Add latest changes from gitlab-org/gitlab@master

2022-09-09 00:10:07 +00:00 · 2022-09-09 00:10:07 +00:00 · c726131474
parent f26a600a69
commit c726131474
42 changed files with 285 additions and 93 deletions
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@ -247,7 +247,7 @@ coverage-frontend:
  extends:
    - .default-retry
    - .yarn-cache
-    - .frontend:rules:ee-mr-and-default-branch-only
+    - .frontend:rules:coverage-frontend
  needs:
    - job: "jest"
      optional: true
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -839,13 +839,14 @@
    - <<: *if-merge-request
      changes: *frontend-patterns-for-as-if-foss
-.frontend:rules:ee-mr-and-default-branch-only:
+.frontend:rules:coverage-frontend:
  rules:
    - <<: *if-not-ee
      when: never
    - <<: *if-merge-request-labels-pipeline-revert
      when: never
    - <<: *if-merge-request
      changes: *code-backstage-patterns
      when: always
    - <<: *if-default-branch-refs
      changes: *code-backstage-patterns
@ -1374,12 +1375,12 @@
  rules:
    - <<: *if-not-ee
      when: never
    - <<: *if-merge-request-labels-pipeline-revert
      when: never
    - <<: *if-merge-request
      changes: *code-backstage-patterns
      when: always
    - <<: *if-default-branch-schedule-maintenance
    - <<: *if-merge-request-labels-run-all-rspec
      when: always
 .rails:rules:rspec-undercoverage:
  rules:
@ -1419,6 +1420,8 @@
  rules:
    - <<: *if-not-ee
      when: never
    - <<: *if-merge-request-labels-pipeline-revert
      when: never
    - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"'
      changes: *code-backstage-patterns
      when: always
--- a/2
+++ b/2
@ -349,7 +349,7 @@ group :development do
  gem 'solargraph', '~> 0.46.0', require: false
  gem 'letter_opener_web', '~> 2.0.0'
-  gem 'lookbook'
+  gem 'lookbook', '~> 1.0'
  # Better errors handler
  gem 'better_errors', '~> 2.9.1'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -815,9 +815,11 @@ GEM
    loofah (2.18.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
-    lookbook (0.9.3)
+    lookbook (1.0.3)
      actioncable
      css_parser
      htmlbeautifier (~> 1.3)
      htmlentities (~> 4.3.4)
      listen (~> 3.0)
      railties (>= 5.0)
      redcarpet (~> 3.5)
@ -1095,7 +1097,7 @@ GEM
    randexp (0.1.7)
    rash_alt (0.4.12)
      hashie (>= 3.4)
-    rb-fsevent (0.11.1)
+    rb-fsevent (0.11.2)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
    rbtrace (0.4.14)
@ -1648,7 +1650,7 @@ DEPENDENCIES
  lockbox (~> 0.6.2)
  lograge (~> 0.5)
  loofah (~> 2.18.0)
-  lookbook
+  lookbook (~> 1.0)
  lru_redux
  mail (= 2.7.1)
  mail-smtp_pool (~> 0.1.0)!
--- a/app/assets/javascripts/nav/components/top_nav_app.vue
+++ b/app/assets/javascripts/nav/components/top_nav_app.vue
@ -1,14 +1,18 @@
 <script>
-import { GlNav, GlNavItemDropdown, GlDropdownForm } from '@gitlab/ui';
+import { GlNav, GlIcon, GlNavItemDropdown, GlDropdownForm, GlTooltipDirective } from '@gitlab/ui';
 import TopNavDropdownMenu from './top_nav_dropdown_menu.vue';
 export default {
  components: {
    GlIcon,
    GlNav,
    GlNavItemDropdown,
    GlDropdownForm,
    TopNavDropdownMenu,
  },
  directives: {
    GlTooltip: GlTooltipDirective,
  },
  props: {
    navData: {
      type: Object,
@ -21,15 +25,20 @@ export default {
 <template>
  <gl-nav class="navbar-sub-nav">
    <gl-nav-item-dropdown
-      :text="navData.activeTitle"
+      v-gl-tooltip.bottom="navData.menuTooltip"
      data-qa-selector="navbar_dropdown"
-      :data-qa-title="navData.activeTitle"
+      data-qa-title="Menu"
      icon="hamburger"
      menu-class="gl-mt-3! gl-max-w-none! gl-max-h-none! gl-sm-w-auto! js-top-nav-dropdown-menu"
      toggle-class="top-nav-toggle js-top-nav-dropdown-toggle gl-px-3!"
