Add latest changes from gitlab-org/gitlab@master

23 files changed, 257 insertions, 94 deletions

diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml
index 500ba1e7544..df298d65576 100644
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -2605,7 +2605,6 @@ Style/OpenStructUse:
     - 'spec/lib/gitlab/gitaly_client/diff_stitcher_spec.rb'
     - 'spec/lib/gitlab/grape_logging/loggers/exception_logger_spec.rb'
     - 'spec/lib/gitlab/grape_logging/loggers/perf_logger_spec.rb'
-    - 'spec/lib/gitlab/grape_logging/loggers/queue_duration_logger_spec.rb'
     - 'spec/lib/gitlab/graphql/pagination/keyset/connection_generic_keyset_spec.rb'
     - 'spec/lib/gitlab/graphql/pagination/keyset/connection_spec.rb'
     - 'spec/lib/gitlab/legacy_github_import/project_creator_spec.rb'
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8098e98d4aa..b50b144f571 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1633,6 +1633,19 @@ entry.
 - [Add helpful text to URL group validation and limit text](gitlab-org/gitlab@59a5a6266cb0d5434596170ffa36e4e74b8d2c2c) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65369)) **GitLab Enterprise Edition**
 - [Refactor external storage admin area configuration UI and docs](gitlab-org/gitlab@497ba4fc8f4ec1d234c9f5f1ec5c69712b8c7cb3) ([merge request](gitlab-org/gitlab!66219))
 
+## 14.1.8 (2021-11-15)
+
+### Fixed (1 change)
+
+- [Prevent Git operations from checking replication lag on non-Geo-secondary sites](gitlab-org/gitlab@5abc66f89524b63873b0ce96b0f78c0acc2687f6) ([merge request](gitlab-org/gitlab!73980)) **GitLab Enterprise Edition**
+
+### Changed (4 changes)
+
+- [Geo: Alternate redownload and normal design sync attempts](gitlab-org/gitlab@c23c94e9d791770fd169723845b12097b8512a9e) ([merge request](gitlab-org/gitlab!73980)) **GitLab Enterprise Edition**
+- [Geo: Alternate redownload and normal SSF sync attempts](gitlab-org/gitlab@5aba12770829d43041ef4307049ed500c02b1d77) ([merge request](gitlab-org/gitlab!73980)) **GitLab Enterprise Edition**
+- [Geo: Alternate redownload and normal project syncs](gitlab-org/gitlab@4d3a5798e1f136a027c0b7aab6a35afb3c207ce7) ([merge request](gitlab-org/gitlab!73980)) **GitLab Enterprise Edition**
+- [Geo: Reduce frequency of redownload attempts](gitlab-org/gitlab@795271787c70b7c92a85daa253d2d61561603443) ([merge request](gitlab-org/gitlab!73980)) **GitLab Enterprise Edition**
+
 ## 14.1.7 (2021-09-30)
 
 ### Security (28 changes)
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION
index 12e42d263a9..70ca8545134 100644
--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
@@ -1 +1 @@
-13.21.1
+13.22.0
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index ff52d76527e..0e285dae089 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -152,7 +152,7 @@ class SearchController < ApplicationController
   def block_anonymous_global_searches
     return if params[:project_id].present? || params[:group_id].present?
     return if current_user
-    return unless ::Feature.enabled?(:block_anonymous_global_searches)
+    return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)
 
     store_location_for(:user, request.fullpath)
 
diff --git a/app/models/namespaces/traversal/linear_scopes.rb b/app/models/namespaces/traversal/linear_scopes.rb
index 0a4216e043a..f5c44171c42 100644
--- a/app/models/namespaces/traversal/linear_scopes.rb
+++ b/app/models/namespaces/traversal/linear_scopes.rb
@@ -15,6 +15,13 @@ module Namespaces
           select('namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id')
         end
 
+        def roots
+          return super unless use_traversal_ids_roots?
+
+          root_ids = all.select("#{quoted_table_name}.traversal_ids[1]").distinct
+          unscoped.where(id: root_ids)
+        end
+
         def self_and_ancestors(include_self: true, hierarchy_order: nil)
           return super unless use_traversal_ids_for_ancestor_scopes?
 
