Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -417,7 +417,7 @@ end
 
 gem 'octokit', '~> 4.9'
 
-gem 'mail_room', '~> 0.9.1'
+gem 'mail_room', '~> 0.10.0'
 
 gem 'email_reply_trimmer', '~> 0.1'
 gem 'html2text'

Gemfile.lock

@@ -593,7 +593,7 @@ GEM
     lumberjack (1.0.13)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    mail_room (0.9.1)
+    mail_room (0.10.0)
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
     marginalia (1.8.0)
@@ -1247,7 +1247,7 @@ DEPENDENCIES
   licensee (~> 8.9)
   lograge (~> 0.5)
   loofah (~> 2.2)
-  mail_room (~> 0.9.1)
+  mail_room (~> 0.10.0)
   marginalia (~> 1.8.0)
   memory_profiler (~> 0.9)
   method_source (~> 0.8)

app/assets/javascripts/blob/openapi/index.js

+import { SwaggerUIBundle } from 'swagger-ui-dist';
+import flash from '~/flash';
+import { __ } from '~/locale';
+
+export default () => {
+  const el = document.getElementById('js-openapi-viewer');
+
+  Promise.all([import(/* webpackChunkName: 'openapi' */ 'swagger-ui-dist/swagger-ui.css')])
+    .then(() => {
+      SwaggerUIBundle({
+        url: el.dataset.endpoint,
+        dom_id: '#js-openapi-viewer',
+      });
+    })
+    .catch(error => {
+      flash(__('Something went wrong while initializing the OpenAPI viewer'));
+      throw error;
+    });
+};

app/assets/javascripts/blob/openapi_viewer.js

+import renderOpenApi from './openapi';
+
+export default renderOpenApi;

app/assets/javascripts/blob/viewer/index.js

@@ -39,6 +39,9 @@ export default class BlobViewer {
       case 'notebook':
         initViewer(import(/* webpackChunkName: 'notebook_viewer' */ '../notebook_viewer'));
         break;
+      case 'openapi':
+        initViewer(import(/* webpackChunkName: 'openapi_viewer' */ '../openapi_viewer'));
+        break;
       case 'pdf':
         initViewer(import(/* webpackChunkName: 'pdf_viewer' */ '../pdf_viewer'));
         break;

app/assets/javascripts/lib/utils/axios_utils.js

@@ -33,11 +33,9 @@ window.addEventListener('beforeunload', () => {
 
 // Ignore AJAX errors caused by requests
 // being cancelled due to browser navigation
-const { gon } = window;
-const featureFlagEnabled = gon && gon.features && gon.features.suppressAjaxNavigationErrors;
 axios.interceptors.response.use(
   response => response,
-  err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating, featureFlagEnabled),
+  err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating),
 );
 
 export default axios;

app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js

@@ -2,8 +2,8 @@
  * An Axios error interceptor that suppresses AJAX errors caused
  * by the request being cancelled when the user navigates to a new page
  */
-export default (err, isUserNavigating, featureFlagEnabled) => {
-  if (featureFlagEnabled && isUserNavigating && err.code === 'ECONNABORTED') {
+export default (err, isUserNavigating) => {
+  if (isUserNavigating && err.code === 'ECONNABORTED') {
     // If the user is navigating away from the current page,
     // prevent .then() and .catch() handlers from being
     // called by returning a Promise that never resolves

app/assets/stylesheets/framework/files.scss

@@ -486,3 +486,8 @@ span.idiff {
   overflow-y: auto;
   max-height: 20rem;
 }
+
+#js-openapi-viewer pre.version {
+  background-color: transparent;
+  border: transparent;
+}

app/controllers/application_controller.rb

@@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base
   end
 
   def log_exception(exception)
-    Gitlab::Sentry.track_exception(exception)
+    Gitlab::ErrorTracking.track_exception(exception)
 
     backtrace_cleaner = request.env["action_dispatch.backtrace_cleaner"]
     application_trace = ActionDispatch::ExceptionWrapper.new(backtrace_cleaner, exception).application_trace
@@ -533,7 +533,7 @@ class ApplicationController < ActionController::Base
   end
 
   def sentry_context(&block)
-    Gitlab::Sentry.with_context(current_user, &block)
+    Gitlab::ErrorTracking.with_context(current_user, &block)
   end
 
   def allow_gitaly_ref_name_caching

app/controllers/concerns/issuable_actions.rb

@@ -98,7 +98,7 @@ module IssuableActions
 
     error_message = "Destroy confirmation not provided for #{issuable.human_class_name}"
     exception = RuntimeError.new(error_message)
-    Gitlab::Sentry.track_exception(
+    Gitlab::ErrorTracking.track_exception(
       exception,
       project_path: issuable.project.full_path,
       issuable_type: issuable.class.name,

app/controllers/projects/ci/lints_controller.rb

@@ -8,11 +8,13 @@ class Projects::Ci::LintsController < Projects::ApplicationController
 
   def create
     @content = params[:content]
-    @error = Gitlab::Ci::YamlProcessor.validation_message(@content, yaml_processor_options)
-    @status = @error.blank?
+    result   = Gitlab::Ci::YamlProcessor.new_with_validation_errors(@content, yaml_processor_options)
 
-    if @error.blank?
-      @config_processor = Gitlab::Ci::YamlProcessor.new(@content, yaml_processor_options)
+    @error   = result.errors.join(', ')
+    @status  = result.valid?
+
+    if result.valid?
+      @config_processor = result.content
       @stages = @config_processor.stages
       @builds = @config_processor.builds
       @jobs = @config_processor.jobs

app/helpers/application_settings_helper.rb

@@ -232,6 +232,7 @@ module ApplicationSettingsHelper
       :metrics_port,
       :metrics_sample_interval,
       :metrics_timeout,
+      :minimum_password_length,
       :mirror_available,
       :pages_domain_verification_enabled,
       :password_authentication_enabled_for_web,

app/helpers/icons_helper.rb

@@ -44,7 +44,7 @@ module IconsHelper
   def sprite_icon(icon_name, size: nil, css_class: nil)
     if known_sprites&.exclude?(icon_name)
       exception = ArgumentError.new("#{icon_name} is not a known icon in @gitlab-org/gitlab-svg")
-      Gitlab::Sentry.track_and_raise_for_dev_exception(exception)
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception)
     end
 
     css_classes = []

app/helpers/users_helper.rb

@@ -57,7 +57,7 @@ module UsersHelper
 
     unless user.association(:status).loaded?
       exception = RuntimeError.new("Status was not preloaded")
-      Gitlab::Sentry.track_and_raise_for_dev_exception(exception, user: user.inspect)
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, user: user.inspect)
     end
 
     return unless user.status

app/models/application_setting.rb

@@ -46,6 +46,12 @@ class ApplicationSetting < ApplicationRecord
             presence: true,
             numericality: { only_integer: true, greater_than_or_equal_to: 0 }
 
+  validates :minimum_password_length,
+            presence: true,
+            numericality: { only_integer: true,
+                            greater_than_or_equal_to: DEFAULT_MINIMUM_PASSWORD_LENGTH,
+                            less_than_or_equal_to: Devise.password_length.max }
+
   validates :home_page_url,
             allow_blank: true,
             addressable_url: true,

app/models/application_setting_implementation.rb

@@ -30,6 +30,8 @@ module ApplicationSettingImplementation
     '/admin/session'
   ].freeze
 
