Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

11 files changed, 86 insertions, 24 deletions

diff --git a/lib/api/helpers/award_emoji.rb b/lib/api/helpers/award_emoji.rb
index f8417366ea4..f0b3cafc3d2 100644
--- a/lib/api/helpers/award_emoji.rb
+++ b/lib/api/helpers/award_emoji.rb
@@ -6,7 +6,7 @@ module API
       def self.awardables
         [
           { type: 'issue', resource: :projects, find_by: :iid, feature_category: :team_planning },
-          { type: 'merge_request', resource: :projects, find_by: :iid, feature_category: :code_review },
+          { type: 'merge_request', resource: :projects, find_by: :iid, feature_category: :code_review_workflow },
           { type: 'snippet', resource: :projects, find_by: :id, feature_category: :source_code_management }
         ]
       end
diff --git a/lib/api/helpers/discussions_helpers.rb b/lib/api/helpers/discussions_helpers.rb
index 182ada54a12..d497bc66015 100644
--- a/lib/api/helpers/discussions_helpers.rb
+++ b/lib/api/helpers/discussions_helpers.rb
@@ -9,8 +9,8 @@ module API
         {
           Issue => :team_planning,
           Snippet => :source_code_management,
-          MergeRequest => :code_review,
-          Commit => :code_review
+          MergeRequest => :code_review_workflow,
+          Commit => :code_review_workflow
         }
       end
     end
diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb
index 543449c0349..31328facd69 100644
--- a/lib/api/helpers/integrations_helpers.rb
+++ b/lib/api/helpers/integrations_helpers.rb
@@ -63,6 +63,12 @@ module API
           },
           {
             required: false,
+            name: :incident_channel,
+            type: String,
+            desc: 'The name of the channel to receive incident_events notifications'
+          },
+          {
+            required: false,
             name: :confidential_issue_channel,
             type: String,
             desc: 'The name of the channel to receive confidential_issues_events notifications'
@@ -116,6 +122,12 @@ module API
           },
           {
             required: false,
+            name: :incident_events,
+            type: Boolean,
+            desc: 'Enable notifications for incident_events'
+          },
+          {
+            required: false,
             name: :confidential_issues_events,
             type: Boolean,
             desc: 'Enable notifications for confidential_issues_events'
@@ -161,6 +173,26 @@ module API
 
       def self.integrations
         {
+          'apple-app-store' => [
+            {
+              required: true,
+              name: :app_store_issuer_id,
+              type: String,
+              desc: 'The Apple App Store Connect Issuer ID'
+            },
+            {
+              required: true,
+              name: :app_store_key_id,
+              type: String,
+              desc: 'The Apple App Store Connect Key ID'
+            },
+            {
+              required: true,
+              name: :app_store_private_key,
+              type: String,
+              desc: 'The Apple App Store Connect Private Key'
+            }
+          ],
           'asana' => [
             {
               required: true,
@@ -871,6 +903,7 @@ module API
 
       def self.integration_classes
         [
+          ::Integrations::AppleAppStore,
           ::Integrations::Asana,
           ::Integrations::Assembla,
           ::Integrations::Bamboo,
diff --git a/lib/api/helpers/members_helpers.rb b/lib/api/helpers/members_helpers.rb
index 6a3cf5c87ae..b0ea4388d9b 100644
--- a/lib/api/helpers/members_helpers.rb
+++ b/lib/api/helpers/members_helpers.rb
@@ -40,6 +40,9 @@ module API
       end
 
       def source_members(source)
+        return source.namespace_members if source.is_a?(Project) &&
+          Feature.enabled?(:project_members_index_by_project_namespace, source)
+
         source.members
       end
       # rubocop: enable CodeReuse/ActiveRecord
diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb
index 302dac4abf7..da499abe475 100644
--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -8,7 +8,7 @@ module API
       def self.feature_category_per_noteable_type
         {
           Issue => :team_planning,
-          MergeRequest => :code_review,
+          MergeRequest => :code_review_workflow,
           Snippet => :source_code_management
         }
       end
diff --git a/lib/api/helpers/packages_helpers.rb b/lib/api/helpers/packages_helpers.rb
index 8d913268405..1d35c316913 100644
--- a/lib/api/helpers/packages_helpers.rb
+++ b/lib/api/helpers/packages_helpers.rb
@@ -6,6 +6,7 @@ module API
       extend ::Gitlab::Utils::Override
 
       MAX_PACKAGE_FILE_SIZE = 50.megabytes.freeze
+      ALLOWED_REQUIRED_PERMISSIONS = %i[read_package read_group].freeze
 
       def require_packages_enabled!
         not_found! unless ::Gitlab.config.packages.enabled
@@ -27,9 +28,15 @@ module API
         authorize!(:destroy_package, subject)
       end
 
