Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/tracking.js

@@ -102,6 +102,7 @@ export function initUserTracking() {
   window.snowplow('enableActivityTracking', 30, 30);
   window.snowplow('trackPageView'); // must be after enableActivityTracking
+  if (opts.userId) window.snowplow('setUserId', opts.userId);
   if (opts.formTracking) window.snowplow('enableFormTracking');
   if (opts.linkClickTracking) window.snowplow('enableLinkClickTracking');

app/finders/issuable_finder.rb

@@ -483,6 +483,7 @@ class IssuableFinder
   # rubocop: disable CodeReuse/ActiveRecord
   def by_search(items)
     return items unless search
+    return items if items.is_a?(ActiveRecord::NullRelation)
     if use_cte_for_search?
       cte = Gitlab::SQL::RecursiveCTE.new(klass.table_name)

app/services/system_note_service.rb

@@ -128,82 +128,37 @@ module SystemNoteService
   # Called when 'merge when pipeline succeeds' is executed
   def merge_when_pipeline_succeeds(noteable, project, author, sha)
-    body = "enabled an automatic merge when the pipeline for #{sha} succeeds"
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).merge_when_pipeline_succeeds(sha)
   end
   # Called when 'merge when pipeline succeeds' is canceled
   def cancel_merge_when_pipeline_succeeds(noteable, project, author)
-    body = 'canceled the automatic merge'
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).cancel_merge_when_pipeline_succeeds
   end
   # Called when 'merge when pipeline succeeds' is aborted
   def abort_merge_when_pipeline_succeeds(noteable, project, author, reason)
-    body = "aborted the automatic merge because #{reason}"
-
-    ##
-    # TODO: Abort message should be sent by the system, not a particular user.
-    # See https://gitlab.com/gitlab-org/gitlab-foss/issues/63187.
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).abort_merge_when_pipeline_succeeds(reason)
   end
   def handle_merge_request_wip(noteable, project, author)
-    prefix = noteable.work_in_progress? ? "marked" : "unmarked"
-
-    body = "#{prefix} as a **Work In Progress**"
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'title'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).handle_merge_request_wip
   end
   def add_merge_request_wip_from_commit(noteable, project, author, commit)
-    body = "marked as a **Work In Progress** from #{commit.to_reference(project)}"
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'title'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).add_merge_request_wip_from_commit(commit)
   end
   def resolve_all_discussions(merge_request, project, author)
-    body = "resolved all threads"
-
-    create_note(NoteSummary.new(merge_request, project, author, body, action: 'discussion'))
+    ::SystemNotes::MergeRequestsService.new(noteable: merge_request, project: project, author: author).resolve_all_discussions
   end
   def discussion_continued_in_issue(discussion, project, author, issue)
-    body = "created #{issue.to_reference} to continue this discussion"
-    note_attributes = discussion.reply_attributes.merge(project: project, author: author, note: body)
-
-    note = Note.create(note_attributes.merge(system: true, created_at: issue.system_note_timestamp))
-    note.system_note_metadata = SystemNoteMetadata.new(action: 'discussion')
-
-    note
+    ::SystemNotes::MergeRequestsService.new(project: project, author: author).discussion_continued_in_issue(discussion, issue)
   end
   def diff_discussion_outdated(discussion, project, author, change_position)
