Add latest changes from gitlab-org/gitlab@master

2023-09-06 00:11:07 +00:00 · 2023-09-06 00:11:07 +00:00 · 2c39efa458
parent 6f8fe64503
commit 2c39efa458
16 changed files with 68 additions and 20 deletions
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@ -47,8 +47,8 @@ logHelloDeferred();

 applyGitLabUIConfig({
  translations: {
-    'SearchBoxByType.input.placeholder': __('Search'),
-    'SearchBoxByType.clearButtonTitle': __('Clear'),
+    'GlSearchBoxByType.input.placeholder': __('Search'),
+    'GlSearchBoxByType.clearButtonTitle': __('Clear'),
    'ClearIconButton.title': __('Clear'),
  },
 });
--- a/app/helpers/registrations_helper.rb
+++ b/app/helpers/registrations_helper.rb
@ -7,7 +7,7 @@ module RegistrationsHelper
      min_length_message: s_('SignUp|Username is too short (minimum is %{min_length} characters).') % { min_length: User::MIN_USERNAME_LENGTH },
      max_length: User::MAX_USERNAME_LENGTH,
      max_length_message: s_('SignUp|Username is too long (maximum is %{max_length} characters).') % { max_length: User::MAX_USERNAME_LENGTH },
-      qa_selector: 'new_user_username_field'
+      testid: 'new_user_username_field'
    }
  end

--- a/db/migrate/20230814203548_add_merged_commit_sha_to_merge_requests.rb
+++ b/db/migrate/20230814203548_add_merged_commit_sha_to_merge_requests.rb
@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddMergedCommitShaToMergeRequests < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      add_column :merge_requests, :merged_commit_sha, :bytea unless column_exists?(:merge_requests, :merged_commit_sha)
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :merge_requests, :merged_commit_sha if column_exists?(:merge_requests, :merged_commit_sha)
+    end
+  end
+end
--- a/db/post_migrate/20230822154640_add_async_index_on_merge_requests_target_project_id_and_merged_commit_sha.rb
+++ b/db/post_migrate/20230822154640_add_async_index_on_merge_requests_target_project_id_and_merged_commit_sha.rb
@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddAsyncIndexOnMergeRequestsTargetProjectIdAndMergedCommitSha < Gitlab::Database::Migration[2.1]
+  INDEX_NAME = 'index_merge_requests_on_target_project_id_and_merged_commit_sha'
+  INDEX_COLUMNS = %i[target_project_id merged_commit_sha]
+
+  disable_ddl_transaction!
+
+  # TODO: Index to be created synchronously in https://gitlab.com/gitlab-org/gitlab/-/issues/418822
+  def up
+    prepare_async_index :merge_requests, INDEX_COLUMNS, name: INDEX_NAME
+  end
+
+  def down
+    unprepare_async_index :merge_requests, INDEX_COLUMNS, name: INDEX_NAME
+  end
+end
--- a/db/schema_migrations/20230814203548
+++ b/db/schema_migrations/20230814203548
@ -0,0 +1 @@
+0822d768380c459e390828924e6723a4a878cd217b1159f2d8ab12f78718fef7
--- a/db/schema_migrations/20230822154640
+++ b/db/schema_migrations/20230822154640
@ -0,0 +1 @@
+9d9a99ad2fb472d71f625cb7cc668d096b88b12064a9a14ac556f490127b1806
--- a/db/structure.sql
+++ b/db/structure.sql
@ -18594,6 +18594,7 @@ CREATE TABLE merge_requests (
    merge_ref_sha bytea,
    draft boolean DEFAULT false NOT NULL,
    prepared_at timestamp with time zone,
+    merged_commit_sha bytea,
    CONSTRAINT check_970d272570 CHECK ((lock_version IS NOT NULL))
 );

--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@ -1498,9 +1498,12 @@ For a replication factor:
 > [Introduced](https://gitlab.com/gitlab-org/gitaly/-/issues/4080) in GitLab 15.0.

