Automatic merge of gitlab-org/gitlab master

app/views/layouts/_matomo.html.haml

 <!-- Matomo -->
-- matomo_disable_cookies = extra_config.has_key?('matomo_disable_cookies') && extra_config.matomo_disable_cookies
 = javascript_tag do
   :plain
     var _paq = window._paq = window._paq || [];
     _paq.push(['trackPageView']);
     _paq.push(['enableLinkTracking']);
-    #{matomo_disable_cookies ? '_paq.push(["disableCookies"])' : ""};
+    #{extra_config.matomo_disable_cookies ? '_paq.push(["disableCookies"])' : ""};
     (function() {
       var u="//#{extra_config.matomo_url}/";
       _paq.push(['setTrackerUrl', u+'matomo.php']);

app/views/shared/issuable/_sidebar.html.haml

@@ -59,7 +59,7 @@
             = f.hidden_field 'milestone_id', value: milestone[:id], id: nil
             = dropdown_tag('Milestone', options: { title: _('Assign milestone'), toggle_class: 'js-milestone-select js-extra-options', filter: true, dropdown_class: 'dropdown-menu-selectable', placeholder: _('Search milestones'), data: { show_no: true, field_name: "#{issuable_type}[milestone_id]", project_id: issuable_sidebar[:project_id], issuable_id: issuable_sidebar[:id], ability_name: issuable_type, issue_update: issuable_sidebar[:issuable_json_path], use_id: true, default_no: true, selected: milestone[:title], null_default: true, display: 'static' }})
           - if @project.group.present? && issuable_sidebar[:supports_iterations]
-            = render_if_exists 'shared/issuable/iteration_select', can_edit: can_edit_issuable, group_path: @project.group.full_path, project_path: issuable_sidebar[:project_full_path], issue_iid: issuable_sidebar[:iid], issuable_type: issuable_type
+            = render_if_exists 'shared/issuable/iteration_select', can_edit: can_edit_issuable.to_s, group_path: @project.group.full_path, project_path: issuable_sidebar[:project_full_path], issue_iid: issuable_sidebar[:iid], issuable_type: issuable_type
 
       - if issuable_sidebar[:supports_time_tracking]
         #issuable-time-tracker.block

config/feature_flags/development/group_ci_cd_analytics_page.yml

@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/292601
 milestone: '13.8'
 type: development
 group: group::release
-default_enabled: false
+default_enabled: true

config/initializers/1_settings.rb

@@ -819,6 +819,7 @@ Settings.forti_token_cloud['enabled'] = false if Settings.forti_token_cloud['ena
 Settings['extra'] ||= Settingslogic.new({})
 Settings.extra['matomo_site_id'] ||= Settings.extra['piwik_site_id'] if Settings.extra['piwik_site_id'].present?
 Settings.extra['matomo_url'] ||= Settings.extra['piwik_url'] if Settings.extra['piwik_url'].present?
+Settings.extra['matomo_disable_cookies'] = false if Settings.extra['matomo_disable_cookies'].nil?
 
 #
 # Rack::Attack settings

doc/ci/runners/README.md

@@ -811,3 +811,38 @@ You can set them globally or per-job in the [`variables`](../yaml/README.md#vari
 ## System calls not available on GitLab.com shared runners
 
 GitLab.com shared runners run on CoreOS. This means that you cannot use some system calls, like `getlogin`, from the C standard library.
+
+## Artifact and cache settings
+
+> Introduced in GitLab Runner 13.9.
+
+Artifact and cache settings control the compression ratio of artifacts and caches.
+Use these settings to specify the size of the archive produced by a job.
+
+- On a slow network, uploads might be faster for smaller archives.
+- On a fast network where bandwidth and storage are not a concern, uploads might be faster using the fastest compression ratio, despite the archive produced being larger.
+
+For [GitLab Pages](../../user/project/pages/index.md) to serve
+[HTTP Range requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests), artifacts
+should use the `ARTIFACT_COMPRESSION_LEVEL: fastest` setting, as only uncompressed zip archives
+support this feature.
+
+A meter can also be enabled to provide the rate of transfer for uploads and downloads.
+
+```yaml
+variables:
+  # output upload and download progress every 2 seconds
+  TRANSFER_METER_FREQUENCY: "2s"
+
+  # Use fast compression for artifacts, resulting in larger archives
+  ARTIFACT_COMPRESSION_LEVEL: "fast"
+
+  # Use no compression for caches
+  CACHE_COMPRESSION_LEVEL: "fastest"
+```
+
+| Variable                        | Description                                            |
+|---------------------------------|--------------------------------------------------------|
+| `TRANSFER_METER_FREQUENCY`      | Specify how often to print the meter's transfer rate. It can be set to a duration (for example, `1s` or `1m30s`). A duration of `0` disables the meter (default). When a value is set, the pipeline shows a progress meter for artifact and cache uploads and downloads. |
+| `ARTIFACT_COMPRESSION_LEVEL`    | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |
+| `CACHE_COMPRESSION_LEVEL`       | To adjust compression ratio, set to `fastest`, `fast`, `default`, `slow`, or `slowest`. This setting works with the fastzip archiver only, so the GitLab Runner feature flag [`FF_USE_FASTZIP`](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags) must also be enabled. |

