Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/boards/index.js

@@ -332,6 +332,8 @@ export default () => {
             class="btn btn-success gl-ml-3"
             type="button"
             data-placement="bottom"
+            data-track-event="click_button"
+            data-track-label="board_add_issues"
             ref="addIssuesButton"
             :class="{ 'disabled': disabled }"
             :title="tooltipTitle"

app/assets/javascripts/issue.js

@@ -100,6 +100,13 @@ export default class Issue {
   initIssueBtnEventListeners() {
     const issueFailMessage = __('Unable to update this issue at this time.');
 
+    $('.report-abuse-link').on('click', e => {
+      // this is needed because of the implementation of
+      // the dropdown toggle and Report Abuse needing to be
+      // linked to another page.
+      e.stopPropagation();
+    });
+
     // NOTE: data attribute seems unnecessary but is actually necessary
     return $('.js-issuable-buttons[data-action="close-reopen"]').on(
       'click',

app/assets/javascripts/merge_request.js

@@ -66,6 +66,14 @@ MergeRequest.prototype.showAllCommits = function() {
 
 MergeRequest.prototype.initMRBtnListeners = function() {
   const _this = this;
+
+  $('.report-abuse-link').on('click', e => {
+    // this is needed because of the implementation of
+    // the dropdown toggle and Report Abuse needing to be
+    // linked to another page.
+    e.stopPropagation();
+  });
+
   return $('.btn-close, .btn-reopen').on('click', function(e) {
     const $this = $(this);
     const shouldSubmit = $this.hasClass('btn-comment');

app/assets/javascripts/notes/components/note_actions/reply_button.vue

 <script>
-import { GlTooltipDirective, GlDeprecatedButton, GlIcon } from '@gitlab/ui';
+import { GlTooltipDirective, GlButton } from '@gitlab/ui';
 
 export default {
   name: 'ReplyButton',
   components: {
-    GlIcon,
-    GlDeprecatedButton,
+    GlButton,
   },
   directives: {
     GlTooltip: GlTooltipDirective,
@@ -15,17 +14,17 @@ export default {
 
 <template>
   <div class="note-actions-item">
-    <gl-deprecated-button
+    <gl-button
       ref="button"
       v-gl-tooltip
-      class="note-action-button"
       data-track-event="click_button"
       data-track-label="reply_comment_button"
-      variant="transparent"
+      category="tertiary"
+      size="small"
+      icon="comment"
       :title="__('Reply to comment')"
+      :aria-label="__('Reply to comment')"
       @click="$emit('startReplying')"
-    >
-      <gl-icon name="comment" class="link-highlight" />
-    </gl-deprecated-button>
+    />
   </div>
 </template>

app/assets/javascripts/vue_shared/components/gl_mentions.vue

@@ -9,6 +9,7 @@ const AutoComplete = {
   Issues: 'issues',
   Labels: 'labels',
   Members: 'members',
+  MergeRequests: 'mergeRequests',
 };
 
 function doesCurrentLineStartWith(searchString, fullText, selectionStart) {
@@ -99,6 +100,14 @@ const autoCompleteMap = {
         ${icon}`;
     },
   },
+  [AutoComplete.MergeRequests]: {
+    filterValues() {
+      return this[AutoComplete.MergeRequests];
+    },
+    menuItemTemplate({ original }) {
+      return `<small>${original.reference || original.iid}</small> ${escape(original.title)}`;
+    },
+  },
 };
 
 export default {
@@ -139,6 +148,13 @@ export default {
               : `~${original.title}`,
           values: this.getValues(AutoComplete.Labels),
         },
+        {
+          trigger: '!',
+          lookup: value => value.iid + value.title,
+          menuItemTemplate: autoCompleteMap[AutoComplete.MergeRequests].menuItemTemplate,
+          selectTemplate: ({ original }) => original.reference || `!${original.iid}`,
+          values: this.getValues(AutoComplete.MergeRequests),
+        },
       ],
     });
 

app/assets/javascripts/vue_shared/components/markdown/field.vue

@@ -169,7 +169,7 @@ export default {
       emojis: this.enableAutocomplete,
       members: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
       issues: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
-      mergeRequests: this.enableAutocomplete,
+      mergeRequests: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
       epics: this.enableAutocomplete,
       milestones: this.enableAutocomplete,
       labels: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,