 Praefect stores metadata about the repositories in a database. If the repositories are modified on disk
-without going through Praefect, the metadata can become inaccurate. Because the metadata is used for replication
-and routing decisions, any inaccuracies may cause problems. Praefect contains a background worker that
-periodically verifies the metadata against the actual state on the disks. The worker:
+without going through Praefect, the metadata can become inaccurate. For example if a Gitaly node is
+rebuilt, rather than being replaced with a new node, repository verification ensures this is detected.
+
+The metadata is used for replication and routing decisions, so any inaccuracies may cause problems.
+Praefect contains a background worker that periodically verifies the metadata against the actual state on the disks.
+The worker:

 1. Picks up a batch of replicas to verify on healthy storages. The replicas are either unverified or have exceeded
   the configured verification interval. Replicas that have never been verified are prioritized, followed by
@ -1512,8 +1515,8 @@ periodically verifies the metadata against the actual state on the disks. The wo

 The worker acquires an exclusive verification lease on each of the replicas it is about to verify. This avoids multiple
 workers from verifying the same replica concurrently. The worker releases the leases when it has completed its check.
-Praefect contains a background goroutine that releases stale leases every 10 seconds when workers are terminated for
-some reason without releasing the lease.
+If workers are terminated for some reason without releasing the lease, Praefect contains a background goroutine
+that releases stale leases every 10 seconds.

 The worker logs each of the metadata removals prior to executing them. The `perform_deletions` key
 indicates whether the invalid metadata records are actually deleted or not. For example:
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@ -103,7 +103,7 @@ The following vulnerability scanners and their databases are regularly updated:
 |:----------------------------------------------------------------|:---------------------------------|
 | [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. GitLab monitors this job through an internal alert that tells the engineering team when the database becomes more than 48 hours old. For more information, see the [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database). |
 | [Dependency Scanning](dependency_scanning/index.md)          | Relies on the [GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db). It is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
-| [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
+| [Dynamic Application Security Testing (DAST)](dast/index.md) | [DAST proxy-based](dast/proxy-based.md) and [browser-based](dast/browser_based.md) engines are updated on a periodic basis. [DAST proxy-based](dast/proxy-based.md) analyzer downloads the scanning rules at scan runtime. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L27). [DAST browser-based](dast/browser_based.md) rules run [different vulnerability checks](dast/checks/index.md). |
 | [Secret Detection](secret_detection/index.md#detected-secrets) | GitLab maintains the [detection rules](secret_detection/index.md#detected-secrets) and [accepts community contributions](secret_detection/index.md#adding-new-patterns). The scanning engine is updated at least once per month if a relevant update is available. |
 | [Static Application Security Testing (SAST)](sast/index.md)  | The source of scan rules depends on which [analyzer](sast/analyzers.md) is used for each [supported programming language](sast/index.md#supported-languages-and-frameworks). GitLab maintains a ruleset for the Semgrep-based analyzer and updates it regularly based on internal research and user feedback. For other analyzers, the ruleset is sourced from the upstream open-source scanner. Each analyzer is updated at least once per month if a relevant update is available. |

--- a/doc/user/application_security/policies/scan-execution-policies.md
+++ b/doc/user/application_security/policies/scan-execution-policies.md
@ -97,7 +97,7 @@ the following sections and tables provide an alternative.
 ## `pipeline` rule type

 > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default.
-> - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2.
+> - Generally available in GitLab 16.2. Feature flag `security_policies_branch_type` removed.

 This rule enforces the defined actions whenever the pipeline runs for a selected branch.

@ -112,7 +112,7 @@ This rule enforces the defined actions whenever the pipeline runs for a selected
 ## `schedule` rule type

 > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default.
-> - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2.
+> - Generally available in GitLab 16.2. Feature flag `security_policies_branch_type` removed.

 This rule schedules a scan pipeline, enforcing the defined actions on the schedule defined in the `cadence` field. A scheduled pipeline does not run other jobs defined in the project's `.gitlab-ci.yml` file. When a project is linked to a security policy project, a security policy bot is created in the project and will become the author of any scheduled pipelines.

