Add latest changes from gitlab-org/gitlab@master

rsuppersahabatan · Jul 21, 2022 · f44215b · f44215b
1 parent 265a7ce
commit f44215b
Show file tree

Hide file tree

Showing 55 changed files with 603 additions and 634 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -596,6 +596,18 @@ RSpec/HaveGitlabHttpStatus:
     - 'spec/**/*'
     - 'ee/spec/**/*'
 
+RSpec/ContextWording:
+  Prefixes:
+  - when
+  - with
+  - without
+  - for
+  - and
+  - on
+  - in
+  - as
+  - if
+
 Style/MultilineWhenThen:
   Enabled: false
 

diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml
diff --git a/app/assets/javascripts/repository/constants.js b/app/assets/javascripts/repository/constants.js
@@ -94,7 +94,6 @@ export const LFS_STORAGE = 'lfs';
  */
 export const LEGACY_FILE_TYPES = [
   'gemfile',
-  'gemspec',
   'composer_json',
   'podfile',
   'podspec',

diff --git a/app/assets/javascripts/vue_shared/components/source_viewer/constants.js b/app/assets/javascripts/vue_shared/components/source_viewer/constants.js
@@ -147,3 +147,4 @@ export const HLJS_COMMENT_SELECTOR = 'hljs-comment';
 export const HLJS_ON_AFTER_HIGHLIGHT = 'after:highlight';
 
 export const NPM_URL = 'https://npmjs.com/package';
+export const GEM_URL = 'https://rubygems.org/gems';
diff --git a/app/assets/javascripts/vue_shared/components/source_viewer/plugins/link_dependencies.js b/app/assets/javascripts/vue_shared/components/source_viewer/plugins/link_dependencies.js
@@ -1,7 +1,9 @@
 import packageJsonLinker from './utils/package_json_linker';
+import gemspecLinker from './utils/gemspec_linker';
 
 const DEPENDENCY_LINKERS = {
   package_json: packageJsonLinker,
+  gemspec: gemspecLinker,
 };
 
 /**

diff --git a/...s/javascripts/vue_shared/components/source_viewer/plugins/utils/dependency_linker_util.js b/...s/javascripts/vue_shared/components/source_viewer/plugins/utils/dependency_linker_util.js
@@ -12,4 +12,5 @@ export const createLink = (href, innerText) => {
   return link.outerHTML;
 };
 
-export const generateHLJSOpenTag = (type) => `<span class="hljs-${escape(type)}">&quot;`;
+export const generateHLJSOpenTag = (type, delimiter = '&quot;') =>
+  `<span class="hljs-${escape(type)}">${delimiter}`;
diff --git a/app/assets/javascripts/vue_shared/components/source_viewer/plugins/utils/gemspec_linker.js b/app/assets/javascripts/vue_shared/components/source_viewer/plugins/utils/gemspec_linker.js
@@ -0,0 +1,39 @@
+import { joinPaths } from '~/lib/utils/url_utility';
+import { GEM_URL } from '../../constants';
+import { createLink, generateHLJSOpenTag } from './dependency_linker_util';
+
+const methodRegex = '.*add_dependency.*|.*add_runtime_dependency.*|.*add_development_dependency.*';
+const openTagRegex = generateHLJSOpenTag('string', '(&.*;)');
+const closeTagRegex = '&.*</span>';
+
+const DEPENDENCY_REGEX = new RegExp(
+  /*
+   * Detects gemspec dependencies inside of content that is highlighted by Highlight.js
+   * Example: s.add_dependency(<span class="hljs-string">&#x27;rugged&#x27;</span>, <span class="hljs-string">&#x27;~&gt; 0.24.0&#x27;</span>)
+   *
+   * Group 1 (method)     :  s.add_dependency(
+   * Group 2 (delimiter)  :  &#x27;
+   * Group 3 (packageName):  rugged
+   * Group 4 (closeTag)   :  &#x27;</span>
+   * Group 5 (rest)       :  	, <span class="hljs-string">&#x27;~&gt; 0.24.0&#x27;</span>)
+   */
+  `(${methodRegex})${openTagRegex}(.*)(${closeTagRegex})(.*${closeTagRegex})`,
+  'gm',
+);
+
+const handleReplace = (method, delimiter, packageName, closeTag, rest) => {
+  // eslint-disable-next-line @gitlab/require-i18n-strings
+  const openTag = generateHLJSOpenTag('string linked', delimiter);
+  const href = joinPaths(GEM_URL, packageName);
+  const packageLink = createLink(href, packageName);
+
+  return `${method}${openTag}${packageLink}${closeTag}${rest}`;
+};
+
+export default (result) => {
+  return result.value.replace(
+    DEPENDENCY_REGEX,
+    (_, method, delimiter, packageName, closeTag, rest) =>
+      handleReplace(method, delimiter, packageName, closeTag, rest),
+  );
+};
diff --git a/app/assets/javascripts/work_items/graphql/create_work_item.mutation.graphql b/app/assets/javascripts/work_items/graphql/create_work_item.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation createWorkItem($input: WorkItemCreateInput!) {
   workItemCreate(input: $input) {

