Automatic merge of gitlab-org/gitlab master

bf9c14de · GitLab Bot · e0118070 · cf26a56b · bf9c14de · bf9c14de
Commit bf9c14de authored Jan 13, 2021 by GitLab Bot
50 changed files
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -881,8 +881,6 @@ Graphql/Descriptions:
    - 'app/graphql/types/tree/tree_type.rb'
    - 'app/graphql/types/user_status_type.rb'
    - 'app/graphql/types/user_type.rb'
-    - 'ee/app/graphql/ee/resolvers/issues_resolver.rb'
-    - 'ee/app/graphql/ee/resolvers/namespace_projects_resolver.rb'
    - 'ee/app/graphql/ee/types/board_list_type.rb'
    - 'ee/app/graphql/ee/types/board_type.rb'
    - 'ee/app/graphql/ee/types/boards/board_issue_input_base_type.rb'
@@ -894,23 +892,6 @@ Graphql/Descriptions:
    - 'ee/app/graphql/ee/types/namespace_type.rb'
    - 'ee/app/graphql/ee/types/project_type.rb'
    - 'ee/app/graphql/ee/types/query_type.rb'
-    - 'ee/app/graphql/resolvers/board_groupings/epics_resolver.rb'
-    - 'ee/app/graphql/resolvers/boards/epic_boards_resolver.rb'
-    - 'ee/app/graphql/resolvers/ci/code_coverage_activities_resolver.rb'
-    - 'ee/app/graphql/resolvers/clusters/agents_resolver.rb'
-    - 'ee/app/graphql/resolvers/dast_site_profile_resolver.rb'
-    - 'ee/app/graphql/resolvers/dast_site_validation_resolver.rb'
-    - 'ee/app/graphql/resolvers/epics_resolver.rb'
-    - 'ee/app/graphql/resolvers/geo/registries_resolver.rb'
-    - 'ee/app/graphql/resolvers/requirements_management/requirements_resolver.rb'
-    - 'ee/app/graphql/resolvers/requirements_management/test_reports_resolver.rb'
-    - 'ee/app/graphql/resolvers/timelog_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerabilities/issue_links_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerabilities_grade_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerabilities_history_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerabilities_resolver.rb'
-    - 'ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb'
    - 'ee/app/graphql/types/admin/analytics/devops_adoption/segment_type.rb'
    - 'ee/app/graphql/types/admin/analytics/devops_adoption/snapshot_type.rb'
    - 'ee/app/graphql/types/boards/board_epic_type.rb'

--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -97,7 +97,7 @@ module ApplicationSettingImplementation
        login_recaptcha_protection_enabled: false,
        max_artifacts_size: Settings.artifacts['max_size'],
        max_attachment_size: Settings.gitlab['max_attachment_size'],
-        max_import_size: 50,
+        max_import_size: 0,
        minimum_password_length: DEFAULT_MINIMUM_PASSWORD_LENGTH,
        mirror_available: true,
        notify_on_unknown_sign_in: true,

--- a/app/models/concerns/packages/debian/architecture.rb
+++ b/app/models/concerns/packages/debian/architecture.rb
+# frozen_string_literal: true
+
+module Packages
+  module Debian
+    module Architecture
+      extend ActiveSupport::Concern
+
+      included do
+        belongs_to :distribution, class_name: "Packages::Debian::#{container_type.capitalize}Distribution", inverse_of: :architectures
+
+        validates :distribution,
+          presence: true
+
+        validates :name,
+          presence: true,
+          length: { maximum: 255 },
+          uniqueness: { scope: %i[distribution_id] },
+          format: { with: Gitlab::Regex.debian_architecture_regex }
+
+        scope :with_distribution, ->(distribution) { where(distribution: distribution) }
+        scope :with_name, ->(name) { where(name: name) }
+      end
+    end
+  end
+end
--- a/app/models/concerns/packages/debian/distribution.rb
+++ b/app/models/concerns/packages/debian/distribution.rb
@@ -18,6 +18,11 @@ module Packages
        belongs_to container_type
        belongs_to :creator, class_name: 'User'

+        has_many :architectures,
+          class_name: "Packages::Debian::#{container_type.capitalize}Architecture",
+          foreign_key: :distribution_id,
+          inverse_of: :distribution
+
        validates :codename,
          presence: true,
          uniqueness: { scope: [container_foreign_key] },

