Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/frontend.gitlab-ci.yml

@@ -247,7 +247,7 @@ coverage-frontend:
   extends:
     - .default-retry
     - .yarn-cache
-    - .frontend:rules:ee-mr-and-default-branch-only
+    - .frontend:rules:coverage-frontend
   needs:
     - job: "jest"
       optional: true

.gitlab/ci/rules.gitlab-ci.yml

@@ -839,13 +839,14 @@
     - <<: *if-merge-request
       changes: *frontend-patterns-for-as-if-foss
 
-.frontend:rules:ee-mr-and-default-branch-only:
+.frontend:rules:coverage-frontend:
   rules:
     - <<: *if-not-ee
       when: never
+    - <<: *if-merge-request-labels-pipeline-revert
+      when: never
     - <<: *if-merge-request
       changes: *code-backstage-patterns
-      when: always
     - <<: *if-default-branch-refs
       changes: *code-backstage-patterns
 
@@ -1374,12 +1375,12 @@
   rules:
     - <<: *if-not-ee
       when: never
+    - <<: *if-merge-request-labels-pipeline-revert
+      when: never
     - <<: *if-merge-request
       changes: *code-backstage-patterns
-      when: always
     - <<: *if-default-branch-schedule-maintenance
     - <<: *if-merge-request-labels-run-all-rspec
-      when: always
 
 .rails:rules:rspec-undercoverage:
   rules:
@@ -1419,6 +1420,8 @@
   rules:
     - <<: *if-not-ee
       when: never
+    - <<: *if-merge-request-labels-pipeline-revert
+      when: never
     - if: '$SKIP_FLAKY_TESTS_AUTOMATICALLY == "true" || $RETRY_FAILED_TESTS_IN_NEW_PROCESS == "true"'
       changes: *code-backstage-patterns
       when: always

Gemfile

@@ -349,7 +349,7 @@ group :development do
   gem 'solargraph', '~> 0.46.0', require: false
 
   gem 'letter_opener_web', '~> 2.0.0'
-  gem 'lookbook'
+  gem 'lookbook', '~> 1.0'
 
   # Better errors handler
   gem 'better_errors', '~> 2.9.1'

Gemfile.lock

@@ -815,9 +815,11 @@ GEM
     loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    lookbook (0.9.3)
+    lookbook (1.0.3)
       actioncable
+      css_parser
       htmlbeautifier (~> 1.3)
+      htmlentities (~> 4.3.4)
       listen (~> 3.0)
       railties (>= 5.0)
       redcarpet (~> 3.5)
@@ -1095,7 +1097,7 @@ GEM
     randexp (0.1.7)
     rash_alt (0.4.12)
       hashie (>= 3.4)
-    rb-fsevent (0.11.1)
+    rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rbtrace (0.4.14)
@@ -1648,7 +1650,7 @@ DEPENDENCIES
   lockbox (~> 0.6.2)
   lograge (~> 0.5)
   loofah (~> 2.18.0)
-  lookbook
+  lookbook (~> 1.0)
   lru_redux
   mail (= 2.7.1)
   mail-smtp_pool (~> 0.1.0)!

app/assets/javascripts/nav/components/top_nav_app.vue

@@ -1,14 +1,18 @@
 <script>
-import { GlNav, GlNavItemDropdown, GlDropdownForm } from '@gitlab/ui';
+import { GlNav, GlIcon, GlNavItemDropdown, GlDropdownForm, GlTooltipDirective } from '@gitlab/ui';
 import TopNavDropdownMenu from './top_nav_dropdown_menu.vue';
 
 export default {
   components: {
+    GlIcon,
     GlNav,
     GlNavItemDropdown,
     GlDropdownForm,
     TopNavDropdownMenu,
   },
+  directives: {
+    GlTooltip: GlTooltipDirective,
+  },
   props: {
     navData: {
       type: Object,
@@ -21,15 +25,20 @@ export default {
 <template>
   <gl-nav class="navbar-sub-nav">
     <gl-nav-item-dropdown
-      :text="navData.activeTitle"
+      v-gl-tooltip.bottom="navData.menuTooltip"
       data-qa-selector="navbar_dropdown"
-      :data-qa-title="navData.activeTitle"
-      icon="hamburger"
+      data-qa-title="Menu"
       menu-class="gl-mt-3! gl-max-w-none! gl-max-h-none! gl-sm-w-auto! js-top-nav-dropdown-menu"
       toggle-class="top-nav-toggle js-top-nav-dropdown-toggle gl-px-3!"
       no-flip
       no-caret
     >
+      <template #button-content>
+        <gl-icon name="hamburger" />
+        <span v-if="navData.menuTitle" class="gl-ml-3">
+          {{ navData.menuTitle }}
+        </span>
+      </template>
       <gl-dropdown-form>
         <top-nav-dropdown-menu
           :primary="navData.primary"

