Add latest changes from gitlab-org/gitlab@master

app/views/admin/dashboard/index.html.haml

@@ -46,7 +46,8 @@
             enabled: allow_signup?)
 
           = feature_entry(_('LDAP'),
-            enabled: Gitlab.config.ldap.enabled)
+            enabled: Gitlab.config.ldap.enabled,
+            doc_href: help_page_path('administration/auth/ldap'))
 
           = feature_entry(_('Gravatar'),
             href: admin_application_settings_path(anchor: 'js-account-settings'),
@@ -54,10 +55,12 @@
 
           = feature_entry(_('OmniAuth'),
             href: admin_application_settings_path(anchor: 'js-signin-settings'),
-            enabled: Gitlab::Auth.omniauth_enabled?)
+            enabled: Gitlab::Auth.omniauth_enabled?,
+            doc_href: help_page_path('integration/omniauth'))
 
           = feature_entry(_('Reply by email'),
-            enabled: Gitlab::IncomingEmail.enabled?)
+            enabled: Gitlab::IncomingEmail.enabled?,
+            doc_href: help_page_path('administration/reply_by_email'))
 
           = render_if_exists 'admin/dashboard/elastic_and_geo'
 

changelogs/unreleased/35368-add-doc-links-to-all-features-2.yml

+---
+title: Add doc links to features on admin dashboard
+merge_request: 21419
+author:
+type: changed

changelogs/unreleased/8248-remove-conan-feature-flag.yml

+---
+title: Add support for Conan package management in the package registry
+merge_request: 21152
+author:
+type: added

doc/api/README.md

@@ -82,7 +82,7 @@ There are four ways to authenticate with the GitLab API:
 1. [OAuth2 tokens](#oauth2-tokens)
 1. [Personal access tokens](#personal-access-tokens)
 1. [Session cookie](#session-cookie)
-1. [GitLab CI job token](#gitlab-ci-job-token-premium) **(PREMIUM)**
+1. [GitLab CI job token](#gitlab-ci-job-token) **(Specific endpoints only)**
 
 For admins who want to authenticate with the API as a specific user, or who want to build applications or scripts that do so, two options are available:
 
@@ -152,13 +152,14 @@ The primary user of this authentication method is the web frontend of GitLab its
 which can use the API as the authenticated user to get a list of their projects,
 for example, without needing to explicitly pass an access token.
 
-### GitLab CI job token **(PREMIUM)**
+### GitLab CI job token
 
 With a few API endpoints you can use a [GitLab CI job token](../user/project/new_ci_build_permissions_model.md#job-token)
 to authenticate with the API:
 
 - [Get job artifacts](jobs.md#get-job-artifacts)
 - [Pipeline triggers](pipeline_triggers.md)
+- [Release creation](releases/index.md#create-a-release)
 
 ### Impersonation tokens
 

lib/api/api_guard.rb

@@ -63,7 +63,9 @@ module API
       end
 
       def find_user_from_sources
-        find_user_from_access_token || find_user_from_warden
+        find_user_from_access_token ||
+          find_user_from_job_token ||
+          find_user_from_warden
       end
 
       private

lib/gitlab/auth/user_auth_finders.rb

@@ -24,6 +24,8 @@ module Gitlab
 
       PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN'
       PRIVATE_TOKEN_PARAM = :private_token
+      JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze
+      JOB_TOKEN_PARAM = :job_token
 
       # Check the Rails session for valid authentication details
       def find_user_from_warden
@@ -50,6 +52,20 @@ module Gitlab
         User.find_by_feed_token(token) || raise(UnauthorizedError)
       end
 
+      def find_user_from_job_token
+        return unless route_authentication_setting[:job_token_allowed]
+
+        token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
+        return unless token.present?
+
+        job = ::Ci::Build.find_by_token(token)
+        raise ::Gitlab::Auth::UnauthorizedError unless job
+
+        @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
+        job.user
+      end
+
       # We only allow Private Access Tokens with `api` scope to be used by web
       # requests on RSS feeds or ICS files for backwards compatibility.
       # It is also used by GraphQL/API requests.

