No certificate is still accepted, but if one is provided it must
be valid. Only run validation if the certificate has changed to
avoid making existing records invalid.

- Changes help text on clusters form to make it more explicit.
- Removes unnecessary warnings on auto devops form
- Simplifies cluster methods logic

Cached markdown version is composed both from global and local
markdown version. This allows admins to bump version locally when
needed (e.g. when external URL is changed).

This avoids race conditions when creating GpgSignature.

All applications except for Jupyter have the same #set_initial_status,
so create a new shared example which we include in all application specs
except for juptyer_spec. Juptyer specs already have specs for it's
version of #set_initial_status

This makes this consistent with :updated. And also avoids a potential
issue where an install errors which means that that the recorded version
won't necessarily reflect the version that is actually installed.

Add changelog

Rename word to query

User hash for limit

Do not allow control limit

Rename pluck names and add more specs

Upgrade gitaly-proto to 1.10.0 to have this field.

This makes it easier to access other project arguments in the future.

When hashed storage is in use, it's helpful to have the project
name associated with the request.

Closes https://gitlab.com/gitlab-org/gitaly/issues/1394

This allows us to call `find_or_create_by` on all models and scopes.

Add changelog

Changes domain field to be on the Cluster page show, removing it from
Auto DevOps setting. Also injects the new environment variable
KUBE_INGRESS_BASE_DOMAIN into kubernetes#predefined_variables.

Migration to move the information from ProjectAutoDevops#domain
to Clusters::Cluster#domain. As well as necessary modifications to qa
selectors

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/52363

This engine was replaced with CommonMarker in 11.4, it was deprecated
since then.

Due to a change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24245, the Detect
Host Key feature in the SSH mirroring stopped working.
`SshHostKey#primary_key` was being used instead of the hard-coded
`:id`. However, `SshHostKey#find_by` was expecting the symbolized `:id`
rather than the string `id`, so it could never find the host key it was
supposed to update.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56855

The data migration looks for code owner file and errs
if repository is missing.

When moving a project, it's possible that some users who had
access to the project in old path can not access the project
in the new path.

Because `project_authorizations` records are updated asynchronously,
when we send the notification about moved project the list of project
team members contains old project members, we want to notify all these
members except the old users who can not access the new location.

This changes the permission check so it uses the policy on Noteable
instead of Project. This prevents bypassing of rules defined in
Noteable for locked discussions and confidential issues.

Also rechecks permissions when reply_to_discussion_id is provided since the
discussion_id may be from a different noteable.

Group guests will only be displayed merge requests to
projects they have a access level to, higher than Reporter.

Visible projects will still display the merge requests to Guests

When the external wiki is enabled, the internal wiki link is replaced
by the external wiki url. But the internal wiki is still accessible.
In this change the external wiki will have its own tab in the sidebar
and only if the services are disabled the tab (and access rights)
will not be displayed.

It may return single result or an array of results

When a LDAP user signs in the for the first time and if there
is an `Identity` object with `user_id` of `nil`, new users
will not be able to be register until that entry is cleared
because of the way identities are created:

1. First, the User object is built but not saved, so it has no `id`.
2. Then, `user.identities.build(provider: 'ldapmain')` is called,
   but it does not have an associated `user_id` as a result.
3. `User#save` is called, but the `Identity` validation fails if an
   existing entry with `user_id` of `nil` already exists.

The uniqueness validation for `nil` values doesn't make any sense in
this case. We should be enforcing this at the database level with a
foreign key constraint. To work around the issue we can validate
against the user instead, which does the right thing even when
the user isn't saved yet.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56734

After the import has finished, we flush (delete) the InternalId records
related to the project at hand. This means we're starting over with
tracking correct internal id values, a new record will be created
automatically when the next internal id is generated.

The GitHub importer assigns iid values by using supplied values from
GitHub. We skip tracking internal id values during the import in favor
of higher concurrency. Deleting any InternalId records after the import
has finished is an extra measure to guarantee consistency.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54270.

In order to let users' sorting preferences transfer between devices, we
save the preference for issues and MRs (one preference for issues, one
for MRs) in the backend inside the UserPreference object