Add latest changes from gitlab-org/gitlab@master

.rubocop_todo/style/if_unless_modifier.yml

@@ -453,7 +453,6 @@ Style/IfUnlessModifier:
     - 'ee/lib/ee/gitlab/quick_actions/epic_actions.rb'
     - 'ee/lib/ee/gitlab/quick_actions/issue_actions.rb'
     - 'ee/lib/ee/gitlab/repository_size_checker.rb'
-    - 'ee/lib/ee/sidebars/groups/menus/settings_menu.rb'
     - 'ee/lib/ee/sidebars/projects/menus/analytics_menu.rb'
     - 'ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb'
     - 'ee/lib/elastic/latest/custom_language_analyzers.rb'

app/assets/javascripts/pages/projects/wikis/index.js

@@ -1,7 +1,9 @@
 import Wikis from '~/pages/shared/wikis/wikis';
 import { mountApplications } from '~/pages/shared/wikis/edit';
 import { mountMoreActions } from '~/pages/shared/wikis/more_actions';
+import { mountWikiSidebarEntries } from '~/pages/shared/wikis/show';
 
+mountWikiSidebarEntries();
 mountApplications();
 mountMoreActions();
 

app/assets/javascripts/pages/shared/wikis/show.js

@@ -71,7 +71,7 @@ const mountWikiContentApp = () => {
   });
 };
 
-const mountWikiSidebarEntries = () => {
+export const mountWikiSidebarEntries = () => {
   const el = document.querySelector('#js-wiki-sidebar-entries');
   if (!el) return false;
 
@@ -93,7 +93,6 @@ const mountWikiSidebarEntries = () => {
 
 export const mountApplications = () => {
   mountWikiContentApp();
-  mountWikiSidebarEntries();
 
   new Wikis(); // eslint-disable-line no-new
 };

app/controllers/graphql_controller.rb

@@ -30,7 +30,13 @@ class GraphqlController < ApplicationController
   protect_from_forgery with: :null_session, only: :execute
 
   # must come first: current_user is set up here
-  before_action :authenticate_graphql, only: :execute
+  before_action(only: [:execute]) do
+    if Feature.enabled? :graphql_minimal_auth_methods # rubocop:disable Gitlab/FeatureFlagWithoutActor -- reverting MR
+      authenticate_graphql
+    else
+      authenticate_sessionless_user!(:api)
+    end
+  end
 
   before_action :authorize_access_api!
   before_action :set_user_last_activity

app/services/ci/resource_groups/assign_resource_from_resource_group_service.rb

@@ -10,36 +10,13 @@ def execute(resource_group)
 
         free_resources = resource_group.resources.free.count
 
-        if free_resources == 0
-          if resource_group.waiting_processables.any?
-            # if the resource group is still 'tied up' in other processables,
-            #   and there are more upcoming processables
-            # kick off the worker again for the current resource group
-            respawn_assign_resource_worker(resource_group)
-          end
-
-          return
-        end
+        return if free_resources == 0
 
         enqueue_upcoming_processables(free_resources, resource_group)
       end
 
       private
 
-      def respawn_assign_resource_worker(resource_group)
-        return if Feature.disabled?(:respawn_assign_resource_worker, project, type: :gitlab_com_derisk)
-
-        assign_resource_from_resource_group(resource_group)
-      end
-
-      def assign_resource_from_resource_group(resource_group)
-        if Feature.enabled?(:assign_resource_worker_deduplicate_until_executing, project)
-          Ci::ResourceGroups::AssignResourceFromResourceGroupWorkerV2.perform_in(RESPAWN_WAIT_TIME, resource_group.id)
-        else
-          Ci::ResourceGroups::AssignResourceFromResourceGroupWorker.perform_in(RESPAWN_WAIT_TIME, resource_group.id)
-        end
-      end
-
       # rubocop: disable CodeReuse/ActiveRecord
       def enqueue_upcoming_processables(free_resources, resource_group)
         resource_group.upcoming_processables.take(free_resources).each do |upcoming|

app/services/packages/terraform_module/create_package_service.rb

@@ -23,9 +23,7 @@ def execute
 
         package, package_file = ApplicationRecord.transaction { create_terraform_module_package! }
 
