Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2024-01-11 06:08:52 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2024-01-11 06:08:52 +0300
commit: 988f8190b39847793faba06375973f8d4a024426 (patch)
tree: bad08d45ee4c080e8631240e8083cd3cfeda088c
parent: a18ca85c05efe431c3a1faf6c9f4257638b73493 (diff)
14 files changed, 88 insertions, 38 deletions
diff --git a/Gemfile b/Gemfile
index e274a5c9e27..e94049ffec8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -203,7 +203,7 @@ gem 'seed-fu', '~> 2.3.7' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'elasticsearch-model', '~> 7.2' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'elasticsearch-api',   '7.13.3' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'aws-sdk-core', '~> 3.190.1' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'aws-sdk-core', '~> 3.190.2' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'aws-sdk-cloudformation', '~> 1' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'aws-sdk-s3', '~> 1.142.0' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'faraday_middleware-aws-sigv4', '~>0.3.0' # rubocop:todo Gemfile/MissingFeatureCategory
@@ -436,7 +436,7 @@ group :development, :test do
 
   gem 'gitlab-styles', '~> 11.0.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 
-  gem 'haml_lint', '~> 0.52', require: false # rubocop:todo Gemfile/MissingFeatureCategory
+  gem 'haml_lint', '~> 0.53', require: false # rubocop:todo Gemfile/MissingFeatureCategory
   gem 'bundler-audit', '~> 0.9.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 
   # Benchmarking & profiling
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 10ffeac0d26..1b529e0a14f 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -37,7 +37,7 @@
 {"name":"aws-eventstream","version":"1.3.0","platform":"ruby","checksum":"f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f"},
 {"name":"aws-partitions","version":"1.877.0","platform":"ruby","checksum":"9552ed7bbd3700ed1eeb0121c160ceaf64fa5dbaff5a1ff5fe6fd8481ecd9cfd"},
 {"name":"aws-sdk-cloudformation","version":"1.41.0","platform":"ruby","checksum":"31e47539719734413671edf9b1a31f8673fbf9688549f50c41affabbcb1c6b26"},
-{"name":"aws-sdk-core","version":"3.190.1","platform":"ruby","checksum":"b02aa7981f955c6021405c89b66e99061b99e2edc4f5b48c0f3dc742dd53daaa"},
+{"name":"aws-sdk-core","version":"3.190.2","platform":"ruby","checksum":"5d97bd8ebfff08b51c38e37dace3d919fa7c708696da01b1d343f2bbaf472e7d"},
 {"name":"aws-sdk-kms","version":"1.76.0","platform":"ruby","checksum":"e7f75013cba9ba357144f66bbc600631c192e2cda9dd572794be239654e2cf49"},
 {"name":"aws-sdk-s3","version":"1.142.0","platform":"ruby","checksum":"79cd888eca66fd2ef3ae8b74d76173a2eccbeff6a1bba62a60b7c7dadc8dd7e9"},
 {"name":"aws-sigv4","version":"1.8.0","platform":"ruby","checksum":"84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc"},
@@ -287,7 +287,7 @@
 {"name":"guard-compat","version":"1.2.1","platform":"ruby","checksum":"3ad21ab0070107f92edfd82610b5cdc2fb8e368851e72362ada9703443d646fe"},
 {"name":"guard-rspec","version":"4.7.3","platform":"ruby","checksum":"a47ba03cbd1e3c71e6ae8645cea97e203098a248aede507461a43e906e2f75ca"},
 {"name":"haml","version":"5.2.2","platform":"ruby","checksum":"6e759246556145642ef832d670fc06f9bd8539159a0e600847a00291dd7aae0c"},
-{"name":"haml_lint","version":"0.52.0","platform":"ruby","checksum":"76326b0f1a412558303bca983bd1bbb6e46555386589174502d263b9918114ea"},
+{"name":"haml_lint","version":"0.53.0","platform":"ruby","checksum":"223dc1b5abfec7a7bedd2d2c409752e8811a5d53cc71c8ef7be329d05bf91b18"},
 {"name":"hamlit","version":"2.15.0","platform":"java","checksum":"fda165464e59337ab7cda6304a66bfdb607bb7155f25566da19c9ee7b98e03d1"},
 {"name":"hamlit","version":"2.15.0","platform":"ruby","checksum":"d2e8505362338945fa309c68b2b8be07ebdc181200ec6021223567bf66dac38e"},
 {"name":"hana","version":"1.3.7","platform":"ruby","checksum":"5425db42d651fea08859811c29d20446f16af196308162894db208cac5ce9b0d"},
