Add latest changes from gitlab-org/gitlab@master

82fa8a3d · GitLab Bot · 232655bf · 82fa8a3d · 82fa8a3d · 82fa8a3d
Commit 82fa8a3d authored 4 years ago by GitLab Bot
--- a/config/prometheus/common_metrics.yml
+++ b/config/prometheus/common_metrics.yml
@@ -17,6 +17,8 @@ panel_groups:
  - title: "Latency"
    type: "area-chart"
    y_label: "Latency (ms)"
+    y_axis:
+      format: milliseconds
    weight: 1
    metrics:
    - id: response_metrics_nginx_ingress_latency_pod_average
@@ -26,6 +28,8 @@ panel_groups:
  - title: "HTTP Error Rate"
    type: "area-chart"
    y_label: "HTTP Errors (%)"
+    y_axis:
+      format: percentHundred
    weight: 1
    metrics:
    - id: response_metrics_nginx_ingress_http_error_rate
@@ -138,6 +142,8 @@ panel_groups:
  - title: "HTTP Error Rate (Errors / Sec)"
    type: "area-chart"
    y_label: "HTTP 500 Errors / Sec"
+    y_axis:
+      precision: 0
    weight: 1
    metrics:
    - id: response_metrics_nginx_http_error_rate
@@ -150,6 +156,8 @@ panel_groups:
  - title: "Memory Usage (Total)"
    type: "area-chart"
    y_label: "Total Memory Used (GB)"
+    y_axis:
+      format: "gibibytes"
    weight: 4
    metrics:
    - id: system_metrics_kubernetes_container_memory_total
@@ -168,6 +176,8 @@ panel_groups:
  - title: "Memory Usage (Pod average)"
    type: "line-chart"
    y_label: "Memory Used per Pod (MB)"
+    y_axis:
+      format: "mebibytes"
    weight: 2
    metrics:
    - id: system_metrics_kubernetes_container_memory_average
@@ -177,6 +187,8 @@ panel_groups:
  - title: "Canary: Memory Usage (Pod Average)"
    type: "line-chart"
    y_label: "Memory Used per Pod (MB)"
+    y_axis:
+      format: "mebibytes"
    weight: 2
    metrics:
    - id: system_metrics_kubernetes_container_memory_average_canary
@@ -206,6 +218,8 @@ panel_groups:
  - title: "Knative function invocations"
    type: "area-chart"
    y_label: "Invocations"
+    y_axis:
+      precision: 0
    weight: 1
    metrics:
    - id: system_metrics_knative_function_invocation_count

--- a/db/migrate/20200309105539_add_index_services_on_template.rb
+++ b/db/migrate/20200309105539_add_index_services_on_template.rb
--- a/db/migrate/20200306160521_add_index_on_author_id_and_created_at_to_events.rb
+++ b/db/migrate/20200306160521_add_index_on_author_id_and_created_at_to_events.rb
+# frozen_string_literal: true
+
+class AddIndexOnAuthorIdAndCreatedAtToEvents < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :events, [:author_id, :created_at]
+  end
+
+  def down
+    remove_concurrent_index :events, [:author_id, :created_at]
+  end
+end
--- a/db/migrate/20200306170211_add_index_on_author_id_and_id_and_created_at_to_issues.rb
+++ b/db/migrate/20200306170211_add_index_on_author_id_and_id_and_created_at_to_issues.rb
+# frozen_string_literal: true
+
+class AddIndexOnAuthorIdAndIdAndCreatedAtToIssues < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :issues, [:author_id, :id, :created_at]
+  end
+
+  def down
+    remove_concurrent_index :issues, [:author_id, :id, :created_at]
+  end
+end
--- a/db/post_migrate/20200302142052_update_vulnerability_severity_column.rb
+++ b/db/post_migrate/20200302142052_update_vulnerability_severity_column.rb
+# frozen_string_literal: true
+
+class UpdateVulnerabilitySeverityColumn < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+  BATCH_SIZE = 1_000
+  INTERVAL = 2.minutes
+
+  def up
+    # create temporary index for undefined vulnerabilities
+    add_concurrent_index(:vulnerabilities, :id, where: 'severity = 0', name: 'undefined_vulnerability')
+
+    return unless Gitlab.ee?
