Add latest changes from gitlab-org/gitlab@master

config/routes/admin.rb

@@ -107,7 +107,11 @@ namespace :admin do
     end
   end
-  resource :application_settings, only: [:show, :update] do
+  resource :application_settings, only: :update do
+    # This redirect should be removed with 13.0 release.
+    # https://gitlab.com/gitlab-org/gitlab/issues/199427
+    get '/', to: redirect('admin/application_settings/general'), as: nil
+
     resources :services, only: [:index, :edit, :update]
     get :usage_data

db/migrate/20191031095636_create_project_settings.rb

+# frozen_string_literal: true
+
+class CreateProjectSettings < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    create_table :project_settings, id: false do |t|
+      t.timestamps_with_timezone null: false
+      t.references :project, primary_key: true, default: nil, type: :integer, index: false, foreign_key: { on_delete: :cascade }
+    end
+  end
+end

db/migrate/20200207151640_create_deployment_clusters.rb

+# frozen_string_literal: true
+
+class CreateDeploymentClusters < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    create_table :deployment_clusters, id: false, force: :cascade do |t|
+      t.references :deployment, foreign_key: { on_delete: :cascade }, primary_key: true, type: :integer, index: false, default: nil
+      t.references :cluster, foreign_key: { on_delete: :cascade }, type: :integer, index: false, null: false
+      t.string :kubernetes_namespace, limit: 255
+
+      t.index [:cluster_id, :kubernetes_namespace], name: 'idx_deployment_clusters_on_cluster_id_and_kubernetes_namespace'
+      t.index [:cluster_id, :deployment_id], unique: true
+    end
+  end
+end

db/post_migrate/20200122123016_backfill_project_settings.rb

+# frozen_string_literal: true
+
+class BackfillProjectSettings < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  MIGRATION = 'BackfillProjectSettings'
+  DELAY_INTERVAL = 2.minutes
+  BATCH_SIZE = 10_000
+
+  disable_ddl_transaction!
+
+  class Project < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'projects'
+  end
+
+  def up
+    say "Scheduling `#{MIGRATION}` jobs"
+
+    queue_background_migration_jobs_by_range_at_intervals(Project, MIGRATION, DELAY_INTERVAL, batch_size: BATCH_SIZE)
+  end
+
+  def down
+    # NOOP
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2020_02_06_111847) do
+ActiveRecord::Schema.define(version: 2020_02_07_151640) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
@@ -1341,6 +1341,13 @@ ActiveRecord::Schema.define(version: 2020_02_06_111847) do
     t.index ["token_encrypted"], name: "index_deploy_tokens_on_token_encrypted", unique: true
   end
+  create_table "deployment_clusters", primary_key: "deployment_id", id: :integer, default: nil, force: :cascade do |t|
+    t.integer "cluster_id", null: false
+    t.string "kubernetes_namespace", limit: 255
+    t.index ["cluster_id", "deployment_id"], name: "index_deployment_clusters_on_cluster_id_and_deployment_id", unique: true
+    t.index ["cluster_id", "kubernetes_namespace"], name: "idx_deployment_clusters_on_cluster_id_and_kubernetes_namespace"
+  end
+
   create_table "deployment_merge_requests", id: false, force: :cascade do |t|
     t.integer "deployment_id", null: false
     t.integer "merge_request_id", null: false
@@ -3296,6 +3303,11 @@ ActiveRecord::Schema.define(version: 2020_02_06_111847) do
     t.index ["project_id"], name: "index_project_repository_states_on_project_id", unique: true
   end
+  create_table "project_settings", primary_key: "project_id", id: :integer, default: nil, force: :cascade do |t|
+    t.datetime_with_timezone "created_at", null: false
+    t.datetime_with_timezone "updated_at", null: false
+  end
+
   create_table "project_statistics", id: :serial, force: :cascade do |t|
     t.integer "project_id", null: false
     t.integer "namespace_id", null: false
@@ -3745,7 +3757,7 @@ ActiveRecord::Schema.define(version: 2020_02_06_111847) do
     t.string "sso_url", null: false
     t.boolean "enforced_sso", default: false, null: false
     t.boolean "enforced_group_managed_accounts", default: false, null: false
-    t.boolean "prohibited_outer_forks", default: false, null: false
+    t.boolean "prohibited_outer_forks", default: false
     t.index ["group_id"], name: "index_saml_providers_on_group_id"
   end
@@ -4659,6 +4671,8 @@ ActiveRecord::Schema.define(version: 2020_02_06_111847) do
   add_foreign_key "dependency_proxy_blobs", "namespaces", column: "group_id", on_delete: :cascade
   add_foreign_key "dependency_proxy_group_settings", "namespaces", column: "group_id", on_delete: :cascade
   add_foreign_key "deploy_keys_projects", "projects", name: "fk_58a901ca7e", on_delete: :cascade
+  add_foreign_key "deployment_clusters", "clusters", on_delete: :cascade
+  add_foreign_key "deployment_clusters", "deployments", on_delete: :cascade
   add_foreign_key "deployment_merge_requests", "deployments", on_delete: :cascade
   add_foreign_key "deployment_merge_requests", "merge_requests", on_delete: :cascade
   add_foreign_key "deployments", "clusters", name: "fk_289bba3222", on_delete: :nullify
@@ -4881,6 +4895,7 @@ ActiveRecord::Schema.define(version: 2020_02_06_111847) do
   add_foreign_key "project_repositories", "projects", on_delete: :cascade
   add_foreign_key "project_repositories", "shards", on_delete: :restrict
   add_foreign_key "project_repository_states", "projects", on_delete: :cascade
+  add_foreign_key "project_settings", "projects", on_delete: :cascade
   add_foreign_key "project_statistics", "projects", on_delete: :cascade
   add_foreign_key "project_tracing_settings", "projects", on_delete: :cascade
   add_foreign_key "projects", "pool_repositories", name: "fk_6e5c14658a", on_delete: :nullify

