Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/clusters/components/applications.vue

@@ -634,8 +634,13 @@ Crossplane runs inside your Kubernetes cluster and supports secure connectivity
         :status-reason="applications.elastic_stack.statusReason"
         :request-status="applications.elastic_stack.requestStatus"
         :request-reason="applications.elastic_stack.requestReason"
+        :version="applications.elastic_stack.version"
+        :chart-repo="applications.elastic_stack.chartRepo"
+        :update-available="applications.elastic_stack.updateAvailable"
         :installed="applications.elastic_stack.installed"
         :install-failed="applications.elastic_stack.installFailed"
+        :update-successful="applications.elastic_stack.updateSuccessful"
+        :update-failed="applications.elastic_stack.updateFailed"
         :uninstallable="applications.elastic_stack.uninstallable"
         :uninstall-successful="applications.elastic_stack.uninstallSuccessful"
         :uninstall-failed="applications.elastic_stack.uninstallFailed"

app/assets/javascripts/clusters/stores/clusters_store.js

@@ -12,6 +12,7 @@ import {
   INSTALL_EVENT,
   UPDATE_EVENT,
   UNINSTALL_EVENT,
+  ELASTIC_STACK,
 } from '../constants';
 import transitionApplicationState from '../services/application_state_machine';
 
@@ -237,6 +238,9 @@ export default class ClusterStore {
       } else if (appId === RUNNER) {
         this.state.applications.runner.version = version;
         this.state.applications.runner.updateAvailable = updateAvailable;
+      } else if (appId === ELASTIC_STACK) {
+        this.state.applications.elastic_stack.version = version;
+        this.state.applications.elastic_stack.updateAvailable = updateAvailable;
       }
     });
   }

app/assets/javascripts/pages/registrations/new/index.js

 import LengthValidator from '~/pages/sessions/new/length_validator';
 import UsernameValidator from '~/pages/sessions/new/username_validator';
 import NoEmojiValidator from '~/emoji/no_emoji_validator';
+import Tracking from '~/tracking';
 
 document.addEventListener('DOMContentLoaded', () => {
   new UsernameValidator(); // eslint-disable-line no-new
   new LengthValidator(); // eslint-disable-line no-new
   new NoEmojiValidator(); // eslint-disable-line no-new
 });
+
+document.addEventListener('SnowplowInitialized', () => {
+  if (gon.tracking_data) {
+    const { category, action } = gon.tracking_data;
+
+    if (category && action) {
+      Tracking.event(category, action);
+    }
+  }
+});

app/models/clusters/applications/elastic_stack.rb

@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class ElasticStack < ApplicationRecord
-      VERSION = '1.8.0'
+      VERSION = '1.9.0'
 
       ELASTICSEARCH_PORT = 9200
 

app/services/git/process_ref_changes_service.rb

@@ -35,7 +35,7 @@ module Git
     end
 
     def execute_project_hooks?(changes)
-      (changes.size <= Gitlab::CurrentSettings.push_event_hooks_limit) || Feature.enabled?(:git_push_execute_all_project_hooks, project)
+      changes.size <= Gitlab::CurrentSettings.push_event_hooks_limit
     end
 
     def process_changes(ref_type, action, changes, execute_project_hooks:)

changelogs/unreleased/ak-upgrade-es.yml

+---
+title: Upgrade Elastic Stack helm chart to 1.9.0
+merge_request: 27011
+author:
+type: changed

config/initializers/sidekiq_cluster.rb

 # frozen_string_literal: true
 
-if ENV['ENABLE_SIDEKIQ_CLUSTER'] && Gitlab.ee?
+if ENV['ENABLE_SIDEKIQ_CLUSTER']
   Thread.new do
     Thread.current.abort_on_exception = true
 

doc/administration/gitaly/praefect.md

@@ -423,6 +423,12 @@ documentation](index.md#3-gitaly-server-configuration).
    gitlab-ctl reconfigure
    ```
 
+1. To ensure that Gitaly [has updated its Prometheus listen address](https://gitlab.com/gitlab-org/gitaly/-/issues/2521), [restart Gitaly](../restart_gitlab.md#omnibus-gitlab-restart):
+
+   ```shell
+   gitlab-ctl restart gitaly
+   ```
+
 **Complete these steps for each Gitaly node!**
 
 After all Gitaly nodes are configured, you can run the Praefect connection

doc/api/graphql/reference/gitlab_schema.graphql

@@ -601,6 +601,46 @@ type CreateNotePayload {
   note: Note
 }
 
+"""
+Autogenerated input type of CreateRequirement
+"""
+input CreateRequirementInput {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+
+  """
+  The project full path the requirement is associated with
+  """
+  projectPath: ID!
+
+  """
+  Title of the requirement
+  """
+  title: String!
+}
+
+"""
+Autogenerated return type of CreateRequirement
+"""
+type CreateRequirementPayload {
+  """
+  A unique identifier for the client performing the mutation.
+  """
+  clientMutationId: String
+
+  """
+  Reasons why the mutation failed.
+  """
+  errors: [String!]!
+
+  """
+  The requirement after mutation
+  """
+  requirement: Requirement
+}
+
 """
 Autogenerated input type of CreateSnippet
 """
@@ -4952,6 +4992,7 @@ type Mutation {
   createEpic(input: CreateEpicInput!): CreateEpicPayload
   createImageDiffNote(input: CreateImageDiffNoteInput!): CreateImageDiffNotePayload
   createNote(input: CreateNoteInput!): CreateNotePayload
+  createRequirement(input: CreateRequirementInput!): CreateRequirementPayload
   createSnippet(input: CreateSnippetInput!): CreateSnippetPayload
   designManagementDelete(input: DesignManagementDeleteInput!): DesignManagementDeletePayload
   designManagementUpload(input: DesignManagementUploadInput!): DesignManagementUploadPayload
@@ -6574,6 +6615,94 @@ type Repository {
   ): Tree
 }
 
+"""
+Represents a requirement.
+"""
+type Requirement {
+  """
+  Author of the requirement
+  """
+  author: User!
+
+  """
+  Timestamp of when the requirement was created
+  """
+  createdAt: Time!
+
+  """
+  ID of the requirement
+  """
+  id: ID!
+
+  """
+  Internal ID of the requirement
+  """
+  iid: ID!
+
+  """
+  Project to which the requirement belongs
+  """
+  project: Project!
+
+  """
+  State of the requirement
+  """
+  state: RequirementState!
+
+  """
+  Title of the requirement
+  """
+  title: String
+
+  """
+  Timestamp of when the requirement was last updated
+  """
+  updatedAt: Time!
+
+  """
+  Permissions for the current user on the resource
+  """
+  userPermissions: RequirementPermissions!
+}
+
+"""
+Check permissions for the current user on a requirement
+"""
+type RequirementPermissions {
+  """
+  Indicates the user can perform `admin_requirement` on this resource
+  """
+  adminRequirement: Boolean!
+
+  """
+  Indicates the user can perform `create_requirement` on this resource
+  """
+  createRequirement: Boolean!
+
+  """
+  Indicates the user can perform `destroy_requirement` on this resource
+  """
+  destroyRequirement: Boolean!
+
+  """
+  Indicates the user can perform `read_requirement` on this resource
+  """
+  readRequirement: Boolean!
+
+  """
+  Indicates the user can perform `update_requirement` on this resource
+  """
+  updateRequirement: Boolean!
+}
+
+"""
+State of a requirement
+"""
+enum RequirementState {
+  ARCHIVED
+  OPENED
+}
+
 type RootStorageStatistics {
   """
   The CI artifacts size in bytes

doc/api/graphql/reference/index.md

@@ -129,6 +129,16 @@ Autogenerated return type of CreateNote
 | `errors` | String! => Array | Reasons why the mutation failed. |
 | `note` | Note | The note after mutation |
 
+## CreateRequirementPayload
+
+Autogenerated return type of CreateRequirement
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `clientMutationId` | String | A unique identifier for the client performing the mutation. |
+| `errors` | String! => Array | Reasons why the mutation failed. |
+| `requirement` | Requirement | The requirement after mutation |
+
 ## CreateSnippetPayload
 
 Autogenerated return type of CreateSnippet
@@ -982,6 +992,34 @@ Autogenerated return type of RemoveAwardEmoji
 | `rootRef` | String | Default branch of the repository |
 | `tree` | Tree | Tree of the repository |
 
