Add latest changes from gitlab-org/gitlab@master

.gitlab-ci.yml

@@ -111,3 +111,4 @@ include:
   - local: .gitlab/ci/dast.gitlab-ci.yml
   - local: .gitlab/ci/workhorse.gitlab-ci.yml
   - local: .gitlab/ci/graphql.gitlab-ci.yml
+  - local: .gitlab/ci/verify-lockfile.gitlab-ci.yml

.gitlab/ci/verify-lockfile.gitlab-ci.yml

@@ -0,0 +1,11 @@
+verify_lockfile:
+  stage: test
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2-git-2.29-lfs-2.9-node-12.18-yarn-1.22-graphicsmagick-1.3.34
+  needs: []
+  rules:
+    - changes:
+        - yarn.lock
+  script:
+    - npm config set @dappelt:registry https://gitlab.com/api/v4/projects/22564149/packages/npm/
+    - npx lockfile-lint@4.3.7 --path yarn.lock --allowed-hosts yarn --validate-https
+    - npx @dappelt/untamper-my-lockfile --lockfile yarn.lock

GITALY_SERVER_VERSION

@@ -1 +1 @@
-c89fdf6bb2dc9f652f5c724caf13d3bde76e9d90
+6a06feda7fd01961bb332afce4d7f7b4ce4a5aad

app/assets/javascripts/create_cluster/eks_cluster/components/service_credentials_form.vue

@@ -1,6 +1,6 @@
 <script>
 /* eslint-disable vue/no-v-html */
-import { GlButton, GlFormGroup, GlFormInput, GlIcon, GlLink, GlSprintf } from '@gitlab/ui';
+import { GlButton, GlFormGroup, GlFormInput, GlIcon, GlLink, GlSprintf, GlAlert } from '@gitlab/ui';
 import { escape } from 'lodash';
 import { mapState, mapActions } from 'vuex';
 import { DEFAULT_REGION } from '../constants';
@@ -16,6 +16,7 @@ export default {
     GlLink,
     GlSprintf,
     ClipboardButton,
+    GlAlert,
   },
   props: {
     accountAndExternalIdsHelpPath: {
@@ -105,9 +106,14 @@ export default {
         )
       }}
     </p>
-    <div v-if="createRoleError" class="js-invalid-credentials bs-callout bs-callout-danger">
+    <gl-alert
+      v-if="createRoleError"
+      class="js-invalid-credentials gl-mb-5"
+      variant="danger"
+      :dismissible="false"
+    >
       {{ createRoleError }}
-    </div>
+    </gl-alert>
     <div class="form-row">
       <div class="form-group col-md-6">
         <label for="gitlab-account-id">{{ __('Account ID') }}</label>

app/assets/javascripts/pages/groups/shared/group_details.js

@@ -8,6 +8,8 @@ import ProjectsList from '~/projects_list';
 import ShortcutsNavigation from '~/behaviors/shortcuts/shortcuts_navigation';
 import GroupTabs from './group_tabs';
 import initInviteMembersBanner from '~/groups/init_invite_members_banner';
+import initInviteMembersTrigger from '~/invite_members/init_invite_members_trigger';
+import initInviteMembersModal from '~/invite_members/init_invite_members_modal';
 
 export default function initGroupDetails(actionName = 'show') {
   const loadableActions = [ACTIVE_TAB_SHARED, ACTIVE_TAB_ARCHIVED];
@@ -24,4 +26,6 @@ export default function initGroupDetails(actionName = 'show') {
   new ProjectsList();
 
   initInviteMembersBanner();
+  initInviteMembersModal();
+  initInviteMembersTrigger();
 }

app/helpers/invite_members_helper.rb

@@ -3,10 +3,14 @@
 module InviteMembersHelper
   include Gitlab::Utils::StrongMemoize
 
-  def invite_members_allowed?(group)
+  def can_invite_members_for_group?(group)
     Feature.enabled?(:invite_members_group_modal, group) && can?(current_user, :admin_group_member, group)
   end
 
+  def can_invite_members_for_project?(project)
+    Feature.enabled?(:invite_members_group_modal, project.group) && can_import_members?
+  end
+
   def directly_invite_members?
     strong_memoize(:directly_invite_members) do
       experiment_enabled?(:invite_members_version_a) && can_import_members?
@@ -27,8 +31,8 @@ module InviteMembersHelper
     link_to invite_members_url(form_model),
             data: {
               'track-event': 'click_link',
-              'track-label': tracking_label(current_user),
-              'track-property': experiment_tracking_category_and_group(:invite_members_new_dropdown, subject: current_user)
+              'track-label': tracking_label,
+              'track-property': experiment_tracking_category_and_group(:invite_members_new_dropdown)
             } do
       invite_member_link_content
     end

app/models/ci/pipeline.rb

@@ -262,8 +262,6 @@ module Ci
       end
 
       after_transition any => any do |pipeline|
-        next unless Feature.enabled?(:jira_sync_builds, pipeline.project)
-
         pipeline.run_after_commit do
           # Passing the seq-id ensures this is idempotent
           seq_id = ::Atlassian::JiraConnect::Client.generate_update_sequence_id

app/models/deployment.rb

@@ -350,6 +350,13 @@ class Deployment < ApplicationRecord
     File.join(environment.ref_path, 'deployments', iid.to_s)
   end
 
+  def equal_to?(params)
+    ref == params[:ref] &&
+      tag == params[:tag] &&
+      sha == params[:sha] &&
+      status == params[:status]
+  end
+
   private
 
   def legacy_finished_at

app/services/deployments/create_service.rb

@@ -11,6 +11,8 @@ module Deployments
     end
 
     def execute
+      return last_deployment if last_deployment&.equal_to?(params)
+
       environment.deployments.build(deployment_attributes).tap do |deployment|
         # Deployment#change_status already saves the model, so we only need to
         # call #save ourselves if no status is provided.
@@ -36,5 +38,11 @@ module Deployments
         on_stop: params[:on_stop]
       }
     end
+
+    private
+
+    def last_deployment
+      @environment.last_deployment
+    end
   end
 end

app/views/groups/_invite_members_modal.html.haml

@@ -1,4 +1,4 @@
-- if invite_members_allowed?(group)
+- if can_invite_members_for_group?(group)
   .js-invite-members-modal{ data: { id: group.id,
     name: group.name,
     is_project: 'false',

app/views/groups/_invite_members_side_nav_link.html.haml

@@ -1,3 +0,0 @@
-- if invite_members_allowed?(group) && body_data_page == 'groups:show'
-  %li
-    .js-invite-members-trigger{ data: { icon: 'plus', display_text: _('Invite team members') } }

app/views/groups/group_members/index.html.haml

@@ -14,12 +14,12 @@
             = _('Group members')
           %p
             = html_escape(_('You can invite a new member to %{strong_start}%{group_name}%{strong_end}.')) % { group_name: @group.name, strong_start: '<strong>'.html_safe, strong_end: '</strong>'.html_safe }
-        - if invite_members_allowed?(@group)
+        - if can_invite_members_for_group?(@group)
           .gl-w-half.gl-xs-w-full
             .gl-display-flex.gl-flex-wrap.gl-lg-justify-content-end.gl-mx-n2.gl-mb-3
               .js-invite-members-trigger.gl-px-2.gl-sm-w-auto.gl-w-full.gl-mb-4{ data: { classes: 'btn btn-success gl-button gl-mt-3 gl-sm-w-auto gl-w-full', display_text: _('Invite members') } }
-          = render_if_exists 'groups/invite_members_modal', group: @group
-    - if can_manage_members && !invite_members_allowed?(@group)
+          = render 'groups/invite_members_modal', group: @group
+    - if can_manage_members && !can_invite_members_for_group?(@group)
       %hr.gl-mt-4
         %ul.nav-links.nav.nav-tabs.gitlab-tabs{ role: 'tablist' }
           %li.nav-tab{ role: 'presentation' }

app/views/groups/show.html.haml

@@ -16,6 +16,11 @@
 = content_for :meta_tags do
   = auto_discovery_link_tag(:atom, group_url(@group, rss_url_options), title: "#{@group.name} activity")
 
+= content_for :invite_members_sidebar do
+  - if can_invite_members_for_group?(@group)
+    %li
+      .js-invite-members-trigger{ data: { icon: 'plus', classes: 'gl-text-decoration-none! gl-shadow-none!', display_text: _('Invite team members') } }
+
 = render partial: 'flash_messages'
 
 = render_if_exists 'trials/banner', namespace: @group
@@ -26,7 +31,7 @@
 
 = render_if_exists 'groups/group_activity_analytics', group: @group
 
-= render_if_exists 'groups/invite_members_modal', group: @group
+= render 'groups/invite_members_modal', group: @group
 
 .groups-listing{ data: { endpoints: { default: group_children_path(@group, format: :json), shared: group_shared_projects_path(@group, format: :json) } } }
   .top-area.group-nav-container.justify-content-between

app/views/layouts/nav/sidebar/_group.html.haml

@@ -141,7 +141,7 @@
                 %strong.fly-out-top-item-name
                   = _('Members')
 
-      = render_if_exists 'groups/invite_members_side_nav_link', group: @group
+      = content_for :invite_members_sidebar
 
       - if group_sidebar_link?(:settings)
         = nav_link(path: group_settings_nav_link_paths) do

app/views/layouts/nav/sidebar/_project.html.haml

@@ -383,7 +383,7 @@
               %strong.fly-out-top-item-name
                 = _('Members')
 
-      = render_if_exists 'projects/invite_members_side_nav_link', project: @project
+      = content_for :invite_members_sidebar
 
       - if project_nav_tab? :settings
         = nav_link(path: sidebar_settings_paths) do

app/views/projects/_home_panel.html.haml

@@ -3,7 +3,7 @@
 - max_project_topic_length = 15
 - emails_disabled = @project.emails_disabled?
 
