Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/pipelines/pipeline_tabs.js

@@ -29,6 +29,10 @@ export const createAppOptions = (selector, apolloProvider) => {
     pipelineIid,
     pipelineProjectPath,
     totalJobCount,
+    licenseManagementApiUrl,
+    licenseManagementSettingsPath,
+    licensesApiPath,
+    canManageLicenses,
   } = dataset;
 
   const defaultTabValue = getPipelineDefaultTab(window.location.href);
@@ -54,6 +58,10 @@ export const createAppOptions = (selector, apolloProvider) => {
       pipelineIid,
       pipelineProjectPath,
       totalJobCount,
+      licenseManagementApiUrl,
+      licenseManagementSettingsPath,
+      licensesApiPath,
+      canManageLicenses: parseBoolean(canManageLicenses),
     },
     errorCaptured(err, _vm, info) {
       reportToSentry('pipeline_tabs', `error: ${err}, info: ${info}`);

app/controllers/projects/analytics/cycle_analytics/stages_controller.rb

@@ -2,6 +2,7 @@
 
 class Projects::Analytics::CycleAnalytics::StagesController < Projects::ApplicationController
   include ::Analytics::CycleAnalytics::StageActions
+  include Gitlab::Utils::StrongMemoize
   extend ::Gitlab::Utils::Override
 
   respond_to :json
@@ -10,6 +11,7 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat
 
   before_action :authorize_read_cycle_analytics!
   before_action :only_default_value_stream_is_allowed!
+  before_action :authorize_stage!, only: [:median, :count, :average, :records]
 
   urgency :low
 
@@ -25,7 +27,26 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat
     Analytics::CycleAnalytics::ProjectValueStream
   end
 
+  override :cycle_analytics_configuration
+  def cycle_analytics_configuration(stages)
+    super(stages.select { |stage| permitted_stage?(stage) })
+  end
+
   def only_default_value_stream_is_allowed!
     render_404 if params[:value_stream_id] != Analytics::CycleAnalytics::Stages::BaseService::DEFAULT_VALUE_STREAM_NAME
   end
+
+  def permitted_stage?(stage)
+    permissions[stage.name.to_sym] # name matches the permission key (only when default stages are used)
+  end
+
+  def permissions
+    strong_memoize(:permissions) do
+      Gitlab::CycleAnalytics::Permissions.new(user: current_user, project: parent).get
+    end
+  end
+
+  def authorize_stage!
+    render_403 unless permitted_stage?(stage)
+  end
 end

doc/user/application_security/container_scanning/index.md

@@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Container Scanning **(FREE)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3672) in GitLab 10.4.
-> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) to Free tier in GitLab 15.0.
+> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) from GitLab Ultimate to GitLab Free in 15.0.
 
 Your application's Docker image may itself be based on Docker images that contain known
 vulnerabilities. By including an extra Container Scanning job in your pipeline that scans for those

doc/user/infrastructure/clusters/connect/new_eks_cluster.md

@@ -122,6 +122,7 @@ To remove all resources:
     stages:
       - init
       - validate
+      - test
       - build
       - deploy
       - cleanup

lib/gitlab/usage_data_counters/hll_redis_counter.rb

@@ -43,6 +43,7 @@ module Gitlab
         importer
         incident_management_alerts
         pipeline_authoring
+        search
         secure
         snippets
         source_code

lib/gitlab/usage_data_counters/known_events/common.yml

@@ -44,14 +44,6 @@
   category: search
   redis_slot: search
   aggregation: weekly
-- name: i_search_advanced
-  category: search
-  redis_slot: search
-  aggregation: weekly
-- name: i_search_paid
-  category: search
-  redis_slot: search
-  aggregation: weekly
 - name: wiki_action
   category: source_code
   aggregation: daily

spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb

@@ -54,6 +54,32 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
   end
 
+  shared_examples 'project-level value stream analytics with guest user' do
+    let_it_be(:guest) { create(:user) }
+
+    before do
+      project.add_guest(guest)
+      sign_out(user)
+      sign_in(guest)
+    end
+
+    %w[code review].each do |id|
+      it "disallows stage #{id}" do
+        get action, params: params.merge(id: id)
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+
+    %w[issue plan test staging].each do |id|
+      it "allows stage #{id}" do
+        get action, params: params.merge(id: id)
+
+        expect(response).to have_gitlab_http_status(:ok)
+      end
+    end
+  end
+
   describe 'GET index' do
     let(:action) { :index }
 
