Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42

15 files changed, 126 insertions, 234 deletions

diff --git a/config/initializers/00_deprecations.rb b/config/initializers/00_deprecations.rb
index bfbd57c99fe..c5f9833822d 100644
--- a/config/initializers/00_deprecations.rb
+++ b/config/initializers/00_deprecations.rb
@@ -1,33 +1,50 @@
 # frozen_string_literal: true
 
-# Disallowed deprecation warnings are silenced in production. For performance
-# reasons we even skip the definition of disallowed warnings in production.
-#
-# See
-# * https://gitlab.com/gitlab-org/gitlab/-/issues/368379 for a follow-up
-# * https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92557#note_1032212676
-#   for benchmarks
-#
-# In Rails 7 we will use `config.active_support.report_deprecations = false`
-# instead of this early return.
 if Rails.env.production?
-  ActiveSupport::Deprecation.silenced = true
-  return
+  ActiveSupport::Deprecation.silenced = !Gitlab::Utils.to_boolean(ENV['GITLAB_LOG_DEPRECATIONS'])
+  ActiveSupport::Deprecation.behavior = :notify
+  # Disallowed deprecation warnings are silenced in production. For performance
+  # reasons we even skip the definition of `ActiveSupport::Deprecation.disallowed_warnings`
+  # in production.
+  # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92557#note_1032212676 for benchmarks.
+  ActiveSupport::Deprecation.disallowed_behavior = :silence
+else
+  ActiveSupport::Deprecation.silenced = false
+  ActiveSupport::Deprecation.behavior = [:stderr, :notify]
+  ActiveSupport::Deprecation.disallowed_behavior = :raise
+
+  rails7_deprecation_warnings = [
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/366910
+    /no longer takes non-deterministic result/,
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/339739
+    /ActiveModel::Errors/,
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/342492
+    /Rendering actions with '\.' in the name is deprecated/,
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/333086
+    /default_hash is deprecated/,
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/369970
+    /Passing an Active Record object to `\w+` directly is deprecated/
+  ]
+
+  ActiveSupport::Deprecation.disallowed_warnings = rails7_deprecation_warnings
 end
 
-# Ban the following deprecation warnings and turn them into runtime errors
-# in `development` and `test` environments.
-#
-# This way we prevent already fixed warnings from sneaking back into the codebase silently.
-rails7_deprecation_warnings = [
-  # https://gitlab.com/gitlab-org/gitlab/-/issues/339739
-  /ActiveModel::Errors#keys is deprecated/,
-  # https://gitlab.com/gitlab-org/gitlab/-/issues/342492
-  /Rendering actions with '\.' in the name is deprecated/,
-  # https://gitlab.com/gitlab-org/gitlab/-/issues/333086
-  /default_hash is deprecated/,
-  # https://gitlab.com/gitlab-org/gitlab/-/issues/369970
-  /Passing an Active Record object to `\w+` directly is deprecated/
-]
+unless ActiveSupport::Deprecation.silenced
+  # Log deprecation warnings emitted through Kernel#warn, such as from gems or
+  # the Ruby VM.
+  actions = {
+    /is deprecated/ => ->(warning) do
+      Gitlab::DeprecationJsonLogger.info(message: warning.strip, source: 'ruby')
+      # Returning :default means we continue emitting this to stderr as well.
+      :default
+    end
+  }
 