--- a/app/models/packages/debian/group_architecture.rb
+++ b/app/models/packages/debian/group_architecture.rb
+# frozen_string_literal: true
+
+class Packages::Debian::GroupArchitecture < ApplicationRecord
+  def self.container_type
+    :group
+  end
+
+  include Packages::Debian::Architecture
+end
--- a/app/models/packages/debian/project_architecture.rb
+++ b/app/models/packages/debian/project_architecture.rb
+# frozen_string_literal: true
+
+class Packages::Debian::ProjectArchitecture < ApplicationRecord
+  def self.container_type
+    :project
+  end
+
+  include Packages::Debian::Architecture
+end
--- a/changelogs/unreleased/debian_distribution_architectures.yml
+++ b/changelogs/unreleased/debian_distribution_architectures.yml
+---
+title: Debian Group and Project Distribution Architectures
+merge_request: 51265
+author: Mathieu Parent
+type: added
--- a/changelogs/unreleased/fix-secret-detection-template.yml
+++ b/changelogs/unreleased/fix-secret-detection-template.yml
+---
+title: "Fix script typo in secret detection template causing the detection to be skipped"
+merge_request: 51544
+author: Vicken Simonian @vicken.papaya
+type: fixed
--- a/changelogs/unreleased/georgekoltsov-update-max-import-size-default-value.yml
+++ b/changelogs/unreleased/georgekoltsov-update-max-import-size-default-value.yml
+---
+title: Update default value of applications_settings.max_import_size to 0
+merge_request: 51229
+author:
+type: other
--- a/db/migrate/20201204111000_create_packages_debian_project_architectures.rb
+++ b/db/migrate/20201204111000_create_packages_debian_project_architectures.rb
+# frozen_string_literal: true
+
+class CreatePackagesDebianProjectArchitectures < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  INDEX_NAME = 'idx_pkgs_deb_proj_architectures_on_distribution_id'
+  UNIQUE_NAME = 'uniq_pkgs_deb_proj_architectures_on_distribution_id_and_name'
+
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      unless table_exists?(:packages_debian_project_architectures)
+        create_table :packages_debian_project_architectures do |t|
+          t.timestamps_with_timezone
+          t.references :distribution,
+            foreign_key: { to_table: :packages_debian_project_distributions, on_delete: :cascade },
+            null: false,
+            index: { name: INDEX_NAME }
+          t.text :name, null: false
+
+          t.index %w(distribution_id name),
+            name: UNIQUE_NAME,
+            unique: true,
+            using: :btree
+        end
+      end
+    end
+
+    add_text_limit :packages_debian_project_architectures, :name, 255
+  end
+
+  def down
+    drop_table :packages_debian_project_architectures
+  end
+end
--- a/db/migrate/20201204111100_create_packages_debian_group_architectures.rb
+++ b/db/migrate/20201204111100_create_packages_debian_group_architectures.rb
+# frozen_string_literal: true
+
+class CreatePackagesDebianGroupArchitectures < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  INDEX_NAME = 'idx_pkgs_deb_grp_architectures_on_distribution_id'
+  UNIQUE_NAME = 'uniq_pkgs_deb_grp_architectures_on_distribution_id_and_name'
+
+  disable_ddl_transaction!
+
+  def up
+    with_lock_retries do
+      unless table_exists?(:packages_debian_group_architectures)
+        create_table :packages_debian_group_architectures do |t|
+          t.timestamps_with_timezone
+          t.references :distribution,
+            foreign_key: { to_table: :packages_debian_group_distributions, on_delete: :cascade },
+            null: false,
+            index: { name: INDEX_NAME }
+          t.text :name, null: false
+
+          t.index %w(distribution_id name),
+            name: UNIQUE_NAME,
+            unique: true,
+            using: :btree
+        end
+      end
+    end
+
+    add_text_limit :packages_debian_group_architectures, :name, 255
+  end
+
+  def down
+    drop_table :packages_debian_group_architectures
+  end
+end
--- a/db/migrate/20210108161039_update_max_import_size_default.rb
+++ b/db/migrate/20210108161039_update_max_import_size_default.rb
+# frozen_string_literal: true
+
+class UpdateMaxImportSizeDefault < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    change_column_default(:application_settings, :max_import_size, from: 50, to: 0)
+  end
+end
--- a/db/schema_migrations/20201204111000
+++ b/db/schema_migrations/20201204111000
+e9ca7eb8a47f6c48667135eca26f729471f8bb4ffa91dfceea87d98c8f2a616b
\ No newline at end of file
--- a/db/schema_migrations/20201204111100
+++ b/db/schema_migrations/20201204111100
+b613f8654641948b2933910ebbfc926fd801b18c00a5d23b1c801a9ba9925520
\ No newline at end of file
--- a/db/schema_migrations/20210108161039
+++ b/db/schema_migrations/20210108161039
+7888a82e3bbc1f4c78badcbe8335ac823ebdedec843a9d90f91cf0d5c169a191
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -9340,7 +9340,7 @@ CREATE TABLE application_settings (
    spam_check_endpoint_enabled boolean DEFAULT false NOT NULL,
    elasticsearch_pause_indexing boolean DEFAULT false NOT NULL,
    repository_storages_weighted jsonb DEFAULT '{}'::jsonb NOT NULL,
-    max_import_size integer DEFAULT 50 NOT NULL,
+    max_import_size integer DEFAULT 0 NOT NULL,
    enforce_pat_expiration boolean DEFAULT true NOT NULL,
    compliance_frameworks smallint[] DEFAULT '{}'::smallint[] NOT NULL,
    notify_on_unknown_sign_in boolean DEFAULT true NOT NULL,
@@ -14766,6 +14766,24 @@ CREATE TABLE packages_debian_file_metadata (
    CONSTRAINT check_e6e1fffcca CHECK ((char_length(architecture) <= 255))
 );