--- a/package.json
+++ b/package.json
@ -60,7 +60,7 @@
    "@gitlab/favicon-overlay": "2.0.0",
    "@gitlab/fonts": "^1.3.0",
    "@gitlab/svgs": "3.61.0",
-    "@gitlab/ui": "66.3.1",
+    "@gitlab/ui": "66.4.0",
    "@gitlab/visual-review-tools": "1.7.3",
    "@gitlab/web-ide": "0.0.1-dev-20230821141730",
    "@mattiasbuelens/web-streams-adapter": "^0.1.0",
--- a/qa/lib/gitlab/page/main/sign_up.rb
+++ b/qa/lib/gitlab/page/main/sign_up.rb
@ -10,7 +10,7 @@ module Gitlab
        text_field :first_name, 'data-qa-selector': 'new_user_first_name_field'
        text_field :last_name, 'data-qa-selector': 'new_user_last_name_field'

-        text_field :username, 'data-qa-selector': 'new_user_username_field'
+        text_field :username, 'data-testid': 'new_user_username_field'

        text_field :email, 'data-qa-selector': 'new_user_email_field'
        text_field :password, 'data-qa-selector': 'new_user_password_field'
--- a/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/group_access_token_spec.rb
@ -30,7 +30,11 @@ module QA

      it(
        'can be used to commit via the API',
-        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/367067'
+        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/367067',
+        quarantine: {
+          type: :flaky,
+          issue: "https://gitlab.com/gitlab-org/gitlab/-/issues/396615"
+        }
      ) do
        expect do
          Resource::Repository::Commit.fabricate_via_api! do |commit|
--- a/spec/features/invites_spec.rb
+++ b/spec/features/invites_spec.rb
@ -31,11 +31,15 @@ RSpec.describe 'Group or Project invitations', :aggregate_failures, feature_cate

    wait_for_all_requests

-    expect(page).to have_selector('.gl-field-success-outline')
+    expect_username_to_be_validated

    click_button submit_button_text
  end

+  def expect_username_to_be_validated
+    expect(page).to have_selector('[data-testid="new_user_username_field"].gl-field-success-outline')
+  end
+
  def fill_in_welcome_form
    select 'Software Developer', from: 'user_role'
    click_button 'Get started!'
--- a/spec/helpers/registrations_helper_spec.rb
+++ b/spec/helpers/registrations_helper_spec.rb
@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe RegistrationsHelper, feature_category: :user_management do
  describe '#signup_username_data_attributes' do
    it 'has expected attributes' do
-      expect(helper.signup_username_data_attributes.keys).to include(:min_length, :min_length_message, :max_length, :max_length_message, :qa_selector)
+      expect(helper.signup_username_data_attributes.keys).to include(:min_length, :min_length_message, :max_length, :max_length_message, :testid)
    end
  end

--- a/yarn.lock
+++ b/yarn.lock
@ -1273,10 +1273,10 @@
  resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.61.0.tgz#2434d429db1d22e128a1401a9735afab82275e0c"
  integrity sha512-GhryK81FA5NPisJjuwiCpZVALUBi6meg9njeIRLtKUuRDdp/DuaRC3WJFRtSXxVN+RG5HtUZrmv9dUQzKSZ2ZA==

-"@gitlab/ui@66.3.1":
-  version "66.3.1"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.3.1.tgz#c4f18ba9964a39ef9e841ddbe0322fc7560e3a20"
-  integrity sha512-vwj5R2BcUxp3cpfmt2bFOLaoVYX77KupauXKTFXGo8yVQngmz3QeXfKYB9dBhS9ZFReye9mqpY41gvkazLSSJg==
+"@gitlab/ui@66.4.0":
+  version "66.4.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.4.0.tgz#d7361aa1eec66f9691ba92fd69a2d73740c1edf1"
+  integrity sha512-UNXZC7mLVqFyMyBNUqbCQ4WQgtpJv9RguEO8Cqsod/2CcyznA9Z/s/aoI2mKt5Bz4PZYHkX5fH35rD+0+1Yfhw==
  dependencies:
    "@floating-ui/dom" "1.2.9"
    bootstrap-vue "2.23.1"
				`@ -0,0 +1 @@`
				`0822d768380c459e390828924e6723a4a878cd217b1159f2d8ab12f78718fef7`
				`@ -0,0 +1 @@`
				`9d9a99ad2fb472d71f625cb7cc668d096b88b12064a9a14ac556f490127b1806`