-      def authorize_packages_access!(subject = user_project)
+      def authorize_packages_access!(subject = user_project, required_permission = :read_package)
         require_packages_enabled!
-        authorize_read_package!(subject)
+        return forbidden! unless required_permission.in?(ALLOWED_REQUIRED_PERMISSIONS)
+
+        if required_permission == :read_package
+          authorize_read_package!(subject)
+        else
+          authorize!(required_permission, subject)
+        end
       end
 
       def authorize_workhorse!(subject: user_project, has_length: true, maximum_size: MAX_PACKAGE_FILE_SIZE)
diff --git a/lib/api/helpers/pagination_strategies.rb b/lib/api/helpers/pagination_strategies.rb
index 4e244ea589e..5fbc3081ee8 100644
--- a/lib/api/helpers/pagination_strategies.rb
+++ b/lib/api/helpers/pagination_strategies.rb
@@ -3,13 +3,14 @@
 module API
   module Helpers
     module PaginationStrategies
-      def paginate_with_strategies(relation, request_scope = nil)
+      # paginator_params are only currently supported with offset pagination
+      def paginate_with_strategies(relation, request_scope = nil, paginator_params: {})
         paginator = paginator(relation, request_scope)
 
         result = if block_given?
-                   yield(paginator.paginate(relation))
+                   yield(paginator.paginate(relation, **paginator_params))
                  else
-                   paginator.paginate(relation)
+                   paginator.paginate(relation, **paginator_params)
                  end
 
         result.tap do |records, _|
diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb
index 9d370176e62..c5636fa06de 100644
--- a/lib/api/helpers/projects_helpers.rb
+++ b/lib/api/helpers/projects_helpers.rb
@@ -205,6 +205,9 @@ module API
       def filter_attributes_using_license!(attrs)
       end
 
+      def filter_attributes_under_feature_flag!(attrs, project)
+      end
+
       def validate_git_import_url!(import_url)
         return if import_url.blank?
 
diff --git a/lib/api/helpers/rate_limiter.rb b/lib/api/helpers/rate_limiter.rb
index 03f3cd649b1..be92277c25a 100644
--- a/lib/api/helpers/rate_limiter.rb
+++ b/lib/api/helpers/rate_limiter.rb
@@ -10,25 +10,14 @@ module API
     # See app/controllers/concerns/check_rate_limit.rb for Rails controllers version
     module RateLimiter
       def check_rate_limit!(key, scope:, **options)
-        return if bypass_header_set?
-        return unless rate_limiter.throttled?(key, scope: scope, **options)
-
-        rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
+        return unless Gitlab::ApplicationRateLimiter.throttled_request?(
+          request, current_user, key, scope: scope, **options
+        )
 
         return yield if block_given?
 
         render_api_error!({ error: _('This endpoint has been requested too many times. Try again later.') }, 429)
       end
-
-      private
-
-      def rate_limiter
-        ::Gitlab::ApplicationRateLimiter
-      end
-
-      def bypass_header_set?
-        ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1'
-      end
     end
   end
 end
diff --git a/lib/api/helpers/remote_mirrors_helpers.rb b/lib/api/helpers/remote_mirrors_helpers.rb
new file mode 100644
index 00000000000..efd81a5ac5a
--- /dev/null
+++ b/lib/api/helpers/remote_mirrors_helpers.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module RemoteMirrorsHelpers
+      extend ActiveSupport::Concern
+      extend Grape::API::Helpers
+
+      params :mirror_branches_setting_ce do
+        optional :only_protected_branches, type: Boolean, desc: 'Determines if only protected branches are mirrored'
+      end
+
+      params :mirror_branches_setting_ee do
+      end
+
+      params :mirror_branches_setting do
+        use :mirror_branches_setting_ce
+        use :mirror_branches_setting_ee
+      end
+
+      def verify_mirror_branches_setting(attrs, project); end
+    end
+  end
+end
+
+API::Helpers::RemoteMirrorsHelpers.prepend_mod
diff --git a/lib/api/helpers/resource_events_helpers.rb b/lib/api/helpers/resource_events_helpers.rb
index c47a58e8fce..11cb65056cd 100644
--- a/lib/api/helpers/resource_events_helpers.rb
+++ b/lib/api/helpers/resource_events_helpers.rb
@@ -7,7 +7,7 @@ module API
         # This is a method instead of a constant, allowing EE to more easily extend it.
         {
           Issue => { feature_category: :team_planning, id_field: 'IID' },
-          MergeRequest => { feature_category: :code_review, id_field: 'IID' }
+          MergeRequest => { feature_category: :code_review_workflow, id_field: 'IID' }
         }
       end
     end