Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/reports.gitlab-ci.yml

@@ -20,7 +20,7 @@ code_quality:
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
-    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/security-products/codequality:0.85.9"
+    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.9"
   script:
     - |
       if ! docker info &>/dev/null; then

app/controllers/groups/settings/ci_cd_controller.rb

@@ -7,7 +7,7 @@ module Groups
       before_action :authorize_admin_group!
       before_action :authorize_update_max_artifacts_size!, only: [:update]
       before_action do
-        push_frontend_feature_flag(:new_variables_ui, @group, default_enabled: true)
+        push_frontend_feature_flag(:new_variables_ui, @group)
       end
       before_action :define_variables, only: [:show, :create_deploy_token]

app/controllers/projects/settings/ci_cd_controller.rb

@@ -6,7 +6,7 @@ module Projects
       before_action :authorize_admin_pipeline!
       before_action :define_variables
       before_action do
-        push_frontend_feature_flag(:new_variables_ui, @project, default_enabled: true)
+        push_frontend_feature_flag(:new_variables_ui, @project)
       end
       def show

app/finders/award_emojis_finder.rb

@@ -41,7 +41,7 @@ class AwardEmojisFinder
   def validate_name_param
     return unless params[:name]
-    raise ArgumentError, 'Invalid name param' unless params[:name].in?(Gitlab::Emoji.emojis_names)
+    raise ArgumentError, 'Invalid name param' unless params[:name].to_s.in?(Gitlab::Emoji.emojis_names)
   end
   def validate_awarded_by_param

app/models/concerns/usage_statistics.rb

+# frozen_string_literal: true
+
+module UsageStatistics
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def distinct_count_by(column = nil, fallback = -1)
+      distinct.count(column)
+    rescue ActiveRecord::StatementInvalid
+      fallback
+    end
+  end
+end

app/models/discussion.rb

@@ -14,6 +14,7 @@ class Discussion
             :author,
             :noteable,
             :commit_id,
+            :confidential?,
             :for_commit?,
             :for_merge_request?,
             :noteable_ability_name,

app/models/note.rb

@@ -320,6 +320,13 @@ class Note < ApplicationRecord
     super(noteable_type.to_s.classify.constantize.base_class.to_s)
   end
+  def noteable_assignee_or_author?(user)
+    return false unless user
+    return noteable.assignee_or_author?(user) if [MergeRequest, Issue].include?(noteable.class)
+
+    noteable.author_id == user.id
+  end
+
   def special_role=(role)
     raise "Role is undefined, #{role} not found in #{SpecialRole.values}" unless SpecialRole.value?(role)
@@ -337,7 +344,7 @@ class Note < ApplicationRecord
   end
   def confidential?
-    noteable.try(:confidential?)
+    confidential || noteable.try(:confidential?)
   end
   def editable?

app/models/zoom_meeting.rb

 # frozen_string_literal: true
 class ZoomMeeting < ApplicationRecord
+  include UsageStatistics
+
   belongs_to :project, optional: false
   belongs_to :issue, optional: false
@@ -23,10 +25,4 @@ class ZoomMeeting < ApplicationRecord
   def self.canonical_meeting_url(issue)
     canonical_meeting(issue)&.url
   end
-
-  def self.distinct_count_by(column = nil, fallback = -1)
-    distinct.count(column)
-  rescue ActiveRecord::StatementInvalid
-    fallback
-  end
 end

app/policies/note_policy.rb

 # frozen_string_literal: true
 class NotePolicy < BasePolicy
+  include Gitlab::Utils::StrongMemoize
+
   delegate { @subject.resource_parent }
   delegate { @subject.noteable if DeclarativePolicy.has_policy?(@subject.noteable) }
@@ -13,6 +15,12 @@ class NotePolicy < BasePolicy
   condition(:is_visible) { @subject.system_note_with_references_visible_for?(@user) }
+  condition(:confidential, scope: :subject) { @subject.confidential? }
+
+  condition(:can_read_confidential) do
+    access_level >= Gitlab::Access::REPORTER || @subject.noteable_assignee_or_author?(@user)
+  end
+
   rule { ~editable }.prevent :admin_note
   # If user can't read the issue/MR/etc then they should not be allowed to do anything to their own notes
@@ -39,4 +47,37 @@ class NotePolicy < BasePolicy
   rule { is_noteable_author }.policy do
     enable :resolve_note
   end
+
+  rule { confidential & ~can_read_confidential }.policy do
+    prevent :read_note
+    prevent :admin_note
+    prevent :resolve_note
+    prevent :award_emoji
+  end
+
+  def parent_namespace
+    strong_memoize(:parent_namespace) do
+      next if @subject.is_a?(PersonalSnippet)
+      next @subject.noteable.group if @subject.noteable&.is_a?(Epic)
+
+      @subject.project
+    end
+  end
+
+  def access_level
+    return -1 if @user.nil?
+    return -1 unless parent_namespace
+
+    lookup_access_level!
+  end
+
+  def lookup_access_level!
+    return ::Gitlab::Access::REPORTER if alert_bot?
+
+    if parent_namespace.is_a?(Project)
+      parent_namespace.team.max_member_access(@user.id)
+    else
+      parent_namespace.max_member_access_for_user(@user)
+    end
+  end
 end

