Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-30 03:08:33 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-30 03:08:33 +0300
commit: 5281a205544b4e6e57f5b3cb8f20a5da4710cdc5 (patch)
tree: d61c05f01c524912c1f20fa7d70b751317be8dca
parent: d8b32df644a632b143d6b9967311301a2fc83a6b (diff)
17 files changed, 115 insertions, 66 deletions
diff --git a/Gemfile b/Gemfile
index 1ec4eaac466..5483fd5ca15 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 6.0.3.1'
+gem 'rails', '~> 6.0.3'
 
 gem 'bootsnap', '~> 1.4.6'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index e7cb545500c..03d492651ed 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -6,59 +6,59 @@ GEM
     ace-rails-ap (4.1.2)
     acme-client (2.0.5)
       faraday (~> 0.9, >= 0.9.1)
-    actioncable (6.0.3.1)
-      actionpack (= 6.0.3.1)
+    actioncable (6.0.3)
+      actionpack (= 6.0.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionmailbox (6.0.3)
+      actionpack (= 6.0.3)
+      activejob (= 6.0.3)
+      activerecord (= 6.0.3)
+      activestorage (= 6.0.3)
+      activesupport (= 6.0.3)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
+    actionmailer (6.0.3)
+      actionpack (= 6.0.3)
+      actionview (= 6.0.3)
+      activejob (= 6.0.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.1)
-      actionview (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionpack (6.0.3)
+      actionview (= 6.0.3)
+      activesupport (= 6.0.3)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actiontext (6.0.3)
+      actionpack (= 6.0.3)
+      activerecord (= 6.0.3)
+      activestorage (= 6.0.3)
+      activesupport (= 6.0.3)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionview (6.0.3)
+      activesupport (= 6.0.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    activejob (6.0.3)
+      activesupport (= 6.0.3)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activerecord (6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    activemodel (6.0.3)
+      activesupport (= 6.0.3)
+    activerecord (6.0.3)
+      activemodel (= 6.0.3)
+      activesupport (= 6.0.3)
     activerecord-explain-analyze (0.1.0)
       activerecord (>= 4)
       pg
-    activestorage (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
+    activestorage (6.0.3)
+      actionpack (= 6.0.3)
+      activejob (= 6.0.3)
+      activerecord (= 6.0.3)
       marcel (~> 0.3.1)
-    activesupport (6.0.3.1)
+    activesupport (6.0.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -801,20 +801,20 @@ GEM
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rack-timeout (0.5.1)
-    rails (6.0.3.1)
-      actioncable (= 6.0.3.1)
-      actionmailbox (= 6.0.3.1)
-      actionmailer (= 6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actiontext (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    rails (6.0.3)
+      actioncable (= 6.0.3)
+      actionmailbox (= 6.0.3)
+      actionmailer (= 6.0.3)
+      actionpack (= 6.0.3)
+      actiontext (= 6.0.3)
+      actionview (= 6.0.3)
+      activejob (= 6.0.3)
+      activemodel (= 6.0.3)
+      activerecord (= 6.0.3)
+      activestorage (= 6.0.3)
+      activesupport (= 6.0.3)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.1)
+      railties (= 6.0.3)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -828,9 +828,9 @@ GEM
     rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 7)
-    railties (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    railties (6.0.3)
+      actionpack (= 6.0.3)
+      activesupport (= 6.0.3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
@@ -1335,7 +1335,7 @@ DEPENDENCIES
   rack-oauth2 (~> 1.9.3)
   rack-proxy (~> 0.6.0)
   rack-timeout
-  rails (~> 6.0.3.1)
+  rails (~> 6.0.3)
   rails-controller-testing
   rails-i18n (~> 6.0)
   rainbow (~> 3.0)
diff --git a/app/graphql/types/alert_management/alert_type.rb b/app/graphql/types/alert_management/alert_type.rb
index db2324aa9e7..1630bf4491d 100644
--- a/app/graphql/types/alert_management/alert_type.rb
+++ b/app/graphql/types/alert_management/alert_type.rb
@@ -88,6 +88,12 @@ module Types
             [Types::UserType],
             null: true,
             description: 'Assignees of the alert'
+
+      def assignees
+        return User.none unless Feature.enabled?(:alert_assignee, object.project)
+
+        object.assignees
+      end
     end
   end
 end
diff --git a/app/models/ci/job_artifact.rb b/app/models/ci/job_artifact.rb
index e764bdd9133..146089c637d 100644
--- a/app/models/ci/job_artifact.rb
+++ b/app/models/ci/job_artifact.rb
@@ -27,6 +27,7 @@ module Ci
       accessibility: 'gl-accessibility.json',
       codequality: 'gl-code-quality-report.json',
       sast: 'gl-sast-report.json',
+      secret_detection: 'gl-secret-detection-report.json',
       dependency_scanning: 'gl-dependency-scanning-report.json',
       container_scanning: 'gl-container-scanning-report.json',
       dast: 'gl-dast-report.json',
@@ -63,6 +64,7 @@ module Ci
       accessibility: :raw,
       codequality: :raw,
       sast: :raw,
+      secret_detection: :raw,
       dependency_scanning: :raw,
       container_scanning: :raw,
       dast: :raw,
@@ -177,7 +179,8 @@ module Ci
       cobertura: 17,
       terraform: 18, # Transformed json
       accessibility: 19,
-      cluster_applications: 20
+      cluster_applications: 20,
+      secret_detection: 21 ## EE-specific
     }
 
