Add latest changes from gitlab-org/gitlab@master

app/controllers/projects/merge_requests_controller.rb

@@ -221,11 +221,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   def ci_environments_status
     environments =
       if ci_environments_status_on_merge_result?
-        if Feature.enabled?(:deployment_merge_requests_widget, @project)
-          EnvironmentStatus.for_deployed_merge_request(@merge_request, current_user)
-        else
-          EnvironmentStatus.after_merge_request(@merge_request, current_user)
-        end
+        EnvironmentStatus.for_deployed_merge_request(@merge_request, current_user)
       else
         EnvironmentStatus.for_merge_request(@merge_request, current_user)
       end

app/helpers/search_helper.rb

@@ -143,7 +143,7 @@ module SearchHelper
   # Autocomplete results for the current project, if it's defined
   def project_autocomplete
-    if @project && @project.repository.exists? && @project.repository.root_ref
+    if @project && @project.repository.root_ref
       ref = @ref || @project.repository.root_ref
       [

app/models/project.rb

@@ -1514,7 +1514,7 @@ class Project < ApplicationRecord
   end
   def default_branch
-    @default_branch ||= repository.root_ref if repository.exists?
+    @default_branch ||= repository.root_ref
   end
   def reload_default_branch

app/workers/deployments/finished_worker.rb

@@ -10,17 +10,9 @@ module Deployments
     def perform(deployment_id)
       if (deploy = Deployment.find_by_id(deployment_id))
-        link_merge_requests(deploy)
+        LinkMergeRequestsService.new(deploy).execute
         deploy.execute_hooks
       end
     end
-
-    def link_merge_requests(deployment)
-      unless Feature.enabled?(:deployment_merge_requests, deployment.project)
-        return
-      end
-
-      LinkMergeRequestsService.new(deployment).execute
-    end
   end
 end

changelogs/unreleased/remove-deployment-feature-flags.yml

+---
+title: Track deployed merge requests using GitLab environments and deployments
+merge_request:
+author:
+type: added

doc/ci/runners/README.md

@@ -68,7 +68,7 @@ You can only register a shared Runner if you are an admin of the GitLab instance
 Shared Runners are enabled by default as of GitLab 8.2, but can be disabled
 with the **Disable shared Runners** button which is present under each project's
-**Settings ➔ CI/CD** page. Previous versions of GitLab defaulted shared
+**Settings > CI/CD** page. Previous versions of GitLab defaulted shared
 Runners to disabled.
 ## Registering a specific Runner
@@ -402,7 +402,7 @@ different places.
 To view the IP address of a shared Runner you must have admin access to
 the GitLab instance. To determine this:
-1. Visit **Admin Area ➔ Overview ➔ Runners**
+1. Visit **Admin Area > Overview > Runners**
 1. Look for the Runner in the table and you should see a column for "IP Address"
 ![shared Runner IP address](img/shared_runner_ip_address.png)
@@ -411,7 +411,7 @@ the GitLab instance. To determine this:
 You can find the IP address of a Runner for a specific project by:
-1. Visit your project's **Settings ➔ CI/CD**
+1. Visit your project's **Settings > CI/CD**
 1. Find the Runner and click on it's ID which links you to the details page
 1. On the details page you should see a row for "IP Address"

doc/user/admin_area/monitoring/health_check.md

@@ -141,7 +141,7 @@ This check is being exempt from Rack Attack.
 > Access token has been deprecated in GitLab 9.4 in favor of [IP whitelist](#ip-whitelist).
 An access token needs to be provided while accessing the probe endpoints. The current
-accepted token can be found under the **Admin Area ➔ Monitoring ➔ Health check**
+accepted token can be found under the **Admin Area > Monitoring > Health check**
 (`admin/health_check`) page of your GitLab instance.
 ![access token](img/health_check_token.png)

