Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/rails.gitlab-ci.yml

@@ -336,28 +336,27 @@ rspec system pg14 no_gitaly_transactions:
 rspec-ee migration pg14 no_gitaly_transactions:
   extends:
     - rspec-ee migration pg14
-    - .gitaly-without-transactions
+    - .ee-only-gitaly-without-transactions
 
 rspec-ee background_migration pg14 no_gitaly_transactions:
   extends:
     - rspec-ee background_migration pg14
-    - .gitaly-without-transactions
+    - .ee-only-gitaly-without-transactions
 
 rspec-ee unit pg14 no_gitaly_transactions:
   extends:
     - rspec-ee unit pg14
-    - .gitaly-without-transactions
+    - .ee-only-gitaly-without-transactions
 
 rspec-ee integration pg14 no_gitaly_transactions:
   extends:
     - rspec-ee integration pg14
-    - .gitaly-without-transactions
+    - .ee-only-gitaly-without-transactions
 
 rspec-ee system pg14 no_gitaly_transactions:
   extends:
     - rspec-ee system pg14
-    - .gitaly-without-transactions
-
+    - .ee-only-gitaly-without-transactions
 
 # Dedicated job to test DB library code against PG13.
 # Note that these are already tested against PG13 in the `rspec unit pg13` / `rspec-ee unit pg13` jobs.

.gitlab/ci/rails/shared.gitlab-ci.yml

@@ -66,6 +66,12 @@ include:
   variables:
     GITALY_TRANSACTIONS_ENABLED: "false"
 
+.ee-only-gitaly-without-transactions:
+  extends:
+    - .rails:rules:ee-only-gitaly-without-transactions
+  variables:
+    GITALY_TRANSACTIONS_ENABLED: "false"
+
 .rspec-base-needs:
   needs:
     - !reference [.repo-from-artifacts, needs]

.gitlab/ci/rules.gitlab-ci.yml

@@ -2002,6 +2002,12 @@
     - <<: *if-schedule-maintenance
     - <<: *if-merge-request-labels-run-without-gitaly-transactions
 
+.rails:rules:ee-only-gitaly-without-transactions:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - !reference [".rails:rules:gitaly-without-transactions", rules]
+
 .rails:rules:ee-and-foss-migration:
   rules:
     - <<: *if-fork-merge-request

.rubocop_todo/rspec/file_path.yml

@@ -65,6 +65,7 @@ RSpec/FilePath:
     - 'spec/services/ci/create_pipeline_service/rate_limit_spec.rb'
     - 'spec/services/ci/create_pipeline_service/rules_spec.rb'
     - 'spec/services/ci/create_pipeline_service/scripts_spec.rb'
+    - 'spec/services/ci/create_pipeline_service/run_spec.rb'
     - 'spec/services/ci/create_pipeline_service/tags_spec.rb'
     - 'spec/services/ci/create_pipeline_service/variables_spec.rb'
     - 'spec/services/ci/create_pipeline_service/workflow_auto_cancel_spec.rb'

GITALY_SERVER_VERSION

@@ -1 +1 @@
-47c3c8bc2d5a93e83eee6b250a06e4c39d9c929c
+8274bcec3ce5fd5059d83e724a4671bc3dcd2d68

Gemfile

@@ -565,7 +565,7 @@ group :test do
   # Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
   gem 'derailed_benchmarks', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 
-  gem 'gitlab_quality-test_tooling', '~> 1.30.0', require: false, feature_category: :tooling
+  gem 'gitlab_quality-test_tooling', '~> 1.31.0', require: false, feature_category: :tooling
 end
 
 gem 'octokit', '~> 9.0', feature_category: :importers

Gemfile.checksum

@@ -234,7 +234,7 @@
 {"name":"gitlab-styles","version":"12.0.1","platform":"ruby","checksum":"d8a302b0ab0e1f18e2d11501760f1b85c5e70b5e5ca628828a0786c7984ed133"},
 {"name":"gitlab_chronic_duration","version":"0.12.0","platform":"ruby","checksum":"0d766944d415b5c831f176871ee8625783fc0c5bfbef2d79a3a616f207ffc16d"},
 {"name":"gitlab_omniauth-ldap","version":"2.2.0","platform":"ruby","checksum":"bb4d20acb3b123ed654a8f6a47d3fac673ece7ed0b6992edb92dca14bad2838c"},
-{"name":"gitlab_quality-test_tooling","version":"1.30.0","platform":"ruby","checksum":"06722db6aed571e2ec22e04a4179215cf0b49c9658ef14f71b8bd2245bc0c56c"},
+{"name":"gitlab_quality-test_tooling","version":"1.31.0","platform":"ruby","checksum":"c13d38f2ba01469179db7211008722b1f4a55270cca561d832b1eee438124f52"},
 {"name":"globalid","version":"1.1.0","platform":"ruby","checksum":"b337e1746f0c8cb0a6c918234b03a1ddeb4966206ce288fbb57779f59b2d154f"},
 {"name":"gon","version":"6.4.0","platform":"ruby","checksum":"e3a618d659392890f1aa7db420f17c75fd7d35aeb5f8fe003697d02c4b88d2f0"},
 {"name":"google-apis-androidpublisher_v3","version":"0.34.0","platform":"ruby","checksum":"d7e1d7dd92f79c498fe2082222a1740d788e022e660c135564b3fd299cab5425"},

