Automatic merge of gitlab-org/gitlab master

GITALY_SERVER_VERSION

-7c79e09c9b986785a3ecf46ea7bdcc6a96302f2a
+904445041c98f13f525a69d24965e32da257b58a

Gemfile

@@ -244,23 +244,23 @@ gem 'faraday_middleware-aws-sigv4', '~> 1.0.1', feature_category: :global_search
 gem 'typhoeus', '~> 1.4.0', feature_category: :global_search
 
 # Markdown and HTML processing
-gem 'html-pipeline', '~> 2.14.3', feature_category: :team_planning
-gem 'deckar01-task_list', '2.3.4', feature_category: :team_planning
-gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'commonmarker', '~> 0.23.10', feature_category: :team_planning
-gem 'kramdown', '~> 2.3.1' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'RedCloth', '~> 4.3.3' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'org-ruby', '~> 0.9.12' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'creole', '~> 0.5.0' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'wikicloth', '0.8.1' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'asciidoctor', '~> 2.0.18' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'asciidoctor-include-ext', '~> 0.4.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'asciidoctor-plantuml', '~> 0.0.16' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'asciidoctor-kroki', '~> 0.10.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'html-pipeline', '~> 2.14.3', feature_category: :markdown
+gem 'deckar01-task_list', '2.3.4', feature_category: :markdown
+gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup', feature_category: :markdown
+gem 'commonmarker', '~> 0.23.10', feature_category: :markdown
+gem 'kramdown', '~> 2.3.1', feature_category: :markdown
+gem 'RedCloth', '~> 4.3.3', feature_category: :markdown
+gem 'org-ruby', '~> 0.9.12', feature_category: :markdown
+gem 'creole', '~> 0.5.0', feature_category: :markdown
+gem 'wikicloth', '0.8.1', feature_category: :markdown
+gem 'asciidoctor', '~> 2.0.18', feature_category: :markdown
+gem 'asciidoctor-include-ext', '~> 0.4.0', require: false, feature_category: :markdown
+gem 'asciidoctor-plantuml', '~> 0.0.16', feature_category: :markdown
+gem 'asciidoctor-kroki', '~> 0.10.0', require: false, feature_category: :markdown
 gem 'rouge', '~> 4.3.0', feature_category: :shared
-gem 'truncato', '~> 0.7.12' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'nokogiri', '~> 1.16' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'gitlab-glfm-markdown', '~> 0.0.20', feature_category: :team_planning
+gem 'truncato', '~> 0.7.12', feature_category: :team_planning
+gem 'nokogiri', '~> 1.16', feature_category: :shared
+gem 'gitlab-glfm-markdown', '~> 0.0.20', feature_category: :markdown
 
 # Calendar rendering
 gem 'icalendar', '~> 2.10.1', feature_category: :system_access

app/assets/javascripts/repository/components/breadcrumbs.vue

@@ -131,6 +131,15 @@ export default {
     };
   },
   computed: {
+    currentDirectoryPath() {
+      const splitPath = this.currentPath.split('/').filter((p) => p);
+
+      if (this.isBlobPath) {
+        splitPath.pop();
+      }
+
+      return joinPaths(...splitPath);
+    },
     pathLinks() {
       return this.currentPath
         .split('/')
@@ -274,7 +283,7 @@ export default {
 <template>
   <nav
     :aria-label="__('Files breadcrumb')"
-    :data-current-path="currentPath"
+    :data-current-path="currentDirectoryPath"
     class="js-repo-breadcrumbs"
   >
     <ol class="breadcrumb repo-breadcrumb">

db/docs/batched_background_migrations/update_workspaces_config_version3.yml

@@ -5,4 +5,4 @@ feature_category: remote_development
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140972
 milestone: '16.8'
 queued_migration_version: 20240104085448
-finalized_by: # version of the migration that finalized this BBM
+finalized_by: 20240924214435

