Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/ci/runner/admin_new_runner/admin_new_runner_app.vue

@@ -35,7 +35,10 @@ export default {
 </script>
 
 <template>
-  <runner-create-wizard v-if="glFeatures.runnerCreateWizardAdmin" />
+  <runner-create-wizard
+    v-if="glFeatures.runnerCreateWizardAdmin"
+    :runner-type="$options.INSTANCE_TYPE"
+  />
   <div v-else>
     <page-heading :heading="s__('Runners|Create instance runner')">
       <template #description>

app/assets/javascripts/ci/runner/components/runner_create_wizard.vue

@@ -1,10 +1,20 @@
 <script>
+import { RUNNER_TYPES } from '../constants';
 import RequiredFields from './runner_create_wizard_required_fields.vue';
+import OptionalFields from './runner_create_wizard_optional_fields.vue';
 
 export default {
   name: 'RunnerCreateWizard',
   components: {
     RequiredFields,
+    OptionalFields,
+  },
+  props: {
+    runnerType: {
+      type: String,
+      required: true,
+      validator: (t) => RUNNER_TYPES.includes(t),
+    },
   },
   data() {
     return {
@@ -17,6 +27,9 @@ export default {
     onNext() {
       this.currentStep += 1;
     },
+    onBack() {
+      this.currentStep -= 1;
+    },
     onRequiredFieldsUpdate(requiredFields) {
       this.tags = requiredFields.tags;
       this.runUntagged = requiredFields.runUntagged;
@@ -30,7 +43,19 @@ export default {
     v-if="currentStep === 1"
     :current-step="currentStep"
     :steps-total="$options.stepsTotal"
+    :is-run-untagged="runUntagged"
+    :tag-list="tags"
     @next="onNext"
     @onRequiredFieldsUpdate="onRequiredFieldsUpdate"
   />
+  <optional-fields
+    v-else-if="currentStep === 2"
+    :current-step="currentStep"
+    :steps-total="$options.stepsTotal"
+    :tags="tags"
+    :run-untagged="runUntagged"
+    :runner-type="runnerType"
+    @next="onNext"
+    @back="onBack"
+  />
 </template>

app/assets/javascripts/ci/runner/components/runner_create_wizard_optional_fields.vue

@@ -0,0 +1,169 @@
+<script>
+import { GlForm, GlButton, GlFormGroup, GlFormInput, GlFormTextarea } from '@gitlab/ui';
+import MultiStepFormTemplate from '~/vue_shared/components/multi_step_form_template.vue';
+import MultipleChoiceSelector from '~/vue_shared/components/multiple_choice_selector.vue';
+import MultipleChoiceSelectorItem from '~/vue_shared/components/multiple_choice_selector_item.vue';
+import {
+  DEFAULT_ACCESS_LEVEL,
+  ACCESS_LEVEL_NOT_PROTECTED,
+  ACCESS_LEVEL_REF_PROTECTED,
+} from '../constants';
+
+export default {
+  components: {
+    GlForm,
+    GlButton,
+    GlFormGroup,
+    GlFormInput,
+    GlFormTextarea,
+    MultiStepFormTemplate,
+    MultipleChoiceSelector,
+    MultipleChoiceSelectorItem,
+  },
+  props: {
+    currentStep: {
+      type: Number,
+      required: true,
+    },
+    stepsTotal: {
+      type: Number,
+      required: true,
+    },
+    tags: {
+      type: String,
+      required: true,
+    },
+    runUntagged: {
+      type: Boolean,
+      required: true,
+    },
+    runnerType: {
+      type: String,
+      required: true,
+    },
+  },
+  data() {
+    return {
+      runner: {
+        runnerType: this.runnerType,
+        description: '',
+        maintenanceNote: '',
+        paused: false,
+        accessLevel: DEFAULT_ACCESS_LEVEL,
+        runUntagged: this.runUntagged,
+        locked: false,
+        tagList: this.tags,
+        maximumTimeout: '',
+      },
+    };
+  },
+  methods: {
+    onCheckboxesInput(checked) {
+      if (checked.includes(ACCESS_LEVEL_REF_PROTECTED))
+        this.runner.accessLevel = ACCESS_LEVEL_REF_PROTECTED;
+      else this.runner.accessLevel = ACCESS_LEVEL_NOT_PROTECTED;
+
+      this.runner.paused = checked.includes('paused');
+    },
+  },
+  ACCESS_LEVEL_REF_PROTECTED,
+};
+</script>
+<template>
+  <gl-form>
+    <multi-step-form-template
+      :title="s__('Runners|Optional configuration details')"
+      :current-step="currentStep"
+      :steps-total="stepsTotal"
+    >
+      <template #form>
+        <multiple-choice-selector class="gl-mb-5" @input="onCheckboxesInput">
+          <multiple-choice-selector-item
+            :value="ACCESS_LEVEL_REF_PROTECTED"
+            :title="s__('Runners|Protected')"
+            :description="s__('Runners|Use the runner on pipelines for protected branches only.')"
+          />
+          <multiple-choice-selector-item
+            value="paused"
+            :title="s__('Runners|Paused')"
+            :description="s__('Runners|Stop the runner from accepting new jobs.')"
+          />
+        </multiple-choice-selector>
+
+        <gl-form-group
+          label-for="runner-description"
+          :label="s__('Runners|Runner description')"
+          :optional="true"
+        >
+          <gl-form-input
+            id="runner-description"
+            v-model="runner.description"
+            name="description"
+            data-testid="runner-description-input"
+          />
+        </gl-form-group>
+
+        <gl-form-group
+          label-for="runner-maintenance-note"
+          :label="s__('Runners|Maintenance note')"
+          :label-description="
+            s__('Runners|Add notes such as the runner owner or what it should be used for.')
+          "
+          :optional="true"
+          :description="s__('Runners|Only administrators can view this.')"
+        >
+          <gl-form-textarea
+            id="runner-maintenance-note"
+            v-model="runner.maintenanceNote"
+            name="maintenance-note"
+            data-testid="runner-maintenance-note"
+          />
+        </gl-form-group>
+
+        <gl-form-group
+          label-for="max-timeout"
+          :label="s__('Runners|Maximum job timeout')"
+          :label-description="
+            s__(
+              'Runners|Maximum amount of time the runner can run before it terminates. If a project has a shorter job timeout period, the job timeout period of the instance runner is used instead.',
+            )
+          "
+          :optional="true"
+          :description="
+            s__('Runners|Enter the job timeout in seconds. Must be a minimum of 600 seconds.')
+          "
+        >
+          <gl-form-input
+            id="max-timeout"
+            v-model="runner.maximumTimeout"
+            name="max-timeout"
+            type="number"
+            data-testid="max-timeout-input"
+          />
+        </gl-form-group>
+      </template>
+      <template #next>
+        <!-- [Next step] button will be un-disabled in https://gitlab.com/gitlab-org/gitlab/-/issues/396544 -->
+        <gl-button
+          category="primary"
+          variant="confirm"
+          :disabled="true"
+          type="submit"
+          data-testid="next-button"
+        >
+          {{ __('Next step') }}
+        </gl-button>
+      </template>
+      <template #back>
+        <gl-button
+          category="primary"
+          variant="default"
+          data-testid="back-button"
+          @click="$emit('back')"
+        >
+          {{ __('Go back') }}
+        </gl-button>
+      </template>
+    </multi-step-form-template>
+  </gl-form>
+</template>