-    merge_request = discussion.noteable
-    diff_refs = change_position.diff_refs
-    version_index = merge_request.merge_request_diffs.viewable.count
-    position_on_text = change_position.on_text?
-    text_parts = ["changed this #{position_on_text ? 'line' : 'file'} in"]
-
-    if version_params = merge_request.version_params_for(diff_refs)
-      repository = project.repository
-      anchor = position_on_text ? change_position.line_code(repository) : change_position.file_hash
-      url = url_helpers.diffs_project_merge_request_path(project, merge_request, version_params.merge(anchor: anchor))
-
-      text_parts << "[version #{version_index} of the diff](#{url})"
-    else
-      text_parts << "version #{version_index} of the diff"
-    end
-
-    body = text_parts.join(' ')
-    note_attributes = discussion.reply_attributes.merge(project: project, author: author, note: body)
-
-    note = Note.create(note_attributes.merge(system: true))
-    note.system_note_metadata = SystemNoteMetadata.new(action: 'outdated')
-
-    note
+    ::SystemNotes::MergeRequestsService.new(project: project, author: author).diff_discussion_outdated(discussion, change_position)
   end
   def change_title(noteable, project, author, old_title)
@@ -233,9 +188,7 @@ module SystemNoteService
   #
   # Returns the created Note object
   def change_branch(noteable, project, author, branch_type, old_branch, new_branch)
-    body = "changed #{branch_type} branch from `#{old_branch}` to `#{new_branch}`"
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'branch'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).change_branch(branch_type, old_branch, new_branch)
   end
   # Called when a branch in Noteable is added or deleted
@@ -253,16 +206,7 @@ module SystemNoteService
   #
   # Returns the created Note object
   def change_branch_presence(noteable, project, author, branch_type, branch, presence)
-    verb =
-      if presence == :add
-        'restored'
-      else
-        'deleted'
-      end
-
-    body = "#{verb} #{branch_type} branch `#{branch}`"
-
-    create_note(NoteSummary.new(noteable, project, author, body, action: 'branch'))
+    ::SystemNotes::MergeRequestsService.new(noteable: noteable, project: project, author: author).change_branch_presence(branch_type, branch, presence)
   end
   # Called when a branch is created from the 'new branch' button on a issue
@@ -270,18 +214,11 @@ module SystemNoteService
   #
   #   "created branch `201-issue-branch-button`"
   def new_issue_branch(issue, project, author, branch, branch_project: nil)
-    branch_project ||= project
-    link = url_helpers.project_compare_path(branch_project, from: branch_project.default_branch, to: branch)
-
-    body = "created branch [`#{branch}`](#{link}) to address this issue"
-
-    create_note(NoteSummary.new(issue, project, author, body, action: 'branch'))
+    ::SystemNotes::MergeRequestsService.new(noteable: issue, project: project, author: author).new_issue_branch(branch, branch_project: branch_project)
   end
   def new_merge_request(issue, project, author, merge_request)
-    body = "created merge request #{merge_request.to_reference(project)} to address this issue"
-
-    create_note(NoteSummary.new(issue, project, author, body, action: 'merge'))
+    ::SystemNotes::MergeRequestsService.new(noteable: issue, project: project, author: author).new_merge_request(merge_request)
   end
   def cross_reference(noteable, mentioner, author)

