9 files changed, 115 insertions, 17 deletions

diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index ade5465f8ea..4b279db68b8 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -634,6 +634,9 @@ Settings.cron_jobs['schedule_merge_request_cleanup_refs_worker']['job_class'] =
 Settings.cron_jobs['manage_evidence_worker'] ||= {}
 Settings.cron_jobs['manage_evidence_worker']['cron'] ||= '0 * * * *'
 Settings.cron_jobs['manage_evidence_worker']['job_class'] = 'Releases::ManageEvidenceWorker'
+Settings.cron_jobs['publish_release_worker'] ||= {}
+Settings.cron_jobs['publish_release_worker']['cron'] ||= '20,50 * * * *'
+Settings.cron_jobs['publish_release_worker']['job_class'] = 'Releases::PublishEventWorker'
 Settings.cron_jobs['user_status_cleanup_batch_worker'] ||= {}
 Settings.cron_jobs['user_status_cleanup_batch_worker']['cron'] ||= '* * * * *'
 Settings.cron_jobs['user_status_cleanup_batch_worker']['job_class'] = 'UserStatusCleanup::BatchWorker'
@@ -897,6 +900,9 @@ Gitlab.ee do
     Settings.cron_jobs['click_house_events_sync_worker'] ||= {}
     Settings.cron_jobs['click_house_events_sync_worker']['cron'] ||= "*/3 * * * *"
     Settings.cron_jobs['click_house_events_sync_worker']['job_class'] = 'ClickHouse::EventsSyncWorker'
+    Settings.cron_jobs['click_house_event_authors_consistency_cron_worker'] ||= {}
+    Settings.cron_jobs['click_house_event_authors_consistency_cron_worker']['cron'] ||= "*/30 * * * *"
+    Settings.cron_jobs['click_house_event_authors_consistency_cron_worker']['job_class'] = 'ClickHouse::EventAuthorsConsistencyCronWorker'
     Settings.cron_jobs['vertex_ai_refresh_access_token_worker'] ||= {}
     Settings.cron_jobs['vertex_ai_refresh_access_token_worker']['cron'] ||= '*/50 * * * *'
     Settings.cron_jobs['vertex_ai_refresh_access_token_worker']['job_class'] = 'Llm::VertexAiAccessTokenRefreshWorker'
diff --git a/config/initializers/7_redis.rb b/config/initializers/7_redis.rb
index 040257535f8..5d5bb209774 100644
--- a/config/initializers/7_redis.rb
+++ b/config/initializers/7_redis.rb
@@ -29,6 +29,9 @@ Redis::Cluster.prepend(Gitlab::Patch::RedisCluster)
 
 ConnectionPool.prepend(Gitlab::Instrumentation::ConnectionPool)
 
