Add latest changes from gitlab-org/gitlab@master

ed16c943 · GitLab Bot · 874c603d · ed16c943 · ed16c943 · ed16c943
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,6 +61,7 @@ variables:
  DOCKER_VERSION: "19.03.0"

 include:
+  - local: .gitlab/ci/build-images.gitlab-ci.yml
  - local: .gitlab/ci/cache-repo.gitlab-ci.yml
  - local: .gitlab/ci/cng.gitlab-ci.yml
  - local: .gitlab/ci/docs.gitlab-ci.yml

--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
+# This image is used by the `review-qa-*` jobs. Not currently used by the `omnibus-gitlab` pipelines which rebuild this
+# image, e.g. https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/jobs/587107399, which we could probably avoid.
+# See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5429.
+build-qa-image:
+  extends:
+    - .use-kaniko
+    - .build-images:rules:build-qa-image
+  stage: build-images
+  needs: []
+  script:
+    - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
+    - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true
+  retry: 2
+
+# This image is used by:
+# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335
+# - The `omnibus-gitlab` pipelines (via the `package-and-qa` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130
+build-assets-image:
+  extends:
+    - .use-kaniko
+    - .build-images:rules:build-assets-image
+  stage: build-images
+  needs: ["compile-production-assets"]
+  variables:
+    GIT_DEPTH: "1"
+  script:
+    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
+    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
+    # https://gitlab.com/gitlab-org/gitlab/issues/208389
+    - run_timed_command "scripts/build_assets_image"
+  retry: 2
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -90,21 +90,6 @@ update-yarn-cache:
  cache:
    policy: push

-build-assets-image:
-  extends:
-    - .use-kaniko
-    - .frontend:rules:compile-production-assets
-  stage: build-images
-  needs: ["compile-production-assets"]
-  variables:
-    GIT_DEPTH: "1"
-  script:
-    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
-    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
-    # https://gitlab.com/gitlab-org/gitlab/issues/208389
-    - run_timed_command "scripts/build_assets_image"
-  retry: 2
-
 .frontend-fixtures-base:
  extends:
    - .frontend-base

--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -49,7 +49,6 @@ update-qa-cache:
 .package-and-qa-base:
  image: ruby:2.6-alpine
  stage: qa
-  dependencies: []
  retry: 0
  script:
    - source scripts/utils.sh

--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
-build-qa-image:
-  extends:
-    - .use-kaniko
-    - .review:rules:build-qa-image
-  stage: build-images
-  needs: []
-  script:
-    - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
-    - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true
-  retry: 2
-
 review-cleanup:
  extends:
    - .default-retry

--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -71,6 +71,22 @@
  - ".gitlab-ci.yml"
  - ".gitlab/ci/**/*"

+.ci-build-images-patterns: &ci-build-images-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+
+.ci-review-patterns: &ci-review-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/frontend.gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+  - ".gitlab/ci/review.gitlab-ci.yml"
+
+.ci-qa-patterns: &ci-qa-patterns
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/frontend.gitlab-ci.yml"
+  - ".gitlab/ci/build-images.gitlab-ci.yml"
+  - ".gitlab/ci/qa.gitlab-ci.yml"
+
 .yaml-patterns: &yaml-patterns
  - "**/*.yml"

@@ -208,6 +224,26 @@
    - <<: *if-master-schedule-2-hourly
    - <<: *if-merge-request-title-update-caches

+######################
+# Build images rules #
+######################
+.build-images:rules:build-qa-image:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-dot-com-gitlab-org-and-security-merge-request
+      changes: *ci-build-images-patterns
+    - <<: *if-dot-com-gitlab-org-and-security-merge-request
+      changes: *code-qa-patterns
+    - <<: *if-dot-com-gitlab-org-schedule
+
+.build-images:rules:build-assets-image:
+  rules:
+    - <<: *if-not-canonical-namespace
+      when: never
+    - changes: *ci-build-images-patterns
+    - changes: *code-backstage-qa-patterns
+
 ####################
 # Cache repo rules #
 ####################
@@ -378,7 +414,7 @@
 .qa:rules:package-and-qa:
  rules:
    - <<: *if-dot-com-gitlab-org-and-security-merge-request
-      changes: *ci-patterns
+      changes: *ci-qa-patterns
      allow_failure: true
    - <<: *if-dot-com-gitlab-org-and-security-merge-request
      changes: *qa-patterns
@@ -569,18 +605,12 @@
 ################
 # Review rules #
 ################
-.review:rules:build-qa-image:
+.review:rules:review-build-cng:
  rules:
    - <<: *if-not-ee
      when: never
-    - <<: *if-dot-com-gitlab-org-and-security-merge-request
-      changes: *code-qa-patterns
-    - <<: *if-dot-com-gitlab-org-schedule
-
-.review:rules:review-build-cng:
-  rules:
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
@@ -594,7 +624,7 @@
    - <<: *if-not-ee
      when: never
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
      allow_failure: true
@@ -617,7 +647,7 @@
    - <<: *if-not-ee
      when: never
    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *ci-patterns
+      changes: *ci-review-patterns
    - <<: *if-dot-com-gitlab-org-merge-request
      changes: *frontend-patterns
      allow_failure: true