app/assets/javascripts/notes/components/note_header.vue

@@ -10,6 +10,7 @@ import { mapActions } from 'vuex';
 import { __, s__ } from '~/locale';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
 import UserNameWithStatus from '~/sidebar/components/assignees/user_name_with_status.vue';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 
 export default {
   safeHtmlConfig: { ADD_TAGS: ['gl-emoji'] },
@@ -26,6 +27,7 @@ export default {
     SafeHtml,
     GlTooltip: GlTooltipDirective,
   },
+  mixins: [glFeatureFlagsMixin()],
   props: {
     author: {
       type: Object,
@@ -183,21 +185,28 @@ export default {
         :data-user-id="author.id"
         :data-username="author.username"
       >
+        <span
+          v-if="glFeatures.removeUserAttributes"
+          class="note-header-author-name gl-font-weight-bold"
+        >
+          {{ authorName }}
+        </span>
         <user-name-with-status
+          v-if="!glFeatures.removeUserAttributes"
           :name="authorName"
           :availability="userAvailability(author)"
           container-classes="note-header-author-name gl-font-weight-bold"
         />
       </a>
       <span
-        v-if="authorStatus"
+        v-if="authorStatus && !glFeatures.removeUserAttributes"
         ref="authorStatus"
         v-safe-html:[$options.safeHtmlConfig]="authorStatus"
         v-on="
           authorStatusHasTooltip ? { mouseenter: removeEmojiTitle, mouseleave: addEmojiTitle } : {}
         "
       ></span>
-      <span class="text-nowrap author-username">
+      <span v-if="!glFeatures.removeUserAttributes" class="text-nowrap author-username">
         <a
           ref="authorUsernameLink"
           class="author-username-link"

app/assets/stylesheets/framework/header.scss

@@ -565,10 +565,6 @@
 }
 
 .top-nav-toggle {
-  .dropdown-icon {
-    @include gl-mr-3;
-  }
-
   .dropdown-chevron {
     top: 0;
   }

app/assets/stylesheets/startup/startup-dark.scss

@@ -1001,9 +1001,6 @@ kbd {
   visibility: hidden;
   top: 3px;
 }
-.top-nav-toggle .dropdown-icon {
-  margin-right: 0.5rem;
-}
 .tanuki-logo .tanuki {
   fill: #e24329;
 }

app/assets/stylesheets/startup/startup-general.scss

@@ -982,9 +982,6 @@ kbd {
   visibility: hidden;
   top: 3px;
 }
-.top-nav-toggle .dropdown-icon {
-  margin-right: 0.5rem;
-}
 .tanuki-logo .tanuki {
   fill: #e24329;
 }

app/controllers/projects/incidents_controller.rb

@@ -11,6 +11,7 @@ class Projects::IncidentsController < Projects::ApplicationController
     push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?)
     push_frontend_feature_flag(:work_items_hierarchy, @project)
+    push_frontend_feature_flag(:remove_user_attributes, @group)
   end
 
   feature_category :incident_management

app/controllers/projects/issues_controller.rb

@@ -42,6 +42,7 @@ class Projects::IssuesController < Projects::ApplicationController
 
   before_action do
     push_frontend_feature_flag(:incident_timeline, project)
+    push_frontend_feature_flag(:remove_user_attributes, @group)
   end
 
   before_action only: [:index, :show] do

app/controllers/projects/merge_requests_controller.rb

@@ -45,6 +45,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     push_frontend_feature_flag(:paginated_mr_discussions, project)
     push_frontend_feature_flag(:mr_review_submit_comment, project)
     push_frontend_feature_flag(:mr_experience_survey, project)
+    push_frontend_feature_flag(:remove_user_attributes, @group)
   end
 
