Merge branch 'master' into 10607-editor-css

* master: (56 commits)
  Fixed commit logic to pick a branch
  Prevent fade out transition on loading-button
  Resolve "Code in other column of side-by-side diff is highlighted when selecting code on one side"
  Add error tracking usage counts
  Fix Emoji URLs
  Docs: Fix missed or newly added broken anchors
  Docs: (EE Port) Fix missed or newly added broken anchors
  Docs: Fixing anchors and links for all docs related to issues.
  Docs: (EE Port) Fixing anchors and links for all docs related to issues.
  Add instance level templates to the examples page.
  Move some tests from Karma to Jest
  Copy vue_mount_component_helper.js to Jest
  Move some tests from Karma to Jest
  Copy vue_mount_component_helper.js to Jest
  Use help path as provided by HAML
  Makes emoji picker full width on mobile
  Set proper default-branch on GitHub Import
  Reset maximum height for create label dropdown
  Move details of e2e tests to the bottom
  Removes EE differences for markdown_area.scss
  ...

.eslintrc.yml

@@ -9,6 +9,9 @@ plugins:
   - import
   - html
 settings:
+  html/html-extensions:
+    - '.html'
+    - '.html.raw'
   import/resolver:
     webpack:
       config: './config/webpack.config.js'

Gemfile.lock

@@ -613,7 +613,7 @@ GEM
       atomic (>= 1.0.0)
       peek
       redis
-    pg (1.1.3)
+    pg (1.1.4)
     po_to_json (1.0.1)
       json (>= 1.6.0)
     powerpack (0.1.1)

app/assets/javascripts/awards_handler.js

@@ -8,6 +8,7 @@ import { updateTooltipTitle } from './lib/utils/common_utils';
 import { isInVueNoteablePage } from './lib/utils/dom_utils';
 import flash from './flash';
 import axios from './lib/utils/axios_utils';
+import bp from './breakpoints';
 
 const animationEndEventString = 'animationend webkitAnimationEnd MSAnimationEnd oAnimationEnd';
 const transitionEndEventString = 'transitionend webkitTransitionEnd oTransitionEnd MSTransitionEnd';
@@ -264,7 +265,10 @@ export class AwardsHandler {
     const css = {
       top: `${$addBtn.offset().top + $addBtn.outerHeight()}px`,
     };
-    if (position === 'right') {
+    // for xs screen we position the element on center
+    if (bp.getBreakpointSize() === 'xs') {
+      css.left = '5%';
+    } else if (position === 'right') {
       css.left = `${$addBtn.offset().left - $menu.outerWidth() + 20}px`;
       $menu.addClass('is-aligned-right');
     } else {

app/assets/javascripts/diffs/components/parallel_diff_table_row.vue

@@ -140,7 +140,7 @@ export default {
         :id="line.left.line_code"
         :class="parallelViewLeftLineType"
         class="line_content parallel left-side"
-        @mousedown.native="handleParallelLineMouseDown"
+        @mousedown="handleParallelLineMouseDown"
         v-html="line.left.rich_text"
       ></td>
     </template>
@@ -171,7 +171,7 @@ export default {
           },
         ]"
         class="line_content parallel right-side"
-        @mousedown.native="handleParallelLineMouseDown"
+        @mousedown="handleParallelLineMouseDown"
         v-html="line.right.rich_text"
       ></td>
     </template>

app/assets/javascripts/ide/components/commit_sidebar/radio_group.vue

@@ -38,8 +38,8 @@ export default {
     },
   },
   computed: {
-    ...mapState('commit', ['commitAction']),
-    ...mapGetters('commit', ['newBranchName']),
+    ...mapState('commit', ['commitAction', 'newBranchName']),
+    ...mapGetters('commit', ['placeholderBranchName']),
     tooltipTitle() {
       return this.disabled ? this.title : '';
     },
@@ -73,7 +73,8 @@ export default {
     </label>
     <div v-if="commitAction === value && showInput" class="ide-commit-new-branch">
       <input
-        :placeholder="newBranchName"
+        :placeholder="placeholderBranchName"
+        :value="newBranchName"
         type="text"
         class="form-control monospace"
         @input="updateBranchName($event.target.value)"

app/assets/javascripts/ide/stores/modules/commit/getters.js

@@ -14,7 +14,7 @@ const createTranslatedTextForFiles = (files, text) => {
 export const discardDraftButtonDisabled = state =>
   state.commitMessage === '' || state.submitCommitLoading;
 
-export const newBranchName = (state, _, rootState) =>
+export const placeholderBranchName = (state, _, rootState) =>
   `${gon.current_username}-${rootState.currentBranchId}-patch-${`${new Date().getTime()}`.substr(
     -BRANCH_SUFFIX_COUNT,
   )}`;
@@ -25,7 +25,7 @@ export const branchName = (state, getters, rootState) => {
     state.commitAction === consts.COMMIT_TO_NEW_BRANCH_MR
   ) {
     if (state.newBranchName === '') {
-      return getters.newBranchName;
+      return getters.placeholderBranchName;
     }
 
     return state.newBranchName;

app/assets/javascripts/vue_shared/components/loading_button.vue

@@ -53,7 +53,7 @@ export default {
 
 <template>
   <button :class="containerClass" :disabled="loading || disabled" type="button" @click="onClick">
-    <transition name="fade">
+    <transition name="fade-in">
       <gl-loading-icon
         v-if="loading"
         :inline="true"
@@ -63,7 +63,7 @@ export default {
         class="js-loading-button-icon"
       />
     </transition>
-    <transition name="fade">
+    <transition name="fade-in">
       <slot>
         <span v-if="label" class="js-loading-button-label"> {{ label }} </span>
       </slot>

app/assets/stylesheets/framework/buttons.scss

@@ -443,6 +443,7 @@
     border-color: transparent;
   }
 
+  &.btn-secondary-hover-link,
   &.btn-default-hover-link {
     color: $gl-text-color-secondary;
 

app/assets/stylesheets/framework/variables.scss

@@ -289,11 +289,9 @@ $gl-line-height: 16px;
 $gl-line-height-24: 24px;
 $gl-line-height-14: 14px;
 
-// EE-only CSS variables START
 $system-header-height: 35px;
 $issue-box-upcoming-bg: #8f8f8f;
 $pages-group-name-color: #4c4e54;
-// EE-only CSS variables END
 
 /*
 * Common component specific colors
@@ -417,7 +415,7 @@ $award-emoji-menu-shadow: rgba(0, 0, 0, 0.175);
 $award-emoji-positive-add-bg: #fed159;
 $award-emoji-positive-add-lines: #bb9c13;
 $award-emoji-width: 376px;
-$award-emoji-width-xs: 300px;
+$award-emoji-width-xs: 90%;
 
 /*
  * Search Box

app/assets/stylesheets/framework/vue_transitions.scss

 .fade-enter-active,
-.fade-leave-active {
+.fade-leave-active,
+.fade-in-enter-active,
+.fade-out-leave-active {
   transition: opacity $sidebar-transition-duration $general-hover-transition-curve;
 }
 
 .fade-enter,
+.fade-in-enter,
+.fade-out-leave-to,
 .fade-leave-to {
   opacity: 0;
 }

app/assets/stylesheets/pages/labels.scss

@@ -34,7 +34,7 @@
 
 .dropdown-new-label {
   .dropdown-content {
-    max-height: 136px;
+    max-height: initial;
   }
 }
 

app/models/clusters/applications/runner.rb

@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class Runner < ActiveRecord::Base
-      VERSION = '0.2.0'.freeze
+      VERSION = '0.3.0'.freeze
 
       self.table_name = 'clusters_applications_runners'
 

app/models/project.rb

@@ -1384,6 +1384,7 @@ class Project < ActiveRecord::Base
       repository.raw_repository.write_ref('HEAD', "refs/heads/#{branch}")
       repository.copy_gitattributes(branch)
       repository.after_change_head
+      ProjectCacheWorker.perform_async(self.id, [], [:commit_count])
       reload_default_branch
     else
       errors.add(:base, "Could not change HEAD: branch '#{branch}' does not exist")

app/serializers/environment_entity.rb

@@ -2,7 +2,6 @@
 
 class EnvironmentEntity < Grape::Entity
   include RequestAwareEntity
-  prepend ::EE::EnvironmentEntity # rubocop: disable Cop/InjectEnterpriseEditionModule
 
   expose :id
   expose :name
@@ -12,7 +11,6 @@ class EnvironmentEntity < Grape::Entity
   expose :name_without_type
   expose :last_deployment, using: DeploymentEntity
   expose :stop_action_available?, as: :has_stop_action
-  expose :rollout_status, if: -> (*) { can_read_deploy_board? }, using: RolloutStatusEntity
 
   expose :metrics_path, if: -> (*) { environment.has_metrics? } do |environment|
     metrics_project_environment_path(environment.project, environment)
@@ -52,10 +50,6 @@ class EnvironmentEntity < Grape::Entity
     request.current_user
   end
 
-  def can_read_deploy_board?
-    can?(current_user, :read_deploy_board, environment.project)
-  end
-
   def can_access_terminal?
     can?(request.current_user, :create_environment_terminal, environment)
   end
@@ -72,3 +66,5 @@ class EnvironmentEntity < Grape::Entity
     deployment_platform.cluster
   end
 end
+
+EnvironmentEntity.prepend(::EE::EnvironmentEntity)

app/workers/project_cache_worker.rb

@@ -26,6 +26,7 @@ class ProjectCacheWorker
   # rubocop: enable CodeReuse/ActiveRecord
 
   def update_statistics(project, statistics = [])
+    return if Gitlab::Database.read_only?
     return unless try_obtain_lease_for(project.id, :update_statistics)
 
     Rails.logger.info("Updating statistics for project #{project.id}")

changelogs/unreleased/46787-create-project-label-window-is-cut-off-at-the-bottom.yml