db/post_migrate/20240924214435_finalize_workspaces_config_version3_migration.rb

+# frozen_string_literal: true
+
+class FinalizeWorkspacesConfigVersion3Migration < Gitlab::Database::Migration[2.2]
+  milestone '17.5'
+  MIGRATION = 'UpdateWorkspacesConfigVersion3'
+  disable_ddl_transaction!
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    ensure_batched_background_migration_is_finished(
+      job_class_name: MIGRATION,
+      table_name: :workspaces,
+      column_name: :config_version,
+      job_arguments: [],
+      finalize: true
+    )
+  end
+
+  def down
+    # no-op
+  end
+end

db/schema_migrations/20240924214435

+a9a765bed96c7d69eac3cd0e41f373a68de7f88c09a143f0a4133506c10e93cd
\ No newline at end of file

doc/api/group_level_variables.md

@@ -98,7 +98,7 @@ POST /groups/:id/variables
 | `id`                                  | integer/string | Yes      | The ID of a group or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding). |
 | `key`                                 | string         | Yes      | The `key` of a variable; must have no more than 255 characters; only `A-Z`, `a-z`, `0-9`, and `_` are allowed. |
 | `value`                               | string         | Yes      | The `value` of a variable. |
-| `description`                         | string         | No       | The `description` of the variable. Default: `null`. |
+| `description`                         | string         | No       | The `description` of the variable; must have no more than 255 characters. Default: `null`. |
 | `environment_scope`                   | string         | No       | The [environment scope](../ci/environments/index.md#limit-the-environment-scope-of-a-cicd-variable) of a variable. Premium and Ultimate only. |
 | `masked`                              | boolean        | No       | Whether the variable is masked. |
 | `protected`                           | boolean        | No       | Whether the variable is protected. |

doc/api/markdown.md

 ---
 stage: Plan
-group: Project Management
+group: Knowledge
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 

doc/development/ai_features/index.md

@@ -68,6 +68,16 @@ In SaaS mode, membership to a group with Duo features enabled is what enables
 many AI features. Make sure that your test user is a member of the group with
 Duo features enabled (`test-group-name`).
 
+This Rake task creates Duo Enterprise add-on attached to that group.
+
+In case you need Duo Pro add-on attached, please use:
+
+```shell
+GITLAB_SIMULATE_SAAS=1 bundle exec 'rake gitlab:duo:setup[test-group-name,duo_pro]'
+```
+
+Duo Pro add-on serves smaller scope of features. Usage of add-on depends on what features you want to use.
+
 #### Option B: in Self-managed Mode
 
 **Why:** If you want to test something specific to self-managed, such as Custom
@@ -78,13 +88,23 @@ Models.
 Run the Rake task to set up Duo features for the instance:
 
 ```shell
-GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup'
+GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup_instance'
 ```
 
 ```shell
 gdk restart
 ```
 
+This Rake task creates Duo Enterprise add-on attached to your instance.
+
+In case you need Duo Pro add-on attached, please use:
+
+```shell
+GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup_instance[duo_pro]'
+```
+
+Duo Pro add-on serves smaller scope of features. Usage of add-on depends on what features you want to use.
+
 ### Recommended: Set `CLOUD_CONNECTOR_SELF_SIGN_TOKENS` environment variable
 
 **Why:** Setting this environment variable will allow the local GitLab instance to

doc/user/application_security/sast/index.md

@@ -310,7 +310,7 @@ To configure SAST for a project you can:
 
 You can enable SAST across many projects by [enforcing scan execution](../index.md#enforce-scan-execution).
 
-To configure Advanced SAST (for Ultimate tier) please also follow these [instructions](gitlab_advanced_sast.md#configuration).
+To configure Advanced SAST (available in GitLab Ultimate only), follow these [instructions](gitlab_advanced_sast.md#configuration).
 
 ### Configure SAST in your CI/CD YAML
 
@@ -632,6 +632,7 @@ Some analyzers can be customized with CI/CD variables.
 
