Add latest changes from gitlab-org/gitlab@master

2024-03-21 09:46:08 +00:00 · 2024-03-21 09:46:08 +00:00 · daf5e72855
parent 059cc73b5f
commit daf5e72855
14 changed files with 96 additions and 39 deletions
--- a/app/assets/javascripts/token_access/components/outbound_token_access.vue
+++ b/app/assets/javascripts/token_access/components/outbound_token_access.vue
@ -39,7 +39,7 @@ export default {
    projectsFetchError: __('There was a problem fetching the projects'),
    scopeFetchError: __('There was a problem fetching the job token scope value'),
    outboundTokenAlertDeprecationMessage: s__(
-      `CICD|The %{boldStart}Limit CI_JOB_TOKEN%{boldEnd} scope is deprecated and will be removed the 17.0 milestone. Configure the %{boldStart}CI_JOB_TOKEN%{boldEnd} allowlist instead. %{linkStart}How do I do this?%{linkEnd}`,
+      `CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}to%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}`,
    ),
    disableToggleWarning: s__('CICD|Disabling this feature is a permanent change.'),
  },
@ -223,6 +223,11 @@ export default {
          <template #bold="{ content }">
            <strong>{{ content }}</strong>
          </template>
+          <template #italicAndBold="{ content }">
+            <i
+              ><strong>{{ content }}</strong></i
+            >
+          </template>
          <template #link="{ content }">
            <gl-link
              :href="$options.deprecationDocumentationLink"
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@ -298,8 +298,8 @@ class Namespace < ApplicationRecord
        .order(
          Arel.sql(sanitize_sql(
            [
-              "CASE WHEN starts_with(REPLACE(routes.name, ' ', ''), :pattern) OR starts_with(routes.path, :pattern) THEN 1 ELSE 2 END",
-              { pattern: query }
+              "CASE WHEN REPLACE(routes.name, ' ', '') ILIKE :prefix_pattern OR routes.path ILIKE :prefix_pattern THEN 1 ELSE 2 END",
+              { prefix_pattern: "#{sanitize_sql_like(query)}%" }
            ]
          )),
          'routes.path'
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -903,8 +903,8 @@ class User < MainClusterwide::ApplicationRecord
      ).order(
        Arel.sql(sanitize_sql(
          [
-            "CASE WHEN starts_with(REPLACE(users.name, ' ', ''), :pattern) OR starts_with(users.username, :pattern) THEN 1 ELSE 2 END",
-            { pattern: query }
+            "CASE WHEN REPLACE(users.name, ' ', '') ILIKE :prefix_pattern OR users.username ILIKE :prefix_pattern THEN 1 ELSE 2 END",
+            { prefix_pattern: "#{sanitize_sql_like(query)}%" }
          ]
        )),
        :username,
--- a/doc/api/project_job_token_scopes.md
+++ b/doc/api/project_job_token_scopes.md
@ -35,7 +35,7 @@ If successful, returns [`200`](rest/index.md#status-codes) and the following res
 | Attribute          | Type    | Description |
 |--------------------|---------|-------------|
 | `inbound_enabled`  | boolean | Indicates if the [**Limit access _to_ this project** setting](../ci/jobs/ci_job_token.md#add-a-project-to-the-job-token-allowlist) is enabled. |
-| `outbound_enabled` | boolean | Indicates if the CI/CD job token generated in this project has access to other projects. [Deprecated and planned for removal in GitLab 17.0](../update/deprecations.md#default-cicd-job-token-ci_job_token-scope-changed). |
+| `outbound_enabled` | boolean | Indicates if the CI/CD job token generated in this project has access to other projects. [Deprecated and planned for removal in GitLab 18.0](../update/deprecations.md#default-cicd-job-token-ci_job_token-scope-changed). |

 Example request:

--- a/doc/integration/jira/troubleshooting.md
+++ b/doc/integration/jira/troubleshooting.md
@ -240,15 +240,19 @@ Check [`production.log`](../../administration/logs/index.md#productionlog) to se

 If that's the case, ensure the [**Due date** field is visible for issues](https://confluence.atlassian.com/jirakb/due-date-field-is-missing-189431917.html) in the integrated Jira project.