-ActiveSupport::Deprecation.disallowed_warnings.concat rails7_deprecation_warnings
+  # Use `warning` gem to intercept Ruby warnings and add our own action hook.
+  Warning.process('', actions)
+
+  # Log deprecation warnings emitted from Rails (see ActiveSupport::Deprecation).
+  ActiveSupport::Notifications.subscribe('deprecation.rails') do |_name, _start, _finish, _id, payload|
+    Gitlab::DeprecationJsonLogger.info(message: payload[:message].strip, source: 'rails')
+  end
+end
diff --git a/config/initializers/0_inject_enterprise_edition_module.rb b/config/initializers/0_inject_enterprise_edition_module.rb
index cc67e384d83..b7e204d55b2 100644
--- a/config/initializers/0_inject_enterprise_edition_module.rb
+++ b/config/initializers/0_inject_enterprise_edition_module.rb
@@ -10,17 +10,15 @@ module InjectEnterpriseEditionModule
   end
 
   def extend_mod_with(constant_name, namespace: Object)
-    each_extension_for(
-      constant_name,
-      namespace,
-      &method(:extend))
+    each_extension_for(constant_name, namespace) do |constant|
+      extend constant
+    end
   end
 
   def include_mod_with(constant_name, namespace: Object)
-    each_extension_for(
-      constant_name,
-      namespace,
-      &method(:include))
+    each_extension_for(constant_name, namespace) do |constant|
+      include constant
+    end
   end
 
   def prepend_mod(with_descendants: false)
diff --git a/config/initializers/0_log_deprecations.rb b/config/initializers/0_log_deprecations.rb
deleted file mode 100644
index b3ef391053e..00000000000
--- a/config/initializers/0_log_deprecations.rb
+++ /dev/null
@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-def log_deprecations?
-  via_env_var = Gitlab::Utils.to_boolean(ENV['GITLAB_LOG_DEPRECATIONS'])
-  # enable by default during development unless explicitly turned off
-  via_env_var.nil? ? Rails.env.development? : via_env_var
-end
-
-# Add `:notify` behavior only if not already added.
-#
-# See https://github.com/Shopify/deprecation_toolkit/blob/1d0e6f5b99785806f715ce2e9a13dc50f453d1e1/lib/deprecation_toolkit.rb#L21
-def add_notify_behavior
-  notify = ActiveSupport::Deprecation::DEFAULT_BEHAVIORS.fetch(:notify)
-  behaviors = ActiveSupport::Deprecation.behavior
-
-  return if behaviors.find { |behavior| behavior == notify }
-
-  ActiveSupport::Deprecation.behavior = behaviors << notify
-end
-
-if log_deprecations?
-  # Log deprecation warnings emitted through Kernel#warn, such as from gems or
-  # the Ruby VM.
-  actions = {
-    /.+is deprecated$/ => lambda do |warning|
-      Gitlab::DeprecationJsonLogger.info(message: warning.strip, source: 'ruby')
-      # Returning :default means we continue emitting this to stderr as well.
-      :default
-    end
-  }
-
-  Warning.process('', actions)
-
-  # We may have silenced deprecations warnings in 00_deprecations.rb on production.
-  # Unsilence them again.
-  ActiveSupport::Deprecation.silenced = false
-
-  # If we want to consume emitted warnings from Rails we need to attach a notifier first.
-  add_notify_behavior
-
-  # Log deprecation warnings emitted from Rails (see ActiveSupport::Deprecation).
-  ActiveSupport::Notifications.subscribe('deprecation.rails') do |name, start, finish, id, payload|
-    Gitlab::DeprecationJsonLogger.info(message: payload[:message].strip, source: 'rails')
-  end
-end
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 55c21744ad0..b05fa6c1d8d 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -27,6 +27,7 @@ end
 
 # backwards compatibility, we only have one host
 if Settings.ldap['enabled'] || Rails.env.test?
+  Settings.ldap['sync_name'] = true if Settings.ldap['sync_name'].nil?
   if Settings.ldap['host'].present?
     # We detected old LDAP configuration syntax. Update the config to make it
     # look like it was entered with the new syntax.
@@ -265,6 +266,7 @@ Settings['gitlab_ci'] ||= Settingslogic.new({})
 Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
 Settings.gitlab_ci['builds_path']           = Settings.absolute(Settings.gitlab_ci['builds_path'] || "builds/")
 Settings.gitlab_ci['url']                 ||= Settings.__send__(:build_gitlab_ci_url)
+Settings.gitlab_ci['component_fqdn']      ||= Settings.__send__(:build_ci_component_fqdn)
 
