Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/commit/image_file.js

@@ -1,7 +1,6 @@
 /* eslint-disable func-names, consistent-return, one-var, no-return-assign */
 
 import $ from 'jquery';
-import 'jquery.waitforimages';
 
 // Width where images must fits in, for 2-up this gets divided by 2
 const availWidth = 900;
@@ -16,11 +15,7 @@ export default class ImageFile {
 
         // Load two-up view after images are loaded
         // so that we can display the correct width and height information
-        const $images = $('.two-up.view img', this.file);
-
-        $images.waitForImages(() => {
-          this.initView('two-up');
-        });
+        this.initView('two-up');
       }),
     );
   }

app/assets/stylesheets/framework/blocks.scss

@@ -154,12 +154,6 @@
     }
   }
 
-  .cover-desc {
-    &.username:last-child {
-      padding-bottom: $gl-padding;
-    }
-  }
-
   .cover-controls {
     @include media-breakpoint-up(sm) {
       position: absolute;

app/assets/stylesheets/pages/profile.scss

@@ -70,14 +70,6 @@
   }
 }
 
-.profile-link-holder {
-  display: inline;
-
-  a:not(.text-link) {
-    text-decoration: none;
-  }
-}
-
 // Middle dot divider between each element in a list of items.
 .middle-dot-divider {
   @include middle-dot-divider;

app/controllers/concerns/integrations/params.rb

@@ -77,18 +77,15 @@ module Integrations
       :webhook
     ].freeze
 
-    # Parameters to ignore if no value is specified
-    FILTER_BLANK_PARAMS = [:password].freeze
-
     def integration_params
-      dynamic_params = @integration.event_channel_names + @integration.event_names # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      dynamic_params = integration.event_channel_names + integration.event_names
       allowed = allowed_integration_params + dynamic_params
       return_value = params.permit(:id, integration: allowed, service: allowed)
       return_value[:integration] ||= return_value.delete(:service)
       param_values = return_value[:integration]
 
       if param_values.is_a?(ActionController::Parameters)
-        FILTER_BLANK_PARAMS.each do |param|
+        integration.password_fields.each do |param|
           param_values.delete(param) if param_values[param].blank?
         end
       end

app/controllers/projects/services_controller.rb

@@ -26,15 +26,15 @@ class Projects::ServicesController < Projects::ApplicationController
     attributes = integration_params[:integration]
 
     if use_inherited_settings?(attributes)
-      @integration.inherit_from_id = default_integration.id
+      integration.inherit_from_id = default_integration.id
 
-      if saved = @integration.save(context: :manual_change)
-        BulkUpdateIntegrationService.new(default_integration, [@integration]).execute
+      if saved = integration.save(context: :manual_change)
+        BulkUpdateIntegrationService.new(default_integration, [integration]).execute
       end
     else
       attributes[:inherit_from_id] = nil
-      @integration.attributes = attributes
-      saved = @integration.save(context: :manual_change)
+      integration.attributes = attributes
+      saved = integration.save(context: :manual_change)
     end
 
     respond_to do |format|
@@ -65,15 +65,15 @@ class Projects::ServicesController < Projects::ApplicationController
   private
 
   def redirect_path
-    safe_redirect_path(params[:redirect_to]).presence || edit_project_service_path(@project, @integration)
+    safe_redirect_path(params[:redirect_to]).presence || edit_project_service_path(project, integration)
   end
 
   def service_test_response
-    unless @integration.update(integration_params[:integration])
-      return { error: true, message: _('Validations failed.'), service_response: @integration.errors.full_messages.join(','), test_failed: false }
+    unless integration.update(integration_params[:integration])
+      return { error: true, message: _('Validations failed.'), service_response: integration.errors.full_messages.join(','), test_failed: false }
     end
 
-    result = ::Integrations::Test::ProjectService.new(@integration, current_user, params[:event]).execute
+    result = ::Integrations::Test::ProjectService.new(integration, current_user, params[:event]).execute
 
     unless result[:success]
       return { error: true, message: s_('Integrations|Connection failed. Please check your settings.'), service_response: result[:message].to_s, test_failed: true }
@@ -93,7 +93,7 @@ class Projects::ServicesController < Projects::ApplicationController
   end
 
   def integration
-    @integration ||= @project.find_or_initialize_integration(params[:id])
+    @integration ||= project.find_or_initialize_integration(params[:id])
   end
   alias_method :service, :integration
 

app/helpers/profiles_helper.rb

@@ -38,6 +38,21 @@ module ProfilesHelper
     status&.availability == availability_values[:busy]
   end
 
+  def middle_dot_divider_classes(stacking, breakpoint)
+    ['gl-mb-3'].tap do |classes|
+      if stacking
+        classes.concat(%w(middle-dot-divider-sm gl-display-block gl-sm-display-inline-block))
+      else
+        classes << 'gl-display-inline-block'
+        classes << if breakpoint.nil?
+                     'middle-dot-divider'
+                   else
+                     "middle-dot-divider-#{breakpoint}"
+                   end
+      end
+    end
+  end
+
   # Overridden in EE::ProfilesHelper#ssh_key_expiration_tooltip
   def ssh_key_expiration_tooltip(key)
     return key.errors.full_messages.join(', ') if key.errors.full_messages.any?

app/models/dependency_proxy/image_ttl_group_policy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class DependencyProxy::ImageTtlGroupPolicy < ApplicationRecord
+  self.primary_key = :group_id
+
+  belongs_to :group
+
+  validates :group, presence: true
+  validates :enabled, inclusion: { in: [true, false] }
+  validates :ttl, numericality: { greater_than: 0 }, allow_nil: true
+end

app/models/group.rb

@@ -74,6 +74,7 @@ class Group < Namespace
   has_many :oauth_applications, class_name: 'Doorkeeper::Application', as: :owner, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
 
   has_one :dependency_proxy_setting, class_name: 'DependencyProxy::GroupSetting'
+  has_one :dependency_proxy_image_ttl_policy, class_name: 'DependencyProxy::ImageTtlGroupPolicy'
   has_many :dependency_proxy_blobs, class_name: 'DependencyProxy::Blob'
   has_many :dependency_proxy_manifests, class_name: 'DependencyProxy::Manifest'
 

app/models/integration.rb

@@ -357,6 +357,10 @@ class Integration < ApplicationRecord
     []
   end
 
+  def password_fields
+    fields.select { |f| f[:type] == 'password' }.pluck(:name)
+  end
+
   # Expose a list of fields in the JSON endpoint.
   #
   # This list is used in `Integration#as_json(only: json_fields)`.

app/views/users/_middle_dot_divider.html.haml

@@ -0,0 +1,5 @@
+- stacking = local_assigns.delete(:stacking)
+- breakpoint = local_assigns.delete(:breakpoint)
+
+%div{ class: middle_dot_divider_classes(stacking, breakpoint), **local_assigns }
+  = yield

app/views/users/_profile_basic_info.html.haml

@@ -1,6 +1,6 @@
-%p.mb-1.mb-sm-2.mt-2.mt-sm-3
-  %span.middle-dot-divider
+.gl-text-gray-900.gl-mt-4
+  = render 'middle_dot_divider' do
     @#{@user.username}
   - if can?(current_user, :read_user_profile, @user)
-    %span.middle-dot-divider
+    = render 'middle_dot_divider' do
       = s_('Member since %{date}') % { date: @user.created_at.to_date.to_s(:long) }