+  DEFAULT_MINIMUM_PASSWORD_LENGTH = 8
+
   class_methods do
     def defaults
       {
@@ -106,6 +108,7 @@ module ApplicationSettingImplementation
         sourcegraph_enabled: false,
         sourcegraph_url: nil,
         sourcegraph_public_only: true,
+        minimum_password_length: DEFAULT_MINIMUM_PASSWORD_LENGTH,
         terminal_max_session_time: 0,
         throttle_authenticated_api_enabled: false,
         throttle_authenticated_api_period_in_seconds: 3600,

app/models/blob.rb

@@ -26,6 +26,7 @@ class Blob < SimpleDelegator
     BlobViewer::Markup,
     BlobViewer::Notebook,
     BlobViewer::SVG,
+    BlobViewer::OpenApi,
 
     BlobViewer::Image,
     BlobViewer::Sketch,

app/models/blob_viewer/open_api.rb

+# frozen_string_literal: true
+
+module BlobViewer
+  class OpenApi < Base
+    include Rich
+    include ClientSide
+
+    self.partial_name = 'openapi'
+    self.file_types = %i(openapi)
+    self.binary = false
+    # TODO: get an icon for OpenAPI
+    self.switcher_icon = 'file-pdf-o'
+    self.switcher_title = 'OpenAPI'
+  end
+end

app/models/ci/build.rb

@@ -289,7 +289,7 @@ module Ci
         begin
           build.deployment.drop!
         rescue => e
-          Gitlab::Sentry.track_and_raise_for_dev_exception(e, build_id: build.id)
+          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, build_id: build.id)
         end
 
         true

app/models/ci/persistent_ref.rb

@@ -26,7 +26,7 @@ module Ci
 
       create_ref(sha, path)
     rescue => e
-      Gitlab::Sentry
+      Gitlab::ErrorTracking
         .track_exception(e, pipeline_id: pipeline.id)
     end
 
@@ -37,7 +37,7 @@ module Ci
     rescue Gitlab::Git::Repository::NoRepository
       # no-op
     rescue => e
-      Gitlab::Sentry
+      Gitlab::ErrorTracking
         .track_exception(e, pipeline_id: pipeline.id)
     end
 

app/models/ci/pipeline.rb

@@ -638,6 +638,7 @@ module Ci
         variables.append(key: 'CI_COMMIT_BEFORE_SHA', value: before_sha)
         variables.append(key: 'CI_COMMIT_REF_NAME', value: source_ref)
         variables.append(key: 'CI_COMMIT_REF_SLUG', value: source_ref_slug)
+        variables.append(key: 'CI_COMMIT_BRANCH', value: ref) if branch?
         variables.append(key: 'CI_COMMIT_TAG', value: ref) if tag?
         variables.append(key: 'CI_COMMIT_MESSAGE', value: git_commit_message.to_s)
         variables.append(key: 'CI_COMMIT_TITLE', value: git_commit_full_title.to_s)

app/models/clusters/cluster.rb

@@ -335,7 +335,7 @@ module Clusters
     rescue Kubeclient::HttpError => e
       kubeclient_error_status(e.message)
     rescue => e
-      Gitlab::Sentry.track_exception(e, cluster_id: id)
+      Gitlab::ErrorTracking.track_exception(e, cluster_id: id)
 
       :unknown_failure
     else

app/models/clusters/concerns/application_core.rb

@@ -76,7 +76,7 @@ module Clusters
             message: error.message
           })
 
-          Gitlab::Sentry.track_exception(error, cluster_id: cluster&.id, application_id: id)
+          Gitlab::ErrorTracking.track_exception(error, cluster_id: cluster&.id, application_id: id)
         end
       end
     end

app/models/concerns/group_descendant.rb

@@ -52,7 +52,7 @@ module GroupDescendant
         issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/49404'
       }
 
-      Gitlab::Sentry.track_and_raise_for_dev_exception(exception, extras)
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, extras)
     end
 
     if parent.nil? && hierarchy_top.present?

app/models/concerns/storage/legacy_namespace.rb

@@ -37,7 +37,7 @@ module Storage
         send_update_instructions
         write_projects_repository_config
       rescue => e
-        Gitlab::Sentry.track_and_raise_for_dev_exception(e,
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e,
           full_path_before_last_save: full_path_before_last_save,
           full_path: full_path,
           action: 'move_dir')

app/models/merge_request.rb

@@ -1514,7 +1514,7 @@ class MergeRequest < ApplicationRecord
       end
     end
   rescue ActiveRecord::LockWaitTimeout => e
-    Gitlab::Sentry.track_exception(e)
+    Gitlab::ErrorTracking.track_exception(e)
     raise RebaseLockTimeout, REBASE_LOCK_MESSAGE
   end
 

app/models/upload.rb

@@ -104,7 +104,7 @@ class Upload < ApplicationRecord
     # Help sysadmins find missing upload files
     if persisted? && !exist
       exception = RuntimeError.new("Uploaded file does not exist")
-      Gitlab::Sentry.track_exception(exception, self.attributes)
+      Gitlab::ErrorTracking.track_exception(exception, self.attributes)
       Gitlab::Metrics.counter(:upload_file_does_not_exist_total, _('The number of times an upload record could not find its file')).increment
     end
 

app/models/uploads/local.rb

@@ -23,7 +23,7 @@ module Uploads
       unless in_uploads?(path)
         message = "Path '#{path}' is not in uploads dir, skipping"
         logger.warn(message)
-        Gitlab::Sentry.track_and_raise_for_dev_exception(
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(
           RuntimeError.new(message), uploads_dir: storage_dir)
         return
       end

app/models/user.rb

@@ -381,6 +381,11 @@ class User < ApplicationRecord
   # Class methods
   #
   class << self
+    # Devise method overridden to allow support for dynamic password lengths
+    def password_length
+      Gitlab::CurrentSettings.minimum_password_length..Devise.password_length.max
+    end
+
     # Devise method overridden to allow sign in with email or username
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup

app/services/ci/archive_trace_service.rb

@@ -46,7 +46,7 @@ module Ci
         message: "Failed to archive trace. message: #{error.message}.",
         job_id: job.id)
 
-      Gitlab::Sentry
+      Gitlab::ErrorTracking
         .track_and_raise_for_dev_exception(error,
                           issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/51502',
                           job_id: job.id )

app/services/ci/generate_exposed_artifacts_report_service.rb

@@ -15,7 +15,7 @@ module Ci
         data: data
       }
     rescue => e
-      Gitlab::Sentry.track_exception(e, project_id: project.id)
+      Gitlab::ErrorTracking.track_exception(e, project_id: project.id)
       {
         status: :error,
         key: key(base_pipeline, head_pipeline),

app/services/ci/prepare_build_service.rb

@@ -13,7 +13,7 @@ module Ci
 
       build.enqueue!
     rescue => e
-      Gitlab::Sentry.track_exception(e, build_id: build.id)
+      Gitlab::ErrorTracking.track_exception(e, build_id: build.id)
 
       build.drop(:unmet_prerequisites)
     end

app/services/ci/register_job_service.rb

@@ -128,7 +128,7 @@ module Ci
     end
 
     def track_exception_for_build(ex, build)
-      Gitlab::Sentry.track_exception(ex,
+      Gitlab::ErrorTracking.track_exception(ex,
         build_id: build.id,
         build_name: build.name,
         build_stage: build.stage,

app/services/clusters/applications/base_helm_service.rb

@@ -21,7 +21,7 @@ module Clusters
           group_ids: app.cluster.group_ids
         }
 
-        Gitlab::Sentry.track_exception(error, meta)
+        Gitlab::ErrorTracking.track_exception(error, meta)
       end
 
       def log_event(event)

app/services/projects/container_repository/delete_tags_service.rb

@@ -51,7 +51,7 @@ module Projects
         digests = deleted_tags.values.uniq
 
         # rubocop: disable CodeReuse/ActiveRecord
-        Gitlab::Sentry.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many?
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many?
 
         deleted_tags
       end

app/services/projects/fork_service.rb

@@ -3,11 +3,16 @@
 module Projects
   class ForkService < BaseService
     def execute(fork_to_project = nil)
-      if fork_to_project
-        link_existing_project(fork_to_project)
-      else
-        fork_new_project
-      end
+      forked_project =
+        if fork_to_project
+          link_existing_project(fork_to_project)
+        else
+          fork_new_project
+        end
+
+      refresh_forks_count if forked_project&.saved?
+
+      forked_project
     end
 
     private
@@ -92,8 +97,7 @@ module Projects
     def link_fork_network(fork_to_project)
       return if fork_to_project.errors.any?
 