 #
 # CI Secure Files
@@ -280,12 +282,14 @@ Settings.ci_secure_files['object_store'] = ObjectStoreSettings.legacy_parse(Sett
 Settings['incoming_email'] ||= Settingslogic.new({})
 Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil?
 Settings.incoming_email['inbox_method'] ||= 'imap'
+Settings.incoming_email['encrypted_secret_file'] = Settings.absolute(Settings.incoming_email['encrypted_secret_file'] || File.join(Settings.encrypted_settings['path'], "incoming_email.yaml.enc"))
 
 #
 # Service desk email
 #
 Settings['service_desk_email'] ||= Settingslogic.new({})
 Settings.service_desk_email['enabled'] = false if Settings.service_desk_email['enabled'].nil?
+Settings.service_desk_email['encrypted_secret_file'] = Settings.absolute(Settings.service_desk_email['encrypted_secret_file'] || File.join(Settings.encrypted_settings['path'], "service_desk_email.yaml.enc"))
 
 #
 # Build Artifacts
@@ -440,7 +444,7 @@ Settings.mattermost['enabled'] = false if Settings.mattermost['enabled'].nil?
 Settings.mattermost['host'] = nil unless Settings.mattermost.enabled
 
 #
-# Jira Connect (GitLab.com for Jira Cloud App)
+# Jira Connect (GitLab for Jira Cloud App)
 #
 Settings['jira_connect'] ||= Settingslogic.new({})
 
@@ -676,6 +680,9 @@ Settings.cron_jobs['ci_runner_versions_reconciliation_worker']['job_class'] = 'C
 Settings.cron_jobs['users_migrate_records_to_ghost_user_in_batches_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['users_migrate_records_to_ghost_user_in_batches_worker']['cron'] ||= '*/2 * * * *'
 Settings.cron_jobs['users_migrate_records_to_ghost_user_in_batches_worker']['job_class'] = 'Users::MigrateRecordsToGhostUserInBatchesWorker'
+Settings.cron_jobs['ci_runners_stale_machines_cleanup_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['ci_runners_stale_machines_cleanup_worker']['cron'] ||= '36 4 * * *'
+Settings.cron_jobs['ci_runners_stale_machines_cleanup_worker']['job_class'] = 'Ci::Runners::StaleMachinesCleanupCronWorker'
 
