Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/ide/components/new_dropdown/index.vue

@@ -91,7 +91,7 @@ export default {
         </template>
         <li>
           <item-button
-            :label="__('Rename')"
+            :label="__('Rename/Move')"
             class="d-flex"
             icon="pencil"
             icon-classes="mr-2"

app/models/issue_assignee.rb

@@ -3,6 +3,8 @@
 class IssueAssignee < ApplicationRecord
   belongs_to :issue
   belongs_to :assignee, class_name: "User", foreign_key: :user_id
+
+  validates :assignee, uniqueness: { scope: :issue_id }
 end
 
 IssueAssignee.prepend_if_ee('EE::IssueAssignee')

app/models/merge_request_assignee.rb

@@ -3,4 +3,6 @@
 class MergeRequestAssignee < ApplicationRecord
   belongs_to :merge_request
   belongs_to :assignee, class_name: "User", foreign_key: :user_id
+
+  validates :assignee, uniqueness: { scope: :merge_request_id }
 end

app/serializers/variable_entity.rb

@@ -4,6 +4,7 @@ class VariableEntity < Grape::Entity
   expose :id
   expose :key
   expose :value
+  expose :variable_type
 
   expose :protected?, as: :protected
   expose :masked?, as: :masked

changelogs/unreleased/11120-autodevops-test-postgres-version.yml

+---
+title: Use POSTGRES_VERSION variable in Auto DevOps Test stage
+merge_request: 22884
+author: Serban Marti
+type: fixed

changelogs/unreleased/195989-quick-action-add-dup-assignee-error.yml

+---
+title: Fix error when assigning an existing asignee
+merge_request: 23416
+author:
+type: fixed

changelogs/unreleased/199257-renamemove-webide-dropdown.yml

+---
+title: "Change `Rename` to `Rename/Move` in Web IDE Dropdown"
+merge_request: 23877
+author:
+type: added

changelogs/unreleased/avoid-using-gl-object.yml

+---
+title: Fix outdated MR security warning message
+merge_request: 23496
+author:
+type: fixed

changelogs/unreleased/dz-scope-project-issues-routing.yml

+---
+title: Copy issues routing under - scope
+merge_request: 23779
+author:
+type: changed

config/routes/issues.rb

+# frozen_string_literal: true
+
+get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics }
+
+resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do
+  member do
+    post :toggle_subscription
+    post :mark_as_spam
+    post :move
+    put :reorder
+    get :related_branches
+    get :can_create_branch
+    get :realtime_changes
+    post :create_merge_request
+    get :discussions, format: :json
+  end
+
+  collection do
+    post :bulk_update
+    post :import_csv
+  end
+end

config/routes/project.rb

@@ -401,25 +401,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
         end
       end
 
-      get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics }
-
-      resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do
-        member do
-          post :toggle_subscription
-          post :mark_as_spam
-          post :move
-          put :reorder
-          get :related_branches
-          get :can_create_branch
-          get :realtime_changes
-          post :create_merge_request
-          get :discussions, format: :json
-        end
+      # Unscoped route. It will be replaced with redirect to /-/issues/
+      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
+      draw :issues
 
-        collection do
-          post :bulk_update
-          post :import_csv
-        end
+      # To ensure an old unscoped routing is used for the UI we need to
+      # add prefix 'as' to the scope routing and place it below original routing.
+      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
+      scope '-', as: 'scoped' do
+        draw :issues
       end
 
       resources :notes, only: [:create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do

doc/development/changelog.md

@@ -35,6 +35,8 @@ the `author` field. GitLab team members **should not**.
 
 - Any change that introduces a database migration, whether it's regular, post,
   or data migration, **must** have a changelog entry.
+- [Security fixes] **must** have a changelog entry, without `merge_request` value
+  and with `type` set to `security`.
 - Any user-facing change **should** have a changelog entry. Example: "GitLab now
   uses system fonts for all text."
 - Performance improvements **should** have a changelog entry.
@@ -289,6 +291,7 @@ and then compiling the entries into the overall `CHANGELOG.md` file during the
 [release managers]: https://gitlab.com/gitlab-org/release/docs/blob/master/quickstart/release-manager.md
 [started brainstorming]: https://gitlab.com/gitlab-org/gitlab-foss/issues/17826
 [release process]: https://gitlab.com/gitlab-org/release-tools
+[Security fixes]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
 
 ---
 

lib/gitlab/ci/templates/Jobs/Test.gitlab-ci.yml

 test:
   services:
-    - postgres:latest
+    - "postgres:${POSTGRES_VERSION}"
   variables:
     POSTGRES_DB: test
   stage: test

lib/gitlab/quick_actions/issue_and_merge_request_actions.rb

@@ -12,6 +12,15 @@ module Gitlab
         explanation do |users|
           _('Assigns %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
         end
+        execution_message do |users = nil|
+          if users.blank?
+            _("Failed to assign a user because no user was found.")
+          else
+            users = [users.first] unless quick_action_target.allows_multiple_assignees?
+
+            _('Assigned %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
+          end
+        end
         params do
           quick_action_target.allows_multiple_assignees? ? '@user1 @user2' : '@user'
         end
@@ -23,19 +32,14 @@ module Gitlab
           extract_users(assignee_param)
         end
         command :assign do |users|
-          if users.empty?
-            @execution_message[:assign] = _("Failed to assign a user because no user was found.")
-            next
-          end
+          next if users.empty?
 
