Add latest changes from gitlab-org/gitlab@master

13 files changed, 97 insertions, 113 deletions

diff --git a/app/assets/javascripts/diffs/index.js b/app/assets/javascripts/diffs/index.js
index d4ed48965aa..034dd4cf6d2 100644
--- a/app/assets/javascripts/diffs/index.js
+++ b/app/assets/javascripts/diffs/index.js
@@ -36,8 +36,7 @@ export default function initDiffsApp(store = notesStore) {
         iid: dataset.iid || '',
         endpointCoverage: dataset.endpointCoverage || '',
         endpointCodequality: dataset.endpointCodequality || '',
-        // This is a workaround which will be solved in: https://gitlab.com/gitlab-org/gitlab/-/issues/428758
-        sastReportAvailable: Boolean(dataset.endpointSast),
+        sastReportAvailable: dataset.endpointSast,
         helpPagePath: dataset.helpPagePath,
         currentUser: JSON.parse(dataset.currentUserData) || {},
         changesEmptyStateIllustration: dataset.changesEmptyStateIllustration,
diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index 9a1faf27143..bd6228175d1 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -657,7 +657,6 @@ $discord: #5865f2;
 $linkedin: #2867b2;
 $mastodon: #6364ff;
 $skype: #0078d7;
-$twitter: #1d9bf0;
 
 /*
  *  Award emoji
diff --git a/app/assets/stylesheets/page_bundles/profile.scss b/app/assets/stylesheets/page_bundles/profile.scss
index 6b31c667832..2c08db048fd 100644
--- a/app/assets/stylesheets/page_bundles/profile.scss
+++ b/app/assets/stylesheets/page_bundles/profile.scss
@@ -235,7 +235,7 @@
 }
 
 .twitter-icon {
-  color: $twitter;
+  color: var(--gl-text-color, $gl-text-color);
 }
 
 .discord-icon {
diff --git a/app/controllers/acme_challenges_controller.rb b/app/controllers/acme_challenges_controller.rb
index a187e43b3df..4a7706db94e 100644
--- a/app/controllers/acme_challenges_controller.rb
+++ b/app/controllers/acme_challenges_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-class AcmeChallengesController < BaseActionController
+# rubocop:disable Rails/ApplicationController
+class AcmeChallengesController < ActionController::Base
   def show
     if acme_order
       render plain: acme_order.challenge_file_content, content_type: 'text/plain'
@@ -15,3 +16,4 @@ class AcmeChallengesController < BaseActionController
     @acme_order ||= PagesDomainAcmeOrder.find_by_domain_and_token(params[:domain], params[:token])
   end
 end
+# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f60da46826a..6739fc57a1f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,7 +3,7 @@
 require 'gon'
 require 'fogbugz'
 
-class ApplicationController < BaseActionController
+class ApplicationController < ActionController::Base
   include Gitlab::GonHelper
   include Gitlab::NoCacheHeaders
   include GitlabRoutingHelper
diff --git a/app/controllers/base_action_controller.rb b/app/controllers/base_action_controller.rb
deleted file mode 100644
index af2c9e98778..00000000000
--- a/app/controllers/base_action_controller.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-# GitLab lightweight base action controller
-#
-# This class should be limited to content that
-# is desired/required for *all* controllers in
-# GitLab.
-#
-# Most controllers inherit from `ApplicationController`.
-# Some controllers don't want or need all of that
-# logic and instead inherit from `ActionController::Base`.
-# This makes it difficult to set security headers and
-# handle other critical logic across *all* controllers.
-#
-# Between this controller and `ApplicationController`
-# no controller should ever inherit directly from
-# `ActionController::Base`
-#
-# rubocop:disable Rails/ApplicationController
-# rubocop:disable Gitlab/NamespacedClass
-class BaseActionController < ActionController::Base
-  before_action :security_headers
-
-  private
-
-  def security_headers
-    headers['Cross-Origin-Opener-Policy'] = 'same-origin' if ::Feature.enabled?(:coop_header)
-  end
-end
-# rubocop:enable Gitlab/NamespacedClass
-# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/chaos_controller.rb b/app/controllers/chaos_controller.rb
index b61a8c5ff12..7328b793b09 100644
--- a/app/controllers/chaos_controller.rb
+++ b/app/controllers/chaos_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-class ChaosController < BaseActionController
+# rubocop:disable Rails/ApplicationController
+class ChaosController < ActionController::Base
   before_action :validate_chaos_secret, unless: :development_or_test?
 