app/views/users/show.html.haml

@@ -71,54 +71,54 @@
               = emoji_icon(@user.status.emoji, class: 'gl-mr-2')
               = markdown_field(@user.status, :message)
           = render "users/profile_basic_info"
-          .cover-desc.cgray.mb-1.mb-sm-2
+          .gl-text-gray-900.mb-1.mb-sm-2
             - unless @user.location.blank?
-              .profile-link-holder.middle-dot-divider-sm.d-block.d-sm-inline.mb-1.mb-sm-0{ itemprop: 'address', itemscope: true, itemtype: 'https://schema.org/PostalAddress' }
+              = render 'middle_dot_divider', stacking: true, itemprop: 'address', itemscope: true, itemtype: 'https://schema.org/PostalAddress' do
                 = sprite_icon('location', css_class: 'fgray')
                 %span{ itemprop: 'addressLocality' }
                   = @user.location
-            .profile-link-holder.middle-dot-divider-sm.d-block.d-sm-inline.mb-1.mb-sm-0
+            = render 'middle_dot_divider', stacking: true do
               = sprite_icon('clock', css_class: 'fgray')
               %span
                 = local_time(@user.timezone)
             - unless work_information(@user).blank?
-              .profile-link-holder.middle-dot-divider-sm.d-block.d-sm-inline
+              = render 'middle_dot_divider', stacking: true do
                 = sprite_icon('work', css_class: 'fgray')
                 %span
                   = work_information(@user, with_schema_markup: true)
-          .cover-desc.cgray.mb-1.mb-sm-2
+          .gl-text-gray-900
             - unless @user.skype.blank?
-              .profile-link-holder.middle-dot-divider
-                = link_to "skype:#{@user.skype}", title: "Skype" do
+              = render 'middle_dot_divider' do
+                = link_to "skype:#{@user.skype}", class: 'gl-hover-text-decoration-none', title: "Skype" do
                   = sprite_icon('skype')
             - unless @user.linkedin.blank?
-              .profile-link-holder.middle-dot-divider
-                = link_to linkedin_url(@user), title: "LinkedIn", target: '_blank', rel: 'noopener noreferrer nofollow' do
+              = render 'middle_dot_divider' do
+                = link_to linkedin_url(@user), class: 'gl-hover-text-decoration-none', title: "LinkedIn", target: '_blank', rel: 'noopener noreferrer nofollow' do
                   = sprite_icon('linkedin')
             - unless @user.twitter.blank?
-              .profile-link-holder.middle-dot-divider-sm
-                = link_to twitter_url(@user), title: "Twitter", target: '_blank', rel: 'noopener noreferrer nofollow' do
+              = render 'middle_dot_divider', breakpoint: 'sm' do
+                = link_to twitter_url(@user), class: 'gl-hover-text-decoration-none', title: "Twitter", target: '_blank', rel: 'noopener noreferrer nofollow' do
                   = sprite_icon('twitter')
             - unless @user.website_url.blank?
-              .profile-link-holder.middle-dot-divider-sm.d-block.d-sm-inline.mt-1.mt-sm-0
+              = render 'middle_dot_divider', stacking: true do
                 - if Feature.enabled?(:security_auto_fix) && @user.bot?
                   = sprite_icon('question', css_class: 'gl-text-blue-600')
-                = link_to @user.short_website_url, @user.full_website_url, class: 'text-link', target: '_blank', rel: 'me noopener noreferrer nofollow', itemprop: 'url'
+                = link_to @user.short_website_url, @user.full_website_url, target: '_blank', rel: 'me noopener noreferrer nofollow', itemprop: 'url'
             - unless @user.public_email.blank?
-              .profile-link-holder.middle-dot-divider-sm.d-block.d-sm-inline.mt-1.mt-sm-0
-                = link_to @user.public_email, "mailto:#{@user.public_email}", class: 'text-link', itemprop: 'email'
-          .cover-desc.gl-text-gray-900.gl-mb-2.mb-sm-2
+              = render 'middle_dot_divider', stacking: true do
+                = link_to @user.public_email, "mailto:#{@user.public_email}", itemprop: 'email'
+          .gl-text-gray-900
             = sprite_icon('users', css_class: 'gl-vertical-align-middle gl-text-gray-500')
-            .profile-link-holder.middle-dot-divider
-              = link_to user_followers_path, class: 'text-link' do
+            = render 'middle_dot_divider' do
+              = link_to user_followers_path do
                 - count = @user.followers.count
                 = n_('1 follower', '%{count} followers', count) % { count: count }
-            .profile-link-holder.middle-dot-divider
-              = link_to user_following_path, class: 'text-link', data: { qa_selector: 'following_link' } do
+            = render 'middle_dot_divider' do
+              = link_to user_following_path, data: { qa_selector: 'following_link' } do
                 = @user.followees.count
                 = _('following')
         - if @user.bio.present?
-          .cover-desc.cgray
+          .gl-text-gray-900
             .profile-user-bio
               = markdown(@user.bio_html)
 

db/migrate/20210823213417_create_dependency_proxy_image_ttl_group_policies.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class CreateDependencyProxyImageTtlGroupPolicies < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+
+  def up
+    with_lock_retries do
+      create_table :dependency_proxy_image_ttl_group_policies, id: false do |t|
+        t.timestamps_with_timezone null: false
+        t.references :group, primary_key: true, default: nil, index: false, foreign_key: { to_table: :namespaces, on_delete: :cascade }
+        t.integer :ttl, default: 90
+        t.boolean :enabled, null: false, default: false
+      end
+    end
+  end
+
+  def down
+    with_lock_retries do
+      drop_table :dependency_proxy_image_ttl_group_policies
+    end
+  end
+end

db/schema_migrations/20210823213417

@@ -0,0 +1 @@
+62496310640493bf9b7f0e1cbe91b170542da3250a1cf482f5e0237d0e8847b1

db/structure.sql

@@ -12395,6 +12395,14 @@ CREATE SEQUENCE dependency_proxy_group_settings_id_seq
 
 ALTER SEQUENCE dependency_proxy_group_settings_id_seq OWNED BY dependency_proxy_group_settings.id;
 
+CREATE TABLE dependency_proxy_image_ttl_group_policies (
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    group_id bigint NOT NULL,
+    ttl integer DEFAULT 90,
+    enabled boolean DEFAULT false NOT NULL
+);
+
 CREATE TABLE dependency_proxy_manifests (
     id bigint NOT NULL,
     created_at timestamp with time zone NOT NULL,
@@ -21722,6 +21730,9 @@ ALTER TABLE ONLY dependency_proxy_blobs
 ALTER TABLE ONLY dependency_proxy_group_settings
     ADD CONSTRAINT dependency_proxy_group_settings_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY dependency_proxy_image_ttl_group_policies
+    ADD CONSTRAINT dependency_proxy_image_ttl_group_policies_pkey PRIMARY KEY (group_id);
+
 ALTER TABLE ONLY dependency_proxy_manifests
     ADD CONSTRAINT dependency_proxy_manifests_pkey PRIMARY KEY (id);
 
@@ -27358,6 +27369,9 @@ ALTER TABLE ONLY reviews
 ALTER TABLE ONLY draft_notes
     ADD CONSTRAINT fk_rails_2a8dac9901 FOREIGN KEY (author_id) REFERENCES users(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY dependency_proxy_image_ttl_group_policies
+    ADD CONSTRAINT fk_rails_2b1896d021 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY group_group_links
     ADD CONSTRAINT fk_rails_2b2353ca49 FOREIGN KEY (shared_with_group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
 

doc/administration/audit_events.md

@@ -143,7 +143,7 @@ Instance events do not include group or project audit events.
 
 To view the server-wide audit events:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Audit Events**.
 
 The following user actions are recorded:
@@ -249,7 +249,7 @@ audit events.
 
 To export the Audit Events to CSV:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Audit Events**.
 1. Select the available search [filters](#search).
 1. Select **Export as CSV**.

doc/administration/auditor_users.md

@@ -57,7 +57,7 @@ helpful:
 
 To create an Auditor user:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Users**.
 1. Create a new user or edit an existing one, and in the **Access** section
    select Auditor.

doc/administration/auth/ldap/index.md

@@ -705,7 +705,7 @@ When enabled, the following applies:
 To enable it you need to:
 
 1. [Enable LDAP](#configuration)
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > General**.
 1. Expand the **Visibility and access controls** section.
 1. Ensure the **Lock memberships to LDAP synchronization** checkbox is selected.

doc/administration/auth/ldap/ldap-troubleshooting.md

@@ -145,7 +145,7 @@ may see the following message: `Access denied for your LDAP account`.
 