+CREATE TABLE packages_debian_group_architectures (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    distribution_id bigint NOT NULL,
+    name text NOT NULL,
+    CONSTRAINT check_ddb220164a CHECK ((char_length(name) <= 255))
+);
+
+CREATE SEQUENCE packages_debian_group_architectures_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE packages_debian_group_architectures_id_seq OWNED BY packages_debian_group_architectures.id;
+
 CREATE TABLE packages_debian_group_distributions (
    id bigint NOT NULL,
    created_at timestamp with time zone NOT NULL,
@@ -14807,6 +14825,24 @@ CREATE SEQUENCE packages_debian_group_distributions_id_seq

 ALTER SEQUENCE packages_debian_group_distributions_id_seq OWNED BY packages_debian_group_distributions.id;

+CREATE TABLE packages_debian_project_architectures (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    distribution_id bigint NOT NULL,
+    name text NOT NULL,
+    CONSTRAINT check_9c2e1c99d8 CHECK ((char_length(name) <= 255))
+);
+
+CREATE SEQUENCE packages_debian_project_architectures_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE packages_debian_project_architectures_id_seq OWNED BY packages_debian_project_architectures.id;
+
 CREATE TABLE packages_debian_project_distributions (
    id bigint NOT NULL,
    created_at timestamp with time zone NOT NULL,
@@ -18787,8 +18823,12 @@ ALTER TABLE ONLY packages_conan_file_metadata ALTER COLUMN id SET DEFAULT nextva

 ALTER TABLE ONLY packages_conan_metadata ALTER COLUMN id SET DEFAULT nextval('packages_conan_metadata_id_seq'::regclass);

+ALTER TABLE ONLY packages_debian_group_architectures ALTER COLUMN id SET DEFAULT nextval('packages_debian_group_architectures_id_seq'::regclass);
+
 ALTER TABLE ONLY packages_debian_group_distributions ALTER COLUMN id SET DEFAULT nextval('packages_debian_group_distributions_id_seq'::regclass);

+ALTER TABLE ONLY packages_debian_project_architectures ALTER COLUMN id SET DEFAULT nextval('packages_debian_project_architectures_id_seq'::regclass);
+
 ALTER TABLE ONLY packages_debian_project_distributions ALTER COLUMN id SET DEFAULT nextval('packages_debian_project_distributions_id_seq'::regclass);

 ALTER TABLE ONLY packages_dependencies ALTER COLUMN id SET DEFAULT nextval('packages_dependencies_id_seq'::regclass);
@@ -20145,9 +20185,15 @@ ALTER TABLE ONLY packages_conan_metadata
 ALTER TABLE ONLY packages_debian_file_metadata
    ADD CONSTRAINT packages_debian_file_metadata_pkey PRIMARY KEY (package_file_id);

+ALTER TABLE ONLY packages_debian_group_architectures
+    ADD CONSTRAINT packages_debian_group_architectures_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY packages_debian_group_distributions
    ADD CONSTRAINT packages_debian_group_distributions_pkey PRIMARY KEY (id);

+ALTER TABLE ONLY packages_debian_project_architectures
+    ADD CONSTRAINT packages_debian_project_architectures_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY packages_debian_project_distributions
    ADD CONSTRAINT packages_debian_project_distributions_pkey PRIMARY KEY (id);

@@ -20867,6 +20913,10 @@ CREATE INDEX idx_packages_build_infos_on_package_id ON packages_build_infos USIN

 CREATE INDEX idx_packages_packages_on_project_id_name_version_package_type ON packages_packages USING btree (project_id, name, version, package_type);

+CREATE INDEX idx_pkgs_deb_grp_architectures_on_distribution_id ON packages_debian_group_architectures USING btree (distribution_id);
+
+CREATE INDEX idx_pkgs_deb_proj_architectures_on_distribution_id ON packages_debian_project_architectures USING btree (distribution_id);
+
 CREATE UNIQUE INDEX idx_pkgs_dep_links_on_pkg_id_dependency_id_dependency_type ON packages_dependency_links USING btree (package_id, dependency_id, dependency_type);

 CREATE INDEX idx_proj_feat_usg_on_jira_dvcs_cloud_last_sync_at_and_proj_id ON project_feature_usages USING btree (jira_dvcs_cloud_last_sync_at, project_id) WHERE (jira_dvcs_cloud_last_sync_at IS NOT NULL);
@@ -23303,6 +23353,10 @@ CREATE INDEX tmp_index_oauth_applications_on_id_where_trusted ON oauth_applicati