app/assets/javascripts/ci/runner/components/runner_create_wizard_required_fields.vue

@@ -26,15 +26,27 @@ export default {
       type: Number,
       required: true,
     },
+    isRunUntagged: {
+      type: Boolean,
+      required: true,
+    },
+    tagList: {
+      type: String,
+      required: true,
+    },
   },
   data() {
     return {
-      runUntagged: false,
-      tags: '',
+      runUntagged: this.isRunUntagged,
+      tags: this.tagList,
       isValidationAlertVisible: false,
     };
   },
-  computed: {},
+  computed: {
+    runUntaggedSelectorDefaultSelection() {
+      return this.runUntagged ? ['untagged'] : [];
+    },
+  },
   methods: {
     onNext() {
       if (this.runUntagged || this.tags !== '') {
@@ -106,7 +118,11 @@ export default {
         />
       </gl-form-group>
 
-      <multiple-choice-selector data-testid="runner-untagged-checkbox" @input="onUntaggedInput">
+      <multiple-choice-selector
+        data-testid="runner-untagged-checkbox"
+        :checked="runUntaggedSelectorDefaultSelection"
+        @input="onUntaggedInput"
+      >
         <multiple-choice-selector-item
           value="untagged"
           :title="__('Run untagged jobs')"

app/assets/javascripts/network/branch_graph.js

@@ -340,7 +340,7 @@ export default class BranchGraph {
       r.path(['M', x + 5, y, 'L', x + 15, y + 4, 'L', x + 15, y - 4, 'Z']).attr({
         fill: '#000',
         'fill-opacity': 0.5,
-        stroke: 'none',
+        stroke: '#FFF',
       });
       // Displayed in the center
       return this.element.scrollTop(y - this.graphHeight / 2);

app/components/rapid_diffs/app_component.html.haml

@@ -11,8 +11,8 @@
             streamRequest: fetch('#{Gitlab::UrlSanitizer.sanitize(@stream_url)}', { signal: controller.signal })
           }
 
-.rd-app{ data: { rapid_diffs: true, app_data: app_data.to_json } }
-  .rd-app-header
+%article.rd-app{ aria: { label: root_label }, data: { rapid_diffs: true, app_data: app_data.to_json } }
+  %header.rd-app-header{ aria: { label: header_label } }
     .rd-app-file-browser-toggle
       %div{ data: { file_browser_toggle: true } }
     .rd-app-settings
@@ -21,7 +21,8 @@
     .rd-app-sidebar{ data: { file_browser: true }, style: sidebar_style }
       .rd-app-sidebar-loading{ data: { testid: 'rd-file-browser-loading' } }
         = helpers.gl_loading_icon(size: 'sm')
-    .rd-app-content
+    -# using label produces better results in VoiceOver than labelledby + hidden h2
+    %section.rd-app-content{ aria: { label: content_label } }
       .rd-app-content-header{ data: { hidden_files_warning: true } }
       - if empty_diff? && !@lazy
         = render RapidDiffs::EmptyStateComponent.new

app/components/rapid_diffs/app_component.rb

@@ -65,5 +65,17 @@ module RapidDiffs
       styles << "display: none;" unless browser_visible?
       styles.join(' ')
     end
+
+    def root_label
+      s_('RapidDiffs|Changes view')
+    end
+
+    def header_label
+      s_('RapidDiffs|View controls')
+    end
+
+    def content_label
+      s_('RapidDiffs|Diff files')
+    end
   end
 end

app/components/rapid_diffs/diff_file_component.html.haml

@@ -1,7 +1,7 @@
 -# TODO: add fork suggestion (commits only)
 