+---
+title: Fixed - Create project label window is cut off at the bottom
+merge_request: 26049
+author:
+type: fixed

changelogs/unreleased/48297-fix-code-selection.yml

+---
+title: Resolve Code in other column of side-by-side diff is highlighted when selecting
+  code on one side
+merge_request: 26423
+author:
+type: fixed

changelogs/unreleased/57409-loading-button-transition.yml

+---
+title: Prevent fade out transition on loading-button component.
+merge_request: 26428
+author:
+type: fixed

changelogs/unreleased/57648-make-emoji-picker-full-width-on-mobile.yml

+---
+title: Makes emoji picker full width on mobile.
+merge_request: 25883
+author: Jacopo Beschi @jacopo-beschi
+type: fixed

changelogs/unreleased/57984-store-branch-name.yml

+---
+title: Resolves Branch name is lost if I change commit mode in Web IDE
+merge_request: 26180
+author:
+type: fixed

changelogs/unreleased/ce-56153-error-tracking-counts.yml

+---
+title: Add usage counts for error tracking feature
+merge_request: 25472
+author:
+type: added

changelogs/unreleased/refresh-commit-count-after-head-change.yml

+---
+title: Refresh commit count after repository head changes
+merge_request: 26473
+author:
+type: fixed

changelogs/unreleased/retain-default-branch-on-import.yml

+---
+title: Set proper default-branch for repository on GitHub Import
+merge_request: 26476
+author:
+type: fixed

changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-3-0.yml

+---
+title: Update GitLab Runner Helm Chart to 0.3.0/11.9.0
+merge_request: 26467
+author:
+type: other

config/karma.config.js

@@ -110,7 +110,7 @@ module.exports = function(config) {
     frameworks: ['jasmine'],
     files: [
       { pattern: 'spec/javascripts/test_bundle.js', watched: false },
-      { pattern: 'spec/javascripts/fixtures/**/*@(.json|.html|.png)', included: false },
+      { pattern: 'spec/javascripts/fixtures/**/*@(.json|.html|.html.raw|.png)', included: false },
     ],
     preprocessors: {
       'spec/javascripts/**/*.js': ['webpack', 'sourcemap'],

doc/README.md

@@ -307,7 +307,7 @@ The following documentation relates to the DevOps **Configure** stage:
 | [GitLab ChatOps](ci/chatops/README.md)                                                                                             | Interact with CI/CD jobs through chat services.                           |
 | [Installing Applications](user/project/clusters/index.md#installing-applications)                                                  | Deploy Helm, Ingress, and Prometheus on Kubernetes.                       |
 | [Mattermost slash commands](user/project/integrations/mattermost_slash_commands.md)                                                | Enable and use slash commands from within Mattermost.                     |
-| [Multiple Kubernetes Clusters](user/project/clusters/index.md#multiple-kubernetes-clusters) **[PREMIUM]**                          | Associate more than one Kubernetes clusters to your project.              |
+| [Multiple Kubernetes Clusters](user/project/clusters/index.md#multiple-kubernetes-clusters-premium) **[PREMIUM]**                  | Associate more than one Kubernetes clusters to your project.              |
 | [Protected variables](ci/variables/README.md#protected-variables)                                                                  | Restrict variables to protected branches and tags.                        |
 | [Serverless](user/project/clusters/serverless/index.md)                                                                            | Run serverless workloads on Kubernetes.                                   |
 | [Slack slash commands](user/project/integrations/slack_slash_commands.md)                                                          | Enable and use slash commands from within Slack.                          |

doc/administration/geo/replication/security_review.md

@@ -271,7 +271,6 @@ questions from [owasp.org](https://www.owasp.org).
   - LFS and File ID.
   - Upload and File ID.
   - Job Artifact and File ID.
-- Geo JWTs scopes are not enforced for Git Access yet, but will be in a future version (currently scheduled for GitLab 11.10).
 
 ### What access requirements have been defined for URI and Service calls?
 

doc/administration/geo/replication/troubleshooting.md

@@ -23,12 +23,69 @@ to help identify if something is wrong:
 
 ![Geo health check](img/geo_node_healthcheck.png)
 
-There is also an option to check the status of the **secondary** node by running a special rake task:
+If the UI is not working, or you are unable to log in, you can run the Geo
+health check manually to get this information as well as a few more details.
+This rake task can be run on an app node in the **primary** or **secondary**
+Geo nodes:
+
+```sh
+sudo gitlab-rake gitlab:geo:check
+```
+
+Example output:
+
+```
+Checking Geo ...
+
+GitLab Geo is available ... yes
+GitLab Geo is enabled ... yes
+GitLab Geo secondary database is correctly configured ... yes
+Using database streaming replication? ... yes
+GitLab Geo tracking database is configured to use Foreign Data Wrapper? ... yes
+GitLab Geo tracking database Foreign Data Wrapper schema is up-to-date? ... yes
+GitLab Geo HTTP(S) connectivity ...
+* Can connect to the primary node ... yes
+HTTP/HTTPS repository cloning is enabled ... yes
+Machine clock is synchronized ... yes
+Git user has default SSH configuration? ... yes
+OpenSSH configured to use AuthorizedKeysCommand ... yes
+GitLab configured to disable writing to authorized_keys file ... yes
+GitLab configured to store new projects in hashed storage? ... yes
+All projects are in hashed storage? ... yes
+
+Checking Geo ... Finished
+```
+
+Current sync information can be found manually by running this rake task on any
+**secondary** app node:
 
 ```sh
 sudo gitlab-rake geo:status
 ```
 
+Example output:
+
+```
+http://secondary.example.com/
+-----------------------------------------------------
+                        GitLab Version: 11.8.1-ee
+                              Geo Role: Secondary
+                         Health Status: Healthy
+                          Repositories: 190/190 (100%)
+                 Verified Repositories: 190/190 (100%)
+                                 Wikis: 190/190 (100%)
+                        Verified Wikis: 190/190 (100%)
+                           LFS Objects: 35/35 (100%)
+                           Attachments: 528/528 (100%)
+                      CI job artifacts: 477/477 (100%)
+                  Repositories Checked: 0/190 (0%)
+                         Sync Settings: Full
+              Database replication lag: 0 seconds
+       Last event ID seen from primary: 2158 (about 2 minute ago)
+     Last event ID processed by cursor: 2158 (about 2 minute ago)
+                Last status report was: 4 minutes ago
+```
+
 ## Is Postgres replication working?
 
 ### Are my nodes pointing to the correct database instance?

doc/administration/high_availability/database.md

@@ -1154,7 +1154,7 @@ If you're running into an issue with a component not outlined here, be sure to c
 
 ## Configure using Omnibus
 
-**Note**: We recommend that you follow the instructions here for a full [PostgreSQL cluster](#configure-using-omnibus-for-high-availability).
+**Note**: We recommend that you follow the instructions here for a full [PostgreSQL cluster](#high-availability-with-gitlab-omnibus-premium-only).
 If you are reading this section due to an old bookmark, you can find that old documentation [in the repository](https://gitlab.com/gitlab-org/gitlab-ce/blob/v10.1.4/doc/administration/high_availability/database.md#configure-using-omnibus).
 
 ---

doc/administration/high_availability/gitaly.md

@@ -56,7 +56,6 @@ Omnibus:
     pgbouncer_exporter['enable'] = false
     redis_exporter['enable'] = false
     gitlab_monitor['enable'] = false
-    gitaly['enable'] = false 
 
     # Prevent database connections during 'gitlab-ctl reconfigure'
     gitlab_rails['rake_cache_clear'] = false

doc/api/commits.md

@@ -475,7 +475,7 @@ GET /projects/:id/repository/commits/:sha/statuses
 | `sha`     | string  | yes | The commit SHA
 | `ref`     | string  | no  | The name of a repository branch or tag or, if not given, the default branch
 | `stage`   | string  | no  | Filter by [build stage](../ci/yaml/README.md#stages), e.g., `test`
-| `name`    | string  | no  | Filter by [job name](../ci/yaml/README.md#jobs), e.g., `bundler:audit`
+| `name`    | string  | no  | Filter by [job name](../ci/yaml/README.md#introduction), e.g., `bundler:audit`
 | `all`     | boolean | no  | Return all statuses, not only the latest ones
 
 ```bash

doc/api/releases/links.md

@@ -15,7 +15,7 @@ GET /projects/:id/releases/:tag_name/assets/links
 
 | Attribute     | Type           | Required | Description                             |
 | ------------- | -------------- | -------- | --------------------------------------- |
-| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). |
 | `tag_name`    | string         | yes      | The tag associated with the Release. |
 
 Example request:
@@ -53,7 +53,7 @@ GET /projects/:id/releases/:tag_name/assets/links/:link_id
 
 | Attribute     | Type           | Required | Description                             |
 | ------------- | -------------- | -------- | --------------------------------------- |
-| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). |
 | `tag_name`    | string         | yes      | The tag associated with the Release. |
 | `link_id`    | integer         | yes      | The id of the link. |
 
@@ -84,7 +84,7 @@ POST /projects/:id/releases/:tag_name/assets/links
 
 | Attribute     | Type           | Required | Description                             |
 | ------------- | -------------- | -------- | --------------------------------------- |
-| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). |
 | `tag_name`    | string         | yes      | The tag associated with the Release. |
 | `name`        | string         | yes      | The name of the link. |
 | `url`        | string         | yes      | The URL of the link. |
@@ -120,7 +120,7 @@ PUT /projects/:id/releases/:tag_name/assets/links/:link_id
 
 | Attribute     | Type           | Required | Description                             |
 | ------------- | -------------- | -------- | --------------------------------------- |
-| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). |
 | `tag_name`    | string         | yes      | The tag associated with the Release. |
 | `link_id`    | integer         | yes      | The id of the link. |
 | `name`        | string         | no | The name of the link. |
@@ -156,7 +156,7 @@ DELETE /projects/:id/releases/:tag_name/assets/links/:link_id
 
 | Attribute     | Type           | Required | Description                             |
 | ------------- | -------------- | -------- | --------------------------------------- |
-| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `id`          | integer/string | yes      | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). |
 | `tag_name`    | string         | yes      | The tag associated with the Release. |
 | `link_id`    | integer         | yes      | The id of the link. |
 

doc/ci/ci_cd_for_external_repos/index.md

 # GitLab CI/CD for external repositories **[PREMIUM]**
 
 NOTE: **Note:**
-To [promote its release](https://about.gitlab.com/2018/03/22/gitlab-10-6-released/#gitlab-cicd-for-external-repos), GitLab.com users are receiving this feature for free through March 22, 2019.
+This feature [is available for free](https://about.gitlab.com/2019/03/21/six-more-months-ci-cd-github/) to
+GitLab.com users until September 22nd, 2019.
 
 >[Introduced][ee-4642] in [GitLab Premium][eep] 10.6.
 

doc/ci/environments.md

@@ -21,7 +21,7 @@ all within GitLab. All you need to do is define them in your project's
 history of your deployments per every environment.
 
 Environments are like tags for your CI jobs, describing where code gets deployed.
-Deployments are created when [jobs] deploy versions of code to environments,
+Deployments are created when [jobs](yaml/README.md#introduction) deploy versions of code to environments,
 so every environment can have one or more deployments. GitLab keeps track of
 your deployments, so you always know what is currently being deployed on your
 servers. If you have a deployment service such as [Kubernetes][kube]
@@ -103,7 +103,7 @@ the Git SHA and environment name.
 To sum up, with the above `.gitlab-ci.yml` we have achieved that:
 
 - All branches will run the `test` and `build` jobs.
-- The `deploy_staging` job will run [only](yaml/README.md#only-and-except-simplified) on the `master`
+- The `deploy_staging` job will run [only](yaml/README.md#onlyexcept-basic) on the `master`
   branch which means all merge requests that are created from branches don't
   get to deploy to the staging server
 - When a merge request is merged, all jobs will run and the `deploy_staging`
@@ -298,8 +298,8 @@ here because it is guaranteed to be unique, but if you're using a workflow like
 environment names to be more closely based on the branch name - the example
 above would give you an URL like `https://100-do-the-thing.example.com`
 
-Last but not least, we tell the job to run [`only`][only] on branches
-[`except`][only] master.
+Last but not least, we tell the job to run [`only`](yaml/README.md#onlyexcept-basic) on branches
+[`except`](yaml/README.md#onlyexcept-basic) master.
 
 >**Note:**
 You are not bound to use the same prefix or only slashes in the dynamic
@@ -646,14 +646,12 @@ Below are some links you may find interesting:
 - [Deploy Boards for your applications running on Kubernetes](../user/project/deploy_boards.md)
 
 [Pipelines]: pipelines.md
-[jobs]: yaml/README.md#jobs
 [yaml]: yaml/README.md
 [environments]: #environments
 [deployments]: #deployments
 [permissions]: ../user/permissions.md
 [variables]: variables/README.md
 [env-name]: yaml/README.md#environmentname
-[only]: yaml/README.md#only-and-except-simplified
 [onstop]: yaml/README.md#environmenton_stop
 [ce-7015]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7015
 [gitlab-flow]: ../workflow/gitlab_flow.md

doc/ci/examples/README.md

@@ -50,6 +50,10 @@ language users and GitLab by sending a merge request with a guide for that langu
 You may want to apply for the [GitLab Community Writers Program](https://about.gitlab.com/community-writers/)
 to get paid for writing complete articles for GitLab.
 
+### Adding templates to your GitLab installation **[PREMIUM ONLY]**
+
+If you want to have customized examples and templates for your own self-managed GitLab instance available to your team, your GitLab administrator can [designate an instance template repository](https://docs.gitlab.com/ee/user/admin_area/settings/instance_template_repository.html) that contains examples and templates specific to your enterprise.
+
 ## Other resources
 
 This section provides further resources to help you get familiar with different aspects of GitLab CI/CD.

doc/ci/examples/deploy_spring_boot_to_cloud_foundry/index.md

@@ -99,7 +99,7 @@ We've used the `java:8` [docker
 image](../../docker/using_docker_images.md) to build
 our application as it provides the up-to-date Java 8 JDK on [Docker
 Hub](https://hub.docker.com/). We've also added the [`only`
-clause](../../yaml/README.md#only-and-except-simplified)
+clause](../../yaml/README.md#onlyexcept-basic)
 to ensure our deployments only happen when we push to the master branch.
 
 Now, since the steps defined in `.gitlab-ci.yml` require credentials to login

doc/ci/examples/end_to_end_testing_webdriverio/index.md

@@ -139,7 +139,7 @@ new browser window interacting with your app as you specified.
 Which brings us to the exciting part: how do we run this in GitLab CI/CD? There are two things we
 need to do for this:
 
-1. Set up [CI/CD jobs](../../yaml/README.md#jobs) that actually have a browser available.
+1. Set up [CI/CD jobs](../../yaml/README.md#introduction) that actually have a browser available.
 2. Update our WebdriverIO configuration to use those browsers to visit the review apps.
 
 For the scope of this article, we've defined an additional [CI/CD stage](../../yaml/README.md#stages)
@@ -184,7 +184,7 @@ option as an argument to `npm run confidence-check` on the command line.
 However, we still need to tell WebdriverIO which browser is available for it to use.
 
 [GitLab CI/CD makes
-a number of variables available](../../variables/README.html#predefined-variables-environment-variables)
+a number of variables available](../../variables/README.html#predefined-environment-variables)
 with information about the current CI job. We can use this information to dynamically set
 up our WebdriverIO configuration according to the job that is running. More specifically, we can
 tell WebdriverIO what browser to execute the test on depending on the name of the currently running

doc/ci/junit_test_reports.md

@@ -113,8 +113,8 @@ There are a few tools that can produce JUnit reports in Java.
 
 In the following example, `gradle` is used to generate the test reports.
 If there are multiple test tasks defined, `gradle` will generate multiple
-directories under `build/test-results/`. In that case, you can leverage regex
-matching by defining the following path: `build/test-results/test/TEST-*.xml`:
+directories under `build/test-results/`. In that case, you can leverage glob
+matching by defining the following path: `build/test-results/test/**/TEST-*.xml`:
 