+
+    migration = Gitlab::BackgroundMigration::RemoveUndefinedVulnerabilitySeverityLevel
+    migration_name = migration.to_s.demodulize
+    relation = migration::Vulnerability.undefined_severity
+    queue_background_migration_jobs_by_range_at_intervals(relation,
+                                                          migration_name,
+                                                          INTERVAL,
+                                                          batch_size: BATCH_SIZE)
+  end
+
+  def down
+    # no-op
+    # This migration can not be reversed because we can not know which records had undefined severity
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
  
-ActiveRecord::Schema.define(version: 2020_03_09_105539) do
+ActiveRecord::Schema.define(version: 2020_03_06_170531) do
  
  # These are extensions that must be enabled in order to support this database
  enable_extension "pg_trgm"
@@ -1616,6 +1616,7 @@ ActiveRecord::Schema.define(version: 2020_03_09_105539) do
    t.string "target_type"
    t.bigint "group_id"
    t.index ["action"], name: "index_events_on_action"
+    t.index ["author_id", "created_at"], name: "index_events_on_author_id_and_created_at"
    t.index ["author_id", "project_id"], name: "index_events_on_author_id_and_project_id"
    t.index ["created_at", "author_id"], name: "analytics_index_events_on_created_at_and_author_id"
    t.index ["group_id"], name: "index_events_on_group_id_partial", where: "(group_id IS NOT NULL)"
@@ -2206,6 +2207,7 @@ ActiveRecord::Schema.define(version: 2020_03_09_105539) do
    t.integer "duplicated_to_id"
    t.integer "promoted_to_epic_id"
    t.integer "health_status", limit: 2
+    t.index ["author_id", "id", "created_at"], name: "index_issues_on_author_id_and_id_and_created_at"
    t.index ["author_id"], name: "index_issues_on_author_id"
    t.index ["closed_by_id"], name: "index_issues_on_closed_by_id"
    t.index ["confidential"], name: "index_issues_on_confidential"
@@ -4454,6 +4456,7 @@ ActiveRecord::Schema.define(version: 2020_03_09_105539) do
    t.index ["dismissed_by_id"], name: "index_vulnerabilities_on_dismissed_by_id"
    t.index ["due_date_sourcing_milestone_id"], name: "index_vulnerabilities_on_due_date_sourcing_milestone_id"
    t.index ["epic_id"], name: "index_vulnerabilities_on_epic_id"
+    t.index ["id"], name: "undefined_vulnerability", where: "(severity = 0)"
    t.index ["last_edited_by_id"], name: "index_vulnerabilities_on_last_edited_by_id"
    t.index ["milestone_id"], name: "index_vulnerabilities_on_milestone_id"
    t.index ["project_id"], name: "index_vulnerabilities_on_project_id"

--- a/doc/api/deploy_tokens.md
+++ b/doc/api/deploy_tokens.md
@@ -72,6 +72,43 @@ Example response:
 ]
 ```
  
+### Create a project deploy token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21811) in GitLab 12.9.
+
+Creates a new deploy token for a project.
+
+```
+POST /projects/:id/deploy_tokens
+```
+
+| Attribute  | Type | Required | Description |
+| ---------  | ---- | -------- | ----------- |
+| `id`       | integer/string   | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `name`            | string    | yes | New deploy token's name |
+| `expires_at`      | datetime  | no  | Expiration date for the deploy token. Does not expire if no value is provided. |
+| `username`        | string    | no  | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
+| `scopes`   | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository` or `read_registry`. |
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --header "Content-Type: application/json" --data '{"name": "My deploy token", "expires_at": "2021-01-01", "username": "custom-user", "scopes": ["read_repository"]}' "https://gitlab.example.com/api/v4/projects/5/deploy_tokens/"
+```
+
+Example response:
+
+```json
+{
+  "id": 1,
+  "name": "My deploy token",
+  "username": "custom-user",
+  "expires_at": "2021-01-01T00:00:00.000Z",
+  "token": "jMRvtPNxrn3crTAGukpZ",
+  "scopes": [
+    "read_repository"
+  ]
+}
+```
+
 ## Group deploy tokens
  
 These endpoints require group maintainer access or higher.