 CREATE INDEX tmp_index_on_vulnerabilities_non_dismissed ON vulnerabilities USING btree (id) WHERE (state <> 2);

+CREATE UNIQUE INDEX uniq_pkgs_deb_grp_architectures_on_distribution_id_and_name ON packages_debian_group_architectures USING btree (distribution_id, name);
+
+CREATE UNIQUE INDEX uniq_pkgs_deb_proj_architectures_on_distribution_id_and_name ON packages_debian_project_architectures USING btree (distribution_id, name);
+
 CREATE UNIQUE INDEX uniq_pkgs_debian_group_distributions_group_id_and_codename ON packages_debian_group_distributions USING btree (group_id, codename);

 CREATE UNIQUE INDEX uniq_pkgs_debian_group_distributions_group_id_and_suite ON packages_debian_group_distributions USING btree (group_id, suite);
@@ -24775,6 +24829,9 @@ ALTER TABLE ONLY issue_user_mentions
 ALTER TABLE ONLY merge_request_assignees
    ADD CONSTRAINT fk_rails_579d375628 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;

+ALTER TABLE ONLY packages_debian_project_architectures
+    ADD CONSTRAINT fk_rails_5808663adf FOREIGN KEY (distribution_id) REFERENCES packages_debian_project_distributions(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY clusters_applications_cilium
    ADD CONSTRAINT fk_rails_59dc12eea6 FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE CASCADE;

@@ -25561,6 +25618,9 @@ ALTER TABLE ONLY experiment_subjects
 ALTER TABLE ONLY ci_daily_build_group_report_results
    ADD CONSTRAINT fk_rails_ee072d13b3 FOREIGN KEY (last_pipeline_id) REFERENCES ci_pipelines(id) ON DELETE CASCADE;

+ALTER TABLE ONLY packages_debian_group_architectures
+    ADD CONSTRAINT fk_rails_ef667d1b03 FOREIGN KEY (distribution_id) REFERENCES packages_debian_group_distributions(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY label_priorities
    ADD CONSTRAINT fk_rails_ef916d14fa FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;


--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
--- a/doc/api/group_import_export.md
+++ b/doc/api/group_import_export.md
@@ -93,7 +93,7 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --form "name=i
 ```

 NOTE:
-The maximum import file size can be set by the Administrator, default is 50MB.
+The maximum import file size can be set by the Administrator, default is `0` (unlimited).
 As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](settings.md#change-application-settings) or the [Admin UI](../user/admin_area/settings/account_and_limit_settings.md).

 ## Important notes

--- a/doc/api/project_import_export.md
+++ b/doc/api/project_import_export.md
@@ -193,7 +193,7 @@ requests.post(url, headers=headers, data=data, files=files)
 ```

 NOTE:
-The maximum import file size can be set by the Administrator, default is 50MB.
+The maximum import file size can be set by the Administrator, default is `0` (unlimited)..
 As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](settings.md#change-application-settings) or the [Admin UI](../user/admin_area/settings/account_and_limit_settings.md).

 ## Import status

--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -307,7 +307,7 @@ listed in the descriptions of the relevant settings.
 | `maintenance_mode`                       | boolean          | no                                   | **(PREMIUM)** When instance is in maintenance mode, non-admin users can sign in with read-only access and make read-only API requests |
 | `max_artifacts_size`                     | integer          | no                                   | Maximum artifacts size in MB |
 | `max_attachment_size`                    | integer          | no                                   | Limit attachment size in MB |
-| `max_import_size`                        | integer          | no                                   | Maximum import size in MB. 0 for unlimited. Default = 50 |
+| `max_import_size`                        | integer          | no                                   | Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) |
 | `max_pages_size`                         | integer          | no                                   | Maximum size of pages repositories in MB |
 | `max_personal_access_token_lifetime`     | integer          | no                                   | **(ULTIMATE ONLY)** Maximum allowable lifetime for personal access tokens in days |
 | `metrics_method_call_threshold`          | integer          | no                                   | A method call is only tracked when it takes longer than the given amount of milliseconds. |

--- a/doc/user/gitlab_com/index.md
+++ b/doc/user/gitlab_com/index.md
@@ -114,7 +114,7 @@ or over the repository size limit, you can [reduce your repository size with Git
 | Setting                       | GitLab.com  | Default       |
 | -----------                   | ----------- | ------------- |
 | [Repository size including LFS](../admin_area/settings/account_and_limit_settings.md) | 10 GB       | Unlimited     |
-| Maximum import size           | 5 GB        | 50 MB         |
+| Maximum import size           | 5 GB        | Unlimited     |

 NOTE:
 `git push` and GitLab project imports are limited to 5 GB per request through Cloudflare. Git LFS and imports other than a file upload are not affected by this limit.