--- a/app/assets/javascripts/monitoring/stores/utils.js
+++ b/app/assets/javascripts/monitoring/stores/utils.js
@@ -2,7 +2,7 @@ import { slugify } from '~/lib/utils/text_utility';
 import createGqClient, { fetchPolicies } from '~/lib/graphql';
 import { SUPPORTED_FORMATS } from '~/lib/utils/unit_format';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
-import { parseTemplatingVariables } from './variable_mapping';
+import { mergeURLVariables, parseTemplatingVariables } from './variable_mapping';
 import { DATETIME_RANGE_TYPES } from '~/lib/utils/constants';
 import { timeRangeToParams, getRangeType } from '~/lib/utils/datetime_range';
 import { isSafeURL, mergeUrlParams } from '~/lib/utils/url_utility';
@@ -289,7 +289,7 @@ export const mapToDashboardViewModel = ({
 }) => {
  return {
    dashboard,
-    variables: parseTemplatingVariables(templating),
+    variables: mergeURLVariables(parseTemplatingVariables(templating)),
    links: links.map(mapLinksToViewModel),
    panelGroups: panel_groups.map(mapToPanelGroupViewModel),
  };

--- a/app/assets/javascripts/monitoring/stores/variable_mapping.js
+++ b/app/assets/javascripts/monitoring/stores/variable_mapping.js
 import { isString } from 'lodash';
+import { templatingVariablesFromUrl } from '../utils';
 import { VARIABLE_TYPES } from '../constants';

 /**
@@ -164,4 +165,39 @@ export const parseTemplatingVariables = ({ variables = {} } = {}) =>
    return acc;
  }, {});

+/**
+ * Custom variables are defined in the dashboard yml file
+ * and their values can be passed through the URL.
+ *
+ * On component load, this method merges variables data
+ * from the yml file with URL data to store in the Vuex store.
+ * Not all params coming from the URL need to be stored. Only
+ * the ones that have a corresponding variable defined in the
+ * yml file.
+ *
+ * This ensures that there is always a single source of truth
+ * for variables
+ *
+ * This method can be improved further. See the below issue
+ * https://gitlab.com/gitlab-org/gitlab/-/issues/217713
+ *
+ * @param {Object} varsFromYML template variables from yml file
+ * @returns {Object}
+ */
+export const mergeURLVariables = (varsFromYML = {}) => {
+  const varsFromURL = templatingVariablesFromUrl();
+  const variables = {};
+  Object.keys(varsFromYML).forEach(key => {
+    if (Object.prototype.hasOwnProperty.call(varsFromURL, key)) {
+      variables[key] = {
+        ...varsFromYML[key],
+        value: varsFromURL[key],
+      };
+    } else {
+      variables[key] = varsFromYML[key];
+    }
+  });
+  return variables;
+};
+
 export default {};
--- a/app/assets/javascripts/monitoring/utils.js
+++ b/app/assets/javascripts/monitoring/utils.js
@@ -170,11 +170,10 @@ export const convertVariablesForURL = variables =>
 * begin with a constant prefix so that it doesn't collide with
 * other URL params.
 *
- * @param {String} New URL
+ * @param {String} search URL
 * @returns {Object} The custom variables defined by the user in the URL
 */
-
-export const getPromCustomVariablesFromUrl = (search = window.location.search) => {
+export const templatingVariablesFromUrl = (search = window.location.search) => {
  const params = queryToObject(search);
  // pick the params with variable prefix
  const paramsWithVars = pickBy(params, (val, key) => key.startsWith(VARIABLE_PREFIX));
@@ -353,39 +352,4 @@ export const barChartsDataParser = (data = []) =>
    {},
  );