 We have a workaround, based on toggling the access level of affected users:
 
-1. As an administrator, on the top bar, select **Menu >** **{admin}** **Admin**.
+1. As an administrator, on the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Users**.
 1. Select the name of the affected user.
 1. In the user's administrative page, press **Edit** on the top right of the page.
@@ -203,7 +203,7 @@ field contains no data:
 
 To resolve this:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, go to **Settings > General**.
 1. Expand both of the following:
    - **Account and limit**.
@@ -348,7 +348,7 @@ things to check to debug the situation.
   group](index.md#adding-group-links).
 - Check that the user has an LDAP identity:
   1. Sign in to GitLab as an administrator user.
-  1. On the top bar, select **Menu >** **{admin}** **Admin**.
+  1. On the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Overview > Users**.
   1. Search for the user.
   1. Open the user by clicking their name. Do not click **Edit**.

doc/administration/geo/disaster_recovery/background_verification.md

@@ -60,7 +60,7 @@ Feature.enable('geo_repository_verification')
 
 On the **primary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Expand **Verification information** tab for that node to view automatic checksumming
    status for repositories and wikis. Successes are shown in green, pending work
@@ -70,7 +70,7 @@ On the **primary** node:
 
 On the **secondary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Expand **Verification information** tab for that node to view automatic checksumming
    status for repositories and wikis. Successes are shown in green, pending work
@@ -100,7 +100,7 @@ increase load and vice versa.
 
 On the **primary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Select **Edit** for the **primary** node to customize the minimum
    re-verification interval:
@@ -151,7 +151,7 @@ sudo gitlab-rake geo:verification:wiki:reset
 If the **primary** and **secondary** nodes have a checksum verification mismatch, the cause may not be apparent. To find the cause of a checksum mismatch:
 
 1. On the **primary** node:
-   1. On the top bar, select **Menu >** **{admin}** **Admin**.
+   1. On the top bar, select **Menu > Admin**.
    1. On the left sidebar, select **Overview > Projects**.
    1. Find the project that you want to check the checksum differences and
       select its name.

doc/administration/geo/disaster_recovery/planned_failover.md

@@ -111,7 +111,7 @@ ensure these processes are close to 100% as possible during active use.
 
 On the **secondary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
    Replicated objects (shown in green) should be close to 100%,
    and there should be no failures (shown in red). If a large proportion of
@@ -139,7 +139,7 @@ This [content was moved to another location](background_verification.md).
 
 On the **primary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Messages**.
 1. Add a message notifying users on the maintenance window.
    You can check under **Geo > Nodes** to estimate how long it
@@ -152,7 +152,7 @@ To ensure that all data is replicated to a secondary site, updates (write reques
 be disabled on the **primary** site:
 
 1. Enable [maintenance mode](../../maintenance_mode/index.md) on the **primary** node.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Background Jobs**.
 1. On the Sidekiq dashboard, select **Cron**.
 1. Select `Disable All` to disable non-Geo periodic background jobs.
@@ -165,7 +165,7 @@ be disabled on the **primary** site:
 1. If you are manually replicating any data not managed by Geo, trigger the
    final replication process now.
 1. On the **primary** node:
-   1. On the top bar, select **Menu >** **{admin}** **Admin**.
+   1. On the top bar, select **Menu > Admin**.
    1. On the left sidebar, select **Monitoring > Background Jobs**.
    1. On the Sidekiq dashboard, select **Queues**, and wait for all queues except
       those with `geo` in the name to drop to 0.
@@ -180,7 +180,7 @@ be disabled on the **primary** site:
       - The Geo log cursor is up to date (0 events behind).
 
 1. On the **secondary** node:
-   1. On the top bar, select **Menu >** **{admin}** **Admin**.
+   1. On the top bar, select **Menu > Admin**.
    1. On the left sidebar, select **Monitoring > Background Jobs**.
    1. On the Sidekiq dashboard, select **Queues**, and wait for all the `geo`
       queues to drop to 0 queued and 0 running jobs.

doc/administration/geo/disaster_recovery/runbooks/planned_failover_multi_node.md

@@ -65,7 +65,7 @@ promote a Geo replica and perform a failover.
 
 On the **secondary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes** to see its status.
    Replicated objects (shown in green) should be close to 100%,
    and there should be no failures (shown in red). If a large proportion of
@@ -130,7 +130,7 @@ follow these steps to avoid unnecessary data loss:
       connection.
 
    1. On the **primary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dhasboard, select **Cron**.
       1. Select `Disable All` to disable any non-Geo periodic background jobs.
@@ -148,7 +148,7 @@ follow these steps to avoid unnecessary data loss:
       [data not managed by Geo](../../replication/datatypes.md#limitations-on-replicationverification),
       trigger the final replication process now.
    1. On the **primary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dashboard, select **Queues**, and wait for all queues except
          those with `geo` in the name to drop to 0.
@@ -163,7 +163,7 @@ follow these steps to avoid unnecessary data loss:
          - The Geo log cursor is up to date (0 events behind).
 
    1. On the **secondary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dashboard, select **Queues**, and wait for all the `geo`
          queues to drop to 0 queued and 0 running jobs.

doc/administration/geo/disaster_recovery/runbooks/planned_failover_single_node.md

@@ -115,7 +115,7 @@ follow these steps to avoid unnecessary data loss:
       connection.
 
    1. On the **primary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dhasboard, select **Cron**.
       1. Select `Disable All` to disable any non-Geo periodic background jobs.
@@ -133,7 +133,7 @@ follow these steps to avoid unnecessary data loss:
       [data not managed by Geo](../../replication/datatypes.md#limitations-on-replicationverification),
       trigger the final replication process now.
    1. On the **primary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dashboard, select **Queues**, and wait for all queues except
          those with `geo` in the name to drop to 0.
@@ -148,7 +148,7 @@ follow these steps to avoid unnecessary data loss:
          - The Geo log cursor is up to date (0 events behind).
 
    1. On the **secondary** node:
-      1. On the top bar, select **Menu >** **{admin}** **Admin**.
+      1. On the top bar, select **Menu > Admin**.
       1. On the left sidebar, select **Monitoring > Background Jobs**.
       1. On the Sidekiq dashboard, select **Queues**, and wait for all the `geo`
          queues to drop to 0 queued and 0 running jobs.

doc/administration/geo/replication/configuration.md

@@ -199,7 +199,7 @@ keys must be manually replicated to the **secondary** site.
    gitlab-ctl reconfigure
    ```
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Sites**.
 1. Select **New site**.
    ![Add secondary site](img/adding_a_secondary_v13_3.png)
@@ -257,7 +257,7 @@ method to be enabled. This is enabled by default, but if converting an existing
 
 On the **primary** site:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > General**.
 1. Expand **Visibility and access controls**.
 1. Ensure "Enabled Git access protocols" is set to either "Both SSH and HTTP(S)" or "Only HTTP(S)".
@@ -267,7 +267,7 @@ On the **primary** site:
 You can sign in to the **secondary** site with the same credentials you used with
 the **primary** site. After you sign in:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Sites**.
 1. Verify that it's correctly identified as a **secondary** Geo site, and that
    Geo is enabled.

doc/administration/geo/replication/disable_geo.md

@@ -36,7 +36,7 @@ to do that.
 To remove the **primary** site:
 
 1. [Remove all secondary Geo sites](remove_geo_site.md)
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Select **Remove** for the **primary** node.
 1. Confirm by selecting **Remove** when the prompt appears.

doc/administration/geo/replication/docker_registry.md

@@ -130,7 +130,7 @@ For each application and Sidekiq node on the **secondary** site:
 
 To verify Container Registry replication is working, on the **secondary** site:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
    The initial replication, or "backfill", is probably still in progress.
 

doc/administration/geo/replication/object_storage.md

@@ -42,7 +42,7 @@ whether they are stored on the local file system or in object storage.
 
