Add latest changes from gitlab-org/gitlab@master

app/graphql/resolvers/merge_requests_resolver.rb

@@ -15,7 +15,8 @@ module Resolvers
     alias_method :project, :object
 
     def resolve(**args)
-      return unless project.present?
+      project = object.respond_to?(:sync) ? object.sync : object
+      return MergeRequest.none if project.nil?
 
       args[:iids] ||= [args[:iid]].compact
 

app/helpers/notifications_helper.rb

@@ -120,4 +120,8 @@ module NotificationsHelper
   def can_read_project?(project)
     can?(current_user, :read_project, project)
   end
+
+  def notification_event_disabled?(event)
+    event == :fixed_pipeline && Feature.disabled?(:ci_pipeline_fixed_notifications)
+  end
 end

app/presenters/project_presenter.rb

@@ -25,6 +25,7 @@ class ProjectPresenter < Gitlab::View::Presenter::Delegated
       branches_anchor_data,
       tags_anchor_data,
       files_anchor_data,
+      storage_anchor_data,
       releases_anchor_data
     ].compact.select(&:is_link)
   end
@@ -154,6 +155,17 @@ class ProjectPresenter < Gitlab::View::Presenter::Delegated
                    empty_repo? ? nil : project_tree_path(project))
   end
 
+  def storage_anchor_data
+    AnchorData.new(true,
+                   statistic_icon('disk') +
+                   _('%{strong_start}%{human_size}%{strong_end} Storage').html_safe % {
+                     human_size: storage_counter(statistics.storage_size),
+                     strong_start: '<strong class="project-stat-value">'.html_safe,
+                     strong_end: '</strong>'.html_safe
+                   },
+                   empty_repo? ? nil : project_tree_path(project))
+  end
+
   def releases_anchor_data
     return unless can?(current_user, :read_release, project)
 

app/services/metrics/dashboard/gitlab_alert_embed_service.rb

+# frozen_string_literal: true
+
+# Responsible for returning an embed containing the specified
+# metrics chart for an alert. Creates panels based on the
+# matching metric stored in the database.
+#
+# Use Gitlab::Metrics::Dashboard::Finder to retrieve dashboards.
+module Metrics
+  module Dashboard
+    class GitlabAlertEmbedService < ::Metrics::Dashboard::BaseEmbedService
+      include Gitlab::Utils::StrongMemoize
+
+      SEQUENCE = [STAGES::EndpointInserter].freeze
+
+      class << self
+        # Determines whether the provided params are sufficient
+        # to uniquely identify a panel composed of user-defined
+        # custom metrics from the DB.
+        def valid_params?(params)
+          [
+            embedded?(params[:embedded]),
+            params[:prometheus_alert_id].is_a?(Integer)
+          ].all?
+        end
+      end
+
+      def raw_dashboard
+        panels_not_found!(alert_id: alert_id) unless alert && prometheus_metric
+
+        { 'panel_groups' => [{ 'panels' => [panel] }] }
+      end
+
+      private
+
+      def allowed?
+        Ability.allowed?(current_user, :read_prometheus_alerts, project)
+      end
+
+      def alert_id
+        params[:prometheus_alert_id]
+      end
+
+      def alert
+        strong_memoize(:alert) do
+          Projects::Prometheus::AlertsFinder.new(id: alert_id).execute.first
+        end
+      end
+
+      def process_params
+        params.merge(environment: alert.environment)
+      end
+
+      def prometheus_metric
+        strong_memoize(:prometheus_metric) do
+          PrometheusMetricsFinder.new(id: alert.prometheus_metric_id).execute.first
+        end
+      end
+
+      def panel
+        {
+          title: prometheus_metric.title,
+          y_label: prometheus_metric.y_label,
+          metrics: [prometheus_metric.to_metric_hash]
+        }
+      end
+
+      def sequence
+        SEQUENCE
+      end
+    end
+  end
+end

