Merge branch '14-7-stable-ee-patch-5' into '14-7-stable-ee'

Prepare 14.7.5-ee release

See merge request gitlab-org/gitlab!82430

db/migrate/20210811193033_add_unique_index_to_vulnerability_finding_links.rb

 # frozen_string_literal: true
 class AddUniqueIndexToVulnerabilityFindingLinks < Gitlab::Database::Migration[1.0]
-  disable_ddl_transaction!
-
-  NAME_URL_INDEX_NAME = 'finding_link_name_url_idx'
-  URL_INDEX_NAME = 'finding_link_url_idx'
+  # This migration has been moved to db/post_migrate/20220201193033_add_unique_index_to_vulnerability_finding_links_with_truncate.rb
+  # Previously, this was causing an bug where there was a conflict between the table cleanup and the index creation.
   def up
-    add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], unique: true, name: NAME_URL_INDEX_NAME
-    add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :url], unique: true, where: 'name is null', name: URL_INDEX_NAME
+    # no op
   end
   def down
-    remove_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], name: NAME_URL_INDEX_NAME
-    remove_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :url], name: URL_INDEX_NAME
+    # no op
   end
 end

db/post_migrate/20211104165220_remove_vulnerability_finding_links.rb

 # frozen_string_literal: true
 class RemoveVulnerabilityFindingLinks < Gitlab::Database::Migration[1.0]
-  BATCH_SIZE = 50_000
-  MIGRATION = 'RemoveVulnerabilityFindingLinks'
-
-  disable_ddl_transaction!
+  # This migration has been moved to a TRUNCATE in db/post_migrate/20220201193033_add_unique_index_to_vulnerability_finding_links_with_truncate.rb
+  # Previously, this was causing an bug where there was a conflict between the table cleanup and the index creation.
   def up
-    queue_background_migration_jobs_by_range_at_intervals(
-      define_batchable_model('vulnerability_finding_links'),
-      MIGRATION,
-      2.minutes,
-      batch_size: BATCH_SIZE
-    )
+    # no op
   end
   def down
-    # no ops
+    # no op
   end
 end

db/post_migrate/20211210173137_remove_vulnerability_finding_links_again.rb

 # frozen_string_literal: true
 class RemoveVulnerabilityFindingLinksAgain < Gitlab::Database::Migration[1.0]
-  BATCH_SIZE = 50_000
-  MIGRATION = 'RemoveVulnerabilityFindingLinks'
-
-  disable_ddl_transaction!
+  # This migration has been moved to a TRUNCATE in db/post_migrate/20220201193033_add_unique_index_to_vulnerability_finding_links_with_truncate.rb
+  # Previously, this was causing an bug where there was a conflict between the table cleanup and the index creation.
   def up
-    queue_background_migration_jobs_by_range_at_intervals(
-      define_batchable_model('vulnerability_finding_links'),
-      MIGRATION,
-      2.minutes,
-      batch_size: BATCH_SIZE
-    )
+    # no op
   end
   def down
-    # no ops
+    # no op
   end
 end

db/post_migrate/20220201193033_add_unique_index_to_vulnerability_finding_links_with_truncate.rb

+# frozen_string_literal: true
+
+class AddUniqueIndexToVulnerabilityFindingLinksWithTruncate < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  NAME_URL_INDEX_NAME = 'finding_link_name_url_idx'
+  URL_INDEX_NAME = 'finding_link_url_idx'
+
+  def up
+    execute('TRUNCATE TABLE vulnerability_finding_links')
+
+    add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], unique: true, name: NAME_URL_INDEX_NAME
+    add_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :url], unique: true, where: 'name is null', name: URL_INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :name, :url], name: NAME_URL_INDEX_NAME
+    remove_concurrent_index :vulnerability_finding_links, [:vulnerability_occurrence_id, :url], name: URL_INDEX_NAME
+  end
+end

db/schema_migrations/20220201193033

+92bbe74c6c3627dd26f709acd2a20f442212eab933f719be815701a3bc429539
\ No newline at end of file

lib/gitlab/cleanup/orphan_job_artifact_files.rb

@@ -99,6 +99,9 @@ module Gitlab
           #                  ^--+--+- components of hashed storage project path
           cmd += %w[-mindepth 6 -maxdepth 6]
+          # Intentionally exclude pipeline artifacts which match the same path
+          cmd += %w[-not -path */pipelines/*]
+
           # Artifact directories are named on their ID
           cmd += %w[-type d]

spec/lib/gitlab/cleanup/orphan_job_artifact_files_spec.rb

@@ -34,10 +34,33 @@ RSpec.describe Gitlab::Cleanup::OrphanJobArtifactFiles do
     cleanup.run!
   end
-  it 'finds artifacts on disk' do
+  it 'finds job artifacts on disk' do
     artifact = create(:ci_job_artifact, :archive)
-    expect(cleanup).to receive(:find_artifacts).and_yield(artifact.file.path)
+    artifact_directory = artifact.file.relative_path.to_s.split('/')[0...6].join('/')
+
+    cleaned = []
+
+    expect(cleanup).to receive(:find_artifacts).and_wrap_original do |original_method, *args, &block|
+      original_method.call(*args) { |dir| cleaned << dir }
+    end
+
+    cleanup.run!
+
+    expect(cleaned).to include(/#{artifact_directory}/)
+  end
+
+  it 'does not find pipeline artifacts on disk' do
+    artifact = create(:ci_pipeline_artifact, :with_coverage_report)
+    # using 0...6 to match the -min/maxdepth 6 strictly, since this is one directory
+    # deeper than job artifacts, and .dirname would not match
+    artifact_directory = artifact.file.relative_path.to_s.split('/')[0...6].join('/')
+
+    expect(cleanup).to receive(:find_artifacts).and_wrap_original do |original_method, *args, &block|
+      # this can either _not_ yield at all, or yield with any other file
+      # except the one that we're explicitly excluding
+      original_method.call(*args) { |path| expect(path).not_to match(artifact_directory) }
+    end
     cleanup.run!
   end