app/services/users/build_service.rb

@@ -28,9 +28,7 @@ module Users
         end
       end
-      unless identity_params.empty?
-        user.identities.build(identity_params)
-      end
+      build_identity(user)
       user
     end
@@ -41,6 +39,12 @@ module Users
       [:extern_uid, :provider]
     end
+    def build_identity(user)
+      return if identity_params.empty?
+
+      user.identities.build(identity_params)
+    end
+
     def can_create_user?
       (current_user.nil? && Gitlab::CurrentSettings.allow_signup?) || current_user&.admin?
     end

app/views/ci/variables/_index.html.haml

@@ -5,7 +5,7 @@
     - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protected-variables') }
     = s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
-- if Feature.enabled?(:new_variables_ui, @project || @group, default_enabled: true)
+- if Feature.enabled?(:new_variables_ui, @project || @group)
   - is_group = !@group.nil?
   #js-ci-project-variables{ data: { endpoint: save_endpoint, project_id: @project&.id || '', group: is_group.to_s, maskable_regex: ci_variable_maskable_regex} }

changelogs/unreleased/210335-fix-handling-of-numeric-emoji-names.yml

+---
+title: Fix backend validation of numeric emoji names
+merge_request: 27101
+author:
+type: fixed

changelogs/unreleased/ci-variables-ui-turn-on-ff.yml

----
-title: Set new_variables_ui feature flag default value to true
-merge_request: 25731
-author:
-type: added

changelogs/unreleased/mo-use-new-code-quality-image.yml

+---
+title: Use new codequality docker image from ci-cd group
+merge_request: 27098
+author:
+type: other

doc/development/contributing/issue_workflow.md

@@ -287,12 +287,12 @@ This label documents the planned timeline & urgency which is used to measure aga
 Severity labels help us clearly communicate the impact of a ~bug on users.
 There can be multiple facets of the impact. The below is a guideline.
-| Label | Meaning           | Functionality                                         | Affected Users                   | GitLab.com Availability                            | Performance Degradation      |
-|-------|-------------------|-------------------------------------------------------|----------------------------------|----------------------------------------------------|------------------------------|
-| ~S1   | Blocker           | Unusable feature with no workaround, user is blocked  | Impacts 50% or more of users     | Outage, Significant impact on all of GitLab.com    |                                                       |
-| ~S2   | Critical Severity | Broken Feature, workaround too complex & unacceptable | Impacts between 25%-50% of users | Significant impact on large portions of GitLab.com | Degradation is guaranteed to occur in the near future |
-| ~S3   | Major Severity    | Broken feature with an acceptable workaround          | Impacts up to 25% of users       | Limited impact on important portions of GitLab.com | Degradation is likely to occur in the near future     |
-| ~S4   | Low Severity      | Functionality inconvenience or cosmetic issue         | Impacts less than 5% of users    | Minor impact on GitLab.com                         | Degradation _may_ occur but it's not likely           |
+| Label | Meaning           | Functionality                                         | Affected Users                   | GitLab.com Availability                            | Performance Degradation                               | API/Web Response time[^1]  |
+|-------|-------------------|-------------------------------------------------------|----------------------------------|----------------------------------------------------|-------------------------------------------------------|----------------------------|
+| ~S1   | Blocker           | Unusable feature with no workaround, user is blocked  | Impacts 50% or more of users     | Outage, Significant impact on all of GitLab.com    |                                                       | Above 9000ms to timing out |
+| ~S2   | Critical Severity | Broken Feature, workaround too complex & unacceptable | Impacts between 25%-50% of users | Significant impact on large portions of GitLab.com | Degradation is guaranteed to occur in the near future | Between 2000ms and 9000ms  |
+| ~S3   | Major Severity    | Broken feature with an acceptable workaround          | Impacts up to 25% of users       | Limited impact on important portions of GitLab.com | Degradation is likely to occur in the near future     | Between 1000ms and 2000ms  |
+| ~S4   | Low Severity      | Functionality inconvenience or cosmetic issue         | Impacts less than 5% of users    | Minor impact on GitLab.com                         | Degradation _may_ occur but it's not likely           | Between 500ms and 1000ms   |
 If a bug seems to fall between two severity labels, assign it to the higher-severity label.
@@ -503,3 +503,8 @@ to be involved in some capacity when work begins on the follow-up issue.
 ---
 [Return to Contributing documentation](index.md)
+
+[^1]: Our current response time standard is based on the TTFB P90 results of the
+      GitLab Performance Tool (GPT) being run against the 10k-user reference
+      environment. This run happens nightly and results are outputted to the
+      [wiki on the GPT project.](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/10k)