Gemfile.lock

@@ -754,7 +754,7 @@ GEM
       omniauth (>= 1.3, < 3)
       pyu-ruby-sasl (>= 0.0.3.3, < 0.1)
       rubyntlm (~> 0.5)
-    gitlab_quality-test_tooling (1.30.0)
+    gitlab_quality-test_tooling (1.31.0)
       activesupport (>= 7.0, < 7.2)
       amatch (~> 0.4.1)
       gitlab (~> 4.19)
@@ -2044,7 +2044,7 @@ DEPENDENCIES
   gitlab-utils!
   gitlab_chronic_duration (~> 0.12)
   gitlab_omniauth-ldap (~> 2.2.0)
-  gitlab_quality-test_tooling (~> 1.30.0)
+  gitlab_quality-test_tooling (~> 1.31.0)
   gon (~> 6.4.0)
   google-apis-androidpublisher_v3 (~> 0.34.0)
   google-apis-cloudbilling_v1 (~> 0.21.0)

app/assets/javascripts/editor/schema/ci.json

@@ -880,6 +880,49 @@
         }
       ]
     },
+    "steps": {
+      "type": "array",
+      "items": {
+        "oneOf": [
+          {
+            "required": [
+              "step"
+            ]
+          },
+          {
+            "required": [
+              "script"
+            ]
+          }
+        ],
+        "properties": {
+          "name": {
+            "type": "string",
+            "description": "Unique identifier for this step."
+          },
+          "step": {
+            "type": "string",
+            "description": "Reference to the step to invoke."
+          },
+          "env": {
+            "$ref": "#/definitions/globalVariables"
+          },
+          "inputs": {
+            "$ref": "#/definitions/inputs"
+          },
+          "script": {
+            "type": "string",
+            "description": "Shell script to evaluate."
+          }
+        },
+        "additionalProperties": false,
+        "type": "object",
+        "required": [
+          "name"
+        ],
+        "description": "A single step invocation."
+      }
+    },
     "optional_script": {
       "oneOf": [
         {
@@ -1742,6 +1785,10 @@
           "$ref": "#/definitions/script",
           "markdownDescription": "Shell scripts executed by the Runner. The only required property of jobs. Be careful with special characters (e.g. `:`, `{`, `}`, `&`) and use single or double quotes to avoid issues. [Learn More](https://docs.gitlab.com/ee/ci/yaml/#script)"
         },
+        "run": {
+          "$ref": "#/definitions/steps",
+          "markdownDescription": "Specifies a list of steps to execute in the job. The `run` keyword is an alternative to `script` and allows for more advanced job configuration. Each step is an object that defines a single task or command. Use either `run` or `script` in a job, but not both, otherwise the pipeline will error out."
+        },
         "stage": {
           "description": "Define what stage the job will run in.",
           "anyOf": [

app/assets/javascripts/issues/list/components/issue_card_time_info.vue

@@ -97,11 +97,7 @@ export default {
 
 <template>
   <span>
-    <span
-      v-if="milestone"
-      class="issuable-milestone gl-mr-3 gl-text-truncate gl-max-w-26 gl-display-inline-block gl-align-bottom"
-      data-testid="issuable-milestone"
-    >
+    <span v-if="milestone" class="issuable-milestone gl-mr-3" data-testid="issuable-milestone">
       <gl-link
         v-gl-tooltip
         :href="milestoneLink"

app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue

@@ -77,7 +77,7 @@ export default {
     ),
     duoLabel: s__('ProjectSettings|GitLab Duo'),
     duoHelpText: s__('ProjectSettings|Use AI-powered features in this project.'),
-    securityAndComplianceLabel: s__('ProjectSettings|Security and Compliance'),
+    securityAndComplianceLabel: s__('ProjectSettings|Security and compliance'),
     snippetsLabel: s__('ProjectSettings|Snippets'),
     wikiLabel: s__('ProjectSettings|Wiki'),
     pucWarningLabel: s__('ProjectSettings|Warn about Potentially Unwanted Characters'),

