2025-07-29 12:00:32 +00:00 · 2025-05-22 21:07:49 +00:00
parent eda8522f83
commit 6d6df5b256
32 changed files with 336 additions and 132 deletions
--- a/.eslint_todo/vue-no-unused-properties.mjs
+++ b/.eslint_todo/vue-no-unused-properties.mjs
@ -313,9 +313,6 @@ export default {
    'ee/app/assets/javascripts/projects/components/move_personal_project_to_group_modal.vue',
    'ee/app/assets/javascripts/projects/merge_requests/blocking_mr_input_root.vue',
    'ee/app/assets/javascripts/projects/settings/branch_rules/components/view/index.vue',
    'ee/app/assets/javascripts/requirements/components/export_requirements_modal.vue',
    'ee/app/assets/javascripts/requirements/components/import_requirements_modal.vue',
    'ee/app/assets/javascripts/requirements/components/requirements_root.vue',
    'ee/app/assets/javascripts/roadmap/components/current_day_indicator.vue',
    'ee/app/assets/javascripts/roadmap/components/epic_item.vue',
    'ee/app/assets/javascripts/roadmap/components/epic_item_details.vue',
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@ -582,6 +582,7 @@ lib/gitlab/checks/**
 /doc/administration/application_settings_cache.md @jglassman1
 /doc/administration/auditor_users.md @idurham
 /doc/administration/auth/ @idurham
 /doc/administration/backup_restore/ @axil
 /doc/administration/broadcast_messages.md @sselhorn
 /doc/administration/cells.md @emily.sahlani
 /doc/administration/cicd/ @lyspin
@ -658,7 +659,7 @@ lib/gitlab/checks/**
 /doc/administration/raketasks/tokens/ @idurham
 /doc/administration/raketasks/x509_signatures.md @brendan777
 /doc/administration/read_only_gitlab.md @axil @eread
-/doc/administration/redis/ @axil @eread
+/doc/administration/redis/ @axil
 /doc/administration/reference_architectures/ @axil @eread
 /doc/administration/reply_by_email.md @lciutacu
 /doc/administration/reply_by_email_postfix_setup.md @axil @eread
@ -704,8 +705,7 @@ lib/gitlab/checks/**
 /doc/administration/settings/third_party_offers.md @phillipwells
 /doc/administration/settings/visibility_and_access_controls.md @brendan777
 /doc/administration/settings/vscode_extension_marketplace.md @brendan777
-/doc/administration/sidekiq/ @axil @eread
+/doc/administration/sidekiq/ @axil
 /doc/administration/sidekiq/sidekiq_memory_killer.md @jglassman1
 /doc/administration/silent_mode/ @axil
 /doc/administration/smime_signing_email.md @axil @eread
 /doc/administration/snippets/ @brendan777
@ -953,6 +953,7 @@ lib/gitlab/checks/**
 /doc/development/cascading_settings.md @gitlab-org/foundations/engineering
 /doc/development/cells/ @OmarQunsulGitlab @bmarjanovic
 /doc/development/cicd/ @gitlab-org/maintainers/cicd-verify
 /doc/development/compromised_password_detection.md @gitlab-org/software-supply-chain-security/authentication/approvers
 /doc/development/contributing/verify/ @gitlab-org/maintainers/cicd-verify
 /doc/development/database/ @OmarQunsulGitlab @bmarjanovic
 /doc/development/distributed_tracing.md @gitlab-org/analytics-section/product-analytics/engineers/frontend
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@ -74,6 +74,8 @@ compile-production-assets as-if-foss:
    - .qa:rules:test-on-omnibus-ce:follow-up
 compile-test-assets:
  variables:
    BABEL_ENV: "$BABEL_ENV"
  extends:
    - .compile-assets-base
    - .frontend:rules:compile-test-assets
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -2025,6 +2025,8 @@
      variables:
        <<: *qa-e2e-test-schedule-variables
        COVERBAND_ENABLED: "true"
        BABEL_ENV: "istanbul" # This sets the environmental variable enabling `istanbul` plugin in Babel
        # https://gitlab.com/gitlab-org/gitlab/-/blob/master/babel.config.js
        QA_RUN_IN_PARALLEL: "false"
 .qa:rules:e2e:test-on-cng:
--- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
@ -56,6 +56,7 @@ workflow:
      job: clone-gitlab-repo
  variables:
    COVERBAND_ENABLED: "$COVERBAND_ENABLED"  # explicitly define variable so it is passed in to gdk service container
    BABEL_ENV: "$BABEL_ENV"
    GITLAB_CRON_JOBS_POLL_INTERVAL: "0"
    GITLAB_DEVELOPMENT_USE_PRECOMPILED_ASSETS: "true"
    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
--- a/app/assets/javascripts/blob/line_highlighter.js
+++ b/app/assets/javascripts/blob/line_highlighter.js
@ -1,6 +1,7 @@
 /* eslint-disable func-names, no-underscore-dangle, no-param-reassign, consistent-return */
 import { scrollToElement } from '~/lib/utils/common_utils';