      no-flip
      no-caret
    >
      <template #button-content>
        <gl-icon name="hamburger" />
        <span v-if="navData.menuTitle" class="gl-ml-3">
          {{ navData.menuTitle }}
        </span>
      </template>
      <gl-dropdown-form>
        <top-nav-dropdown-menu
          :primary="navData.primary"
--- a/app/assets/javascripts/notes/components/note_header.vue
+++ b/app/assets/javascripts/notes/components/note_header.vue
@ -10,6 +10,7 @@ import { mapActions } from 'vuex';
 import { __, s__ } from '~/locale';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
 import UserNameWithStatus from '~/sidebar/components/assignees/user_name_with_status.vue';
 import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 export default {
  safeHtmlConfig: { ADD_TAGS: ['gl-emoji'] },
@ -26,6 +27,7 @@ export default {
    SafeHtml,
    GlTooltip: GlTooltipDirective,
  },
  mixins: [glFeatureFlagsMixin()],
  props: {
    author: {
      type: Object,
@ -183,21 +185,28 @@ export default {
        :data-user-id="author.id"
        :data-username="author.username"
      >
        <span
          v-if="glFeatures.removeUserAttributes"
          class="note-header-author-name gl-font-weight-bold"
        >
          {{ authorName }}
        </span>
        <user-name-with-status
          v-if="!glFeatures.removeUserAttributes"
          :name="authorName"
          :availability="userAvailability(author)"
          container-classes="note-header-author-name gl-font-weight-bold"
        />
      </a>
      <span
-        v-if="authorStatus"
+        v-if="authorStatus && !glFeatures.removeUserAttributes"
        ref="authorStatus"
        v-safe-html:[$options.safeHtmlConfig]="authorStatus"
        v-on="
          authorStatusHasTooltip ? { mouseenter: removeEmojiTitle, mouseleave: addEmojiTitle } : {}
        "
      ></span>
-      <span class="text-nowrap author-username">
+      <span v-if="!glFeatures.removeUserAttributes" class="text-nowrap author-username">
        <a
          ref="authorUsernameLink"
          class="author-username-link"
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@ -565,10 +565,6 @@
 }
 .top-nav-toggle {
  .dropdown-icon {
    @include gl-mr-3;
  }
  .dropdown-chevron {
    top: 0;
  }
--- a/app/assets/stylesheets/startup/startup-dark.scss
+++ b/app/assets/stylesheets/startup/startup-dark.scss
@ -1001,9 +1001,6 @@ kbd {
  visibility: hidden;
  top: 3px;
 }
 .top-nav-toggle .dropdown-icon {
  margin-right: 0.5rem;
 }
 .tanuki-logo .tanuki {
  fill: #e24329;
 }
--- a/app/assets/stylesheets/startup/startup-general.scss
+++ b/app/assets/stylesheets/startup/startup-general.scss
@ -982,9 +982,6 @@ kbd {
  visibility: hidden;
  top: 3px;
 }
 .top-nav-toggle .dropdown-icon {
  margin-right: 0.5rem;
 }
 .tanuki-logo .tanuki {
  fill: #e24329;
 }
--- a/app/controllers/projects/incidents_controller.rb
+++ b/app/controllers/projects/incidents_controller.rb
@ -11,6 +11,7 @@ class Projects::IncidentsController < Projects::ApplicationController
    push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?)
    push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?)
