Add latest changes from gitlab-org/gitlab@master

15 files changed, 105 insertions, 33 deletions

diff --git a/.rubocop_todo/rspec/any_instance_of.yml b/.rubocop_todo/rspec/any_instance_of.yml
index bf1bc408b66..1809dd74dc9 100644
--- a/.rubocop_todo/rspec/any_instance_of.yml
+++ b/.rubocop_todo/rspec/any_instance_of.yml
@@ -141,7 +141,7 @@ RSpec/AnyInstanceOf:
   - spec/controllers/groups/settings/ci_cd_controller_spec.rb
   - spec/controllers/groups_controller_spec.rb
   - spec/controllers/import/bitbucket_controller_spec.rb
-  - spec/controllers/oauth/jira/authorizations_controller_spec.rb
+  - spec/controllers/oauth/jira_dvcs/authorizations_controller_spec.rb
   - spec/controllers/omniauth_callbacks_controller_spec.rb
   - spec/controllers/projects/artifacts_controller_spec.rb
   - spec/controllers/projects/branches_controller_spec.rb
diff --git a/.rubocop_todo/rspec/verified_doubles.yml b/.rubocop_todo/rspec/verified_doubles.yml
index 7cffea49d3a..bbdbb645da0 100644
--- a/.rubocop_todo/rspec/verified_doubles.yml
+++ b/.rubocop_todo/rspec/verified_doubles.yml
@@ -295,7 +295,7 @@ RSpec/VerifiedDoubles:
     - spec/controllers/import/gitea_controller_spec.rb
     - spec/controllers/import/github_controller_spec.rb
     - spec/controllers/import/gitlab_controller_spec.rb
-    - spec/controllers/oauth/jira/authorizations_controller_spec.rb
+    - spec/controllers/oauth/jira_dvcs/authorizations_controller_spec.rb
     - spec/controllers/omniauth_callbacks_controller_spec.rb
     - spec/controllers/profiles/two_factor_auths_controller_spec.rb
     - spec/controllers/projects/blob_controller_spec.rb
diff --git a/app/controllers/oauth/jira/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
index 8169b5fcbb0..613999f4ca7 100644
--- a/app/controllers/oauth/jira/authorizations_controller.rb
+++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
@@ -4,7 +4,7 @@
 # flow routes for Jira DVCS integration.
 # See https://gitlab.com/gitlab-org/gitlab/issues/2381
 #
-class Oauth::Jira::AuthorizationsController < ApplicationController
+class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
   skip_before_action :authenticate_user!
   skip_before_action :verify_authenticity_token
 
@@ -17,7 +17,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
     redirect_to oauth_authorization_path(client_id: params['client_id'],
                                          response_type: 'code',
                                          scope: normalize_scope(params['scope']),
-                                         redirect_uri: oauth_jira_callback_url)
+                                         redirect_uri: oauth_jira_dvcs_callback_url)
   end
 
   # 2. Handle the callback call as we were a Github Enterprise instance client.
@@ -33,7 +33,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
   # 3. Rewire and adjust access_token request accordingly.
   def access_token
     # We have to modify request.parameters because Doorkeeper::Server reads params from there
-    request.parameters[:redirect_uri] = oauth_jira_callback_url
+    request.parameters[:redirect_uri] = oauth_jira_dvcs_callback_url
 
     strategy = Doorkeeper::Server.new(self).token_request('authorization_code')
     response = strategy.authorize
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index dad73c37fea..6264f10ce2d 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -34,11 +34,9 @@ class Projects::BranchesController < Projects::ApplicationController
         Gitlab::GitalyClient.allow_n_plus_1_calls do
           render
         end
-      rescue Gitlab::Git::CommandError => e
-        Gitlab::ErrorTracking.track_exception(e)
-
+      rescue Gitlab::Git::CommandError
         @gitaly_unavailable = true
-        render
+        render status: :service_unavailable
       end
       format.json do
         branches = BranchesFinder.new(@repository, params).execute
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 0c26b402876..90d823423f3 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -106,6 +106,8 @@ class Projects::CommitController < Projects::ApplicationController
   end
 
   def revert
+    return render_404 unless @commit
+
     assign_change_commit_vars
 
     return render_404 if @start_branch.blank?
@@ -117,6 +119,8 @@ class Projects::CommitController < Projects::ApplicationController
   end
 
   def cherry_pick
+    return render_404 unless @commit
+
     assign_change_commit_vars
 
     return render_404 if @start_branch.blank?
diff --git a/app/workers/container_registry/migration/enqueuer_worker.rb b/app/workers/container_registry/migration/enqueuer_worker.rb
index 5feaba870e6..0dbbd27e309 100644
--- a/app/workers/container_registry/migration/enqueuer_worker.rb
+++ b/app/workers/container_registry/migration/enqueuer_worker.rb
@@ -10,7 +10,7 @@ module ContainerRegistry
       data_consistency :always
       feature_category :container_registry
       urgency :low
-      deduplicate :until_executing, including_scheduled: true
+      deduplicate :until_executed, including_scheduled: true
       idempotent!
 