 Gitlab.ee do
   Settings.cron_jobs['analytics_devops_adoption_create_all_snapshots_worker'] ||= Settingslogic.new({})
@@ -771,6 +778,9 @@ Gitlab.ee do
   Settings.cron_jobs['elastic_migration_worker'] ||= Settingslogic.new({})
   Settings.cron_jobs['elastic_migration_worker']['cron'] ||= '*/30 * * * *'
   Settings.cron_jobs['elastic_migration_worker']['job_class'] ||= 'Elastic::MigrationWorker'
+  Settings.cron_jobs['search_index_curation_worker'] ||= Settingslogic.new({})
+  Settings.cron_jobs['search_index_curation_worker']['cron'] ||= '*/1 * * * *'
+  Settings.cron_jobs['search_index_curation_worker']['job_class'] ||= 'Search::IndexCurationWorker'
   Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({})
   Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} #{rand(3..4)} * * * UTC"
   Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker'
@@ -816,13 +826,25 @@ Gitlab.ee do
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner'] ||= Settingslogic.new({})
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['cron'] ||= "0 0 * * *"
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['job_class'] = 'Licenses::ResetSubmitLicenseUsageDataBannerWorker'
+  Settings.cron_jobs['abandoned_trial_emails'] ||= Settingslogic.new({})
+  Settings.cron_jobs['abandoned_trial_emails']['cron'] ||= "0 1 * * *"
+  Settings.cron_jobs['abandoned_trial_emails']['job_class'] = 'Emails::AbandonedTrialEmailsCronWorker'
+  Settings.cron_jobs['package_metadata_sync_worker'] ||= Settingslogic.new({})
+  Settings.cron_jobs['package_metadata_sync_worker']['cron'] ||= "0 1 * * *"
+  Settings.cron_jobs['package_metadata_sync_worker']['job_class'] = 'PackageMetadata::SyncWorker'
   Gitlab.com do
+    Settings.cron_jobs['free_user_cap_backfill_notification_jobs_worker'] ||= Settingslogic.new({})
+    Settings.cron_jobs['free_user_cap_backfill_notification_jobs_worker']['cron'] ||= '*/5 * * * *'
+    Settings.cron_jobs['free_user_cap_backfill_notification_jobs_worker']['job_class'] = 'Namespaces::FreeUserCap::BackfillNotificationJobsWorker'
     Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects'] ||= Settingslogic.new({})
     Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects']['cron'] ||= "30 5 * * 0"
     Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects']['job_class'] = 'Projects::DisableLegacyOpenSourceLicenseForInactiveProjectsWorker'
     Settings.cron_jobs['notify_seats_exceeded_batch_worker'] ||= Settingslogic.new({})
     Settings.cron_jobs['notify_seats_exceeded_batch_worker']['cron'] ||= '0 3 * * *'
     Settings.cron_jobs['notify_seats_exceeded_batch_worker']['job_class'] ||= 'GitlabSubscriptions::NotifySeatsExceededBatchWorker'
+    Settings.cron_jobs['gitlab_subscriptions_schedule_refresh_seats_worker'] ||= Settingslogic.new({})
+    Settings.cron_jobs['gitlab_subscriptions_schedule_refresh_seats_worker']['cron'] ||= "0 */6 * * *"
+    Settings.cron_jobs['gitlab_subscriptions_schedule_refresh_seats_worker']['job_class'] = 'GitlabSubscriptions::ScheduleRefreshSeatsWorker'
   end
 end
 
@@ -884,6 +906,8 @@ Settings['repositories'] ||= Settingslogic.new({})
 Settings.repositories['storages'] ||= {}
 
 Settings.repositories.storages.each do |key, storage|
+  next if Settings.repositories.storages[key].is_a?(Gitlab::GitalyClient::StorageSettings)
+
   Settings.repositories.storages[key] = Gitlab::GitalyClient::StorageSettings.new(storage)
 end
 