diff --git a/Gemfile.lock b/Gemfile.lock
index 6520598664b..b087aedf845 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -301,7 +301,7 @@ GEM
     aws-sdk-cloudformation (1.41.0)
       aws-sdk-core (~> 3, >= 3.99.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.190.1)
+    aws-sdk-core (3.190.2)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
@@ -883,8 +883,8 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
-    haml_lint (0.52.0)
-      haml (>= 4.0)
+    haml_lint (0.53.0)
+      haml (>= 5.0)
       parallel (~> 1.10)
       rainbow
       rubocop (>= 1.0)
@@ -1817,7 +1817,7 @@ DEPENDENCIES
   autoprefixer-rails (= 10.2.5.1)
   awesome_print
   aws-sdk-cloudformation (~> 1)
-  aws-sdk-core (~> 3.190.1)
+  aws-sdk-core (~> 3.190.2)
   aws-sdk-s3 (~> 1.142.0)
   axe-core-rspec
   babosa (~> 2.0)
@@ -1942,7 +1942,7 @@ DEPENDENCIES
   grpc (~> 1.58.0)
   gssapi (~> 1.3.1)
   guard-rspec
-  haml_lint (~> 0.52)
+  haml_lint (~> 0.53)
   hamlit (~> 2.15.0)
   hashie (~> 5.0.0)
   health_check (~> 3.0)
diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index 66456413a98..1fff089451d 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -231,7 +231,7 @@ class Deployment < ApplicationRecord
     ##
     # FastDestroyAll concerns
     def begin_fast_destroy
-      preload(:project).find_each.map do |deployment|
+      preload(:project, :environment).find_each.map do |deployment|
         [deployment.project, deployment.ref_path]
       end
     end
diff --git a/doc/.vale/gitlab/BadgeCapitalization.yml b/doc/.vale/gitlab/BadgeCapitalization.yml
deleted file mode 100644
index a44bcbc0a7d..00000000000
--- a/doc/.vale/gitlab/BadgeCapitalization.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-# Error: gitlab.BadgeCapitalization
-#
-# Verifies that badges are not mixed case, which won't render properly.
-#
-# For a list of all options, see https://vale.sh/docs/topics/styles/
-extends: existence
-message: "Capitalize the '%s' badge."
-link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges
-level: error
-scope: raw
-raw:
-  - '(?!\*\*\((FREE|PREMIUM|ULTIMATE)( (SELF|SAAS|ALL) (BETA|EXPERIMENT))?\)\*\*)'
-  - '(?i)\*\*\((free|premium|ultimate)( (self|saas|all) (beta|experiment))?\)\*\*'
diff --git a/doc/.vale/gitlab/Uppercase.yml b/doc/.vale/gitlab/Uppercase.yml
index b13ebe2c0a8..01837726b91 100644
--- a/doc/.vale/gitlab/Uppercase.yml
+++ b/doc/.vale/gitlab/Uppercase.yml
@@ -64,6 +64,8 @@ exceptions:
   - DORA
   - DSA
   - DSL
+  - DUOPRO
+  - DUOENT
   - DVCS
   - DVD
   - EBS
diff --git a/doc/architecture/blueprints/gitlab_housekeeper/index.md b/doc/architecture/blueprints/gitlab_housekeeper/index.md
index 76ff032bbcf..fcb5590772d 100644
--- a/doc/architecture/blueprints/gitlab_housekeeper/index.md
+++ b/doc/architecture/blueprints/gitlab_housekeeper/index.md
@@ -14,7 +14,8 @@ participating-stages: []
 
 ## Summary
 
-This blueprint documents the philosophy behind the "GitLab Housekeeper" gem
+This blueprint documents the philosophy behind the
+["GitLab Housekeeper" gem](https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-housekeeper)
 which was introduced in
 <https://gitlab.com/gitlab-org/gitlab/-/merge_requests/139492> and has already
 been used to create many merge requests.
diff --git a/doc/development/merge_request_concepts/diffs/index.md b/doc/development/merge_request_concepts/diffs/index.md
index ad0e8603983..eb7c836e610 100644
--- a/doc/development/merge_request_concepts/diffs/index.md
+++ b/doc/development/merge_request_concepts/diffs/index.md
@@ -28,6 +28,7 @@ codebase in the future:
 
 - <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
   [Recording on YouTube](https://www.youtube.com/watch?v=K6G3gMcFyek)
+  <!-- Video published on 2019-01-29 -->
 - Slides on [Google Slides](https://docs.google.com/presentation/d/1bGutFH2AT3bxOPZuLMGl1ANWHqFnrxwQwjiwAZkF-TU/edit)
 - [PDF slides](https://gitlab.com/gitlab-org/create-stage/uploads/b5ad2f336e0afcfe0f99db0af0ccc71a/)
 