       def perform
diff --git a/config/routes.rb b/config/routes.rb
index 9342de492ec..ef9e21282fd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -32,7 +32,7 @@ Rails.application.routes.draw do
 
   # This prefixless path is required because Jira gets confused if we set it up with a path
   # More information: https://gitlab.com/gitlab-org/gitlab/issues/6752
-  scope path: '/login/oauth', controller: 'oauth/jira/authorizations', as: :oauth_jira do
+  scope path: '/login/oauth', controller: 'oauth/jira_dvcs/authorizations', as: :oauth_jira_dvcs do
     get :authorize, action: :new
     get :callback
     post :access_token
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index 6e90824fce2..cb5fd959bc9 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -144,7 +144,6 @@ module Backup
     def run_restore_task(task_name)
       definition = @definitions[task_name]
 
-      read_backup_information
       puts_time "Restoring #{definition.task.human_name} ... ".color(:blue)
 
       unless definition.task.enabled
@@ -483,7 +482,7 @@ module Backup
     end
 
     def repository_backup_strategy(incremental)
-      if Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
+      if !Feature.feature_flags_available? || Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
         max_concurrency = ENV['GITLAB_BACKUP_MAX_CONCURRENCY'].presence
         max_storage_concurrency = ENV['GITLAB_BACKUP_MAX_STORAGE_CONCURRENCY'].presence
         Backup::GitalyBackup.new(progress, incremental: incremental, max_parallelism: max_concurrency, storage_parallelism: max_storage_concurrency)
diff --git a/lib/gitlab/database/migration.rb b/lib/gitlab/database/migration.rb
index b2248b0f4eb..d2e17eab614 100644
--- a/lib/gitlab/database/migration.rb
+++ b/lib/gitlab/database/migration.rb
@@ -33,15 +33,22 @@ module Gitlab
       # We use major version bumps to indicate significant changes and minor version bumps
       # to indicate backwards-compatible or otherwise minor changes (e.g. a Rails version bump).
       # However, this hasn't been strictly formalized yet.
-      MIGRATION_CLASSES = {
-        1.0 => Class.new(ActiveRecord::Migration[6.1]) do
-          include LockRetriesConcern
-          include Gitlab::Database::MigrationHelpers::V2
-        end
-      }.freeze
+
+      class V1_0 < ActiveRecord::Migration[6.1] # rubocop:disable Naming/ClassAndModuleCamelCase
+        include LockRetriesConcern
+        include Gitlab::Database::MigrationHelpers::V2
+      end
+
+      class V2_0 < V1_0 # rubocop:disable Naming/ClassAndModuleCamelCase
+        include Gitlab::Database::MigrationHelpers::RestrictGitlabSchema
+      end
 
       def self.[](version)
-        MIGRATION_CLASSES[version] || raise(ArgumentError, "Unknown migration version: #{version}")
+        version = version.to_s
+        name = "V#{version.tr('.', '_')}"
+        raise ArgumentError, "Unknown migration version: #{version}" unless const_defined?(name, false)
+
+        const_get(name, false)
       end
 
       # The current version to be used in new migrations
diff --git a/spec/controllers/oauth/jira/authorizations_controller_spec.rb b/spec/controllers/oauth/jira_dvcs/authorizations_controller_spec.rb
index f4a335b30f4..496ef7859f9 100644
--- a/spec/controllers/oauth/jira/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/jira_dvcs/authorizations_controller_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Oauth::Jira::AuthorizationsController do
+RSpec.describe Oauth::JiraDvcs::AuthorizationsController do
   describe 'GET new' do
     it 'redirects to OAuth authorization with correct params' do
       get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' }
@@ -10,7 +10,7 @@ RSpec.describe Oauth::Jira::AuthorizationsController do
       expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
                                                               response_type: 'code',
                                                               scope: 'foo',
-                                                              redirect_uri: oauth_jira_callback_url))
+                                                              redirect_uri: oauth_jira_dvcs_callback_url))
     end
 
     it 'replaces the GitHub "repo" scope with "api"' do
@@ -19,7 +19,7 @@ RSpec.describe Oauth::Jira::AuthorizationsController do
       expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
                                                               response_type: 'code',
                                                               scope: 'api',
-                                                              redirect_uri: oauth_jira_callback_url))
+                                                              redirect_uri: oauth_jira_dvcs_callback_url))
     end
   end
 
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index ea22e6b6f10..1580ad9361d 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -688,21 +688,23 @@ RSpec.describe Projects::BranchesController do
     end
 
     context 'when gitaly is not available' do
+      let(:request) { get :index, format: :html, params: { namespace_id: project.namespace, project_id: project } }
+
       before do
         allow_next_instance_of(Gitlab::GitalyClient::RefService) do |ref_service|
           allow(ref_service).to receive(:local_branches).and_raise(GRPC::DeadlineExceeded)
         end
-
-        get :index, format: :html, params: {
-           namespace_id: project.namespace, project_id: project
-        }
       end
 
