page::Dashboard::Snippet::Show.perform do |snippet|
+          snippet.within_notes_list do
+            expect(snippet).not_to have_content(comment_author.username)
+            expect(snippet).not_to have_content(edited_comment_content)
+          end
+        end
       end
     end
   end

spec/models/user_custom_attribute_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe UserCustomAttribute do
+RSpec.describe UserCustomAttribute, feature_category: :user_profile do
   describe 'assocations' do
     it { is_expected.to belong_to(:user) }
   end
@@ -40,6 +40,31 @@
     end
   end
 
+  describe '.set_banned_by_abuse_report' do
+    let_it_be(:user) { create(:user) }
+    let(:abuse_report) { create(:abuse_report, user: user) }
+
+    subject { UserCustomAttribute.set_banned_by_abuse_report(abuse_report) }
+
+    it 'adds the abuse report ID to user custom attributes' do
+      subject
+
+      custom_attribute = user.custom_attributes.by_key(UserCustomAttribute::AUTO_BANNED_BY_ABUSE_REPORT_ID).first
+      expect(custom_attribute.value).to eq(abuse_report.id.to_s)
+    end
+
+    context 'when abuse report is nil' do
+      let(:abuse_report) { nil }
+
+      it 'does not update custom attributes' do
+        subject
+
+        custom_attribute = user.custom_attributes.by_key(UserCustomAttribute::AUTO_BANNED_BY_ABUSE_REPORT_ID).first
+        expect(custom_attribute).to be_nil
+      end
+    end
+  end
+
   describe '#upsert_custom_attributes' do
     subject { UserCustomAttribute.upsert_custom_attributes(custom_attributes) }