Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -33,7 +33,7 @@ gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'
 gem 'omniauth-cas3', '~> 1.1.4'
 gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '~> 1.3'
+gem 'omniauth-github', '~> 1.4'
 gem 'omniauth-gitlab', '~> 1.0.2'
 gem 'omniauth-google-oauth2', '~> 0.6.0'
 gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos

Gemfile.lock

@@ -688,7 +688,7 @@ GEM
       omniauth (~> 1.2)
     omniauth-facebook (4.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-github (1.3.0)
+    omniauth-github (1.4.0)
       omniauth (~> 1.5)
       omniauth-oauth2 (>= 1.4.0, < 2.0)
     omniauth-gitlab (1.0.3)
@@ -1304,7 +1304,7 @@ DEPENDENCIES
   omniauth-azure-oauth2 (~> 0.0.9)
   omniauth-cas3 (~> 1.1.4)
   omniauth-facebook (~> 4.0.0)
-  omniauth-github (~> 1.3)
+  omniauth-github (~> 1.4)
   omniauth-gitlab (~> 1.0.2)
   omniauth-google-oauth2 (~> 0.6.0)
   omniauth-kerberos (~> 0.3.0)

app/assets/stylesheets/framework/dropdowns.scss

@@ -158,6 +158,27 @@
   }
 }
+// Temporary hack until `gitlab-ui` issue is fixed.
+// https://gitlab.com/gitlab-org/gitlab-ui/issues/164
+.gl-dropdown .dropdown-menu-toggle {
+  .gl-dropdown-caret {
+    position: absolute;
+    right: $gl-padding-8;
+    top: $gl-padding-8;
+  }
+
+  // Add some child to the button so that the default height kicks in
+  // when there's no text (since the caret is now aboslute)
+  &::after {
+    border: 0;
+    content: ' ';
+    display: inline-block;
+    margin: 0;
+    padding: 0;
+    position: relative;
+  }
+}
+
 @mixin dropdown-item-hover {
   background-color: $gray-darker;
   color: $gl-text-color;

app/controllers/concerns/spammable_actions.rb

@@ -11,7 +11,7 @@ module SpammableActions
   end
   def mark_as_spam
-    if Spam::MarkAsSpamService.new(target: spammable).execute
+    if Spam::MarkAsSpamService.new(spammable: spammable).execute
       redirect_to spammable_path, notice: _("%{spammable_titlecase} was submitted to Akismet successfully.") % { spammable_titlecase: spammable.spammable_entity_type.titlecase }
     else
       redirect_to spammable_path, alert: _('Error with Akismet. Please check the logs for more info.')
@@ -42,7 +42,7 @@ module SpammableActions
         end
         format.json do
-          locals = { target: spammable, script: false, has_submit: false }
+          locals = { spammable: spammable, script: false, has_submit: false }
           recaptcha_html = render_to_string(partial: 'shared/recaptcha_form', formats: :html, locals: locals)
           render json: { recaptcha_html: recaptcha_html }

app/graphql/mutations/snippets/mark_as_spam.rb

@@ -24,7 +24,7 @@ module Mutations
       private
       def mark_as_spam(snippet)
-        Spam::MarkAsSpamService.new(target: snippet).execute
+        Spam::MarkAsSpamService.new(spammable: snippet).execute
       end
       def authorized_resource?(snippet)

app/models/label.rb

@@ -42,6 +42,22 @@ class Label < ApplicationRecord
   scope :order_name_desc, -> { reorder(title: :desc) }
   scope :subscribed_by, ->(user_id) { joins(:subscriptions).where(subscriptions: { user_id: user_id, subscribed: true }) }
+  scope :top_labels_by_target, -> (target_relation) {
+    label_id_column = arel_table[:id]
+
+    # Window aggregation to count labels
+    count_by_id = Arel::Nodes::Over.new(
+      Arel::Nodes::NamedFunction.new('count', [label_id_column]),
+      Arel::Nodes::Window.new.partition(label_id_column)
+    ).as('count_by_id')
+
+    select(arel_table[Arel.star], count_by_id)
+      .joins(:label_links)
+      .merge(LabelLink.where(target: target_relation))
+      .reorder(count_by_id: :desc)
+      .distinct
+  }
+
   def self.prioritized(project)
     joins(:priorities)
       .where(label_priorities: { project_id: project })

app/models/user.rb

@@ -1226,7 +1226,8 @@ class User < ApplicationRecord
     {
       name: name,
       username: username,
-      avatar_url: avatar_url(only_path: false)
+      avatar_url: avatar_url(only_path: false),
+      email: email
     }
   end