--- a/doc/user/group/settings/import_export.md
+++ b/doc/user/group/settings/import_export.md
@@ -76,7 +76,7 @@ For more details on the specific data persisted in a group export, see the
   file from there by clicking **Download export**, or generate a new file by clicking **Regenerate export**.

 NOTE:
-The maximum import file size can be set by the Administrator, default is 50MB.
+The maximum import file size can be set by the Administrator, default is `0` (unlimited).
 As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](../../../api/settings.md#change-application-settings) or the [Admin UI](../../admin_area/settings/account_and_limit_settings.md).

 ### Between CE and EE

--- a/doc/user/project/settings/import_export.md
+++ b/doc/user/project/settings/import_export.md
@@ -179,7 +179,7 @@ If use of the `Internal` visibility level
 all imported projects are given the visibility of `Private`.

 NOTE:
-The maximum import file size can be set by the Administrator, default is 50MB.
+The maximum import file size can be set by the Administrator, default is `0` (unlimited).
 As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](../../../api/settings.md#change-application-settings) or the [Admin Area UI](../../admin_area/settings/account_and_limit_settings.md).

 ### Project import status

--- a/ee/app/graphql/ee/resolvers/issues_resolver.rb
+++ b/ee/app/graphql/ee/resolvers/issues_resolver.rb
@@ -9,11 +9,11 @@ module EE
      prepended do
        argument :iteration_id, ::GraphQL::ID_TYPE.to_list_type,
                 required: false,
-                 description: 'Iterations applied to the issue'
+                 description: 'Iterations applied to the issue.'

        argument :epic_id, GraphQL::STRING_TYPE,
                 required: false,
-                 description: 'ID of an epic associated with the issues, "none" and "any" values are supported'
+                 description: 'ID of an epic associated with the issues, "none" and "any" values are supported.'
      end

      private

--- a/ee/app/graphql/ee/resolvers/namespace_projects_resolver.rb
+++ b/ee/app/graphql/ee/resolvers/namespace_projects_resolver.rb
@@ -9,7 +9,7 @@ module EE
        argument :has_vulnerabilities, GraphQL::BOOLEAN_TYPE,
                 required: false,
                 default_value: false,
-                 description: 'Returns only the projects which have vulnerabilities'
+                 description: 'Returns only the projects which have vulnerabilities.'
      end

      def resolve(include_subgroups:, search:, sort:, has_vulnerabilities: false)

--- a/ee/app/graphql/resolvers/board_groupings/epics_resolver.rb
+++ b/ee/app/graphql/resolvers/board_groupings/epics_resolver.rb
@@ -9,7 +9,7 @@ module Resolvers

      argument :issue_filters, Types::Boards::BoardIssueInputType,
               required: false,
-               description: 'Filters applied when selecting issues on the board'
+               description: 'Filters applied when selecting issues on the board.'

      type Types::Boards::BoardEpicType, null: true


--- a/ee/app/graphql/resolvers/boards/epic_boards_resolver.rb
+++ b/ee/app/graphql/resolvers/boards/epic_boards_resolver.rb
@@ -10,7 +10,7 @@ module Resolvers
      when_single do
        argument :id, ::Types::GlobalIDType[::Boards::EpicBoard],
                 required: true,
-                 description: 'Find an epic board by ID'
+                 description: 'Find an epic board by ID.'
      end

      alias_method :group, :object

--- a/ee/app/graphql/resolvers/ci/code_coverage_activities_resolver.rb
+++ b/ee/app/graphql/resolvers/ci/code_coverage_activities_resolver.rb
@@ -7,7 +7,7 @@ module Resolvers

      argument :start_date, Types::DateType,
                required: true,
-                description: 'First day for which to fetch code coverage activity (maximum time window is set to 90 days)'
+                description: 'First day for which to fetch code coverage activity (maximum time window is set to 90 days).'

      alias_method :group, :object


--- a/ee/app/graphql/resolvers/clusters/agents_resolver.rb
+++ b/ee/app/graphql/resolvers/clusters/agents_resolver.rb
@@ -12,7 +12,7 @@ module Resolvers
      when_single do
        argument :name, GraphQL::STRING_TYPE,
            required: true,
-            description: 'Name of the cluster agent'
+            description: 'Name of the cluster agent.'
      end

      alias_method :project, :object

--- a/ee/app/graphql/resolvers/dast_site_profile_resolver.rb
+++ b/ee/app/graphql/resolvers/dast_site_profile_resolver.rb
@@ -8,7 +8,7 @@ module Resolvers

    when_single do
      argument :id, ::Types::GlobalIDType[::DastSiteProfile], required: true,
-               description: "ID of the site profile"
+               description: "ID of the site profile."
    end

    def resolve(**args)

--- a/ee/app/graphql/resolvers/dast_site_validation_resolver.rb
+++ b/ee/app/graphql/resolvers/dast_site_validation_resolver.rb
@@ -7,7 +7,7 @@ module Resolvers
    type Types::DastSiteValidationType.connection_type, null: true

    argument :normalized_target_urls, [GraphQL::STRING_TYPE], required: false,
-             description: 'Normalized URL of the target to be scanned'
+             description: 'Normalized URL of the target to be scanned.'

    def resolve(**args)
      return DastSiteValidation.none unless allowed?

