Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/reports.gitlab-ci.yml

@@ -142,6 +142,7 @@ dependency_scanning:
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
+    DS_EXCLUDED_PATHS: "qa/qa/ee/fixtures/secure_premade_reports,spec,ee/spec"
   allow_failure: true
   services:
     - docker:stable-dind

GITALY_SERVER_VERSION

-1.81.0
+1.83.0

GITLAB_PAGES_VERSION

-1.12.0
+1.14.0

app/assets/javascripts/api.js

@@ -44,6 +44,7 @@ const Api = {
   releasePath: '/api/:version/projects/:id/releases/:tag_name',
   mergeRequestsPipeline: '/api/:version/projects/:id/merge_requests/:merge_request_iid/pipelines',
   adminStatisticsPath: '/api/:version/application/statistics',
+  pipelineSinglePath: '/api/:version/projects/:id/pipelines/:pipeline_id',
   group(groupId, callback) {
     const url = Api.buildUrl(Api.groupPath).replace(':id', groupId);
@@ -448,6 +449,14 @@ const Api = {
     return axios.get(url);
   },
+  pipelineSingle(id, pipelineId) {
+    const url = Api.buildUrl(this.pipelineSinglePath)
+      .replace(':id', encodeURIComponent(id))
+      .replace(':pipeline_id', encodeURIComponent(pipelineId));
+
+    return axios.get(url);
+  },
+
   buildUrl(url) {
     return joinPaths(gon.relative_url_root || '', url.replace(':version', gon.api_version));
   },

app/graphql/types/group_type.rb

@@ -17,6 +17,25 @@ module Types
             group.avatar_url(only_path: false)
           end
+    field :share_with_group_lock, GraphQL::BOOLEAN_TYPE, null: true,
+          description: 'Indicates if sharing a project with another group within this group is prevented'
+
+    field :project_creation_level, GraphQL::STRING_TYPE, null: true, method: :project_creation_level_str,
+          description: 'The permission level required to create projects in the group'
+    field :subgroup_creation_level, GraphQL::STRING_TYPE, null: true, method: :subgroup_creation_level_str,
+          description: 'The permission level required to create subgroups within the group'
+
+    field :require_two_factor_authentication, GraphQL::BOOLEAN_TYPE, null: true,
+          description: 'Indicates if all users in this group are required to set up two-factor authentication'
+    field :two_factor_grace_period, GraphQL::INT_TYPE, null: true,
+          description: 'Time before two-factor authentication is enforced'
+
+    field :auto_devops_enabled, GraphQL::BOOLEAN_TYPE, null: true,
+          description: 'Indicates whether Auto DevOps is enabled for all projects within this group'
+
+    field :emails_disabled, GraphQL::BOOLEAN_TYPE, null: true,
+          description: 'Indicates if a group has email notifications disabled'
+
     field :mentions_disabled, GraphQL::BOOLEAN_TYPE, null: true,
           description: 'Indicates if a group is disabled from getting mentioned'

app/models/member.rb

@@ -82,6 +82,7 @@ class Member < ApplicationRecord
   scope :with_user, -> (user) { where(user: user) }
   scope :with_source_id, ->(source_id) { where(source_id: source_id) }
+  scope :including_source, -> { includes(:source) }
   scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) }
   scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) }

app/workers/error_tracking_issue_link_worker.rb

@@ -20,17 +20,11 @@ class ErrorTrackingIssueLinkWorker
   def perform(issue_id)
     @issue = Issue.find_by_id(issue_id)
-    return unless issue && error_tracking && sentry_issue_id
+    return unless valid?
     try_obtain_lease do
       logger.info("Linking Sentry issue #{sentry_issue_id} to GitLab issue #{issue.id}")
-      if integration_id.nil?
-        logger.info("Sentry integration unavailable for #{error_tracking.api_url}")
-
-        break
-      end
-
       sentry_client.create_issue_link(integration_id, sentry_issue_id, issue)
     rescue Sentry::Client::Error
       logger.info("Failed to link Sentry issue #{sentry_issue_id} to GitLab issue #{issue.id}")
@@ -39,6 +33,10 @@ class ErrorTrackingIssueLinkWorker
   private
+  def valid?
+    issue && error_tracking && sentry_issue_id
+  end
+
   def error_tracking
     strong_memoize(:error_tracking) do
       issue.project.error_tracking_setting

changelogs/unreleased/33596-add-pipeline-metadata-to-the-package-registry-ui.yml

+---
+title: Packages published to the package registry via CI/CD with a CI_JOB_TOKEN will
+  display pipeline information on the details page
+merge_request: 22485
+author:
+type: added

changelogs/unreleased/admin_user_memberships_endpoint.yml

+---
+title: Add users memberships endpoints for admins
+merge_request: 22518
+author:
+type: added

