Automatic merge of gitlab-org/gitlab master

.gitlab/ci/reports.gitlab-ci.yml

@@ -87,20 +87,22 @@ gemnasium-python-dependency_scanning:
 
 # Analyze dependencies for malicious behavior
 # See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
-package_hunter:
+.package_hunter-base:
   extends:
     - .default-retry
-    - .reports:rules:package_hunter
   stage: test
   image:
     name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
     entrypoint: [""]
+  variables:
+    DEBUG: '*'
+    HTR_user: '$PACKAGE_HUNTER_USER'
+    HTR_pass: '$PACKAGE_HUNTER_PASS'
   needs: []
   allow_failure: true
-  script:
+  before_script:
     - rm -r spec locale .git app/assets/images doc/
     - cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/
-    - DEBUG=* HTR_user=$PACKAGE_HUNTER_USER HTR_pass=$PACKAGE_HUNTER_PASS node /usr/src/app/cli.js analyze --format gitlab gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
   artifacts:
     paths:
       - gl-dependency-scanning-report.json
@@ -108,6 +110,20 @@ package_hunter:
       dependency_scanning: gl-dependency-scanning-report.json
     expire_in: 1 week
 
+package_hunter-yarn:
+  extends:
+    - .package_hunter-base
+    - .reports:rules:package_hunter-yarn
+  script:
+    - node /usr/src/app/cli.js analyze --format gitlab --manager yarn gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
+
+package_hunter-bundler:
+  extends:
+    - .package_hunter-base
+    - .reports:rules:package_hunter-bundler
+  script:
+    - node /usr/src/app/cli.js analyze --format gitlab --manager bundler gitlab.tgz | tee $CI_PROJECT_DIR/gl-dependency-scanning-report.json
+
 license_scanning:
   extends: .default-retry
   needs: []

.gitlab/ci/rules.gitlab-ci.yml

@@ -1099,7 +1099,7 @@
     - <<: *if-default-branch-schedule-nightly
       allow_failure: true
 
-.reports:rules:package_hunter:
+.reports:rules:package_hunter-yarn:
   rules:
     - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
       when: never
@@ -1107,6 +1107,14 @@
     - <<: *if-merge-request
       changes: ["yarn.lock"]
 
+.reports:rules:package_hunter-bundler:
+  rules:
+    - if: "$PACKAGE_HUNTER_USER == null || $PACKAGE_HUNTER_USER == ''"
+      when: never
+    - <<: *if-default-branch-schedule-2-hourly
+    - <<: *if-merge-request
+      changes: ["Gemfile.lock"]
+
 .reports:rules:license_scanning:
   rules:
     - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'

.gitlab/merge_request_templates/Security Release.md

@@ -30,8 +30,8 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 
 ## Maintainer checklist
 
-- [ ] Correct milestone is applied and the title is matching across all backports
-- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines and **when all backports including the MR targeting master are ready.**
+- [ ] Correct milestone is applied and the title is matching across all backports.
+- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines.
 
 /label ~security
 

app/assets/javascripts/vue_shared/components/web_ide_link.vue

@@ -93,9 +93,8 @@ export default {
         tooltip: '',
         attrs: {
           'data-qa-selector': 'edit_button',
-          'data-track-event': 'click_edit',
-          // eslint-disable-next-line @gitlab/require-i18n-strings
-          'data-track-label': 'Edit',
+          'data-track-action': 'click_consolidated_edit',
+          'data-track-label': 'edit',
         },
         ...handleOptions,
       };
@@ -127,9 +126,8 @@ export default {
         tooltip: '',
         attrs: {
           'data-qa-selector': 'web_ide_button',
-          'data-track-event': 'click_edit_ide',
-          // eslint-disable-next-line @gitlab/require-i18n-strings
-          'data-track-label': 'Web IDE',
+          'data-track-action': 'click_consolidated_edit_ide',
+          'data-track-label': 'web_ide',
         },
         ...handleOptions,
       };

app/helpers/blob_helper.rb

@@ -65,7 +65,7 @@ module BlobHelper
     return unless blob = readable_blob(options, path, project, ref)
 
