Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -475,7 +475,7 @@ gem 'lograge', '~> 0.5'
 gem 'grape_logging', '~> 1.7'
 
 # DNS Lookup
-gem 'gitlab-net-dns', '~> 0.9.1', require: 'net/dns'
+gem 'gitlab-net-dns', '~> 0.9.1'
 
 # Countries list
 gem 'countries', '~> 3.0'

app/models/user_highest_role.rb

@@ -4,4 +4,6 @@ class UserHighestRole < ApplicationRecord
   belongs_to :user, optional: false
 
   validates :highest_access_level, allow_nil: true, inclusion: { in: Gitlab::Access.all_values }
+
+  scope :with_highest_access_level, -> (highest_access_level) { where(highest_access_level: highest_access_level) }
 end

app/models/users_statistics.rb

@@ -11,4 +11,22 @@ class UsersStatistics < ApplicationRecord
     :bots,
     :blocked
   ].freeze
+
+  private
+
+  def highest_role_stats
+    return unless Feature.enabled?(:users_statistics)
+
+    {
+      owner: batch_count_for_access_level(Gitlab::Access::OWNER),
+      maintainer: batch_count_for_access_level(Gitlab::Access::MAINTAINER),
+      developer: batch_count_for_access_level(Gitlab::Access::DEVELOPER),
+      reporter: batch_count_for_access_level(Gitlab::Access::REPORTER),
+      guest: batch_count_for_access_level(Gitlab::Access::GUEST)
+    }
+  end
+
+  def batch_count_for_access_level(access_level)
+    Gitlab::Database::BatchCount.batch_count(UserHighestRole.with_highest_access_level(access_level))
+  end
 end

app/workers/error_tracking_issue_link_worker.rb

@@ -63,6 +63,10 @@ class ErrorTrackingIssueLinkWorker # rubocop:disable Scalability/IdempotentWorke
     sentry_client
       .repos(organization_slug)
       .find { |repo| repo.project_id == issue.project_id && repo.status == 'active' }
+  rescue Sentry::Client::Error => e
+    logger.info("Unable to retrieve Sentry repo for organization #{organization_slug}, id #{sentry_issue_id}, with error: #{e.message}")
+
+    nil
   end
 
   def organization_slug

changelogs/unreleased/user-creation-count.yml

+---
+title: Add metric to derive new users count
+merge_request: 27351
+author:
+type: added

config/application.rb

@@ -32,8 +32,6 @@ module Gitlab
 
     config.active_record.sqlite3.represent_boolean_as_integer = true
 
-    config.autoloader = :zeitwerk
-
     # Sidekiq uses eager loading, but directories not in the standard Rails
     # directories must be added to the eager load paths:
     # https://github.com/mperham/sidekiq/wiki/FAQ#why-doesnt-sidekiq-autoload-my-rails-application-code

config/environments/development.rb

@@ -42,7 +42,7 @@ Rails.application.configure do
   config.action_mailer.raise_delivery_errors = true
   # Don't make a mess when bootstrapping a development environment
   config.action_mailer.perform_deliveries = (ENV['BOOTSTRAP'] != '1')
-  config.action_mailer.preview_path = Rails.root.join('app', 'mailers', 'previews')
+  config.action_mailer.preview_path = 'app/mailers/previews'
 
   config.eager_load = false
 

config/environments/test.rb

@@ -43,7 +43,7 @@ Rails.application.configure do
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
 
-  config.eager_load = false
+  config.eager_load = true
 
   config.cache_store = :null_store
 

config/initializers/2_gitlab.rb

+require_dependency 'gitlab'

