Add latest changes from gitlab-org/gitlab@master

9 files changed, 79 insertions, 53 deletions

diff --git a/lib/api/container_registry_event.rb b/lib/api/container_registry_event.rb
index 66689f8d7c8..9acf2fca1b3 100644
--- a/lib/api/container_registry_event.rb
+++ b/lib/api/container_registry_event.rb
@@ -23,8 +23,20 @@ module API
       content_type :json, DOCKER_DISTRIBUTION_EVENTS_V1_JSON
       format :json
 
+      desc 'Receives notifications from the container registry when an operation occurs' do
+        detail 'This feature was introduced in GitLab 12.10'
+        consumes [:json, DOCKER_DISTRIBUTION_EVENTS_V1_JSON]
+      end
       params do
-        requires :events, type: Array
+        requires :events, type: Array, desc: 'Event notifications' do
+          requires :action, type: String, desc: 'The action to perform, `push`, `delete`',
+                            values: %w[push delete].freeze
+          optional :target, type: Hash, desc: 'The target of the action' do
+            optional :tag, type: String, desc: 'The target tag'
+            optional :repository, type: String, desc: 'The target repository'
+            optional :digest, type: String, desc: 'Unique identifier for target image manifest'
+          end
+        end
       end
 
       # This endpoint is used by Docker Registry to push a set of event
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 0eb4fbb196c..99f759b50d2 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -673,7 +673,6 @@ module API
 
       finder_params[:with_issues_enabled] = true if params[:with_issues_enabled].present?
       finder_params[:with_merge_requests_enabled] = true if params[:with_merge_requests_enabled].present?
-      finder_params[:without_deleted] = true
       finder_params[:search_namespaces] = true if params[:search_namespaces].present?
       finder_params[:user] = params.delete(:user) if params[:user]
       finder_params[:id_after] = sanitize_id_param(params[:id_after]) if params[:id_after]
diff --git a/lib/api/members.rb b/lib/api/members.rb
index f4e38207aca..faa2ff45441 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -104,7 +104,7 @@ module API
         end
         params do
           requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
-          requires :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
+          requires :user_id, types: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The user ID of the new member or multiple IDs separated by commas.'
           optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
           optional :invite_source, type: String, desc: 'Source that triggered the member creation process', default: 'members-api'
           optional :tasks_to_be_done, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Tasks the inviter wants the member to do'
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index c6a2d582d8a..c2b77cd2fc4 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -173,7 +173,7 @@ module API
       params do
         requires :from, type: String, desc: 'The commit, branch name, or tag name to start comparison'
         requires :to, type: String, desc: 'The commit, branch name, or tag name to stop comparison'
-        optional :from_project_id, type: String, desc: 'The project to compare from'
+        optional :from_project_id, type: Integer, desc: 'The project to compare from'
         optional :straight, type: Boolean, desc: 'Comparison method, `true` for direct comparison between `from` and `to` (`from`..`to`), `false` to compare using merge base (`from`...`to`)', default: false
       end
       get ':id/repository/compare', urgency: :low do
@@ -215,7 +215,7 @@ module API
         success Entities::Commit
       end
       params do
-        requires :refs, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce
+        requires :refs, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The refs to find the common ancestor of, multiple refs can be passed'
       end
       get ':id/repository/merge_base' do
         refs = params[:refs]
diff --git a/lib/gitlab/database/migration_helpers.rb b/lib/gitlab/database/migration_helpers.rb
index 7f53378e730..72b56f34ea6 100644
--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -6,6 +6,7 @@ module Gitlab
       include Migrations::ReestablishedConnectionStack
       include Migrations::BackgroundMigrationHelpers
       include Migrations::BatchedBackgroundMigrationHelpers
+      include Migrations::LockRetriesHelpers
       include DynamicModelHelpers
       include RenameTableHelpers
       include AsyncIndexes::MigrationHelpers
@@ -405,52 +406,6 @@ module Gitlab
         end
       end
 