 | CI/CD variable              | Analyzer   | Description                                                                                                                                                                                                                        |
 |-----------------------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `GITLAB_ADVANCED_SAST_ENABLED` | GitLab Advanced SAST | Set to `true` to enable [Advanced SAST](gitlab_advanced_sast.md) scanning (available in GitLab Ultimate only). Default: `false`. |
 | `SCAN_KUBERNETES_MANIFESTS` | Kubesec    | Set to `"true"` to scan Kubernetes manifests.                                                                                                                                                                                      |
 | `KUBESEC_HELM_CHARTS_PATH`  | Kubesec    | Optional path to Helm charts that `helm` uses to generate a Kubernetes manifest that `kubesec` scans. If dependencies are defined, `helm dependency build` should be ran in a `before_script` to fetch the necessary dependencies. |
 | `KUBESEC_HELM_OPTIONS`      | Kubesec    | Additional arguments for the `helm` executable.                                                                                                                                                                                    |

doc/user/markdown.md

 ---
 stage: Plan
-group: Project Management
+group: Knowledge
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 

ee/app/models/ee/project.rb

@@ -464,7 +464,11 @@ def lock_for_confirmation!(id)
       with_replicator Geo::ProjectRepositoryReplicator
 
       def pipeline_configuration_full_path
-        compliance_management_frameworks.first&.pipeline_configuration_full_path
+        compliance_framework_settings
+          .order(:id)
+          .joins(:compliance_management_framework)
+          .where.not(compliance_management_framework: { pipeline_configuration_full_path: nil })
+          .pick(:pipeline_configuration_full_path)
       end
 
       def verification_state_object

ee/lib/gitlab/duo/developments/setup.rb

@@ -188,14 +188,16 @@ def ensure_license!
         def create_add_on_purchases!
           group = Group.find_by_full_path(@namespace) # will be nil for self-managed mode
 
-          # rubocop: disable Cop/DestroyAll -- For dev
-          ::GitlabSubscriptions::AddOnPurchase.destroy_all
-          # rubocop: enable Cop/DestroyAll
-          create_code_suggestions_purchase!(group)
-          create_enterprise_purchase!(group)
+          ::GitlabSubscriptions::AddOnPurchase.by_namespace(group).delete_all
+
+          if args[:add_on] == 'duo_pro'
+            create_duo_pro_purchase!(group)
+          else
+            create_enterprise_purchase!(group)
+          end
         end
 
-        def create_code_suggestions_purchase!(group)
+        def create_duo_pro_purchase!(group)
           add_on = ::GitlabSubscriptions::AddOn.find_or_create_by_name(:code_suggestions)
 
           response = ::GitlabSubscriptions::AddOnPurchases::CreateService.new(group, add_on, {
@@ -206,6 +208,8 @@ def create_code_suggestions_purchase!(group)
 
           raise response.message unless response.success?
 
+          response.payload[:add_on_purchase].update!(users: [User.find_by_username('root')])
+
           puts "Code suggestions add-on added..."
         end
 

ee/lib/tasks/gitlab/duo.rake

@@ -3,7 +3,12 @@
 namespace :gitlab do
   namespace :duo do
     desc 'GitLab | Duo | Enable GitLab Duo features on the specified group'
-    task :setup, [:root_group_path] => :environment do |_, args|
+    task :setup, [:root_group_path, :add_on] => :environment do |_, args|
+      Gitlab::Duo::Developments::Setup.new(args).execute
+    end
+
+    desc 'GitLab | Duo | Enable GitLab Duo features for the instance'
+    task :setup_instance, [:add_on] => :environment do |_, args|
       Gitlab::Duo::Developments::Setup.new(args).execute
     end
 

ee/spec/features/markdown/markdown_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'EE-specific GitLab Markdown', :aggregate_failures, feature_category: :team_planning do
+RSpec.describe 'EE-specific GitLab Markdown', :aggregate_failures, feature_category: :markdown do
   include Capybara::Node::Matchers
   include MarkupHelper
   include MarkdownMatchers

ee/spec/lib/gitlab/background_migration/update_workspaces_config_version3_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::BackgroundMigration::UpdateWorkspacesConfigVersion3, feature_category: :workspaces do
+RSpec.describe Gitlab::BackgroundMigration::UpdateWorkspacesConfigVersion3, schema: 20240924214435, feature_category: :workspaces do
   describe "#perform" do
     let(:v2) { 2 }
     let(:v3) { 3 }