-/**
- * Custom variables are defined in the dashboard yml file
- * and their values can be passed through the URL.
- *
- * On component load, this method merges variables data
- * from the yml file with URL data to store in the Vuex store.
- * Not all params coming from the URL need to be stored. Only
- * the ones that have a corresponding variable defined in the
- * yml file.
- *
- * This ensures that there is always a single source of truth
- * for variables
- *
- * This method can be improved further. See the below issue
- * https://gitlab.com/gitlab-org/gitlab/-/issues/217713
- *
- * @param {Object} varsFromYML template variables from yml file
- * @returns {Object}
- */
-export const mergeURLVariables = (varsFromYML = {}) => {
-  const varsFromURL = getPromCustomVariablesFromUrl();
-  const variables = {};
-  Object.keys(varsFromYML).forEach(key => {
-    if (Object.prototype.hasOwnProperty.call(varsFromURL, key)) {
-      variables[key] = {
-        ...varsFromYML[key],
-        value: varsFromURL[key],
-      };
-    } else {
-      variables[key] = varsFromYML[key];
-    }
-  });
-  return variables;
-};
-
 export default {};
--- a/app/assets/javascripts/vue_merge_request_widget/components/mr_collapsible_extension.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/mr_collapsible_extension.vue
 <script>
-import { GlDeprecatedButton, GlLoadingIcon } from '@gitlab/ui';
+import { GlButton, GlLoadingIcon } from '@gitlab/ui';
 import { __ } from '~/locale';
 import Icon from '~/vue_shared/components/icon.vue';

 export default {
  components: {
-    GlDeprecatedButton,
+    GlButton,
    GlLoadingIcon,
    Icon,
  },
@@ -58,16 +58,17 @@ export default {
      </div>

      <template v-else>
-        <gl-deprecated-button
+        <button
          class="btn-blank btn s32 square append-right-default"
+          type="button"
          :aria-label="ariaLabel"
          :disabled="isLoading"
          @click="toggleCollapsed"
        >
          <gl-loading-icon v-if="isLoading" />
          <icon v-else :name="arrowIconName" class="js-icon" />
-        </gl-deprecated-button>
-        <gl-deprecated-button
+        </button>
+        <gl-button
          variant="link"
          class="js-title"
          :disabled="isLoading"
@@ -76,7 +77,7 @@ export default {
        >
          <template v-if="isCollapsed">{{ title }}</template>
          <template v-else>{{ __('Collapse') }}</template>
-        </gl-deprecated-button>
+        </gl-button>
      </template>
    </div>


--- a/app/controllers/concerns/known_sign_in.rb
+++ b/app/controllers/concerns/known_sign_in.rb
@@ -2,19 +2,34 @@

 module KnownSignIn
  include Gitlab::Utils::StrongMemoize
+  include CookiesHelper
+
+  KNOWN_SIGN_IN_COOKIE = :known_sign_in
+  KNOWN_SIGN_IN_COOKIE_EXPIRY = 14.days

  private

  def verify_known_sign_in
    return unless current_user

-    notify_user unless known_remote_ip?
+    notify_user unless known_device? || known_remote_ip?
+
+    update_cookie
  end

  def known_remote_ip?
    known_ip_addresses.include?(request.remote_ip)
  end

+  def known_device?
+    cookies.encrypted[KNOWN_SIGN_IN_COOKIE] == current_user.id
+  end
+
+  def update_cookie
+    set_secure_cookie(KNOWN_SIGN_IN_COOKIE, current_user.id,
+                      type: COOKIE_TYPE_ENCRYPTED, httponly: true, expires: KNOWN_SIGN_IN_COOKIE_EXPIRY)
+  end
+
  def sessions
    strong_memoize(:session) do
      ActiveSession.list(current_user).reject(&:is_impersonated)

--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -82,7 +82,7 @@ def require_branch_head
  end

  def apply_diff_view_cookie!
-    set_secure_cookie(:diff_view, params.delete(:view), permanent: true) if params[:view].present?
+    set_secure_cookie(:diff_view, params.delete(:view), type: COOKIE_TYPE_PERMANENT) if params[:view].present?
  end

  def require_pages_enabled!