-= render_if_exists 'projects/invite_members_modal', project: @project
+= render 'projects/invite_members_modal', project: @project
 
 .project-home-panel.js-show-on-project-root.gl-my-5{ class: [("empty-project" if empty_repo)] }
   .row.gl-mb-3

app/views/projects/_invite_members_link.html.haml

@@ -0,0 +1,4 @@
+- return unless can_invite_members_for_project?(@project)
+
+%li
+  .js-invite-members-trigger{ data: { icon: 'plus', classes: 'gl-text-decoration-none! gl-shadow-none!', display_text: _('Invite team members') } }

app/views/projects/_invite_members_modal.html.haml

@@ -1,4 +1,4 @@
-- if invite_members_allowed?(project.group)
+- if can_invite_members_for_project?(project)
   .js-invite-members-modal{ data: { id: project.id,
     name: project.name,
     is_project: 'true',

app/views/projects/_invite_members_side_nav_link.html.haml

@@ -1,3 +0,0 @@
-- if invite_members_allowed?(project.group) && body_data_page == 'projects:show'
-  %li
-    .js-invite-members-trigger{ data: { icon: 'plus', display_text: _('Invite team members') } }

app/views/projects/empty.html.haml

@@ -2,6 +2,9 @@
 - default_branch_name = @project.default_branch || "master"
 - @skip_current_level_breadcrumb = true
 
+= content_for :invite_members_sidebar do
+  = render partial: 'projects/invite_members_link'
+
 = render partial: 'flash_messages', locals: { project: @project }
 
 = render "home_panel"

app/views/projects/no_repo.html.haml

@@ -12,7 +12,7 @@
   #{ _('This means you can not push code until you create an empty repository or import existing one.') }
 %hr
 
-= render_if_exists 'projects/invite_members_modal', project: @project
+= render 'projects/invite_members_modal', project: @project
 
 .no-repo-actions
   = link_to project_repository_path(@project), method: :post, class: 'btn btn-primary' do

app/views/projects/project_members/index.html.haml

@@ -4,7 +4,7 @@
 .js-remove-member-modal
 .row.gl-mt-3
   .col-lg-12
-    - if invite_members_allowed?(group)
+    - if can_invite_members_for_project?(@project)
       .row
         .col-md-12.col-lg-6.gl-display-flex
           .gl-flex-direction-column.gl-flex-wrap.align-items-baseline
@@ -19,7 +19,7 @@
         .col-md-12.col-lg-6
           .gl-display-flex.gl-flex-wrap.gl-lg-justify-content-end.gl-mx-n2.gl-mb-3
             .js-invite-members-trigger.gl-px-2.gl-sm-w-auto.gl-w-full.gl-mb-4{ data: { classes: 'btn btn-success gl-button gl-mt-3 gl-sm-w-auto gl-w-full', display_text: _('Invite members') } }
-        = render_if_exists 'projects/invite_members_modal', project: @project
+        = render 'projects/invite_members_modal', project: @project
 
     - else
       - if project_can_be_shared?
@@ -31,7 +31,7 @@
           %p
             = html_escape(_("Members can be added by project %{i_open}Maintainers%{i_close} or %{i_open}Owners%{i_close}")) % { i_open: '<i>'.html_safe, i_close: '</i>'.html_safe }
 
-    - if !invite_members_allowed?(group) && can_manage_project_members?(@project) && project_can_be_shared?
+    - if !can_invite_members_for_project?(@project) && can_manage_project_members?(@project) && project_can_be_shared?
       - if !membership_locked? && @project.allowed_to_share_with_group?
         %ul.nav-links.nav.nav-tabs.gitlab-tabs{ role: 'tablist' }
           %li.nav-tab{ role: 'presentation' }

app/views/projects/show.html.haml

@@ -6,6 +6,9 @@
 = content_for :meta_tags do
   = auto_discovery_link_tag(:atom, project_path(@project, rss_url_options), title: "#{@project.name} activity")
 
+= content_for :invite_members_sidebar do
+  = render partial: 'projects/invite_members_link'
+
 = render partial: 'flash_messages', locals: { project: @project }
 
 = render "projects/last_push"

app/views/shared/deploy_tokens/_table.html.haml

@@ -24,7 +24,7 @@
               - else
                 %span.token-never-expires-label= _('Never')
             %td= token.scopes.present? ? token.scopes.join(', ') : _('no scopes selected')
-            %td= link_to s_('DeployTokens|Revoke'), "#", class: "btn btn-danger float-right", data: { toggle: "modal", target: "#revoke-modal-#{token.id}"}
+            %td= link_to s_('DeployTokens|Revoke'), "#", class: "gl-button btn btn-danger float-right", data: { toggle: "modal", target: "#revoke-modal-#{token.id}"}
             = render 'shared/deploy_tokens/revoke_modal', token: token, group_or_project: group_or_project
 - else
   .settings-message.text-center

app/workers/jira_connect/sync_builds_worker.rb

@@ -14,7 +14,6 @@ module JiraConnect
       pipeline = Ci::Pipeline.find_by_id(pipeline_id)
 
       return unless pipeline
-      return unless Feature.enabled?(:jira_sync_builds, pipeline.project)
 
       ::JiraConnect::SyncService
         .new(pipeline.project)

changelogs/unreleased/239172-add-entity-columns-to-vulnerability-occurrences.yml

@@ -0,0 +1,5 @@
+---
+title: Add entity columns to vulnerability occurrences
+merge_request: 51739
+author:
+type: changed

changelogs/unreleased/294004-enable-jira-sync-builds.yml

@@ -0,0 +1,5 @@
+---
+title: Sync pipeline builds to Jira
+merge_request: 51627
+author:
+type: added

changelogs/unreleased/ApplyGitLabUIbuttonstylestobuttonsindeploytokens_table-html-haml.yml

@@ -0,0 +1,5 @@
+---
+title: Adds GitLabUI button styles in deploy tokens _table.html.haml
+merge_request: 51082
+author: nuwe1
+type: other

changelogs/unreleased/zj-no-duplicate-deployments.yml

@@ -0,0 +1,5 @@
+---
+title: Deployments::CreateService executions are idempotent for duplicate params
+merge_request: 47610
+author:
+type: added

config/feature_flags/development/jira_sync_builds.yml

@@ -1,8 +0,0 @@
----
-name: jira_sync_builds
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49348
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292013
-milestone: '13.7'
-type: development
-group: group::ecosystem
-default_enabled: false

config/feature_flags/experiment/invite_members_new_dropdown_experiment_percentage.yml

@@ -1,7 +1,7 @@
 ---
 name: invite_members_new_dropdown_experiment_percentage
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50069
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/268129
+rollout_issue_url: https://gitlab.com/gitlab-org/growth/team-tasks/-/issues/291
 milestone: '13.8'
 type: experiment
 group: group::expansion

db/migrate/20210105153342_add_entity_columns_to_vulnerability_occurrences.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class AddEntityColumnsToVulnerabilityOccurrences < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  # rubocop:disable Migration/AddLimitToTextColumns
+  # limit is added in 20200501000002_add_text_limit_to_sprints_extended_title
+  def change
+    add_column :vulnerability_occurrences, :description, :text
+    add_column :vulnerability_occurrences, :message, :text
+    add_column :vulnerability_occurrences, :solution, :text
+    add_column :vulnerability_occurrences, :cve, :text
+    add_column :vulnerability_occurrences, :location, :jsonb
+  end
+  # rubocop:enable Migration/AddLimitToTextColumns
+end

db/migrate/20210105154321_add_text_limit_to_vulnerability_occurrences_entity_columns.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class AddTextLimitToVulnerabilityOccurrencesEntityColumns < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :vulnerability_occurrences, :description, 15000
+    add_text_limit :vulnerability_occurrences, :message, 3000
+    add_text_limit :vulnerability_occurrences, :solution, 7000
+    add_text_limit :vulnerability_occurrences, :cve, 48400
+  end
+
+  def down
+    remove_text_limit :vulnerability_occurrences, :description
+    remove_text_limit :vulnerability_occurrences, :message
+    remove_text_limit :vulnerability_occurrences, :solution
+    remove_text_limit :vulnerability_occurrences, :cve
+  end
+end

db/schema_migrations/20210105153342

@@ -0,0 +1 @@
+7a252c5d76c1e71421c3aa3e01584cdeeec6a5002ba6ef0824674c64f92e2764

db/schema_migrations/20210105154321

@@ -0,0 +1 @@
+9327676097c49bb1a221d79dd351ad8c57a434f19e32f49951c0d6d655c2fa4e

db/structure.sql

@@ -18009,7 +18009,16 @@ CREATE TABLE vulnerability_occurrences (
     metadata_version character varying NOT NULL,
     raw_metadata text NOT NULL,
     vulnerability_id bigint,
-    details jsonb DEFAULT '{}'::jsonb NOT NULL
+    details jsonb DEFAULT '{}'::jsonb NOT NULL,
+    description text,
+    message text,
+    solution text,
+    cve text,
+    location jsonb,
+    CONSTRAINT check_4a3a60f2ba CHECK ((char_length(solution) <= 7000)),
+    CONSTRAINT check_ade261da6b CHECK ((char_length(description) <= 15000)),
+    CONSTRAINT check_df6dd20219 CHECK ((char_length(message) <= 3000)),
+    CONSTRAINT check_f602da68dd CHECK ((char_length(cve) <= 48400))
 );
 
 CREATE SEQUENCE vulnerability_occurrences_id_seq

doc/api/merge_requests.md

@@ -884,6 +884,14 @@ Parameters:
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 4,
   "target_project_id": 4,
   "labels": [ ],
@@ -1252,6 +1260,14 @@ Must include at least one non-required attribute from above.
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 2,
   "target_project_id": 3,
   "labels": [
@@ -1429,6 +1445,14 @@ Parameters:
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 2,
   "target_project_id": 3,
   "labels": [
@@ -1609,6 +1633,14 @@ Parameters:
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 2,
   "target_project_id": 3,
   "labels": [
@@ -1902,6 +1934,14 @@ Example response:
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 2,
   "target_project_id": 3,
   "labels": [
@@ -2053,6 +2093,14 @@ Example response:
     "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
     "web_url": "https://gitlab.example.com/axel.block"
   }],
+  "reviewers": [{
+    "name": "Miss Monserrate Beier",
+    "username": "axel.block",
+    "id": 12,
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+    "web_url": "https://gitlab.example.com/axel.block"
+  }],
   "source_project_id": 2,
   "target_project_id": 3,
   "labels": [
@@ -2224,6 +2272,14 @@ Example response:
       "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
       "web_url": "https://gitlab.example.com/axel.block"
     }],
+    "reviewers": [{
+      "name": "Miss Monserrate Beier",
+      "username": "axel.block",
+      "id": 12,
+      "state": "active",
+      "avatar_url": "http://www.gravatar.com/avatar/46f6f7dc858ada7be1853f7fb96e81da?s=80&d=identicon",
+      "web_url": "https://gitlab.example.com/axel.block"
+    }],
     "source_project_id": 3,
     "target_project_id": 3,
     "labels": [],

doc/development/gemfile.md

@@ -18,3 +18,16 @@ dependencies and build times.
 ## License compliance
 
 Refer to [licensing guidelines](licensing.md) for ensuring license compliance.
+
+## Upgrade Rails
+
+When upgrading the Rails gem and its dependencies, you also should update the following:
+
+- The [Gemfile in the `qa` directory](https://gitlab.com/gitlab-org/gitlab/-/blob/master/qa/Gemfile).
+- The [Gemfile in Gitaly Ruby](https://gitlab.com/gitlab-org/gitaly/-/blob/master/ruby/Gemfile),
+  to ensure that we ship only one version of these gems.
+
+You should also update NPM packages that follow the current version of Rails:
+
+- `@rails/ujs`
+- `@rails/actioncable`

doc/development/testing_guide/best_practices.md

@@ -13,13 +13,13 @@ description: "GitLab development guidelines - testing best practices."
 Testing at GitLab is a first class citizen, not an afterthought. It's important we consider the design of our tests
 as we do the design of our features.
 
-When implementing a feature, we think about developing the right capabilities the right way, which helps us
+When implementing a feature, we think about developing the right capabilities the right way. This helps us
 narrow our scope to a manageable level. When implementing tests for a feature, we must think about developing
-the right tests, but then cover _all_ the important ways the test may fail, which can quickly widen our scope to
+the right tests, but then cover _all_ the important ways the test may fail. This can quickly widen our scope to
 a level that is difficult to manage.
 
 Test heuristics can help solve this problem. They concisely address many of the common ways bugs
-manifest themselves within our code. When designing our tests, take time to review known test heuristics to inform
+manifest themselves in our code. When designing our tests, take time to review known test heuristics to inform
 our test design. We can find some helpful heuristics documented in the Handbook in the
 [Test Engineering](https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-heuristics) section.
 
@@ -90,7 +90,7 @@ Obviously we should reduce test dependencies, and avoiding
 capabilities also reduces the amount of set-up needed.
 
 `:js` is particularly important to avoid. This must only be used if the feature
-test requires JavaScript reactivity in the browser, since using a headless
+test requires JavaScript reactivity in the browser. Using a headless
 browser is much slower than parsing the HTML response from the app.
 