   def leakmem
@@ -94,3 +95,4 @@ class ChaosController < BaseActionController
     Rails.env.development? || Rails.env.test?
   end
 end
+# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb
index 2b2db2f950c..1381999ab4c 100644
--- a/app/controllers/health_controller.rb
+++ b/app/controllers/health_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-class HealthController < BaseActionController
+# rubocop:disable Rails/ApplicationController
+class HealthController < ActionController::Base
   protect_from_forgery with: :exception, prepend: true
   include RequiresAllowlistedMonitoringClient
 
@@ -39,3 +40,4 @@ class HealthController < BaseActionController
     render json: result.json, status: result.http_status
   end
 end
+# rubocop:enable Rails/ApplicationController
diff --git a/app/controllers/metrics_controller.rb b/app/controllers/metrics_controller.rb
index 61851fd1c60..9f41c092fa0 100644
--- a/app/controllers/metrics_controller.rb
+++ b/app/controllers/metrics_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-class MetricsController < BaseActionController
+# rubocop:disable Rails/ApplicationController
+class MetricsController < ActionController::Base
   include RequiresAllowlistedMonitoringClient
 
   protect_from_forgery with: :exception, prepend: true
@@ -35,3 +36,4 @@ class MetricsController < BaseActionController
     )
   end
 end
+# rubocop:enable Rails/ApplicationController
diff --git a/app/views/devise/shared/_sign_in_link.html.haml b/app/views/devise/shared/_sign_in_link.html.haml
index a1d10898c5b..a9f24e42d0b 100644
--- a/app/views/devise/shared/_sign_in_link.html.haml
+++ b/app/views/devise/shared/_sign_in_link.html.haml
@@ -1,4 +1,4 @@
-%p.text-center
+%p{ class: local_assigns.fetch(:wrapper_class, 'gl-text-center') }
   %span.light
     = _('Already have an account?')
     - path_params = { redirect_to_referer: 'yes' }
diff --git a/app/views/devise/shared/_signup_box.html.haml b/app/views/devise/shared/_signup_box.html.haml
index bf1b604465b..fb60b8c08eb 100644
--- a/app/views/devise/shared/_signup_box.html.haml
+++ b/app/views/devise/shared/_signup_box.html.haml
@@ -1,77 +1,10 @@
-- max_first_name_length = max_last_name_length = 127
 - borderless ||= false
-- form_resource_name = "new_#{resource_name}"
 
 .gl-mb-3.gl-p-4{ class: (borderless ? '' : 'gl-border-gray-100 gl-border-1 gl-border-solid gl-rounded-base') }
   = yield :omniauth_providers_top if show_omniauth_providers
 
