Add latest changes from gitlab-org/gitlab@master

app/models/audit_event.rb

@@ -30,12 +30,26 @@ class AuditEvent < ApplicationRecord
   end
 
   def author_name
-    self.user.name
+    lazy_author.name
   end
 
   def formatted_details
     details.merge(details.slice(:from, :to).transform_values(&:to_s))
   end
+
+  def lazy_author
+    BatchLoader.for(author_id).batch(default_value: default_author_value) do |author_ids, loader|
+      User.where(id: author_ids).find_each do |user|
+        loader.call(user.id, user)
+      end
+    end
+  end
+
+  private
+
+  def default_author_value
+    ::Gitlab::Audit::NullAuthor.for(author_id, details[:author_name])
+  end
 end
 
 AuditEvent.prepend_if_ee('EE::AuditEvent')

app/services/audit_event_service.rb

@@ -13,7 +13,7 @@ class AuditEventService
   #
   # @return [AuditEventService]
   def initialize(author, entity, details = {})
-    @author = author
+    @author = build_author(author)
     @entity = entity
     @details = details
   end
@@ -49,6 +49,14 @@ class AuditEventService
 
   private
 
+  def build_author(author)
+    if author.is_a?(User)
+      author
+    else
+      Gitlab::Audit::UnauthenticatedAuthor.new(name: author)
+    end
+  end
+
   def base_payload
     {
       author_id: @author.id,

app/services/snippets/create_service.rb

@@ -9,72 +9,77 @@ module Snippets
     def execute
       filter_spam_check_params
 
-      snippet = if project
-                  project.snippets.build(params)
-                else
-                  PersonalSnippet.new(params)
-                end
+      @snippet = if project
+                   project.snippets.build(params)
+                 else
+                   PersonalSnippet.new(params)
+                 end
 
-      unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level)
-        deny_visibility_level(snippet)
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, @snippet.visibility_level)
+        deny_visibility_level(@snippet)
 
-        return snippet_error_response(snippet, 403)
+        return snippet_error_response(@snippet, 403)
       end
 
-      snippet.author = current_user
+      @snippet.author = current_user
 
-      spam_check(snippet, current_user)
+      spam_check(@snippet, current_user)
 
-      if save_and_commit(snippet)
-        UserAgentDetailService.new(snippet, @request).create
+      if save_and_commit
+        UserAgentDetailService.new(@snippet, @request).create
         Gitlab::UsageDataCounters::SnippetCounter.count(:create)
 
-        ServiceResponse.success(payload: { snippet: snippet } )
+        ServiceResponse.success(payload: { snippet: @snippet } )
       else
-        snippet_error_response(snippet, 400)
+        snippet_error_response(@snippet, 400)
       end
     end
 
     private
 
-    def save_and_commit(snippet)
-      snippet_saved = snippet.with_transaction_returning_status do
-        snippet.save && snippet.store_mentions!
+    def save_and_commit
+      snippet_saved = @snippet.with_transaction_returning_status do
+        @snippet.save && @snippet.store_mentions!
       end
 
       if snippet_saved && Feature.enabled?(:version_snippets, current_user)
-        create_repository_for(snippet)
-        create_commit(snippet)
+        create_repository
+        create_commit
       end
 
       snippet_saved
     rescue => e # Rescuing all because we can receive Creation exceptions, GRPC exceptions, Git exceptions, ...
-      snippet.errors.add(:base, e.message)
       log_error(e.message)
 
       # If the commit action failed we need to remove the repository if exists
-      snippet.repository.remove if snippet.repository_exists?
+      @snippet.repository.remove if @snippet.repository_exists?
 
