Add latest changes from gitlab-org/gitlab@master

9 files changed, 100 insertions, 22 deletions

diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index a0858417f82..70d81077c87 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-85efc2a008ed64cf8ed516aa43537712b478e139
+7a8fd30510a92d436a5144c3c20f6654ff3ec51d
diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION
index d18453764c3..654afc8e19e 100644
--- a/GITLAB_KAS_VERSION
+++ b/GITLAB_KAS_VERSION
@@ -1 +1 @@
-14.5.0
+14.7.0
diff --git a/app/helpers/avatars_helper.rb b/app/helpers/avatars_helper.rb
index 2d754bd99e9..9dc93779b12 100644
--- a/app/helpers/avatars_helper.rb
+++ b/app/helpers/avatars_helper.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module AvatarsHelper
+  DEFAULT_AVATAR_PATH = 'no_avatar.png'
+
   def project_icon(project, options = {})
     source_icon(project, options)
   end
@@ -33,12 +35,12 @@ module AvatarsHelper
     end
   end
 
-  def avatar_icon_for_user(user = nil, size = nil, scale = 2, only_path: true)
-    if user
-      user.avatar_url(size: size, only_path: only_path) || default_avatar
-    else
-      gravatar_icon(nil, size, scale)
-    end
+  def avatar_icon_for_user(user = nil, size = nil, scale = 2, only_path: true, current_user: nil)
+    return gravatar_icon(nil, size, scale) unless user
+    return default_avatar if blocked_or_unconfirmed?(user) && !can_admin?(current_user)
+
+    user_avatar = user.avatar_url(size: size, only_path: only_path)
+    user_avatar || default_avatar
   end
 
   def gravatar_icon(user_email = '', size = nil, scale = 2)
@@ -47,7 +49,7 @@ module AvatarsHelper
   end
 
   def default_avatar
-    ActionController::Base.helpers.image_path('no_avatar.png')
+    ActionController::Base.helpers.image_path(DEFAULT_AVATAR_PATH)
   end
 
   def author_avatar(commit_or_event, options = {})
@@ -157,4 +159,14 @@ module AvatarsHelper
       source.name[0, 1].upcase
     end
   end
+
+  def blocked_or_unconfirmed?(user)
+    user.blocked? || !user.confirmed?
+  end
+
+  def can_admin?(user)
+    return false unless user
+
+    user.can_admin_all_resources?
+  end
 end
diff --git a/app/models/vulnerability.rb b/app/models/vulnerability.rb
index 4e1f48227d9..a5881e80e88 100644
--- a/app/models/vulnerability.rb
+++ b/app/models/vulnerability.rb
@@ -2,6 +2,7 @@
 
 # Placeholder class for model that is implemented in EE
 class Vulnerability < ApplicationRecord
+  include EachBatch
   include IgnorableColumns
 
   def self.link_reference_pattern
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index bdc5bdabb21..94542af3b96 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -10,7 +10,7 @@
         = @user.name
       %ul.content-list
         %li
-          = image_tag avatar_icon_for_user(@user, 60), class: "avatar s60"
+          = image_tag avatar_icon_for_user(@user, 60, current_user: current_user), class: "avatar s60"
         %li
           %span.light= _('Profile page:')
           %strong
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
index d5a1f3884c9..138a0f464b5 100644
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@@ -50,8 +50,8 @@
 
     .profile-header{ class: [('with-no-profile-tabs' if profile_tabs.empty?)] }
       .avatar-holder
-        = link_to avatar_icon_for_user(@user, 400), target: '_blank', rel: 'noopener noreferrer' do
-          = image_tag avatar_icon_for_user(@user, 90), class: "avatar s90", alt: '', itemprop: 'image'
+        = link_to avatar_icon_for_user(@user, 400, current_user: current_user), target: '_blank', rel: 'noopener noreferrer' do
+          = image_tag avatar_icon_for_user(@user, 90, current_user: current_user), class: "avatar s90", alt: '', itemprop: 'image'
 
       - if @user.blocked? || !@user.confirmed?
         .user-info
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index 826c1ac8dd4..1d8e0e413cc 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -1322,12 +1322,14 @@ Use `coverage` with a custom regular expression to configure how code coverage
 is extracted from the job output. The coverage is shown in the UI if at least one
 line in the job output matches the regular expression.
 
-To extract the code coverage value in the matching line, GitLab uses this
-regular expression: `\d+(\.\d+)?`.
+To extract the code coverage value from the match, GitLab uses
+this smaller regular expression: `\d+(\.\d+)?`.
 
 **Possible inputs**:
 
-- A regular expression. Must start and end with `/`.
+- A regular expression. Must start and end with `/`. Must match the coverage number.
+  May match surrounding text as well, so you don't need to use a regular expression character group
+  to capture the exact number.
 
 **Example of `coverage`**:
 
@@ -1339,14 +1341,18 @@ job1:
 
 In this example:
 
-1. GitLab checks the job log for a line that matches the regular expression. A line
-   like `Code coverage: 67.89` would match.
-1. GitLab then checks the line to find a match to `\d+(\.\d+)?`. The sample matching
-   line above gives a code coverage of `67.89`.
+1. GitLab checks the job log for a match with the regular expression. A line
+   like `Code coverage: 67.89% of lines covered` would match.
+1. GitLab then checks the matched fragment to find a match to `\d+(\.\d+)?`.
+   The sample matching line above gives a code coverage of `67.89`.
 