 To enable GitLab replication:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Select **Edit** on the **secondary** site.
 1. In the **Synchronization Settings** section, find the **Allow this secondary node to replicate content on Object Storage**

doc/administration/geo/replication/remove_geo_site.md

@@ -9,7 +9,7 @@ type: howto
 
 **Secondary** sites can be removed from the Geo cluster using the Geo administration page of the **primary** site. To remove a **secondary** site:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Select the **Remove** button for the **secondary** site you want to remove.
 1. Confirm by selecting **Remove** when the prompt appears.

doc/administration/geo/replication/troubleshooting.md

@@ -27,7 +27,7 @@ Before attempting more advanced troubleshooting:
 
 On the **primary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 
 We perform the following health checks on each **secondary** node
@@ -610,7 +610,7 @@ to start again from scratch, there are a few steps that can help you:
 
 ### Design repository failures on mirrored projects and project imports
 
-On the top bar, under **Menu >** **{admin}** **Admin > Geo > Nodes**,
+On the top bar, under **Menu > Admin > Geo > Nodes**,
 if the Design repositories progress bar shows
 `Synced` and `Failed` greater than 100%, and negative `Queued`, then the instance
 is likely affected by
@@ -836,7 +836,7 @@ node's URL matches its external URL.
 
 On the **primary** node:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Find the affected **secondary** site and select **Edit**.
 1. Ensure the **URL** field matches the value found in `/etc/gitlab/gitlab.rb`

doc/administration/geo/replication/tuning.md

@@ -14,7 +14,7 @@ in the background.
 
 On the **primary** site:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Geo > Nodes**.
 1. Select **Edit** of the secondary node you want to tune.
 1. Under **Tuning settings**, there are several variables that can be tuned to

doc/administration/gitaly/praefect.md

@@ -995,7 +995,7 @@ Particular attention should be shown to:
 
 1. Check that the Praefect storage is configured to store new repositories:
 
-   1. On the top bar, select **Menu >** **{admin}** **Admin**.
+   1. On the top bar, select **Menu > Admin**.
    1. On the left sidebar, select **Settings > Repository**.
    1. Expand the **Repository storage** section.
 

doc/administration/gitaly/troubleshooting.md

@@ -23,7 +23,7 @@ See also [Gitaly timeout](../../user/admin_area/settings/gitaly_timeouts.md) set
 When using standalone Gitaly servers, you must make sure they are the same version
 as GitLab to ensure full compatibility:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin** on your GitLab instance.
+1. On the top bar, select **Menu > Admin** on your GitLab instance.
 1. On the left sidebar, select **Overview > Gitaly Servers**.
 1. Confirm all Gitaly servers indicate that they are up to date.
 

doc/administration/housekeeping.md

@@ -27,7 +27,7 @@ GitLab automatically runs `git gc` and `git repack` on repositories after Git pu
 
 You can change how often this happens or turn it off:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Repository**.
 1. Expand **Repository maintenance**.
 1. In the **Housekeeping** section, configure the [housekeeping options](#housekeeping-options).

doc/administration/integration/kroki.md

@@ -56,7 +56,7 @@ read the [Kroki installation](https://docs.kroki.io/kroki/setup/install/#_images
 You need to enable Kroki integration from Settings under Admin Area.
 To do that, log in with an administrator account and follow these steps:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. Go to **Settings > General**.
 1. Expand the **Kroki** section.
 1. Select **Enable Kroki** checkbox.

doc/administration/integration/plantuml.md

@@ -206,7 +206,7 @@ stop;
 After configuring your local PlantUML server, you're ready to enable the PlantUML integration:
 
 1. Sign in to GitLab as an [Administrator](../../user/permissions.md) user.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. In the left sidebar, go to **Settings > General** and expand the **PlantUML** section.
 1. Select the **Enable PlantUML** checkbox.
 1. Set the PlantUML instance as `https://gitlab.example.com/-/plantuml/`,

doc/administration/integration/terminal.md

@@ -100,7 +100,7 @@ they receive a `Connection failed` message.
 By default, terminal sessions do not expire. To limit the terminal session
 lifetime in your GitLab instance:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. Select
    [**Settings > Web terminal**](../../user/admin_area/settings/index.md#general).
 1. Set a `max session time`.

doc/administration/maintenance_mode/index.md

@@ -21,7 +21,7 @@ Maintenance Mode allows most external actions that do not change internal state.
 There are three ways to enable Maintenance Mode as an administrator:
 
 - **Web UI**:
-  1. On the top bar, select **Menu >** **{admin}** **Admin**.
+  1. On the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Settings > General**.
   1. Expand **Maintenance Mode**, and toggle **Enable Maintenance Mode**.
      You can optionally add a message for the banner as well.
@@ -45,7 +45,7 @@ There are three ways to enable Maintenance Mode as an administrator:
 There are three ways to disable Maintenance Mode:
 
 - **Web UI**:
-  1. On the top bar, select **Menu >** **{admin}** **Admin**.
+  1. On the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Settings > General**.
   1. Expand **Maintenance Mode**, and toggle **Enable Maintenance Mode**.
      You can optionally add a message for the banner as well.
@@ -171,7 +171,7 @@ it is recommended that you disable all cron jobs except for those related to Geo
 
 To monitor queues and disable jobs:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Background Jobs**.
 
 ### Incident management

doc/administration/monitoring/gitlab_self_monitoring_project/index.md

@@ -34,7 +34,7 @@ This project can be used to:
 
 ## Create the self monitoring project
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling** and expand **Self monitoring**.
 1. Toggle **Self monitoring** on.
 1. After your GitLab instance creates the project, GitLab displays a link to the
@@ -47,7 +47,7 @@ WARNING:
 Deleting the self monitoring project removes any changes made to the project. If
 you create the project again, it's created in its default state.
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, go to **Settings > Metrics and profiling** and expand **Self monitoring**.
 1. Toggle **Self monitoring** off.
 1. In the confirmation dialog that opens, click **Delete self monitoring project**.

doc/administration/monitoring/performance/gitlab_configuration.md

@@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 GitLab Performance Monitoring is disabled by default. To enable it and change any of its
 settings:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**
   (`/admin/application_settings/metrics_and_profiling`).
 1. Add the necessary configuration changes.

doc/administration/monitoring/performance/grafana_configuration.md

@@ -62,7 +62,7 @@ repository.
 After setting up Grafana, you can enable a link to access it easily from the
 GitLab sidebar:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**
    and expand **Metrics - Grafana**.
 1. Select the **Add a link to Grafana** checkbox.
@@ -79,7 +79,7 @@ GitLab displays your link in the **Menu > Admin > Monitoring > Metrics Dashboard
 > [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5822) in GitLab 13.10.
 
 When setting up Grafana through the process above, no scope shows in the screen at
-**Menu >** **{admin}** **Admin > Applications > GitLab Grafana**. However, the `read_user` scope is
+**Menu > Admin > Applications > GitLab Grafana**. However, the `read_user` scope is
 required and is provided to the application automatically. Setting any scope other than
 `read_user` without also including `read_user` leads to this error when you try to log in using
 GitLab as the OAuth provider:

doc/administration/monitoring/performance/performance_bar.md

@@ -104,7 +104,7 @@ The performance bar is disabled by default for non-administrators. To enable it
 for a given group:
 
 1. Sign in as a user with Administrator [role](../../../user/permissions.md).
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**
    (`admin/application_settings/metrics_and_profiling`), and expand
    **Profiling - Performance bar**.

doc/administration/monitoring/prometheus/gitlab_metrics.md

@@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 To enable the GitLab Prometheus metrics:
 
 1. Log in to GitLab as a user with Administrator [role](../../../user/permissions.md).
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**.
 1. Find the **Metrics - Prometheus** section, and select **Add link to Prometheus**.
 1. [Restart GitLab](../../restart_gitlab.md#omnibus-gitlab-restart) for the changes to take effect.

doc/administration/operations/extra_sidekiq_processes.md

@@ -90,7 +90,7 @@ To start multiple processes:
 
 To view the Sidekiq processes in GitLab:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Background Jobs**.
 
