Add latest changes from gitlab-org/gitlab@master

16 files changed, 175 insertions, 75 deletions

diff --git a/app/finders/concerns/finder_with_group_hierarchy.rb b/app/finders/concerns/finder_with_group_hierarchy.rb
index 86ccac19b63..4ced544ba2c 100644
--- a/app/finders/concerns/finder_with_group_hierarchy.rb
+++ b/app/finders/concerns/finder_with_group_hierarchy.rb
@@ -27,6 +27,12 @@ module FinderWithGroupHierarchy
       # we can preset root group for all of them to optimize permission checks
       Group.preset_root_ancestor_for(groups)
 
+      # Preloading the max access level for the given groups to avoid N+1 queries
+      # during the access check.
+      if !skip_authorization && current_user && Feature.enabled?(:preload_max_access_levels_for_labels_finder, group)
+        Preloaders::UserMaxAccessLevelInGroupsPreloader.new(groups, current_user).execute
+      end
+
       groups_user_can_read_items(groups).map(&:id)
     end
   end
diff --git a/app/models/audit_event.rb b/app/models/audit_event.rb
index 4d92cb1becf..3312216932b 100644
--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
@@ -65,7 +65,9 @@ class AuditEvent < ApplicationRecord
   end
 
   def formatted_details
-    details.merge(details.slice(:from, :to).transform_values(&:to_s))
+    details
+      .merge(details.slice(:from, :to).transform_values(&:to_s))
+      .merge(author_email: author.try(:email))
   end
 
   def author
diff --git a/config/feature_flags/development/preload_max_access_levels_for_labels_finder.yml b/config/feature_flags/development/preload_max_access_levels_for_labels_finder.yml
new file mode 100644
index 00000000000..45661638432
--- /dev/null
+++ b/config/feature_flags/development/preload_max_access_levels_for_labels_finder.yml
@@ -0,0 +1,8 @@
+---
+name: preload_max_access_levels_for_labels_finder
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111313
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/390664
+milestone: '15.9'
+type: development
+group: group::optimize
+default_enabled: false
diff --git a/danger/roulette/Dangerfile b/danger/roulette/Dangerfile
index ca5a671ef29..6dad4a0c597 100644
--- a/danger/roulette/Dangerfile
+++ b/danger/roulette/Dangerfile
@@ -104,26 +104,26 @@ categories << :product_intelligence if helper.mr_labels.include?("product intell
 # Skip Product intelligence reviews for growth experiment MRs
 categories.delete(:product_intelligence) if helper.mr_labels.include?("growth experiment")
 
-if changes.any?
-  random_roulette_spins = roulette.spin(nil, categories, timezone_experiment: false)
+# if changes.any?
+#   random_roulette_spins = roulette.spin(nil, categories, timezone_experiment: false)
 
-  rows = random_roulette_spins.map do |spin|
-    markdown_row_for_spin(spin.category, spin)
-  end
+#   rows = random_roulette_spins.map do |spin|
+#     markdown_row_for_spin(spin.category, spin)
+#   end
 
-  roulette.required_approvals.each do |approval|
-    rows << markdown_row_for_spin(approval.category, approval.spin)
-  end
+#   roulette.required_approvals.each do |approval|
+#     rows << markdown_row_for_spin(approval.category, approval.spin)
+#   end
 
-  markdown(REVIEW_ROULETTE_SECTION)
+#   markdown(REVIEW_ROULETTE_SECTION)
 
-  if rows.empty?
-    markdown(NO_SUGGESTIONS)
-  else
-    markdown(CATEGORY_TABLE + rows.join("\n"))
-    markdown(POST_TABLE_MESSAGE)
-  end
+#   if rows.empty?
+#     markdown(NO_SUGGESTIONS)
+#   else
+#     markdown(CATEGORY_TABLE + rows.join("\n"))
+#     markdown(POST_TABLE_MESSAGE)
+#   end
 
-  unknown = changes.fetch(:unknown, [])
-  markdown(UNKNOWN_FILES_MESSAGE + helper.markdown_list(unknown)) unless unknown.empty?
-end
+#   unknown = changes.fetch(:unknown, [])
+#   markdown(UNKNOWN_FILES_MESSAGE + helper.markdown_list(unknown)) unless unknown.empty?
+# end
diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index 6cf8241182a..c51b5fbb431 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -358,11 +358,12 @@ Issue [343933](https://gitlab.com/gitlab-org/gitlab/-/issues/343933) proposes to
 
 ## Unsupported events
 
-Some events are not tracked in audit events. The following epics propose support for more events:
+Some events are not tracked in audit events. The following epics and issues propose support for more events:
 
 - [Project settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/474).
 - [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475).
 - [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476).
+- [Deployment Approval activity](https://gitlab.com/gitlab-org/gitlab/-/issues/354782).
 