-  = gitlab_ui_form_for(resource, as: form_resource_name, url: url, html: { class: 'gl-show-field-errors js-arkose-labs-form', aria: { live: 'assertive' }}, data: { testid: 'signup-form' }) do |f|
-    .devise-errors
-      = render 'devise/shared/error_messages', resource: resource
-    - if Gitlab::CurrentSettings.invisible_captcha_enabled
-      = invisible_captcha nonce: true, autocomplete: SecureRandom.alphanumeric(12)
-    .name.form-row
-      .col.form-group
-        = f.label :first_name, _('First name'), for: 'new_user_first_name'
-        = f.text_field :first_name,
-          class: 'form-control gl-form-input top js-block-emoji js-validate-length',
-          data: { max_length: max_first_name_length,
-          max_length_message: s_('SignUp|First name is too long (maximum is %{max_length} characters).') % { max_length: max_first_name_length },
-          testid: 'new-user-first-name-field' },
-          required: true,
-          title: _('This field is required.')
-      .col.form-group
-        = f.label :last_name, _('Last name'), for: 'new_user_last_name'
-        = f.text_field :last_name,
-          class: 'form-control gl-form-input top js-block-emoji js-validate-length',
-          data: { max_length: max_last_name_length,
-          max_length_message: s_('SignUp|Last name is too long (maximum is %{max_length} characters).') % { max_length: max_last_name_length },
-          testid: 'new-user-last-name-field' },
-          required: true,
-          title: _('This field is required.')
-    .username.form-group
-      = f.label :username, _('Username')
-      = f.text_field :username,
-        class: 'form-control gl-form-input middle js-block-emoji js-validate-length js-validate-username',
-        data: signup_username_data_attributes,
-        pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
-        required: true,
-        title: _('Please create a username with only alphanumeric characters.')
-      %p.validation-error.gl-text-red-500.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Username is already taken.')
-      %p.validation-success.gl-text-green-600.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Username is available.')
-      %p.validation-pending.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Checking username availability...')
-    .form-group
-      = f.label :email, _('Email')
-      = f.email_field :email,
-        class: 'form-control gl-form-input middle js-validate-email',
-        data: { testid: 'new-user-email-field' },
-        required: true,
-        title: _('Please provide a valid email address.')
-      %p.validation-hint.gl-field-hint.text-secondary= _('We recommend a work email address.')
-      %p.validation-warning.gl-field-error-ignore.text-secondary.hide= _('This email address does not look right, are you sure you typed it correctly?')
-      -# This is used for providing entry to Jihu on email verification
-      = render_if_exists 'devise/shared/signup_email_additional_info'
-    .form-group.gl-mb-5
-      = f.label :password, _('Password')
-      %input.form-control.gl-form-input.js-password{ data: { id: "#{form_resource_name}_password",
-        title: s_('SignUp|Minimum length is %{minimum_password_length} characters.') % { minimum_password_length: @minimum_password_length },
-        minimum_password_length: @minimum_password_length,
-        testid: 'new-user-password-field',
-        autocomplete: 'new-password',
-        name: "#{form_resource_name}[password]" } }
-      %p.gl-field-hint-valid.text-secondary= s_('SignUp|Minimum length is %{minimum_password_length} characters.') % { minimum_password_length: @minimum_password_length }
-      = render_if_exists 'shared/password_requirements_list'
-    = render_if_exists 'devise/shared/phone_verification', form: f
+  = render 'devise/shared/signup_box_form',
+    button_text: button_text,
+    url: url,
+    show_omniauth_providers: omniauth_enabled? && button_based_providers_enabled?
 