--- a/doc/development/prometheus_metrics.md
+++ b/doc/development/prometheus_metrics.md
@@ -12,7 +12,10 @@ The requirement for adding a new metric is to make each query to have an unique
 - group: Response metrics (NGINX Ingress)
  metrics:
  - title: "Throughput"
-    y_label: "Requests / Sec"
+    y_axis:
+      name: "Requests / Sec"
+      format: "number"
+      precision: 2
    queries:
    - id: response_metrics_nginx_ingress_throughput_status_code
      query_range: 'sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) by (status_code)'

--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -52,8 +52,6 @@ Here's a list of the AWS services we will use, with links to pricing information
  will apply. If you want to run it on a dedicated or reserved instance,
  consult the [EC2 pricing page](https://aws.amazon.com/ec2/pricing/) for more
  information on the cost.
- **EBS**: We will also use an EBS volume to store the Git data. See the
-  [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
 - **S3**: We will use S3 to store backups, artifacts, LFS objects, etc. See the
  [Amazon S3 pricing](https://aws.amazon.com/s3/pricing/).
 - **ELB**: A Classic Load Balancer will be used to route requests to the
@@ -524,7 +522,7 @@ Let's create an EC2 instance where we'll install Gitaly:
 1. Click **Review and launch** followed by **Launch** if you're happy with your settings.
 1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**.
  
-  > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above.
+  > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
  
 Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server).
  

--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
@@ -7,9 +7,9 @@ type: howto
 GitLab can be configured to require confirmation of a user's email address when
 the user signs up. When this setting is enabled:
  
- For GitLab 12.1 and earlier, the user is unable to sign in until they confirm their
+- For GitLab 12.7 and earlier, the user is unable to sign in until they confirm their
  email address.
- For GitLab 12.2 and later, the user [has 30 days to confirm their email address](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31245).
+- For GitLab 12.8 and later, the user [has 30 days to confirm their email address](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31245).
  After 30 days, they will be unable to log in and access GitLab features.
  
 In **Admin Area > Settings** (`/admin/application_settings/general`), go to the section

--- a/doc/user/admin_area/settings/sign_up_restrictions.md
+++ b/doc/user/admin_area/settings/sign_up_restrictions.md
@@ -39,9 +39,9 @@ email domains to prevent malicious users from creating accounts.
 You can send confirmation emails during sign-up and require that users confirm
 their email address. If this setting is selected:
  
- For GitLab 12.1 and earlier, the user is unable to sign in until they confirm their
+- For GitLab 12.7 and earlier, the user is unable to sign in until they confirm their
  email address.
- For GitLab 12.2 and later, the user [has 30 days to confirm their email address](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31245).
+- For GitLab 12.8 and later, the user [has 30 days to confirm their email address](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31245).
  After 30 days, they will be unable to log in and access GitLab features.
  
 ![Email confirmation](img/email_confirmation_v12_7.png)

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -356,6 +356,31 @@ dast:
 The DAST job does not require the project's repository to be present when running, so by default
 [`GIT_STRATEGY`](../../../ci/yaml/README.md#git-strategy) is set to `none`.
  
+## Running DAST in an offline air-gapped installation
+
+DAST can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
+
+1. Host the DAST image `registry.gitlab.com/gitlab-org/security-products/dast:latest` in your local
+   Docker container registry.
+1. Add the following configuration to your `.gitlab-ci.yml` file. You must replace `image` to refer
+   to the DAST Docker image hosted on your local Docker container registry:
+
+   ```yaml
+   include:
+     - template: DAST.gitlab-ci.yml
+
+   dast:
+     image: registry.example.com/namespace/dast:latest
+     script:
+        - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
+        - /analyze -t $DAST_WEBSITE --auto-update-addons false -z"-silent"
+   ```
+
+The option `--auto-update-addons false` instructs ZAP not to update add-ons.