           if quick_action_target.allows_multiple_assignees?
             @updates[:assignee_ids] ||= quick_action_target.assignees.map(&:id)
-            @updates[:assignee_ids] += users.map(&:id)
+            @updates[:assignee_ids] |= users.map(&:id)
           else
             @updates[:assignee_ids] = [users.first.id]
           end
-
-          @execution_message[:assign] = _('Assigned %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
         end
 
         desc do
@@ -249,7 +253,7 @@ module Gitlab
         def assignees_for_removal(users)
           assignees = quick_action_target.assignees
           if users.present? && quick_action_target.allows_multiple_assignees?
-            assignees & users
+            users
           else
             assignees
           end

locale/gitlab.pot

@@ -15694,15 +15694,15 @@ msgstr ""
 msgid "Removing the project will delete its repository and all related resources including issues, merge requests etc."
 msgstr ""
 
-msgid "Rename"
-msgstr ""
-
 msgid "Rename file"
 msgstr ""
 
 msgid "Rename folder"
 msgstr ""
 
+msgid "Rename/Move"
+msgstr ""
+
 msgid "Reopen epic"
 msgstr ""
 

spec/fixtures/api/schemas/variable.json

@@ -13,6 +13,7 @@
     "value": { "type": "string" },
     "masked": { "type": "boolean" },
     "protected": { "type": "boolean" },
+    "variable_type": { "type": "string" },
     "environment_scope": { "type": "string", "optional": true }
   },
   "additionalProperties": false

spec/frontend/environments/emtpy_state_spec.js

+import { shallowMount } from '@vue/test-utils';
+import EmptyState from '~/environments/components/empty_state.vue';
+
+describe('environments empty state', () => {
+  let vm;
+
+  beforeEach(() => {
+    vm = shallowMount(EmptyState, {
+      propsData: {
+        newPath: 'foo',
+        canCreateEnvironment: true,
+        helpPath: 'bar',
+      },
+    });
+  });
+
+  afterEach(() => {
+    vm.destroy();
+  });
+
+  it('renders the empty state', () => {
+    expect(vm.find('.js-blank-state-title').text()).toEqual(
+      "You don't have any environments right now",
+    );
+  });
+
+  it('renders the new environment button', () => {
+    expect(vm.find('.js-new-environment-button').attributes('href')).toEqual('foo');
+  });
+
+  describe('without permission', () => {
+    beforeEach(() => {
+      vm.setProps({ canCreateEnvironment: false });
+    });
+
+    it('does not render the new environment button', () => {
+      expect(vm.find('.js-new-environment-button').exists()).toBe(false);
+    });
+  });
+});

spec/javascripts/environments/emtpy_state_spec.js

-import Vue from 'vue';
-import mountComponent from 'spec/helpers/vue_mount_component_helper';
-import emptyState from '~/environments/components/empty_state.vue';
-
-describe('environments empty state', () => {
-  let vm;
-  let Component;
-
-  beforeEach(() => {
-    Component = Vue.extend(emptyState);
-  });
-
-  afterEach(() => {
-    vm.$destroy();
-  });
-
-  describe('With permissions', () => {
-    beforeEach(() => {
-      vm = mountComponent(Component, {
-        newPath: 'foo',
-        canCreateEnvironment: true,
-        helpPath: 'bar',
-      });
-    });
-
-    it('renders empty state and new environment button', () => {
-      expect(vm.$el.querySelector('.js-blank-state-title').textContent.trim()).toEqual(
-        "You don't have any environments right now",
-      );
-
-      expect(vm.$el.querySelector('.js-new-environment-button').getAttribute('href')).toEqual(
-        'foo',
-      );
-    });
-  });
-
-  describe('Without permission', () => {
-    beforeEach(() => {
-      vm = mountComponent(Component, {
-        newPath: 'foo',
-        canCreateEnvironment: false,
-        helpPath: 'bar',
-      });
-    });
-
-    it('renders empty state without new button', () => {
-      expect(vm.$el.querySelector('.js-blank-state-title').textContent.trim()).toEqual(
-        "You don't have any environments right now",
-      );
-
-      expect(vm.$el.querySelector('.js-new-environment-button')).toBeNull();
-    });
-  });
-});

spec/models/issue_assignee_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe IssueAssignee do
+  let(:issue) { create(:issue) }
+
+  subject { issue.issue_assignees.build(assignee: create(:user)) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:issue).class_name('Issue') }
+    it { is_expected.to belong_to(:assignee).class_name('User') }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_uniqueness_of(:assignee).scoped_to(:issue_id) }
+  end
+end

spec/models/merge_request_assignee_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe MergeRequestAssignee do
+  let(:merge_request) { create(:merge_request) }
+
+  subject { merge_request.merge_request_assignees.build(assignee: create(:user)) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:merge_request).class_name('MergeRequest') }
+    it { is_expected.to belong_to(:assignee).class_name('User') }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_uniqueness_of(:assignee).scoped_to(:merge_request_id) }
+  end
+end

spec/serializers/variable_entity_spec.rb

@@ -10,7 +10,7 @@ describe VariableEntity do
     subject { entity.as_json }
 
     it 'contains required fields' do
-      expect(subject).to include(:id, :key, :value, :protected, :environment_scope)
+      expect(subject).to include(:id, :key, :value, :protected, :environment_scope, :variable_type)
     end
   end
 end

spec/services/quick_actions/interpret_service_spec.rb

@@ -804,7 +804,7 @@ describe QuickActions::InterpretService do
       let(:issuable) { issue }
     end
 
-    it_behaves_like 'empty command' do
+    it_behaves_like 'empty command', "Failed to assign a user because no user was found." do
       let(:content) { '/assign' }
       let(:issuable) { issue }
     end