-### `An error occurred while requesting data from Jira`
+### Error when requesting data from Jira

-When you try to view the Jira issue list in GitLab, you might get this message:
+When you try to view the Jira issue list or create a Jira issue in GitLab, you might get one of the following errors:

 ```plaintext
 An error occurred while requesting data from Jira
 ```

-This error occurs when the authentication for the Jira issue integration is not complete or correct.
+```plaintext
+An error occurred while fetching issue list. Connection failed. Check your integration settings.
+```
+
+These errors occur when the authentication for the Jira issue integration is not complete or correct.

 To resolve this issue, [configure the Jira issue integration](configure.md#configure-the-integration) again.
 Ensure the authentication details are correct, enter your API token or password again, and save your changes.
--- a/doc/user/project/repository/code_suggestions/supported_extensions.md
+++ b/doc/user/project/repository/code_suggestions/supported_extensions.md
@ -40,10 +40,10 @@ The following languages are supported:
 | C                | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes |
 | C++              | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | C#               | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
-| CSS              | **{dotted-circle}** No  | **{check-circle}** Yes | **{dotted-circle}** No  | **{dotted-circle}** No  |
+| CSS              | **{dotted-circle}** No  | **{check-circle}** Yes | **{check-circle}** Yes  | **{check-circle}** Yes  |
 | Go               | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | Google SQL       | **{dotted-circle}** No | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
-| HTML             | **{dotted-circle}** No  | **{check-circle}** Yes | **{dotted-circle}** No  | **{dotted-circle}** No  |
+| HTML             | **{dotted-circle}** No  | **{check-circle}** Yes | **{check-circle}** Yes  | **{check-circle}** Yes  |
 | Java             | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | JavaScript       | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | Kotlin           | **{check-circle}** Yes <br><br>(Requires third-party extension providing Kotlin support) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
@ -52,7 +52,7 @@ The following languages are supported:
 | Ruby             | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | Rust             | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | Scala            | **{check-circle}** Yes <br><br>(Requires third-party extension providing Scala support) | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
-| Shell scripts (`bash` only) | **{dotted-circle}** No  | **{check-circle}** Yes | **{dotted-circle}** No  | **{dotted-circle}** No  |
+| Shell scripts (`bash` only) | **{dotted-circle}** No  | **{check-circle}** Yes | **{check-circle}** Yes  | **{check-circle}** Yes  |
 | Swift            | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | TypeScript       | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes |
 | Terraform        | **{check-circle}** Yes <br><br>(Requires third-party extension providing Terraform support) | **{check-circle}** Yes | **{dotted-circle}** No | **{check-circle}** Yes <br><br>(Requires third-party extension providing the `terraform` file type) |
--- a/lib/gitlab/background_migration/job_coordinator.rb
+++ b/lib/gitlab/background_migration/job_coordinator.rb
@ -46,25 +46,32 @@ module Gitlab
        @queue ||= worker_class.sidekiq_options['queue']
      end

+      def sidekiq_redis_pool
+        @sidekiq_redis_pool ||=
+          Gitlab::SidekiqSharding::Router.get_shard_instance(worker_class.sidekiq_options['store']).last
+      end
+
      def with_shared_connection(&block)
        Gitlab::Database::SharedModel.using_connection(connection, &block)
      end

      def pending_jobs(include_dead_jobs: false)
        Enumerator.new do |y|
-          queues = [
-            Sidekiq::ScheduledSet.new,
-            Sidekiq::Queue.new(self.queue)
-          ]
+          Sidekiq::Client.via(sidekiq_redis_pool) do
+            queues = [
+              Sidekiq::ScheduledSet.new,
+              Sidekiq::Queue.new(self.queue)
+            ]