doc/user/profile/personal_access_tokens.md

@@ -6,15 +6,13 @@ type: concepts, howto
 > [Introduced][ce-3749] in GitLab 8.8.
-Personal access tokens are the preferred way for third party applications and scripts to
-authenticate with the [GitLab API][api], if using [OAuth2](../../api/oauth2.md) is not practical.
-You can also use personal access tokens to authenticate against Git over HTTP or SSH. They must be used when you have [Two-Factor Authentication (2FA)][2fa] enabled. Authenticate with a token in place of your password.
-To make [authenticated requests to the API][usage], use either the `private_token` parameter or the `Private-Token` header.
-The expiration of personal access tokens happens on the date you define,
-at midnight UTC.
+If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal access token to authenticate with the [GitLab API][api].
+You can also use personal access tokens with Git to authenticate over HTTP or SSH. Personal access tokens are required when [Two-Factor Authentication (2FA)][2fa] is enabled. In both cases, you can authenticate with a token in place of your password.
+Personal access tokens expire on the date you define, at midnight UTC.
+For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personal-access-tokens).
 ## Creating a personal access token

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -49,6 +49,9 @@ dependency_scanning:
           DS_PYTHON_VERSION \
           DS_PIP_VERSION \
           DS_PIP_DEPENDENCY_PATH \
+          GEMNASIUM_DB_LOCAL_PATH \
+          GEMNASIUM_DB_REMOTE_URL \
+          GEMNASIUM_DB_REF_NAME \
           PIP_INDEX_URL \
           PIP_EXTRA_INDEX_URL \
           PIP_REQUIREMENTS_FILE \

locale/gitlab.pot

@@ -12498,9 +12498,6 @@ msgstr ""
 msgid "Only project members will be imported. Group members will be skipped."
 msgstr ""
-msgid "Only these extensions are supported: %{extension_list}"
-msgstr ""
-
 msgid "Only users with an email address in this domain can be added to the group.<br>Example: <code>gitlab.com</code>. Some common domains are not allowed. %{read_more_link}."
 msgstr ""
@@ -21716,6 +21713,9 @@ msgstr ""
 msgid "disabled"
 msgstr ""
+msgid "does not have a supported extension. Only %{extension_list} are supported"
+msgstr ""
+
 msgid "done"
 msgstr ""

qa/qa/specs/features/browser_ui/1_manage/login/login_via_oauth_spec.rb

 # frozen_string_literal: true
 module QA
-  # Failure issue: https://gitlab.com/gitlab-org/gitlab/issues/36305
-  context 'Manage', :orchestrated, :oauth, :skip do
+  context 'Manage', :orchestrated, :oauth do
     describe 'OAuth login' do
       it 'User logs in to GitLab with GitHub OAuth' do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)

qa/qa/specs/features/browser_ui/non_devops/performance_bar_spec.rb

 # frozen_string_literal: true
 module QA
-  # https://gitlab.com/gitlab-org/gitlab/issues/38315
-  context 'Performance bar', :quarantine do
+  context 'Performance bar' do
     context 'when logged in as an admin user', :requires_admin do
       before do
         Flow::Login.sign_in_as_admin

qa/qa/vendor/github/page/login.rb

 # frozen_string_literal: true
 require 'capybara/dsl'
+require 'benchmark'
 module QA
   module Vendor
@@ -13,9 +14,15 @@ module QA
             click_on 'Sign in'
             Support::Retrier.retry_until(raise_on_failure: true, sleep_interval: 35) do
-              otp = OnePassword::CLI.new.otp
-              fill_in 'otp', with: otp
+              fresh_otp = nil
+              time = Benchmark.realtime do
+                fresh_otp = OnePassword::CLI.instance.fresh_otp
+              end
+
+              QA::Runtime::Logger.info("Returned fresh_otp: #{fresh_otp} in #{time} seconds")
+
+              fill_in 'otp', with: fresh_otp
               click_on 'Verify'

