Add latest changes from gitlab-org/gitlab@master

10 files changed, 107 insertions, 19 deletions

diff --git a/Gemfile b/Gemfile
index 23a513a3fe0..b37923973ea 100644
--- a/Gemfile
+++ b/Gemfile
@@ -481,7 +481,7 @@ gem 'ssh_data', '~> 1.2'
 gem 'spamcheck', '~> 0.1.0'
 
 # Gitaly GRPC protocol definitions
-gem 'gitaly', '~> 14.9.0.pre.rc3'
+gem 'gitaly', '~> 14.9.0.pre.rc4'
 
 # KAS GRPC protocol definitions
 gem 'kas-grpc', '~> 0.0.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index f17b8dcc43d..a8a01945085 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -455,7 +455,7 @@ GEM
       rails (>= 3.2.0)
     git (1.7.0)
       rchardet (~> 1.8)
-    gitaly (14.9.0.pre.rc3)
+    gitaly (14.9.0.pre.rc4)
       grpc (~> 1.0)
     github-markup (1.7.0)
     gitlab (4.16.1)
@@ -1491,7 +1491,7 @@ DEPENDENCIES
   gettext (~> 3.3)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly (~> 14.9.0.pre.rc3)
+  gitaly (~> 14.9.0.pre.rc4)
   github-markup (~> 1.7.0)
   gitlab-chronic (~> 0.10.5)
   gitlab-dangerfiles (~> 2.10.2)
diff --git a/doc/development/documentation/testing.md b/doc/development/documentation/testing.md
index 34fe305c66c..a8745b974b9 100644
--- a/doc/development/documentation/testing.md
+++ b/doc/development/documentation/testing.md
@@ -213,19 +213,19 @@ You can use Vale:
 
 #### Vale result types
 
-Vale returns three types of results: `suggestion`, `warning`, and `error`:
-
-- **Suggestion**-level results are writing tips and aren't displayed in CI
-  job output. Suggestions don't break CI. See a list of
-  [suggestion-level rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Suggestion%3A&group_id=9970&project_id=278964).
-- **Warning**-level results are [Style Guide](styleguide/index.md) violations, aren't displayed in CI
-  job output, and should contain clear explanations of how to resolve the warning.
-  Warnings may be technical debt, or can be future error-level test items
-  (after the Technical Writing team completes its cleanup). Warnings don't break CI. See a list of
-  [warning-level rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Warning%3A&group_id=9970&project_id=278964).
-- **Error**-level results are Style Guide violations, and should contain clear explanations
-  of how to resolve the error. Errors break CI and are displayed in CI job output. See a list of
-  [error-level rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Error%3A&group_id=9970&project_id=278964).
+Vale returns three types of results:
+
+- **Error** - For branding and trademark issues, and words or phrases with ambiguous meanings.
+- **Warning** - For Technical Writing team style preferences.
+- **Suggestion** - For basic technical writing tenets and best practices.
+
+The result types have these attributes:
+
+| Result type  | Displayed in CI/CD job output | Causes CI/CD jobs to fail | Vale rule link |
+|--------------|-------------------------------|---------------------------|----------------|
+| `error`      | **{check-circle}** Yes        | **{check-circle}** Yes    | [Error-level Vale rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Error%3A&group_id=9970&project_id=278964) |
+| `warning`    | **{dotted-circle}** No        | **{dotted-circle}** No    | [Warning-level Vale rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Warning%3A&group_id=9970&project_id=278964) |
+| `suggestion` | **{dotted-circle}** No        | **{dotted-circle}** No    | [Suggestion-level Vale rules](https://gitlab.com/search?utf8=✓&snippets=false&scope=&repository_ref=master&search=path%3Adoc%2F.vale%2Fgitlab+Suggestion%3A&group_id=9970&project_id=278964) |
 
 #### Vale spelling test
 
diff --git a/doc/user/application_security/iac_scanning/index.md b/doc/user/application_security/iac_scanning/index.md
index 49dbdc61b5a..884dc24e20f 100644
--- a/doc/user/application_security/iac_scanning/index.md
+++ b/doc/user/application_security/iac_scanning/index.md
@@ -22,7 +22,7 @@ To run IaC scanning jobs, by default, you need GitLab Runner with the
 If you're using the shared runners on GitLab.com, this is enabled by default.
 
 WARNING:
-Our IaC scanning jobs require a Linux container type. Windows containers are not yet supported.
+Our IaC scanning jobs require a Linux/amd64 container type. Windows containers are not yet supported.
 
 WARNING:
 If you use your own runners, make sure the Docker version installed
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index a5b6628c211..582497eb465 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -42,7 +42,7 @@ To run Secret Detection jobs, by default, you need GitLab Runner with the
 If you're using the shared runners on GitLab.com, this is enabled by default.
 
 WARNING:
-Our Secret Detection jobs expect a Linux container type. Windows containers are not supported.
+Our Secret Detection jobs expect a Linux/amd64 container type. Windows containers are not supported.
 