-          if include_dead_jobs
-            queues << Sidekiq::RetrySet.new
-            queues << Sidekiq::DeadSet.new
-          end
+            if include_dead_jobs
+              queues << Sidekiq::RetrySet.new
+              queues << Sidekiq::DeadSet.new
+            end

-          queues.each do |queue|
-            queue.each do |job|
-              y << job if job.klass == worker_class.name
+            queues.each do |queue|
+              queue.each do |job|
+                y << job if job.klass == worker_class.name
+              end
            end
          end
        end
@ -72,19 +79,21 @@ module Gitlab

      def steal(steal_class, retry_dead_jobs: false)
        with_shared_connection do
-          pending_jobs(include_dead_jobs: retry_dead_jobs).each do |job|
-            migration_class, migration_args = job.args
+          Sidekiq::Client.via(sidekiq_redis_pool) do
+            pending_jobs(include_dead_jobs: retry_dead_jobs).each do |job|
+              migration_class, migration_args = job.args

-            next unless migration_class == steal_class
-            next if block_given? && !(yield job)
+              next unless migration_class == steal_class
+              next if block_given? && !(yield job)

-            begin
-              perform(migration_class, migration_args) if job.delete
-            rescue Exception # rubocop:disable Lint/RescueException
-              worker_class # enqueue this migration again
-                .perform_async(migration_class, migration_args)
+              begin
+                perform(migration_class, migration_args) if job.delete
+              rescue Exception # rubocop:disable Lint/RescueException
+                worker_class # enqueue this migration again
+                  .perform_async(migration_class, migration_args)

-              raise
+                raise
+              end
            end
          end
        end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -9658,7 +9658,7 @@ msgstr ""
 msgid "CICD|Prevent access to this project from other project CI/CD job tokens, unless the other project is added to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API. %{linkStart}Learn more.%{linkEnd}"
 msgstr ""

-msgid "CICD|The %{boldStart}Limit CI_JOB_TOKEN%{boldEnd} scope is deprecated and will be removed the 17.0 milestone. Configure the %{boldStart}CI_JOB_TOKEN%{boldEnd} allowlist instead. %{linkStart}How do I do this?%{linkEnd}"
+msgid "CICD|The %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}from%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting is deprecated and will be removed in the 18.0 milestone. Use the %{boldStart}Limit access %{boldEnd}%{italicAndBoldStart}to%{italicAndBoldEnd}%{boldStart} this project%{boldEnd} setting and allowlist instead. %{linkStart}How do I do this?%{linkEnd}"
 msgstr ""

 msgid "CICD|The Auto DevOps pipeline runs by default in all projects with no CI/CD configuration file. %{link_start}What is Auto DevOps?%{link_end}"
--- a/qa/qa/specs/features/browser_ui/3_create/snippet/clone_push_pull_personal_snippet_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/snippet/clone_push_pull_personal_snippet_spec.rb
@ -28,7 +28,7 @@ module QA
        ssh_key.remove_via_api!
      end

-      it 'clones, pushes, and pulls a snippet over HTTP, edits via UI', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347793' do
+      it 'clones, pushes, and pulls a snippet over HTTP, edits via UI', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347793' do
        push = Resource::Repository::Push.fabricate! do |push|
          push.repository_http_uri = repository_uri_http
          push.file_name = new_file
--- a/qa/qa/specs/features/browser_ui/3_create/snippet/create_personal_snippet_with_multiple_files_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/snippet/create_personal_snippet_with_multiple_files_spec.rb
@ -22,7 +22,7 @@ module QA
        Flow::Login.sign_in
      end

-      it 'creates a personal snippet with multiple files', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347723' do
+      it 'creates a personal snippet with multiple files', :blocking, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347723' do
        snippet

