Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/monitoring/components/charts/time_series.vue

@@ -253,23 +253,25 @@ export default {
       this.tooltip.title = dateFormat(params.value, dateFormats.default);
       this.tooltip.content = [];
       params.seriesData.forEach(dataPoint => {
-        const [xVal, yVal] = dataPoint.value;
-        this.tooltip.isDeployment = dataPoint.componentSubType === graphTypes.deploymentData;
-        if (this.tooltip.isDeployment) {
-          const [deploy] = this.recentDeployments.filter(
-            deployment => deployment.createdAt === xVal,
-          );
-          this.tooltip.sha = deploy.sha.substring(0, 8);
-          this.tooltip.commitUrl = deploy.commitUrl;
-        } else {
-          const { seriesName, color, dataIndex } = dataPoint;
-          const value = yVal.toFixed(3);
-          this.tooltip.content.push({
-            name: seriesName,
-            dataIndex,
-            value,
-            color,
-          });
+        if (dataPoint.value) {
+          const [xVal, yVal] = dataPoint.value;
+          this.tooltip.isDeployment = dataPoint.componentSubType === graphTypes.deploymentData;
+          if (this.tooltip.isDeployment) {
+            const [deploy] = this.recentDeployments.filter(
+              deployment => deployment.createdAt === xVal,
+            );
+            this.tooltip.sha = deploy.sha.substring(0, 8);
+            this.tooltip.commitUrl = deploy.commitUrl;
+          } else {
+            const { seriesName, color, dataIndex } = dataPoint;
+            const value = yVal.toFixed(3);
+            this.tooltip.content.push({
+              name: seriesName,
+              dataIndex,
+              value,
+              color,
+            });
+          }
         }
       });
     },

app/controllers/projects/releases_controller.rb

@@ -20,6 +20,14 @@ class Projects::ReleasesController < Projects::ApplicationController
     end
   end
+  def evidence
+    respond_to do |format|
+      format.json do
+        render json: release.evidence_summary
+      end
+    end
+  end
+
   protected
   def releases

app/models/merge_request.rb

@@ -241,6 +241,9 @@ class MergeRequest < ApplicationRecord
   alias_attribute :auto_merge_enabled, :merge_when_pipeline_succeeds
   alias_method :issuing_parent, :target_project
+  delegate :active?, to: :head_pipeline, prefix: true, allow_nil: true
+  delegate :success?, to: :actual_head_pipeline, prefix: true, allow_nil: true
+
   RebaseLockTimeout = Class.new(StandardError)
   REBASE_LOCK_MESSAGE = _("Failed to enqueue the rebase operation, possibly due to a long-lived transaction. Try again later.")

app/models/release.rb

@@ -73,6 +73,14 @@ class Release < ApplicationRecord
     self.read_attribute(:name) || tag
   end
+  def evidence_sha
+    evidence&.summary_sha
+  end
+
+  def evidence_summary
+    evidence&.summary || {}
+  end
+
   private
   def actual_sha

app/presenters/release_presenter.rb

@@ -37,6 +37,12 @@ class ReleasePresenter < Gitlab::View::Presenter::Delegated
     edit_project_release_url(project, release)
   end
+  def evidence_file_path
+    return unless release.evidence.present?
+
+    evidence_project_release_url(project, tag, format: :json)
+  end
+
   private
   def can_download_code?

app/services/auto_merge/merge_when_pipeline_succeeds_service.rb

@@ -11,7 +11,7 @@ module AutoMerge
     end
     def process(merge_request)
-      return unless merge_request.actual_head_pipeline&.success?
+      return unless merge_request.actual_head_pipeline_success?
       return unless merge_request.mergeable?
       merge_request.merge_async(merge_request.merge_user_id, merge_request.merge_params)

app/services/merge_requests/update_service.rb

@@ -87,7 +87,7 @@ module MergeRequests
       merge_request.update(merge_error: nil)
-      if merge_request.head_pipeline && merge_request.head_pipeline.active?
+      if merge_request.head_pipeline_active?
         AutoMergeService.new(project, current_user, { sha: last_diff_sha }).execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
       else
         merge_request.merge_async(current_user.id, { sha: last_diff_sha })

changelogs/unreleased/26293-prevent-merge-if-pipeline-has-failed.yml

+---
+title: Update merging an MR behavior on the API when pipeline fails
+merge_request: 19641
+author: briankabiro
+type: fixed

changelogs/unreleased/31397-go-get-meta-source.yml

+---
+title: Support go-source meta tag for godoc.org
+merge_request: 19888
+author: Ethan Reesor (@firelizzard)
+type: changed

changelogs/unreleased/32780-when-zooming-metrics-at-some-point-we-can-t-adjust-the-zoom-any-fur.yml