app/assets/javascripts/security_configuration/utils.js

@@ -11,7 +11,7 @@ import { REPORT_TYPE_DAST } from '~/vue_shared/security_reports/constants';
  * It then filters out any scanner features that lack a security config for rednering in the UI
  * @param [{}] features
  * @param {Object} securityFeatures Object containing client side UI options
- * @returns {Object} Object with enriched features from constants divided into Security and Compliance Features
+ * @returns {Object} Object with enriched features from constants divided into Security and compliance Features
  */
 
 export const augmentFeatures = (securityFeatures, features = []) => {

app/controllers/concerns/integrations/actions.rb

@@ -13,8 +13,8 @@ module Integrations::Actions
     before_action :integration, only: [:edit, :update, :overrides, :test]
     # rubocop:enable Rails/LexicallyScopedActionFilter
 
-    before_action :render_404, only: :edit, if: -> do
-      integration.to_param == 'prometheus' && Feature.enabled?(:remove_monitor_metrics)
+    before_action :render_404, only: [:edit, :update, :overrides, :test], if: -> do
+      integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:remove_monitor_metrics)
     end
 
     urgency :low, [:test]

app/controllers/projects/settings/integrations_controller.rb

@@ -13,6 +13,10 @@ class IntegrationsController < Projects::ApplicationController
       before_action :web_hook_logs, only: [:edit, :update]
       before_action -> { check_test_rate_limit! }, only: :test
 
+      before_action :render_404, only: [:edit, :update, :test], if: -> do
+        integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:remove_monitor_metrics)
+      end
+
       respond_to :html
 
       layout "project_settings"
@@ -24,9 +28,7 @@ def index
         @integrations = @project.find_or_initialize_integrations
       end
 
-      def edit
-        render_404 if integration.to_param == 'prometheus' && Feature.enabled?(:remove_monitor_metrics)
-      end
+      def edit; end
 
       def update
         attributes = integration_params[:integration]

app/finders/banzai/uploads_finder.rb

@@ -2,6 +2,8 @@
 
 module Banzai
   class UploadsFinder
+    include FinderMethods
+
     def initialize(parent:)
       @parent = parent
     end

app/finders/organizations/groups_finder.rb

@@ -4,7 +4,7 @@ module Organizations
   class GroupsFinder < GroupsFinder
     def execute
       groups = find_union(filtered_groups, Group)
-      groups = groups.without_deleted if Feature.enabled?(:filter_deleted_groups, current_user)
+      groups = groups.without_deleted
 
       unless default_organization?
         cte = Gitlab::SQL::CTE.new(:filtered_groups_cte, groups, materialized: false)

app/models/ci/build.rb

@@ -233,7 +233,7 @@ def clone_accessors
           yaml_variables when environment coverage_regex
           description tag_list protected needs_attributes
           job_variables_attributes resource_group scheduling_type
-          ci_stage partition_id id_tokens interruptible].freeze
+          ci_stage partition_id id_tokens interruptible execution_config_id].freeze
       end
 
       def supported_keyset_orderings

app/models/upload.rb

@@ -20,6 +20,7 @@ class Upload < ApplicationRecord
   scope :for_model_type_and_id, ->(type, id) { where(model_type: type, model_id: id) }
   scope :for_uploader, ->(uploader_class) { where(uploader: uploader_class.to_s) }
   scope :order_by_created_at_desc, -> { reorder(created_at: :desc) }
+  scope :preload_uploaded_by_user, -> { preload(:uploaded_by_user) }
 
   before_save :calculate_checksum!, if: :foreground_checksummable?
   # as the FileUploader is not mounted, the default CarrierWave ActiveRecord
@@ -98,7 +99,7 @@ def build_uploader(mounted_as = nil)
   # @return [GitlabUploader] one of the subclasses, defined at the model's uploader attribute
   def retrieve_uploader(mounted_as = nil)
     build_uploader(mounted_as).tap do |uploader|
-      uploader.retrieve_from_store!(identifier)
+      uploader.retrieve_from_store!(filename)
     end
   end
 
@@ -124,7 +125,7 @@ def exist?
 
   def uploader_context
     {
-      identifier: identifier,
+      identifier: filename,
       secret: secret,
       uploaded_by_user_id: uploaded_by_user_id
     }.compact
@@ -144,6 +145,10 @@ def needs_checksum?
     checksum.nil? && local? && exist?
   end
 
+  def filename
+    File.basename(path)
+  end
+
   private
 
   def delete_file!
@@ -166,10 +171,6 @@ def uploader_class
     Object.const_get(uploader, false)
   end
 