app/views/shared/notifications/_custom_notifications.html.haml

@@ -23,7 +23,7 @@
                   #{ paragraph.html_safe }
               .col-lg-8
                 - notification_setting.email_events.each_with_index do |event, index|
-                  - next if event == :fixed_pipeline && Feature.disabled?(:ci_pipeline_fixed_notifications)
+                  - next if notification_event_disabled?(event)
                   - field_id = "#{notifications_menu_identifier("modal", notification_setting)}_notification_setting[#{event}]"
                   .form-group
                     .form-check{ class: ("prepend-top-0" if index == 0) }

app/workers/all_queues.yml

@@ -1224,7 +1224,7 @@
 - :name: project_export
   :feature_category: :importers
   :has_external_dependencies: 
-  :urgency: :low
+  :urgency: :throttled
   :resource_boundary: :memory
   :weight: 1
   :idempotent: 

app/workers/project_export_worker.rb

@@ -7,6 +7,7 @@ class ProjectExportWorker # rubocop:disable Scalability/IdempotentWorker
 
   feature_category :importers
   worker_resource_boundary :memory
+  urgency :throttled
 
   def perform(current_user_id, project_id, after_export_strategy = {}, params = {})
     current_user = User.find(current_user_id)

changelogs/unreleased/208431-follow-up-from-add-mutation-concern-to-resolve-a-single-issuable.yml

+---
+title: Amend GraphQL merge requests resolver to check for project presence
+merge_request: 27783
+author:
+type: fixed

changelogs/unreleased/211445-follow-up-from-introduce-a-feature-flag-for-fixed-pipeline-notific.yml

+---
+title: Add an helper to check if a notification_event is enabled
+merge_request: 27880
+author: Jacopo Beschi @jacopo-beschi
+type: changed

changelogs/unreleased/feat-show-storage.yml

+---
+title: Show storage size on project page
+merge_request: 27724
+author: Roger Meier
+type: added

changelogs/unreleased/project_export_urgency_throttled.yml

+---
+title: Change project_export_worker urgency to throttled
+merge_request: 27941
+author:
+type: other

changelogs/unreleased/rp-add-missing-docstring.yml

+---
+title: Add missing docstring to Prometheus metric
+merge_request: 27868
+author:
+type: fixed

doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md

@@ -21,7 +21,7 @@ There are many commercial and open source [directory servers](https://en.wikiped
 For example, [Active Directory](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831484(v=ws.11)) is generally favored in a primarily Windows environment, as this allows quick integration with existing services. Other popular directory services include:
 
 - [Oracle Internet Directory](https://www.oracle.com/middleware/technologies/internet-directory.html)
-- [OpenLDAP](http://www.openldap.org/)
+- [OpenLDAP](https://www.openldap.org/)
 - [389 Directory](http://directory.fedoraproject.org/)
 - [OpenDJ (Renamed to Forgerock Directory Services)](https://www.forgerock.com/platform/directory-services)
 - [ApacheDS](https://directory.apache.org/)