    push_frontend_feature_flag(:work_items_hierarchy, @project)
    push_frontend_feature_flag(:remove_user_attributes, @group)
  end
  feature_category :incident_management
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@ -42,6 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController
  before_action do
    push_frontend_feature_flag(:incident_timeline, project)
    push_frontend_feature_flag(:remove_user_attributes, @group)
  end
  before_action only: [:index, :show] do
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@ -45,6 +45,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
    push_frontend_feature_flag(:paginated_mr_discussions, project)
    push_frontend_feature_flag(:mr_review_submit_comment, project)
    push_frontend_feature_flag(:mr_experience_survey, project)
    push_frontend_feature_flag(:remove_user_attributes, @group)
  end
  before_action do
--- a/app/views/layouts/nav/_top_nav.html.haml
+++ b/app/views/layouts/nav/_top_nav.html.haml
@ -1,9 +1,10 @@
 - view_model = top_nav_view_model(project: @project, group: @group)
-%ul.list-unstyled.navbar-sub-nav#js-top-nav{ data: { view_model: view_model.to_json } }
+%ul.list-unstyled.nav.navbar-sub-nav#js-top-nav{ data: { view_model: view_model.to_json } }
  %li
    %a.top-nav-toggle{ href: '#', type: 'button', data: { toggle: "dropdown" } }
-      = sprite_icon('hamburger', css_class: "dropdown-icon")
+      = sprite_icon('hamburger')
-      = view_model[:activeTitle]
+      - if view_model[:menuTitle]
        .gl-ml-3= view_model[:menuTitle]
 .hidden
  - view_model[:shortcuts].each do |shortcut|
--- a/config/application.rb
+++ b/config/application.rb
@ -264,6 +264,7 @@ module Gitlab
    config.assets.precompile << "page_bundles/cycle_analytics.css"
    config.assets.precompile << "page_bundles/dashboard_projects.css"
    config.assets.precompile << "page_bundles/dev_ops_reports.css"
    config.assets.precompile << "page_bundles/environments.css"
    config.assets.precompile << "page_bundles/epics.css"
    config.assets.precompile << "page_bundles/error_tracking_details.css"
    config.assets.precompile << "page_bundles/error_tracking_index.css"
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -50,6 +50,8 @@ Rails.application.configure do
  # Push preview path now to prevent FrozenError during view_component's initialzer
  config.autoload_paths.push("#{config.root}/spec/components/previews")
  config.lookbook.page_paths = ["#{config.root}/spec/components/docs"]
  # Adds additional error checking when serving assets at runtime.
  # Checks for improperly declared sprockets dependencies.
  # Raises helpful error messages.
--- a/config/feature_flags/development/new_navbar_layout.yml
+++ b/config/feature_flags/development/new_navbar_layout.yml
@ -0,0 +1,8 @@
 ---
 name: new_navbar_layout
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96853
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366082
 milestone: '15.4'
 type: development
 group: group::foundations
 default_enabled: false
--- a/config/feature_flags/development/remove_user_attributes.yml
+++ b/config/feature_flags/development/remove_user_attributes.yml
@ -0,0 +1,8 @@
 ---
 name: remove_user_attributes
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96447
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372047
 milestone: '15.4'
 type: development
 group: group::code review
 default_enabled: false
--- a/config/initializers/lookbook.rb
+++ b/config/initializers/lookbook.rb
@ -1,14 +0,0 @@
 # frozen_string_literal: true
 if Rails.env.development?
  # :nocov: Lookbook is only available in development
  Lookbook::ApplicationController.class_eval do
    content_security_policy false
  end
  Rails.application.configure do
    config.lookbook.experimental_features = [:pages]
    config.lookbook.page_paths = ["#{config.root}/spec/components/docs"]
  end
  # :nocov:
 end
--- a/doc/administration/troubleshooting/ssl.md
+++ b/doc/administration/troubleshooting/ssl.md
@ -251,3 +251,13 @@ You must specify that Git should use OpenSSL:
 ```shell
 git config --system http.sslbackend openssl
 ```
 Alternatively, you can ignore SSL verification by running:
 WARNING:
 Proceed with caution when [ignoring SSL](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslVerify)
 due to the potential security issues associated with disabling this option at global level. Use this option _only_ when troubleshooting, and reinstate SSL verification immediately after.
 ```shell
 git config --global http.sslVerify false
 ```
--- a/doc/ci/examples/deployment/index.md
+++ b/doc/ci/examples/deployment/index.md
@ -47,6 +47,7 @@ staging:
  script:
    - gem install dpl
    - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
  environment: staging
 ```
 In the above example we use Dpl to deploy `my-app-staging` to Heroku server with API key stored in `HEROKU_STAGING_API_KEY` secure variable.