+---
+title: Fixed monitor charts from throwing error when zoomed
+merge_request: 20331
+author:
+type: fixed

changelogs/unreleased/evidence-docs-and-release-api.yml

+---
+title: Update Release API with evidence related data.
+merge_request: 19706
+author:
+type: added

config/routes/project.rb

@@ -179,7 +179,12 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
           end
         end
-        resources :releases, only: [:index, :edit], param: :tag, constraints: { tag: %r{[^/]+} }
+        resources :releases, only: [:index, :edit], param: :tag, constraints: { tag: %r{[^/]+} } do
+          member do
+            get :evidence
+          end
+        end
+
         resources :starrers, only: [:index]
         resources :forks, only: [:index, :new, :create]
         resources :group_links, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }

doc/administration/auth/ldap-ee.md

@@ -10,6 +10,9 @@ This section documents LDAP features specific to to GitLab Enterprise Edition
 For documentation relevant to both Community Edition and Enterprise Edition,
 see the main [LDAP documentation](ldap.md).
+NOTE: **Note:**
+[Microsoft Active Directory Trusts](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771568(v=ws.10)) are not supported
+
 ## Use cases
 - User sync: Once a day, GitLab will update users against LDAP.

doc/api/releases/index.md

@@ -3,6 +3,7 @@
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/41766) in GitLab 11.7.
 > - Using this API you can manipulate GitLab's [Release](../../user/project/releases/index.md) entries.
 > - For manipulating links as a release asset, see [Release Links API](links.md).
+> - Release Evidences were [introduced](https://gitlab.com/gitlab-org/gitlab/issues/26019) in GitLab 12.5.
 ## List Releases
@@ -87,6 +88,7 @@ Example response:
       ],
       "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
       "tag_path":"/root/awesome-app/-/tags/v0.11.1",
+      "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
       "assets":{
          "count":6,
          "sources":[
@@ -120,7 +122,8 @@ Example response:
                "url":"http://192.168.10.15:3000",
                "external":true
             }
-         ]
+         ],
+         "evidence_file_path":"https://gitlab.example.com/root/awesome-app/-/releases/v0.2/evidence.json"
       },
    },
    {
@@ -154,6 +157,7 @@ Example response:
          "committer_email":"admin@example.com",
          "committed_date":"2019-01-03T01:53:28.000Z"
       },
+      "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
       "assets":{
          "count":4,
          "sources":[
@@ -176,7 +180,8 @@ Example response:
          ],
          "links":[
-         ]
+         ],
+         "evidence_file_path":"https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json"
       },
    }
 ]
@@ -265,8 +270,9 @@ Example response:
    ],
    "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
    "tag_path":"/root/awesome-app/-/tags/v0.11.1",
+   "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
    "assets":{
-      "count":4,
+      "count":5,
       "sources":[
          {
             "format":"zip",
@@ -287,7 +293,8 @@ Example response:
       ],
       "links":[
-      ]
+      ],
+      "evidence_url":"https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json"
    },
 }
 ```
@@ -385,6 +392,7 @@ Example response:
    ],
    "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
    "tag_path":"/root/awesome-app/-/tags/v0.11.1",
+   "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
    "assets":{
       "count":5,
       "sources":[
@@ -412,7 +420,8 @@ Example response:
             "url":"https://google.com",
             "external":true
          }
-      ]
+      ],
+      "evidence_file_path":"https://gitlab.example.com/root/awesome-app/-/releases/v0.3/evidence.json"
    },
 }
 ```
@@ -491,6 +500,7 @@ Example response:
    ],
    "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
    "tag_path":"/root/awesome-app/-/tags/v0.11.1",
+   "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
    "assets":{
       "count":4,
       "sources":[
@@ -513,7 +523,8 @@ Example response:
       ],
       "links":[
-      ]
+      ],
+      "evidence_file_path":"https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json"
    },
 }
 ```
@@ -573,6 +584,7 @@ Example response:
    },
    "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
    "tag_path":"/root/awesome-app/-/tags/v0.11.1",
+   "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
    "assets":{
       "count":4,
       "sources":[
@@ -595,7 +607,8 @@ Example response:
       ],
       "links":[
-      ]
+      ],
+      "evidence_file_path":"https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json"
    },
 }
 ```

