Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/frontend.gitlab-ci.yml

@@ -181,7 +181,8 @@ rspec-all frontend_fixture as-if-foss:
     - .frontend:rules:frontend_fixture-as-if-foss
     - .as-if-foss
   variables:
-    # We explicitely disable Crystalball here so as even in scheduled pipelines we don't need it since it's already enabled for `rspec-all frontend_fixture` there.
+    # We explicitly disable Crystalball here so as even in scheduled pipelines we don't need it
+    # since it's already enabled for `rspec-all frontend_fixture` there.
     CRYSTALBALL: "false"
     WEBPACK_VENDOR_DLL: "true"
     KNAPSACK_GENERATE_REPORT: ""

.haml-lint.yml

@@ -109,6 +109,7 @@ linters:
       # haml-lint force enables these: https://github.com/sds/haml-lint/blob/v0.51.0/config/forced_rubocop_config.yml
       - Layout/ArgumentAlignment
       - Layout/ArrayAlignment
+      - Layout/SpaceInsideParens # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147088
       - Layout/EndAlignment
 
       - Cop/LineBreakAfterGuardClauses

app/assets/javascripts/diffs/components/settings_dropdown.vue

@@ -22,13 +22,12 @@ export default {
   },
   computed: {
     ...mapGetters('diffs', ['isInlineView', 'isParallelView']),
-    ...mapState('diffs', ['renderTreeList', 'showWhitespace', 'viewDiffsFileByFile']),
+    ...mapState('diffs', ['showWhitespace', 'viewDiffsFileByFile']),
   },
   methods: {
     ...mapActions('diffs', [
       'setInlineDiffViewType',
       'setParallelDiffViewType',
-      'setRenderTreeList',
       'setShowWhitespace',
       'setFileByFile',
     ]),
@@ -60,25 +59,6 @@ export default {
           >{{ $options.i18n.preferences }}</span
         >
       </slot>
-      <div class="gl-px-3">
-        <span class="gl-font-weight-bold gl-display-block gl-mb-2">{{ __('File browser') }}</span>
-        <gl-button-group class="gl-display-flex">
-          <gl-button
-            :class="{ selected: !renderTreeList }"
-            class="gl-w-half js-list-view"
-            @click="setRenderTreeList({ renderTreeList: false })"
-          >
-            {{ __('List view') }}
-          </gl-button>
-          <gl-button
-            :class="{ selected: renderTreeList }"
-            class="gl-w-half js-tree-view"
-            @click="setRenderTreeList({ renderTreeList: true })"
-          >
-            {{ __('Tree view') }}
-          </gl-button>
-        </gl-button-group>
-      </div>
       <div class="gl-mt-3 gl-px-3">
         <span class="gl-font-weight-bold gl-display-block gl-mb-2">{{
           __('Compare changes')

app/assets/javascripts/diffs/components/tree_list.vue

@@ -1,5 +1,5 @@
 <script>
-import { GlTooltipDirective, GlIcon } from '@gitlab/ui';
+import { GlTooltipDirective, GlIcon, GlBadge, GlButtonGroup, GlButton } from '@gitlab/ui';
 // eslint-disable-next-line no-restricted-imports
 import { mapActions, mapGetters, mapState } from 'vuex';
 import micromatch from 'micromatch';
@@ -16,6 +16,9 @@ export default {
     GlTooltip: GlTooltipDirective,
   },
   components: {
+    GlBadge,
+    GlButtonGroup,
+    GlButton,
     TreeListHeight,
     GlIcon,
     DiffFileRow,
@@ -126,7 +129,7 @@ export default {
     },
   },
   methods: {
-    ...mapActions('diffs', ['toggleTreeOpen', 'goToFile']),
+    ...mapActions('diffs', ['toggleTreeOpen', 'goToFile', 'setRenderTreeList']),
     clearSearch() {
       this.search = '';
     },
@@ -139,6 +142,30 @@ export default {
 
 <template>
   <div class="tree-list-holder d-flex flex-column" data-testid="file-tree-container">
+    <div class="gl-display-flex gl-align-items-center gl-mb-3">
+      <h5 class="gl-display-inline-block gl-my-0">{{ __('Files') }}</h5>
+      <gl-badge size="sm" class="gl-ml-2">{{ allBlobs.length }}</gl-badge>
+      <gl-button-group class="gl-ml-auto">
+        <gl-button
+          v-gl-tooltip.hover
+          icon="list-bulleted"
+          :selected="!renderTreeList"
+          :title="__('List view')"
+          :aria-label="__('List view')"
+          data-testid="list-view-toggle"
+          @click="setRenderTreeList({ renderTreeList: false })"
+        />
+        <gl-button
+          v-gl-tooltip.hover
+          icon="file-tree"
+          :selected="renderTreeList"
+          :title="__('Tree view')"
+          :aria-label="__('Tree view')"
+          data-testid="tree-view-toggle"
+          @click="setRenderTreeList({ renderTreeList: true })"
+        />
+      </gl-button-group>
+    </div>
     <div class="gl-pb-3 position-relative tree-list-search d-flex">
       <div class="flex-fill d-flex">
         <gl-icon name="search" class="gl-absolute gl-top-3 gl-left-3 tree-list-icon" />

app/assets/javascripts/diffs/store/actions.js

@@ -437,6 +437,8 @@ export const assignDiscussionsToDiff = (
 };
 
 export const removeDiscussionsFromDiff = ({ commit }, removeDiscussion) => {
+  if (!removeDiscussion.diff_file) return;
+
   const {
     diff_file: { file_hash: fileHash },
     line_code: lineCode,

app/assets/javascripts/editor/schema/ci.json

@@ -239,6 +239,16 @@
             "always"
           ]
         },
+        "access": {
+          "markdownDescription": "Configure who can access the artifacts. [Learn More](https://docs.gitlab.com/ee/ci/yaml/#artifactsaccess).",
+          "default": "all",
+          "type": "string",
+          "enum": [
+            "none",
+            "developer",
+            "all"
+          ]
+        },
         "expire_in": {
           "type": "string",
           "markdownDescription": "How long artifacts should be kept. They are saved 30 days by default. Artifacts that have expired are removed periodically via cron job. Supports a wide variety of formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', '2h20min', '6 mos 1 day', '47 yrs 6 mos and 4d', '3 weeks and 2 days'. [Learn More](https://docs.gitlab.com/ee/ci/yaml/#artifactsexpire_in).",

app/assets/javascripts/environments/components/environments_app.vue

@@ -21,6 +21,7 @@ import ConfirmRollbackModal from './confirm_rollback_modal.vue';
 import DeleteEnvironmentModal from './delete_environment_modal.vue';
 import CanaryUpdateModal from './canary_update_modal.vue';
 import EmptyState from './empty_state.vue';
+import EnviromentsAppSkeletonLoader from './environments_app_skeleton_loader.vue';
 
 export default {
   components: {
@@ -28,6 +29,7 @@ export default {
     CanaryUpdateModal,
     ConfirmRollbackModal,
     EmptyState,
+    EnviromentsAppSkeletonLoader,
     EnvironmentFolder,
     EnableReviewAppModal,
     EnvironmentItem,
@@ -128,6 +130,9 @@ export default {
     hasEnvironments() {
       return this.environments.length > 0 || this.folders.length > 0;
     },
+    loading() {
+      return this.$apollo.queries.environmentApp.loading;
+    },
     showEmptyState() {
       return !this.$apollo.queries.environmentApp.loading && !this.hasEnvironments;
     },
@@ -144,7 +149,7 @@ export default {
       return this.activeCount > 0 || this.stoppedCount > 0;
     },
     showContent() {
-      return this.hasAnyEnvironment || this.hasSearch;
+      return !this.loading && (this.hasAnyEnvironment || this.hasSearch);
     },
     addEnvironment() {
       if (!this.canCreateEnvironment) {
@@ -268,6 +273,7 @@ export default {
     <stop-environment-modal :environment="environmentToStop" graphql />
     <confirm-rollback-modal :environment="environmentToRollback" graphql />
     <canary-update-modal :environment="environmentToChangeCanary" :weight="weight" />
+    <enviroments-app-skeleton-loader v-if="loading" :i18n="$options.i18n" :search-value="search" />
     <template v-if="showContent">
       <gl-tabs
         :action-secondary="openReviewAppModal"

app/assets/javascripts/environments/components/environments_app_skeleton_loader.vue

