Add latest changes from gitlab-org/gitlab@master

Author: GitLab Bot

.gitlab/ci/docs.gitlab-ci.yml

@@ -71,6 +71,7 @@ ui-docs-links lint:
   extends:
     - .docs:rules:docs-lint
     - .static-analysis-base
+    - .ruby-cache
   stage: lint
   needs: []
   script:

.rubocop_manual_todo.yml

@@ -2558,7 +2558,6 @@ Rails/IncludeUrlHelper:
 # TODO issue: https://gitlab.com/gitlab-org/gitlab/-/issues/344279
 Style/OpenStructUse:
   Exclude:
-    - 'Guardfile'
     - 'app/finders/snippets_finder.rb'
     - 'app/helpers/application_settings_helper.rb'
     - 'ee/lib/gitlab/graphql/aggregations/epics/epic_node.rb'

CHANGELOG.md

@@ -3066,18 +3066,18 @@ No changes.
 
 ## 13.12.15 (2021-11-03)
 
-No changes.
-
-## 13.12.14 (2021-11-03)
-
 ### Fixed (2 changes)
 
 - [Allow nil for remaining ci cd settings](gitlab-org/gitlab@896fd7ecf23714fa9f710efa4af245a26c677dce) ([merge request](gitlab-org/gitlab!73522))
 - [Allow nil on delegated CI/CD settings](gitlab-org/gitlab@d57a9ea79080fc473eb54c0ee696a50fd270e8a4) ([merge request](gitlab-org/gitlab!73522))
 
+## 13.12.14 (2021-11-03)
+
+This version has been skipped due to QA problems.
+
 ## 13.12.13 (2021-10-29)
 
-No changes.
+This version has been skipped due to QA problems.
 
 ## 13.12.12 (2021-09-21)
 

Guardfile

@@ -9,7 +9,7 @@ cmd = ENV['GUARD_CMD'] || (ENV['SPRING'] ? 'spring rspec' : 'bundle exec rspec')
 directories %w(app ee lib rubocop tooling spec)
 
 rspec_context_for = proc do |context_path|
-  OpenStruct.new(to_s: "spec").tap do |rspec|
+  OpenStruct.new(to_s: "spec").tap do |rspec| # rubocop:disable Style/OpenStructUse
     rspec.spec_dir = "#{context_path}spec"
     rspec.spec = ->(m) { Guard::RSpec::Dsl.detect_spec_file_for(rspec, m) }
     rspec.spec_helper = "#{rspec.spec_dir}/spec_helper.rb"
@@ -19,7 +19,7 @@ rspec_context_for = proc do |context_path|
 end
 
 rails_context_for = proc do |context_path, exts|
-  OpenStruct.new.tap do |rails|
+  OpenStruct.new.tap do |rails| # rubocop:disable Style/OpenStructUse
     rails.app_files = %r{^#{context_path}app/(.+)\.rb$}
 
     rails.views = %r{^#{context_path}app/(views/.+/[^/]*\.(?:#{exts}))$}

app/graphql/types/evidence_type.rb

@@ -5,7 +5,7 @@ class EvidenceType < BaseObject
     graphql_name 'ReleaseEvidence'
     description 'Evidence for a release'
 
-    authorize :download_code
+    authorize :read_release_evidence
 
     present_using Releases::EvidencePresenter
 

app/graphql/types/packages/file_metadata_type.rb

@@ -14,14 +14,17 @@ def self.resolve_type(object, context)
         case object
         when ::Packages::Conan::FileMetadatum
           ::Types::Packages::Conan::FileMetadatumType
+        when ::Packages::Helm::FileMetadatum
+          ::Types::Packages::Helm::FileMetadatumType
         else
           # NOTE: This method must be kept in sync with `PackageFileType#file_metadata`,
           # which must never produce data that this discriminator cannot handle.
           raise 'Unsupported file metadata type'
         end
       end
 
-      orphan_types Types::Packages::Conan::FileMetadatumType
+      orphan_types Types::Packages::Conan::FileMetadatumType,
+                   Types::Packages::Helm::FileMetadatumType
     end
   end
 end