@@ -83,6 +90,11 @@ module Namespaces
           Feature.enabled?(:use_traversal_ids, default_enabled: :yaml)
         end
 
+        def use_traversal_ids_roots?
+          Feature.enabled?(:use_traversal_ids_roots, default_enabled: :yaml) &&
+          use_traversal_ids?
+        end
+
         def use_traversal_ids_for_ancestor_scopes?
           Feature.enabled?(:use_traversal_ids_for_ancestor_scopes, default_enabled: :yaml) &&
           use_traversal_ids?
diff --git a/app/models/namespaces/traversal/recursive_scopes.rb b/app/models/namespaces/traversal/recursive_scopes.rb
index 6659cefe095..925d9b8bb0c 100644
--- a/app/models/namespaces/traversal/recursive_scopes.rb
+++ b/app/models/namespaces/traversal/recursive_scopes.rb
@@ -10,6 +10,13 @@ module Namespaces
           select('id')
         end
 
+        def roots
+          Gitlab::ObjectHierarchy
+            .new(all)
+            .base_and_ancestors
+            .where(namespaces: { parent_id: nil })
+        end
+
         def self_and_ancestors(include_self: true, hierarchy_order: nil)
           records = Gitlab::ObjectHierarchy.new(all).base_and_ancestors(hierarchy_order: hierarchy_order)
 
diff --git a/config/feature_flags/development/use_traversal_ids_roots.yml b/config/feature_flags/development/use_traversal_ids_roots.yml
new file mode 100644
index 00000000000..3c0685dc872
--- /dev/null
+++ b/config/feature_flags/development/use_traversal_ids_roots.yml
@@ -0,0 +1,8 @@
+---
+name: use_traversal_ids_roots
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74148
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/345438
+milestone: '14.5'
+type: development
+group: group::workspace
+default_enabled: false
diff --git a/config/feature_flags/development/block_anonymous_global_searches.yml b/config/feature_flags/ops/block_anonymous_global_searches.yml
index ee72f1ac60a..ecdf7243ed7 100644
--- a/config/feature_flags/development/block_anonymous_global_searches.yml
+++ b/config/feature_flags/ops/block_anonymous_global_searches.yml
@@ -1,8 +1,8 @@
 ---
 name: block_anonymous_global_searches
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41041
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/244276
+rollout_issue_url:
 milestone: '13.4'
-type: development
+type: ops
 group: group::global search
 default_enabled: false
diff --git a/doc/administration/geo/secondary_proxy/index.md b/doc/administration/geo/secondary_proxy/index.md
index 5a951247649..2b8c0d1e6fa 100644
--- a/doc/administration/geo/secondary_proxy/index.md
+++ b/doc/administration/geo/secondary_proxy/index.md
@@ -102,25 +102,25 @@ for progress.
 ## Features accelerated by secondary Geo sites
 
 Most HTTP traffic sent to a secondary Geo site can be proxied to the primary Geo site. With this architecture,
-secondary Geo sites are able to support write requests. Certain requests are handled locally by secondary
-sites for improved latency and bandwidth nearby.
+secondary Geo sites are able to support write requests. Certain **read** requests are handled locally by secondary
+sites for improved latency and bandwidth nearby. All write requests are proxied to the primary site.
 
 The following table details the components currently tested through the Geo secondary site Workhorse proxy.
 It does not cover all data types, more will be added in the future as they are tested.
 