--- a/ee/app/graphql/resolvers/epics_resolver.rb
+++ b/ee/app/graphql/resolvers/epics_resolver.rb
@@ -7,48 +7,48 @@ module Resolvers

    argument :iid, GraphQL::ID_TYPE,
             required: false,
-             description: 'IID of the epic, e.g., "1"'
+             description: 'IID of the epic, e.g., "1".'

    argument :iids, [GraphQL::ID_TYPE],
             required: false,
-             description: 'List of IIDs of epics, e.g., [1, 2]'
+             description: 'List of IIDs of epics, e.g., [1, 2].'

    argument :state, Types::EpicStateEnum,
             required: false,
-             description: 'Filter epics by state'
+             description: 'Filter epics by state.'

    argument :search, GraphQL::STRING_TYPE,
             required: false,
-             description: 'Search query for epic title or description'
+             description: 'Search query for epic title or description.'

    argument :sort, Types::EpicSortEnum,
             required: false,
-             description: 'List epics by sort order'
+             description: 'List epics by sort order.'

    argument :author_username, GraphQL::STRING_TYPE,
             required: false,
-             description: 'Filter epics by author'
+             description: 'Filter epics by author.'

    argument :label_name, [GraphQL::STRING_TYPE],
             required: false,
-             description: 'Filter epics by labels'
+             description: 'Filter epics by labels.'

    argument :milestone_title, GraphQL::STRING_TYPE,
             required: false,
-             description: "Filter epics by milestone title, computed from epic's issues"
+             description: "Filter epics by milestone title, computed from epic's issues."

    argument :iid_starts_with, GraphQL::STRING_TYPE,
             required: false,
-             description: 'Filter epics by IID for autocomplete'
+             description: 'Filter epics by IID for autocomplete.'

    argument :include_descendant_groups, GraphQL::BOOLEAN_TYPE,
             required: false,
-             description: 'Include epics from descendant groups',
+             description: 'Include epics from descendant groups.',
             default_value: true

    argument :confidential, GraphQL::BOOLEAN_TYPE,
             required: false,
-             description: 'Filter epics by given confidentiality'
+             description: 'Filter epics by given confidentiality.'

    type Types::EpicType, null: true


--- a/ee/app/graphql/resolvers/geo/registries_resolver.rb
+++ b/ee/app/graphql/resolvers/geo/registries_resolver.rb
@@ -17,7 +17,7 @@ module Resolvers
        argument :ids,
                 [GraphQL::ID_TYPE],
                 required: false,
-                 description: 'Filters registries by their ID'
+                 description: 'Filters registries by their ID.'

        def resolve(ids: nil)
          return registry_class.none unless geo_node_is_current?

--- a/ee/app/graphql/resolvers/requirements_management/requirements_resolver.rb
+++ b/ee/app/graphql/resolvers/requirements_management/requirements_resolver.rb
@@ -10,11 +10,11 @@ module Resolvers

      argument :iid, GraphQL::ID_TYPE,
               required: false,
-               description: 'IID of the requirement, e.g., "1"'
+               description: 'IID of the requirement, e.g., "1".'

      argument :iids, [GraphQL::ID_TYPE],
               required: false,
-               description: 'List of IIDs of requirements, e.g., [1, 2]'
+               description: 'List of IIDs of requirements, e.g., [1, 2].'

      def resolve_with_lookahead(**args)
        # The project could have been loaded in batch by `BatchLoader`.

--- a/ee/app/graphql/resolvers/requirements_management/test_reports_resolver.rb
+++ b/ee/app/graphql/resolvers/requirements_management/test_reports_resolver.rb
@@ -5,7 +5,7 @@ module Resolvers
    class TestReportsResolver < BaseResolver
      argument :sort, Types::SortEnum,
               required: false,
-               description: 'List test reports by sort order'
+               description: 'List test reports by sort order.'

      type Types::RequirementsManagement::TestReportType, null: true


--- a/ee/app/graphql/resolvers/timelog_resolver.rb
+++ b/ee/app/graphql/resolvers/timelog_resolver.rb
@@ -8,19 +8,19 @@ module Resolvers

    argument :start_date, Types::TimeType,
              required: false,
-              description: 'List time logs within a date range where the logged date is equal to or after startDate'
+              description: 'List time logs within a date range where the logged date is equal to or after startDate.'

    argument :end_date, Types::TimeType,
              required: false,
-              description: 'List time logs within a date range where the logged date is equal to or before endDate'
+              description: 'List time logs within a date range where the logged date is equal to or before endDate.'

    argument :start_time, Types::TimeType,
              required: false,
-              description: 'List time-logs within a time range where the logged time is equal to or after startTime'
+              description: 'List time-logs within a time range where the logged time is equal to or after startTime.'

    argument :end_time, Types::TimeType,
              required: false,
-              description: 'List time-logs within a time range where the logged time is equal to or before endTime'
+              description: 'List time-logs within a time range where the logged time is equal to or before endTime.'

    def resolve_with_lookahead(**args)
      return Timelog.none unless timelogs_available_for_user?

