Add latest changes from gitlab-org/gitlab@12-4-stable-ee

changelogs/unreleased/use-long_timeout-for-fetch_internal_remote_gitaly-rpc.yml

+---
+title: Increase timeout for FetchInternalRemote RPC call
+merge_request: 18908
+author:
+type: fixed

changelogs/unreleased/user-deactivation-minimum-days-extend.yml

+---
+title: Increased deactivation threshold to 180 days
+merge_request: 18902
+author:
+type: changed

db/migrate/20191016072826_replace_ci_trigger_requests_index.rb

@@ -10,7 +10,12 @@ class ReplaceCiTriggerRequestsIndex < ActiveRecord::Migration[5.2]
   def up
     add_concurrent_index :ci_trigger_requests, [:trigger_id, :id], order: { id: :desc }
-    remove_concurrent_index :ci_trigger_requests, [:trigger_id]
+    # Some installations have legacy, duplicate indexes on
+    # ci_trigger_requests.trigger_id. Rails won't drop them without an
+    # explicit name: https://gitlab.com/gitlab-org/gitlab/issues/34818
+    old_index_names.each do |name|
+      remove_concurrent_index :ci_trigger_requests, [:trigger_id], name: name
+    end
   end
   def down
@@ -18,4 +23,10 @@ class ReplaceCiTriggerRequestsIndex < ActiveRecord::Migration[5.2]
     remove_concurrent_index :ci_trigger_requests, [:trigger_id, :id], order: { id: :desc }
   end
+
+  private
+
+  def old_index_names
+    indexes(:ci_trigger_requests).select { |i| i.columns == ['trigger_id'] }.map(&:name)
+  end
 end

db/migrate/20191026041447_change_default_value_of_throttle_protected_paths.rb

+# frozen_string_literal: true
+
+class ChangeDefaultValueOfThrottleProtectedPaths < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    change_column_default :application_settings, :throttle_protected_paths_enabled, false
+
+    # Because we already set the value to true in the previous
+    # migration, this feature was switched on inadvertently in GitLab
+    # 12.4. This migration toggles it back off to ensure we don't
+    # inadvertently block legitimate users. The admin will have to
+    # re-enable it in the application settings.
+    unless omnibus_protected_paths_present?
+      execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{false_value}"
+    end
+  end
+
+  def down
+    change_column_default :application_settings, :throttle_protected_paths_enabled, true
+
+    execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{true_value}"
+  end
+
+  private
+
+  def omnibus_protected_paths_present?
+    Rack::Attack.throttles.key?('protected paths')
+  rescue e
+    say "Error while checking if Omnibus protected paths were already enabled: #{e.message}"
+    say 'Continuing. Protected paths will remain enabled.'
+
+    # Return true so we don't take a risk
+    true
+  end
+end

db/post_migrate/20190911251732_sync_issuables_state_id.rb

@@ -62,6 +62,7 @@ class SyncIssuablesStateId < ActiveRecord::Migration[5.2]
       CASE state
       WHEN 'opened' THEN 1
       WHEN 'closed' THEN 2
+      ELSE 2
       END
     SQL
   end
@@ -73,6 +74,7 @@ class SyncIssuablesStateId < ActiveRecord::Migration[5.2]
       WHEN 'closed' THEN 2
       WHEN 'merged' THEN 3
       WHEN 'locked' THEN 4
+      ELSE 2
       END
     SQL
   end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2019_10_16_220135) do
+ActiveRecord::Schema.define(version: 2019_10_26_041447) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
@@ -331,7 +331,7 @@ ActiveRecord::Schema.define(version: 2019_10_16_220135) do
     t.string "encrypted_asset_proxy_secret_key_iv"
     t.string "static_objects_external_storage_url", limit: 255
     t.string "static_objects_external_storage_auth_token", limit: 255
-    t.boolean "throttle_protected_paths_enabled", default: true, null: false
+    t.boolean "throttle_protected_paths_enabled", default: false, null: false
     t.integer "throttle_protected_paths_requests_per_period", default: 10, null: false
     t.integer "throttle_protected_paths_period_in_seconds", default: 60, null: false
     t.string "protected_paths", limit: 255, default: ["/users/password", "/users/sign_in", "/api/v3/session.json", "/api/v3/session", "/api/v4/session.json", "/api/v4/session", "/users", "/users/confirmation", "/unsubscribes/", "/import/github/personal_access_token"], array: true