app/views/shared/issuable/_close_reopen_report_toggle.html.haml

@@ -39,10 +39,8 @@
 
       %li.divider.droplab-item-ignore
 
-      %li.report-item{ data: { text: _('Report abuse'), url: new_abuse_report_path(user_id: issuable.author.id, ref_url: issuable_url(issuable)),
-                       button_class: "#{button_class} btn-close-color", toggle_class: "#{toggle_class} btn-close-color", method: '' } }
-        %button.btn.btn-transparent
-          = icon('check', class: 'icon')
+      %li.report-item{ data: { text: _('Report abuse'), button_class: "#{button_class} btn-close-color", toggle_class: "#{toggle_class} btn-close-color", method: '' } }
+        %a.report-abuse-link{ :href =>  new_abuse_report_path(user_id: issuable.author.id, ref_url: issuable_url(issuable)) }
           .description
             %strong.title= _('Report abuse')
             %p.text

changelogs/unreleased/ss-fix-report-abuse-button.yml

+---
+title: Fix report abuse button in issues and mrs
+merge_request: 40918
+author:
+type: fixed

doc/administration/gitaly/praefect.md

@@ -238,12 +238,13 @@ this, replace value of the `POSTGRESQL_SERVER_ADDRESS` with corresponding IP or
 address of the PgBouncer instance.
 
 This documentation doesn't provide PgBouncer installation instructions,
-you can:
+but you can:
 
 - Find instructions on the [official website](https://www.pgbouncer.org/install.html).
 - Use a [Docker image](https://hub.docker.com/r/edoburu/pgbouncer/).
 
-In addition to base PgBouncer configuration options, set the following values:
+In addition to the base PgBouncer configuration options, set the following values in
+your `pgbouncer.ini` file:
 
 - The [Praefect PostgreSQL database](#postgresql) in the `[databases]` section:
 

doc/development/telemetry/snowplow.md

@@ -316,6 +316,11 @@ There are several tools for developing and testing Snowplow Event
 
 **{check-circle}** Available, **{status_preparing}** In progress, **{dotted-circle}** Not Planned
 
+### Preparing your MR for Review
+
+1. For frontend events, in the MR description section, add a screenshot of the event's relevant section using the [Snowplow Analytics Debugger](https://chrome.google.com/webstore/detail/snowplow-analytics-debugg/jbnlcgeengmijcghameodeaenefieedm) Chrome browser extension.
+1. For backend events, please use Snowplow Micro and add the output of the Snowplow Micro good events  `GET http://localhost:9090/micro/good`.
+
 ### Snowplow Analytics Debugger Chrome Extension
 
 Snowplow Analytics Debugger is a browser extension for testing frontend events. This works on production, staging and local development environments.

doc/operations/metrics/dashboards/variables.md

@@ -18,6 +18,7 @@ Queries that continue to use the old format will show no data.
 
 GitLab supports a limited set of [CI variables](../../../ci/variables/README.md) in the Prometheus query. This is particularly useful for identifying a specific environment, for example with `ci_environment_slug`. The supported variables are:
 
+- `environment_filter`
 - `ci_environment_slug`
 - `kube_namespace`
 - `ci_project_name`
@@ -29,6 +30,14 @@ GitLab supports a limited set of [CI variables](../../../ci/variables/README.md)
 NOTE: **Note:**
 Variables for Prometheus queries must be lowercase.
 
+### environment_filter
+
+`environment_filter` is automatically expanded to `container_name!="POD",environment="ENVIRONMENT_NAME"`
+where `ENVIRONMENT_NAME` is the name of the current environment.
+
+For example, a Prometheus query like `container_memory_usage_bytes{ {{environment_filter}} }`
+becomes `container_memory_usage_bytes{ container_name!="POD",environment="production" }`.
+
 ### __range
 
 The `__range` variable is useful in Prometheus

doc/user/application_security/index.md

@@ -67,6 +67,7 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Dependency List](dependency_list/index.md) **(ULTIMATE)**                   | View your project's dependencies and their known vulnerabilities.      |
 | [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)**           | Analyze your dependencies for known vulnerabilities.                   |
 | [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)**  | Analyze running web applications for known vulnerabilities.            |
+| [API fuzzing](api_fuzzing/index.md) **(ULTIMATE)**                 | Find unknown bugs and vulnerabilities in web APIs with fuzzing.    |
 | [Secret Detection](secret_detection/index.md) **(ULTIMATE)**                 | Analyze Git history for leaked secrets.                                |
 | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**             | View vulnerabilities in all your projects and groups.                  |
 | [Static Application Security Testing (SAST)](sast/index.md)                  | Analyze source code for known vulnerabilities.                         |

doc/user/packages/composer_repository/index.md

@@ -79,16 +79,17 @@ git push origin v1.0.0
 Now that the basics of our project is completed, we can publish the package.
 To publish the package, you need:
 
-- A personal access token. You can generate a [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `api` for repository authentication.
-   NOTE: **Note:**
+- A personal access token or `CI_JOB_TOKEN`.
 