doc/ci/yaml/README.md

@@ -4358,6 +4358,9 @@ You can use [CI/CD variables](../variables/README.md) to configure runner Git be
 - [`GIT_FETCH_EXTRA_FLAGS`](../runners/README.md#git-fetch-extra-flags)
 - [`GIT_DEPTH`](../runners/README.md#shallow-cloning) (shallow cloning)
 - [`GIT_CLONE_PATH`](../runners/README.md#custom-build-directories) (custom build directories)
+- [`TRANSFER_METER_FREQUENCY`](../runners/README.md#artifact-and-cache-settings) (artifact/cache meter update frequency)
+- [`ARTIFACT_COMPRESSION_LEVEL`](../runners/README.md#artifact-and-cache-settings) (artifact archiver compression level)
+- [`CACHE_COMPRESSION_LEVEL`](../runners/README.md#artifact-and-cache-settings) (cache archiver compression level)
 
 You can also use variables to configure how many times a runner
 [attempts certain stages of job execution](../runners/README.md#job-stages-attempts).

doc/development/transient/prevention-patterns.md

@@ -8,6 +8,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 This page will cover architectural patterns and tips for developers to follow to prevent [transient bugs.](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#transient-bugs)
 
+## Common root causes
+
+We've noticed a few root causes that come up frequently when addressing transient bugs. 
+
+- Needs better state management in the backend or frontend.
+- Frontend code needs improvements.
+- Lack of test coverage.
+- Race conditions.
+
 ## Frontend
 
 ### Don't rely on response order

doc/user/application_security/dast/index.md

@@ -776,7 +776,7 @@ A site profile contains the following:
 - **Profile name**: A name you assign to the site to be scanned.
 - **Target URL**: The URL that DAST runs against.
 
-## Site profile validation
+### Site profile validation
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233020) in GitLab 13.8.
 
@@ -799,37 +799,51 @@ To create a site profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Select **Manage** in the **DAST Profiles** row.
-1. Select **New Profile > Site Profile**.
-1. Type in a unique **Profile name** and **Target URL** then select **Save profile**.
+1. Select **New > Site Profile**.
+1. Complete the fields then select **Save profile**.
+
+The site profile is created.
 
 ### Edit a site profile
 
 To edit an existing site profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
-1. Select **Edit** in the row of the profile to edit.
-1. Edit the **Profile name** and **Target URL**, then select **Save profile**.
+1. In the **DAST Profiles** row select **Manage**.
+1. Select the **Site Profiles** tab.
+1. In the profile's row select the **More actions** (**{ellipsis_v}**) menu, then select **Edit**.
+1. Edit the fields then select **Save profile**.
+
+The site profile is updated with the edited details.
 
 ### Delete a site profile
 
 To delete an existing site profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
-1. Select **{remove}** (Delete profile) in the row of the profile to delete.
+1. In the **DAST Profiles** row select **Manage**.
+1. Select the **Site Profiles** tab.
+1. In the profile's row select the **More actions** (**{ellipsis_v}**) menu, then select **Delete**.
+1. Select **Delete** to confirm the deletion.
+
+The site profile is deleted.
 