app/graphql/types/packages/helm/dependency_type.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Types
+  module Packages
+    module Helm
+      # rubocop: disable Graphql/AuthorizeTypes
+      class DependencyType < BaseObject
+        graphql_name 'PackageHelmDependencyType'
+        description 'Represents a Helm dependency'
+
+        # Need to be synced with app/validators/json_schemas/helm_metadata.json#dependencies
+        field :name, GraphQL::Types::String, null: true, description: 'Name of the dependency.'
+        field :version, GraphQL::Types::String, null: true, description: 'Version of the dependency.'
+        field :repository, GraphQL::Types::String, null: true, description: 'Repository of the dependency.'
+        field :condition, GraphQL::Types::String, null: true, description: 'Condition of the dependency.'
+        field :tags, [GraphQL::Types::String], null: true, description: 'Tags of the dependency.'
+        field :enabled, GraphQL::Types::Boolean, null: true, description: 'Indicates the dependency is enabled.'
+        field :import_values, [GraphQL::Types::JSON], null: true, description: 'Import-values of the dependency.', hash_key: "import-values" # rubocop:disable Graphql/JSONType
+        field :alias, GraphQL::Types::String, null: true, description: 'Alias of the dependency.', resolver_method: :resolve_alias
+
+        # field :alias` conflicts with a built-in method
+        def resolve_alias
+          object['alias']
+        end
+      end
+    end
+  end
+end

app/graphql/types/packages/helm/file_metadatum_type.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Types
+  module Packages
+    module Helm
+      class FileMetadatumType < BaseObject
+        graphql_name 'HelmFileMetadata'
+        description 'Helm file metadata'
+
+        implements Types::Packages::FileMetadataType
+
+        authorize :read_package
+
+        field :channel, GraphQL::Types::String, null: false, description: 'Channel of the Helm chart.'
+        field :metadata, Types::Packages::Helm::MetadataType, null: false, description: 'Metadata of the Helm chart.'
+      end
+    end
+  end
+end

app/graphql/types/packages/helm/maintainer_type.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Types
+  module Packages
+    module Helm
+      # rubocop: disable Graphql/AuthorizeTypes
+      class MaintainerType < BaseObject
+        graphql_name 'PackageHelmMaintainerType'
+        description 'Represents a Helm maintainer'
+
+        # Need to be synced with app/validators/json_schemas/helm_metadata.json#maintainers
+        field :name, GraphQL::Types::String, null: true, description: 'Name of the maintainer.'
+        field :email, GraphQL::Types::String, null: true, description: 'Email of the maintainer.'
+        field :url, GraphQL::Types::String, null: true, description: 'URL of the maintainer.'
+      end
+    end
+  end
+end

app/graphql/types/packages/helm/metadata_type.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Types
+  module Packages
+    module Helm
+      # rubocop: disable Graphql/AuthorizeTypes
+      class MetadataType < BaseObject
+        graphql_name 'PackageHelmMetadataType'
+        description 'Represents the contents of a Helm Chart.yml file'
+
+        # Need to be synced with app/validators/json_schemas/helm_metadata.json
+        field :name, GraphQL::Types::String, null: false, description: 'Name of the chart.'
+        field :home, GraphQL::Types::String, null: true, description: 'URL of the home page.'
+        field :sources, [GraphQL::Types::String], null: true, description: 'URLs of the source code for the chart.'
+        field :version, GraphQL::Types::String, null: false, description: 'Version of the chart.'
+        field :description, GraphQL::Types::String, null: true, description: 'Description of the chart.'
+        field :keywords, [GraphQL::Types::String], null: true, description: 'Keywords for the chart.'
+        field :maintainers, [Types::Packages::Helm::MaintainerType], null: true, description: 'Maintainers of the chart.'
+        field :icon, GraphQL::Types::String, null: true, description: 'URL to an SVG or PNG image for the chart.'
+        field :api_version, GraphQL::Types::String, null: false, description: 'API version of the chart.', hash_key: "apiVersion"
+        field :condition, GraphQL::Types::String, null: true, description: 'Condition for the chart.'
+        field :tags, GraphQL::Types::String, null: true, description: 'Tags for the chart.'
+        field :app_version, GraphQL::Types::String, null: true, description: 'App version of the chart.', hash_key: "appVersion"
+        field :deprecated, GraphQL::Types::Boolean, null: true, description: 'Indicates if the chart is deprecated.'
+        field :annotations, GraphQL::Types::JSON, null: true, description: 'Annotations for the chart.' # rubocop:disable Graphql/JSONType
+        field :kube_version, GraphQL::Types::String, null: true, description: 'Kubernetes versions for the chart.', hash_key: "kubeVersion"
+        field :dependencies, [Types::Packages::Helm::DependencyType], null: true, description: 'Dependencies of the chart.'
+        field :type, GraphQL::Types::String, null: true, description: 'Type of the chart.', hash_key: "appVersion"
+      end
+    end
+  end
+end

app/graphql/types/packages/package_file_type.rb

@@ -27,6 +27,8 @@ def file_metadata
         case object.package.package_type
         when 'conan'
           object.conan_file_metadatum
+        when 'helm'
+          object.helm_file_metadatum
         else
           nil
         end

