Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-08-10 00:09:21 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-08-10 00:09:21 +0300
commit: c03dce2dc9f0f257faac4d43d208d96320ca5c0e (patch)
tree: 3da57da8f1526935326a10f538bac15797e5f638 /lib
parent: 283318c20561cc040b62397060771efa74db0d90 (diff)
7 files changed, 61 insertions, 26 deletions
diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb
index 377a5dc2a00..aa1e6bbc952 100644
--- a/lib/api/deployments.rb
+++ b/lib/api/deployments.rb
@@ -151,8 +151,6 @@ module API
         requires :deployment_id, type: Integer, desc: 'The deployment ID'
       end
       delete ':id/deployments/:deployment_id' do
-        not_found! unless Feature.enabled?(:delete_deployments_api, user_project)
-
         deployment = user_project.deployments.find(params[:deployment_id])
 
         authorize!(:destroy_deployment, deployment)
diff --git a/lib/gitlab/audit/auditor.rb b/lib/gitlab/audit/auditor.rb
index 638977d24f1..c96be19f02d 100644
--- a/lib/gitlab/audit/auditor.rb
+++ b/lib/gitlab/audit/auditor.rb
@@ -107,8 +107,8 @@ module Gitlab
 
         event = AuthenticationEvent.new(authentication_event_payload)
         event.save!
-      rescue ActiveRecord::RecordInvalid => error
-        ::Gitlab::ErrorTracking.track_exception(error, audit_operation: @name)
+      rescue ActiveRecord::RecordInvalid => e
+        ::Gitlab::ErrorTracking.track_exception(e, audit_operation: @name)
       end
 
       def authentication_event_payload
@@ -146,8 +146,8 @@ module Gitlab
 
       def log_to_database(events)
         AuditEvent.bulk_insert!(events)
-      rescue ActiveRecord::RecordInvalid => error
-        ::Gitlab::ErrorTracking.track_exception(error, audit_operation: @name)
+      rescue ActiveRecord::RecordInvalid => e
+        ::Gitlab::ErrorTracking.track_exception(e, audit_operation: @name)
       end
 
       def log_to_file(events)
diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb
index a45778159c7..37f92792d2d 100644
--- a/lib/gitlab/auth/o_auth/auth_hash.rb
+++ b/lib/gitlab/auth/o_auth/auth_hash.rb
@@ -59,14 +59,43 @@ module Gitlab
           auth_hash['info']
         end
 
-        def get_info(key)
-          value = info[key]
+        def coerce_utf8(value)
           value.is_a?(String) ? Gitlab::Utils.force_utf8(value) : value
         end
 
+        def get_info(key)
+          coerce_utf8(info[key])
+        end
+
+        def provider_config
+          Gitlab::Auth::OAuth::Provider.config_for(@provider) || {}
+        end
+
+        def provider_args
+          @provider_args ||= provider_config['args'].presence || {}
+        end
+
+        def get_from_auth_hash_or_info(key)
+          coerce_utf8(auth_hash[key]) || get_info(key)
+        end
+
+        # Allow for configuring a custom username claim per provider from
+        # the auth hash or use the canonical username or nickname fields
+        def gitlab_username_claim
+          provider_args.dig('gitlab_username_claim')&.to_sym
+        end
+
+        def username_claims
+          [gitlab_username_claim, :username, :nickname].compact
+        end
+
+        def get_username
+          username_claims.map { |claim| get_from_auth_hash_or_info(claim) }.find { |name| name.presence }
+        end
+
         def username_and_email
           @username_and_email ||= begin
-            username  = get_info(:username).presence || get_info(:nickname).presence
+            username  = get_username
             email     = get_info(:email).presence
 