qa/qa/vendor/one_password/cli.rb

 # frozen_string_literal: true
+require 'benchmark'
+
 module QA
   module Vendor
     module OnePassword
       class CLI
+        include Singleton
+
         def initialize
           @email = QA::Runtime::Env.gitlab_qa_1p_email
           @password = QA::Runtime::Env.gitlab_qa_1p_password
@@ -11,14 +15,39 @@ module QA
           @github_uuid = QA::Runtime::Env.gitlab_qa_1p_github_uuid
         end
-        def otp
-          `#{op_path} get totp #{@github_uuid} --session=#{session_token}`.to_i
+        def fresh_otp
+          otps = []
+
+          # Fetches a fresh OTP and returns it only after op provides the same OTP twice
+          # An OTP is valid for 30 seconds so 70 attempts with 0.5 interval would ensure we complete 1 cycle
+          Support::Retrier.retry_until(max_attempts: 70, sleep_interval: 0.5) do
+            otps << fetch_otp
+            otps.size >= 3 && otps[-1] == otps[-2] && otps[-1] != otps[-3]
+          end
+
+          otps.last
         end
         private
+        def fetch_otp
+          result = nil
+
+          time = Benchmark.realtime do
+            result = `#{op_path} get totp #{@github_uuid} --session=#{session_token}`.to_i
+          end
+
+          QA::Runtime::Logger.info("Fetched OTP: #{result} in: #{time} seconds")
+
+          result
+        end
+
+        # OP session tokens are valid for 30 minutes. We are caching the session token here and this is fine currently
+        # as we just have one test that is not expected to go over 30 minutes.
+        # But note that if we add more tests that use this class, we might need to add a mechanism to invalidate
+        # the cache after 30 minutes or if the session_token is rejected by op CLI.
         def session_token
-          `echo '#{@password}' | #{op_path} signin gitlab.1password.com #{@email} #{@secret} --output=raw --shorthand=gitlab_qa`
+          @session_token ||= `echo '#{@password}' | #{op_path} signin gitlab.1password.com #{@email} #{@secret} --output=raw --shorthand=gitlab_qa`
         end
         def op_path

spec/controllers/projects/merge_requests_controller_spec.rb

@@ -1289,19 +1289,6 @@ describe Projects::MergeRequestsController do
       get_ci_environments_status(environment_target: 'merge_commit')
     end
-    context 'when the deployment_merge_requests_widget feature flag is disabled' do
-      it 'uses the deployments retrieved using CI builds' do
-        stub_feature_flags(deployment_merge_requests_widget: false)
-
-        expect(EnvironmentStatus)
-          .to receive(:after_merge_request)
-          .with(merge_request, user)
-          .and_call_original
-
-        get_ci_environments_status(environment_target: 'merge_commit')
-      end
-    end
-
     def get_ci_environments_status(extra_params = {})
       params = {
         namespace_id: merge_request.project.namespace.to_param,

spec/models/repository_spec.rb

@@ -1331,6 +1331,13 @@ describe Repository do
       repository.root_ref
     end
+    it 'returns nil if the repository does not exist' do
+      repository = create(:project).repository
+
+      expect(repository).not_to be_exists
+      expect(repository.root_ref).to be_nil
+    end
+
     it_behaves_like 'asymmetric cached method', :root_ref
   end

spec/workers/deployments/finished_worker_spec.rb

@@ -49,17 +49,5 @@ describe Deployments::FinishedWorker do
       expect(ProjectServiceWorker).not_to have_received(:perform_async)
     end
-
-    context 'when the tracking of merge requests is disabled' do
-      it 'does not track the deployed merge requests' do
-        stub_feature_flags(deployment_merge_requests: false)
-
-        deployment = create(:deployment)
-
-        expect(Deployments::LinkMergeRequestsService).not_to receive(:new)
-
-        worker.perform(deployment.id)
-      end
-    end
   end
 end