8 files changed, 84 insertions, 52 deletions

diff --git a/app/services/projects/alerting/notify_service.rb b/app/services/projects/alerting/notify_service.rb
index bfce5f1ad63..affac45fc3d 100644
--- a/app/services/projects/alerting/notify_service.rb
+++ b/app/services/projects/alerting/notify_service.rb
@@ -7,43 +7,34 @@ module Projects
       include ::IncidentManagement::Settings
 
       def execute(token)
+        return bad_request unless valid_payload_size?
         return forbidden unless alerts_service_activated?
         return unauthorized unless valid_token?(token)
 
-        alert = process_alert
+        process_alert
         return bad_request unless alert.persisted?
 
-        process_incident_issues(alert) if process_issues?
+        process_incident_issues if process_issues?
         send_alert_email if send_email?
 
         ServiceResponse.success
-      rescue Gitlab::Alerting::NotificationPayloadParser::BadPayloadError
-        bad_request
       end
 
       private
 
       delegate :alerts_service, :alerts_service_activated?, to: :project
 
-      def am_alert_params
-        strong_memoize(:am_alert_params) do
-          Gitlab::AlertManagement::AlertParams.from_generic_alert(project: project, payload: params.to_h)
-        end
-      end
-
       def process_alert
-        existing_alert = find_alert_by_fingerprint(am_alert_params[:fingerprint])
-
-        if existing_alert
-          process_existing_alert(existing_alert)
+        if alert.persisted?
+          process_existing_alert
         else
           create_alert
         end
       end
 
-      def process_existing_alert(alert)
-        if am_alert_params[:ended_at].present?
-          process_resolved_alert(alert)
+      def process_existing_alert
+        if incoming_payload.ends_at.present?
+          process_resolved_alert
         else
           alert.register_new_event!
         end
@@ -51,10 +42,10 @@ module Projects
         alert
       end
 
-      def process_resolved_alert(alert)
+      def process_resolved_alert
         return unless auto_close_incident?
 
-        if alert.resolve(am_alert_params[:ended_at])
+        if alert.resolve(incoming_payload.ends_at)
           close_issue(alert.issue)
         end
 
@@ -72,20 +63,16 @@ module Projects
       end
 
       def create_alert
-        alert = AlertManagement::Alert.create(am_alert_params.except(:ended_at))
-        alert.execute_services if alert.persisted?
-        SystemNoteService.create_new_alert(alert, 'Generic Alert Endpoint')
-
-        alert
-      end
-
-      def find_alert_by_fingerprint(fingerprint)
-        return unless fingerprint
+        return unless alert.save
 
-        AlertManagement::Alert.not_resolved.for_fingerprint(project, fingerprint).first
+        alert.execute_services
+        SystemNoteService.create_new_alert(
+          alert,
+          alert.monitoring_tool || 'Generic Alert Endpoint'
+        )
       end
 
-      def process_incident_issues(alert)
+      def process_incident_issues
         return if alert.issue
 
         ::IncidentManagement::ProcessAlertWorker.perform_async(nil, nil, alert.id)
@@ -94,11 +81,33 @@ module Projects
       def send_alert_email
         notification_service
           .async
-          .prometheus_alerts_fired(project, [parsed_payload])
+          .prometheus_alerts_fired(project, [alert.attributes])
+      end
+
+      def alert
+        strong_memoize(:alert) do
+          existing_alert || new_alert
+        end
+      end
+
+      def existing_alert
+        return unless incoming_payload.gitlab_fingerprint
+
+        AlertManagement::Alert.not_resolved.for_fingerprint(project, incoming_payload.gitlab_fingerprint).first
+      end
+
+      def new_alert
+        AlertManagement::Alert.new(**incoming_payload.alert_params, ended_at: nil)
+      end
+
+      def incoming_payload
+        strong_memoize(:incoming_payload) do
+          Gitlab::AlertManagement::Payload.parse(project, params.to_h)
+        end
       end
 
-      def parsed_payload
-        Gitlab::Alerting::NotificationPayloadParser.call(params.to_h, project)
+      def valid_payload_size?
+        Gitlab::Utils::DeepSize.new(params).valid?
       end
 
       def valid_token?(token)
diff --git a/app/services/projects/container_repository/cleanup_tags_service.rb b/app/services/projects/container_repository/cleanup_tags_service.rb
index 204a54ff23a..31500043544 100644
--- a/app/services/projects/container_repository/cleanup_tags_service.rb
+++ b/app/services/projects/container_repository/cleanup_tags_service.rb
@@ -25,7 +25,10 @@ module Projects
         tag_names = tags.map(&:name)
 
         Projects::ContainerRepository::DeleteTagsService
-          .new(container_repository.project, current_user, tags: tag_names)
+          .new(container_repository.project,
+               current_user,
+               tags: tag_names,
+               container_expiration_policy: params['container_expiration_policy'])
           .execute(container_repository)
       end
 
diff --git a/app/services/projects/container_repository/delete_tags_service.rb b/app/services/projects/container_repository/delete_tags_service.rb
index a23a6a369b2..9fc3ec0aafb 100644
--- a/app/services/projects/container_repository/delete_tags_service.rb
+++ b/app/services/projects/container_repository/delete_tags_service.rb
@@ -7,7 +7,10 @@ module Projects
 
       def execute(container_repository)
         @container_repository = container_repository
-        return error('access denied') unless can?(current_user, :destroy_container_image, project)
+
+        unless params[:container_expiration_policy]
+          return error('access denied') unless can?(current_user, :destroy_container_image, project)
+        end
 
