Merge branch 'sh-ci-job-artifacts-use-primary-ff-default-true' into 'master'

Drop ci_job_artifacts_use_primary_to_authenticate feature flag See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156697 Merged-by: Grzegorz Bizon | OOO until July 2nd <grzegorz@gitlab.com> Approved-by: Abhilash Kotte <akotte@gitlab.com> Approved-by: Aleksei Lipniagov <alipniagov@gitlab.com> Approved-by: Grzegorz Bizon | OOO until July 2nd <grzegorz@gitlab.com> Reviewed-by: Aleksei Lipniagov <alipniagov@gitlab.com> Co-authored-by: Stan Hu <stanhu@gmail.com>

Merge branch 'sh-ci-job-artifacts-use-primary-ff-default-true' into 'master'
Drop ci_job_artifacts_use_primary_to_authenticate feature flag See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156697 Merged-by: Grzegorz Bizon | OOO until July 2nd <grzegorz@gitlab.com> Approved-by: Abhilash Kotte <akotte@gitlab.com> Approved-by: Aleksei Lipniagov <alipniagov@gitlab.com> Approved-by: Grzegorz Bizon | OOO until July 2nd <grzegorz@gitlab.com> Reviewed-by: Aleksei Lipniagov <alipniagov@gitlab.com> Co-authored-by: Stan Hu <stanhu@gmail.com>
d8f84d37 · Grzegorz Bizon | OOO until July 2nd · GitLab · eecabd75 · 3157d577 · eecabd75
--- a/config/feature_flags/gitlab_com_derisk/ci_job_artifacts_use_primary_to_authenticate.yml
+++ b/config/feature_flags/gitlab_com_derisk/ci_job_artifacts_use_primary_to_authenticate.yml
---
-name: ci_job_artifacts_use_primary_to_authenticate
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/466138
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/155684
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/466145
-milestone: '17.1'
-group: group::pipeline execution
-type: gitlab_com_derisk
-default_enabled: false
--- a/lib/api/ci/helpers/runner.rb
+++ b/lib/api/ci/helpers/runner.rb
@@ -100,12 +100,8 @@ def authenticate_job!(heartbeat_runner: false)
          job
        end

-        def authenticate_job_via_dependent_job!(use_primary_to_authenticate: false)
-          if use_primary_to_authenticate
-            ::Gitlab::Database::LoadBalancing::Session.current.use_primary { authenticate! }
-          else
-            authenticate!
-          end
+        def authenticate_job_via_dependent_job!
+          ::Gitlab::Database::LoadBalancing::Session.current.use_primary { authenticate! }

          forbidden! unless current_job
          forbidden! unless can?(current_user, :read_build, current_job)

--- a/lib/api/ci/runner.rb
+++ b/lib/api/ci/runner.rb
@@ -385,8 +385,7 @@ class Runner < ::API::Base
        end
        route_setting :authentication, job_token_allowed: true
        get '/:id/artifacts', feature_category: :build_artifacts do
-          use_primary = Feature.enabled?(:ci_job_artifacts_use_primary_to_authenticate, current_job&.project)
-          authenticate_job_via_dependent_job!(use_primary_to_authenticate: use_primary)
+          authenticate_job_via_dependent_job!

          audit_download(current_job, current_job.artifacts_file&.filename) if current_job.artifacts_file
          present_artifacts_file!(current_job.artifacts_file, supports_direct_download: params[:direct_download])

--- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb
+++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb
@@ -943,32 +943,14 @@ def expect_no_use_primary
                allow(Gitlab::ApplicationContext).to receive(:push).and_call_original
              end

-              context 'when ci_job_artifacts_use_primary_to_authenticate feature flag is on' do
-                it 'downloads artifacts' do
-                  expect_use_primary
-                  expect(Gitlab::ApplicationContext).to receive(:push).with(artifact: an_instance_of(Ci::JobArtifact)).once.and_call_original
+              it 'authenticates with primary and downloads artifacts' do
+                expect_use_primary
+                expect(Gitlab::ApplicationContext).to receive(:push).with(artifact: an_instance_of(Ci::JobArtifact)).once.and_call_original

-                  download_artifact
+                download_artifact

-                  expect(response).to have_gitlab_http_status(:ok)
-                  expect(response.headers.to_h).to include download_headers
-                end
-              end
-
-              context 'when ci_job_artifacts_use_primary_to_authenticate feature flag is off' do
-                before do
-                  stub_feature_flags(ci_job_artifacts_use_primary_to_authenticate: false)
-                end
-
-                it 'downloads artifacts' do
-                  expect_no_use_primary
-                  expect(Gitlab::ApplicationContext).to receive(:push).with(artifact: an_instance_of(Ci::JobArtifact)).once.and_call_original
-
-                  download_artifact
-
-                  expect(response).to have_gitlab_http_status(:ok)
-                  expect(response.headers.to_h).to include download_headers
-                end
+                expect(response).to have_gitlab_http_status(:ok)
+                expect(response.headers.to_h).to include download_headers
              end
            end