app/services/system_notes/merge_requests_service.rb

+# frozen_string_literal: true
+
+module SystemNotes
+  class MergeRequestsService < ::SystemNotes::BaseService
+    # Called when 'merge when pipeline succeeds' is executed
+    def merge_when_pipeline_succeeds(sha)
+      body = "enabled an automatic merge when the pipeline for #{sha} succeeds"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    end
+
+    # Called when 'merge when pipeline succeeds' is canceled
+    def cancel_merge_when_pipeline_succeeds
+      body = 'canceled the automatic merge'
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    end
+
+    # Called when 'merge when pipeline succeeds' is aborted
+    def abort_merge_when_pipeline_succeeds(reason)
+      body = "aborted the automatic merge because #{reason}"
+
+      ##
+      # TODO: Abort message should be sent by the system, not a particular user.
+      # See https://gitlab.com/gitlab-org/gitlab-foss/issues/63187.
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    end
+
+    def handle_merge_request_wip
+      prefix = noteable.work_in_progress? ? "marked" : "unmarked"
+
+      body = "#{prefix} as a **Work In Progress**"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'title'))
+    end
+
+    def add_merge_request_wip_from_commit(commit)
+      body = "marked as a **Work In Progress** from #{commit.to_reference(project)}"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'title'))
+    end
+
+    def resolve_all_discussions
+      body = "resolved all threads"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'discussion'))
+    end
+
+    def discussion_continued_in_issue(discussion, issue)
+      body = "created #{issue.to_reference} to continue this discussion"
+      note_attributes = discussion.reply_attributes.merge(project: project, author: author, note: body)
+
+      Note.create(note_attributes.merge(system: true, created_at: issue.system_note_timestamp)).tap do |note|
+        note.system_note_metadata = SystemNoteMetadata.new(action: 'discussion')
+      end
+    end
+
+    def diff_discussion_outdated(discussion, change_position)
+      merge_request = discussion.noteable
+      diff_refs = change_position.diff_refs
+      version_index = merge_request.merge_request_diffs.viewable.count
+      position_on_text = change_position.on_text?
+      text_parts = ["changed this #{position_on_text ? 'line' : 'file'} in"]
+
+      if version_params = merge_request.version_params_for(diff_refs)
+        repository = project.repository
+        anchor = position_on_text ? change_position.line_code(repository) : change_position.file_hash
+        url = url_helpers.diffs_project_merge_request_path(project, merge_request, version_params.merge(anchor: anchor))
+
+        text_parts << "[version #{version_index} of the diff](#{url})"
+      else
+        text_parts << "version #{version_index} of the diff"
+      end
+
+      body = text_parts.join(' ')
+      note_attributes = discussion.reply_attributes.merge(project: project, author: author, note: body)
+
+      Note.create(note_attributes.merge(system: true)).tap do |note|
+        note.system_note_metadata = SystemNoteMetadata.new(action: 'outdated')
+      end
+    end
+
+    # Called when a branch in Noteable is changed
+    #
+    # branch_type - 'source' or 'target'
+    # old_branch  - old branch name
+    # new_branch  - new branch name
+    #
+    # Example Note text:
+    #
+    #   "changed target branch from `Old` to `New`"
+    #
+    # Returns the created Note object
+    def change_branch(branch_type, old_branch, new_branch)
+      body = "changed #{branch_type} branch from `#{old_branch}` to `#{new_branch}`"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'branch'))
+    end
+
+    # Called when a branch in Noteable is added or deleted
+    #
+    # branch_type - :source or :target
+    # branch      - branch name
+    # presence    - :add or :delete
+    #
+    # Example Note text:
+    #
+    #   "restored target branch `feature`"
+    #
+    # Returns the created Note object
+    def change_branch_presence(branch_type, branch, presence)
+      verb =
+        if presence == :add
+          'restored'
+        else
+          'deleted'
+        end
+
+      body = "#{verb} #{branch_type} branch `#{branch}`"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'branch'))
+    end
+
+    # Called when a branch is created from the 'new branch' button on a issue
+    # Example note text:
+    #
+    #   "created branch `201-issue-branch-button`"
+    def new_issue_branch(branch, branch_project: nil)
+      branch_project ||= project
+      link = url_helpers.project_compare_path(branch_project, from: branch_project.default_branch, to: branch)
+
+      body = "created branch [`#{branch}`](#{link}) to address this issue"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'branch'))
+    end
+
+    def new_merge_request(merge_request)
+      body = "created merge request #{merge_request.to_reference(project)} to address this issue"
+
+      create_note(NoteSummary.new(noteable, project, author, body, action: 'merge'))
+    end
+  end
+end
+
+SystemNotes::MergeRequestsService.prepend_if_ee('::EE::SystemNotes::MergeRequestsService')

app/views/layouts/_snowplow.html.haml

@@ -7,4 +7,4 @@
     };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1;
     n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","#{asset_url('snowplow/sp.js')}","snowplow"));
-    window.snowplowOptions = #{Gitlab::Tracking.snowplow_options(@group).to_json}
+    window.snowplowOptions = #{Gitlab::Tracking.snowplow_options(@group, current_user).to_json}

changelogs/unreleased/blackst0ne-make-sidekiq-testing-fake-default.yml

+---
+title: Make 'Sidekiq::Testing.fake!' mode as default
+merge_request: 31662
+author: "@blackst0ne"
+type: other

