Add latest changes from gitlab-org/gitlab@master

.rubocop_todo/rails/find_each.yml

@@ -11,7 +11,6 @@ Rails/FindEach:
     - 'db/post_migrate/20231003045342_migrate_sidekiq_namespaced_jobs.rb'
     - 'ee/app/workers/compliance_management/merge_requests/compliance_violations_consistency_worker.rb'
     - 'ee/lib/ee/gitlab/background_migration/create_compliance_standards_adherence.rb'
-    - 'ee/spec/elastic/migrate/20230901120542_force_reindex_commits_from_main_index_spec.rb'
     - 'ee/spec/elastic/migrate/20231004124852_reindex_and_remove_leftover_notes_from_main_index_spec.rb'
     - 'ee/spec/elastic/migrate/20231005103449_reindex_and_remove_leftover_merge_request_in_main_index_spec.rb'
     - 'ee/spec/frontend/fixtures/runner.rb'

.rubocop_todo/style/inline_disable_annotation.yml

@@ -1638,11 +1638,9 @@ Style/InlineDisableAnnotation:
     - 'ee/elastic/migrate/20230518064300_backfill_project_permissions_in_blobs.rb'
     - 'ee/elastic/migrate/20230702000000_backfill_existing_group_wiki.rb'
     - 'ee/elastic/migrate/20230703112233_reindex_commits_to_fix_permissions.rb'
-    - 'ee/elastic/migrate/20230720000000_reindex_wikis_to_fix_routing.rb'
     - 'ee/elastic/migrate/20230724070100_backfill_epics.rb'
     - 'ee/elastic/migrate/20230724151612_backfill_archived_field_in_commits.rb'
     - 'ee/elastic/migrate/20230821123542_backfill_archived_field_in_blob.rb'
-    - 'ee/elastic/migrate/20230901120542_force_reindex_commits_from_main_index.rb'
     - 'ee/elastic/migrate/20231019223356_reindex_wikis_to_fix_routing_and_backfill_archived.rb'
     - 'ee/lib/analytics/devops_adoption/snapshot_calculator.rb'
     - 'ee/lib/analytics/group_activity_calculator.rb'

app/models/work_items/widget_definition.rb

@@ -2,13 +2,16 @@
 
 module WorkItems
   class WidgetDefinition < ApplicationRecord
+    include IgnorableColumns
+
     self.table_name = 'work_item_widget_definitions'
 
-    belongs_to :namespace, optional: true
+    ignore_column :namespace_id, remove_with: '17.5', remove_after: '2024-09-19'
+
     belongs_to :work_item_type, class_name: 'WorkItems::Type', inverse_of: :widget_definitions
 
     validates :name, presence: true
-    validates :name, uniqueness: { case_sensitive: false, scope: [:namespace_id, :work_item_type_id] }
+    validates :name, uniqueness: { case_sensitive: false, scope: :work_item_type_id }
     validates :name, length: { maximum: 255 }
 
     validates :widget_options, if: :weight?,
@@ -16,7 +19,6 @@ module WorkItems
     validates :widget_options, absence: true, unless: :weight?
 
     scope :enabled, -> { where(disabled: false) }
-    scope :global, -> { where(namespace: nil) }
 
     enum widget_type: {
       assignees: 0,
@@ -49,7 +51,7 @@ module WorkItems
     attribute :widget_options, :ind_jsonb
 
     def self.available_widgets
-      global.enabled.filter_map(&:widget_class).uniq
+      enabled.filter_map(&:widget_class).uniq
     end
 
     def self.widget_classes

config/initializers/google_api_client.rb

@@ -15,3 +15,9 @@ Google::Apis::RequestOptions.default.retries = 3 if Gitlab::Utils.to_boolean(ENV
 # while using more memory at peak, see discussion in
 # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108456#note_1259008557
 Google::Apis::RequestOptions.default.upload_chunk_size = 10.megabytes
+
+logger = Gitlab::AppJsonLogger.build
+
+logger.level = Logger::INFO
+
+Google::Apis.logger = logger

doc/administration/geo/replication/troubleshooting/synchronization.md

@@ -19,13 +19,27 @@ DETAILS:
 WARNING:
 Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore.
 
-   ```ruby
-   Upload.verification_state_table_class.each_batch do |relation|
-     relation.update_all(verification_state: 0)
-   end
-   ```
+### Reverify all uploads
 
-1. This causes the primary to start checksumming all Uploads.
+```ruby
+Upload.verification_state_table_class.each_batch do |relation|
+  relation.update_all(verification_state: 0)
+end
+```
+
+### Reverify failed uploads only
+
+```ruby
+Upload.verification_state_table_class.where(verification_state: 3).each_batch do |relation|
+  relation.update_all(verification_state: 0)
+end
+```
+
+### How the reverification process works
+
+When you [reverify all uploads](#reverify-all-uploads) or [reverify failed uploads only](#reverify-failed-uploads-only):
+
+1. This causes the primary to start checksumming the Uploads depending on which commands were executed.
 1. When a primary successfully checksums a record, then all secondaries recalculate the checksum as well, and they compare the values.
 