   before_action do

app/views/layouts/nav/_top_nav.html.haml

@@ -1,9 +1,10 @@
 - view_model = top_nav_view_model(project: @project, group: @group)
-%ul.list-unstyled.navbar-sub-nav#js-top-nav{ data: { view_model: view_model.to_json } }
+%ul.list-unstyled.nav.navbar-sub-nav#js-top-nav{ data: { view_model: view_model.to_json } }
   %li
     %a.top-nav-toggle{ href: '#', type: 'button', data: { toggle: "dropdown" } }
-      = sprite_icon('hamburger', css_class: "dropdown-icon")
-      = view_model[:activeTitle]
+      = sprite_icon('hamburger')
+      - if view_model[:menuTitle]
+        .gl-ml-3= view_model[:menuTitle]
 
 .hidden
   - view_model[:shortcuts].each do |shortcut|

config/application.rb

@@ -264,6 +264,7 @@ module Gitlab
     config.assets.precompile << "page_bundles/cycle_analytics.css"
     config.assets.precompile << "page_bundles/dashboard_projects.css"
     config.assets.precompile << "page_bundles/dev_ops_reports.css"
+    config.assets.precompile << "page_bundles/environments.css"
     config.assets.precompile << "page_bundles/epics.css"
     config.assets.precompile << "page_bundles/error_tracking_details.css"
     config.assets.precompile << "page_bundles/error_tracking_index.css"

config/environments/development.rb

@@ -50,6 +50,8 @@ Rails.application.configure do
   # Push preview path now to prevent FrozenError during view_component's initialzer
   config.autoload_paths.push("#{config.root}/spec/components/previews")
 
+  config.lookbook.page_paths = ["#{config.root}/spec/components/docs"]
+
   # Adds additional error checking when serving assets at runtime.
   # Checks for improperly declared sprockets dependencies.
   # Raises helpful error messages.

config/feature_flags/development/new_navbar_layout.yml

@@ -0,0 +1,8 @@
+---
+name: new_navbar_layout
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96853
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/366082
+milestone: '15.4'
+type: development
+group: group::foundations
+default_enabled: false

config/feature_flags/development/remove_user_attributes.yml

@@ -0,0 +1,8 @@
+---
+name: remove_user_attributes
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96447
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/372047
+milestone: '15.4'
+type: development
+group: group::code review
+default_enabled: false

config/initializers/lookbook.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-if Rails.env.development?
-  # :nocov: Lookbook is only available in development
-  Lookbook::ApplicationController.class_eval do
-    content_security_policy false
-  end
-
-  Rails.application.configure do
-    config.lookbook.experimental_features = [:pages]
-    config.lookbook.page_paths = ["#{config.root}/spec/components/docs"]
-  end
-  # :nocov:
-end

doc/administration/troubleshooting/ssl.md

@@ -251,3 +251,13 @@ You must specify that Git should use OpenSSL:
 ```shell
 git config --system http.sslbackend openssl
 ```
+
+Alternatively, you can ignore SSL verification by running:
+
+WARNING:
+Proceed with caution when [ignoring SSL](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslVerify)
+due to the potential security issues associated with disabling this option at global level. Use this option _only_ when troubleshooting, and reinstate SSL verification immediately after.
+
+```shell
+git config --global http.sslVerify false
+```

doc/ci/examples/deployment/index.md

@@ -47,6 +47,7 @@ staging:
   script:
     - gem install dpl
     - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
+  environment: staging
 ```
 
 In the above example we use Dpl to deploy `my-app-staging` to Heroku server with API key stored in `HEROKU_STAGING_API_KEY` secure variable.
@@ -70,6 +71,7 @@ staging:
     - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
   only:
     - main
+  environment: staging
 ```
 
 The first line `apt-get update -yq` updates the list of available packages,
@@ -93,6 +95,7 @@ staging:
     - dpl --provider=heroku --app=my-app-staging --api_key=$HEROKU_STAGING_API_KEY
   only:
     - main
+  environment: staging
 
 production:
   stage: deploy
@@ -101,6 +104,7 @@ production:
     - dpl --provider=heroku --app=my-app-production --api_key=$HEROKU_PRODUCTION_API_KEY
   only:
     - tags
+  environment: production
 ```
 
 We created two deploy jobs that are executed on different events:

doc/ci/examples/end_to_end_testing_webdriverio/index.md

@@ -228,6 +228,7 @@ deploy_terraform:
   script:
     # Your Review App deployment scripts - for a working example please check https://gitlab.com/Flockademic/Flockademic/blob/5a45f1c2412e93810fab50e2dab8949e2d0633c7/.gitlab-ci.yml#L315
     - echo
+  environment: production
 e2e:firefox:
   stage: confidence-check
   services:

doc/ci/variables/index.md

@@ -592,6 +592,7 @@ deploy:
     BUILD_VARIABLE: value_from_deploy_job
   script:
     - echo "$BUILD_VARIABLE"  # Output is: 'value_from_build_job' due to precedence
+  environment: production
 ```
 