--- a/ee/app/graphql/resolvers/vulnerabilities/issue_links_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities/issue_links_resolver.rb
@@ -7,7 +7,7 @@ module Resolvers

      argument :link_type, Types::Vulnerability::IssueLinkTypeEnum,
               required: false,
-               description: 'Filter issue links by link type'
+               description: 'Filter issue links by link type.'

      delegate :issue_links, :created_issue_links, to: :object, private: true


--- a/ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb
@@ -5,10 +5,10 @@ module Resolvers
    type Types::VulnerabilitiesCountByDayType, null: true

    argument :start_date, GraphQL::Types::ISO8601Date, required: true,
-              description: 'First day for which to fetch vulnerability history'
+              description: 'First day for which to fetch vulnerability history.'

    argument :end_date, GraphQL::Types::ISO8601Date, required: true,
-              description: 'Last day for which to fetch vulnerability history'
+              description: 'Last day for which to fetch vulnerability history.'

    def resolve(**args)
      return [] unless vulnerable

--- a/ee/app/graphql/resolvers/vulnerabilities_grade_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_grade_resolver.rb
@@ -7,7 +7,7 @@ module Resolvers
    argument :include_subgroups, GraphQL::BOOLEAN_TYPE,
              required: false,
              default_value: false,
-              description: 'Include grades belonging to subgroups'
+              description: 'Include grades belonging to subgroups.'

    def resolve(**args)
      ::Gitlab::Graphql::Aggregations::VulnerabilityStatistics::LazyAggregate

--- a/ee/app/graphql/resolvers/vulnerabilities_history_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_history_resolver.rb
@@ -9,10 +9,10 @@ module Resolvers
    type Types::VulnerabilitiesCountByDayAndSeverityType, null: true

    argument :start_date, GraphQL::Types::ISO8601Date, required: true,
-              description: 'First day for which to fetch vulnerability history'
+              description: 'First day for which to fetch vulnerability history.'

    argument :end_date, GraphQL::Types::ISO8601Date, required: true,
-              description: 'Last day for which to fetch vulnerability history'
+              description: 'Last day for which to fetch vulnerability history.'

    def resolve(**args)
      return [] unless vulnerable

--- a/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_resolver.rb
@@ -8,36 +8,36 @@ module Resolvers

    argument :project_id, [GraphQL::ID_TYPE],
             required: false,
-             description: 'Filter vulnerabilities by project'
+             description: 'Filter vulnerabilities by project.'

    argument :report_type, [Types::VulnerabilityReportTypeEnum],
             required: false,
-             description: 'Filter vulnerabilities by report type'
+             description: 'Filter vulnerabilities by report type.'

    argument :severity, [Types::VulnerabilitySeverityEnum],
             required: false,
-             description: 'Filter vulnerabilities by severity'
+             description: 'Filter vulnerabilities by severity.'

    argument :state, [Types::VulnerabilityStateEnum],
             required: false,
-             description: 'Filter vulnerabilities by state'
+             description: 'Filter vulnerabilities by state.'

    argument :scanner, [GraphQL::STRING_TYPE],
             required: false,
-             description: 'Filter vulnerabilities by VulnerabilityScanner.externalId'
+             description: 'Filter vulnerabilities by VulnerabilityScanner.externalId.'

    argument :sort, Types::VulnerabilitySortEnum,
             required: false,
             default_value: 'severity_desc',
-             description: 'List vulnerabilities by sort order'
+             description: 'List vulnerabilities by sort order.'

    argument :has_resolution, GraphQL::BOOLEAN_TYPE,
             required: false,
-             description: 'Returns only the vulnerabilities which have been resolved on default branch'
+             description: 'Returns only the vulnerabilities which have been resolved on default branch.'

    argument :has_issues, GraphQL::BOOLEAN_TYPE,
             required: false,
-             description: 'Returns only the vulnerabilities which have linked issues'
+             description: 'Returns only the vulnerabilities which have linked issues.'

    def resolve(**args)
      return Vulnerability.none unless vulnerable

--- a/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb
@@ -8,23 +8,23 @@ module Resolvers

    argument :project_id, [GraphQL::ID_TYPE],
             required: false,
-             description: 'Filter vulnerabilities by project'
+             description: 'Filter vulnerabilities by project.'