 ```yaml
 java:
@@ -123,7 +123,7 @@ java:
   - gradle test
   artifacts:
     reports:
-      junit: build/test-results/test/TEST-*.xml
+      junit: build/test-results/test/**/TEST-*.xml
 ```
 
 #### Maven

doc/ci/multi_project_pipelines.md

@@ -48,7 +48,7 @@ outbound connections for upstream and downstream pipeline dependencies.
 ### Triggering a downstream pipeline using a bridge job
 
 Before GitLab 11.8, it was necessary to implement a pipeline job that was
-responsible for making the API request [to trigger a pipeline](triggers/README.md#creating-cross-project-pipeline-through-API)
+responsible for making the API request [to trigger a pipeline](#triggering-multi-project-pipelines-through-api)
 in a different project.
 
 In GitLab 11.8, GitLab provides a new CI/CD configuration syntax to make this

doc/ci/variables/README.md

@@ -593,7 +593,7 @@ If any of the conditions in `variables` evaluates to truth when using `only`,
 a new job is going to be created. If any of the expressions evaluates to truth
 when `except` is being used, a job is not going to be created.
 
-This follows usual rules for [`only` / `except` policies][builds-policies].
+This follows usual rules for [`only` / `except` policies](../yaml/README.md#onlyexcept-advanced).
 
 ### Supported syntax
 
@@ -659,7 +659,6 @@ Below you can find supported syntax reference:
 [protected tags]: ../../user/project/protected_tags.md
 [shellexecutors]: https://docs.gitlab.com/runner/executors/
 [triggered]: ../triggers/README.md
-[builds-policies]: ../yaml/README.md#only-and-except-complex
 [trigger-job-token]: ../triggers/README.md#ci-job-token
 [gitlab-deploy-token]: ../../user/project/deploy_tokens/index.md#gitlab-deploy-token
 [registry]: ../../user/project/container_registry.md

doc/ci/yaml/README.md

@@ -423,7 +423,7 @@ If you use multiple keys under `only` or `except`, they act as an AND. The logic
 #### `only:refs`/`except:refs`
 
 The `refs` strategy can take the same values as the
-[simplified only/except configuration](#only-and-except-simplified).
+[simplified only/except configuration](#onlyexcept-basic).
 
 In the example below, the `deploy` job is going to be created only when the
 pipeline has been [scheduled][schedules] or runs for the `master` branch:

doc/customization/issue_and_merge_request_template.md

 ---
-redirect_to: '../user/project/description_templates.md#setting-a-default-template-for-issues-and-merge-requests'
+redirect_to: '../user/project/description_templates.md#setting-a-default-template-for-issues-and-merge-requests--starter'
 ---
 
-This document was moved to [description_templates](../user/project/description_templates.md#setting-a-default-template-for-issues-and-merge-requests).
+This document was moved to [description_templates](../user/project/description_templates.md#setting-a-default-template-for-issues-and-merge-requests--starter).

doc/development/documentation/feature-change-workflow.md

@@ -78,7 +78,7 @@ For issues requiring any new or updated documentation, the Product Manager (PM)
 must:
 
 - Add the `Documentation` label.
-- Confirm or add the [documentation requirements](#documentation-requirements).
+- Confirm or add the [documentation requirements](#documentation-requirements-in-feature-issues).
 - Ensure the issue contains any new or updated feature name, overview/description,
   and use cases, as required per the [documentation structure and template](structure.md), when applicable.
 

doc/development/ux_guide/users.md

 ---
-redirect_to: 'https://design.gitlab.com/getting-started/personas/'
+redirect_to: 'https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/'
 ---
 
-The content of this document was moved into the [GitLab Design System](https://design.gitlab.com/).
+This document was moved to [another location](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/).

doc/user/admin_area/settings/continuous_integration.md

@@ -20,7 +20,7 @@ From now on, every existing project and newly created ones that don't have a
 `.gitlab-ci.yml`, will use the Auto DevOps pipelines.
 
 If you want to disable it for a specific project, you can do so in
-[its settings](../../../topics/autodevops/index.md##enablingdisabling-auto-devops).
+[its settings](../../../topics/autodevops/index.md#enablingdisabling-auto-devops).
 
 ## Maximum artifacts size **[CORE ONLY]**
 

doc/user/discussions/index.md

@@ -12,7 +12,7 @@ You can leave a comment in the following places:
 - commit diffs
 
 There are standard comments, and you also have the option to create a comment
-in the form of a threaded discussion. A comment can also be [turned into a discussion](#start-a-discussion-by-replying-to-a-non-discussion-comment)
+in the form of a threaded discussion. A comment can also be [turned into a discussion](#start-a-discussion-by-replying-to-a-standard-comment)
 when it receives a reply.
 
 The comment area supports [Markdown] and [quick actions]. You can edit your own
@@ -317,7 +317,7 @@ This will add the comment to the review.
 
 ### Resolving/Unresolving discussions
 
-Review comments can also resolve/unresolve [resolvable discussions](#resolvable-discussions).
+Review comments can also resolve/unresolve [resolvable discussions](#resolvable-comments-and-discussions).
 When replying to a comment, you will see a checkbox that you can click in order to resolve or unresolve
 the discussion once published.
 

doc/user/index.md

@@ -36,34 +36,34 @@ To get familiar with the concepts needed to develop code on GitLab, read the fol
 
 GitLab is a Git-based platform that integrates a great number of essential tools for software development and deployment, and project management:
 
-- Hosting code in repositories with version control
+- Hosting code in repositories with version control.
 - Tracking proposals for new implementations, bug reports, and feedback with a
-  fully featured [Issue Tracker](project/issues/index.md#issue-tracker)
-- Organizing and prioritizing with [Issue Boards](project/issues/index.md#issue-boards)
+  fully featured [Issue Tracker](project/issues/index.md#issue-tracker).
+- Organizing and prioritizing with [Issue Boards](project/issues/index.md#issue-board).
 - Reviewing code in [Merge Requests](project/merge_requests/index.md) with live-preview changes per
-  branch with [Review Apps](../ci/review_apps/index.md)
-- Building, testing and deploying with built-in [Continuous Integration](../ci/README.md)
-- Deploying personal and professional static websites with [GitLab Pages](project/pages/index.md)
-- Integrating with Docker by using [GitLab Container Registry](project/container_registry.md)
-- Tracking the development lifecycle by usingn [GitLab Cycle Analytics](project/cycle_analytics.md)
+  branch with [Review Apps](../ci/review_apps/index.md).
+- Building, testing, and deploying with built-in [Continuous Integration](../ci/README.md).
+- Deploying personal and professional static websites with [GitLab Pages](project/pages/index.md).
+- Integrating with Docker by using [GitLab Container Registry](project/container_registry.md).
+- Tracking the development lifecycle by using [GitLab Cycle Analytics](project/cycle_analytics.md).
 
 With GitLab Enterprise Edition, you can also:
 
-- Provide support with [Service Desk](https://docs.gitlab.com/ee/user/project/service_desk.html)
+- Provide support with [Service Desk](project/service_desk.md).
 - Improve collaboration with
-  [Merge Request Approvals](https://docs.gitlab.com/ee/user/project/merge_requests/index.html#merge-request-approvals),
-  [Multiple Assignees for Issues](https://docs.gitlab.com/ee/user/project/issues/multiple_assignees_for_issues.html),
-  and [Multiple Issue Boards](https://docs.gitlab.com/ee/user/project/issue_board.html#multiple-issue-boards)
-- Create formal relationships between issues with [Related Issues](https://docs.gitlab.com/ee/user/project/issues/related_issues.html)
-- Use [Burndown Charts](https://docs.gitlab.com/ee/user/project/milestones/burndown_charts.html) to track progress during a sprint or while working on a new version of their software.
-- Leverage [Elasticsearch](https://docs.gitlab.com/ee/integration/elasticsearch.html) with [Advanced Global Search](https://docs.gitlab.com/ee/user/search/advanced_global_search.html) and [Advanced Syntax Search](https://docs.gitlab.com/ee/user/search/advanced_search_syntax.html) for faster, more advanced code search across your entire GitLab instance
-- [Authenticate users with Kerberos](https://docs.gitlab.com/ee/integration/kerberos.html)
-- [Mirror a repository](https://docs.gitlab.com/ee/workflow/repository_mirroring.html) from elsewhere on your local server.
-- [Export issues as CSV](https://docs.gitlab.com/ee/user/project/issues/csv_export.html)
-- View your entire CI/CD pipeline involving more than one project with [Multiple-Project Pipeline Graphs](https://docs.gitlab.com/ee/ci/multi_project_pipeline_graphs.html)
-- [Lock files](https://docs.gitlab.com/ee/user/project/file_lock.html) to prevent conflicts
-- View the current health and status of each CI environment running on Kubernetes with [Deploy Boards](https://docs.gitlab.com/ee/user/project/deploy_boards.html)
-- Leverage continuous delivery method with [Canary Deployments](https://docs.gitlab.com/ee/user/project/canary_deployments.html)
+  [Merge Request Approvals](project/merge_requests/index.md#merge-request-approvals),
+  [Multiple Assignees for Issues](project/issues/multiple_assignees_for_issues.md),
+  and [Multiple Issue Boards](project/issue_board.md#multiple-issue-boards-starter).
+- Create formal relationships between issues with [Related Issues](project/issues/related_issues.md).
+- Use [Burndown Charts](project/milestones/burndown_charts.md) to track progress during a sprint or while working on a new version of their software.
+- Leverage [Elasticsearch](../integration/elasticsearch.md) with [Advanced Global Search](search/advanced_global_search.md) and [Advanced Syntax Search](search/advanced_search_syntax.md) for faster, more advanced code search across your entire GitLab instance.
+- [Authenticate users with Kerberos](../integration/kerberos.md).
+- [Mirror a repository](../workflow/repository_mirroring.md) from elsewhere on your local server.
+- [Export issues as CSV](project/issues/csv_export.md).
+- View your entire CI/CD pipeline involving more than one project with [Multiple-Project Pipelines](../ci/multi_project_pipelines.md).
+- [Lock files](project/file_lock.md) to prevent conflicts.
+- View the current health and status of each CI environment running on Kubernetes with [Deploy Boards](project/deploy_boards.md).
+- Leverage continuous delivery method with [Canary Deployments](project/canary_deployments.md).
 - Scan your code for vulnerabilities and [display them in merge requests](project/merge_requests/sast.md).
 
 You can also [integrate](project/integrations/project_services.md) GitLab with
@@ -109,8 +109,8 @@ to enjoy the best of GitLab.
 - [Permissions](permissions.md): Learn the different set of permissions levels for each
   user type (guest, reporter, developer, maintainer, owner).
 - [Feature highlight](feature_highlight.md): Learn more about the little blue dots
-  around the app that explain certain features
-- [Abuse reports](abuse_reports.md): Report abuse from users to GitLab administrators
+  around the app that explain certain features.
+- [Abuse reports](abuse_reports.md): Report abuse from users to GitLab administrators.
 
 ## Groups
 
@@ -126,7 +126,7 @@ merge requests, code snippets, and commits.
 
 When performing inline reviews to implementations
 to your codebase through merge requests you can
-gather feedback through [resolvable discussions](discussions/index.md#resolvable-discussions).
+gather feedback through [resolvable discussions](discussions/index.md#resolvable-comments-and-discussions).
 
 ### GitLab Flavored Markdown (GFM)
 

doc/user/markdown.md

@@ -289,15 +289,15 @@ On Linux, you can download [Noto Color Emoji](https://www.google.com/get/noto/he
 Ubuntu 18.04 (like many modern Linux distros) has this font installed by default.
 ```
 
