Add latest changes from gitlab-org/gitlab@master

.gitleaksignore

@@ -14,3 +14,4 @@ spec/frontend/lib/utils/secret_detection_spec.js:generic-api-key:57
 spec/frontend/lib/utils/secret_detection_spec.js:gitlab-pat:28
 d39da82ae304b8813a8fb2c79c3d7cd6f173590e:doc/api/groups.md:gitlab-pat:2342
 doc/api/packages/conan_v2.md:jwt:82
+ee/spec/fixtures/secrets_manager/test_private_key.pem:private-key:1

.rubocop_todo/lint/symbol_conversion.yml

@@ -2,22 +2,6 @@
 # Cop supports --autocorrect.
 Lint/SymbolConversion:
   Exclude:
-    - 'app/services/labels/find_or_create_service.rb'
-    - 'app/services/merge_requests/update_service.rb'
-    - 'app/services/notification_recipients/builder/default.rb'
-    - 'app/services/notification_service.rb'
-    - 'app/workers/project_export_worker.rb'
-    - 'ee/app/graphql/ee/resolvers/projects/branch_rules_resolver.rb'
-    - 'ee/app/models/concerns/ee/protected_branch.rb'
-    - 'ee/app/models/geo_node_status.rb'
-    - 'ee/app/policies/ee/group_policy.rb'
-    - 'ee/app/policies/ee/project_policy.rb'
-    - 'ee/app/services/security/security_orchestration_policies/ci_action/base.rb'
-    - 'ee/app/services/vulnerabilities/manually_create_service.rb'
-    - 'ee/lib/api/concerns/dependency_proxy/packages_helpers.rb'
-    - 'ee/lib/ee/api/helpers.rb'
-    - 'ee/lib/gitlab/geo/replicator.rb'
-    - 'ee/lib/gitlab/graphql/aggregations/epics/epic_node.rb'
     - 'ee/spec/factories/ci/builds.rb'
     - 'ee/spec/factories/ci/pipelines.rb'
     - 'ee/spec/features/groups/analytics/cycle_analytics/charts_spec.rb'

GITLAB_KAS_VERSION

@@ -1 +1 @@
-af481a144fe5ad4e87865884e09ab376dae65e68
+84ab18cf395fb9440c69725897fd5dc436d9fcf7

app/services/labels/find_or_create_service.rb

@@ -22,7 +22,7 @@ module Labels
     def available_labels
       @available_labels ||= LabelsFinder.new(
         current_user,
-        "#{parent_type}_id".to_sym => parent.id,
+        "#{parent_type}_id": parent.id,
         include_ancestor_groups: include_ancestor_groups?,
         only_group_labels: parent_is_group?
       ).execute(skip_authorization: skip_authorization)

app/services/merge_requests/update_service.rb

@@ -162,7 +162,7 @@ module MergeRequests
         next unless changed_fields.include?(action)
 
         merge_request_activity_counter
-          .public_send("track_#{action}_edit_action".to_sym, user: current_user) # rubocop:disable GitlabSecurity/PublicSend
+          .public_send(:"track_#{action}_edit_action", user: current_user) # rubocop:disable GitlabSecurity/PublicSend
       end
     end
 

app/services/notification_recipients/builder/default.rb

@@ -72,7 +72,7 @@ module NotificationRecipients
                         target.class.model_name.name.underscore
                       end
 
-        @custom_action = "#{action}_#{target_name}".to_sym
+        @custom_action = :"#{action}_#{target_name}"
       end
 
       def self.mention_type_actions

app/services/notification_service.rb

@@ -875,7 +875,7 @@ class NotificationService
   private
 
   def send_new_note_notifications(note)
-    notify_method = "note_#{note.noteable_ability_name}_email".to_sym
+    notify_method = :"note_#{note.noteable_ability_name}_email"
 
     recipients = NotificationRecipients::BuildService.build_new_note_recipients(note)
     recipients.each do |recipient|

app/views/layouts/_snowplow.html.haml

@@ -11,7 +11,6 @@
     gl = window.gl || {};
     gl.snowplowStandardContext = #{Gitlab::Tracking::StandardContext.new(
       namespace: namespace,
-      plan_name: namespace&.actual_plan_name,
       project_id: @project&.id,
       user: current_user
     ).to_context.to_json.to_json}

app/workers/project_export_worker.rb

@@ -58,7 +58,7 @@ class ProjectExportWorker # rubocop:disable Scalability/IdempotentWorker
 
   def log_exporters_duration(export_service)
     export_service.exporters.each do |exporter|
-      exporter_key = "#{exporter.class.name.demodulize.underscore}_duration_s".to_sym # e.g. uploads_saver_duration_s
+      exporter_key = :"#{exporter.class.name.demodulize.underscore}_duration_s" # e.g. uploads_saver_duration_s
       exporter_duration = exporter.duration_s&.round(6)
 