 %diff-file.rd-diff-file-component{ id: id, data: {  testid: 'rd-diff-file', file_data: file_data.to_json } }
-  .rd-diff-file{ data: { virtual: virtual? }, style: ("--total-rows: #{total_rows}" if virtual?) }
+  %article.rd-diff-file{ data: { virtual: virtual? }, style: ("--total-rows: #{total_rows}" if virtual?), aria: { labelledby: heading_id } }
     = header || default_header
     -# extra wrapper needed so content-visibility: hidden doesn't require removing border or other styles
     %div{ data: { file_body: '' } }

app/components/rapid_diffs/diff_file_component.rb

@@ -3,6 +3,7 @@
 module RapidDiffs
   class DiffFileComponent < ViewComponent::Base
     include TreeHelper
+    include DiffHelper
 
     renders_one :header
 
@@ -59,5 +60,9 @@ module RapidDiffs
     def virtual?
       total_rows > 0
     end
+
+    def heading_id
+      file_heading_id(@diff_file)
+    end
   end
 end

app/components/rapid_diffs/diff_file_header_component.html.haml

@@ -11,7 +11,7 @@
 -#  * toggle file comments
 -#  * submodule compare
 
-.rd-diff-file-header{ data: { testid: 'rd-diff-file-header' } }
+%header.rd-diff-file-header{ data: { testid: 'rd-diff-file-header' }, aria: { label: root_label } }
   .rd-diff-file-toggle<
     = render Pajamas::ButtonComponent.new(category: :tertiary, size: :small, icon: 'chevron-down', button_options: { class: 'rd-diff-file-toggle-button', data: { opened: '', click: 'toggleFile' }, aria: { label: _('Hide file contents'), expanded: 'true' } })
     = render Pajamas::ButtonComponent.new(category: :tertiary, size: :small, icon: 'chevron-right', button_options: { class: 'rd-diff-file-toggle-button', data: { closed: '', click: 'toggleFile' }, aria: { label: _('Show file contents'), expanded: 'false' } })
@@ -19,19 +19,19 @@
     - if @diff_file.submodule?
       %span{ data: { testid: 'rd-diff-file-header-submodule' } }
         = helpers.sprite_icon('folder-git', file_icon: true)
-        %h2.rd-diff-file-title
+        %h2.rd-diff-file-title{ id: heading_id }
           = helpers.submodule_link(@diff_file.blob, @diff_file.content_sha, @diff_file.repository)
       = copy_path_button
     - else
       -# TODO: add icons for file types
       - if @diff_file.renamed_file?
         - old_path, new_path = helpers.mark_inline_diffs(@diff_file.old_path, @diff_file.new_path)
-        %h2.rd-diff-file-title{ aria: { label: moved_title_label } }
+        %h2.rd-diff-file-title{ id: heading_id, aria: { label: moved_title_label } }
           = old_path
           %span.rd-diff-file-moved →
           = new_path
       - else
-        %h2.rd-diff-file-title
+        %h2.rd-diff-file-title{ id: heading_id }
           = @diff_file.file_path
         - if @diff_file.deleted_file?
           = _("deleted")

app/components/rapid_diffs/diff_file_header_component.rb

@@ -3,6 +3,7 @@
 module RapidDiffs
   class DiffFileHeaderComponent < ViewComponent::Base
     include ButtonHelper
+    include DiffHelper
 
     def initialize(diff_file:, additional_menu_items: [])
       @diff_file = diff_file
@@ -38,6 +39,14 @@ module RapidDiffs
       [*base_items, *@additional_menu_items].sort_by { |item| item[:position] || Float::INFINITY }
     end
 
+    def heading_id
+      file_heading_id(@diff_file)
+    end
+
+    def root_label
+      s_('RapidDiffs|Diff file controls')
+    end
+
     def moved_title_label
       helpers.safe_format(
         s_('RapidDiffs|File moved from %{old} to %{new}'),

app/graphql/resolvers/concerns/issues/sort_arguments.rb

@@ -3,12 +3,7 @@
 module Issues
   module SortArguments
     extend ActiveSupport::Concern
-
-    NON_STABLE_CURSOR_SORTS = %i[priority_asc priority_desc
-      popularity_asc popularity_desc
-      label_priority_asc label_priority_desc
-      milestone_due_asc milestone_due_desc
-      escalation_status_asc escalation_status_desc].freeze
+    include ::WorkItems::NonStableCursorSortOptions
 
     included do
       argument :sort, Types::IssueSortEnum,
@@ -16,11 +11,5 @@ module Issues
         required: false,
         default_value: :created_desc
     end
-
-    private
-
-    def non_stable_cursor_sort?(sort)
-      NON_STABLE_CURSOR_SORTS.include?(sort)
-    end
   end
 end

app/graphql/resolvers/concerns/work_items/non_stable_cursor_sort_options.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module WorkItems
+  module NonStableCursorSortOptions
+    extend ActiveSupport::Concern
+
+    NON_STABLE_CURSOR_SORTS = %i[priority_asc priority_desc
+      popularity_asc popularity_desc
+      label_priority_asc label_priority_desc
+      milestone_due_asc milestone_due_desc
+      escalation_status_asc escalation_status_desc].freeze
+
+    private
+
+    def non_stable_cursor_sort?(sort)
+      NON_STABLE_CURSOR_SORTS.include?(sort)
+    end
+  end
+end

app/graphql/resolvers/work_items_resolver.rb

@@ -5,6 +5,7 @@ module Resolvers
     prepend ::WorkItems::LookAheadPreloads
     include SearchArguments
     include ::WorkItems::SharedFilterArguments
+    include ::WorkItems::NonStableCursorSortOptions
 
     argument :iid,
       GraphQL::Types::String,
@@ -23,9 +24,17 @@ module Resolvers
 
       finder = choose_finder(args)
 