-  [Deploy tokens](./../../project/deploy_tokens/index.md) are not yet supported for use with Composer.
+  ([Deploy tokens](./../../project/deploy_tokens/index.md) are not yet supported for use with Composer.)
 
 - Your project ID which can be found on the home page of your project.
 
 To publish the package hosted on GitLab, make a `POST` request to the GitLab package API.
 A tool like `curl` can be used to make this request:
 
+You can generate a [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `api` for repository authentication. For example:
+
 ```shell
 curl --data tag=<tag> 'https://__token__:<personal-access-token>@gitlab.com/api/v4/projects/<project_id>/packages/composer'
 ```
@@ -101,6 +102,21 @@ Where:
 
 If the above command succeeds, you now should be able to see the package under the **Packages & Registries** section of your project page.
 
+### Publishing the package with CI/CD
+
+To work with Composer commands within [GitLab CI/CD](./../../../ci/README.md), you can
+publish Composer packages by using `CI_JOB_TOKEN` in your `.gitlab-ci.yml` file:
+
+```yaml
+stages:
+  - deploy
+
+deploy:
+  stage: deploy
+  script:
+    - 'curl --header "Job-Token: $CI_JOB_TOKEN" --data tag=<tag> "https://gitlab.example.com/api/v4/projects/$CI_PROJECT_ID/packages/composer"'
+```
+
 ### Installing a package
 
 To install your package, you need:

doc/user/project/integrations/prometheus_library/nginx.md

@@ -18,6 +18,8 @@ The [Prometheus service](../prometheus.md) must be enabled.
 
 NGINX server metrics are detected, which tracks the pages and content directly served by NGINX.
 
+[`environment_filter`](../../../../operations/metrics/dashboards/variables.md#environment_filter) is one of the predefined variables that metrics dashboards support.
+
 | Name | Query |
 | ---- | ----- |
 | Throughput (req/sec) | `sum(rate(nginx_server_requests{server_zone!="*", server_zone!="_", %{environment_filter}}[2m])) by (code)` |

doc/user/project/settings/index.md

@@ -37,6 +37,9 @@ You can select a framework label to identify that your project has certain compl
 - SOC 2 - Service Organization Control 2
 - SOX - Sarbanes-Oxley
 
+NOTE: **Note:**
+Compliance framework labels do not affect your project settings.
+
 ### Sharing and permissions
 
 For your repository, you can set up features such as public access, repository features,

lib/gitlab/error_tracking.rb

@@ -26,6 +26,8 @@ module Gitlab
           # Sanitize fields based on those sanitized from Rails.
           config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
           config.processors << ::Gitlab::ErrorTracking::Processor::SidekiqProcessor
+          config.processors << ::Gitlab::ErrorTracking::Processor::GrpcErrorProcessor
+
           # Sanitize authentication headers
           config.sanitize_http_headers = %w[Authorization Private-Token]
           config.tags = extra_tags_from_env.merge(program: Gitlab.process_name)

lib/gitlab/error_tracking/processor/grpc_error_processor.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module ErrorTracking
+    module Processor
+      class GrpcErrorProcessor < ::Raven::Processor
+        DEBUG_ERROR_STRING_REGEX = RE2('(.*) debug_error_string:(.*)')
+
+        def process(value)
+          return value unless grpc_exception?(value)
+
+          process_message(value)
+          process_exception_values(value)
+          process_custom_fingerprint(value)
+
+          value
+        end
+
+        def grpc_exception?(value)
+          value[:exception] && value[:message].start_with?('GRPC::')
+        end
+
+        def process_message(value)
+          message, debug_str = split_debug_error_string(value[:message])
+
+          return unless message
+
+          value[:message] = message
+          extra = value[:extra] || {}
+          extra[:grpc_debug_error_string] = debug_str if debug_str
+        end
+
+        def process_exception_values(value)
+          exceptions = value.dig(:exception, :values)
+
+          return unless exceptions.is_a?(Array)
+
+          exceptions.each do |entry|
+            message, _ = split_debug_error_string(entry[:value])
+            entry[:value] = message if message
+          end
+        end
+
+        def process_custom_fingerprint(value)
+          fingerprint = value[:fingerprint]
+
+          return value unless custom_grpc_fingerprint?(fingerprint)
+
+          message, _ = split_debug_error_string(fingerprint[1])
+          fingerprint[1] = message if message
+        end
+
+        private
+
+        def custom_grpc_fingerprint?(fingerprint)
+          fingerprint.is_a?(Array) && fingerprint.length == 2 && fingerprint[0].start_with?('GRPC::')
+        end
+
+        def split_debug_error_string(message)
+          return unless message
+
+          match = DEBUG_ERROR_STRING_REGEX.match(message)
+
+          return unless match
+
+          [match[1], match[2]]
+        end
+      end
+    end
+  end
+end