-      fork_to_project.fork_network_member.save &&
-        refresh_forks_count
+      fork_to_project.fork_network_member.save
     end
 
     def refresh_forks_count

app/services/projects/import_service.rb

@@ -25,13 +25,13 @@ module Projects
 
       success
     rescue Gitlab::UrlBlocker::BlockedUrlError => e
-      Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type)
+      Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type)
 
       error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: e.message })
     rescue => e
       message = Projects::ImportErrorFilter.filter_message(e.message)
 
-      Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type)
+      Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type)
 
       error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: message })
     end

app/services/prometheus/proxy_variable_substitution_service.rb

@@ -32,7 +32,7 @@ module Prometheus
       success(result)
     rescue TypeError, ArgumentError => exception
       log_error(exception.message)
-      Gitlab::Sentry.track_exception(exception, extra: {
+      Gitlab::ErrorTracking.track_exception(exception, extra: {
         template_string: query,
         variables: predefined_context
       })

app/services/users/build_service.rb

@@ -23,7 +23,7 @@ module Users
         @reset_token = user.generate_reset_token if params[:reset_password]
 
         if user_params[:force_random_password]
-          random_password = Devise.friendly_token.first(Devise.password_length.min)
+          random_password = Devise.friendly_token.first(User.password_length.min)
           user.password = user.password_confirmation = random_password
         end
       end

app/views/admin/application_settings/_signup.html.haml

@@ -12,6 +12,12 @@
         = f.check_box :send_user_confirmation_email, class: 'form-check-input'
         = f.label :send_user_confirmation_email, class: 'form-check-label' do
           Send confirmation email on sign-up
+    .form-group
+      = f.label :minimum_password_length, _('Minimum password length (number of characters)'), class: 'label-bold'
+      = f.number_field :minimum_password_length, class: 'form-control', rows: 4, min: ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH, max: Devise.password_length.max
+      - password_policy_guidelines_link = link_to _('Password Policy Guidelines'), 'https://about.gitlab.com/handbook/security/#gitlab-password-policy-guidelines', target: '_blank', rel: 'noopener noreferrer nofollow'
+      .form-text.text-muted
+        = _("See GitLab's %{password_policy_guidelines}").html_safe % { password_policy_guidelines: password_policy_guidelines_link }
     .form-group
       = f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'label-bold'
       = f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8

app/views/projects/blob/viewers/_openapi.html.haml

+.file-content#js-openapi-viewer{ data: { endpoint: blob_raw_path } }

app/workers/delete_stored_files_worker.rb

@@ -15,7 +15,7 @@ class DeleteStoredFilesWorker
     unless klass
       message = "Unknown class '#{class_name}'"
       logger.error(message)
-      Gitlab::Sentry.track_and_raise_for_dev_exception(RuntimeError.new(message))
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(RuntimeError.new(message))
       return
     end
 

app/workers/pages_domain_removal_cron_worker.rb

@@ -11,7 +11,7 @@ class PagesDomainRemovalCronWorker
     PagesDomain.for_removal.find_each do |domain|
       domain.destroy!
     rescue => e
-      Gitlab::Sentry.track_exception(e)
+      Gitlab::ErrorTracking.track_exception(e)
     end
   end
 end

app/workers/run_pipeline_schedule_worker.rb

@@ -38,7 +38,7 @@ class RunPipelineScheduleWorker
     Rails.logger.error "Failed to create a scheduled pipeline. " \
                        "schedule_id: #{schedule.id} message: #{error.message}"
 
-    Gitlab::Sentry
+    Gitlab::ErrorTracking
       .track_and_raise_for_dev_exception(error,
                        issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/41231',
                        schedule_id: schedule.id)

app/workers/stuck_ci_jobs_worker.rb

@@ -80,7 +80,7 @@ class StuckCiJobsWorker
   end
 
   def track_exception_for_build(ex, build)
-    Gitlab::Sentry.track_exception(ex,
+    Gitlab::ErrorTracking.track_exception(ex,
         build_id: build.id,
         build_name: build.name,
         build_stage: build.stage,

changelogs/unreleased/32115-structured-logging-mail_room.yml

+---
+title: Upgrade `mail_room` gem to 0.10.0 and enable structured logging
+merge_request: 19186
+author:
+type: added

changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml

+---
+title: Allow administrators to set a minimum password length
+merge_request: 20661
+author:
+type: added

changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml

+---
+title: Fix crash registry contains helm charts
+merge_request: 21381
+author:
+type: fixed

changelogs/unreleased/feat-openapi-viewer.yml

+---
+title: add OpenAPI file viewer
+merge_request: 21106
+author: Roger Meier
+type: added

changelogs/unreleased/make-workflow-rules-to-work.yml

+---
+title: Make `workflow:rules` to work well with Merge Requests
+merge_request: 21742
+author:
+type: changed

changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml

+---
+title: Ensure forks count cache refresh for source project
+merge_request: 21771
+author:
+type: fixed

changelogs/unreleased/yaml-processor-validation-errors.yml

+---
+title: Return multiple errors from CI linter
+merge_request: 21589
+author:
+type: added

config/gitlab.yml.example

@@ -181,6 +181,11 @@ production: &base
     mailbox: "inbox"
     # The IDLE command timeout.
     idle_timeout: 60
+    # The log file path for the structured log file.
+    # Since `mail_room` is run independently of Rails, an absolute path is preferred.
+    # The default is 'log/mail_room_json.log' relative to the root of the Rails app.
+    #
+    # log_path: log/mail_room_json.log
 
   ## Build Artifacts
   artifacts:

config/initializers/devise_dynamic_password_length_validation.rb

+# frozen_string_literal: true
+
+# Discard the default Devise length validation from the `User` model.
+
+# This needs to be discarded because the length validation provided by Devise does not
+# support dynamically checking for min and max lengths.
+
+# A new length validation has been added to the User model instead, to keep supporting
+# dynamic password length validations, like:
+
+# validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true
+
+def length_validator_supports_dynamic_length_checks?(validator)
+  validator.options[:minimum].is_a?(Proc) &&
+  validator.options[:maximum].is_a?(Proc)
+end
+
+# Get the in-built Devise validator on password length.
+password_length_validator = User.validators_on(:password).find do |validator|
+  validator.kind == :length
+end
+
+# This initializer can be removed as soon as https://github.com/plataformatec/devise/pull/5166
+# is merged into Devise.
+if length_validator_supports_dynamic_length_checks?(password_length_validator)
+  raise "Devise now supports dynamic length checks, please remove the monkey patch in #{__FILE__}"
+else
+  # discard the in-built length validator by always returning true
+  def password_length_validator.validate(*_)
+    true
+  end
+
+  # add a custom password length validator with support for dynamic length validation.
+  User.class_eval do
+    validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true
+  end
+end

config/initializers/forbid_sidekiq_in_transactions.rb

@@ -29,7 +29,7 @@ module Sidekiq
                 MSG
               rescue Sidekiq::Worker::EnqueueFromTransactionError => e
                 ::Rails.logger.error(e.message) if ::Rails.env.production?
-                Gitlab::Sentry.track_and_raise_for_dev_exception(e)
+                Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e)
               end
             end
 

config/initializers/sentry.rb

@@ -2,4 +2,4 @@
 
 require 'gitlab/current_settings'
 