doc/topics/autodevops/index.md

@@ -420,7 +420,7 @@ tests, it's up to you to add them.
 ### Auto Code Quality **(STARTER)**
 Auto Code Quality uses the
-[Code Quality image](https://gitlab.com/gitlab-org/security-products/codequality) to run
+[Code Quality image](https://gitlab.com/gitlab-org/ci-cd/codequality) to run
 static analysis and other code checks on the current code. The report is
 created, and is uploaded as an artifact which you can later download and check
 out.

doc/update/README.md

@@ -50,6 +50,7 @@ However, for this to work there are the following requirements:
    migrations](../development/post_deployment_migrations.md) (included in
    zero downtime update steps below).
 - You are using PostgreSQL. Starting from GitLab 12.1, MySQL is not supported.
+- Multi-node GitLab instance. Single-node instances may experience brief interruptions as services restart.
 Most of the time you can safely upgrade from a patch release to the next minor
 release if the patch release is not the latest. For example, upgrading from

doc/user/group/epics/index.md

@@ -23,7 +23,7 @@ graph TD
     Parent_epic --> Issue1
     Parent_epic --> Child_epic
     Child_epic --> Issue2
-````
+```
 ## Use cases
@@ -184,6 +184,8 @@ have a [start or due date](#start-date-and-due-date), a
 ![Child epics roadmap](img/epic_view_roadmap_v12_9.png)
+---
+
 ## Reordering issues and child epics
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9367) in GitLab 12.5.
@@ -240,6 +242,8 @@ You can always reopen it using the reopen button.
 ![reopen epic - button](img/button_reopen_epic.png)
+---
+
 ### Using quick actions
 You can close or reopen an epic using [Quick actions](../../project/quick_actions.md)
@@ -251,9 +255,12 @@ link in the issue sidebar.
 ![containing epic](img/containing_epic.png)
+---
+
 ## Promoting an issue to an epic
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/3777) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.6.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/3777) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.6.
+> - In [GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/issues/37081), it was moved to the Premium tier.
 If you have [permissions](../../permissions.md) to close an issue and create an
 epic in the parent group, you can promote an issue to an epic with the `/promote`
@@ -276,10 +283,11 @@ The following issue metadata will be copied to the epic:
 ## Searching for an epic from epics list page
-> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.5.
+> - Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.5.
+> - In [GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/issues/37081), it was moved to the Premium tier.
 You can search for an epic from the list of epics using filtered search bar (similar to
-that of Issues and Merge requests) based on following parameters:
+that of Issues and Merge Requests) based on following parameters:
 - Title or description
 - Author name / username
@@ -287,22 +295,26 @@ that of Issues and Merge requests) based on following parameters:
 ![epics search](img/epics_search.png)
-To search, go to the list of epics and click on the field **Search or filter results...**.
+To search, go to the list of epics and click on the field **Search or filter results**.
 It will display a dropdown menu, from which you can add an author. You can also enter plain
 text to search by epic title or description. When done, press <kbd>Enter</kbd> on your
 keyboard to filter the list.
 You can also sort epics list by:
-- **Created date**
-- **Last updated**
-- **Start date**
-- **Due date**
-Each option contains a button that can toggle the order between **ascending** and **descending**. The sort option and order will be persisted to be used wherever epics are browsed including the [roadmap](../roadmap/index.md).
+- Created date
+- Last updated
+- Start date
+- Due date
+Each option contains a button that can toggle the order between **Ascending** and **Descending**.
+The sort option and order is saved and used wherever you browse epics, including the
+[Roadmap](../roadmap/index.md).
 ![epics sort](img/epics_sort.png)
+---
+
 ## Permissions
 If you have access to view an epic and have access to view an issue already
@@ -315,7 +327,7 @@ Note that for a given group, the visibility of all projects must be the same as
 the group, or less restrictive. That means if you have access to a group's epic,
 then you already have access to its projects' issues.
-You may also consult the [group permissions table](../../permissions.md#group-members-permissions).
+You can also consult the [group permissions table](../../permissions.md#group-members-permissions).
 ## Thread
@@ -323,20 +335,20 @@ You may also consult the [group permissions table](../../permissions.md#group-me
   These text fields also fully support
   [GitLab Flavored Markdown](../../markdown.md#gitlab-flavored-markdown-gfm).
-## Comment, or start a thread
-Once you wrote your comment, you can either:
-- Click "Comment" and your comment will be published.
-- Click "Start thread": start a thread within that epic's discussion to discuss specific points.
+## Comment or start a thread
+Once you write your comment, you can either:
+- Click **Comment**, and your comment will be published.
+- Click **Start thread**, and you will start a thread within that epic's discussion.
 ## Award emoji
-- You can [award an emoji](../../award_emojis.md) to that epic or its comments.
+You can [award an emoji](../../award_emojis.md) to that epic or its comments.
 ## Notifications
-- [Receive notifications](../../profile/notifications.md) for epic events.
+You can [turn on notifications](../../profile/notifications.md) to be alerted about epic events.
 <!-- ## Troubleshooting