doc/api/users.md

@@ -1172,7 +1172,7 @@ Returns:
 - `404 User Not Found` if user cannot be found.
 - `403 Forbidden` when trying to deactivate a user:
   - Blocked by admin or by LDAP synchronization.
-  - That has any activity in past 14 days. These cannot be deactivated.
+  - That has any activity in past 180 days. These users cannot be deactivated.
 ## Activate user

doc/ci/triggers/README.md

@@ -32,11 +32,10 @@ to protect trigger tokens.
 You can use the `CI_JOB_TOKEN` [variable][predef] (used to authenticate
 with the [GitLab Container Registry][registry]) in the following cases.
-#### When used with multi-project pipelines **(PREMIUM)**
-> **Note**:
-The use of `CI_JOB_TOKEN` for multi-project pipelines was [introduced][ee-2017]
-in [GitLab Premium][ee] 9.3.
+#### When used with multi-project pipelines
+> - Use of `CI_JOB_TOKEN` for multi-project pipelines was [introduced][ee-2017] in [GitLab Premium][ee] 9.3.
+> - Use of `CI_JOB_TOKEN` for multi-project pipelines was [made available](https://gitlab.com/gitlab-org/gitlab/issues/31573) in all tiers in GitLab 12.4.
 This way of triggering can only be used when invoked inside `.gitlab-ci.yml`,
 and it creates a dependent pipeline relation visible on the

doc/user/analytics/productivity_analytics.md

 # Productivity Analytics **(PREMIUM)**
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12079) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.3 (enabled by default using the feature flags `productivity_analytics`, `productivity_analytics_scatterplot_enabled`).
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12079) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.3.
 Track development velocity with Productivity Analytics.
@@ -52,3 +52,29 @@ The **Productivity Analytics** dashboard can be accessed only:
 - On [Premium or Silver tier](https://about.gitlab.com/pricing/) and above.
 - By users with [Reporter access](../permissions.md) and above.
+
+## Enabling and disabling using feature flags
+
+Productivity Analytics is:
+
+- [Enabled by default](https://gitlab.com/gitlab-org/gitlab/merge_requests/18754) from GitLab 12.4,
+  but can be disabled using the following feature flags:
+  - `productivity_analytics`.
+  - `productivity_analytics_scatterplot_enabled`.
+- Disabled by default in GitLab 12.3, but can be enabled using the following feature flag:
+  - `productivity_analytics`.
+
+A GitLab administrator can:
+
+- Disable this feature from GitLab 12.4 by running the follow in a Rails console:
+
+  ```ruby
+  Feature.disable(:productivity_analytics)
+  Feature.disable(:productivity_analytics_scatterplot_enabled)
+  ```
+
+- Enable this feature in GitLab 12.3 by running the following in a Rails console:
+
+  ```ruby
+  Feature.enable(:productivity_analytics)
+  ```

doc/user/profile/account/delete_account.md

@@ -71,7 +71,7 @@ To do this:
 Please note that for the deactivation option to be visible to an admin, the user:
 - Must be currently active.
-- Should not have any activity in the last 14 days.
+- Should not have any activity in the last 180 days.
 ### Activating a user

lib/gitlab/ci/ansi2html.rb

@@ -220,7 +220,7 @@ module Gitlab
           return if @sections.include?(section)
           @sections << section
-          write_raw %{<div class="js-section-start section-start fa fa-caret-down pr-2 cursor-pointer" data-timestamp="#{timestamp}" data-section="#{data_section_names}" role="button"></div>}
+          write_raw %{<div class="section-start" data-timestamp="#{timestamp}" data-section="#{data_section_names}" role="button"></div>}
           @lineno_in_section = 0
         end
@@ -308,7 +308,7 @@ module Gitlab
             css_classes << "section"
             css_classes << if @lineno_in_section == 0
-                             "js-section-header section-header cursor-pointer"
+                             "section-header"
                            else
                              "line"
                            end

lib/gitlab/gitaly_client.rb

@@ -362,13 +362,17 @@ module Gitlab
     end
     def self.long_timeout
-      if Sidekiq.server?
-        6.hours
-      else
+      if web_app_server?
         default_timeout
+      else
+        6.hours
       end
     end
+    def self.web_app_server?
+      defined?(::Unicorn) || defined?(::Puma)
+    end
+
     def self.storage_metadata_file_path(storage)
       Gitlab::GitalyClient::StorageSettings.allow_disk_access do
         File.join(