     enum file_format: {
diff --git a/changelogs/unreleased/move_migration_to_post_deployment.yml b/changelogs/unreleased/move_migration_to_post_deployment.yml
new file mode 100644
index 00000000000..d70ab5249c4
--- /dev/null
+++ b/changelogs/unreleased/move_migration_to_post_deployment.yml
@@ -0,0 +1,5 @@
+---
+title: Move migration related to ci_builds to post_deployment
+merge_request: 33416
+author:
+type: performance
diff --git a/db/migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb b/db/post_migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb
index e09ad4bdadf..e09ad4bdadf 100644
--- a/db/migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb
+++ b/db/post_migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
index a99f42c2e06..3fd8160aa82 100644
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -12226,7 +12226,8 @@ type Vulnerability {
   project: Project
 
   """
-  Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)
+  Type of the security report that found the vulnerability (SAST,
+  DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION)
   """
   reportType: VulnerabilityReportType
 
@@ -12444,6 +12445,7 @@ enum VulnerabilityReportType {
   DAST
   DEPENDENCY_SCANNING
   SAST
+  SECRET_DETECTION
 }
 
 """
diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json
index 6453a5e701c..0aa6df23262 100644
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -36124,7 +36124,7 @@
             },
             {
               "name": "reportType",
-              "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)",
+              "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION)",
               "args": [
 
               ],
@@ -36815,6 +36815,12 @@
               "description": null,
               "isDeprecated": false,
               "deprecationReason": null
+            },
+            {
+              "name": "SECRET_DETECTION",
+              "description": null,
+              "isDeprecated": false,
+              "deprecationReason": null
             }
           ],
           "possibleTypes": null
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index e52f5732309..1407868d252 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1835,7 +1835,7 @@ Represents a vulnerability.
 | `id` | ID! | GraphQL ID of the vulnerability |
 | `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |
 | `project` | Project | The project on which the vulnerability was found |
-| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST) |
+| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION) |
 | `severity` | VulnerabilitySeverity | Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) |
 | `state` | VulnerabilityState | State of the vulnerability (DETECTED, DISMISSED, RESOLVED, CONFIRMED) |
 | `title` | String | Title of the vulnerability |
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 960b499cd8d..81eca8c6e90 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -2425,6 +2425,9 @@ msgstr ""
 msgid "Analyze your dependencies for known vulnerabilities."
 msgstr ""
 
+msgid "Analyze your source code and git history for secrets"
+msgstr ""
+
 msgid "Analyze your source code for known vulnerabilities."
 msgstr ""
 
@@ -19122,6 +19125,9 @@ msgstr ""
 msgid "Secret"
 msgstr ""
 
+msgid "Secret Detection"
+msgstr ""
+
 msgid "Security"
 msgstr ""
 