@@ -192,7 +193,7 @@ has been introduced.
 One of the key challenges to deal with when working on merge ref diffs are merge
 conflicts. If the target and source branch contains a merge conflict, the branches
 cannot be automatically merged. The
-<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [recording on YouTube](https://www.youtube.com/watch?v=GFXIFA4ZuZw&feature=youtu.be&ab_channel=GitLabUnfiltered)
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [recording on YouTube](https://www.youtube.com/watch?v=GFXIFA4ZuZw&feature=youtu.be&ab_channel=GitLabUnfiltered) <!-- Video published on 2020-07-24 -->
 is a quick introduction to the problem and the motivation behind the [epic](https://gitlab.com/groups/gitlab-org/-/epics/854).
 
 In 13.5 a solution for both-modified merge
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index da1439ed13e..6441f74a41b 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -282,17 +282,25 @@ The merge request security widget displays only a subset of the vulnerabilities
 
 From the merge request security widget, select **Expand** to unfold the widget, displaying any new and no longer detected (removed) findings by scan type.
 
-For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity. To see all
-findings, select **View full report** to go directly to the **Security** tab in the latest branch pipeline.
+For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity.
+This is determined by comparing the security reports from the source branch and target branch pipelines.
+
+As an example, consider two pipelines with these scan results:
+
+- The source branch pipeline detects two vulnerabilities identified as `V1` and `V2`.
+- The target branch pipeline detects two vulnerabilities identified as `V1` and `V3`.
+- `V2` will show on the merge request widget as "added".
+- `V3` will show on the merge request widget as "fixed".
+- `V1` exists on both branches and is not shown on the merge request widget.
+
+To see all findings on the source branch of the merge request, select **View full report** to go directly to the **Security** tab in the latest source branch pipeline.
 
 ![Security scanning results in a merge request](img/mr_security_scanning_results_v14_3.png)
 
 ### Pipeline security tab
 
-A pipeline's security tab lists all findings in the current branch. It includes findings introduced
-by this branch and vulnerabilities already present in the base branch. These results likely do not
-match the findings displayed in the Merge Request security widget, as those do not include the
-existing vulnerabilities. For more information see
+A pipeline's security tab lists all findings from the security reports in the pipeline's
+job artifacts. For more information see
 [Vulnerabilities in a pipeline](vulnerability_report/pipeline.md).
 
 ### Security dashboard
diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md
index 58d9c0b44f1..92817b70b6c 100644
--- a/doc/user/application_security/policies/scan-execution-policies.md
+++ b/doc/user/application_security/policies/scan-execution-policies.md
@@ -351,11 +351,11 @@ enforced by the policy.
 
 #### `ci_configuration_path` object
 
-| Field     | Type                | Description |
-|-----------|---------------------|-------------|
-| `project` | `string`            | A project namespace path. |
-| `file`    | `string`            | The file name of the CI/CD YAML file. |
-| `ref`     | `string` (optional) | The branch name, tag name, or commit SHA. |
+| Field     | Type                | Required | Description |
+|-----------|---------------------|----------|-------------|
+| `project` | `string`            | true     | A project namespace path. |
+| `file`    | `string`            | true     | The file name of the CI/CD YAML file. |
+| `ref`     | `string`            | false    | The branch name, tag name, or commit SHA. If not specified, uses the default branch. |
 
 #### `scan` action type
 
diff --git a/doc/user/project/merge_requests/reviews/index.md b/doc/user/project/merge_requests/reviews/index.md
index 23b1207619e..78e4c19dd57 100644
--- a/doc/user/project/merge_requests/reviews/index.md
+++ b/doc/user/project/merge_requests/reviews/index.md
@@ -19,6 +19,7 @@ review merge requests in Visual Studio Code.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For an overview, see [Merge request review](https://www.youtube.com/watch?v=2MayfXKpU08&list=PLFGfElNsQthYDx0A_FaNNfUm9NHsK6zED&index=183).
+<!-- Video published on 2023-04-29 -->
 
 ## GitLab Duo Suggested Reviewers **(ULTIMATE SAAS)**
 
@@ -31,6 +32,7 @@ GitLab uses machine learning to suggest reviewers for your merge request.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For an overview, see [GitLab Duo Suggested Reviewers](https://www.youtube.com/embed/ivwZQgh4Rxw).
+<!-- Video published on 2023-11-03 -->
 