-      Gitlab::Graphql::Loaders::IssuableLoader
+      items = Gitlab::Graphql::Loaders::IssuableLoader
         .new(resource_parent, finder)
         .batching_find_all { |q| apply_lookahead(q) }
+
+      if non_stable_cursor_sort?(args[:sort])
+        # Certain complex sorts are not supported by the stable cursor pagination yet.
+        # In these cases, we use offset pagination, so we return the correct connection.
+        offset_pagination(items)
+      else
+        items
+      end
     end
 
     private

app/helpers/diff_helper.rb

@@ -301,6 +301,10 @@ module DiffHelper
     hide_whitespace? ? safe_params.except(:w) : safe_params.merge(w: 1)
   end
 
+  def file_heading_id(diff_file)
+    "#{diff_file.file_hash}-heading"
+  end
+
   private
 
   def cached_conflicts_with_types

db/docs/batched_background_migrations/backfill_lists_sharding_key.yml

@@ -5,4 +5,4 @@ feature_category: team_planning
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/186991
 milestone: '17.11'
 queued_migration_version: 20250404130722
-finalized_by: # version of the migration that finalized this BBM
+finalized_by: 20250519141223

db/docs/lists.yml

@@ -7,6 +7,8 @@ feature_categories:
 description: Configuration of a single list on an issue board
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/611dab2e522e5e59cf09cd459a31686e65616863
 milestone: '8.11'
-gitlab_schema: gitlab_main
-sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/514597
+gitlab_schema: gitlab_main_cell
+sharding_key:
+  group_id: namespaces
+  project_id: projects
 table_size: small

db/post_migrate/20250519141223_finalize_backfill_lists_sharding_key.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class FinalizeBackfillListsShardingKey < Gitlab::Database::Migration[2.3]
+  MIGRATION = 'BackfillListsShardingKey'
+
+  disable_ddl_transaction!
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+  milestone '18.1'
+
+  def up
+    ensure_batched_background_migration_is_finished(
+      job_class_name: MIGRATION,
+      table_name: :lists,
+      column_name: :id,
+      job_arguments: [],
+      finalize: true
+    )
+  end
+
+  def down
+    # no-op
+  end
+end

db/post_migrate/20250519141731_validate_lists_parent_not_null_constraint.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class ValidateListsParentNotNullConstraint < Gitlab::Database::Migration[2.3]
+  CONSTRAINT_NAME = 'check_6dadb82d36'
+
+  milestone '18.1'
+
+  def up
+    validate_multi_column_not_null_constraint :lists, :group_id, :project_id, constraint_name: CONSTRAINT_NAME
+  end
+
+  def down
+    # no-op
+  end
+end

db/post_migrate/20250519142209_validate_lists_project_id_foreign_key.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class ValidateListsProjectIdForeignKey < Gitlab::Database::Migration[2.3]
+  FK_NAME = 'fk_67f2498cc9'
+
+  milestone '18.1'
+
+  def up
+    validate_foreign_key :lists, :project_id, name: FK_NAME
+  end
+
+  def down
+    # no-op
+  end
+end

db/post_migrate/20250519142438_validate_lists_group_id_foreign_key.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class ValidateListsGroupIdForeignKey < Gitlab::Database::Migration[2.3]
+  FK_NAME = 'fk_f8b2e8680c'
+
+  milestone '18.1'
+
+  def up
+    validate_foreign_key :lists, :group_id, name: FK_NAME
+  end
+
+  def down
+    # no-op
+  end
+end

db/post_migrate/20250519142617_drop_lists_ensure_sharding_key_trigger.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class DropListsEnsureShardingKeyTrigger < Gitlab::Database::Migration[2.3]
+  include Gitlab::Database::SchemaHelpers
+
+  milestone '18.1'
+
+  LISTS_TABLE = 'lists'
+
+  TRIGGER_FUNCTION_NAME = 'ensure_lists_sharding_key'
+  TRIGGER_NAME = 'trigger_ensure_lists_sharding_key'
+
+  def up
+    drop_trigger(LISTS_TABLE, TRIGGER_NAME)
+    drop_function(TRIGGER_FUNCTION_NAME)
+  end
+
+  def down
+    create_trigger_function(TRIGGER_FUNCTION_NAME, replace: true) do
+      <<~SQL
+        IF NEW."project_id" IS NULL AND NEW."group_id" IS NULL THEN
+          SELECT "boards"."project_id", "boards"."group_id"
+          INTO NEW."project_id", NEW."group_id"
+          FROM "boards"
+          WHERE "boards"."id" = NEW."board_id";
+        END IF;
+        RETURN NEW;
+      SQL
+    end
+
+    create_trigger(
+      LISTS_TABLE, TRIGGER_NAME, TRIGGER_FUNCTION_NAME, fires: 'BEFORE INSERT OR UPDATE'
+    )
+  end
+end