+## Requirement
+
+Represents a requirement.
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `author` | User! | Author of the requirement |
+| `createdAt` | Time! | Timestamp of when the requirement was created |
+| `id` | ID! | ID of the requirement |
+| `iid` | ID! | Internal ID of the requirement |
+| `project` | Project! | Project to which the requirement belongs |
+| `state` | RequirementState! | State of the requirement |
+| `title` | String | Title of the requirement |
+| `updatedAt` | Time! | Timestamp of when the requirement was last updated |
+| `userPermissions` | RequirementPermissions! | Permissions for the current user on the resource |
+
+## RequirementPermissions
+
+Check permissions for the current user on a requirement
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `adminRequirement` | Boolean! | Indicates the user can perform `admin_requirement` on this resource |
+| `createRequirement` | Boolean! | Indicates the user can perform `create_requirement` on this resource |
+| `destroyRequirement` | Boolean! | Indicates the user can perform `destroy_requirement` on this resource |
+| `readRequirement` | Boolean! | Indicates the user can perform `read_requirement` on this resource |
+| `updateRequirement` | Boolean! | Indicates the user can perform `update_requirement` on this resource |
+
 ## RootStorageStatistics
 
 | Name  | Type  | Description |

doc/ci/docker/using_docker_images.md

@@ -489,7 +489,7 @@ Look for the `[runners.docker]` section:
 
 ```toml
 [runners.docker]
-  image = "ruby:2.1"
+  image = "ruby:latest"
   services = ["mysql:latest", "postgres:latest"]
 ```
 

doc/ci/yaml/README.md

@@ -460,6 +460,9 @@ For example, the following are equivalent configuration:
     - b
   ```
 
+NOTE: **Note:**
+A pipeline will not be created if it only contains jobs in `.pre` or `.post` stages.
+
 ### `stage`
 
 `stage` is defined per-job and relies on [`stages`](#stages) which is defined

doc/development/documentation/index.md

@@ -8,7 +8,7 @@ GitLab's documentation is [intended as the single source of truth (SSOT)](https:
 
 In addition to this page, the following resources can help you craft and contribute documentation:
 
-- [Style Guide](styleguide.md) - What belongs in the docs, language guidelines, Markdown standards to follow, and more.
+- [Style Guide](styleguide.md) - What belongs in the docs, language guidelines, Markdown standards to follow, links, and more.
 - [Structure and template](structure.md) - Learn the typical parts of a doc page and how to write each one.
 - [Documentation process](workflow.md).
 - [Markdown Guide](../../user/markdown.md) - A reference for all Markdown syntax supported by GitLab.
@@ -116,8 +116,9 @@ Things to note:
 - The above `git grep` command will search recursively in the directory you run
   it in for `workflow/lfs/lfs_administration` and `lfs/lfs_administration`
   and will print the file and the line where this file is mentioned.
-  You may ask why the two greps. Since we use relative paths to link to
-  documentation, sometimes it might be useful to search a path deeper.
+  You may ask why the two greps. Since [we use relative paths to link to
+  documentation](styleguide.md#links)
+  , sometimes it might be useful to search a path deeper.
 - The `*.md` extension is not used when a document is linked to GitLab's
   built-in help page, that's why we omit it in `git grep`.
 - Use the checklist on the "Change documentation location" MR description template.

doc/user/application_security/dast/index.md

@@ -31,6 +31,10 @@ that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 GitLab checks the DAST report, compares the found vulnerabilities between the source and target
 branches, and shows the information right on the merge request.
 
+NOTE: **Note:**
+This comparison logic uses only the latest pipeline executed for the target branch's base commit.
+Running the pipeline on any other commit has no effect on the merge request.
+
 ![DAST Widget](img/dast_all.png)
 
 By clicking on one of the detected linked vulnerabilities, you will be able to

doc/user/clusters/applications.md

@@ -488,6 +488,41 @@ The Elastic Stack cluster application is intended as a log aggregation solution
 [Advanced Global Search](../search/advanced_global_search.md) functionality, which uses a separate
 Elasticsearch cluster.
 
+#### Optional: deploy Kibana to perform advanced queries
+
+If you are an advanced user and have direct access to your Kubernetes cluster using `kubectl` and `helm`, you can deploy Kibana manually.
+
+The following assumes that `helm` has been [initialized](https://v2.helm.sh/docs/helm/) with `helm init`.
+
+Save the following to `kibana.yml`:
+
+```yaml
+elasticsearch:
+  enabled: false
+
+logstash:
+  enabled: false
+
+kibana:
+  enabled: true
+  env:
+    ELASTICSEARCH_HOSTS: http://elastic-stack-elasticsearch-client.gitlab-managed-apps.svc.cluster.local:9200
+```
+
+Then install it on your cluster:
+
+```shell
+helm install --name kibana stable/elastic-stack --values kibana.yml
+```
+
+To access kibana, forward the port to your local machine:
+
+```shell
+kubectl port-forward svc/kibana 5601:443
+```
+
+Then, you can visit Kibana at `http://localhost:5601`.
+
 ### Future apps
 
 Interested in contributing a new GitLab managed app? Visit the

lib/gitlab/ci/config.rb

@@ -76,10 +76,7 @@ module Gitlab
         initial_config = Gitlab::Config::Loader::Yaml.new(config).load!
         initial_config = Config::External::Processor.new(initial_config, @context).perform
         initial_config = Config::Extendable.new(initial_config).to_hash
-
-        if Feature.enabled?(:ci_pre_post_pipeline_stages, @context.project, default_enabled: true)
-          initial_config = Config::EdgeStagesInjector.new(initial_config).to_hash
-        end
+        initial_config = Config::EdgeStagesInjector.new(initial_config).to_hash
 
         initial_config
       end

locale/gitlab.pot

@@ -6842,7 +6842,7 @@ msgstr ""
 msgid "Detect host keys"
 msgstr ""
 
-msgid "Detected %{timeago} in pipeline %{pipeline_link}"
+msgid "Detected %{timeago} in pipeline %{pipelineLink}"
 msgstr ""
 
 msgid "DevOps Score"

spec/lib/gitlab/ci/config_spec.rb

@@ -79,26 +79,6 @@ describe Gitlab::Ci::Config do
 
         it { is_expected.to eq %w[.pre stage1 stage2 .post] }
       end
-
-      context 'with feature disabled' do
-        before do
-          stub_feature_flags(ci_pre_post_pipeline_stages: false)
-        end
-
-        let(:yml) do
-          <<-EOS
-            stages:
-              - stage1
-              - stage2
-            job1:
-              stage: stage1
-              script:
-                - ls
-          EOS
-        end
-
-        it { is_expected.to eq %w[stage1 stage2] }
-      end
     end
   end
 

spec/models/clusters/applications/elastic_stack_spec.rb

@@ -20,7 +20,7 @@ describe Clusters::Applications::ElasticStack do
     it 'is initialized with elastic stack arguments' do
       expect(subject.name).to eq('elastic-stack')
       expect(subject.chart).to eq('stable/elastic-stack')
-      expect(subject.version).to eq('1.8.0')
+      expect(subject.version).to eq('1.9.0')
       expect(subject).to be_rbac
       expect(subject.files).to eq(elastic_stack.files)
     end
@@ -37,7 +37,7 @@ describe Clusters::Applications::ElasticStack do
       let(:elastic_stack) { create(:clusters_applications_elastic_stack, :errored, version: '0.0.1') }
 
       it 'is initialized with the locked version' do
-        expect(subject.version).to eq('1.8.0')
+        expect(subject.version).to eq('1.9.0')
       end
     end
   end

spec/services/git/process_ref_changes_service_spec.rb

@@ -55,36 +55,14 @@ describe Git::ProcessRefChangesService do
         stub_application_setting(push_event_hooks_limit: push_event_hooks_limit)
       end
 
-      context 'git_push_execute_all_project_hooks is disabled' do
-        before do
-          stub_feature_flags(git_push_execute_all_project_hooks: false)
-        end
-
-        it "calls #{push_service_class} with execute_project_hooks set to false" do
-          expect(push_service_class)
-            .to receive(:new)
-            .with(project, project.owner, hash_including(execute_project_hooks: false))
-            .exactly(changes.count).times
-            .and_return(service)
-
-          subject.execute
-        end
-      end
-
-      context 'git_push_execute_all_project_hooks is enabled' do
-        before do
-          stub_feature_flags(git_push_execute_all_project_hooks: true)
-        end
-
-        it "calls #{push_service_class} with execute_project_hooks set to true" do
-          expect(push_service_class)
-            .to receive(:new)
-            .with(project, project.owner, hash_including(execute_project_hooks: true))
-            .exactly(changes.count).times
-            .and_return(service)
+      it "calls #{push_service_class} with execute_project_hooks set to false" do
+        expect(push_service_class)
+          .to receive(:new)
+          .with(project, project.owner, hash_including(execute_project_hooks: false))
+          .exactly(changes.count).times
+          .and_return(service)
 
-          subject.execute
-        end
+        subject.execute
       end
     end