    argument :report_type, [Types::VulnerabilityReportTypeEnum],
             required: false,
-             description: 'Filter vulnerabilities by report type'
+             description: 'Filter vulnerabilities by report type.'

    argument :severity, [Types::VulnerabilitySeverityEnum],
             required: false,
-             description: 'Filter vulnerabilities by severity'
+             description: 'Filter vulnerabilities by severity.'

    argument :state, [Types::VulnerabilityStateEnum],
             required: false,
-             description: 'Filter vulnerabilities by state'
+             description: 'Filter vulnerabilities by state.'

    argument :scanner, [GraphQL::STRING_TYPE],
             required: false,
-             description: 'Filter vulnerabilities by scanner'
+             description: 'Filter vulnerabilities by scanner.'

    def resolve(**args)
      return Vulnerability.none unless vulnerable

--- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
@@ -37,7 +37,7 @@ secret_detection:
      when: never
    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
  script:
-    - if [[ $CI_COMMIT_TAG ]]; echo "Skipping Secret Detection for tags. No code changes have occurred."; then exit 0; fi
+    - if [[ $CI_COMMIT_TAG ]]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi
    - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME
    - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt
    - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt

--- a/spec/factories/packages/debian/group_architecture.rb
+++ b/spec/factories/packages/debian/group_architecture.rb
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :debian_group_architecture, class: 'Packages::Debian::GroupArchitecture' do
+    distribution { association(:debian_group_distribution) }
+
+    sequence(:name) { |n| "group-arch-#{n}" }
+  end
+end
--- a/spec/factories/packages/debian/project_architecture.rb
+++ b/spec/factories/packages/debian/project_architecture.rb
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :debian_project_architecture, class: 'Packages::Debian::ProjectArchitecture' do
+    distribution { association(:debian_project_distribution) }
+
+    sequence(:name) { |n| "project-arch-#{n}" }
+  end
+end
--- a/spec/models/packages/debian/group_architecture_spec.rb
+++ b/spec/models/packages/debian/group_architecture_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Packages::Debian::GroupArchitecture do
+  it_behaves_like 'Debian Distribution Architecture', :debian_group_architecture, :group, false
+end
--- a/spec/models/packages/debian/project_architecture_spec.rb
+++ b/spec/models/packages/debian/project_architecture_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Packages::Debian::ProjectArchitecture do
+  it_behaves_like 'Debian Distribution Architecture', :debian_project_architecture, :project, true
+end
--- a/spec/support/shared_examples/models/packages/debian/architecture_shared_examples.rb
+++ b/spec/support/shared_examples/models/packages/debian/architecture_shared_examples.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.shared_examples 'Debian Distribution Architecture' do |factory, container, can_freeze|
+  let_it_be_with_refind(:architecture) { create(factory) } # rubocop:disable Rails/SaveBang
+  let_it_be(:architecture_same_distribution, freeze: can_freeze) { create(factory, distribution: architecture.distribution) }
+  let_it_be(:architecture_same_name, freeze: can_freeze) { create(factory, name: architecture.name) }
+
+  subject { architecture }
+
+  describe 'relationships' do
+    it { is_expected.to belong_to(:distribution).class_name("Packages::Debian::#{container.capitalize}Distribution").inverse_of(:architectures) }
+  end
+
+  describe 'validations' do
+    describe "#distribution" do
+      it { is_expected.to validate_presence_of(:distribution) }
+    end
+
+    describe '#name' do
+      it { is_expected.to validate_presence_of(:name) }
+
+      it { is_expected.to allow_value('amd64').for(:name) }
+      it { is_expected.to allow_value('kfreebsd-i386').for(:name) }
+      it { is_expected.not_to allow_value('-a').for(:name) }
+      it { is_expected.not_to allow_value('AMD64').for(:name) }
+    end
+  end
+
+  describe 'scopes' do
+    describe '.with_distribution' do
+      subject { described_class.with_distribution(architecture.distribution) }
+
+      it 'does not return other distributions' do
+        expect(subject.to_a).to eq([architecture, architecture_same_distribution])
+      end
+    end
+
+    describe '.with_name' do
+      subject { described_class.with_name(architecture.name) }
+
+      it 'does not return other distributions' do
+        expect(subject.to_a).to eq([architecture, architecture_same_name])
+      end
+    end
+  end
+end
--- a/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb
+++ b/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb
@@ -15,6 +15,8 @@ RSpec.shared_examples 'Debian Distribution' do |factory, container, can_freeze|
  describe 'relationships' do
    it { is_expected.to belong_to(container) }
    it { is_expected.to belong_to(:creator).class_name('User') }
+
+    it { is_expected.to have_many(:architectures).class_name("Packages::Debian::#{container.capitalize}Architecture").inverse_of(:distribution) }
  end

  describe 'validations' do