 ### Validate a site profile
 
+Prerequisites:
+
+- A site profile.
+
 To validate a site profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
-1. Select **Validate target site** beside the profile to validate.
+1. In the **DAST Profiles** row select **Manage**.
+1. Select the **Site Profiles** tab.
+1. In the profile's row select **Validate** or **Retry validation**.
 1. Select the validation method.
    1. For **Text file validation**:
       1. Download the validation file listed in **Step 2**.
-      1. Upload the validation file to the host. You can upload the file to the location in
+      1. Upload the validation file to the host. Upload the file to the location in
          **Step 3** or any location you prefer.
       1. Select **Validate**.
    1. For **Header validation**:
@@ -840,22 +854,23 @@ To validate a site profile:
 
 The site is validated and an active scan can run against it.
 
-If a validated site profile's target URL is edited, the site is no longer validated.
+If a validated site profile's target URL is edited, the site's validation status is revoked.
 
-### Revoke a site validation
+### Revoke a site profile's validation status
 
-To revoke validation from a site profile:
+Note that all site profiles with the same URL have their validation status revoked.
+
+To revoke a site profile's validation status:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Select **Manage** in the **DAST Profiles** row.
+1. In the **DAST Profiles** row select **Manage**.
 1. Select **Revoke validation** beside the validated profile.
-1. Select **Revoke validation**.
 
-The site profile's validation is revoked. An active scan cannot be run against it or any other profile with the same URL.
+The site profile's validation status is revoked.
 
 #### Validated site profile headers
 
-The following are code samples of how you could provide the required site profile header in your
+The following are code samples of how you can provide the required site profile header in your
 application.
 
 ##### Ruby on Rails example for on-demand scan
@@ -900,27 +915,26 @@ app.get('/dast-website-target', function(req, res) {
 ## Scanner profile
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/222767) in GitLab 13.4.
+> - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/225804) in GitLab 13.5: scan mode, AJAX spider, debug messages.
 
 A scanner profile defines the scanner settings used to run an on-demand scan:
 
 - **Profile name:** A name you give the scanner profile. For example, "Spider_15".
+- **Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
 - **Spider timeout:** The maximum number of minutes allowed for the spider to traverse the site.
 - **Target timeout:** The maximum number of seconds DAST waits for the site to be available before
   starting the scan.
-- **Scan mode:** A passive scan monitors all HTTP messages (requests and responses) sent to the target. An active scan attacks the target to find potential vulnerabilities.
 - **AJAX spider:**  Run the AJAX spider, in addition to the traditional spider, to crawl the target site.
 - **Debug messages:** Include debug messages in the DAST console output.
 
-Scan mode, AJAX spider, Debug messages are [added in GitLab 13.5](https://gitlab.com/gitlab-org/gitlab/-/issues/225804)
-
 ### Create a scanner profile
 
 To create a scanner profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
-1. Click **Manage** in the **DAST Profiles** row.
-1. Click **New Profile > Scanner Profile**.
-1. Enter a unique **Profile name**, the desired **Spider timeout**, and the **Target timeout**.
+1. In the **DAST Profiles** row select **Manage**.
+1. Select **New > Scanner Profile**.
+1. Complete the form. For details of each field, see [Scanner profile](#scanner-profile).
 1. Click **Save profile**.
 
 ### Edit a scanner profile
@@ -929,7 +943,12 @@ To edit a scanner profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Click **Manage** in the **DAST Profiles** row.
-1. Click **Edit** in the scanner profile's row.
+1. Select the **Scanner Profiles** tab.
+1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Edit**.
+1. Edit the form.
+1. Select **Save profile**.
+
+The scanner profile is updated with the edited details.
 
 ### Delete a scanner profile
 
@@ -937,7 +956,11 @@ To delete a scanner profile:
 
 1. From your project's home page, go to **Security & Compliance > Configuration**.
 1. Click **Manage** in the **DAST Profiles** row.
-1. Click **{remove}** (Delete profile) in the scanner profile's row.
+1. Select the **Scanner Profiles** tab.
+1. In the scanner's row select the **More actions** (**{ellipsis_v}**) menu, then select **Delete**.
+1. Select **Delete**.
+
+The scanner profile is deleted.
 