-Sometimes you want to <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/monkey.png" width="20px" height="20px"> around a bit and add some <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/star2.png" width="20px" height="20px"> to your <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/speech_balloon.png" width="20px" height="20px">. Well we have a gift for you:
+Sometimes you want to <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/monkey.png" width="20px" height="20px"> around a bit and add some <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/star2.png" width="20px" height="20px"> to your <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/speech_balloon.png" width="20px" height="20px">. Well we have a gift for you:
 
-<img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/zap.png" width="20px" height="20px">You can use emoji anywhere GFM is supported. <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/v.png" width="20px" height="20px">
+<img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/zap.png" width="20px" height="20px">You can use emoji anywhere GFM is supported. <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/v.png" width="20px" height="20px">
 
-You can use it to point out a <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/bug.png" width="20px" height="20px"> or warn about <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/speak_no_evil.png" width="20px" height="20px"> patches. And if someone improves your really <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/snail.png" width="20px" height="20px"> code, send them some <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/birthday.png" width="20px" height="20px">. People will <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/heart.png" width="20px" height="20px"> you for that.
+You can use it to point out a <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/bug.png" width="20px" height="20px"> or warn about <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/speak_no_evil.png" width="20px" height="20px"> patches. And if someone improves your really <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/snail.png" width="20px" height="20px"> code, send them some <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/birthday.png" width="20px" height="20px">. People will <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/heart.png" width="20px" height="20px"> you for that.
 
-If you are new to this, don't be <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/fearful.png" width="20px" height="20px">. You can easily join the emoji <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/family.png" width="20px" height="20px">. All you need to do is to look up one of the supported codes.
+If you are new to this, don't be <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/fearful.png" width="20px" height="20px">. You can easily join the emoji <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/family.png" width="20px" height="20px">. All you need to do is to look up one of the supported codes.
 
-Consult the [Emoji Cheat Sheet](https://www.webfx.com/tools/emoji-cheat-sheet/) for a list of all supported emoji codes. <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/app/assets/images/emoji/thumbsup.png" width="20px" height="20px">
+Consult the [Emoji Cheat Sheet](https://www.webfx.com/tools/emoji-cheat-sheet/) for a list of all supported emoji codes. <img src="https://gitlab.com/gitlab-org/gitlab-ce/raw/master/public/-/emojis/1/thumbsup.png" width="20px" height="20px">
 
 Most emoji are natively supported on macOS, Windows, iOS, Android and will fallback to image-based emoji where there is lack of support.
 

doc/user/project/clusters/index.md

@@ -69,7 +69,7 @@ new Kubernetes cluster to your project:
    - **Number of nodes** - Enter the number of nodes you wish the cluster to have.
    - **Machine type** - The [machine type](https://cloud.google.com/compute/docs/machine-types)
      of the Virtual Machine instance that the cluster will be based on.
-   - **RBAC-enabled cluster** - Leave this checked if using default GKE creation options, see the [RBAC section](#role-based-access-control-rbac-core-only) for more information.
+   - **RBAC-enabled cluster** - Leave this checked if using default GKE creation options, see the [RBAC section](#role-based-access-control-rbac) for more information.
 1. Finally, click the **Create Kubernetes cluster** button.
 
 After a couple of minutes, your cluster will be ready to go. You can now proceed

doc/user/project/deploy_boards.md

@@ -41,7 +41,7 @@ specific environment, there are lot of uses cases. To name a few:
 
 - You want to promote what's running in staging, to production. You go to the
   environments list, verify that what's running in staging is what you think is
-  running, then click on the [manual action] to deploy to production.
+  running, then click on the [manual action](../../ci/yaml/README.md#whenmanual) to deploy to production.
 - You trigger a deploy, and you've got lots of containers to upgrade so you know
   it'll take a while (you've also throttled your deploy to only take down X
   containers at a time). But you need to tell someone when it's deployed, so you
@@ -129,5 +129,4 @@ version of your application.
 [variables]: ../../ci/variables/README.md "GitLab CI variables"
 [autodeploy]: ../../ci/autodeploy/index.md "GitLab Autodeploy"
 [kube-image]: https://gitlab.com/gitlab-examples/kubernetes-deploy/container_registry "Kubernetes deploy Container Registry"
-[manual action]: ../../ci/yaml/README.md#manual-actions
 [runners]: ../../ci/runners/README.md

doc/user/project/index.md

@@ -17,7 +17,7 @@ When you create a project in GitLab, you'll have access to a large number of
 
 - [Issue tracker](issues/index.md): Discuss implementations with your team within issues
   - [Issue Boards](issue_board.md): Organize and prioritize your workflow
-  - [Multiple Issue Boards](https://docs.gitlab.com/ee/user/project/issue_board.html#multiple-issue-boards): Allow your teams to create their own workflows (Issue Boards) for the same project **[STARTER]**
+  - [Multiple Issue Boards](issue_board.md#multiple-issue-boards-starter): Allow your teams to create their own workflows (Issue Boards) for the same project **[STARTER]**
 - [Repositories](repository/index.md): Host your code in a fully
   integrated platform
   - [Branches](repository/branches/index.md): use Git branching strategies to

doc/user/project/issue_board.md

@@ -28,11 +28,11 @@ Issue Boards** (version introduced in GitLab 8.11 - August 2016).
 ### Advanced features of Issue Boards
 
 With [GitLab Starter](https://about.gitlab.com/pricing/), you can create
-[multiple issue boards](#multiple-issue-boards) for a given project. **[STARTER]**
+[multiple issue boards](#multiple-issue-boards-starter) for a given project. **[STARTER]**
 
 With [GitLab Premium](https://about.gitlab.com/pricing/), you can also create multiple
-issue boards for your groups, and add lists for [assignees](#assignee-lists) and
-[milestones](#milestone-lists). **[PREMIUM]**
+issue boards for your groups, and add lists for [assignees](#assignee-lists-premium) and
+[milestones](#milestone-lists-premium). **[PREMIUM]**
 
 Check all the [advanced features of Issue Boards](#gitlab-enterprise-features-for-issue-boards)
 below.
@@ -97,7 +97,7 @@ If we have the labels "**backend**", "**frontend**", "**staging**", and
 
 ### Use cases for Multiple Issue Boards
 
-With [Multiple Issue Boards](#multiple-issue-boards), available only in
+With [Multiple Issue Boards](#multiple-issue-boards-starter), available only in
 [GitLab Enterprise Edition](https://about.gitlab.com/pricing/),
 each team can have their own board to organize their workflow individually.
 
@@ -220,7 +220,7 @@ Click the button at the top right to toggle focus mode on and off. In focus mode
 
 The top of each list indicates the sum of issue weights for the issues that
 belong to that list. This is useful when using boards for capacity allocation,
-especially in combination with [assignee lists](#assignee-lists).
+especially in combination with [assignee lists](#assignee-lists-premium).
 
 ![Issue Board summed weights](img/issue_board_summed_weights.png)
 

doc/user/project/issues/confidential_issues.md

 # Confidential issues
 
-> [Introduced][ce-3282] in GitLab 8.6.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3282) in GitLab 8.6.
 
 Confidential issues are issues visible only to members of a project with
 [sufficient permissions](#permissions-and-access-to-confidential-issues).
@@ -67,7 +67,7 @@ There is also an indicator on the sidebar denoting confidentiality.
 
 There are two kinds of level access for confidential issues. The general rule
 is that confidential issues are visible only to members of a project with at
-least [Reporter access][permissions]. However, a guest user can also create
+least [Reporter access](../../permissions.md#project-members-permissions). However, a guest user can also create
 confidential issues, but can only view the ones that they created themselves.
 