doc/administration/gitaly/index.md

@@ -142,11 +142,6 @@ the Gitaly server. The easiest way to accomplish this is to copy `/etc/gitlab/gi
 from an existing GitLab server to the Gitaly server. Without this shared secret,
 Git operations in GitLab will result in an API error.
-NOTE: **Note:**
-In most or all cases, the storage paths below end in `/repositories` which is
-not the case with `path` in `git_data_dirs` of Omnibus GitLab installations.
-Check the directory layout on your Gitaly server to be sure.
-
 **For Omnibus GitLab**
 1. Edit `/etc/gitlab/gitlab.rb`:
@@ -193,24 +188,26 @@ Check the directory layout on your Gitaly server to be sure.
    On `gitaly1.internal`:
    ```
-   gitaly['storage'] = [
-     { 'name' => 'default' },
-     { 'name' => 'storage1' },
-   ]
+   git_data_dirs({
+     'default' => {
+       'path' => '/var/opt/gitlab/git-data'
+     },
+     'storage1' => {
+       'path' => '/mnt/gitlab/git-data'
+     },
+   })
    ```
    On `gitaly2.internal`:
    ```
-   gitaly['storage'] = [
-     { 'name' => 'storage2' },
-   ]
+   git_data_dirs({
+     'storage2' => {
+       'path' => '/srv/gitlab/git-data'
+     },
+   })
    ```
-   NOTE: **Note:**
-   In some cases, you'll have to set `path` for `gitaly['storage']` in the
-   format `'path' => '/mnt/gitlab/<storage name>/repositories'`.
-
 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
 **For installations from source**
@@ -236,9 +233,11 @@ Check the directory layout on your Gitaly server to be sure.
    ```toml
    [[storage]]
    name = 'default'
+   path = '/var/opt/gitlab/git-data/repositories'
    [[storage]]
    name = 'storage1'
+   path = '/mnt/gitlab/git-data/repositories'
    ```
    On `gitaly2.internal`:
@@ -246,12 +245,9 @@ Check the directory layout on your Gitaly server to be sure.
    ```toml
    [[storage]]
    name = 'storage2'
+   path = '/srv/gitlab/git-data/repositories'
    ```
-   NOTE: **Note:**
-   In some cases, you'll have to set `path` for each `[[storage]]` in the
-   format `path = '/mnt/gitlab/<storage name>/repositories'`.
-
 1. Save the file and [restart GitLab](../restart_gitlab.md#installations-from-source).
 ### 4. Converting clients to use the Gitaly server

doc/administration/high_availability/consul.md

@@ -102,6 +102,23 @@ To be safe, we recommend you only restart one server agent at a time to ensure t
 For larger clusters, it is possible to restart multiple agents at a time. See the [Consul consensus document](https://www.consul.io/docs/internals/consensus.html#deployment-table) for how many failures it can tolerate. This will be the number of simulateneous restarts it can sustain.
+## Upgrades for bundled Consul
+
+Nodes running GitLab-bundled Consul should be:
+
+- Members of a healthy cluster prior to upgrading the GitLab Omnibus package.
+- Upgraded one node at a time.
+
+NOTE: **NOTE:**
+Running `curl http://127.0.0.1:8500/v1/health/state/critical` from any Consul node will identify existing health issues in the cluster. The command will return an empty array if the cluster is healthy.
+
+Consul clusters communicate using the raft protocol. If the current leader goes offline, there needs to be a leader election. A leader node must exist to facilitate synchronization across the cluster. If too many nodes go offline at the same time, the cluster will lose quorum and not elect a leader due to [broken consensus](https://www.consul.io/docs/internals/consensus.html).
+
+Consult the [troubleshooting section](#troubleshooting) if the cluster is not able to recover after the upgrade. The [outage recovery](#outage-recovery) may be of particular interest.
+
+NOTE: **NOTE:**
+GitLab only uses Consul to store transient data that is easily regenerated. If the bundled Consul was not used by any process other than GitLab itself, then [rebuilding the cluster from scratch](#recreate-from-scratch) is fine.
+
 ## Troubleshooting
 ### Consul server agents unable to communicate

doc/development/chatops_on_gitlabcom.md

@@ -14,7 +14,7 @@ tasks such as:
 To request access to Chatops on GitLab.com:
 1. Log into <https://ops.gitlab.net/users/sign_in> **using the same username** as for GitLab.com (you may have to rename it).
-1. Ask [an owner/maintainer in the `chatops` project](https://gitlab.com/gitlab-com/chatops/-/project_members?search=&sort=access_level_desc) to add you by running `/chatops run member add <username> gitlab-com/chatops --ops`.
+1. Ask [a project member in the `chatops` project](https://ops.gitlab.net/gitlab-com/chatops/-/project_members) to add you by running `/chatops run member add <username> gitlab-com/chatops --ops`.
 ## See also