 import { updateHash } from '~/blob/state';
 // LineHighlighter
 //
@ -174,6 +175,7 @@ LineHighlighter.prototype.setHash = function (firstLineNumber, lastLineNumber) {
    hash = `#L${firstLineNumber}`;
  }
  this._hash = hash;
  updateHash(hash);
  return this.__setLocationHash__(hash);
 };
--- a/app/assets/javascripts/blob/state.js
+++ b/app/assets/javascripts/blob/state.js
@ -4,6 +4,6 @@ export const hashState = Vue.observable({
  currentHash: window.location.hash,
 });
-export const updateLineNumber = (lineNumber) => {
+export const updateHash = (newHash) => {
-  hashState.currentHash = lineNumber;
+  hashState.currentHash = newHash;
 };
--- a/app/assets/javascripts/repository/components/header_area/permalink_dropdown_item.vue
+++ b/app/assets/javascripts/repository/components/header_area/permalink_dropdown_item.vue
@ -6,9 +6,8 @@ import { InternalEvents } from '~/tracking';
 import { keysFor, PROJECT_FILES_GO_TO_PERMALINK } from '~/behaviors/shortcuts/keybindings';
 import { Mousetrap } from '~/lib/mousetrap';
 import { shouldDisableShortcuts } from '~/behaviors/shortcuts/shortcuts_toggle';
-import { getBaseURL, relativePathToAbsolute } from '~/lib/utils/url_utility';
+import { hashState, updateHash } from '~/blob/state';
-import { hashState } from '~/blob/state';
+import { getAbsolutePermalinkPath } from './utils';
 import { getPageParamValue, getPageSearchString } from '~/blob/utils';
 Vue.use(GlToast);
@ -41,26 +40,22 @@ export default {
      return shouldDisableShortcuts();
    },
    absolutePermalinkPath() {
-      const baseAbsolutePath = relativePathToAbsolute(this.permalinkPath, getBaseURL());
+      return getAbsolutePermalinkPath(this.permalinkPath, hashState.currentHash);
      if (hashState.currentHash) {
        const page = getPageParamValue(hashState.currentHash);
        const searchString = getPageSearchString(baseAbsolutePath, page);
        if (Number.isNaN(Number(hashState.currentHash))) {
          return `${baseAbsolutePath}${searchString}${hashState.currentHash}`;
        }
        return `${baseAbsolutePath}${searchString}#L${hashState.currentHash}`;
      }
      return baseAbsolutePath;
    },
  },
  mounted() {
    this.mousetrap = new Mousetrap();
    this.mousetrap.bind(keysFor(PROJECT_FILES_GO_TO_PERMALINK), this.triggerCopyPermalink);
    window.addEventListener('hashchange', this.onHashChange);
  },
  beforeDestroy() {
    this.mousetrap.unbind(keysFor(PROJECT_FILES_GO_TO_PERMALINK));
    window.removeEventListener('hashchange', this.onHashChange);
  },
  methods: {
    onHashChange() {
      updateHash(window.location.hash || '');
    },
    triggerCopyPermalink() {
      const buttonElement = this.$refs.copyPermalinkButton.$el;
      buttonElement.click();
--- a/app/assets/javascripts/repository/components/header_area/utils.js
+++ b/app/assets/javascripts/repository/components/header_area/utils.js
@ -0,0 +1,25 @@
 import { getBaseURL, relativePathToAbsolute } from '~/lib/utils/url_utility';
 import { getPageParamValue, getPageSearchString } from '~/blob/utils';
 /**
 * Generates an absolute permalink path with proper handling of URL hash
 *
 * @param {String} permalinkPath - The relative permalink path
 * @param {String} hash - The URL hash (after #)
 * @returns {String} - The absolute permalink path with hash handling
 */
 export const getAbsolutePermalinkPath = (permalinkPath, inputHash) => {
  const baseAbsolutePath = relativePathToAbsolute(permalinkPath, getBaseURL());
  const hash = inputHash || '';
  const page = getPageParamValue(hash);
  const searchString = getPageSearchString(baseAbsolutePath, page);
  // Ensure hash starts with # if it doesn't already
  let normalizedHash = '';
  if (hash.trim()) {
    normalizedHash = hash.startsWith('#') ? hash : `#${hash}`;
  }
  return `${baseAbsolutePath}${searchString}${normalizedHash}`;
 };
--- a/app/assets/javascripts/vue_shared/components/source_viewer/components/chunk.vue
+++ b/app/assets/javascripts/vue_shared/components/source_viewer/components/chunk.vue
@ -6,7 +6,6 @@ import { GlIntersectionObserver } from '@gitlab/ui';
 import SafeHtml from '~/vue_shared/directives/safe_html';
 import { getPageParamValue, getPageSearchString } from '~/blob/utils';
 import { addInteractionClass } from '~/code_navigation/utils';
 import { updateLineNumber } from '~/blob/state';
 /*
 * We only highlight the chunk that is currently visible to the user.