-Gitlab::Sentry.configure
+Gitlab::ErrorTracking.configure

config/mail_room.yml

@@ -13,6 +13,8 @@
       :email: <%= config[:user].to_json %>
       :password: <%= config[:password].to_json %>
       :idle_timeout: <%= config[:idle_timeout].to_json %>
+      :logger:
+        :log_path: <%= config[:log_path].to_json %>
 
       :name: <%= config[:mailbox].to_json %>
 

db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb

+# frozen_string_literal: true
+
+class AddMinimumPasswordLengthToApplicationSettings < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  DEFAULT_MINIMUM_PASSWORD_LENGTH = 8
+
+  def change
+    add_column(:application_settings, :minimum_password_length, :integer, default: DEFAULT_MINIMUM_PASSWORD_LENGTH, null: false)
+  end
+end

db/post_migrate/20191205084057_update_minimum_password_length.rb

+# frozen_string_literal: true
+
+class UpdateMinimumPasswordLength < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def up
+    value_to_be_updated_to = [
+      Devise.password_length.min,
+      ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH
+    ].max
+
+    execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}"
+
+    ApplicationSetting.expire
+  end
+
+  def down
+    value_to_be_updated_to = ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH
+
+    execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}"
+
+    ApplicationSetting.expire
+  end
+end

db/schema.rb

@@ -351,6 +351,7 @@ ActiveRecord::Schema.define(version: 2019_12_08_071112) do
     t.string "sourcegraph_url", limit: 255
     t.boolean "sourcegraph_public_only", default: true, null: false
     t.bigint "snippet_size_limit", default: 52428800, null: false
+    t.integer "minimum_password_length", default: 8, null: false
     t.text "encrypted_akismet_api_key"
     t.string "encrypted_akismet_api_key_iv", limit: 255
     t.text "encrypted_elasticsearch_aws_secret_access_key"

doc/administration/logs.md

@@ -360,6 +360,17 @@ Introduced in GitLab 12.3. This file lives in `/var/log/gitlab/gitlab-rails/migr
 Omnibus GitLab packages or in `/home/git/gitlab/log/migrations.log` for
 installations from source.
 
+## `mail_room_json.log` (default)
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/19186) in GitLab 12.6.
+
+This file lives in `/var/log/gitlab/mail_room/mail_room_json.log` for
+Omnibus GitLab packages or in `/home/git/gitlab/log/mail_room_json.log` for
+installations from source.
+
+This structured log file records internal activity in the `mail_room` gem.
+Its name and path are configurable, so the name and path may not match the above.
+
 ## Reconfigure Logs
 
 Reconfigure log files live in `/var/log/gitlab/reconfigure` for Omnibus GitLab

doc/ci/variables/predefined_variables.md

@@ -37,6 +37,7 @@ future GitLab releases.**
 | `CI_COMMIT_REF_SLUG`                          | 9.0    | all    | `$CI_COMMIT_REF_NAME` lowercased, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in URLs, host names and domain names.                                                                                                                                                                |
 | `CI_COMMIT_SHA`                               | 9.0    | all    | The commit revision for which project is built                                                                                                                                                                                                                                                                                                             |
 | `CI_COMMIT_SHORT_SHA`                         | 11.7   | all    | The first eight characters of `CI_COMMIT_SHA`                                                                                                                                                                                                                                                                                                              |
+| `CI_COMMIT_BRANCH`                            | 12.6   | 0.5    | The commit branch name. Present only when building branches.                                                                                                                                                                                                                                                                                                      |
 | `CI_COMMIT_TAG`                               | 9.0    | 0.5    | The commit tag name. Present only when building tags.                                                                                                                                                                                                                                                                                                      |
 | `CI_COMMIT_TITLE`                             | 10.8   | all    | The title of the commit - the full first line of the message                                                                                                                                                                                                                                                                                               |
 | `CI_CONCURRENT_ID`                            | all    | 11.10  | Unique ID of build execution within a single executor.                                                                                                                                                                                                                                                                                                     |

doc/development/logging.md

@@ -142,21 +142,21 @@ It should be noted that manual logging of exceptions is not allowed, as:
 1. It is very likely that manually logged exceptions will end-up across
    multiple files, which increases burden scraping all logging files.
 
-To avoid duplicating and having consistent behavior the `Gitlab::Sentry`
+To avoid duplicating and having consistent behavior the `Gitlab::ErrorTracking`
 provides helper methods to track exceptions:
 
-1. `Gitlab::Sentry.track_and_raise_exception`: this method logs,
+1. `Gitlab::ErrorTracking.track_and_raise_exception`: this method logs,
    sends exception to Sentry (if configured) and re-raises the exception,
-1. `Gitlab::Sentry.track_exception`: this method only logs
+1. `Gitlab::ErrorTracking.track_exception`: this method only logs
    and sends exception to Sentry (if configured),
-1. `Gitlab::Sentry.log_exception`: this method only logs the exception,
+1. `Gitlab::ErrorTracking.log_exception`: this method only logs the exception,
    and DOES NOT send the exception to Sentry,
-1. `Gitlab::Sentry.track_and_raise_for_dev_exception`: this method logs,
+1. `Gitlab::ErrorTracking.track_and_raise_for_dev_exception`: this method logs,
    sends exception to Sentry (if configured) and re-raises the exception
   for development and test enviroments.
 
-It is advised to only use `Gitlab::Sentry.track_and_raise_exception`
-and `Gitlab::Sentry.track_exception` as presented on below examples.
+It is advised to only use `Gitlab::ErrorTracking.track_and_raise_exception`
+and `Gitlab::ErrorTracking.track_exception` as presented on below examples.
 