--- a/app/controllers/projects/merge_requests/diffs_controller.rb
+++ b/app/controllers/projects/merge_requests/diffs_controller.rb
@@ -8,6 +8,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
  before_action :commit
  before_action :define_diff_vars
  before_action :define_diff_comment_vars, except: [:diffs_batch, :diffs_metadata]
+  before_action :update_diff_discussion_positions!

  around_action :allow_gitaly_ref_name_caching

@@ -171,4 +172,12 @@ def renderable_notes

    @notes.concat(draft_notes)
  end
+
+  def update_diff_discussion_positions!
+    return unless Feature.enabled?(:merge_ref_head_comments, @merge_request.target_project, default_enabled: true)
+    return unless Feature.enabled?(:merge_red_head_comments_position_on_demand, @merge_request.target_project, default_enabled: true)
+    return if @merge_request.has_any_diff_note_positions?
+
+    Discussions::CaptureDiffNotePositionsService.new(@merge_request).execute
+  end
 end
--- a/app/graphql/types/release_links_type.rb
+++ b/app/graphql/types/release_links_type.rb
+# frozen_string_literal: true
+
+module Types
+  class ReleaseLinksType < BaseObject
+    graphql_name 'ReleaseLinks'
+
+    authorize :download_code
+
+    alias_method :release, :object
+
+    present_using ReleasePresenter
+
+    field :self_url, GraphQL::STRING_TYPE, null: true,
+          description: 'HTTP URL of the release'
+    field :merge_requests_url, GraphQL::STRING_TYPE, null: true,
+          description: 'HTTP URL of the merge request page filtered by this release'
+    field :issues_url, GraphQL::STRING_TYPE, null: true,
+          description: 'HTTP URL of the issues page filtered by this release'
+    field :edit_url, GraphQL::STRING_TYPE, null: true,
+          description: "HTTP URL of the release's edit page",
+          authorize: :update_release
+  end
+end
--- a/app/graphql/types/release_type.rb
+++ b/app/graphql/types/release_type.rb
@@ -28,6 +28,8 @@ class ReleaseType < BaseObject
          description: 'Timestamp of when the release was released'
    field :assets, Types::ReleaseAssetsType, null: true, method: :itself,
          description: 'Assets of the release'
+    field :links, Types::ReleaseLinksType, null: true, method: :itself,
+          description: 'Links of the release'
    field :milestones, Types::MilestoneType.connection_type, null: true,
          description: 'Milestones associated to the release'
    field :evidences, Types::EvidenceType.connection_type, null: true,

--- a/app/helpers/cookies_helper.rb
+++ b/app/helpers/cookies_helper.rb
 # frozen_string_literal: true

 module CookiesHelper
-  def set_secure_cookie(key, value, httponly: false, permanent: false)
-    cookie_jar = permanent ? cookies.permanent : cookies
+  COOKIE_TYPE_PERMANENT = :permanent
+  COOKIE_TYPE_ENCRYPTED = :encrypted

-    cookie_jar[key] = { value: value, secure: Gitlab.config.gitlab.https, httponly: httponly }
+  def set_secure_cookie(key, value, httponly: false, expires: nil, type: nil)
+    cookie_jar = case type
+                 when COOKIE_TYPE_PERMANENT
+                   cookies.permanent
+                 when COOKIE_TYPE_ENCRYPTED
+                   cookies.encrypted
+                 else
+                   cookies
+                 end
+
+    cookie_jar[key] = { value: value, secure: Gitlab.config.gitlab.https, httponly: httponly, expires: expires }
  end
 end
--- a/app/models/concerns/noteable.rb
+++ b/app/models/concerns/noteable.rb
@@ -67,6 +67,10 @@ def preloads_discussion_diff_highlighting?
    false
  end

+  def has_any_diff_note_positions?
+    notes.any? && DiffNotePosition.where(note: notes).exists?
+  end
+
  def discussion_notes
    notes
  end

--- a/app/views/import/gitlab/status.html.haml
+++ b/app/views/import/gitlab/status.html.haml
 - page_title _("GitLab.com import")
 - header_title _("Projects"), root_path
 %h3.page-title
-  %i.fa.fa-heart
+  = sprite_icon('heart', size: 16, css_class: 'gl-vertical-align-middle')
  = _('Import projects from GitLab.com')

 - if Feature.enabled?(:new_import_ui)

--- a/changelogs/unreleased/ajk-declarative-policy-overrides.yml
+++ b/changelogs/unreleased/ajk-declarative-policy-overrides.yml
+---
+title: Allow policies to override parent rules
+merge_request: 33990
+author:
+type: added
--- a/changelogs/unreleased/dblessing_known_sign_in_.yml
+++ b/changelogs/unreleased/dblessing_known_sign_in_.yml
+---
+title: Use IP or cookie in known sign-in check
+merge_request: 34102
+author:
+type: changed