@ -105,10 +104,6 @@ export default {
      this.hasAppeared = true;
      this.$emit('appear');
    },
    handleOnClick(event) {
      const { lineNumber } = event.target.dataset;
      updateLineNumber(lineNumber);
    },
    calculateLineNumber(index) {
      return this.startingFrom + index + 1;
    },
@ -148,7 +143,6 @@ export default {
          class="file-line-num gl-select-none !gl-shadow-none"
          :href="`#L${calculateLineNumber(index)}`"
          :data-line-number="calculateLineNumber(index)"
          @click="handleOnClick"
        >
          {{ calculateLineNumber(index) }}
        </a>
--- a/app/views/dashboard/milestones/index.html.haml
+++ b/app/views/dashboard/milestones/index.html.haml
@ -7,10 +7,9 @@
      = render 'shared/new_project_item_vue_select'
 - if @milestone_states.any? { |name, count| count > 0 }
-  .top-area
+  .gl-flex.gl-flex-wrap.gl-items-center.gl-flex-wrap-reverse.gl-border-b
    = render 'shared/milestones_filter', counts: @milestone_states
-    .nav-controls
+    = render 'shared/milestones/search_form'
      = render 'shared/milestones/search_form'
  - if @milestones.blank?
    = render 'shared/empty_states/milestones_tab', active_tab: params[:state] do
--- a/app/views/layouts/_page.html.haml
+++ b/app/views/layouts/_page.html.haml
@ -41,6 +41,7 @@
      = dispensable_render_if_exists "shared/new_user_signups_cap_reached_alert"
      = dispensable_render_if_exists "shared/silent_mode_banner"
      = dispensable_render_if_exists "shared/pipl_compliance_alert"
      = dispensable_render_if_exists "shared/compromised_password_detection_alert"
      = yield :page_level_alert
    -# Top bar
--- a/babel.config.js
+++ b/babel.config.js
@ -1,5 +1,7 @@
 const coreJSVersion = require('./node_modules/core-js/package.json').version;
 console.debug(`BABEL_ENV inside Babel config is: ${process.env.BABEL_ENV}`);
 let presets = [
  [
    '@babel/preset-env',
--- a/config/feature_flags/beta/revalidate_gpg_fingerprints.yml
+++ b/config/feature_flags/beta/revalidate_gpg_fingerprints.yml
@ -1,9 +0,0 @@
 ---
 name: revalidate_gpg_fingerprints
 feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349505
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/182738
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/534717
 milestone: '17.11'
 group: group::source code
 type: beta
 default_enabled: true
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@ -89,6 +89,8 @@ if (WEBPACK_REPORT) {
  NO_HASHED_CHUNKS = true;
 }
 console.debug(`BABEL_ENV inside Webpack is: ${process.env.BABEL_ENV}`);
 const devtool = IS_PRODUCTION ? 'source-map' : 'cheap-module-eval-source-map';
 const incrementalCompiler = createIncrementalWebpackCompiler(
--- a/doc/api/graphql/reference/_index.md
+++ b/doc/api/graphql/reference/_index.md
@ -2068,6 +2068,7 @@ Input type: `AiActionInput`
 | <a id="mutationaiactionplatformorigin"></a>`platformOrigin` | [`String`](#string) | Specifies the origin platform of the request. |
 | <a id="mutationaiactionprojectid"></a>`projectId` | [`ProjectID`](#projectid) | Global ID of the project the user is acting on. |
 | <a id="mutationaiactionresolvevulnerability"></a>`resolveVulnerability` | [`AiResolveVulnerabilityInput`](#airesolvevulnerabilityinput) | Input for resolve_vulnerability AI action. |
 | <a id="mutationaiactionrootnamespaceid"></a>`rootNamespaceId` | [`NamespaceID`](#namespaceid) | Global ID of the top-level namespace the user is acting on. |
 | <a id="mutationaiactionsummarizecomments"></a>`summarizeComments` | [`AiSummarizeCommentsInput`](#aisummarizecommentsinput) | Input for summarize_comments AI action. |
 | <a id="mutationaiactionsummarizenewmergerequest"></a>`summarizeNewMergeRequest` | [`AiSummarizeNewMergeRequestInput`](#aisummarizenewmergerequestinput) | Input for summarize_new_merge_request AI action. |
 | <a id="mutationaiactionsummarizereview"></a>`summarizeReview` | [`AiSummarizeReviewInput`](#aisummarizereviewinput) | Input for summarize_review AI action. |
--- a/doc/development/duo_workflow/_index.md
+++ b/doc/development/duo_workflow/_index.md
@ -37,3 +37,39 @@ There is no need to set up the backend components of Duo Workflow to test change
 A local build of the UI is required if you are making Duo Workflow UI changes that you need to view locally. A local build is also required if you want to use a version of the UI that has not been released yet.
 Refer to the [GitLab Duo Workflow README](https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/blob/main/packages/webview_duo_workflow/README.md) file in the Language Server project to get started with local development of GitLab Duo Workflow UI.
 ## Development settings
 Each of these settings can be turned on in your user settings in VS Code.
 ### Change view type
 Enable the Duo Workflow as a sidepanel instead of fullview. This is going to be the default for public beta.
 `"gitlab.featureFlags.duoWorkflowPanel": true,`
 ### Executor type
 Allow to define which Duo Workflow executor is selected. Accepts:
 - `shell` - Current default, runs the go binary directly on the user's machine
 - `docker` - Runs the go binary inside a Docker container (deprecated)
 - `node` - Runs a nodeJs/TypeScript executor directly inside the languge server. Expected to become the default.