         @tag_names = params[:tags]
         return error('not tags specified') if @tag_names.blank?
@@ -23,9 +26,7 @@ module Projects
       end
 
       def delete_service
-        fast_delete_enabled = Feature.enabled?(:container_registry_fast_tag_delete, default_enabled: true)
-
-        if fast_delete_enabled && @container_repository.client.supports_tag_delete?
+        if @container_repository.client.supports_tag_delete?
           ::Projects::ContainerRepository::Gitlab::DeleteTagsService.new(@container_repository, @tag_names)
         else
           ::Projects::ContainerRepository::ThirdParty::DeleteTagsService.new(@container_repository, @tag_names)
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 68b40fdd8f1..6fc8e8f8935 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -19,6 +19,10 @@ module Projects
 
       @project = Project.new(params)
 
+      # If a project is newly created it should have shared runners settings
+      # based on its group having it enabled. This is like the "default value"
+      @project.shared_runners_enabled = false if !params.key?(:shared_runners_enabled) && @project.group && @project.group.shared_runners_setting != 'enabled'
+
       # Make sure that the user is allowed to use the specified visibility level
       if project_visibility.restricted?
         deny_visibility_level(@project, project_visibility.visibility_level)
@@ -162,7 +166,7 @@ module Projects
 
         if @project.save
           unless @project.gitlab_project_import?
-            create_services_from_active_instances_or_templates(@project)
+            Service.create_from_active_default_integrations(@project, :project_id, with_templates: true)
             @project.create_labels
           end
 
@@ -228,15 +232,6 @@ module Projects
 
     private
 
-    # rubocop: disable CodeReuse/ActiveRecord
-    def create_services_from_active_instances_or_templates(project)
-      Service.active.where(instance: true).or(Service.active.where(template: true)).group_by(&:type).each do |type, records|
-        service = records.find(&:instance?) || records.find(&:template?)
-        Service.build_from_integration(project.id, service).save!
-      end
-    end
-    # rubocop: enable CodeReuse/ActiveRecord
-
     def project_namespace
       @project_namespace ||= Namespace.find_by_id(@params[:namespace_id]) || current_user.namespace
     end
diff --git a/app/services/projects/prometheus/alerts/notify_service.rb b/app/services/projects/prometheus/alerts/notify_service.rb
index d32ead76d00..c002aca32db 100644
--- a/app/services/projects/prometheus/alerts/notify_service.rb
+++ b/app/services/projects/prometheus/alerts/notify_service.rb
@@ -125,7 +125,7 @@ module Projects
 
           notification_service
             .async
-            .prometheus_alerts_fired(project, firings)
+            .prometheus_alerts_fired(project, alerts_attributes)
         end
 
         def process_prometheus_alerts
@@ -136,6 +136,18 @@ module Projects
           end
         end
 
+        def alerts_attributes
+          firings.map do |payload|
+            alert_params = Gitlab::AlertManagement::Payload.parse(
+              project,
+              payload,
+              monitoring_tool: Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:prometheus]
+            ).alert_params
+
+            AlertManagement::Alert.new(alert_params).attributes
+          end
+        end
+
         def bad_request
           ServiceResponse.error(message: 'Bad Request', http_status: :bad_request)
         end
diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb
index dba5177718d..013861631a1 100644
--- a/app/services/projects/transfer_service.rb
+++ b/app/services/projects/transfer_service.rb
@@ -88,6 +88,10 @@ module Projects
         # Move uploads
         move_project_uploads(project)
 
+        # If a project is being transferred to another group it means it can already
+        # have shared runners enabled but we need to check whether the new group allows that.
+        project.shared_runners_enabled = false if project.group && project.group.shared_runners_setting == 'disabled_and_unoverridable'
+
         project.old_path_with_namespace = @old_path
 
         update_repository_configuration(@new_path)
diff --git a/app/services/projects/update_remote_mirror_service.rb b/app/services/projects/update_remote_mirror_service.rb
index 5c41f00aac2..40cf916e2f5 100644
--- a/app/services/projects/update_remote_mirror_service.rb
+++ b/app/services/projects/update_remote_mirror_service.rb
@@ -2,12 +2,14 @@
 
 module Projects
   class UpdateRemoteMirrorService < BaseService
+    include Gitlab::Utils::StrongMemoize
+
     MAX_TRIES = 3
 
     def execute(remote_mirror, tries)
       return success unless remote_mirror.enabled?
 
-      if Gitlab::UrlBlocker.blocked_url?(CGI.unescape(Gitlab::UrlSanitizer.sanitize(remote_mirror.url)))
+      if Gitlab::UrlBlocker.blocked_url?(normalized_url(remote_mirror.url))
         return error("The remote mirror URL is invalid.")
       end
 
@@ -27,6 +29,12 @@ module Projects
 
     private
 
+    def normalized_url(url)
+      strong_memoize(:normalized_url) do
+        CGI.unescape(Gitlab::UrlSanitizer.sanitize(url))
+      end
+    end
+
     def update_mirror(remote_mirror)
       remote_mirror.update_start!
       remote_mirror.ensure_remote!
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index bb430811497..d44f5e637f1 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -135,8 +135,8 @@ module Projects
     end
 
     def ensure_wiki_exists
-      ProjectWiki.new(project, project.owner).wiki
-    rescue Wiki::CouldNotCreateWikiError
+      return if project.create_wiki
+
       log_error("Could not create wiki for #{project.full_name}")
       Gitlab::Metrics.counter(:wiki_can_not_be_created_total, 'Counts the times we failed to create a wiki').increment
     end