@ -70,6 +71,7 @@ staging:
    - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
  only:
    - main
  environment: staging
 ```
 The first line `apt-get update -yq` updates the list of available packages,
@ -93,6 +95,7 @@ staging:
    - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
  only:
    - main
  environment: staging
 production:
  stage: deploy
@ -101,6 +104,7 @@ production:
    - dpl --provider=heroku --app=my-app-production --api_key=$HEROKU_PRODUCTION_API_KEY
  only:
    - tags
  environment: production
 ```
 We created two deploy jobs that are executed on different events:
--- a/doc/ci/examples/end_to_end_testing_webdriverio/index.md
+++ b/doc/ci/examples/end_to_end_testing_webdriverio/index.md
@ -228,6 +228,7 @@ deploy_terraform:
  script:
    # Your Review App deployment scripts - for a working example please check https://gitlab.com/Flockademic/Flockademic/blob/5a45f1c2412e93810fab50e2dab8949e2d0633c7/.gitlab-ci.yml#L315
    - echo
  environment: production
 e2e:firefox:
  stage: confidence-check
  services:
--- a/doc/ci/variables/index.md
+++ b/doc/ci/variables/index.md
@ -592,6 +592,7 @@ deploy:
    BUILD_VARIABLE: value_from_deploy_job
  script:
    - echo "$BUILD_VARIABLE"  # Output is: 'value_from_build_job' due to precedence
  environment: production
 ```
 The [`dependencies`](../yaml/index.md#dependencies) or
@ -616,12 +617,19 @@ deploy_one:
    - echo "$BUILD_VERSION"  # Output is: 'hello'
  dependencies:
    - build
  environment:
    name: customer1
    deployment_tier: production
 deploy_two:
  stage: deploy
  script:
    - echo "$BUILD_VERSION"  # Output is empty
  dependencies: []
  environment:
    name: customer2
    deployment_tier: production
 deploy_three:
  stage: deploy
@ -629,6 +637,10 @@ deploy_three:
    - echo "$BUILD_VERSION"  # Output is: 'hello'
  needs:
    - build
  environment:
    name: customer3
    deployment_tier: production
 deploy_four:
  stage: deploy
@ -637,6 +649,9 @@ deploy_four:
  needs:
    job: build
    artifacts: true
  environment:
    name: customer4
    deployment_tier: production
 deploy_five:
  stage: deploy
@ -645,6 +660,9 @@ deploy_five:
  needs:
    job: build
    artifacts: false
  environment:
    name: customer5
    deployment_tier: production
 ```
 [Multi-project pipelines](../pipelines/downstream_pipelines.md#pass-dotenv-variables-created-in-a-job)
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@ -1069,21 +1069,21 @@ This example excludes the `/auth` resource. This does not exclude child resource
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth
+  FUZZAPI_EXCLUDE_PATHS: /auth
 ```
 To exclude `/auth`, and child resources (`/auth/child`), we use a wildcard.
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth*
+  FUZZAPI_EXCLUDE_PATHS: /auth*
 ```
 To exclude multiple paths we can use the `;` character. In this example we exclude `/auth*` and `/v1/*`.
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth*;/v1/*
+  FUZZAPI_EXCLUDE_PATHS: /auth*;/v1/*
 ```
 ### Exclude parameters
@ -1343,7 +1343,15 @@ Each value in `FUZZAPI_EXCLUDE_URLS` is a regular expression. Characters such as
 The following example excludes the URL `http://target/api/auth` and its child resources.
 ```yaml
 stages:
  - fuzz
 include:
  - template: API-Fuzzing.gitlab-ci.yml
 variables:
  FUZZAPI_TARGET_URL: http://target/
  FUZZAPI_OPENAPI: test-api-specification.json
  FUZZAPI_EXCLUDE_URLS: http://target/api/auth
 ```
@ -1352,7 +1360,15 @@ variables:
 To exclude the URLs `http://target/api/buy` and `http://target/api/sell` but allowing to scan their child resources, for instance: `http://target/api/buy/toy` or `http://target/api/sell/chair`. You could use the value `http://target/api/buy/$,http://target/api/sell/$`. This value is using two regular expressions, each of them separated by a `,` character. Hence, it contains `http://target/api/buy$` and `http://target/api/sell$`. In each regular expression, the trailing `$` character points out where the matching URL should end.
 ```yaml
 stages:
  - fuzz
 include:
  - template: API-Fuzzing.gitlab-ci.yml
 variables:
  FUZZAPI_TARGET_URL: http://target/
  FUZZAPI_OPENAPI: test-api-specification.json
  FUZZAPI_EXCLUDE_URLS: http://target/api/buy/$,http://target/api/sell/$
 ```
@ -1361,7 +1377,15 @@ variables:
 In order to exclude the URLs: `http://target/api/buy` and `http://target/api/sell`, and their child resources. To provide multiple URLs we use the `,` character as follows:
 ```yaml
 stages:
  - fuzz
 include:
  - template: API-Fuzzing.gitlab-ci.yml
 variables:
  FUZZAPI_TARGET_URL: http://target/
  FUZZAPI_OPENAPI: test-api-specification.json
  FUZZAPI_EXCLUDE_URLS: http://target/api/buy,http://target/api/sell
 ```
@ -1370,7 +1394,15 @@ variables:
 In order to exclude exactly `https://target/api/v1/user/create` and `https://target/api/v2/user/create` or any other version (`v3`,`v4`, and more). We could use `https://target/api/v.*/user/create$`, in the previous regular expression `.` indicates any character and `*` indicates zero or more times, additionally `$` indicates that the URL should end there.