 Consider adding additional extra parameters to provide more context
 for each tracked exception.
@@ -170,7 +170,7 @@ class MyService < ::BaseService
 
     success
   rescue => e
-    Gitlab::Sentry.track_exception(e, project_id: project.id)
+    Gitlab::ErrorTracking.track_exception(e, project_id: project.id)
 
     error('Exception occurred')
   end
@@ -184,7 +184,7 @@ class MyService < ::BaseService
 
     success
   rescue => e
-    Gitlab::Sentry.track_and_raise_exception(e, project_id: project.id)
+    Gitlab::ErrorTracking.track_and_raise_exception(e, project_id: project.id)
   end
 end
 ```

doc/security/password_length_limits.md

@@ -4,7 +4,19 @@ type: reference, howto
 
 # Custom password length limits
 
-The user password length is set to a minimum of 8 characters by default.
+By default, GitLab supports passwords with:
+
+- A minimum length of 8.
+- A maximum length of 128.
+
+GitLab administrators can modify password lengths:
+
+- Using configuration file.
+- [From](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) GitLab 12.6, using the GitLab UI.
+
+## Modify maximum password length using configuration file
+
+The user password length is set to a maximum of 128 characters by default.
 To change that for installations from source:
 
 1. Edit `devise_password_length.rb`:
@@ -18,15 +30,35 @@ To change that for installations from source:
 1. Change the new password length limits:
 
    ```ruby
-   config.password_length = 12..128
+   config.password_length = 12..135
    ```
 
    In this example, the minimum length is 12 characters, and the maximum length
-   is 128 characters.
+   is 135 characters.
 
 1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source)
    for the changes to take effect.
 
+NOTE: **Note:**
+From GitLab 12.6, the minimum password length set in this configuration file will be ignored. Minimum password lengths will now have to be modified via the [GitLab UI](#modify-minimum-password-length-using-gitlab-ui) instead.
+
+## Modify minimum password length using GitLab UI
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) in GitLab 12.6
+
+The user password length is set to a minimum of 8 characters by default.
+To change that using GitLab UI:
+
+In the Admin area under **Settings** (`/admin/application_settings`), go to section **Sign-up Restrictions**.
+
+[Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png)
+
+Set the **Minimum password length** to a value greater than or equal to 8 and hit **Save changes** to save the changes.
+
+CAUTION: **Caution:**
+Changing minimum or maximum limit does not affect existing user passwords in any manner. Existing users will not be asked to reset their password to adhere to the new limits.
+The new limit restriction will only apply during new user sign-ups and when an existing user performs a password reset.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

doc/user/admin_area/settings/sign_up_restrictions.md

@@ -19,6 +19,13 @@ their email address before they are allowed to sign in.
 
 ![Email confirmation](img/email_confirmation.png)
 
+## Minimum password length limit
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) in GitLab 12.6
+
+You can [change](../../../security/password_length_limits.md#modify-minimum-password-length-using-gitlab-ui)
+the minimum number of characters a user must have in their password using the GitLab UI.
+
 ## Whitelist email domains
 
 > [Introduced][ce-598] in GitLab 7.11.0

doc/user/gitlab_com/index.md

@@ -355,19 +355,44 @@ GitLab.com:
   set to the default.
 - Does not have the user and IP rate limits settings enabled.
 
+### Visibility settings
+
+On GitLab.com, projects, groups, and snippets created
+As of GitLab 12.2 (July 2019), projects, groups, and snippets have the
+[**Internal** visibility](../../public_access/public_access.md#internal-projects) setting [disabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/issues/12388).
+
+## GitLab.com Logging
+
+We use [Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd) to parse our logs. Fluentd sends our logs to
+[Stackdriver Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver) and [Cloud Pub/Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub).
+Stackdriver is used for storing logs long-term in Google Cold Storage (GCS). Cloud Pub/Sub
+is used to forward logs to an [Elastic cluster](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) using [pubsubbeat](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms).
+
+You can view more information in our runbooks such as:
+
+- A [detailed list of what we're logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#what-are-we-logging)
+- Our [current log retention policies](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#retention)
+- A [diagram of our logging infrastructure](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#logging-infrastructure-overview)
+
 ## GitLab.com at scale
 
 In addition to the GitLab Enterprise Edition Omnibus install, GitLab.com uses
 the following applications and settings to achieve scale. All settings are
 publicly available at [chef cookbooks](https://gitlab.com/gitlab-cookbooks).
 
-### ELK
+### Elastic Cluster
 
-We use Elasticsearch, logstash, and Kibana for part of our monitoring solution:
+We use Elasticsearch and Kibana for part of our monitoring solution:
 
 - [`gitlab-cookbooks` / `gitlab-elk` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab-elk)
 - [`gitlab-cookbooks` / `gitlab_elasticsearch` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_elasticsearch)
 
+### Fluentd
+
+We use Fluentd to unify our GitLab logs:
+
+- [`gitlab-cookbooks` / `gitlab_fluentd` · GitLab](https://gitlab.com/gitlab-cookbooks/gitlab_fluentd)
+
 ### Prometheus
 
 Prometheus complete our monitoring stack:
@@ -407,11 +432,3 @@ High Performance TCP/HTTP Load Balancer:
 [unicorn-worker-killer]: https://rubygems.org/gems/unicorn-worker-killer "unicorn-worker-killer"
 [4010]: https://gitlab.com/gitlab-com/infrastructure/issues/4010 "Find a good value for maximum timeout for Shared Runners"
 [4070]: https://gitlab.com/gitlab-com/infrastructure/issues/4070 "Configure per-runner timeout for shared-runners-manager-X on GitLab.com"
-
-## Group and project settings
-
-On GitLab.com, projects, groups, and snippets created
-after July 2019 have the `Internal` visibility setting disabled.
-
-You can read more about the change in the
-[relevant issue](https://gitlab.com/gitlab-org/gitlab/issues/12388).

lib/api/helpers.rb

@@ -384,8 +384,8 @@ module API
     def handle_api_exception(exception)
       if report_exception?(exception)
         define_params_for_grape_middleware
-        Gitlab::Sentry.with_context(current_user) do
-          Gitlab::Sentry.track_exception(exception, params)
+        Gitlab::ErrorTracking.with_context(current_user) do
+          Gitlab::ErrorTracking.track_exception(exception, params)
         end
       end
 

lib/container_registry/tag.rb

@@ -83,6 +83,8 @@ module ContainerRegistry
 
       strong_memoize(:created_at) do
         DateTime.rfc3339(config['created'])
+      rescue ArgumentError
+        nil
       end
     end
 

lib/gitlab/bitbucket_import/importer.rb

@@ -45,7 +45,7 @@ module Gitlab
         backtrace = Gitlab::Profiler.clean_backtrace(ex.backtrace)
         error = { type: :pull_request, iid: pull_request.iid, errors: ex.message, trace: backtrace, raw_response: pull_request.raw }
 
-        Gitlab::Sentry.log_exception(ex, error)
+        Gitlab::ErrorTracking.log_exception(ex, error)
 
         # Omit the details from the database to avoid blowing up usage in the error column
