- Extend Gitlab::UrlBlocker to allow relative urls (require_absolute
  setting).  The new `require_absolute` setting defaults to true,
  which is the existing behavior.

- Extend AddressableUrlValidator to accept `require_abosolute` and
  default to the existing behavior

- Add validation for ApplicationSetting#grafana_url to validate that
  the URL does not contain XSS but can be a valid relative or absolute
  url.

- In the case of existing stored URLs, validate the stored URL does
  not contain XSS. If the stored URL contains stored XSS or is an
  otherwise invalid URL, return the default database column value.

- Add tests for Gitlab::UrlBlocker to test require_absolute setting

- Add tests for AddressableUrlValidator

- Add tests for ApplicationSetting#grafana_url

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

- The most common use case for qualified_domain_validator currently is
to allow blank ([]) but not allow nil. Modify the
qualified_domain_validator to support this use case.

Signed-off-by: NIstvan szalai <istvan.szalai@savoirfairelinux.com>

Store Let's Encrypt account email in application settings
Also add explicit terms of service consent

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

This reverts merge request !26823

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

Signed-off-by: NRémy Coutable <remy@rymai.me>

Adds `# frozen_string_literal: true` to spec/models ruby files

Cached markdown version is composed both from global and local
markdown version. This allows admins to bump version locally when
needed (e.g. when external URL is changed).

The private commit email is automatically generated in the format:
id-username@noreply.HOSTNAME

GitLab instance admins are able to change the HOSTNAME portion,
that defaults to Gitlab's hostname, to whatever they prefer.

The soft-archived builds cannot be run after some deadline time.
The intent is to aggressively recycle old builds after sometime.

Was introduced in the time that GitLab still used NFS, which is not
required anymore in most cases. By removing this, the API it calls will
return empty responses. This interface has to be removed in the next
major release, expected to be 12.0.

- Creates a new column to hold the single patch limit value on
application_settings
- Allows updating this value through the application_settings API
- Calculates single diff patch collapsing limit based on
diff_max_patch_bytes column
- Updates diff limit documentation
- Adds documentation (with warning) as of how one can update this limit

Adding extra whitespace in the DSN could prevent the server from
starting due to InvalidURIErrors in sentry-raven.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/49621

Signed-off-by: NRémy Coutable <remy@rymai.me>

Ensure ApplicationSetting#performance_bar_allowed_group_id is properly set when retrieved from cache
Signed-off-by: NRémy Coutable <remy@rymai.me>

Signed-off-by: NRémy Coutable <remy@rymai.me>

This allows admins to define terms in the application settings.

Every time the terms are adjusted, a new version is stored and becomes
the 'active' version. This allows tracking which specific version was
accepted by a user.

Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.

To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.

Because the checks are now done outside normal request, we can have a
simpler failure strategy:

The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.

When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.

After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.

This enables skipping a lesser housekeeping task
(incremental or full repack) by consistently
scheduling a higher task (respectively full repack or gc)
with the same period.
Cf. #34981

Behind an application setting, which defaults to false, this commit
implements the implied CI/CD config. Which means that in the case we
can't find the `.gitlab-ci.yml` on the commit we want to start a
pipeline for, we fall back to an implied configuration.

For now the Bash template has been copied to
`Auto-Devops.gitlab-ci.yml` so the tests actually work.

Fixes #34777