 ## Negate settings

doc/administration/operations/fast_ssh_key_lookup.md

@@ -106,7 +106,7 @@ users as long as a large file exists.
 
 To disable any more writes to the `authorized_keys` file:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Network**.
 1. Expand **Performance optimization**.
 1. Clear the **Write to "authorized_keys" file** checkbox.

doc/administration/pages/index.md

@@ -393,7 +393,7 @@ adding a GitLab-controlled verification code to the DNS records for that domain.
 If your user base is private or otherwise trusted, you can disable the
 verification requirement:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
 1. Clear the **Require users to prove ownership of custom domains** checkbox.
@@ -410,7 +410,7 @@ sites served under a custom domain.
 To enable it:
 
 1. Choose an email address on which you want to receive notifications about expiring domains.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
 1. Enter the email address for receiving notifications and accept Let's Encrypt's Terms of Service.
@@ -465,7 +465,7 @@ pre-existing applications must modify the GitLab Pages OAuth application. Follow
 this:
 
 1. Enable [access control](#access-control).
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Applications**.
 1. Expand **GitLab Pages**.
 1. Clear the `api` scope's checkbox and select the desired scope's checkbox (for example,
@@ -484,7 +484,7 @@ This can be useful to preserve information published with Pages websites to the
 of your instance only.
 To do that:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
 1. Select the **Disable public access to Pages sites** checkbox.
@@ -665,7 +665,7 @@ Follow the steps below to configure the proxy listener of GitLab Pages.
 
 To set the global maximum pages size for a project:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
 1. Edit the **Maximum size of pages**.
@@ -1309,7 +1309,7 @@ Upgrading to an [officially supported operating system](https://about.gitlab.com
 
 This problem comes from the permissions of the GitLab Pages OAuth application. To fix it:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Applications > GitLab Pages**.
 1. Edit the application.
 1. Under **Scopes**, ensure that the `api` scope is selected.

doc/administration/pages/source.md

@@ -473,7 +473,7 @@ The default for the maximum size of unpacked archives per project is 100 MB.
 
 To change this value:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Pages**.
 1. Update the value for **Maximum size of pages (MB)**.

doc/administration/polling.md

@@ -26,7 +26,7 @@ The default value (`1`) is recommended for the majority of GitLab installations.
 
 To adjust the polling interval multiplier:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**.
 1. Expand **Polling interval multiplier**.
 1. Set a value for the polling interval multiplier. This multiplier is applied to all resources at

doc/administration/raketasks/project_import_export.md

@@ -52,7 +52,7 @@ Note the following:
   compatible as described in the [Version history](../../user/project/settings/import_export.md#version-history).
 - The project import option must be enabled:
 
-  1. On the top bar, select **Menu >** **{admin}** **Admin**.
+  1. On the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Settings > General**.
   1. Expand **Visibility and access controls**.
   1. Under **Import sources**, check the "Project export enabled" option.

doc/administration/raketasks/storage.md

@@ -109,7 +109,7 @@ sudo gitlab-rake gitlab:storage:migrate_to_hashed ID_FROM=50 ID_TO=100
 
 To monitor the progress in GitLab:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Monitoring > Background Jobs**.
 1. Watch how long the `hashed_storage:hashed_storage_project_migrate` queue
    will take to finish. After it reaches zero, you can confirm every project

doc/administration/repository_checks.md

@@ -11,7 +11,7 @@ You can use [`git fsck`](https://git-scm.com/docs/git-fsck) to verify the integr
 committed to a repository. GitLab administrators can trigger this check for a project using the
 GitLab UI:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Projects**.
 1. Select the project to check.
 1. In the **Repository check** section, select **Trigger repository check**.
@@ -25,7 +25,7 @@ This setting is off by default, because it can cause many false alarms.
 
 Instead of checking repositories manually, GitLab can be configured to run the checks periodically:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Repository** (`/admin/application_settings/repository`).
 1. Expand the **Repository maintenance** section.
 1. Enable **Enable repository checks**.
@@ -50,7 +50,7 @@ disk at:
 
 If periodic repository checks cause false alarms, you can clear all repository check states:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Repository** (`/admin/application_settings/repository`).
 1. Expand the **Repository maintenance** section.
 1. Select **Clear all repository checks**.

doc/administration/repository_storage_paths.md

@@ -146,7 +146,7 @@ Omnibus stores the repositories in a `repositories` subdirectory of the `git-dat
 After you [configure](#configure-repository-storage-paths) multiple repository storage paths, you
 can choose where new repositories are stored:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Repository** and expand the **Repository storage**
    section.
 1. Enter values in the **Storage nodes for new repositories** fields.

doc/administration/repository_storage_types.md

@@ -80,7 +80,7 @@ Administrators can look up a project's hashed path from its name or ID using:
 
 To look up a project's hash path in the Admin Area:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Projects** and select the project.
 
 The **Gitaly relative path** is displayed there and looks similar to:

doc/administration/static_objects_external_storage.md

@@ -16,7 +16,7 @@ storage such as a content delivery network (CDN).
 
 To configure external storage for static objects:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. In the left sidebar, select **Settings > Repository**.
 1. Expand the **External storage for repository static objects** section.
 1. Enter the base URL and an arbitrary token. When you [set up external storage](#set-up-external-storage),

doc/administration/troubleshooting/elasticsearch.md

@@ -196,7 +196,7 @@ Troubleshooting search result issues is rather straight forward on Elasticsearch
 The first step is to confirm GitLab is using Elasticsearch for the search function.
 To do this:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > General**, and then confirm the
    integration is enabled.
 1. Confirm searches use Elasticsearch by accessing the rails console

doc/administration/whats-new.md

@@ -29,7 +29,7 @@ in the first patch release, such as `13.10.1`.
 
 You can configure the What's new variant:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Preferences**, then expand **What's new**.
 1. Choose one of the following options:
 

doc/api/system_hooks.md

@@ -10,7 +10,7 @@ All methods require administrator authorization.
 
 You can configure the URL endpoint of the system hooks from the GitLab user interface:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. Select **System Hooks** (`/admin/hooks`).
 
 Read more about [system hooks](../system_hooks/system_hooks.md).

doc/ci/runners/configure_runners.md

@@ -142,7 +142,7 @@ different places.
 To view the IP address of a shared runner you must have admin access to
 the GitLab instance. To determine this:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Runners**.
 1. Find the runner in the table and view the **IP Address** column.
 

doc/ci/variables/index.md

@@ -228,7 +228,7 @@ You can define instance variables via the UI or [API](../../api/instance_level_c
 
 To add an instance variable:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > CI/CD** and expand the **Variables** section.
 1. Select the **Add variable** button, and fill in the details:
 

doc/development/integrations/jenkins.md

@@ -24,7 +24,7 @@ brew services start jenkins
 GitLab does not allow requests to localhost or the local network by default. When running Jenkins on your local machine, you need to enable local access.
 