 ```yaml
 stages:
  - fuzz
 include:
  - template: API-Fuzzing.gitlab-ci.yml
 variables:
  FUZZAPI_TARGET_URL: http://target/
  FUZZAPI_OPENAPI: test-api-specification.json
  FUZZAPI_EXCLUDE_URLS: https://target/api/v.*/user/create$
 ```
@ -1757,10 +1789,13 @@ This solution is for pipelines in which the target API URL doesn't change (is st
 For environments where the target API remains the same, we recommend you specify the target URL by using the `FUZZAPI_TARGET_URL` environment variable. In your `.gitlab-ci.yml` file, add a variable `FUZZAPI_TARGET_URL`. The variable must be set to the base URL of API testing target. For example:
 ```yaml
 stages:
  - fuzz
 include:
  - template: API-Fuzzing.gitlab-ci.yml
-  variables:
+variables:
  FUZZAPI_TARGET_URL: http://test-deployment/
  FUZZAPI_OPENAPI: test-api-specification.json
 ```
@ -1820,17 +1855,17 @@ Relaxed validation is meant for cases when the OpenAPI document cannot meet Open
 API Security can still try to consume an OpenAPI document that does not fully comply with OpenAPI specifications. To instruct API Security to perform a relaxed validation, set the variable `FUZZAPI_OPENAPI_RELAXED_VALIDATION` to any value, for example:
 ```yaml
-   stages:
+stages:
  - fuzz
-   include:
+include:
  - template: API-Fuzzing.gitlab-ci.yml
-   variables:
+variables:
  FUZZAPI_PROFILE: Quick-10
  FUZZAPI_TARGET_URL: http://test-deployment/
  FUZZAPI_OPENAPI: test-api-specification.json
-     FUZZAPI_OPENAPI_RELAXED_VALIDATION: On
+  FUZZAPI_OPENAPI_RELAXED_VALIDATION: 'On'
 ```
 ### `No operation in the OpenAPI document is consuming any supported media type`
--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@ -1017,21 +1017,21 @@ This example excludes the `/auth` resource. This does not exclude child resource
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth
+  DAST_API_EXCLUDE_PATHS: /auth
 ```
 To exclude `/auth`, and child resources (`/auth/child`), we use a wildcard.
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth*
+  DAST_API_EXCLUDE_PATHS: /auth*
 ```
 To exclude multiple paths we use the `;` character. In this example we exclude `/auth*` and `/v1/*`.
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth*;/v1/*
+  DAST_API_EXCLUDE_PATHS: /auth*;/v1/*
 ```
 To exclude one or more nested levels within a path we use `**`. In this example we are testing API endpoints. We are testing `/api/v1/` and `/api/v2/` of a data query requesting `mass`, `brightness` and `coordinates` data for `planet`, `moon`, `star`, and `satellite` objects. Example paths that could be scanned include, but are not limited to:
@ -1044,7 +1044,7 @@ In this example we test the `brightness` endpoint only:
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/api/**/mass;/api/**/coordinates
+  DAST_API_EXCLUDE_PATHS: /api/**/mass;/api/**/coordinates
 ```
 ### Exclude parameters
@ -1304,7 +1304,15 @@ Each value in `DAST_API_EXCLUDE_URLS` is a regular expression. Characters such a
 The following example excludes the URL `http://target/api/auth` and its child resources.
 ```yaml
 stages:
  - dast
 include:
  - template: DAST-API.gitlab-ci.yml
 variables:
  DAST_API_TARGET_URL: http://target/
  DAST_API_OPENAPI: test-api-specification.json
  DAST_API_EXCLUDE_URLS: http://target/api/auth
 ```
@ -1313,7 +1321,15 @@ variables:
 To exclude the URLs `http://target/api/buy` and `http://target/api/sell` but allowing to scan their child resources, for instance: `http://target/api/buy/toy` or `http://target/api/sell/chair`. You could use the value `http://target/api/buy/$,http://target/api/sell/$`. This value is using two regular expressions, each of them separated by a `,` character. Hence, it contains `http://target/api/buy$` and `http://target/api/sell$`. In each regular expression, the trailing `$` character points out where the matching URL should end.