 #### Optimize factory usage
@@ -108,8 +108,8 @@ To avoid creation, it is worth bearing in mind that:
 
 - `instance_double` and `spy` are faster than `FactoryBot.build(...)`.
 - `FactoryBot.build(...)` and `.build_stubbed` are faster than `.create`.
-- Don't `create` an object when `build`, `build_stubbed`, `attributes_for`,
-  `spy`, or `instance_double` will do. Database persistence is slow!
+- Don't `create` an object when you can use `build`, `build_stubbed`, `attributes_for`,
+  `spy`, or `instance_double`. Database persistence is slow!
 
 Use [Factory Doctor](https://test-prof.evilmartians.io/#/profilers/factory_doctor) to find cases where database persistence is not needed in a given test.
 
@@ -171,14 +171,14 @@ RSpec.describe API::Search, factory_default: :keep do
   let_it_be(:namespace) { create_default(:namespace) }
 ```
 
-Then every project we create will use this `namespace`, without us having to pass
+Then every project we create uses this `namespace`, without us having to pass
 it as `namespace: namespace`. In order to make it work along with `let_it_be`, `factory_default: :keep`
-must be explicitly specified. That will keep the default factory for every example in a suite instead of
+must be explicitly specified. That keeps the default factory for every example in a suite instead of
 recreating it for each example.
 
 Maybe we don't need to create 208 different projects - we
 can create one and reuse it. In addition, we can see that only about 1/3 of the
-projects we create are ones we ask for (76/208), so there is benefit in setting
+projects we create are ones we ask for (76/208). There is benefit in setting
 a default value for projects as well:
 
 ```ruby
@@ -233,8 +233,8 @@ Finished in 2 minutes 19 seconds (files took 1 minute 4.42 seconds to load)
 ```
 
 From this result, we can see the most expensive examples in our spec, giving us
-a place to start. The fact that the most expensive examples here are in
-shared examples means that any reductions are likely to have a larger impact as
+a place to start. The most expensive examples here are in
+shared examples; any reductions generally have a larger impact as
 they are called in multiple places.
 
 #### Avoid repeating expensive actions
@@ -287,7 +287,7 @@ results are available, and not just the first failure.
 - Use `.method` to describe class methods and `#method` to describe instance
   methods.
 - Use `context` to test branching logic.
-- Try to match the ordering of tests to the ordering within the class.
+- Try to match the ordering of tests to the ordering in the class.
 - Try to follow the [Four-Phase Test](https://thoughtbot.com/blog/four-phase-test) pattern, using newlines
   to separate phases.
 - Use `Gitlab.config.gitlab.host` rather than hard coding `'localhost'`
@@ -295,10 +295,10 @@ results are available, and not just the first failure.
   [Gotchas](../gotchas.md#do-not-assert-against-the-absolute-value-of-a-sequence-generated-attribute)).
 - Avoid using `expect_any_instance_of` or `allow_any_instance_of` (see
   [Gotchas](../gotchas.md#do-not-assert-against-the-absolute-value-of-a-sequence-generated-attribute)).
-- Don't supply the `:each` argument to hooks since it's the default.
+- Don't supply the `:each` argument to hooks because it's the default.
 - On `before` and `after` hooks, prefer it scoped to `:context` over `:all`
 - When using `evaluate_script("$('.js-foo').testSomething()")` (or `execute_script`) which acts on a given element,
-  use a Capybara matcher beforehand (e.g. `find('.js-foo')`) to ensure the element actually exists.
+  use a Capybara matcher beforehand (such as `find('.js-foo')`) to ensure the element actually exists.
 - Use `focus: true` to isolate parts of the specs you want to run.
 - Use [`:aggregate_failures`](https://relishapp.com/rspec/rspec-core/docs/expectation-framework-integration/aggregating-failures) when there is more than one expectation in a test.
 - For [empty test description blocks](https://github.com/rubocop-hq/rspec-style-guide#it-and-specify), use `specify` rather than `it do` if the test is self-explanatory.
@@ -343,7 +343,7 @@ writing one](testing_levels.md#consider-not-writing-a-system-test)!
   For instance, if you want to verify that a record was created, add
   expectations that its attributes are displayed on the page, not that
   `Model.count` increased by one.
-- It's ok to look for DOM elements but don't abuse it since it makes the tests
+- It's ok to look for DOM elements, but don't abuse it, because it makes the tests
   more brittle
 
 #### Debugging Capybara
@@ -353,7 +353,7 @@ Sometimes you may need to debug Capybara tests by observing browser behavior.
 #### Live debug
 
 You can pause Capybara and view the website on the browser by using the
-`live_debug` method in your spec. The current page will be automatically opened
+`live_debug` method in your spec. The current page is automatically opened
 in your default browser.
 You may need to sign in first (the current user's credentials are displayed in
 the terminal).
@@ -381,13 +381,13 @@ Finished in 34.51 seconds (files took 0.76702 seconds to load)
 
 #### Run `:js` spec in a visible browser
 
-Run the spec with `CHROME_HEADLESS=0`, e.g.:
+Run the spec with `CHROME_HEADLESS=0`, like this:
 
 ```shell
 CHROME_HEADLESS=0 bin/rspec some_spec.rb
 ```
 
-The test will go by quickly, but this will give you an idea of what's happening.
+The test completes quickly, but this gives you an idea of what's happening.
 Using `live_debug` with `CHROME_HEADLESS=0` pauses the open browser, and does not
 open the page again. This can be used to debug and inspect elements.
 
@@ -416,20 +416,20 @@ There is a [small hack](https://gitlab.com/gitlab-org/gitlab-foss/snippets/17184
 
 ### Fast unit tests
 
-Some classes are well-isolated from Rails and you should be able to test them
+Some classes are well-isolated from Rails. You should be able to test them
 without the overhead added by the Rails environment and Bundler's `:default`
 group's gem loading. In these cases, you can `require 'fast_spec_helper'`
 instead of `require 'spec_helper'` in your test file, and your test should run
-really fast since:
+really fast because:
 
-- Gems loading is skipped
+- Gem loading is skipped
 - Rails app boot is skipped
 - GitLab Shell and Gitaly setup are skipped
 - Test repositories setup are skipped
 
 `fast_spec_helper` also support autoloading classes that are located inside the
-`lib/` directory. It means that as long as your class / module is using only
-code from the `lib/` directory you will not need to explicitly load any
+`lib/` directory. If your class or module is using only
+code from the `lib/` directory, you don't need to explicitly load any
 dependencies. `fast_spec_helper` also loads all ActiveSupport extensions,
 including core extensions that are commonly used in the Rails environment.
 
@@ -439,9 +439,11 @@ in `lib/`.
 
 For example, if you want to test your code that is calling the
 `Gitlab::UntrustedRegexp` class, which under the hood uses `re2` library, you
-should either add `require_dependency 're2'` to files in your library that
-need `re2` gem, to make this requirement explicit, or you can add it to the
-spec itself, but the former is preferred.
+should either:
+
+- Add `require_dependency 're2'` to files in your library that need `re2` gem,
+  to make this requirement explicit. This approach is preferred.
+- Add it to the spec itself.
 
 It takes around one second to load tests that are using `fast_spec_helper`
 instead of 30+ seconds in case of a regular `spec_helper`.
@@ -465,7 +467,7 @@ so we need to set some guidelines for their use going forward:
 - Don't define a `let` variable that's only used by the definition of another.
   Use a helper method instead.
 - `let!` variables should be used only in case if strict evaluation with defined
-  order is required, otherwise `let` will suffice. Remember that `let` is lazy and won't
+  order is required, otherwise `let` suffices. Remember that `let` is lazy and won't
   be evaluated until it is referenced.
 - Avoid referencing `subject` in examples. Use a named subject `subject(:name)`, or a `let` variable instead, so
   the variable has a contextual name.
@@ -475,7 +477,7 @@ so we need to set some guidelines for their use going forward:
 
 In some cases, there is no need to recreate the same object for tests
 again for each example. For example, a project and a guest of that project
-is needed to test issues on the same project, one project and user will do for the entire file.
+are needed to test issues on the same project, so one project and user are enough for the entire file.
 
 As much as possible, do not implement this using `before(:all)` or `before(:context)`. If you do,
 you would need to manually clean up the data as those hooks run outside a database transaction.
@@ -494,9 +496,9 @@ before_all do
 end
 ```
 
-This will result in only one `Project`, `User`, and `ProjectMember` created for this context.
+This results in only one `Project`, `User`, and `ProjectMember` created for this context.
 
-`let_it_be` and `before_all` are also available within nested contexts. Cleanup after the context
+`let_it_be` and `before_all` are also available in nested contexts. Cleanup after the context
 is handled automatically using a transaction rollback.
 
 Note that if you modify an object defined inside a `let_it_be` block,
@@ -519,6 +521,35 @@ let_it_be_with_refind(:project) { create(:project) }
 let_it_be(:project, refind: true) { create(:project) }
 ```
 
+### License stubbing with `let_it_be`
+
+`let_it_be_with_refind` is also useful when using `stub_licensed_features` in your tests:
+
+```ruby
+let_it_be_with_refind(:project) { create(:project) }
+# Project#licensed_feature_available? is memoized, and so we need to refind
+# the project for license updates to be applied.
+# An alternative is `project.clear_memoization(:licensed_feature_available)`.
+
+subject { project.allows_multiple_assignees? }
+
+context 'with license multiple_issue_assignees disabled' do
+  before do
+    stub_licensed_features(multiple_issue_assignees: true)
+  end
+
+  it { is_expected.to eq(true) }
+end
+
+context 'with license multiple_issue_assignees disabled' do
+  before do
+    stub_licensed_features(multiple_issue_assignees: false)
+  end
+
+  it { is_expected.to eq(false) }
+end
+```
+
 ### Time-sensitive tests
 
 [`ActiveSupport::Testing::TimeHelpers`](https://api.rubyonrails.org/v6.0.3.1/classes/ActiveSupport/Testing/TimeHelpers.html)
@@ -545,14 +576,14 @@ This section was moved to [developing with feature flags](../feature_flags/devel
 
 The code exercised by a single GitLab test may access and modify many items of
 data. Without careful preparation before a test runs, and cleanup afterward,
-data can be changed by a test in such a way that it affects the behavior of
+a test can change data in a way that affects the behavior of
 following tests. This should be avoided at all costs! Fortunately, the existing
 test framework handles most cases already.
 
 When the test environment does get polluted, a common outcome is
-[flaky tests](flaky_tests.md). Pollution will often manifest as an order
-dependency: running spec A followed by spec B will reliably fail, but running
-spec B followed by spec A will reliably succeed. In these cases, you can use
+[flaky tests](flaky_tests.md). Pollution often manifests as an order
+dependency: running spec A followed by spec B reliably fails, but running
+spec B followed by spec A reliably succeeds. In these cases, you can use
 `rspec --bisect` (or a manual pairwise bisect of spec files) to determine which
 spec is at fault. Fixing the problem requires some understanding of how the test
 suite ensures the environment is pristine. Read on to discover more about each
@@ -561,15 +592,15 @@ data store!
 #### SQL database
 
 This is managed for us by the `database_cleaner` gem. Each spec is surrounded in
-a transaction, which is rolled back once the test completes. Certain specs will
-instead issue `DELETE FROM` queries against every table after completion; this
+a transaction, which is rolled back after the test completes. Certain specs
+instead issue `DELETE FROM` queries against every table after completion. This
 allows the created rows to be viewed from multiple database connections, which
 is important for specs that run in a browser, or migration specs, among others.
 
 One consequence of using these strategies, instead of the well-known
 `TRUNCATE TABLES` approach, is that primary keys and other sequences are **not**
 reset across specs. So if you create a project in spec A, then create a project
-in spec B, the first will have `id=1`, while the second will have `id=2`.
+in spec B, the first has `id=1`, while the second has `id=2`.
 
 This means that specs should **never** rely on the value of an ID, or any other
 sequence-generated column. To avoid accidental conflicts, specs should also
@@ -610,7 +641,7 @@ DNS requests are stubbed universally in the test suite
 (as of [!22368](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22368)), as DNS can
 cause issues depending on the developer's local network. There are RSpec labels
 available in `spec/support/dns.rb` which you can apply to tests if you need to
-bypass the DNS stubbing, e.g.:
+bypass the DNS stubbing, like this:
 
 ```ruby
 it "really connects to Prometheus", :permit_dns do
@@ -625,8 +656,8 @@ In the situations where you need to
 [stub](https://relishapp.com/rspec/rspec-mocks/v/3-9/docs/basics/allowing-messages)
 methods such as `File.read`, make sure to:
 
-1. Stub `File.read` for only the filepath you are interested in.
-1. Call the original implementation for other filepaths.
+1. Stub `File.read` for only the file path you are interested in.
+1. Call the original implementation for other file paths.
 