config/initializers_before_autoloader/002_zeitwerk.rb

-# frozen_string_literal: true
-
-Rails.autoloaders.each do |autoloader|
-  # We need to ignore these since these are non-Ruby files
-  # that do not define Ruby classes / modules
-  autoloader.ignore(Rails.root.join('lib/support'))
-  # Ignore generators since these are loaded manually by Rails
-  autoloader.ignore(Rails.root.join('lib/generators'))
-  autoloader.ignore(Rails.root.join('ee/lib/generators')) if Gitlab.ee?
-  # Mailer previews are also loaded manually by Rails
-  autoloader.ignore(Rails.root.join('app/mailers/previews'))
-  autoloader.ignore(Rails.root.join('ee/app/mailers/previews')) if Gitlab.ee?
-  # Ignore these files because these are only used in Rake tasks
-  # and are not available in production
-  autoloader.ignore(Rails.root.join('lib/gitlab/graphql/docs'))
-
-  autoloader.inflector.inflect(
-    'authenticates_2fa_for_admin_mode' => 'Authenticates2FAForAdminMode',
-    'api' => 'API',
-    'api_guard' => 'APIGuard',
-    'group_api_compatibility' => 'GroupAPICompatibility',
-    'project_api_compatibility' => 'ProjectAPICompatibility',
-    'cte' => 'CTE',
-    'recursive_cte' => 'RecursiveCTE',
-    'cidr' => 'CIDR',
-    'cli' => 'CLI',
-    'dn' => 'DN',
-    'hmac_token' => 'HMACToken',
-    'html' => 'HTML',
-    'html_parser' => 'HTMLParser',
-    'html_gitlab' => 'HTMLGitlab',
-    'http' => 'HTTP',
-    'http_connection_adapter' => 'HTTPConnectionAdapter',
-    'http_clone_enabled_check' => 'HTTPCloneEnabledCheck',
-    'chunked_io' => 'ChunkedIO',
-    'http_io' => 'HttpIO',
-    'json' => 'JSON',
-    'json_formatter' => 'JSONFormatter',
-    'json_web_token' => 'JSONWebToken',
-    'as_json' => 'AsJSON',
-    'ldap_key' => 'LDAPKey',
-    'mr_note' => 'MRNote',
-    'pdf' => 'PDF',
-    'rsa_token' => 'RSAToken',
-    'san_extension' => 'SANExtension',
-    'sca' => 'SCA',
-    'spdx' => 'SPDX',
-    'sql' => 'SQL',
-    'ssh_key' => 'SSHKey',
-    'ssh_key_with_user' => 'SSHKeyWithUser',
-    'ssh_public_key' => 'SSHPublicKey',
-    'git_push_ssh_proxy' => 'GitPushSSHProxy',
-    'git_user_default_ssh_config_check' => 'GitUserDefaultSSHConfigCheck',
-    'binary_stl' => 'BinarySTL',
-    'text_stl' => 'TextSTL',
-    'svg' => 'SVG',
-    'function_uri' => 'FunctionURI'
-  )
-end

config/settings.rb

@@ -3,6 +3,12 @@
 require 'settingslogic'
 require 'digest/md5'
 
+# We can not use `Rails.root` here, as this file might be loaded without the
+# full Rails environment being loaded. We can not use `require_relative` either,
+# as Rails uses `load` for `require_dependency` (used when loading the Rails
+# environment). This could then lead to this file being loaded twice.
+require_dependency File.expand_path('../lib/gitlab', __dir__)
+
 class Settings < Settingslogic
   source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
   namespace ENV.fetch('GITLAB_ENV') { Rails.env }

doc/administration/auth/smartcard.md

@@ -49,7 +49,7 @@ Certificate:
         Subject: CN=Gitlab User, emailAddress=gitlab-user@example.com
 ```
 
-### Authentication against a local database with X.509 certificates and SAN extensions **(PREMIUM ONLY)**
+### Authentication against a local database with X.509 certificates and SAN extension
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/8605) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.3.
 
@@ -135,6 +135,12 @@ attribute. As a prerequisite, you must use an LDAP server that:
      listen *:3444 ssl;
      ```
 
+   - It can also be configured to run on a different hostname:
+
+     ```plaintext
+     listen smartcard.example.com:443 ssl;
+     ```
+
    - The additional NGINX server context must be configured to require the client
      side certificate:
 
@@ -156,7 +162,7 @@ attribute. As a prerequisite, you must use an LDAP server that:
 
    ```plaintext
    server {
-       listen *:3444 ssl;
+       listen smartcard.example.com:3443 ssl;
 
        # certificate for configuring SSL
        ssl_certificate /path/to/example.com.crt;
@@ -195,10 +201,16 @@ attribute. As a prerequisite, you must use an LDAP server that:
      # Path to a file containing a CA certificate
      ca_file: '/etc/ssl/certs/CA.pem'
 
-     # Port where the client side certificate is requested by NGINX
-     client_certificate_required_port: 3444
+     # Host and port where the client side certificate is requested by the
+     # webserver (NGINX/Apache)
+     client_certificate_required_host: smartcard.example.com
+     client_certificate_required_port: 3443
    ```
 
+   NOTE: **Note**
+   Assign a value to at least one of the following variables:
+   `client_certificate_required_host` or `client_certificate_required_port`.
+
 1. Save the file and [restart](../restart_gitlab.md#installations-from-source)
    GitLab for the changes to take effect.
 

doc/user/admin_area/settings/usage_statistics.md

@@ -402,6 +402,7 @@ but commented out to help encourage others to add to it in the future. -->
 |groups|usage_activity_by_stage|manage|
 |ldap_keys|usage_activity_by_stage|manage|
 |ldap_users: 0|usage_activity_by_stage|manage|
+|users_created|usage_activity_by_stage|manage|
 |clusters|usage_activity_by_stage|monitor|
 |clusters_applications_prometheus|usage_activity_by_stage|monitor|
 |operations_dashboard_default_dashboard|usage_activity_by_stage|monitor|

doc/user/group/epics/index.md

@@ -350,6 +350,14 @@ You can [award an emoji](../../award_emojis.md) to that epic or its comments.
 
 You can [turn on notifications](../../profile/notifications.md) to be alerted about epic events.
 
+## Limits
+
+This section gives an overview of limits of Epics and an overview of their background.
+
+### Description and comment length
+
+See [Issues: Description and comment length](../../project/issues/index.md#description-and-comment-length)
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

doc/user/project/issues/index.md

@@ -4,7 +4,8 @@ Issues are the fundamental medium for collaborating on ideas and planning work i
 
 ## Overview
 
-The GitLab issue tracker is an advanced tool for collaboratively developing ideas, solving problems, and planning work.
+The GitLab issue tracker is an advanced tool for collaboratively developing ideas, solving problems,
+and planning work.
 
 Issues can allow sharing and discussion of proposals before, and during,
 their implementation between:
@@ -116,8 +117,8 @@ You can sort a list of issues in several ways, for example by issue creation dat
 
 ![Issue board](img/issue_board.png)
 
-[Issue boards](../issue_board.md) are Kanban boards with columns that display issues based on their labels
-or their assignees**(PREMIUM)**. They offer the flexibility to manage issues using
+[Issue boards](../issue_board.md) are Kanban boards with columns that display issues based on their
+labels or their assignees**(PREMIUM)**. They offer the flexibility to manage issues using
 highly customizable workflows.
 
 You can reorder issues within a column. If you drag an issue card to another column, its
@@ -200,3 +201,18 @@ Feature.enable(:save_issuable_health_status)
 - [Issues API](../../../api/issues.md)
 - Configure an [external issue tracker](../../../integration/external-issue-tracker.md)
   such as Jira, Redmine, or Bugzilla.
+
+## Limits
+
+This section gives an overview of limits of Issues and an overview of their background.
+
+### Description and comment length
+
+> Introduced in [GitLab 12.2](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/61974).
+
+Descriptions and comments on [issuable](../../../development/issuable-like-models.md) can be no
+longer than 1 million characters.
+
+Previously, there was no limit to issuable description size, which created a
+[possibility of a DoS attack](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/61974) by allowing
+very long descriptions. It's possible that we will set this limit to a lower number in the future.

doc/user/project/merge_requests/index.md

@@ -10,12 +10,12 @@ to source code that exist as commits on a given Git branch.
 ![Merge request view](img/merge_request.png)
 
 A Merge Request (**MR**) is the basis of GitLab as a code collaboration and version
-control platform. It is as simple as the name implies: a _request_ to _merge_ one
+control platform. It's exactly as the name implies: a _request_ to _merge_ one