+
+The option `-z` passes the quoted `-silent` parameter to ZAP. The `-silent` parameter ensures ZAP
+does not make any unsolicited requests including checking for updates.
+
 ## Reports
  
 The DAST job can emit various reports.

--- a/doc/user/project/integrations/prometheus.md
+++ b/doc/user/project/integrations/prometheus.md
@@ -203,14 +203,17 @@ For example:
   panel_groups:
     - group: 'Group Title'
       panels:
-         - type: area-chart
-           title: "Chart Title"
-           y_label: "Y-Axis"
-           metrics:
-             - id: metric_of_ages
-               query_range: 'http_requests_total'
-               label: "Instance: {{instance}}, method: {{method}}"
-               unit: "count"
+       - type: area-chart
+         title: "Chart Title"
+         y_label: "Y-Axis"
+         y_axis:
+           format: number
+           precision: 0
+         metrics:
+         - id: my_metric_id
+           query_range: 'http_requests_total'
+           label: "Instance: {{instance}}, method: {{method}}"
+           unit: "count"
   ```
  
   The above sample dashboard would display a single area chart. Each file should
@@ -276,9 +279,18 @@ The following tables outline the details of expected properties.
 | `type` | enum | no, defaults to `area-chart` | Specifies the chart type to use, can be: `area-chart`, `line-chart` or `anomaly-chart`. |
 | `title` | string | yes | Heading for the panel. |
 | `y_label` | string | no, but highly encouraged | Y-Axis label for the panel. |
+| `y_axis` | string | no | Y-Axis configuration for the panel. |
 | `weight` | number | no, defaults to order in file | Order to appear within the grouping. Lower number means higher priority, which will be higher on the page. Numbers do not need to be consecutive. |
 | `metrics` | array | yes | The metrics which should be displayed in the panel. Any number of metrics can be displayed when `type` is `area-chart` or `line-chart`, whereas only 3 can be displayed when `type` is `anomaly-chart`. |
  
+**Axis (`panels[].y_axis`) properties:**
+
+| Property    | Type   | Required                  | Description                                                          |
+| ----------- | ------ | ------------------------- | -------------------------------------------------------------------- |
+| `name`      | string | no, but highly encouraged | Y-Axis label for the panel, it will replace `y_label` if set.        |
+| `format`    | string | no, defaults to `number`  | Unit format used. See the [full list of units](prometheus_units.md). |
+| `precision` | number | no, defaults to `2`       | Number of decimals to display in the number.                         |
+
 **Metrics (`metrics`) properties:**
  
 | Property | Type | Required | Description |
@@ -297,7 +309,7 @@ When a static label is used and a query returns multiple time series, then all t
  
 ```yaml
 metrics:
-  - id: metric_of_ages
+  - id: my_metric_id
    query_range: 'http_requests_total'
    label: "Time Series"
    unit: "count"
@@ -311,7 +323,7 @@ For labels to be more explicit, using variables that reflect time series labels
  
 ```yaml
 metrics:
-  - id: metric_of_ages
+  - id: my_metric_id
    query_range: 'http_requests_total'
    label: "Instance: {{instance}}, method: {{method}}"
    unit: "count"
@@ -325,7 +337,7 @@ There is also a shorthand value for dynamic dashboard labels that make use of on
  
 ```yaml
 metrics:
-  - id: metric_of_ages
+  - id: my_metric_id
    query_range: 'http_requests_total'
    label: "Method"
    unit: "count"
@@ -351,6 +363,9 @@ panel_groups:
      - type: area-chart # or line-chart
        title: 'Area Chart Title'
        y_label: "Y-Axis"
+        y_axis:
+          format: number
+          precision: 0
        metrics:
          - id: area_http_requests_total
            query_range: 'http_requests_total'

--- a/doc/user/project/integrations/prometheus_units.md
+++ b/doc/user/project/integrations/prometheus_units.md
+# Unit formats reference
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/201999) in GitLab 12.9.