+# this only instruments `RedisClient` used in `Sidekiq.redis`
+RedisClient.register(Gitlab::Instrumentation::RedisClientMiddleware)
+
 if Gitlab::Redis::Workhorse.params[:cluster].present?
   raise "Do not configure workhorse with a Redis Cluster as pub/sub commands are not cluster-compatible."
 end
diff --git a/config/initializers/fog_google_list_objects_match_glob_support.rb b/config/initializers/fog_google_list_objects_match_glob_support.rb
new file mode 100644
index 00000000000..37eacf33743
--- /dev/null
+++ b/config/initializers/fog_google_list_objects_match_glob_support.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# We force require this to trigger the autoload and so that our monkeypatch will
+# be applied in correct order, which is only after the class is loaded.
+require 'fog/storage/google_json/requests/list_objects'
+
+#
+# Monkey patching the list_objects to support match_glob parameter
+# See https://github.com/fog/fog-google/issues/614
+#
+module Fog
+  module Storage
+    class GoogleJSON
+      class Real
+        # This an identical copy of
+        # https://github.com/fog/fog-google/blob/v1.19.0/lib/fog/storage/google_json/requests/list_objects.rb
+        # with just match_glob added to the allowed_opts
+        def list_objects(bucket, options = {})
+          # rubocop: disable Style/PercentLiteralDelimiters -- this is an exact copy of the original method, just added match_glob here.
+          allowed_opts = %i(
+            delimiter
+            match_glob
+            max_results
+            page_token
+            prefix
+            projection
+            versions
+          )
+          # rubocop: enable Style/PercentLiteralDelimiters
+
+          # rubocop: disable Gitlab/ModuleWithInstanceVariables -- this is an exact copy of the original method
+          @storage_json.list_objects(
+            bucket,
+            **options.select { |k, _| allowed_opts.include? k }
+          )
+          # rubocop: enable Gitlab/ModuleWithInstanceVariables
+        end
+      end
+    end
+  end
+end
+
+# We just need to add the match_glob attribute support here
+module Fog
+  module Storage
+    class GoogleJSON
+      class Files < Fog::Collection
+        attribute :match_glob, aliases: "matchGlob"
+      end
+    end
+  end
+end
diff --git a/config/initializers/gitlab_http.rb b/config/initializers/gitlab_http.rb
index 8a84313a7fb..cd891f29584 100644
--- a/config/initializers/gitlab_http.rb
+++ b/config/initializers/gitlab_http.rb
@@ -24,3 +24,11 @@ Gitlab::HTTP_V2.configure do |config|
     Gitlab::SilentMode.log_info(message: message, outbound_http_request_method: http_method)
   end
 end
+
+if Gitlab.config.gitlab['http_client']
+  pem = File.read(Gitlab.config.gitlab['http_client']['tls_client_cert_file'])
+  password = Gitlab.config.gitlab['http_client']['tls_client_cert_password']
+
+  Gitlab::HTTP_V2::Client.pem(pem, password)
+  Gitlab::LegacyHTTP.pem(pem, password)
+end
diff --git a/config/initializers/macos.rb b/config/initializers/macos.rb
index 860167e12cd..7ec022add18 100644
--- a/config/initializers/macos.rb
+++ b/config/initializers/macos.rb
@@ -28,4 +28,12 @@ if RUBY_PLATFORM.include?('darwin')
   time_zone_name = CFTimeZone.CFTimeZoneGetName(default_time_zone)
   CFTimeZone.CFRelease(time_zone_name)
   CFTimeZone.CFRelease(default_time_zone)
+
+  # With curl v8.2.0, the thread unsafe macOS API call to
+  # SCDynamicStoreCopyProxies has been moved to the global init function
+  # (https://github.com/curl/curl/issues/11252). The Elasticsearch
+  # gem uses Typhoeus, which uses Ethon to wrap libcurl.
+  # Init curl to ensure Spring works
+  # (https://github.com/elastic/elasticsearch-ruby/issues/2244).
+  Ethon::Curl.init
 end
diff --git a/config/initializers/rspec_profiling.rb b/config/initializers/rspec_profiling.rb
index 5830a3d5af2..c5285dc389b 100644
--- a/config/initializers/rspec_profiling.rb
+++ b/config/initializers/rspec_profiling.rb
@@ -2,6 +2,8 @@
 
 return unless Rails.env.test?
 
+require 'gitlab_edition'
+
 module RspecProfilingExt
   module Collectors
     class CSVWithTimestamps < ::RspecProfiling::Collectors::CSV
@@ -30,7 +32,7 @@ module RspecProfilingExt
   module Git
     def branch
       if ENV['CI_COMMIT_REF_NAME']
-        "#{defined?(Gitlab::License) ? 'ee' : 'ce'}:#{ENV['CI_COMMIT_REF_NAME']}"
+        "#{GitlabEdition.ee? ? 'ee' : 'ce'}:#{ENV['CI_COMMIT_REF_NAME']}"
       else
         super&.chomp
       end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 733ad94240a..7f410d7bf7b 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -31,12 +31,16 @@ cookie_key = if Rails.env.development?
 
 store = Gitlab::Redis::Sessions.store(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE)
 
-Gitlab::Application.config.session_store(
-  :redis_store, # Using the cookie_store would enable session replay attacks.
-  redis_store: store,
-  key: cookie_key,
-  secure: Gitlab.config.gitlab.https,
-  httponly: true,
-  expires_in: Settings.gitlab['session_expire_delay'] * 60,
-  path: Rails.application.config.relative_url_root.presence || '/'
-)
+Rails.application.configure do
+  config.session_store(
+    :redis_store, # Using the cookie_store would enable session replay attacks.
+    redis_store: store,
+    key: cookie_key,
+    secure: Gitlab.config.gitlab.https,
+    httponly: true,
+    expires_in: Settings.gitlab['session_expire_delay'] * 60,
+    path: Rails.application.config.relative_url_root.presence || '/'
+  )
+
+  config.middleware.insert_after ActionDispatch::Session::RedisStore, Gitlab::Middleware::UnauthenticatedSessionExpiry
+end
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 8df12671f26..9b7233dbd14 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -28,26 +28,41 @@ def enable_semi_reliable_fetch_mode?
 end
 