diff --git a/config/initializers/9_fast_gettext.rb b/config/initializers/9_fast_gettext.rb
deleted file mode 100644
index 0c28a1b7ce8..00000000000
--- a/config/initializers/9_fast_gettext.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-FastGettext.default_available_locales = Gitlab::I18n.available_locales
-I18n.available_locales = Gitlab::I18n.available_locales
diff --git a/config/initializers/bootstrap_form.rb b/config/initializers/bootstrap_form.rb
deleted file mode 100644
index 8121bc8bf1d..00000000000
--- a/config/initializers/bootstrap_form.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-module BootstrapFormBuilderCustomization
-  def label_class
-    "label-bold"
-  end
-end
-
-BootstrapForm::FormBuilder.prepend(BootstrapFormBuilderCustomization)
diff --git a/config/initializers/check_forced_decomposition.rb b/config/initializers/check_forced_decomposition.rb
new file mode 100644
index 00000000000..7da2f047ca1
--- /dev/null
+++ b/config/initializers/check_forced_decomposition.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+return if Gitlab::Utils.to_boolean(ENV.fetch('GITLAB_ALLOW_SEPARATE_CI_DATABASE', false))
+
+# GitLab.com is already decomposed
+return if Gitlab.com?
+
+# It is relatively safe for development, and GDK defaults to decomposed already
+return if Gitlab.dev_or_test_env?
+
+ci_config = ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: 'ci')
+main_config = ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: 'main')
+
+return unless ci_config
+
+# If the ci `database` is the same as main `database`, it is likely the same
+return if ci_config.database == main_config.database &&
+  ci_config.host == main_config.host
+
+raise "Separate CI database is not ready for production use!\n\n" \
+      "Did you mean to use `database: #{main_config.database}` for the `ci:` database connection?\n" \
+      "Or, use `export GITLAB_ALLOW_SEPARATE_CI_DATABASE=1` to ignore this check."
diff --git a/config/initializers/countries.rb b/config/initializers/countries.rb
index 171c126143c..98d06c9a893 100644
--- a/config/initializers/countries.rb
+++ b/config/initializers/countries.rb
@@ -8,55 +8,18 @@ end
 # This overrides the display name for Ukraine to 'Ukraine (except the Crimea, Donetsk, and Luhansk regions)'
 # See: https://gitlab.com/gitlab-org/gitlab/-/issues/374946
 # To be removed after https://gitlab.com/gitlab-org/gitlab/issues/14784 is implemented
-# Data fetched is based on https://github.com/countries/countries/blob/master/lib/countries/data/countries/UA.yaml
 ISO3166::Data.register(
-  continent: "Europe",
-  address_format: "|-
-  {{recipient}}
-  {{street}}
-  {{city}} {{region_short}}
-  {{postalcode}}
-  {{country}}",
-  alpha2: "UA",
-  alpha3: "UKR",
-  country_code: '380',
-  international_prefix: '810',
-  ioc: "UKR",
-  gec: "UP",
-  name: "Ukraine (except the Crimea, Donetsk, and Luhansk regions)",
-  national_destination_code_lengths: [2],
-  national_number_lengths: [8, 9],
-  national_prefix: '8',
-  number: '804',
-  region: "Europe",
-  subregion: "Eastern Europe",
-  world_region: "EMEA",
-  un_locode: "UA",
-  nationality: "Ukrainian",
-  vat_rates: {
-    standard: 20
-  },
-  reduced: [7],
-  super_reduced: {
-    parking: { postal_code: true }
-  },
-  unofficial_names: %w(Ukraine Ucrania ウクライナ Oekraïne Украина Україна Украіна),
-  languages_official: ["uk"],
-  languages_spoken: ["uk"],
-  geo: {
-    latitude: 48.379433,
-    latitude_dec: '48.92656326293945',
-    longitude: 31.16558,
-    longitude_dec: '31.47578239440918',
-    max_latitude: 52.37958099999999,
-    max_longitude: 40.2285809,
-    min_latitude: 44.2924,
-    min_longitude: 22.137159,
-    bounds: {
-      northeast: { lat: 52.37958099999999, lng: 40.2285809 },
-      southwest: { lat: 44.2924, lng: 22.137159 }
-    }
-  },
-  currency_code: "UAH",
-  start_of_week: "monday"
+  ISO3166::Data.new('UA')
+               .call
+               .deep_symbolize_keys
+               .merge({ name: 'Ukraine (except the Crimea, Donetsk, and Luhansk regions)' })
+)
+
+# Updating the display name of Taiwan, from `Taiwan, Province of China` to `Taiwan`
+# See issue: https://gitlab.com/gitlab-org/gitlab/-/issues/349333
+ISO3166::Data.register(
+  ISO3166::Data.new('TW')
+               .call
+               .deep_symbolize_keys
+               .merge({ name: 'Taiwan' })
 )
diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb
index 09dedd903f8..bbb82443a3e 100644
--- a/config/initializers/database_config.rb
+++ b/config/initializers/database_config.rb
@@ -2,14 +2,14 @@
 
 Rails.application.reloader.to_run(:before) do
   # Make sure connects_to for Ci::ApplicationRecord gets called outside of config/routes.rb first
-  # See InitializerConnections.with_disabled_database_connections
+  # See InitializerConnections.raise_if_new_database_connection
   Ci::ApplicationRecord
 end
 