       log_extra_metadata_on_done(exporter_key, exporter_duration)

db/gitlab_schemas/gitlab_main_cell.yaml

@@ -1,5 +1,5 @@
 name: gitlab_main_cell
-description: Schema for all Organization tables, ex. namespaces, projects, etc.
+description: Schema for all Organization Main tables, ex. namespaces, projects, etc.
 allow_cross_joins:
   - gitlab_shared
   - gitlab_main

db/gitlab_schemas/gitlab_sec.yaml

@@ -1,5 +1,5 @@
 name: gitlab_sec
-description: Schema for all Cell-local Security features.
+description: Schema for all Organizational Security features.
 allow_cross_joins:
   - gitlab_shared
 allow_cross_transactions:

doc/development/cells/_index.md

@@ -13,7 +13,8 @@ Below are available schemas related to Cells and Organizations:
 
 | Schema | Description |
 | ------ | ----------- |
-| `gitlab_main_cell`| Use for all tables in the `main:` database that are for an Organization. For example, `projects` and `groups` |
+| `gitlab_main` (deprecated) | This is being replaced with `gitlab_main_cell`, for the purpose of building the [Cells](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/) architecture. |
+| `gitlab_main_cell`| To be renamed to `gitlab_main_org`. Use for all tables in the `main:` database that are for an Organization. For example, `projects` and `groups` |
 | `gitlab_main_cell_setting` | All tables in the `main:` database related to cell settings. For example, `application_settings`. |
 | `gitlab_main_clusterwide` (deprecated) | All tables in the `main:` database where all rows, or a subset of rows needs to be present across the cluster, in the [Cells](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/) architecture. For example, `plans`. For the [Cells 1.0 architecture](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/iterations/cells-1.0/), there are no real clusterwide tables as each cell will have its own database. In effect, these tables will still be stored locally in each cell. |
 | `gitlab_main_cell_local` | For tables in the `main:` database that are related to features that is distinct for each cell. For example, `zoekt_nodes`, or `shards`. These cell-local tables should not have any foreign key references from/to organization tables. |

doc/development/database/multiple_databases.md

@@ -27,7 +27,7 @@ Each table of GitLab needs to have a `gitlab_schema` assigned:
 
 | Schema | Description | Notes |
 | -------- | ----------- | ------- |
-| `gitlab_main`| All tables that are being stored in the `main:` database. | Currently, this is being replaced with `gitlab_main_cell`, for the purpose of building the [Cells](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/) architecture. |
+| `gitlab_main` | See [Cells / Organizations schemas](../cells/_index.md#available-cells--organization-schemas) | |
 | `gitlab_main_cell` | See [Cells / Organizations schemas](../cells/_index.md#available-cells--organization-schemas) | |
 | `gitlab_main_cell_setting` | See [Cells / Organizations schemas](../cells/_index.md#available-cells--organization-schemas) | |
 | `gitlab_main_clusterwide` | See [Cells / Organizations schemas](../cells/_index.md#available-cells--organization-schemas) | |

doc/operations/incident_management/status_page.md

@@ -94,14 +94,14 @@ the necessary CI/CD variables to deploy the Status Page to AWS S3:
 {{< alert type="warning" >}}
 
 Consider limiting who can access issues in this project, as any user who can view
-the issue can potentially [publish comments to your GitLab Status Page](#publish-comments-on-incidents).
+the incident can potentially [publish comments to your GitLab Status Page](#publish-comments-on-incidents).
 
 {{< /alert >}}
 
 ### Sync incidents to the Status Page
 
 After creating the CI/CD variables, configure the Project you want to use for
-Incident issues:
+Incidents:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Settings > Monitor**.
@@ -138,17 +138,17 @@ graph TB
 
 To publish an incident:
 
-1. Create an issue in the project you enabled the GitLab Status Page settings in.
+1. Create an incident in the project you enabled the GitLab Status Page settings in.
 1. A [project or group owner](../../user/permissions.md) must use the
    `/publish` [quick action](../../user/project/quick_actions.md) to publish the
-   issue to the GitLab Status Page. [Confidential issues](../../user/project/issues/confidential_issues.md) can't be published.
+   incident to the GitLab Status Page. [Confidential incidents](../../user/project/issues/confidential_issues.md) can't be published.
 
-A background worker publishes the issue onto the Status Page using the credentials
+A background worker publishes the incident onto the Status Page using the credentials
 you provided during setup. As part of publication, GitLab:
 
 - Anonymizes user and group mentions with `Incident Responder`.
 - Removes titles of non-public [GitLab references](../../user/markdown.md#gitlab-specific-references).
-- Publishes any files attached to incident issue descriptions, up to 5000 per issue.
+- Publishes any files attached to incident descriptions, up to 5000 per incident.
 