-| Feature / component                                 | Proxied?               |
+| Feature / component                                 | Accelerated reads?     |
 |:----------------------------------------------------|:-----------------------|
-| Project, wiki, design repository (using the web UI) | **{check-circle}** Yes |
-| Project, wiki repository (using Git)                | **{dotted-circle}** Partly <sup>1</sup> |
-| Project, Personal Snippet (using the web UI)        | **{check-circle}** Yes |
-| Project, Personal Snippet (using Git)               | **{dotted-circle}** Partly <sup>1</sup> |
-| Group wiki repository (using the web UI)            | **{check-circle}** Yes |
-| Group wiki repository (using Git)                   | **{dotted-circle}** Partly <sup>1</sup> |
-| User uploads                                        | **{check-circle}** Yes |
-| LFS objects (using the web UI)                      | **{check-circle}** Yes |
+| Project, wiki, design repository (using the web UI) | **{dotted-circle}** No |
+| Project, wiki repository (using Git)                | **{check-circle}** Yes <sup>1</sup> |
+| Project, Personal Snippet (using the web UI)        | **{dotted-circle}** No |
+| Project, Personal Snippet (using Git)               | **{check-circle}** Yes <sup>1</sup> |
+| Group wiki repository (using the web UI)            | **{dotted-circle}** No |
+| Group wiki repository (using Git)                   | **{check-circle}** Yes <sup>1</sup> |
+| User uploads                                        | **{dotted-circle}** No |
+| LFS objects (using the web UI)                      | **{dotted-circle}** No |
 | LFS objects (using Git)                             | **{check-circle}** Yes |
 | Pages                                               | **{dotted-circle}** No <sup>2</sup> |
-| Advanced search (using the web UI)                  | **{check-circle}** Yes |
+| Advanced search (using the web UI)                  | **{dotted-circle}** No |
 
 1. Git reads are served from the local secondary while pushes get proxied to the primary.
    Selective sync or cases where repositories don't exist locally on the Geo secondary throw a "not found" error.
diff --git a/doc/ci/yaml/includes.md b/doc/ci/yaml/includes.md
index 1a0afc94eb3..5e2eb53a0ea 100644
--- a/doc/ci/yaml/includes.md
+++ b/doc/ci/yaml/includes.md
@@ -272,22 +272,40 @@ see this [CI/CD variable demo](https://youtu.be/4XR8gw3Pkos).
 > - [Support for `exists` keyword added](https://gitlab.com/gitlab-org/gitlab/-/issues/341511) in GitLab 14.5.
 
 You can use [`rules`](index.md#rules) with `include` to conditionally include other configuration files.
-You can only use [`if` rules](index.md#rulesif) and [`exists` rules](index.md#rulesexists) in `include`, and only with
-[certain variables](#use-variables-with-include). `rules` keyword `changes` is not supported.
 
-```yaml
-include:
-  - local: builds.yml
-    rules:
-      - if: '$INCLUDE_BUILDS == "true"'
-  - local: deploys.yml
-    rules:
-      - if: $CI_COMMIT_BRANCH == "main"
-
-test:
-  stage: test
-  script: exit 0
-```
+You can only use the following rules with `include` (and only with [certain variables](#use-variables-with-include)):
+
+- [`if` rules](index.md#rulesif). For example:
+
+  ```yaml
+  include:
+    - local: builds.yml
+      rules:
+        - if: '$INCLUDE_BUILDS == "true"'
+    - local: deploys.yml
+      rules:
+        - if: $CI_COMMIT_BRANCH == "main"
+
+  test:
+    stage: test
+    script: exit 0
+  ```
+
+- [`exists` rules](index.md#rulesexists). For example:
+
+  ```yaml
+  include:
+    - local: builds.yml
+      rules:
+        - exists:
+            - file.md
+
+  test:
+    stage: test
+    script: exit 0
+  ```
+
+`rules` keyword `changes` is not supported.
 