 Otherwise `File.read` calls from other parts of the codebase get
 stubbed incorrectly. You should use the `stub_file_read`, and
@@ -645,19 +676,19 @@ allow(File).to receive(:read).and_call_original
 allow(File).to receive(:read).with(my_filepath)
 ```
 
-#### Filesystem
+#### File system
 
-Filesystem data can be roughly split into "repositories", and "everything else".
+File system data can be roughly split into "repositories", and "everything else".
 Repositories are stored in `tmp/tests/repositories`. This directory is emptied
 before a test run starts, and after the test run ends. It is not emptied between
-specs, so created repositories accumulate within this directory over the
+specs, so created repositories accumulate in this directory over the
 lifetime of the process. Deleting them is expensive, but this could lead to
 pollution unless carefully managed.
 
 To avoid this, [hashed storage](../../administration/repository_storage_types.md)
 is enabled in the test suite. This means that repositories are given a unique
-path that depends on their project's ID. Since the project IDs are not reset
-between specs, this guarantees that each spec gets its own repository on disk,
+path that depends on their project's ID. Because the project IDs are not reset
+between specs, each spec gets its own repository on disk,
 and prevents changes from being visible between specs.
 
 If a spec manually specifies a project ID, or inspects the state of the
@@ -671,9 +702,9 @@ written to disk in locations determined by ID, so conflicts should not occur.
 
 Some specs disable hashed storage by passing the `:legacy_storage` trait to the
 `projects` factory. Specs that do this must **never** override the `path` of the
-project, or any of its groups. The default path includes the project ID, so will
-not conflict; but if two specs create a `:legacy_storage` project with the same
-path, they will use the same repository on disk and lead to test environment
+project, or any of its groups. The default path includes the project ID, so it
+does not conflict. If two specs create a `:legacy_storage` project with the same
+path, they use the same repository on disk and lead to test environment
 pollution.
 
 Other files must be managed manually by the spec. If you run code that creates a
@@ -712,21 +743,20 @@ If you need to modify the contents of the `ENV` constant, you can use the
 While most Ruby **instances** are not shared between specs, **classes**
 and **modules** generally are. Class and module instance variables, accessors,
 class variables, and other stateful idioms, should be treated in the same way as
-global variables - don't modify them unless you have to! In particular, prefer
+global variables. Don't modify them unless you have to! In particular, prefer
 using expectations, or dependency injection along with stubs, to avoid the need
-for modifications. If you have no other choice, an `around` block similar to the
-example for global variables, above, can be used, but this should be avoided if
-at all possible.
+for modifications. If you have no other choice, an `around` block like the global
+variables example can be used, but avoid this if at all possible.
 
 #### Test Snowplow events
 
 WARNING:
 Snowplow performs **runtime type checks** by using the [contracts gem](https://rubygems.org/gems/contracts).
-Since Snowplow is **by default disabled in tests and development**, it can be hard to
+Because Snowplow is **by default disabled in tests and development**, it can be hard to
 **catch exceptions** when mocking `Gitlab::Tracking`.
 
-To catch runtime errors due to type checks, you can enable Snowplow in tests by marking the spec with
-`:snowplow` and use the `expect_snowplow_event` helper which will check for
+To catch runtime errors due to type checks, you can enable Snowplow in tests. Mark the spec with
+`:snowplow` and use the `expect_snowplow_event` helper, which checks for
 calls to `Gitlab::Tracking#event`.
 
 ```ruby
@@ -794,7 +824,7 @@ end
 
 WARNING:
 Only use simple values as input in the `where` block. Using procs, stateful
-objects, FactoryBot-created objects etc. can lead to
+objects, FactoryBot-created objects, and similar items can lead to
 [unexpected results](https://github.com/tomykaira/rspec-parameterized/issues/8).
 
 ### Prometheus tests
@@ -807,7 +837,7 @@ reset before each example, add the `:prometheus` tag to the RSpec test.
 Custom matchers should be created to clarify the intent and/or hide the
 complexity of RSpec expectations. They should be placed under
 `spec/support/matchers/`. Matchers can be placed in subfolder if they apply to
-a certain type of specs only (e.g. features, requests etc.) but shouldn't be if
+a certain type of specs only (such as features or requests) but shouldn't be if
 they apply to multiple type of specs.
 
 #### `be_like_time`
@@ -881,13 +911,13 @@ expect(json_string).to be_valid_json.and match_schema(schema)
 
 Testing query performance allows us to:
 
-- Assert that N+1 problems do not exist within a block of code.
-- Ensure that the number of queries within a block of code does not increase unnoticed.
+- Assert that N+1 problems do not exist in a block of code.
+- Ensure that the number of queries in a block of code does not increase unnoticed.
 
 #### QueryRecorder
 
 `QueryRecorder` allows profiling and testing of the number of database queries
-performed within a given block of code.
+performed in a given block of code.
 
 See the [`QueryRecorder`](../query_recorder.md) section for more details.
 
@@ -905,9 +935,9 @@ Any shared contexts used by more than one spec file:
 
 - Should be placed under `spec/support/shared_contexts/`.
 - Can be placed in subfolder if they apply to a certain type of specs only
-  (e.g. features, requests etc.) but shouldn't be if they apply to multiple type of specs.
+  (such as features or requests) but shouldn't be if they apply to multiple type of specs.
 
-Each file should include only one context and have a descriptive name, e.g.
+Each file should include only one context and have a descriptive name, such as
 `spec/support/shared_contexts/controllers/githubish_import_controller_shared_context.rb`.
 
 ### Shared examples
@@ -917,9 +947,9 @@ Any shared examples used by more than one spec file:
 
 - Should be placed under `spec/support/shared_examples/`.
 - Can be placed in subfolder if they apply to a certain type of specs only
-  (e.g. features, requests etc.) but shouldn't be if they apply to multiple type of specs.
+  (such as features or requests) but shouldn't be if they apply to multiple type of specs.
 
-Each file should include only one context and have a descriptive name, e.g.
+Each file should include only one context and have a descriptive name, such as
 `spec/support/shared_examples/controllers/githubish_import_controller_shared_example.rb`.
 
 ### Helpers
@@ -927,8 +957,8 @@ Each file should include only one context and have a descriptive name, e.g.
 Helpers are usually modules that provide some methods to hide the complexity of
 specific RSpec examples. You can define helpers in RSpec files if they're not
 intended to be shared with other specs. Otherwise, they should be placed
-under `spec/support/helpers/`. Helpers can be placed in subfolder if they apply
-to a certain type of specs only (e.g. features, requests etc.) but shouldn't be
+under `spec/support/helpers/`. Helpers can be placed in a subfolder if they apply
+to a certain type of specs only (such as features or requests) but shouldn't be
 if they apply to multiple type of specs.
 
 Helpers should follow the Rails naming / namespacing convention. For instance
@@ -985,7 +1015,7 @@ All fixtures should be placed under `spec/fixtures/`.
 
 ### Repositories
 
-Testing some functionality, e.g., merging a merge request, requires a Git
+Testing some functionality, such as merging a merge request, requires a Git
 repository with a certain state to be present in the test environment. GitLab
 maintains the [`gitlab-test`](https://gitlab.com/gitlab-org/gitlab-test)
 repository for certain common cases - you can ensure a copy of the repository is
@@ -996,7 +1026,7 @@ let(:project) { create(:project, :repository) }
 ```
 
 Where you can, consider using the `:custom_repo` trait instead of `:repository`.
-This allows you to specify exactly what files will appear in the `master` branch
+This allows you to specify exactly what files appear in the `master` branch
 of the project's repository. For example:
 
 ```ruby
@@ -1011,17 +1041,17 @@ let(:project) do
 end
 ```
 
-This will create a repository containing two files, with default permissions and
+This creates a repository containing two files, with default permissions and
 the specified content.
 
 ### Configuration
 
-RSpec configuration files are files that change the RSpec configuration (i.e.
+RSpec configuration files are files that change the RSpec configuration (like
 `RSpec.configure do |config|` blocks). They should be placed under
 `spec/support/`.
 
-Each file should be related to a specific domain, e.g.
-`spec/support/capybara.rb`, `spec/support/carrierwave.rb`, etc.
+Each file should be related to a specific domain, such as
+`spec/support/capybara.rb` or `spec/support/carrierwave.rb`.
 
 If a helpers module applies only to a certain kind of specs, it should add
 modifiers to the `config.include` call. For instance if
@@ -1047,7 +1077,7 @@ file which is used by the `spec/fast_spec_helper.rb` file. See
 
 Services for the test environment are automatically configured and started when
 tests are run, including Gitaly, Workhorse, Elasticsearch, and Capybara. When run in CI, or
-if the service needs to be installed, the test environment will log information
+if the service needs to be installed, the test environment logs information
 about set-up time, producing log messages like the following:
 
 ```plaintext

doc/raketasks/backup_restore.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -100,7 +100,7 @@ the host, based on your installed version of GitLab:
 - GitLab 12.1 and earlier:
 
   ```shell
-  gitlab-rake gitlab:backup:create
+  docker exec -t <container name> gitlab-rake gitlab:backup:create
   ```
 
 If you're using the [GitLab Helm chart](https://gitlab.com/gitlab-org/charts/gitlab)

doc/raketasks/cleanup.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/features.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/import.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/list_repos.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/spdx.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Secure
+group: Composition Analysis
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/user_management.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/raketasks/web_hooks.md

@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Enablement
+group: Distribution
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 

doc/topics/autodevops/index.md

@@ -157,16 +157,6 @@ as other environment [variables](../../ci/variables/README.md#priority-of-enviro
 If the CI/CD variable is not set and the cluster setting is left blank, the instance-wide **Auto DevOps domain**
 setting is used if set.
 