 `"gitlab.duo.workflow.executor": "node",`
 ### Workflow graph
 Experimental settings that allow Duo Workflow graph to be swapped. Includes:
 - `software_development` - default
 - `chat` - used by agentic chat
 - `search_and_replace` - Used to scan large number of files and replace results with specific instructions
 `"gitlab.duo.workflow.graph": "software_development",`
 ### Tool approval
 Allow users to get access to tools that require approval such as running terminal commands.
 `"gitlab.duo.workflow.toolApproval": true`
--- a/doc/development/testing_guide/end_to_end/troubleshooting.md
+++ b/doc/development/testing_guide/end_to_end/troubleshooting.md
@ -66,3 +66,23 @@ For example, if your IP is `192.168.0.12`:
 ```shell
 bundle exec bin/qa Test::Instance::All http://192.168.0.12:3000
 ```
 ## Tests sign out when visiting a page
 If the tests sign in successfully as a test user, but then unexpectedly sign out, you might be using an
 incorrect URL to execute the test. By default, tests use the URL `http://127.0.0.1:3000`, but if a hostname
 has been configured for the instance, you must explicitly pass that hostname to the tests. The tests use
 the `web_url` returned by the API to go to different pages. They go to the configured hostname, rather than
 `http://127.0.0.1:3000`, so the test user appears signed out.
 This example runs the tests against `http://127.0.0.1:3000`, and signs out if a hostname has been configured:
 ```shell
 bundle exec rspec qa/specs/features/ee/browser_ui/3_create/repository/code_owners_spec.rb
 ```
 To avoid this, explicitly set `QA_GITLAB_URL` to the configured hostname, for example:
 ```shell
 QA_GITLAB_URL=http://gdk.test:3000 bundle exec rspec qa/specs/features/ee/browser_ui/3_create/repository/code_owners_spec.rb
 ```
--- a/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
+++ b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
@ -9,16 +9,6 @@ module Gitlab
      # rubocop: disable CodeReuse/ActiveRecord
      def run
        unless Feature.enabled?(:revalidate_gpg_fingerprints, @gpg_key.user)
          return CommitSignatures::GpgSignature
            .select(:id, :commit_sha, :project_id)
            .where('gpg_key_id IS NULL OR verification_status <> ?', CommitSignatures::GpgSignature.verification_statuses[:verified])
            .where(gpg_key_primary_keyid: @gpg_key.keyids)
            .find_each do |sig|
              sig.gpg_commit&.update_signature!(sig)
            end
        end
        [@gpg_key].concat(@gpg_key.subkeys).each do |key|
          Gitlab::Gpg.using_tmp_keychain do
            Gitlab::Gpg::CurrentKeyChain.add(key.key)
--- a/lib/tasks/gitlab/tw/codeowners.rake
+++ b/lib/tasks/gitlab/tw/codeowners.rake
@ -42,7 +42,7 @@ namespace :tw do
      # CodeOwnerRule.new('Database Operations', ''),
      # CodeOwnerRule.new('DataOps', ''),
      # CodeOwnerRule.new('Delivery', ''),
-      # CodeOwnerRule.new('Durability', ''),
+      CodeOwnerRule.new('Durability', '@axil'),
      CodeOwnerRule.new('Duo Chat', '@jglassman1'),
      CodeOwnerRule.new('Duo Workflow', '@sselhorn'),
      CodeOwnerRule.new('Dynamic Analysis', '@phillipwells'),
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -16748,6 +16748,42 @@ msgstr ""
 msgid "Components must have a 'name'"
 msgstr ""
 msgid "CompromisedPasswordDetection|Change GitLab Password"
 msgstr ""
 msgid "CompromisedPasswordDetection|Failure to change your password may lead to temporary account access restrictions to prevent potential unauthorized access."
 msgstr ""
 msgid "CompromisedPasswordDetection|For your security, we also recommend enabling %{mfa_link} if you have not done so already."
 msgstr ""
 msgid "CompromisedPasswordDetection|GitLab documentation"
 msgstr ""
 msgid "CompromisedPasswordDetection|Instructions for changing your password can be found in the %{doc_link}."
 msgstr ""
 msgid "CompromisedPasswordDetection|Please change your password immediately."
 msgstr ""
 msgid "CompromisedPasswordDetection|Security Alert: Change Your GitLab.com Password"
 msgstr ""
 msgid "CompromisedPasswordDetection|Security Alert: Change your GitLab password"
 msgstr ""
 msgid "CompromisedPasswordDetection|The password used for your GitLab.com account %{code_start}%{username}%{code_end} may have been compromised due to a data breach on another service or platform. This does not necessarily mean that your GitLab account was accessed. However, leaving your password unchanged presents a significant security risk to your account."
 msgstr ""
 msgid "CompromisedPasswordDetection|The password used for your GitLab.com account %{username} may have been compromised due to a data breach on another service or platform. This does not necessarily mean that your GitLab account was accessed. However, leaving your password unchanged presents a significant security risk to your account."
 msgstr ""
 msgid "CompromisedPasswordDetection|Your GitLab.com account password may be compromised due to a data breach on another service or platform. Please change your password immediately."