        Page::Dashboard::Snippet::Show.perform do |snippet|
--- a/spec/dot_gitlab_ci/rules_spec.rb
+++ b/spec/dot_gitlab_ci/rules_spec.rb
@ -171,6 +171,7 @@ RSpec.describe '.gitlab/ci/rules.gitlab-ci.yml', feature_category: :tooling do
        '.gitlab/CODEOWNERS',
        '.gitleaksignore',
        '.gitpod.yml',
+        '.graphqlrc',
        '.index.yml.example',
        '.license_encryption_key.pub',
        '.mailmap',
--- a/spec/lib/gitlab/background_migration/job_coordinator_spec.rb
+++ b/spec/lib/gitlab/background_migration/job_coordinator_spec.rb
@ -7,6 +7,12 @@ RSpec.describe Gitlab::BackgroundMigration::JobCoordinator do
  let(:tracking_database) { worker_class.tracking_database }
  let(:coordinator) { described_class.new(worker_class) }

+  let(:redis_pool) do
+    params = Gitlab::Redis::Queues.params
+    params[:db] = params[:db] + 1 if params[:db]
+    Sidekiq::RedisConnection.create(params) # rubocop:disable Rails/SaveBang -- RedisConnection only has .create
+  end
+
  describe '.for_tracking_database' do
    it 'returns an executor with the correct worker class and database' do
      coordinator = described_class.for_tracking_database(tracking_database)
@ -74,8 +80,24 @@ RSpec.describe Gitlab::BackgroundMigration::JobCoordinator do
        allow(Sidekiq::DeadSet).to receive(:new).and_return(dead_set)
      end

+      context 'when using a different shard instance' do
+        before do
+          if coordinator.instance_variable_defined?(:@sidekiq_redis_pool)
+            coordinator.remove_instance_variable(:@sidekiq_redis_pool)
+          end
+
+          allow(Gitlab::SidekiqSharding::Router).to receive(:get_shard_instance).and_return(['shard', redis_pool])
+        end
+
+        it 'uses the appropriate shard for the store' do
+          expect(Sidekiq::Client).to receive(:via).with(redis_pool)
+
+          coordinator.pending_jobs.to_a
+        end
+      end
+
      it 'does not include jobs for other workers' do
-        expect(coordinator.pending_jobs).not_to include(queue_incorrect_job_class.first)
+        expect(coordinator.pending_jobs.to_a).not_to include(queue_incorrect_job_class.first)
      end

      context 'when not including dead jobs' do
@ -108,6 +130,22 @@ RSpec.describe Gitlab::BackgroundMigration::JobCoordinator do
          .and_return(queue)
      end

+      context 'when using a different shard instance' do
+        before do
+          if coordinator.instance_variable_defined?(:@sidekiq_redis_pool)
+            coordinator.remove_instance_variable(:@sidekiq_redis_pool)
+          end
+
+          allow(Gitlab::SidekiqSharding::Router).to receive(:get_shard_instance).and_return(['shard', redis_pool])
+        end
+
+        it 'wraps job processing within Sidekiq::Client.via' do
+          expect(Sidekiq::Client).to receive(:via).with(redis_pool)
+
+          coordinator.steal('Foo')
+        end
+      end
+
      context 'when queue contains unprocessed jobs' do
        it 'steals jobs from a queue' do
          expect(queue[0]).to receive(:delete).and_return(true)
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@ -1166,7 +1166,7 @@ RSpec.describe Namespace, feature_category: :groups_and_projects do
    end

    it 'prioritizes sorting of matches that start with the query' do
-      expect(described_class.gfm_autocomplete_search('pare')).to eq([parent_group, group_1, group_2])
+      expect(described_class.gfm_autocomplete_search('pArE')).to eq([parent_group, group_1, group_2])
    end

    it 'falls back to sorting by full path' do
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -3570,7 +3570,7 @@ RSpec.describe User, feature_category: :user_profile do
    end

    it 'prioritizes sorting of matches that start with the query' do
-      expect(described_class.gfm_autocomplete_search('user')).to eq([user_2, user_1])
+      expect(described_class.gfm_autocomplete_search('uSeR')).to eq([user_2, user_1])
    end

    it 'falls back to sorting by username' do