         error.delete(:trace)

lib/gitlab/bitbucket_server_import/importer.rb

@@ -133,7 +133,7 @@ module Gitlab
 
         log_info(stage: 'import_repository', message: 'finished import')
       rescue Gitlab::Shell::Error => e
-        Gitlab::Sentry.log_exception(
+        Gitlab::ErrorTracking.log_exception(
           e,
           stage: 'import_repository', message: 'failed import', error: e.message
         )
@@ -167,7 +167,7 @@ module Gitlab
           batch.each do |pull_request|
             import_bitbucket_pull_request(pull_request)
           rescue StandardError => e
-            Gitlab::Sentry.log_exception(
+            Gitlab::ErrorTracking.log_exception(
               e,
               stage: 'import_pull_requests', iid: pull_request.iid, error: e.message
             )
@@ -182,7 +182,7 @@ module Gitlab
           client.delete_branch(project_key, repository_slug, branch.name, branch.sha)
           project.repository.delete_branch(branch.name)
         rescue BitbucketServer::Connection::ConnectionError => e
-          Gitlab::Sentry.log_exception(
+          Gitlab::ErrorTracking.log_exception(
             e,
             stage: 'delete_temp_branches', branch: branch.name, error: e.message
           )
@@ -297,7 +297,7 @@ module Gitlab
         # a regular note.
         create_fallback_diff_note(merge_request, comment, position)
       rescue StandardError => e
-        Gitlab::Sentry.log_exception(
+        Gitlab::ErrorTracking.log_exception(
           e,
           stage: 'create_diff_note', comment_id: comment.id, error: e.message
         )
@@ -338,7 +338,7 @@ module Gitlab
             merge_request.notes.create!(pull_request_comment_attributes(replies))
           end
         rescue StandardError => e
-          Gitlab::Sentry.log_exception(
+          Gitlab::ErrorTracking.log_exception(
             e,
             stage: 'import_standalone_pr_comments', merge_request_id: merge_request.id, comment_id: comment.id, error: e.message
           )

lib/gitlab/ci/config.rb

@@ -95,7 +95,7 @@ module Gitlab
       end
 
       def track_and_raise_for_dev_exception(error)
-        Gitlab::Sentry.track_and_raise_for_dev_exception(error, @context.sentry_payload)
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(error, @context.sentry_payload)
       end
 
       # Overriden in EE

lib/gitlab/ci/config/entry/job.rb

@@ -120,7 +120,7 @@ module Gitlab
 
           entry :only, Entry::Policy,
             description: 'Refs policy this job will be executed for.',
-            default: Entry::Policy::DEFAULT_ONLY,
+            default: ::Gitlab::Ci::Config::Entry::Policy::DEFAULT_ONLY,
             inherit: false
 
           entry :except, Entry::Policy,
@@ -177,11 +177,18 @@ module Gitlab
 
               @entries.delete(:type)
 
-              # This is something of a hack, see issue for details:
-              # https://gitlab.com/gitlab-org/gitlab/issues/31685
-              if !only_defined? && has_rules?
-                @entries.delete(:only)
-                @entries.delete(:except)
+              has_workflow_rules = deps&.workflow&.has_rules?
+
+              # If workflow:rules: or rules: are used
+              # they are considered not compatible
+              # with `only/except` defaults
+              #
+              # Context: https://gitlab.com/gitlab-org/gitlab/merge_requests/21742
+              if has_rules? || has_workflow_rules
+                # Remove only/except defaults
+                # defaults are not considered as defined
+                @entries.delete(:only) unless only_defined?
+                @entries.delete(:except) unless except_defined?
               end
             end
           end

lib/gitlab/ci/config/entry/root.rb

@@ -67,7 +67,7 @@ module Gitlab
           entry :workflow, Entry::Workflow,
             description: 'List of evaluable rules to determine Pipeline status'
 
-          helpers :default, :jobs, :stages, :types, :variables
+          helpers :default, :jobs, :stages, :types, :variables, :workflow
 
           delegate :before_script_value,
                    :image_value,
@@ -106,6 +106,10 @@ module Gitlab
             self[:default]
           end
 
+          def workflow
+            self[:workflow] if workflow_defined?
+          end
+
           private
 
           # rubocop: disable CodeReuse/ActiveRecord

lib/gitlab/ci/config/entry/workflow.rb

@@ -18,6 +18,10 @@ module Gitlab
           entry :rules, Entry::Rules,
             description: 'List of evaluable Rules to determine Pipeline status.',
             metadata: { allowed_when: %w[always never] }
+
+          def has_rules?
+            @config.try(:key?, :rules)
+          end
         end
       end
     end

lib/gitlab/ci/pipeline/chain/config/process.rb

@@ -21,7 +21,7 @@ module Gitlab
             rescue Gitlab::Ci::YamlProcessor::ValidationError => ex
               error(ex.message, config_error: true)
             rescue => ex
-              Gitlab::Sentry.track_exception(ex,
+              Gitlab::ErrorTracking.track_exception(ex,
                 project_id: project.id,
                 sha: @pipeline.sha
               )

lib/gitlab/ci/pipeline/chain/evaluate_workflow_rules.rb

@@ -9,7 +9,13 @@ module Gitlab
           include Chain::Helpers
 
           def perform!
-            return unless Feature.enabled?(:workflow_rules, @pipeline.project)
+            unless feature_enabled?
+              if has_workflow_rules?
+                error("Workflow rules are disabled", config_error: true)
+              end
+
+              return
+            end
 
             unless workflow_passed?
               error('Pipeline filtered out by workflow rules.')
@@ -17,13 +23,15 @@ module Gitlab
           end
 
           def break?
-            return false unless Feature.enabled?(:workflow_rules, @pipeline.project)
-
-            !workflow_passed?
+            @pipeline.errors.any? || @pipeline.persisted?
           end
 
           private
 
+          def feature_enabled?
+            Feature.enabled?(:workflow_rules, @pipeline.project, default_enabled: true)
+          end
+
           def workflow_passed?
             strong_memoize(:workflow_passed) do
               workflow_rules.evaluate(@pipeline, global_context).pass?
@@ -40,6 +48,10 @@ module Gitlab
               @pipeline, yaml_variables: workflow_config[:yaml_variables])
           end
 
+          def has_workflow_rules?
+            workflow_config[:rules].present?
+          end
+
           def workflow_config
             @command.config_processor.workflow_attributes || {}
           end

lib/gitlab/ci/yaml_processor.rb

@@ -9,6 +9,12 @@ module Gitlab
 
       attr_reader :stages, :jobs
 
+      ResultWithErrors = Struct.new(:content, :errors) do
+        def valid?
+          errors.empty?
+        end
+      end
+
       def initialize(config, opts = {})
         @ci_config = Gitlab::Ci::Config.new(config, **opts)
         @config = @ci_config.to_hash
@@ -22,6 +28,18 @@ module Gitlab
         raise ValidationError, e.message
       end
 
+      def self.new_with_validation_errors(content, opts = {})
+        return ResultWithErrors.new('', ['Please provide content of .gitlab-ci.yml']) if content.blank?
+
+        config = Gitlab::Ci::Config.new(content, **opts)
+        return ResultWithErrors.new("", config.errors) unless config.valid?
+
+        config = Gitlab::Ci::YamlProcessor.new(content, opts)
+        ResultWithErrors.new(config, [])
+      rescue ValidationError, Gitlab::Ci::Config::ConfigError => e
+        ResultWithErrors.new('', [e.message])
+      end
+
       def builds