-        if Feature.enabled?(:index_terraform_module_archive, project)
-          ::Packages::TerraformModule::ProcessPackageFileWorker.perform_async(package_file.id)
-        end
+        ::Packages::TerraformModule::ProcessPackageFileWorker.perform_async(package_file.id)
 
         ServiceResponse.success(payload: { package: package })
       rescue ActiveRecord::RecordInvalid => e

app/views/shared/wikis/diff.html.haml

@@ -1,4 +1,6 @@
 - @content_class = "limit-container-width" unless fluid_layout
+- @gfm_form = true
+- @noteable_type = 'Wiki'
 - wiki_page_title @page, _('Changes')
 - add_page_specific_style 'page_bundles/wiki'
 - commit = @diffs.diffable

app/views/shared/wikis/git_access.html.haml

@@ -1,3 +1,5 @@
+- @gfm_form = true
+- @noteable_type = 'Wiki'
 - @content_class = "limit-container-width" unless fluid_layout
 - page_title s_("WikiClone|Git Access"), _("Wiki")
 - add_page_specific_style 'page_bundles/wiki'

app/views/shared/wikis/history.html.haml

@@ -1,4 +1,6 @@
 - @content_class = "limit-container-width" unless fluid_layout
+- @gfm_form = true
+- @noteable_type = 'Wiki'
 - wiki_page_title @page, _('History')
 - add_page_specific_style 'page_bundles/wiki'
 

config/feature_flags/gitlab_com_derisk/respawn_assign_resource_worker.yml → config/feature_flags/gitlab_com_derisk/graphql_minimal_auth_methods.yml

@@ -1,9 +1,9 @@
 ---
-name: respawn_assign_resource_worker
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/436988
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147313
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/450793
-milestone: '16.11'
-group: group::environments
+name: graphql_minimal_auth_methods
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438462
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150407
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/444929
+milestone: '17.0'
+group: group::authentication
 type: gitlab_com_derisk
 default_enabled: false

db/docs/scan_result_policies.yml

@@ -7,4 +7,21 @@ feature_categories:
 description: Stores rules of a Security Orchestration Policy.
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/109624
 milestone: '15.9'
-gitlab_schema: gitlab_main
+gitlab_schema: gitlab_main_cell
+desired_sharding_key:
+  project_id:
+    references: projects
+    backfill_via:
+      parent:
+        foreign_key: security_orchestration_policy_configuration_id
+        table: security_orchestration_policy_configurations
+        sharding_key: project_id
+        belongs_to: security_orchestration_policy_configuration
+  namespace_id:
+    references: namespaces
+    backfill_via:
+      parent:
+        foreign_key: security_orchestration_policy_configuration_id
+        table: security_orchestration_policy_configurations
+        sharding_key: namespace_id
+        belongs_to: security_orchestration_policy_configuration

db/docs/software_licenses.yml

@@ -4,7 +4,9 @@ classes:
 - SoftwareLicense
 feature_categories:
 - security_policy_management
-description: Normalized software licenses to use in conjunction with License Compliance features (like software license policies)
+description: Normalized software licenses to use in conjunction with License Compliance
+  features (like software license policies)
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/6246
 milestone: '11.2'
-gitlab_schema: gitlab_main
+gitlab_schema: gitlab_main_cell
+sharding_key_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/441078