 msgstr ""
 msgid "CompromisedPasswordDetection|two-factor authentication"
 msgstr ""
 msgid "Compute minutes"
 msgstr ""
@ -27745,9 +27781,6 @@ msgstr ""
 msgid "Geo|Resync all"
 msgstr ""
 msgid "Geo|Retry count"
 msgstr ""
 msgid "Geo|Reverify"
 msgstr ""
@ -27793,9 +27826,6 @@ msgstr ""
 msgid "Geo|Shards to synchronize"
 msgstr ""
 msgid "Geo|Show more"
 msgstr ""
 msgid "Geo|Site name can't be blank"
 msgstr ""
@ -27829,9 +27859,6 @@ msgstr ""
 msgid "Geo|Synchronization"
 msgstr ""
 msgid "Geo|Synchronization failed - %{error}"
 msgstr ""
 msgid "Geo|Synchronization settings"
 msgstr ""
@ -27928,9 +27955,6 @@ msgstr ""
 msgid "Geo|Verification concurrency limit"
 msgstr ""
 msgid "Geo|Verification failed - %{error}"
 msgstr ""
 msgid "Geo|Verification information"
 msgstr ""
@ -28195,6 +28219,9 @@ msgstr ""
 msgid "GitLab Premium"
 msgstr ""
 msgid "GitLab Security"
 msgstr ""
 msgid "GitLab Shell"
 msgstr ""
@ -61139,6 +61166,9 @@ msgstr ""
 msgid "Thank you for your support request! We are tracking your request as ticket #%{issue_iid}, and will respond as soon as we can."
 msgstr ""
 msgid "Thank you,"
 msgstr ""
 msgid "Thanks for signing up to GitLab!"
 msgstr ""
--- a/qa/qa/specs/spec_helper.rb
+++ b/qa/qa/specs/spec_helper.rb
@ -72,7 +72,7 @@ RSpec.configure do |config|
      begin
        Capybara.current_session.execute_script("window.__coveragePathsPersistence.reset()")
      rescue StandardError => e
-        QA::Runtime::Logger.warn("Failed to reset coverage paths: #{e.message}")
+        QA::Runtime::Logger.warn("Failed to reset coverage paths, check if it is an api spec: #{e.message}")
      end
    end
@ -111,7 +111,7 @@ RSpec.configure do |config|
        example.metadata[:coverage_paths] = coverage_paths
        front_end_coverage_by_example[example.metadata[:location]] = coverage_paths
      rescue StandardError => e
-        QA::Runtime::Logger.warn("Failed to collect coverage paths: #{e.message}")
+        QA::Runtime::Logger.warn("Failed to collect coverage paths, check if it is an api spec: #{e.message}")
      end
    end
  end
--- a/qa/qa/tools/ci/code_paths_mapping.rb
+++ b/qa/qa/tools/ci/code_paths_mapping.rb
@ -9,17 +9,24 @@ module QA
        include Helpers
        PROJECT = "gitlab-qa-resources"
-        BUCKET = "code-path-mappings"
+        DEFAULT_BUCKET = "code-path-mappings"
        DEFAULT_FILE_NAME = "test-code-paths-mapping-merged-pipeline"
-        def self.export(mapping_files_glob)
+        def self.export(mapping_files_glob, **kwargs)
-          new.export(mapping_files_glob)
+          if kwargs.key?(:bucket) || kwargs.key?(:file_name)
            new.export(mapping_files_glob, **kwargs)
          else
            new.export(mapping_files_glob)
          end
        end
        # Export code path mappings to GCP
        #
        # @param [String] mapping_files_glob - glob pattern for mapping files
        # @param [String] bucket - custom bucket name (optional)
        # @param [String] file_name - custom file name (optional)
        # @return [void]
-        def export(mapping_files_glob)
+        def export(mapping_files_glob, bucket: DEFAULT_BUCKET, file_name: DEFAULT_FILE_NAME)
          mapping_files = Dir.glob(mapping_files_glob)
          return logger.warn("No files matched pattern, skipping coverage mapping upload") if mapping_files.empty?
@ -30,21 +37,25 @@ module QA
          logger.info("Number of mapping files found: #{mapping_files.size}")
          mapping_data = mapping_files.flat_map { |file| JSON.parse(File.read(file)) }.reduce(:merge!)