doc/administration/geo/replication/configuration.md

@@ -249,7 +249,7 @@ on the **secondary** node.
 Geo synchronizes repositories over HTTP/HTTPS, and therefore requires this clone
 method to be enabled. Navigate to **Admin Area > Settings**
-(`/admin/application_settings`) on the **primary** node, and set
+(`/admin/application_settings/general`) on the **primary** node, and set
 `Enabled Git access protocols` to `Both SSH and HTTP(S)` or `Only HTTP(S)`.
 ### Step 7. Verify proper functioning of the **secondary** node

doc/administration/raketasks/project_import_export.md

@@ -33,8 +33,8 @@ bundle exec rake gitlab:import_export:data RAILS_ENV=production
 Note the following:
 - Importing is not possible if the version of the import instance is older than that of the exporter.
-- The project import option must be enabled in
-  application settings (`/admin/application_settings`) under **Import sources**, which is available
+- The project import option must be enabled in application settings
+  (`/admin/application_settings/general`) under **Import sources**, which is available
   under **{admin}** **Admin Area >** **{settings}** **Settings > Visibility and access controls**.
 - The exports are stored in a temporary [shared directory](../../development/shared_files.md)
   and are deleted every 24 hours by a specific worker.

doc/api/settings.md

@@ -2,7 +2,7 @@
 These API calls allow you to read and modify GitLab instance
 [application settings](#list-of-settings-that-can-be-accessed-via-api-calls)
-as appear in `/admin/application_settings`. You have to be an
+as appear in `/admin/application_settings/general`. You have to be an
 administrator in order to perform this action.
 ## Get current application settings

doc/development/documentation/styleguide.md

@@ -201,7 +201,7 @@ The table below shows what kind of documentation goes where.
       describing what can be achieved by accessing GitLab's admin interface
       (_not to be confused with `doc/administration` where server access is
       required_).
-      1. Every category under `/admin/application_settings` should have its
+      1. Every category under `/admin/application_settings/` should have its
          own document located at `doc/user/admin_area/settings/`. For example,
          the **Visibility and Access Controls** category should have a document
          located at `doc/user/admin_area/settings/visibility_and_access_controls.md`.