-NOTE:
-If you use the [GitLab managed app for Ingress](../../user/clusters/applications.md#ingress),
-the URL endpoint should be automatically configured for you. All you must do
-is use its value for the `KUBE_INGRESS_BASE_DOMAIN` variable.
-
-NOTE:
-`AUTO_DEVOPS_DOMAIN` was [deprecated in GitLab 11.8](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/52363)
-and replaced with `KUBE_INGRESS_BASE_DOMAIN`, and removed in
-[GitLab 12.0](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/56959).
-
 Auto DevOps requires a wildcard DNS A record matching the base domain(s). For
 a base domain of `example.com`, you'd need a DNS entry like:
 

doc/topics/autodevops/requirements.md

@@ -46,12 +46,9 @@ To make full use of Auto DevOps with Kubernetes, you need:
 - **Base domain** (for [Auto Review Apps](stages.md#auto-review-apps),
   [Auto Deploy](stages.md#auto-deploy), and [Auto Monitoring](stages.md#auto-monitoring))
 
-  You need a domain configured with wildcard DNS, which all of your Auto DevOps
-  applications use. If you're using the
-  [GitLab-managed app for Ingress](../../user/clusters/applications.md#ingress),
-  the URL endpoint is automatically configured for you.
-
-  You must also [specify the Auto DevOps base domain](index.md#auto-devops-base-domain).
+  You must [specify the Auto DevOps base domain](index.md#auto-devops-base-domain),
+  which all of your Auto DevOps applications use. This domain must be configured
+  with wildcard DNS.
 
 - **GitLab Runner** (for all stages)
 

doc/user/clusters/applications.md

@@ -1199,53 +1199,8 @@ determine the endpoint of your Ingress or Knative application, you can
 
 #### Determining the external endpoint manually
 
-If the cluster is on GKE, click the **Google Kubernetes Engine** link in the
-**Advanced settings**, or go directly to the
-[Google Kubernetes Engine dashboard](https://console.cloud.google.com/kubernetes/)
-and select the proper project and cluster. Then click **Connect** and execute
-the `gcloud` command in a local terminal or using the **Cloud Shell**.
-
-If the cluster is not on GKE, follow the specific instructions for your
-Kubernetes provider to configure `kubectl` with the right credentials.
-The output of the following examples show the external endpoint of your
-cluster. This information can then be used to set up DNS entries and forwarding
-rules that allow external access to your deployed applications.
-
-- If you installed Ingress using the **Applications**, run the following
-  command:
-
-  ```shell
-  kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
-  ```
-
-- Some Kubernetes clusters return a hostname instead, like
-  [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run:
-
-  ```shell
-  kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
-  ```
-
-  If EKS is used, an [Elastic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/)
-  is also created, which incurs additional AWS costs.
-
-- For Istio/Knative, the command is different:
-
-  ```shell
-  kubectl get svc --namespace=istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip} '
-  ```
-
-- Otherwise, you can list the IP addresses of all load balancers:
-
-  ```shell
-  kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalancer.ingress)]}{.status.loadBalancer.ingress[*].ip} '
-  ```
-
-You may see a trailing `%` on some Kubernetes versions. Do not include it.
-
-The Ingress is now available at this address, and routes incoming requests to
-the proper service based on the DNS name in the request. To support this, create
-a wildcard DNS CNAME record for the desired domain name. For example,
-`*.myekscluster.com` would point to the Ingress hostname obtained earlier.
+See the [Base domain section](../project/clusters/index.md#base-domain) for a
+guide on how to determine the external endpoint manually.
 
 #### Using a static IP
 

doc/user/group/saml_sso/index.md

@@ -418,6 +418,11 @@ This can be prevented by configuring the [NameID](#nameid) to return a consisten
 
 Ensure that the user who is trying to link their GitLab account has been added as a user within the identity provider's SAML app.
 
+Alternatively, the SAML response may be missing the `InResponseTo` attribute in the
+`samlp:Response` tag, which is [expected by the SAML gem](https://github.com/onelogin/ruby-saml/blob/9f710c5028b069bfab4b9e2b66891e0549765af5/lib/onelogin/ruby-saml/response.rb#L307-L316).
+The [Identity Provider](#glossary) administrator should ensure that the login should be
+initiated by the Service Provider (typically GitLab) and not the Identity Provider.
+
 ### Stuck in a login "loop"
 
 Ensure that the **GitLab single sign-on URL** has been configured as "Login URL" (or similarly named field) in the identity provider's SAML app.
@@ -446,3 +451,25 @@ However, self-managed GitLab instances use a configuration file that supports mo
 Internally that uses the [`ruby-saml` library](https://github.com/onelogin/ruby-saml), so we sometimes check there to verify low level details of less commonly used options.
 
 It can also help to compare the XML response from your provider with our [example XML used for internal testing](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/fixtures/saml/response.xml).
+
+### Searching Rails log
+
+With access to the rails log or `production_json.log` (available only to GitLab team members for GitLab.com),
+you should be able to find the base64 encoded SAML response by searching with the following filters:
+
+- `json.meta.caller_id`: `Groups::OmniauthCallbacksController#group_saml`
+- `json.meta.user` or `json.username`: `username`
+- `json.method`: `POST`
+- `json.path`: `/groups/GROUP-PATH/-/saml/callback`
+
+In a relevant log entry, the `json.params` should provide a valid response with:
+
+- `"key": "SAMLResponse"` and the `"value": (full SAML response)`,
+- `"key": "RelayState"` with `"value": "/group-path"`, and
+- `"key": "group_id"` with `"value": "group-path"`.
+
+In some cases, if the SAML response is lengthy, you may receive a `"key": "truncated"` with `"value":"..."`.
+In these cases, please ask a group owner for a copy of the SAML response from when they select
+the "Verify SAML Configuration" button on the group SSO Settings page.
+
+Use a base64 decoder to see a human-readable version of the SAML response.

doc/user/packages/nuget_repository/index.md

@@ -62,6 +62,8 @@ NuGet CLI.
 
 ## Use the GitLab endpoint for NuGet Packages
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36423) group-level endpoint in GitLab 13.8.
+
 To use the GitLab endpoint for NuGet Packages, choose an option:
 
 - **Project-level**: Use when you have few NuGet packages and they are not in

doc/user/profile/notifications.md

@@ -149,6 +149,7 @@ Users are notified of the following events:
 | Password changed by administrator | User           | Security email, always sent when an administrator changes the password of another user |
 | Two-factor authentication disabled | User          | Security email, always sent. |
 | New user created             | User                | Sent on user creation, except for OmniAuth (LDAP)|
+| New SAML/SCIM user provisioned. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/276018) in GitLab 13.8  | User            | Sent when a user is provisioned through SAML/SCIM |
 | User added to project        | User                | Sent when user is added to project |
 | Project access level changed | User                | Sent when user project access level is changed |
 | User added to group          | User                | Sent when user is added to group |

doc/user/project/clusters/index.md

@@ -33,8 +33,10 @@ integrated at the [group level](../../group/clusters/index.md) or
 
 To view your project level Kubernetes clusters, navigate to **Operations > Kubernetes**
 from your project. On this page, you can [add a new cluster](#adding-and-removing-clusters)
-and view information about your existing clusters, such as nodes count and rough estimates
-of memory and CPU usage.
+and view information about your existing clusters, such as:
+
+- Nodes count.
+- Rough estimates of memory and CPU usage.
 
 ## Setting up
 
@@ -76,9 +78,8 @@ to:
 
 You can associate more than one Kubernetes cluster to your
 project. That way you can have different clusters for different environments,
-like dev, staging, production, and so on.
-
-Simply add another cluster, like you did the first time, and make sure to
+like development, staging, production, and so on.
+Add another cluster, like you did the first time, and make sure to
 [set an environment scope](#setting-the-environment-scope) that
 differentiates the new cluster from the rest.
 
@@ -165,7 +166,7 @@ details about the created resources.
 If you choose to manage your own cluster, project-specific resources aren't created
 automatically. If you are using [Auto DevOps](../../../topics/autodevops/index.md), you must
 explicitly provide the `KUBE_NAMESPACE` [deployment variable](#deployment-variables)
-for your deployment jobs to use; otherwise a namespace is created for you.
+for your deployment jobs to use. Otherwise, a namespace is created for you.
 
 #### Important notes
 
@@ -182,10 +183,10 @@ Note the following with GitLab and clusters:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/31759) in GitLab 12.6.
 
-If you choose to allow GitLab to manage your cluster for you, GitLab stores a cached
+If you allow GitLab to manage your cluster, GitLab stores a cached
 version of the namespaces and service accounts it creates for your projects. If you
 modify these resources in your cluster manually, this cache can fall out of sync with
-your cluster, which can cause deployment jobs to fail.
+your cluster. This can cause deployment jobs to fail.
 
 To clear the cache:
 
@@ -204,12 +205,61 @@ Specifying a base domain automatically sets `KUBE_INGRESS_BASE_DOMAIN` as an env
 If you are using [Auto DevOps](../../../topics/autodevops/index.md), this domain is used for the different
 stages. For example, Auto Review Apps and Auto Deploy.
 
-The domain should have a wildcard DNS configured to the Ingress IP address. After Ingress has been installed (see [Installing Applications](#installing-applications)),
+The domain should have a wildcard DNS configured to the Ingress IP address.
+After Ingress has been installed (see [Installing Applications](#installing-applications)),
 you can either:
 
 - Create an `A` record that points to the Ingress IP address with your domain provider.
 - Enter a wildcard DNS address using a service such as nip.io or xip.io. For example, `192.168.1.1.xip.io`.
 
+To determine the external Ingress IP address, or external Ingress hostname:
+
+- *If the cluster is on GKE*:
+  1. Click the **Google Kubernetes Engine** link in the **Advanced settings**,
+     or go directly to the [Google Kubernetes Engine dashboard](https://console.cloud.google.com/kubernetes/).
+  1. Select the proper project and cluster.
+  1. Click **Connect**
+  1. Execute the `gcloud` command in a local terminal or using the **Cloud Shell**.
+
+- *If the cluster is not on GKE*: Follow the specific instructions for your
+  Kubernetes provider to configure `kubectl` with the right credentials.
+  The output of the following examples show the external endpoint of your
+  cluster. This information can then be used to set up DNS entries and forwarding
+  rules that allow external access to your deployed applications.
+
+Depending an your Ingress, the external IP address can be retrieved in various ways.
+This list provides a generic solution, and some GitLab-specific approaches:
+
+- In general, you can list the IP addresses of all load balancers by running:
+
+  ```shell
+  kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalancer.ingress)]}{.status.loadBalancer.ingress[*].ip} '
+  ```
+
+- If you installed Ingress using the **Applications**, run:
+
+  ```shell
+  kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+  ```
+
+- Some Kubernetes clusters return a hostname instead, like
+  [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run:
+
+  ```shell
+  kubectl get service --namespace=gitlab-managed-apps ingress-nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
+  ```
+
+  If you use EKS, an [Elastic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/)
+  is also created, which incurs additional AWS costs.
+
+- Istio/Knative uses a different command. Run:
+
+  ```shell
+  kubectl get svc --namespace=istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip} '
+  ```
+
+If you see a trailing `%` on some Kubernetes versions, do not include it.
+
 ## Installing applications
 
 GitLab can install and manage some applications like Helm, GitLab Runner, Ingress,
@@ -224,10 +274,10 @@ Auto DevOps automatically detects, builds, tests, deploys, and monitors your
 applications.
 
 To make full use of Auto DevOps (Auto Deploy, Auto Review Apps, and
-Auto Monitoring) the Kubernetes project integration must be enabled, but
+Auto Monitoring) the Kubernetes project integration must be enabled. However,
 Kubernetes clusters can be used without Auto DevOps.
 
-[Read more about Auto DevOps](../../../topics/autodevops/index.md)
+[Read more about Auto DevOps](../../../topics/autodevops/index.md).
 
 ## Deploying to a Kubernetes cluster
 
@@ -260,9 +310,9 @@ following command in your deployment job script, for Kubernetes to access the re
   kubectl create secret docker-registry gitlab-registry --docker-server="$CI_REGISTRY" --docker-username="$CI_DEPLOY_USER" --docker-password="$CI_DEPLOY_PASSWORD" --docker-email="$GITLAB_USER_EMAIL" -o yaml --dry-run | kubectl apply -f -
   ```
 
-The Kubernetes cluster integration exposes the following
+The Kubernetes cluster integration exposes these
 [deployment variables](../../../ci/variables/README.md#deployment-environment-variables) in the
-GitLab CI/CD build environment to deployment jobs, which are jobs that have
+GitLab CI/CD build environment to deployment jobs. Deployment jobs have
 [defined a target environment](../../../ci/environments/index.md#defining-environments).
 
 | Variable                   | Description |
@@ -303,7 +353,7 @@ When you customize the namespace, existing environments remain linked to their c
 namespaces until you [clear the cluster cache](#clearing-the-cluster-cache).
 