 ## Reports
 

doc/user/project/clusters/add_remove_clusters.md

@@ -387,3 +387,13 @@ If you encounter this error while adding a Kubernetes cluster, ensure you're
 properly pasting the service token. Some shells may add a line break to the
 service token, making it invalid. Ensure that there are no line breaks by
 pasting your token into an editor and removing any additional spaces.
+
+You may also experience this error if your certificate is not valid. To check that your certificate's
+subject alternative names contain the correct domain for your cluster's API, run this:
+
+```shell
+echo | openssl s_client -showcerts -connect kubernetes.example.com:443 2>/dev/null |
+openssl x509 -inform pem -noout -text
+```
+
+Note that the `-connect` argument expects a `host:port` combination. For example, `https://kubernetes.example.com` would be `kubernetes.example.com:443`.

ee/app/assets/javascripts/sidebar/mount_sidebar.js

@@ -101,7 +101,7 @@ function mountIterationSelect() {
       createElement('iteration-select', {
         props: {
           groupPath,
-          canEdit,
+          canEdit: parseBoolean(canEdit),
           projectPath,
           issueIid,
         },

ee/app/controllers/groups/analytics/ci_cd_analytics_controller.rb

@@ -8,6 +8,6 @@ class Groups::Analytics::CiCdAnalyticsController < Groups::Analytics::Applicatio
   before_action -> { authorize_view_by_action!(:view_group_ci_cd_analytics) }
 
   def show
-    render_404 unless Feature.enabled?(:group_ci_cd_analytics_page, @group)
+    render_404 unless Feature.enabled?(:group_ci_cd_analytics_page, @group, default_enabled: true)
   end
 end

ee/app/helpers/ee/groups_helper.rb

@@ -147,7 +147,7 @@ module EE
         links << :iterations
       end
 
-      if ::Feature.enabled?(:group_ci_cd_analytics_page, @group) && @group.feature_available?(:group_ci_cd_analytics) && can?(current_user, :view_group_ci_cd_analytics, @group)
+      if ::Feature.enabled?(:group_ci_cd_analytics_page, @group, default_enabled: true) && @group.feature_available?(:group_ci_cd_analytics) && can?(current_user, :view_group_ci_cd_analytics, @group)
         links << :group_ci_cd_analytics
       end
 

ee/changelogs/unreleased/nfriend-enable-group_ci_cd_analytics-f.yml

+---
+title: Add group-level CI/CD Analytics page with release stats
+merge_request: 53295
+author:
+type: added

ee/changelogs/unreleased/use-parse-boolean-for-iteration-can-edit-value.yml

+---
+title: Fix invalid prop error for canEdit prop in issue sidebar when user cannot edit iteration
+merge_request: 53819
+author:
+type: fixed

spec/views/layouts/_head.html.haml_spec.rb

@@ -92,7 +92,8 @@ RSpec.describe 'layouts/_head' do
     before do
       stub_config(extra: {
                     matomo_url: matomo_host,
-                    matomo_site_id: 12345
+                    matomo_site_id: 12345,
+                    matomo_disable_cookies: false
                   })
     end
 
@@ -101,43 +102,18 @@ RSpec.describe 'layouts/_head' do
 
       expect(rendered).to match(/<script.*>.*var u="\/\/#{matomo_host}\/".*<\/script>/m)
       expect(rendered).to match(%r(<noscript>.*<img src="//#{matomo_host}/matomo.php.*</noscript>))
+      expect(rendered).not_to include('_paq.push(["disableCookies"])')
     end
 
-    context 'matomo_disable_cookies' do
-      context 'when true' do
-        before do
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: true })
-        end
-
-        it 'disables cookies' do
-          render
-
-          expect(rendered).to include('_paq.push(["disableCookies"])')
-        end
+    context 'when matomo_disable_cookies is true' do
+      before do
+        stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: true })
       end
 
-      context 'when false' do
-        before do
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345, matomo_disable_cookies: false })
-        end
-
-        it 'does not disable cookies' do
-          render
-
-          expect(rendered).not_to include('_paq.push(["disableCookies"])')
-        end
-      end
-
-      context 'when absent' do
-        before do
-          stub_config(extra: { matomo_url: matomo_host, matomo_site_id: 12345 })
-        end
-
-        it 'does not disable cookies' do
-          render
+      it 'disables cookies' do
+        render
 
-          expect(rendered).not_to include('_paq.push(["disableCookies"])')
-        end
+        expect(rendered).to include('_paq.push(["disableCookies"])')
       end
     end
   end