 The [`dependencies`](../yaml/index.md#dependencies) or
@@ -616,12 +617,19 @@ deploy_one:
     - echo "$BUILD_VERSION"  # Output is: 'hello'
   dependencies:
     - build
+  environment:
+    name: customer1
+    deployment_tier: production
+
 
 deploy_two:
   stage: deploy
   script:
     - echo "$BUILD_VERSION"  # Output is empty
   dependencies: []
+  environment:
+    name: customer2
+    deployment_tier: production
 
 deploy_three:
   stage: deploy
@@ -629,6 +637,10 @@ deploy_three:
     - echo "$BUILD_VERSION"  # Output is: 'hello'
   needs:
     - build
+  environment:
+    name: customer3
+    deployment_tier: production
+
 
 deploy_four:
   stage: deploy
@@ -637,6 +649,9 @@ deploy_four:
   needs:
     job: build
     artifacts: true
+  environment:
+    name: customer4
+    deployment_tier: production
 
 deploy_five:
   stage: deploy
@@ -645,6 +660,9 @@ deploy_five:
   needs:
     job: build
     artifacts: false
+  environment:
+    name: customer5
+    deployment_tier: production
 ```
 
 [Multi-project pipelines](../pipelines/downstream_pipelines.md#pass-dotenv-variables-created-in-a-job)

doc/user/application_security/api_fuzzing/index.md

@@ -1069,21 +1069,21 @@ This example excludes the `/auth` resource. This does not exclude child resource
 
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth
+  FUZZAPI_EXCLUDE_PATHS: /auth
 ```
 
 To exclude `/auth`, and child resources (`/auth/child`), we use a wildcard.
 
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth*
+  FUZZAPI_EXCLUDE_PATHS: /auth*
 ```
 
 To exclude multiple paths we can use the `;` character. In this example we exclude `/auth*` and `/v1/*`.
 
 ```yaml
 variables:
-  FUZZAPI_EXCLUDE_PATHS=/auth*;/v1/*
+  FUZZAPI_EXCLUDE_PATHS: /auth*;/v1/*
 ```
 
 ### Exclude parameters
@@ -1343,7 +1343,15 @@ Each value in `FUZZAPI_EXCLUDE_URLS` is a regular expression. Characters such as
 The following example excludes the URL `http://target/api/auth` and its child resources.
 
 ```yaml
+stages:
+  - fuzz
+
+include:
+  - template: API-Fuzzing.gitlab-ci.yml
+
 variables:
+  FUZZAPI_TARGET_URL: http://target/
+  FUZZAPI_OPENAPI: test-api-specification.json
   FUZZAPI_EXCLUDE_URLS: http://target/api/auth
 ```
 
@@ -1352,7 +1360,15 @@ variables:
 To exclude the URLs `http://target/api/buy` and `http://target/api/sell` but allowing to scan their child resources, for instance: `http://target/api/buy/toy` or `http://target/api/sell/chair`. You could use the value `http://target/api/buy/$,http://target/api/sell/$`. This value is using two regular expressions, each of them separated by a `,` character. Hence, it contains `http://target/api/buy$` and `http://target/api/sell$`. In each regular expression, the trailing `$` character points out where the matching URL should end.
 