 Confidential issues are also hidden in search results for unprivileged users.
@@ -77,6 +77,3 @@ project's search results respectively.
 | Maintainer access | Guest access |
 | :-----------: | :----------: |
 | ![Confidential issues search master](img/confidential_issues_search_master.png) | ![Confidential issues search guest](img/confidential_issues_search_guest.png) |
-
-[permissions]: ../../permissions.md#project
-[ce-3282]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3282

doc/user/project/issues/crosslinking_issues.md

@@ -48,13 +48,12 @@ issues in merge requests.
 
 ## From Merge Requests
 
-Mentioning issues in merge request comments work exactly the same way
+Mentioning issues in merge request comments works exactly the same way as
 they do for [related issues](#from-related-issues). 
 
-When you mention an issue in a merge request description, you can either
-[close the issue as soon as the merge request is merged](closing_issues.md#via-merge-request),
-or simply link both issue and merge request as described in the
-[closing issues documentation](closing_issues.md#from-related-issues).
+When you mention an issue in a merge request description, it will simply
+[link the issue and merge request together](#from-related-issues). Additionally,
+you can also [set an issue to close as soon as the merge request is merged](closing_issues.md#via-merge-request).
 
 ![issue mentioned in MR](img/mention_in_merge_request.png)
 

doc/user/project/issues/due_dates.md

 # Due dates
 
-> [Introduced][ce-3614] in GitLab 8.7.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3614) in GitLab 8.7.
 
 Please read through the [GitLab Issue Documentation](index.md) for an overview on GitLab Issues.
 
 Due dates can be used in issues to keep track of deadlines and make sure
-features are shipped on time. Due dates require at least [Reporter permissions][permissions]
+features are shipped on time. Due dates require at least [Reporter permissions](../../permissions.md#project-members-permissions)
 to be able to edit them. On the contrary, they can be seen by everybody.
 
 ## Setting a due date
@@ -47,6 +47,3 @@ on the _Subscribe to calendar_ button on the following pages:
   GitLab header
 - on the **Project Issues** page
 - on the **Group Issues** page
-
-[ce-3614]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3614
-[permissions]: ../../permissions.md#project

doc/user/project/issues/index.md

@@ -109,7 +109,7 @@ issue within your team only, you can make that
 [issue confidential](confidential_issues.md). Even if your project
 is public, that issue will be preserved. The browser will
 respond with a 404 error whenever someone who is not a project
-member with at least [Reporter level](../../permissions.md#project) tries to
+member with at least [Reporter level](../../permissions.md#project-members-permissions) tries to
 access that issue's URL.
 
 Learn more about them on the [confidential issues documentation](confidential_issues.md).
@@ -139,6 +139,9 @@ Find GitLab Issue Boards by navigating to your **Project's Dashboard** > **Issue
 Read through the documentation for [Issue Boards](../issue_board.md)
 to find out more about this feature.
 
+With [GitLab Starter](https://about.gitlab.com/pricing/), you can also
+create various boards per project with [Multiple Issue Boards](../issue_board.html#multiple-issue-boards-starter).
+
 ### Export Issues to CSV **[STARTER]**
 
 Issues can be [exported as CSV](csv_export.md) from GitLab and are sent to your email as an attachment.

doc/user/project/labels.md

@@ -99,9 +99,9 @@ From the group epic list page, you can [filter](../search/index.md#issues-and-me
 ### Filtering in issue boards
 
 - From [project boards](issue_board.md), you can filter by both group labels and project labels in the [search and filter bar](../search/index.md#issue-boards).
-- From [group issue boards](issue_board.md#group-issue-boards), you can filter by only group labels in the [search and filter bar](../search/index.md#issue-boards). **[PREMIUM]**
-- From [project boards](issue_board.md), you can filter by both group labels and project labels in the [issue board configuration](issue_board.md#board-with-configuration). **[PREMIUM]**
-- From [group issue boards](issue_board.md#group-issue-boards), you can filter by only group labels in the [issue board configuration](issue_board.md#board-with-configuration). **[PREMIUM]**
+- From [group issue boards](issue_board.md#group-issue-boards-premium), you can filter by only group labels in the [search and filter bar](../search/index.md#issue-boards). **[PREMIUM]**
+- From [project boards](issue_board.md), you can filter by both group labels and project labels in the [issue board configuration](issue_board.md#configurable-issue-boards-starter). **[STARTER]**
+- From [group issue boards](issue_board.md#group-issue-boards-premium), you can filter by only group labels in the [issue board configuration](issue_board.md#configurable-issue-boards-starter). **[PREMIUM]**
 
 ## Subscribing to labels
 

doc/user/project/merge_requests/license_management.md

@@ -13,7 +13,7 @@ your existing `.gitlab-ci.yml` file or by implicitly using
 [Auto License Management](../../../topics/autodevops/index.md#auto-license-management-ultimate)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
-In addition, you can [manually approve or blacklist](#manual-license-management) licenses in the project's settings.
+In addition, you can [manually approve or blacklist](#project-policies-for-license-management) licenses in the project's settings.
 
 Going a step further, GitLab can show the licenses list right in the merge
 request widget area, highlighting the presence of licenses you don't want to use, or new

doc/user/project/milestones/index.md

@@ -84,9 +84,9 @@ From the project issue/merge request list pages and the group issue/merge reques
 ### Filtering in issue boards
 
 - From [project issue boards](../issue_board.md), you can filter by both group milestones and project milestones in the [search and filter bar](../../search/index.md#issue-boards).
-- From [group issue boards](../issue_board.md#group-issue-boards), you can filter by only group milestones in the [search and filter bar](../../search/index.md#issue-boards). **[PREMIUM]**
-- From [project issue boards](../issue_board.md), you can filter by both group milestones and project milestones in the [issue board configuration](../issue_board.md#board-with-configuration). **[STARTER]**
-- From [group issue boards](../issue_board.md#group-issue-boards) you can filter by only group milestones in the [issue board configuration](../issue_board.md#board-with-configuration). **[PREMIUM]**
+- From [group issue boards](../issue_board.md#group-issue-boards-premium), you can filter by only group milestones in the [search and filter bar](../../search/index.md#issue-boards). **[PREMIUM]**
+- From [project issue boards](../issue_board.md), you can filter by both group milestones and project milestones in the [issue board configuration](../issue_board.md#configurable-issue-boards-starter). **[STARTER]**
+- From [group issue boards](../issue_board.md#group-issue-boards-premium) you can filter by only group milestones in the [issue board configuration](../issue_board.md#configurable-issue-boards-starter). **[PREMIUM]**
 
 
 

doc/user/project/pages/getting_started_part_four.md

@@ -24,7 +24,7 @@ one for the first time.**
 [GitLab CI/CD](../../../ci/README.md) serves
 numerous purposes, to build, test, and deploy your app
 from GitLab through
-[Continuous Integration, Continuous Delivery, and Continuous Deployment](../../../ci/introduction/index.md#introduction-to-continuous-methods)
+[Continuous Integration, Continuous Delivery, and Continuous Deployment](../../../ci/introduction/index.md#introduction-to-cicd-methodologies)
 methods. You will need it to build your website with GitLab Pages,
 and deploy it to the Pages server.
 

doc/user/project/pages/introduction.md

@@ -152,7 +152,7 @@ Depending on how you plan to publish your website, the steps defined in the
 
 Be aware that Pages are by default branch/tag agnostic and their deployment
 relies solely on what you specify in `.gitlab-ci.yml`. If you don't limit the
-`pages` job with the [`only` parameter](../../../ci/yaml/README.md#only-and-except-simplified),
+`pages` job with the [`only` parameter](../../../ci/yaml/README.md#onlyexcept-basic),
 whenever a new commit is pushed to whatever branch or tag, the Pages will be
 overwritten. In the example below, we limit the Pages to be deployed whenever
 a commit is pushed only on the `master` branch:
@@ -253,7 +253,7 @@ get you started.
 
 Remember that GitLab Pages are by default branch/tag agnostic and their
 deployment relies solely on what you specify in `.gitlab-ci.yml`. You can limit
-the `pages` job with the [`only` parameter](../../../ci/yaml/README.md#only-and-except-simplified),
+the `pages` job with the [`only` parameter](../../../ci/yaml/README.md#onlyexcept-basic),
 whenever a new commit is pushed to a branch that will be used specifically for
 your pages.
 

doc/user/project/pipelines/schedules.md

@@ -59,7 +59,7 @@ GitLab CI so that they can be used in your `.gitlab-ci.yml` file.
 