@@ -0,0 +1,77 @@
+<script>
+import {
+  GlLoadingIcon,
+  GlSkeletonLoader,
+  GlBadge,
+  GlSearchBoxByType,
+  GlTab,
+  GlTabs,
+} from '@gitlab/ui';
+
+export default {
+  components: {
+    GlLoadingIcon,
+    GlSkeletonLoader,
+    GlBadge,
+    GlSearchBoxByType,
+    GlTab,
+    GlTabs,
+  },
+  props: {
+    i18n: {
+      type: Object,
+      required: true,
+    },
+    searchValue: {
+      type: String,
+      required: true,
+    },
+  },
+};
+</script>
+
+<template>
+  <div>
+    <gl-tabs>
+      <gl-tab :disabled="true">
+        <template #title>
+          <span>{{ $props.i18n.active }}</span>
+          <gl-badge size="sm" class="gl-tab-counter-badge">
+            <gl-loading-icon label="" size="sm" color="dark" variant="dots" :inline="true" />
+          </gl-badge>
+        </template>
+      </gl-tab>
+      <gl-tab :disabled="true">
+        <template #title>
+          <span>{{ $props.i18n.stopped }}</span>
+          <gl-badge size="sm" class="gl-tab-counter-badge">
+            <gl-loading-icon label="" size="sm" color="dark" variant="dots" :inline="true" />
+          </gl-badge>
+        </template>
+      </gl-tab>
+    </gl-tabs>
+    <gl-search-box-by-type
+      class="gl-mb-4"
+      :disabled="true"
+      :value="$props.searchValue"
+      :placeholder="$props.i18n.searchPlaceholder"
+    />
+    <div class="gl-pt-6">
+      <gl-skeleton-loader :width="1248" :height="200">
+        <rect x="8" y="0" width="24" height="24" />
+        <rect x="46" y="5" width="247" height="15" />
+        <rect x="0" y="49" width="1248" height="1" />
+
+        <rect x="8" y="64" width="24" height="24" />
+        <rect x="46" y="69" width="247" height="15" />
+        <rect x="0" y="113" width="1248" height="1" />
+        <rect x="1168" y="64" width="80" height="32" />
+
+        <rect x="8" y="128" width="24" height="24" />
+        <rect x="46" y="133" width="247" height="15" />
+        <rect x="0" y="177" width="1248" height="1" />
+        <rect x="1168" y="128" width="80" height="32" />
+      </gl-skeleton-loader>
+    </div>
+  </div>
+</template>

app/assets/javascripts/pages/projects/home_panel/components/home_panel.vue

@@ -44,9 +44,6 @@ export default {
     copyProjectId() {
       return sprintf(s__('ProjectPage|Project ID: %{id}'), { id: this.projectId });
     },
-    isUserAdmin() {
-      return this.adminPath !== null && this.adminPath !== '';
-    },
   },
   i18n: {
     adminButtonTooltip: __('View project in admin area'),
@@ -59,7 +56,7 @@ export default {
     class="gl-align-items-center gl-display-flex gl-flex-wrap gl-gap-3 gl-justify-content-md-end project-repo-buttons"
   >
     <gl-button
-      v-if="isUserAdmin"
+      v-if="adminPath"
       v-gl-tooltip
       :aria-label="$options.i18n.adminButtonTooltip"
       :href="adminPath"

app/assets/javascripts/sidebar/components/crm_contacts/crm_contacts.vue

@@ -106,7 +106,9 @@ export default {
       <span> {{ contactCount }} </span>
     </div>
     <div class="hide-collapsed help-button gl-float-right">
-      <gl-link :href="$options.crmDocsLink" target="_blank"><gl-icon name="question-o" /></gl-link>
+      <gl-link :href="$options.crmDocsLink" target="_blank"
+        ><gl-icon name="question-o" class="gl-text-blue-600"
+      /></gl-link>
     </div>
     <div class="title hide-collapsed gl-mb-2 gl-line-height-20 gl-font-weight-bold">
       {{ contactsLabel }}

app/models/application_record.rb

@@ -8,6 +8,7 @@ class ApplicationRecord < ActiveRecord::Base
   include CrossDatabaseModification
   include SensitiveSerializableHash
   include ResetOnColumnErrors
+  include HasCheckConstraints
 
   self.abstract_class = true
 
@@ -130,6 +131,11 @@ class ApplicationRecord < ActiveRecord::Base
     object.is_a?(self)
   end
 
+  def self.nullable_column?(column_name)
+    columns.find { |column| column.name == column_name }.null &&
+      !not_null_check?(column_name)
+  end
+
   def readable_by?(user)
     Ability.allowed?(user, "read_#{to_ability_name}".to_sym, self)
   end

app/models/ci/build.rb

@@ -726,12 +726,24 @@ module Ci
       job_artifacts_archive.public_access?
     end
 
-    def artifact_is_public_in_config?
+    def artifacts_no_access?
+      return false if job_artifacts_archive.nil? # To backward compatibility return false if no artifacts found
+
+      job_artifacts_archive.none_access?
+    end
+
+    def artifact_access_setting_in_config
       artifacts_public = options.dig(:artifacts, :public)
+      artifacts_access = options.dig(:artifacts, :access)
 
-      return true if artifacts_public.nil? # Default artifacts:public to true
+      raise ArgumentError, 'artifacts:public and artifacts:access are mutually exclusive' if !artifacts_public.nil? && !artifacts_access.nil?
 
-      artifacts_public
+      return :public if artifacts_public == true || artifacts_access == 'all'
+      return :private if artifacts_public == false || artifacts_access == 'developer'
+      return :none if artifacts_access == 'none'
+
+      # default behaviour
+      :public
     end
 
     def artifacts_metadata_entry(path, **options)

app/models/ci/job_artifact.rb

@@ -19,7 +19,7 @@ module Ci
     self.primary_key = :id
     self.sequence_name = :ci_job_artifacts_id_seq
 
-    enum accessibility: { public: 0, private: 1 }, _suffix: true
+    enum accessibility: { public: 0, private: 1, none: 2 }, _suffix: true
 
     PLAN_LIMIT_PREFIX = 'ci_max_artifact_size_'
 
@@ -227,6 +227,10 @@ module Ci
       public_accessibility?
     end
 
+    def none_access?
+      none_accessibility?
+    end
+
     private
 
     def store_file_in_transaction!

app/models/concerns/enums/sbom.rb

@@ -121,5 +121,25 @@ module Enums
     def self.package_manager_from_trivy_pkg_type(pkg_type)
       PACKAGE_MANAGERS_FROM_TRIVY_PKG_TYPE[pkg_type]
     end
+
+    # We do not use the namespaced names for OS component types even
+    # if the PURL specification declares otherwise, since this will
+    # preserve the name format established by the container-scanning
+    # analyzers. For example, a namespaced name for an Alpine cURL component
+    # might look like `apk/curl` when found by an SBOM generator. If found
+    # by a container-scanning analyzer, this same component would be reported
+    # as `curl`. The differences in naming would impact dependency and
+    # vulnerability deduplication, and if left as is would create dependency
+    # lists and vulnerability reports that are inaccurate.
+    #
+    # For full details, see https://gitlab.com/gitlab-org/gitlab/-/issues/442847
+    def self.use_namespaced_name?(purl_type)
+      case purl_type
+      when 'apk', 'deb', 'rpm'
+        false
+      else
+        true
+      end
+    end
   end
 end

app/models/concerns/has_check_constraints.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module HasCheckConstraints
+  extend ActiveSupport::Concern
+
+  NOT_NULL_CHECK_PATTERN = /IS NOT NULL/i
+
+  class_methods do
+    def not_null_check?(column_name)
+      constraints.any? do |constraint|
+        constraint.constraint_valid &&
+          constraint.column_names.include?(column_name) &&
+          NOT_NULL_CHECK_PATTERN.match(constraint.definition)
+      end
+    end
+
+    def clear_constraints_cache!
+      @constraints = nil
+    end
+
+    private
+
+    def constraints
+      @constraints ||= Gitlab::Database::PostgresConstraint.check_constraints
+                                                           .by_table_identifier(fully_qualified_table_name)
+    end
+
+    def fully_qualified_table_name
+      "#{connection.current_schema}.#{table_name}"
+    end
+  end
+end

app/models/integration.rb

@@ -679,6 +679,18 @@ class Integration < ApplicationRecord
     category == :ci
   end
 