 ```yaml
+stages:
+  - fuzz
+
+include:
+  - template: API-Fuzzing.gitlab-ci.yml
+
 variables:
+  FUZZAPI_TARGET_URL: http://target/
+  FUZZAPI_OPENAPI: test-api-specification.json
   FUZZAPI_EXCLUDE_URLS: http://target/api/buy/$,http://target/api/sell/$
 ```
 
@@ -1361,7 +1377,15 @@ variables:
 In order to exclude the URLs: `http://target/api/buy` and `http://target/api/sell`, and their child resources. To provide multiple URLs we use the `,` character as follows:
 
 ```yaml
+stages:
+  - fuzz
+
+include:
+  - template: API-Fuzzing.gitlab-ci.yml
+
 variables:
+  FUZZAPI_TARGET_URL: http://target/
+  FUZZAPI_OPENAPI: test-api-specification.json
   FUZZAPI_EXCLUDE_URLS: http://target/api/buy,http://target/api/sell
 ```
 
@@ -1370,7 +1394,15 @@ variables:
 In order to exclude exactly `https://target/api/v1/user/create` and `https://target/api/v2/user/create` or any other version (`v3`,`v4`, and more). We could use `https://target/api/v.*/user/create$`, in the previous regular expression `.` indicates any character and `*` indicates zero or more times, additionally `$` indicates that the URL should end there.
 
 ```yaml
+stages:
+  - fuzz
+
+include:
+  - template: API-Fuzzing.gitlab-ci.yml
+
 variables:
+  FUZZAPI_TARGET_URL: http://target/
+  FUZZAPI_OPENAPI: test-api-specification.json
   FUZZAPI_EXCLUDE_URLS: https://target/api/v.*/user/create$
 ```
 
@@ -1757,6 +1789,9 @@ This solution is for pipelines in which the target API URL doesn't change (is st
 For environments where the target API remains the same, we recommend you specify the target URL by using the `FUZZAPI_TARGET_URL` environment variable. In your `.gitlab-ci.yml` file, add a variable `FUZZAPI_TARGET_URL`. The variable must be set to the base URL of API testing target. For example:
 
 ```yaml
+stages:
+  - fuzz
+
 include:
   - template: API-Fuzzing.gitlab-ci.yml
 
@@ -1830,7 +1865,7 @@ API Security can still try to consume an OpenAPI document that does not fully co
   FUZZAPI_PROFILE: Quick-10
   FUZZAPI_TARGET_URL: http://test-deployment/
   FUZZAPI_OPENAPI: test-api-specification.json
-     FUZZAPI_OPENAPI_RELAXED_VALIDATION: On
+  FUZZAPI_OPENAPI_RELAXED_VALIDATION: 'On'
 ```
 
 ### `No operation in the OpenAPI document is consuming any supported media type`

doc/user/application_security/dast_api/index.md

@@ -1017,21 +1017,21 @@ This example excludes the `/auth` resource. This does not exclude child resource
 
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth
+  DAST_API_EXCLUDE_PATHS: /auth
 ```
 
 To exclude `/auth`, and child resources (`/auth/child`), we use a wildcard.
 
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth*
+  DAST_API_EXCLUDE_PATHS: /auth*
 ```
 
 To exclude multiple paths we use the `;` character. In this example we exclude `/auth*` and `/v1/*`.
 
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/auth*;/v1/*
+  DAST_API_EXCLUDE_PATHS: /auth*;/v1/*
 ```
 
 To exclude one or more nested levels within a path we use `**`. In this example we are testing API endpoints. We are testing `/api/v1/` and `/api/v2/` of a data query requesting `mass`, `brightness` and `coordinates` data for `planet`, `moon`, `star`, and `satellite` objects. Example paths that could be scanned include, but are not limited to:
@@ -1044,7 +1044,7 @@ In this example we test the `brightness` endpoint only:
 
 ```yaml
 variables:
-  DAST_API_EXCLUDE_PATHS=/api/**/mass;/api/**/coordinates
+  DAST_API_EXCLUDE_PATHS: /api/**/mass;/api/**/coordinates
 ```
 
 ### Exclude parameters
@@ -1304,7 +1304,15 @@ Each value in `DAST_API_EXCLUDE_URLS` is a regular expression. Characters such a
 The following example excludes the URL `http://target/api/auth` and its child resources.
 
 ```yaml
+stages:
+  - dast
+
+include:
+  - template: DAST-API.gitlab-ci.yml
+
 variables:
+  DAST_API_TARGET_URL: http://target/
+  DAST_API_OPENAPI: test-api-specification.json
   DAST_API_EXCLUDE_URLS: http://target/api/auth
 ```
 