 branch into another.
 
 ## Use cases
 
-A. Consider you are a software developer working in a team:
+A. Consider you're a software developer working in a team:
 
 1. You checkout a new branch, and submit your changes through a merge request
 1. You gather feedback from your team
@@ -61,7 +61,7 @@ So far, the navigation tabs present in merge requests to display **Discussion**,
 widget.
 
 To facilitate this navigation without having to scroll up and down through the page
-to find these tabs, based on user feedback, we are experimenting with a new positioning
+to find these tabs, based on user feedback, we're experimenting with a new positioning
 of these tabs. They are now located at the top of the merge request, with a new
 **Overview** tab, containing the description of the merge request followed by the
 widget. Next to **Overview**, you can find **Pipelines**, **Commits**, and **Changes**.
@@ -124,3 +124,11 @@ There are two main ways to have a merge request flow with GitLab:
 1. Working with forks of an authoritative project
 
 [Learn more about the authorization for merge requests.](authorization_for_merge_requests.md)
+
+## Limits
+
+This section gives an overview of limits of Merge Requests and an overview of their background.
+
+### Description and comment length
+
+See [Issues: Description and comment length](../issues/index.md#description-and-comment-length)

lib/gitlab/graphql/docs/helper.rb

 # frozen_string_literal: true
 
+return if Rails.env.production?
+
 module Gitlab
   module Graphql
     module Docs

lib/gitlab/graphql/docs/renderer.rb

 # frozen_string_literal: true
 
-require 'gitlab/graphql/docs/helper'
+return if Rails.env.production?
 
 module Gitlab
   module Graphql

lib/gitlab/metrics/exporter/base_exporter.rb

 # frozen_string_literal: true
 
-require 'webrick'
-require 'prometheus/client/rack/exporter'
-
 module Gitlab
   module Metrics
     module Exporter

lib/tasks/gitlab/graphql.rake

@@ -3,7 +3,6 @@
 return if Rails.env.production?
 
 require 'graphql/rake_task'
-require 'gitlab/graphql/docs/renderer'
 
 namespace :gitlab do
   OUTPUT_DIR = Rails.root.join("doc/api/graphql/reference")

scripts/static-analysis

 #!/usr/bin/env ruby
 
 # We don't have auto-loading here
+require_relative '../lib/gitlab'
 require_relative '../lib/gitlab/popen'
 require_relative '../lib/gitlab/popen/runner'
 

spec/factories/user_highest_roles.rb

@@ -3,5 +3,13 @@
 FactoryBot.define do
   factory :user_highest_role do
     user
+
+    trait :maintainer do
+      highest_access_level { Gitlab::Access::MAINTAINER }
+    end
+
+    trait :developer do
+      highest_access_level { Gitlab::Access::DEVELOPER }
+    end
   end
 end

spec/fast_spec_helper.rb

@@ -11,9 +11,6 @@ require_relative '../config/settings'
 require_relative 'support/rspec'
 require 'active_support/all'
 
-unless ActiveSupport::Dependencies.autoload_paths.frozen?
-  ActiveSupport::Dependencies.autoload_paths << 'lib'
-  ActiveSupport::Dependencies.autoload_paths << 'ee/lib'
-end
-
+ActiveSupport::Dependencies.autoload_paths << 'lib'
+ActiveSupport::Dependencies.autoload_paths << 'ee/lib'
 ActiveSupport::XmlMini.backend = 'Nokogiri'

spec/lib/gitlab/fogbugz_import/importer_spec.rb

 # frozen_string_literal: true
 
 require 'spec_helper'
-require 'fogbugz'
 
 describe Gitlab::FogbugzImport::Importer do
   let(:project) { create(:project_empty_repo) }

spec/lib/gitlab/graphql/docs/renderer_spec.rb

 # frozen_string_literal: true
 
 require 'spec_helper'
-require 'gitlab/graphql/docs/renderer'
 
 describe Gitlab::Graphql::Docs::Renderer do
   describe '#contents' do

spec/models/user_highest_role_spec.rb

@@ -10,4 +10,20 @@ describe UserHighestRole do
   describe 'validations' do
     it { is_expected.to validate_inclusion_of(:highest_access_level).in_array([nil, *Gitlab::Access.all_values]) }
   end
+
+  describe 'scopes' do
+    describe '.with_highest_access_level' do
+      let(:developer_access_level) { Gitlab::Access::DEVELOPER }
+      let!(:developer) { create(:user_highest_role, :developer) }
+      let!(:another_developer) { create(:user_highest_role, :developer) }
+      let!(:maintainer) { create(:user_highest_role, :maintainer) }
+
+      it 'only returns entry for developer access level' do
+        expect(described_class.with_highest_access_level(developer_access_level)).to contain_exactly(
+          developer,
+          another_developer
+        )
+      end
+    end
+  end
 end

spec/services/service_response_spec.rb

 # frozen_string_literal: true
 
 require 'fast_spec_helper'
-require_relative '../../app/services/service_response'
+
+ActiveSupport::Dependencies.autoload_paths << 'app/services'
 
 describe ServiceResponse do
   describe '.success' do

spec/workers/error_tracking_issue_link_worker_spec.rb

@@ -95,5 +95,19 @@ describe ErrorTrackingIssueLinkWorker do
 
       it_behaves_like 'attempts to create a link via plugin'
     end
+
+    context 'when Sentry repos request errors' do
+      it 'falls back to creating a link via plugin' do
+        expect_next_instance_of(Sentry::Client) do |client|
+          expect(client).to receive(:repos).with('sentry-org').and_raise(Sentry::Client::Error)
+          expect(client)
+            .to receive(:create_issue_link)
+            .with(nil, sentry_issue.sentry_issue_identifier, issue)
+            .and_return(true)
+        end
+
+        expect(subject).to be true
+      end
+    end
   end
 end