6 files changed, 22 insertions, 15 deletions

diff --git a/lib/api/ci/helpers/runner.rb b/lib/api/ci/helpers/runner.rb
index 43ed35b99fd..173cfc9a59a 100644
--- a/lib/api/ci/helpers/runner.rb
+++ b/lib/api/ci/helpers/runner.rb
@@ -104,10 +104,7 @@ module API
         def set_application_context
           return unless current_job
 
-          Gitlab::ApplicationContext.push(
-            user: -> { current_job.user },
-            project: -> { current_job.project }
-          )
+          Gitlab::ApplicationContext.push(job: current_job)
         end
 
         def track_ci_minutes_usage!(_build, _runner)
diff --git a/lib/api/ci/job_artifacts.rb b/lib/api/ci/job_artifacts.rb
index 9f59eea5013..0800993602b 100644
--- a/lib/api/ci/job_artifacts.rb
+++ b/lib/api/ci/job_artifacts.rb
@@ -28,7 +28,7 @@ module API
           requires :job,      type: String, desc: 'The name for the job'
         end
         route_setting :authentication, job_token_allowed: true
-        get ':id/jobs/artifacts/:ref_name/download',
+        get ':id/jobs/artifacts/:ref_name/download', urgency: :low,
           requirements: { ref_name: /.+/ } do
             authorize_download_artifacts!
 
@@ -87,7 +87,7 @@ module API
           requires :artifact_path, type: String, desc: 'Artifact path'
         end
         route_setting :authentication, job_token_allowed: true
-        get ':id/jobs/:job_id/artifacts/*artifact_path', format: false do
+        get ':id/jobs/:job_id/artifacts/*artifact_path', urgency: :low, format: false do
           authorize_download_artifacts!
 
           build = find_build!(params[:job_id])
@@ -100,7 +100,11 @@ module API
 
           bad_request! unless path.valid?
 
-          send_artifacts_entry(build.artifacts_file, path)
+          # This endpoint is being used for Artifact Browser feature that renders the content via pages.
+          # Since Content-Type is controlled by Rails and Workhorse, if a wrong
+          # content-type is sent, it could cause a regression on pages rendering.
+          # See https://gitlab.com/gitlab-org/gitlab/-/issues/357078 for more information.
+          legacy_send_artifacts_entry(build.artifacts_file, path)
         end
 
         desc 'Keep the artifacts to prevent them from being deleted' do
@@ -140,8 +144,6 @@ module API
 
         desc 'Expire the artifacts files from a project'
         delete ':id/artifacts' do
-          not_found! unless Feature.enabled?(:bulk_expire_project_artifacts, default_enabled: :yaml)
-
           authorize_destroy_artifacts!
 
           ::Ci::JobArtifacts::DeleteProjectArtifactsService.new(project: user_project).execute
diff --git a/lib/api/ci/jobs.rb b/lib/api/ci/jobs.rb
index d9d0da2e4d1..86897eb61ae 100644
--- a/lib/api/ci/jobs.rb
+++ b/lib/api/ci/jobs.rb
@@ -114,11 +114,14 @@ module API
 
           build = find_build!(params[:job_id])
           authorize!(:update_build, build)
-          break forbidden!('Job is not retryable') unless build.retryable?
 
-          build = ::Ci::Build.retry(build, current_user)
+          response = ::Ci::RetryJobService.new(@project, current_user).execute(build)
 
-          present build, with: Entities::Ci::Job
+          if response.success?
+            present response[:job], with: Entities::Ci::Job
+          else
+            forbidden!('Job is not retryable')
+          end
         end
 
         desc 'Erase job (remove artifacts and the trace)' do
@@ -194,7 +197,7 @@ module API
 
           pipeline = current_authenticated_job.pipeline
           project = current_authenticated_job.project
-          agent_authorizations = Clusters::AgentAuthorizationsFinder.new(project).execute
+          agent_authorizations = ::Clusters::AgentAuthorizationsFinder.new(project).execute
           project_groups = project.group&.self_and_ancestor_ids&.map { |id| { id: id } } || []
           user_access_level = project.team.max_member_access(current_user.id)
           roles_in_project = Gitlab::Access.sym_options_with_owner
diff --git a/lib/api/ci/pipelines.rb b/lib/api/ci/pipelines.rb
index 2d7a437ca08..8d2c58dabdf 100644
--- a/lib/api/ci/pipelines.rb
+++ b/lib/api/ci/pipelines.rb
@@ -146,7 +146,7 @@ module API
           use :pagination
         end
 
-        get ':id/pipelines/:pipeline_id/bridges', feature_category: :pipeline_authoring do
+        get ':id/pipelines/:pipeline_id/bridges', urgency: :low, feature_category: :pipeline_authoring do
           authorize!(:read_build, user_project)
 
           pipeline = user_project.all_pipelines.find(params[:pipeline_id])
diff --git a/lib/api/ci/secure_files.rb b/lib/api/ci/secure_files.rb
index d5b21e2ef29..ee39bdfd90c 100644
--- a/lib/api/ci/secure_files.rb
+++ b/lib/api/ci/secure_files.rb
@@ -54,6 +54,7 @@ module API
 
         resource do
           before do
+            read_only_feature_flag_enabled?
             authorize! :admin_secure_files, user_project
           end
 
@@ -97,6 +98,10 @@ module API
         def feature_flag_enabled?
           service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project, default_enabled: :yaml)
         end
+
+        def read_only_feature_flag_enabled?
+          service_unavailable! if Feature.enabled?(:ci_secure_files_read_only, user_project, type: :ops, default_enabled: :yaml)
+        end
       end
     end
   end
diff --git a/lib/api/ci/variables.rb b/lib/api/ci/variables.rb
index 9c04d5e9923..ec9951aba0d 100644
--- a/lib/api/ci/variables.rb
+++ b/lib/api/ci/variables.rb
@@ -23,7 +23,7 @@ module API
         params do
           use :pagination
         end
-        get ':id/variables' do
+        get ':id/variables', urgency: :low do
           variables = user_project.variables
           present paginate(variables), with: Entities::Ci::Variable
         end