-      # Executes the block with a retry mechanism that alters the +lock_timeout+ and +sleep_time+ between attempts.
-      # The timings can be controlled via the +timing_configuration+ parameter.
-      # If the lock was not acquired within the retry period, a last attempt is made without using +lock_timeout+.
-      #
-      # Note this helper uses subtransactions when run inside an already open transaction.
-      #
-      # ==== Examples
-      #   # Invoking without parameters
-      #   with_lock_retries do
-      #     drop_table :my_table
-      #   end
-      #
-      #   # Invoking with custom +timing_configuration+
-      #   t = [
-      #     [1.second, 1.second],
-      #     [2.seconds, 2.seconds]
-      #   ]
-      #
-      #   with_lock_retries(timing_configuration: t) do
-      #     drop_table :my_table # this will be retried twice
-      #   end
-      #
-      #   # Disabling the retries using an environment variable
-      #   > export DISABLE_LOCK_RETRIES=true
-      #
-      #   with_lock_retries do
-      #     drop_table :my_table # one invocation, it will not retry at all
-      #   end
-      #
-      # ==== Parameters
-      # * +timing_configuration+ - [[ActiveSupport::Duration, ActiveSupport::Duration], ...] lock timeout for the block, sleep time before the next iteration, defaults to `Gitlab::Database::WithLockRetries::DEFAULT_TIMING_CONFIGURATION`
-      # * +logger+ - [Gitlab::JsonLogger]
-      # * +env+ - [Hash] custom environment hash, see the example with `DISABLE_LOCK_RETRIES`
-      def with_lock_retries(*args, **kwargs, &block)
-        raise_on_exhaustion = !!kwargs.delete(:raise_on_exhaustion)
-        merged_args = {
-          connection: connection,
-          klass: self.class,
-          logger: Gitlab::BackgroundMigration::Logger,
-          allow_savepoints: true
-        }.merge(kwargs)
-
-        Gitlab::Database::WithLockRetries.new(**merged_args)
-          .run(raise_on_exhaustion: raise_on_exhaustion, &block)
-      end
-
       def true_value
         Database.true_value
       end
diff --git a/lib/gitlab/database/migrations/lock_retries_helpers.rb b/lib/gitlab/database/migrations/lock_retries_helpers.rb
new file mode 100644
index 00000000000..137ef3ab144
--- /dev/null
+++ b/lib/gitlab/database/migrations/lock_retries_helpers.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Database
+    module Migrations
+      module LockRetriesHelpers
+        # Executes the block with a retry mechanism that alters the +lock_timeout+ and +sleep_time+ between attempts.
+        # The timings can be controlled via the +timing_configuration+ parameter.
+        # If the lock was not acquired within the retry period, a last attempt is made without using +lock_timeout+.
+        #
+        # Note this helper uses subtransactions when run inside an already open transaction.
+        #
+        # ==== Examples
+        #   # Invoking without parameters
+        #   with_lock_retries do
+        #     drop_table :my_table
+        #   end
+        #
+        #   # Invoking with custom +timing_configuration+
+        #   t = [
+        #     [1.second, 1.second],
+        #     [2.seconds, 2.seconds]
+        #   ]
+        #
+        #   with_lock_retries(timing_configuration: t) do
+        #     drop_table :my_table # this will be retried twice
+        #   end
+        #
+        #   # Disabling the retries using an environment variable
+        #   > export DISABLE_LOCK_RETRIES=true
+        #
+        #   with_lock_retries do
+        #     drop_table :my_table # one invocation, it will not retry at all
+        #   end
+        #
+        # ==== Parameters
+        # * +timing_configuration+ - [[ActiveSupport::Duration, ActiveSupport::Duration], ...] lock timeout for the
+        # block, sleep time before the next iteration, defaults to
+        # `Gitlab::Database::WithLockRetries::DEFAULT_TIMING_CONFIGURATION`
+        # * +logger+ - [Gitlab::JsonLogger]
+        # * +env+ - [Hash] custom environment hash, see the example with `DISABLE_LOCK_RETRIES`
+        def with_lock_retries(*args, **kwargs, &block)
+          raise_on_exhaustion = !!kwargs.delete(:raise_on_exhaustion)
+          merged_args = {
+            connection: connection,
+            klass: self.class,
+            logger: Gitlab::BackgroundMigration::Logger,
+            allow_savepoints: true
+          }.merge(kwargs)
+
+          Gitlab::Database::WithLockRetries.new(**merged_args)
+            .run(raise_on_exhaustion: raise_on_exhaustion, &block)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/import_export/decompressed_archive_size_validator.rb b/lib/gitlab/import_export/decompressed_archive_size_validator.rb
index c98dcf7b848..aa66fe8a5ae 100644
--- a/lib/gitlab/import_export/decompressed_archive_size_validator.rb
+++ b/lib/gitlab/import_export/decompressed_archive_size_validator.rb
@@ -87,7 +87,6 @@ module Gitlab
       def validate_archive_path
         Gitlab::Utils.check_path_traversal!(@archive_path)
 
-        raise(ServiceError, 'Archive path is not a string') unless @archive_path.is_a?(String)
         raise(ServiceError, 'Archive path is a symlink') if File.lstat(@archive_path).symlink?
         raise(ServiceError, 'Archive path is not a file') unless File.file?(@archive_path)
       end
diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb
index a67a0758257..761cdf25765 100644
--- a/lib/gitlab/utils.rb
+++ b/lib/gitlab/utils.rb
@@ -14,7 +14,10 @@ module Gitlab
     # Also see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24223#note_284122580
     # It also checks for ALT_SEPARATOR aka '\' (forward slash)
     def check_path_traversal!(path)
-      return unless path.is_a?(String)
+      return unless path
+
+      path = path.to_s if path.is_a?(Gitlab::HashedPath)
+      raise PathTraversalAttackError, 'Invalid path' unless path.is_a?(String)
 
       path = decode_path(path)
       path_regex = %r{(\A(\.{1,2})\z|\A\.\.[/\\]|[/\\]\.\.\z|[/\\]\.\.[/\\]|\n)}
diff --git a/lib/tasks/gitlab/tw/codeowners.rake b/lib/tasks/gitlab/tw/codeowners.rake
index 7098c091ee4..2d06792d656 100644
--- a/lib/tasks/gitlab/tw/codeowners.rake
+++ b/lib/tasks/gitlab/tw/codeowners.rake
@@ -74,6 +74,7 @@ namespace :tw do
       CodeOwnerRule.new('Style Guide', '@sselhorn'),
       CodeOwnerRule.new('Testing', '@eread'),
       CodeOwnerRule.new('Threat Insights', '@claytoncornell'),
+      CodeOwnerRule.new('Tutorials', '@kpaizee'),
       CodeOwnerRule.new('Utilization', '@fneill'),
       CodeOwnerRule.new('Vulnerability Research', '@claytoncornell'),
       CodeOwnerRule.new('Workspace', '@lciutacu')