 ```yaml
 stages:
  - dast
 include:
  - template: DAST-API.gitlab-ci.yml
 variables:
  DAST_API_TARGET_URL: http://target/
  DAST_API_OPENAPI: test-api-specification.json
  DAST_API_EXCLUDE_URLS: http://target/api/buy/$,http://target/api/sell/$
 ```
@ -1322,7 +1338,15 @@ variables:
 In order to exclude the URLs: `http://target/api/buy` and `http://target/api/sell`, and their child resources. To provide multiple URLs we use the `,` character as follows:
 ```yaml
 stages:
  - dast
 include:
  - template: DAST-API.gitlab-ci.yml
 variables:
  DAST_API_TARGET_URL: http://target/
  DAST_API_OPENAPI: test-api-specification.json
  DAST_API_EXCLUDE_URLS: http://target/api/buy,http://target/api/sell
 ```
@ -1331,7 +1355,15 @@ variables:
 In order to exclude exactly `https://target/api/v1/user/create` and `https://target/api/v2/user/create` or any other version (`v3`,`v4`, and more). We could use `https://target/api/v.*/user/create$`, in the previous regular expression `.` indicates any character and `*` indicates zero or more times, additionally `$` indicates that the URL should end there.
 ```yaml
 stages:
  - dast
 include:
  - template: DAST-API.gitlab-ci.yml
 variables:
  DAST_API_TARGET_URL: http://target/
  DAST_API_OPENAPI: test-api-specification.json
  DAST_API_EXCLUDE_URLS: https://target/api/v.*/user/create$
 ```
@ -1575,10 +1607,13 @@ This solution is for pipelines in which the target API URL doesn't change (is st
 For environments where the target API remains the same, we recommend you specify the target URL by using the `DAST_API_TARGET_URL` environment variable. In your `.gitlab-ci.yml`, add a variable `DAST_API_TARGET_URL`. The variable must be set to the base URL of API testing target. For example:
 ```yaml
 stages:
  - dast
 include:
  - template: DAST-API.gitlab-ci.yml
-  variables:
+variables:
  DAST_API_TARGET_URL: http://test-deployment/
  DAST_API_OPENAPI: test-api-specification.json
 ```
@ -1630,17 +1665,17 @@ Relaxed validation is meant for cases when the OpenAPI document cannot meet Open
 API Security can still try to consume an OpenAPI document that does not fully comply with OpenAPI specifications. To instruct API Security to perform a relaxed validation, set the variable `DAST_API_OPENAPI_RELAXED_VALIDATION` to any value, for example:
 ```yaml
-   stages:
+stages:
  - dast
-   include:
+include:
  - template: DAST-API.gitlab-ci.yml
-   variables:
+variables:
  DAST_API_PROFILE: Quick
  DAST_API_TARGET_URL: http://test-deployment/
  DAST_API_OPENAPI: test-api-specification.json
-     DAST_API_OPENAPI_RELAXED_VALIDATION: On
+  DAST_API_OPENAPI_RELAXED_VALIDATION: 'On'
 ```
 ### `No operation in the OpenAPI document is consuming any supported media type`
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@ -890,3 +890,17 @@ root@6abb70e9f193:~#
 NOTE:
 Selecting a custom version of [Mono](https://www.mono-project.com/) or [.NET Core](https://dotnet.microsoft.com/download/dotnet) is currently not supported.
 ### LicenseFinder::Maven: is not installed error
 If your project contains a `mvnw` or `mvnw.cmd` file, then the license scanning job may fail with the `LicenseFinder::Maven: is not installed error` error. To resolve this, modify the license scanning job to remove the files in the `before_script` section. Example:
 ```yaml
 include:
  - template: License-Scanning.gitlab-ci.yml
 license_scanning:
  before_script:
    - rm mvnw
    - rm mvnw.cmd
 ```
--- a/lib/gitlab/nav/top_nav_view_model_builder.rb
+++ b/lib/gitlab/nav/top_nav_view_model_builder.rb
@ -42,11 +42,14 @@ module Gitlab
      def build
        menu = @menu_builder.build
        hide_menu_text = Feature.enabled?(:new_navbar_layout)
        menu.merge({
          views: @views,
          shortcuts: @shortcuts,
-          activeTitle: _('Menu')
+          menuTitle: (_('Menu') unless hide_menu_text),
-        })
+          menuTooltip: (_('Main menu') if hide_menu_text)
        }.compact)
      end
    end
  end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -24046,6 +24046,9 @@ msgstr ""
 msgid "Mailgun events"
 msgstr ""
 msgid "Main menu"
 msgstr ""
 msgid "Maintenance mode"
 msgstr ""
--- a/qa/qa/specs/features/api/3_create/repository/project_archive_compare_spec.rb
+++ b/qa/qa/specs/features/api/3_create/repository/project_archive_compare_spec.rb
