11 files changed, 59 insertions, 85 deletions

diff --git a/lib/api/entities/group_detail.rb b/lib/api/entities/group_detail.rb
index f3d64315203..9f3ced7d717 100644
--- a/lib/api/entities/group_detail.rb
+++ b/lib/api/entities/group_detail.rb
@@ -7,6 +7,7 @@ module API
         SharedGroupWithGroup.represent(group.shared_with_group_links_visible_to_user(options[:current_user]))
       end
       expose :runners_token, if: ->(_, options) { options[:user_can_admin_group] }
+      expose :enabled_git_access_protocol, if: ->(group, options) { group.root? && options[:user_can_admin_group] }
       expose :prevent_sharing_groups_outside_hierarchy,
         if: ->(group) { group.root? && group.namespace_settings.present? }
 
diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb
index fbe13bfe8f7..1861ef7c402 100644
--- a/lib/api/helpers/groups_helpers.rb
+++ b/lib/api/helpers/groups_helpers.rb
@@ -35,6 +35,7 @@ module API
           optional :developer_can_initial_push, type: Boolean, desc: 'Allow developers to initial push'
         end
         optional :shared_runners_setting, type: String, values: ::Namespace::SHARED_RUNNERS_SETTINGS, desc: 'Enable/disable shared runners for the group and its subgroups and projects'
+        optional :enabled_git_access_protocol, type: String, values: %w[ssh http all], desc: 'Allow only the selected protocols to be used for Git access.'
       end
 
       params :optional_params_ee do
diff --git a/lib/api/usage_data.rb b/lib/api/usage_data.rb
index 0d1c6cb2281..67bf2725988 100644
--- a/lib/api/usage_data.rb
+++ b/lib/api/usage_data.rb
@@ -2,6 +2,8 @@
 
 module API
   class UsageData < ::API::Base
+    include APIGuard
+
     before { authenticate_non_get! }
 
     feature_category :service_ping
@@ -12,6 +14,33 @@ module API
         forbidden!('Invalid CSRF token is provided') unless verified_request?
       end
 
+      resource :service_ping do
+        allow_access_with_scope :read_service_ping
+
+        before do
+          authenticated_as_admin!
+        end
+
+        desc 'Get the latest ServicePing payload' do
+          detail 'Introduces in Gitlab 16.9. Requires Personal Access Token with read_service_ping scope.'
+          success code: 200
+          failure [
+            { code: 401, message: '401 Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not found' }
+          ]
+          tags %w[usage_data]
+          produces ['application/json']
+        end
+
+        get do
+          content_type 'application/json'
+
+          Rails.cache.fetch(Gitlab::Usage::ServicePingReport::CACHE_KEY) ||
+            ::RawUsageData.for_current_reporting_cycle.first&.payload || {}
+        end
+      end
+
       desc 'Track usage data event' do
         detail 'This feature was introduced in GitLab 13.4.'
         success code: 200
diff --git a/lib/gitlab/click_house.rb b/lib/gitlab/click_house.rb
new file mode 100644
index 00000000000..81468ab2875
--- /dev/null
+++ b/lib/gitlab/click_house.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module ClickHouse
+    DATABASES = [:main].freeze
+
+    def self.configured?
+      DATABASES.all? { |db| ::ClickHouse::Client.database_configured?(db) }
+    end
+  end
+end
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index 6dee9a404f4..3ee46019a06 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -491,6 +491,8 @@ module Gitlab
     private_class_method :increment_call_count
 
     def self.decrement_call_count(key)
+      return unless Gitlab::SafeRequestStore[key]
+
       Gitlab::SafeRequestStore[key] -= 1
     end
     private_class_method :decrement_call_count
diff --git a/lib/gitlab/http.rb b/lib/gitlab/http.rb
index 958b415e18f..593ea4f721e 100644
--- a/lib/gitlab/http.rb
+++ b/lib/gitlab/http.rb
@@ -6,8 +6,6 @@
 # the usages to the new gem.
 #
 