 WARNING:
-By default, anyone who can create a deployment job can access any CI variable within
+By default, anyone who can create a deployment job can access any CI variable in
 an environment's deployment job. This includes `KUBECONFIG`, which gives access to
 any secret available to the associated service account in your cluster.
 To keep your production credentials safe, consider using
@@ -327,8 +377,8 @@ the need to leave GitLab.
 #### Deploy Boards
 
 GitLab Deploy Boards offer a consolidated view of the current health and
-status of each CI [environment](../../../ci/environments/index.md) running on Kubernetes,
-displaying the status of the pods in the deployment. Developers and other
+status of each CI [environment](../../../ci/environments/index.md) running on Kubernetes.
+They display the status of the pods in the deployment. Developers and other
 teammates can view the progress and status of a rollout, pod by pod, in the
 workflow they already use without any need to access Kubernetes.
 
@@ -336,7 +386,7 @@ workflow they already use without any need to access Kubernetes.
 
 #### Viewing pod logs
 
-GitLab makes it easy to view the logs of running pods in connected Kubernetes
+GitLab enables you to view the logs of running pods in connected Kubernetes
 clusters. By displaying the logs directly in GitLab, developers can avoid having
 to manage console tools or jump to a different interface.
 
@@ -349,7 +399,7 @@ to manage console tools or jump to a different interface.
 When enabled, the Kubernetes integration adds [web terminal](../../../ci/environments/index.md#web-terminals)
 support to your [environments](../../../ci/environments/index.md). This is based
 on the `exec` functionality found in Docker and Kubernetes, so you get a new
-shell session within your existing containers. To use this integration, you
+shell session in your existing containers. To use this integration, you
 should deploy to Kubernetes using the deployment variables above, ensuring any
 deployments, replica sets, and pods are annotated with:
 

lib/atlassian/jira_connect/client.rb

@@ -67,8 +67,6 @@ module Atlassian
       end
 
       def store_build_info(project:, pipelines:, update_sequence_id: nil)
-        return unless Feature.enabled?(:jira_sync_builds, project)
-
         builds = pipelines.map do |pipeline|
           build = ::Atlassian::JiraConnect::Serializers::BuildEntity.represent(
             pipeline,

lib/gitlab/experimentation.rb

@@ -6,6 +6,7 @@
 # Experiment options:
 # - tracking_category (optional, used to set the category when tracking an experiment event)
 # - use_backwards_compatible_subject_index (optional, set this to true if you need backwards compatibility -- you likely do not need this, see note in the next paragraph.)
+# - rollout_strategy: default is `:cookie` based rollout. We may also set it to `:user` based rollout
 #
 # Using the backwards-compatible subject index (use_backwards_compatible_subject_index option):
 # This option was added when [the calculation of experimentation_subject_index was changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45733/diffs#41af4a6fa5a10c7068559ce21c5188483751d934_157_173). It is not intended to be used by new experiments, it exists merely for the segmentation integrity of in-flight experiments at the time the change was deployed. That is, we want users who were assigned to the "experimental" group or the "control" group before the change to still be in those same groups after the change. See [the original issue](https://gitlab.com/gitlab-org/gitlab/-/issues/270858) and [this related comment](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48110#note_458223745) for more information.
@@ -92,16 +93,19 @@ module Gitlab
         tracking_category: 'Growth::Conversion::Experiment::TrialDuringSignup'
       },
       ci_syntax_templates: {
-        tracking_category: 'Growth::Activation::Experiment::CiSyntaxTemplates'
+        tracking_category: 'Growth::Activation::Experiment::CiSyntaxTemplates',
+        rollout_strategy: :user
       },
       pipelines_empty_state: {
-        tracking_category: 'Growth::Activation::Experiment::PipelinesEmptyState'
+        tracking_category: 'Growth::Activation::Experiment::PipelinesEmptyState',
+        rollout_strategy: :user
       },
       invite_members_new_dropdown: {
         tracking_category: 'Growth::Expansion::Experiment::InviteMembersNewDropdown'
       },
       show_trial_status_in_sidebar: {
-        tracking_category: 'Growth::Conversion::Experiment::ShowTrialStatusInSidebar'
+        tracking_category: 'Growth::Conversion::Experiment::ShowTrialStatusInSidebar',
+        rollout_strategy: :group
       },
       trial_onboarding_issues: {
         tracking_category: 'Growth::Conversion::Experiment::TrialOnboardingIssues'
@@ -126,12 +130,44 @@ module Gitlab
         return false if subject.blank?
         return false unless active?(experiment_key)
 
+        log_invalid_rollout(experiment_key, subject)
+
         experiment = get_experiment(experiment_key)
         return false unless experiment
 
         experiment.enabled_for_index?(index_for_subject(experiment, subject))
       end
 
+      def rollout_strategy(experiment_key)
+        experiment = get_experiment(experiment_key)
+        return unless experiment
+
+        experiment.rollout_strategy
+      end
+
+      def log_invalid_rollout(experiment_key, subject)
+        return if valid_subject_for_rollout_strategy?(experiment_key, subject)
+
+        logger = Gitlab::ExperimentationLogger.build
+        logger.warn message: 'Subject must conform to the rollout strategy',
+                     experiment_key: experiment_key,
+                     subject: subject.class.to_s,
+                     rollout_strategy: rollout_strategy(experiment_key)
+      end
+
+      def valid_subject_for_rollout_strategy?(experiment_key, subject)
+        case rollout_strategy(experiment_key)
+        when :user
+          subject.is_a?(User)
+        when :group
+          subject.is_a?(Group)
+        when :cookie
+          subject.nil? || subject.is_a?(String)
+        else
+          false
+        end
+      end
+
       private
 
       def index_for_subject(experiment, subject)

lib/gitlab/experimentation/controller_concern.rb

@@ -40,6 +40,8 @@ module Gitlab
         return true if forced_enabled?(experiment_key)
         return false if dnt_enabled?
 
+        Experimentation.log_invalid_rollout(experiment_key, subject)
+
         subject ||= fallback_experimentation_subject_index(experiment_key)
 
         Experimentation.in_experiment_group?(experiment_key, subject: subject)
@@ -65,7 +67,9 @@ module Gitlab
         return if dnt_enabled?
         return unless Experimentation.active?(experiment_key) && current_user
 
-        ::Experiment.add_user(experiment_key, tracking_group(experiment_key, nil, subject: current_user), current_user, context)
+        subject = Experimentation.rollout_strategy(experiment_key) == :cookie ? nil : current_user
+
+        ::Experiment.add_user(experiment_key, tracking_group(experiment_key, nil, subject: subject), current_user, context)
       end
 
       def record_experiment_conversion_event(experiment_key)

lib/gitlab/experimentation/experiment.rb

@@ -5,12 +5,13 @@ module Gitlab
     class Experiment
       FEATURE_FLAG_SUFFIX = "_experiment_percentage"
 
-      attr_reader :key, :tracking_category, :use_backwards_compatible_subject_index
+      attr_reader :key, :tracking_category, :use_backwards_compatible_subject_index, :rollout_strategy
 
       def initialize(key, **params)
         @key = key
         @tracking_category = params[:tracking_category]
         @use_backwards_compatible_subject_index = params[:use_backwards_compatible_subject_index]
+        @rollout_strategy = params[:rollout_strategy] || :cookie
       end
 
       def active?

lib/gitlab/experimentation_logger.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Gitlab
+  class ExperimentationLogger < ::Gitlab::JsonLogger
+    def self.file_name_noext
+      'experimentation_json'
+    end
+  end
+end

rubocop/cop/gitlab/namespaced_class.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Gitlab
+      # Cop that enforces use of namespaced classes in order to better identify
+      # high level domains within the codebase.
+
+      # @example
+      #   # bad
+      #   class MyClass
+      #   end
+      #
+      #   # good
+      #   module MyDomain
+      #     class MyClass
+      #     end
+      #   end
+
+      class NamespacedClass < RuboCop::Cop::Cop
+        MSG = 'Classes must be declared inside a module indicating a product domain namespace. For more info: https://gitlab.com/gitlab-org/gitlab/-/issues/212156'
+
+        def_node_matcher :compact_namespaced_class?, <<~PATTERN
+          (class (const (const ...) ...) ...)
+        PATTERN
+
+        def on_module(node)
+          @namespaced = true
+        end
+
+        def on_class(node)
+          return if @namespaced
+
+          add_offense(node) unless compact_namespaced_class?(node)
+        end
+      end
+    end
+  end
+end

spec/features/admin/admin_projects_spec.rb

@@ -94,6 +94,7 @@ RSpec.describe "Admin::Projects" do
   describe 'add admin himself to a project' do
     before do
       project.add_maintainer(user)
+      stub_feature_flags(invite_members_group_modal: false)
     end
 
     it 'adds admin a to a project as developer', :js do

spec/features/groups/navbar_spec.rb

@@ -87,12 +87,4 @@ RSpec.describe 'Group navbar' do
 
     it_behaves_like 'verified navigation bar'
   end
-
-  context 'when invite team members is not available' do
-    it 'does not display the js-invite-members-trigger' do
-      visit group_path(group)
-
-      expect(page).not_to have_selector('.js-invite-members-trigger')
-    end
-  end
 end

spec/features/projects/members/invite_group_spec.rb

@@ -8,6 +8,10 @@ RSpec.describe 'Project > Members > Invite group', :js do
 
   let(:maintainer) { create(:user) }
 
+  before do
+    stub_feature_flags(invite_members_group_modal: false)
+  end
+
   describe 'Share with group lock' do
     shared_examples 'the project can be shared with groups' do
       it 'the "Invite group" tab exists' do

spec/features/projects/members/master_adds_member_with_expiration_date_spec.rb

@@ -18,6 +18,8 @@ RSpec.describe 'Projects > Members > Maintainer adds member with expiration date
   end
 
   it 'expiration date is displayed in the members list' do
+    stub_feature_flags(invite_members_group_modal: false)
+
     visit project_project_members_path(project)
 
     page.within '.invite-users-form' do

spec/features/projects/navbar_spec.rb

@@ -67,23 +67,4 @@ RSpec.describe 'Project navbar' do
 
     it_behaves_like 'verified navigation bar'
   end
-
-  context 'when invite team members is not available' do
-    it 'does not display the js-invite-members-trigger' do
-      visit project_path(project)
-
-      expect(page).not_to have_selector('.js-invite-members-trigger')
-    end
-  end
-
-  context 'when invite team members is available' do
-    it 'includes the div for js-invite-members-trigger' do
-      stub_feature_flags(invite_members_group_modal: true)
-      allow_any_instance_of(InviteMembersHelper).to receive(:invite_members_allowed?).and_return(true)
-
-      visit project_path(project)
-
-      expect(page).to have_selector('.js-invite-members-trigger')
-    end
-  end
 end

spec/features/projects/settings/user_manages_project_members_spec.rb

@@ -37,6 +37,8 @@ RSpec.describe 'Projects > Settings > User manages project members' do
   end
 
   it 'imports a team from another project' do
+    stub_feature_flags(invite_members_group_modal: false)
+
     project2.add_maintainer(user)
     project2.add_reporter(user_mike)
 

spec/frontend/vue_mr_widget/mr_widget_options_spec.js

@@ -17,13 +17,6 @@ jest.mock('~/smart_interval');
 
 jest.mock('~/lib/utils/favicon');
 
