Add latest changes from gitlab-org/gitlab@master

app/graphql/types/user_type.rb

@@ -20,6 +20,8 @@ class UserType < BaseObject
           description: 'State of the user'
     field :email, GraphQL::STRING_TYPE, null: true,
           description: 'User email'
+    field :public_email, GraphQL::STRING_TYPE, null: true,
+          description: "User's public email"
     field :avatar_url, GraphQL::STRING_TYPE, null: true,
           description: "URL of the user's avatar"
     field :web_url, GraphQL::STRING_TYPE, null: false,

changelogs/unreleased/add-public-email-to-graphql-user.yml

@@ -0,0 +1,5 @@
+---
+title: Expose public email field for user in GraphQL
+merge_request: 48468
+author:
+type: changed

changelogs/unreleased/add-retry-after-header-rackattack.yml

@@ -0,0 +1,5 @@
+---
+title: Set Retry-After header when RackAttack throttling
+merge_request: 48310
+author:
+type: fixed

doc/.vale/gitlab/SubstitutionSuggestions.yml

@@ -11,6 +11,8 @@ link: https://docs.gitlab.com/ee/development/documentation/styleguide.html#langu
 level: suggestion
 ignorecase: true
 swap:
+  active user: billable user
+  active users: billable users
   since: because
   once that: after that
   once the: after the

doc/api/graphql/reference/gitlab_schema.graphql

@@ -23369,6 +23369,11 @@ type User {
     last: Int
   ): ProjectMemberConnection
 
+  """
+  User's public email
+  """
+  publicEmail: String
+
   """
   Snippets authored by the user
   """

doc/api/graphql/reference/gitlab_schema.json

@@ -67886,6 +67886,20 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "publicEmail",
+              "description": "User's public email",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "snippets",
               "description": "Snippets authored by the user",

doc/api/graphql/reference/index.md

@@ -3494,6 +3494,7 @@ Autogenerated return type of UpdateSnippet.
 | `location` | String | The location of the user. |
 | `name` | String! | Human-readable name of the user |
 | `projectMemberships` | ProjectMemberConnection | Project memberships of the user |
+| `publicEmail` | String | User's public email |
 | `snippets` | SnippetConnection | Snippets authored by the user |
 | `starredProjects` | ProjectConnection | Projects starred by the user |
 | `state` | UserState! | State of the user |

doc/ci/yaml/README.md

@@ -197,14 +197,14 @@ karma:
 
 ### `stages`
 
-`stages` is used to define stages that contain jobs and is defined
-globally for the pipeline.
+Use `stages` to define stages that contain groups of jobs. `stages` is defined globally
+for the pipeline. Use [`stage`](#stage) in a job to define which stage the job is
+part of.
 
 The order of the `stages` items defines the execution order for jobs:
 
-1. Jobs in the same stage are run in parallel.
-1. Jobs in the next stage are run after the jobs from the previous stage
-   complete successfully.
+- Jobs in the same stage run in parallel.
+- Jobs in the next stage run after the jobs from the previous stage complete successfully.
 
 For example:
 