 1. Log into your GitLab instance as an administrator.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. In the left sidebar, select **Settings > Network**.
 1. Expand **Outbound requests** and check the following checkboxes:
 

doc/development/service_ping/index.md

@@ -85,7 +85,7 @@ Registration is not yet required for participation, but will be added in a futur
 You can view the exact JSON payload sent to GitLab Inc. in the Admin Area. To view the payload:
 
 1. Sign in as a user with the [Administrator](../../user/permissions.md) role.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**.
 1. Expand the **Usage statistics** section.
 1. Select **Preview payload**.
@@ -107,7 +107,7 @@ configuration file.
 To disable Service Ping in the GitLab UI:
 
 1. Sign in as a user with the [Administrator](../../user/permissions.md) role.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Metrics and profiling**.
 1. Expand the **Usage statistics** section.
 1. Clear the **Enable service ping** checkbox.
@@ -494,7 +494,7 @@ checking the configuration file of your GitLab instance:
 
 - Using the Admin Area:
 
-  1. On the top bar, select **Menu >** **{admin}** **Admin**.
+  1. On the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Settings > Metrics and profiling**.
   1. Expand **Usage Statistics**.
   1. Are you able to check or uncheck the checkbox to disable Service Ping?
@@ -551,7 +551,7 @@ To work around this bug, you have two options:
      sudo gitlab-ctl reconfigure
      ```
 
-  1. In GitLab, on the top bar, select **Menu >** **{admin}** **Admin**.
+  1. In GitLab, on the top bar, select **Menu > Admin**.
   1. On the left sidebar, select **Settings > Metrics and profiling**.
   1. Expand **Usage Statistics**.
   1. Clear the **Enable service ping** checkbox.

doc/development/snowplow/index.md

@@ -53,7 +53,7 @@ Snowplow tracking is enabled on GitLab.com, and we use it for most of our tracki
 
 To enable Snowplow tracking on a self-managed instance:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**, then select **Settings > General**.
+1. On the top bar, select **Menu > Admin**, then select **Settings > General**.
    Alternatively, go to `admin/application_settings/general` in your browser.
 
 1. Expand **Snowplow**.

doc/install/azure/index.md

@@ -248,7 +248,7 @@ in this section whenever you need to update GitLab.
 
 To determine the version of GitLab you're currently running:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Overview > Dashboard**.
 1. Find the version under the **Components** table.
 

doc/integration/akismet.md

@@ -30,7 +30,7 @@ To use Akismet:
 1. Sign in or create a new account.
 1. Click **Show** to reveal the API key, and copy the API key's value.
 1. Sign in to GitLab as an administrator.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. In the left sidebar, select **Settings > Reporting** (`/admin/application_settings/reporting`).
 1. Select the **Enable Akismet** checkbox.
 1. Fill in the API key from step 3.

doc/integration/datadog.md

@@ -27,7 +27,7 @@ project, group, or instance level:
 1. *For project-level or group-level integrations:* In GitLab, go to your project or group.
 1. *For instance-level integrations:*
    1. Sign in to GitLab as a user with the [Administrator role](../user/permissions.md).
-   1. On the top bar, select **Menu >** **{admin}** **Admin**.
+   1. On the top bar, select **Menu > Admin**.
 1. In the left sidebar, select **Settings > Integrations**.
 1. Scroll to **Add an integration**, and select **Datadog**.
 1. Select **Active** to enable the integration.

doc/integration/elasticsearch.md

@@ -191,7 +191,7 @@ instances](#indexing-large-instances) below.
 
 To enable Advanced Search, you need to have admin access to GitLab:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 
    NOTE:
@@ -286,7 +286,7 @@ You can improve the language support for Chinese and Japanese languages by utili
 To enable language(s) support:
 
 1. Install the desired plugin(s), please refer to [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/plugins/7.9/installation.html) for plugins installation instructions. The plugin(s) must be installed on every node in the cluster, and each node must be restarted after installation. For a list of plugins, see the table later in this section.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 1. Locate **Custom analyzers: language support**.
 1. Enable plugin(s) support for **Indexing**.
@@ -307,7 +307,7 @@ For guidance on what to install, see the following Elasticsearch language plugin
 
 To disable the Elasticsearch integration:
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 1. Uncheck **Elasticsearch indexing** and **Search with Elasticsearch enabled**.
 1. Click **Save changes** for the changes to take effect.
@@ -339,7 +339,7 @@ index alias to it which becomes the new `primary` index. At the end, we resume t
 To trigger the reindexing process:
 
 1. Sign in to your GitLab instance as an administrator.
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 1. Expand **Elasticsearch zero-downtime reindexing**.
 1. Select **Trigger cluster reindexing**.
@@ -356,7 +356,7 @@ While the reindexing is running, you will be able to follow its progress under t
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55681) in GitLab 13.12.
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 1. Expand **Elasticsearch zero-downtime reindexing**, and you'll
    find the following options:
@@ -404,7 +404,7 @@ Sometimes, you might want to abandon the unfinished reindex job and resume the i
    bundle exec rake gitlab:elastic:mark_reindex_failed RAILS_ENV=production
    ```
 
-1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > Advanced Search**.
 1. Expand **Elasticsearch zero-downtime reindexing**.
 1. Clear the **Pause Elasticsearch indexing** checkbox.
@@ -558,7 +558,7 @@ For basic guidance on choosing a cluster configuration you may refer to [Elastic
 - A good guideline is to ensure you keep the number of shards per node below 20 per GB heap it has configured. A node with a 30GB heap should therefore have a maximum of 600 shards, but the further below this limit you can keep it the better. This will generally help the cluster stay in good health.
 - Number of Elasticsearch shards:
   - Small shards result in small segments, which increases overhead. Aim to keep the average shard size between at least a few GB and a few tens of GB.
-  - Another consideration is the number of documents. To determine the number of shards to use, sum the numbers in the **Menu >** **{admin}** **Admin > Dashboard > Statistics** pane (the number of documents to be indexed), divide by 5 million, and add 5. For example:
+  - Another consideration is the number of documents. To determine the number of shards to use, sum the numbers in the **Menu > Admin > Dashboard > Statistics** pane (the number of documents to be indexed), divide by 5 million, and add 5. For example:
     - If you have fewer than about 2,000,000 documents, use the default of 5 shards
     - 10,000,000 documents: `10000000/5000000 + 5` = 7 shards
     - 100,000,000 documents: `100000000/5000000 + 5` = 25 shards
@@ -635,7 +635,7 @@ Sidekiq processes](../administration/operations/extra_sidekiq_processes.md).
    ```
 
    This enqueues a Sidekiq job for each project that needs to be indexed.
-   You can view the jobs in **Menu >** **{admin}** **Admin > Monitoring > Background Jobs > Queues Tab**
+   You can view the jobs in **Menu > Admin > Monitoring > Background Jobs > Queues Tab**
    and click `elastic_commit_indexer`, or you can query indexing status using a Rake task:
 
    ```shell

lib/gitlab/ci/parsers/security/common.rb

@@ -86,6 +86,7 @@ module Gitlab
 
           def create_finding(data, remediations = [])
             identifiers = create_identifiers(data['identifiers'])
+            flags = create_flags(data['flags'])
             links = create_links(data['links'])
             location = create_location(data['location'] || {})
             signatures = create_signatures(tracking_data(data))
@@ -111,6 +112,7 @@ module Gitlab
                 scanner: create_scanner(data['scanner']),
                 scan: report&.scan,
                 identifiers: identifiers,
+                flags: flags,
                 links: links,
                 remediations: remediations,
                 raw_metadata: data.to_json,
@@ -205,6 +207,18 @@ module Gitlab
                 url: identifier['url']))
           end
 