+  def deactivate!
+    update(active: false)
+  end
+
+  def activate!
+    update(active: true)
+  end
+
+  def toggle!
+    active? ? deactivate! : activate!
+  end
+
   private
 
   # Ancestors sorted by hierarchy depth in bottom-top order.

app/models/project.rb

@@ -2460,8 +2460,7 @@ class Project < ApplicationRecord
     Gitlab::Ci::Variables::Collection.new
       .append(key: 'CI', value: 'true')
       .append(key: 'GITLAB_CI', value: 'true')
-      .append(key: 'CI_COMPONENT_FQDN', value: Gitlab.config.gitlab_ci.component_fqdn)
+      .append(key: 'CI_SERVER_FQDN', value: Gitlab.config.gitlab_ci.server_fqdn)
-      .append(key: 'CI_SERVER_FQDN', value: Gitlab.config.gitlab_ci.component_fqdn)
       .append(key: 'CI_SERVER_URL', value: Gitlab.config.gitlab.url)
       .append(key: 'CI_SERVER_HOST', value: Gitlab.config.gitlab.host)
       .append(key: 'CI_SERVER_PORT', value: Gitlab.config.gitlab.port.to_s)

app/policies/ci/build_policy.rb

@@ -40,6 +40,10 @@ module Ci
       @subject.artifacts_public?
     end
 
+    condition(:artifacts_none, scope: :subject) do
+      @subject.artifacts_no_access?
+    end
+
     condition(:terminal, scope: :subject) do
       @subject.has_terminal?
     end
@@ -116,7 +120,7 @@ module Ci
       prevent :create_build_service_proxy
     end
 
-    rule { can_read_project_build }.enable :read_job_artifacts
+    rule { can_read_project_build & ~artifacts_none }.enable :read_job_artifacts
     rule { ~artifacts_public & ~project_developer }.prevent :read_job_artifacts
   end
 end

app/policies/ci/job_artifact_policy.rb

@@ -8,6 +8,10 @@ module Ci
       @subject.public_access?
     end
 
+    condition(:none_access, scope: :subject) do
+      @subject.none_access?
+    end
+
     condition(:can_read_project_build, scope: :subject) do
       can?(:read_build, @subject.job.project)
     end
@@ -16,7 +20,7 @@ module Ci
       can?(:developer_access, @subject.job.project)
     end
 
-    rule { can_read_project_build }.enable :read_job_artifacts
+    rule { can_read_project_build & ~none_access }.enable :read_job_artifacts
     rule { ~public_access & ~has_access_to_project }.prevent :read_job_artifacts
   end
 end

app/services/ci/job_artifacts/create_service.rb

@@ -130,7 +130,7 @@ module Ci
 
         return accessibility if accessibility.present?
 
-        job.artifact_is_public_in_config? ? :public : :private
+        job.artifact_access_setting_in_config
       end
 
       def parse_artifact(artifact)

app/workers/all_queues.yml

@@ -2550,6 +2550,15 @@
   :weight: 1
   :idempotent: false
   :tags: []
+- :name: bitbucket_import_stage_import_users
+  :worker_name: Gitlab::BitbucketImport::Stage::ImportUsersWorker
+  :feature_category: :importers
+  :has_external_dependencies: true
+  :urgency: :low
+  :resource_boundary: :unknown
+  :weight: 1
+  :idempotent: true
+  :tags: []
 - :name: bitbucket_server_import_advance_stage
   :worker_name: Gitlab::BitbucketServerImport::AdvanceStageWorker
   :feature_category: :importers

app/workers/gitlab/bitbucket_import/stage/import_repository_worker.rb

@@ -13,6 +13,10 @@ module Gitlab
 
           importer.execute
 
+          if Feature.enabled?(:bitbucket_cloud_convert_mentions_to_users, project.creator)
+            return ImportUsersWorker.perform_async(project.id)
+          end
+
           ImportPullRequestsWorker.perform_async(project.id)
         end
 

app/workers/gitlab/bitbucket_import/stage/import_users_worker.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BitbucketImport
+    module Stage
+      class ImportUsersWorker
+        include StageMethods
+
+        idempotent!
+
+        private
+
+        def import(project)
+          importer = importer_class.new(project)
+
+          importer.execute
+
+          ImportPullRequestsWorker.perform_async(project.id)
+        end
+
+        def importer_class
+          Importers::UsersImporter
+        end
+      end
+    end
+  end
+end

config/feature_flags/gitlab_com_derisk/bitbucket_cloud_convert_mentions_to_users.yml

@@ -0,0 +1,9 @@
+---
+name: bitbucket_cloud_convert_mentions_to_users
+feature_issue_url:
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144923
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/442484
+milestone: '16.10'
+group: group::import and integrate
+type: gitlab_com_derisk
+default_enabled: false

config/initializers/1_settings.rb

@@ -266,7 +266,7 @@ Settings['gitlab_ci'] ||= {}
 Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
 Settings.gitlab_ci['builds_path']           = Settings.absolute(Settings.gitlab_ci['builds_path'] || "builds/")
 Settings.gitlab_ci['url']                 ||= Settings.__send__(:build_gitlab_ci_url)
-Settings.gitlab_ci['component_fqdn']      ||= Settings.__send__(:build_ci_component_fqdn)
+Settings.gitlab_ci['server_fqdn']         ||= Settings.__send__(:build_ci_server_fqdn)
 
 #
 # CI Secure Files

config/initializers/7_gitlab_http.rb

@@ -5,8 +5,7 @@ require 'gitlab-http'
 
 Gitlab::HTTP_V2.configure do |config|
   config.allowed_internal_uris = [
-    URI::HTTP.build(
+    (Gitlab.config.gitlab.protocol == 'https' ? URI::HTTPS : URI::HTTP).build(
-      scheme: Gitlab.config.gitlab.protocol,
       host: Gitlab.config.gitlab.host,
       port: Gitlab.config.gitlab.port
     ),

config/metrics/counts_28d/20210901221822_p_ci_templates_workflows_branch_pipelines_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_workflows_branch_pipeli
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901221831_p_ci_templates_workflows_mergerequest_pipelines_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_workflows_mergerequest_
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222117_p_ci_templates_jobs_helm_2to3_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_helm_2to3_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222202_p_ci_templates_jobs_deploy_ecs_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_ecs_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222211_p_ci_templates_jobs_deploy_ec2_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_ec2_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222220_p_ci_templates_jobs_deploy_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222229_p_ci_templates_jobs_build_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_build_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222246_p_ci_templates_jobs_test_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_test_monthly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222256_p_ci_templates_jobs_deploy_latest_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_latest_mont
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222313_p_ci_templates_jobs_cf_provision_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_cf_provision_month
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901222322_p_ci_templates_jobs_build_latest_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_build_latest_month
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901223541_p_ci_templates_implicit_jobs_helm_2to3_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_helm_2to3
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901223653_p_ci_templates_implicit_jobs_test_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_test_mont
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_28d/20210901223711_p_ci_templates_implicit_jobs_cf_provision_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_cf_provis
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: removed
 milestone: '14.3'

config/metrics/counts_28d/20210901223721_p_ci_templates_implicit_jobs_build_latest_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_build_lat
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: removed
 milestone: '14.3'

config/metrics/counts_28d/20210929102434_p_ci_templates_implicit_jobs_build_monthly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_build_mon
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: "14.4"

config/metrics/counts_7d/20210901221817_p_ci_templates_workflows_branch_pipelines_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_workflows_branch_pipeli
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901221826_p_ci_templates_workflows_mergerequest_pipelines_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_workflows_mergerequest_
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222113_p_ci_templates_jobs_helm_2to3_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_helm_2to3_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222157_p_ci_templates_jobs_deploy_ecs_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_ecs_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222206_p_ci_templates_jobs_deploy_ec2_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_ec2_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222215_p_ci_templates_jobs_deploy_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222224_p_ci_templates_jobs_build_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_build_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222242_p_ci_templates_jobs_test_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_test_weekly
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222251_p_ci_templates_jobs_deploy_latest_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_deploy_latest_week
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222309_p_ci_templates_jobs_cf_provision_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_cf_provision_weekl
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901222318_p_ci_templates_jobs_build_latest_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_jobs_build_latest_weekl
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901223537_p_ci_templates_implicit_jobs_helm_2to3_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_helm_2to3
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901223649_p_ci_templates_implicit_jobs_test_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_test_week
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: '14.3'

config/metrics/counts_7d/20210901223707_p_ci_templates_implicit_jobs_cf_provision_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_cf_provis
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: removed
 milestone: '14.3'

config/metrics/counts_7d/20210901223716_p_ci_templates_implicit_jobs_build_latest_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_build_lat
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: removed
 milestone: '14.3'

config/metrics/counts_7d/20210929102429_p_ci_templates_implicit_jobs_build_weekly.yml

