Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -187,9 +187,9 @@ gem 'seed-fu', '~> 2.3.7'
 gem 'elasticsearch-model', '~> 7.2'
 gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation'
 gem 'elasticsearch-api',   '7.13.3'
-gem 'aws-sdk-core', '~> 3.180.2'
+gem 'aws-sdk-core', '~> 3.180.3'
 gem 'aws-sdk-cloudformation', '~> 1'
-gem 'aws-sdk-s3', '~> 1.132.0'
+gem 'aws-sdk-s3', '~> 1.132.1'
 gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
 gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections
 

Gemfile.checksum

@@ -37,9 +37,9 @@
 {"name":"aws-eventstream","version":"1.2.0","platform":"ruby","checksum":"ffa53482c92880b001ff2fb06919b9bb82fd847cbb0fa244985d2ebb6dd0d1df"},
 {"name":"aws-partitions","version":"1.761.0","platform":"ruby","checksum":"291e444e1edfc92c5521a6dbdd1236ccc3f122b3520163b2be6ec5b6ef350ef2"},
 {"name":"aws-sdk-cloudformation","version":"1.41.0","platform":"ruby","checksum":"31e47539719734413671edf9b1a31f8673fbf9688549f50c41affabbcb1c6b26"},
-{"name":"aws-sdk-core","version":"3.180.2","platform":"ruby","checksum":"44b2a16492b1fea57bc9e0a9d1efbb329786d120b0dc291a8e2abc5dc3bbb3eb"},
+{"name":"aws-sdk-core","version":"3.180.3","platform":"ruby","checksum":"829915d511bb018acab0905d860c1831c4a7f7e8daba1afd546225b2c9918351"},
 {"name":"aws-sdk-kms","version":"1.64.0","platform":"ruby","checksum":"40de596c95047bfc6e1aacea24f3df6241aa716b6f7ce08ac4c5f7e3120395ad"},
-{"name":"aws-sdk-s3","version":"1.132.0","platform":"ruby","checksum":"eec42306e6df54bacf5045a366c69acac8b02834b745b9562a90708838204b32"},
+{"name":"aws-sdk-s3","version":"1.132.1","platform":"ruby","checksum":"cac01fbba5d717907b8df7b4e482447678c8392c7a4707ba09956d10e3549145"},
 {"name":"aws-sigv4","version":"1.6.0","platform":"ruby","checksum":"ca9e6a15cd424f1f32b524b9760995331459bc22e67d3daad4fcf0c0084b087d"},
 {"name":"axe-core-api","version":"4.6.0","platform":"ruby","checksum":"1b0ddec3353f108dc10363baf2282f43a5ff7f13d4e25f99071294e78f8a6c62"},
 {"name":"axe-core-rspec","version":"4.6.0","platform":"ruby","checksum":"11c25bc9dd388c137ba4e5e63d64d20092bf22c884d8ffc829a22acfbacd747f"},

Gemfile.lock

@@ -265,7 +265,7 @@ GEM
     aws-sdk-cloudformation (1.41.0)
       aws-sdk-core (~> 3, >= 3.99.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.180.2)
+    aws-sdk-core (3.180.3)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
@@ -273,7 +273,7 @@ GEM
     aws-sdk-kms (1.64.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.132.0)
+    aws-sdk-s3 (1.132.1)
       aws-sdk-core (~> 3, >= 3.179.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.6)
@@ -1737,8 +1737,8 @@ DEPENDENCIES
   autoprefixer-rails (= 10.2.5.1)
   awesome_print
   aws-sdk-cloudformation (~> 1)
-  aws-sdk-core (~> 3.180.2)
-  aws-sdk-s3 (~> 1.132.0)
+  aws-sdk-core (~> 3.180.3)
+  aws-sdk-s3 (~> 1.132.1)
   axe-core-rspec
   babosa (~> 2.0)
   base32 (~> 0.3.0)

app/assets/javascripts/vue_shared/components/markdown/toolbar.vue

@@ -151,7 +151,7 @@ export default {
         target="_blank"
         category="tertiary"
         size="small"
-        title="Markdown is supported"
+        :title="__('Markdown is supported')"
         class="gl-px-3!"
       />
     </div>

config/gitlab_loose_foreign_keys.yml

@@ -308,6 +308,13 @@ terraform_state_versions:
   - table: p_ci_builds
     column: ci_build_id
     on_delete: async_nullify
+user_details:
+  - table: namespaces
+    column: provisioned_by_group_id
+    on_delete: async_nullify
+  - table: namespaces
+    column: enterprise_group_id
+    on_delete: async_nullify
 vulnerability_feedback:
   - table: ci_pipelines
     column: pipeline_id

db/post_migrate/20230804121704_remove_namespaces_user_details_enterprise_group_id_fk.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class RemoveNamespacesUserDetailsEnterpriseGroupIdFk < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    return unless foreign_key_exists?(:user_details, :namespaces, name: "fk_c53c794142")
+
+    with_lock_retries do
+      remove_foreign_key_if_exists(:user_details, :namespaces,
+        name: "fk_c53c794142", reverse_lock_order: true)
+    end
+  end
+
+  def down
+    add_concurrent_foreign_key(:user_details, :namespaces,
+      name: "fk_c53c794142", column: :enterprise_group_id,
+      target_column: :id, on_delete: :nullify)
+  end
+end

db/post_migrate/20230804121705_remove_namespaces_user_details_provisioned_by_group_id_fk.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class RemoveNamespacesUserDetailsProvisionedByGroupIdFk < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    return unless foreign_key_exists?(:user_details, :namespaces, name: "fk_190e4fcc88")
+
+    with_lock_retries do
+      remove_foreign_key_if_exists(:user_details, :namespaces,
+        name: "fk_190e4fcc88", reverse_lock_order: true)
+    end
+  end
+
+  def down
+    add_concurrent_foreign_key(:user_details, :namespaces,
+      name: "fk_190e4fcc88", column: :provisioned_by_group_id,
+      target_column: :id, on_delete: :nullify)
+  end
+end

db/schema_migrations/20230804121704

@@ -0,0 +1 @@
+ea9fa68d5b4001cc4fc8bbcdba5183bfaee216844c87811d2f9d45d008495ee6

db/schema_migrations/20230804121705

@@ -0,0 +1 @@
+70c78a39fdfe0889a2a5e9adc16f4aeed343b83ff7009d29b303c866e7681740

db/structure.sql

@@ -35965,9 +35965,6 @@ ALTER TABLE ONLY ci_pipelines
 ALTER TABLE ONLY analytics_devops_adoption_segments
     ADD CONSTRAINT fk_190a24754d FOREIGN KEY (display_namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE;
 
-ALTER TABLE ONLY user_details
-    ADD CONSTRAINT fk_190e4fcc88 FOREIGN KEY (provisioned_by_group_id) REFERENCES namespaces(id) ON DELETE SET NULL;
-
 ALTER TABLE ONLY agent_project_authorizations
     ADD CONSTRAINT fk_1d30bb4987 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
@@ -36670,9 +36667,6 @@ ALTER TABLE ONLY timelogs
 ALTER TABLE ONLY geo_event_log
     ADD CONSTRAINT fk_c4b1c1f66e FOREIGN KEY (repository_deleted_event_id) REFERENCES geo_repository_deleted_events(id) ON DELETE CASCADE;
 
-ALTER TABLE ONLY user_details
-    ADD CONSTRAINT fk_c53c794142 FOREIGN KEY (enterprise_group_id) REFERENCES namespaces(id) ON DELETE SET NULL;
-
 ALTER TABLE ONLY issues
     ADD CONSTRAINT fk_c63cbf6c25 FOREIGN KEY (closed_by_id) REFERENCES users(id) ON DELETE SET NULL;
 

doc/architecture/blueprints/cells/cells-feature-user-profile.md

@@ -15,16 +15,36 @@ we can document the reasons for not choosing this approach.
 
 # Cells: User Profile
 
-> TL;DR
+The existing User Profiles will initially be scoped to an Organization. Long-term, we should consider aggregating parts of the User activity across Organizations to enable Users a global view of their contributions.
 
 ## 1. Definition
 
+Each GitLab account has a [User Profile](../../../user/profile/index.md), which contains information about the User and their GitLab activity.
+
 ## 2. Data flow
 
 ## 3. Proposal
 
+User Profiles will be scoped to an Organization.
+
+- Users can set a Home Organization as their main Organization.
+- Users who do not exist in the database at all display a 404 not found error when trying to access their User Profile.
+- User who haven't contributed to an Organization display their User Profile with an empty state.
+- When displaying a User Profile empty state, if the profile has a Home Organization set to another Organization, we display a call-to-action allowing navigation to the main Organization.
+
+See [issue #411931](https://gitlab.com/gitlab-org/gitlab/-/issues/411931) for design proposals.
+
 ## 4. Evaluation
 
+We expect the [majority of Users to perform most of their activity in one single Organization](../organization/index.md#data-exploration).
+This is why we deem it acceptable to scope the User Profile to an Organization at first.
+More discovery is necessary to understand which aspects of the current User Profile are relevant to showcase contributions in a global context.
+
 ## 4.1. Pros
 
+- Viewing a User Profile scoped to an Organization allows you to focus on contributions that are most relevant to your Organization, filtering out the User's other activities.
+- Existing User Profile URLs do not break.
+
 ## 4.2. Cons
+
+- Users will lose the ability to display their entire activity, which may lessen the effectiveness of using their User Profile as a resume of achievements when working across multiple Organizations.

doc/user/application_security/policies/scan-execution-policies.md

@@ -113,6 +113,11 @@ This rule enforces the defined actions whenever the pipeline runs for a selected
 
 > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default.
 > - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2.
+> - The security policy bot users were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394958) in GitLab 16.3 [with flags](../../../administration/feature_flags.md) named `scan_execution_group_bot_users` and `scan_execution_bot_users`. Enabled by default.
+
+FLAG:
+On self-managed GitLab, security policy bot users are available. To hide the feature, an administrator can [disable the feature flags](../../../administration/feature_flags.md) named `scan_execution_group_bot_users` and `scan_execution_bot_users`.
+On GitLab.com, this feature is available.
 
 This rule enforces the defined actions and schedules a scan on the provided date/time.
 
@@ -127,6 +132,10 @@ This rule enforces the defined actions and schedules a scan on the provided date
 
 1. You must specify only one of `branches`, `branch_type`, or `agents`.
 
+Scheduled scan pipelines are triggered by a security policy bot user that is a guest member of the project. Security policy bot users are automatically created when the security policy project is linked, and removed when the security policy project is unlinked.
+
+If the project does not have a security policy bot user, the scheduled scan pipeline is triggered by the user that modified the security policy project last.
+
 GitLab supports the following types of CRON syntax for the `cadence` field:
 
 - A daily cadence of once per hour at a specified hour, for example: `0 18 * * *`

locale/gitlab.pot

@@ -28526,6 +28526,9 @@ msgstr ""
 msgid "Markdown enabled."
 msgstr ""
 
+msgid "Markdown is supported"
+msgstr ""
+
 msgid "Markdown supported."
 msgstr ""
 

spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb

@@ -12,10 +12,9 @@ RSpec.describe 'cross-database foreign keys' do
   let!(:allowed_cross_database_foreign_keys) do
     [
       'routes.namespace_id',                    # https://gitlab.com/gitlab-org/gitlab/-/issues/420869
-      'user_details.enterprise_group_id',       # https://gitlab.com/gitlab-org/gitlab/-/issues/420868
-      'user_details.provisioned_by_group_id',   # https://gitlab.com/gitlab-org/gitlab/-/issues/420868
       'group_import_states.user_id',            # https://gitlab.com/gitlab-org/gitlab/-/issues/421210
-      'user_group_callouts.user_id'             # https://gitlab.com/gitlab-org/gitlab/-/issues/421287
+      'user_group_callouts.user_id',            # https://gitlab.com/gitlab-org/gitlab/-/issues/421287
+      'group_import_states.user_id'             # https://gitlab.com/gitlab-org/gitlab/-/issues/421210
     ]
   end