changelogs/unreleased/allow-minimum-processes-in-sidekiq-cluster.yml

+---
+title: Allow setting minimum concurrency for sidekiq-cluster processes
+merge_request: 23408
+author:
+type: added

changelogs/unreleased/feat-backfill-group-graphql-api.yml

+---
+title: Backfill missing GraphQL API Group type properties
+merge_request: 23389
+author: Fabio Huser
+type: added

changelogs/unreleased/gitaly-version-v1-83-0.yml

+---
+title: Upgrade to Gitaly v1.83.0
+merge_request: 23431
+author:
+type: changed

changelogs/unreleased/pages-1-14.yml

+---
+title: Upgrade pages to 1.14.0
+merge_request: 23317
+author:
+type: added

changelogs/unreleased/sy-sync-plugin-sentry-issues.yml

+---
+title: Sync GitLab issues with Sentry plugin integration
+merge_request: 23355
+author:
+type: added

doc/administration/operations/extra_sidekiq_processes.md

@@ -124,9 +124,18 @@ number of threads that equals the number of queues, plus one spare thread.
 For example, a process that handles the `process_commit` and `post_receive`
 queues will use three threads in total.
-## Limiting concurrency
-To limit the concurrency of the Sidekiq process:
+## Managing concurrency
+When setting the maximum concurrency, keep in mind this normally should
+not exceed the number of CPU cores available. The values in the examples
+below are arbitrary and not particular recommendations.
+
+Each thread requires a Redis connection, so adding threads may increase Redis
+latency and potentially cause client timeouts. See the [Sidekiq documentation
+about Redis](https://github.com/mperham/sidekiq/wiki/Using-Redis) for more
+details.
+
+### When running a single Sidekiq process (default)
 1. Edit `/etc/gitlab/gitlab.rb` and add:
@@ -140,11 +149,14 @@ To limit the concurrency of the Sidekiq process:
    sudo gitlab-ctl reconfigure
    ```
-To limit the max concurrency of the Sidekiq cluster processes:
+This will set the concurrency (number of threads) for the Sidekiq process.
+
+### When running Sidekiq cluster
 1. Edit `/etc/gitlab/gitlab.rb` and add:
    ```ruby
+   sidekiq_cluster['min_concurrency'] = 15
    sidekiq_cluster['max_concurrency'] = 25
    ```
@@ -154,14 +166,21 @@ To limit the max concurrency of the Sidekiq cluster processes:
    sudo gitlab-ctl reconfigure
    ```
-For each queue group, the concurrency factor will be set to `min(number of queues, N)`.
-Setting the value to 0 will disable the limit. Keep in mind this normally would
-not exceed the number of CPU cores available.
-Each thread requires a Redis connection, so adding threads may
-increase Redis latency and potentially cause client timeouts. See the [Sidekiq
-documentation about Redis](https://github.com/mperham/sidekiq/wiki/Using-Redis)
-for more details.
+`min_concurrency` and `max_concurrency` are independent; one can be set without
+the other. Setting `min_concurrency` to 0 will disable the limit.
+
+For each queue group, let N be one more than the number of queues. The
+concurrency factor will be set to:
+
+1. `N`, if it's between `min_concurrency` and `max_concurrency`.
+1. `max_concurrency`, if `N` exceeds this value.
+1. `min_concurrency`, if `N` is less than this value.
+
+If `min_concurrency` is equal to `max_concurrency`, then this value will be used
+regardless of the number of queues.
+When `min_concurrency` is greater than `max_concurrency`, it is treated as
+being equal to `max_concurrency`.
 ## Modifying the check interval

doc/api/access_requests.md

@@ -2,7 +2,7 @@
  >**Note:** This feature was introduced in GitLab 8.11
- **Valid access levels**
+## Valid access levels
  The access levels are defined in the `Gitlab::Access` module. Currently, these levels are recognized:

doc/api/graphql/reference/gitlab_schema.graphql

@@ -2434,6 +2434,11 @@ type GrafanaIntegration {
 }
 type Group {
+  """
+  Indicates whether Auto DevOps is enabled for all projects within this group
+  """
+  autoDevopsEnabled: Boolean
+
   """
   Avatar URL of the group
   """
@@ -2449,6 +2454,11 @@ type Group {
   """
   descriptionHtml: String
+  """
+  Indicates if a group has email notifications disabled
+  """
+  emailsDisabled: Boolean
+
   """
   Find a single epic
   """
@@ -2623,6 +2633,11 @@ type Group {
   """
   path: String!
+  """
+  The permission level required to create projects in the group
+  """
+  projectCreationLevel: String
+
   """
   Projects within this namespace
   """
@@ -2658,11 +2673,26 @@ type Group {
   """
   requestAccessEnabled: Boolean
+  """
+  Indicates if all users in this group are required to set up two-factor authentication
+  """
+  requireTwoFactorAuthentication: Boolean
+
   """
   Aggregated storage statistics of the namespace. Only available for root namespaces
   """
   rootStorageStatistics: RootStorageStatistics
+  """
+  Indicates if sharing a project with another group within this group is prevented
+  """
+  shareWithGroupLock: Boolean
+
+  """
+  The permission level required to create subgroups within the group
+  """
+  subgroupCreationLevel: String
+
   """
   Time logged in issues by group members
   """
@@ -2698,6 +2728,11 @@ type Group {
     startDate: Time!
   ): TimelogConnection!
+  """
+  Time before two-factor authentication is enforced
+  """
+  twoFactorGracePeriod: Int
+
   """
   Permissions for the current user on the resource
   """