app/policies/packages/helm/file_metadatum_policy.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+module Packages
+  module Helm
+    class FileMetadatumPolicy < BasePolicy
+      delegate { @subject.package_file.package }
+    end
+  end
+end

app/validators/json_schemas/helm_metadata.json

@@ -103,7 +103,23 @@
           "import-values": {
             "type": "array",
             "items": {
-
+              "oneOf": [
+                {
+                  "type": "string"
+                },
+                {
+                  "type": "object",
+                  "properties": {
+                    "child": {
+                      "type": "string"
+                    },
+                    "parent": {
+                      "type": "string"
+                    }
+                  },
+                  "additionalProperties": false
+                }
+              ]
             }
           },
           "alias": {

config/feature_flags/development/linear_ee_group_ancestor_scopes.yml

@@ -10911,6 +10911,19 @@ Represents the Geo sync and verification state of a group wiki repository.
 | <a id="groupwikirepositoryregistryretrycount"></a>`retryCount` | [`Int`](#int) | Number of consecutive failed sync attempts of the GroupWikiRepositoryRegistry. |
 | <a id="groupwikirepositoryregistrystate"></a>`state` | [`RegistryState`](#registrystate) | Sync state of the GroupWikiRepositoryRegistry. |
 
+### `HelmFileMetadata`
+
+Helm file metadata.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="helmfilemetadatachannel"></a>`channel` | [`String!`](#string) | Channel of the Helm chart. |
+| <a id="helmfilemetadatacreatedat"></a>`createdAt` | [`Time!`](#time) | Date of creation. |
+| <a id="helmfilemetadatametadata"></a>`metadata` | [`PackageHelmMetadataType!`](#packagehelmmetadatatype) | Metadata of the Helm chart. |
+| <a id="helmfilemetadataupdatedat"></a>`updatedAt` | [`Time!`](#time) | Date of most recent update. |
+
 ### `IncidentManagementOncallRotation`
 
 Describes an incident management on-call rotation.
@@ -12381,6 +12394,61 @@ Represents the Geo sync and verification state of a package file.
 | <a id="packagefileregistryretrycount"></a>`retryCount` | [`Int`](#int) | Number of consecutive failed sync attempts of the PackageFileRegistry. |
 | <a id="packagefileregistrystate"></a>`state` | [`RegistryState`](#registrystate) | Sync state of the PackageFileRegistry. |
 
+### `PackageHelmDependencyType`
+
+Represents a Helm dependency.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="packagehelmdependencytypealias"></a>`alias` | [`String`](#string) | Alias of the dependency. |
+| <a id="packagehelmdependencytypecondition"></a>`condition` | [`String`](#string) | Condition of the dependency. |
+| <a id="packagehelmdependencytypeenabled"></a>`enabled` | [`Boolean`](#boolean) | Indicates the dependency is enabled. |
+| <a id="packagehelmdependencytypeimportvalues"></a>`importValues` | [`[JSON!]`](#json) | Import-values of the dependency. |
+| <a id="packagehelmdependencytypename"></a>`name` | [`String`](#string) | Name of the dependency. |
+| <a id="packagehelmdependencytyperepository"></a>`repository` | [`String`](#string) | Repository of the dependency. |
+| <a id="packagehelmdependencytypetags"></a>`tags` | [`[String!]`](#string) | Tags of the dependency. |
+| <a id="packagehelmdependencytypeversion"></a>`version` | [`String`](#string) | Version of the dependency. |
+
+### `PackageHelmMaintainerType`
+
+Represents a Helm maintainer.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="packagehelmmaintainertypeemail"></a>`email` | [`String`](#string) | Email of the maintainer. |
+| <a id="packagehelmmaintainertypename"></a>`name` | [`String`](#string) | Name of the maintainer. |
+| <a id="packagehelmmaintainertypeurl"></a>`url` | [`String`](#string) | URL of the maintainer. |
+
+### `PackageHelmMetadataType`
+
+Represents the contents of a Helm Chart.yml file.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="packagehelmmetadatatypeannotations"></a>`annotations` | [`JSON`](#json) | Annotations for the chart. |
+| <a id="packagehelmmetadatatypeapiversion"></a>`apiVersion` | [`String!`](#string) | API version of the chart. |
+| <a id="packagehelmmetadatatypeappversion"></a>`appVersion` | [`String`](#string) | App version of the chart. |
+| <a id="packagehelmmetadatatypecondition"></a>`condition` | [`String`](#string) | Condition for the chart. |
+| <a id="packagehelmmetadatatypedependencies"></a>`dependencies` | [`[PackageHelmDependencyType!]`](#packagehelmdependencytype) | Dependencies of the chart. |
+| <a id="packagehelmmetadatatypedeprecated"></a>`deprecated` | [`Boolean`](#boolean) | Indicates if the chart is deprecated. |
+| <a id="packagehelmmetadatatypedescription"></a>`description` | [`String`](#string) | Description of the chart. |
+| <a id="packagehelmmetadatatypehome"></a>`home` | [`String`](#string) | URL of the home page. |
+| <a id="packagehelmmetadatatypeicon"></a>`icon` | [`String`](#string) | URL to an SVG or PNG image for the chart. |
+| <a id="packagehelmmetadatatypekeywords"></a>`keywords` | [`[String!]`](#string) | Keywords for the chart. |
+| <a id="packagehelmmetadatatypekubeversion"></a>`kubeVersion` | [`String`](#string) | Kubernetes versions for the chart. |
+| <a id="packagehelmmetadatatypemaintainers"></a>`maintainers` | [`[PackageHelmMaintainerType!]`](#packagehelmmaintainertype) | Maintainers of the chart. |
+| <a id="packagehelmmetadatatypename"></a>`name` | [`String!`](#string) | Name of the chart. |
+| <a id="packagehelmmetadatatypesources"></a>`sources` | [`[String!]`](#string) | URLs of the source code for the chart. |
+| <a id="packagehelmmetadatatypetags"></a>`tags` | [`String`](#string) | Tags for the chart. |
+| <a id="packagehelmmetadatatypetype"></a>`type` | [`String`](#string) | Type of the chart. |
+| <a id="packagehelmmetadatatypeversion"></a>`version` | [`String!`](#string) | Version of the chart. |
+
 ### `PackageSettings`
 