doc/development/sidekiq_style_guide.md

@@ -276,6 +276,18 @@ class SomeCrossCuttingConcernWorker
 end
 ```
+## Job weights
+
+Some jobs have a weight declared. This is only used when running Sidekiq
+in the default execution mode - using
+[`sidekiq-cluster`](../administration/operations/extra_sidekiq_processes.md)
+does not account for weights.
+
+As we are [moving towards using `sidekiq-cluster` in
+Core](https://gitlab.com/gitlab-org/gitlab/issues/34396), newly-added
+workers do not need to have weights specified. They can simply use the
+default weight, which is 1.
+
 ## Worker context
 To have some more information about workers in the logs, we add

doc/security/password_length_limits.md

@@ -49,7 +49,7 @@ From GitLab 12.6, the minimum password length set in this configuration file wil
 The user password length is set to a minimum of 8 characters by default.
 To change that using GitLab UI:
-In **Admin Area > Settings** (`/admin/application_settings`), go to the section **Sign-up restrictions**.
+In **Admin Area > Settings** (`/admin/application_settings/general`), go to the section **Sign-up restrictions**.
 [Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png)

doc/security/ssh_keys_restrictions.md

@@ -17,7 +17,7 @@ algorithms.
 GitLab allows you to restrict the allowed SSH key technology as well as specify
 the minimum key length for each technology.
-In **Admin Area > Settings** (`/admin/application_settings`), expand the
+In **Admin Area > Settings** (`/admin/application_settings/general`), expand the
 **Visibility and access controls** section:
 ![SSH keys restriction admin settings](img/ssh_keys_restrictions_settings.png)

doc/security/two_factor_authentication.md

@@ -25,7 +25,8 @@ won't be able to leave the 2FA configuration area at `/profile/two_factor_auth`.
 To enable 2FA for all users:
-1. Navigate to **Admin Area > Settings > General** (`/admin/application_settings`).
+1. Navigate to **Admin Area > Settings > General**
+   (`/admin/application_settings/general`).
 1. Expand the **Sign-in restrictions** section, where you can configure both.
 If you want 2FA enforcement to take effect on next login, change the grace

doc/security/user_email_confirmation.md

@@ -8,7 +8,7 @@ GitLab can be configured to require confirmation of a user's email address when
 the user signs up. When this setting is enabled, the user is unable to sign in until
 they confirm their email address.
-In **Admin Area > Settings** (`/admin/application_settings`), go to the section
+In **Admin Area > Settings** (`/admin/application_settings/general`), go to the section
 **Sign-up Restrictions** and look for the **Send confirmation email on sign-up** option.
 <!-- ## Troubleshooting

doc/user/project/settings/import_export.md

@@ -17,8 +17,8 @@ Note the following:
 - Importing is not possible if the import instance version differs from
   that of the exporter.
-- The project import option must be enabled in
-  application settings (`/admin/application_settings`) under under **Import sources**, which is
+- The project import option must be enabled in application settings
+  (`/admin/application_settings/general`) under **Import sources**, which is
   available under **{admin}** **Admin Area >** **{settings}** **Settings > Visibility and access controls**.
   Ask your administrator if you don't see the **GitLab export** button when
   creating a new project.

lib/gitlab/background_migration/backfill_project_settings.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # Backfill project_settings for a range of projects
+    class BackfillProjectSettings
+      def perform(start_id, end_id)
+        ActiveRecord::Base.connection.execute <<~SQL
+          INSERT INTO project_settings (project_id, created_at, updated_at)
+            SELECT projects.id, now(), now()
+            FROM projects
+            WHERE projects.id BETWEEN #{start_id} AND #{end_id}
+          ON CONFLICT (project_id) DO NOTHING;
+        SQL
+      end
+    end
+  end
+end

lib/gitlab/ci/pipeline/seed/deployment.rb

@@ -24,8 +24,14 @@ module Gitlab
             # non-environment job.
