Add latest changes from gitlab-org/gitlab@master

11 files changed, 41 insertions, 27 deletions

diff --git a/app/controllers/acme_challenges_controller.rb b/app/controllers/acme_challenges_controller.rb
index 4a7706db94e..a187e43b3df 100644
--- a/app/controllers/acme_challenges_controller.rb
+++ b/app/controllers/acme_challenges_controller.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-# rubocop:disable Rails/ApplicationController
-class AcmeChallengesController < ActionController::Base
+class AcmeChallengesController < BaseActionController
   def show
     if acme_order
       render plain: acme_order.challenge_file_content, content_type: 'text/plain'
@@ -16,4 +15,3 @@ class AcmeChallengesController < ActionController::Base
     @acme_order ||= PagesDomainAcmeOrder.find_by_domain_and_token(params[:domain], params[:token])
   end
 end
-# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7c69f43fa3d..bfd3388da1b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,7 +3,7 @@
 require 'gon'
 require 'fogbugz'
 
-class ApplicationController < ActionController::Base
+class ApplicationController < BaseActionController
   include Gitlab::GonHelper
   include Gitlab::NoCacheHeaders
   include GitlabRoutingHelper
diff --git a/app/controllers/base_action_controller.rb b/app/controllers/base_action_controller.rb
new file mode 100644
index 00000000000..af2c9e98778
--- /dev/null
+++ b/app/controllers/base_action_controller.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# GitLab lightweight base action controller
+#
+# This class should be limited to content that
+# is desired/required for *all* controllers in
+# GitLab.
+#
+# Most controllers inherit from `ApplicationController`.
+# Some controllers don't want or need all of that
+# logic and instead inherit from `ActionController::Base`.
+# This makes it difficult to set security headers and
+# handle other critical logic across *all* controllers.
+#
+# Between this controller and `ApplicationController`
+# no controller should ever inherit directly from
+# `ActionController::Base`
+#
+# rubocop:disable Rails/ApplicationController
+# rubocop:disable Gitlab/NamespacedClass
+class BaseActionController < ActionController::Base
+  before_action :security_headers
+
+  private
+
+  def security_headers
+    headers['Cross-Origin-Opener-Policy'] = 'same-origin' if ::Feature.enabled?(:coop_header)
+  end
+end
+# rubocop:enable Gitlab/NamespacedClass
+# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/chaos_controller.rb b/app/controllers/chaos_controller.rb
index 7328b793b09..b61a8c5ff12 100644
--- a/app/controllers/chaos_controller.rb
+++ b/app/controllers/chaos_controller.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-# rubocop:disable Rails/ApplicationController
-class ChaosController < ActionController::Base
+class ChaosController < BaseActionController
   before_action :validate_chaos_secret, unless: :development_or_test?
 
   def leakmem
@@ -95,4 +94,3 @@ class ChaosController < ActionController::Base
     Rails.env.development? || Rails.env.test?
   end
 end
-# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb
index 1381999ab4c..2b2db2f950c 100644
--- a/app/controllers/health_controller.rb
+++ b/app/controllers/health_controller.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-# rubocop:disable Rails/ApplicationController
-class HealthController < ActionController::Base
+class HealthController < BaseActionController
   protect_from_forgery with: :exception, prepend: true
   include RequiresAllowlistedMonitoringClient
 
@@ -40,4 +39,3 @@ class HealthController < ActionController::Base
     render json: result.json, status: result.http_status
   end
 end
-# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/metrics_controller.rb b/app/controllers/metrics_controller.rb
index 9f41c092fa0..61851fd1c60 100644
--- a/app/controllers/metrics_controller.rb
+++ b/app/controllers/metrics_controller.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-# rubocop:disable Rails/ApplicationController
-class MetricsController < ActionController::Base
+class MetricsController < BaseActionController
   include RequiresAllowlistedMonitoringClient
 
   protect_from_forgery with: :exception, prepend: true
@@ -36,4 +35,3 @@ class MetricsController < ActionController::Base
     )
   end
 end
-# rubocop:enable Rails/ApplicationController
diff --git a/app/helpers/diff_helper.rb b/app/helpers/diff_helper.rb
index 9a78d4d9ad5..47a0d010424 100644
--- a/app/helpers/diff_helper.rb
+++ b/app/helpers/diff_helper.rb
@@ -270,11 +270,6 @@ module DiffHelper
     toggle_whitespace_link(url, options)
   end
 
-  def diff_merge_request_whitespace_link(project, merge_request, options)
-    url = diffs_project_merge_request_path(project, merge_request, params_with_whitespace)
-    toggle_whitespace_link(url, options)
-  end
-
   def diff_compare_whitespace_link(project, from, to, options)
     url = project_compare_path(project, from, to, params_with_whitespace)
     toggle_whitespace_link(url, options)
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index e45b38f2266..11a964128bc 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -252,8 +252,6 @@ module ProjectsHelper
   end
 
   def show_mobile_devops_project_promo?(project)
-    return false unless ::Feature.enabled?(:mobile_devops_projects_promo, project)
-
     return false unless (project.project_setting.target_platforms & ::ProjectSetting::ALLOWED_TARGET_PLATFORMS).any?
 
     cookies["hide_mobile_devops_promo_#{project.id}".to_sym].blank?
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 8ddb2ead37e..8f12c4e6dad 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -16,12 +16,6 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
   ignore_columns %i[instance_administration_project_id instance_administrators_group_id], remove_with: '16.2', remove_after: '2023-06-22'
   ignore_column :database_apdex_settings, remove_with: '16.4', remove_after: '2023-08-22'
 
-  ignore_columns %i[
-    dashboard_notification_limit
-    dashboard_enforcement_limit
-    dashboard_limit_new_namespace_creation_enforcement_date
-  ], remove_with: '16.5', remove_after: '2023-08-22'
-
   ignore_column %i[
     relay_state_domain_allowlist
     in_product_marketing_emails_enabled
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index b82757153b8..5aed1f4f5fb 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -18,6 +18,9 @@ class Namespace < ApplicationRecord
   include Ci::NamespaceSettings
   include Referable
   include CrossDatabaseIgnoredTables
+  include IgnorableColumns
+
+  ignore_column :unlock_membership_to_ldap, remove_with: '16.7', remove_after: '2023-11-16'
 
   cross_database_ignore_tables %w[routes redirect_routes], url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/424277'
 
diff --git a/app/services/update_container_registry_info_service.rb b/app/services/update_container_registry_info_service.rb
index 7d79b257687..de90e7c71ad 100644
--- a/app/services/update_container_registry_info_service.rb
+++ b/app/services/update_container_registry_info_service.rb
@@ -24,7 +24,8 @@ class UpdateContainerRegistryInfoService
     Gitlab::CurrentSettings.update!(
       container_registry_vendor: info[:vendor] || '',
       container_registry_version: info[:version] || '',
-      container_registry_features: info[:features] || []
+      container_registry_features: info[:features] || [],
+      container_registry_db_enabled: info[:db_enabled] || false
     )
   end
 end