+
+You can select units to format your charts by adding `format` to your
+[axis configuration](prometheus.md#dashboard-yaml-properties).
+
+## Numbers
+
+For generic data, numbers are formatted according to the current locale.
+
+Formats: `number`
+
+**Examples:**
+
+| Data      | Displayed |
+| --------- | --------- |
+| `10`      | 1         |
+| `1000`    | 1,000     |
+| `1000000` | 1,000,000 |
+
+## Percentage
+
+For percentage data, format numbers in the chart with a `%` symbol.
+
+Formats supported: `percent`, `percentHundred`
+
+**Examples:**
+
+| Format           | Data  | Displayed |
+| ---------------- | ----- | --------- |
+| `percent`        | `0.5` | 50%       |
+| `percent`        | `1`   | 100%      |
+| `percent`        | `2`   | 200%      |
+| `percentHundred` | `50`  | 50%       |
+| `percentHundred` | `100` | 100%      |
+| `percentHundred` | `200` | 200%      |
+
+## Duration
+
+For time durations, format numbers in the chart with a time unit symbol.
+
+Formats supported: `milliseconds`, `seconds`
+
+**Examples:**
+
+| Format         | Data   | Displayed |
+| -------------- | ------ | --------- |
+| `milliseconds` | `10`   | 10ms      |
+| `milliseconds` | `500`  | 100ms     |
+| `milliseconds` | `1000` | 1000ms    |
+| `seconds`      | `10`   | 10s       |
+| `seconds`      | `500`  | 500s      |
+| `seconds`      | `1000` | 1000s     |
+
+## Digital (Metric)
+
+Converts a number of bytes using metric prefixes. It scales to
+use the unit that's the best fit.
+
+Formats supported:
+
+- `decimalBytes`
+- `kilobytes`
+- `megabytes`
+- `gigabytes`
+- `terabytes`
+- `petabytes`
+
+**Examples:**
+
+| Format         | Data      | Displayed |
+| -------------- | --------- | --------- |
+| `decimalBytes` | `1`       | 1B        |
+| `decimalBytes` | `1000`    | 1kB       |
+| `decimalBytes` | `1000000` | 1MB       |
+| `kilobytes`    | `1`       | 1kB       |
+| `kilobytes`    | `1000`    | 1MB       |
+| `kilobytes`    | `1000000` | 1GB       |
+| `megabytes`    | `1`       | 1MB       |
+| `megabytes`    | `1000`    | 1GB       |
+| `megabytes`    | `1000000` | 1TB       |
+
+## Digital (IEC)
+
+Converts a number of bytes using binary prefixes. It scales to
+use the unit that's the best fit.
+
+Formats supported:
+
+- `bytes`
+- `kibibytes`
+- `mebibytes`
+- `gibibytes`
+- `tebibytes`
+- `pebibytes`
+
+**Examples:**
+
+| Format      | Data          | Displayed |
+| ----------- | ------------- | --------- |
+| `bytes`     | `1`           | 1B        |
+| `bytes`     | `1024`        | 1KiB      |
+| `bytes`     | `1024 * 1024` | 1MiB      |
+| `kibibytes` | `1`           | 1KiB      |
+| `kibibytes` | `1024`        | 1MiB      |
+| `kibibytes` | `1024 * 1024` | 1GiB      |
+| `mebibytes` | `1`           | 1MiB      |
+| `mebibytes` | `1024`        | 1GiB      |
+| `mebibytes` | `1024 * 1024` | 1TiB      |
--- a/lib/api/deploy_tokens.rb
+++ b/lib/api/deploy_tokens.rb
@@ -4,6 +4,17 @@ module API
  class DeployTokens < Grape::API
    include PaginationParams
  
+    helpers do
+      def scope_params
+        scopes = params.delete(:scopes)
+
+        result_hash = {}
+        result_hash[:read_registry] = scopes.include?('read_registry')
+        result_hash[:read_repository] = scopes.include?('read_repository')
+        result_hash
+      end
+    end
+
    desc 'Return all deploy tokens' do
      detail 'This feature was introduced in GitLab 12.9.'
      success Entities::DeployToken
@@ -33,6 +44,27 @@ module API
  
        present paginate(user_project.deploy_tokens), with: Entities::DeployToken
      end
+
+      params do
+        requires :name, type: String, desc: "New deploy token's name"
+        requires :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
+        requires :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
+        requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
+          desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository" or "read_registry".'