 Gitlab.ee do
   if Gitlab::Geo.geo_database_configured?
     # Make sure connects_to for geo gets called outside of config/routes.rb first
-    # See InitializerConnections.with_disabled_database_connections
+    # See InitializerConnections.raise_if_new_database_connection
     Geo::TrackingBase
   end
 
diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb
index a3a2550811b..1a315feca7e 100644
--- a/config/initializers/doorkeeper_openid_connect.rb
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -31,9 +31,9 @@ Doorkeeper::OpenidConnect.configure do
         Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}"
       end
 
-      o.claim(:name)                     { |user| user.name }
-      o.claim(:nickname)                 { |user| user.username }
-      o.claim(:preferred_username)       { |user| user.username }
+      o.claim(:name, response: [:id_token, :user_info]) { |user| user.name }
+      o.claim(:nickname, response: [:id_token, :user_info]) { |user| user.username }
+      o.claim(:preferred_username, response: [:id_token, :user_info]) { |user| user.username }
 
       # Check whether the application has access to the email scope, and grant
       # access to the user's primary email address if so, otherwise their
@@ -55,10 +55,10 @@ Doorkeeper::OpenidConnect.configure do
         end
       end
 
-      o.claim(:website)        { |user| user.full_website_url if user.website_url.present? }
-      o.claim(:profile)        { |user| Gitlab::Routing.url_helpers.user_url user }
-      o.claim(:picture)        { |user| user.avatar_url(only_path: false) }
-      o.claim(:groups)         { |user| user.membership_groups.joins(:route).with_route.map(&:full_path) }
+      o.claim(:website, response: [:id_token, :user_info]) { |user| user.full_website_url if user.website_url.present? }
+      o.claim(:profile, response: [:id_token, :user_info]) { |user| Gitlab::Routing.url_helpers.user_url user }
+      o.claim(:picture, response: [:id_token, :user_info]) { |user| user.avatar_url(only_path: false) }
+      o.claim(:groups) { |user| user.membership_groups.joins(:route).with_route.map(&:full_path) }
       o.claim(:groups_direct, response: [:id_token]) { |user| user.groups.joins(:route).with_route.map(&:full_path) }
       o.claim('https://gitlab.org/claims/groups/owner') do |user|
         user.owned_groups.joins(:route).with_route.map(&:full_path).presence
diff --git a/config/initializers/google_api_client.rb b/config/initializers/google_api_client.rb
index ab469e5b0a1..9c1bc3ca783 100644
--- a/config/initializers/google_api_client.rb
+++ b/config/initializers/google_api_client.rb
@@ -11,13 +11,7 @@ require 'signet/errors'
 # that may hit timeouts will mainly benefit from this.
 Google::Apis::RequestOptions.default.retries = 3 if Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_GOOGLE_API_RETRIES', true))
 