-    .form-group
-      - if arkose_labs_enabled?
-        = render_if_exists 'devise/registrations/arkose_labs'
-      - elsif show_recaptcha_sign_up?
-        = recaptcha_tags nonce: content_security_policy_nonce
-
-    = render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, block: true, button_options: { data: { testid: 'new-user-register-button' }}) do
-      = button_text
-
-    = render 'devise/shared/terms_of_service_notice', button_text: button_text
-
-  = yield :omniauth_providers_bottom if show_omniauth_providers
diff --git a/app/views/devise/shared/_signup_box_form.html.haml b/app/views/devise/shared/_signup_box_form.html.haml
new file mode 100644
index 00000000000..246036b72e1
--- /dev/null
+++ b/app/views/devise/shared/_signup_box_form.html.haml
@@ -0,0 +1,73 @@
+- max_first_name_length = max_last_name_length = 127
+- form_resource_name = "new_#{resource_name}"
+
+= gitlab_ui_form_for(resource, as: form_resource_name, url: url, html: { class: 'gl-show-field-errors js-arkose-labs-form', aria: { live: 'assertive' }}, data: { testid: 'signup-form' }) do |f|
+  .devise-errors
+    = render 'devise/shared/error_messages', resource: resource
+  - if Gitlab::CurrentSettings.invisible_captcha_enabled
+    = invisible_captcha nonce: true, autocomplete: SecureRandom.alphanumeric(12)
+  .name.form-row
+    .col.form-group
+      = f.label :first_name, _('First name'), for: 'new_user_first_name'
+      = f.text_field :first_name,
+        class: 'form-control gl-form-input top js-block-emoji js-validate-length',
+        data: { max_length: max_first_name_length,
+        max_length_message: s_('SignUp|First name is too long (maximum is %{max_length} characters).') % { max_length: max_first_name_length },
+        testid: 'new-user-first-name-field' },
+        required: true,
+        title: _('This field is required.')
+    .col.form-group
+      = f.label :last_name, _('Last name'), for: 'new_user_last_name'
+      = f.text_field :last_name,
+        class: 'form-control gl-form-input top js-block-emoji js-validate-length',
+        data: { max_length: max_last_name_length,
+        max_length_message: s_('SignUp|Last name is too long (maximum is %{max_length} characters).') % { max_length: max_last_name_length },
+        testid: 'new-user-last-name-field' },
+        required: true,
+        title: _('This field is required.')
+  .username.form-group
+    = f.label :username, _('Username')
+    = f.text_field :username,
+      class: 'form-control gl-form-input middle js-block-emoji js-validate-length js-validate-username',
+      data: signup_username_data_attributes,
+      pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
+      required: true,
+      title: _('Please create a username with only alphanumeric characters.')
+    %p.validation-error.gl-text-red-500.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Username is already taken.')
+    %p.validation-success.gl-text-green-600.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Username is available.')
+    %p.validation-pending.gl-field-error-ignore.gl-mt-2.field-validation.hide= _('Checking username availability...')
+  .form-group
+    = f.label :email, _('Email')
+    = f.email_field :email,
+      class: 'form-control gl-form-input middle js-validate-email',
+      data: { testid: 'new-user-email-field' },
+      required: true,
+      title: _('Please provide a valid email address.')
+    %p.validation-hint.gl-field-hint.text-secondary= _('We recommend a work email address.')
+    %p.validation-warning.gl-field-error-ignore.text-secondary.hide= _('This email address does not look right, are you sure you typed it correctly?')
+    -# This is used for providing entry to Jihu on email verification
+    = render_if_exists 'devise/shared/signup_email_additional_info'
+  .form-group.gl-mb-5
+    = f.label :password, _('Password')
+    %input.form-control.gl-form-input.js-password{ data: { id: "#{form_resource_name}_password",
+      title: s_('SignUp|Minimum length is %{minimum_password_length} characters.') % { minimum_password_length: @minimum_password_length },
+      minimum_password_length: @minimum_password_length,
+      testid: 'new-user-password-field',
+      autocomplete: 'new-password',
+      name: "#{form_resource_name}[password]" } }
+    %p.gl-field-hint-valid.text-secondary= s_('SignUp|Minimum length is %{minimum_password_length} characters.') % { minimum_password_length: @minimum_password_length }
+    = render_if_exists 'shared/password_requirements_list'
+  = render_if_exists 'devise/shared/phone_verification', form: f
+
+  .form-group
+    - if arkose_labs_enabled?
+      = render_if_exists 'devise/registrations/arkose_labs'
+    - elsif show_recaptcha_sign_up?
+      = recaptcha_tags nonce: content_security_policy_nonce
+
+  = render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, block: true, button_options: { data: { testid: 'new-user-register-button' }}) do
+    = button_text
+
+  = render 'devise/shared/terms_of_service_notice', button_text: button_text
+
+= yield :omniauth_providers_bottom if show_omniauth_providers
diff --git a/app/views/devise/shared/_signup_omniauth_provider_list.haml b/app/views/devise/shared/_signup_omniauth_provider_list.haml
index e8c82e456ae..b9efcaa11b4 100644
--- a/app/views/devise/shared/_signup_omniauth_provider_list.haml
+++ b/app/views/devise/shared/_signup_omniauth_provider_list.haml
@@ -14,7 +14,10 @@
     = _("Create an account using:")
   .gl-display-flex.gl-justify-content-between.gl-flex-wrap
     - providers.each do |provider|
-      = button_to omniauth_authorize_path(:user, provider, register_omniauth_params(local_assigns)), class: "btn gl-button btn-default gl-w-full gl-mb-4 js-oauth-login #{qa_selector_for_provider(provider)}", data: { provider: provider, track_action: "#{provider}_sso", track_label: tracking_label }, id: "oauth-login-#{provider}" do
+      = button_to omniauth_authorize_path(:user, provider, register_omniauth_params(local_assigns)),
+        class: "btn gl-button btn-default gl-w-full gl-mb-4 js-oauth-login #{qa_selector_for_provider(provider)}",
+        data: { provider: provider, track_action: "#{provider}_sso", track_label: tracking_label },
+        id: "oauth-login-#{provider}" do
         - if provider_has_icon?(provider)
           = provider_image_tag(provider)
         %span.gl-button-text