         @jobs.map do |name, _|
           build_attributes(name)
@@ -42,6 +60,8 @@ module Gitlab
           yaml_variables: transform_to_yaml_variables(job_variables(name)),
           needs_attributes: job.dig(:needs, :job),
           interruptible: job[:interruptible],
+          only: job[:only],
+          except: job[:except],
           rules: job[:rules],
           cache: job[:cache],
           resource_group_key: job[:resource_group],
@@ -72,13 +92,7 @@ module Gitlab
 
       def stages_attributes
         @stages.uniq.map do |stage|
-          seeds = stage_builds_attributes(stage).map do |attributes|
-            job = @jobs.fetch(attributes[:name].to_sym)
-
-            attributes
-              .merge(only: job.fetch(:only, {}))
-              .merge(except: job.fetch(:except, {}))
-          end
+          seeds = stage_builds_attributes(stage)
 
           { name: stage, index: @stages.index(stage), builds: seeds }
         end

lib/gitlab/config/entry/configurable.rb

@@ -25,7 +25,6 @@ module Gitlab
           end
         end
 
-        # rubocop: disable CodeReuse/ActiveRecord
         def compose!(deps = nil)
           return unless valid?
 
@@ -35,11 +34,7 @@ module Gitlab
               # we can end with different config types like String
               next unless config.is_a?(Hash)
 
-              factory
-                .value(config[key])
-                .with(key: key, parent: self)
-
-              entries[key] = factory.create!
+              entry_create!(key, config[key])
             end
 
             yield if block_given?
@@ -49,6 +44,16 @@ module Gitlab
             end
           end
         end
+
+        # rubocop: disable CodeReuse/ActiveRecord
+        def entry_create!(key, value)
+          factory = self.class
+            .nodes[key]
+            .value(value)
+            .with(key: key, parent: self)
+
+          entries[key] = factory.create!
+        end
         # rubocop: enable CodeReuse/ActiveRecord
 
         def skip_config_hash_validation?

lib/gitlab/diff/file_collection/base.rb

@@ -31,7 +31,11 @@ module Gitlab
         end
 
         def diff_files
-          @diff_files ||= diffs.decorate! { |diff| decorate_diff!(diff) }
+          raw_diff_files
+        end
+
+        def raw_diff_files
+          @raw_diff_files ||= diffs.decorate! { |diff| decorate_diff!(diff) }
         end
 
         def diff_file_paths

lib/gitlab/diff/highlight.rb

@@ -35,7 +35,7 @@ module Gitlab
             # match the blob, which is a bug. But we shouldn't fail to render
             # completely in that case, even though we want to report the error.
             rescue RangeError => e
-              Gitlab::Sentry.track_and_raise_for_dev_exception(e, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/45441')
+              Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/45441')
             end
           end
 

lib/gitlab/diff/highlight_cache.rb

@@ -70,8 +70,6 @@ module Gitlab
 
       def cacheable_files
         strong_memoize(:cacheable_files) do
-          diff_files = @diff_collection.diff_files
-
           diff_files.select { |file| cacheable?(file) && read_file(file).nil? }
         end
       end
@@ -114,7 +112,7 @@ module Gitlab
 
       def file_paths
         strong_memoize(:file_paths) do
-          @diff_collection.diffs.collect(&:file_path)
+          diff_files.collect(&:file_path)
         end
       end
 
@@ -145,6 +143,14 @@ module Gitlab
       def cacheable?(diff_file)
         diffable.present? && diff_file.text? && diff_file.diffable?
       end
+
+      def diff_files
+        # We access raw_diff_files here, as diff_files will attempt to apply the
+        #   highlighting code found in this class, leading  to a circular
+        #   reference.
+        #
+        @diff_collection.raw_diff_files
+      end
     end
   end
 end

lib/gitlab/sentry.rb → lib/gitlab/error_tracking.rb

 # frozen_string_literal: true
 
 module Gitlab
-  module Sentry
+  module ErrorTracking
     class << self
       def configure
         Raven.configure do |config|
@@ -113,7 +113,7 @@ module Gitlab
 
           Gitlab::ExceptionLogFormatter.format!(exception, log_hash)
 
-          Gitlab::Sentry::Logger.error(log_hash)
+          Gitlab::ErrorTracking::Logger.error(log_hash)
         end
       end
 

lib/gitlab/sentry/logger.rb → lib/gitlab/error_tracking/logger.rb

 # frozen_string_literal: true
 
 module Gitlab
-  module Sentry
+  module ErrorTracking
     class Logger < ::Gitlab::JsonLogger
       def self.file_name_noext
         'exceptions_json'

lib/gitlab/file_detector.rb

@@ -36,7 +36,10 @@ module Gitlab
       podspec_json: %r{\A[^/]*\.podspec\.json\z},
       podspec: %r{\A[^/]*\.podspec\z},
       requirements_txt: %r{\A[^/]*requirements\.txt\z},
-      yarn_lock: 'yarn.lock'
+      yarn_lock: 'yarn.lock',
+
+      # OpenAPI Specification files
+      openapi: %r{.*(openapi|swagger).*\.(yaml|yml|json)\z}i
     }.freeze
 
     # Returns an Array of file types based on the given paths.

lib/gitlab/gitaly_client.rb

@@ -67,7 +67,7 @@ module Gitlab
         File.read(cert_file).scan(PEM_REGEX).map do |cert|
           OpenSSL::X509::Certificate.new(cert).to_pem
         rescue OpenSSL::OpenSSLError => e
-          Gitlab::Sentry.track_and_raise_for_dev_exception(e, cert_file: cert_file)
+          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file)
           nil
         end.compact
       end.uniq.join("\n")

lib/gitlab/github_import/importer/pull_request_importer.rb

@@ -91,7 +91,7 @@ module Gitlab
 
           project.repository.add_branch(project.creator, source_branch, pull_request.source_branch_sha)
         rescue Gitlab::Git::CommandError => e
-          Gitlab::Sentry.track_exception(e,
+          Gitlab::ErrorTracking.track_exception(e,
             source_branch: source_branch,
             project_id: merge_request.project.id,
             merge_request_id: merge_request.id)

lib/gitlab/gon_helper.rb

@@ -41,7 +41,6 @@ module Gitlab
 
       # Initialize gon.features with any flags that should be
       # made globally available to the frontend
-      push_frontend_feature_flag(:suppress_ajax_navigation_errors, default_enabled: true)
       push_frontend_feature_flag(:snippets_vue, default_enabled: false)
     end
 

lib/gitlab/gpg.rb

@@ -110,7 +110,7 @@ module Gitlab
         folder_contents = Dir.children(tmp_dir)
         # This means we left a GPG-agent process hanging. Logging the problem in
         # sentry will make this more visible.
-        Gitlab::Sentry.track_and_raise_for_dev_exception(e,
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e,
                                        issue_url: 'https://gitlab.com/gitlab-org/gitlab/issues/20918',
                                        tmp_dir: tmp_dir, contents: folder_contents)
       end

lib/gitlab/graphql/calls_gitaly/instrumentation.rb

@@ -32,7 +32,7 @@ module Gitlab
           # Will inform you if there needs to be `calls_gitaly: true` as a kwarg in the field declaration
           # if there is at least 1 Gitaly call involved with the field resolution.
           error = RuntimeError.new("Gitaly is called for field '#{type_object.name}' on #{type_object.owner.try(:name)} - please either specify a constant complexity or add `calls_gitaly: true` to the field declaration")
-          Gitlab::Sentry.track_and_raise_for_dev_exception(error)
+          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(error)
         end
       end
     end

lib/gitlab/graphql/query_analyzers/logger_analyzer.rb

@@ -18,7 +18,7 @@ module Gitlab