+      end
+      desc 'Create a project deploy token' do
+        detail 'This feature was introduced in GitLab 12.9'
+        success Entities::DeployTokenWithToken
+      end
+      post ':id/deploy_tokens' do
+        authorize!(:create_deploy_token, user_project)
+
+        deploy_token = ::Projects::DeployTokens::CreateService.new(
+          user_project, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
+        ).execute
+
+        present deploy_token, with: Entities::DeployTokenWithToken
+      end
    end
  
    params do

--- a/lib/api/entities/deploy_token_with_token.rb
+++ b/lib/api/entities/deploy_token_with_token.rb
+# frozen_string_literal: true
+
+module API
+  module Entities
+    class DeployTokenWithToken < Entities::DeployToken
+      expose :token
+    end
+  end
+end
--- a/lib/gitlab/background_migration/remove_undefined_vulnerability_severity_level.rb
+++ b/lib/gitlab/background_migration/remove_undefined_vulnerability_severity_level.rb
+# frozen_string_literal: true
+# rubocop:disable Style/Documentation
+
+module Gitlab
+  module BackgroundMigration
+    class RemoveUndefinedVulnerabilitySeverityLevel
+      def perform(start_id, stop_id)
+      end
+    end
+  end
+end
+
+Gitlab::BackgroundMigration::RemoveUndefinedVulnerabilitySeverityLevel.prepend_if_ee('EE::Gitlab::BackgroundMigration::RemoveUndefinedVulnerabilitySeverityLevel')
--- a/lib/gitlab/database/batch_count.rb
+++ b/lib/gitlab/database/batch_count.rb
@@ -28,7 +28,7 @@ module Gitlab
  
    class BatchCounter
      FALLBACK = -1
-      MIN_REQUIRED_BATCH_SIZE = 2_000
+      MIN_REQUIRED_BATCH_SIZE = 1_250
      MAX_ALLOWED_LOOPS = 10_000
      SLEEP_TIME_IN_SECONDS = 0.01 # 10 msec sleep
      # Each query should take <<500ms https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22705

--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -42,7 +42,7 @@ module Gitlab
          klass = stub_class(name)
          addr = stub_address(storage)
          creds = stub_creds(storage)
-          klass.new(addr, creds, interceptors: interceptors)
+          klass.new(addr, creds, interceptors: interceptors, channel_args: channel_args)
        end
      end
    end
@@ -54,6 +54,16 @@ module Gitlab
    end
    private_class_method :interceptors
  
+    def self.channel_args
+      # These values match the go Gitaly client
+      # https://gitlab.com/gitlab-org/gitaly/-/blob/bf9f52bc/client/dial.go#L78
+      {
+        'grpc.keepalive_time_ms': 20000,
+        'grpc.keepalive_permit_without_calls': 1
+      }
+    end
+    private_class_method :channel_args
+
    def self.stub_cert_paths
      cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"]
      cert_paths << OpenSSL::X509::DEFAULT_CERT_FILE if File.exist? OpenSSL::X509::DEFAULT_CERT_FILE

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -15422,6 +15422,9 @@ msgstr ""
 msgid "ProjectSettings|View and edit files in this project"
 msgstr ""
  
+msgid "ProjectSettings|View and edit files in this project. Non-project members will only have read access"
+msgstr ""
+
 msgid "ProjectSettings|When conflicts arise the user is given the option to rebase"
 msgstr ""
  
@@ -18174,6 +18177,9 @@ msgstr ""
 msgid "Snippets|Optionally add a description about what your snippet does or how to use it..."
 msgstr ""
  
+msgid "Snippets|Optionally add a description about what your snippet does or how to use it…"
+msgstr ""
+
 msgid "Snowplow"
 msgstr ""