Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitpod.yml

@@ -2,6 +2,7 @@
 # https://www.gitpod.io/docs/configure/workspaces/tasks
 
 image: registry.gitlab.com/gitlab-org/gitlab-development-kit/gitpod-workspace:stable
+checkoutLocation: gitlab-development-kit/gitlab
 
 tasks:
 
@@ -24,8 +25,6 @@ tasks:
         echo "$(date) – Copying GDK" | tee -a /workspace/startup.log
         cp -r $HOME/gitlab-development-kit /workspace/
         cd /workspace/gitlab-development-kit
-        # ensure GitLab directory is symlinked under the GDK
-        ln -nfs "$GITPOD_REPO_ROOT" /workspace/gitlab-development-kit/gitlab
         mv -v /workspace/gitlab-development-kit/secrets.yml /workspace/gitlab-development-kit/gitlab/config
         # ensure gdk.yml has correct instance settings
         gdk config set gitlab.rails.port 443  |& tee -a /workspace/startup.log

app/assets/javascripts/content_editor/services/serialization_helpers.js

@@ -514,6 +514,7 @@ export const code = {
   open: generateCodeTag(),
   close: generateCodeTag(closeTag),
   mixable: true,
+  escape: false,
   expelEnclosingWhitespace: true,
 };
 

app/assets/javascripts/issues/show/components/description.vue

@@ -238,7 +238,7 @@ export default {
       const container = document.createElement('div');
       // eslint-disable-next-line no-unsanitized/property
       container.innerHTML = `<svg class="drag-icon s14 gl-icon gl-cursor-grab gl-opacity-0" role="img" aria-hidden="true">
-        <use href="${gon.sprite_icons}#drag-vertical"></use>
+        <use href="${gon.sprite_icons}#grip"></use>
       </svg>`;
       return container.firstChild;
     },
@@ -259,7 +259,7 @@ export default {
       };
 
       // We use pointerover/pointerout instead of CSS so that when we hover over a
-      // list item with children, the drag icons of its children do not become visible.
+      // list item with children, the grip icons of its children do not become visible.
       listItem.addEventListener('pointerover', pointeroverListener);
       listItem.addEventListener('pointerout', pointeroutListener);
 

app/assets/javascripts/releases/stores/modules/edit_new/mutations.js

@@ -40,6 +40,7 @@ export default {
 
   [types.UPDATE_RELEASE_TAG_NAME](state, tagName) {
     state.release.tagName = tagName;
+    state.existingRelease = null;
   },
   [types.UPDATE_RELEASE_TAG_MESSAGE](state, tagMessage) {
     state.release.tagMessage = tagMessage;
@@ -118,6 +119,7 @@ export default {
     state.fetchError = error;
     state.isFetchingTagNotes = false;
     state.tagNotes = '';
+    state.existingRelease = null;
   },
   [types.UPDATE_INCLUDE_TAG_NOTES](state, includeTagNotes) {
     state.includeTagNotes = includeTagNotes;

app/services/ci/job_artifacts/create_service.rb

@@ -132,7 +132,7 @@ def persist_artifact(artifact, artifact_metadata, params)
           job.update_column(:artifacts_expire_at, artifact.expire_at)
         end
 
-        Gitlab::Ci::Artifacts::Logger.log_created(artifact)
+        Gitlab::Ci::Artifacts::Logger.log_created([artifact, artifact_metadata].compact)
 
         success(artifact: artifact)
       rescue ActiveRecord::RecordNotUnique => error

config/feature_flags/development/enable_new_sentry_clientside_integration.yml

@@ -1,7 +1,7 @@
 ---
 name: enable_new_sentry_clientside_integration
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/102650
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/344832
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/382570
 milestone: '15.6'
 type: development
 group: group::runner

config/feature_flags/development/use_primary_and_secondary_stores_for_rate_limiting.yml

@@ -0,0 +1,8 @@
+---
+name: use_primary_and_secondary_stores_for_rate_limiting
+introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106123"
+rollout_issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/385681"
+milestone: '15.9'
+type: development
+group: group::scalability
+default_enabled: false

config/feature_flags/development/use_primary_store_as_default_for_rate_limiting.yml