@@ -3,7 +3,7 @@ key_path: redis_hll_counters.ci_templates.p_ci_templates_implicit_jobs_build_wee
 description: ''
 product_section: ''
 product_stage: ''
-product_group: ''
+product_group: pipeline_authoring
 value_type: number
 status: active
 milestone: "14.4"

config/settings.rb

@@ -11,7 +11,7 @@ Settings = GitlabSettings.load(file, Rails.env) do
     on_standard_port?(gitlab)
   end
 
-  def build_ci_component_fqdn
+  def build_ci_server_fqdn
     custom_port = ":#{gitlab.port}" unless on_standard_port?(gitlab)
 
     [

config/sidekiq_queues.yml

@@ -111,6 +111,8 @@
   - 1
 - - bitbucket_import_stage_import_repository
   - 1
+- - bitbucket_import_stage_import_users
+  - 1
 - - bitbucket_server_import_advance_stage
   - 1
 - - bitbucket_server_import_import_lfs_object
@@ -685,6 +687,8 @@
   - 1
 - - search_zoekt_project_transfer
   - 1
+- - security_delete_orchestration_configuration
+  - 1
 - - security_generate_policy_violation_comment
   - 1
 - - security_orchestration_configuration_create_bot
@@ -717,6 +721,8 @@
   - 1
 - - security_sync_scan_policies
   - 1
+- - security_unassign_redundant_policy_configurations
+  - 1
 - - security_unenforceable_policy_rules_notification
   - 1
 - - security_unenforceable_policy_rules_pipeline_notification

db/post_migrate/20240213124546_add_index_scan_result_policies_on_configuration_id_and_id_and_updated_at.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class AddIndexScanResultPoliciesOnConfigurationIdAndIdAndUpdatedAt < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  disable_ddl_transaction!
+
+  INDEX_NAME = :idx_scan_result_policies_on_configuration_id_id_updated_at
+  TABLE_NAME = :scan_result_policies
+
+  def up
+    add_concurrent_index(TABLE_NAME, %i[security_orchestration_policy_configuration_id id updated_at], name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+end

db/post_migrate/20240213124833_add_index_approval_project_rules_on_configuration_id_and_id.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class AddIndexApprovalProjectRulesOnConfigurationIdAndId < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  disable_ddl_transaction!
+
+  INDEX_NAME = :idx_approval_project_rules_on_configuration_id_and_id
+  TABLE_NAME = :approval_project_rules
+
+  def up
+    add_concurrent_index(TABLE_NAME, %i[security_orchestration_policy_configuration_id id], name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+end

db/post_migrate/20240213125219_schedule_index_approval_merge_request_rules_on_config_id_and_id_and_updated_at.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ScheduleIndexApprovalMergeRequestRulesOnConfigIdAndIdAndUpdatedAt < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  INDEX_NAME = :idx_approval_mr_rules_on_config_id_and_id_and_updated_at
+  TABLE_NAME = :approval_merge_request_rules
+  COLUMNS = %i[security_orchestration_policy_configuration_id id updated_at]
+
+  def up
+    prepare_async_index(TABLE_NAME, COLUMNS, name: INDEX_NAME)
+  end
+
+  def down
+    unprepare_async_index(TABLE_NAME, COLUMNS, name: INDEX_NAME)
+  end
+end

db/post_migrate/20240213125429_schedule_index_merge_requests_on_unmerged_state_id.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class ScheduleIndexMergeRequestsOnUnmergedStateId < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  INDEX_NAME = :idx_merge_requests_on_unmerged_state_id
+  TABLE_NAME = :merge_requests
+
+  def up
+    prepare_async_index(TABLE_NAME, :id, name: INDEX_NAME, where: "state_id <> 3")
+  end
+
+  def down
+    unprepare_async_index(TABLE_NAME, :id, name: INDEX_NAME)
+  end
+end

db/post_migrate/20240213125705_add_index_scan_result_policy_violations_on_scan_result_policy_id_and_id.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class AddIndexScanResultPolicyViolationsOnScanResultPolicyIdAndId < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  disable_ddl_transaction!
+
+  INDEX_NAME = :idx_scan_result_policy_violations_on_policy_id_and_id
+  TABLE_NAME = :scan_result_policy_violations
+
+  def up
+    add_concurrent_index(TABLE_NAME, %i[scan_result_policy_id id], name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+end

db/post_migrate/20240214101146_remove_index_approval_project_rules_on_sec_orchestration_config_id.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class RemoveIndexApprovalProjectRulesOnSecOrchestrationConfigId < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  disable_ddl_transaction!
+
+  TABLE_NAME = :approval_project_rules
+  INDEX_NAME = :idx_approval_project_rules_on_sec_orchestration_config_id
+
+  def up
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+
+  def down
+    add_concurrent_index(TABLE_NAME, :security_orchestration_policy_configuration_id, name: INDEX_NAME)
+  end
+end

db/post_migrate/20240318145552_add_null_check_constraint_for_vulnerability_reads_traversal_ids.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class AddNullCheckConstraintForVulnerabilityReadsTraversalIds < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '16.11'
+
+  def up
+    add_not_null_constraint :vulnerability_reads, :traversal_ids, validate: false
+  end
+
+  def down
+    remove_not_null_constraint :vulnerability_reads, :traversal_ids
+  end
+end

db/post_migrate/20240318150339_prepare_async_traversal_ids_check_constraint_validation.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class PrepareAsyncTraversalIdsCheckConstraintValidation < Gitlab::Database::Migration[2.2]
+  milestone '16.11'
+
+  CONSTRAINT_NAME = 'check_f5ba7c2496'
+
+  def up
+    prepare_async_check_constraint_validation :vulnerability_reads, name: CONSTRAINT_NAME
+  end
+
+  def down
+    unprepare_async_check_constraint_validation :vulnerability_reads, name: CONSTRAINT_NAME
+  end
+end

db/schema_migrations/20240213124546

@@ -0,0 +1 @@
+4745de5adaef6c0ea8c669317111b1568b8abf1f6c4a565db464f6bb8b59e70a

db/schema_migrations/20240213124833

@@ -0,0 +1 @@
+0287ede4aceee941c41c3b8f1e6a22bdbdd793b4b53206f44c9e56f44f22b97f

db/schema_migrations/20240213125219

@@ -0,0 +1 @@
+839b964e455dbd577ab389accb922922b99148a847d01d9164d832f68b0e5547

db/schema_migrations/20240213125429

@@ -0,0 +1 @@
+93148a82bf2a7021b282420ee13dab381fb05dc878902bc2a1e1e98ff81dda0a

db/schema_migrations/20240213125705

@@ -0,0 +1 @@
+c676560059b9cf10b47a4ca7a8b92149d92bb261bde3cfee1043ab7318801aff

db/schema_migrations/20240214101146

@@ -0,0 +1 @@
+f1f8f01acb0b0d70de398dd48bea37f60e5d0da2799ff31f5b3915e566b280f3

db/schema_migrations/20240318145552

@@ -0,0 +1 @@
+13de6dff291398df87dc95a81e8d4f7f8ce7a3f22fcb3df39006e0b386d369cf

db/schema_migrations/20240318150339

@@ -0,0 +1 @@
+45f5f3988b6fac58c19dc5bbe74eedfa1d697746c83493f478600749c25abc46

db/structure.sql

@@ -20579,6 +20579,9 @@ ALTER TABLE sprints
 ALTER TABLE web_hook_logs
     ADD CONSTRAINT check_df72cb58f5 CHECK ((char_length(url_hash) <= 44)) NOT VALID;
 
+ALTER TABLE vulnerability_reads
+    ADD CONSTRAINT check_f5ba7c2496 CHECK ((traversal_ids IS NOT NULL)) NOT VALID;
+
 ALTER TABLE projects
     ADD CONSTRAINT check_fa75869cb1 CHECK ((project_namespace_id IS NOT NULL)) NOT VALID;
 
@@ -23668,9 +23671,9 @@ CREATE INDEX idx_approval_merge_request_rules_on_scan_result_policy_id ON approv
 