db/schema_migrations/20250519141223

@@ -0,0 +1 @@
+b631b97071ce6a20b3b51b7b2a3917bc1e22e6e768025896c695be125b401250

db/schema_migrations/20250519141731

@@ -0,0 +1 @@
+5e65acab713ea3ce6032b8e444c83159186b36a8ee51bd64ed626381227eb3c7

db/schema_migrations/20250519142209

@@ -0,0 +1 @@
+ee521a41eb30252c23f8109c112a97826ed99d537f6eea01246290a0aaaa46b5

db/schema_migrations/20250519142438

@@ -0,0 +1 @@
+765360a35cec817296e118c8bc1427f01a0ac9df81039a9b3e7af3fa4dc17c2c

db/schema_migrations/20250519142617

@@ -0,0 +1 @@
+b93c25418e368f1db76cec0035e52a3b893de132f4b5a090db8cf8c0503ff13f

db/structure.sql

@@ -178,21 +178,6 @@ RETURN NULL;
 END
 $$;
 
-CREATE FUNCTION ensure_lists_sharding_key() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-BEGIN
-IF NEW."project_id" IS NULL AND NEW."group_id" IS NULL THEN
-  SELECT "boards"."project_id", "boards"."group_id"
-  INTO NEW."project_id", NEW."group_id"
-  FROM "boards"
-  WHERE "boards"."id" = NEW."board_id";
-END IF;
-RETURN NEW;
-
-END
-$$;
-
 CREATE TABLE namespaces (
     id bigint NOT NULL,
     name character varying NOT NULL,
@@ -16686,7 +16671,8 @@ CREATE TABLE lists (
     limit_metric character varying(20),
     iteration_id bigint,
     group_id bigint,
-    project_id bigint
+    project_id bigint,
+    CONSTRAINT check_6dadb82d36 CHECK ((num_nonnulls(group_id, project_id) = 1))
 );
 
 CREATE SEQUENCE lists_id_seq
@@ -29107,9 +29093,6 @@ ALTER TABLE ONLY instance_type_ci_runners
 ALTER TABLE ONLY project_type_ci_runners
     ADD CONSTRAINT check_619c71f3a2 UNIQUE (id);
 
-ALTER TABLE lists
-    ADD CONSTRAINT check_6dadb82d36 CHECK ((num_nonnulls(group_id, project_id) = 1)) NOT VALID;
-
 ALTER TABLE ONLY group_type_ci_runners
     ADD CONSTRAINT check_81b90172a6 UNIQUE (id);
 
@@ -41599,8 +41582,6 @@ CREATE TRIGGER trigger_efb9d354f05a BEFORE INSERT OR UPDATE ON incident_manageme
 
 CREATE TRIGGER trigger_eff80ead42ac BEFORE INSERT OR UPDATE ON ci_unit_test_failures FOR EACH ROW EXECUTE FUNCTION trigger_eff80ead42ac();
 
-CREATE TRIGGER trigger_ensure_lists_sharding_key BEFORE INSERT OR UPDATE ON lists FOR EACH ROW EXECUTE FUNCTION ensure_lists_sharding_key();
-
 CREATE TRIGGER trigger_f6c61cdddf31 BEFORE INSERT OR UPDATE ON ml_model_metadata FOR EACH ROW EXECUTE FUNCTION trigger_f6c61cdddf31();
 
 CREATE TRIGGER trigger_f6f59d8216b3 BEFORE INSERT OR UPDATE ON protected_environment_deploy_access_levels FOR EACH ROW EXECUTE FUNCTION trigger_f6f59d8216b3();
@@ -42595,7 +42576,7 @@ ALTER TABLE ONLY routes
     ADD CONSTRAINT fk_679ff8213d FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE NOT VALID;
 
 ALTER TABLE ONLY lists
-    ADD CONSTRAINT fk_67f2498cc9 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE NOT VALID;
+    ADD CONSTRAINT fk_67f2498cc9 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
 ALTER TABLE ONLY merge_requests_approval_rules_approver_groups
     ADD CONSTRAINT fk_67fa93ad4b FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
@@ -43870,7 +43851,7 @@ ALTER TABLE ONLY protected_tag_create_access_levels
     ADD CONSTRAINT fk_f7dfda8c51 FOREIGN KEY (protected_tag_id) REFERENCES protected_tags(id) ON DELETE CASCADE;
 
 ALTER TABLE ONLY lists
-    ADD CONSTRAINT fk_f8b2e8680c FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE NOT VALID;
+    ADD CONSTRAINT fk_f8b2e8680c FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
 
 ALTER TABLE ONLY project_requirement_compliance_statuses
     ADD CONSTRAINT fk_f9109a4712 FOREIGN KEY (compliance_framework_id) REFERENCES compliance_management_frameworks(id) ON DELETE CASCADE;

doc/administration/instance_limits.md

@@ -560,14 +560,14 @@ Instead of increasing the limit, restructure your CI/CD configuration by splitti
 
 {{< /alert >}}
 
-To modify this limit on your instance, run the following command in the GitLab Rails console:
+To modify this limit on your instance use the GitLab UI in the [Admin area](settings/continuous_integration.md#set-cicd-limits) or the [Plan Limits API](../api/plan_limits.md).
+
+You can also run the following command in the GitLab Rails console:
 
 ```ruby
 Plan.default.actual_limits.update!(pipeline_hierarchy_size: 500)
 ```
 
-You can also set this limit by using the GitLab UI in the [Admin area](settings/continuous_integration.md#set-cicd-limits).
-
 This limit is enabled on GitLab.com and cannot be changed.
 