 WARNING:
 If you use your own runners, make sure the Docker version installed
diff --git a/lib/gitlab/gitaly_client/operation_service.rb b/lib/gitlab/gitaly_client/operation_service.rb
index c2969af1352..4637bf2e3ff 100644
--- a/lib/gitlab/gitaly_client/operation_service.rb
+++ b/lib/gitlab/gitaly_client/operation_service.rb
@@ -263,6 +263,19 @@ module Gitlab
         perform_next_gitaly_rebase_request(response_enum)
 
         rebase_sha
+      rescue GRPC::BadStatus => e
+        detailed_error = decode_detailed_error(e)
+
+        case detailed_error&.error
+        when :access_check
+          access_check_error = detailed_error.access_check
+          # These messages were returned from internal/allowed API calls
+          raise Gitlab::Git::PreReceiveError.new(fallback_message: access_check_error.error_message)
+        when :rebase_conflict
+          raise Gitlab::Git::Repository::GitError, e.details
+        else
+          raise e
+        end
       ensure
         request_enum.close
       end
diff --git a/lib/gitlab/quick_actions/merge_request_actions.rb b/lib/gitlab/quick_actions/merge_request_actions.rb
index f7c0f63b60e..e6a73c71e85 100644
--- a/lib/gitlab/quick_actions/merge_request_actions.rb
+++ b/lib/gitlab/quick_actions/merge_request_actions.rb
@@ -25,6 +25,8 @@ module Gitlab
         execution_message do
           if params[:merge_request_diff_head_sha].blank?
             _("Merge request diff sha parameter is required for the merge quick action.")
+          elsif params[:merge_request_diff_head_sha] != quick_action_target.diff_head_sha
+            _("Branch has been updated since the merge was requested.")
           elsif preferred_strategy = preferred_auto_merge_strategy(quick_action_target)
             _("Scheduled to merge this merge request (%{strategy}).") % { strategy: preferred_strategy.humanize }
           else
@@ -39,6 +41,8 @@ module Gitlab
         command :merge do
           next unless params[:merge_request_diff_head_sha].present?
 
+          next unless params[:merge_request_diff_head_sha] == quick_action_target.diff_head_sha
+
           @updates[:merge] = params[:merge_request_diff_head_sha]
         end
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index c1f6429f340..aaf1db2ab87 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -5999,6 +5999,9 @@ msgstr ""
 msgid "Branch changed"
 msgstr ""
 
+msgid "Branch has been updated since the merge was requested."
+msgstr ""
+
 msgid "Branch is already taken"
 msgstr ""
 
diff --git a/spec/lib/gitlab/gitaly_client/operation_service_spec.rb b/spec/lib/gitlab/gitaly_client/operation_service_spec.rb
index fe08f615ca7..0c04863f466 100644
--- a/spec/lib/gitlab/gitaly_client/operation_service_spec.rb
+++ b/spec/lib/gitlab/gitaly_client/operation_service_spec.rb
@@ -386,6 +386,73 @@ RSpec.describe Gitlab::GitalyClient::OperationService do
     it_behaves_like 'cherry pick and revert errors'
   end
 
+  describe '#rebase' do
+    let(:response) { Gitaly::UserRebaseConfirmableResponse.new }
+
+    subject do
+      client.rebase(
+        user,
+        '',
+        branch: 'master',
+        branch_sha: 'b83d6e391c22777fca1ed3012fce84f633d7fed0',
+        remote_repository: repository,
+        remote_branch: 'master'
+      )
+    end
+
+    shared_examples '#rebase with an error' do
+      it 'raises a GitError exception' do
+        expect_any_instance_of(Gitaly::OperationService::Stub)
+          .to receive(:user_rebase_confirmable)
+          .and_raise(raised_error)
+
+        expect { subject }.to raise_error(expected_error)
+      end
+    end
+
+    context 'when AccessError is raised' do
+      let(:raised_error) do
+        new_detailed_error(
+          GRPC::Core::StatusCodes::INTERNAL,
+          'something failed',
+          Gitaly::UserRebaseConfirmableError.new(
+            access_check: Gitaly::AccessCheckError.new(
+              error_message: 'something went wrong'
+            )))
+      end
+
+      let(:expected_error) { Gitlab::Git::PreReceiveError }
+
+      it_behaves_like '#rebase with an error'
+    end
+
+    context 'when RebaseConflictError is raised' do
+      let(:raised_error) do
+        new_detailed_error(
+          GRPC::Core::StatusCodes::INTERNAL,
+          'something failed',
+          Gitaly::UserSquashError.new(
+            rebase_conflict: Gitaly::MergeConflictError.new(
+              conflicting_files: ['conflicting-file']
+            )))
+      end
+
+      let(:expected_error) { Gitlab::Git::Repository::GitError }
+
+      it_behaves_like '#rebase with an error'
+    end
+
+    context 'when non-detailed gRPC error is raised' do
+      let(:raised_error) do
+        GRPC::Internal.new('non-detailed error')
+      end
+
+      let(:expected_error) { GRPC::Internal }
+
+      it_behaves_like '#rebase with an error'
+    end
+  end
+
   describe '#user_squash' do
     let(:start_sha) { 'b83d6e391c22777fca1ed3012fce84f633d7fed0' }
     let(:end_sha) { '54cec5282aa9f21856362fe321c800c236a61615' }
diff --git a/spec/services/quick_actions/interpret_service_spec.rb b/spec/services/quick_actions/interpret_service_spec.rb
index 8000c7efb2b..94e0e8a9ea1 100644
--- a/spec/services/quick_actions/interpret_service_spec.rb
+++ b/spec/services/quick_actions/interpret_service_spec.rb
@@ -759,6 +759,7 @@ RSpec.describe QuickActions::InterpretService do
 
     context 'merge command' do
       let(:service) { described_class.new(project, developer, { merge_request_diff_head_sha: merge_request.diff_head_sha }) }
+      let(:merge_request) { create(:merge_request, source_project: repository_project) }
 
       it_behaves_like 'merge immediately command' do
         let(:content) { '/merge' }
@@ -789,7 +790,7 @@ RSpec.describe QuickActions::InterpretService do
       context 'can not be merged when sha does not match' do
         let(:service) { described_class.new(project, developer, { merge_request_diff_head_sha: 'othersha' }) }
 
-        it_behaves_like 'failed command', 'Could not apply merge command.' do
+        it_behaves_like 'failed command', 'Branch has been updated since the merge was requested.' do
           let(:content) { "/merge" }
           let(:issuable) { merge_request }
         end