doc/administration/auth/oidc.md

@@ -128,7 +128,7 @@ different providers with Omnibus GitLab.
 ### Google
 
 See the [Google
-documentation](https://developers.google.com/identity/protocols/OpenIDConnect)
+documentation](https://developers.google.com/identity/protocols/oauth2/openid-connect)
 for more details:
 
 ```ruby

doc/administration/geo/replication/security_review.md

@@ -3,7 +3,7 @@
 The following security review of the Geo feature set focuses on security aspects of
 the feature as they apply to customers running their own GitLab instances. The review
 questions are based in part on the [OWASP Application Security Verification Standard Project](https://owasp.org/www-project-application-security-verification-standard/)
-from [owasp.org](https://www.owasp.org/).
+from [owasp.org](https://owasp.org/).
 
 ## Business Model
 

doc/administration/gitaly/index.md

@@ -731,7 +731,7 @@ use a Ruby gem (library) called
 the form of a C library.
 
 Over time it has become clear to use that Rugged, and particularly
-Rugged in combination with the [Unicorn](https://bogomips.org/unicorn/)
+Rugged in combination with the [Unicorn](https://yhbt.net/unicorn/)
 web server, is extremely efficient. Because libgit2 is a *library* and
 not an external process, there was very little overhead between GitLab
 application code that tried to look up data in Git repositories, and the

doc/administration/high_availability/pgbouncer.md

@@ -4,7 +4,7 @@ type: reference
 
 # Working with the bundled PgBouncer service **(PREMIUM ONLY)**
 
-As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://pgbouncer.github.io/) that can be managed through `/etc/gitlab/gitlab.rb`. PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario. Additionally, it can be used in a non-HA setup to pool connections, speeding up response time while reducing resource usage.
+As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](http://www.pgbouncer.org/) that can be managed through `/etc/gitlab/gitlab.rb`. PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario. Additionally, it can be used in a non-HA setup to pool connections, speeding up response time while reducing resource usage.
 
 In a HA setup, it's recommended to run a PgBouncer node separately for each database node with an internal load balancer (TCP) serving each accordingly.
 

doc/administration/instance_limits.md

@@ -168,3 +168,26 @@ NOTE: **Note:** Set the limit to `0` to disable it.
 ## Wiki limits
 
 - [Length restrictions for file and directory names](../user/project/wiki/index.md#length-restrictions-for-file-and-directory-names).
+
+## Push Event Limits
+
+### Webhooks and Project Services
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31009) in GitLab 12.4.
+
+Total number of changes (branches or tags) in a single push. If changes are more
+than the specified limit, hooks won't be executed.
+
+More information can be found in these docs:
+
+- [Webhooks push events](../user/project/integrations/webhooks.md#push-events)
+- [Project services push hooks limit](../user/project/integrations/project_services.md#push-hooks-limit)
+
+### Activities
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31007) in GitLab 12.4.
+
+Total number of changes (branches or tags) in a single push to determine whether
+individual push events or bulk push event will be created.
+
+More information can be found in the [Push event activities limit and bulk push events documentation](../user/admin_area/settings/push_event_activities_limit.md).

doc/administration/integration/plantuml.md

@@ -2,7 +2,7 @@
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8537) in GitLab 8.16.
 
-When [PlantUML](http://plantuml.com) integration is enabled and configured in
+When [PlantUML](https://plantuml.com) integration is enabled and configured in
 GitLab we are able to create simple diagrams in AsciiDoc and Markdown documents
 created in snippets, wikis, and repos.
 
@@ -161,10 +161,10 @@ Alice -> Bob : hi
 ```
 
 Inside the block you can add any of the supported diagrams by PlantUML such as
-[Sequence](http://plantuml.com/sequence-diagram), [Use Case](http://plantuml.com/use-case-diagram),
-[Class](http://plantuml.com/class-diagram), [Activity](http://plantuml.com/activity-diagram-legacy),
-[Component](http://plantuml.com/component-diagram), [State](http://plantuml.com/state-diagram),
-and [Object](http://plantuml.com/object-diagram) diagrams. You do not need to use the PlantUML
+[Sequence](https://plantuml.com/sequence-diagram), [Use Case](https://plantuml.com/use-case-diagram),
+[Class](https://plantuml.com/class-diagram), [Activity](https://plantuml.com/activity-diagram-legacy),
+[Component](https://plantuml.com/component-diagram), [State](https://plantuml.com/state-diagram),
+and [Object](https://plantuml.com/object-diagram) diagrams. You do not need to use the PlantUML
 diagram delimiters `@startuml`/`@enduml` as these are replaced by the AsciiDoc `plantuml` block.
 
 Some parameters can be added to the AsciiDoc block definition:

doc/administration/operations/puma.md

@@ -2,7 +2,7 @@
 
 ## Puma
 
-As of GitLab 12.9, [Puma](https://github.com/puma/puma) has replaced [Unicorn](https://bogomips.org/unicorn/).
+As of GitLab 12.9, [Puma](https://github.com/puma/puma) has replaced [Unicorn](https://yhbt.net/unicorn/).
 as the default web server.
 
