Add latest changes from gitlab-org/gitlab@16-3-stable-ee

7 files changed, 75 insertions, 1 deletions

diff --git a/db/migrate/20230823160533_update_package_metadata_sync_setting.rb b/db/migrate/20230823160533_update_package_metadata_sync_setting.rb
new file mode 100644
index 00000000000..23d0de6e38b
--- /dev/null
+++ b/db/migrate/20230823160533_update_package_metadata_sync_setting.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class UpdatePackageMetadataSyncSetting < Gitlab::Database::Migration[2.1]
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  class ApplicationSetting < MigrationRecord
+  end
+
+  FULLY_ENABLED_SYNC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12].freeze
+
+  def up
+    application_setting = ApplicationSetting.last
+    return unless application_setting
+
+    # Check if the setting still has a default value and it wasn't updated manually by the admin
+    return unless application_setting.package_metadata_purl_types == []
+
+    # Update setting to enable all package types to sync
+    application_setting.update(package_metadata_purl_types: FULLY_ENABLED_SYNC)
+  end
+
+  def down
+    # no op
+  end
+end
diff --git a/db/migrate/20230830101525_update_default_value_pm.rb b/db/migrate/20230830101525_update_default_value_pm.rb
new file mode 100644
index 00000000000..71de72c7e97
--- /dev/null
+++ b/db/migrate/20230830101525_update_default_value_pm.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class UpdateDefaultValuePm < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  FULLY_ENABLED_SYNC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12].freeze
+
+  def change
+    change_column_default :application_settings, :package_metadata_purl_types, from: [], to: FULLY_ENABLED_SYNC
+  end
+end
diff --git a/db/schema_migrations/20230823160533 b/db/schema_migrations/20230823160533
new file mode 100644
index 00000000000..de83556d427
--- /dev/null
+++ b/db/schema_migrations/20230823160533
@@ -0,0 +1 @@
+1583a9581ec2905781f4a5bb7715c7da784d6772eb6b6d8ecb05cad53f13b8c9
\ No newline at end of file
diff --git a/db/schema_migrations/20230830101525 b/db/schema_migrations/20230830101525
new file mode 100644
index 00000000000..7dd7920d7b8
--- /dev/null
+++ b/db/schema_migrations/20230830101525
@@ -0,0 +1 @@
+02b0d2f9133db9378d2511144c4cff91a5d2ea9dce30eed371122dec342d547b
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 9555b61a16e..89917d13133 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -11898,7 +11898,7 @@ CREATE TABLE application_settings (
     encrypted_product_analytics_configurator_connection_string bytea,
     encrypted_product_analytics_configurator_connection_string_iv bytea,
     silent_mode_enabled boolean DEFAULT false NOT NULL,
-    package_metadata_purl_types smallint[] DEFAULT '{}'::smallint[],
+    package_metadata_purl_types smallint[] DEFAULT '{1,2,3,4,5,6,7,8,9,10,11,12}'::smallint[],
     ci_max_includes integer DEFAULT 150 NOT NULL,
     remember_me_enabled boolean DEFAULT true NOT NULL,
     encrypted_anthropic_api_key bytea,
diff --git a/doc/api/settings.md b/doc/api/settings.md
index cc233ec69d9..aeb95f54431 100644
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -486,6 +486,7 @@ listed in the descriptions of the relevant settings.
 | `pypi_package_requests_forwarding` **(PREMIUM)**  | boolean | no                                   | Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI. |
 | `outbound_local_requests_whitelist`      | array of strings | no                                   | Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for webhooks and integrations are disabled.
 | `package_registry_allow_anyone_to_pull_option` | boolean    | no                                   | Enable to [allow anyone to pull from Package Registry](../user/packages/package_registry/index.md#allow-anyone-to-pull-from-package-registry) visible and changeable.
+| `package_metadata_purl_types` **(ULTIMATE SELF)** | array of integers | no                         | List of [package registry metadata to sync](../administration/settings/security_and_compliance.md#choose-package-registry-metadata-to-sync). See [the list](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/concerns/enums/package_metadata.rb#L5) of the available values.
 | `pages_domain_verification_enabled`       | boolean         | no                                   | Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled. |
 | `password_authentication_enabled_for_git` | boolean         | no                                   | Enable authentication for Git over HTTP(S) via a GitLab account password. Default is `true`. |
 | `password_authentication_enabled_for_web` | boolean         | no                                   | Enable authentication for the web interface via a GitLab account password. Default is `true`. |
diff --git a/spec/migrations/db/migrate/20230823160533_update_package_metadata_sync_setting_spec.rb b/spec/migrations/db/migrate/20230823160533_update_package_metadata_sync_setting_spec.rb
new file mode 100644
index 00000000000..0e1f6cd9b69
--- /dev/null
+++ b/spec/migrations/db/migrate/20230823160533_update_package_metadata_sync_setting_spec.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe UpdatePackageMetadataSyncSetting, feature_category: :software_composition_analysis do
+  let(:settings) { table(:application_settings) }
+  let(:fully_enabled_sync_setting) { [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] }
+
+  describe "#up" do
+    context 'with default value' do
+      let(:fully_disabled_sync) { [] }
+
+      it 'updates setting' do
+        settings.create!(package_metadata_purl_types: fully_disabled_sync)
+
+        migrate!
+
+        expect(ApplicationSetting.last.package_metadata_purl_types).to eq(fully_enabled_sync_setting)
+      end
+    end
+
+    context 'with custom value' do
+      let(:partially_enabled_sync) { [1, 2, 3, 4, 5] }
+
+      it 'does not change setting' do
+        settings.create!(package_metadata_purl_types: partially_enabled_sync)
+
+        migrate!
+
+        expect(ApplicationSetting.last.package_metadata_purl_types).to eq(partially_enabled_sync)
+      end
+    end
+  end
+end