@@ -1313,7 +1321,15 @@ variables:
 To exclude the URLs `http://target/api/buy` and `http://target/api/sell` but allowing to scan their child resources, for instance: `http://target/api/buy/toy` or `http://target/api/sell/chair`. You could use the value `http://target/api/buy/$,http://target/api/sell/$`. This value is using two regular expressions, each of them separated by a `,` character. Hence, it contains `http://target/api/buy$` and `http://target/api/sell$`. In each regular expression, the trailing `$` character points out where the matching URL should end.
 
 ```yaml
+stages:
+  - dast
+
+include:
+  - template: DAST-API.gitlab-ci.yml
+
 variables:
+  DAST_API_TARGET_URL: http://target/
+  DAST_API_OPENAPI: test-api-specification.json
   DAST_API_EXCLUDE_URLS: http://target/api/buy/$,http://target/api/sell/$
 ```
 
@@ -1322,7 +1338,15 @@ variables:
 In order to exclude the URLs: `http://target/api/buy` and `http://target/api/sell`, and their child resources. To provide multiple URLs we use the `,` character as follows:
 
 ```yaml
+stages:
+  - dast
+
+include:
+  - template: DAST-API.gitlab-ci.yml
+
 variables:
+  DAST_API_TARGET_URL: http://target/
+  DAST_API_OPENAPI: test-api-specification.json
   DAST_API_EXCLUDE_URLS: http://target/api/buy,http://target/api/sell
 ```
 
@@ -1331,7 +1355,15 @@ variables:
 In order to exclude exactly `https://target/api/v1/user/create` and `https://target/api/v2/user/create` or any other version (`v3`,`v4`, and more). We could use `https://target/api/v.*/user/create$`, in the previous regular expression `.` indicates any character and `*` indicates zero or more times, additionally `$` indicates that the URL should end there.
 
 ```yaml
+stages:
+  - dast
+
+include:
+  - template: DAST-API.gitlab-ci.yml
+
 variables:
+  DAST_API_TARGET_URL: http://target/
+  DAST_API_OPENAPI: test-api-specification.json
   DAST_API_EXCLUDE_URLS: https://target/api/v.*/user/create$
 ```
 
@@ -1575,6 +1607,9 @@ This solution is for pipelines in which the target API URL doesn't change (is st
 For environments where the target API remains the same, we recommend you specify the target URL by using the `DAST_API_TARGET_URL` environment variable. In your `.gitlab-ci.yml`, add a variable `DAST_API_TARGET_URL`. The variable must be set to the base URL of API testing target. For example:
 
 ```yaml
+stages:
+  - dast
+
 include:
   - template: DAST-API.gitlab-ci.yml
 
@@ -1640,7 +1675,7 @@ API Security can still try to consume an OpenAPI document that does not fully co
   DAST_API_PROFILE: Quick
   DAST_API_TARGET_URL: http://test-deployment/
   DAST_API_OPENAPI: test-api-specification.json
-     DAST_API_OPENAPI_RELAXED_VALIDATION: On
+  DAST_API_OPENAPI_RELAXED_VALIDATION: 'On'
 ```
 
 ### `No operation in the OpenAPI document is consuming any supported media type`

doc/user/compliance/license_compliance/index.md

@@ -890,3 +890,17 @@ root@6abb70e9f193:~#
 
 NOTE:
 Selecting a custom version of [Mono](https://www.mono-project.com/) or [.NET Core](https://dotnet.microsoft.com/download/dotnet) is currently not supported.
+
+### LicenseFinder::Maven: is not installed error
+
+If your project contains a `mvnw` or `mvnw.cmd` file, then the license scanning job may fail with the `LicenseFinder::Maven: is not installed error` error. To resolve this, modify the license scanning job to remove the files in the `before_script` section. Example:
+
+```yaml
+include:
+  - template: License-Scanning.gitlab-ci.yml
+
+license_scanning:
+  before_script:
+    - rm mvnw
+    - rm mvnw.cmd
+```

lib/gitlab/nav/top_nav_view_model_builder.rb

@@ -42,11 +42,14 @@ module Gitlab
       def build
         menu = @menu_builder.build
 
+        hide_menu_text = Feature.enabled?(:new_navbar_layout)
+
         menu.merge({
           views: @views,
           shortcuts: @shortcuts,
-          activeTitle: _('Menu')
-        })
+          menuTitle: (_('Menu') unless hide_menu_text),
+          menuTooltip: (_('Main menu') if hide_menu_text)
+        }.compact)
       end
     end
   end

locale/gitlab.pot

@@ -24046,6 +24046,9 @@ msgstr ""
 msgid "Mailgun events"
 msgstr ""
 