-          file = "#{ENV['CI_COMMIT_REF_SLUG']}/#{ENV['QA_RUN_TYPE']}/test-code-paths-mapping-merged-pipeline-#{\
+          file = "#{ENV['CI_COMMIT_REF_SLUG']}/#{ENV['QA_RUN_TYPE']}/#{file_name}-#{\
          ENV['CI_PIPELINE_ID'] || 'local'}.json"
-          upload_to_gcs(file, mapping_data)
+          upload_to_gcs(file, mapping_data, bucket)
        end
        # Import code path mappings from GCP
        #
        # @param [String] branch - branch name
        # @param [String] run_type - run type
        # @param [String] bucket - custom bucket name (optional)
        # @param [String] file_name - custom file name base (optional)
        # @return [Hash]
-        def import(branch, run_type)
+        def import(branch, run_type, bucket: DEFAULT_BUCKET, file_name: DEFAULT_FILE_NAME)
-          filename = code_paths_mapping_file("#{branch}/#{run_type}")
+          prefix = "#{branch}/#{run_type}/#{file_name}"
          filename = code_paths_mapping_file(prefix, bucket)
          logger.info("The mapping file fetched in import: #{filename}")
-          file = client.get_object(BUCKET, filename)
+          file = client.get_object(bucket, filename)
          JSON.parse(file[:body])
        rescue StandardError => e
          logger.error("Failed to download code paths mapping from GCS. Error: #{e}")
@ -54,8 +65,9 @@ module QA
        private
-        def upload_to_gcs(file_name, mapping_data)
+        def upload_to_gcs(file_name, mapping_data, bucket)
-          client.put_object(BUCKET, file_name, JSON.pretty_generate(mapping_data))
+          client.put_object(bucket, file_name, JSON.pretty_generate(mapping_data))
          logger.info("Successfully uploaded to bucket: #{bucket}, file: #{file_name}")
        rescue StandardError => e
          logger.error("Failed to upload code paths mapping to GCS. Error: #{e}")
          logger.error("Backtrace: #{e.backtrace}")
@ -85,8 +97,8 @@ module QA
        #
        # Get most up to date mapping file based on pipeline type
        # @return [String]
-        def code_paths_mapping_file(prefix)
+        def code_paths_mapping_file(prefix, bucket = DEFAULT_BUCKET)
-          paginated_list(client.list_objects(BUCKET, prefix: prefix)).last&.name
+          paginated_list(client.list_objects(bucket, prefix: prefix)).last&.name
        end
        # Paginated list of items
@ -98,7 +110,7 @@ module QA
          return list.items if list.next_page_token.nil?
          paginated_list(
-            client.list_objects(BUCKET, prefix: list.prefixes.first, page_token: list.next_page_token)
+            client.list_objects(list.bucket, prefix: list.prefixes.first, page_token: list.next_page_token)
          ) + list.items
        end
      end
--- a/qa/spec/tools/ci/code_paths_mapping_spec.rb
+++ b/qa/spec/tools/ci/code_paths_mapping_spec.rb
@ -51,6 +51,29 @@ RSpec.describe QA::Tools::Ci::CodePathsMapping do
    end
  end
  context "with bucket and file name prefix passed as arguments" do
    let(:new_bucket) { "new_bucket" }
    let(:upload_file_name) { "new_name_prefix" }
    let(:expected_file_path) { "#{commit_ref}/#{run_type}/#{upload_file_name}-#{ENV['CI_PIPELINE_ID']}.json" }
    it "exports mapping json with correct file name prefix" do
      expect(logger).to receive(:info).with("Number of mapping files found: #{file_paths.size}")
      expect(gcs_client).to receive(:put_object).with(new_bucket, expected_file_path, pretty_generated_mapping_json)
      described_class.export(glob, bucket: new_bucket, file_name: upload_file_name)
    end
  end
  context "with bucket and file name prefix not passed as arguments" do
    let(:default_bucket) { QA::Tools::Ci::CodePathsMapping::DEFAULT_BUCKET }
    let(:default_filename) { QA::Tools::Ci::CodePathsMapping::DEFAULT_FILE_NAME }
    let(:expected_file_path) { "#{commit_ref}/#{run_type}/#{default_filename}-#{ENV['CI_PIPELINE_ID']}.json" }
    it "exports mapping json with default file name prefix to default bucket" do
      expect(gcs_client).to receive(:put_object).with(default_bucket, expected_file_path, pretty_generated_mapping_json)
      described_class.export(glob)
    end
  end
  context "with no mapping files present" do
    let(:file_paths) { [] }
--- a/qa/tasks/ci.rake
+++ b/qa/tasks/ci.rake
@ -103,10 +103,18 @@ namespace :ci do
    QA::Tools::Ci::TestMetrics.export(args[:glob])
  end
-  desc "Export code paths mapping to GCP"
+  desc "Export backend code paths mapping to GCP"
  task :export_code_paths_mapping, [:glob] do |_, args|
    raise("Code paths mapping JSON glob pattern is required") unless args[:glob]
    QA::Tools::Ci::CodePathsMapping.export(args[:glob])
  end
  desc "Export frontend code paths mapping to GCP"
  task :export_code_paths_mapping, [:glob] do |_, args|
    raise("Code paths mapping JSON glob pattern is required") unless args[:glob]
    QA::Tools::Ci::CodePathsMapping.export(args[:glob], bucket: "code-path-mappings",
      file_name: "js-coverage-by-example-merged-pipeline")
  end
 end
--- a/spec/frontend/blob/line_highlighter_spec.js
+++ b/spec/frontend/blob/line_highlighter_spec.js
@ -2,8 +2,11 @@
 import htmlStaticLineHighlighter from 'test_fixtures_static/line_highlighter.html';
 import { setHTMLFixture, resetHTMLFixture } from 'helpers/fixtures';
 import LineHighlighter from '~/blob/line_highlighter';