 CREATE INDEX idx_approval_merge_request_rules_on_sec_orchestration_config_id ON approval_merge_request_rules USING btree (security_orchestration_policy_configuration_id);
 
-CREATE INDEX idx_approval_project_rules_on_scan_result_policy_id ON approval_project_rules USING btree (scan_result_policy_id);
+CREATE INDEX idx_approval_project_rules_on_configuration_id_and_id ON approval_project_rules USING btree (security_orchestration_policy_configuration_id, id);
 
-CREATE INDEX idx_approval_project_rules_on_sec_orchestration_config_id ON approval_project_rules USING btree (security_orchestration_policy_configuration_id);
+CREATE INDEX idx_approval_project_rules_on_scan_result_policy_id ON approval_project_rules USING btree (scan_result_policy_id);
 
 CREATE INDEX idx_audit_events_group_external_destinations_on_group_id ON audit_events_group_external_streaming_destinations USING btree (group_id);
 
@@ -23868,6 +23871,10 @@ CREATE INDEX idx_sbom_occurrences_on_project_id_and_source_id ON sbom_occurrence
 
 CREATE UNIQUE INDEX idx_sbom_source_packages_on_name_and_purl_type ON sbom_source_packages USING btree (name, purl_type);
 
+CREATE INDEX idx_scan_result_policies_on_configuration_id_id_updated_at ON scan_result_policies USING btree (security_orchestration_policy_configuration_id, id, updated_at);
+
+CREATE INDEX idx_scan_result_policy_violations_on_policy_id_and_id ON scan_result_policy_violations USING btree (scan_result_policy_id, id);
+
 CREATE UNIQUE INDEX idx_security_scans_on_build_and_scan_type ON security_scans USING btree (build_id, scan_type);
 
 CREATE INDEX idx_security_scans_on_scan_type ON security_scans USING btree (scan_type);

doc/ci/pipelines/merge_trains.md

@@ -101,7 +101,8 @@ To enable merge trains:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > Merge requests**.
-1. In the **Merge method** section, verify that **Merge commit** is selected.
+1. In GitLab 16.4 and earlier, in the **Merge method** section, verify that **Merge commit** is selected.
+   In GitLab 16.5 and later, you can use any merge method.
 1. In the **Merge options** section, ensure **Enable merged results pipelines** is enabled
    and select **Enable merge trains**.
 1. Select **Save changes**.
@@ -173,7 +174,7 @@ Merging immediately can use a lot of CI/CD resources. Use this option
 only in critical situations.
 
 NOTE:
-The **merge immediately** option may not be available if your project utilizes the [fast-forward](../../user/project/merge_requests/methods/index.md#fast-forward-merge) 
+The **merge immediately** option may not be available if your project uses the [fast-forward](../../user/project/merge_requests/methods/index.md#fast-forward-merge)
 merge method and the source branch is behind the target branch. See [issue 434070](https://gitlab.com/gitlab-org/gitlab/-/issues/434070) for more details.
 
 ### Allow merge trains to be skipped to merge immediately without restarting merge train pipelines

doc/ci/yaml/index.md

@@ -1424,6 +1424,10 @@ job:
 > - [Updated](https://gitlab.com/gitlab-org/gitlab/-/issues/322454) in GitLab 15.10. Artifacts created with `artifacts:public` before 15.10 are not guaranteed to remain private after this update.
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/294503) in GitLab 16.7. Feature flag `non_public_artifacts` removed.
 
+NOTE:
+`artifacts:public` is now superceded by [`artifacts:access`](#artifactsaccess) which
+has more options.
+
 Use `artifacts:public` to determine whether the job artifacts should be
 publicly available.
 