       # If the snippet was created, we need to remove it as we
       # would do like if it had had any validation error
-      snippet.delete if snippet.persisted?
+      # and reassign a dupe so we don't return the deleted snippet
+      if @snippet.persisted?
+        @snippet.delete
+        @snippet = @snippet.dup
+      end
+
+      @snippet.errors.add(:base, e.message)
 
       false
     end
 
-    def create_repository_for(snippet)
-      snippet.create_repository
+    def create_repository
+      @snippet.create_repository
 
-      raise CreateRepositoryError, 'Repository could not be created' unless snippet.repository_exists?
+      raise CreateRepositoryError, 'Repository could not be created' unless @snippet.repository_exists?
     end
 
-    def create_commit(snippet)
+    def create_commit
       commit_attrs = {
         branch_name: 'master',
         message: 'Initial commit'
       }
 
-      snippet.snippet_repository.multi_files_action(current_user, snippet_files, commit_attrs)
+      @snippet.snippet_repository.multi_files_action(current_user, snippet_files, commit_attrs)
     end
 
     def snippet_files

changelogs/unreleased/212223-snippet-creation-bug.yml

+---
+title: Resolve Snippet creation failure bug
+merge_request: 27891
+author:
+type: fixed

changelogs/unreleased/33720-add-ds-tpl-remediate-var.yml

+---
+title: Add DS_REMEDIATE env var to dependency scanning template
+merge_request: 27947
+author:
+type: added

db/fixtures/development/17_cycle_analytics.rb

@@ -160,7 +160,7 @@ class Gitlab::Seeder::CycleAnalytics
       creator: admin,
       namespace: FactoryBot.create(
         :group,
-        name: "Value Stream Management Group (#{suffix})",
+        name: "Value Stream Management Group #{suffix}",
         path: "vsmg-#{suffix}"
       )
     )

doc/user/project/integrations/custom_issue_tracker.md

@@ -3,7 +3,7 @@
 To enable the Custom Issue Tracker integration in a project, navigate to the
 [Integrations page](project_services.md#accessing-the-project-services), click
 the **Customer Issue Tracker** service, and fill in the required details on the page as described
-in the table below.
+in the table below. You will be able to edit the title and description later as well.
 
 | Field | Description |
 | ----- | ----------- |
@@ -17,6 +17,9 @@ Once you have configured and enabled Custom Issue Tracker Service you'll see a l
 
 ## Referencing issues
 
-- Issues are referenced with `ANYTHING-<ID>`, where `ANYTHING` can be any string and `<ID>` is a number used in the target project of the custom integration (example `PROJECT-143`).
+- Issues are referenced with `ANYTHING-<ID>`, where `ANYTHING` can be any string in CAPS and `<ID>`
+is a number used in the target project of the custom integration (for example, `PROJECT-143`).
 - `ANYTHING` is a placeholder to differentiate against GitLab issues, which are referenced with `#<ID>`. You can use a project name or project key to replace it for example.
-- So with the example above, `PROJECT-143` would refer to `https://customissuetracker.com/project-name/143`.
+- When building the hyperlink, the `ANYTHING` part is ignored, and links always point to the address
+specified in `issues_url`, so in the example above, `PROJECT-143` would refer to
+`https://customissuetracker.com/project-name/143`.

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -62,6 +62,7 @@ dependency_scanning:
           BUNDLER_AUDIT_ADVISORY_DB_REF_NAME \
           RETIREJS_JS_ADVISORY_DB \
           RETIREJS_NODE_ADVISORY_DB \
+          DS_REMEDIATE \
         ) \
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \

qa/qa/page/project/settings/members.rb

@@ -5,7 +5,6 @@ module QA
     module Project
       module Settings
         class Members < Page::Base
-          include Page::Component::UsersSelect
           include QA::Page::Component::Select2
 
           view 'app/views/shared/members/_invite_member.html.haml' do
@@ -43,7 +42,8 @@ module QA
           end
 
           def add_member(username)
-            select_user :member_select_field, username
+            click_element :member_select_field
+            search_and_select username
             click_element :invite_member_button
           end
 

spec/features/snippets/user_creates_snippet_spec.rb

@@ -99,6 +99,11 @@ shared_examples_for 'snippet editor' do
     it 'renders new page' do
       expect(page).to have_content('New Snippet')
     end
+
+    it 'has the correct action path' do
+      action = find('form.snippet-form')['action']
+      expect(action).to match(%r{/snippets\z})
+    end
   end
 
   it 'validation fails for the first time' do

spec/services/snippets/create_service_spec.rb

@@ -172,6 +172,10 @@ describe Snippets::CreateService do
         it 'returns the error' do
           expect(snippet.errors.full_messages).to include('Repository could not be created')
         end
+
+        it 'does not return a snippet with an id' do
+          expect(snippet.id).to be_nil
+        end
       end
 
       context 'when the commit action fails' do