doc/user/project/index.md

@@ -200,9 +200,14 @@ When [renaming a user](../profile/index.md#changing-your-username),
 ## Use your project as a Go package
-Any project can be used as a Go package including private projects in subgroups. To use packages
-hosted in private projects with the `go get` command, use a [`.netrc` file](https://ec.haxx.se/usingcurl-netrc.html)
-and a [personal access token](../profile/personal_access_tokens.md) in the password field.
+Any project can be used as a Go package including private projects in subgroups.
+GitLab responds correctly to `go get` and `godoc.org` discovery requests,
+including the [`go-import`](https://golang.org/cmd/go/#hdr-Remote_import_paths)
+and [`go-source`](https://github.com/golang/gddo/wiki/Source-Code-Links) meta
+tags, respectively. To use packages hosted in private projects with the `go get`
+command, use a [`.netrc` file](https://ec.haxx.se/usingcurl-netrc.html) and a
+[personal access token](../profile/personal_access_tokens.md) in the password
+field.
 For example:

lib/api/entities.rb

@@ -1315,6 +1315,7 @@ module API
       expose :milestones, using: Entities::Milestone, if: -> (release, _) { release.milestones.present? }
       expose :commit_path, expose_nil: false
       expose :tag_path, expose_nil: false
+      expose :evidence_sha, expose_nil: false
       expose :assets do
         expose :assets_count, as: :count do |release, _|
           assets_to_exclude = can_download_code? ? [] : [:sources]
@@ -1324,6 +1325,7 @@ module API
         expose :links, using: Entities::Releases::Link do |release, options|
           release.links.sorted
         end
+        expose :evidence_file_path, expose_nil: false
       end
       expose :_links do
         expose :merge_requests_url, expose_nil: false

lib/api/merge_requests.rb

@@ -68,6 +68,10 @@ module API
         end
       end
+      def not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
+        merge_when_pipeline_succeeds && !merge_request.head_pipeline_active? && !merge_request.actual_head_pipeline_success?
+      end
+
       def serializer_options_for(merge_requests)
         options = { with: Entities::MergeRequestBasic, current_user: current_user }
@@ -391,12 +395,13 @@ module API
         merge_request = find_project_merge_request(params[:merge_request_iid])
         merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
+        not_automatically_mergeable = not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request)
         # Merge request can not be merged
         # because user dont have permissions to push into target branch
         unauthorized! unless merge_request.can_be_merged_by?(current_user)
-        not_allowed! unless merge_request.mergeable_state?(skip_ci_check: merge_when_pipeline_succeeds)
+        not_allowed! if !merge_request.mergeable_state?(skip_ci_check: merge_when_pipeline_succeeds) || not_automatically_mergeable
         render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: merge_when_pipeline_succeeds)
@@ -411,7 +416,7 @@ module API
           sha: params[:sha] || merge_request.diff_head_sha
         )
-        if merge_when_pipeline_succeeds && merge_request.head_pipeline && merge_request.head_pipeline.active?
+        if merge_when_pipeline_succeeds
           AutoMergeService.new(merge_request.target_project, current_user, merge_params)
             .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS)
         else