lib/gitlab/gitaly_client/remote_service.rb

@@ -49,7 +49,7 @@ module Gitlab
         response = GitalyClient.call(@storage, :remote_service,
                                      :fetch_internal_remote, request,
-                                     timeout: GitalyClient.medium_timeout,
+                                     timeout: GitalyClient.long_timeout,
                                      remote_storage: repository.storage)
         response.result

lib/gitlab/import_export/relation_factory.rb

@@ -292,9 +292,11 @@ module Gitlab
             existing_object
           else
-            object = relation_class.new
-
-            # Use #assign_attributes here to call object custom setters
+            # Because of single-type inheritance, we need to be careful to use the `type` field
+            # See https://gitlab.com/gitlab-org/gitlab/issues/34860#note_235321497
+            inheritance_column = relation_class.try(:inheritance_column)
+            inheritance_attributes = parsed_relation_hash.slice(inheritance_column)
+            object = relation_class.new(inheritance_attributes)
             object.assign_attributes(parsed_relation_hash)
             object
           end

lib/gitlab/metrics/requests_rack_middleware.rb

@@ -35,7 +35,7 @@ module Gitlab
       def self.initialize_http_request_duration_seconds
         HTTP_METHODS.each do |method, statuses|
           statuses.each do |status|
-            http_request_duration_seconds.get({ method: method, status: status })
+            http_request_duration_seconds.get({ method: method, status: status.to_i })
           end
         end
       end

locale/gitlab.pot

@@ -4361,6 +4361,9 @@ msgstr ""
 msgid "Container registry images"
 msgstr ""
+msgid "Container registry is not enabled on this GitLab instance. Ask an administrator to enable it in order for AutoDevOps to work."
+msgstr ""
+
 msgid "ContainerRegistry|Container Registry"
 msgstr ""

spec/controllers/admin/users_controller_spec.rb

@@ -123,7 +123,7 @@ describe Admin::UsersController do
           put :deactivate, params: { id: user.username }
           user.reload
           expect(user.deactivated?).to be_falsey
-          expect(flash[:notice]).to eq("The user you are trying to deactivate has been active in the past 14 days and cannot be deactivated")
+          expect(flash[:notice]).to eq("The user you are trying to deactivate has been active in the past #{::User::MINIMUM_INACTIVE_DAYS} days and cannot be deactivated")
         end
       end
     end

spec/controllers/uploads_controller_spec.rb

@@ -7,9 +7,9 @@ shared_examples 'content 5 min private cached with revalidation' do
   end
 end
-shared_examples 'content long term private cached with revalidation' do
+shared_examples 'content not cached' do
   it 'ensures content will not be cached without revalidation' do
-    expect(subject['Cache-Control']).to eq('max-age=15778476, private, must-revalidate')
+    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
   end
 end
@@ -490,7 +490,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
-          it_behaves_like 'content long term private cached with revalidation' do
+          it_behaves_like 'content not cached' do
             subject do
               get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
@@ -510,7 +510,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
-          it_behaves_like 'content long term private cached with revalidation' do
+          it_behaves_like 'content not cached' do
             subject do
               get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
@@ -563,7 +563,7 @@ describe UploadsController do
                 expect(response).to have_gitlab_http_status(200)
               end
-              it_behaves_like 'content long term private cached with revalidation' do
+              it_behaves_like 'content not cached' do
                 subject do
                   get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }

spec/features/projects/show/user_interacts_with_auto_devops_banner_spec.rb

@@ -57,5 +57,18 @@ describe 'Project > Show > User interacts with auto devops implicitly enabled ba
         expect(page).not_to have_css('.auto-devops-implicitly-enabled-banner')
       end
     end
+
+    context 'when AutoDevOps enabled but container registry is disabled' do
+      before do
+        stub_application_setting(auto_devops_enabled: true)
+        stub_container_registry_config(enabled: false)
+
+        visit project_path(project)
+      end
+
+      it 'shows message that container registry is disabled' do
+        expect(page).to have_content('Container registry is not enabled on this GitLab instance')
+      end
+    end
   end
 end

spec/fixtures/lib/gitlab/import_export/project.json

@@ -6226,7 +6226,9 @@
               "job_id": null,
               "name": "test build 1",
               "deploy": false,
-              "options": null,
+              "options": {
+                "image": "busybox:latest"
+              },
               "allow_failure": false,
               "stage": "test",
               "trigger_request_id": null,