 If you don't see the event you want in any of the epics, you can either:
 
diff --git a/doc/api/audit_events.md b/doc/api/audit_events.md
index dadfa06a981..fec719b189c 100644
--- a/doc/api/audit_events.md
+++ b/doc/api/audit_events.md
@@ -6,7 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Audit Events API **(PREMIUM)**
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121) in GitLab 12.4.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121) in GitLab 12.4.
+> - [Author Email added to the response body](https://gitlab.com/gitlab-org/gitlab/-/issues/386322) in GitLab 15.9.
 
 ## Instance Audit Events **(PREMIUM SELF)**
 
@@ -49,6 +50,7 @@ Example response:
     "details": {
       "custom_message": "Project archived",
       "author_name": "Administrator",
+      "author_email": "admin@example.com",
       "target_id": "flightjs/flight",
       "target_type": "Project",
       "target_details": "flightjs/flight",
@@ -65,6 +67,7 @@ Example response:
     "details": {
       "add": "group",
       "author_name": "Administrator",
+      "author_email": "admin@example.com",
       "target_id": "flightjs",
       "target_type": "Group",
       "target_details": "flightjs",
@@ -83,6 +86,7 @@ Example response:
       "from": "hello@flightjs.com",
       "to": "maintainer@flightjs.com",
       "author_name": "Andreas",
+      "author_email": "admin@example.com",
       "target_id": 51,
       "target_type": "User",
       "target_details": "Andreas",
@@ -119,6 +123,7 @@ Example response:
   "details": {
     "custom_message": "Project archived",
     "author_name": "Administrator",
+    "author_email": "admin@example.com",
     "target_id": "flightjs/flight",
     "target_type": "Project",
     "target_details": "flightjs/flight",
@@ -178,6 +183,7 @@ Example response:
     "details": {
       "custom_message": "Group marked for deletion",
       "author_name": "Administrator",
+      "author_email": "admin@example.com",
       "target_id": "flightjs",
       "target_type": "Group",
       "target_details": "flightjs",
@@ -194,6 +200,7 @@ Example response:
     "details": {
       "add": "group",
       "author_name": "Administrator",
+      "author_email": "admin@example.com",
       "target_id": "flightjs",
       "target_type": "Group",
       "target_details": "flightjs",
@@ -233,6 +240,7 @@ Example response:
   "details": {
     "custom_message": "Group marked for deletion",
     "author_name": "Administrator",
+    "author_email": "admin@example.com",
     "target_id": "flightjs",
     "target_type": "Group",
     "target_details": "flightjs",
@@ -287,6 +295,7 @@ Example response:
         "from": "",
         "to": "true",
         "author_name": "Administrator",
+        "author_email": "admin@example.com",
         "target_id": 7,
         "target_type": "Project",
         "target_details": "twitter/typeahead-js",
@@ -305,6 +314,7 @@ Example response:
           "from": "false",
           "to": "true",
           "author_name": "Administrator",
+          "author_email": "admin@example.com",
           "target_id": 7,
           "target_type": "Project",
           "target_details": "twitter/typeahead-js",
@@ -346,6 +356,7 @@ Example response:
       "from": "",
       "to": "true",
       "author_name": "Administrator",
+      "author_email": "admin@example.com",
       "target_id": 7,
       "target_type": "Project",
       "target_details": "twitter/typeahead-js",
diff --git a/doc/api/graphql/index.md b/doc/api/graphql/index.md
index 320e7cbcfc1..5f2a2388bbb 100644
--- a/doc/api/graphql/index.md
+++ b/doc/api/graphql/index.md
@@ -172,7 +172,7 @@ Limit                | Default
 Max page size        | 100 records (nodes) per page. Applies to most connections in the API. Particular connections may have different max page size limits that are higher or lower.
 [Max query complexity](#max-query-complexity) | `200` for unauthenticated requests and `250` for authenticated requests.
 Request timeout      | 30 seconds.
-Max query size       | 10,000 characters per query. If this limit is reached, use [variables](https://graphql.org/learn/queries/#variables) and [fragments](https://graphql.org/learn/queries/#fragments) to reduce the query size. Remove white spaces as last resort.
+Max query size       | 10,000 characters per query or mutation. If this limit is reached, use [variables](https://graphql.org/learn/queries/#variables) and [fragments](https://graphql.org/learn/queries/#fragments) to reduce the query or mutation size. Remove white spaces as last resort.
 