app/services/concerns/akismet_methods.rb

 # frozen_string_literal: true
 module AkismetMethods
-  def target_owner
-    @user ||= User.find(target.author_id)
+  def spammable_owner
+    @user ||= User.find(spammable.author_id)
   end
   def akismet
     @akismet ||= Spam::AkismetService.new(
-      target_owner.name,
-      target_owner.email,
-      target.try(:spammable_text) || target&.text,
+      spammable_owner.name,
+      spammable_owner.email,
+      spammable.try(:spammable_text) || spammable&.text,
       options
     )
   end

app/services/concerns/spam_check_methods.rb

@@ -2,7 +2,7 @@
 # SpamCheckMethods
 #
-# Provide helper methods for checking if a given target spammable object has
+# Provide helper methods for checking if a given spammable object has
 # potential spam data.
 #
 # Dependencies:
@@ -18,13 +18,13 @@ module SpamCheckMethods
   end
   # rubocop:enable Gitlab/ModuleWithInstanceVariables
-  # In order to be proceed to the spam check process, @target has to be
+  # In order to be proceed to the spam check process, @spammable has to be
   # a dirty instance, which means it should be already assigned with the new
   # attribute values.
   # rubocop:disable Gitlab/ModuleWithInstanceVariables
   def spam_check(spammable, user)
     Spam::SpamCheckService.new(
-      target: spammable,
+      spammable: spammable,
       request: @request
     ).execute(
       api: @api,

app/services/post_receive_service.rb

+# frozen_string_literal: true
+
+# PostReceiveService class
+#
+# Used for scheduling related jobs after a push action has been performed
+class PostReceiveService
+  attr_reader :user, :project, :params
+
+  def initialize(user, project, params)
+    @user = user
+    @project = project
+    @params = params
+  end
+
+  def execute
+    response = Gitlab::InternalPostReceive::Response.new
+
+    push_options = Gitlab::PushOptions.new(params[:push_options])
+
+    response.reference_counter_decreased = Gitlab::ReferenceCounter.new(params[:gl_repository]).decrease
+
+    PostReceive.perform_async(params[:gl_repository], params[:identifier],
+                              params[:changes], push_options.as_json)
+
+    mr_options = push_options.get(:merge_request)
+    if mr_options.present?
+      message = process_mr_push_options(mr_options, project, user, params[:changes])
+      response.add_alert_message(message)
+    end
+
+    broadcast_message = BroadcastMessage.current&.last&.message
+    response.add_alert_message(broadcast_message)
+
+    response.add_merge_request_urls(merge_request_urls)
+
+    # Neither User nor Project are guaranteed to be returned; an orphaned write deploy
+    # key could be used
+    if user && project
+      redirect_message = Gitlab::Checks::ProjectMoved.fetch_message(user.id, project.id)
+      project_created_message = Gitlab::Checks::ProjectCreated.fetch_message(user.id, project.id)
+
+      response.add_basic_message(redirect_message)
+      response.add_basic_message(project_created_message)
+    end
+
+    response
+  end
+
+  def process_mr_push_options(push_options, project, user, changes)
+    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/61359')
+
+    service = ::MergeRequests::PushOptionsHandlerService.new(
+      project, user, changes, push_options
+    ).execute
+
+    if service.errors.present?
+      push_options_warning(service.errors.join("\n\n"))
+    end
+  end
+
+  def push_options_warning(warning)
+    options = Array.wrap(params[:push_options]).map { |p| "'#{p}'" }.join(' ')
+    "WARNINGS:\nError encountered with push options #{options}: #{warning}"
+  end
+
+  def merge_request_urls
+    ::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
+  end
+end

app/services/spam/ham_service.rb

@@ -4,23 +4,25 @@ module Spam
   class HamService
     include AkismetMethods
-    attr_accessor :target, :options
-    def initialize(target)
-      @target = target
-      @user = target.user
+    attr_accessor :spam_log, :options
+    def initialize(spam_log)
+      @spam_log = spam_log
+      @user = spam_log.user
       @options = {
-          ip_address: target.source_ip,
-          user_agent: target.user_agent
+          ip_address: spam_log.source_ip,
+          user_agent: spam_log.user_agent
       }
     end
     def execute
       if akismet.submit_ham
-        target.update_attribute(:submitted_as_ham, true)
+        spam_log.update_attribute(:submitted_as_ham, true)
       else
         false
       end
     end
+
+    alias_method :spammable, :spam_log
   end
 end

