Right now Project::VariablesController users the `value` parameter to send the
secret variable value. `value` is a pretty generic term and could be used in
other controllers, but for now it's better to err on the side of caution and
filter this out.

Closes #43313

This fixes an issue where the Rails autoload system would throw various `Unable to autoload constant` errors (such as `Unable to autoload constant EE::ProjectsHelper`) when using the autoload system (such with `spring` or `reload!` in the rails console.

This error was specifically ocurring in the EE code, however, it's seems reasonable to place the fix in CE as a general innoculation.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Rake doesn't respect eager-loading, so to avoid explicit requires we have to
duplicate the eager-load config into the auto-load config.

This backports an EE change made in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3706

I've followed the [upgrade guide](https://github.com/thoughtbot/factory_bot/blob/4-9-0-stable/UPGRADE_FROM_FACTORY_GIRL.md

) and ran these two commands:

```
grep -e FactoryGirl **/*.rake **/*.rb -s -l | xargs sed -i "" "s|FactoryGirl|FactoryBot|"
grep -e factory_girl **/*.rake **/*.rb -s -l | xargs sed -i "" "s|factory_girl|factory_bot|"
```

Signed-off-by: Rémy Coutable <remy@rymai.me>

In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.

Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.

Closes gitlab-org/gitlab-ce#37534.

Now that we are logging API requests in `api_json.log`, we see that
the runner token was not filtered properly.

Upon inspection of logs, there were a number of fields not filtered. For example:

* authenticity_token: CSRF token
* rss_token: Used for RSS feeds
* secret: Used with Projects::UploadController

Rails provides a way to match regexps, so we now filter:

* Any parameter ending with `_token`
* Any parameter containing `password`
* Any parameter containing `secret`

Group milestones can only be referred to by name, not IID. They also do not
support cross-project references.

https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2483

I don't know exactly when Rails picks each module to use, but this seems to be
used by `app` in the console (for instance, `app.project_path` would fail
before, but works now).

Start of the new navigation by redesigning just the top navigation menu.
This is only shown when a cookie is set.

Part of #32794

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Add test.js and test.css to disable animations during testing and include these in _head when testing

Add test.js and test.css to disable animations during testing and include these in _head when testing

CI/CD models are already located inside `CI` module, thus usual Rails
autoloading principles apply.

See https://github.com/rails/rails/issues/28854 for more details.

Review changes, removed api/v3 updates as its frozen, removed the clientside_sentry properties from the sensitive data filter as they\'re both available publically

It isn't working fine when using POROs in forms like WikiPage,
the following error is being raised: undefined method `abstract_class?' for Object:Class