 ### Max query complexity
 
diff --git a/doc/development/contributing/index.md b/doc/development/contributing/index.md
index 5feabf2bd18..b3d79bec9be 100644
--- a/doc/development/contributing/index.md
+++ b/doc/development/contributing/index.md
@@ -28,40 +28,9 @@ Throughout this guide you will see references to CE and EE for abbreviation.
 We want to create a welcoming environment for everyone who is interested in contributing.
 Visit our [Code of Conduct page](https://about.gitlab.com/community/contribute/code-of-conduct/) to learn more about our commitment to an open and welcoming environment.
 
-## Closing policy for issues and merge requests
-
-GitLab is a popular open source project and the capacity to deal with issues
-and merge requests is limited. Out of respect for our volunteers, issues and
-merge requests not in line with the guidelines listed in this document may be
-closed without notice.
-
-Treat our volunteers with courtesy and respect, it will go a long way
-towards getting your issue resolved.
-
 Issues and merge requests should be in English and contain appropriate language
 for audiences of all ages.
 
-If a contributor is no longer actively working on a submitted merge request,
-we can:
-
-- Decide that the merge request will be finished by one of our
-  [Merge request coaches](https://about.gitlab.com/company/team/).
-- Close the merge request.
-
-We make this decision based on how important the change is for our product vision. If a merge
-request coach is going to finish the merge request, we assign the
-`~coach will finish` label.
-
-When a team member picks up a community contribution,
-we credit the original author by adding a changelog entry crediting the author
-and optionally include the original author on at least one of the commits
-within the MR.
-
-## Closing policy for inactive bugs
-
-GitLab values the time spent by contributors on reporting bugs. However, if a bug remains inactive for a very long period,
-it will qualify for auto-closure. Please refer to the [auto-close inactive bugs](https://about.gitlab.com/handbook/engineering/quality/triage-operations/#auto-close-inactive-bugs) section in our handbook to understand the complete workflow.
-
 ## How to contribute
 
 If you would like to contribute to GitLab:
@@ -173,19 +142,10 @@ This [documentation](merge_request_workflow.md) outlines the current merge reque
 - [Definition of done](merge_request_workflow.md#definition-of-done)
 - [Dependencies](merge_request_workflow.md#dependencies)
 
-## Style guides
-
-This [documentation](style_guides.md) outlines the current style guidelines.
-
-## Implement design & UI elements
-
-This [design documentation](design.md) outlines the current process for implementing design and UI
-elements.
-
-## Contribute documentation
+## Closing policy for issues and merge requests
 
-For information on how to contribute documentation, see GitLab
-[documentation guidelines](../documentation/index.md).
+- For the criteria for closing issues, see [the Issue Triage handbook page](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#outdated-issues).
+- For the criteria for closing merge requests, see [the Merge Request Workflow](merge_request_workflow.md).
 
 ## Getting an Enterprise Edition License
 
diff --git a/doc/development/contributing/merge_request_workflow.md b/doc/development/contributing/merge_request_workflow.md
index 20127304bbe..680cc06d792 100644
--- a/doc/development/contributing/merge_request_workflow.md
+++ b/doc/development/contributing/merge_request_workflow.md
@@ -13,8 +13,23 @@ for community contributions have the [`Seeking community contributions`](issue_w
 label, but you are free to contribute to any issue you want.
 