+msgid "Main menu"
+msgstr ""
+
 msgid "Maintenance mode"
 msgstr ""
 

qa/qa/specs/features/api/3_create/repository/project_archive_compare_spec.rb

@@ -53,12 +53,11 @@ module QA
           project.api_client = api_client
         end
 
-        Resource::Repository::ProjectPush.fabricate! do |push|
-          push.project = project
-          push.file_name = 'README.md'
-          push.file_content = '# This is a test project'
-          push.commit_message = 'Add README.md'
-          push.user = user
+        Resource::Repository::Commit.fabricate_via_api! do |commit|
+          commit.project = project
+          commit.add_files([{ file_path: 'README.md', content: '# This is a test project' }])
+          commit.commit_message = 'Add README.md'
+          commit.api_client = api_client
         end
 
         project

spec/features/discussion_comments/issue_spec.rb

@@ -8,6 +8,7 @@ RSpec.describe 'Thread Comments Issue', :js do
   let(:issue) { create(:issue, project: project) }
 
   before do
+    stub_feature_flags(remove_user_attributes: false)
     project.add_maintainer(user)
     sign_in(user)
 

spec/features/discussion_comments/merge_request_spec.rb

@@ -8,6 +8,7 @@ RSpec.describe 'Thread Comments Merge Request', :js do
   let(:merge_request) { create(:merge_request, source_project: project) }
 
   before do
+    stub_feature_flags(remove_user_attributes: false)
     project.add_maintainer(user)
     sign_in(user)
 

spec/features/issuables/markdown_references/jira_spec.rb

@@ -15,6 +15,8 @@ RSpec.describe "Jira", :js do
     before do
       remotelink = double(:remotelink, all: [], build: double(save!: true))
 
+      stub_feature_flags(remove_user_attributes: false)
+
       stub_request(:get, "https://jira.example.com/rest/api/2/issue/JIRA-5")
       stub_request(:post, "https://jira.example.com/rest/api/2/issue/JIRA-5/comment")
       allow_next_instance_of(JIRA::Resource::Issue) do |instance|

spec/features/issues/resource_label_events_spec.rb

@@ -14,6 +14,7 @@ RSpec.describe 'List issue resource label events', :js do
     let!(:event)    { create(:resource_label_event, user: user, issue: issue, label: label) }
 
     before do
+      stub_feature_flags(remove_user_attributes: false)
       visit project_issue_path(project, issue)
       wait_for_requests
     end

spec/features/merge_request/user_comments_on_diff_spec.rb

@@ -14,6 +14,7 @@ RSpec.describe 'User comments on a diff', :js do
   let(:user) { create(:user) }
 
   before do
+    stub_feature_flags(remove_user_attributes: false)
     project.add_maintainer(user)
     sign_in(user)
 

spec/features/merge_request/user_comments_on_merge_request_spec.rb

@@ -10,6 +10,7 @@ RSpec.describe 'User comments on a merge request', :js do
   let(:user) { create(:user) }
 
   before do
+    stub_feature_flags(remove_user_attributes: false)
     project.add_maintainer(user)
     sign_in(user)
 

spec/features/merge_request/user_views_user_status_on_merge_request_spec.rb

@@ -8,6 +8,10 @@ RSpec.describe 'Project > Merge request > View user status' do
     create(:merge_request, source_project: project, target_project: project, author: create(:user))
   end
 
+  before do
+    stub_feature_flags(remove_user_attributes: false)
+  end
+
   subject { visit merge_request_path(merge_request) }
 
   context 'for notes', :js do

spec/features/profiles/user_edit_profile_spec.rb

@@ -8,6 +8,7 @@ RSpec.describe 'User edit profile' do
   let(:user) { create(:user) }
 
   before do
+    stub_feature_flags(remove_user_attributes: false)
     sign_in(user)
     visit(profile_path)
   end

spec/frontend/nav/components/top_nav_app_spec.js

@@ -30,9 +30,10 @@ describe('~/nav/components/top_nav_app.vue', () => {
     it('renders nav item dropdown', () => {
       expect(findNavItemDropdown().attributes('href')).toBeUndefined();
       expect(findNavItemDropdown().attributes()).toMatchObject({
-        icon: 'hamburger',
-        text: TEST_NAV_DATA.activeTitle,
+        icon: '',
+        text: '',
         'no-flip': '',
+        'no-caret': '',
       });
     });
 