@@ -1448,6 +1452,31 @@ job:
     public: false
 ```
 
+### `artifacts:access`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145206) in GitLab 16.10.
+
+Use `artifacts:access` to determine who can access the job artifacts.
+
+You cannot use [`artifacts:public`](#artifactspublic) and `artifacts:access` in the same job.
+
+**Keyword type**: Job keyword. You can use it only as part of a job.
+
+**Possible inputs**:
+
+- `all` (default): Artifacts in public pipelines are available for download by anyone, including anonymous,
+  guest, and reporter users.
+- `developer`: Artifacts are only available for download by users with the Developer role or higher.
+- `none`: Artifacts are not available for download by anyone.
+
+**Example of `artifacts:access`**:
+
+```yaml
+job:
+  artifacts:
+    access: 'developer'
+```
+
 #### `artifacts:reports`
 
 Use [`artifacts:reports`](artifacts_reports.md) to collect artifacts generated by

doc/user/project/import/gitea.md

@@ -11,6 +11,7 @@ DETAILS:
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/381902) in GitLab 15.8, GitLab no longer automatically creates namespaces or groups that don't exist. GitLab also no longer falls back to using the user's personal namespace if the namespace or group name is taken.
+> - Ability to import projects with a `.` in their path [added](https://gitlab.com/gitlab-org/gitlab/-/issues/434175) in GitLab 16.11.
 
 Import your projects from Gitea to GitLab.
 
@@ -28,8 +29,6 @@ created as private in GitLab as well.
 
 ## Known issues
 
-- You must rename projects with a `.` in their path for all items to be imported correctly.
-  For more information, see [issue 434175](https://gitlab.com/gitlab-org/gitlab/-/issues/434175).
 - Because Gitea is not an OAuth provider, the author or assignee cannot be mapped to users on
   your GitLab instance. The project creator (usually the user who started the import process)
   is then set as the author. For issues, you can still see the original Gitea author.

lib/bitbucket/client.rb

@@ -14,22 +14,22 @@ module Bitbucket
     end
 
     def issues(repo)
-      path = "/repositories/#{repo}/issues"
+      path = "/repositories/#{repo}/issues?sort=created_on"
       get_collection(path, :issue)
     end
 
     def issue_comments(repo, issue_id)
-      path = "/repositories/#{repo}/issues/#{issue_id}/comments"
+      path = "/repositories/#{repo}/issues/#{issue_id}/comments?sort=created_on"
       get_collection(path, :comment)
     end
 
     def pull_requests(repo)
-      path = "/repositories/#{repo}/pullrequests?state=ALL"
+      path = "/repositories/#{repo}/pullrequests?state=ALL&sort=created_on"
       get_collection(path, :pull_request)
     end
 
     def pull_request_comments(repo, pull_request)
-      path = "/repositories/#{repo}/pullrequests/#{pull_request}/comments"
+      path = "/repositories/#{repo}/pullrequests/#{pull_request}/comments?sort=created_on"
       get_collection(path, :pull_request_comment)
     end
 
@@ -44,7 +44,7 @@ module Bitbucket
     end
 
     def repos(filter: nil)
-      path = "/repositories?role=member"
+      path = "/repositories?role=member&sort=created_on"
       path += "&q=name~\"#{filter}\"" if filter
 
       get_collection(path, :repo)
@@ -57,10 +57,15 @@ module Bitbucket
       end
     end
 
+    def users(workspace_key, page_number: nil, limit: nil)
+      path = "/workspaces/#{workspace_key}/members"
+      get_collection(path, :user, page_number: page_number, limit: limit)
+    end
+
     private
 
-    def get_collection(path, type)
+    def get_collection(path, type, page_number: nil, limit: nil)
-      paginator = Paginator.new(connection, path, type)
+      paginator = Paginator.new(connection, path, type, page_number: page_number, limit: limit)
       Collection.new(paginator)
     end
   end

lib/bitbucket/paginator.rb

@@ -4,23 +4,27 @@ module Bitbucket
   class Paginator
     PAGE_LENGTH = 50 # The minimum length is 10 and the maximum is 100.
 
-    def initialize(connection, url, type)
+    def initialize(connection, url, type, page_number: nil, limit: nil)
       @connection = connection
       @type = type
       @url = url
-      @page = nil
+      @page_number = page_number
+      @limit = limit
+      @total = 0
     end
 
     def items
+      raise StopIteration if over_limit?
       raise StopIteration unless has_next_page?
 
       @page = fetch_next_page
+      @total += @page.items.count
       @page.items
     end
 
     private
 
-    attr_reader :connection, :page, :url, :type
+    attr_reader :connection, :page, :url, :type, :page_number, :limit
 
     def has_next_page?
       page.nil? || page.next?
@@ -30,8 +34,25 @@ module Bitbucket
       page.nil? ? url : page.next
     end
 
+    def max_per_page
+      limit || PAGE_LENGTH
+    end
+
+    def over_limit?
+      return false unless limit
+
+      limit > 0 && @total >= limit
+    end
+
+    # Note to self for specs:
+    # - Allowed pagelen to be set by limit instead of just using PAGE_LENGTH
+    # - Allow specifying a starting page to grab one page at a time, so PageCounter can be used for logging
+    # - Added over_limit? to make sure only one page is called.
     def fetch_next_page
-      parsed_response = connection.get(next_url, pagelen: PAGE_LENGTH, sort: :created_on)
+      extra_query = { pagelen: max_per_page }
+      extra_query[:page] = page_number if page_number && limit
+
+      parsed_response = connection.get(next_url, extra_query)
       Page.new(parsed_response, type)
     end
   end

lib/bitbucket/representation/user.rb

@@ -6,6 +6,24 @@ module Bitbucket
       def username
         raw['username']
       end
+
+      def account_id
+        user['account_id']
+      end
+
+      def name
+        user['display_name']
+      end
+
+      def nickname
+        user['nickname']
+      end
+
+      private
+
+      def user
+        raw['user']
+      end
     end
   end
 end

lib/extracts_ref/requested_ref.rb

@@ -47,12 +47,16 @@ module ExtractsRef
     strong_memoize_attr :commit
 
     def tag
+      return unless repository.tag_exists?(ref)
+
       raw_commit = repository.find_tag(ref)&.dereferenced_target
       ::Commit.new(raw_commit, repository.container) if raw_commit
     end
     strong_memoize_attr :tag
 
     def branch
+      return unless repository.branch_exists?(ref)
+
       raw_commit = repository.find_branch(ref)&.dereferenced_target
       ::Commit.new(raw_commit, repository.container) if raw_commit
     end

lib/gitlab/bitbucket_import/importers/users_importer.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BitbucketImport
+    module Importers
+      class UsersImporter
+        include Loggable
+        include Gitlab::Import::UserFromMention
+
+        BATCH_SIZE = 100
+
+        def initialize(project)
+          @project = project
+          @project_id = project.id
+        end
+
+        attr_reader :project, :project_id
+
+        def execute
+          log_info(import_stage: 'import_users', message: 'starting')
+
+          current = page_counter.current
+
+          loop do
+            log_info(
+              import_stage: 'import_users',
+              message: "importing page #{current} using batch size #{BATCH_SIZE}"
+            )
+
+            users = client.users(workspace_key, page_number: current, limit: BATCH_SIZE).to_a
+
+            break if users.empty?
+
+            cache_users(users)
+
+            current += 1
+            page_counter.set(current)
+          end
+
+          page_counter.expire!
+
+          log_info(import_stage: 'import_users', message: 'finished')
+        end
+
+        private
+
+        def cache_users(users)
+          # No-op for now
+        end
+
+        def client
+          @client ||= Bitbucket::Client.new(project.import_data.credentials)
+        end
+
+        def workspace_key
+          project.import_source.split('/').first
+        end
+
+        def page_counter
+          @page_counter ||= Gitlab::Import::PageCounter.new(project, :users, 'bitbucket-importer')
+        end
+      end
+    end
+  end
+end

lib/gitlab/ci/components/instance_path.rb

@@ -14,7 +14,7 @@ module Gitlab
         end
 
         def self.fqdn_prefix
-          "#{Settings.gitlab_ci['component_fqdn']}/"
+          "#{Settings.gitlab_ci['server_fqdn']}/"
         end
 
         def initialize(address:)

lib/gitlab/ci/config/entry/artifacts.rb

@@ -13,7 +13,8 @@ module Gitlab
           include ::Gitlab::Config::Entry::Attributable
 
           ALLOWED_WHEN = %w[on_success on_failure always].freeze
-          ALLOWED_KEYS = %i[name untracked paths reports when expire_in expose_as exclude public].freeze
+          ALLOWED_ACCESS = %w[none developer all].freeze
+          ALLOWED_KEYS = %i[name untracked paths reports when expire_in expose_as exclude public access].freeze
           EXPOSE_AS_REGEX = /\A\w[-\w ]*\z/
           EXPOSE_AS_ERROR_MESSAGE = "can contain only letters, digits, '-', '_' and spaces"
 
@@ -26,6 +27,8 @@ module Gitlab
             validates :config, allowed_keys: ALLOWED_KEYS
             validates :paths, presence: true, if: :expose_as_present?
 
+            validates :config, mutually_exclusive_keys: %i[access public]
+