-  def identifier
-    File.basename(path)
-  end
-
   def mount_point
     super&.to_sym
   end

app/policies/group_policy.rb

@@ -256,6 +256,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy
     enable :create_jira_connect_subscription
     enable :maintainer_access
     enable :read_upload
+    enable :admin_upload
     enable :destroy_upload
     enable :admin_push_rules
   end

app/policies/project_policy.rb

@@ -613,6 +613,7 @@ class ProjectPolicy < BasePolicy
     enable :admin_project_aws
     enable :admin_secure_files
     enable :read_upload
+    enable :admin_upload
     enable :destroy_upload
     enable :admin_incident_management_timeline_event_tag
     enable :stop_environment

app/validators/json_schema_validator.rb

@@ -25,7 +25,7 @@ def initialize(options)
   end
 
   def validate_each(record, attribute, value)
-    value = value.to_h.deep_stringify_keys if options[:hash_conversion] == true
+    value = Gitlab::Json.parse(Gitlab::Json.dump(value)) if options[:hash_conversion] == true
     value = Gitlab::Json.parse(value.to_s) if options[:parse_json] == true && !value.nil?
 
     if options[:detail_errors]

app/views/projects/merge_requests/_merge_request.html.haml

@@ -26,13 +26,13 @@
           ·
           #{s_('IssueList|created %{timeAgoString} by %{user}').html_safe % { timeAgoString: time_ago_with_tooltip(merge_request.created_at, placement: 'bottom'), user: link_to_member(@project, merge_request.author, avatar: false, extra_class: 'gl-text-gray-500!') }}
         - if merge_request.milestone
-          %span.issuable-milestone.gl-inline-block.gl-text-truncate.gl-max-w-26.gl-align-bottom
+          %span.issuable-milestone.gl-inline-block
              
             = link_to project_merge_requests_path(merge_request.project, milestone_title: merge_request.milestone.title), class: 'gl-text-gray-500!', data: { html: 'true', toggle: 'tooltip', title: milestone_tooltip_due_date(merge_request.milestone) } do
               = sprite_icon('milestone', size: 12, css_class: 'gl-vertical-align-text-bottom')
               = merge_request.milestone.title
         - if merge_request.target_project.default_branch != merge_request.target_branch
-          %span.project-ref-path.has-tooltip.gl-inline-block.gl-text-truncate.gl-max-w-26.gl-align-bottom{ title: _('Target branch: %{target_branch}') % {target_branch: merge_request.target_branch} }
+          %span.project-ref-path.has-tooltip.gl-inline-block{ title: _('Target branch: %{target_branch}') % {target_branch: merge_request.target_branch} }
              
             = link_to project_ref_path(merge_request.project, merge_request.target_branch), class: 'ref-name gl-text-gray-500!' do
               = sprite_icon('branch', size: 12, css_class: 'fork-sprite')

config/feature_flags/gitlab_com_derisk/filter_deleted_groups.yml renamed to config/feature_flags/gitlab_com_derisk/pipeline_run_keyword.yml

@@ -1,9 +1,9 @@
 ---
-name: filter_deleted_groups
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/455871
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158309
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/470628
+name: pipeline_run_keyword
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/440487
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146333
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/471925
 milestone: '17.2'
-group: group::tenant scale
+group: group::pipeline authoring
 type: gitlab_com_derisk
 default_enabled: false

doc/administration/custom_project_templates.md

@@ -57,7 +57,7 @@ Prerequisites:
 1. Review the project's
    [feature settings](../user/project/settings/index.md#configure-project-features-and-permissions).
    All enabled project features should be set to **Everyone With Access**, except
-   **GitLab Pages** and **Security and Compliance**.
+   **GitLab Pages** and **Security and compliance**.
 
 Repository and database information that are copied over to each new project are
 identical to the data exported with the [GitLab Project Import/Export](../user/project/settings/import_export.md).

doc/administration/settings/security_and_compliance.md

@@ -4,7 +4,7 @@ group: Composition Analysis
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Security and Compliance Admin area settings
+# Security and compliance Admin area settings
 
 DETAILS:
 **Tier:** Ultimate
@@ -17,7 +17,7 @@ The settings for package metadata synchronization are located in the [Admin area
 To choose the packages you want to synchronize with the GitLab Package Metadata Database for [License Compliance](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) and [Continuous Vulnerability Scanning](../../user/application_security/continuous_vulnerability_scanning/index.md):
 
 1. On the left sidebar, at the bottom, select **Admin area**.
-1. Select **Settings > Security and Compliance**.
+1. Select **Settings > Security and compliance**.
 1. In **Package registry metadata to sync**, select or clear checkboxes for the
    package registries that you want to sync.
 1. Select **Save changes**.