 ## Use `include:local` with wildcard file paths
 
diff --git a/doc/integration/ding_talk.md b/doc/integration/ding_talk.md
new file mode 100644
index 00000000000..b8478c7cb00
--- /dev/null
+++ b/doc/integration/ding_talk.md
@@ -0,0 +1,82 @@
+---
+stage: Ecosystem
+group: Integrations
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# DingTalk OAuth 2.0 OmniAuth provider **(FREE SELF)**
+
+You can sign in to GitLab using your DingTalk account.
+Sign in to DingTalk Open Platform and create an application on it. DingTalk generates a client ID and secret key for you to use.
+
+1. Sign in to [DingTalk Open Platform](https://open-dev.dingtalk.com/).
+
+1. On the top bar, select **Application development > Enterprise internal development** and then select **Create Application**.
+
+   ![DingTalk menu](img/ding_talk_menu.png)
+
+1. Fill in the application details:
+
+   - **Application Name**: This can be anything. Consider something like `<Organization>'s GitLab`, or `<Your Name>'s GitLab`, or something else descriptive.
+   - **Application Description**: Create a description.
+   - **Application icon**: Upload qualified icons if needed.
+
+   ![DingTalk create application](img/ding_talk_create_application.png)
+
+1. Select **Confirm and create**.
+
+1. On the left sidebar, select **DingTalk Application** and find your application. Select it and go to the application information page.
+
+   ![DingTalk your application](img/ding_talk_your_application.png)
+
+1. Under the **Application Credentials** section, there should be an AppKey and AppSecret (see the screenshot). Keep this page open as you continue the configuration.
+
+   ![DingTalk credentials](img/ding_talk_credentials.png)
+
+1. On your GitLab server, open the configuration file.
+
+   For Omnibus package:
+
+   ```shell
+   sudo editor /etc/gitlab/gitlab.rb
+   ```
+
+   For installations from source:
+
+   ```shell
+   cd /home/git/gitlab
+
+   sudo -u git -H editor config/gitlab.yml
+   ```
+
+1. See [Configure initial settings](omniauth.md#configure-initial-settings) for initial settings.
+
+1. Add the provider configuration:
+
+   For Omnibus package:
+
+   ```ruby
+     gitlab_rails['omniauth_providers'] = [
+       {
+         "name" => "ding_talk",
+         "app_id" => "YOUR_APP_ID",
+         "app_secret" => "YOUR_APP_SECRET"
+       }
+     ]
+   ```
+
+   For installations from source:
+
+   ```yaml
+   - { name: 'ding_talk',
+       app_id: 'YOUR_APP_ID',
+       app_secret: 'YOUR_APP_SECRET' }
+   ```
+
+1. Change `YOUR_APP_ID` to the AppKey from the application information page in step 6.
+
+1. Change `YOUR_APP_SECRET` to the AppSecret from the application information page in step 6.
+
+1. Save the configuration file.
+
+1. [Reconfigure](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) or [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect if you installed GitLab via Omnibus or from source respectively.
diff --git a/doc/integration/img/ding_talk_create_application.png b/doc/integration/img/ding_talk_create_application.png
new file mode 100644
index 00000000000..7e58dae8299
--- /dev/null
+++ b/doc/integration/img/ding_talk_create_application.png
diff --git a/doc/integration/img/ding_talk_credentials.png b/doc/integration/img/ding_talk_credentials.png
new file mode 100644
index 00000000000..f9fef7f9e51
--- /dev/null
+++ b/doc/integration/img/ding_talk_credentials.png
diff --git a/doc/integration/img/ding_talk_menu.png b/doc/integration/img/ding_talk_menu.png
new file mode 100644
index 00000000000..2c5a23435fa
--- /dev/null
+++ b/doc/integration/img/ding_talk_menu.png
diff --git a/doc/integration/img/ding_talk_your_application.png b/doc/integration/img/ding_talk_your_application.png
new file mode 100644
index 00000000000..0864b54cc43
--- /dev/null
+++ b/doc/integration/img/ding_talk_your_application.png
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index 0beb95df82e..312764f2731 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -28,6 +28,7 @@ GitLab supports the following OmniAuth providers.
 | [Azure v1](azure.md)                                                | `azure_oauth2`             |
 | [Bitbucket Cloud](bitbucket.md)                                     | `bitbucket`                |
 | [CAS](cas.md)                                                       | `cas3`                     |
+| [DingTalk](ding_talk.md)                                            | `ding_talk`                |
 | [Facebook](facebook.md)                                             | `facebook`                 |
 | [Generic OAuth 2.0](oauth2_generic.md)                              | `oauth2_generic`           |
 | [GitHub](github.md)                                                 | `github`                   |
diff --git a/doc/user/admin_area/index.md b/doc/user/admin_area/index.md
index 1e0fd5df0f7..86f332a27c4 100644
--- a/doc/user/admin_area/index.md
+++ b/doc/user/admin_area/index.md
@@ -241,8 +241,8 @@ To [Create a new group](../group/index.md#create-a-group) click **New group**.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340920) in GitLab 14.4.
 
