[merge-train skip]

[ci skip]

[ci skip]

Backport add Rake task to show token expiration info

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/159066



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Jon Glassman <jglassman@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Jon Glassman <jglassman@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

Update the token expiration banner (16.8)

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/159424



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Eduardo Sanz García <esanz-garcia@gitlab.com>

Reviews in 16.0-17.0 backports have introduced a few changes and we
would like to bring those to master:

- hide banner depending on `GITLAB_DISABLE_TOKEN_EXPIRATION_BANNER` env
  variable
- hide banner on tests
- updated banner message and use a namespace
- correct GitLab version check

Do not enqueue PAT expiry enforcement migration

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153469



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Alper Akgun <aakgun@gitlab.com>
Approved-by: Smriti Garg <sgarg@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: agius <andrew@atevans.com>

Changelog: changed

Backport token logging improvements

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/158518



Merged-by: John Skarbek <jskarbek@gitlab.com>
Approved-by: Harsha Muralidhar <hmuralidhar@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Sofia Vistas <svistas@gitlab.com>
Co-authored-by: Alex Pooley <apooley@gitlab.com>
Co-authored-by: Dylan Griffith <dyl.griffith@gmail.com>
Co-authored-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>

Fix order-dependent test failure in loose_foreign_keys_spec.rb

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160249



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: pkanellidis <pkanellidis@gitlab.com>

Changelog: other

Remove build-gdk-image, e2e:test-on-gdk, and retag-gdk-image jobs

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160102



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Drew Blessing <drew@gitlab.com>
Co-authored-by: Nao Hashizume <nhashizume@gitlab.com>

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157277 added the
`meta.auth_fail_reason` and `meta.auth_fail_token_id` log fields to
identify expired access tokens. This commit documents these fields.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/464652

Update for failing docs-lint

Update for failing docs-lint

Ideally we would remove these legacy scripts entirely or move
them into another section, but until we are confident that
this tool covers the needs of most users let's keep it for now.
We'll need to update the documentation as to what backported
GitLab versions contains this Rake task.

Update for failing docs-lint

Update for failing docs-lint

Update for failing docs-lint

This documents the Rake task added in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157855.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467416

Now that we've decided that admins can allow tokens to have
no expiration date, bring back the option to remove them.

Running `rake gitlab:tokens:edit` will provide an interface
to extend/remove tokens.

This task adds a Rake task `gitlab:tokens:analyze` and gives
a readout to the admin about:

- When the migration in 16.0 for
  https://gitlab.com/gitlab-org/gitlab/-/issues/369123 started and
  finished

- The top 10 expiration dates
  (https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157782)
  https://gitlab.com/gitlab-org/gitlab/-/issues/467313

There should be a strong correlation with the migration dates and the
expiration dates. Seeing both of them together helps focus on the
tokens that were assigned an `expires_at` field in the background
migration.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/467313

Changelog: added

Add more log fields in 401 Unauthorized requests

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157277



Merged-by: Alex Pooley <apooley@gitlab.com>
Approved-by: Tarun Vellishetty <tvellishetty@gitlab.com>
Approved-by: Shreyas Agarwal <sagarwal@gitlab.com>
Approved-by: Alex Pooley <apooley@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Reviewed-by: Alex Pooley <apooley@gitlab.com>
Reviewed-by: Shreyas Agarwal <sagarwal@gitlab.com>
Co-authored-by: smriti <sgarg@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>

Log token info for GraphQL requests

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148885



Merged-by: Dylan Griffith <dyl.griffith@gmail.com>
Approved-by: Dmytro Biryukov <dbiryukov@gitlab.com>
Approved-by: Greg Myers <gmyers@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Dylan Griffith <dyl.griffith@gmail.com>
Reviewed-by: Dmytro Biryukov <dbiryukov@gitlab.com>
Co-authored-by: unset <fveillette@gitlab.com>
Co-authored-by: Dominic Couture <dcouture@gitlab.com>

Fix 500 errors during ActionCable connect

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152363



Merged-by: Imre Farkas <ifarkas@gitlab.com>
Approved-by: Heinrich Lee Yu <heinrich@gitlab.com>
Approved-by: Imre Farkas <ifarkas@gitlab.com>
Co-authored-by: Manoj M J <mmj@gitlab.com>