app/services/spam/mark_as_spam_service.rb

@@ -4,21 +4,21 @@ module Spam
   class MarkAsSpamService
     include ::AkismetMethods
-    attr_accessor :target, :options
-    def initialize(target:)
-      @target = target
+    attr_accessor :spammable, :options
+    def initialize(spammable:)
+      @spammable = spammable
       @options = {}
-      @options[:ip_address] = @target.ip_address
-      @options[:user_agent] = @target.user_agent
+      @options[:ip_address] = @spammable.ip_address
+      @options[:user_agent] = @spammable.user_agent
     end
     def execute
-      return unless target.submittable_as_spam?
+      return unless spammable.submittable_as_spam?
       return unless akismet.submit_spam
-      target.user_agent_detail.update_attribute(:submitted, true)
+      spammable.user_agent_detail.update_attribute(:submitted, true)
     end
   end
 end

app/services/spam/spam_check_service.rb

@@ -4,11 +4,11 @@ module Spam
   class SpamCheckService
     include AkismetMethods
-    attr_accessor :target, :request, :options
+    attr_accessor :spammable, :request, :options
     attr_reader :spam_log
-    def initialize(target:, request:)
-      @target = target
+    def initialize(spammable:, request:)
+      @spammable = spammable
       @request = request
       @options = {}
@@ -17,8 +17,8 @@ module Spam
         @options[:user_agent] = @request.env['HTTP_USER_AGENT']
         @options[:referrer] = @request.env['HTTP_REFERRER']
       else
-        @options[:ip_address] = @target.ip_address
-        @options[:user_agent] = @target.user_agent
+        @options[:ip_address] = @spammable.ip_address
+        @options[:user_agent] = @spammable.user_agent
       end
     end
@@ -29,10 +29,10 @@ module Spam
         SpamLog.verify_recaptcha!(user_id: user_id, id: spam_log_id)
       else
         # Otherwise, it goes to Akismet for spam check.
-        # If so, it assigns target spammable object as "spam" and creates a SpamLog record.
+        # If so, it assigns spammable object as "spam" and creates a SpamLog record.
         possible_spam = check(api)
-        target.spam = possible_spam unless target.allow_possible_spam?
-        target.spam_log = spam_log
+        spammable.spam = possible_spam unless spammable.allow_possible_spam?
+        spammable.spam_log = spam_log
       end
     end
@@ -48,18 +48,18 @@ module Spam
     end
     def check_for_spam?
-      target.check_for_spam?
+      spammable.check_for_spam?
     end
     def create_spam_log(api)
       @spam_log = SpamLog.create!(
         {
-          user_id: target.author_id,
-          title: target.spam_title,
-          description: target.spam_description,
+          user_id: spammable.author_id,
+          title: spammable.spam_title,
+          description: spammable.spam_description,
           source_ip: options[:ip_address],
           user_agent: options[:user_agent],
-          noteable_type: target.class.to_s,
+          noteable_type: spammable.class.to_s,
           via_api: api
         }
       )

changelogs/unreleased/24992-add-avatar_url-and-email_user-in_web_hook.yml

+---
+title: add avatar_url in job webhook, and email in pipeline webhook
+merge_request: 24992
+author: Guillaume Micouin
+type: added

changelogs/unreleased/37297-monitor-dashboard-dropdown-controls-caret-icon-is-misaligned.yml

+---
+title: Fix dropdown caret not being positioned correctly
+merge_request: 24273
+author:
+type: fixed

changelogs/unreleased/limit-grape-param-log-size.yml

+---
+title: Limit size of params array in JSON logs to 10 KiB
+merge_request: 25158
+author:
+type: changed

changelogs/unreleased/weimeng-upgrade-omniauth-github.yml

+---
+title: Upgrade omniauth-github gem to fix GitHub API deprecation notice
+merge_request: 24928
+author:
+type: fixed

config/initializers/lograge.rb

@@ -28,7 +28,7 @@ unless Gitlab::Runtime.sidekiq?
       payload = {
         time: Time.now.utc.iso8601(3),
-        params: params,
+        params: Gitlab::Utils::LogLimitedArray.log_limited_array(params),
         remote_ip: event.payload[:remote_ip],
         user_id: event.payload[:user_id],
         username: event.payload[:username],

db/migrate/20200203173508_add_confirmed_attributes_to_vulnerabilities.rb

+# frozen_string_literal: true
+
+class AddConfirmedAttributesToVulnerabilities < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    add_column :vulnerabilities, :confirmed_by_id, :bigint
+    add_column :vulnerabilities, :confirmed_at, :datetime_with_timezone
+  end
+end

db/migrate/20200203183508_add_index_for_vulnerability_confirmed_by.rb

+# frozen_string_literal: true
+
+class AddIndexForVulnerabilityConfirmedBy < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :vulnerabilities, :confirmed_by_id
+    add_concurrent_foreign_key :vulnerabilities, :users, column: :confirmed_by_id, on_delete: :nullify
+  end
+
+  def down
+    remove_foreign_key :vulnerabilities, column: :confirmed_by_id
+    remove_concurrent_index :vulnerabilities, :confirmed_by_id
+  end
+end