diff --git a/app/assets/javascripts/work_items/graphql/create_work_item_from_task.mutation.graphql b/app/assets/javascripts/work_items/graphql/create_work_item_from_task.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation workItemCreateFromTask($input: WorkItemCreateFromTaskInput!) {
   workItemCreateFromTask(input: $input) {

diff --git a/app/assets/javascripts/work_items/graphql/local_update_work_item.mutation.graphql b/app/assets/javascripts/work_items/graphql/local_update_work_item.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation localUpdateWorkItem($input: LocalUpdateWorkItemInput) {
   localUpdateWorkItem(input: $input) @client {

diff --git a/app/assets/javascripts/work_items/graphql/update_work_item.mutation.graphql b/app/assets/javascripts/work_items/graphql/update_work_item.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation workItemUpdate($input: WorkItemUpdateInput!) {
   workItemUpdate(input: $input) {

diff --git a/app/assets/javascripts/work_items/graphql/update_work_item_task.mutation.graphql b/app/assets/javascripts/work_items/graphql/update_work_item_task.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation workItemUpdateTask($input: WorkItemUpdateTaskInput!) {
   workItemUpdate: workItemUpdateTask(input: $input) {

diff --git a/app/assets/javascripts/work_items/graphql/update_work_item_widgets.mutation.graphql b/app/assets/javascripts/work_items/graphql/update_work_item_widgets.mutation.graphql
@@ -1,4 +1,4 @@
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 mutation workItemUpdateWidgets($input: WorkItemUpdateWidgetsInput!) {
   workItemUpdateWidgets(input: $input) {

diff --git a/app/assets/javascripts/work_items/graphql/work_item.fragment.graphql b/app/assets/javascripts/work_items/graphql/work_item.fragment.graphql
@@ -28,10 +28,6 @@ fragment WorkItem on WorkItem {
         }
       }
     }
-    ... on WorkItemWidgetWeight {
-      type
-      weight
-    }
     ... on WorkItemWidgetHierarchy {
       type
       parent {
@@ -40,10 +36,8 @@ fragment WorkItem on WorkItem {
         title
       }
       children {
-        edges {
-          node {
-            id
-          }
+        nodes {
+          id
         }
       }
     }

diff --git a/app/assets/javascripts/work_items/graphql/work_item.query.graphql b/app/assets/javascripts/work_items/graphql/work_item.query.graphql
@@ -1,5 +1,5 @@
 #import "~/graphql_shared/fragments/label.fragment.graphql"
-#import "./work_item.fragment.graphql"
+#import "ee_else_ce/work_items/graphql/work_item.fragment.graphql"
 
 query workItem($id: WorkItemID!) {
   workItem(id: $id) {

diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb
@@ -47,7 +47,14 @@ def status
   end
 
   def create
-    responses = create_params.map { |entry| ::BulkImports::CreateService.new(current_user, entry, credentials).execute }
+    responses = create_params.map do |entry|
+      if entry[:destination_name]
+        entry[:destination_slug] ||= entry[:destination_name]
+        entry.delete(:destination_name)
+      end
+
+      ::BulkImports::CreateService.new(current_user, entry, credentials).execute
+    end
 
     render json: responses.map { |response| { success: response.success?, id: response.payload[:id], message: response.message } }
   end
@@ -100,6 +107,7 @@ def bulk_import_params
       source_type
       source_full_path
       destination_name
+      destination_slug
       destination_namespace
     ]
   end

diff --git a/app/graphql/types/ci/pipeline_type.rb b/app/graphql/types/ci/pipeline_type.rb
@@ -200,7 +200,7 @@ def job(id: nil, name: nil)
         if id
           pipeline.statuses.id_in(id.model_id)
         else
-          pipeline.statuses.by_name(name)
+          pipeline.latest_statuses.by_name(name)
         end.take # rubocop: disable CodeReuse/ActiveRecord
       end
 

diff --git a/app/models/bulk_imports/entity.rb b/app/models/bulk_imports/entity.rb
@@ -55,6 +55,8 @@ class BulkImports::Entity < ApplicationRecord
   scope :by_bulk_import_id, ->(bulk_import_id) { where(bulk_import_id: bulk_import_id)}
   scope :order_by_created_at, -> (direction) { order(created_at: direction) }
 