 To suggest reviewers, GitLab uses:
 
diff --git a/lib/gitlab/github_import/user_finder.rb b/lib/gitlab/github_import/user_finder.rb
index 925b0c7a019..bec4c7fc4d4 100644
--- a/lib/gitlab/github_import/user_finder.rb
+++ b/lib/gitlab/github_import/user_finder.rb
@@ -219,6 +219,13 @@ module Gitlab
         "gitlab:github_import:user_finder:#{project.id}"
       end
 
+      # Retrieves the email associated with the given username from the cache.
+      #
+      # The return value can be an email, an empty string, or nil.
+      #
+      # If an empty string is returned, it indicates that the user's email was fetched but not set on GitHub.
+      # If nil is returned, it indicates that the user's email wasn't fetched or the cache has expired.
+      # If an email is returned, it means the user has a public email set, and it has been successfully cached.
       def read_email_from_cache(username)
         Gitlab::Cache::Import::Caching.read(email_cache_key(username))
       end
@@ -238,7 +245,7 @@ module Gitlab
           if retried
             email = read_email_from_cache(username)
 
-            next email if email
+            next email if email.present?
           end
 
           log(EMAIL_API_CALL_LOGGING_MESSAGE[etag.present?], username: username)
@@ -249,6 +256,11 @@ module Gitlab
         end
       end
 
+      # Caches the email associated to the username
+      #
+      # An empty email is cached when the user email isn't set on GitHub.
+      # This is done to prevent UserFinder from fetching the user's email again when the user's email isn't set on
+      # GitHub
       def cache_email!(username, email)
         return unless email
 
@@ -256,6 +268,8 @@ module Gitlab
       end
 
       def cache_etag!(username)
+        return unless client.octokit.last_response
+
         etag = client.octokit.last_response.headers[:etag]
         Gitlab::Cache::Import::Caching.write(etag_cache_key(username), etag)
       end
diff --git a/spec/lib/gitlab/github_import/user_finder_spec.rb b/spec/lib/gitlab/github_import/user_finder_spec.rb
index 31118c798e4..998fa8b2c9f 100644
--- a/spec/lib/gitlab/github_import/user_finder_spec.rb
+++ b/spec/lib/gitlab/github_import/user_finder_spec.rb
@@ -461,6 +461,30 @@ RSpec.describe Gitlab::GithubImport::UserFinder, :clean_gitlab_redis_cache, feat
 
           it_behaves_like 'a user resource not found on GitHub'
         end
+
+        context 'if the cached etag is nil' do
+          context 'when lock was executed by another process and an email was fetched' do
+            it 'does not fetch user detail' do
+              expect(finder).to receive(:read_email_from_cache).ordered.and_return('')
+              expect(finder).to receive(:read_email_from_cache).ordered.and_return(email)
+              expect(finder).to receive(:in_lock).and_yield(true)
+              expect(client).not_to receive(:user)
+
+              email_for_github_username
+            end
+          end
+
+          context 'when lock was executed by another process and an email in cache is still blank' do
+            it 'fetch user detail' do
+              expect(finder).to receive(:read_email_from_cache).ordered.and_return('')
+              expect(finder).to receive(:read_email_from_cache).ordered.and_return('')
+              expect(finder).to receive(:in_lock).and_yield(true)
+              expect(client).to receive(:user).with(username, { headers: {} }).and_return({ email: email }).once
+
+              email_for_github_username
+            end
+          end
+        end
       end
 
       context 'if the email has been checked for the project' do
diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb
index 2beab48fb73..d260e75871d 100644
--- a/spec/models/deployment_spec.rb
+++ b/spec/models/deployment_spec.rb
@@ -1539,6 +1539,18 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do
         expect(project.commit(deployment.ref_path)).not_to be_nil
       end
     end
+
+    it 'does not trigger N+1 queries' do
+      project = create(:project, :repository)
+      environment = create(:environment, project: project)
+      create(:deployment, environment: environment, project: project)
+
+      control = ActiveRecord::QueryRecorder.new { project.deployments.fast_destroy_all }
+
+      create_list(:deployment, 2, environment: environment, project: project)
+
+      expect { project.deployments.fast_destroy_all }.not_to exceed_query_limit(control)
+    end
   end
 
   describe '#update_merge_request_metrics!' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2024-01-11 06:08:52 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2024-01-11 06:08:52 +0300
commit	988f8190b39847793faba06375973f8d4a024426 (patch)
tree	bad08d45ee4c080e8631240e8083cd3cfeda088c
parent	a18ca85c05efe431c3a1faf6c9f4257638b73493 (diff)