             with_options allow_nil: true do
               validates :name, type: String
               validates :public, boolean: true
@@ -44,6 +47,10 @@ module Gitlab
                 message: "should be one of: #{ALLOWED_WHEN.join(', ')}"
               }
               validates :expire_in, duration: { parser: ::Gitlab::Ci::Build::DurationParser }
+              validates :access, type: String, inclusion: {
+                in: ALLOWED_ACCESS,
+                message: "should be one of: #{ALLOWED_ACCESS.join(', ')}"
+              }
             end
           end
 

lib/gitlab/ci/project_config/repository.rb

@@ -24,7 +24,7 @@ module Gitlab
 
         override :url
         def url
-          File.join(Settings.build_ci_component_fqdn, project.full_path, '//', ci_config_path)
+          File.join(Settings.build_ci_server_fqdn, project.full_path, '//', ci_config_path)
         end
 
         private

lib/gitlab/ci/reports/sbom/component.rb

@@ -30,7 +30,7 @@ module Gitlab
           end
 
           def purl_type
-            purl.type
+            purl&.type
           end
 
           def type
@@ -38,13 +38,7 @@ module Gitlab
           end
 
           def name
-            return @name unless purl
+            use_namespaced_name? ? [purl.namespace, purl.name].compact.join('/') : @name
-
-            [purl.namespace, purl.name].compact.join('/')
-          end
-
-          def name_without_namespace
-            @name
           end
 
           def key
@@ -81,6 +75,10 @@ module Gitlab
           def purl_type_int(component)
             ::Enums::Sbom::PURL_TYPES.fetch(component.purl&.type&.to_sym, 0)
           end
+
+          def use_namespaced_name?
+            purl.present? && Enums::Sbom.use_namespaced_name?(purl_type)
+          end
         end
       end
     end

lib/gitlab/legacy_github_import/importer.rb

@@ -29,7 +29,7 @@ module Gitlab
         # Gitea plan to be GitHub compliant
         if project.gitea_import?
           uri = URI.parse(project.import_url)
-          host = "#{uri.scheme}://#{uri.host}:#{uri.port}#{uri.path}".sub(%r{/?[\w-]+/[\w-]+\.git\z}, '')
+          host = "#{uri.scheme}://#{uri.host}:#{uri.port}#{uri.path}".sub(%r{/?[\w.-]+/[\w.-]+\.git\z}, '')
           opts = {
             host: host,
             api_version: 'v1'

lib/gitlab/pagination/keyset/simple_order_builder.rb

@@ -89,7 +89,7 @@ module Gitlab
         end
 
         def nullability(order_value, attribute_name)
-          nullable = model_class.columns.find { |column| column.name == attribute_name }.null
+          nullable = model_class.nullable_column?(attribute_name)
 
           if nullable && order_value.is_a?(Arel::Nodes::Ascending)
             :nulls_last

lib/gitlab/request_forgery_protection.rb

@@ -33,6 +33,11 @@ module Gitlab
     def self.verified?(env)
       minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN')
                       .merge('rack.input' => '')
+
+      # The CSRF token for some requests is in the form instead of headers.
+      # This line of code is used to accommodate this situation. See: https://gitlab.com/gitlab-org/gitlab/-/issues/443398
+      minimal_env['HTTP_X_CSRF_TOKEN'] ||= Rack::Request.new(env.dup).params['authenticity_token']
+
       call(minimal_env)
 
       true

lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb

@@ -246,7 +246,13 @@ module Gitlab
         end
 
         def idempotency_string
-          "#{worker_class_name}:#{Sidekiq.dump_json(arguments)}"
+          "#{worker_class_name}:#{idempotency_arguments}"
+        end
+
+        def idempotency_arguments
+          args = worker_klass.try(:idempotency_arguments, arguments) || arguments
+
+          Sidekiq.dump_json(args)
         end
 
         def existing_wal_locations

locale/gitlab.pot

@@ -13058,6 +13058,9 @@ msgstr ""
 msgid "ComplianceReport|Compliance framework"
 msgstr ""
 
+msgid "ComplianceReport|Compliance pipelines are now in maintenance mode"
+msgstr ""
+
 msgid "ComplianceReport|Create a new framework"
 msgstr ""
 
@@ -13067,6 +13070,9 @@ msgstr ""
 msgid "ComplianceReport|Edit the framework"
 msgstr ""
 
+msgid "ComplianceReport|For more information, see %{linkStart}how to migrate from compliance pipelines to pipeline execution policy actions%{linkEnd}."
+msgstr ""
+
 msgid "ComplianceReport|Framework successfully applied"
 msgstr ""
 
@@ -13118,6 +13124,9 @@ msgstr ""
 msgid "ComplianceReport|Update result"
 msgstr ""
 
+msgid "ComplianceReport|You can still edit existing compliance pipelines, but cannot create new compliance pipelines. %{linkStart}Pipeline execution policy%{linkEnd} actions provide the ability to enforce CI/CD jobs, execute security scans, and better manage compliance. You should migrate as soon as possible."
+msgstr ""
+
 msgid "ComplianceStandardsAdherence| Standards adherence export"
 msgstr ""
 
@@ -21452,9 +21461,6 @@ msgstr ""
 msgid "File added"
 msgstr ""
 
-msgid "File browser"
-msgstr ""
-
 msgid "File deleted"
 msgstr ""
 
@@ -45698,7 +45704,7 @@ msgstr ""
 msgid "SecurityOrchestration|Security policy project was linked successfully"
 msgstr ""
 
-msgid "SecurityOrchestration|Security policy project was unlinked successfully"
+msgid "SecurityOrchestration|Security policy project will be unlinked soon"
 msgstr ""
 
 msgid "SecurityOrchestration|Security policy projects store your organization's security policies. They are identified when policies are created, or when a project is linked as a security policy project. %{linkStart}Learn more%{linkEnd}."
@@ -58262,6 +58268,9 @@ msgstr ""
 msgid "You don't have write access to the source branch."
 msgstr ""
 
+msgid "You don't need to link the security policy projects from the group. All policies in the security policy projects are inherited already."
+msgstr ""
+
 msgid "You don’t have access to Productivity Analytics in this group"
 msgstr ""
 

scripts/remote_development/run-smoke-test-suite.sh

@@ -1,102 +1,106 @@
 #!/usr/bin/env bash
 
-# This script runs a suite of non-E2E specs related to the Remote Development category, as
-# a pre-commit/pre-push "Smoke Test" to catch any broken tests without having to wait
-# on CI to catch them. Note that there are some shared/common specs related to
-# Remote Development which are not included in this suite.
-# https://en.wikipedia.org/wiki/Smoke_testing_(software)
-
 # shellcheck disable=SC2059
 
-set -o errexit # AKA -e - exit immediately on errors (http://mywiki.wooledge.org/BashFAQ/105)
+BCyan='\033[1;36m'
-
+BRed='\033[1;31m'
-###########
+BGreen='\033[1;32m'
-## Setup ##
+BBlue='\033[1;34m'
-###########
+Color_Off='\033[0m'
-
-# https://stackoverflow.com/a/28938235
-BCyan='\033[1;36m' # Bold Cyan
-BRed='\033[1;31m' # Bold Red
-BGreen='\033[1;32m' # Bold Green
-BBlue='\033[1;34m' # Bold Blue
-Color_Off='\033[0m' # Text Reset
 
+# Exit handling
 function onexit_err() {
   local exit_status=${1:-$?}
   printf "\n❌❌❌ ${BRed}Remote Development smoke test failed!${Color_Off} ❌❌❌\n"
-
+  if [ "${REVEAL_RUBOCOP_TODO}" -ne 0 ]; then
-  if [ ${REVEAL_RUBOCOP_TODO} -ne 0 ]; then
     printf "\n(If the failure was due to rubocop, set REVEAL_RUBOCOP_TODO=0 to ignore TODOs)\n"
   fi
-
   exit "${exit_status}"
 }
 trap onexit_err ERR
 set -o errexit
 
-#####################
+function print_start_message {
-## Invoke commands ##
+  printf "${BCyan}\nStarting Remote Development smoke test...${Color_Off}\n\n"
-#####################
+}
 
-printf "${BCyan}\nStarting Remote Development smoke test...\n\n${Color_Off}"
+function run_rubocop {
+  printf "${BBlue}Running RuboCop${Color_Off}\n\n"
+  files_for_rubocop=()
+  while IFS= read -r -d '' file; do
+    files_for_rubocop+=("$file")
+  done < <(find . -path './**/remote_development/*.rb' -print0)
+  REVEAL_RUBOCOP_TODO=${REVEAL_RUBOCOP_TODO:-1} bundle exec rubocop --parallel --force-exclusion --no-server "${files_for_rubocop[@]}"
+}
 
-#############
+function run_rspec_fast {
-## RUBOCOP ##
+  printf "\n\n${BBlue}Running backend RSpec fast specs${Color_Off}\n\n"
-#############
 
-printf "${BBlue}Running RuboCop for Remote Development and related files${Color_Off}\n\n"
+  # NOTE: We do not use `--tag rd_fast` here, because `rd_fast_spec_helper` has a check to ensure that all the
+  #       files which require it are tagged with `rd_fast`.
 
-# TODO: Also run rubocop for the other non-remote-development files once they are passing rubocop
+  files_for_fast=()
-#       with REVEAL_RUBOCOP_TODO=1
+  while IFS= read -r file; do
-while IFS= read -r -d '' file; do
+      files_for_fast+=("$file")
-  files_for_rubocop+=("$file")
+  done < <(find ee/spec -path '**/remote_development/*_spec.rb' -exec grep -lE 'require_relative.*rd_fast_spec_helper' {} +)
-done < <(find . -path './**/remote_development/*.rb' -print0)
 
-REVEAL_RUBOCOP_TODO=${REVEAL_RUBOCOP_TODO:-1} bundle exec rubocop --parallel --force-exclusion --no-server "${files_for_rubocop[@]}"
+  bin/rspec "${files_for_fast[@]}"
+}
 
-##########
+function run_jest {
-## JEST ##
+  printf "\n\n${BBlue}Running Remote Development frontend Jest specs${Color_Off}\n\n"
-##########
+  yarn jest ee/spec/frontend/remote_development
+}
 
-printf "\n\n${BBlue}Running Remote Development frontend Jest specs${Color_Off}\n\n"