-You can administer all [topics](../project/settings/index.md#topics) in the GitLab instance from the
-Admin Area's Topics page.
+You can administer all [topics](../project/working_with_projects.md#explore-topics) in the 
+GitLab instance from the Admin Area's Topics page.
 
 To access the Topics page:
 
diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md
index 996d0e463f4..5c4d4649240 100644
--- a/doc/user/project/settings/index.md
+++ b/doc/user/project/settings/index.md
@@ -43,7 +43,7 @@ To assign topics to a project:
 1. Under **Topics**, enter the project topics. Existing popular topics are suggested as you type.
 1. Select **Save changes**.
 
-For GitLab.com, explore popular topics on the [Explore topics page](https://gitlab.com/explore/projects/topics).
+For GitLab.com, explore popular topics on the [Explore topics page](../working_with_projects.md#explore-topics).
 When you select a topic, you can see relevant projects.
 
 NOTE:
diff --git a/doc/user/project/working_with_projects.md b/doc/user/project/working_with_projects.md
index 58a95d5155a..3c82e544e26 100644
--- a/doc/user/project/working_with_projects.md
+++ b/doc/user/project/working_with_projects.md
@@ -13,7 +13,7 @@ code are saved in projects, and most features are in the scope of projects.
 
 You can explore other popular projects available on GitLab. To explore projects:
 
-1. On the top bar, select **Menu > Project**.
+1. On the top bar, select **Menu > Projects**.
 1. Select **Explore projects**.
 
 GitLab displays a list of projects, sorted by last updated date. To view
@@ -25,6 +25,21 @@ By default, `/explore` is visible to unauthenticated users. However, if the
 [**Public** visibility level](../admin_area/settings/visibility_and_access_controls.md#restrict-visibility-levels)
 is restricted, `/explore` is visible only to signed-in users.
 
+## Explore topics
+
+You can explore popular project topics available on GitLab. To explore project topics:
+
+1. On the top bar, select **Menu > Projects**.
+1. Select **Explore topics**.
+
+GitLab displays a list of topics sorted by the number of associated projects.
+To view projects associated with a topic, select a topic from the list.
+
+You can assign topics to a project on the [Project Settings page](settings/index.md#topics).
+
+If you're an instance administrator, you can administer all project topics from the
+[Admin Area's Topics page](../admin_area/index.md#administering-topics).
+
 ## Create a project
 
 To create a project in GitLab:
@@ -213,7 +228,7 @@ To star a project:
 
 To view your starred projects:
 
-1. On the top bar, select **Menu > Project**.
+1. On the top bar, select **Menu > Projects**.
 1. Select **Starred Projects**.
 1. GitLab displays information about your starred projects, including:
 
diff --git a/lib/gitlab/database/migration_helpers.rb b/lib/gitlab/database/migration_helpers.rb
index 7a7906a42d0..642f8a0fde3 100644
--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -10,8 +10,6 @@ module Gitlab
 
       # https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS
       MAX_IDENTIFIER_NAME_LENGTH = 63
-
-      PERMITTED_TIMESTAMP_COLUMNS = %i[created_at updated_at deleted_at].to_set.freeze
       DEFAULT_TIMESTAMP_COLUMNS = %i[created_at updated_at].freeze
 
       # Adds `created_at` and `updated_at` columns with timezone information.
@@ -28,33 +26,23 @@ module Gitlab
       #  :default - The default value for the column.
       #  :null - When set to `true` the column will allow NULL values.
       #        The default is to not allow NULL values.
-      #  :columns - the column names to create. Must be one
-      #             of `Gitlab::Database::MigrationHelpers::PERMITTED_TIMESTAMP_COLUMNS`.
+      #  :columns - the column names to create. Must end with `_at`.
       #             Default value: `DEFAULT_TIMESTAMP_COLUMNS`
       #
       # All options are optional.
       def add_timestamps_with_timezone(table_name, options = {})
-        options[:null] = false if options[:null].nil?
         columns = options.fetch(:columns, DEFAULT_TIMESTAMP_COLUMNS)
-        default_value = options[:default]
-
-        validate_not_in_transaction!(:add_timestamps_with_timezone, 'with default value') if default_value
 
         columns.each do |column_name|
           validate_timestamp_column_name!(column_name)
 
