From 20d532d397a1fde3104f67c656adf8f581ae6bd3 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 2 Jul 2021 21:07:51 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .../projects/merge_requests_controller.rb     |  1 -
 app/views/admin/projects/show.html.haml       |  7 +++--
 .../development/approvals_commented_by.yml    |  8 -----
 .../secret_detection/index.md                 | 15 ++++++++++
 lib/api/helpers/caching.rb                    | 27 ++++++++++++-----
 spec/lib/api/helpers/caching_spec.rb          | 30 +++++++++++++++++--
 spec/requests/api/branches_spec.rb            |  8 +++++
 7 files changed, 76 insertions(+), 20 deletions(-)
 delete mode 100644 config/feature_flags/development/approvals_commented_by.yml

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index a18ba5f30bc..3f50fbafbcf 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -30,7 +30,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   before_action :check_user_can_push_to_source_branch!, only: [:rebase]
   before_action only: [:show] do
     push_frontend_feature_flag(:file_identifier_hash)
-    push_frontend_feature_flag(:approvals_commented_by, @project, default_enabled: true)
     push_frontend_feature_flag(:merge_request_widget_graphql, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:default_merge_ref_for_diffs, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:core_security_mr_widget_counts, @project)
diff --git a/app/views/admin/projects/show.html.haml b/app/views/admin/projects/show.html.haml
index 637a48d09b0..34cdd173df0 100644
--- a/app/views/admin/projects/show.html.haml
+++ b/app/views/admin/projects/show.html.haml
@@ -15,8 +15,11 @@
 - if @project.last_repository_check_failed?
   .row
     .col-md-12
-      .gl-alert.gl-alert-danger.gl-mb-5{ data: { testid: 'last-repository-check-failed-alert' } }
-        = sprite_icon('error', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+      = render 'shared/global_alert',
+        variant: :danger,
+        alert_class: 'gl-mb-5',
+        alert_data: { testid: 'last-repository-check-failed-alert' },
+        is_container: true do
         .gl-alert-body
           - last_check_message = _("Last repository check (%{last_check_timestamp}) failed. See the 'repocheck.log' file for error messages.")
           - last_check_message = last_check_message % { last_check_timestamp: time_ago_with_tooltip(@project.last_repository_check_at) }
diff --git a/config/feature_flags/development/approvals_commented_by.yml b/config/feature_flags/development/approvals_commented_by.yml
deleted file mode 100644
index 55619b0e2db..00000000000
--- a/config/feature_flags/development/approvals_commented_by.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: approvals_commented_by
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38136
-rollout_issue_url: 
-milestone: '13.3'
-type: development
-group: group::source code
-default_enabled: true
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 83f02717de3..4805c2a7a50 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -350,6 +350,21 @@ Support for custom certificate authorities was introduced in the following versi
 | -------- | ------- |
 | secrets | [v3.0.0](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/releases/v3.0.0) |
 
+To trust a custom Certificate Authority, set the `ADDITIONAL_CA_CERT_BUNDLE` variable to the bundle
+of CA certs that you want to trust in the SAST environment. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+
+```yaml
+variables:
+  ADDITIONAL_CA_CERT_BUNDLE: |
+      -----BEGIN CERTIFICATE-----
+      MIIGqTCCBJGgAwIBAgIQI7AVxxVwg2kch4d56XNdDjANBgkqhkiG9w0BAQsFADCB
+      ...
+      jWgmPqF3vUbZE0EyScetPJquRFRKIesyJuBFMAs=
+      -----END CERTIFICATE-----
+```
+
+The `ADDITIONAL_CA_CERT_BUNDLE` value can also be configured as a [custom variable in the UI](../../../ci/variables/index.md#custom-cicd-variables), either as a `file`, which requires the path to the certificate, or as a variable, which requires the text representation of the certificate.
+
 ### Set Secret Detection CI/CD variables to use local Secret Detection analyzer
 
 Add the following configuration to your `.gitlab-ci.yml` file. You must replace
diff --git a/lib/api/helpers/caching.rb b/lib/api/helpers/caching.rb
index dfb9708dd3c..add771e4a40 100644
--- a/lib/api/helpers/caching.rb
+++ b/lib/api/helpers/caching.rb
@@ -14,6 +14,12 @@ module API
         race_condition_ttl: 5.seconds
       }.freeze
 