+function run_rspec_rails {
+  printf "\n\n${BBlue}Running backend RSpec non-fast specs${Color_Off}\n\n"
+  files_for_rails=()
+  while IFS= read -r file; do
+      files_for_rails+=("$file")
+  done < <(find ee/spec -path '**/remote_development/*_spec.rb' | grep -v 'qa/qa' | grep -v '/features/')
 
-yarn jest ee/spec/frontend/remote_development
+  files_for_rails+=(
+      "ee/spec/graphql/types/query_type_spec.rb"
+      "ee/spec/graphql/types/subscription_type_spec.rb"
+      "ee/spec/requests/api/internal/kubernetes_spec.rb"
+      "spec/graphql/types/subscription_type_spec.rb"
+      "spec/lib/result_spec.rb"
+      "spec/support_specs/matchers/result_matchers_spec.rb"
+  )
 
-#######################
+  bin/rspec -r spec_helper --tag ~rd_fast "${files_for_rails[@]}"
-## RSPEC NON-FEATURE ##
+}
-#######################
 
-printf "\n\n${BBlue}Running Remote Development and related backend RSpec non-selenium specs${Color_Off}\n\n"
+function run_rspec_feature {
+  printf "\n\n${BBlue}Running backend RSpec feature specs${Color_Off}\n\n"
+  files_for_feature=()
+  while IFS= read -r file; do
+      files_for_feature+=("$file")
+  done < <(find ee/spec -path '**/remote_development/*_spec.rb' | grep -v 'qa/qa' | grep '/features/')
 
-while IFS= read -r file; do
+  bin/rspec -r spec_helper "${files_for_feature[@]}"
-    files_for_rspec+=("$file")
+}
-done < <(find . -path './**/remote_development/*_spec.rb' | grep -v 'qa/qa' | grep -v '/features/')
 
-files_for_rspec+=(
+function print_success_message {
-    "ee/spec/graphql/types/query_type_spec.rb"
+  printf "\n✅✅✅ ${BGreen}All executed linters/specs passed successfully!${Color_Off} ✅✅✅\n"
-    "ee/spec/graphql/types/subscription_type_spec.rb"
+}
-    "ee/spec/requests/api/internal/kubernetes_spec.rb"
-    "spec/graphql/types/subscription_type_spec.rb"
-    "spec/lib/result_spec.rb"
-    "spec/support_specs/matchers/result_matchers_spec.rb"
-)
-bin/rspec -r spec_helper "${files_for_rspec[@]}"
 
-###################
+function main {
-## RSPEC FEATURE ##
+  # cd to gitlab root directory
-###################
+  cd "$(dirname "${BASH_SOURCE[0]}")"/../..
 
-printf "\n\n${BBlue}Running Remote Development and related backend RSpec feature specs${Color_Off}\n\n"
+  print_start_message
 
-while IFS= read -r file; do
+  # Run linting before tests
-    files_for_rspec_selenium+=("$file")
+  [ -z "${SKIP_RUBOCOP}" ] && run_rubocop
-done < <(find . -path './**/remote_development/*_spec.rb' | grep -v 'qa/qa' | grep '/features/')
 
-printf "\n${BRed}SKIPPING FEATURE SPECS, THEY ARE CURRENTLY BROKEN. SEE https://gitlab.slack.com/archives/C3JJET4Q6/p1702638503864429 and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140015${Color_Off} ❌❌❌\n"
+  # Test sections are sorted roughly in increasing order of execution time.
-# bin/rspec -r spec_helper "${files_for_rspec_selenium[@]}"
+  [ -z "${SKIP_FAST}" ] && run_rspec_fast
+  [ -z "${SKIP_JEST}" ] && run_jest
+  [ -z "${SKIP_RAILS}" ] && run_rspec_rails
+  [ -z "${SKIP_FEATURE}" ] && run_rspec_feature
 
-###########################
+  print_success_message
-## Print success message ##
+}
-###########################
 
-printf "\n✅✅✅ ${BGreen}All Remote Development specs passed successfully!${Color_Off} ✅✅✅\n"
+main "$@"

spec/config/settings_spec.rb

@@ -46,8 +46,8 @@ RSpec.describe Settings, feature_category: :system_access do
     end
   end
 
-  describe '.build_ci_component_fqdn' do
+  describe '.build_ci_server_fqdn' do
-    subject(:fqdn) { described_class.build_ci_component_fqdn }
+    subject(:fqdn) { described_class.build_ci_server_fqdn }
 
     where(:host, :port, :relative_url, :result) do
       'acme.com' | 9090 | '/gitlab' | 'acme.com:9090/gitlab'

spec/crystalball_env.rb

@@ -9,17 +9,34 @@ module CrystalballEnv
     return unless ENV['CRYSTALBALL'] == 'true'
 
     require 'crystalball'
-    require_relative '../tooling/lib/tooling/crystalball/coverage_lines_execution_detector'
+    require_relative '../tooling/lib/tooling/crystalball/described_class_execution_detector'
-    require_relative '../tooling/lib/tooling/crystalball/coverage_lines_strategy'
 
     map_storage_path_base = ENV['CI_JOB_NAME'] || 'crystalball_data'
     map_storage_path = "crystalball/#{map_storage_path_base.gsub(%r{[/ ]}, '_')}.yml"
 
-    execution_detector = Tooling::Crystalball::CoverageLinesExecutionDetector.new(exclude_prefixes: EXCLUDED_PREFIXES)
-
     Crystalball::MapGenerator.start! do |config|
       config.map_storage_path = map_storage_path
-      config.register Tooling::Crystalball::CoverageLinesStrategy.new(execution_detector)
+
+      # https://toptal.github.io/crystalball/map_generators/#describedclassstrategy
+      described_class_execution_detector = Tooling::Crystalball::DescribedClassExecutionDetector.new(
+        root_path: File.expand_path('../', __dir__),
+        exclude_prefixes: EXCLUDED_PREFIXES
+      )
+      config.register Crystalball::MapGenerator::DescribedClassStrategy.new(
+        execution_detector: described_class_execution_detector
+      )
+
+      # Modified version of https://toptal.github.io/crystalball/map_generators/#coveragestrategy
+      #
+      # require_relative '../tooling/lib/tooling/crystalball/coverage_lines_execution_detector'
+      # require_relative '../tooling/lib/tooling/crystalball/coverage_lines_strategy'
+      # execution_detector = Tooling::Crystalball::CoverageLinesExecutionDetector.new(
+      #   exclude_prefixes: EXCLUDED_PREFIXES
+      # )
+      # config.register Tooling::Crystalball::CoverageLinesStrategy.new(execution_detector)
+
+      # https://toptal.github.io/crystalball/map_generators/#actionviewstrategy
+      # config.register Crystalball::Rails::MapGenerator::ActionViewStrategy.new
     end
   end
 end

spec/factories/ci/builds.rb

@@ -330,6 +330,14 @@ FactoryBot.define do
       end
     end
 
+    trait :no_access_artifacts do
+      after(:create) do |build, evaluator|
+        create(:ci_job_artifact, :archive, :none, job: build, expire_at: build.artifacts_expire_at)
+        create(:ci_job_artifact, :metadata, :none, job: build, expire_at: build.artifacts_expire_at)
+        build.reload
+      end
+    end
+
     trait :report_results do
       after(:build) do |build|
         build.report_results << build(:ci_build_report_result)
@@ -597,6 +605,34 @@ FactoryBot.define do
       end
     end
 
+    trait :with_developer_access_artifacts do
+      options do
+        {
+          artifacts: { access: 'developer' }
+        }
+      end
+    end
+
+    # invalid case for access setting
+    trait :with_access_and_public_setting do
+      options do
+        {
+          artifacts: {
+            public: true,
+            access: 'all'
+          }
+        }
+      end
+    end
+
+    trait :with_none_access_artifacts do
+      options do
+        {
+          artifacts: { access: 'none' }
+        }
+      end
+    end
+
     trait :with_public_artifacts_config do
       options do
         {
@@ -605,6 +641,14 @@ FactoryBot.define do
       end
     end
 
+    trait :with_all_access_artifacts do
+      options do
+        {
+          artifacts: { access: 'all' }
+        }
+      end
+    end
+
     trait :non_playable do
       status { 'created' }
       self.when { 'manual' }

spec/factories/ci/job_artifacts.rb

@@ -182,6 +182,10 @@ FactoryBot.define do
       accessibility { 'public' }
     end
 
+    trait :none do
+      accessibility { 'none' }
+    end
+
     trait :accessibility do
       file_type { :accessibility }
       file_format { :raw }

spec/frontend/diffs/components/settings_dropdown_spec.js

@@ -30,44 +30,6 @@ describe('Diff settings dropdown component', () => {
     store.getters['diffs/isParallelView'] = false;
   });
 
-  describe('tree view buttons', () => {
-    it('list view button dispatches setRenderTreeList with false', () => {
-      const wrapper = createComponent();
-      wrapper.find('.js-list-view').trigger('click');
-
-      expect(store.dispatch).toHaveBeenCalledWith('diffs/setRenderTreeList', {
-        renderTreeList: false,
-      });
-    });
-
-    it('tree view button dispatches setRenderTreeList with true', () => {
-      const wrapper = createComponent();
-      wrapper.find('.js-tree-view').trigger('click');
-
-      expect(store.dispatch).toHaveBeenCalledWith('diffs/setRenderTreeList', {
-        renderTreeList: true,
-      });
-    });
-
-    it('sets list button as selected when renderTreeList is false', () => {
-      store.state.diffs = { renderTreeList: false };
-
-      const wrapper = createComponent();
-
-      expect(wrapper.find('.js-list-view').classes('selected')).toBe(true);
-      expect(wrapper.find('.js-tree-view').classes('selected')).toBe(false);
-    });
-
-    it('sets tree button as selected when renderTreeList is true', () => {
-      store.state.diffs = { renderTreeList: true };
-
-      const wrapper = createComponent();
-
-      expect(wrapper.find('.js-list-view').classes('selected')).toBe(false);
-      expect(wrapper.find('.js-tree-view').classes('selected')).toBe(true);
-    });
-  });
-
   describe('compare changes', () => {
     it('sets inline button as selected', () => {
       store.state.diffs = { diffViewType: INLINE_DIFF_VIEW_TYPE };