+  alias_attribute :destination_slug, :destination_name
+
   state_machine :status, initial: :created do
     state :created, value: 0
     state :started, value: 1

diff --git a/app/models/environment.rb b/app/models/environment.rb
@@ -56,8 +56,10 @@ class Environment < ApplicationRecord
 
   validates :external_url,
             length: { maximum: 255 },
-            allow_nil: true,
-            addressable_url: true
+            allow_nil: true
+
+  validates :external_url, addressable_url: true, allow_nil: true, unless: :soft_validation_on_external_url_enabled?
+  validate :safe_external_url, if: :soft_validation_on_external_url_enabled?
 
   delegate :manual_actions, :other_manual_actions, to: :last_deployment, allow_nil: true
   delegate :auto_rollback_enabled?, to: :project
@@ -493,6 +495,26 @@ def unfoldered?
 
   private
 
+  def soft_validation_on_external_url_enabled?
+    ::Feature.enabled?(:soft_validation_on_external_url, project)
+  end
+
+  # We deliberately avoid using AddressableUrlValidator to allow users to update their environments even if they have
+  # misconfigured `environment:url` keyword. The external URL is presented as a clickable link on UI and not consumed
+  # in GitLab internally, thus we sanitize the URL before the persistence to make sure the rendered link is XSS safe.
+  # See https://gitlab.com/gitlab-org/gitlab/-/issues/337417
+  def safe_external_url
+    return unless self.external_url.present?
+
+    new_external_url = Addressable::URI.parse(self.external_url)
+
+    if Gitlab::Utils::SanitizeNodeLink::UNSAFE_PROTOCOLS.include?(new_external_url.normalized_scheme)
+      errors.add(:external_url, "#{new_external_url.normalized_scheme} scheme is not allowed")
+    end
+  rescue Addressable::URI::InvalidURIError
+    errors.add(:external_url, 'URI is invalid')
+  end
+
   def rollout_status_available?
     has_terminals?
   end

diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb
@@ -7,7 +7,6 @@ class GroupMember < Member
 
   SOURCE_TYPE = 'Namespace'
   SOURCE_TYPE_FORMAT = /\ANamespace\z/.freeze
-  THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS = 1000
 
   belongs_to :group, foreign_key: 'source_id'
   alias_attribute :namespace_id, :source_id
@@ -67,28 +66,8 @@ def refresh_member_authorized_projects(blocking:)
     # its projects are also destroyed, so the removal of project_authorizations
     # will happen behind the scenes via DB foreign keys anyway.
     return if destroyed_by_association.present?
-    return unless user_id
-    return super if Feature.disabled?(:refresh_authorizations_via_affected_projects_on_group_membership, group)
 
-    # rubocop:disable CodeReuse/ServiceClass
-    projects_to_refresh = Groups::ProjectsRequiringAuthorizationsRefresh::OnDirectMembershipFinder.new(group).execute
-    threshold_exceeded = (projects_to_refresh.size > THRESHOLD_FOR_REFRESHING_AUTHORIZATIONS_VIA_PROJECTS)
-
-    # We want to try the new approach only if the number of affected projects are greater than the set threshold.
-    return super unless threshold_exceeded
-
-    AuthorizedProjectUpdate::ProjectAccessChangedService
-      .new(projects_to_refresh)
-      .execute(blocking: false)
-
-    # Until we compare the inconsistency rates of the new approach
-    # the old approach, we still run AuthorizedProjectsWorker
-    # but with some delay and lower urgency as a safety net.
-    UserProjectAccessChangedService
-      .new(user_id)
-      .execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY)
-
-    # rubocop:enable CodeReuse/ServiceClass
+    super
   end
 
   def send_invite

diff --git a/app/services/boards/destroy_service.rb b/app/services/boards/destroy_service.rb
@@ -3,10 +3,6 @@
 module Boards
   class DestroyService < Boards::BaseService
     def execute(board)
-      if boards.size == 1
-        return ServiceResponse.error(message: "The board could not be deleted, because the parent doesn't have any other boards.")
-      end
-
       board.destroy!
 