 ### Number of CI/CD subscriptions to a project

doc/administration/redis/_index.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Configuring Redis for scaling
 ---

doc/administration/redis/replication_and_failover.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Redis replication and failover with the Linux package
 ---

doc/administration/redis/replication_and_failover_external.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Redis replication and failover providing your own instance
 ---

doc/administration/redis/standalone.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Standalone Redis using the Linux package
 ---

doc/administration/redis/troubleshooting.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Troubleshooting Redis
 ---

doc/administration/sidekiq/_index.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Configure an external Sidekiq instance
 ---

doc/administration/sidekiq/extra_sidekiq_processes.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Run multiple Sidekiq processes
 ---

doc/administration/sidekiq/processing_specific_job_classes.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Processing specific job classes
 ---

doc/administration/sidekiq/sidekiq_health_check.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Sidekiq health check
 ---

doc/administration/sidekiq/sidekiq_memory_killer.md

@@ -1,6 +1,6 @@
 ---
-stage: Systems
-group: Cloud Connector
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Reducing memory use
 ---

doc/administration/sidekiq/sidekiq_troubleshooting.md

@@ -1,6 +1,6 @@
 ---
-stage: GitLab Delivery
-group: Self Managed
+stage: Data access
+group: Durability
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 title: Troubleshooting Sidekiq
 ---

doc/api/graphql/reference/_index.md

@@ -46623,8 +46623,8 @@ Values for sorting work items.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="workitemsortblocking_items_asc"></a>`BLOCKING_ITEMS_ASC` | Blocking items count by ascending order. |
-| <a id="workitemsortblocking_items_desc"></a>`BLOCKING_ITEMS_DESC` | Blocking items count by descending order. |
+| <a id="workitemsortblocking_issues_asc"></a>`BLOCKING_ISSUES_ASC` | Blocking items count by ascending order. |
+| <a id="workitemsortblocking_issues_desc"></a>`BLOCKING_ISSUES_DESC` | Blocking items count by descending order. |
 | <a id="workitemsortclosed_at_asc"></a>`CLOSED_AT_ASC` {{< icon name="warning-solid" >}} | **Introduced** in GitLab 17.10. **Status**: Experiment. Closed time by ascending order. |
 | <a id="workitemsortclosed_at_desc"></a>`CLOSED_AT_DESC` {{< icon name="warning-solid" >}} | **Introduced** in GitLab 17.10. **Status**: Experiment. Closed time by descending order. |
 | <a id="workitemsortcreated_asc"></a>`CREATED_ASC` | Created at ascending order. |

doc/api/plan_limits.md

@@ -59,6 +59,7 @@ Example response:
   "maven_max_file_size": 3221225472,
   "npm_max_file_size": 524288000,
   "nuget_max_file_size": 524288000,
+  "pipeline_hierarchy_size": 1000,
   "pypi_max_file_size": 3221225472,
   "terraform_module_max_file_size": 1073741824,
   "storage_size_limit": 15000
@@ -94,6 +95,7 @@ PUT /application/plan_limits
 | `notification_limit`              | integer | no       | Maximum storage size for root namespace limit notifications in MiB. |
 | `npm_max_file_size`               | integer | no       | Maximum NPM package file size in bytes. |
 | `nuget_max_file_size`             | integer | no       | Maximum NuGet package file size in bytes. |
+| `pipeline_hierarchy_size`         | integer | no       | Maximum number of downstream pipelines in a pipeline's hierarchy tree. Default value: `1000`. Values greater than 1000 are [not recommended](../administration/instance_limits.md#limit-pipeline-hierarchy-size). |
 | `pypi_max_file_size`              | integer | no       | Maximum PyPI package file size in bytes. |
 | `terraform_module_max_file_size`  | integer | no       | Maximum Terraform Module package file size in bytes. |
 | `storage_size_limit`              | integer | no       | Maximum storage size for the root namespace in MiB. |
@@ -122,6 +124,7 @@ Example response:
   "maven_max_file_size": 3221225472,
   "npm_max_file_size": 524288000,
   "nuget_max_file_size": 524288000,
+  "pipeline_hierarchy_size": 1000,
   "pypi_max_file_size": 3221225472,
   "terraform_module_max_file_size": 1073741824
 }

doc/development/compromised_password_detection.md

@@ -0,0 +1,20 @@
+---
+stage: Software Supply Chain Security
+group: Authentication
+info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review.
+title: Compromised password detection development
+---
+
+For information on this feature that are not development-specific, see the [feature documentation](../security/compromised_password_detection.md).
+
+## CloudFlare
+
+The CloudFlare [leaked credentials detection](https://developers.cloudflare.com/waf/detections/leaked-credentials/) feature can detect when a request contains compromised credentials, and passes information to the application in the `Exposed-Credential-Check` header through a [managed transform](https://developers.cloudflare.com/rules/transform/managed-transforms/reference/#add-leaked-credentials-checks-header).
+
+GitLab team members can find the CloudFlare Terraform configuration in the GitLab.com infrastructure configuration management repository: `https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt`
+
+## Additional resources
+
+<!-- markdownlint-disable MD044 -->
+The [Authentication group](https://handbook.gitlab.com/handbook/engineering/development/sec/software-supply-chain-security/authentication/) owns the compromised password detection feature. GitLab team members can join their channel on Slack: [#g_sscs_authentication](https://gitlab.slack.com/archives/CLM1D8QR0).
+<!-- markdownlint-enable MD044 -->