 You can perform a similar operation with other the Models handled by the [Geo Self-Service Framework](../../../../development/geo/framework.md) which have implemented verification:

doc/administration/reference_architectures/3k_users.md

@@ -19,7 +19,7 @@ section details how to reduce this architecture's size while maintaining HA.
 For a full list of reference architectures, see
 [Available reference architectures](index.md#available-reference-architectures).
 
-> - **Target Load:** 60 RPS, Web: 6 RPS, Git (Pull): 6 RPS, Git (Push): 1 RPS
+> - **Target Load:** API: 60 RPS, Web: 6 RPS, Git (Pull): 6 RPS, Git (Push): 1 RPS
 > - **High Availability:** Yes, although [Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution
 > - **Cost calculator template:** [See cost calculator templates section](index.md#cost-calculator-templates)
 > - **Cloud Native Hybrid Alternative:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)

doc/ci/pipelines/merge_trains.md

@@ -130,6 +130,9 @@ Other merge requests can now be added to the train.
 
 ## Add a merge request to a merge train
 
+> - Auto-merge for merge trains [introduced](https://gitlab.com/groups/gitlab-org/-/epics/10874) in GitLab 17.2 [with a flag](../../administration/feature_flags.md) named `merge_when_checks_pass_merge_train`. Disabled by default.
+> - Auto-merge for merge trains [enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/470667) on GitLab.com in GitLab 17.2.
+
 Prerequisites:
 
 - You must have [permissions](../../user/permissions.md) to merge or push to the target branch.

doc/ci/secrets/gcp_secret_manager.md

@@ -127,10 +127,10 @@ job_using_gcp_sm:
 
 ## Troubleshooting
 
-### `The size of mapped attribute google.subject exceeds the 127 bytes limit` error
+### Error: The size of mapped attribute `google.subject` exceeds the 127 bytes limit
 
-A long merge request branch name can cause a job to fail with the following error if
-[the `assertion.sub` attribute](id_token_authentication.md#token-payload) is more than 127 characters:
+Long branch paths can cause a job to fail with this error, because the
+[`assertion.sub` attribute](id_token_authentication.md#token-payload) becomes longer than 127 characters:
 
 ```plaintext
 ERROR: Job failed (system failure): resolving secrets: failed to exchange sts token: googleapi: got HTTP response code 400 with body:
@@ -138,8 +138,17 @@ ERROR: Job failed (system failure): resolving secrets: failed to exchange sts to
 Either modify your attribute mapping or the incoming assertion to produce a mapped attribute that is less than 127 bytes."}
 ```
 
-For example, for a `gitlab-org/gitlab` branch, the payload would be `project_path:gitlab-org/gitlab:ref_type:branch:ref:{branch_name}`,
-so the branch name should be 76 characters or less.
+Long branch paths can be caused by:
+
+- Deeply nested subgroups.
+- Long group, repository, or branch names.
+
+For example, for a `gitlab-org/gitlab` branch, the payload is `project_path:gitlab-org/gitlab:ref_type:branch:ref:{branch_name}`.
+For the string to remain shorter than 127 characters, the branch name must be 76 characters or fewer.
+This limit is imposed by Google Cloud IAM, tracked in [Google issue #264362370](https://issuetracker.google.com/issues/264362370?pli=1).
+
+The only fix for this issue is to use shorter names
+[for your branch and repository](https://github.com/google-github-actions/auth/blob/main/docs/TROUBLESHOOTING.md#subject-exceeds-the-127-byte-limit).
 
 ### `WARNING: Not resolved: no resolver that can handle the secret` warning
 

doc/operations/incident_management/escalation_policies.md

@@ -4,16 +4,16 @@ group: Respond
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Escalation Policies
+# Escalation policies
 
 DETAILS:
 **Tier:** Premium, Ultimate
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
-Escalation Policies protect your company from missed critical alerts. Escalation Policies contain
+Escalation policies protect your company from missed critical alerts. Escalation policies contain
 time-boxed steps that automatically page the next responder in the escalation step if the responder
 in the previous step has not responded. You can create an escalation policy in the GitLab project
-where you manage [On-call schedules](oncall_schedules.md).
+where you manage [on-call schedules](oncall_schedules.md).
 
 ## Add an escalation policy
 

doc/user/project/merge_requests/auto_merge.md

@@ -19,7 +19,6 @@ DETAILS:
 FLAG:
 The availability of this feature is controlled by a feature flag.
 For more information, see the history.
-This feature is available for testing, but not ready for production use.
 