doc/user/markdown.md

@@ -408,7 +408,6 @@ GFM will recognize the following:
 | merge request                   | `!123`                     | `namespace/project!123`                 | `project!123`                  |
 | snippet                         | `$123`                     | `namespace/project$123`                 | `project$123`                  |
 | epic **(ULTIMATE)**             | `&123`                     | `group1/subgroup&123`                   |                                |
-| design **(PREMIUM)**            | `#123[file.jpg]` or `#123["file.png"]` | `group1/subgroup#123[file.png]`         | `project#123[file.png]`         |
 | label by ID                     | `~123`                     | `namespace/project~123`                 | `project~123`                  |
 | one-word label by name          | `~bug`                     | `namespace/project~bug`                 | `project~bug`                  |
 | multi-word label by name        | `~"feature request"`       | `namespace/project~"feature request"`   | `project~"feature request"`    |
@@ -421,6 +420,12 @@ GFM will recognize the following:
 | repository file references      | `[README](doc/README)`     |                                         |                                |
 | repository file line references | `[README](doc/README#L13)` |                                         |                                |
+In addition to this, links to some objects are also recognized and formatted. Some examples of these are:
+
+- Comments on issues: `"https://gitlab.com/gitlab-org/gitlab/-/issues/1234#note_101075757"`, which will be rendered as `#1234 (note1)`
+- The issues designs tab: `"https://gitlab.com/gitlab-org/gitlab/issues/1234/designs"`, which will be rendered as `#1234 (designs)`.
+  **(PREMIUM)**
+
 ### Task lists
 > If this is not rendered correctly, [view it in GitLab itself](https://gitlab.com/gitlab-org/gitlab/blob/master/doc/user/markdown.md#task-lists).

doc/user/project/issues/design_management.md

@@ -39,13 +39,6 @@ Design Management requires that projects are using
 If the requirements are not met, the **Designs** tab displays a message to the user.
-### Feature Flags
-
-- Reference Parsing
-
-  Designs support short references in Markdown, but this needs to be enabled by setting
-  the `:design_management_reference_filter_gfm_pipeline` feature flag.
-
 ## Supported files
 Files uploaded must have a file extension of either `png`, `jpg`, `jpeg`,
@@ -169,32 +162,3 @@ Different discussions have different badge numbers:
 From GitLab 12.5 on, new annotations will be outputted to the issue activity,
 so that everyone involved can participate in the discussion.
-
-## References
-
-GitLab Flavored Markdown supports references to designs. The syntax for this is:
-
-  `#123[file.jpg]` - the issue reference, with the filename in square braces
-
-File names may contain a variety of odd characters, so two escaping mechanisms are supported:
-
-### Quoting
-
-File names may be quoted with double quotation marks, eg:
-
-  `#123["file.jpg"]`
-
-This is useful if, for instance, your filename has square braces in its name. In this scheme, all
-double quotation marks in the file name need to be escaped with backslashes, and backslashes need
-to be escaped likewise:
-
-  `#123["with with \"quote\" marks and a backslash \\.png"]`
-
-### Base64 Encoding
-
-In the case of file names that include HTML elements, you will need to escape these names to avoid
-them being processed as HTML literals. To do this, we support base64 encoding, eg.
-
-  The file `<a>.jpg` can be referenced as `#123[base64:PGE+LmpwZwo=]`
-
-Obviously we would advise against using such filenames.