+      # @return Integer
+      VERSION = 1
+
+      # @return [Array]
+      PAGINATION_HEADERS = %w[X-Per-Page X-Page X-Next-Page X-Prev-Page Link X-Total X-Total-Pages].freeze
+
       # This is functionally equivalent to the standard `#present` used in
       # Grape endpoints, but the JSON for the object, or for each object of
       # a collection, will be cached.
@@ -72,15 +78,22 @@ module API
       # @param key [Object] any object that can be converted into a cache key
       # @param expires_in [ActiveSupport::Duration, Integer] an expiry time for the cache entry
       # @return [Gitlab::Json::PrecompiledJson]
-      def cache_action(key, **cache_opts)
-        json = cache.fetch(key, **apply_default_cache_options(cache_opts)) do
+      def cache_action(key, **custom_cache_opts)
+        cache_opts = apply_default_cache_options(custom_cache_opts)
+
+        json, cached_headers = cache.fetch([key, VERSION], **cache_opts) do
           response = yield
 
-          if response.is_a?(Gitlab::Json::PrecompiledJson)
-            response.to_s
-          else
-            Gitlab::Json.dump(response.as_json)
-          end
+          cached_body = response.is_a?(Gitlab::Json::PrecompiledJson) ? response.to_s : Gitlab::Json.dump(response.as_json)
+          cached_headers = header.slice(*PAGINATION_HEADERS)
+
+          [cached_body, cached_headers]
+        end
+
+        cached_headers.each do |key, value|
+          next if header.key?(key)
+
+          header key, value
         end
 
         body Gitlab::Json::PrecompiledJson.new(json)
diff --git a/spec/lib/api/helpers/caching_spec.rb b/spec/lib/api/helpers/caching_spec.rb
index 1953c65874d..0cc9e87928e 100644
--- a/spec/lib/api/helpers/caching_spec.rb
+++ b/spec/lib/api/helpers/caching_spec.rb
@@ -3,7 +3,7 @@
 require "spec_helper"
 
 RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do
-  subject(:instance) { Class.new.include(described_class).new }
+  subject(:instance) { Class.new.include(described_class, Grape::DSL::Headers).new }
 
   let_it_be(:project) { create(:project) }
   let_it_be(:user) { create(:user) }
@@ -81,7 +81,7 @@ RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do
       expected_kwargs = described_class::DEFAULT_CACHE_OPTIONS.merge(kwargs)
 
       expect(expensive_thing).to receive(:do_very_expensive_action).once
-      expect(instance.cache).to receive(:fetch).with(cache_key, **expected_kwargs).exactly(5).times.and_call_original
+      expect(instance.cache).to receive(:fetch).with([cache_key, 1], **expected_kwargs).exactly(5).times.and_call_original
 
       5.times { perform }
     end
@@ -95,6 +95,32 @@ RSpec.describe API::Helpers::Caching, :use_clean_rails_redis_caching do
 
       expect(nested_call.to_s).to eq(subject.to_s)
     end
+
+    context 'Cache for pagination headers' do
+      described_class::PAGINATION_HEADERS.each do |pagination_header|
+        context pagination_header do
+          before do
+            instance.header(pagination_header, 100)
+          end
+
+          it 'stores and recovers pagination headers from cache' do
+            expect { perform }.not_to change { instance.header[pagination_header] }
+
+            instance.header.delete(pagination_header)
+
+            expect { perform }.to change { instance.header[pagination_header] }.from(nil).to(100)
+          end
+
+          it 'prefers headers from request than from cache' do
+            expect { perform }.not_to change { instance.header[pagination_header] }
+
+            instance.header(pagination_header, 50)
+
+            expect { perform }.not_to change { instance.header[pagination_header] }.from(50)
+          end
+        end
+      end
+    end
   end
 
   describe "#cache_action_if" do
diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb
index e0a279d6ea4..77bb2a5100f 100644
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -75,6 +75,14 @@ RSpec.describe API::Branches do
 
             check_merge_status(json_response)
           end
+
+          it 'recovers pagination headers from cache between consecutive requests' do
+            2.times do
+              get api(route, current_user), params: base_params
+
+              expect(response.headers).to include('X-Page')
+            end
+          end
         end
 
         context 'with gitaly pagination params' do