doc/development/testing_guide/best_practices.md

@@ -357,9 +357,16 @@ However, if a spec makes direct Redis calls, it should mark itself with the
 `:clean_gitlab_redis_queues` traits as appropriate.
 Sidekiq jobs are typically not run in specs, but this behaviour can be altered
-in each spec through the use of `perform_enqueued_jobs` blocks. Any spec that
-causes Sidekiq jobs to be pushed to Redis should use the `:sidekiq` trait, to
-ensure that they are removed once the spec completes.
+in each spec through the use of `perform_enqueued_jobs` blocks.
+Any spec that causes Sidekiq jobs to be pushed to Redis should use the
+`:sidekiq_inline` trait, to ensure that they are removed once the spec completes.
+
+The `:sidekiq_might_not_need_inline` trait was added when [Sidekiq inline mode was
+changed to fake mode](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31662)
+to all the examples that needed Sidekiq to actually process jobs. Examples with
+this trait should be either fixed to not rely on Sidekiq processing jobs, or their
+`:sidekiq_might_not_need_inline` trait should be updated to `:sidekiq_inline` if the
+processing of background jobs is needed/expected.
 #### Filesystem

doc/security/webhooks.md

@@ -9,19 +9,24 @@ local network, these may be vulnerable to exploitation via Webhooks.
 With [Webhooks](../user/project/integrations/webhooks.md), you and your project
 maintainers and owners can set up URLs to be triggered when specific changes
-occur in your projects. Normally, these requests are sent to external web services
-specifically set up for this purpose, that process the request and its attached
-data in some appropriate way.
+occur in your projects. Normally, these requests are sent to external web
+services specifically set up for this purpose, that process the request and its
+attached data in some appropriate way.
 Things get hairy, however, when a Webhook is set up with a URL that doesn't
 point to an external, but to an internal service, that may do something
 completely unintended when the webhook is triggered and the POST request is
 sent.
-Because Webhook requests are made by the GitLab server itself, these have
-complete access to everything running on the server (`http://localhost:123`) or
-within the server's local network (`http://192.168.1.12:345`), even if these
-services are otherwise protected and inaccessible from the outside world.
+Webhook requests are made by the GitLab server itself and use a single
+(optional) secret token per hook for authorization (instead of a user or
+repo-specific token). As a result, these may have broader access than
+intended to everything running on the server hosting the webhook (which
+may include the GitLab server or API itself, e.g., `http://localhost:123`).
+Depending on the called webhook, this may also result in network access
+to other servers within that webhook server's local network (e.g.,
+`http://192.168.1.12:345`), even if these services are otherwise protected
+and inaccessible from the outside world.
 If a web service does not require authentication, Webhooks can be used to
 trigger destructive commands by getting the GitLab server to make POST requests

doc/user/application_security/license_compliance/index.md

@@ -94,8 +94,19 @@ always take the latest License Compliance artifact available. Behind the scenes,
 [GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/license-management)
 is used to detect the languages/frameworks and in turn analyzes the licenses.
-The License Compliance settings can be changed through environment variables by using the
-[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. These variables are documented in the [License Compliance documentation](https://gitlab.com/gitlab-org/security-products/license-management#settings).
+The License Compliance settings can be changed through [environment variables](#available-variables) by using the
+[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
+
+### Available variables
+
+License Compliance can be configured using environment variables.
+
+| Environment variable  | Required | Description |
+|-----------------------|----------|-------------|
+| `MAVEN_CLI_OPTS`       | no | Additional arguments for the mvn executable. If not supplied, defaults to `-DskipTests`. |
+| `LM_JAVA_VERSION`      | no | Version of Java. If set to `11`, Maven and Gradle use Java 11 instead of Java 8. |
+| `LM_PYTHON_VERSION`    | no | Version of Python. If set to `3`, dependencies are installed using Python 3 instead of Python 2.7. |
+| `SETUP_CMD`            | no | Custom setup for the dependency installation. (experimental) |
 ### Installing custom dependencies

lib/gitlab/gitaly_client/namespace_service.rb

@@ -7,12 +7,6 @@ module Gitlab
         @storage = storage
       end
-      def exists?(name)
-        request = Gitaly::NamespaceExistsRequest.new(storage_name: @storage, name: name)
-
-        gitaly_client_call(:namespace_exists, request, timeout: GitalyClient.fast_timeout).exists
-      end
-
       def add(name)
         request = Gitaly::AddNamespaceRequest.new(storage_name: @storage, name: name)

lib/gitlab/shell.rb

@@ -285,18 +285,6 @@ module Gitlab
       end
     end
-    # Check if such directory exists in repositories.
-    #
-    # Usage:
-    #   exists?(storage, 'gitlab')
-    #   exists?(storage, 'gitlab/cookies.git')
-    #
-    # rubocop: disable CodeReuse/ActiveRecord
-    def exists?(storage, dir_name)
-      Gitlab::GitalyClient::NamespaceService.new(storage).exists?(dir_name)
-    end
-    # rubocop: enable CodeReuse/ActiveRecord
-
     def repository_exists?(storage, dir_name)
       Gitlab::Git::Repository.new(storage, dir_name, nil, nil).exists?
     rescue GRPC::Internal

lib/gitlab/tracking.rb

@@ -39,7 +39,7 @@ module Gitlab
         snowplow.track_self_describing_event(event_json, context, Time.now.to_i)
       end
-      def snowplow_options(group)
+      def snowplow_options(group, user)
         additional_features = Feature.enabled?(:additional_snowplow_tracking, group)
         {
           namespace: SNOWPLOW_NAMESPACE,
@@ -47,7 +47,8 @@ module Gitlab
           cookie_domain: Gitlab::CurrentSettings.snowplow_cookie_domain,
           app_id: Gitlab::CurrentSettings.snowplow_site_id,
           form_tracking: additional_features,
-          link_click_tracking: additional_features
+          link_click_tracking: additional_features,
+          user_id: user&.id
         }.transform_keys! { |key| key.to_s.camelize(:lower).to_sym }
       end

qa/qa.rb

@@ -407,6 +407,7 @@ module QA
     module DockerRun
       autoload :Base, 'qa/service/docker_run/base'
       autoload :LDAP, 'qa/service/docker_run/ldap'
+      autoload :Maven, 'qa/service/docker_run/maven'
       autoload :NodeJs, 'qa/service/docker_run/node_js'
       autoload :GitlabRunner, 'qa/service/docker_run/gitlab_runner'
     end

qa/qa/service/docker_run/maven.rb

+# frozen_string_literal: true
+
+module QA
+  module Service
+    module DockerRun
+      class Maven < Base
+        def initialize(volume_host_path)
+          @image = 'maven:3.6.2-ibmjava-8-alpine'
+          @name = "qa-maven-#{SecureRandom.hex(8)}"
+          @volume_host_path = volume_host_path
+
+          super()
+        end
+
+        def publish!
+          # When we run the tests via gitlab-qa, we use docker-in-docker
+          # which means that host of a volume mount would be the host that
+          # started the gitlab-qa QA container (e.g., the CI runner),
+          # not the gitlab-qa container itself. That means we can't
+          # mount a volume from the file system inside the gitlab-qa
+          # container.
+          #
+          # Instead, we copy the files into the container.
+          shell <<~CMD.tr("\n", ' ')
+            docker run -d --rm
+            --network #{network}
+            --hostname #{host_name}
+            --name #{@name}
+            --volume #{@volume_host_path}:/home/maven
+            #{@image} sh -c "sleep 60"
+          CMD
+          shell "docker cp #{@volume_host_path}/. #{@name}:/home/maven"
+          shell "docker exec -t #{@name} sh -c 'cd /home/maven && mvn deploy -s settings.xml'"
+        end
+      end
+    end
+  end
+end

scripts/review_apps/automated_cleanup.rb

@@ -62,7 +62,8 @@ class AutomatedCleanup
     gitlab.deployments(project_path, per_page: DEPLOYMENTS_PER_PAGE).auto_paginate do |deployment|
       environment = deployment.environment
-      next unless !environment.nil? && environment.name.start_with?('review/')
+      next unless environment
+      next unless environment.name.start_with?('review/')
       next if checked_environments.include?(environment.slug)
       last_deploy = deployment.created_at

spec/controllers/admin/spam_logs_controller_spec.rb

@@ -27,7 +27,7 @@ describe Admin::SpamLogsController do
       expect(response).to have_gitlab_http_status(200)
     end
-    it 'removes user and his spam logs when removing the user' do
+    it 'removes user and his spam logs when removing the user', :sidekiq_might_not_need_inline do
       delete :destroy, params: { id: first_spam.id, remove_user: true }
       expect(flash[:notice]).to eq "User #{user.username} was successfully removed."

spec/controllers/admin/users_controller_spec.rb

@@ -35,7 +35,7 @@ describe Admin::UsersController do
     end
   end
-  describe 'DELETE #user with projects' do
+  describe 'DELETE #user with projects', :sidekiq_might_not_need_inline do
     let(:project) { create(:project, namespace: user.namespace) }
     let!(:issue) { create(:issue, author: user) }