 Namespace-level Package Registry settings.
@@ -17759,6 +17827,7 @@ Represents metadata associated with a Package file.
 Implementations:
 
 - [`ConanFileMetadata`](#conanfilemetadata)
+- [`HelmFileMetadata`](#helmfilemetadata)
 
 ##### Fields
 

doc/api/graphql/reference/index.md

@@ -1652,10 +1652,12 @@ docker build:
       - docker/scripts/*
       - dockerfiles/**/*
       - more_scripts/*.{rb,py,sh}
+      - "**/*.json"
 ```
 
 **Additional details**:
 
+- If any of the matching files are changed (an `OR` operation), `changes` resolves to `true`.
 - If you use refs other than `branches`, `external_pull_requests`, or `merge_requests`,
   `changes` can't determine if a given file is new or old and always returns `true`.
 - If you use `only: changes` with other refs, jobs ignore the changes and always run.

doc/ci/yaml/index.md

@@ -55,7 +55,7 @@ to a gem, go through these steps:
    - For an example, see the [merge request !57805](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57805).
 1. Once the gem is stable - we have been using it in production for a
    while with few, if any, changes - extract to its own project under
-   the `gitlab-org` namespace.
+   the [`gitlab-org/ruby/gems` namespace](https://gitlab.com/gitlab-org/ruby/gems/).
        1. When creating the project, follow the [instructions for new projects](https://about.gitlab.com/handbook/engineering/#creating-a-new-project).
        1. Follow the instructions for setting up a [CI/CD configuration](https://about.gitlab.com/handbook/engineering/#cicd-configuration).
        1. Follow the instructions for [publishing a project](https://about.gitlab.com/handbook/engineering/#publishing-a-project).

doc/development/gemfile.md

@@ -89,10 +89,14 @@ if you need help finding the correct person or labels:
 1. Schedule an update with the [GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit/-/issues):
    - Title the issue `Support using Go version <VERSION_NUMBER>`.
    - Set the issue as related to every issue created in the previous step.
-1. Schedule one issue per Secure Stage team and add the `devops::secure` label to each:
+1. Schedule one issue per Sec Section team that maintains Go based Security Analyzers and add the `section::sec` label to each:
    - [Static Analysis tracker](https://gitlab.com/gitlab-org/gitlab/-/issues).
    - [Composition Analysis tracker](https://gitlab.com/gitlab-org/gitlab/-/issues).
    - [Container Security tracker](https://gitlab.com/gitlab-org/gitlab/-/issues).
+
+    NOTE:
+    Updates to these Security analyzers should not block upgrades to Charts or Omnibus since
+    the analyzers are built independently as separate container images.
 1. Schedule builder updates with Distribution projects:
    - Dependency and GitLab Development Kit issues created in previous steps should be set as blockers.
    - Each issue should have the title `Support building with Go <VERSION_NUMBER>` and description as noted: