Add latest changes from gitlab-org/gitlab@master

doc/administration/audit_event_streaming/graphql_api.md

@@ -170,8 +170,8 @@ by [listing all the custom HTTP headers](#list-streaming-destinations) for the g
 
 ```graphql
 mutation {
-  externalAuditEventDestinationUpdate(input: { 
+  externalAuditEventDestinationUpdate(input: {
-    id:"gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", 
+    id:"gid://gitlab/AuditEvents::ExternalAuditEventDestination/1",
     destinationUrl: "https://www.new-domain.com/webhook",
     name: "destination-name"} ) {
     errors
@@ -285,7 +285,7 @@ Prerequisites:
 
 - You must have the Owner role for the group.
 
-You can remove a list of event type filters using the `auditEventsStreamingDestinationEventsRemove` query type:
+You can remove a list of event type filters using the `auditEventsStreamingDestinationEventsRemove` mutation type:
 
 ```graphql
 mutation {
@@ -545,6 +545,7 @@ query {
           value
         }
       }
+      eventTypeFilters
     }
   }
 }
@@ -568,7 +569,7 @@ by [listing all the external destinations](#list-streaming-destinations-1) for t
 
 ```graphql
 mutation {
-  instanceExternalAuditEventDestinationUpdate(input: { 
+  instanceExternalAuditEventDestinationUpdate(input: {
     id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1",
     destinationUrl: "https://www.new-domain.com/webhook",
     name: "destination-name"}) {
@@ -647,3 +648,60 @@ mutation {
 ```
 
 The header is deleted if the returned `errors` object is empty.
+
+### Event type filters
+
+> Event type filters API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/10868) in GitLab 16.2.
+
+When this feature is enabled for an instance, you can use an API to permit users to filter streamed audit events per destination.
+If the feature is enabled with no filters, the destination receives all audit events.
+
+A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label.
+
+#### Use the API to add an event type filter
+
+Prerequisites:
+
+- You must have the Administrator access for the instance.
+
+You can add a list of event type filters using the `auditEventsStreamingDestinationInstanceEventsAdd` mutation:
+
+```graphql
+mutation {
+    auditEventsStreamingDestinationInstanceEventsAdd(input: {
+        destinationId: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1",
+        eventTypeFilters: ["list of event type filters"]}){
+        errors
+        eventTypeFilters
+    }
+}
+```
+
+Event type filters are added if:
+
+- The returned `errors` object is empty.
+- The API responds with `200 OK`.
+
+#### Use the API to remove an event type filter
+
+Prerequisites:
+
+- You must have the Administrator access for the instance.
+
+You can remove a list of event type filters using the `auditEventsStreamingDestinationInstanceEventsRemove` mutation:
+
+```graphql
+mutation {
+    auditEventsStreamingDestinationInstanceEventsRemove(input: {
+    destinationId: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1",
+    eventTypeFilters: ["list of event type filters"]
+  }){
+    errors
+  }
+}
+```
+
+Event type filters are removed if:
+
+- The returned `errors` object is empty.
+- The API responds with `200 OK`.

doc/administration/consul.md

@@ -245,6 +245,12 @@ sudo gitlab-ctl start consul
 After this, the node should start back up, and the rest of the server agents rejoin.
 Shortly after that, the client agents should rejoin as well.
 
+If they do not join, you might also need to erase the Consul data on the client:
+
+```shell
+sudo rm -rf /var/opt/gitlab/consul/data
+```
+
 #### Recover a failed node
 
 If you have taken advantage of Consul to store other data and want to restore

doc/administration/geo/index.md

@@ -126,6 +126,7 @@ The following are required to run Geo:
   - If using different operating system versions between Geo sites,
     [check OS locale data compatibility](replication/troubleshooting.md#check-os-locale-data-compatibility)
     across Geo sites to avoid silent corruption of database indexes.
+- All sites must define the same [repository storages](../repository_storage_paths.md).
 
 Additionally, check the GitLab [minimum requirements](../../install/requirements.md),
 and use the latest version of GitLab for a better experience.

doc/development/backend/ruby_style_guide.md

@@ -273,7 +273,7 @@ end
 
 class ProjectCreator
   def self.execute
-    ActiveRecord::Base.transaction do
+    ApplicationRecord.transaction do
       name = SecureRandom.alphanumeric
       project = Project.create!(name: name)
       Repository.create!(project: project, name: name)

doc/update/index.md

@@ -328,6 +328,7 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap
   - Versions containing fix: GitLab 16.1.3 and later.
 - Geo: A [bug](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7841) in the built-in `pg-upgrade` tool prevents upgrading the bundled PostgreSQL database to version 13. This leaves the secondary site in a broken state, and prevents upgrading the Geo installation to GitLab 16.x ([PostgreSQL 12 support has removed in 16.0](deprecations.md#postgresql-12-deprecated) and later releases). This occurs on secondary sites using the bundled PostgreSQL software, running both the secondary main Rails database and tracking database on the same node. There is a manual [workaround](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7841#workaround) for those impacted until a fix is backported to 15.11.
   - Impacted versions: GitLab versions 15.2 - 15.11
+  - Versions containing fix: 15.11.12 and later.
   - Version 16.0 and later are not impacted. Note, 15.11 is a mandatory upgrade stop on the way to 16.0.
 
 ### 15.11.0
@@ -337,7 +338,8 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap
   - Impacted versions: GitLab versions 15.11.x, 16.0.x, and 16.1.0 - 16.1.2.
   - Versions containing fix: GitLab 16.1.3 and later.
 - Geo: A [bug](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7841) in the built-in `pg-upgrade` tool prevents upgrading the bundled PostgreSQL database to version 13. This leaves the secondary site in a broken state, and prevents upgrading the Geo installation to GitLab 16.x ([PostgreSQL 12 support has removed in 16.0](deprecations.md#postgresql-12-deprecated) and later releases). This occurs on secondary sites using the bundled PostgreSQL software, running both the secondary main Rails database and tracking database on the same node. There is a manual [workaround](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/7841#workaround) for those impacted until a fix is backported to 15.11.
-  - Impacted versions: GitLab versions 15.2 - 15.11
+  - Impacted versions: GitLab versions 15.2 - 15.11.11.
+  - Versions containing fix: 15.11.12 and later.
   - Version 16.0 and later are not impacted. Note, 15.11 is a mandatory upgrade stop on the way to 16.0.
 
 ### 15.11.x

lib/gitlab/ci/status/bridge/factory.rb

@@ -9,6 +9,7 @@ module Gitlab
             [[Status::Bridge::Retryable],
              [Status::Bridge::Failed],
              [Status::Bridge::Manual],
+             [Status::Bridge::WaitingForApproval],
              [Status::Bridge::WaitingForResource],
              [Status::Bridge::Play],
              [Status::Bridge::Action],

lib/gitlab/ci/status/bridge/waiting_for_approval.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Status
+      module Bridge
+        class WaitingForApproval < Status::Extended
+          ## Extended in EE
+          def self.matches?(_bridge, _user)
+            false
+          end
+        end
+      end
+    end
+  end
+end
+
+Gitlab::Ci::Status::Bridge::WaitingForApproval.prepend_mod_with('Gitlab::Ci::Status::Bridge::WaitingForApproval')

lib/gitlab/database/tables_sorted_by_foreign_keys.rb

@@ -34,7 +34,7 @@ module Gitlab
       def all_foreign_keys
         @all_foreign_keys ||= @tables.each_with_object(Hash.new { |h, k| h[k] = [] }) do |table, hash|
           foreign_keys_for(table).each do |fk|
-            hash[fk.to_table] << table
+            hash[fk.referenced_table_name] << table
           end
         end
       end
@@ -45,12 +45,10 @@ module Gitlab
         #
         # See spec/lib/gitlab/database/tables_sorted_by_foreign_keys_spec.rb
         # for an example
-        name = ActiveRecord::ConnectionAdapters::PostgreSQL::Utils.extract_schema_qualified_name(table)
+        table = ActiveRecord::ConnectionAdapters::PostgreSQL::Utils.extract_schema_qualified_name(table)
 
-        if name.schema == ::Gitlab::Database::DYNAMIC_PARTITIONS_SCHEMA.to_s
+        Gitlab::Database::SharedModel.using_connection(@connection) do
-          @connection.foreign_keys(name.identifier)
+          Gitlab::Database::PostgresForeignKey.by_constrained_table_name_or_identifier(table.identifier).load
-        else
-          @connection.foreign_keys(table)
         end
       end
     end

spec/lib/gitlab/database/tables_sorted_by_foreign_keys_spec.rb

@@ -2,11 +2,12 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::Database::TablesSortedByForeignKeys do
+RSpec.describe Gitlab::Database::TablesSortedByForeignKeys, feature_category: :cell do
-  let(:connection) { ApplicationRecord.connection }
+  let(:connection) { Ci::ApplicationRecord.connection }
   let(:tables) do
     %w[_test_gitlab_main_items _test_gitlab_main_references _test_gitlab_partition_parent
-       gitlab_partitions_dynamic._test_gitlab_partition_20220101]
+       gitlab_partitions_dynamic._test_gitlab_partition_20220101
+       gitlab_partitions_dynamic._test_gitlab_partition_20220102]
   end
 
   subject do
@@ -35,7 +36,18 @@ RSpec.describe Gitlab::Database::TablesSortedByForeignKeys do
       PARTITION OF _test_gitlab_partition_parent
       FOR VALUES FROM ('20220101') TO ('20220131');
 
+      CREATE TABLE gitlab_partitions_dynamic._test_gitlab_partition_20220102
+      PARTITION OF _test_gitlab_partition_parent
+      FOR VALUES FROM ('20220201') TO ('20220228');
+
       ALTER TABLE _test_gitlab_partition_parent DETACH PARTITION gitlab_partitions_dynamic._test_gitlab_partition_20220101;
+      ALTER TABLE _test_gitlab_partition_parent DETACH PARTITION gitlab_partitions_dynamic._test_gitlab_partition_20220102;
+
+      /* For some reason FK is now created in gitlab_partitions_dynamic */
+      ALTER TABLE gitlab_partitions_dynamic._test_gitlab_partition_20220101
+        DROP CONSTRAINT fk_constrained_1;
+      ALTER TABLE gitlab_partitions_dynamic._test_gitlab_partition_20220101
+        ADD CONSTRAINT fk_constrained_1 FOREIGN KEY(item_id) REFERENCES _test_gitlab_main_items(id);
     SQL
     connection.execute(statement)
   end
@@ -47,6 +59,7 @@ RSpec.describe Gitlab::Database::TablesSortedByForeignKeys do
           ['_test_gitlab_main_references'],
           ['_test_gitlab_partition_parent'],
           ['gitlab_partitions_dynamic._test_gitlab_partition_20220101'],
+          ['gitlab_partitions_dynamic._test_gitlab_partition_20220102'],
           ['_test_gitlab_main_items']
         ])
     end
@@ -62,6 +75,7 @@ RSpec.describe Gitlab::Database::TablesSortedByForeignKeys do
         [
           ['_test_gitlab_partition_parent'],
           ['gitlab_partitions_dynamic._test_gitlab_partition_20220101'],
+          ['gitlab_partitions_dynamic._test_gitlab_partition_20220102'],
           %w[_test_gitlab_main_items _test_gitlab_main_references]
         ])
     end

spec/lib/gitlab/database/tables_truncate_spec.rb

@@ -155,6 +155,7 @@ RSpec.describe Gitlab::Database::TablesTruncate, :reestablished_active_record_ba
           "_test_gitlab_shared_items" => :gitlab_shared,
           "_test_gitlab_geo_items" => :gitlab_geo,
           "detached_partitions" => :gitlab_shared,
+          "postgres_foreign_keys" => :gitlab_shared,
           "postgres_partitions" => :gitlab_shared
         }
       )

spec/support/shared_examples/ci/waiting_for_approval_status_shared_examples.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'a deployment job waiting for approval' do |factory_type|
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:job) { create(factory_type, :manual, environment: 'production', project: project) }
+
+  subject { described_class.new(Gitlab::Ci::Status::Core.new(job, user)) }
+
+  describe '.matches?' do
+    subject { described_class.matches?(job, user) }
+
+    let(:job) { create(factory_type, :manual, environment: 'production', project: project) }
+    let!(:deployment) { create(:deployment, deployment_status, deployable: job, project: project) }
+
+    context 'when job is waiting for approval' do
+      let(:deployment_status) { :blocked }
+
+      before do
+        allow(deployment).to receive(:waiting_for_approval?).and_return(true)
+      end
+
+      it 'is a correct match' do
+        expect(subject).to be_truthy
+      end
+    end
+
+    context 'when job is not waiting for approval' do
+      let(:deployment_status) { :created }
+
+      it 'does not match' do
+        expect(subject).to be_falsey
+      end
+    end
+  end
+
+  describe '#illustration' do
+    before do
+      environment = create(:environment, name: 'production', project: project)
+      create(:deployment, :blocked, project: project, environment: environment, deployable: job)
+    end
+
+    it { expect(subject.illustration).to include(:image, :size) }
+    it { expect(subject.illustration[:title]).to eq('Waiting for approvals') }
+
+    it do
+      expect(subject.illustration[:content]).to include('This job deploys to the protected environment "production"')
+    end
+  end
+
+  describe '#has_action?' do
+    it { expect(subject.has_action?).to be_truthy }
+  end
+
+  describe '#action_icon' do
+    it { expect(subject.action_icon).to be_nil }
+  end
+
+  describe '#action_title' do
+    it { expect(subject.action_title).to be_nil }
+  end
+
+  describe '#action_button_title' do
+    it { expect(subject.action_button_title).to eq('View environment details page') }
+  end
+
+  describe '#action_path' do
+    before do
+      environment = create(:environment, name: 'production', project: project)
+      create(:deployment, :blocked, project: project, environment: environment, deployable: job)
+    end
+
+    it { expect(subject.action_path).to include('environments') }
+  end
+
+  describe '#action_method' do
+    it { expect(subject.action_method).to eq(:get) }
+  end
+end