 ## Why switch to Puma?

doc/administration/operations/unicorn.md

@@ -2,7 +2,7 @@
 
 ## Unicorn
 
-GitLab uses [Unicorn](https://bogomips.org/unicorn/), a pre-forking Ruby web
+GitLab uses [Unicorn](https://yhbt.net/unicorn/), a pre-forking Ruby web
 server, to handle web requests (web browsers and Git HTTP clients). Unicorn is
 a daemon written in Ruby and C that can load and run a Ruby on Rails
 application; in our case the Rails application is GitLab Community Edition or

doc/administration/packages/index.md

@@ -119,9 +119,6 @@ upload packages:
    }
    ```
 
-   NOTE: **Note:**
-   Some build tools, like Gradle, must make `HEAD` requests to Amazon S3 to pull a dependency’s metadata. The `gitlab_rails['packages_object_store_proxy_download']` property must be set to `true`. Without this setting, GitLab won't act as a proxy to the Amazon S3 service, and will instead return the signed URL. This will cause a `HTTP 403 Forbidden` response, since Amazon S3 expects a signed URL.
-
 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure)
    for the changes to take effect.
 

doc/administration/repository_storage_paths.md

@@ -120,5 +120,5 @@ randomly placed on one of the selected paths.
 [reconfigure-gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure
 [backups]: ../raketasks/backup_restore.md
 [raketask]: https://gitlab.com/gitlab-org/gitlab/blob/033e5423a2594e08a7ebcd2379bd2331f4c39032/lib/backup/repository.rb#L54-56
-[repospath]: https://gitlab.com/gitlab-org/gitlab/blob/8-9-stable/config/gitlab.yml.example#L457
+[repospath]: https://gitlab.com/gitlab-org/gitlab-foss/-/blob/8-9-stable/config/gitlab.yml.example#L457
 [ce-11449]: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11449

doc/api/graphql/getting_started.md

@@ -36,7 +36,7 @@ The examples below:
 - Can be run directly against GitLab 11.0 or later, though some of the types and fields
 may not be supported in older versions.
 - Will work against GitLab.com without any further setup. Make sure you are signed in and
-navigate to the [GraphiQL Explorer](https://www.gitlab.com/-/graphql-explorer).
+navigate to the [GraphiQL Explorer](https://gitlab.com/-/graphql-explorer).
 
 If you want to run the queries locally, or on a self-managed instance,
 you will need to either:

doc/development/architecture.md

@@ -125,18 +125,18 @@ Component statuses are linked to configuration documentation for each component.
 
