Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.editorconfig

@@ -16,3 +16,6 @@ charset = utf-8
 
 [*.{md,markdown,js.snap}]
 trim_trailing_whitespace = false
+
+[*.rb]
+max_line_length = 120

.rubocop_todo/style/open_struct_use.yml

@@ -1,7 +1,6 @@
 ---
 Style/OpenStructUse:
   Exclude:
-  - app/helpers/application_settings_helper.rb
   - ee/spec/features/projects/new_project_spec.rb
   - ee/spec/finders/template_finder_spec.rb
   - ee/spec/helpers/ee/blob_helper_spec.rb

CHANGELOG.md

@@ -2,6 +2,15 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 14.9.3 (2022-04-12)
+
+### Fixed (4 changes)
+
+- [Revert Protected Environment group access inheritence](gitlab-org/gitlab@488fd8f3f6770eebae10c815398534ff41d57546) ([merge request](gitlab-org/gitlab!84664))
+- [Fix URL blocker when object storage enabled but type is disabled](gitlab-org/gitlab@d0da89768774de9cf635af530ed7386e65f92d40) ([merge request](gitlab-org/gitlab!84664))
+- [Remove pending builds from the queue on conflict](gitlab-org/gitlab@8c88898dfd1619cc635ce5b98e30eebd91da497f) ([merge request](gitlab-org/gitlab!84664))
+- [Fix null argument handling in background migration Rake task](gitlab-org/gitlab@23e1eb3272828b3546e18efdfaea5a8077cb20f4) ([merge request](gitlab-org/gitlab!84664))
+
 ## 14.9.2 (2022-03-31)
 
 ### Security (20 changes)

app/assets/javascripts/security_configuration/components/constants.js

@@ -50,11 +50,17 @@ export const SAST_IAC_CONFIG_HELP_PATH = helpPagePath(
 
 export const DAST_NAME = __('Dynamic Application Security Testing (DAST)');
 export const DAST_SHORT_NAME = s__('ciReport|DAST');
-export const DAST_DESCRIPTION = __('Analyze a review version of your web application.');
+export const DAST_DESCRIPTION = s__(
+  'ciReport|Analyze a deployed version of your web application for known vulnerabilities by examining it from the outside in. DAST works by simulating external attacks on your application while it is running.',
+);
 export const DAST_HELP_PATH = helpPagePath('user/application_security/dast/index');
 export const DAST_CONFIG_HELP_PATH = helpPagePath('user/application_security/dast/index', {
   anchor: 'enable-dast',
 });
+export const DAST_BADGE_TEXT = __('Available on-demand');
+export const DAST_BADGE_TOOLTIP = __(
+  'On-demand scans run outside of the DevOps cycle and find vulnerabilities in your projects',
+);
 
 export const DAST_PROFILES_NAME = __('DAST profiles');
 export const DAST_PROFILES_DESCRIPTION = s__(
@@ -171,18 +177,23 @@ export const securityFeatures = [
     type: REPORT_TYPE_SAST_IAC,
   },
   {
-    name: DAST_NAME,
-    shortName: DAST_SHORT_NAME,
-    description: DAST_DESCRIPTION,
-    helpPath: DAST_HELP_PATH,
-    configurationHelpPath: DAST_CONFIG_HELP_PATH,
-    type: REPORT_TYPE_DAST,
+    badge: {
+      text: DAST_BADGE_TEXT,
+      tooltipText: DAST_BADGE_TOOLTIP,
+      variant: 'info',
+    },
     secondary: {
       type: REPORT_TYPE_DAST_PROFILES,
       name: DAST_PROFILES_NAME,
       description: DAST_PROFILES_DESCRIPTION,
       configurationText: DAST_PROFILES_CONFIG_TEXT,
     },
+    name: DAST_NAME,
+    shortName: DAST_SHORT_NAME,
+    description: DAST_DESCRIPTION,
+    helpPath: DAST_HELP_PATH,
+    configurationHelpPath: DAST_CONFIG_HELP_PATH,
+    type: REPORT_TYPE_DAST,
   },
   {
     name: DEPENDENCY_SCANNING_NAME,

app/assets/javascripts/security_configuration/components/feature_card.vue

@@ -1,15 +1,17 @@
 <script>
 import { GlButton, GlCard, GlIcon, GlLink } from '@gitlab/ui';
 import { __, s__, sprintf } from '~/locale';
-import ManageViaMr from '~/vue_shared/security_configuration/components/manage_via_mr.vue';
 import { REPORT_TYPE_SAST_IAC } from '~/vue_shared/security_reports/constants';
+import ManageViaMr from '~/vue_shared/security_configuration/components/manage_via_mr.vue';
+import FeatureCardBadge from './feature_card_badge.vue';
 
 export default {
   components: {
     GlButton,
     GlCard,
     GlIcon,
     GlLink,
+    FeatureCardBadge,
     ManageViaMr,
   },
   props: {
@@ -37,25 +39,32 @@ export default {
             text: this.$options.i18n.enableFeature,
           };
 