 If an issue is marked for the current milestone at any time, even
-when you are working on it, a GitLab Inc. team member may take over the merge request
-to ensure the work is finished before the release date.
+when you are working on it, a GitLab team member may take over the merge request to ensure the work is finished before the release date. 
+
+If a contributor is no longer actively working on a submitted merge request,
+we can:
+
+- Decide that the merge request will be finished by one of our
+  [Merge request coaches](https://about.gitlab.com/company/team/).
+- Close the merge request.
+
+We make this decision based on how important the change is for our product vision. If a merge
+request coach is going to finish the merge request, we assign the
+`~coach will finish` label.
+
+When a team member picks up a community contribution,
+we credit the original author by adding a changelog entry crediting the author
+and optionally include the original author on at least one of the commits
+within the MR.
 
 If you want to add a new feature that is not labeled, it is best to first create
 an issue (if there isn't one already) and leave a comment asking for it
diff --git a/doc/user/application_security/dependency_scanning/analyzers.md b/doc/user/application_security/dependency_scanning/analyzers.md
index d13c4cecdf4..4feac0cb5e6 100644
--- a/doc/user/application_security/dependency_scanning/analyzers.md
+++ b/doc/user/application_security/dependency_scanning/analyzers.md
@@ -100,7 +100,7 @@ The following table lists the data available for the Gemnasium analyzer.
 