 | Component | Description | [Omnibus GitLab](https://docs.gitlab.com/omnibus/) | [GitLab chart](https://docs.gitlab.com/charts/) | [Minikube Minimal](https://docs.gitlab.com/charts/development/minikube/#deploying-gitlab-with-minimal-settings) | [GitLab.com](https://gitlab.com) | [Source](../install/installation.md) | [GDK](https://gitlab.com/gitlab-org/gitlab-development-kit) | CE/EE |
 | --------- | ----------- |:--------------------:|:------------------:|:-----:|:--------:|:--------:|:-------:|:-------:|
-| [NGINX](#nginx) | Routes requests to appropriate components, terminates SSL | [✅][nginx-omnibus] | [✅][nginx-charts] | [⚙][nginx-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⤓][nginx-source] | ❌ | CE & EE |
+| [NGINX](#nginx) | Routes requests to appropriate components, terminates SSL | [✅][nginx-omnibus] | [✅][nginx-charts] | [⚙][nginx-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⤓][nginx-source] | ❌ | CE & EE |
 | [Unicorn (GitLab Rails)](#unicorn) | Handles requests for the web interface and API | [✅][unicorn-omnibus] | [✅][unicorn-charts] | [✅][unicorn-charts] | [✅](../user/gitlab_com/index.md#unicorn) | [⚙][unicorn-source] | [✅][gitlab-yml] | CE & EE |
 | [Sidekiq](#sidekiq) | Background jobs processor | [✅][sidekiq-omnibus] | [✅][sidekiq-charts] | [✅](https://docs.gitlab.com/charts/charts/gitlab/sidekiq/index.html) | [✅](../user/gitlab_com/index.md#sidekiq) | [✅][gitlab-yml] | [✅][gitlab-yml] | CE & EE |
-| [Gitaly](#gitaly) | Git RPC service for handling all Git calls made by GitLab | [✅][gitaly-omnibus] | [✅][gitaly-charts] | [✅][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][gitaly-source] | ✅ | CE & EE |
-| [Praefect](#praefect) | A transparent proxy between any Git client and Gitaly storage nodes. | [✅][gitaly-omnibus] | [❌][gitaly-charts] | [❌][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][praefect-source] | ✅ | CE & EE |
-| [GitLab Workhorse](#gitlab-workhorse) | Smart reverse proxy, handles large HTTP requests | [✅][workhorse-omnibus] | [✅][workhorse-charts] | [✅][workhorse-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][workhorse-source] | ✅ | CE & EE |
-| [GitLab Shell](#gitlab-shell) | Handles `git` over SSH sessions | [✅][shell-omnibus] | [✅][shell-charts] | [✅][shell-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⚙][shell-source] | [✅][gitlab-yml] | CE & EE |
+| [Gitaly](#gitaly) | Git RPC service for handling all Git calls made by GitLab | [✅][gitaly-omnibus] | [✅][gitaly-charts] | [✅][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][gitaly-source] | ✅ | CE & EE |
+| [Praefect](#praefect) | A transparent proxy between any Git client and Gitaly storage nodes. | [✅][gitaly-omnibus] | [❌][gitaly-charts] | [❌][gitaly-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][praefect-source] | ✅ | CE & EE |
+| [GitLab Workhorse](#gitlab-workhorse) | Smart reverse proxy, handles large HTTP requests | [✅][workhorse-omnibus] | [✅][workhorse-charts] | [✅][workhorse-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][workhorse-source] | ✅ | CE & EE |
+| [GitLab Shell](#gitlab-shell) | Handles `git` over SSH sessions | [✅][shell-omnibus] | [✅][shell-charts] | [✅][shell-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⚙][shell-source] | [✅][gitlab-yml] | CE & EE |
 | [GitLab Pages](#gitlab-pages) | Hosts static websites | [⚙][pages-omnibus] | [❌][pages-charts] | [❌][pages-charts] | [✅](../user/gitlab_com/index.md#gitlab-pages) | [⚙][pages-source] | [⚙][pages-gdk] | CE & EE  |
 | [Registry](#registry) | Container registry, allows pushing and pulling of images | [⚙][registry-omnibus] | [✅][registry-charts] | [✅][registry-charts] | [✅](../user/packages/container_registry/index.md#build-and-push-images-using-gitlab-cicd) | [⤓][registry-source] | [⚙][registry-gdk] | CE & EE  |
-| [Redis](#redis) | Caching service | [✅][redis-omnibus] | [✅][redis-omnibus] | [✅][redis-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#service-architecture) | [⤓][redis-source] | ✅ | CE & EE |