-      it 'returns with a status 200' do
-        expect(response).to have_gitlab_http_status(:ok)
+      it 'returns with a status 503' do
+        request
+
+        expect(response).to have_gitlab_http_status(:service_unavailable)
       end
 
       it 'sets gitaly_unavailable variable' do
+        request
+
         expect(assigns[:gitaly_unavailable]).to be_truthy
       end
     end
diff --git a/spec/controllers/projects/commit_controller_spec.rb b/spec/controllers/projects/commit_controller_spec.rb
index 72fee40a6e9..509e10a10c7 100644
--- a/spec/controllers/projects/commit_controller_spec.rb
+++ b/spec/controllers/projects/commit_controller_spec.rb
@@ -212,6 +212,21 @@ RSpec.describe Projects::CommitController do
       end
     end
 
+    context 'when the revert commit is missing' do
+      it 'renders the 404 page' do
+        post(:revert,
+            params: {
+              namespace_id: project.namespace,
+              project_id: project,
+              start_branch: 'master',
+              id: '1234567890'
+            })
+
+        expect(response).not_to be_successful
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
     context 'when the revert was successful' do
       it 'redirects to the commits page' do
         post(:revert,
@@ -269,6 +284,21 @@ RSpec.describe Projects::CommitController do
       end
     end
 
+    context 'when the cherry-pick commit is missing' do
+      it 'renders the 404 page' do
+        post(:cherry_pick,
+            params: {
+              namespace_id: project.namespace,
+              project_id: project,
+              start_branch: 'master',
+              id: '1234567890'
+            })
+
+        expect(response).not_to be_successful
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
     context 'when the cherry-pick was successful' do
       it 'redirects to the commits page' do
         post(:cherry_pick,
diff --git a/spec/db/migration_spec.rb b/spec/db/migration_spec.rb
new file mode 100644
index 00000000000..ac649925751
--- /dev/null
+++ b/spec/db/migration_spec.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Migrations Validation' do
+  using RSpec::Parameterized::TableSyntax
+
+  # The range describes the timestamps that given migration helper can be used
+  let(:all_migration_classes) do
+    {
+      2022_01_26_21_06_58..                    => Gitlab::Database::Migration[2.0],
+      2021_09_01_15_33_24..                    => Gitlab::Database::Migration[1.0],
+      2021_05_31_05_39_16..2021_09_01_15_33_24 => ActiveRecord::Migration[6.1],
+                         ..2021_05_31_05_39_16 => ActiveRecord::Migration[6.0]
+    }
+  end
+
+  where(:migration) do
+    Gitlab::Database.database_base_models.flat_map do |_, model|
+      model.connection.migration_context.migrations
+    end.uniq
+  end
+
+  with_them do
+    let(:migration_instance) { migration.send(:migration) }
+    let(:allowed_migration_classes) { all_migration_classes.select { |r, _| r.include?(migration.version) }.values }
+
+    it 'uses one of the allowed migration classes' do
+      expect(allowed_migration_classes).to include(be > migration_instance.class)
+    end
+  end
+end
diff --git a/spec/features/jira_oauth_provider_authorize_spec.rb b/spec/features/jira_oauth_provider_authorize_spec.rb
index daecae56101..a216d2d44b2 100644
--- a/spec/features/jira_oauth_provider_authorize_spec.rb
+++ b/spec/features/jira_oauth_provider_authorize_spec.rb
@@ -4,13 +4,13 @@ require 'spec_helper'
 
 RSpec.describe 'JIRA OAuth Provider' do
   describe 'JIRA DVCS OAuth Authorization' do
-    let(:application) { create(:oauth_application, redirect_uri: oauth_jira_callback_url, scopes: 'read_user') }
+    let(:application) { create(:oauth_application, redirect_uri: oauth_jira_dvcs_callback_url, scopes: 'read_user') }
 
     before do
       sign_in(user)
 
-      visit oauth_jira_authorize_path(client_id: application.uid,
-                                      redirect_uri: oauth_jira_callback_url,
+      visit oauth_jira_dvcs_authorize_path(client_id: application.uid,
+                                      redirect_uri: oauth_jira_dvcs_callback_url,
                                       response_type: 'code',
                                       state: 'my_state',
                                       scope: 'read_user')
diff --git a/spec/requests/jira_authorizations_spec.rb b/spec/requests/jira_authorizations_spec.rb
index 24c6001814c..b43d36e94f4 100644
--- a/spec/requests/jira_authorizations_spec.rb
+++ b/spec/requests/jira_authorizations_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'Jira authorization requests' do
   let(:user) { create :user }
   let(:application) { create :oauth_application, scopes: 'api' }
-  let(:redirect_uri) { oauth_jira_callback_url(host: "http://www.example.com") }
+  let(:redirect_uri) { oauth_jira_dvcs_callback_url(host: "http://www.example.com") }
 
   def generate_access_grant
     create :oauth_access_grant, application: application, resource_owner_id: user.id, redirect_uri: redirect_uri