doc/security/compromised_password_detection.md

@@ -0,0 +1,25 @@
+---
+stage: Software Supply Chain Security
+group: Authentication
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+title: Compromised password detection
+---
+
+{{< details >}}
+
+- Tier: Free, Premium, Ultimate
+- Offering: GitLab.com
+
+{{< /details >}}
+
+{{< history >}}
+
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/188723) in GitLab 18.0 [with a flag](../administration/feature_flags.md) named `notify_compromised_passwords`. Disabled by default.
+
+{{< /history >}}
+
+GitLab can notify you if your GitLab.com credentials are compromised as part of a data breach on another service or platform. GitLab credentials are encrypted and GitLab itself does not have direct access to them.
+
+When a compromised credential is detected, GitLab displays a security banner and sends an email alert that includes instructions on how to change your password and strengthen your account security.
+
+Compromised password detection is unavailable when authenticating [with an external provider](../administration/auth/_index.md), or if your account is already [locked](unlock_user.md).

locale/gitlab.pot

@@ -50090,6 +50090,15 @@ msgstr[1] ""
 msgid "RapidDiffs|Added line %d"
 msgstr ""
 
+msgid "RapidDiffs|Changes view"
+msgstr ""
+
+msgid "RapidDiffs|Diff file controls"
+msgstr ""
+
+msgid "RapidDiffs|Diff files"
+msgstr ""
+
 msgid "RapidDiffs|Diff line"
 msgstr ""
 
@@ -50131,6 +50140,9 @@ msgstr ""
 msgid "RapidDiffs|Show options"
 msgstr ""
 
+msgid "RapidDiffs|View controls"
+msgstr ""
+
 msgid "Rate Limits"
 msgstr ""
 
@@ -52545,6 +52557,9 @@ msgstr ""
 msgid "Runners|Operating systems"
 msgstr ""
 
+msgid "Runners|Optional configuration details"
+msgstr ""
+
 msgid "Runners|Other projects"
 msgstr ""
 
@@ -55549,6 +55564,9 @@ msgstr ""
 msgid "SecurityOrchestration|Project cannot be deleted because it is linked as a security policy project"
 msgstr ""
 
+msgid "SecurityOrchestration|Reason for snoozing policy (optional)"
+msgstr ""
+
 msgid "SecurityOrchestration|Require %{approvals} %{plural} from %{approvers}"
 msgstr ""
 
@@ -55657,6 +55675,9 @@ msgstr ""
 msgid "SecurityOrchestration|Select a variable"
 msgstr ""
 
+msgid "SecurityOrchestration|Select date"
+msgstr ""
+
 msgid "SecurityOrchestration|Select days"
 msgstr ""
 
@@ -55705,6 +55726,12 @@ msgstr ""
 msgid "SecurityOrchestration|Show only linked security policy projects"
 msgstr ""
 
+msgid "SecurityOrchestration|Snooze policy"
+msgstr ""
+
+msgid "SecurityOrchestration|Snooze the policy until %{until} because %{reason}"
+msgstr ""
+
 msgid "SecurityOrchestration|Some settings may be affected by policy %{policyName} based on its rules."
 msgstr ""
 

package.json

@@ -131,7 +131,7 @@
     "canvas-confetti": "^1.4.0",
     "clipboard": "^2.0.8",
     "colord": "^2.9.3",
-    "commander": "^13.1.0",
+    "commander": "^14.0.0",
     "compression-webpack-plugin": "^5.0.2",
     "copy-webpack-plugin": "^6.4.1",
     "core-js": "^3.41.0",

qa/Gemfile

@@ -23,7 +23,7 @@ gem 'rainbow', '~> 3.1.1'
 gem 'rspec-parameterized', '~> 1.0.2'
 gem 'octokit', '~> 9.2.0', require: false
 gem "faraday-retry", "~> 2.3", ">= 2.3.1"
-gem 'zeitwerk', '~> 2.7', '>= 2.7.2'
+gem 'zeitwerk', '~> 2.7', '>= 2.7.3'
 gem 'influxdb-client', '~> 3.2'
 gem 'terminal-table', '~> 4.0.0', require: false
 gem 'slack-notifier', '~> 2.4', require: false

qa/Gemfile.lock

@@ -363,7 +363,7 @@ GEM
     wisper (2.0.1)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   ruby
@@ -404,7 +404,7 @@ DEPENDENCIES
   slack-notifier (~> 2.4)
   terminal-table (~> 4.0.0)
   warning (~> 1.5)
-  zeitwerk (~> 2.7, >= 2.7.2)
+  zeitwerk (~> 2.7, >= 2.7.3)
 