 To configure that a job can be executed only when the pipeline has been
 scheduled (or the opposite), you can use
-[only and except](../../../ci/yaml/README.md#only-and-except-simplified) configuration keywords.
+[only and except](../../../ci/yaml/README.md#onlyexcept-basic) configuration keywords.
 
 ```
 job:on-schedule:

doc/user/snippets.md

@@ -20,7 +20,7 @@ and private. See [Public access](../public_access/public_access.md) for more inf
 ## Project snippets
 
 Project snippets are always related to a specific project.
-See [Project's features](project/index.md#projects-features) for more information.
+See [Project features](project/index.md#project-features) for more information.
 
 ## Discover snippets
 

ee/app/assets/javascripts/geo_nodes/components/app.vue

@@ -34,6 +34,10 @@ export default {
       type: Boolean,
       required: true,
     },
+    geoTroubleshootingHelpPath: {
+      type: String,
+      required: true,
+    },
   },
   data() {
     return {
@@ -213,6 +217,7 @@ export default {
       :primary-node="node.primary"
       :node-actions-allowed="nodeActionsAllowed"
       :node-edit-allowed="nodeEditAllowed"
+      :geo-troubleshooting-help-path="geoTroubleshootingHelpPath"
     />
     <deprecated-modal
       v-show="showModal"

ee/app/assets/javascripts/geo_nodes/components/geo_node_details.vue

 <script>
 /* eslint-disable vue/no-side-effects-in-computed-properties */
+import { GlLink } from '@gitlab/ui';
 import { s__ } from '~/locale';
 
 import NodeDetailsSectionMain from './node_detail_sections/node_details_section_main.vue';
@@ -9,6 +10,7 @@ import NodeDetailsSectionOther from './node_detail_sections/node_details_section
 
 export default {
   components: {
+    GlLink,
     NodeDetailsSectionMain,
     NodeDetailsSectionSync,
     NodeDetailsSectionVerification,
@@ -31,6 +33,10 @@ export default {
       type: Boolean,
       required: true,
     },
+    geoTroubleshootingHelpPath: {
+      type: String,
+      required: true,
+    },
   },
   data() {
     return {
@@ -80,7 +86,12 @@ export default {
       :node-type-primary="node.primary"
     />
     <div v-if="hasError || hasVersionMismatch" class="node-health-message-container">
-      <p class="node-health-message">{{ errorMessage }}</p>
+      <p class="node-health-message">
+        {{ errorMessage }}
+        <gl-link :href="geoTroubleshootingHelpPath">{{
+          s__('Geo|Please refer to Geo Troubleshooting.')
+        }}</gl-link>
+      </p>
     </div>
   </div>
 </template>

ee/app/assets/javascripts/geo_nodes/components/geo_node_item.vue

 <script>
+import { GlLink } from '@gitlab/ui';
+
 import eventHub from '../event_hub';
 
 import GeoNodeHeader from './geo_node_header.vue';
@@ -6,6 +8,7 @@ import GeoNodeDetails from './geo_node_details.vue';
 
 export default {
   components: {
+    GlLink,
     GeoNodeHeader,
     GeoNodeDetails,
   },
@@ -26,6 +29,10 @@ export default {
       type: Boolean,
       required: true,
     },
+    geoTroubleshootingHelpPath: {
+      type: String,
+      required: true,
+    },
   },
   data() {
     return {
@@ -84,9 +91,15 @@ export default {
       :node-details="nodeDetails"
       :node-edit-allowed="nodeEditAllowed"
       :node-actions-allowed="nodeActionsAllowed"
+      :geo-troubleshooting-help-path="geoTroubleshootingHelpPath"
     />
     <div v-if="isNodeDetailsFailed" class="node-health-message-container">
-      <p class="health-message node-health-message">{{ errorMessage }}</p>
+      <p class="node-health-message">
+        {{ errorMessage
+        }}<gl-link :href="geoTroubleshootingHelpPath">{{
+          s__('Geo|Please refer to Geo Troubleshooting.')
+        }}</gl-link>
+      </p>
     </div>
   </div>
 </template>

ee/app/assets/javascripts/geo_nodes/components/geo_nodes_list.vue

@@ -18,6 +18,10 @@ export default {
       type: Boolean,
       required: true,
     },
+    geoTroubleshootingHelpPath: {
+      type: String,
+      required: true,
+    },
   },
 };
 </script>
@@ -31,6 +35,7 @@ export default {
       :primary-node="node.primary"
       :node-actions-allowed="nodeActionsAllowed"
       :node-edit-allowed="nodeEditAllowed"
+      :geo-troubleshooting-help-path="geoTroubleshootingHelpPath"
     />
   </div>
 </template>

ee/app/assets/javascripts/geo_nodes/index.js

@@ -24,9 +24,10 @@ export default () => {
     },
     data() {
       const { dataset } = this.$options.el;
+      const { primaryVersion, primaryRevision, geoTroubleshootingHelpPath } = dataset;
       const nodeActionsAllowed = parseBoolean(dataset.nodeActionsAllowed);
       const nodeEditAllowed = parseBoolean(dataset.nodeEditAllowed);
-      const store = new GeoNodesStore(dataset.primaryVersion, dataset.primaryRevision);
+      const store = new GeoNodesStore(primaryVersion, primaryRevision);
       const service = new GeoNodesService();
 
       return {
@@ -34,6 +35,7 @@ export default () => {
         service,
         nodeActionsAllowed,
         nodeEditAllowed,
+        geoTroubleshootingHelpPath,
       };
     },
     render(createElement) {
@@ -43,6 +45,7 @@ export default () => {
           service: this.service,
           nodeActionsAllowed: this.nodeActionsAllowed,
           nodeEditAllowed: this.nodeEditAllowed,
+          geoTroubleshootingHelpPath: this.geoTroubleshootingHelpPath,
         },
       });
     },

ee/app/assets/stylesheets/pages/geo_nodes.scss

@@ -85,7 +85,7 @@
 
     .node-health-message {
       margin-bottom: 0;
-      padding: 2px $gl-padding-8;
+      padding: $gl-padding;
       background-color: $red-100;
       color: $red-500;
     }

ee/app/controllers/ee/projects/git_http_controller.rb

@@ -48,6 +48,7 @@ module EE
       def authenticate_user
         return super unless geo_request?
         return render_bad_geo_auth('Bad token') unless decoded_authorization
+        return render_bad_geo_auth('Unauthorized scope') unless jwt_scope_valid?
 
         # grant access
         @authentication_result = ::Gitlab::Auth::Result.new(nil, project, :geo, [:download_code, :push_code]) # rubocop:disable Gitlab/ModuleWithInstanceVariables
@@ -57,6 +58,14 @@ module EE
         render_bad_geo_auth("Invalid signature time ")
       end
 
+      def jwt_scope_valid?
+        decoded_authorization[:scope] == repository.full_path
+      end
+
+      def repository
+        wiki? ? project.wiki.repository : project.repository
+      end
+
       def decoded_authorization
         strong_memoize(:decoded_authorization) do
           ::Gitlab::Geo::JwtRequestDecoder.new(request.headers['Authorization']).decode

ee/app/helpers/ee/geo_helper.rb

@@ -30,7 +30,8 @@ module EE
         primary_version: version.to_s,
         primary_revision: revision.to_s,
         node_actions_allowed: ::Gitlab::Database.db_read_write?.to_s,
-        node_edit_allowed: ::Gitlab::Geo.license_allows?.to_s
+        node_edit_allowed: ::Gitlab::Geo.license_allows?.to_s,
+        geo_troubleshooting_help_path: help_page_path('administration/geo/replication/troubleshooting.md')
       }
     end
 

ee/app/serializers/ee/environment_entity.rb

@@ -6,6 +6,8 @@ module EE
     extend ::Gitlab::Utils::Override
 
     prepended do
+      expose :rollout_status, if: -> (*) { can_read_deploy_board? }, using: ::RolloutStatusEntity
+
       expose :logs_path, if: -> (*) { can_read_pod_logs? } do |environment|
         logs_project_environment_path(environment.project, environment)
       end
@@ -16,5 +18,9 @@ module EE
     def can_read_pod_logs?
       can?(current_user, :read_pod_logs, environment.project)
     end
+
+    def can_read_deploy_board?
+      can?(current_user, :read_deploy_board, environment.project)
+    end
   end
 end

ee/app/services/feature_flags/base_service.rb

@@ -6,13 +6,7 @@ module FeatureFlags
 
     protected
 
-    def audit_enabled?
-      Feature.enabled?(:feature_flag_audit, project, default_enabled: true)
-    end
-
     def audit_event(feature_flag)
-      return unless audit_enabled?
-
       message = audit_message(feature_flag)
 
       return if message.blank?
@@ -33,7 +27,7 @@ module FeatureFlags
     end
 
     def save_audit_event(audit_event)
-      return unless audit_event # feature_flag_audit is disabled or audit_message is blank
+      return unless audit_event
 
       audit_event.security_event
     end

ee/app/services/geo/base_sync_service.rb

@@ -101,7 +101,7 @@ module Geo
     # Build a JWT header for authentication
     def jwt_authentication_header
       authorization = ::Gitlab::Geo::RepoSyncRequest.new(
-        scope: project.repository.full_path
+        scope: repository.full_path
       ).authorization
 
       { "http.#{remote_url}.extraHeader" => "Authorization: #{authorization}" }

ee/changelogs/unreleased/80-geo-enforce-repository-jwt-scopes.yml

+---
+title: Enforce Geo JWT tokens scope for repository sync
+merge_request: 10303
+author:
+type: changed

ee/changelogs/unreleased/mk-suggest-geo-check-in-error.yml

+---
+title: 'Geo: Help admins diagnose configuration problems'
+merge_request: 9988
+author:
+type: added

ee/spec/features/projects/feature_flags/user_creates_feature_flag_spec.rb

@@ -15,7 +15,6 @@ describe 'User creates feature flag', :js do
   end
 
   context 'when creates without changing scopes' do
-    shared_examples 'succesfully creates feature flag' do
     before do
       visit(new_project_feature_flag_path(project))
       set_feature_flag_info('ci_live_trace', 'For live trace')
@@ -34,10 +33,6 @@ describe 'User creates feature flag', :js do
         end
       end
     end
-    end
-
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully creates feature flag'
 
     it 'records audit event' do
       visit(project_audit_events_path(project))
@@ -46,23 +41,7 @@ describe 'User creates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully creates feature flag'
-
-      it 'does not record audit event' do
-        visit(project_audit_events_path(project))
-
-        expect(page).to have_no_text("Created feature flag")
-      end
-    end
-  end
-
   context 'when creates with disabling the default scope' do
-    shared_examples 'succesfully creates feature flag' do
     before do
       visit(new_project_feature_flag_path(project))
       set_feature_flag_info('ci_live_trace', 'For live trace')
@@ -87,21 +66,7 @@ describe 'User creates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully creates feature flag'
-    end
-
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully creates feature flag'
-    end
-  end
-
   context 'when creates with an additional scope' do
-    shared_examples 'succesfully creates feature flag' do
     before do
       visit(new_project_feature_flag_path(project))
       set_feature_flag_info('mr_train', '')
@@ -135,23 +100,9 @@ describe 'User creates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully creates feature flag'
-    end
-
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully creates feature flag'
-    end
-  end
-
   context 'when searches an environment name for scope creation' do
     let!(:environment) { create(:environment, name: 'production', project: project) }
 
-    shared_examples 'succesfully creates feature flag' do
     before do
       visit(new_project_feature_flag_path(project))
       set_feature_flag_info('mr_train', '')
@@ -181,19 +132,6 @@ describe 'User creates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully creates feature flag'
-    end
-
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully creates feature flag'
-    end
-  end
-
   private
 
   def set_feature_flag_info(name, description)

ee/spec/features/projects/feature_flags/user_updates_feature_flag_spec.rb

@@ -37,7 +37,6 @@ describe 'User updates feature flag', :js do
   end
 
   context 'when user updates a status of a scope' do
-    shared_examples 'succesfully updates feature flag' do
     before do
       within_scope_row(2) do
         within_status { find('.project-feature-toggle').click }
@@ -60,10 +59,6 @@ describe 'User updates feature flag', :js do
         end
       end
     end
-    end
-
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully updates feature flag'
 
     it 'records audit event' do
       visit(project_audit_events_path(project))
@@ -74,23 +69,7 @@ describe 'User updates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully updates feature flag'
-
-      it 'does not record audit event' do
-        visit(project_audit_events_path(project))
-
-        expect(page).to have_no_text("Updated feature flag")
-      end
-    end
-  end
-
   context 'when user adds a new scope' do
-    shared_examples 'succesfully updates feature flag' do
     before do
       within_scope_row(3) do
         within_environment_spec do
@@ -111,10 +90,6 @@ describe 'User updates feature flag', :js do
         end
       end
     end
-    end
-
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully updates feature flag'
 
     it 'records audit event' do
       visit(project_audit_events_path(project))
@@ -125,23 +100,7 @@ describe 'User updates feature flag', :js do
     end
   end
 
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully updates feature flag'
-
-      it 'does not record audit event' do
-        visit(project_audit_events_path(project))
-
-        expect(page).to have_no_text("Updated feature flag")
-      end
-    end
-  end
-
   context 'when user deletes a scope' do
-    shared_examples 'succesfully updates feature flag' do
     before do
       within_scope_row(2) do
         within_delete { find('.js-delete-scope').click }
@@ -159,10 +118,6 @@ describe 'User updates feature flag', :js do
         end
       end
     end
-    end
-
-    context 'when feature flag audit enabled' do
-      include_examples 'succesfully updates feature flag'
 
     it 'records audit event' do
       visit(project_audit_events_path(project))
@@ -172,19 +127,4 @@ describe 'User updates feature flag', :js do
       )
     end
   end
-
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      include_examples 'succesfully updates feature flag'
-
-      it 'does not record audit event' do
-        visit(project_audit_events_path(project))
-
-        expect(page).to have_no_text("Updated feature flag")
-      end
-    end
-  end
 end

ee/spec/finders/group_projects_finder_spec.rb

+require 'spec_helper'
+
+describe GroupProjectsFinder do
+  include_context 'GroupProjectsFinder context'
+
+  subject { finder.execute }
+
+  describe 'with an auditor current user' do
+    let(:current_user) { create(:user, :auditor) }
+
+    context 'only shared' do
+      let(:options) { { only_shared: true } }
+
+      it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
+    end
+
+    context 'only owned' do
+      let(:options) { { only_owned: true } }
+
+      it { is_expected.to eq([private_project, public_project]) }
+    end
+
+    context 'all' do
+      subject { described_class.new(group: group, current_user: current_user).execute }
+
+      it { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
+    end
+  end
+end

ee/spec/finders/issues_finder_spec.rb

@@ -5,4 +5,93 @@ describe IssuesFinder do
     let!(:subject) { create(:issue, project: project) }
     let(:project_params) { { project_id: project.id } }
   end
+
+  describe '#execute' do
+    include_context 'IssuesFinder context'
+    include_context 'IssuesFinder#execute context'
+
+    context 'scope: all' do
+      let(:scope) { 'all' }
+
+      describe 'filter by weight' do
+        set(:issue_with_weight_1) { create(:issue, project: project3, weight: 1) }
+        set(:issue_with_weight_42) { create(:issue, project: project3, weight: 42) }
+
+        context 'filter issues with no weight' do
+          let(:params) { { weight: Issue::WEIGHT_NONE } }
+
+          it 'returns all issues' do
+            expect(issues).to contain_exactly(issue1, issue2, issue3, issue4)
+          end
+        end
+
+        context 'filter issues with any weight' do
+          let(:params) { { weight: Issue::WEIGHT_ANY } }
+
+          it 'returns all issues' do
+            expect(issues).to contain_exactly(issue_with_weight_1, issue_with_weight_42)
+          end
+        end
+
+        context 'filter issues with a specific weight' do
+          let(:params) { { weight: 42 } }
+
+          it 'returns all issues' do
+            expect(issues).to contain_exactly(issue_with_weight_42)
+          end
+        end
+      end
+
+      context 'filtering by assignee IDs' do
+        set(:user3) { create(:user) }
+        let(:params) { { assignee_ids: [user2.id, user3.id] } }
+
+        before do
+          project2.add_developer(user3)
+
+          issue3.assignees = [user2, user3]
+        end
+
+        it 'returns issues assigned to those users' do
+          expect(issues).to contain_exactly(issue3)
+        end
+      end
+    end
+  end
+
+  describe '#with_confidentiality_access_check' do
+    let(:guest) { create(:user) }
+    set(:authorized_user) { create(:user) }
+    set(:project) { create(:project, namespace: authorized_user.namespace) }
+    set(:public_issue) { create(:issue, project: project) }
+    set(:confidential_issue) { create(:issue, project: project, confidential: true) }
+
+    context 'when no project filter is given' do
+      let(:params) { {} }
+
+      context 'for an auditor' do
+        let(:auditor_user) { create(:user, :auditor) }
+
+        subject { described_class.new(auditor_user, params).with_confidentiality_access_check }
+
+        it 'returns all issues' do
+          expect(subject).to include(public_issue, confidential_issue)
+        end
+      end
+    end
+
+    context 'when searching within a specific project' do
+      let(:params) { { project_id: project.id } }
+
+      context 'for an auditor' do
+        let(:auditor_user) { create(:user, :auditor) }
+
+        subject { described_class.new(auditor_user, params).with_confidentiality_access_check }
+
+        it 'returns all issues' do
+          expect(subject).to include(public_issue, confidential_issue)
+        end
+      end
+    end
+  end
 end

ee/spec/finders/merge_requests_finder_spec.rb

@@ -5,4 +5,16 @@ describe MergeRequestsFinder do
     let!(:subject) { create(:merge_request, source_project: project) }
     let(:project_params) { { project_id: project.id } }
   end
+
+  describe '#execute' do
+    include_context 'MergeRequestsFinder multiple projects with merge requests context'
+
+    it 'ignores filtering by weight' do
+      params = { project_id: project1.id, scope: 'authored', state: 'opened', weight: Issue::WEIGHT_ANY }
+
+      merge_requests = described_class.new(user, params).execute
+
+      expect(merge_requests).to contain_exactly(merge_request1)
+    end
+  end
 end

ee/spec/finders/snippets_finder_spec.rb

@@ -33,4 +33,21 @@ describe SnippetsFinder do
       expect(results).to be_empty
     end
   end
+
+  context 'filter by project' do
+    set(:user) { create(:user) }
+    set(:group) { create(:group, :public) }
+    set(:project) { create(:project, :public, group: group) }
+    set(:private_project_snippet) { create(:project_snippet, :private, project: project) }
+    set(:internal_project_snippet) { create(:project_snippet, :internal, project: project) }
+    set(:public_project_snippet) { create(:project_snippet, :public, project: project) }
+
+    it 'returns all snippets for auditor users' do
+      user = create(:user, :auditor)
+
+      snippets = described_class.new(user, project: project).execute
+
+      expect(snippets).to include(private_project_snippet, internal_project_snippet, public_project_snippet)
+    end
+  end
 end

ee/spec/finders/users_finder_spec.rb

+require 'spec_helper'
+
+describe UsersFinder do
+  describe '#execute' do
+    include_context 'UsersFinder#execute filter by project context'
+
+    context 'with a normal user' do
+      context 'with LDAP users' do
+        let!(:ldap_user) { create(:omniauth_user, provider: 'ldap') }
+
+        it 'returns ldap users by default' do
+          users = described_class.new(normal_user).execute
+
+          expect(users).to contain_exactly(normal_user, blocked_user, omniauth_user, ldap_user)
+        end
+
+        it 'returns only non-ldap users with skip_ldap: true' do
+          users = described_class.new(normal_user, skip_ldap: true).execute
+
+          expect(users).to contain_exactly(normal_user, blocked_user, omniauth_user)
+        end
+      end
+    end
+  end
+end

ee/spec/javascripts/geo_nodes/components/app_spec.js

@@ -26,6 +26,7 @@ const createComponent = () => {
     service,
     nodeActionsAllowed: true,
     nodeEditAllowed: true,
+    geoTroubleshootingHelpPath: '/foo/bar',
   });
 };
 

ee/spec/javascripts/geo_nodes/components/geo_node_details_spec.js

@@ -17,6 +17,7 @@ const createComponent = ({
     nodeDetails,
     nodeActionsAllowed,
     nodeEditAllowed,
+    geoTroubleshootingHelpPath: '/foo/bar',
   });
 };
 
@@ -80,5 +81,17 @@ describe('GeoNodeDetailsComponent', () => {
     it('renders container elements correctly', () => {
       expect(vm.$el.classList.contains('card-body')).toBe(true);
     });
+
+    it('renders troubleshooting URL within error message section', done => {
+      vm.nodeDetails.healthy = false;
+      vm.errorMessage = 'Foobar';
+
+      vm.$nextTick(() => {
+        expect(vm.$el.querySelector('.node-health-message-container a').getAttribute('href')).toBe(
+          '/foo/bar',
+        );
+        done();
+      });
+    });
   });
 });

ee/spec/javascripts/geo_nodes/components/geo_node_item_spec.js

@@ -13,6 +13,7 @@ const createComponent = (node = mockNode) => {
     primaryNode: true,
     nodeActionsAllowed: true,
     nodeEditAllowed: true,
+    geoTroubleshootingHelpPath: '/foo/bar',
   });
 };
 
@@ -147,8 +148,11 @@ describe('GeoNodeItemComponent', () => {
       vm.isNodeDetailsFailed = true;
       vm.errorMessage = err;
       Vue.nextTick(() => {
-        expect(vm.$el.querySelectorAll('p.health-message').length).not.toBe(0);
-        expect(vm.$el.querySelector('p.health-message').innerText.trim()).toBe(err);
+        expect(vm.$el.querySelectorAll('p.node-health-message').length).not.toBe(0);
+        expect(vm.$el.querySelector('p.node-health-message').innerText.trim()).toContain(err);
+        expect(vm.$el.querySelector('p.node-health-message a').getAttribute('href')).toBe(
+          '/foo/bar',
+        );
         done();
       });
     });

ee/spec/javascripts/geo_nodes/components/geo_nodes_list_spec.js

@@ -11,6 +11,7 @@ const createComponent = () => {
     nodes: mockNodes,
     nodeActionsAllowed: true,
     nodeEditAllowed: true,
+    geoTroubleshootingHelpPath: '/foo/bar',
   });
 };
 

ee/spec/lib/gitlab/reference_extractor_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::ReferenceExtractor do
+  let(:group)   { create(:group) }
+  let(:project) { create(:project, group: group) }
+
+  before do
+    group.add_developer(project.creator)
+  end
+
+  subject { described_class.new(project, project.creator) }
+
+  it 'accesses valid epics' do
+    stub_licensed_features(epics: true)
+
+    @e0 = create(:epic, group: group)
+    @e1 = create(:epic, group: group)
+    @e2 = create(:epic, group: create(:group, :private))
+
+    text = "#{@e0.to_reference(group, full: true)}, &999, #{@e1.to_reference(group, full: true)}, #{@e2.to_reference(group, full: true)}"
+
+    subject.analyze(text, { group: group })
+
+    expect(subject.epics).to match_array([@e0, @e1])
+  end
+end

ee/spec/requests/git_http_geo_spec.rb

@@ -12,7 +12,7 @@ describe "Git HTTP requests (Geo)" do
   set(:secondary) { create(:geo_node) }
 
   # Ensure the token always comes from the real time of the request
-  let!(:auth_token) { Gitlab::Geo::BaseRequest.new(scope: "repository-#{project.id}").authorization }
+  let!(:auth_token) { Gitlab::Geo::BaseRequest.new(scope: project.full_path).authorization }
   let!(:user) { create(:user) }
   let!(:user_without_any_access) { create(:user) }
   let!(:user_without_push_access) { create(:user) }
@@ -21,6 +21,7 @@ describe "Git HTTP requests (Geo)" do
   let!(:key_for_user_without_push_access) { create(:key, user: user_without_push_access) }
 
   let(:env) { valid_geo_env }
+  let(:auth_token_with_invalid_scope) { Gitlab::Geo::BaseRequest.new(scope: "invalid").authorization }
 
   before do
     project.add_maintainer(user)
@@ -346,6 +347,53 @@ describe "Git HTTP requests (Geo)" do
         end
       end
     end
+
+    context 'invalid scope' do
