Uses Gitlab::HTTP for JIRA requests instead of Net::Http.
Gitlab::Http comes with some built in SSRF protections.

Fix pipelines not always being created after a push

Closes #66196

See merge request gitlab-org/gitlab-ce!31927

(cherry picked from commit c7d12e60)

b46b9d5e Fix pipelines not always being created after a push

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31741 introduced
a regression where not all the right parameters would be passed into
`Ci::CreatePipelineService`. We fix this by breaking out the pipeline
parameters and reusing a method from `Gitlab::DataBuilder::Push`.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66196

- Adds UI to configure in group and project settings
- Removes notification configuration for users when
disabled at group or project level

In order to save user preferences regarding
user emails allowed to be invited to group

Add foreign_key and down method

Change adding foreign key

Add partial call to view

Add changelog entry

Fix schema

This MR adds the styles for displaying a single
chart next to another one when embedding them
in an issue.

Previously `ProjectCacheWorker` would be scheduled once per ref, which
would generate unnecessary I/O and load on Sidekiq, especially if many
tags or branches were pushed at once. `ProjectCacheWorker` would expire
three items:

1. Repository size: This only needs to be updated once per push.
2. Commit count: This only needs to be updated if the default branch
   is updated.
3. Project method caches: This only needs to be updated if the default
   branch changes, but only if certain files change (e.g. README,
   CHANGELOG, etc.).

Because the third item requires looking at the actual changes in the
commit deltas, we schedule one `ProjectCacheWorker` to handle the first
two cases, and schedule a separate `ProjectCacheWorker` for the third
case if it is needed. As a result, this brings down the number of
`ProjectCacheWorker` jobs from N to 2.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/52046

To index notes, we exclude system notes and use `find_in_batches` to
load them in batches for submission to the ES bulk import API.
These queries often result in DB timeouts because the usage of
`ORDER BY id` results in the `notes_pkey` index being used.

This adds an optimized partial index, and removes the unused index
`index_notes_on_noteable_type` which is already covered for our
usage by the existing `index_notes_on_noteable_id_and_noteable_type`.

Newer versions of PostgreSQL (at least 11) are smarter about this and
use `index_notes_on_project_id_and_noteable_type` instead, so we might
be able to remove the partial index again in the future.

Instead of checking if a commit already exists in the upstream project
in its ProcessCommitWorker and bailing out if it does, we check the
existence of all commits in bulk in Git::BranchHooksService, so that we
can skip scheduling ProcessCommitWorker jobs for those commits
that already exist upstream entirely.

This removes the group_overview_security_dashboard feature flag

Adds a clipboard button to the metrics dashboard, that allows
copying a link to an individual chart.

- Uses vue-test-utils
- More complete coverage with parameterized tests

- move uploads created by AttachmentUploader
- handle also files created for legacy_diff_notes

https://gitlab.com/gitlab-org/gitlab-ce/issues/62971

Adds support for embedding specific charts from the
metrics dashboard. Expected parameters are dashboard,
title, group, and y_label.

This change lays the foundation for customizable cycle analytics stages.
The main reason for the change is to extract the event definitions to
separate objects (start_event, end_event) so that it could be easily
customized later on.

- Adds UI to configure in group and project settings
- Removes notification configuration for users when
disabled at group or project level

Previously, the API to retrieve discussions from merge requests often
generated hundreds of Gitaly calls to determine whether a system note
should be shown to the user. It did this by:

1. Rendering the Markdown
2. Extracting cross-references from the Markdown
3. For cross-references that were commits, a Gitaly FindCommit RPC
   would be issued to validate that the commit exists.

The last step is unnecessary because we don't need to display a commit
if the user doesn't have access to the project in the first place.

`RendersNotes#prepare_notes_for_rendering` is already used in
`MergeRequestsController`, which is why we don't see N+1 Gitaly calls
there. We use it here to optimize the note redaction process.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65957

This is a security release:
https://github.com/libgit2/libgit2/releases

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/56130.

This MR adds the functionality to download metrics data
as CSV. It also removes the exportMetricsToCsvEnabled feature
flag which was used before the dropdown was implemented to
display a button.