-          # If default value is presented, use `add_column_with_default` method instead.
-          if default_value
-            add_column_with_default(
-              table_name,
-              column_name,
-              :datetime_with_timezone,
-              default: default_value,
-              allow_null: options[:null]
-            )
-          else
-            add_column(table_name, column_name, :datetime_with_timezone, **options)
-          end
+          add_column(
+            table_name,
+            column_name,
+            :datetime_with_timezone,
+            default: options[:default],
+            null: options[:null] || false
+          )
         end
       end
 
@@ -1818,11 +1806,11 @@ into similar problems in the future (e.g. when new tables are created).
       end
 
       def validate_timestamp_column_name!(column_name)
-        return if PERMITTED_TIMESTAMP_COLUMNS.member?(column_name)
+        return if column_name.to_s.end_with?('_at')
 
         raise <<~MESSAGE
           Illegal timestamp column name! Got #{column_name}.
-          Must be one of: #{PERMITTED_TIMESTAMP_COLUMNS.to_a}
+          Must end with `_at`}
         MESSAGE
       end
 
diff --git a/spec/lib/gitlab/database/migration_helpers_spec.rb b/spec/lib/gitlab/database/migration_helpers_spec.rb
index 7b128fb49db..ea755f5a368 100644
--- a/spec/lib/gitlab/database/migration_helpers_spec.rb
+++ b/spec/lib/gitlab/database/migration_helpers_spec.rb
@@ -31,16 +31,10 @@ RSpec.describe Gitlab::Database::MigrationHelpers do
   end
 
   describe '#add_timestamps_with_timezone' do
-    let(:in_transaction) { false }
-
-    before do
-      allow(model).to receive(:transaction_open?).and_return(in_transaction)
-      allow(model).to receive(:disable_statement_timeout)
-    end
-
     it 'adds "created_at" and "updated_at" fields with the "datetime_with_timezone" data type' do
       Gitlab::Database::MigrationHelpers::DEFAULT_TIMESTAMP_COLUMNS.each do |column_name|
-        expect(model).to receive(:add_column).with(:foo, column_name, :datetime_with_timezone, { null: false })
+        expect(model).to receive(:add_column)
+          .with(:foo, column_name, :datetime_with_timezone, { default: nil, null: false })
       end
 
       model.add_timestamps_with_timezone(:foo)
@@ -48,7 +42,8 @@ RSpec.describe Gitlab::Database::MigrationHelpers do
 
     it 'can disable the NOT NULL constraint' do
       Gitlab::Database::MigrationHelpers::DEFAULT_TIMESTAMP_COLUMNS.each do |column_name|
-        expect(model).to receive(:add_column).with(:foo, column_name, :datetime_with_timezone, { null: true })
+        expect(model).to receive(:add_column)
+          .with(:foo, column_name, :datetime_with_timezone, { default: nil, null: true })
       end
 
       model.add_timestamps_with_timezone(:foo, null: true)
@@ -64,9 +59,10 @@ RSpec.describe Gitlab::Database::MigrationHelpers do
     it 'can add choice of acceptable columns' do
       expect(model).to receive(:add_column).with(:foo, :created_at, :datetime_with_timezone, anything)
       expect(model).to receive(:add_column).with(:foo, :deleted_at, :datetime_with_timezone, anything)
+      expect(model).to receive(:add_column).with(:foo, :processed_at, :datetime_with_timezone, anything)
       expect(model).not_to receive(:add_column).with(:foo, :updated_at, :datetime_with_timezone, anything)
 
-      model.add_timestamps_with_timezone(:foo, columns: [:created_at, :deleted_at])
+      model.add_timestamps_with_timezone(:foo, columns: [:created_at, :deleted_at, :processed_at])
     end
 
