Add latest changes from gitlab-org/gitlab@master

17 files changed, 126 insertions, 19 deletions

diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 38f474160bc..21af2ef651e 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -287,7 +287,9 @@ gitlab:setup:
       - log/*.log
 
 db:backup_and_restore:
-  extends: .db-job-base
+  extends:
+    - .db-job-base
+    - .rails:rules:db-backup
   variables:
     SETUP_DB: "false"
     GITLAB_ASSUME_YES: "1"
@@ -298,16 +300,12 @@ db:backup_and_restore:
     - bundle exec rake gitlab:backup:create
     - date
     - bundle exec rake gitlab:backup:restore
-  rules:
-    - changes:
-        - "lib/backup/**/*"
-        - "lib/tasks/gitlab/backup.rake"
 
 db:backup_and_restore single-db:
   extends:
     - db:backup_and_restore
     - .single-db
-    - .rails:rules:single-db
+    - .rails:rules:db-backup
 
 rspec:deprecations:
   extends:
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index b9c1b1b1143..752e9ab54a7 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -350,6 +350,11 @@
   - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
 
+# DB backup patterns
+.db-backup-patterns: &db-backup-patterns
+  - "lib/backup/**/*"
+  - "lib/tasks/gitlab/backup.rake"
+
 .db-library-patterns: &db-library-patterns
   - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database/**/*"
   - "{,ee/,jh/}{,spec/}lib/{,ee/,jh/}gitlab/database{,_spec}.rb"
@@ -1167,6 +1172,16 @@
       changes: *db-patterns
     - <<: *if-default-branch-schedule-nightly
 
+.rails:rules:db-backup:
+  rules:
+    - <<: *if-merge-request-labels-run-all-rspec
+    - <<: *if-default-refs
+      changes: *db-backup-patterns
+    - <<: *if-merge-request-not-approved
+      when: never
+    - <<: *if-default-refs
+      changes: *db-patterns
+
 .rails:rules:praefect-with-db:
   rules:
     - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-praefect-with-db/'
@@ -1183,10 +1198,6 @@
     # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68840.
     - <<: *if-merge-request
       changes: *db-patterns
-    - <<: *if-automated-merge-request
-      changes: *db-patterns
-    - <<: *if-security-merge-request
-      changes: *db-patterns
     - <<: *if-merge-request-not-approved
       when: never
     - <<: *if-default-refs
diff --git a/app/mailers/devise_mailer.rb b/app/mailers/devise_mailer.rb
index 61a23520d54..7129e577cb8 100644
--- a/app/mailers/devise_mailer.rb
+++ b/app/mailers/devise_mailer.rb
@@ -17,6 +17,11 @@ class DeviseMailer < Devise::Mailer
     devise_mail(record, :user_admin_approval, opts)
   end
 
+  def reset_password_instructions(record, token, opts = {})
+    headers['X-Mailgun-Suppressions-Bypass'] = 'true'
+    super
+  end
+
   protected
 
   def subject_for(key)
diff --git a/config/feature_flags/development/environment_search_api_min_chars.yml b/config/feature_flags/development/environment_search_api_min_chars.yml
new file mode 100644
index 00000000000..2d719a41cd0
--- /dev/null
+++ b/config/feature_flags/development/environment_search_api_min_chars.yml
@@ -0,0 +1,8 @@
+---
+name: environment_search_api_min_chars
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108277
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387244
+milestone: '15.8'
+type: development
+group: group::release
+default_enabled: false
diff --git a/db/post_migrate/20230104220137_reindex_vuln_reads_on_default_branch_with_common_query.rb b/db/post_migrate/20230104220137_reindex_vuln_reads_on_default_branch_with_common_query.rb
new file mode 100644
index 00000000000..114a1a84fa0
--- /dev/null
+++ b/db/post_migrate/20230104220137_reindex_vuln_reads_on_default_branch_with_common_query.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class ReindexVulnReadsOnDefaultBranchWithCommonQuery < Gitlab::Database::Migration[2.1]
+  INDEX_NAME = 'index_vuln_reads_common_query_on_resolved_on_default_branch'
+
+  COLUMNS = %i[project_id state report_type vulnerability_id]
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index(
+      :vulnerability_reads,
+      COLUMNS,
+      name: INDEX_NAME,
+      where: 'resolved_on_default_branch IS TRUE',
+      order: { vulnerability_id: :desc }
+    )
+  end
+
+  def down
+    remove_concurrent_index_by_name(
+      :vulnerability_reads,
+      INDEX_NAME
+    )
+  end
+end
diff --git a/db/post_migrate/20230104224020_drop_vuln_reads_on_default_branch_index.rb b/db/post_migrate/20230104224020_drop_vuln_reads_on_default_branch_index.rb
new file mode 100644
index 00000000000..acac69478a3
--- /dev/null
+++ b/db/post_migrate/20230104224020_drop_vuln_reads_on_default_branch_index.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class DropVulnReadsOnDefaultBranchIndex < Gitlab::Database::Migration[2.1]
+  INDEX_NAME = 'index_vuln_reads_on_resolved_on_default_branch'
+
+  COLUMNS = %i[project_id state id]
+
+  disable_ddl_transaction!
+
+  def up
+    remove_concurrent_index_by_name :vulnerability_reads, name: INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index :vulnerability_reads, COLUMNS,
+                         where: 'resolved_on_default_branch IS TRUE',
+                         name: INDEX_NAME
+  end
+end
diff --git a/db/schema_migrations/20230104220137 b/db/schema_migrations/20230104220137
new file mode 100644
index 00000000000..cc31da81328
--- /dev/null
+++ b/db/schema_migrations/20230104220137
@@ -0,0 +1 @@
+49d5ccd1521885a759d3ca6da59479aad17a90640b157cfe6bd6a22328ec30d9
\ No newline at end of file
diff --git a/db/schema_migrations/20230104224020 b/db/schema_migrations/20230104224020
new file mode 100644
index 00000000000..ca4f1ac5552
--- /dev/null
+++ b/db/schema_migrations/20230104224020
@@ -0,0 +1 @@
+8fe5279720306a5f91f973d1ee7c62838b60ab5cb11162237d50fbc32c7567bd
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index dc35073aa6c..b3156665fbf 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -31455,14 +31455,14 @@ COMMENT ON INDEX index_verification_codes_on_phone_and_visitor_id_code IS 'JiHu-
 