This link is shown when a user tries to login with an unconfirmed
email address and the grace period has expired

GitLab has a mechanism that allows CI to clone repositories via HTTP
even when the HTTP protocol is disabled. This works as expected
when a project is private or internal. However, when a project is
public CI gets an error message that HTTP is not allowed. This
happens because Git only sends auth in a subsequent request after a
401 is returned first. For public projects, GitLab grabs onto that
unauthenticated request and sends it through since it recognizes
that Guests are ordinarily allowed to access the repository.
Later on this leads to a 403 since HTTP protocol is disabled.
Fix this by only continuing with unauthenticated requests when
HTTP is allowed.

This reverts merge request !30808

This change adds a new counter 'cycle_analytics_views' to the usage data
metrics to count the page views for cycle analytics show page.

There were two errors: duplicate styles and @extend used with a class
name. I added `.top-area` class to all the instances where
`.wiki-page-header` is used since %top-area didn't really make a lot of
sense as a placeholder selector. This is also consistent with behaviour
on other pages where the `.top-area` class is used alongside the other
classes for the specific header styling.

This adds a notification to let users know of our updated privacy
policy.

Users can dismiss the notification either by following the link or
closing the notification via an "x" icon.

Source Code Usage Ping for Create SMAU

**Prevention of running 2 simultaneous updates**

Instead of using `RemoteMirror#update_status` and raise an error if
it's already running to prevent the same mirror being updated at the
same time we now use `Gitlab::ExclusiveLease` for that.

When we fail to obtain a lease in 3 tries, 30 seconds apart, we bail
and reschedule. We'll reschedule faster for the protected branches.

If the mirror already ran since it was scheduled, the job will be
skipped.

**Error handling: Remote side**

When an update fails because of a `Gitlab::Git::CommandError`, we
won't track this error in sentry, this could be on the remote side:
for example when branches have diverged.

In this case, we'll try 3 times scheduled 1 or 5 minutes apart.

In between, the mirror is marked as "to_retry", the error would be
visible to the user when they visit the settings page.

After 3 tries we'll mark the mirror as failed and notify the user.

We won't track this error in sentry, as it's not likely we can help
it.

The next event that would trigger a new refresh.

**Error handling: our side**

If an unexpected error occurs, we mark the mirror as failed, but we'd
still retry the job based on the regular sidekiq retries with
backoff. Same as we used to

The error would be reported in sentry, since its likely we need to do
something about it.

This commit fixes the project avatar images that are rendered in the
footer of Slack pipeline notifications.  Previously, the image URLs
provided to Slack were relative URLs; now they are absolute.

Previously each tag in a push would invoke the Gitaly `FindAllTags` RPC
since the tag cache would be invalidated with every tag.

We can eliminate those extraneous calls by expiring the tag cache once
in `PostReceive` and taking advantage of the cached tags.

Relates to https://gitlab.com/gitlab-org/gitlab-ce/issues/65795

Signed-off-by: NBalasankar "Balu" C <balasankar@gitlab.com>

This commit reduces I/O load and memory utilization during PostReceive
for the common case when no project hooks or services are set up.

We saw a Gitaly N+1 issue in `CommitDelta` when many tags or branches
are pushed. We can reduce this overhead in the common case because we
observe that most new projects do not have any Web hooks or services,
especially when they are first created. Previously, `BaseHooksService`
unconditionally iterated through the last 20 commits of each ref to
build the `push_data` structure. The `push_data` structured was used in
numerous places:

1. Building the push payload in `EventCreateService`
2. Creating a CI pipeline
3. Executing project Web or system hooks
4. Executing project services
5. As the return value of `BaseHooksService#execute`
6. `BranchHooksService#invalidated_file_types`

We only need to generate the full `push_data` for items 3, 4, and 6.

Item 1: `EventCreateService` only needs the last commit and doesn't
actually need the commit deltas.

Item 2: In addition, `Ci::CreatePipelineService` only needed a subset of
the parameters.

Item 5: The return value of `BaseHooksService#execute` also wasn't being
used anywhere.

Item 6: This is only used when pushing to the default branch, so if
many tags are pushed we can save significant I/O here.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65878

Fic

Standardize punctuation and format