 import { updateHash } from '~/blob/state';
 import * as utils from '~/lib/utils/common_utils';
 jest.mock('~/blob/state');
 describe('LineHighlighter', () => {
  const testContext = {};
@ -283,5 +286,17 @@ describe('LineHighlighter', () => {
      expect(testContext.spies.__setLocationHash__).toHaveBeenCalledWith('#L5-15');
    });
    it('calls updateHash with the correct hash for a single line', () => {
      testContext.subject(5);
      expect(updateHash).toHaveBeenCalledWith('#L5');
    });
    it('calls updateHash with the correct hash for a range', () => {
      testContext.subject(5, 15);
      expect(updateHash).toHaveBeenCalledWith('#L5-15');
    });
  });
 });
--- a/spec/frontend/repository/components/header_area/blob_repository_actions_group_spec.js
+++ b/spec/frontend/repository/components/header_area/blob_repository_actions_group_spec.js
@ -9,7 +9,6 @@ import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
 import { blobControlsDataMock } from 'ee_else_ce_jest/repository/mock_data';
 jest.mock('~/behaviors/shortcuts/shortcuts_toggle');
 jest.mock('~/blob/state');
 const relativePermalinkPath =
  'flightjs/Flight/-/blob/46ca9ebd5a43ec240ee8d64e2bb829169dff744e/bower.json';
--- a/spec/frontend/repository/components/header_area/permalink_dropdown_item_spec.js
+++ b/spec/frontend/repository/components/header_area/permalink_dropdown_item_spec.js
@ -4,7 +4,7 @@ import PermalinkDropdownItem from '~/repository/components/header_area/permalink
 import { keysFor, PROJECT_FILES_GO_TO_PERMALINK } from '~/behaviors/shortcuts/keybindings';
 import { shouldDisableShortcuts } from '~/behaviors/shortcuts/shortcuts_toggle';
 import { Mousetrap } from '~/lib/mousetrap';
-import { hashState } from '~/blob/state';
+import { hashState, updateHash } from '~/blob/state';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
 import { useMockInternalEventsTracking } from 'helpers/tracking_internal_events_helper';
@ -46,6 +46,24 @@ describe('PermalinkDropdownItem', () => {
    expect(findPermalinkLinkDropdown().exists()).toBe(true);
  });
  describe('hash change handling', () => {
    it('calls updateHash when hash changes', () => {
      window.location.hash = 'L42';
      createComponent();
      window.dispatchEvent(new Event('hashchange'));
      expect(updateHash).toHaveBeenCalledWith('#L42');
    });
    it('handles empty hash correctly', () => {
      window.location.hash = '';
      createComponent();
      window.dispatchEvent(new Event('hashchange'));
      expect(updateHash).toHaveBeenCalledWith('');
    });
  });
  describe('updatedPermalinkPath', () => {
    it('returns absolutePermalinkPath when no line number is set', () => {
      expect(findPermalinkLinkDropdown().attributes('data-clipboard-text')).toBe(
@ -54,7 +72,7 @@ describe('PermalinkDropdownItem', () => {
    });
    it('returns updated path with line number when set', () => {
-      hashState.currentHash = 10;
+      hashState.currentHash = '#L10';
      createComponent();
      expect(findPermalinkLinkDropdown().attributes('data-clipboard-text')).toBe(
@ -158,6 +176,17 @@ describe('PermalinkDropdownItem', () => {
      wrapper.destroy();
      expect(unbindSpy).toHaveBeenCalledWith(keysFor(PROJECT_FILES_GO_TO_PERMALINK));
    });
    it('add and remove event listener for hashChange event', () => {
      const addEventListenerSpy = jest.spyOn(window, 'addEventListener');
      const removeEventListenerSpy = jest.spyOn(window, 'removeEventListener');
      createComponent();
      expect(addEventListenerSpy).toHaveBeenCalledWith('hashchange', expect.any(Function));
      wrapper.destroy();
      expect(removeEventListenerSpy).toHaveBeenCalledWith('hashchange', expect.any(Function));
    });
  });
  it('displays the shortcut key when shortcuts are not disabled', () => {
--- a/spec/frontend/repository/components/header_area/utils_spec.js
+++ b/spec/frontend/repository/components/header_area/utils_spec.js
@ -0,0 +1,75 @@
 import { getAbsolutePermalinkPath } from '~/repository/components/header_area/utils';
 import * as urlUtility from '~/lib/utils/url_utility';
 import * as blobUtils from '~/blob/utils';
 describe('getAbsolutePermalinkPath', () => {
  const permalinkPath = '/project/repo/-/blob/main/file.js';
  const baseUrl = 'https://gitlab.example.com';
  const absolutePath = 'https://gitlab.example.com/project/repo/-/blob/main/file.js';
  beforeEach(() => {
    jest.spyOn(urlUtility, 'getBaseURL').mockReturnValue(baseUrl);
    jest.spyOn(urlUtility, 'relativePathToAbsolute').mockReturnValue(absolutePath);
    jest.spyOn(blobUtils, 'getPageParamValue').mockReturnValue(null);
    jest.spyOn(blobUtils, 'getPageSearchString').mockReturnValue('');
  });
  describe('when hash is not provided', () => {
    it.each([
      ['null', null],
      ['empty string', ''],
      ['undefined', undefined],
    ])('returns absolute path when hash is %s', (_, hash) => {
      expect(getAbsolutePermalinkPath(permalinkPath, hash)).toBe(absolutePath);
    });
  });
  describe('when handling different hash formats', () => {
    it.each([
      ['line number format', '#L6', '#L6'],
      ['line number range format', '#L10-19', '#L10-19'],
      [
        'anchor hash',
        '#developer-certificate-of-origin--license',
        '#developer-certificate-of-origin--license',
      ],
    ])('handles %s (%s)', (_, hash, expectedHash) => {