+      subject do
+        make_request
+        response
+      end
+
+      def make_request
+        get "/#{repository_path}.git/info/refs", params: { service: 'git-upload-pack' }, headers: env
+      end
+
+      shared_examples_for 'unauthorized because of invalid scope' do
+        it { is_expected.to have_gitlab_http_status(:unauthorized) }
+
+        it 'returns correct error' do
+          expect(subject.parsed_body).to eq('Geo JWT authentication failed: Unauthorized scope')
+        end
+      end
+
+      context 'invalid scope of Geo JWT token' do
+        let(:repository_path) { project.full_path }
+        let(:env) { geo_env(auth_token_with_invalid_scope) }
+
+        include_examples 'unauthorized because of invalid scope'
+      end
+
+      context 'Geo JWT token scopes for wiki and repository are not interchangeable' do
+        context 'for a repository but using a wiki scope' do
+          let(:repository_path) { project.full_path }
+          let(:scope) { project.wiki.full_path }
+          let(:auth_token_with_valid_wiki_scope) { Gitlab::Geo::BaseRequest.new(scope: scope).authorization }
+          let(:env) { geo_env(auth_token_with_valid_wiki_scope) }
+
+          include_examples 'unauthorized because of invalid scope'
+        end
+
+        context 'for a wiki but using a repository scope' do
+          let(:project) { create(:project, :wiki_repo) }
+          let(:repository_path) { project.wiki.full_path }
+          let(:scope) { project.full_path }
+          let(:auth_token_with_valid_repository_scope) { Gitlab::Geo::BaseRequest.new(scope: scope).authorization }
+          let(:env) { geo_env(auth_token_with_valid_repository_scope) }
+
+          include_examples 'unauthorized because of invalid scope'
+        end
+      end
+    end
   end
 
   def valid_geo_env

ee/spec/services/emails/create_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Emails::CreateService do
+  let(:user) { create(:user) }
+  let(:opts) { { email: 'new@email.com', user: user } }
+
+  subject(:service) { described_class.new(user, opts) }
+
+  describe '#execute' do
+    it 'registers a security event' do
+      stub_licensed_features(extended_audit_events: true)
+
+      expect { service.execute }.to change { SecurityEvent.count }.by(1)
+    end
+  end
+end

ee/spec/services/emails/destroy_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Emails::DestroyService do
+  let!(:user) { create(:user) }
+  let!(:email) { create(:email, user: user) }
+
+  subject(:service) { described_class.new(user, user: user) }
+
+  describe '#execute' do
+    it 'registers a security event' do
+      stub_licensed_features(extended_audit_events: true)
+
+      expect { service.execute(email) }.to change { SecurityEvent.count }.by(1)
+    end
+  end
+end

ee/spec/services/feature_flags/create_service_spec.rb

@@ -55,22 +55,6 @@ describe FeatureFlags::CreateService do
         expect { subject }.to change { AuditEvent.count }.by(1)
         expect(AuditEvent.last.present.action).to eq(expected_message)
       end
-
-      context 'when feature flag audit is disabled' do
-        before do
-          stub_feature_flags(feature_flag_audit: false)
-        end
-
-        it { expect(subject[:status]).to eq(:success) }
-
-        it 'creates feature flag' do
-          expect { subject }.to change { Operations::FeatureFlag.count }.by(1)
-        end
-
-        it 'does not create audit log' do
-          expect { subject }.not_to change { AuditEvent.count }
-        end
-      end
     end
   end
 end

ee/spec/services/feature_flags/destroy_service_spec.rb

@@ -24,20 +24,6 @@ describe FeatureFlags::DestroyService do
       expect(audit_event_message).to eq("Deleted feature flag <strong>#{feature_flag.name.tr('_', ' ')}</strong>.")
     end
 
-    context 'when feature flag audit is disabled' do
-      before do
-        stub_feature_flags(feature_flag_audit: false)
-      end
-
-      it 'works successfully' do
-        expect(subject[:status]).to eq(:success)
-      end
-
-      it 'does not create audit event' do
-        expect { subject }.not_to change { AuditEvent.count }
-      end
-    end
-
     context 'when feature flag can not be destroyed' do
       before do
         allow(feature_flag).to receive(:destroy).and_return(false)

ee/spec/services/feature_flags/update_service_spec.rb

@@ -29,24 +29,6 @@ describe FeatureFlags::UpdateService do
       )
     end
 
-    shared_examples 'disabled feature flag audit' do
-      context 'when feature flag audit is disabled' do
-        before do
-          stub_feature_flags(feature_flag_audit: false)
-        end
-
-        it 'returns success status' do
-          expect(subject[:status]).to eq(:success)
-        end
-
-        it 'does not create audit event' do
-          expect { subject }.not_to change { AuditEvent.count }
-        end
-      end
-    end
-
-    include_examples 'disabled feature flag audit'
-
     context 'with invalid params' do
       let(:params) { { name: nil } }
 
@@ -85,8 +67,6 @@ describe FeatureFlags::UpdateService do
                   " to <strong>\"new description\"</strong>.")
         )
       end
-
-      include_examples 'disabled feature flag audit'
     end
 
     context 'when active state is changed' do
@@ -103,8 +83,6 @@ describe FeatureFlags::UpdateService do
                   "from <strong>true</strong> to <strong>false</strong>.")
         )
       end
-
-      include_examples 'disabled feature flag audit'
     end
 
     context 'when scope is renamed' do
@@ -123,8 +101,6 @@ describe FeatureFlags::UpdateService do
         )
       end
 
-      include_examples 'disabled feature flag audit'
-
       context 'when scope can not be updated' do
         let(:params) do
           {
@@ -159,8 +135,6 @@ describe FeatureFlags::UpdateService do
         expect(audit_event_message).to include("Deleted rule <strong>review</strong>.")
       end
 
-      include_examples 'disabled feature flag audit'
-
       context 'when scope can not be deleted' do
         RSpec::Matchers.define_negated_matcher :not_change, :change
 
@@ -191,8 +165,6 @@ describe FeatureFlags::UpdateService do
         )
       end
 
-      include_examples 'disabled feature flag audit'
-
       context 'when scope can not be created' do
         let(:new_environment_scope) { '' }
 

lib/gitlab/github_import/importer/repository_importer.rb

@@ -5,6 +5,7 @@ module Gitlab
     module Importer
       class RepositoryImporter
         include Gitlab::ShellAdapter
+        include Gitlab::Utils::StrongMemoize
 
         attr_reader :project, :client, :wiki_formatter
 
@@ -17,7 +18,7 @@ module Gitlab
         # Returns true if we should import the wiki for the project.
         # rubocop: disable CodeReuse/ActiveRecord
         def import_wiki?
-          client.repository(project.import_source)&.has_wiki &&
+          client_repository&.has_wiki &&
             !project.wiki_repository_exists? &&
             Gitlab::GitalyClient::RemoteService.exists?(wiki_url)
         end
@@ -52,6 +53,7 @@ module Gitlab
           refmap = Gitlab::GithubImport.refmap
           project.repository.fetch_as_mirror(project.import_url, refmap: refmap, forced: true, remote_name: 'github')
 
+          project.change_head(default_branch) if default_branch
           true
         rescue Gitlab::Git::Repository::NoRepository, Gitlab::Shell::Error => e
           fail_import("Failed to import the repository: #{e.message}")
@@ -82,6 +84,18 @@ module Gitlab
           project.import_state.mark_as_failed(message)
           false
         end
+
+        private
+
+        def default_branch
+          client_repository&.default_branch
+        end
+
+        def client_repository
+          strong_memoize(:client_repository) do
+            client.repository(project.import_source)
+          end
+        end
       end
     end
   end

lib/gitlab/usage_data.rb

@@ -84,6 +84,7 @@ module Gitlab
             projects: count(Project),
             projects_imported_from_github: count(Project.where(import_type: 'github')),
             projects_with_repositories_enabled: count(ProjectFeature.where('repository_access_level > ?', ProjectFeature::DISABLED)),
+            projects_with_error_tracking_enabled: count(::ErrorTracking::ProjectErrorTrackingSetting.where(enabled: true)),
             protected_branches: count(ProtectedBranch),
             releases: count(Release),
             remote_mirrors: count(RemoteMirror),

locale/gitlab.pot

@@ -4938,6 +4938,9 @@ msgstr ""
 msgid "Geo|Pending verification"
 msgstr ""
 
+msgid "Geo|Please refer to Geo Troubleshooting."
+msgstr ""
+
 msgid "Geo|Project (ID: %{project_id}) no longer exists on the primary. It is safe to remove this entry, as this will not remove any data on disk."
 msgstr ""
 
@@ -5444,6 +5447,9 @@ msgstr[1] ""
 msgid "Hide values"
 msgstr ""
 
+msgid "Highest role:"
+msgstr ""
+
 msgid "History"
 msgstr ""
 

package.json

@@ -31,7 +31,7 @@
     "@babel/preset-env": "^7.3.1",
     "@gitlab/csslab": "^1.8.0",
     "@gitlab/svgs": "^1.54.0",
-    "@gitlab/ui": "^2.3.0",
+    "@gitlab/ui": "^2.4.1",
     "apollo-boost": "^0.3.1",
     "apollo-client": "^2.5.1",
     "at.js": "^1.5.4",

qa/qa/specs/features/browser_ui/2_plan/issue/create_issue_spec.rb

@@ -5,15 +5,6 @@ module QA
     describe 'Issue creation' do
       let(:issue_title) { 'issue title' }
 
-      def create_issue
-        Runtime::Browser.visit(:gitlab, Page::Main::Login)
-        Page::Main::Login.act { sign_in_using_credentials }
-
-        Resource::Issue.fabricate! do |issue|
-          issue.title = issue_title
-        end
-      end
-
       it 'user creates an issue' do
         create_issue
 
@@ -46,6 +37,15 @@ module QA
           end
         end
       end
+
+      def create_issue
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        Page::Main::Login.act { sign_in_using_credentials }
+
+        Resource::Issue.fabricate! do |issue|
+          issue.title = issue_title
+        end
+      end
     end
   end
 end

spec/finders/group_projects_finder_spec.rb

 require 'spec_helper'
 
 describe GroupProjectsFinder do
-  let(:group) { create(:group) }
-  let(:subgroup) { create(:group, parent: group) }
-  let(:current_user) { create(:user) }
-  let(:options) { {} }
-
-  let(:finder) { described_class.new(group: group, current_user: current_user, options: options) }
-
-  let!(:public_project) { create(:project, :public, group: group, path: '1') }
-  let!(:private_project) { create(:project, :private, group: group, path: '2') }
-  let!(:shared_project_1) { create(:project, :public, path: '3') }
-  let!(:shared_project_2) { create(:project, :private, path: '4') }
-  let!(:shared_project_3) { create(:project, :internal, path: '5') }
-  let!(:subgroup_project) { create(:project, :public, path: '6', group: subgroup) }
-  let!(:subgroup_private_project) { create(:project, :private, path: '7', group: subgroup) }
-
-  before do
-    shared_project_1.project_group_links.create(group_access: Gitlab::Access::MAINTAINER, group: group)
-    shared_project_2.project_group_links.create(group_access: Gitlab::Access::MAINTAINER, group: group)
-    shared_project_3.project_group_links.create(group_access: Gitlab::Access::MAINTAINER, group: group)
-  end
+  include_context 'GroupProjectsFinder context'
 
   subject { finder.execute }
 
@@ -162,25 +143,6 @@ describe GroupProjectsFinder do
     end
   end
 
-  describe 'with an auditor current user' do
-    let(:current_user) { create(:user, :auditor) }
-
-    context "only shared" do
-      let(:options) { { only_shared: true } }
-      it            { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1]) }
-    end
-
-    context "only owned" do
-      let(:options) { { only_owned: true } }
-      it      { is_expected.to eq([private_project, public_project]) }
-    end
-
-    context "all" do
-      subject { described_class.new(group: group, current_user: current_user).execute }
-      it      { is_expected.to eq([shared_project_3, shared_project_2, shared_project_1, private_project, public_project]) }
-    end
-  end
-
   describe "no user" do
     context "only shared" do
       let(:options) { { only_shared: true } }