 After publication, you can access the incident's details page by selecting the
 **Published on status page** button displayed under the Incident's title.
@@ -157,11 +157,11 @@ After publication, you can access the incident's details page by selecting the
 
 ### Update an incident
 
-To publish an update to the Incident, update the incident issue's description.
+To publish an update to the Incident, update the incident's description.
 
 {{< alert type="warning" >}}
 
-When referenced issues are changed (such as title or confidentiality) the incident
+When referenced incidents are changed (such as title or confidentiality) the incident
 they were referenced in is not updated.
 
 {{< /alert >}}
@@ -170,25 +170,25 @@ they were referenced in is not updated.
 
 To publish comments to the Status Page Incident:
 
-- Create a comment on the incident issue.
+- Create a comment on the incident.
 - When you're ready to publish the comment, mark the comment for publication by
   adding a microphone [emoji reaction](../../user/emoji_reactions.md)
   reaction (`:microphone:` 🎤) to the comment.
-- Any files attached to the comment (up to 5000 per issue) are also published.
+- Any files attached to the comment (up to 5000 per incident) are also published.
 
 {{< alert type="warning" >}}
 
-Anyone with access to view the Issue can add an emoji reaction to a comment, so
+Anyone with access to view the incident can add an emoji reaction to a comment, so
 consider limiting access to issues to team members only.
 
 {{< /alert >}}
 
 ### Update the incident status
 
-To change the incident status from `open` to `closed`, close the incident issue
-within GitLab. Closing the issue triggers a background worker to update the
+To change the incident status from `open` to `closed`, close the incident
+within GitLab. Closing the incident triggers a background worker to update the
 GitLab Status Page website.
 
 If you
-[make a published issue confidential](../../user/project/issues/confidential_issues.md#make-an-issue-confidential),
+[make a published incident confidential](../../user/project/issues/confidential_issues.md#make-an-issue-confidential),
 GitLab unpublishes it from your GitLab Status Page website.

lib/gitlab/internal_events.rb

@@ -141,7 +141,6 @@ module Gitlab
           project_id: project&.id,
           user: user,
           namespace: namespace,
-          plan_name: namespace&.actual_plan_name,
           feature_enabled_by_namespace_ids: feature_enabled_by_namespace_ids,
           **extra
         ).to_context

lib/gitlab/tracking.rb

@@ -24,7 +24,6 @@ module Gitlab
         contexts = [
           Tracking::StandardContext.new(
             namespace: namespace,
-            plan_name: namespace&.actual_plan_name,
             project_id: project_id,
             user: user,
             **extra).to_context, *context

lib/gitlab/tracking/standard_context.rb

@@ -7,13 +7,15 @@ module Gitlab
       GITLAB_RAILS_SOURCE = 'gitlab-rails'
 
       def initialize(
-        namespace: nil, plan_name: nil, project_id: nil, user: nil,
+        namespace: nil, project_id: nil, user: nil,
         feature_enabled_by_namespace_ids: nil, **extra)
         check_argument_type(:namespace, namespace, [Namespace])
-        check_argument_type(:plan_name, plan_name, [String])
         check_argument_type(:project_id, project_id, [Integer])
         check_argument_type(:user, user, [User, DeployToken])
 
+        plan_name = get_plan_name(namespace)
+        check_argument_type(:plan_name, plan_name, [String])
+
         @namespace = namespace
         @plan_name = plan_name
         @project_id = project_id
@@ -46,6 +48,10 @@ module Gitlab
 
       attr_accessor :namespace, :project_id, :extra, :plan_name, :user, :feature_enabled_by_namespace_ids
 
+      def get_plan_name(_namespace)
+        'free' # GitLab CE edition is always free
+      end
+
       def to_h
         {
           environment: environment,

locale/gitlab.pot

@@ -3967,7 +3967,7 @@ msgid_plural "AdherenceReport|%{pendingCount}/%{totalCount} controls are pending
 msgstr[0] ""
 msgstr[1] ""
 
-msgid "AdherenceReport|Completed controls"
+msgid "AdherenceReport|Failed controls"
 msgstr ""
 
 msgid "AdherenceReport|Have questions or thoughts on the new improvements we made? %{linkStart}Please provide feedback on your experience%{linkEnd}."
@@ -3979,6 +3979,9 @@ msgstr ""
 msgid "AdherenceReport|No statuses found."
 msgstr ""
 
