Prepare 15.8.6 release for gitlab-jh

See merge request gitlab-cn/gitlab!1561

[merge-train skip]

[ci skip]

[merge-train skip]

[ci skip]

[ci skip]

[15.8] Fix automatically-retried jobs stuck in pending state

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117283



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mark Lapierre <mlapierre@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

This fixes an issue where concurrent runners would not pick up retried
builds due to the runner tick value not being invalidated.

Previously when a job failed, `Ci::RetryJobService` would clone the
failed job, add its own `after_commit` hooks, and immediately attempt
to start the pipeline. However, starting a pipeline loads its own
instances of `Ci::Build`, and for builds that are updated, the state
changes add their own `after_commit` hooks.

For a given transaction, Rails only runs one `after_commit` hook for a
specific model (see https://github.com/rails/rails/pull/45280), so the
`after_commit` hooks performed when starting the build would be
discarded. As a result, `BuildQueueWorker` was never executed for the
build, causing the runner tick value to be left in a stale
state. Other `run_after_commit` blocks were not executed as well, such
as build hooks.

To avoid this double `after_commit` business, move the starting of the
pipeline into the `run_after_commit` block of the cloned job. This
slightly delays the starting of the pipeline and the job, but it also
avoids starting a Sidekiq worker inside a transaction
(https://gitlab.com/gitlab-org/gitlab/-/issues/398229).

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/387775

Changelog: fixed

[15.8] Quarantine flaky test in spec/features/callouts/registration_enabled_spec.rb

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117304



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Jennifer Li <jli@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

This backports a single change from
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111605 for
the 15-8-stable-ee branch.

[merge-train skip]

[ci skip]

Prepare 15.8.5 release for gitlab-jh

See merge request gitlab-cn/gitlab!1517

Wenju Liu authored 2 years ago and JiHu Release Tools Bot committed 2 years ago

Skip danger-local for patch release prepare mr

See merge request gitlab-cn/gitlab!1445

(cherry picked from commit 50481bbe)

43531c62 Skip danger-local for patch release prepare mr

[merge-train skip]

[ci skip]

[ci skip]

Fix rubocop offenses in lib/gitlab/url_sanitizer.rb

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3175



Merged-by: Vladimir Glafirov <vglafirov@gitlab.com>
Approved-by: Sean McGivern <sean@gitlab.com>
Approved-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Co-authored-by: Alessio Caiazza <acaiazza@gitlab.com>

Merge branch 'fix-rubocop-url-sanitizer-' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3175

Changelog: security

Add checks to remove open redirects from Observability URL

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3032



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Ottilia Westerlund <owesterlund@gitlab.com>
Co-authored-by: Ankit Panchal <apanchal@gitlab.com>

Merge branch 'security-embed-remove-redirects-stable-15-8-ee' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3032

Changelog: security

Redirect to tree from project root on ref collision

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3134



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Vasilii Iakliushin <viakliushin@gitlab.com>
Co-authored-by: j.seto <jseto@gitlab.com>

Merge branch 'security-388962-ambiguous-branch-name-tree-view-simple-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3134

Changelog: security

Fixes soft email confirmation alert vulnerability

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3125



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Brian Williams <bwilliams@gitlab.com>
Co-authored-by: Jay Montal <jmontal@gitlab.com>

Merge branch 'security-fix-soft-email-confirmation-alert-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3125

Changelog: security

Restrict Prometheus API access on public projects

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3164



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vitali Tatarintev <vtatarintev@gitlab.com>
Co-authored-by: Peter Leitzen <pleitzen@gitlab.com>

Merge branch 'security-pl-dos-prometheus-endpoint-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3164

Changelog: security

Verify that users have access to the parent of the fork

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3085



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Co-authored-by: Vasilii Iakliushin <viakliushin@gitlab.com>

Merge branch 'security-fork-permission-15.10-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3085

Changelog: security

Protect webhook secrets by resetting url_variables

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3141



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Vitali Tatarintev <vtatarintev@gitlab.com>
Co-authored-by: bmarjanovic <bmarjanovic@gitlab.com>

Merge branch 'security-391685-confidential-issue-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3141

Changelog: security

Replace Unicode space chars with spaces

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3137



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Robert May <rmay@gitlab.com>
Co-authored-by: Igor Drozdov <idrozdov@gitlab.com>

Merge branch 'security-replace-unicode-space-characters-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3137

Changelog: security

Check access to parent when creating and updating epics

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3150



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Kerri Miller <kerrizor@kerrizor.com>
Co-authored-by: Eugenia Grieff <egrieff@gitlab.com>

Merge branch 'security-fix-create-epic-with-parent-permissions-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3150

Changelog: security

Improve Gitlab::UrlSanitizer regex to match more URIs

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3109



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Ethan Urie <eurie@gitlab.com>
Approved-by: Diogo Frazão <dfrazao@gitlab.com>
Co-authored-by: Joe Woodward <jwoodward@gitlab.com>

Merge branch 'security-url-sanitizer-15-8' into '15-8-stable-ee'

See merge request gitlab-org/security/gitlab!3109

Changelog: security