      expect(getAbsolutePermalinkPath(permalinkPath, hash)).toBe(`${absolutePath}${expectedHash}`);
    });
  });
  describe('when hash normalization is needed', () => {
    it.each([
      ['line number', 'L6', '#L6'],
      ['line number range', 'L10-19', '#L10-19'],
      [
        'complex anchor',
        'developer-certificate-of-origin--license',
        '#developer-certificate-of-origin--license',
      ],
    ])('normalizes %s hash by adding # prefix when missing', (_, hash, expectedHash) => {
      expect(getAbsolutePermalinkPath(permalinkPath, hash)).toBe(`${absolutePath}${expectedHash}`);
    });
  });
  describe('when page parameters are present', () => {
    const searchString = '?plain=1';
    beforeEach(() => {
      blobUtils.getPageParamValue.mockReturnValue('1');
      blobUtils.getPageSearchString.mockReturnValue(searchString);
    });
    it.each([
      ['with # prefix', '#L6', '#L6'],
      ['without # prefix', 'L20', '#L20'],
      ['with empty hash', '', ''],
      ['with null hash', null, ''],
      ['with undefined hash', undefined, ''],
    ])('includes search string when hash is %s', (_, hash, expectedHash) => {
      expect(getAbsolutePermalinkPath(permalinkPath, hash)).toBe(
        `${absolutePath}${searchString}${expectedHash}`,
      );
    });
  });
 });
--- a/spec/frontend/vue_shared/components/source_viewer/components/chunk_spec.js
+++ b/spec/frontend/vue_shared/components/source_viewer/components/chunk_spec.js
@ -5,11 +5,9 @@ import { GlIntersectionObserver } from '@gitlab/ui';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
 import Chunk from '~/vue_shared/components/source_viewer/components/chunk.vue';
 import { addInteractionClass } from '~/code_navigation/utils';
 import { updateLineNumber } from '~/blob/state';
 import { CHUNK_1, CHUNK_2 } from '../mock_data';
 jest.mock('~/code_navigation/utils');
 jest.mock('~/blob/state');
 Vue.use(Vuex);
@ -103,18 +101,5 @@ describe('Chunk component', () => {
      expect(addInteractionClass).toHaveBeenCalledWith({ d: 'test', path: 'index.js' });
    });
    it('calls updateLineNumber with the correct line number when a line is clicked', async () => {
      createComponent({ ...CHUNK_2, isHighlighted: true });
      const lineNumber = '71';
      const lineNumberElement = wrapper.find(`[data-line-number="${lineNumber}"]`);
      expect(lineNumberElement.exists()).toBe(true);
      await lineNumberElement.trigger('click');
      expect(updateLineNumber).toHaveBeenCalledWith(lineNumber);
    });
  });
 });
--- a/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb
+++ b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb
@ -67,23 +67,6 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater, :sidekiq_inline do
        )
      end
      it 'assigns the gpg key even with revalidate_gpg_fingerprints feature flag disabled' do
        stub_feature_flags(revalidate_gpg_fingerprints: false)
        # InvalidGpgSignatureUpdater is called by the after_create hook
        gpg_key = create :gpg_key,
          key: GpgHelpers::User1.public_key,
          user: user
        expect(valid_gpg_signature.reload).to have_attributes(
          project: project,
          commit_sha: commit_sha,
          gpg_key: gpg_key,
          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
          verification_status: 'verified'
        )
      end
      it 'does not assign the gpg key when an unrelated gpg key is added' do
        # InvalidGpgSignatureUpdater is called by the after_create hook
        create :gpg_key,
@ -127,23 +110,6 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater, :sidekiq_inline do
        )
      end
      it 'does not update the signature when revalidate_gpg_fingerprints feature flag is disabled' do
        stub_feature_flags(revalidate_gpg_fingerprints: false)
        # InvalidGpgSignatureUpdater is called by the after_create hook
        create :gpg_key,
          key: GpgHelpers::User1.public_key,
          user: user
        expect(invalid_gpg_signature.reload).to have_attributes(
          project: project,
          commit_sha: commit_sha,
          gpg_key: nil,
          gpg_key_primary_keyid: GpgHelpers::User1.fingerprint,
          verification_status: 'unknown_key'
        )
      end
      it 'keeps the signature at being invalid when an unrelated gpg key is added' do
        # InvalidGpgSignatureUpdater is called by the after_create hook
        create :gpg_key,
--- a/spec/support/finder_collection_allowlist.yml
+++ b/spec/support/finder_collection_allowlist.yml
@ -8,7 +8,8 @@
 - Groups::EnvironmentScopesFinder # Reason: There is no need to have anything else besides the simple strucutre with the scope name
 - Security::RelatedPipelinesFinder # Reason: There is no need to have anything else besides the IDs of pipelines
 - Llm::ExtraResourceFinder # Reason: The finder does not deal with DB-backend resource for now.
- Security::VulnerabilityReadsElasticFinder # Reason: The finder deals with Elasticsearch records and not DB records
+- Security::VulnerabilityElasticFinder # Reason: The finder deals with Elasticsearch records and not DB records
 - Security::VulnerabilityElasticAggregationFinder # Reason: The finder deals with Elasticsearch records and not DB records
 # Temporary excludes (aka TODOs)
 # For example: