Add latest changes from gitlab-org/gitlab@master

app/controllers/import/gitea_controller.rb

@@ -3,6 +3,8 @@
 class Import::GiteaController < Import::GithubController
   extend ::Gitlab::Utils::Override
 
+  before_action :verify_blocked_uri, only: :status
+
   def new
     if session[access_token_key].present? && provider_url.present?
       redirect_to status_import_url
@@ -16,13 +18,7 @@ class Import::GiteaController < Import::GithubController
 
   # Must be defined or it will 404
   def status
-    if blocked_url?
-      session[access_token_key] = nil
-
-      redirect_to new_import_url, alert: _('Specified URL cannot be used.')
-    else
-      super
-    end
+    super
   end
 
   private
@@ -61,8 +57,8 @@ class Import::GiteaController < Import::GithubController
     { host: provider_url, api_version: 'v1' }
   end
 
-  def blocked_url?
-    Gitlab::UrlBlocker.blocked_url?(
+  def verify_blocked_uri
+    Gitlab::UrlBlocker.validate!(
       provider_url,
       {
         allow_localhost: allow_local_requests?,
@@ -70,6 +66,10 @@ class Import::GiteaController < Import::GithubController
         schemes: %w(http https)
       }
     )
+  rescue Gitlab::UrlBlocker::BlockedUrlError => e
+    session[access_token_key] = nil
+
+    redirect_to new_import_url, alert: _('Specified URL cannot be used: "%{reason}"') % { reason: e.message }
   end
 
   def allow_local_requests?

app/controllers/projects/import/jira_controller.rb

@@ -22,8 +22,14 @@ module Projects
       end
 
       def import
-        response = ::JiraImport::StartImportService.new(current_user, @project, jira_import_params[:jira_project_key]).execute
-        flash[:notice] = response.message if response.message.present?
+        jira_project_key = jira_import_params[:jira_project_key]
+
+        if jira_project_key.present?
+          response = ::JiraImport::StartImportService.new(current_user, @project, jira_project_key).execute
+          flash[:notice] = response.message if response.message.present?
+        else
+          flash[:alert] = 'No jira project key has been provided.'
+        end
 
         redirect_to project_import_jira_path(@project)
       end

app/models/snippet.rb

@@ -262,6 +262,15 @@ class Snippet < ApplicationRecord
     @repository ||= Repository.new(full_path, self, shard: repository_storage, disk_path: disk_path, repo_type: Gitlab::GlRepository::SNIPPET)
   end
 
+  def repository_size_checker
+    strong_memoize(:repository_size_checker) do
+      ::Gitlab::RepositorySizeChecker.new(
+        current_size_proc: -> { repository._uncached_size.megabytes },
+        limit: Gitlab::CurrentSettings.snippet_size_limit
+      )
+    end
+  end
+
   def storage
     @storage ||= Storage::Hashed.new(self, prefix: Storage::Hashed::SNIPPET_REPOSITORY_PATH_PREFIX)
   end

changelogs/unreleased/normalize-import-error-messages.yml

+---
+title: Normalize error message between Gitea and Fogbugz importers
+merge_request: 28802
+author:
+type: other

doc/README.md

@@ -279,7 +279,7 @@ The following documentation relates to the DevOps **Release** stage:
 
 | Release Topics                                                                                                                      | Description                                                                                                                           |
 |:------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------|
-| [Auto Deploy](topics/autodevops/index.md#auto-deploy)                                                                               | Configure GitLab for the deployment of your application.                                                                              |
+| [Auto Deploy](topics/autodevops/stages.md#auto-deploy)                                                                               | Configure GitLab for the deployment of your application.                                                                              |
 | [Canary Deployments](user/project/canary_deployments.md) **(PREMIUM)**                                                              | Employ a popular CI strategy where a small portion of the fleet is updated to the new version first.                                  |
 | [Deploy Boards](user/project/deploy_boards.md) **(PREMIUM)**                                                                        | View the current health and status of each CI environment running on Kubernetes, displaying the status of the pods in the deployment. |
 | [Environments and deployments](ci/environments.md)                                                                                  | With environments, you can control the continuous deployment of your software within GitLab.                                          |

doc/ci/README.md

@@ -120,7 +120,7 @@ Its feature set is listed on the table below according to DevOps stages.
 | [Using Docker images](docker/using_docker_images.md) | Use GitLab and GitLab Runner with Docker to build and test applications. |
 |---+---|
 | **Release** ||
-| [Auto Deploy](../topics/autodevops/index.md#auto-deploy) | Deploy your application to a production environment in a Kubernetes cluster. |
+| [Auto Deploy](../topics/autodevops/stages.md#auto-deploy) | Deploy your application to a production environment in a Kubernetes cluster. |
 | [Building Docker images](docker/using_docker_build.md) | Maintain Docker-based projects using GitLab CI/CD. |
 | [Canary Deployments](../user/project/canary_deployments.md) **(PREMIUM)** | Ship features to only a portion of your pods and let a percentage of your user base to visit the temporarily deployed feature. |
 | [Deploy Boards](../user/project/deploy_boards.md) **(PREMIUM)** | Check the current health and status of each CI/CD environment running on Kubernetes. |

doc/ci/autodeploy/index.md

 ---
-redirect_to: '../../topics/autodevops/index.md#auto-deploy'
+redirect_to: '../../topics/autodevops/stages.md#auto-deploy'
 ---
 
-This document was moved to [another location](../../topics/autodevops/index.md#auto-deploy).
+This document was moved to [another location](../../topics/autodevops/stages.md#auto-deploy).

doc/ci/autodeploy/quick_start_guide.md

 ---
-redirect_to: '../../topics/autodevops/index.md#auto-deploy'
+redirect_to: '../../topics/autodevops/stages.md#auto-deploy'
 ---
 
-This document was moved to [another location](../../topics/autodevops/index.md#auto-deploy).
+This document was moved to [another location](../../topics/autodevops/stages.md#auto-deploy).

doc/ci/introduction/index.md

@@ -199,7 +199,7 @@ according to each stage (Verify, Package, Release).
    - Deploy your features behind [Feature Flags](../../user/project/operations/feature_flags.md). **(PREMIUM)**
    - Add release notes to any Git tag with [GitLab Releases](../../user/project/releases/index.md).
    - View of the current health and status of each CI environment running on Kubernetes with [Deploy Boards](../../user/project/deploy_boards.md). **(PREMIUM)**
-   - Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/index.md#auto-deploy).
+   - Deploy your application to a production environment in a Kubernetes cluster with [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy).
 
 With GitLab CI/CD you can also:
 

doc/development/auto_devops.md

@@ -18,12 +18,12 @@ which then defines jobs.
 
 Some jobs use images that are built from external projects:
 
-- [Auto Build](../topics/autodevops/index.md#auto-build) uses
+- [Auto Build](../topics/autodevops/stages.md#auto-build) uses
   [configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml)
   in which the `build` job uses an image that is built using the
   [`auto-build-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-build-image)
   project.
-- [Auto Deploy](../topics/autodevops/index.md#auto-deploy) uses
+- [Auto Deploy](../topics/autodevops/stages.md#auto-deploy) uses
   [configuration](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml)
   in which the jobs defined in this template use an image that is built using the
   [`auto-deploy-image`](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image)

doc/development/database_review.md

@@ -77,7 +77,9 @@ the following preparations into account.
 - Ensure `db/structure.sql` is updated.
 - Make migrations reversible by using the `change` method or include a `down` method when using `up`.
   - Include either a rollback procedure or describe how to rollback changes.
-- Add the output of the migration(s) to the MR description.
+- Add the output of both migrating and rolling back for all migrations into the MR description
+  - Ensure the down method reverts the changes in `db/structure.sql`
+  - Update the migration output whenever you modify the migrations during the review process
 - Add tests for the migration in `spec/migrations` if necessary. See [Testing Rails migrations at GitLab](testing_guide/testing_migrations_guide.md) for more details.
 - When [high-traffic](https://gitlab.com/gitlab-org/gitlab/-/blob/master/rubocop/migration_helpers.rb#L12) tables are involved in the migration, use the [`with_lock_retries`](migration_style_guide.md#retry-mechanism-when-acquiring-database-locks) helper method. Review the relevant [examples in our documentation](migration_style_guide.md#examples) for use cases and solutions.
 - Ensure RuboCop checks are not disabled unless there's a valid reason to.

doc/development/documentation/structure.md

@@ -21,8 +21,10 @@ with exceptions and details noted below and in the template included on this pag
 
 - **Title**: Top-level heading with the feature name, or a use case name, which would start with
   a verb, like Configuring, Enabling, etc.
-- **Introduction**: A couple sentences about the subject matter and what's to be found on this page.
-- **Overview** Describe what it is, what it does, and in what context it should be used.
+- **Introduction**: A couple sentences about the subject matter and what's to be found
+on this page. Describe what the feature or topic is, what it does, and in what context it should
+be used. There is no need to add a title called "Introduction" or "Overview," because people rarely
+ search for these terms. Just put this information after the title.
 - **Use cases**: describes real use case scenarios for that feature/configuration.
 - **Requirements**: describes what software, configuration, account, or knowledge is required.
 - **Instructions**: One or more sets of detailed instructions to follow.
@@ -54,12 +56,10 @@ description: "Short document description." # Up to ~200 chars long. They will be
 > [Introduced](link_to_issue_or_mr) in GitLab (Tier) X.Y (2).
 
 An introduction -- without its own additional header -- goes here.
-Offer a very short description of the feature or use case, and what to expect on this page.
+Offer a description of the feature or use case, and what to expect on this page.
 (You can reuse this content, or part of it, for the front matter's `description` at the top of this file).
 
-## Overview
-
-The feature overview should answer the following questions:
+The introduction should answer the following questions:
 
 - What is this feature or use case?
 - Who is it for?

doc/topics/application_development_platform/index.md

@@ -47,10 +47,10 @@ that may lead to security problems and unintended use. This can be achieved by m
 which inform security teams and developers if there is something to consider changing in their apps
 before it is too late to create a preventative fix. The following features are included:
 
-- [Auto SAST (Static Application Security Testing)](../autodevops/index.md#auto-sast-ultimate)
-- [Auto Dependency Scanning](../autodevops/index.md#auto-dependency-scanning-ultimate)
-- [Auto Container Scanning](../autodevops/index.md#auto-container-scanning-ultimate)
-- [Auto DAST (Dynamic Application Security Testing)](../autodevops/index.md#auto-dast-ultimate)
+- [Auto SAST (Static Application Security Testing)](../autodevops/stages.md#auto-sast-ultimate)
+- [Auto Dependency Scanning](../autodevops/stages.md#auto-dependency-scanning-ultimate)
+- [Auto Container Scanning](../autodevops/stages.md#auto-container-scanning-ultimate)
+- [Auto DAST (Dynamic Application Security Testing)](../autodevops/stages.md#auto-dast-ultimate)
 
 ### Observability
 
@@ -58,5 +58,5 @@ Performance is a critical aspect of the user experience, and ensuring your appli
 responsibility. The Application Development Platform integrates key performance analytics and feedback
 into GitLab, automatically. The following features are included:
 
-- [Auto Monitoring](../autodevops/index.md#auto-monitoring)
+- [Auto Monitoring](../autodevops/stages.md#auto-monitoring)
 - [In-app Kubernetes Logs](../../user/project/clusters/kubernetes_pod_logs.md)

doc/topics/autodevops/quick_start_guide.md

@@ -144,33 +144,33 @@ The pipeline is split into 4 stages, each running a couple of jobs.
 ![Pipeline stages](img/guide_pipeline_stages_v12_3.png)
 
 In the **build** stage, the application is built into a Docker image and then
-uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](index.md#auto-build)).
+uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](stages.md#auto-build)).
 
 In the **test** stage, GitLab runs various checks on the application:
 
 - The `test` job runs unit and integration tests by detecting the language and
-  framework ([Auto Test](index.md#auto-test))
+  framework ([Auto Test](stages.md#auto-test))
 - The `code_quality` job checks the code quality and is allowed to fail
-  ([Auto Code Quality](index.md#auto-code-quality-starter)) **(STARTER)**
+  ([Auto Code Quality](stages.md#auto-code-quality-starter)) **(STARTER)**
 - The `container_scanning` job checks the Docker container if it has any
-  vulnerabilities and is allowed to fail ([Auto Container Scanning](index.md#auto-container-scanning-ultimate))
+  vulnerabilities and is allowed to fail ([Auto Container Scanning](stages.md#auto-container-scanning-ultimate))
 - The `dependency_scanning` job checks if the application has any dependencies
-  susceptible to vulnerabilities and is allowed to fail ([Auto Dependency Scanning](index.md#auto-dependency-scanning-ultimate)) **(ULTIMATE)**
+  susceptible to vulnerabilities and is allowed to fail ([Auto Dependency Scanning](stages.md#auto-dependency-scanning-ultimate)) **(ULTIMATE)**
 - The `sast` job runs static analysis on the current code to check for potential
-  security issues and is allowed to fail([Auto SAST](index.md#auto-sast-ultimate)) **(ULTIMATE)**
+  security issues and is allowed to fail([Auto SAST](stages.md#auto-sast-ultimate)) **(ULTIMATE)**
 - The `license_management` job searches the application's dependencies to determine each of their
-  licenses and is allowed to fail ([Auto License Compliance](index.md#auto-license-compliance-ultimate)) **(ULTIMATE)**
+  licenses and is allowed to fail ([Auto License Compliance](stages.md#auto-license-compliance-ultimate)) **(ULTIMATE)**
 
 NOTE: **Note:**
 As you might have noticed, all jobs except `test` are allowed to fail in the
 test stage.
 
 The **production** stage is run after the tests and checks finish, and it automatically
-deploys the application in Kubernetes ([Auto Deploy](index.md#auto-deploy)).
+deploys the application in Kubernetes ([Auto Deploy](stages.md#auto-deploy)).
 
 Lastly, in the **performance** stage, some performance tests will run
 on the deployed application
-([Auto Browser Performance Testing](index.md#auto-browser-performance-testing-premium)). **(PREMIUM)**
+([Auto Browser Performance Testing](stages.md#auto-browser-performance-testing-premium)). **(PREMIUM)**
 
 ---
 
@@ -260,7 +260,7 @@ Let's fix that:
 1. Write a commit message and click **Commit**.
 
 Now, if you go back to the merge request you should not only see the test passing, but
-also the application deployed as a [review app](index.md#auto-review-apps). You
+also the application deployed as a [review app](stages.md#auto-review-apps). You
 can visit it by following clicking the **View app** button. You will see
 the changes that we previously made.
 

doc/topics/web_application_firewall/quick_start_guide.md

@@ -150,12 +150,12 @@ The pipeline is split into a few stages, each running a couple of jobs.
 ![Pipeline stages](../autodevops/img/guide_pipeline_stages_v12_3.png)
 
 In the **build** stage, the application is built into a Docker image and then
-uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](../autodevops/index.md#auto-build)).
+uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](../autodevops/stages.md#auto-build)).
 
 In the **test** stage, GitLab runs various checks on the application.
 
 The **production** stage is run after the tests and checks finish, and it automatically
-deploys the application in Kubernetes ([Auto Deploy](../autodevops/index.md#auto-deploy)).
+deploys the application in Kubernetes ([Auto Deploy](../autodevops/stages.md#auto-deploy)).
 
 The **production** stage creates Kubernetes objects
 like a Deployment, Service, and Ingress resource. The

doc/user/application_security/container_scanning/index.md

@@ -15,7 +15,7 @@ two open source tools for Vulnerability Static Analysis for containers.
 
 You can take advantage of Container Scanning by either [including the CI job](#configuration) in
 your existing `.gitlab-ci.yml` file or by implicitly using
-[Auto Container Scanning](../../../topics/autodevops/index.md#auto-container-scanning-ultimate)
+[Auto Container Scanning](../../../topics/autodevops/stages.md#auto-container-scanning-ultimate)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the Container Scanning report, compares the found vulnerabilities

doc/user/application_security/dast/index.md

@@ -24,7 +24,7 @@ for known vulnerabilities using Dynamic Application Security Testing (DAST).
 
 You can take advantage of DAST by either [including the CI job](#configuration) in
 your existing `.gitlab-ci.yml` file or by implicitly using
-[Auto DAST](../../../topics/autodevops/index.md#auto-dast-ultimate)
+[Auto DAST](../../../topics/autodevops/stages.md#auto-dast-ultimate)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the DAST report, compares the found vulnerabilities between the source and target

doc/user/application_security/dependency_scanning/index.md

@@ -18,7 +18,7 @@ All dependencies are scanned, including the transitive dependencies (also known
 
 You can take advantage of Dependency Scanning by either [including the CI job](#configuration)
 in your existing `.gitlab-ci.yml` file or by implicitly using
-[Auto Dependency Scanning](../../../topics/autodevops/index.md#auto-dependency-scanning-ultimate)
+[Auto Dependency Scanning](../../../topics/autodevops/stages.md#auto-dependency-scanning-ultimate)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the Dependency Scanning report, compares the found vulnerabilities

doc/user/application_security/sast/index.md

@@ -19,7 +19,7 @@ vulnerabilities using Static Application Security Testing (SAST).
 You can take advantage of SAST by doing one of the following:
 
 - [Including the CI job](#configuration) in your existing `.gitlab-ci.yml` file.
-- Implicitly using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) provided by
+- Implicitly using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate) provided by
   [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the SAST report, compares the found vulnerabilities between the
@@ -96,7 +96,7 @@ The [Security Scanner Integration](../../../development/integrations/secure.md)
 ## Configuration
 
 NOTE: **Note:**
-You don't have to configure SAST manually as shown in this section if you're using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate)
+You don't have to configure SAST manually as shown in this section if you're using [Auto SAST](../../../topics/autodevops/stages.md#auto-sast-ultimate)
 provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/README.md#includetemplate)

doc/user/application_security/threat_monitoring/index.md

@@ -13,7 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page.
 GitLab supports statistics for the following security features:
 
 - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity)
-- [Container Network Policies](../../../topics/autodevops/index.md#network-policy)
+- [Container Network Policies](../../../topics/autodevops/stages.md#network-policy)
 
 ## Web Application Firewall
 

doc/user/clusters/applications.md

@@ -754,7 +754,7 @@ available configuration options.
 [Cilium](https://cilium.io/) is a networking plugin for Kubernetes
 that you can use to implement support for
 [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
-resources. For more information on [Network Policies](../../topics/autodevops/index.md#network-policy), see the documentation.
+resources. For more information on [Network Policies](../../topics/autodevops/stages.md#network-policy), see the documentation.
 
 Enable Cilium in the `.gitlab/managed-apps/config.yaml` file to install it:
 

doc/user/compliance/license_compliance/index.md

@@ -13,7 +13,7 @@ using License Compliance.
 
 You can take advantage of License Compliance by either [including the job](#configuration)
 in your existing `.gitlab-ci.yml` file or by implicitly using
-[Auto License Compliance](../../../topics/autodevops/index.md#auto-license-compliance-ultimate)
+[Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance-ultimate)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the License Compliance report, compares the licenses between the

doc/user/group/saml_sso/index.md

@@ -415,7 +415,9 @@ Alternatively, an admin of your Identity Provider can use the [SCIM API](../../.
 
 ### Message: "SAML authentication failed: Email has already been taken"
 
-Same as ["SAML authentication failed: User has already been taken"](#message-saml-authentication-failed-user-has-already-been-taken).
+| Cause                                                                                                                                    | Solution                                                                 |
+|------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|
+| When a user account with the email address already exists in GitLab, but the user does not have the SAML identity tied to their account. | The user will need to [link their account](#user-access-and-management). |
 
 ### Message: "SAML authentication failed: Extern uid has already been taken, User has already been taken"
 

doc/user/group/saml_sso/scim_setup.md

@@ -62,7 +62,7 @@ You can then test the connection by clicking on **Test Connection**. If the conn
 
 #### Configure attribute mapping
 
-1. Click on `Synchronize Azure Active Directory Users to AppName`, to configure the attribute mapping.
+1. Click on `Synchronize Azure Active Directory Users to AppName` to configure the attribute mapping.
 1. Click **Delete** next to the `mail` mapping.
 1. Map `userPrincipalName` to `emails[type eq "work"].value` and change its **Matching precedence** to `2`.
 1. Map `mailNickname` to `userName`.
@@ -74,33 +74,25 @@ You can then test the connection by clicking on **Test Connection**. If the conn
 1. Create a new mapping:
    1. Click **Add New Mapping**.
    1. Set:
-      - **Source attribute** to the unique identifier determined above.
-      - **Target attribute** to `id`.
+      - **Source attribute** to the unique identifier determined above, typically `objectId`.
+      - **Target attribute** to `externalId`.
       - **Match objects using this attribute** to `Yes`.
       - **Matching precedence** to `1`.
-1. Create another new mapping:
-   1. Click **Add New Mapping**.
-   1. Set:
-      - **Source attribute** to the unique identifier determined above.
-      - **Target attribute** to `externalId`.
-1. Click the `userPrincipalName` mapping and change **Match objects using this attribute** to `No`.
 
-   Save your changes and you should have the following configuration:
+1. Click the `userPrincipalName` mapping and change **Match objects using this attribute** to `No`.
 
-   ![Azure's attribute mapping configuration](img/scim_attribute_mapping.png)
+1. Save your changes. For reference, you can view [an example configuration in the troubleshooting reference](../../../administration/troubleshooting/group_saml_scim.md#azure-active-directory).
 
-   NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it instead to both `id` and `externalId`.
+   NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it to `externalId`.
 
 1. Below the mapping list click on **Show advanced options > Edit attribute list for AppName**.
 
-1. Leave the `id` as the primary and only required field.
+1. Ensure the `id` is the primary and required field, and `externalId` is also required.
 
    NOTE: **Note:**
    `username` should neither be primary nor required as we don't support
    that field on GitLab SCIM yet.
 
-   ![Azure's attribute advanced configuration](img/scim_advanced.png)
-
 1. Save all the screens and, in the **Provisioning** step, set
    the `Provisioning Status` to `On`.
 

doc/user/index.md

@@ -88,7 +88,7 @@ it all at once, from one single project.
 Use built-in [GitLab CI/CD](../ci/README.md) to test, build, and deploy your applications
 directly from GitLab. No third-party integrations needed.
 
-- [GitLab Auto Deploy](../topics/autodevops/index.md#auto-deploy): Deploy your application out-of-the-box with GitLab Auto Deploy.
+- [GitLab Auto Deploy](../topics/autodevops/stages.md#auto-deploy): Deploy your application out-of-the-box with GitLab Auto Deploy.
 - [Review Apps](../ci/review_apps/index.md): Live-preview the changes introduced by a merge request with Review Apps.
 - [GitLab Pages](project/pages/index.md): Publish your static site directly from
   GitLab with GitLab Pages. You can build, test, and deploy any Static Site Generator with Pages.

doc/user/project/canary_deployments.md

@@ -44,7 +44,7 @@ Canary deployments require that you properly configure Deploy Boards:
 
 1. Follow the steps to [enable Deploy Boards](deploy_boards.md#enabling-deploy-boards).
 1. To track canary deployments you need to label your Kubernetes deployments and
-   pods with `track: canary`. To get started quickly, you can use the [Auto Deploy](../../topics/autodevops/index.md#auto-deploy)
+   pods with `track: canary`. To get started quickly, you can use the [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy)
    template for canary deployments that GitLab provides.
 
 Depending on the deploy, the label should be either `stable` or `canary`.

doc/user/project/deploy_boards.md

@@ -81,7 +81,7 @@ To display the Deploy Boards for a specific [environment](../../ci/environments.
    `$CI_PROJECT_PATH_SLUG` are the values of the CI variables. This is so we can
    lookup the proper environment in a cluster/namespace which may have more
    than one. These resources should be contained in the namespace defined in
-   the Kubernetes service setting. You can use an [Autodeploy](../../topics/autodevops/index.md#auto-deploy) `.gitlab-ci.yml`
+   the Kubernetes service setting. You can use an [Autodeploy](../../topics/autodevops/stages.md#auto-deploy) `.gitlab-ci.yml`
    template which has predefined stages and commands to use, and automatically
    applies the annotations. Each project will need to have a unique namespace in
    Kubernetes as well. The image below demonstrates how this is shown inside
@@ -139,7 +139,7 @@ version of your application.
 
 ## Further reading
 
-- [GitLab Autodeploy](../../topics/autodevops/index.md#auto-deploy)
+- [GitLab Autodeploy](../../topics/autodevops/stages.md#auto-deploy)
 - [GitLab CI/CD environment variables](../../ci/variables/README.md)
 - [Environments and deployments](../../ci/environments.md)
 - [Kubernetes deploy example](https://gitlab.com/gitlab-examples/kubernetes-deploy)

doc/user/project/index.md

@@ -63,7 +63,7 @@ When you create a project in GitLab, you'll have access to a large number of
 - [GitLab CI/CD](../../ci/README.md): GitLab's built-in [Continuous Integration, Delivery, and Deployment](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/) tool
   - [Container Registry](../packages/container_registry/index.md): Build and push Docker
   images out-of-the-box
-  - [Auto Deploy](../../topics/autodevops/index.md#auto-deploy): Configure GitLab CI/CD
+  - [Auto Deploy](../../topics/autodevops/stages.md#auto-deploy): Configure GitLab CI/CD
   to automatically set up your app's deployment
   - [Enable and disable GitLab CI/CD](../../ci/enable_or_disable_ci.md)
   - [Pipelines](../../ci/pipelines/index.md): Configure and visualize

doc/user/project/integrations/prometheus.md

@@ -76,7 +76,7 @@ The Prometheus server will [automatically detect and monitor](https://prometheus
 - `prometheus.io/port` to define the port of the metrics endpoint.
 - `prometheus.io/path` to define the path of the metrics endpoint. Defaults to `/metrics`.
 
-CPU and Memory consumption is monitored, but requires [naming conventions](prometheus_library/kubernetes.md#specifying-the-environment) in order to determine the environment. If you are using [Auto DevOps](../../../topics/autodevops/), this is handled automatically.
+CPU and Memory consumption is monitored, but requires [naming conventions](prometheus_library/kubernetes.md#specifying-the-environment) in order to determine the environment. If you are using [Auto DevOps](../../../topics/autodevops/index.md), this is handled automatically.
 
 The [NGINX Ingress](../clusters/index.md#installing-applications) that is deployed by GitLab to clusters, is automatically annotated for monitoring providing key response metrics: latency, throughput, and error rates.
 

doc/user/project/integrations/prometheus_library/nginx_ingress.md

@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h
 
 In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `ingress` label must `<CI_ENVIRONMENT_SLUG>`.
 
-If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.
+If you have used [Auto Deploy](../../../../topics/autodevops/stages.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.

doc/user/project/integrations/prometheus_library/nginx_ingress_vts.md

@@ -55,4 +55,4 @@ Managing these settings depends on how NGINX Ingress has been deployed. If you h
 
 In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `upstream` label must be of the form `<KUBE_NAMESPACE>-<CI_ENVIRONMENT_SLUG>-*`.
 
-If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.
+If you have used [Auto Deploy](../../../../topics/autodevops/stages.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.

doc/user/project/merge_requests/code_quality.md

@@ -19,7 +19,7 @@ Code Quality:
   Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project using [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults).
 - Can make use of a [template](#example-configuration).
 - Is available with [Auto
-  DevOps](../../../topics/autodevops/index.md#auto-code-quality-starter).
+  DevOps](../../../topics/autodevops/stages.md#auto-code-quality-starter).
 - Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool).
 
 Going a step further, GitLab can show the Code Quality report right

doc/user/project/repository/web_editor.md

@@ -126,7 +126,7 @@ a blank `README.md` file to it, and creates and redirects you to a new branch
 based on the issue title.
 If your [project is already configured with a deployment service](../integrations/overview.md),
 such as Kubernetes, GitLab takes one step further and prompts you to set up
-[auto deploy](../../../topics/autodevops/index.md#auto-deploy)
+[auto deploy](../../../topics/autodevops/stages.md#auto-deploy)
 by helping you create a `.gitlab-ci.yml` file.
 
 After the branch is created, you can edit files in the repository to fix

lib/gitlab/git_access.rb

@@ -45,6 +45,8 @@ module Gitlab
 
     attr_reader :actor, :project, :protocol, :authentication_abilities, :namespace_path, :repository_path, :redirected_path, :auth_result_type, :changes, :logger
 
+    alias_method :container, :project
+
     def initialize(actor, project, protocol, authentication_abilities:, namespace_path: nil, repository_path: nil, redirected_path: nil, auth_result_type: nil)
       @actor    = actor
       @project  = project
@@ -429,7 +431,72 @@ module Gitlab
     end
 
     def repository
-      project.repository
+      container&.repository
+    end
+
+    def check_size_before_push!
+      if check_size_limit? && size_checker.above_size_limit?
+        raise ForbiddenError, size_checker.error_message.push_error
+      end
+    end
+
+    def check_push_size!
+      return unless check_size_limit?
+
+      # If there are worktrees with a HEAD pointing to a non-existent object,
+      # calls to `git rev-list --all` will fail in git 2.15+. This should also
+      # clear stale lock files.
+      repository.clean_stale_repository_files
+
+      # Use #check_repository_disk_size to get correct push size whenever a lot of changes
+      # gets pushed at the same time containing the same blobs. This is only
+      # doable if GIT_OBJECT_DIRECTORY_RELATIVE env var is set and happens
+      # when git push comes from CLI (not via UI and API).
+      #
+      # Fallback to determining push size using the changes_list so we can still
+      # determine the push size if env var isn't set (e.g. changes are made
+      # via UI and API).
+      if check_quarantine_size?
+        check_repository_disk_size
+      else
+        check_changes_size
+      end
+    end
+
+    def check_quarantine_size?
+      git_env = ::Gitlab::Git::HookEnv.all(repository.gl_repository)
+
+      git_env['GIT_OBJECT_DIRECTORY_RELATIVE'].present?
+    end
+
+    def check_repository_disk_size
+      check_size_against_limit(repository.object_directory_size)
+    end
+
+    def check_changes_size
+      changes_size = 0
+
+      changes_list.each do |change|
+        changes_size += repository.new_blobs(change[:newrev]).sum(&:size) # rubocop: disable CodeReuse/ActiveRecord
+
+        check_size_against_limit(changes_size)
+      end
+    end
+
+    def check_size_against_limit(size)
+      if size_checker.changes_will_exceed_size_limit?(size)
+        raise ForbiddenError, size_checker.error_message.new_changes_error
+      end
+    end
+
+    def check_size_limit?
+      strong_memoize(:check_size_limit) do
+        changes_list.any? { |change| !Gitlab::Git.blank_ref?(change[:newrev]) }
+      end
+    end
+
+    def size_checker
+      container.repository_size_checker
     end
   end
 end

lib/gitlab/git_access_snippet.rb

@@ -14,6 +14,8 @@ module Gitlab
 
     attr_reader :snippet
 
+    alias_method :container, :snippet
+
     def initialize(actor, snippet, protocol, **kwargs)
       @snippet = snippet
 
@@ -53,11 +55,6 @@ module Gitlab
       check_change_access!
     end
 
-    override :repository
-    def repository
-      snippet&.repository
-    end
-
     def check_snippet_accessibility!
       if snippet.blank?
         raise NotFoundError, ERROR_MESSAGES[:snippet_not_found]
@@ -89,11 +86,15 @@ module Gitlab
         raise ForbiddenError, ERROR_MESSAGES[:update_snippet]
       end
 
+      check_size_before_push!
+
       changes_list.each do |change|
         # If user does not have access to make at least one change, cancel all
         # push by allowing the exception to bubble up
         check_single_change_access(change)
       end
+
+      check_push_size!
     end
 
     def check_single_change_access(change)

lib/gitlab/repository_size_checker.rb

@@ -5,12 +5,14 @@ module Gitlab
   class RepositorySizeChecker
     attr_reader :limit
 
+    # @param current_size_proc [Proc] returns repository size in bytes
     def initialize(current_size_proc:, limit:, enabled: true)
       @current_size_proc = current_size_proc
       @limit = limit
       @enabled = enabled && limit != 0
     end
 
+    # @return [Integer] bytes
     def current_size
       @current_size ||= @current_size_proc.call
     end

locale/gitlab.pot

@@ -19025,9 +19025,6 @@ msgstr ""
 msgid "Specific Runners"
 msgstr ""
 
-msgid "Specified URL cannot be used."
-msgstr ""
-
 msgid "Specified URL cannot be used: \"%{reason}\""
 msgstr ""
 

spec/controllers/import/gitea_controller_spec.rb

@@ -42,7 +42,7 @@ describe Import::GiteaController do
             get :status, format: :json
 
             expect(controller).to redirect_to(new_import_url)
-            expect(flash[:alert]).to eq('Specified URL cannot be used.')
+            expect(flash[:alert]).to eq('Specified URL cannot be used: "Only allowed schemes are http, https"')
           end
         end
       end

spec/controllers/projects/import/jira_controller_spec.rb

@@ -93,18 +93,29 @@ describe Projects::Import::JiraController do
           end
 
           context 'post import' do
-            it 'creates import state' do
-              expect(project.import_state).to be_nil
+            context 'when jira project key is empty' do
+              it 'redirects back to show with an error' do
+                post :import, params: { namespace_id: project.namespace, project_id: project, jira_project_key: '' }
 
-              post :import, params: { namespace_id: project.namespace, project_id: project, jira_project_key: 'Test' }
+                expect(response).to redirect_to(project_import_jira_path(project))
+                expect(flash[:alert]).to eq('No jira project key has been provided.')
+              end
+            end
 
-              project.reload
+            context 'when everything is ok' do
+              it 'creates import state' do
+                expect(project.import_state).to be_nil
 
-              jira_project = project.import_data.data.dig('jira', 'projects').first
-              expect(project.import_type).to eq 'jira'
-              expect(project.import_state.status).to eq 'scheduled'
-              expect(jira_project['key']).to eq 'Test'
-              expect(response).to redirect_to(project_import_jira_path(project))
+                post :import, params: { namespace_id: project.namespace, project_id: project, jira_project_key: 'Test' }
+
+                project.reload
+
+                jira_project = project.import_data.data.dig('jira', 'projects').first
+                expect(project.import_type).to eq 'jira'
+                expect(project.import_state.status).to eq 'scheduled'
+                expect(jira_project['key']).to eq 'Test'
+                expect(response).to redirect_to(project_import_jira_path(project))
+              end
             end
           end
         end

spec/lib/gitlab/git_access_snippet_spec.rb

@@ -11,6 +11,7 @@ describe Gitlab::GitAccessSnippet do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :public) }
   let_it_be(:snippet) { create(:project_snippet, :public, :repository, project: project) }
+  let(:repository) { snippet.repository }
 
   let(:actor) { user }
   let(:protocol) { 'ssh' }
@@ -211,6 +212,84 @@ describe Gitlab::GitAccessSnippet do
     end
   end
 
+  describe 'repository size restrictions' do
+    let(:snippet) { create(:personal_snippet, :public, :repository) }
+    let(:actor) { snippet.author }
+
+    let(:oldrev) { TestEnv::BRANCH_SHA["snippet/single-file"] }
+    let(:newrev) { TestEnv::BRANCH_SHA["snippet/edit-file"] }
+    let(:ref) { "refs/heads/snippet/edit-file" }
+    let(:changes) { "#{oldrev} #{newrev} #{ref}" }
+
+    shared_examples_for 'a push to repository already over the limit' do
+      it 'errs' do
+        expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(true)
+
+        expect do
+          push_access_check
+        end.to raise_error(described_class::ForbiddenError, /Your push has been rejected/)
+      end
+    end
+
+    shared_examples_for 'a push to repository below the limit' do
+      it 'does not err' do
+        expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(false)
+        expect(snippet.repository_size_checker)
+          .to receive(:changes_will_exceed_size_limit?)
+            .with(change_size)
+            .and_return(false)
+
+        expect { push_access_check }.not_to raise_error
+      end
+    end
+
+    shared_examples_for 'a push to repository to make it over the limit' do
+      it 'errs' do
+        expect(snippet.repository_size_checker).to receive(:above_size_limit?).and_return(false)
+        expect(snippet.repository_size_checker)
+          .to receive(:changes_will_exceed_size_limit?)
+            .with(change_size)
+            .and_return(true)
+
+        expect do
+          push_access_check
+        end.to raise_error(described_class::ForbiddenError, /Your push to this repository would cause it to exceed the size limit/)
+      end
+    end
+
+    context 'when GIT_OBJECT_DIRECTORY_RELATIVE env var is set' do
+      let(:change_size) { 100 }
+
+      before do
+        allow(Gitlab::Git::HookEnv)
+          .to receive(:all)
+            .with(repository.gl_repository)
+            .and_return({ 'GIT_OBJECT_DIRECTORY_RELATIVE' => 'objects' })
+
+        # Stub the object directory size to "simulate" quarantine size
+        allow(repository).to receive(:object_directory_size).and_return(change_size)
+      end
+
+      it_behaves_like 'a push to repository already over the limit'
+      it_behaves_like 'a push to repository below the limit'
+      it_behaves_like 'a push to repository to make it over the limit'
+    end
+
+    context 'when GIT_OBJECT_DIRECTORY_RELATIVE env var is not set' do
+      let(:change_size) { 200 }
+
+      before do
+        allow(snippet.repository).to receive(:new_blobs).and_return(
+          [double(:blob, size: change_size)]
+        )
+      end
+
+      it_behaves_like 'a push to repository already over the limit'
+      it_behaves_like 'a push to repository below the limit'
+      it_behaves_like 'a push to repository to make it over the limit'
+    end
+  end
+
   private
 
   def raise_snippet_not_found

spec/models/snippet_spec.rb

@@ -696,6 +696,23 @@ describe Snippet do
     end
   end
 
+  describe '#repository_size_checker' do
+    subject { build(:personal_snippet) }
+
+    let(:checker) { subject.repository_size_checker }
+    let(:current_size) { 60 }
+
+    before do
+      allow(subject.repository).to receive(:_uncached_size).and_return(current_size)
+    end
+
+    it 'sets up size checker', :aggregate_failures do
+      expect(checker.current_size).to eq(current_size.megabytes)
+      expect(checker.limit).to eq(Gitlab::CurrentSettings.snippet_size_limit)
+      expect(checker.enabled?).to be_truthy
+    end
+  end
+
   describe '#can_cache_field?' do
     using RSpec::Parameterized::TableSyntax
 

spec/support/helpers/test_env.rb

@@ -60,11 +60,11 @@ module TestEnv
     'merge-commit-analyze-before'        => '1adbdef',
     'merge-commit-analyze-side-branch'   => '8a99451',
     'merge-commit-analyze-after'         => '646ece5',
-    'snippet/single-file'                => '43e4080',
-    'snippet/multiple-files'             => 'b80faa8',
-    'snippet/rename-and-edit-file'       => '220a1e4',
-    'snippet/edit-file'                  => 'c2f074f',
-    'snippet/no-files'                   => '671aaa8',
+    'snippet/single-file'                => '43e4080aaa14fc7d4b77ee1f5c9d067d5a7df10e',
+    'snippet/multiple-files'             => 'b80faa8c5b2b62f6489a0d84755580e927e1189b',
+    'snippet/rename-and-edit-file'       => '220a1e4b4dff37feea0625a7947a4c60fbe78365',
+    'snippet/edit-file'                  => 'c2f074f4f26929c92795a75775af79a6ed6d8430',
+    'snippet/no-files'                   => '671aaa842a4875e5f30082d1ab6feda345fdb94d',
     '2-mb-file'                          => 'bf12d25',
     'before-create-delete-modify-move'   => '845009f',
     'between-create-delete-modify-move'  => '3f5f443',