The reset_seat_banner_callouts FF was used to derisk a conditional logic
change. Now the FF has been rolled out, we can remove it.

Changelog: removed
EE: true

This commit adds an expire_at column to pages deployments
prefilled with the value set in admin settings

Changelog: added
EE: true

Signed-off-by: janis <jaltherr@gitlab.com>

Fixes #480459

Changelog: fixed

When resetting the seat usage alert, we don't need to check if the
member was using a seat, we can avoid the expensive query and instead
simply reset the callout regardless

Changelog: changed
EE: true

Choosing restricted access turns on block seat overages for the group
This new option is behind a feature flag

As desribed in #412915,
`allowed_plans` being handled late (at job scheduling event) may cause
problems with a bigger backlog of jobs not matching that configuration
and yet targetting the affected runner.

With this change, dropping a job not matching any available runner will
be done early, just like it's done with CI/CD minutes quota.

- Explicitly load a new project from the DB when checking for changes
  on topics to avoid side effects of resetting changes when events
  depend on them still being present on the shared project variable.

- Refs: #343204

Changelog: added
EE: true

EE: true

This change updates the Projects::CreateService to
override the push rule for security policy project.

EE: true
Changelog: fixed

When linking an issue to a metric, store
that connection in the database

EE: true
Changelog: added

- Add support for accepting observability_log_details params
- Add Observability:ObservabilityIssuesHelper to handle parsing params
- Refactor MetricsIssuesHelper to only handle metrics related issues prefilling
- Add LogsIssuesHelper to handle logs related issues prefilling
- Add specs

- If on SaaS, group actor will be used
- If on self-managed, instance actor will be used

This reverts merge request !161619

When linking an issue to a metric, store
that connection in the database

EE: true
Changelog: added

Changelog: fixed
EE: true

Changelog: added

Changelog: fixed
EE: true

Roy Liu authored 7 months ago and Roy Liu committed 6 months ago

Changelog: changed

When deployment approvals are configured for an environment, jobs that
reference the environment are held in a manual state until the required
number of approvals has been met.

Only jobs that actually create deployment records should be held in this
state, as approval should not be required when the job only accesses the
environment (for example, to collect metrics) and does not modify it.

This behaviour is controlled by the `environment.action` keyword. The
default is `start`, which does create a deployment. The other options
do not create deployments.

Related to: https://gitlab.com/gitlab-org/gitlab/-/issues/474034

Adds support in query params to accept
a linked observability metric

EE: true

Unstick locked MRs with non-null merge_jids

Co-authored-by: Terri Chu <tchu@gitlab.com>

This fixes records where we set the wrong namespace_id. The wrong
namespace_id came from records that were we updated the references of
WorkItemParentLinks and set the namespace_id to project.namespace_id
instead of project.project_namespace_id.

The bug got introduced in 17.1 with
!155113 and fixed
in 17.2 with
!157332.

The problem with using the wrong namespace_id is that the record would
not get properly deleted when the project gets deleted. This leads to
orphaned records.

Changelog: fixed

MR: gitlab.com/gitlab-org/gitlab/-/merge_requests/161455

Carla Drago authored 7 months ago and GitLab Release Tools Bot committed 7 months ago

Merge branch 'security-1158-update-audit-event-payload' into 'master'

See merge request gitlab-org/security/gitlab!4311

Changelog: security

Dominic Bauer authored 7 months ago and GitLab Release Tools Bot committed 7 months ago

Merge branch 'security-461248-confidential-issue' into 'master'

See merge request gitlab-org/security/gitlab!4191

Changelog: security

This mutation allows us to reorder a child in the hierarchy tree,
including moving the item under a new parent

Changelog: added
EE: true

This commit enables syncing of audit
events to new tables using AuditEventService

EE: true

Co-authored-by: Dominic Bauer <dbauer@gitlab.com>
EE: true
Changelog: changed

Check this instead of the value of new_user_signups_cap

This add audit logging for modifications (additions, removals) of
groups in the CI_JOB_TOKEN allow list, bringing these in line with
project modifications to the same list.

Resolves: #467840

Changelog: added
EE: true

Stan Hu authored 7 months ago and Imre Farkas committed 7 months ago

If `require_personal_access_token_expiry?` is `false`, we allow for a
`nil` expires_at if no parameter is passed in the API instead of
defaulting to a 1-week expiration.

If the token is owned by service account, the
`service_access_tokens_expiration_enforced` setting is checked to
determine whether to skip the 1-week default.

We also ensure that the expiration is within the max allowed lifetime
set by the instance or group.

require_personal_access_token_expiry applies to non-service account
users, while service_access_tokens_expiration_enforced applies to
service accounts.

Children with synced legacy epics should be kept in sync after moving
to a new parent.

- Update actor from current_user to instance, since we will call
the same feature-flag in classes where current_user is not
available

- Update group links create & update service to accept
member_role_id param
- Fetch custom roles in the frontend
- Both changes are behind feature-flag,
assign_custom_roles_to_group_links

Changelog: added
EE: true