 | Property \ Tool                       |      Gemnasium     |
 |---------------------------------------|:------------------:|
-| Severity                              | 𐄂                  |
+| Severity                              | ✓                  |
 | Title                                 | ✓                  |
 | File                                  | ✓                  |
 | Start line                            | 𐄂                  |
diff --git a/doc/user/project/issues/csv_import.md b/doc/user/project/issues/csv_import.md
index 8db04972ff3..230b8e393c7 100644
--- a/doc/user/project/issues/csv_import.md
+++ b/doc/user/project/issues/csv_import.md
@@ -50,7 +50,7 @@ To import issues, GitLab requires CSV files have a specific format:
 | Element                | Format |
 |------------------------|--------|
 | header row             | CSV files must include the following headers: `title` and `description`. The case of the headers does not matter. |
-| columns                | Data from columns beyond `title` and `description` are not imported. |
+| columns                | Data from columns outside of `title`, `description`, and `due_date` are not imported. |
 | separators             | The column separator is detected from the header row. Supported separator characters are commas (`,`), semicolons (`;`), and tabs (`\t`). The row separator can be either `CRLF` or `LF`. |
 | double-quote character | The double-quote (`"`) character is used to quote fields, enabling the use of the column separator in a field (see the third line in the sample CSV data below). To insert a double-quote (`"`) in a quoted field use two double-quote characters in succession (`""`). |
 | data rows              | After the header row, following rows must use the same column order. The issue title is required, but the description is optional. |
@@ -63,7 +63,7 @@ When using [quick actions](../quick_actions.md), each action must be on a separa
 Sample CSV data:
 
 ```plaintext
-title,description,due date
+title,description,due_date
 My Issue Title,My Issue Description,2022-06-28
 Another Title,"A description, with a comma",
 "One More Title","One More Description",
diff --git a/spec/features/callouts/registration_enabled_spec.rb b/spec/features/callouts/registration_enabled_spec.rb
index ac7b68876da..15c900592a1 100644
--- a/spec/features/callouts/registration_enabled_spec.rb
+++ b/spec/features/callouts/registration_enabled_spec.rb
@@ -50,7 +50,7 @@ RSpec.describe 'Registration enabled callout', feature_category: :authentication
           visit root_dashboard_path
         end
 
-        it 'does not display callout' do
+        it 'does not display callout', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/391192' do
           expect(page).not_to have_content callout_title
         end
       end
diff --git a/spec/features/merge_request/batch_comments_spec.rb b/spec/features/merge_request/batch_comments_spec.rb
index 5d2fcea5096..cfa1a1fbbe4 100644
--- a/spec/features/merge_request/batch_comments_spec.rb
+++ b/spec/features/merge_request/batch_comments_spec.rb
@@ -210,7 +210,8 @@ RSpec.describe 'Merge request > Batch comments', :js, feature_category: :code_re
       page.find('.js-diff-comment-avatar').click
     end
 
-    it 'publishes comment right away and unresolves the thread' do
+    it 'publishes comment right away and unresolves the thread',
+      quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/337931' do
       expect(active_discussion.resolved?).to eq(true)
 
       write_reply_to_discussion(button_text: 'Add comment now', unresolve: true)
diff --git a/spec/features/merge_request/user_sees_diff_spec.rb b/spec/features/merge_request/user_sees_diff_spec.rb
index daeeaa1bd88..12fdcf4859e 100644
--- a/spec/features/merge_request/user_sees_diff_spec.rb
+++ b/spec/features/merge_request/user_sees_diff_spec.rb
@@ -32,7 +32,7 @@ RSpec.describe 'Merge request > User sees diff', :js, feature_category: :code_re
         visit "#{diffs_project_merge_request_path(project, merge_request)}#{fragment}"
       end
 
-      it 'shows expanded note' do
+      it 'shows expanded note', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/391239' do
         expect(page).to have_selector(fragment, visible: true)
       end
     end
diff --git a/spec/finders/concerns/finder_with_group_hierarchy_spec.rb b/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
index 8c2026a00a1..c96e35372d6 100644
--- a/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
+++ b/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe FinderWithGroupHierarchy do
   let_it_be(:private_group) { create(:group, :private) }
   let_it_be(:private_subgroup) { create(:group, :private, parent: private_group) }
 
-  let(:user) { create(:user) }
+  let!(:user) { create(:user) }
 
   context 'when specifying group' do
     it 'returns only the group by default' do
@@ -109,4 +109,100 @@ RSpec.describe FinderWithGroupHierarchy do
       expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
     end
   end
+
+  context 'with N+1 query check' do
+    def run_query(group)
+      finder_class
+        .new(user, group: group, include_descendant_groups: true)
+        .execute
+        .to_a
+
+      RequestStore.clear!
+    end
+
+    it 'does not produce N+1 query', :request_store do
+      private_group.add_developer(user)
+
+      run_query(private_subgroup) # warmup
+      control = ActiveRecord::QueryRecorder.new { run_query(private_subgroup) }
+
+      expect { run_query(private_group) }.not_to exceed_query_limit(control)
+    end
+  end
+
+  context 'when preload_max_access_levels_for_labels_finder is disabled' do
+    # All test cases were copied from above, these will be removed once the FF is removed.
+
+    before do
+      stub_feature_flags(preload_max_access_levels_for_labels_finder: false)
+    end
+
+    context 'when specifying group' do
+      it 'returns only the group by default' do
+        finder = finder_class.new(user, group: group)
+
+        expect(finder.execute).to match_array([group.id])
+      end
+    end
+
+    context 'when specifying group_id' do
+      it 'returns only the group by default' do
+        finder = finder_class.new(user, group_id: group.id)
+
+        expect(finder.execute).to match_array([group.id])
+      end
+    end
+
+    context 'when including items from group ancestors' do
+      before do
+        private_subgroup.add_developer(user)
+      end
+
+      it 'returns group and its ancestors' do
+        private_group.add_developer(user)
+
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute).to match_array([private_group.id, private_subgroup.id])
+      end
+
+      it 'ignores groups which user can not read' do
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute).to match_array([private_subgroup.id])
+      end
+
+      it 'returns them all when skip_authorization is true' do
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
+      end
+    end
+
+    context 'when including items from group descendants' do
+      before do
+        private_subgroup.add_developer(user)
+      end
+
+      it 'returns items from group and its descendants' do
+        private_group.add_developer(user)
+
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute).to match_array([private_group.id, private_subgroup.id])
+      end
+
+      it 'ignores items from groups which user can not read' do
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute).to match_array([private_subgroup.id])
+      end
+
+      it 'returns them all when skip_authorization is true' do
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
+      end
+    end
+  end
 end
diff --git a/spec/support/shared_examples/features/sidebar/sidebar_labels_shared_examples.rb b/spec/support/shared_examples/features/sidebar/sidebar_labels_shared_examples.rb
index 95b306fdaaa..a332fdec963 100644
--- a/spec/support/shared_examples/features/sidebar/sidebar_labels_shared_examples.rb
+++ b/spec/support/shared_examples/features/sidebar/sidebar_labels_shared_examples.rb
@@ -95,7 +95,7 @@ RSpec.shared_examples 'labels sidebar widget' do
         end
       end
 
-      it 'creates new label' do
+      it 'creates new label', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/391240' do
         page.within(labels_widget) do
           fill_in 'Name new label', with: 'wontfix'
           page.find('.suggest-colors a', match: :first).click