 When you enable the `merge_when_checks_pass` feature flag, if the content of a merge request is ready to merge,
 you can select **Set to auto-merge**. The merge request auto-merges when all required checks complete successfully, and you don't need to remember to manually merge the merge request.
@@ -72,6 +71,24 @@ Commenting on a merge request after you select **Auto-merge**,
 but before the pipeline completes, blocks the merge until you
 resolve all existing threads.
 
+### Auto-merge when using merge trains
+
+> - Auto-merge for merge trains [introduced](https://gitlab.com/groups/gitlab-org/-/epics/10874) in GitLab 17.2 [with a flag](../../../administration/feature_flags.md) named `merge_when_checks_pass_merge_train`. Disabled by default.
+> - Auto-merge for merge trains [enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/470667) on GitLab.com in GitLab 17.2.
+
+FLAG:
+The availability of this feature is controlled by a feature flag.
+For more information, see the history.
+
+If your project uses [merge trains](../../../ci/pipelines/merge_trains.md), you can
+use the auto-merge feature after you enable these two feature flags:
+
+- `merge_when_checks_pass`
+- `merge_when_checks_pass_merge_train`
+
+After you enable both feature flags, selecting **Set to auto-merge** on a merge request
+adds it to the merge train after all checks pass.
+
 ## Pipeline success for auto-merge
 
 If the pipeline succeeds, the merge request merges. If the pipeline fails, the author

lib/gitlab/verify/batch_verifier.rb

@@ -9,8 +9,6 @@ module Gitlab
         @batch_size = batch_size
         @start = start
         @finish = finish
-
-        fix_google_api_logger
       end
 
       # Yields a Range of IDs and a Hash of failed verifications (object => error)
@@ -68,13 +66,6 @@ module Gitlab
         [object, message]
       end
 
-      # It's already set to Logger::INFO, but acts as if it is set to
-      # Logger::DEBUG, and this fixes it...
-      def fix_google_api_logger
-        require 'google/apis'
-        Google::Apis.logger.level = Logger::INFO
-      end
-
       # This should return an ActiveRecord::Relation suitable for calling #in_batches on
       def all_relation
         raise NotImplementedError

locale/gitlab.pot

@@ -1556,12 +1556,6 @@ msgstr ""
 msgid "(Unlimited compute minutes)"
 msgstr ""
 
-msgid "(banned)"
-msgstr ""
-
-msgid "(blocked)"
-msgstr ""
-
 msgid "(check progress)"
 msgstr ""
 
@@ -1595,9 +1589,6 @@ msgstr ""
 msgid "(revoked)"
 msgstr ""
 
-msgid "(this user)"
-msgstr ""
-
 msgid "(we need your current password to confirm your changes)"
 msgstr ""
 
@@ -8191,15 +8182,6 @@ msgstr ""
 msgid "BillingPlans|10000 compute minutes"
 msgstr ""
 
-msgid "BillingPlans|100GB transfer per month"
-msgstr ""
-
-msgid "BillingPlans|10GB transfer per month"
-msgstr ""
-
-msgid "BillingPlans|250GB storage"
-msgstr ""
-
 msgid "BillingPlans|400 CI/CD minutes per month"
 msgstr ""
 
@@ -8215,15 +8197,6 @@ msgstr ""
 msgid "BillingPlans|50000 compute minutes"
 msgstr ""
 
-msgid "BillingPlans|500GB transfer per month"
-msgstr ""
-
-msgid "BillingPlans|50GB storage"
-msgstr ""
-
-msgid "BillingPlans|5GB storage"
-msgstr ""
-
 msgid "BillingPlans|@%{user_name} you are currently using the %{plan_name}."
 msgstr ""
 

spec/factories/work_items/widget_definitions.rb

@@ -3,14 +3,9 @@
 FactoryBot.define do
   factory :widget_definition, class: 'WorkItems::WidgetDefinition' do
     work_item_type
-    namespace
 
     name { 'Description' }
     widget_type { 'description' }
     widget_options { { editable: true, rollup: false } if widget_type == 'weight' }
-
-    trait :default do
-      namespace { nil }
-    end
   end
 end

spec/models/issue_spec.rb

@@ -2282,7 +2282,7 @@ RSpec.describe Issue, feature_category: :team_planning do
   end
 
   describe '#has_widget?' do
-    let_it_be(:work_item_type) { create(:work_item_type) }
+    let_it_be(:work_item_type) { create(:work_item_type).tap { |wit| wit.widget_definitions.delete_all } }
     let_it_be_with_reload(:issue) { create(:issue, project: reusable_project, work_item_type: work_item_type) }
 
