Add latest changes from gitlab-org/gitlab@master

5 files changed, 47 insertions, 6 deletions

diff --git a/lib/api/project_job_token_scope.rb b/lib/api/project_job_token_scope.rb
index 7fd288491ef..5073d20be56 100644
--- a/lib/api/project_job_token_scope.rb
+++ b/lib/api/project_job_token_scope.rb
@@ -22,6 +22,35 @@ module API
 
         present user_project, with: Entities::ProjectJobTokenScope
       end
+
+      desc 'Patch CI_JOB_TOKEN access settings.' do
+        failure [
+          { code: 400, message: 'Bad Request' },
+          { code: 401, message: 'Unauthorized' },
+          { code: 403, message: 'Forbidden' },
+          { code: 404, message: 'Not found' }
+        ]
+        success code: 204
+        tags %w[projects_job_token_scope]
+      end
+      params do
+        requires :enabled,
+          type: Boolean,
+          as: :ci_inbound_job_token_scope_enabled,
+          allow_blank: false,
+          desc: "Indicates CI/CD job tokens generated in other projects have restricted access to this project."
+      end
+
+      patch ':id/job_token_scope' do
+        authorize_admin_project
+
+        job_token_scope_params = declared_params(include_missing: false)
+        result = ::Projects::UpdateService.new(user_project, current_user, job_token_scope_params).execute
+
+        break bad_request!(result[:message]) if result[:status] == :error
+
+        no_content!
+      end
     end
   end
 end
diff --git a/lib/gitlab/ci/templates/Kaniko.gitlab-ci.yml b/lib/gitlab/ci/templates/Kaniko.gitlab-ci.yml
index d46ac97ad1b..d7a6104082d 100644
--- a/lib/gitlab/ci/templates/Kaniko.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Kaniko.gitlab-ci.yml
@@ -32,11 +32,11 @@ kaniko-build:
             VERSION="latest"
           elif [ -n "$CI_COMMIT_TAG" ];then
             NOSLASH=$(echo "$CI_COMMIT_TAG" | tr -s / - )
-            SANITIZED="${NOSLASH//[^a-zA-Z0-9\-\.]/}"
+            SANITIZED="${NOSLASH//[^a-zA-Z0-9.-]/}"
             VERSION="$SANITIZED"
           else \
             NOSLASH=$(echo "$CI_COMMIT_REF_NAME" | tr -s / - )
-            SANITIZED="${NOSLASH//[^a-zA-Z0-9\-]/}"
+            SANITIZED="${NOSLASH//[^a-zA-Z0-9-]/}"
             VERSION="branch-$SANITIZED"
           fi
         export IMAGE_TAG=$CI_REGISTRY_IMAGE:$VERSION
diff --git a/lib/gitlab/dependency_linker/requirements_txt_linker.rb b/lib/gitlab/dependency_linker/requirements_txt_linker.rb
index f630c13b760..dc654964e0b 100644
--- a/lib/gitlab/dependency_linker/requirements_txt_linker.rb
+++ b/lib/gitlab/dependency_linker/requirements_txt_linker.rb
@@ -9,7 +9,7 @@ module Gitlab
 
       def link_dependencies
         link_regex(/^(?<name>(?![a-z+]+:)[^#.-][^ ><=~!;\[]+)/) do |name|
-          "https://pypi.python.org/pypi/#{name}"
+          "https://pypi.org/project/#{name}/"
         end
 
         link_regex(%r{^(?<name>https?://[^ ]+)}, &:itself)
diff --git a/lib/gitlab/git/tag.rb b/lib/gitlab/git/tag.rb
index 37977a1dfb6..5b54ba472d9 100644
--- a/lib/gitlab/git/tag.rb
+++ b/lib/gitlab/git/tag.rb
@@ -76,8 +76,16 @@ module Gitlab
         encode! @message
       end
 
-      def tagger
-        @raw_tag.tagger
+      def user_name
+        encode! tagger.name if tagger
+      end
+
+      def user_email
+        encode! tagger.email if tagger
+      end
+
+      def date
+        Time.at(tagger.date.seconds).utc if tagger
       end
 
       def has_signature?
@@ -105,6 +113,10 @@ module Gitlab
 
       private
 
+      def tagger
+        @raw_tag.tagger
+      end
+
       def message_from_gitaly_tag
         return @raw_tag.message.dup if full_message_fetched_from_gitaly?
 
diff --git a/lib/gitlab/x509/tag.rb b/lib/gitlab/x509/tag.rb
index cf24e6f62bd..b9a3b11ac34 100644
--- a/lib/gitlab/x509/tag.rb
+++ b/lib/gitlab/x509/tag.rb
@@ -11,7 +11,7 @@ module Gitlab
         strong_memoize(:signature) do
           super
 
-          signature = X509::Signature.new(signature_text, signed_text, @tag.tagger.email, Time.at(@tag.tagger.date.seconds))
+          signature = X509::Signature.new(signature_text, signed_text, @tag.user_email, @tag.date)
           signature unless signature.verified_signature.nil?
         end
       end