+          def create_flags(flags)
+            return [] unless flags.is_a?(Array)
+
+            flags.map { |flag| create_flag(flag) }.compact
+          end
+
+          def create_flag(flag)
+            return unless flag.is_a?(Hash)
+
+            ::Gitlab::Ci::Reports::Security::Flag.new(type: flag['type'], origin: flag['origin'], description: flag['description'])
+          end
+
           def create_links(links)
             return [] unless links.is_a?(Array)
 

lib/gitlab/ci/reports/security/finding.rb

@@ -10,6 +10,7 @@ module Gitlab
           attr_reader :compare_key
           attr_reader :confidence
           attr_reader :identifiers
+          attr_reader :flags
           attr_reader :links
           attr_reader :location
           attr_reader :metadata_version
@@ -30,10 +31,11 @@ module Gitlab
 
           delegate :file_path, :start_line, :end_line, to: :location
 
-          def initialize(compare_key:, identifiers:, links: [], remediations: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false) # rubocop:disable Metrics/ParameterLists
+          def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, metadata_version:, name:, raw_metadata:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false) # rubocop:disable Metrics/ParameterLists
             @compare_key = compare_key
             @confidence = confidence
             @identifiers = identifiers
+            @flags = flags
             @links = links
             @location = location
             @metadata_version = metadata_version
@@ -58,6 +60,7 @@ module Gitlab
               compare_key
               confidence
               identifiers
+              flags
               links
               location
               metadata_version

lib/gitlab/ci/reports/security/flag.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Reports
+      module Security
+        class Flag
+          attr_reader :type, :origin, :description
+
+          MAP = { 'flagged-as-likely-false-positive' => :false_positive }.freeze
+          DEFAULT_FLAG_TYPE = :false_positive
+
+          def flag_type
+            MAP.fetch(type, DEFAULT_FLAG_TYPE)
+          end
+
+          def initialize(type: nil, origin: nil, description: nil)
+            @type = type
+            @origin = origin
+            @description = description
+          end
+
+          def to_hash
+            {
+              flag_type: flag_type,
+              origin: origin,
+              description: description
+            }.compact
+          end
+        end
+      end
+    end
+  end
+end

package.json

@@ -140,7 +140,6 @@
     "jed": "^1.1.1",
     "jquery": "^3.6.0",
     "jquery.caret": "^0.3.1",
-    "jquery.waitforimages": "^2.2.0",
     "js-cookie": "^2.2.1",
     "js-yaml": "^3.13.1",
     "jszip": "^3.1.3",

spec/controllers/admin/integrations_controller_spec.rb

@@ -9,6 +9,14 @@ RSpec.describe Admin::IntegrationsController do
     sign_in(admin)
   end
 
+  it_behaves_like IntegrationsActions do
+    let(:integration_attributes) { { instance: true, project: nil } }
+
+    let(:routing_params) do
+      { id: integration.to_param }
+    end
+  end
+
   describe '#edit' do
     Integration.available_integration_names.each do |integration_name|
       context "#{integration_name}" do

spec/controllers/groups/settings/integrations_controller_spec.rb

@@ -10,6 +10,21 @@ RSpec.describe Groups::Settings::IntegrationsController do
     sign_in(user)
   end
 
+  it_behaves_like IntegrationsActions do
+    let(:integration_attributes) { { group: group, project: nil } }
+
+    let(:routing_params) do
+      {
+        group_id: group,
+        id: integration.to_param
+      }
+    end
+
+    before do
+      group.add_owner(user)
+    end
+  end
+
   describe '#index' do
     context 'when user is not owner' do
       it 'renders not_found' do

spec/controllers/projects/services_controller_spec.rb

@@ -18,6 +18,18 @@ RSpec.describe Projects::ServicesController do
     project.add_maintainer(user)
   end
 
+  it_behaves_like IntegrationsActions do
+    let(:integration_attributes) { { project: project } }
+
+    let(:routing_params) do
+      {
+        namespace_id: project.namespace,
+        project_id: project,
+        id: integration.to_param
+      }
+    end
+  end
+
   describe '#test' do
     context 'when the integration is not testable' do
       it 'renders 404' do

spec/factories/ci/reports/security/flags.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :ci_reports_security_flag, class: '::Gitlab::Ci::Reports::Security::Flag' do
+    type { 'flagged-as-likely-false-positive' }
+    origin { 'post analyzer X' }
+    description { 'static string to sink' }
+
+    skip_create
+
+    initialize_with do
+      ::Gitlab::Ci::Reports::Security::Flag.new(**attributes)
+    end
+  end
+end

spec/factories/integrations.rb

@@ -12,6 +12,12 @@ FactoryBot.define do
     issue_tracker
   end
 
+  factory :datadog_integration, class: 'Integrations::Datadog' do
+    project
+    active { true }
+    api_key { 'secret' }
+  end
+
   factory :emails_on_push_integration, class: 'Integrations::EmailsOnPush' do
     project
     type { 'EmailsOnPushService' }

spec/features/users/show_spec.rb

@@ -186,7 +186,17 @@ RSpec.describe 'User page' do
   end
 
   context 'with blocked profile' do
-    let_it_be(:user) { create(:user, state: :blocked) }
+    let_it_be(:user) do
+      create(
+        :user,
+        state: :blocked,
+        organization: 'GitLab - work info test',
+        job_title: 'Frontend Engineer',
+        pronunciation: 'pruh-nuhn-see-ay-shn'
+      )
+    end
+
+    let_it_be(:status) { create(:user_status, user: user, message: "Working hard!") }
 
     it 'shows no tab' do
       subject
@@ -211,7 +221,10 @@ RSpec.describe 'User page' do
       subject
 
       expect(page).not_to have_css(".profile-user-bio")
-      expect(page).not_to have_css(".profile-link-holder")
+      expect(page).not_to have_content('GitLab - work info test')
+      expect(page).not_to have_content('Frontend Engineer')
+      expect(page).not_to have_content('Working hard!')
+      expect(page).not_to have_content("Pronounced as: pruh-nuhn-see-ay-shn")
     end
 
     it 'shows username' do
@@ -222,7 +235,17 @@ RSpec.describe 'User page' do
   end
 
   context 'with unconfirmed user' do
-    let_it_be(:user) { create(:user, :unconfirmed) }
+    let_it_be(:user) do
+      create(
+        :user,
+        :unconfirmed,
+        organization: 'GitLab - work info test',
+        job_title: 'Frontend Engineer',
+        pronunciation: 'pruh-nuhn-see-ay-shn'
+      )
+    end
+
+    let_it_be(:status) { create(:user_status, user: user, message: "Working hard!") }
 
     shared_examples 'unconfirmed user profile' do
       before do
@@ -240,7 +263,10 @@ RSpec.describe 'User page' do
 
       it 'shows no additional fields' do
         expect(page).not_to have_css(".profile-user-bio")
-        expect(page).not_to have_css(".profile-link-holder")
+        expect(page).not_to have_content('GitLab - work info test')
+        expect(page).not_to have_content('Frontend Engineer')
+        expect(page).not_to have_content('Working hard!')
+        expect(page).not_to have_content("Pronounced as: pruh-nuhn-see-ay-shn")
       end
 
       it 'shows private profile message' do

spec/helpers/profiles_helper_spec.rb

@@ -152,6 +152,22 @@ RSpec.describe ProfilesHelper do
     end
   end
 
+  describe '#middle_dot_divider_classes' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:stacking, :breakpoint, :expected) do
+      nil  | nil | %w(gl-mb-3 gl-display-inline-block middle-dot-divider)
+      true | nil | %w(gl-mb-3 middle-dot-divider-sm gl-display-block gl-sm-display-inline-block)
+      nil  | :sm | %w(gl-mb-3 gl-display-inline-block middle-dot-divider-sm)
+    end
+
+    with_them do
+      it 'returns CSS classes needed to render the middle dot divider' do
+        expect(helper.middle_dot_divider_classes(stacking, breakpoint)).to eq expected
+      end
+    end
+  end
+
   def stub_cas_omniauth_provider
     provider = OpenStruct.new(
       'name' => 'cas3',

spec/lib/gitlab/chat/command_spec.rb

@@ -44,7 +44,7 @@ RSpec.describe Gitlab::Chat::Command do
     let(:pipeline) { command.create_pipeline }
 
     before do
-      stub_ci_pipeline_yaml_file(gitlab_ci_yaml)
+      stub_ci_pipeline_to_return_yaml_file
 
       project.add_developer(chat_name.user)
     end

spec/lib/gitlab/ci/parsers/security/common_spec.rb

@@ -13,11 +13,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
       # The path 'yarn.lock' was initially used by DependencyScanning, it is okay for SAST locations to use it, but this could be made better
       let(:location) { ::Gitlab::Ci::Reports::Security::Locations::Sast.new(file_path: 'yarn.lock', start_line: 1, end_line: 1) }
       let(:tracking_data) { nil }
+      let(:vulnerability_flags_data) do
+        [
+          ::Gitlab::Ci::Reports::Security::Flag.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink'),
+          ::Gitlab::Ci::Reports::Security::Flag.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer Y', description: 'integer to sink')
+        ]
+      end
 
       before do
         allow_next_instance_of(described_class) do |parser|
           allow(parser).to receive(:create_location).and_return(location)
           allow(parser).to receive(:tracking_data).and_return(tracking_data)
+          allow(parser).to receive(:create_flags).and_return(vulnerability_flags_data)
         end
 
         artifact.each_blob { |blob| described_class.parse!(blob, report, vulnerability_finding_signatures_enabled) }
@@ -231,6 +238,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         end
       end
 