@@ -215,18 +215,21 @@ stages:
   - deploy
 ```
 
-1. First, all jobs of `build` are executed in parallel.
-1. If all jobs of `build` succeed, the `test` jobs are executed in parallel.
-1. If all jobs of `test` succeed, the `deploy` jobs are executed in parallel.
-1. If all jobs of `deploy` succeed, the commit is marked as `passed`.
-1. If any of the previous jobs fails, the commit is marked as `failed` and no
-   jobs of further stage are executed.
+1. All jobs in `build` execute in parallel.
+1. If all jobs in `build` succeed, the `test` jobs execute in parallel.
+1. If all jobs in `test` succeed, the `deploy` jobs execute in parallel.
+1. If all jobs in `deploy` succeed, the pipeline is marked as `passed`.
 
-There are also two edge cases worth mentioning:
+If any job fails, the pipeline is marked as `failed` and jobs in later stages do not
+start. Jobs in the current stage are not stopped and continue to run.
 
-1. If no `stages` are defined in `.gitlab-ci.yml`, then the `build`,
-   `test` and `deploy` can be used as job's stage by default.
-1. If a job does not specify a `stage`, the job is assigned the `test` stage.
+If no `stages` are defined in `.gitlab-ci.yml`, then `build`, `test` and `deploy`
+are the default pipeline stages.
+
+If a job does not specify a [`stage`](#stage), the job is assigned the `test` stage.
+
+To make a job start earlier and ignore the stage order, use
+the [`needs`](#needs) keyword.
 
 ### `workflow:rules`
 

doc/subscriptions/gitlab_com/index.md

@@ -40,7 +40,7 @@ Applied only to groups.
 A GitLab.com subscription uses a concurrent (_seat_) model. You pay for a
 subscription according to the maximum number of users enabled at once. You can
 add and remove users during the subscription period, as long as the total users
-at any given time is within your subscription count.
+at any given time doesn't exceed the subscription count.
 
 Every occupied seat is counted in the subscription, with the following exception:
 
@@ -97,7 +97,7 @@ to the **Billing** section of the relevant namespace:
 
 - **For individuals**: Visit the [billing page](https://gitlab.com/profile/billings)
   under your profile.
-- **For groups**: From the group page (*not* from a project within the group), go to **Settings > Billing**.
+- **For groups**: From the group page (*not* from a project in the group), go to **Settings > Billing**.
 
   NOTE: **Note:**
   You must have Owner level [permissions](../../user/permissions.md) to view a group's billing page.
@@ -107,7 +107,7 @@ to the **Billing** section of the relevant namespace:
   | Field                   | Description                                                                                                                             |
   |-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
   | **Seats in subscription**   | If this is a paid plan, represents the number of seats you've paid to support in your group.                                            |
-  | **Seats currently in use** | Number of active seats currently in use.                                                                                                |
+  | **Seats currently in use** | Number of seats in use.                                                                                                |
   | **Max seats used**          | Highest number of seats you've used. If this exceeds the seats in subscription, you may owe an additional fee for the additional users. |
   | **Seats owed**              | If your maximum seats used exceeds the seats in your subscription, you owe an additional fee for the users you've added.             |
   | **Subscription start date** | Date your subscription started. If this is for a Free plan, is the date you transitioned off your group's paid plan.                    |
@@ -147,7 +147,7 @@ It's important to regularly review your user accounts, because:
 A GitLab subscription is valid for a specific number of users. For details, see
 [Choose the number of users](#choose-the-number-of-users).
 
-If the active user count exceeds the number included in the subscription, known
+If the number of [billable users](#view-your-gitlabcom-subscription) exceeds the number included in the subscription, known
 as the number of _users over license_, you must pay for the excess number of
 users either before renewal, or at the time of renewal. This is also known the
 _true up_ process.
@@ -267,7 +267,7 @@ pipelines aren't blocked after you have used all your CI minutes from your
 main quota. You can find pricing for additional CI/CD minutes in the
 [GitLab Customers Portal](https://customers.gitlab.com/plans). Additional minutes:
 
-- Are only used once the shared quota included in your subscription runs out.
+- Are only used after the shared quota included in your subscription runs out.
 - Roll over month to month.
 
 To purchase additional minutes for your group on GitLab.com:
@@ -293,9 +293,9 @@ Be aware that:
 
 - If you have purchased extra CI minutes before the purchase of a paid plan,
   we calculate a pro-rated charge for your paid plan. That means you may
-  be charged for less than one year since your subscription was previously
+  be charged for less than one year because your subscription was previously
   created with the extra CI minutes.
-- Once the extra CI minutes have been assigned to a Group, they can't be transferred
+- After the extra CI minutes have been assigned to a Group, they can't be transferred
   to a different Group.
 - If you have used more minutes than your default quota, these minutes will
   be deducted from your Additional Minutes quota immediately after your purchase of additional

doc/update/README.md

@@ -310,6 +310,10 @@ installation-specific upgrade instructions, based on how you installed GitLab:
 - [Linux packages (Omnibus GitLab)](https://docs.gitlab.com/omnibus/update/README.html#version-specific-changes)
 - [Helm charts](https://docs.gitlab.com/charts/installation/upgrade.html)
 
+NOTE: **Note:**
+Specific information that follow related to Ruby and Git versions do not apply to [Omnibus installations](https://docs.gitlab.com/omnibus/)
+and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with appropriate Ruby and Git versions and are not using system binaries for Ruby and Git. There is no need to install Ruby or Git when utilizing these two approaches.
+
 ### 13.6.0
 
 Ruby 2.7.2 is required. GitLab will not start with Ruby 2.6.6 or older versions.

doc/user/project/merge_requests/test_coverage_visualization.md

@@ -154,3 +154,23 @@ coverage-jdk11:
     reports:
       cobertura: build/cobertura.xml
 ```
+
+### Python example
+
+The following [`gitlab-ci.yml`](../../../ci/yaml/README.md) example for Python uses [pytest-cov](https://pytest-cov.readthedocs.io/) to collect test coverage data and [coverage.py](https://coverage.readthedocs.io/) to convert the report to use full relative paths.
+The information isn't displayed without the conversion.
+
+This example assumes that the code for your package is in `src/` and your tests are in `tests.py`:
+
+```yaml
+run tests:
+  stage: test
+  image: python:3
+  script:
+    - pip install pytest pytest-cov
+    - pytest --cov=src/ tests.py
+    - coverage xml
+  artifacts:
+    reports:
+      cobertura: coverage.xml
+```