-const returnPromise = (data) =>
-  new Promise((resolve) => {
-    resolve({
-      data,
-    });
-  });
-
 describe('MrWidgetOptions', () => {
   let wrapper;
   let mock;
@@ -281,7 +274,7 @@ describe('MrWidgetOptions', () => {
         let isCbExecuted;
 
         beforeEach(() => {
-          jest.spyOn(wrapper.vm.service, 'checkStatus').mockReturnValue(returnPromise(mockData));
+          jest.spyOn(wrapper.vm.service, 'checkStatus').mockResolvedValue({ data: mockData });
           jest.spyOn(wrapper.vm.mr, 'setData').mockImplementation(() => {});
           jest.spyOn(wrapper.vm, 'handleNotification').mockImplementation(() => {});
 
@@ -331,7 +324,7 @@ describe('MrWidgetOptions', () => {
         it('should fetch deployments', () => {
           jest
             .spyOn(wrapper.vm.service, 'fetchDeployments')
-            .mockReturnValue(returnPromise([{ id: 1, status: SUCCESS }]));
+            .mockResolvedValue({ data: [{ id: 1, status: SUCCESS }] });
 
           wrapper.vm.fetchPreMergeDeployments();
 
@@ -347,7 +340,7 @@ describe('MrWidgetOptions', () => {
         it('should fetch content of Cherry Pick and Revert modals', () => {
           jest
             .spyOn(wrapper.vm.service, 'fetchMergeActionsContent')
-            .mockReturnValue(returnPromise('hello world'));
+            .mockResolvedValue({ data: 'hello world' });
 
           wrapper.vm.fetchActionsContent();
 

spec/helpers/invite_members_helper_spec.rb

@@ -12,6 +12,40 @@ RSpec.describe InviteMembersHelper do
       assign(:project, project)
     end
 
+    describe "#can_invite_members_for_project?" do
+      context 'when the user can_import_members' do
+        before do
+          allow(helper).to receive(:can_import_members?).and_return(true)
+        end
+
+        it 'returns true' do
+          expect(helper.can_invite_members_for_project?(project)).to eq true
+          expect(helper).to have_received(:can_import_members?)
+        end
+
+        context 'when feature flag is disabled' do
+          before do
+            stub_feature_flags(invite_members_group_modal: false)
+          end
+
+          it 'returns false' do
+            expect(helper.can_invite_members_for_project?(project)).to eq false
+            expect(helper).not_to have_received(:can_import_members?)
+          end
+        end
+      end
+
+      context 'when the user can not invite members' do
+        before do
+          expect(helper).to receive(:can_import_members?).and_return(false)
+        end
+
+        it 'returns false' do
+          expect(helper.can_invite_members_for_project?(project)).to eq false
+        end
+      end
+    end
+
     describe "#directly_invite_members?" do
       context 'when the user is an owner' do
         before do
@@ -80,6 +114,51 @@ RSpec.describe InviteMembersHelper do
   context 'with group' do
     let_it_be(:group) { create(:group) }
 
+    describe "#can_invite_members_for_group?" do
+      include Devise::Test::ControllerHelpers
+
+      let_it_be(:user) { create(:user) }
+
+      before do
+        sign_in(user)
+        allow(helper).to receive(:current_user) { user }
+      end
+
+      context 'when the user can_import_members' do
+        before do
+          allow(helper).to receive(:can?).with(user, :admin_group_member, group).and_return(true)
+        end
+
+        it 'returns true' do
+          expect(helper.can_invite_members_for_group?(group)).to eq true
+          expect(helper).to have_received(:can?).with(user, :admin_group_member, group)
+        end
+
+        context 'when feature flag is disabled' do
+          before do
+            stub_feature_flags(invite_members_group_modal: false)
+          end
+
+          it 'returns false' do
+            stub_feature_flags(invite_members_group_modal: false)
+
+            expect(helper.can_invite_members_for_group?(group)).to eq false
+            expect(helper).not_to have_received(:can?)
+          end
+        end
+      end
+
+      context 'when the user can not invite members' do
+        before do
+          expect(helper).to receive(:can?).with(user, :admin_group_member, group).and_return(false)
+        end
+
+        it 'returns false' do
+          expect(helper.can_invite_members_for_group?(group)).to eq false
+        end
+      end
+    end
+
     describe "#invite_group_members?" do
       context 'when the user is an owner' do
         before do
@@ -123,7 +202,7 @@ RSpec.describe InviteMembersHelper do
 
       before do
         allow(helper).to receive(:experiment_tracking_category_and_group) { '_track_property_' }
-        allow(helper).to receive(:tracking_label).with(owner)
+        allow(helper).to receive(:tracking_label)
         allow(helper).to receive(:current_user) { owner }
       end
 
@@ -132,8 +211,7 @@ RSpec.describe InviteMembersHelper do
 
         helper.dropdown_invite_members_link(form_model)
 
-        expect(helper).to have_received(:experiment_tracking_category_and_group)
-                            .with(:invite_members_new_dropdown, subject: owner)
+        expect(helper).to have_received(:experiment_tracking_category_and_group).with(:invite_members_new_dropdown)
       end
 
       context 'with experiment enabled' do

spec/helpers/projects_helper_spec.rb

@@ -854,16 +854,36 @@ RSpec.describe ProjectsHelper do
   end
 
   describe '#can_import_members?' do
-    let(:owner) { project.owner }
+    context 'when user is project owner' do
+      before do
+        allow(helper).to receive(:current_user) { project.owner }
+      end
 
-    it 'returns false if user cannot admin_project_member' do
-      allow(helper).to receive(:current_user) { user }
-      expect(helper.can_import_members?).to eq false
+      it 'returns true for owner of project' do
+        expect(helper.can_import_members?).to eq true
+      end
     end
 
-    it 'returns true if user can admin_project_member' do
-      allow(helper).to receive(:current_user) { owner }
-      expect(helper.can_import_members?).to eq true
+    context 'when user is not a project owner' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:user_project_role, :can_import) do
+        :maintainer | true
+        :developer | false
+        :reporter | false
+        :guest | false
+      end
+
+      with_them do
+        before do
+          project.add_role(user, user_project_role)
+          allow(helper).to receive(:current_user) { user }
+        end
+
+        it 'resolves if the user can import members' do
+          expect(helper.can_import_members?).to eq can_import
+        end
+      end
     end
   end
 

spec/lib/atlassian/jira_connect/client_spec.rb

@@ -368,24 +368,6 @@ RSpec.describe Atlassian::JiraConnect::Client do
       subject.send(:store_build_info, project: project, pipelines: pipelines.take(1))
     end
 
-    it 'does not call the API if the feature flag is not enabled' do
-      stub_feature_flags(jira_sync_builds: false)
-
-      expect(subject).not_to receive(:post)
-
-      subject.send(:store_build_info, project: project, pipelines: pipelines)
-    end
-
-    it 'does call the API if the feature flag enabled for the project' do
-      stub_feature_flags(jira_sync_builds: project)
-
-      expect(subject).to receive(:post)
-        .with('/rest/builds/0.1/bulk', { builds: Array })
-        .and_call_original
-
-      subject.send(:store_build_info, project: project, pipelines: pipelines)
-    end
-
     context 'there are errors' do
       let(:failures) do
         [{ errors: [{ message: 'X' }, { message: 'Y' }] }, { errors: [{ message: 'Z' }] }]

spec/lib/gitlab/experimentation/controller_concern_spec.rb

@@ -10,6 +10,10 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
           use_backwards_compatible_subject_index: true
         },
         test_experiment: {
+          tracking_category: 'Team',
+          rollout_strategy: rollout_strategy
+        },
+        my_experiment: {
           tracking_category: 'Team'
         }
       }
@@ -20,6 +24,7 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
   end
 
   let(:enabled_percentage) { 10 }
+  let(:rollout_strategy) { nil }
 
   controller(ApplicationController) do
     include Gitlab::Experimentation::ControllerConcern
@@ -117,6 +122,7 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
       end
 
       context 'when subject is given' do
+        let(:rollout_strategy) { :user }
         let(:user) { build(:user) }
 
         it 'uses the subject' do
@@ -244,6 +250,7 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
 
         it "provides the subject's hashed global_id as label" do
           experiment_subject = double(:subject, to_global_id: 'abc')
+          allow(Gitlab::Experimentation).to receive(:valid_subject_for_rollout_strategy?).and_return(true)
 
           controller.track_experiment_event(:test_experiment, 'start', 1, subject: experiment_subject)
 
@@ -420,6 +427,26 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
 
           controller.record_experiment_user(:test_experiment, context)
         end
+
+        context 'with a cookie based rollout strategy' do
+          it 'calls tracking_group with a nil subject' do
+            expect(controller).to receive(:tracking_group).with(:test_experiment, nil, subject: nil).and_return(:experimental)
+            allow(::Experiment).to receive(:add_user).with(:test_experiment, :experimental, user, context)
+
+            controller.record_experiment_user(:test_experiment, context)
+          end
+        end
+
+        context 'with a user based rollout strategy' do
+          let(:rollout_strategy) { :user }
+
+          it 'calls tracking_group with a user subject' do
+            expect(controller).to receive(:tracking_group).with(:test_experiment, nil, subject: user).and_return(:experimental)
+            allow(::Experiment).to receive(:add_user).with(:test_experiment, :experimental, user, context)
+
+            controller.record_experiment_user(:test_experiment, context)
+          end
+        end
       end
 
       context 'the user is part of the control group' do

spec/lib/gitlab/experimentation/experiment_spec.rb

@@ -9,7 +9,8 @@ RSpec.describe Gitlab::Experimentation::Experiment do
   let(:params) do
     {
       tracking_category: 'Category1',
-      use_backwards_compatible_subject_index: true
+      use_backwards_compatible_subject_index: true,
+      rollout_strategy: nil
     }
   end
 

spec/lib/gitlab/experimentation_spec.rb

@@ -27,6 +27,8 @@ RSpec.describe Gitlab::Experimentation::EXPERIMENTS do
 end
 
 RSpec.describe Gitlab::Experimentation do
+  using RSpec::Parameterized::TableSyntax
+
   before do
     stub_const('Gitlab::Experimentation::EXPERIMENTS', {
       backwards_compatible_test_experiment: {
@@ -35,6 +37,10 @@ RSpec.describe Gitlab::Experimentation do
       },
       test_experiment: {
         tracking_category: 'Team'
+      },
+      tabular_experiment: {
+        tracking_category: 'Team',
+        rollout_strategy: rollout_strategy
       }
     })
 