             username ||= generate_username(email)             if email
diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
index f09e4450703..52709fba774 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml
@@ -39,4 +39,7 @@ kics-iac-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /kics/
       when: never
-    - if: $CI_COMMIT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
+      when: never
+    - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
index 96fbbc67d8e..076c0879128 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
@@ -47,7 +47,7 @@ bandit-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /bandit/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.py'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -68,7 +68,7 @@ brakeman-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.rb'
         - '**/Gemfile'
@@ -91,7 +91,7 @@ eslint-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.html'
         - '**/*.js'
@@ -120,7 +120,7 @@ flawfinder-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /flawfinder/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.c'
         - '**/*.cc'
@@ -152,7 +152,7 @@ kubesec-sast:
     - if: $SAST_EXCLUDED_ANALYZERS =~ /kubesec/
       when: never
     # Add the job to merge request pipelines if there's an open merge request.
-    - if: $CI_MERGE_REQUEST_IID &&
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
           $SCAN_KUBERNETES_MANIFESTS == 'true'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
       when: never
@@ -172,7 +172,7 @@ gosec-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /gosec/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.go'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -197,7 +197,7 @@ mobsf-android-sast:
     - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/
       when: never
     # Add the job to merge request pipelines if there's an open merge request.
-    - if: $CI_MERGE_REQUEST_IID &&
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
           $SAST_EXPERIMENTAL_FEATURES == 'true'
       exists:
         - '**/*.apk'
@@ -219,7 +219,7 @@ mobsf-ios-sast:
     - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/
       when: never
     # Add the job to merge request pipelines if there's an open merge request.
-    - if: $CI_MERGE_REQUEST_IID &&
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
           $SAST_EXPERIMENTAL_FEATURES == 'true'
       exists:
         - '**/*.ipa'
@@ -245,7 +245,7 @@ nodejs-scan-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/package.json'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -266,7 +266,7 @@ phpcs-security-audit-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /phpcs-security-audit/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.php'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -287,7 +287,7 @@ pmd-apex-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /pmd-apex/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.cls'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -308,7 +308,7 @@ security-code-scan-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /security-code-scan/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.csproj'
         - '**/*.vbproj'
@@ -332,7 +332,7 @@ semgrep-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.py'
         - '**/*.js'
@@ -367,7 +367,7 @@ sobelow-sast:
       when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /sobelow/
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - 'mix.exs'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -392,7 +392,7 @@ spotbugs-sast:
       when: never
     - if: $SAST_DISABLED
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
       exists:
         - '**/*.groovy'
         - '**/*.java'
diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
index ebf464074f8..3491576a9f3 100644
--- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml
@@ -8,6 +8,7 @@ variables:
   TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com'
   SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products"
   SECRET_DETECTION_IMAGE_SUFFIX: ""
+
   SECRETS_ANALYZER_VERSION: "4"
   SECRET_DETECTION_EXCLUDED_PATHS: ""
 
@@ -29,7 +30,7 @@ secret_detection:
   rules:
     - if: $SECRET_DETECTION_DISABLED
       when: never
-    - if: $CI_MERGE_REQUEST_IID    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Add the job to merge request pipelines if there's an open merge request.
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
       when: never
     - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
diff --git a/lib/gitlab/form_builders/gitlab_ui_form_builder.rb b/lib/gitlab/form_builders/gitlab_ui_form_builder.rb
index 315bdaa37bf..f1ad8edd125 100644
--- a/lib/gitlab/form_builders/gitlab_ui_form_builder.rb
+++ b/lib/gitlab/form_builders/gitlab_ui_form_builder.rb
@@ -59,6 +59,10 @@ module Gitlab
         ).render_in(@template, &block)
       end
 
+      def gitlab_ui_datepicker(method, options = {})
+        @template.text_field @object_name, method, options.merge(class: "datepicker form-control gl-form-input")
+      end
+
       private
 
       def format_options(options)
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-08-10 00:09:21 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-08-10 00:09:21 +0300
commit	c03dce2dc9f0f257faac4d43d208d96320ca5c0e (patch)
tree	3da57da8f1526935326a10f538bac15797e5f638 /lib
parent	283318c20561cc040b62397060771efa74db0d90 (diff)