lib/gitlab/middleware/go.rb

@@ -25,13 +25,13 @@ module Gitlab
       def render_go_doc(request)
         return unless go_request?(request)
-        path = project_path(request)
+        path, branch = project_path(request)
         return unless path
-        body = go_body(path)
+        body, code = go_response(path, branch)
         return unless body
-        response = Rack::Response.new(body, 200, { 'Content-Type' => 'text/html' })
+        response = Rack::Response.new(body, code, { 'Content-Type' => 'text/html' })
         response.finish
       end
@@ -39,8 +39,15 @@ module Gitlab
         request["go-get"].to_i == 1 && request.env["PATH_INFO"].present?
       end
-      def go_body(path)
+      def go_response(path, branch)
         config = Gitlab.config
+        body_tag = content_tag :body, "go get #{config.gitlab.url}/#{path}"
+
+        unless branch
+          html_tag = content_tag :html, body_tag
+          return html_tag, 404
+        end
+
         project_url = Gitlab::Utils.append_path(config.gitlab.url, path)
         import_prefix = strip_url(project_url.to_s)
@@ -52,9 +59,11 @@ module Gitlab
                            "#{project_url}.git"
                          end
-        meta_tag = tag :meta, name: 'go-import', content: "#{import_prefix} git #{repository_url}"
-        head_tag = content_tag :head, meta_tag
-        content_tag :html, head_tag
+        meta_import_tag = tag :meta, name: 'go-import', content: "#{import_prefix} git #{repository_url}"
+        meta_source_tag = tag :meta, name: 'go-source', content: "#{import_prefix} #{project_url} #{project_url}/tree/#{branch}{/dir} #{project_url}/blob/#{branch}{/dir}/{file}#L{line}"
+        head_tag = content_tag :head, meta_import_tag + meta_source_tag
+        html_tag = content_tag :html, head_tag + body_tag
+        [html_tag, 200]
       end
       def strip_url(url)
@@ -80,9 +89,6 @@ module Gitlab
         path_segments = path.split('/')
         simple_project_path = path_segments.first(2).join('/')
-        # If the path is at most 2 segments long, it is a simple `namespace/project` path and we're done
-        return simple_project_path if path_segments.length <= 2
-
         project_paths = []
         begin
           project_paths << path_segments.join('/')
@@ -94,7 +100,7 @@ module Gitlab
         if project
           # If a project is found and the user has access, we return the full project path
-          project.full_path
+          return project.full_path, project.default_branch
         else
           # If not, we return the first two components as if it were a simple `namespace/project` path,
           # so that we don't reveal the existence of a nested project the user doesn't have access to.
@@ -105,7 +111,7 @@ module Gitlab
           # `go get gitlab.com/group/subgroup/project/subpackage` will not work for private projects.
           # `go get gitlab.com/group/subgroup/project.git/subpackage` will work, since Go is smart enough
           # to figure that out. `import 'gitlab.com/...'` behaves the same as `go get`.
-          simple_project_path
+          return simple_project_path, 'master'
         end
       end

package.json

@@ -38,7 +38,7 @@
     "@babel/plugin-syntax-import-meta": "^7.2.0",
     "@babel/preset-env": "^7.6.2",
     "@gitlab/svgs": "^1.82.0",
-    "@gitlab/ui": "7.11.0",
+    "@gitlab/ui": "7.14.0",
     "@gitlab/visual-review-tools": "1.2.0",
     "@sentry/browser": "^5.7.1",
     "@sourcegraph/code-host-integration": "^0.0.13",

spec/controllers/projects/releases_controller_spec.rb

@@ -166,6 +166,41 @@ describe Projects::ReleasesController do
     end
   end
+  describe 'GET #evidence' do
+    let!(:release) { create(:release, :with_evidence, project: project) }
+    let(:tag) { CGI.escape(release.tag) }
+    let(:format) { :json }
+
+    subject do
+      get :evidence, params: {
+        namespace_id: project.namespace,
+        project_id: project,
+        tag: tag,
+        format: format
+      }
+    end
+
+    before do
+      sign_in(user)
+    end
+
+    it 'returns the correct evidence summary as a json' do
+      subject
+
+      expect(json_response).to eq(release.evidence.summary)
+    end
+
+    context 'when the release was created before evidence existed' do
+      it 'returns an empty json' do
+        release.evidence.destroy
+
+        subject
+
+        expect(json_response).to eq({})
+      end
+    end
+  end
+
   private
   def get_index