@ -53,12 +53,11 @@ module QA
          project.api_client = api_client
        end
-        Resource::Repository::ProjectPush.fabricate! do |push|
+        Resource::Repository::Commit.fabricate_via_api! do |commit|
-          push.project = project
+          commit.project = project
-          push.file_name = 'README.md'
+          commit.add_files([{ file_path: 'README.md', content: '# This is a test project' }])
-          push.file_content = '# This is a test project'
+          commit.commit_message = 'Add README.md'
-          push.commit_message = 'Add README.md'
+          commit.api_client = api_client
          push.user = user
        end
        project
--- a/spec/features/discussion_comments/issue_spec.rb
+++ b/spec/features/discussion_comments/issue_spec.rb
@ -8,6 +8,7 @@ RSpec.describe 'Thread Comments Issue', :js do
  let(:issue) { create(:issue, project: project) }
  before do
    stub_feature_flags(remove_user_attributes: false)
    project.add_maintainer(user)
    sign_in(user)
--- a/spec/features/discussion_comments/merge_request_spec.rb
+++ b/spec/features/discussion_comments/merge_request_spec.rb
@ -8,6 +8,7 @@ RSpec.describe 'Thread Comments Merge Request', :js do
  let(:merge_request) { create(:merge_request, source_project: project) }
  before do
    stub_feature_flags(remove_user_attributes: false)
    project.add_maintainer(user)
    sign_in(user)
--- a/spec/features/issuables/markdown_references/jira_spec.rb
+++ b/spec/features/issuables/markdown_references/jira_spec.rb
@ -15,6 +15,8 @@ RSpec.describe "Jira", :js do
    before do
      remotelink = double(:remotelink, all: [], build: double(save!: true))
      stub_feature_flags(remove_user_attributes: false)
      stub_request(:get, "https://jira.example.com/rest/api/2/issue/JIRA-5")
      stub_request(:post, "https://jira.example.com/rest/api/2/issue/JIRA-5/comment")
      allow_next_instance_of(JIRA::Resource::Issue) do |instance|
--- a/spec/features/issues/resource_label_events_spec.rb
+++ b/spec/features/issues/resource_label_events_spec.rb
@ -14,6 +14,7 @@ RSpec.describe 'List issue resource label events', :js do
    let!(:event)    { create(:resource_label_event, user: user, issue: issue, label: label) }
    before do
      stub_feature_flags(remove_user_attributes: false)
      visit project_issue_path(project, issue)
      wait_for_requests
    end
--- a/spec/features/merge_request/user_comments_on_diff_spec.rb
+++ b/spec/features/merge_request/user_comments_on_diff_spec.rb
@ -14,6 +14,7 @@ RSpec.describe 'User comments on a diff', :js do
  let(:user) { create(:user) }
  before do
    stub_feature_flags(remove_user_attributes: false)
    project.add_maintainer(user)
    sign_in(user)
--- a/spec/features/merge_request/user_comments_on_merge_request_spec.rb
+++ b/spec/features/merge_request/user_comments_on_merge_request_spec.rb
@ -10,6 +10,7 @@ RSpec.describe 'User comments on a merge request', :js do
  let(:user) { create(:user) }
  before do
    stub_feature_flags(remove_user_attributes: false)
    project.add_maintainer(user)
    sign_in(user)
--- a/spec/features/merge_request/user_views_user_status_on_merge_request_spec.rb
+++ b/spec/features/merge_request/user_views_user_status_on_merge_request_spec.rb
@ -8,6 +8,10 @@ RSpec.describe 'Project > Merge request > View user status' do
    create(:merge_request, source_project: project, target_project: project, author: create(:user))
  end
  before do
    stub_feature_flags(remove_user_attributes: false)
  end
  subject { visit merge_request_path(merge_request) }
  context 'for notes', :js do
--- a/spec/features/profiles/user_edit_profile_spec.rb
+++ b/spec/features/profiles/user_edit_profile_spec.rb
@ -8,6 +8,7 @@ RSpec.describe 'User edit profile' do
  let(:user) { create(:user) }
  before do
    stub_feature_flags(remove_user_attributes: false)
    sign_in(user)
    visit(profile_path)
  end
--- a/spec/frontend/nav/components/top_nav_app_spec.js
+++ b/spec/frontend/nav/components/top_nav_app_spec.js
@ -30,9 +30,10 @@ describe('~/nav/components/top_nav_app.vue', () => {
    it('renders nav item dropdown', () => {
      expect(findNavItemDropdown().attributes('href')).toBeUndefined();
      expect(findNavItemDropdown().attributes()).toMatchObject({