     # Setting a fixed widget here so we don't get a licensed widget from the list as that could break the specs.
@@ -2300,8 +2300,7 @@ RSpec.describe Issue, feature_category: :team_planning do
         create(
           :widget_definition,
           widget_type: widget_type,
-          work_item_type: work_item_type,
-          namespace: work_item_type.namespace
+          work_item_type: work_item_type
         )
       end
 

spec/models/work_items/type_spec.rb

@@ -19,8 +19,8 @@ RSpec.describe WorkItems::Type, feature_category: :team_planning do
 
     it 'has many `enabled_widget_definitions`' do
       type = create(:work_item_type)
-      widget1 = create(:widget_definition, work_item_type: type)
-      create(:widget_definition, work_item_type: type, disabled: true)
+      widget1 = create(:widget_definition, work_item_type: type, name: 'Enabled widget')
+      create(:widget_definition, work_item_type: type, disabled: true, name: 'Disabled widget')
 
       expect(type.enabled_widget_definitions).to match_array([widget1])
     end

spec/models/work_items/widget_definition_spec.rb

@@ -41,18 +41,17 @@ RSpec.describe WorkItems::WidgetDefinition, feature_category: :team_planning do
   end
 
   describe 'associations' do
-    it { is_expected.to belong_to(:namespace) }
     it { is_expected.to belong_to(:work_item_type) }
   end
 
   describe 'validations' do
     it { is_expected.to validate_presence_of(:name) }
-    it { is_expected.to validate_uniqueness_of(:name).case_insensitive.scoped_to([:namespace_id, :work_item_type_id]) }
+    it { is_expected.to validate_uniqueness_of(:name).case_insensitive.scoped_to([:work_item_type_id]) }
     it { is_expected.to validate_length_of(:name).is_at_most(255) }
 
     describe 'widget_options' do
       subject(:widget_definition) do
-        build(:widget_definition, :default, widget_type: widget_type, widget_options: widget_options)
+        build(:widget_definition, widget_type: widget_type, widget_options: widget_options)
       end
 
       context 'when widget type is weight' do
@@ -97,24 +96,18 @@ RSpec.describe WorkItems::WidgetDefinition, feature_category: :team_planning do
 
   context 'with some widgets disabled' do
     before do
-      described_class.global.where(widget_type: :notes).update_all(disabled: true)
+      described_class.where(widget_type: :notes).update_all(disabled: true)
     end
 
     describe '.available_widgets' do
       subject { described_class.available_widgets }
 
-      it 'returns all global widgets excluding the disabled ones' do
-        # WorkItems::Widgets::Notes is excluded from widget class because:
-        # * although widget_definition below is enabled and uses notes widget, it's namespaced (has namespace != nil)
-        # * available_widgets takes into account only global definitions (which have namespace=nil)
-        namespace = create(:namespace)
-        create(:widget_definition, namespace: namespace, widget_type: :notes)
-
+      it 'returns all widgets excluding the disabled ones' do
         is_expected.to match_array(all_widget_classes - [::WorkItems::Widgets::Notes])
       end
 
-      it 'returns all global widgets if there is at least one global widget definition which is enabled' do
-        create(:widget_definition, namespace: nil, widget_type: :notes)
+      it 'returns all widgets if there is at least one widget definition which is enabled' do
+        create(:widget_definition, widget_type: :notes)
 
         is_expected.to match_array(all_widget_classes)
       end

spec/support/shared_examples/work_item_base_types_importer.rb

@@ -22,7 +22,7 @@ RSpec.shared_examples 'work item base types importer' do
     expect { subject }.to change { WorkItems::WidgetDefinition.count }
       .from(0).to(widget_mapping.values.flatten(1).count)
 
-    created_widgets = WorkItems::WidgetDefinition.global.map do |widget|
+    created_widgets = WorkItems::WidgetDefinition.all.map do |widget|
       { name: widget.work_item_type.name, type: widget.widget_type, options: widget.widget_options }
     end
     expected_widgets = widget_mapping.flat_map do |type_sym, widget_types|
@@ -51,7 +51,7 @@ RSpec.shared_examples 'work item base types importer' do
   end
 
   it 'upserts default widget definitions if they already exist and type changes' do
-    widget = WorkItems::WidgetDefinition.global.find_by_widget_type(:labels)
+    widget = WorkItems::WidgetDefinition.find_by_widget_type(:labels)
 
     widget.update!(widget_type: :assignees)
 
@@ -64,7 +64,7 @@ RSpec.shared_examples 'work item base types importer' do
   end
 
   it 'does not change default widget definitions if they already exist with changed disabled status' do
-    widget = WorkItems::WidgetDefinition.global.find_by_widget_type(:labels)
+    widget = WorkItems::WidgetDefinition.find_by_widget_type(:labels)
 
     widget.update!(disabled: true)