             variables: variables
           })
         rescue => e
-          Gitlab::Sentry.track_and_raise_for_dev_exception(e)
+          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e)
           default_initial_values(query)
         end
 
@@ -38,7 +38,7 @@ module Gitlab
 
           GraphqlLogger.info(memo.except!(:time_started, :query))
         rescue => e
-          Gitlab::Sentry.track_and_raise_for_dev_exception(e)
+          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e)
         end
 
         private

lib/gitlab/highlight.rb

@@ -61,7 +61,7 @@ module Gitlab
       tokens = lexer.lex(text, continue: continue)
       Timeout.timeout(timeout_time) { @formatter.format(tokens, tag: tag).html_safe }
     rescue Timeout::Error => e
-      Gitlab::Sentry.track_and_raise_for_dev_exception(e)
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e)
       highlight_plain(text)
     rescue
       highlight_plain(text)

lib/gitlab/import_export/relation_tree_restorer.rb

@@ -82,7 +82,7 @@ module Gitlab
       end
 
       def log_import_failure(relation_key, relation_index, exception)
-        Gitlab::Sentry.track_exception(exception,
+        Gitlab::ErrorTracking.track_exception(exception,
           project_id: @importable.id, relation_key: relation_key, relation_index: relation_index)
 
         ImportFailure.create(

lib/gitlab/import_export/shared.rb

@@ -56,7 +56,7 @@ module Gitlab
       end
 
       def error(error)
-        Gitlab::Sentry.track_exception(error, log_base_data)
+        Gitlab::ErrorTracking.track_exception(error, log_base_data)
 
         add_error_message(error.message)
       end

lib/gitlab/mail_room.rb

@@ -4,15 +4,21 @@ require 'yaml'
 require 'json'
 require_relative 'redis/queues' unless defined?(Gitlab::Redis::Queues)
 
+# This service is run independently of the main Rails process,
+# therefore the `Rails` class and its methods are unavailable.
+
 module Gitlab
   module MailRoom
+    RAILS_ROOT_DIR = Pathname.new('../..').expand_path(__dir__).freeze
+
     DEFAULT_CONFIG = {
       enabled: false,
       port: 143,
       ssl: false,
       start_tls: false,
       mailbox: 'inbox',
-      idle_timeout: 60
+      idle_timeout: 60,
+      log_path: RAILS_ROOT_DIR.join('log', 'mail_room_json.log')
     }.freeze
 
     class << self
@@ -33,7 +39,7 @@ module Gitlab
       def fetch_config
         return {} unless File.exist?(config_file)
 
-        config = YAML.load_file(config_file)[rails_env].deep_symbolize_keys[:incoming_email] || {}
+        config = load_from_yaml || {}
         config = DEFAULT_CONFIG.merge(config) do |_key, oldval, newval|
           newval.nil? ? oldval : newval
         end
@@ -47,6 +53,7 @@ module Gitlab
           end
         end
 
+        config[:log_path] = File.expand_path(config[:log_path], RAILS_ROOT_DIR)
         config
       end
 
@@ -57,6 +64,10 @@ module Gitlab
       def config_file
         ENV['MAIL_ROOM_GITLAB_CONFIG_FILE'] || File.expand_path('../../config/gitlab.yml', __dir__)
       end
+
+      def load_from_yaml
+        YAML.load_file(config_file)[rails_env].deep_symbolize_keys[:incoming_email]
+      end
     end
   end
 end

lib/gitlab/shell.rb

@@ -126,7 +126,7 @@ module Gitlab
 
       true
     rescue => e
-      Gitlab::Sentry.track_exception(e, path: path, new_path: new_path, storage: storage)
+      Gitlab::ErrorTracking.track_exception(e, path: path, new_path: new_path, storage: storage)
 
       false
     end
@@ -158,7 +158,7 @@ module Gitlab
       true
     rescue => e
       Rails.logger.warn("Repository does not exist: #{e} at: #{name}.git") # rubocop:disable Gitlab/RailsLogger
-      Gitlab::Sentry.track_exception(e, path: name, storage: storage)
+      Gitlab::ErrorTracking.track_exception(e, path: name, storage: storage)
 
       false
     end
@@ -267,7 +267,7 @@ module Gitlab
     def mv_namespace(storage, old_name, new_name)
       Gitlab::GitalyClient::NamespaceService.new(storage).rename(old_name, new_name)
     rescue GRPC::InvalidArgument => e
-      Gitlab::Sentry.track_exception(e, old_name: old_name, new_name: new_name, storage: storage)
+      Gitlab::ErrorTracking.track_exception(e, old_name: old_name, new_name: new_name, storage: storage)
 
       false
     end

lib/gitlab/usage_data_counters/base_counter.rb

@@ -8,7 +8,7 @@ module Gitlab::UsageDataCounters
 
     class << self
       def redis_key(event)
-        Gitlab::Sentry.track_and_raise_for_dev_exception(UnknownEvent.new, event: event) unless known_events.include?(event.to_s)
+        Gitlab::ErrorTracking.track_and_raise_for_dev_exception(UnknownEvent.new, event: event) unless known_events.include?(event.to_s)
 
         "USAGE_#{prefix}_#{event}".upcase
       end

lib/sentry/client.rb

@@ -62,7 +62,7 @@ module Sentry
     def handle_mapping_exceptions(&block)
       yield
     rescue KeyError => e
-      Gitlab::Sentry.track_exception(e)
+      Gitlab::ErrorTracking.track_exception(e)
       raise MissingKeysError, "Sentry API response is missing keys. #{e.message}"
     end
 
@@ -118,7 +118,7 @@ module Sentry
     def handle_request_exceptions
       yield
     rescue Gitlab::HTTP::Error => e
-      Gitlab::Sentry.track_exception(e)
+      Gitlab::ErrorTracking.track_exception(e)
       raise_error 'Error when connecting to Sentry'
     rescue Net::OpenTimeout
       raise_error 'Connection to Sentry timed out'
@@ -129,7 +129,7 @@ module Sentry
     rescue Errno::ECONNREFUSED
       raise_error 'Connection refused'
     rescue => e
-      Gitlab::Sentry.track_exception(e)
+      Gitlab::ErrorTracking.track_exception(e)
       raise_error "Sentry request failed due to #{e.class}"
     end
 

locale/gitlab.pot

@@ -4928,18 +4928,12 @@ msgstr ""
 msgid "Could not create group"
 msgstr ""
 
-msgid "Could not create issue"
-msgstr ""
-
 msgid "Could not create project"
 msgstr ""
 
 msgid "Could not delete chat nickname %{chat_name}."
 msgstr ""
 
-msgid "Could not fetch projects"
-msgstr ""
-
 msgid "Could not remove the trigger."
 msgstr ""
 
@@ -9923,9 +9917,6 @@ msgstr ""
 msgid "IssuesAnalytics|Total:"
 msgstr ""
 
-msgid "Issue|Title"
-msgstr ""
-
 msgid "It must have a header row and at least two columns: the first column is the issue title and the second column is the issue description. The separator is automatically detected."
 msgstr ""
 
@@ -11353,6 +11344,9 @@ msgstr ""
 msgid "Minimum length is %{minimum_password_length} characters."
 msgstr ""
 
+msgid "Minimum password length (number of characters)"
+msgstr ""
+
 msgid "Minutes"
 msgstr ""
 
@@ -11634,9 +11628,6 @@ msgstr ""
 msgid "New issue"
 msgstr ""
 
-msgid "New issue title"
-msgstr ""
-
 msgid "New label"
 msgstr ""
 
@@ -12509,6 +12500,9 @@ msgstr ""
 msgid "Password (optional)"
 msgstr ""
 
+msgid "Password Policy Guidelines"
+msgstr ""
+
 msgid "Password authentication is unavailable."
 msgstr ""
 
@@ -15799,6 +15793,9 @@ msgstr ""
 msgid "SecurityDashboard|Unable to add %{invalidProjects}"
 msgstr ""
 
+msgid "See GitLab's %{password_policy_guidelines}"
+msgstr ""
+
 msgid "See metrics"
 msgstr ""
 
@@ -16566,6 +16563,9 @@ msgstr ""
 msgid "Something went wrong while fetching the registry list."
 msgstr ""
 
+msgid "Something went wrong while initializing the OpenAPI viewer"
+msgstr ""
+
 msgid "Something went wrong while merging this merge request. Please try again."
 msgstr ""
 

package.json

@@ -113,6 +113,7 @@
     "stickyfilljs": "^2.0.5",
     "style-loader": "^1.0.0",
     "svg4everybody": "2.1.9",
+    "swagger-ui-dist": "^3.24.3",
     "three": "^0.84.0",
     "three-orbit-controls": "^82.1.0",
     "three-stl-loader": "^1.0.4",