-# By default, httpclient will set a send timeout of 120 seconds (https://github.com/nahi/httpclient/blob/82929c4baae14c2319c3f9aba49488c6f6def875/lib/httpclient/session.rb#L147),
-# which causes any request to be interrupted every 2 minutes (https://github.com/nahi/httpclient/blob/82929c4baae14c2319c3f9aba49488c6f6def875/lib/httpclient/session.rb#L515).
-#
-# The Google API client uses resumable uploads so that if a transfer
-# request is interrupted, it can retry where it left off. The client
-# will retry at most N + 1 times, which means transfers can only last as
-# long as this (N + 1) * send timeout. We raise this timeout to an hour
-# since otherwise transfers can only last 8 minutes (4 * 2 min) before
-# being interrupted.
-Google::Apis::ClientOptions.default.send_timeout_sec = 3600
+# The default chunk size of 100MB provides no performance benefits
+# while using more memory at peak, see discussion in
+# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108456#note_1259008557
+Google::Apis::RequestOptions.default.upload_chunk_size = 10.megabytes
diff --git a/config/initializers/google_api_client_patch.rb b/config/initializers/google_api_client_patch.rb
deleted file mode 100644
index 2a832790f97..00000000000
--- a/config/initializers/google_api_client_patch.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-# frozen_string_literal: true
-
-require 'google/apis/core/http_command'
-require 'google/apis/version'
-
-raise 'This patch is only tested with google-api-client-ruby v0.53.0' unless Google::Apis::VERSION == "0.53.0"
-
-# The google-api-ruby-client does not have a way to increase or disable
-# the maximum allowed time for a request to be retried. By default, it
-# is using the Retriable gem's 15-minute timeout, which appears to be
-# too low for uploads over 10 GB. This patches the gem with the upstream
-# changes:
-# https://github.com/googleapis/google-api-ruby-client/pull/8106
-module Google
-  module Apis
-    module Core
-      # Command for HTTP request/response.
-      class HttpCommand
-        MAX_ELAPSED_TIME = 3600
-
-        # Execute the command, retrying as necessary
-        #
-        # @param [HTTPClient] client
-        #   HTTP client
-        # @yield [result, err] Result or error if block supplied
-        # @return [Object]
-        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
-        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
-        # @raise [Google::Apis::AuthorizationError] Authorization is required
-        def execute(client)
-          prepare!
-          opencensus_begin_span
-          begin
-            Retriable.retriable tries: options.retries + 1,
-                                max_elapsed_time: MAX_ELAPSED_TIME,
-                                base_interval: 1,
-                                multiplier: 2,
-                                on: RETRIABLE_ERRORS do |try|
-              # This 2nd level retriable only catches auth errors, and supports 1 retry, which allows
-              # auth to be re-attempted without having to retry all sorts of other failures like
-              # NotFound, etc
-              auth_tries = (try == 1 && authorization_refreshable? ? 2 : 1)
-              Retriable.retriable tries: auth_tries,
-                                  on: [Google::Apis::AuthorizationError, Signet::AuthorizationError, Signet::RemoteServerError, Signet::UnexpectedStatusError],
-                                  on_retry: proc { |*| refresh_authorization } do
-                execute_once(client).tap do |result|
-                  if block_given?
-                    yield result, nil
-                  end
-                end
-              end
-            end
-          rescue => e # rubocop:disable Style/RescueStandardError
-            if block_given?
-              yield nil, e
-            else
-              raise e
-            end
-          end
-        ensure
-          opencensus_end_span
-          @http_res = nil
-          release!
-        end
-      end
-    end
-  end
-end
diff --git a/config/initializers/macos.rb b/config/initializers/macos.rb
index 1edd6c0a730..3b669a73f49 100644
--- a/config/initializers/macos.rb
+++ b/config/initializers/macos.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-if /darwin/ =~ RUBY_PLATFORM
+if RUBY_PLATFORM.include?('darwin')
   Gitlab::Cluster::LifecycleEvents.on_before_fork do
     require 'fiddle'
 
diff --git a/config/initializers/memory_watchdog.rb b/config/initializers/memory_watchdog.rb
index 99c5d61293f..27d9bf8b8f8 100644
--- a/config/initializers/memory_watchdog.rb
+++ b/config/initializers/memory_watchdog.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 return unless Gitlab::Runtime.application?
-return unless Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'], default: Gitlab::Runtime.puma?)
+return unless Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'], default: true)
 
 Gitlab::Cluster::LifecycleEvents.on_worker_start do
   watchdog = Gitlab::Memory::Watchdog.new
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 58441b83c7d..cf8df814990 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -33,7 +33,7 @@ queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE
 
 enable_json_logs = Gitlab.config.sidekiq.log_format == 'json'
 enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero? &&
-  !Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'])
+  !Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'], default: true)
 
 Sidekiq.configure_server do |config|
   config[:strict] = false