       ServiceResponse.success

diff --git a/app/services/bulk_imports/create_service.rb b/app/services/bulk_imports/create_service.rb
@@ -64,7 +64,7 @@ def create_bulk_import
             bulk_import: bulk_import,
             source_type: entity[:source_type],
             source_full_path: entity[:source_full_path],
-            destination_name: entity[:destination_name],
+            destination_slug: entity[:destination_slug],
             destination_namespace: entity[:destination_namespace]
           )
         end

diff --git a/...affected_projects_on_group_membership.yml → ...pment/soft_validation_on_external_url.yml b/...affected_projects_on_group_membership.yml → ...pment/soft_validation_on_external_url.yml
@@ -1,8 +1,8 @@
 ---
-name: refresh_authorizations_via_affected_projects_on_group_membership
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87071
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/362204
-milestone: '15.0'
+name: soft_validation_on_external_url
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91970
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/367206
+milestone: '15.2'
 type: development
-group: group::workspace
+group: group::release
 default_enabled: false
diff --git a/doc/administration/incoming_email.md b/doc/administration/incoming_email.md
@@ -75,11 +75,12 @@ Email is processed correctly when a configured email address is present in one o
 (sorted in the order they are checked):
 
 - `To`
-- `References`
 - `Delivered-To`
 - `Envelope-To` or `X-Envelope-To`
 - `Received`
 
+The `References` header is also accepted, however it is used specifically to relate email responses to existing discussion threads. It is not used for creating issues by email.
+
 In GitLab 14.6 and later, [Service Desk](../user/project/service_desk.md)
 also checks accepted headers.
 

diff --git a/doc/api/bulk_imports.md b/doc/api/bulk_imports.md
@@ -27,7 +27,8 @@ POST /bulk_imports
 | `entities`                        | Array  | yes      | List of entities to import. |
 | `entities[source_type]`           | String | yes      | Source entity type (only `group_entity` is supported). |
 | `entities[source_full_path]`      | String | yes      | Source full path of the entity to import. |
-| `entities[destination_name]`      | String | yes      | Destination slug for the entity. |
+| `entities[destination_name]`      | String | yes      | Deprecated: Use :destination_slug instead. Destination slug for the entity. |
+| `entities[destination_slug]`      | String | yes      | Destination slug for the entity. |
 | `entities[destination_namespace]` | String | no       | Destination namespace for the entity. |
 
 ```shell
@@ -41,7 +42,7 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitla
       {
         "source_full_path": "source/full/path",
         "source_type": "group_entity",
-        "destination_name": "destination_slug",
+        "destination_slug": "destination_slug",
         "destination_namespace": "destination/namespace/path"
       }
     ]
@@ -126,7 +127,7 @@ curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab
         "bulk_import_id": 1,
         "status": "finished",
         "source_full_path": "source_group",
-        "destination_name": "destination_slug",
+        "destination_slug": "destination_slug",
         "destination_namespace": "destination_path",
         "parent_id": null,
         "namespace_id": 1,
@@ -140,7 +141,7 @@ curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab
         "bulk_import_id": 2,
         "status": "failed",
         "source_full_path": "another_group",
-        "destination_name": "another_slug",
+        "destination_slug": "another_slug",
         "destination_namespace": "another_namespace",
         "parent_id": null,
         "namespace_id": null,
Original file line number	Diff line number	Diff line change
Expand Up		@@ -147,3 +147,4 @@ export const HLJS_COMMENT_SELECTOR = 'hljs-comment';
		export const HLJS_ON_AFTER_HIGHLIGHT = 'after:highlight';

		export const NPM_URL = 'https://npmjs.com/package';
		export const GEM_URL = 'https://rubygems.org/gems';
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,10 +28,6 @@ fragment WorkItem on WorkItem { @@
             }
           }
         }
-        ... on WorkItemWidgetWeight {
-          type
-          weight
-        }
         ... on WorkItemWidgetHierarchy {
           type
           parent {
@@ Expand All / @@ -40,10 +36,8 @@ fragment WorkItem on WorkItem { @@
             title
           }
           children {
-            edges {
-              node {
-                id
-              }
+            nodes {
+              id
             }
           }
         }
@@ Expand Down @@