ee/spec/lib/gitlab/background_migration/update_workspaces_config_version_spec.rb

-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe Gitlab::BackgroundMigration::UpdateWorkspacesConfigVersion, feature_category: :workspaces do
-  describe "#perform" do
-    let(:v1) { RemoteDevelopment::WorkspaceOperations::ConfigVersion::VERSION_1 }
-    let(:v2) { RemoteDevelopment::WorkspaceOperations::ConfigVersion::VERSION_2 }
-    let(:personal_access_tokens_table) { table(:personal_access_tokens) }
-    let(:pat) do
-      personal_access_tokens_table.create!(name: 'workspace1', user_id: user.id, scopes: "---\n- api\n",
-        expires_at: 4.days.from_now)
-    end
-
-    let(:workspace_attrs) do
-      {
-        user_id: user.id,
-        project_id: project.id,
-        cluster_agent_id: cluster_agent.id,
-        personal_access_token_id: pat.id,
-        desired_state_updated_at: 2.seconds.ago,
-        max_hours_before_termination: 19,
-        namespace: 'ns',
-        desired_state: ::RemoteDevelopment::WorkspaceOperations::States::RUNNING,
-        editor: 'e',
-        devfile_ref: 'dfr',
-        devfile_path: 'dev/path',
-        url: 'https://www.example.org'
-      }
-    end
-
-    let(:namespace) { table(:namespaces).create!(name: 'namespace', path: 'namespace') }
-    let(:project) do
-      table(:projects).create!(name: 'project', path: 'project', project_namespace_id: namespace.id,
-        namespace_id: namespace.id)
-    end
-
-    let(:cluster_agent) { table(:cluster_agents).create!(name: 'cluster_agent', project_id: project.id) }
-    let(:user) { table(:users).create!(email: 'author@example.com', username: 'author', projects_limit: 10) }
-    let(:workspaces_table) { table(:workspaces) }
-    let!(:workspace_with_config_1_actual_state_terminated) do
-      workspaces_table.create!({
-        name: 'workspace1',
-        config_version: v1,
-        actual_state: ::RemoteDevelopment::WorkspaceOperations::States::TERMINATED,
-        force_include_all_resources: false
-      }.merge!(workspace_attrs))
-    end
-
-    let!(:workspace_with_config_1_actual_state_running) do
-      workspaces_table.create!({
-        name: 'workspace2',
-        config_version: v1,
-        actual_state: ::RemoteDevelopment::WorkspaceOperations::States::RUNNING
-      }.merge!(workspace_attrs))
-    end
-
-    let!(:workspace_with_config_2_actual_state_running) do
-      workspaces_table.create!({
-        name: 'workspace3',
-        config_version: v2,
-        actual_state: ::RemoteDevelopment::WorkspaceOperations::States::RUNNING,
-        force_include_all_resources: false
-      }.merge!(workspace_attrs))
-    end
-
-    let(:migration) do
-      described_class.new(
-        start_id: workspace_with_config_1_actual_state_terminated.id,
-        end_id: workspace_with_config_2_actual_state_running.id,
-        batch_table: :workspaces,
-        batch_column: :id,
-        sub_batch_size: 2,
-        pause_ms: 0,
-        connection: ApplicationRecord.connection
-      )
-    end
-
-    it "updates config_version and force_include_all_resources for existing non-terminated workspaces" do
-      migration.perform
-
-      workspace_with_config_1_actual_state_running.reload
-
-      expect(workspace_with_config_1_actual_state_running.config_version).to eq(v2)
-      expect(workspace_with_config_1_actual_state_running.force_include_all_resources).to eq(true)
-    end
-
-    it "does not update workspaces with different config_version or actual_state" do
-      migration.perform
-
-      workspace_with_config_1_actual_state_terminated.reload
-      workspace_with_config_2_actual_state_running.reload
-
-      expect(workspace_with_config_1_actual_state_terminated.config_version).to eq(v1)
-      expect(workspace_with_config_1_actual_state_terminated.force_include_all_resources).to eq(false)
-
-      expect(workspace_with_config_2_actual_state_running.config_version).to eq(v2)
-      expect(workspace_with_config_2_actual_state_running.force_include_all_resources).to eq(false)
-    end
-  end
-end

ee/spec/lib/gitlab/duo/developments/setup_spec.rb

@@ -73,8 +73,11 @@
   end
 
   shared_examples 'creates add-on purchases' do
-    it 'creates add-on purchases', :aggregate_failures do
-      expect { setup }.to change { ::GitlabSubscriptions::AddOnPurchase.count }.by(2)
+    it 'creates enterprise add-on purchases', :aggregate_failures do
+      setup
+
+      expect(::GitlabSubscriptions::AddOnPurchase.for_gitlab_duo_pro.count).to eq(0)
+      expect(::GitlabSubscriptions::AddOnPurchase.for_duo_enterprise.count).to eq(1)
     end
   end
 