     it 'cannot add unacceptable column names' do
@@ -74,29 +70,6 @@ RSpec.describe Gitlab::Database::MigrationHelpers do
         model.add_timestamps_with_timezone(:foo, columns: [:bar])
       end.to raise_error %r/Illegal timestamp column name/
     end
-
-    context 'in a transaction' do
-      let(:in_transaction) { true }
-
-      before do
-        allow(model).to receive(:add_column).with(any_args).and_call_original
-        allow(model).to receive(:add_column)
-          .with(:foo, anything, :datetime_with_timezone, anything)
-          .and_return(nil)
-      end
-
-      it 'cannot add a default value' do
-        expect do
-          model.add_timestamps_with_timezone(:foo, default: :i_cause_an_error)
-        end.to raise_error %r/add_timestamps_with_timezone/
-      end
-
-      it 'can add columns without defaults' do
-        expect do
-          model.add_timestamps_with_timezone(:foo)
-        end.not_to raise_error
-      end
-    end
   end
 
   describe '#create_table_with_constraints' do
diff --git a/spec/lib/gitlab/grape_logging/loggers/queue_duration_logger_spec.rb b/spec/lib/gitlab/grape_logging/loggers/queue_duration_logger_spec.rb
index 9538c4bae2b..4cd9f9dfad0 100644
--- a/spec/lib/gitlab/grape_logging/loggers/queue_duration_logger_spec.rb
+++ b/spec/lib/gitlab/grape_logging/loggers/queue_duration_logger_spec.rb
@@ -9,7 +9,7 @@ RSpec.describe Gitlab::GrapeLogging::Loggers::QueueDurationLogger do
     let(:start_time) { Time.new(2018, 01, 01) }
 
     describe 'when no proxy time is available' do
-      let(:mock_request) { OpenStruct.new(env: {}) }
+      let(:mock_request) { double('env', env: {}) }
 
       it 'returns an empty hash' do
         expect(subject.parameters(mock_request, nil)).to eq({})
@@ -18,7 +18,7 @@ RSpec.describe Gitlab::GrapeLogging::Loggers::QueueDurationLogger do
 
     describe 'when a proxy time is available' do
       let(:mock_request) do
-        OpenStruct.new(
+        double('env',
           env: {
             'HTTP_GITLAB_WORKHORSE_PROXY_START' => (start_time - 1.hour).to_i * (10**9)
           }
diff --git a/spec/support/shared_examples/namespaces/traversal_scope_examples.rb b/spec/support/shared_examples/namespaces/traversal_scope_examples.rb
index f797eea6b6e..4c09c1c2a3b 100644
--- a/spec/support/shared_examples/namespaces/traversal_scope_examples.rb
+++ b/spec/support/shared_examples/namespaces/traversal_scope_examples.rb
@@ -49,6 +49,53 @@ RSpec.shared_examples 'namespace traversal scopes' do
     it { is_expected.to eq described_class.column_names }
   end
 
+  shared_examples '.roots' do
+    context 'with only sub-groups' do
+      subject { described_class.where(id: [deep_nested_group_1, nested_group_1, deep_nested_group_2]).roots }
+
+      it { is_expected.to contain_exactly(group_1, group_2) }
+    end
+
+    context 'with only root groups' do
+      subject { described_class.where(id: [group_1, group_2]).roots }
+
+      it { is_expected.to contain_exactly(group_1, group_2) }
+    end
+
+    context 'with all groups' do
+      subject { described_class.where(id: groups).roots }
+
+      it { is_expected.to contain_exactly(group_1, group_2) }
+    end
+  end
+
+  describe '.roots' do
+    context "use_traversal_ids_roots feature flag is true" do
+      before do
+        stub_feature_flags(use_traversal_ids: true)
+        stub_feature_flags(use_traversal_ids_roots: true)
+      end
+
+      it_behaves_like '.roots'
+
+      it 'not make recursive queries' do
+        expect { described_class.where(id: [nested_group_1]).roots.load }.not_to make_queries_matching(/WITH RECURSIVE/)
+      end
+    end
+
+    context "use_traversal_ids_roots feature flag is false" do
+      before do
+        stub_feature_flags(use_traversal_ids_roots: false)
+      end
+
+      it_behaves_like '.roots'
+
+      it 'make recursive queries' do
+        expect { described_class.where(id: [nested_group_1]).roots.load }.to make_queries_matching(/WITH RECURSIVE/)
+      end
+    end
+  end
+
   shared_examples '.self_and_ancestors' do
     subject { described_class.where(id: [nested_group_1, nested_group_2]).self_and_ancestors }