+      describe 'parsing flags' do
+        it 'returns flags object for each finding' do
+          flags = report.findings.first.flags
+
+          expect(flags).to contain_exactly(
+            have_attributes(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink'),
+            have_attributes(type: 'flagged-as-likely-false-positive', origin: 'post analyzer Y', description: 'integer to sink')
+          )
+        end
+      end
+
       describe 'parsing links' do
         it 'returns links object for each finding', :aggregate_failures do
           links = report.findings.flat_map(&:links)

spec/lib/gitlab/ci/reports/security/flag_spec.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Security::Flag do
+  subject(:security_flag) { described_class.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink') }
+
+  describe '#initialize' do
+    context 'when all params are given' do
+      it 'initializes an instance' do
+        expect { subject }.not_to raise_error
+
+        expect(subject).to have_attributes(
+          type: 'flagged-as-likely-false-positive',
+          origin: 'post analyzer X',
+          description: 'static string to sink'
+        )
+      end
+    end
+
+    describe '#to_hash' do
+      it 'returns expected hash' do
+        expect(security_flag.to_hash).to eq(
+          {
+            flag_type: :false_positive,
+            origin: 'post analyzer X',
+            description: 'static string to sink'
+          }
+        )
+      end
+    end
+  end
+end

spec/models/dependency_proxy/image_ttl_group_policy_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe DependencyProxy::ImageTtlGroupPolicy, type: :model do
+  describe 'relationships' do
+    it { is_expected.to belong_to(:group) }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_presence_of(:group) }
+
+    describe '#enabled' do
+      it { is_expected.to allow_value(true).for(:enabled) }
+      it { is_expected.to allow_value(false).for(:enabled) }
+      it { is_expected.not_to allow_value(nil).for(:enabled) }
+    end
+
+    describe '#ttl' do
+      it { is_expected.to validate_numericality_of(:ttl).allow_nil.is_greater_than(0) }
+    end
+  end
+end

spec/models/group_spec.rb

@@ -30,6 +30,7 @@ RSpec.describe Group do
     it { is_expected.to have_many(:group_deploy_keys) }
     it { is_expected.to have_many(:integrations) }
     it { is_expected.to have_one(:dependency_proxy_setting) }
+    it { is_expected.to have_one(:dependency_proxy_image_ttl_policy) }
     it { is_expected.to have_many(:dependency_proxy_blobs) }
     it { is_expected.to have_many(:dependency_proxy_manifests) }
     it { is_expected.to have_many(:debian_distributions).class_name('Packages::Debian::GroupDistribution').dependent(:destroy) }

spec/models/integration_spec.rb

@@ -825,4 +825,20 @@ RSpec.describe Integration do
         .to include(*described_class::PROJECT_SPECIFIC_INTEGRATION_NAMES)
     end
   end
+
+  describe '#password_fields' do
+    it 'returns all fields with type `password`' do
+      allow(subject).to receive(:fields).and_return([
+        { name: 'password', type: 'password' },
+        { name: 'secret', type: 'password' },
+        { name: 'public', type: 'text' }
+      ])
+
+      expect(subject.password_fields).to match_array(%w[password secret])
+    end
+
+    it 'returns an empty array if no password fields exist' do
+      expect(subject.password_fields).to eq([])
+    end
+  end
 end

spec/services/ci/create_pipeline_service_spec.rb

@@ -11,7 +11,7 @@ RSpec.describe Ci::CreatePipelineService do
   let(:ref_name) { 'refs/heads/master' }
 
   before do
-    stub_ci_pipeline_yaml_file(gitlab_ci_yaml)
+    stub_ci_pipeline_to_return_yaml_file
   end
 
   describe '#execute' do

spec/spec_helper.rb

@@ -160,7 +160,6 @@ RSpec.configure do |config|
   config.include GitlabRoutingHelper
   config.include StubExperiments
   config.include StubGitlabCalls
-  config.include StubGitlabData
   config.include NextFoundInstanceOf
   config.include NextInstanceOf
   config.include TestEnv

spec/support/helpers/stub_gitlab_calls.rb

@@ -18,6 +18,10 @@ module StubGitlabCalls
     stub_ci_pipeline_yaml_file(gitlab_ci_yaml)
   end
 
+  def gitlab_ci_yaml
+    File.read(Rails.root.join('spec/support/gitlab_stubs/gitlab_ci.yml'))
+  end
+
   def stub_ci_pipeline_yaml_file(ci_yaml_content)
     allow_any_instance_of(Repository)
       .to receive(:gitlab_ci_yml_for)

spec/support/helpers/stub_gitlab_data.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module StubGitlabData
-  def gitlab_ci_yaml
-    File.read(Rails.root.join('spec/support/gitlab_stubs/gitlab_ci.yml'))
-  end
-end

spec/support/shared_examples/controllers/concerns/integrations_actions_shared_examples.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples IntegrationsActions do
+  let(:integration) do
+    create(:datadog_integration,
+      integration_attributes.merge(
+        api_url: 'http://example.com',
+        api_key: 'secret'
+      )
+    )
+  end
+
+  describe 'GET #edit' do
+    before do
+      get :edit, params: routing_params
+    end
+
+    it 'assigns the integration' do
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(assigns(:integration)).to eq(integration)
+    end
+  end
+
+  describe 'PUT #update' do
+    let(:params) do
+      {
+        datadog_env: 'env',
+        datadog_service: 'service'
+      }
+    end
+
+    before do
+      put :update, params: routing_params.merge(integration: params)
+    end
+
+    it 'updates the integration with the provided params and redirects to the form' do
+      expect(response).to redirect_to(routing_params.merge(action: :edit))
+      expect(integration.reload).to have_attributes(params)
+    end
+
+    context 'when sending a password field' do
+      let(:params) { super().merge(api_key: 'new') }
+
+      it 'updates the integration with the password and other params' do
+        expect(response).to be_redirect
+        expect(integration.reload).to have_attributes(params)
+      end
+    end
+
+    context 'when sending a blank password field' do
+      let(:params) { super().merge(api_key: '') }
+
+      it 'ignores the password field and saves the other params' do
+        expect(response).to be_redirect
+        expect(integration.reload).to have_attributes(params.merge(api_key: 'secret'))
+      end
+    end
+  end
+end

yarn.lock

@@ -7640,11 +7640,6 @@ jquery.caret@^0.3.1:
   resolved "https://registry.yarnpkg.com/jquery.caret/-/jquery.caret-0.3.1.tgz#9c093318faf327eff322e826ca9f3241368bc7b8"
   integrity sha1-nAkzGPrzJ+/zIugmyp8yQTaLx7g=
 
-jquery.waitforimages@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/jquery.waitforimages/-/jquery.waitforimages-2.2.0.tgz#63f23131055a1b060dc913e6d874bcc9b9e6b16b"
-  integrity sha1-Y/IxMQVaGwYNyRPm2HS8ybnmsWs=
-
 "jquery@>= 1.9.1", jquery@^3.6.0:
   version "3.6.0"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"