10 files changed, 118 insertions, 28 deletions

diff --git a/app/controllers/groups/autocomplete_sources_controller.rb b/app/controllers/groups/autocomplete_sources_controller.rb
index 5270a718952..82f8854bd2b 100644
--- a/app/controllers/groups/autocomplete_sources_controller.rb
+++ b/app/controllers/groups/autocomplete_sources_controller.rb
@@ -2,7 +2,7 @@
 
 class Groups::AutocompleteSourcesController < Groups::ApplicationController
   feature_category :subgroups, [:members]
-  feature_category :issue_tracking, [:issues, :labels, :milestones, :commands]
+  feature_category :team_planning, [:issues, :labels, :milestones, :commands]
   feature_category :code_review, [:merge_requests]
 
   def members
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index e8e6a7e5c1a..3152c4d733f 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -12,9 +12,13 @@ class Groups::BoardsController < Groups::ApplicationController
     push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, group, default_enabled: :yaml)
     push_frontend_feature_flag(:labels_widget, group, default_enabled: :yaml)
+    experiment(:prominent_create_board_btn, subject: current_user) do |e|
+      e.use { }
+      e.try { }
+    end.run
   end
 
-  feature_category :boards
+  feature_category :team_planning
 
   private
 
diff --git a/app/controllers/groups/crm_controller.rb b/app/controllers/groups/crm_controller.rb
new file mode 100644
index 00000000000..40661b09be6
--- /dev/null
+++ b/app/controllers/groups/crm_controller.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Groups::CrmController < Groups::ApplicationController
+  feature_category :team_planning
+
+  before_action :authorize_read_crm_contact!, only: [:contacts]
+  before_action :authorize_read_crm_organization!, only: [:organizations]
+
+  def contacts
+    respond_to do |format|
+      format.html
+    end
+  end
+
+  def organizations
+    respond_to do |format|
+      format.html
+    end
+  end
+
+  private
+
+  def authorize_read_crm_contact!
+    render_404 unless can?(current_user, :read_crm_contact, group)
+  end
+
+  def authorize_read_crm_organization!
+    render_404 unless can?(current_user, :read_crm_organization, group)
+  end
+end
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index e19b8ae35f8..fc930ffebbd 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -11,8 +11,8 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   before_action :ensure_token_granted!, only: [:blob, :manifest]
   before_action :ensure_feature_enabled!
 
-  before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob]
-  skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob]
+  before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest]
+  skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob, :authorize_upload_manifest, :upload_manifest]
 
   attr_reader :token
 
@@ -22,20 +22,11 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
     result = DependencyProxy::FindOrCreateManifestService.new(group, image, tag, token).execute
 
     if result[:status] == :success
-      response.headers['Docker-Content-Digest'] = result[:manifest].digest
-      response.headers['Content-Length'] = result[:manifest].size
-      response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION
-      response.headers['Etag'] = "\"#{result[:manifest].digest}\""
-      content_type = result[:manifest].content_type
-
-      event_name = tracking_event_name(object_type: :manifest, from_cache: result[:from_cache])
-      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
-      send_upload(
-        result[:manifest].file,
-        proxy: true,
-        redirect_params: { query: { 'response-content-type' => content_type } },
-        send_params: { type: content_type }
-      )
+      if result[:manifest]
+        send_manifest(result[:manifest], from_cache: result[:from_cache])
+      else
+        send_dependency(manifest_header, DependencyProxy::Registry.manifest_url(image, tag), manifest_file_name)
+      end
     else
       render status: result[:http_status], json: result[:message]
     end
@@ -59,7 +50,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   def authorize_upload_blob
     set_workhorse_internal_api_content_type
 
-    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false)
+    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Blob::MAX_FILE_SIZE)
   end
 
   def upload_blob
@@ -75,6 +66,37 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
     head :ok
   end
 
+  def authorize_upload_manifest
+    set_workhorse_internal_api_content_type
+
+    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false, maximum_size: DependencyProxy::Manifest::MAX_FILE_SIZE)
+  end
+
+  def upload_manifest
+    attrs = {
+      file_name: manifest_file_name,
+      content_type: request.headers[Gitlab::Workhorse::SEND_DEPENDENCY_CONTENT_TYPE_HEADER],
+      digest: request.headers[DependencyProxy::Manifest::DIGEST_HEADER],
+      file: params[:file],
+      size: params[:file].size
+    }
+
+    manifest = @group.dependency_proxy_manifests
+                     .active
+                     .find_by_file_name(manifest_file_name)
+
+    if manifest
+      manifest.update!(attrs)
+    else
+      @group.dependency_proxy_manifests.create!(attrs)
+    end
+
+    event_name = tracking_event_name(object_type: :manifest, from_cache: false)
+    track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+    head :ok
+  end
+
   private
 
   def blob_via_workhorse
@@ -86,14 +108,36 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
 
       send_upload(blob.file)
     else
-      send_dependency(token, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
+      send_dependency(token_header, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
     end
   end
 
