Add latest changes from gitlab-org/gitlab@15-6-stable-ee

5 files changed, 65 insertions, 3 deletions

diff --git a/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb b/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb
new file mode 100644
index 00000000000..6f0e26634ce
--- /dev/null
+++ b/db/post_migrate/20230117114739_clear_duplicate_jobs_cookies.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# This is workaround for
+# https://gitlab.com/gitlab-org/gitlab/-/issues/388253. During a
+# zero-downtime upgrade, duplicate jobs cookies can fail to get deleted.
+# This post-deployment migration deletes all such cookies. This can
+# cause some jobs that normally would have been deduplicated to twice
+# instead of once.
+class ClearDuplicateJobsCookies < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    Gitlab::Redis::Queues.with do |redis| # rubocop:disable Cop/RedisQueueUsage
+      redis.scan_each(match: "resque:gitlab:duplicate:*:cookie:v2").each_slice(100) do |keys|
+        redis.del(keys)
+      end
+    end
+  end
+
+  def down; end
+end
diff --git a/db/schema_migrations/20230117114739 b/db/schema_migrations/20230117114739
new file mode 100644
index 00000000000..cb9fabfe4c4
--- /dev/null
+++ b/db/schema_migrations/20230117114739
@@ -0,0 +1 @@
+f4ba0d1de73da2b7a912c06ca458898f3404235025089efc74aee9fc4caa511a
\ No newline at end of file
diff --git a/doc/development/fips_compliance.md b/doc/development/fips_compliance.md
index c6208d45c77..4f92bec53fd 100644
--- a/doc/development/fips_compliance.md
+++ b/doc/development/fips_compliance.md
@@ -441,13 +441,27 @@ def default_min_key_size(name)
 end
 ```
 
-## Nightly Omnibus FIPS builds
+## Omnibus FIPS packages
 
-The Distribution team has created [nightly FIPS Omnibus builds](https://packages.gitlab.com/gitlab/nightly-fips-builds). These
-GitLab builds are compiled to use the system OpenSSL instead of the Omnibus-embedded version of OpenSSL.
+GitLab has a dedicated repository
+([`gitlab/gitlab-fips`](https://packages.gitlab.com/gitlab/gitlab-fips))
+for builds of the Omnibus GitLab which are built with FIPS compliance.
+These GitLab builds are compiled to use the system OpenSSL, instead of
+the Omnibus-embedded version of OpenSSL. These packages are built for:
+
+- RHEL 8 (and compatible)
+- AmazonLinux 2
+- Ubuntu
+
+These are [consumed by the GitLab Environment Toolkit](#install-gitlab-with-fips-compliance) (GET).
 
 See [the section on how FIPS builds are created](#how-fips-builds-are-created).
 
+### Nightly Omnibus FIPS builds
+
+The Distribution team has created [nightly FIPS Omnibus builds](https://packages.gitlab.com/gitlab/nightly-fips-builds),
+which can be used for *testing* purposes. These should never be used for production environments.
+
 ## Runner
 
 See the [documentation on installing a FIPS-compliant GitLab Runner](https://docs.gitlab.com/runner/install/#fips-compliant-gitlab-runner).
diff --git a/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb b/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb
new file mode 100644
index 00000000000..5c572b49d3d
--- /dev/null
+++ b/spec/migrations/20230117114739_clear_duplicate_jobs_cookies_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe ClearDuplicateJobsCookies, :migration, feature_category: :redis do
+  def with_redis(&block)
+    Gitlab::Redis::Queues.with(&block)
+  end
+
+  it 'deletes duplicate jobs cookies' do
+    delete = ['resque:gitlab:duplicate:blabla:1:cookie:v2', 'resque:gitlab:duplicate:foobar:2:cookie:v2']
+    keep = ['resque:gitlab:duplicate:something', 'something:cookie:v2']
+    with_redis { |r| (delete + keep).each { |key| r.set(key, 'value') } }
+
+    expect(with_redis { |r| r.exists(delete + keep) }).to eq(4)
+
+    migrate!
+
+    expect(with_redis { |r| r.exists(delete) }).to eq(0)
+    expect(with_redis { |r| r.exists(keep) }).to eq(2)
+  end
+end
diff --git a/spec/support/shared_examples/features/discussion_comments_shared_example.rb b/spec/support/shared_examples/features/discussion_comments_shared_example.rb
index 68c0d06e7d0..adddd837b11 100644
--- a/spec/support/shared_examples/features/discussion_comments_shared_example.rb
+++ b/spec/support/shared_examples/features/discussion_comments_shared_example.rb
@@ -19,6 +19,8 @@ RSpec.shared_examples 'thread comments for commit and snippet' do |resource_name
 
     find('.js-comment-button').click
 
+    wait_for_all_requests
+
     expect(page).to have_content(comment)
 
     new_comment = all(comments_selector).last