@@ -119,6 +122,17 @@
       end
     end
 
+    context 'when creating duo pro add on' do
+      let(:args) { { root_group_path: 'test', add_on: 'duo_pro' } }
+
+      it 'creates duo pro add-on only' do
+        setup
+
+        expect(::GitlabSubscriptions::AddOnPurchase.for_gitlab_duo_pro.count).to eq(1)
+        expect(::GitlabSubscriptions::AddOnPurchase.for_duo_enterprise.count).to eq(0)
+      end
+    end
+
     it_behaves_like 'checks for dev or test env'
     it_behaves_like 'errors when GITLAB_SIMULATE_SAAS has unexpected value', true
     it_behaves_like 'enables all necessary feature flags'

ee/spec/models/ee/project_spec.rb

@@ -4874,4 +4874,48 @@ def stub_default_url_options(host)
 
     it { is_expected.to be_an_instance_of(Vulnerabilities::Quota) }
   end
+
+  describe '#pipeline_configuration_full_path' do
+    let_it_be(:namespace) { create(:group) }
+    let_it_be(:project) { create(:project, group: namespace) }
+    let_it_be(:framework_1_with_pipeline) { create(:compliance_framework, namespace: namespace, name: 'With pipeline 1', pipeline_configuration_full_path: ".compliance-gitlab-ci.yml@test-project-1") }
+    let_it_be(:framework_2_with_pipeline) { create(:compliance_framework, namespace: namespace, name: 'With pipeline 2', pipeline_configuration_full_path: ".compliance-gitlab-ci.yml@test-project-2") }
+    let_it_be(:framework_1_without_pipeline) { create(:compliance_framework, namespace: namespace, name: 'Without pipeline 1') }
+    let_it_be(:framework_2_without_pipeline) { create(:compliance_framework, namespace: namespace, name: 'Without pipeline 2') }
+
+    context 'when the first associated framework has pipeline configuration' do
+      let_it_be(:framework_settings_1) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_1_with_pipeline) }
+      let_it_be(:framework_settings_2) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_2_with_pipeline) }
+
+      it 'returns the path of pipeline config associated with first framework' do
+        expect(project.pipeline_configuration_full_path).to eq(framework_1_with_pipeline.pipeline_configuration_full_path)
+      end
+    end
+
+    context 'when no framework has pipeline configuration' do
+      let_it_be(:framework_settings_1) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_1_without_pipeline) }
+      let_it_be(:framework_settings_2) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_2_without_pipeline) }
+
+      it 'returns nil' do
+        expect(project.pipeline_configuration_full_path).to eq(nil)
+      end
+    end
+
+    context 'when initial frameworks do not have pipeline configuration' do
+      let_it_be(:framework_settings_1) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_1_without_pipeline) }
+      let_it_be(:framework_settings_2) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_2_without_pipeline) }
+      let_it_be(:framework_settings_3) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_2_with_pipeline) }
+      let_it_be(:framework_settings_4) { create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework_1_with_pipeline) }
+
+      it 'returns the pipeline of first framework which has pipeline' do
+        expect(project.pipeline_configuration_full_path).to eq(framework_2_with_pipeline.pipeline_configuration_full_path)
+      end
+    end
+
+    context 'when there is no associated framework' do
+      it 'returns nil' do
+        expect(project.pipeline_configuration_full_path).to eq(nil)
+      end
+    end
+  end
 end

lib/api/markdown.rb

@@ -9,7 +9,7 @@ class Markdown < ::API::Base
 
     before { authenticate! if Feature.enabled?(:authenticate_markdown_api, type: :ops) }
 
-    feature_category :team_planning
+    feature_category :markdown
 
     params do
       requires :text, type: String, desc: "The Markdown text to render"