-require_relative 'http_connection_adapter'
-
 module Gitlab
   class HTTP
     BlockedUrlError = Gitlab::HTTP_V2::BlockedUrlError
diff --git a/lib/gitlab/http_connection_adapter.rb b/lib/gitlab/http_connection_adapter.rb
deleted file mode 100644
index 8e9a63a9f7f..00000000000
--- a/lib/gitlab/http_connection_adapter.rb
+++ /dev/null
@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-# This class is part of the Gitlab::HTTP wrapper. It handles local requests and header timeouts
-#
-# 1. Local requests
-#   Depending on the value of the global setting allow_local_requests_from_web_hooks_and_services,
-#   this adapter will allow/block connection to internal IPs and/or urls.
-#
-#   This functionality can be overridden by providing the setting the option
-#   allow_local_requests = true in the request. For example:
-#   Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true)
-#
-#   This option will take precedence over the global setting.
-#
-# 2. Header timeouts
-#   When the use_read_total_timeout option is used, that means the receiver
-#   of the HTTP request cannot be trusted. Gitlab::BufferedIo will be used,
-#   to read header data. It is a modified version of Net::BufferedIO that
-#   raises a timeout error if reading header data takes too much time.
-
-require_relative 'utils/override'
-
-module Gitlab
-  class HTTPConnectionAdapter < HTTParty::ConnectionAdapter
-    extend ::Gitlab::Utils::Override
-
-    override :connection
-    def connection
-      result = validate_url_with_proxy!(uri)
-      @uri = result.uri
-      hostname = result.hostname
-
-      http = super
-      http.hostname_override = hostname if hostname
-
-      unless result.use_proxy
-        http.proxy_from_env = false
-        http.proxy_address = nil
-      end
-
-      gitlab_http = Gitlab::NetHttpAdapter.new(http.address, http.port)
-
-      http.instance_variables.each do |variable|
-        gitlab_http.instance_variable_set(variable, http.instance_variable_get(variable))
-      end
-
-      gitlab_http
-    end
-
-    private
-
-    def validate_url_with_proxy!(url)
-      Gitlab::UrlBlocker.validate_url_with_proxy!(
-        url, allow_local_network: allow_local_requests?,
-        allow_localhost: allow_local_requests?,
-        allow_object_storage: allow_object_storage?,
-        dns_rebind_protection: dns_rebind_protection?,
-        schemes: %w[http https])
-    rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
-      raise Gitlab::HTTP::BlockedUrlError, "URL is blocked: #{e.message}"
-    end
-
-    def allow_local_requests?
-      options.fetch(:allow_local_requests, allow_settings_local_requests?)
-    end
-
-    def allow_object_storage?
-      options.fetch(:allow_object_storage, false)
-    end
-
-    def dns_rebind_protection?
-      Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
-    end
-
-    def allow_settings_local_requests?
-      Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
-    end
-  end
-end
diff --git a/lib/gitlab/import_export/remote_stream_upload.rb b/lib/gitlab/import_export/remote_stream_upload.rb
index 1fb3faf0767..8f761cf37bb 100644
--- a/lib/gitlab/import_export/remote_stream_upload.rb
+++ b/lib/gitlab/import_export/remote_stream_upload.rb
@@ -77,7 +77,10 @@ module Gitlab
       attr_reader :download_url, :upload_url, :upload_method, :upload_content_type, :logger
 
       def receive_data(uri)
-        http = Gitlab::HTTPConnectionAdapter.new(URI(uri), {}).connection
+        http = Gitlab::HTTP_V2::NewConnectionAdapter.new(URI(uri), {
+          allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?,
+          dns_rebind_protection: Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
+        }).connection
 
         http.start do
           request = Net::HTTP::Get.new(uri)
@@ -95,7 +98,10 @@ module Gitlab
       end
 
       def send_data(uri, content_length, chunks)
-        http = Gitlab::HTTPConnectionAdapter.new(URI(uri), {}).connection
+        http = Gitlab::HTTP_V2::NewConnectionAdapter.new(URI(uri), {
+          allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?,
+          dns_rebind_protection: Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
+        }).connection
 
         http.start do
           request = upload_request_class(upload_method).new(uri)
diff --git a/lib/gitlab/metrics/global_search_slis.rb b/lib/gitlab/metrics/global_search_slis.rb
index 530bebd72ab..1da0ad6797b 100644
--- a/lib/gitlab/metrics/global_search_slis.rb
+++ b/lib/gitlab/metrics/global_search_slis.rb
@@ -8,6 +8,7 @@ module Gitlab
         # gathered on 25-10-2022
         # from https://log.gprd.gitlab.net/goto/0c89cd80-23af-11ed-8656-f5f2137823ba (internal only)
         BASIC_CONTENT_TARGET_S = 8.812
+        BASIC_MR_TARGET_S = 15
         BASIC_CODE_TARGET_S = 27.538
         ADVANCED_CONTENT_TARGET_S = 2.452
         ADVANCED_CODE_TARGET_S = 15.52
@@ -35,7 +36,9 @@ module Gitlab
         private
 
         def duration_target(search_type, search_scope)
-          if search_type == 'basic' && content_search?(search_scope)
+          if search_type == 'basic' && search_scope == 'merge_requests'
+            BASIC_MR_TARGET_S
+          elsif search_type == 'basic' && content_search?(search_scope)
             BASIC_CONTENT_TARGET_S
           elsif search_type == 'basic' && code_search?(search_scope)
             BASIC_CODE_TARGET_S
diff --git a/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb b/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb
index adeb0524567..c1d33885a40 100644
--- a/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb
+++ b/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb
@@ -9,7 +9,7 @@ module Gitlab
           def should_pause?
             return false unless Feature.enabled?(:pause_clickhouse_workers_during_migration)
 
-            ClickHouse::MigrationSupport::ExclusiveLock.pause_workers?
+            ::ClickHouse::MigrationSupport::ExclusiveLock.pause_workers?
           end
         end
       end
diff --git a/lib/tasks/gitlab/assets.rake b/lib/tasks/gitlab/assets.rake
index b8a6e701876..16b0f5bedba 100644
--- a/lib/tasks/gitlab/assets.rake
+++ b/lib/tasks/gitlab/assets.rake
@@ -101,6 +101,8 @@ namespace :gitlab do
         # gettext:compile needs to run before rake:assets:precompile because
         # app/assets/javascripts/locale/**/app.js are pre-compiled by Sprockets
         Gitlab::TaskHelpers.invoke_and_time_task('gettext:compile')
+        # Skip Yarn Install when using Cssbundling
+        Rake::Task["css:install"].clear if defined?(Cssbundling)
         Gitlab::TaskHelpers.invoke_and_time_task('rake:assets:precompile')
 
         log_path = ENV['WEBPACK_COMPILE_LOG_PATH']