     common_classes = "btn gl-button btn-confirm js-edit-blob gl-ml-3 #{options[:extra_class]}"
-    data = { track_event: 'click_edit', track_label: 'Edit' }
+    data = { track_action: 'click_edit', track_label: 'edit' }
 
     if Feature.enabled?(:web_ide_primary_edit, project.group)
       common_classes += " btn-inverted"
@@ -85,7 +85,7 @@ module BlobHelper
     return unless blob
 
     common_classes = 'btn gl-button btn-confirm ide-edit-button gl-ml-3'
-    data = { track_event: 'click_edit_ide', track_label: 'Web IDE' }
+    data = { track_action: 'click_edit_ide', track_label: 'web_ide' }
 
     unless Feature.enabled?(:web_ide_primary_edit, project.group)
       common_classes += " btn-inverted"

spec/frontend/vue_shared/components/web_ide_link_spec.js

@@ -15,8 +15,8 @@ const ACTION_EDIT = {
   tooltip: '',
   attrs: {
     'data-qa-selector': 'edit_button',
-    'data-track-event': 'click_edit',
-    'data-track-label': 'Edit',
+    'data-track-action': 'click_consolidated_edit',
+    'data-track-label': 'edit',
   },
 };
 const ACTION_EDIT_CONFIRM_FORK = {
@@ -32,8 +32,8 @@ const ACTION_WEB_IDE = {
   text: 'Web IDE',
   attrs: {
     'data-qa-selector': 'web_ide_button',
-    'data-track-event': 'click_edit_ide',
-    'data-track-label': 'Web IDE',
+    'data-track-action': 'click_consolidated_edit_ide',
+    'data-track-label': 'web_ide',
   },
 };
 const ACTION_WEB_IDE_CONFIRM_FORK = {

spec/helpers/blob_helper_spec.rb

@@ -67,8 +67,8 @@ RSpec.describe BlobHelper do
       it 'passes on primary tracking attributes' do
         parsed_link = Capybara.string(link).find_link('Edit')
 
-        expect(parsed_link[:'data-track-event']).to eq("click_edit")
-        expect(parsed_link[:'data-track-label']).to eq("Edit")
+        expect(parsed_link[:'data-track-action']).to eq("click_edit")
+        expect(parsed_link[:'data-track-label']).to eq("edit")
         expect(parsed_link[:'data-track-property']).to eq(nil)
       end
     end
@@ -85,8 +85,8 @@ RSpec.describe BlobHelper do
       it 'passes on secondary tracking attributes' do
         parsed_link = Capybara.string(link).find_link('Edit')
 
-        expect(parsed_link[:'data-track-event']).to eq("click_edit")
-        expect(parsed_link[:'data-track-label']).to eq("Edit")
+        expect(parsed_link[:'data-track-action']).to eq("click_edit")
+        expect(parsed_link[:'data-track-label']).to eq("edit")
         expect(parsed_link[:'data-track-property']).to eq("secondary")
       end
     end
@@ -332,8 +332,8 @@ RSpec.describe BlobHelper do
       it 'passes on secondary tracking attributes' do
         parsed_link = Capybara.string(link).find_link('Web IDE')
 
-        expect(parsed_link[:'data-track-event']).to eq("click_edit_ide")
-        expect(parsed_link[:'data-track-label']).to eq("Web IDE")
+        expect(parsed_link[:'data-track-action']).to eq("click_edit_ide")
+        expect(parsed_link[:'data-track-label']).to eq("web_ide")
         expect(parsed_link[:'data-track-property']).to eq("secondary")
       end
     end
@@ -350,8 +350,8 @@ RSpec.describe BlobHelper do
       it 'passes on primary tracking attributes' do
         parsed_link = Capybara.string(link).find_link('Web IDE')
 
-        expect(parsed_link[:'data-track-event']).to eq("click_edit_ide")
-        expect(parsed_link[:'data-track-label']).to eq("Web IDE")
+        expect(parsed_link[:'data-track-action']).to eq("click_edit_ide")
+        expect(parsed_link[:'data-track-label']).to eq("web_ide")
         expect(parsed_link[:'data-track-property']).to eq(nil)
       end
     end