db/post_migrate/20240611102931_set_missing_traversal_ids_for_vulnerability_reads.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class SetMissingTraversalIdsForVulnerabilityReads < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '17.1'
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  class VulnerabilityRead < MigrationRecord
+    include EachBatch
+
+    self.table_name = 'vulnerability_reads'
+  end
+
+  def up
+    return unless Gitlab.com?
+
+    VulnerabilityRead.where(traversal_ids: [], archived: false).each_batch(of: 50) do |batch|
+      vulnerability_ids = batch.pluck(:vulnerability_id)
+
+      update_records(vulnerability_ids)
+    end
+  end
+
+  def down
+    # no-op
+  end
+
+  private
+
+  def update_records(vulnerability_ids)
+    execute(<<~SQL)
+      UPDATE
+        vulnerability_reads
+      SET
+        traversal_ids = namespaces.traversal_ids
+      FROM
+        namespaces
+      WHERE
+        vulnerability_reads.vulnerability_id IN (#{vulnerability_ids.join(', ')}) AND
+        namespaces.id = vulnerability_reads.namespace_id
+    SQL
+  end
+end

db/schema_migrations/20240611102931

@@ -0,0 +1 @@
+84fd9d37f90dc9d6d76e537ad67451f721d5c1e52de0366111efc173678743c8

doc/api/graphql/reference/index.md

@@ -10095,6 +10095,7 @@ Input type: `WorkspaceCreateInput`
 | <a id="mutationworkspacecreateeditor"></a>`editor` | [`String!`](#string) | Editor to inject into the created workspace. Must match a configured template. |
 | <a id="mutationworkspacecreatemaxhoursbeforetermination"></a>`maxHoursBeforeTermination` | [`Int!`](#int) | Maximum hours the workspace can exist before it is automatically terminated. |
 | <a id="mutationworkspacecreateprojectid"></a>`projectId` | [`ProjectID!`](#projectid) | ID of the project that will provide the Devfile for the created workspace. |
+| <a id="mutationworkspacecreatevariables"></a>`variables` | [`[WorkspaceVariableInput!]`](#workspacevariableinput) | Variables to inject into the workspace. |
 
 #### Fields
 
@@ -36082,6 +36083,14 @@ Type of a work item widget.
 | <a id="workitemwidgettypetime_tracking"></a>`TIME_TRACKING` | Time Tracking widget. |
 | <a id="workitemwidgettypeweight"></a>`WEIGHT` | Weight widget. |
 
+### `WorkspaceVariableInputType`
+
+Enum for the type of the variable to be injected in a workspace.
+
+| Value | Description |
+| ----- | ----------- |
+| <a id="workspacevariableinputtypeenvironment"></a>`ENVIRONMENT` | Name type. |
+
 ## Scalar types
 
 Scalar values are atomic values, and do not have fields of their own.
@@ -39036,3 +39045,15 @@ Attributes for value stream stage.
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="workitemwidgetweightinputweight"></a>`weight` | [`Int`](#int) | Weight of the work item. |
+
+### `WorkspaceVariableInput`
+
+Attributes for defining a variable to be injected in a workspace.
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="workspacevariableinputkey"></a>`key` | [`String!`](#string) | Key of the variable. |
+| <a id="workspacevariableinputtype"></a>`type` | [`WorkspaceVariableInputType!`](#workspacevariableinputtype) | Type of the variable to be injected in a workspace. |
+| <a id="workspacevariableinputvalue"></a>`value` | [`String!`](#string) | Value of the variable. |

doc/architecture/blueprints/secret_detection/decisions/002_store_the_secret_detection_gem_in_the_same_repository.md

@@ -37,4 +37,4 @@ The decision was made to store the library in the same repository during the fir
 
 With that said, we still followed [the process](../../../../development/gems.md#reserve-a-gem-name) to reserve the gem on [RubyGems.org](https://rubygems.org/gems/gitlab-secret_detection) to avoid name-squatters from taking over the name and providing malicious code to 3rd-parties.
 
-We have no plans to publish the gem externally at least until [Phase 2](../index.md#phase-2---standalone-pre-receive-service) as we begin to consider building a standalone service to perform secret detection.
+We have no plans to publish the gem externally at least until [Phase 2](../index.md#phase-2---standalone-secret-detection-service) as we begin to consider building a standalone service to perform secret detection.