 BUNDLED WITH
    2.6.5

spec/frontend/ci/runner/components/runner_create_wizard_optional_fields_spec.js

@@ -0,0 +1,50 @@
+import MultiStepFormTemplate from '~/vue_shared/components/multi_step_form_template.vue';
+import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import RunnerCreateWizardOptionalFields from '~/ci/runner/components/runner_create_wizard_optional_fields.vue';
+
+describe('Create Runner Optional Fields', () => {
+  let wrapper;
+
+  const createComponent = () => {
+    wrapper = shallowMountExtended(RunnerCreateWizardOptionalFields, {
+      propsData: {
+        currentStep: 2,
+        stepsTotal: 3,
+      },
+    });
+  };
+
+  beforeEach(() => {
+    createComponent();
+  });
+
+  const findMultiStepFormTemplate = () => wrapper.findComponent(MultiStepFormTemplate);
+  const findNextButton = () => wrapper.findByTestId('next-button');
+  const findBackButton = () => wrapper.findByTestId('back-button');
+
+  describe('form', () => {
+    it('passes the correct props to MultiStepFormTemplate', () => {
+      expect(findMultiStepFormTemplate().props()).toMatchObject({
+        title: 'Optional configuration details',
+        currentStep: 2,
+        stepsTotal: 3,
+      });
+    });
+  });
+
+  it('renders the Next step button', () => {
+    expect(findNextButton().text()).toBe('Next step');
+    expect(findNextButton().props('disabled')).toBe(true);
+  });
+
+  describe('back button', () => {
+    it('renders the Go back button', () => {
+      expect(findBackButton().text()).toBe('Go back');
+    });
+
+    it(`emits the "back" event when the back button is clicked`, () => {
+      findBackButton().vm.$emit('click');
+      expect(wrapper.emitted('back')).toHaveLength(1);
+    });
+  });
+});

spec/frontend/ci/runner/components/runner_create_wizard_required_fields_spec.js

@@ -12,6 +12,8 @@ describe('Create Runner Required Fields', () => {
       propsData: {
         currentStep: 1,
         stepsTotal: 3,
+        isRunUntagged: false,
+        tagList: '',
       },
       stubs: {
         GlFormInput,

spec/helpers/diff_helper_spec.rb

@@ -858,4 +858,10 @@ RSpec.describe DiffHelper, feature_category: :code_review_workflow do
       end
     end
   end
+
+  describe "#file_heading_id" do
+    subject { helper.file_heading_id(diff_file) }
+
+    it { is_expected.to eq("#{diff_file.file_hash}-heading") }
+  end
 end

spec/requests/api/graphql/project/work_items_spec.rb

@@ -7,11 +7,14 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team
 
   let_it_be(:label1) { create(:label, project: project) }
   let_it_be(:label2) { create(:label, project: project) }
-  let_it_be(:milestone1) { create(:milestone, project: project) }
-  let_it_be(:milestone2) { create(:milestone, project: project) }
+  let_it_be(:milestone1) { create(:milestone, project: project, due_date: 5.days.ago) }
+  let_it_be(:milestone2) { create(:milestone, project: project, due_date: 3.days.from_now) }
 
   let_it_be_with_reload(:item1) do
-    create(:work_item, project: project, discussion_locked: true, title: 'item1', labels: [label1])
+    create(
+      :work_item, project: project, discussion_locked: true,
+      title: 'item1', milestone: milestone2, labels: [label1]
+    )
   end
 
   let_it_be_with_reload(:item2) do
@@ -376,6 +379,14 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team
         let(:all_records) { [confidential_item, item2, item1].map { |item| item.to_global_id.to_s } }
       end
     end
+
+    context 'when sorting by MILESTONE_DUE_ASC' do
+      it_behaves_like 'sorted paginated query' do
+        let(:sort_param) { :MILESTONE_DUE_ASC }
+        let(:first_param) { 2 }
+        let(:all_records) { [item2, item1, confidential_item].map { |item| item.to_global_id.to_s } }
+      end
+    end
   end
 
   context 'when fetching work item notifications widget' do

spec/services/boards/lists/list_service_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe Boards::Lists::ListService, feature_category: :portfolio_manageme
       let_it_be(:milestone) { create(:milestone, group: group) }
       let_it_be(:assignee_list) do
         list = build(:list, board: board, user_id: user.id, list_type: List.list_types[:assignee], position: 0)
+        list.send(:ensure_group_or_project) # Necessary as this is called on a before_validation callback
         list.save!(validate: false)
         list
       end
@@ -20,6 +21,7 @@ RSpec.describe Boards::Lists::ListService, feature_category: :portfolio_manageme
       let_it_be(:milestone_list) do
         list = build(:list, board: board, milestone_id: milestone.id, list_type: List.list_types[:milestone],
           position: 1)
+        list.send(:ensure_group_or_project) # Necessary as this is called on a before_validation callback
         list.save!(validate: false)
         list
       end

yarn.lock

@@ -5452,6 +5452,11 @@ commander@^13.1.0:
   resolved "https://registry.yarnpkg.com/commander/-/commander-13.1.0.tgz#776167db68c78f38dcce1f9b8d7b8b9a488abf46"
   integrity sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==
 
+commander@^14.0.0:
+  version "14.0.0"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-14.0.0.tgz#f244fc74a92343514e56229f16ef5c5e22ced5e9"
+  integrity sha512-2uM9rYjPvyq39NwLRqaiLtWHyDC1FvryJDa2ATTVims5YAS4PupsEQsDvP14FqhFr0P49CYDugi59xaxJlTXRA==
+
 commander@^4.0.0:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/commander/-/commander-4.1.1.tgz#9fd602bd936294e9e9ef46a3f4d6964044b18068"