 CREATE UNIQUE INDEX index_vuln_historical_statistics_on_project_id_and_date ON vulnerability_historical_statistics USING btree (project_id, date);
 
+CREATE INDEX index_vuln_reads_common_query_on_resolved_on_default_branch ON vulnerability_reads USING btree (project_id, state, report_type, vulnerability_id DESC) WHERE (resolved_on_default_branch IS TRUE);
+
 CREATE INDEX index_vuln_reads_on_casted_cluster_agent_id_where_it_is_null ON vulnerability_reads USING btree (casted_cluster_agent_id) WHERE (casted_cluster_agent_id IS NOT NULL);
 
 CREATE INDEX index_vuln_reads_on_namespace_id_state_severity_and_vuln_id ON vulnerability_reads USING btree (namespace_id, state, severity, vulnerability_id DESC);
 
 CREATE INDEX index_vuln_reads_on_project_id_state_severity_and_vuln_id ON vulnerability_reads USING btree (project_id, state, severity, vulnerability_id DESC);
 
-CREATE INDEX index_vuln_reads_on_resolved_on_default_branch ON vulnerability_reads USING btree (project_id, state, id) WHERE (resolved_on_default_branch IS TRUE);
-
 CREATE INDEX index_vulnerabilities_common_finder_query_on_default_branch ON vulnerabilities USING btree (project_id, state, report_type, present_on_default_branch, severity, id);
 
 CREATE INDEX index_vulnerabilities_on_author_id ON vulnerabilities USING btree (author_id);
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 8c2f10cd9ab..910fab1c239 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -11144,7 +11144,7 @@ Statistics for a group of CI jobs.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
-| <a id="cijobsstatisticsqueuedduration"></a>`queuedDuration` **{warning-solid}** | [`CiJobsDurationStatistics`](#cijobsdurationstatistics) | **Introduced** in 15.8. This feature is in Alpha. It can be changed or removed at any time. Statistics for amount of time that jobs were waiting to be picked up. |
+| <a id="cijobsstatisticsqueuedduration"></a>`queuedDuration` **{warning-solid}** | [`CiJobsDurationStatistics`](#cijobsdurationstatistics) | **Introduced** in 15.8. This feature is in Alpha. It can be changed or removed at any time. Statistics for amount of time that jobs were waiting to be picked up. The calculation is performed based on the most recent 100 jobs executed by all the runners in context. |
 
 ### `CiManualVariable`
 
diff --git a/doc/user/packages/package_registry/reduce_package_registry_storage.md b/doc/user/packages/package_registry/reduce_package_registry_storage.md
index 1085cf5c239..673196ebad5 100644
--- a/doc/user/packages/package_registry/reduce_package_registry_storage.md
+++ b/doc/user/packages/package_registry/reduce_package_registry_storage.md
@@ -75,6 +75,8 @@ To access these project settings, you must be at least a maintainer on the relat
   to upload more than one copy of an asset. You can limit the number of duplicated assets to keep and automatically
   delete the oldest assets once the limit is reached. Unique filenames, such as those produced by Maven snapshots, are not considered when evaluating the number of duplicated assets to keep.
 