-      button.category = 'secondary';
+      button.category = this.feature.category || 'secondary';
       button.text = sprintf(button.text, { feature: this.shortName });
 
       return button;
     },
+    manageViaMrButtonCategory() {
+      return this.feature.category || 'secondary';
+    },
     showManageViaMr() {
       return ManageViaMr.canRender(this.feature);
     },
     cardClasses() {
       return { 'gl-bg-gray-10': !this.available };
     },
     statusClasses() {
-      const { enabled } = this;
+      const { enabled, hasBadge } = this;
 
       return {
         'gl-ml-auto': true,
         'gl-flex-shrink-0': true,
         'gl-text-gray-500': !enabled,
         'gl-text-green-500': enabled,
+        'gl-w-full': hasBadge,
+        'gl-justify-content-space-between': hasBadge,
+        'gl-display-flex': hasBadge,
+        'gl-mb-4': hasBadge,
       };
     },
     hasSecondary() {
@@ -68,6 +77,9 @@ export default {
     isNotSastIACTemporaryHack() {
       return this.feature.type !== REPORT_TYPE_SAST_IAC;
     },
+    hasBadge() {
+      return Boolean(this.available && this.feature.badge?.text);
+    },
   },
   methods: {
     onError(message) {
@@ -88,7 +100,10 @@ export default {
 
 <template>
   <gl-card :class="cardClasses">
-    <div class="gl-display-flex gl-align-items-baseline">
+    <div
+      class="gl-display-flex gl-align-items-baseline"
+      :class="{ 'gl-flex-direction-column-reverse': hasBadge }"
+    >
       <h3 class="gl-font-lg gl-m-0 gl-mr-3">{{ feature.name }}</h3>
 
       <div
@@ -97,13 +112,19 @@ export default {
         data-testid="feature-status"
         :data-qa-selector="`${feature.type}_status`"
       >
+        <feature-card-badge
+          v-if="hasBadge"
+          :badge="feature.badge"
+          :badge-href="feature.badge.badgeHref"
+        />
+
         <template v-if="enabled">
           <gl-icon name="check-circle-filled" />
           <span class="gl-text-green-700">{{ $options.i18n.enabled }}</span>
         </template>
 
         <template v-else-if="available">
-          {{ $options.i18n.notEnabled }}
+          <span>{{ $options.i18n.notEnabled }}</span>
         </template>
 
         <template v-else>
@@ -133,7 +154,7 @@ export default {
         v-else-if="showManageViaMr"
         :feature="feature"
         variant="confirm"
-        category="secondary"
+        :category="manageViaMrButtonCategory"
         class="gl-mt-5"
         :data-qa-selector="`${feature.type}_mr_button`"
         @error="onError"

app/assets/javascripts/security_configuration/components/feature_card_badge.vue

@@ -0,0 +1,40 @@
+<script>
+import { GlBadge, GlTooltip } from '@gitlab/ui';
+
+export default {
+  components: {
+    GlBadge,
+    GlTooltip,
+  },
+  props: {
+    badge: {
+      type: Object,
+      required: true,
+    },
+    badgeHref: {
+      type: String,
+      required: false,
+      default: '',
+    },
+  },
+};
+</script>
+
+<template>
+  <span>
+    <gl-tooltip
+      v-if="badge.tooltipText"
+      placement="top"
+      boundary="window"
+      title="Tooltip title"
+      :target="() => $refs.badge"
+    >
+      {{ badge.tooltipText }}
+    </gl-tooltip>
+    <span ref="badge">
+      <gl-badge size="sm" :href="badgeHref" :variant="badge.variant">
+        {{ badge.text }}
+      </gl-badge>
+    </span>
+  </span>
+</template>

app/assets/javascripts/security_configuration/utils.js

@@ -30,6 +30,10 @@ export const augmentFeatures = (securityFeatures, complianceFeatures, features =
       augmented.secondary = { ...augmented.secondary, ...featuresByType[feature.secondary.type] };
     }
 
