Add latest changes from gitlab-org/gitlab@master

4 files changed, 41 insertions, 8 deletions

diff --git a/app/graphql/resolvers/ci/job_token_scope_resolver.rb b/app/graphql/resolvers/ci/job_token_scope_resolver.rb
new file mode 100644
index 00000000000..ca76a7b94fc
--- /dev/null
+++ b/app/graphql/resolvers/ci/job_token_scope_resolver.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Resolvers
+  module Ci
+    class JobTokenScopeResolver < BaseResolver
+      include Gitlab::Graphql::Authorize::AuthorizeResource
+
+      authorize :admin_project
+      description 'Container for resources that can be accessed by a CI job token from the current project. Null if job token scope setting is disabled.'
+      type ::Types::Ci::JobTokenScopeType, null: true
+
+      def resolve
+        authorize!(object)
+
+        return unless object.ci_job_token_scope_enabled?
+
+        ::Ci::JobToken::Scope.new(object)
+      end
+    end
+  end
+end
diff --git a/app/graphql/types/ci/job_token_scope_type.rb b/app/graphql/types/ci/job_token_scope_type.rb
new file mode 100644
index 00000000000..9f48298e1d3
--- /dev/null
+++ b/app/graphql/types/ci/job_token_scope_type.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Types
+  # rubocop: disable Graphql/AuthorizeTypes
+  # Authorization is in the resolver based on the parent project
+  module Ci
+    class JobTokenScopeType < BaseObject
+      graphql_name 'CiJobTokenScopeType'
+
+      field :projects, Types::ProjectType.connection_type, null: false,
+        description: 'Allow list of projects that can be accessed by CI Job tokens created by this project.',
+        method: :all_projects
+    end
+  end
+  # rubocop: enable Graphql/AuthorizeTypes
+end
diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb
index 55dc73d898d..7e4c0c03dd6 100644
--- a/app/graphql/types/project_type.rb
+++ b/app/graphql/types/project_type.rb
@@ -346,6 +346,10 @@ module Types
           description: 'Find a single CI/CD template by name.',
           resolver: Resolvers::Ci::TemplateResolver
 
+    field :ci_job_token_scope, Types::Ci::JobTokenScopeType, null: true,
+          description: 'The CI Job Tokens scope of access.',
+          resolver: Resolvers::Ci::JobTokenScopeResolver
+
     def label(title:)
       BatchLoader::GraphQL.for(title).batch(key: project) do |titles, loader, args|
         LabelsFinder
diff --git a/app/models/packages/package.rb b/app/models/packages/package.rb
index b040c98ef09..d2e4f46898c 100644
--- a/app/models/packages/package.rb
+++ b/app/models/packages/package.rb
@@ -158,8 +158,6 @@ class Packages::Package < ApplicationRecord
     joins(:project).reorder(keyset_order)
   end
 
-  after_commit :update_composer_cache, on: :destroy, if: -> { composer? && Feature.disabled?(:disable_composer_callback) }
-
   def self.only_maven_packages_with_path(path, use_cte: false)
     if use_cte
       # This is an optimization fence which assumes that looking up the Metadatum record by path (globally)
@@ -295,12 +293,6 @@ class Packages::Package < ApplicationRecord
 
   private
 
-  def update_composer_cache
-    return unless composer?
-
-    ::Packages::Composer::CacheUpdateWorker.perform_async(project_id, name, composer_metadatum.version_cache_sha) # rubocop:disable CodeReuse/Worker
-  end
-
   def composer_tag_version?
     composer? && !Gitlab::Regex.composer_dev_version_regex.match(version.to_s)
   end