+  `Number of duplicated assets to keep` has a [fixed cadence of 12 hours](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/packages/cleanup/policy.rb).
+
 ### Set cleanup limits to conserve resources
 
 A background process executes the package-cleanup policies. This process can take a long time to finish and consumes
diff --git a/lib/api/environments.rb b/lib/api/environments.rb
index 01d46ee7bfb..cc3e41e343f 100644
--- a/lib/api/environments.rb
+++ b/lib/api/environments.rb
@@ -12,6 +12,8 @@ module API
     feature_category :continuous_delivery
     urgency :low
 
+    MIN_SEARCH_LENGTH = 3
+
     params do
       requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project owned by the authenticated user'
     end
@@ -29,7 +31,7 @@ module API
       params do
         use :pagination
         optional :name, type: String, desc: 'Return the environment with this name. Mutually exclusive with search'
-        optional :search, type: String, desc: 'Return list of environments matching the search criteria. Mutually exclusive with name'
+        optional :search, type: String, desc: "Return list of environments matching the search criteria. Mutually exclusive with name. Must be at least #{MIN_SEARCH_LENGTH} characters."
         optional :states,
           type: String,
           values: Environment.valid_states.map(&:to_s),
@@ -39,6 +41,10 @@ module API
       get ':id/environments' do
         authorize! :read_environment, user_project
 
+        if Feature.enabled?(:environment_search_api_min_chars, user_project) && params[:search].present? && params[:search].length < MIN_SEARCH_LENGTH
+          bad_request!("Search query is less than #{MIN_SEARCH_LENGTH} characters")
+        end
+
         environments = ::Environments::EnvironmentsFinder.new(user_project, current_user, declared_params(include_missing: false)).execute
 
         present paginate(environments), with: Entities::Environment, current_user: current_user
diff --git a/spec/mailers/devise_mailer_spec.rb b/spec/mailers/devise_mailer_spec.rb
index 360eb827927..1b99bf33033 100644
--- a/spec/mailers/devise_mailer_spec.rb
+++ b/spec/mailers/devise_mailer_spec.rb
@@ -125,6 +125,10 @@ RSpec.describe DeviseMailer do
     it 'includes a link to reset the password' do
       is_expected.to have_link("Reset password", href: "#{Gitlab.config.gitlab.url}/users/password/edit?reset_password_token=faketoken")
     end
+
+    it 'has the mailgun suppression bypass header' do
+      is_expected.to have_header 'X-Mailgun-Suppressions-Bypass', 'true'
+    end
   end
 
   describe '#email_changed' do
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 4b51c9e2013..e8adb406a73 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -372,7 +372,7 @@ RSpec.describe Project, factory_default: :keep do
       end
 
       it 'is equivalent to #project_members' do
-        expect(project.namespace_members).to eq project.project_members
+        expect(project.namespace_members).to match_array(project.project_members)
       end
 
       it_behaves_like 'query without source filters' do
diff --git a/spec/requests/api/environments_spec.rb b/spec/requests/api/environments_spec.rb
index d06e70a1a02..049c4500207 100644
--- a/spec/requests/api/environments_spec.rb
+++ b/spec/requests/api/environments_spec.rb
@@ -69,6 +69,34 @@ RSpec.describe API::Environments, feature_category: :continuous_delivery do
           expect(json_response.size).to eq(0)
         end
 
+        context "when params[:search] is less than #{described_class::MIN_SEARCH_LENGTH} characters" do
+          before do
+            stub_feature_flags(environment_search_api_min_chars: false)
+          end
+
+          it 'returns a normal response' do
+            get api("/projects/#{project.id}/environments?search=ab", user)
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(response).to include_pagination_headers
+            expect(json_response).to be_an Array
+            expect(json_response.size).to eq(0)
+          end
+
+          context 'and environment_search_api_min_chars flag is enabled for the project' do
+            before do
+              stub_feature_flags(environment_search_api_min_chars: project)
+            end
+
+            it 'returns with status 400' do
+              get api("/projects/#{project.id}/environments?search=ab", user)
+
+              expect(response).to have_gitlab_http_status(:bad_request)
+              expect(json_response['message']).to include("Search query is less than #{described_class::MIN_SEARCH_LENGTH} characters")
+            end
+          end
+        end
+
         it 'returns environment by valid state' do
           get api("/projects/#{project.id}/environments?states=available", user)
 
diff --git a/spec/support/helpers/login_helpers.rb b/spec/support/helpers/login_helpers.rb
index 44237b821c3..5fde80e6dc9 100644
--- a/spec/support/helpers/login_helpers.rb
+++ b/spec/support/helpers/login_helpers.rb
@@ -101,6 +101,8 @@ module LoginHelpers
     fill_in "user_password", with: (password || user.password)
     check 'user_remember_me' if remember
 
+    wait_for_all_requests
+
     find('[data-testid="sign-in-button"]:enabled').click
 
     if two_factor_auth
diff --git a/spec/views/registrations/welcome/show.html.haml_spec.rb b/spec/views/registrations/welcome/show.html.haml_spec.rb
index 99d87ac449b..372dbf01a64 100644
--- a/spec/views/registrations/welcome/show.html.haml_spec.rb
+++ b/spec/views/registrations/welcome/show.html.haml_spec.rb
@@ -7,10 +7,6 @@ RSpec.describe 'registrations/welcome/show' do
 
   before do
     allow(view).to receive(:current_user).and_return(user)
-    allow(view).to receive(:in_subscription_flow?).and_return(false)
-    allow(view).to receive(:in_trial_flow?).and_return(false)
-    allow(view).to receive(:user_has_memberships?).and_return(false)
-    allow(view).to receive(:in_oauth_flow?).and_return(false)
     allow(view).to receive(:glm_tracking_params).and_return({})
 
     render