@@ -78,6 +104,20 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it 'only returns authorized stages' do
+      guest = create(:user)
+      sign_out(user)
+      sign_in(guest)
+      project.add_guest(guest)
+
+      get action, params: params
+
+      expect(response).to have_gitlab_http_status(:ok)
+
+      expect(json_response['stages'].map { |stage| stage['title'] })
+        .to contain_exactly('Issue', 'Plan', 'Test', 'Staging')
+    end
   end
 
   describe 'GET median' do
@@ -102,6 +142,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET average' do
@@ -126,6 +168,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET count' do
@@ -150,6 +194,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET records' do
@@ -174,5 +220,7 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 end

spec/features/cycle_analytics_spec.rb

@@ -213,14 +213,20 @@ RSpec.describe 'Value Stream Analytics', :js do
       expect(page.find(metrics_selector)).not_to have_selector("#commits")
     end
 
-    it 'needs permissions to see restricted stages' do
+    it 'does not show restricted stages', :aggregate_failures do
       expect(find(stage_table_selector)).to have_content(issue.title)
 
-      click_stage('Code')
-      expect(find(stage_table_selector)).to have_content('You need permission.')
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Issue')
 
-      click_stage('Review')
-      expect(find(stage_table_selector)).to have_content('You need permission.')
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Plan')
+
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Test')
+
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Staging')
+
+      expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Code')
+
+      expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Review')
     end
   end
 

spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb

@@ -2,12 +2,12 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, :migration, schema: 20220223112304 do
+RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, migration: :gitlab_ci, schema: 20220223112304 do
   let(:namespaces) { table(:namespaces) }
   let(:projects) { table(:projects) }
-  let(:ci_runners) { table(:ci_runners, database: :ci) }
-  let(:ci_pipelines) { table(:ci_pipelines, database: :ci) }
-  let(:ci_builds) { table(:ci_builds, database: :ci) }
+  let(:ci_runners) { table(:ci_runners) }
+  let(:ci_pipelines) { table(:ci_pipelines) }
+  let(:ci_builds) { table(:ci_builds) }
 
   subject { described_class.new }
 

spec/migrations/change_public_projects_cost_factor_spec.rb

@@ -3,16 +3,7 @@
 require 'spec_helper'
 require_migration!
 
-RSpec.describe ChangePublicProjectsCostFactor, :migration do
-  # This is a workaround to force the migration to run against the
-  # `gitlab_ci` schema. Otherwise it only runs against `gitlab_main`.
-  around do |example| # rubocop: disable Style/MultilineIfModifier
-    with_reestablished_active_record_base do
-      reconfigure_db_connection(name: :ci)
-      example.run
-    end
-  end if Gitlab::Database.has_config?(:ci)
-
+RSpec.describe ChangePublicProjectsCostFactor, migration: :gitlab_ci do
   let(:runners) { table(:ci_runners) }
 
   let!(:shared_1) { runners.create!(runner_type: 1, public_projects_minutes_cost_factor: 0) }

spec/support/database/multiple_databases.rb

@@ -98,6 +98,26 @@ RSpec.configure do |config|
       example.run
     end
   end
+
+  config.around(:each, :migration) do |example|
+    migration_schema = example.metadata[:migration]
+    migration_schema = :gitlab_main if migration_schema == true
+    base_model = Gitlab::Database.schemas_to_base_models.fetch(migration_schema).first
+
+    # Migration require an `ActiveRecord::Base` to point to desired database
+    if base_model != ActiveRecord::Base
+      with_reestablished_active_record_base do
+        reconfigure_db_connection(
+          model: ActiveRecord::Base,
+          config_model: base_model
+        )
+
+        example.run
+      end
+    else
+      example.run
+    end
+  end
 end
 
 ActiveRecord::Base.singleton_class.prepend(::Database::ActiveRecordBaseEstablishConnection) # rubocop:disable Database/MultipleDatabases