@@ -0,0 +1,8 @@
+---
+name: use_primary_store_as_default_for_rate_limiting
+introduced_by_url: "https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106123"
+rollout_issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/385681"
+milestone: '15.9'
+type: development
+group: group::scalability
+default_enabled: false

config/initializers/1_settings.rb

@@ -824,6 +824,9 @@
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner'] ||= Settingslogic.new({})
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['cron'] ||= "0 0 * * *"
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['job_class'] = 'Licenses::ResetSubmitLicenseUsageDataBannerWorker'
+  Settings.cron_jobs['abandoned_trial_emails'] ||= Settingslogic.new({})
+  Settings.cron_jobs['abandoned_trial_emails']['cron'] ||= "0 1 * * *"
+  Settings.cron_jobs['abandoned_trial_emails']['job_class'] = 'Emails::AbandonedTrialEmailsCronWorker'
   Gitlab.com do
     Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects'] ||= Settingslogic.new({})
     Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects']['cron'] ||= "30 5 * * 0"

data/deprecations/15-9-embed-grafana-panels-in-markdown.yml

@@ -0,0 +1,10 @@
+- title: 'Embedding Grafana panels in Markdown is deprecated'
+  announcement_milestone: '15.9'
+  removal_milestone: '16.0'
+  breaking_change: true
+  reporter: abellucci
+  body: |
+    The ability to add Grafana panels in GitLab Flavored Markdown is deprecated in 15.9 and will be removed in 16.0.
+    We intend to replace this feature with the ability to [embed charts](https://gitlab.com/groups/gitlab-org/opstrace/-/epics/33) with the [GitLab Observability UI](https://gitlab.com/gitlab-org/opstrace/opstrace-ui).
+  stage: monitor
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/389477

db/migrate/20230127164007_add_trial_date_index_to_gitlab_subscribtions.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class AddTrialDateIndexToGitlabSubscribtions < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_gitlab_subscriptions_on_trial_and_trial_starts_on'
+
+  def up
+    add_concurrent_index :gitlab_subscriptions, [:trial, :trial_starts_on], name: INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index_by_name :gitlab_subscriptions, INDEX_NAME
+  end
+end

db/migrate/20230131125844_add_project_id_name_id_version_index_to_installable_npm_packages.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class AddProjectIdNameIdVersionIndexToInstallableNpmPackages < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'idx_packages_on_project_id_name_id_version_when_installable_npm'
+  PACKAGE_TYPE_NPM = 2
+
+  def up
+    add_concurrent_index(
+      :packages_packages,
+      [:project_id, :name, :id, :version],
+      name: INDEX_NAME,
+      where: "package_type = #{PACKAGE_TYPE_NPM} AND status IN (0, 1)"
+    )
+  end
+
+  def down
+    remove_concurrent_index_by_name(:packages_packages, INDEX_NAME)
+  end
+end

db/post_migrate/20230130103957_add_fk_index_to_ci_build_needs_on_partition_id_and_build_id.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddFkIndexToCiBuildNeedsOnPartitionIdAndBuildId < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  INDEX_NAME = :index_ci_build_needs_on_partition_id_build_id
+  TABLE_NAME = :ci_build_needs
+  COLUMNS = [:partition_id, :build_id]
+
+  def up
+    add_concurrent_index(TABLE_NAME, COLUMNS, name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+end

db/post_migrate/20230130103958_add_fk_to_ci_build_needs_on_partition_id_and_build_id.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class AddFkToCiBuildNeedsOnPartitionIdAndBuildId < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  SOURCE_TABLE_NAME = :ci_build_needs
+  TARGET_TABLE_NAME = :ci_builds
+  COLUMN = :build_id
+  TARGET_COLUMN = :id
+  FK_NAME = :fk_rails_3cf221d4ed_p
+  PARTITION_COLUMN = :partition_id
+
+  def up
+    add_concurrent_foreign_key(
+      SOURCE_TABLE_NAME,
+      TARGET_TABLE_NAME,
+      column: [PARTITION_COLUMN, COLUMN],
+      target_column: [PARTITION_COLUMN, TARGET_COLUMN],
+      validate: false,
+      reverse_lock_order: true,
+      on_update: :cascade,
+      on_delete: :cascade,
+      name: FK_NAME
+    )
+  end
+
+  def down
+    with_lock_retries do
+      remove_foreign_key_if_exists(
+        SOURCE_TABLE_NAME,
+        TARGET_TABLE_NAME,
+        name: FK_NAME,
+        reverse_lock_order: true
+      )
+    end
+  end
+end

db/post_migrate/20230201171450_finalize_backfill_environment_tier_migration.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class FinalizeBackfillEnvironmentTierMigration < Gitlab::Database::Migration[2.1]
+  MIGRATION = 'BackfillEnvironmentTiers'
+  disable_ddl_transaction!
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    ensure_batched_background_migration_is_finished(
+      job_class_name: MIGRATION,
+      table_name: :environments,
+      column_name: :id,
+      job_arguments: [],
+      finalize: true
+    )
+  end
+
+  def down
+    # no-op
+  end
+end