+msgid "AdherenceReport|Passed controls"
+msgstr ""
+
 msgid "AdherenceReport|Pending controls"
 msgstr ""
 

qa/gdk/Dockerfile.gdk

@@ -1,4 +1,4 @@
-ARG GDK_SHA=179e550c25bc67a2e6205f3c4c2152af840526da
+ARG GDK_SHA=be62933f01284592fd76921eb384d190ef07defe
 # Use tag prefix when running on 'stable' branch to make sure 'protected' image is used which is not deleted by registry cleanup
 ARG GDK_BASE_TAG_PREFIX
 

scripts/frontend/quarantined_vue3_specs.txt

@@ -139,7 +139,6 @@ spec/frontend/projects/settings_service_desk/components/service_desk_root_spec.j
 spec/frontend/ref/init_ambiguous_ref_modal_spec.js
 spec/frontend/releases/components/asset_links_form_spec.js
 spec/frontend/repository/components/table/index_spec.js
-spec/frontend/repository/components/table/row_spec.js
 spec/frontend/set_status_modal/user_profile_set_status_wrapper_spec.js
 spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js
 spec/frontend/sidebar/components/confidential/confidentiality_dropdown_spec.js

spec/frontend/repository/components/table/row_spec.js

@@ -126,12 +126,7 @@ describe('Repository table row component', () => {
     expect(hoverLoadDirective.value).toBeInstanceOf(Function);
   });
 
-  it.each`
-    type        | component         | componentName
-    ${'tree'}   | ${RouterLinkStub} | ${'RouterLink'}
-    ${'blob'}   | ${RouterLinkStub} | ${'RouterLink'}
-    ${'commit'} | ${'a'}            | ${'hyperlink'}
-  `('renders a $componentName for type $type', ({ type, component }) => {
+  it.each(['tree', 'blob'])('renders a RouterLink for type $type', (type) => {
     factory({
       propsData: {
         id: '1',
@@ -142,7 +137,21 @@ describe('Repository table row component', () => {
       },
     });
 
-    expect(wrapper.findComponent(component).exists()).toBe(true);
+    expect(wrapper.findComponent(RouterLinkStub).exists()).toBe(true);
+  });
+
+  it('renders a hyperlink for type commit', () => {
+    factory({
+      propsData: {
+        id: '1',
+        sha: '123',
+        path: 'test',
+        type: 'commit',
+        currentPath: '/',
+      },
+    });
+
+    expect(wrapper.find('a').exists()).toBe(true);
   });
 
   it.each`

spec/lib/gitlab/tracking/standard_context_spec.rb

@@ -71,7 +71,6 @@ RSpec.describe Gitlab::Tracking::StandardContext, feature_category: :service_pin
       let(:bottom_level_group) { create(:group, parent: subgroup2) }
       let(:project_id) { 2 }
       let(:namespace) { bottom_level_group }
-      let(:plan_name) { "plan name" }
       let(:hostname) { 'example.com' }
       let(:version) { '17.3.0' }
       let(:json_data) { snowplow_context.to_json.fetch(:data) }
@@ -82,7 +81,7 @@ RSpec.describe Gitlab::Tracking::StandardContext, feature_category: :service_pin
       end
 
       subject do
-        described_class.new(user: user, project_id: project_id, namespace: namespace, plan_name: plan_name)
+        described_class.new(user: user, project_id: project_id, namespace: namespace)
       end
 
       it 'holds the correct values', :aggregate_failures do
@@ -90,7 +89,7 @@ RSpec.describe Gitlab::Tracking::StandardContext, feature_category: :service_pin
         expect(json_data[:project_id]).to eq(project_id)
         expect(json_data[:namespace_id]).to eq(namespace.id)
         expect(json_data[:ultimate_parent_namespace_id]).to eq(top_level_group.id)
-        expect(json_data[:plan]).to eq(plan_name)
+        expect(json_data[:plan]).to eq('free')
         expect(json_data[:host_name]).to eq(hostname)
         expect(json_data[:instance_version]).to eq(version)
         expect(json_data[:correlation_id]).to eq(Labkit::Correlation::CorrelationId.current_or_new_id)

spec/lib/gitlab/tracking_spec.rb

@@ -137,7 +137,7 @@ RSpec.describe Gitlab::Tracking, feature_category: :application_instrumentation
 
         expect(Gitlab::Tracking::StandardContext)
           .to receive(:new)
-                .with(project_id: project.id, user: user, namespace: namespace, plan_name: namespace.actual_plan_name, extra_key_1: 'extra value 1', extra_key_2: 'extra value 2')
+                .with(project_id: project.id, user: user, namespace: namespace, extra_key_1: 'extra value 1', extra_key_2: 'extra value 2')
                 .and_call_original
 
         expect_any_instance_of(klass).to receive(:event) do |_, category, action, args|