 **Additional details**:
 
-- If there is more than one matched line in the job output, the last line is used.
+- If there is more than one matched line in the job output, the last line is used
+  (the first result of reverse search).
+- If there are multiple matches in a single line, the last match is searched
+  for the coverage number.
+- If there are multiple coverage numbers found in the matched fragment, the first number is used.
 - Leading zeros are removed.
 - Coverage output from [child pipelines](../pipelines/parent_child_pipelines.md)
   is not recorded or displayed. Check [the related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/280818)
diff --git a/doc/development/documentation/testing.md b/doc/development/documentation/testing.md
index 134183a0e75..892f87cdba8 100644
--- a/doc/development/documentation/testing.md
+++ b/doc/development/documentation/testing.md
@@ -126,6 +126,24 @@ If you don't want to install all of the dependencies to test the links, you can:
 If you manually install `haml-lint` with this process, it does not update automatically
 and you should make sure your version matches the version used by GitLab.
 
+## Update linter configuration
+
+[Vale configuration](#vale) and [markdownlint configuration](#markdownlint) is under source control in each 
+project, so updates must be committed to each project individually.
+
+We consider the configuration in the `gitlab` project as the source of truth and that's where all updates should
+first be made.
+
+On a regular basis, the changes made in `gitlab` project to the Vale and markdownlint configuration should be
+synchronized to the other projects. In `omnibus-gitlab`, `gitlab-runner`, and `charts/gitlab`:
+
+1. Create a new branch.
+1. Copy the configuration files from the `gitlab` project into this branch, overwriting
+   the project's old configuration. Make sure no project-specific changes from the `gitlab`
+   project are included. For example, [`RelativeLinks.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/.vale/gitlab/RelativeLinks.yml)
+   is hard coded for specific projects.
+1. Create a merge request and submit it to a technical writer for review and merge.
+
 ## Local linters
 
 To help adhere to the [documentation style guidelines](styleguide/index.md), and improve the content
diff --git a/spec/helpers/avatars_helper_spec.rb b/spec/helpers/avatars_helper_spec.rb
index a6195e47c30..192e48f43e5 100644
--- a/spec/helpers/avatars_helper_spec.rb
+++ b/spec/helpers/avatars_helper_spec.rb
@@ -146,11 +146,52 @@ RSpec.describe AvatarsHelper do
   describe '#avatar_icon_for_user' do
     let(:user) { create(:user, avatar: File.open(uploaded_image_temp_path)) }
 
+    shared_examples 'blocked or unconfirmed user with avatar' do
+      context 'when the viewer is not an admin' do
+        let!(:viewing_user) { create(:user) }
+
+        it 'returns the default avatar' do
+          expect(helper.avatar_icon_for_user(user, current_user: viewing_user).to_s)
+            .to match_asset_path(described_class::DEFAULT_AVATAR_PATH)
+        end
+      end
+
+      context 'when the viewer is an admin', :enable_admin_mode do
+        let!(:viewing_user) { create(:user, :admin) }
+
+        it 'returns the default avatar when the user is not passed' do
+          expect(helper.avatar_icon_for_user(user).to_s)
+            .to match_asset_path(described_class::DEFAULT_AVATAR_PATH)
+        end
+
+        it 'returns the user avatar when the user is passed' do
+          expect(helper.avatar_icon_for_user(user, current_user: viewing_user).to_s)
+            .to eq(user.avatar.url)
+        end
+      end
+    end
+
     context 'with a user object passed' do
       it 'returns a relative URL for the avatar' do
         expect(helper.avatar_icon_for_user(user).to_s)
           .to eq(user.avatar.url)
       end
+
+      context 'when the user is blocked' do
+        before do
+          user.block!
+        end
+
+        it_behaves_like 'blocked or unconfirmed user with avatar'
+      end
+
+      context 'when the user is unconfirmed' do
+        before do
+          user.update!(confirmed_at: nil)
+        end
+
+        it_behaves_like 'blocked or unconfirmed user with avatar'
+      end
     end
 
     context 'without a user object passed' do
@@ -171,7 +212,7 @@ RSpec.describe AvatarsHelper do
       end
 
       it 'returns a generic avatar' do
-        expect(helper.gravatar_icon(user_email)).to match_asset_path('no_avatar.png')
+        expect(helper.gravatar_icon(user_email)).to match_asset_path(described_class::DEFAULT_AVATAR_PATH)
       end
     end
 
@@ -181,7 +222,7 @@ RSpec.describe AvatarsHelper do
       end
 
       it 'returns a generic avatar when email is blank' do
-        expect(helper.gravatar_icon('')).to match_asset_path('no_avatar.png')
+        expect(helper.gravatar_icon('')).to match_asset_path(described_class::DEFAULT_AVATAR_PATH)
       end
 
       it 'returns a valid Gravatar URL' do