[merge-train skip]

[ci skip]

[ci skip]

Update ruby-saml and omniauth-saml

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166205



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Harsha Muralidhar <hmuralidhar@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Drew Blessing <drew@gitlab.com>

[merge-train skip]

[ci skip]

[ci skip]

Backport add Rake task to show token expiration info

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/159446



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Jon Glassman <jglassman@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Richard Chong <rchong@gitlab.com>
Co-authored-by: Jon Glassman <jglassman@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: smriti <sgarg@gitlab.com>

This task adds a Rake task `gitlab:tokens:analyze` and gives
a readout to the admin about:

- When the migration in 16.0 for
  https://gitlab.com/gitlab-org/gitlab/-/issues/369123 started and
  finished

- The top 10 expiration dates
  (https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157782)
  https://gitlab.com/gitlab-org/gitlab/-/issues/467313

There should be a strong correlation with the migration dates and the
expiration dates. Seeing both of them together helps focus on the
tokens that were assigned an `expires_at` field in the background
migration.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467313

Changelog: added

Add a banner informing about token expiration (16.0)

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158477



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Eduardo Sanz García <esanz-garcia@gitlab.com>
Co-authored-by: Savas Vedova <svedova@gitlab.com>

Display a banner to all users, similar to broadcast banners, for GitLab
version between 16.0 and 17.0, both included. The banner informs about
upcoming expiration of tokens and how to troubleshoot the expiration.

The banner is dismissable. The data is persisted in the browser cookie
and expires in one year from the date it has been dismissed. Like other
broadcast banners, if the user opens an incognito window the banner
reappears.

Changelog: changed

Do not enqueue PAT expiry enforcement migration

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153435



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Alper Akgun <aakgun@gitlab.com>
Approved-by: Smriti Garg <sgarg@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Imre Farkas <ifarkas@gitlab.com>

Changelog: changed

Fix order-dependent test failure in loose_foreign_keys_spec.rb

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160237



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: pkanellidis <pkanellidis@gitlab.com>

Changelog: other

Remove test-on-gdk-smoke and test-on-gdk-full jobs

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158689



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Peter Leitzen <pleitzen@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Nao Hashizume <nhashizume@gitlab.com>

Prevent starting multiple Capybara proxy servers

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156436



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Heinrich Lee Yu <heinrich@gitlab.com>

Update an expired test certificate

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156404



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Vasilii Iakliushin <viakliushin@gitlab.com>

This code is run every time a new Capybara browser session is started.
Running this code multiple times causes subsequent feature specs to slow
down considerably.

Contributes to
https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/6747

**Problem**

The previous certificate that was used in tests got expired. As a result
tests started failing with "tls: failed to verify certificate: x509:
certificate has expired or is not yet valid: current time
2024-06-07T06:16:03Z is after 2024-06-07T04:31:24Z"

**Solution**

Reissue a certificate with an expiration date "Aug 24 09:26:29 2032 GMT"

Changelog: fixed

Fix flaky specs in 16-0-stable-ee

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154614



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Lin Jen-Shin <jen-shin@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

This should properly shutdown webrick so that we don't need to
forcefully kill the thread to shutdown webrick in the tests.

Without properly shutting down webrick, we leak threads and other
resources to each test cases, eventually causing everything to slow down
and timing out the CI jobs.

This is discovered in
https://gitlab.com/gitlab-org/gitlab/-/issues/462928#note_1916591506

A quick fix was proposed in the above thread and merged in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153887

This should properly shutdown webrick instead.

* It should be safe to shutdown webrick regardless
* In a test, we use a thread to wrap around `WEBrick::HTTPServer`,
  turning the blocking server into a non-blocking server. This means
  the daemon thread will stop immediately because everything is
  wrapped inside another thread. If we only shutdown webrick when
  the thread is alive, we're not shutting it down in this test case
  either, leaking resources.

This preserves similar performance comparing to killing the thread.

This partially reverts
https://gitlab.com/gitlab-org/gitlab/-/commit/f5b1317af8aad2d8b7d098c0e4dada25ccfd924b

This test was failing because `Feature.enabled?(:redis_hll_tracking)`
was called in the migration and expecting the `feature_names` database
table to be accessed. However, it wasn't accessed for two reasons:

1. In tests we stub out feature flag access and use an in-memory
cache. However, even though the test had `stub_feature_flags: false`
set in the metadata, a stale `Feature` was still memoized and had to be
cleared out.

2. With the feature flag stubs disabled, this enabled the Redis cache
for feature flags. We need to clear this out between tests to ensure
the database is hit.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/416143

Remove build-qa-on-gdk-master-image and e2e:test-on-gdk jobs for 16.0

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154451



Merged-by: Stan Hu <stanhu@gmail.com>
Approved-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: agius <andrew@atevans.com>
Co-authored-by: Rémy Coutable <remy@rymai.me>
Co-authored-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Mehmet Emin INAC <minac@gitlab.com>
Co-authored-by: Nao Hashizume <nhashizume@gitlab.com>

Fix broken master

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145948



Merged-by: Mehmet Emin INAC <minac@gitlab.com>
Approved-by: Doug Stull <dstull@gitlab.com>

Adjust Danger logic for stable branches

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128766



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: David Dieulivol <ddieulivol@gitlab.com>
Co-authored-by: Steve Abrams <sabrams@gitlab.com>

Danger only considers the current stable version
when checking if it is within the maintenance policy.

[merge-train skip]

[ci skip]

[ci skip]

Prevent leaking emails of newly created users

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3451



Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Sashi Kumar Kumaresan <skumar@gitlab.com>
Co-authored-by: Bogdan Denkovych <bdenkovych@gitlab.com>

Merge branch 'security-prevent-leaking-emails-of-newly-created-users-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3451

Changelog: security

Added redirect to filtered params

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3443



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Jessie Young <jessieyoung@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>

Smriti Garg authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-906-glpat-logging-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3443

Changelog: security

Relocate PlantUML config and disable SVG support

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3440



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: John Mason <9717668-johnmason@users.noreply.gitlab.com>
Co-authored-by: Robert May <rmay@gitlab.com>

Robert May authored 1 year ago and GitLab Release Tools Bot committed 1 year ago

Merge branch 'security-416902-config-16-0' into '16-0-stable-ee'

See merge request gitlab-org/security/gitlab!3440

Changelog: security