-        icon: 'hamburger',
+        icon: '',
-        text: TEST_NAV_DATA.activeTitle,
+        text: '',
        'no-flip': '',
        'no-caret': '',
      });
    });
--- a/spec/frontend/nav/mock_data.js
+++ b/spec/frontend/nav/mock_data.js
@ -1,7 +1,7 @@
 import { range } from 'lodash';
 export const TEST_NAV_DATA = {
-  activeTitle: 'Test Active Title',
+  menuTitle: 'Test Menu Title',
  primary: [
    ...['projects', 'groups'].map((view) => ({
      id: view,
--- a/spec/frontend/notes/components/note_header_spec.js
+++ b/spec/frontend/notes/components/note_header_spec.js
@ -40,13 +40,18 @@ describe('NoteHeader component', () => {
    availability: '',
  };
-  const createComponent = (props) => {
+  const createComponent = (props, userAttributes = false) => {
    wrapper = shallowMountExtended(NoteHeader, {
      store: new Vuex.Store({
        actions,
      }),
      propsData: { ...props },
      stubs: { GlSprintf, UserNameWithStatus },
      provide: {
        glFeatures: {
          removeUserAttributes: userAttributes,
        },
      },
    });
  };
@ -55,6 +60,26 @@ describe('NoteHeader component', () => {
    wrapper = null;
  });
  describe('when removeUserAttributes feature flag is enabled', () => {
    it('does not render busy status', () => {
      createComponent({ author: { ...author, availability: AVAILABILITY_STATUS.BUSY } }, true);
      expect(wrapper.find('.note-header-info').text()).not.toContain('(Busy)');
    });
    it('does not render author status', () => {
      createComponent({ author }, true);
      expect(findAuthorStatus().exists()).toBe(false);
    });
    it('does not render username', () => {
      createComponent({ author }, true);
      expect(wrapper.find('.note-header-info').text()).not.toContain('@');
    });
  });
  it('does not render discussion actions when includeToggle is false', () => {
    createComponent({
      includeToggle: false,
--- a/spec/helpers/nav/top_nav_helper_spec.rb
+++ b/spec/helpers/nav/top_nav_helper_spec.rb
@ -27,9 +27,11 @@ RSpec.describe Nav::TopNavHelper do
    let(:subject) { helper.top_nav_view_model(project: current_project, group: current_group) }
-    let(:active_title) { 'Menu' }
+    let(:menu_title) { 'Menu' }
    before do
      stub_feature_flags(new_navbar_layout: false)
      allow(Gitlab::CurrentSettings).to receive(:admin_mode) { with_current_settings_admin_mode }
      allow(helper).to receive(:header_link?).with(:admin_mode) { with_header_link_admin_mode }
@ -44,8 +46,8 @@ RSpec.describe Nav::TopNavHelper do
      allow(helper).to receive(:dashboard_nav_link?).with(:activity) { with_activity }
    end
-    it 'has :activeTitle' do
+    it 'has :menuTitle' do
-      expect(subject[:activeTitle]).to eq(active_title)
+      expect(subject[:menuTitle]).to eq(menu_title)
    end
    context 'when current_user is nil (anonymous)' do
@ -103,7 +105,7 @@ RSpec.describe Nav::TopNavHelper do
      let(:current_user) { user }
      it 'has no menu items or views by default' do
-        expect(subject).to eq({ activeTitle: active_title,
+        expect(subject).to eq({ menuTitle: menu_title,
                                primary: [],
                                secondary: [],
                                shortcuts: [],
--- a/spec/support/shared_examples/features/comments_on_merge_request_files_shared_examples.rb
+++ b/spec/support/shared_examples/features/comments_on_merge_request_files_shared_examples.rb
@ -1,6 +1,10 @@
 # frozen_string_literal: true
 RSpec.shared_examples 'comment on merge request file' do
  before do
    stub_feature_flags(remove_user_attributes: false)
  end
  it 'adds a comment' do
    click_diff_line(find_by_scrolling("[id='#{sample_commit.line_code}']"))
--- a/spec/support/shared_examples/features/discussion_comments_shared_example.rb
+++ b/spec/support/shared_examples/features/discussion_comments_shared_example.rb
@ -10,6 +10,10 @@ RSpec.shared_examples 'thread comments for commit and snippet' do |resource_name
  let(:comments_selector) { '.timeline > .note.timeline-entry:not(.being-posted)' }
  let(:comment) { 'My comment' }
  before do
    stub_feature_flags(remove_user_attributes: false)
  end
  it 'clicking "Comment" will post a comment' do
    wait_for_all_requests