lib/gitlab/diff/highlight_cache.rb

@@ -3,6 +3,8 @@
 module Gitlab
   module Diff
     class HighlightCache
+      include Gitlab::Utils::StrongMemoize
+
       EXPIRATION = 1.week
       VERSION = 1
 
@@ -30,12 +32,11 @@ module Gitlab
       #   IO generated by N+1's (1 writing for each highlighted line or file).
       #
       def write_if_empty
-        return if uncached_files.empty?
+        return if cacheable_files.empty?
 
         new_cache_content = {}
-        uncached_files.each do |diff_file|
-          next unless cacheable?(diff_file)
 
+        cacheable_files.each do |diff_file|
           new_cache_content[diff_file.file_path] = diff_file.highlighted_diff_lines.map(&:to_hash)
         end
 
@@ -49,7 +50,9 @@ module Gitlab
       end
 
       def key
-        @redis_key ||= ['highlighted-diff-files', diffable.cache_key, VERSION, diff_options].join(":")
+        strong_memoize(:redis_key) do
+          ['highlighted-diff-files', diffable.cache_key, VERSION, diff_options].join(":")
+        end
       end
 
       private
@@ -60,13 +63,17 @@ module Gitlab
       # See https://gitlab.com/gitlab-org/gitlab/issues/38008
       #
       def deprecated_cache
-        @deprecated_cache ||= Gitlab::Diff::DeprecatedHighlightCache.new(@diff_collection)
+        strong_memoize(:deprecated_cache) do
+          Gitlab::Diff::DeprecatedHighlightCache.new(@diff_collection)
+        end
       end
 
-      def uncached_files
-        diff_files = @diff_collection.diff_files
+      def cacheable_files
+        strong_memoize(:cacheable_files) do
+          diff_files = @diff_collection.diff_files
 
-        diff_files.select { |file| read_cache[file.file_path].nil? }
+          diff_files.select { |file| cacheable?(file) && read_file(file).nil? }
+        end
       end
 
       # Given a hash of:
@@ -95,13 +102,20 @@ module Gitlab
           end
         end
 
+        # Subsequent read_file calls would need the latest cache.
+        #
+        clear_memoization(:cached_content)
+        clear_memoization(:cacheable_files)
+
         # Clean up any deprecated hash entries
         #
         deprecated_cache.clear
       end
 
       def file_paths
-        @file_paths ||= @diff_collection.diffs.collect(&:file_path)
+        strong_memoize(:file_paths) do
+          @diff_collection.diffs.collect(&:file_path)
+        end
       end
 
       def read_file(diff_file)
@@ -109,7 +123,7 @@ module Gitlab
       end
 
       def cached_content
-        @cached_content ||= read_cache
+        strong_memoize(:cached_content) { read_cache }
       end
 
       def read_cache

spec/lib/gitlab/diff/highlight_cache_spec.rb

@@ -72,13 +72,22 @@ describe Gitlab::Diff::HighlightCache, :clean_gitlab_redis_cache do
 
   describe '#write_if_empty' do
     it 'filters the key/value list of entries to be caches for each invocation' do
+      paths = merge_request.diffs.diff_files.select(&:text?).map(&:file_path)
+
       expect(cache).to receive(:write_to_redis_hash)
-        .once.with(hash_including(".gitignore")).and_call_original
-      expect(cache).to receive(:write_to_redis_hash).once.with({}).and_call_original
+        .with(hash_including(*paths))
+        .once
+        .and_call_original
 
       2.times { cache.write_if_empty }
     end
 
+    it 'reads from cache once' do
+      expect(cache).to receive(:read_cache).once.and_call_original
+
+      cache.write_if_empty
+    end
+
     context 'different diff_collections for the same diffable' do
       before do
         cache.write_if_empty