@@ -46,6 +52,7 @@ RSpec.describe Gitlab::Experimentation do
   end
 
   let(:enabled_percentage) { 10 }
+  let(:rollout_strategy) { nil }
 
   describe '.get_experiment' do
     subject { described_class.get_experiment(:test_experiment) }
@@ -175,4 +182,59 @@ RSpec.describe Gitlab::Experimentation do
       end
     end
   end
+
+  describe '.log_invalid_rollout' do
+    subject { described_class.log_invalid_rollout(:test_experiment, 1) }
+
+    before do
+      allow(described_class).to receive(:valid_subject_for_rollout_strategy?).and_return(valid)
+    end
+
+    context 'subject is not valid for experiment' do
+      let(:valid) { false }
+
+      it 'logs a warning message' do
+        expect_next_instance_of(Gitlab::ExperimentationLogger) do |logger|
+          expect(logger)
+            .to receive(:warn)
+                  .with(
+                    message: 'Subject must conform to the rollout strategy',
+                    experiment_key: :test_experiment,
+                    subject: 'Integer',
+                    rollout_strategy: :cookie
+                  )
+        end
+
+        subject
+      end
+    end
+
+    context 'subject is valid for experiment' do
+      let(:valid) { true }
+
+      it 'does not log a warning message' do
+        expect(Gitlab::ExperimentationLogger).not_to receive(:build)
+
+        subject
+      end
+    end
+  end
+
+  describe '.valid_subject_for_rollout_strategy?' do
+    subject { described_class.valid_subject_for_rollout_strategy?(:tabular_experiment, experiment_subject) }
+
+    where(:rollout_strategy, :experiment_subject, :result) do
+      :cookie | nil       | true
+      nil     | nil       | true
+      :cookie | 'string'  | true
+      nil     | User.new  | false
+      :user   | User.new  | true
+      :group  | User.new  | false
+      :group  | Group.new | true
+    end
+
+    with_them do
+      it { is_expected.to be(result) }
+    end
+  end
 end

spec/models/ci/pipeline_spec.rb

@@ -1261,26 +1261,6 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do
 
             pipeline.send(event)
           end
-
-          context 'the feature is disabled' do
-            it 'does not trigger a worker' do
-              stub_feature_flags(jira_sync_builds: false)
-
-              expect(worker).not_to receive(:perform_async)
-
-              pipeline.send(event)
-            end
-          end
-
-          context 'the feature is enabled for this project' do
-            it 'does trigger a worker' do
-              stub_feature_flags(jira_sync_builds: pipeline.project)
-
-              expect(worker).to receive(:perform_async)
-
-              pipeline.send(event)
-            end
-          end
         end
       end
     end

spec/rubocop/cop/gitlab/namespaced_class_spec.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'fast_spec_helper'
+require 'rubocop'
+require 'rubocop/rspec/support'
+require_relative '../../../../rubocop/cop/gitlab/namespaced_class'
+
+RSpec.describe RuboCop::Cop::Gitlab::NamespacedClass do
+  subject(:cop) { described_class.new }
+
+  it 'flags a class definition without namespace' do
+    expect_offense(<<~SOURCE)
+      class MyClass
+      ^^^^^^^^^^^^^ #{described_class::MSG}
+      end
+    SOURCE
+  end
+
+  it 'flags a class definition with inheritance without namespace' do
+    expect_offense(<<~SOURCE)
+      class MyClass < ApplicationRecord
+      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ #{described_class::MSG}
+        def some_method
+          true
+        end
+      end
+    SOURCE
+  end
+
+  it 'does not flag the class definition with namespace in separate lines' do
+    expect_no_offenses(<<~SOURCE)
+      module MyModule
+        class MyClass < ApplicationRecord
+        end
+
+        class MyOtherClass
+          def other_method
+            1 + 1
+          end
+        end
+      end
+    SOURCE
+  end
+
+  it 'does not flag the class definition with nested namespace in separate lines' do
+    expect_no_offenses(<<~SOURCE)
+      module TopLevelModule
+        module NestedModule
+          class MyClass
+          end
+        end
+      end
+    SOURCE
+  end
+
+  it 'does not flag the class definition nested inside namespaced class' do
+    expect_no_offenses(<<~SOURCE)
+      module TopLevelModule
+        class TopLevelClass
+          class MyClass
+          end
+        end
+      end
+    SOURCE
+  end
+
+  it 'does not flag a compact namespaced class definition' do
+    expect_no_offenses(<<~SOURCE)
+      class MyModule::MyClass < ApplicationRecord
+      end
+    SOURCE
+  end
+end

spec/services/deployments/create_service_spec.rb

@@ -41,6 +41,27 @@ RSpec.describe Deployments::CreateService do
 
       expect(service.execute).to be_persisted
     end
+
+    context 'when the last deployment has the same parameters' do
+      let(:params) do
+        {
+          sha: 'b83d6e391c22777fca1ed3012fce84f633d7fed0',
+          ref: 'master',
+          tag: false,
+          status: 'success'
+        }
+      end
+
+      it 'does not create a new deployment' do
+        described_class.new(environment, user, params).execute
+
+        expect(Deployments::UpdateEnvironmentWorker).not_to receive(:perform_async)
+        expect(Deployments::LinkMergeRequestWorker).not_to receive(:perform_async)
+        expect(Deployments::ExecuteHooksWorker).not_to receive(:perform_async)
+
+        described_class.new(environment.reload, user, params).execute
+      end
+    end
   end
 
   describe '#deployment_attributes' do

spec/views/groups/show.html.haml_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'groups/show.html.haml' do
+  let_it_be(:user) { build(:user) }
+  let_it_be(:group) { create(:group) }
+
+  before do
+    assign(:group, group)
+  end
+
+  context 'when rendering with the layout' do
+    subject(:render_page) { render template: 'groups/show.html.haml', layout: 'layouts/group' }
+
+    describe 'invite team members' do
+      before do
+        allow(view).to receive(:session).and_return({})
+        allow(view).to receive(:current_user_mode).and_return(Gitlab::Auth::CurrentUserMode.new(user))
+        allow(view).to receive(:current_user).and_return(user)
+        allow(view).to receive(:experiment_enabled?).and_return(false)
+        allow(view).to receive(:group_path).and_return('')
+        allow(view).to receive(:group_shared_path).and_return('')
+        allow(view).to receive(:group_archived_path).and_return('')
+      end
+
+      context 'when invite team members is not available in sidebar' do
+        before do
+          allow(view).to receive(:can_invite_members_for_group?).and_return(false)
+        end
+
+        it 'does not display the js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).not_to have_selector('.js-invite-members-trigger')
+        end
+      end
+
+      context 'when invite team members is available' do
+        before do
+          allow(view).to receive(:can_invite_members_for_group?).and_return(true)
+        end
+
+        it 'includes the div for js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).to have_selector('.js-invite-members-trigger')
+        end
+      end
+    end
+  end
+end

spec/views/layouts/header/_new_dropdown.haml_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe 'layouts/header/_new_dropdown' do
       before do
         allow(Gitlab::Experimentation).to receive(:active?).and_return(true)
         allow(view).to receive(:experiment_tracking_category_and_group)
-        allow(view).to receive(:tracking_label).with(user)
+        allow(view).to receive(:tracking_label)
       end
 
       context 'with ability to invite members' do
@@ -20,8 +20,8 @@ RSpec.describe 'layouts/header/_new_dropdown' do
           subject
 
           expect(view).to have_received(:experiment_tracking_category_and_group)
-                            .with(:invite_members_new_dropdown, subject: user)
-          expect(view).to have_received(:tracking_label).with(user)
+                            .with(:invite_members_new_dropdown)
+          expect(view).to have_received(:tracking_label)
         end
       end
 

spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb

@@ -48,7 +48,7 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
   end
 
   describe 'Packages' do
-    let(:user) { create(:user) }
+    let_it_be(:user) { create(:user) }
 
     let_it_be(:package_menu_name) { 'Packages & Registries' }
     let_it_be(:package_entry_name) { 'Package Registry' }

spec/views/projects/empty.html.haml_spec.rb

@@ -79,4 +79,41 @@ RSpec.describe 'projects/empty' do
       it_behaves_like 'no invite member info'
     end
   end
+
+  context 'when rendering with the layout' do
+    subject(:render_page) { render template: 'projects/empty.html.haml', layout: 'layouts/project' }
+
+    describe 'invite team members' do
+      before do
+        allow(view).to receive(:session).and_return({})
+        allow(view).to receive(:current_user_mode).and_return(Gitlab::Auth::CurrentUserMode.new(user))
+        allow(view).to receive(:current_user).and_return(user)
+        allow(view).to receive(:experiment_enabled?).and_return(false)
+      end
+
+      context 'when invite team members is not available in sidebar' do
+        before do
+          allow(view).to receive(:can_invite_members_for_project?).and_return(false)
+        end
+
+        it 'does not display the js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).not_to have_selector('.js-invite-members-trigger')
+        end
+      end
+
+      context 'when invite team members is available' do
+        before do
+          allow(view).to receive(:can_invite_members_for_project?).and_return(true)
+        end
+
+        it 'includes the div for js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).to have_selector('.js-invite-members-trigger')
+        end
+      end
+    end
+  end
 end

spec/views/projects/show.html.haml_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'projects/show.html.haml' do
+  let_it_be(:user) { build(:user) }
+  let_it_be(:project) { ProjectPresenter.new(create(:project, :repository), current_user: user) }
+
+  before do
+    assign(:project, project)
+  end
+
+  context 'when rendering with the layout' do
+    subject(:render_page) { render template: 'projects/show.html.haml', layout: 'layouts/project' }
+
+    describe 'invite team members' do
+      before do
+        allow(view).to receive(:event_filter_link)
+        allow(view).to receive(:session).and_return({})
+        allow(view).to receive(:current_user_mode).and_return(Gitlab::Auth::CurrentUserMode.new(user))
+        allow(view).to receive(:current_user).and_return(user)
+        allow(view).to receive(:experiment_enabled?).and_return(false)
+        allow(view).to receive(:add_page_startup_graphql_call)
+      end
+
+      context 'when invite team members is not available in sidebar' do
+        before do
+          allow(view).to receive(:can_invite_members_for_project?).and_return(false)
+        end
+
+        it 'does not display the js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).not_to have_selector('.js-invite-members-trigger')
+        end
+      end
+
+      context 'when invite team members is available' do
+        before do
+          allow(view).to receive(:can_invite_members_for_project?).and_return(true)
+        end
+
+        it 'includes the div for js-invite-members-trigger' do
+          render_page
+
+          expect(rendered).to have_selector('.js-invite-members-trigger')
+        end
+      end
+    end
+  end
+end

spec/workers/jira_connect/sync_builds_worker_spec.rb

@@ -32,29 +32,5 @@ RSpec.describe ::JiraConnect::SyncBuildsWorker do
         subject
       end
     end
-
-    context 'when the feature flag is disabled' do
-      before do
-        stub_feature_flags(jira_sync_builds: false)
-      end
-
-      it 'does not call the sync service' do
-        expect_next(::JiraConnect::SyncService).not_to receive(:execute)
-
-        subject
-      end
-    end
-
-    context 'when the feature flag is enabled for this project' do
-      before do
-        stub_feature_flags(jira_sync_builds: pipeline.project)
-      end
-
-      it 'calls the sync service' do
-        expect_next(::JiraConnect::SyncService).to receive(:execute)
-
-        subject
-      end
-    end
   end
 end

yarn.lock

@@ -8424,7 +8424,7 @@ mkdirp@1.x, mkdirp@^1.0.4, mkdirp@~1.0.3:
 
 "mkdirp@>=0.5 0", mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@~0.5.1:
   version "0.5.1"
-  resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
   integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=
   dependencies:
     minimist "0.0.8"