Automatic merge of gitlab-org/gitlab master

app/views/projects/_import_project_pane.html.haml

@@ -8,7 +8,7 @@
     .import-buttons
       - if gitlab_project_import_enabled?
         .import_gitlab_project.has-tooltip{ data: { container: 'body' } }
-          = link_to new_import_gitlab_project_path, class: 'gl-button btn-default btn btn_import_gitlab_project project-submit', **tracking_attrs(track_label, 'click_button', 'gitlab_export') do
+          = link_to new_import_gitlab_project_path, class: 'gl-button btn-default btn btn_import_gitlab_project', **tracking_attrs(track_label, 'click_button', 'gitlab_export') do
             .gl-button-icon
               = sprite_icon('tanuki')
             = _("GitLab export")

app/views/projects/_new_project_fields.html.haml

@@ -62,5 +62,5 @@
           .option-description
             = s_('ProjectsNew|Allows you to immediately clone this project’s repository. Skip this if you plan to push up an existing repository.')
 
-= f.submit _('Create project'), class: "btn btn-success project-submit", data: { track_label: "#{track_label}", track_event: "click_button", track_property: "create_project", track_value: "" }
-= link_to _('Cancel'), dashboard_projects_path, class: 'btn btn-cancel', data: { track_label: "#{track_label}", track_event: "click_button", track_property: "cancel", track_value: "" }
+= f.submit _('Create project'), class: "btn gl-button btn-success", data: { track_label: "#{track_label}", track_event: "click_button", track_property: "create_project", track_value: "" }
+= link_to _('Cancel'), dashboard_projects_path, class: 'btn gl-button btn-default btn-cancel', data: { track_label: "#{track_label}", track_event: "click_button", track_property: "cancel", track_value: "" }

changelogs/unreleased/gl-button-new-project.yml

+---
+title: Apply new GitLab UI for buttons in create project page
+merge_request: 53454
+author: Yogi (@yo)
+type: other

doc/user/application_security/container_scanning/index.md

@@ -177,7 +177,7 @@ scanning by using the following environment variables:
 
 | Environment Variable           | Default       | Description |
 | ------------------------------ | ------------- | ----------- |
-| `ADDITIONAL_CA_CERT_BUNDLE`    | `""`          | Bundle of CA certs that you want to trust. |
+| `ADDITIONAL_CA_CERT_BUNDLE`    | `""`          | Bundle of CA certs that you want to trust. See [Using a custom SSL CA certificate authority](#using-a-custom-ssl-ca-certificate-authority) for more details. |
 | `CLAIR_DB_CONNECTION_STRING`   | `postgresql://postgres:password@clair-vulnerabilities-db:5432/postgres?sslmode=disable&statement_timeout=60000` | This variable represents the [connection string](https://www.postgresql.org/docs/9.3/libpq-connect.html#AEN39692) to the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db) database and **shouldn't be changed** unless you're running the image locally as described in the [Running the standalone container scanning tool](#running-the-standalone-container-scanning-tool) section. The host value for the connection string must match the [alias](https://gitlab.com/gitlab-org/gitlab/-/blob/898c5da43504eba87b749625da50098d345b60d6/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml#L23) value of the `Container-Scanning.gitlab-ci.yml` template file, which defaults to `clair-vulnerabilities-db`. |
 | `CLAIR_DB_IMAGE`               | `arminc/clair-db:latest` | The Docker image name and tag for the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db). It can be useful to override this value with a specific version, for example, to provide a consistent set of vulnerabilities for integration testing purposes, or to refer to a locally hosted vulnerabilities database for an on-premise offline installation. |
 | `CLAIR_DB_IMAGE_TAG`           | `latest`      | (**DEPRECATED - use `CLAIR_DB_IMAGE` instead**) The Docker image tag for the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db). It can be useful to override this value with a specific version, for example, to provide a consistent set of vulnerabilities for integration testing purposes. |
@@ -217,6 +217,23 @@ GitLab 13.0 and later doesn't support [`only` and `except`](../../../ci/yaml/REA
 When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules)
 instead.
 
+## Using a custom SSL CA certificate authority
+
+You can use the `ADDITIONAL_CA_CERT_BUNDLE` environment variable to configure a custom SSL CA certificate authority, which is used to verify the peer when fetching Docker images from a registry which uses HTTPS. The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the [text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1). For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+
+```yaml
+container_scanning:
+  variables:
+    ADDITIONAL_CA_CERT_BUNDLE: |
+        -----BEGIN CERTIFICATE-----
+        MIIGqTCCBJGgAwIBAgIQI7AVxxVwg2kch4d56XNdDjANBgkqhkiG9w0BAQsFADCB
+        ...
+        jWgmPqF3vUbZE0EyScetPJquRFRKIesyJuBFMAs=
+        -----END CERTIFICATE-----
+```
+
+The `ADDITIONAL_CA_CERT_BUNDLE` value can also be configured as a [custom variable in the UI](../../../ci/variables/README.md#create-a-custom-variable-in-the-ui), either as a `file`, which requires the path to the certificate, or as a variable, which requires the text representation of the certificate.
+
 ### Vulnerability allowlisting
 
 To allowlist specific vulnerabilities, follow these steps:

ee/app/views/registrations/projects/new.html.haml

@@ -48,7 +48,7 @@
                 = link_to sprite_icon('question-o'), help_page_path('public_access/public_access'), aria: { label: 'Documentation for Visibility Level' }, target: '_blank', rel: 'noopener noreferrer'
               = render 'shared/visibility_level', f: f, visibility_level: visibility_level.to_i, can_change_visibility_level: true, form_model: @project, with_label: false
 
-              = f.submit _('Create project'), class: 'btn btn-success project-submit w-100', data: { track_label: 'blank_project', track_event: 'click_button', track_property: 'create_project', track_value: '' }
+              = f.submit _('Create project'), class: 'btn gl-button btn-success w-100', data: { track_label: 'blank_project', track_event: 'click_button', track_property: 'create_project', track_value: '' }
 
           #import-project-pane.tab-pane.import-project-pane.js-toggle-container{ role: 'tabpanel' }
             - if import_sources_enabled?

ee/changelogs/unreleased/296608_remove_target_name.yml

+---
+title: Remove target_name parameter from Elasticsearch rake tasks
+merge_request: 52958
+author:
+type: changed

ee/lib/tasks/gitlab/elastic.rake

@@ -60,14 +60,11 @@ namespace :gitlab do
     end
 
     desc "GitLab | Elasticsearch | Create empty indexes and assigns an alias for each"
-    task :create_empty_index, [:target_name] => [:environment] do |t, args|
+    task create_empty_index: [:environment] do |t, args|
       with_alias = ENV["SKIP_ALIAS"].nil?
       options = {}
 
-      # only create an index at the specified name
-      options[:index_name] = args[:target_name] unless with_alias
-
-      helper = Gitlab::Elastic::Helper.new(target_name: args[:target_name])
+      helper = Gitlab::Elastic::Helper.default
       index_name = helper.create_empty_index(with_alias: with_alias, options: options)
 
       # with_alias is used to support interacting with a specific index (such as when reclaiming the production index
@@ -89,8 +86,8 @@ namespace :gitlab do
     end
 
     desc "GitLab | Elasticsearch | Delete all indexes"
-    task :delete_index, [:target_name] => [:environment] do |t, args|
-      helper = Gitlab::Elastic::Helper.new(target_name: args[:target_name])
+    task delete_index: [:environment] do |t, args|
+      helper = Gitlab::Elastic::Helper.default
 
       if helper.delete_index
         puts "Index/alias '#{helper.target_name}' has been deleted".color(:green)
@@ -115,7 +112,7 @@ namespace :gitlab do
     end
 
     desc "GitLab | Elasticsearch | Recreate indexes"
-    task :recreate_index, [:target_name] => [:environment] do |t, args|
+    task recreate_index: [:environment] do |t, args|
       Rake::Task["gitlab:elastic:delete_index"].invoke(*args)
       Rake::Task["gitlab:elastic:create_empty_index"].invoke(*args)
     end

ee/spec/tasks/gitlab/elastic_rake_spec.rb

@@ -21,18 +21,14 @@ RSpec.describe 'gitlab:elastic namespace rake tasks', :elastic do
     end
 
     context 'when SKIP_ALIAS environment variable is set' do
-      let(:secondary_index_name) { "gitlab-test-#{Time.now.strftime("%Y%m%d-%H%M")}"}
-
       before do
         stub_env('SKIP_ALIAS', '1')
       end
 
       after do
-        es_helper.delete_index(index_name: secondary_index_name)
+        es_helper.client.indices.delete(index: "#{es_helper.target_name}*")
       end
 
-      subject { run_rake_task('gitlab:elastic:create_empty_index', secondary_index_name) }
-
       it 'does not alias the new index' do
         expect { subject }.not_to change { es_helper.alias_exists?(name: es_helper.target_name) }
       end
@@ -44,10 +40,6 @@ RSpec.describe 'gitlab:elastic namespace rake tasks', :elastic do
         expect { subject }.not_to change { es_helper.index_exists?(index_name: migration_index_name) }
       end
 
-      it 'creates an index at the specified name' do
-        expect { subject }.to change { es_helper.index_exists?(index_name: secondary_index_name) }.from(false).to(true)
-      end
-
       Gitlab::Elastic::Helper::ES_SEPARATE_CLASSES.each do |class_name|
         describe "#{class_name}" do
           it "does not create a standalone index" do