 # Custom Queues configuration
-queues_config_hash = Gitlab::Redis::Queues.params
+queues_config_hash = Gitlab::Redis::Queues.redis_client_params
 
 enable_json_logs = Gitlab.config.sidekiq.log_format != 'text'
 
+# Sidekiq's `strict_args!` raises an exception by default in 7.0
+# https://github.com/sidekiq/sidekiq/blob/31bceff64e10d501323bc06ac0552652a47c082e/docs/7.0-Upgrade.md?plain=1#L59
+Sidekiq.strict_args!(false)
+
 Sidekiq.configure_server do |config|
   config[:strict] = false
   config[:queues] = Gitlab::SidekiqConfig.expand_queues(config[:queues])
 
   if enable_json_logs
-    config.log_formatter = Gitlab::SidekiqLogging::JSONFormatter.new
+    config.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new
     config[:job_logger] = Gitlab::SidekiqLogging::StructuredLogger
 
     # Remove the default-provided handler. The exception is logged inside
     # Gitlab::SidekiqLogging::StructuredLogger
-    config.error_handlers.delete(Sidekiq::DEFAULT_ERROR_HANDLER)
+    config.error_handlers.delete(Sidekiq::Config::ERROR_HANDLER)
   end
 
   Sidekiq.logger.info "Listening on queues #{config[:queues].uniq.sort}"
 
-  config.redis = queues_config_hash
+  # In Sidekiq 6.x, connection pools have a size of concurrency+5.
+  # ref: https://github.com/sidekiq/sidekiq/blob/v6.5.10/lib/sidekiq/redis_connection.rb#L93
+  #
+  # In Sidekiq 7.x, capsule connection pools have a size equal to its concurrency. Internal
+  # housekeeping pool has a size of 10.
+  # ref: https://github.com/sidekiq/sidekiq/blob/v7.1.6/lib/sidekiq/capsule.rb#L94
+  # ref: https://github.com/sidekiq/sidekiq/blob/v7.1.6/lib/sidekiq/config.rb#L133
+  #
+  # We restore the concurrency+5 in Sidekiq 7.x to ensure that we do not experience resource bottlenecks with Redis
+  # connections. The connections are created lazily so slightly over-provisioning a connection pool is not an issue.
+  # This also increases the internal redis pool from 10 to concurrency+5.
+  config.redis = queues_config_hash.merge({ size: config.concurrency + 5 })
 
   config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator(
     metrics: Settings.monitoring.sidekiq_exporter,
@@ -107,8 +122,8 @@ Sidekiq.configure_client do |config|
   # We only need to do this for other clients. If Sidekiq-server is the
   # client scheduling jobs, we have access to the regular sidekiq logger that
   # writes to STDOUT
-  Sidekiq.logger = Gitlab::SidekiqLogging::ClientLogger.build
-  Sidekiq.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new if enable_json_logs
+  config.logger = Gitlab::SidekiqLogging::ClientLogger.build
+  config.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new if enable_json_logs
 
   config.client_middleware(&Gitlab::SidekiqMiddleware.client_configurator)
 end
diff --git a/config/initializers/sidekiq_cluster.rb b/config/initializers/sidekiq_cluster.rb
index 5851e3bd838..4773152d912 100644
--- a/config/initializers/sidekiq_cluster.rb
+++ b/config/initializers/sidekiq_cluster.rb
@@ -19,7 +19,7 @@ if ENV['ENABLE_SIDEKIQ_CLUSTER']
       # Allow sidekiq to cleanly terminate and push any running jobs back
       # into the queue.  We use the configured timeout and add a small
       # grace period
-      sleep(Sidekiq[:timeout] + 5)
+      sleep(Sidekiq.default_configuration[:timeout] + 5)
 
       # Signaling the Sidekiq Pgroup as KILL is not forwarded to
       # a possible child process. In Sidekiq Cluster, all child Sidekiq