qa/qa/page/merge_request/show.rb

@@ -131,7 +131,7 @@ module QA
 
         def add_comment_to_diff(text)
           wait_until(sleep_interval: 5) do
-            has_text?("No newline at end of file")
+            has_css?('a[data-linenumber="1"]')
           end
           all_elements(:new_diff_line, minimum: 1).first.hover
           click_element(:diff_comment)

spec/features/issuables/close_reopen_report_toggle_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe 'Issuables Close/Reopen/Report toggle' do
+  include IssuablesHelper
+
   let(:user) { create(:user) }
 
   shared_examples 'an issuable close/reopen/report toggle' do
@@ -27,19 +29,11 @@ RSpec.describe 'Issuables Close/Reopen/Report toggle' do
       expect(container).not_to have_selector('.reopen-item')
     end
 
-    it 'changes the button when an item is selected' do
-      button = container.find('.issuable-close-button')
-
-      container.find('.dropdown-toggle').click
-      container.find('.report-item').click
-
-      expect(container).not_to have_selector('.dropdown-menu')
-      expect(button).to have_content('Report abuse')
-
+    it 'links to Report Abuse' do
       container.find('.dropdown-toggle').click
-      container.find('.close-item').click
+      container.find('.report-abuse-link').click
 
-      expect(button).to have_content("Close #{human_model_name}")
+      expect(page).to have_content('Report abuse to admin')
     end
   end
 

spec/features/issues/gfm_autocomplete_spec.rb

@@ -763,6 +763,29 @@ RSpec.describe 'GFM autocomplete', :js do
       end
     end
 
+    shared_examples 'autocomplete suggestions' do
+      it 'suggests objects correctly' do
+        page.within '.timeline-content-form' do
+          find('#note-body').native.send_keys(object.class.reference_prefix)
+        end
+
+        page.within '.tribute-container' do
+          expect(page).to have_content(object.title)
+
+          find('ul li').click
+        end
+
+        expect(find('.new-note #note-body').value).to include(expected_body)
+      end
+    end
+
+    context 'merge requests' do
+      let(:object) { create(:merge_request, source_project: project) }
+      let(:expected_body) { object.to_reference }
+
+      it_behaves_like 'autocomplete suggestions'
+    end
+
     context 'when other notes are destroyed' do
       let!(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
 

spec/lib/gitlab/error_tracking/processor/grpc_error_processor_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::ErrorTracking::Processor::GrpcErrorProcessor do
+  describe '#process' do
+    subject { described_class.new }
+
+    context 'when there is no GRPC exception' do
+      let(:data) { { fingerprint: ['ArgumentError', 'Missing arguments'] } }
+
+      it 'leaves data unchanged' do
+        expect(subject.process(data)).to eq(data)
+      end
+    end
+
+    context 'when there is a GPRC exception with a debug string' do
+      let(:data) do
+        {
+          exception: {
+            values: [
+              {
+                value: "GRPC::DeadlineExceeded: 4:DeadlineExceeded. debug_error_string:{\"hello\":1}"
+              }
+            ]
+          },
+          extra: {
+            caller: 'test'
+          },
+          message: "GRPC::DeadlineExceeded: 4:DeadlineExceeded. debug_error_string:{\"hello\":1}",
+          fingerprint: [
+            "GRPC::DeadlineExceeded",
+            "4:Deadline Exceeded. debug_error_string:{\"created\":\"@1598938192.005782000\",\"description\":\"Error received from peer unix:/home/git/gitalypraefect.socket\",\"file\":\"src/core/lib/surface/call.cc\",\"file_line\":1055,\"grpc_message\":\"Deadline Exceeded\",\"grpc_status\":4}"
+          ]
+        }
+      end
+
+      let(:expected) do
+        {
+          message: "GRPC::DeadlineExceeded: 4:DeadlineExceeded.",
+          fingerprint: [
+            "GRPC::DeadlineExceeded",
+            "4:Deadline Exceeded."
+          ],
+          exception: {
+            values: [
+              {
+                value: "GRPC::DeadlineExceeded: 4:DeadlineExceeded."
+              }
+            ]
+          },
+          extra: {
+            caller: 'test',
+            grpc_debug_error_string: "{\"hello\":1}"
+         }
+        }
+      end
+
+      it 'removes the debug error string and stores it as an extra field' do
+        expect(subject.process(data)).to eq(expected)
+      end
+
+      context 'with no custom fingerprint' do
+        before do
+          data.delete(:fingerprint)
+          expected.delete(:fingerprint)
+        end
+
+        it 'removes the debug error string and stores it as an extra field' do
+          expect(subject.process(data)).to eq(expected)
+        end
+      end
+    end
+  end
+end