lib/api/settings.rb

@@ -88,7 +88,7 @@ def filter_attributes_using_license(attrs)
       end
       optional :html_emails_enabled, type: Boolean, desc: 'By default GitLab sends emails in HTML and plain text formats so mail clients can choose what format to use. Disable this option if you only want to send emails in plain text format.'
       optional :import_sources, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce,
-                                values: %w[github bitbucket bitbucket_server gitlab fogbugz git gitlab_project gitea manifest phabricator],
+                                values: %w[github bitbucket bitbucket_server gitlab google_code fogbugz git gitlab_project gitea manifest phabricator],
                                 desc: 'Enabled sources for code import during project creation. OmniAuth must be configured for GitHub, Bitbucket, and GitLab.com'
       optional :max_artifacts_size, type: Integer, desc: "Set the maximum file size for each job's artifacts"
       optional :max_attachment_size, type: Integer, desc: 'Maximum attachment size in MB'

lib/gitlab/import_sources.rb

@@ -15,6 +15,7 @@ module ImportSources
       ImportSource.new('bitbucket',        'Bitbucket Cloud',  Gitlab::BitbucketImport::Importer),
       ImportSource.new('bitbucket_server', 'Bitbucket Server', Gitlab::BitbucketServerImport::Importer),
       ImportSource.new('gitlab',           'GitLab.com',       Gitlab::GitlabImport::Importer),
+      ImportSource.new('google_code',      'Google Code',      nil),
       ImportSource.new('fogbugz',          'FogBugz',          Gitlab::FogbugzImport::Importer),
       ImportSource.new('git',              'Repo by URL',      nil),
       ImportSource.new('gitlab_project',   'GitLab export',    Gitlab::ImportExport::Importer),

lib/gitlab/rack_attack.rb

@@ -7,6 +7,8 @@ module RackAttack
     def self.configure(rack_attack)
       # This adds some methods used by our throttles to the `Rack::Request`
       rack_attack::Request.include(Gitlab::RackAttack::Request)
+      # Send the Retry-After header so clients (e.g. python-gitlab) can make good choices about delays
+      Rack::Attack.throttled_response_retry_after_header = true
       # Configure the throttles
       configure_throttles(rack_attack)
     end

spec/graphql/types/user_type_spec.rb

@@ -15,6 +15,7 @@
       name
       username
       email
+      publicEmail
       avatarUrl
       webUrl
       webPath

spec/lib/gitlab/import_sources_spec.rb

@@ -11,6 +11,7 @@
           'Bitbucket Cloud'  => 'bitbucket',
           'Bitbucket Server' => 'bitbucket_server',
           'GitLab.com'       => 'gitlab',
+          'Google Code'      => 'google_code',
           'FogBugz'          => 'fogbugz',
           'Repo by URL'      => 'git',
           'GitLab export'    => 'gitlab_project',
@@ -31,6 +32,7 @@
           bitbucket
           bitbucket_server
           gitlab
+          google_code
           fogbugz
           git
           gitlab_project
@@ -67,6 +69,7 @@
       'bitbucket' => Gitlab::BitbucketImport::Importer,
       'bitbucket_server' => Gitlab::BitbucketServerImport::Importer,
       'gitlab' => Gitlab::GitlabImport::Importer,
+      'google_code' => nil,
       'fogbugz' => Gitlab::FogbugzImport::Importer,
       'git' => nil,
       'gitlab_project' => Gitlab::ImportExport::Importer,
@@ -88,6 +91,7 @@
       'bitbucket' => 'Bitbucket Cloud',
       'bitbucket_server' => 'Bitbucket Server',
       'gitlab' => 'GitLab.com',
+      'google_code' => 'Google Code',
       'fogbugz' => 'FogBugz',
       'git' => 'Repo by URL',
       'gitlab_project' => 'GitLab export',

spec/lib/gitlab/rack_attack_spec.rb

@@ -22,6 +22,8 @@
       stub_const("Rack::Attack", fake_rack_attack)
       stub_const("Rack::Attack::Request", fake_rack_attack_request)
 
+      # Expect rather than just allow, because this is actually fairly important functionality
+      expect(fake_rack_attack).to receive(:throttled_response_retry_after_header=).with(true)
       allow(fake_rack_attack).to receive(:throttle)
       allow(fake_rack_attack).to receive(:track)
       allow(fake_rack_attack).to receive(:safelist)

spec/requests/api/graphql/user_query_spec.rb

@@ -82,7 +82,8 @@
             'username' => presenter.username,
             'webUrl' => presenter.web_url,
             'avatarUrl' => presenter.avatar_url,
-            'email' => presenter.email
+            'email' => presenter.email,
+            'publicEmail' => presenter.public_email
           ))
 
         expect(graphql_data['user']['status']).to match(