doc/api/graphql/reference/gitlab_schema.json

@@ -3044,6 +3044,20 @@
           "name": "Group",
           "description": null,
           "fields": [
+            {
+              "name": "autoDevopsEnabled",
+              "description": "Indicates whether Auto DevOps is enabled for all projects within this group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "avatarUrl",
               "description": "Avatar URL of the group",
@@ -3086,6 +3100,20 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "emailsDisabled",
+              "description": "Indicates if a group has email notifications disabled",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "epic",
               "description": "Find a single epic",
@@ -3524,6 +3552,20 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "projectCreationLevel",
+              "description": "The permission level required to create projects in the group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "projects",
               "description": "Projects within this namespace",
@@ -3605,6 +3647,20 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "requireTwoFactorAuthentication",
+              "description": "Indicates if all users in this group are required to set up two-factor authentication",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "rootStorageStatistics",
               "description": "Aggregated storage statistics of the namespace. Only available for root namespaces",
@@ -3619,6 +3675,34 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "shareWithGroupLock",
+              "description": "Indicates if sharing a project with another group within this group is prevented",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
+              "name": "subgroupCreationLevel",
+              "description": "The permission level required to create subgroups within the group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "timelogs",
               "description": "Time logged in issues by group members",
@@ -3704,6 +3788,20 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "twoFactorGracePeriod",
+              "description": "Time before two-factor authentication is enforced",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Int",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "userPermissions",
               "description": "Permissions for the current user on the resource",

doc/api/graphql/reference/index.md

@@ -393,6 +393,13 @@ Autogenerated return type of EpicTreeReorder
 | `userPermissions` | GroupPermissions! | Permissions for the current user on the resource |
 | `webUrl` | String! | Web URL of the group |
 | `avatarUrl` | String | Avatar URL of the group |
+| `shareWithGroupLock` | Boolean | Indicates if sharing a project with another group within this group is prevented |
+| `projectCreationLevel` | String | The permission level required to create projects in the group |
+| `subgroupCreationLevel` | String | The permission level required to create subgroups within the group |
+| `requireTwoFactorAuthentication` | Boolean | Indicates if all users in this group are required to set up two-factor authentication |
+| `twoFactorGracePeriod` | Int | Time before two-factor authentication is enforced |
+| `autoDevopsEnabled` | Boolean | Indicates whether Auto DevOps is enabled for all projects within this group |
+| `emailsDisabled` | Boolean | Indicates if a group has email notifications disabled |
 | `mentionsDisabled` | Boolean | Indicates if a group is disabled from getting mentioned |
 | `parent` | Group | Parent group |
 | `epicsEnabled` | Boolean | Indicates if Epics are enabled for namespace |

doc/api/users.md

@@ -1405,3 +1405,53 @@ Example response:
 ```
 Please note that `last_activity_at` is deprecated, please use `last_activity_on`.
+
+## User memberships (admin only)
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/22518) in GitLab 12.8.
+
+Lists all projects and groups a user is a member of. This endpoint is available for admins only.
+It returns the `source_id`, `source_name`, `source_type` and `access_level` of a membership.
+Source can be of type `Namespace` (representing a group) or `Project`. The response represents only direct memberships. Inherited memberships, for example in subgroups, will not be included.
+Access levels will be represented by an integer value. Read more about the meaning of access level values [here](access_requests.md#valid-access-levels).
+
+```
+GET /users/:id/memberships
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer | yes | The ID of a specified user |
+| `type` | string | no | Filter memberships by type. Can be either `Project` or `Namespace` |
+
+Returns:
+
+- `200 OK` on success.
+- `404 User Not Found` if user cannot be found.
+- `403 Forbidden` when not requested by an admin.
+- `400 Bad Request` when requested type is not supported.
+
+```bash
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/users/<user_id>/memberships
+```
+
+Example response:
+
+```json
+[
+  {
+    "source_id": 1,
+    "source_name": "Project one",
+    "source_type": "Project",
+    "access_level": "20"
+  },
+  {
+    "source_id": 3,
+    "source_name": "Group three",
+    "source_type": "Namespace",
+    "access_level": "20"
+  },
+]
+```