spec/frontend/nav/mock_data.js

@@ -1,7 +1,7 @@
 import { range } from 'lodash';
 
 export const TEST_NAV_DATA = {
-  activeTitle: 'Test Active Title',
+  menuTitle: 'Test Menu Title',
   primary: [
     ...['projects', 'groups'].map((view) => ({
       id: view,

spec/frontend/notes/components/note_header_spec.js

@@ -40,13 +40,18 @@ describe('NoteHeader component', () => {
     availability: '',
   };
 
-  const createComponent = (props) => {
+  const createComponent = (props, userAttributes = false) => {
     wrapper = shallowMountExtended(NoteHeader, {
       store: new Vuex.Store({
         actions,
       }),
       propsData: { ...props },
       stubs: { GlSprintf, UserNameWithStatus },
+      provide: {
+        glFeatures: {
+          removeUserAttributes: userAttributes,
+        },
+      },
     });
   };
 
@@ -55,6 +60,26 @@ describe('NoteHeader component', () => {
     wrapper = null;
   });
 
+  describe('when removeUserAttributes feature flag is enabled', () => {
+    it('does not render busy status', () => {
+      createComponent({ author: { ...author, availability: AVAILABILITY_STATUS.BUSY } }, true);
+
+      expect(wrapper.find('.note-header-info').text()).not.toContain('(Busy)');
+    });
+
+    it('does not render author status', () => {
+      createComponent({ author }, true);
+
+      expect(findAuthorStatus().exists()).toBe(false);
+    });
+
+    it('does not render username', () => {
+      createComponent({ author }, true);
+
+      expect(wrapper.find('.note-header-info').text()).not.toContain('@');
+    });
+  });
+
   it('does not render discussion actions when includeToggle is false', () => {
     createComponent({
       includeToggle: false,

spec/helpers/nav/top_nav_helper_spec.rb

@@ -27,9 +27,11 @@ RSpec.describe Nav::TopNavHelper do
 
     let(:subject) { helper.top_nav_view_model(project: current_project, group: current_group) }
 
-    let(:active_title) { 'Menu' }
+    let(:menu_title) { 'Menu' }
 
     before do
+      stub_feature_flags(new_navbar_layout: false)
+
       allow(Gitlab::CurrentSettings).to receive(:admin_mode) { with_current_settings_admin_mode }
       allow(helper).to receive(:header_link?).with(:admin_mode) { with_header_link_admin_mode }
 
@@ -44,8 +46,8 @@ RSpec.describe Nav::TopNavHelper do
       allow(helper).to receive(:dashboard_nav_link?).with(:activity) { with_activity }
     end
 
-    it 'has :activeTitle' do
-      expect(subject[:activeTitle]).to eq(active_title)
+    it 'has :menuTitle' do
+      expect(subject[:menuTitle]).to eq(menu_title)
     end
 
     context 'when current_user is nil (anonymous)' do
@@ -103,7 +105,7 @@ RSpec.describe Nav::TopNavHelper do
       let(:current_user) { user }
 
       it 'has no menu items or views by default' do
-        expect(subject).to eq({ activeTitle: active_title,
+        expect(subject).to eq({ menuTitle: menu_title,
                                 primary: [],
                                 secondary: [],
                                 shortcuts: [],

spec/support/shared_examples/features/comments_on_merge_request_files_shared_examples.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
 RSpec.shared_examples 'comment on merge request file' do
+  before do
+    stub_feature_flags(remove_user_attributes: false)
+  end
+
   it 'adds a comment' do
     click_diff_line(find_by_scrolling("[id='#{sample_commit.line_code}']"))
 

spec/support/shared_examples/features/discussion_comments_shared_example.rb

@@ -10,6 +10,10 @@ RSpec.shared_examples 'thread comments for commit and snippet' do |resource_name
   let(:comments_selector) { '.timeline > .note.timeline-entry:not(.being-posted)' }
   let(:comment) { 'My comment' }
 
+  before do
+    stub_feature_flags(remove_user_attributes: false)
+  end
+
   it 'clicking "Comment" will post a comment' do
     wait_for_all_requests