+  def send_manifest(manifest, from_cache:)
+    response.headers[DependencyProxy::Manifest::DIGEST_HEADER] = manifest.digest
+    response.headers['Content-Length'] = manifest.size
+    response.headers['Docker-Distribution-Api-Version'] = DependencyProxy::DISTRIBUTION_API_VERSION
+    response.headers['Etag'] = "\"#{manifest.digest}\""
+    content_type = manifest.content_type
+
+    event_name = tracking_event_name(object_type: :manifest, from_cache: from_cache)
+    track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+    send_upload(
+      manifest.file,
+      proxy: true,
+      redirect_params: { query: { 'response-content-type' => content_type } },
+      send_params: { type: content_type }
+    )
+  end
+
   def blob_file_name
     @blob_file_name ||= params[:sha].sub('sha256:', '') + '.gz'
   end
 
+  def manifest_file_name
+    @manifest_file_name ||= "#{image}:#{tag}.json"
+  end
+
   def group
     strong_memoize(:group) do
       Group.find_by_full_path(params[:group_id], follow_redirects: true)
@@ -137,4 +181,12 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
       render status: result[:http_status], json: result[:message]
     end
   end
+
+  def token_header
+    { Authorization: ["Bearer #{token}"] }
+  end
+
+  def manifest_header
+    token_header.merge(Accept: ::ContainerRegistry::Client::ACCEPTED_TYPES)
+  end
 end
diff --git a/app/controllers/groups/email_campaigns_controller.rb b/app/controllers/groups/email_campaigns_controller.rb
index 70c8a23d918..520ad768939 100644
--- a/app/controllers/groups/email_campaigns_controller.rb
+++ b/app/controllers/groups/email_campaigns_controller.rb
@@ -40,7 +40,7 @@ class Groups::EmailCampaignsController < Groups::ApplicationController
       project_pipelines_url(group.projects.first)
     when :trial, :trial_short
       'https://about.gitlab.com/free-trial/'
-    when :team, :team_short
+    when :team, :team_short, :invite_team
       group_group_members_url(group)
     when :admin_verify
       project_settings_ci_cd_path(group.projects.first, ci_runner_templates: true, anchor: 'js-runners-settings')
@@ -59,6 +59,11 @@ class Groups::EmailCampaignsController < Groups::ApplicationController
     @track = params[:track]&.to_sym
     @series = params[:series]&.to_i
 
+    # There is only one email that will be sent for invite team track so series
+    # should only have the value 0. Return early if track is invite team and
+    # condition for series value is met
+    return if @track == Namespaces::InviteTeamEmailService::TRACK && @series == 0
+
     track_valid = @track.in?(Namespaces::InProductMarketingEmailsService::TRACKS.keys)
     return render_404 unless track_valid
 
diff --git a/app/controllers/groups/labels_controller.rb b/app/controllers/groups/labels_controller.rb
index 86dde454cbc..7bcc8182bd6 100644
--- a/app/controllers/groups/labels_controller.rb
+++ b/app/controllers/groups/labels_controller.rb
@@ -9,7 +9,7 @@ class Groups::LabelsController < Groups::ApplicationController
 
   respond_to :html
 
-  feature_category :issue_tracking
+  feature_category :team_planning
 
   def index
     respond_to do |format|
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 63eff750d1b..75877cdef9c 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -6,7 +6,7 @@ class Groups::MilestonesController < Groups::ApplicationController
   before_action :milestone, only: [:edit, :show, :update, :issues, :merge_requests, :participants, :labels, :destroy]
   before_action :authorize_admin_milestones!, only: [:edit, :new, :create, :update, :destroy]
 
-  feature_category :issue_tracking
+  feature_category :team_planning
 
   def index
     respond_to do |format|
diff --git a/app/controllers/groups/packages_controller.rb b/app/controllers/groups/packages_controller.rb
index d02a8262948..47f1816cc4c 100644
--- a/app/controllers/groups/packages_controller.rb
+++ b/app/controllers/groups/packages_controller.rb
@@ -6,10 +6,6 @@ module Groups
 
     feature_category :package_registry
 
-    before_action do
-      push_frontend_feature_flag(:package_list_apollo, default_enabled: :yaml)
-    end
-
     private
 
     def verify_packages_enabled!
diff --git a/app/controllers/groups/settings/applications_controller.rb b/app/controllers/groups/settings/applications_controller.rb
index f05a96d7810..6388277e4dc 100644
--- a/app/controllers/groups/settings/applications_controller.rb
+++ b/app/controllers/groups/settings/applications_controller.rb
@@ -16,6 +16,7 @@ module Groups
       end
 
       def show
+        @created = get_created_session
       end
 
       def edit
@@ -27,6 +28,8 @@ module Groups
         if @application.persisted?
           flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
 
+          set_created_session
+
           redirect_to group_settings_application_url(@group, @application)
         else
           set_index_vars
diff --git a/app/controllers/groups/settings/integrations_controller.rb b/app/controllers/groups/settings/integrations_controller.rb
index a7a1de03224..0a63c3d304b 100644
--- a/app/controllers/groups/settings/integrations_controller.rb
+++ b/app/controllers/groups/settings/integrations_controller.rb
@@ -3,7 +3,7 @@
 module Groups
   module Settings
     class IntegrationsController < Groups::ApplicationController
-      include IntegrationsActions
+      include ::Integrations::Actions
 
       before_action :authorize_admin_group!