db/schema_migrations/20230127164007

@@ -0,0 +1 @@
+9eeead7484119ca0a9764104856970e5d78d484f4616552f8535f1eb047f4ae7

db/schema_migrations/20230130103957

@@ -0,0 +1 @@
+17e3e3236ba71778e86a4df672ba2b7080a127658792b60669738fdad4fe2f36

db/schema_migrations/20230130103958

@@ -0,0 +1 @@
+0678dd7f9e8ad7c7e5761b7b624340fdf7785688d41badfb4affc8a2e2181072

db/schema_migrations/20230131125844

@@ -0,0 +1 @@
+ccf6031d207b41bfacbd671b9e320e0929e43d5c62744df49b073f5ee6a90885

db/schema_migrations/20230201171450

@@ -0,0 +1 @@
+c63f9cf6abb67b2d2623b662cd9dd7c9684a972c0aa89ea43f59e6196dacb249

db/structure.sql

@@ -28624,6 +28624,8 @@ CREATE INDEX idx_packages_debian_group_component_files_on_architecture_id ON pac
 
 CREATE INDEX idx_packages_debian_project_component_files_on_architecture_id ON packages_debian_project_component_files USING btree (architecture_id);
 
+CREATE INDEX idx_packages_on_project_id_name_id_version_when_installable_npm ON packages_packages USING btree (project_id, name, id, version) WHERE ((package_type = 2) AND (status = ANY (ARRAY[0, 1])));
+
 CREATE UNIQUE INDEX idx_packages_on_project_id_name_version_unique_when_generic ON packages_packages USING btree (project_id, name, version) WHERE ((package_type = 7) AND (status <> 4));
 
 CREATE UNIQUE INDEX idx_packages_on_project_id_name_version_unique_when_golang ON packages_packages USING btree (project_id, name, version) WHERE ((package_type = 8) AND (status <> 4));
@@ -29002,6 +29004,8 @@ CREATE UNIQUE INDEX index_chat_teams_on_namespace_id ON chat_teams USING btree (
 
 CREATE UNIQUE INDEX index_ci_build_needs_on_build_id_and_name ON ci_build_needs USING btree (build_id, name);
 
+CREATE INDEX index_ci_build_needs_on_partition_id_build_id ON ci_build_needs USING btree (partition_id, build_id);
+
 CREATE UNIQUE INDEX index_ci_build_pending_states_on_build_id ON ci_build_pending_states USING btree (build_id);
 
 CREATE INDEX index_ci_build_pending_states_on_partition_id_build_id ON ci_build_pending_states USING btree (partition_id, build_id);
@@ -29900,6 +29904,8 @@ CREATE INDEX index_gitlab_subscriptions_on_max_seats_used_changed_at ON gitlab_s
 
 CREATE UNIQUE INDEX index_gitlab_subscriptions_on_namespace_id ON gitlab_subscriptions USING btree (namespace_id);
 
+CREATE INDEX index_gitlab_subscriptions_on_trial_and_trial_starts_on ON gitlab_subscriptions USING btree (trial, trial_starts_on);
+
 CREATE UNIQUE INDEX index_gpg_key_subkeys_on_fingerprint ON gpg_key_subkeys USING btree (fingerprint);
 
 CREATE INDEX index_gpg_key_subkeys_on_gpg_key_id ON gpg_key_subkeys USING btree (gpg_key_id);
@@ -34856,6 +34862,9 @@ ALTER TABLE ONLY chat_teams
 ALTER TABLE ONLY ci_build_needs
     ADD CONSTRAINT fk_rails_3cf221d4ed FOREIGN KEY (build_id) REFERENCES ci_builds(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY ci_build_needs
+    ADD CONSTRAINT fk_rails_3cf221d4ed_p FOREIGN KEY (partition_id, build_id) REFERENCES ci_builds(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID;
+
 ALTER TABLE ONLY cluster_groups
     ADD CONSTRAINT fk_rails_3d28377556 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
 

doc/administration/geo/disaster_recovery/index.md

@@ -479,25 +479,24 @@ changing Git remotes and API URLs.
    external_url 'https://<new_external_url>'
    ```
 
-   If you provide GitLab with its certificate
-   [manually](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually),
-   ensure:
+   NOTE:
+   Changing `external_url` does not prevent access via the old secondary URL, as
+   long as the secondary DNS records are still intact.
 