diff --git a/package.json b/package.json
index f10b7d0119b..c9f994bf69d 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
     "@gitlab/svgs": "1.131.0",
     "@gitlab/ui": "16.1.0",
     "@gitlab/visual-review-tools": "1.6.1",
-    "@rails/actioncable": "^6.0.3-1",
+    "@rails/actioncable": "^6.0.3",
     "@sentry/browser": "^5.10.2",
     "@sourcegraph/code-host-integration": "0.0.48",
     "@toast-ui/editor": "^2.0.1",
diff --git a/qa/Gemfile b/qa/Gemfile
index d5c682ef76f..6eb8733ab41 100644
--- a/qa/Gemfile
+++ b/qa/Gemfile
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 
 gem 'gitlab-qa'
-gem 'activesupport', '~> 6.0.3.1' # This should stay in sync with the root's Gemfile
+gem 'activesupport', '~> 6.0.3' # This should stay in sync with the root's Gemfile
 gem 'capybara', '~> 3.29.0'
 gem 'capybara-screenshot', '~> 1.0.23'
 gem 'rake', '~> 12.3.0'
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 23324fccdec..9aeba236c96 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.0.3.1)
+    activesupport (6.0.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -54,7 +54,7 @@ GEM
     mime-types-data (3.2020.0425)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.14.1)
+    minitest (5.14.0)
     netrc (0.11.0)
     nokogiri (1.10.9)
       mini_portile2 (~> 2.4.0)
@@ -116,7 +116,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  activesupport (~> 6.0.3.1)
+  activesupport (~> 6.0.3)
   airborne (~> 0.3.4)
   capybara (~> 3.29.0)
   capybara-screenshot (~> 1.0.23)
diff --git a/spec/factories/ci/builds.rb b/spec/factories/ci/builds.rb
index 26786aab12c..5fee23f1365 100644
--- a/spec/factories/ci/builds.rb
+++ b/spec/factories/ci/builds.rb
@@ -400,6 +400,14 @@ FactoryBot.define do
       end
     end
 
+    trait :secret_detection do
+      options do
+        {
+            artifacts: { reports: { secret_detection: 'gl-secret-detection-report.json' } }
+        }
+      end
+    end
+
     trait :dependency_scanning do
       options do
         {
diff --git a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb
index f6f80b55d93..ae819f93ee7 100644
--- a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb
+++ b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb
@@ -137,5 +137,18 @@ describe 'getting Alert Management Alerts' do
         end
       end
     end
+
+    context 'with alert_assignee flag disabled' do
+      before do
+        stub_feature_flags(alert_assignee: false)
+        project.add_developer(current_user)
+
+        post_graphql(query, current_user: current_user)
+      end
+
+      it 'excludes assignees' do
+        expect(alerts.first['assignees']).to be_empty
+      end
+    end
   end
 end
diff --git a/spec/services/ci/retry_build_service_spec.rb b/spec/services/ci/retry_build_service_spec.rb
index 64e3cda7c91..bc24de9e1d3 100644
--- a/spec/services/ci/retry_build_service_spec.rb
+++ b/spec/services/ci/retry_build_service_spec.rb
@@ -30,7 +30,7 @@ describe Ci::RetryBuildService do
        created_at updated_at started_at finished_at queued_at erased_by
        erased_at auto_canceled_by job_artifacts job_artifacts_archive
        job_artifacts_metadata job_artifacts_trace job_artifacts_junit
-       job_artifacts_sast job_artifacts_dependency_scanning
+       job_artifacts_sast job_artifacts_secret_detection job_artifacts_dependency_scanning
        job_artifacts_container_scanning job_artifacts_dast
        job_artifacts_license_management job_artifacts_license_scanning
        job_artifacts_performance job_artifacts_lsif
diff --git a/yarn.lock b/yarn.lock
index eba796a4881..a5992d1fa55 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -983,10 +983,10 @@
     consola "^2.10.1"
     node-fetch "^2.6.0"
 
-"@rails/actioncable@^6.0.3-1":
-  version "6.0.3-1"
-  resolved "https://registry.yarnpkg.com/@rails/actioncable/-/actioncable-6.0.3-1.tgz#9b9eb8858a6507162911007d355d9a206e1c5caa"
-  integrity sha512-szFhWD+V5TAxVNVIG16klgq+ypqA5k5AecLarTTrXgOG8cawVbQdOAwLbCmzkwiQ60rGSxAFoC1u2LrzxSK2Aw==
+"@rails/actioncable@^6.0.3":
+  version "6.0.3"
+  resolved "https://registry.yarnpkg.com/@rails/actioncable/-/actioncable-6.0.3.tgz#722b4b639936129307ddbab3a390f6bcacf3e7bc"
+  integrity sha512-I01hgqxxnOgOtJTGlq0ZsGJYiTEEiSGVEGQn3vimZSqEP1HqzyFNbzGTq14Xdyeow2yGJjygjoFF1pmtE+SQaw==
 
 "@sentry/browser@^5.10.2":
   version "5.10.2"
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-30 03:08:33 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-30 03:08:33 +0300
commit	5281a205544b4e6e57f5b3cb8f20a5da4710cdc5 (patch)
tree	d61c05f01c524912c1f20fa7d70b751317be8dca
parent	d8b32df644a632b143d6b9967311301a2fc83a6b (diff)