Ensure PAT scope is validated everywhere for GraphQL/ActionCable

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3977



Merged-by: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: Luke Duncalfe <lduncalfe@gitlab.com>
Co-authored-by: Dylan Griffith <dyl.griffith@gmail.com>

ci: For 16-8 Use default Ruby version for MRs targeting stable branches

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157661



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Matt Kasa <mkasa@gitlab.com>
Co-authored-by: Andrejs Cunskis <acunskis@gitlab.com>
Co-authored-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

[merge-train skip]

[ci skip]

[ci skip]

Add a banner informing about token expiration

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/155268



Merged-by: Jenny Kim <yjeankim@gitlab.com>
Approved-by: Lukas 'ai-pi' Eipert <leipert@gitlab.com>
Approved-by: Tiffany Rea <trea@gitlab.com>
Co-authored-by: GitLab Renovate Bot <gitlab-bot@gitlab.com>
Co-authored-by: Andrejs Cunskis <acunskis@gitlab.com>
Co-authored-by: Sanad Liaquat <sliaquat@gitlab.com>
Co-authored-by: Eduardo Sanz García <esanz-garcia@gitlab.com>

Display a banner to all users, similar to broadcast banners, for GitLab
version between 16.0 and 17.0, both included. The banner informs about
upcoming expiration of tokens and how to troubleshoot the expiration.

The banner is dismissable. The data is persisted in the browser cookie
and expires in one year from the date it has been dismissed. Like other
broadcast banners, if the user opens an incognito window the banner
reappears.

Changelog: changed

Prevent starting multiple Capybara proxy servers

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156428



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Heinrich Lee Yu <heinrich@gitlab.com>

Update an expired test certificate

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156396



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Vasilii Iakliushin <viakliushin@gitlab.com>

This code is run every time a new Capybara browser session is started.
Running this code multiple times causes subsequent feature specs to slow
down considerably.

Contributes to
https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/6747

**Problem**

The previous certificate that was used in tests got expired. As a result
tests started failing with "tls: failed to verify certificate: x509:
certificate has expired or is not yet valid: current time
2024-06-07T06:16:03Z is after 2024-06-07T04:31:24Z"

**Solution**

Reissue a certificate with an expiration date "Aug 24 09:26:29 2032 GMT"

Changelog: fixed

Stop orphaning pages deployments on Geo secondaries on 16.8

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153011



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Approved-by: Michael Kozono <mkozono@gitlab.com>
Approved-by: Désirée Chevalier <dchevalier@gitlab.com>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: Kassio Borges <kborges@gitlab.com>

Fix Geo migration spec

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/154501



Merged-by: Mayra Cabrera <mcabrera@gitlab.com>
Approved-by: Rémy Coutable <remy@rymai.me>
Approved-by: Mayra Cabrera <mcabrera@gitlab.com>
Co-authored-by: agius <andrew@atevans.com>

Cherry pick add job to re-tag gdk image on release tag creation to 16.8

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153490



Merged-by: Stan Hu <stanhu@gmail.com>
Co-authored-by: Alan (Maciej) Paruszewski <mparuszewski@gitlab.com>
Co-authored-by: Jennifer Li <jli@gitlab.com>
Co-authored-by: GitLab Renovate Bot <gitlab-bot@gitlab.com>
Co-authored-by: Andrejs Cunskis <acunskis@gitlab.com>
Co-authored-by: GitLab Dependency Bot <leipert+gitlab-renovate-bot@gitlab.com>

Quarantine base_exporter_spec to reduce job timeout

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/153879



Merged-by: Max Fan <mfan@gitlab.com>
Approved-by: Paul Phillips <pjphillips@gitlab.com>
Approved-by: Nao Hashizume <nhashizume@gitlab.com>
Approved-by: Max Fan <mfan@gitlab.com>
Co-authored-by: Jennifer Li <jli@gitlab.com>

(cherry picked from commit 6797a1e2

)

5a4e3345 Quarantine base_exporter_spec

Co-authored-by: Max Fan <mfan@gitlab.com>

The test was failing in CI because the Geo CI job artifact registry
had cached the newer state of the columns that no longer had the
`success` column. `migrate!` doesn't reset the column information.
This change resets the state so that the migration spec passes.