             return unless deployment.valid? && deployment.environment.persisted?
-            deployment.cluster_id =
-              deployment.environment.deployment_platform&.cluster_id
+            if cluster_id = deployment.environment.deployment_platform&.cluster_id
+              # double write cluster_id until 12.9: https://gitlab.com/gitlab-org/gitlab/issues/202628
+              deployment.cluster_id = cluster_id
+              deployment.deployment_cluster = ::DeploymentCluster.new(
+                cluster_id: cluster_id,
+                kubernetes_namespace: deployment.environment.deployment_namespace
+              )
+            end
             # Allocate IID for deployments.
             # This operation must be outside of transactions of pipeline creations.

lib/gitlab/ci/status/build/failed.rb

@@ -18,7 +18,12 @@ module Gitlab
             archived_failure: 'archived failure',
             unmet_prerequisites: 'unmet prerequisites',
             scheduler_failure: 'scheduler failure',
-            data_integrity_failure: 'data integrity failure'
+            data_integrity_failure: 'data integrity failure',
+            invalid_bridge_trigger: 'downstream pipeline trigger definition is invalid',
+            downstream_bridge_project_not_found: 'downstream project could not be found',
+            insufficient_bridge_permissions: 'no permissions to trigger downstream pipeline',
+            bridge_pipeline_is_child_pipeline: 'creation of child pipeline not allowed from another child pipeline',
+            downstream_pipeline_creation_failed: 'downstream pipeline can not be created'
           }.freeze
           private_constant :REASONS

rubocop/cop/scalability/cron_worker_context.rb

@@ -23,7 +23,7 @@ module RuboCop
         PATTERN
         def_node_search :schedules_with_batch_context?, <<~PATTERN
-          (send (...) {:bulk_perform_async_with_contexts :bulk_perform_in_with_contexts} (...))
+          (send (...) {:bulk_perform_async_with_contexts :bulk_perform_in_with_contexts} _*)
         PATTERN
         def on_send(node)

spec/controllers/admin/application_settings_controller_spec.rb

@@ -56,49 +56,49 @@ describe Admin::ApplicationSettingsController do
     it 'updates the password_authentication_enabled_for_git setting' do
       put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.password_authentication_enabled_for_git).to eq(false)
     end
     it 'updates the default_project_visibility for string value' do
       put :update, params: { application_setting: { default_project_visibility: "20" } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.default_project_visibility).to eq(Gitlab::VisibilityLevel::PUBLIC)
     end
     it 'update the restricted levels for string values' do
       put :update, params: { application_setting: { restricted_visibility_levels: %w[10 20] } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.restricted_visibility_levels).to eq([10, 20])
     end
     it 'updates the restricted_visibility_levels when empty array is passed' do
       put :update, params: { application_setting: { restricted_visibility_levels: [""] } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty
     end
     it 'updates the receive_max_input_size setting' do
       put :update, params: { application_setting: { receive_max_input_size: "1024" } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.receive_max_input_size).to eq(1024)
     end
     it 'updates the default_project_creation for string value' do
       put :update, params: { application_setting: { default_project_creation: ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.default_project_creation).to eq(::Gitlab::Access::MAINTAINER_PROJECT_ACCESS)
     end
     it 'updates minimum_password_length setting' do
       put :update, params: { application_setting: { minimum_password_length: 10 } }
-      expect(response).to redirect_to(admin_application_settings_path)
+      expect(response).to redirect_to(general_admin_application_settings_path)
       expect(ApplicationSetting.current.minimum_password_length).to eq(10)
     end