-   - The new URL is one of the subject alternative names:
+1. Update the **secondary**'s SSL certificate:
+
+   - If you use the [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration),
+     the certificate updates automatically.
+   - If you had [manually set up](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually),
+     the **secondary**'s certificate, copy the certificate from the **primary** to the **secondary**.
+     If you don't have access to the **primary**, issue a new certificate and make sure it contains
+     both the **primary** and **secondary** URLs in the subject alternative names. You can check with:
 
      ```shell
      /opt/gitlab/embedded/bin/openssl x509 -noout -dates -subject -issuer \
          -nameopt multiline -ext subjectAltName -in /etc/gitlab/ssl/new-gitlab.new-example.com.crt
      ```
 
-   - The certificate and key filenames match the new `external_url`,
-     or those filenames are
-     [specified in `/etc/gitlab/gitlab.rb`](https://docs.gitlab.com/omnibus/settings/ssl/index.html#change-the-default-ssl-certificate-location).
-
-   NOTE:
-   Changing `external_url` does not prevent access via the old secondary URL, as
-   long as the secondary DNS records are still intact.
-
 1. Reconfigure the **secondary** site for the change to take effect:
 
    ```shell

doc/administration/load_balancer.md

@@ -115,6 +115,9 @@ Configure DNS for an alternate SSH hostname such as `altssh.gitlab.example.com`.
 
 It is strongly recommend that multi-node deployments configure load balancers to use the [readiness check](../user/admin_area/monitoring/health_check.md#readiness) to ensure a node is ready to accept traffic, before routing traffic to it. This is especially important when utilizing Puma, as there is a brief period during a restart where Puma doesn't accept requests.
 
+WARNING:
+Using the `all=1` parameter with the readiness check in GitLab versions 15.4 to 15.8 may cause [increased Praefect memory usage](https://gitlab.com/gitlab-org/gitaly/-/issues/4751) and lead to memory errors.
+
 ## Troubleshooting
 
 ### The health check is returning a `408` HTTP code via the load balancer

doc/administration/object_storage.md

@@ -914,6 +914,11 @@ When this is used, GitLab fetches temporary credentials each time an
 S3 bucket is accessed, so no hard-coded values are needed in the
 configuration.
 
+To use an Amazon instance profile, GitLab must be able to connect to the 
+[instance metadata endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html). 
+If GitLab is [configured to use an Internet proxy](https://docs.gitlab.com/omnibus/settings/environment-variables.html), the endpoint IP 
+address must be added to the `no_proxy` list.
+
 #### Encrypted S3 buckets
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/466) in GitLab 13.1 for instance profiles only and [S3 default encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).

doc/architecture/blueprints/work_items/index.md

@@ -70,6 +70,22 @@ All Work Item types share the same pool of predefined widgets and are customized
 
 \* status is not currently a widget, but a part of the root work item, similar to title
 
+### Work item relationships
+
+Work items can be related to other work items in a number of different ways:
+
+- Parent: A direct ancestor to the current work item, whose completion relies on completing this work item.
+- Child: A direct descendant of the current work item, which contributes to this work item's completion.
+- Blocked by: A work item preventing the completion of the current work item.
+- Blocks: A work item whose completion is blocked by the current work item.
+- Related: A work item that is relevant to the subject of the current work item, but does not directly contribute to or block the completion of this work item.
+
+#### Hierarchy
+
+Parent-child relationships form the basis of **hierarchy** in work items. Each work item type has a defined set of types that can be parents or children of that type.
+
+As types expand, and parent items have their own parent items, the hierarchy capability can grow exponentially.
+
 ### Work Item view
 
 The new frontend view that renders Work Items of any type using global Work Item `id` as an identifier.

doc/ci/cloud_services/aws/index.md

@@ -4,7 +4,7 @@ group: Pipeline Authoring
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Configure OpenID Connect in AWS to retrieve temporary credentials
+# Configure OpenID Connect in AWS to retrieve temporary credentials **(FREE)**
 
 In this tutorial, we'll show you how to use a GitLab CI/CD job with a JSON web token (JWT) to retrieve temporary credentials from AWS without needing to store secrets.
 To do this, you must configure OpenID Connect (OIDC) for ID federation between GitLab and AWS. For background and requirements for integrating GitLab using OIDC, see [Connect to cloud services](../index.md).

doc/ci/cloud_services/azure/index.md

@@ -4,7 +4,7 @@ group: Pipeline Authoring
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Configure OpenID Connect in Azure to retrieve temporary credentials
+# Configure OpenID Connect in Azure to retrieve temporary credentials **(FREE)**
 
 This tutorial demonstrates how to use a JSON web token (JWT) in a GitLab CI/CD job
 to retrieve temporary credentials from Azure without needing to store secrets.

doc/ci/cloud_services/google_cloud/index.md

@@ -4,7 +4,7 @@ group: Pipeline Authoring
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Configure OpenID Connect with GCP Workload Identity Federation
+# Configure OpenID Connect with GCP Workload Identity Federation **(FREE)**
 
 WARNING:
 The `CI_JOB_JWT_V2` variable is under development [(alpha)](../../../policy/alpha-beta-support.md#alpha-features) and is not yet suitable for production use.