+    if (augmented.badge && augmented.metaInfoPath) {
+      augmented.badge.badgeHref = augmented.metaInfoPath;
+    }
+
     return augmented;
   };
 

app/controllers/concerns/wiki_actions.rb

@@ -308,8 +308,7 @@ def send_wiki_file_blob(wiki, file_blob)
   end
 
   def load_content?
-    return false if %w[history destroy diff].include?(params[:action])
-    return false if params[:action] == 'show' && Feature.enabled?(:wiki_async_load, container, default_enabled: :yaml)
+    return false if %w[history destroy diff show].include?(params[:action])
 
     true
   end

app/graphql/types/dependency_proxy/manifest_type_enum.rb

@@ -5,7 +5,7 @@ class DependencyProxy::ManifestTypeEnum < BaseEnum
     graphql_name 'DependencyProxyManifestStatus'
 
     ::DependencyProxy::Manifest.statuses.keys.each do |status|
-      value status.upcase, { description: "Dependency proxy manifest has a status of #{status}.", value: status }
+      value status.upcase, description: "Dependency proxy manifest has a status of #{status}.", value: status
     end
   end
 end

app/helpers/application_settings_helper.rb

@@ -37,9 +37,15 @@ def kroki_available_formats
   end
 
   def storage_weights
-    Gitlab.config.repositories.storages.keys.each_with_object(OpenStruct.new) do |storage, weights|
-      weights[storage.to_sym] = @application_setting.repository_storages_weighted[storage] || 0
+    # Instead of using a `Struct` we could wrap this into an object.
+    # See https://gitlab.com/gitlab-org/gitlab/-/issues/358419
+    weights = Struct.new(*Gitlab.config.repositories.storages.keys.map(&:to_sym))
+
+    values = Gitlab.config.repositories.storages.keys.map do |storage|
+      @application_setting.repository_storages_weighted[storage] || 0
     end
+
+    weights.new(*values)
   end
 
   def all_protocols_enabled?
@@ -223,6 +229,7 @@ def visible_attributes
       :default_project_visibility,
       :default_projects_limit,
       :default_snippet_visibility,
+      :delete_inactive_projects,
       :disable_feed_token,
       :disabled_oauth_sign_in_sources,
       :domain_denylist,
@@ -273,6 +280,9 @@ def visible_attributes
       :html_emails_enabled,
       :import_sources,
       :in_product_marketing_emails_enabled,
+      :inactive_projects_delete_after_months,
+      :inactive_projects_min_size_mb,
+      :inactive_projects_send_warning_email_after_months,
       :invisible_captcha_enabled,
       :max_artifacts_size,
       :max_attachment_size,

app/models/application_setting.rb

@@ -578,6 +578,15 @@ def self.kroki_formats_attributes
 
   validates :public_runner_releases_url, addressable_url: true, presence: true
 
+  validates :inactive_projects_min_size_mb,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+
+  validates :inactive_projects_delete_after_months,
+            numericality: { only_integer: true, greater_than: 0 }
+
+  validates :inactive_projects_send_warning_email_after_months,
+            numericality: { only_integer: true, greater_than: 0, less_than: :inactive_projects_delete_after_months }
+
   attr_encrypted :asset_proxy_secret_key,
                  mode: :per_attribute_iv,
                  key: Settings.attr_encrypted_db_key_base_truncated,

app/presenters/projects/security/configuration_presenter.rb

@@ -81,7 +81,8 @@ def scan(type, configured: false)
           configured: scan.configured?,
           configuration_path: scan.configuration_path,
           available: scan.available?,
-          can_enable_by_merge_request: scan.can_enable_by_merge_request?
+          can_enable_by_merge_request: scan.can_enable_by_merge_request?,
+          meta_info_path: scan.meta_info_path
         }
       end
 

app/views/shared/wikis/show.html.haml

@@ -27,9 +27,6 @@
       - if can?(current_user, :create_wiki, @wiki.container) && @page.latest? && @valid_encoding
         = link_to sprite_icon('pencil', css_class: 'gl-icon'), wiki_page_path(@wiki, @page, action: :edit), title: 'Edit', role: "button", class: 'btn gl-button btn-icon btn-default js-wiki-edit', data: { qa_selector: 'edit_page_button', testid: 'wiki_edit_button' }
 
-  - if Feature.enabled?(:wiki_async_load, @wiki.container, default_enabled: :yaml)
-    .js-async-wiki-page-content.md.gl-pt-2{ data: { qa_selector: 'wiki_page_content', testid: 'wiki_page_content', tracking_context: wiki_page_tracking_context(@page).to_json, get_wiki_content_url: wiki_page_render_api_endpoint(@page) } }
-  - else
-    = render 'shared/wikis/wiki_content'
+  .js-async-wiki-page-content.md.gl-pt-2{ data: { qa_selector: 'wiki_page_content', testid: 'wiki_page_content', tracking_context: wiki_page_tracking_context(@page).to_json, get_wiki_content_url: wiki_page_render_api_endpoint(@page) } }
 
 = render 'shared/wikis/sidebar'

config/feature_flags/development/wiki_async_load.yml

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class AddInactiveProjectDeletionToApplicationSettings < Gitlab::Database::Migration[1.0]
+  def change
+    add_column :application_settings, :delete_inactive_projects, :boolean, default: false, null: false
+    add_column :application_settings, :inactive_projects_delete_after_months, :integer, default: 2, null: false
+    add_column :application_settings, :inactive_projects_min_size_mb, :integer, default: 0, null: false
+    add_column :application_settings, :inactive_projects_send_warning_email_after_months, :integer, default: 1,
+               null: false
+  end
+end

config/feature_flags/experiment/bypass_registration.yml

@@ -0,0 +1 @@
+161ba8db7400c12dc0550246af8db86487e811803eaecedcb2761f4a8349920b

db/migrate/20220406113217_add_inactive_project_deletion_to_application_settings.rb

@@ -11257,6 +11257,10 @@ CREATE TABLE application_settings (
     database_grafana_api_url text,
     database_grafana_tag text,
     public_runner_releases_url text DEFAULT 'https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab-runner/releases'::text NOT NULL,
+    delete_inactive_projects boolean DEFAULT false NOT NULL,
+    inactive_projects_delete_after_months integer DEFAULT 2 NOT NULL,
+    inactive_projects_min_size_mb integer DEFAULT 0 NOT NULL,
+    inactive_projects_send_warning_email_after_months integer DEFAULT 1 NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
     CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),

db/schema_migrations/20220406113217

@@ -524,6 +524,7 @@ repurposing
 requeue
 requeued
 requeues
+requeuing
 Restlet
 resync
 resynced

db/structure.sql

@@ -274,6 +274,7 @@ listed in the descriptions of the relevant settings.
 | `default_projects_limit`                 | integer          | no                                   | Project limit per user. Default is `100000`. |
 | `default_snippet_visibility`             | string           | no                                   | What visibility level new snippets receive. Can take `private`, `internal` and `public` as a parameter. Default is `private`. |
 | `delayed_project_deletion` **(PREMIUM SELF)** | boolean     | no                                   | Enable delayed project deletion by default in new groups. Default is `false`. |
+| `delete_inactive_projects`               | boolean          | no                                   | Enable inactive project deletion feature. Default is `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84519) in GitLab 14.10. |
 | `deletion_adjourned_period` **(PREMIUM SELF)** | integer    | no                                   | The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 0 and 90.
 | `diff_max_patch_bytes`                   | integer          | no                                   | Maximum [diff patch size](../user/admin_area/diff_limits.md), in bytes. |
 | `diff_max_files`                         | integer          | no                                   | Maximum [files in a diff](../user/admin_area/diff_limits.md). |
@@ -350,6 +351,9 @@ listed in the descriptions of the relevant settings.
 | `html_emails_enabled`                    | boolean          | no                                   | Enable HTML emails. |
 | `import_sources`                         | array of strings | no                                   | Sources to allow project import from, possible values: `github`, `bitbucket`, `bitbucket_server`, `gitlab`, `fogbugz`, `git`, `gitlab_project`, `gitea`, `manifest`, and `phabricator`. |
 | `in_product_marketing_emails_enabled`    | boolean          | no                                   | Enable [in-product marketing emails](../user/profile/notifications.md#global-notification-settings). Enabled by default. |
+| `inactive_projects_delete_after_months`  | integer          | no                                   | If `delete_inactive_projects` is `true`, the time (in months) to wait before deleting inactive projects. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84519) in GitLab 14.10. |
+| `inactive_projects_min_size_mb`          | integer          | no                                   | If `delete_inactive_projects` is `true`, the minimum repository size for projects to be checked for inactivity. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84519) in GitLab 14.10. |
+| `inactive_projects_send_warning_email_after_months` | integer | no                                 | If `delete_inactive_projects` is `true`, sets the time (in months) to wait before emailing maintainers that the project will be deleted because it is inactive. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84519) in GitLab 14.10. |
 | `invisible_captcha_enabled`              | boolean          | no                                   | Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default. |
 | `issues_create_limit`                    | integer          | no                                   | Max number of issue creation requests per minute per user. Disabled by default.|
 | `keep_latest_artifact`                   | boolean          | no                                   | Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default. |