+| [Redis](#redis) | Caching service | [✅][redis-omnibus] | [✅][redis-omnibus] | [✅][redis-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#service-architecture) | [⤓][redis-source] | ✅ | CE & EE |
 | [PostgreSQL](#postgresql) | Database | [✅][postgres-omnibus] | [✅][postgres-charts] | [✅][postgres-charts] | [✅](../user/gitlab_com/index.md#postgresql) | [⤓][postgres-source] | ✅ | CE & EE |
-| [PgBouncer](#pgbouncer) | Database connection pooling, failover | [⚙][pgbouncer-omnibus] | [❌][pgbouncer-charts] | [❌][pgbouncer-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#database-architecture) | ❌ | ❌ | EE Only |
+| [PgBouncer](#pgbouncer) | Database connection pooling, failover | [⚙][pgbouncer-omnibus] | [❌][pgbouncer-charts] | [❌][pgbouncer-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#database-architecture) | ❌ | ❌ | EE Only |
 | [Consul](#consul) | Database node discovery, failover | [⚙][consul-omnibus] | [❌][consul-charts] | [❌][consul-charts] | [✅](../user/gitlab_com/index.md#consul) | ❌ | ❌ | EE Only |
 | [GitLab self-monitoring: Prometheus](#prometheus) | Time-series database, metrics collection, and query service | [✅][prometheus-omnibus] | [✅][prometheus-charts] | [⚙][prometheus-charts] | [✅](../user/gitlab_com/index.md#prometheus) | ❌ | ❌ | CE & EE |
 | [GitLab self-monitoring: Alertmanager](#alertmanager) | Deduplicates, groups, and routes alerts from Prometheus | [⚙][alertmanager-omnibus] | [✅][alertmanager-charts] |  [⚙][alertmanager-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE |
@@ -149,10 +149,10 @@ Component statuses are linked to configuration documentation for each component.
 | [GitLab Exporter](#gitlab-exporter) | Generates a variety of GitLab metrics | [✅][gitlab-exporter-omnibus] | [✅][gitlab-exporter-charts] | [✅][gitlab-exporter-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE |
 | [Node Exporter](#node-exporter) | Prometheus endpoint with system metrics | [✅][node-exporter-omnibus] | [N/A][node-exporter-charts] | [N/A][node-exporter-charts] | [✅](https://about.gitlab.com/handbook/engineering/monitoring/) | ❌ | ❌ | CE & EE |
 | [Mattermost](#mattermost) | Open-source Slack alternative | [⚙][mattermost-omnibus] | [⤓][mattermost-charts] | [⤓][mattermost-charts] | [⤓](../user/project/integrations/mattermost.md) | ❌ | ❌ | CE & EE |
-| [MinIO](#minio) | Object storage service | [⤓][minio-omnibus] | [✅][minio-charts] | [✅][minio-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#storage-architecture) | ❌ | [⚙][minio-gdk] | CE & EE |
+| [MinIO](#minio) | Object storage service | [⤓][minio-omnibus] | [✅][minio-charts] | [✅][minio-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#storage-architecture) | ❌ | [⚙][minio-gdk] | CE & EE |
 | [Runner](#gitlab-runner) | Executes GitLab CI jobs | [⤓][runner-omnibus] | [✅][runner-charts] | [⚙][runner-charts] | [✅](../user/gitlab_com/index.md#shared-runners) | [⚙][runner-source] | [⚙][runner-gdk] | CE & EE |
 | [Database Migrations](#database-migrations) | Database migrations | [✅][database-migrations-omnibus] | [✅][database-migrations-charts] | [✅][database-migrations-charts] | ✅ | [⚙][database-migrations-source] | ✅ | CE & EE |
-| [Certificate Management](#certificate-management) | TLS Settings, Let's Encrypt | [✅][certificate-management-omnibus] | [✅][certificate-management-charts] | [⚙][certificate-management-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/#secrets-management) | [⚙][certificate-management-source] | [⚙][certificate-management-gdk] | CE & EE |
+| [Certificate Management](#certificate-management) | TLS Settings, Let's Encrypt | [✅][certificate-management-omnibus] | [✅][certificate-management-charts] | [⚙][certificate-management-charts] | [✅](https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/#secrets-management) | [⚙][certificate-management-source] | [⚙][certificate-management-gdk] | CE & EE |
 | [GitLab Geo Node](#gitlab-geo) | Geographically distributed GitLab nodes | [⚙][geo-omnibus] | [❌][geo-charts] | [❌][geo-charts] | ✅ | ❌ | [⚙][geo-gdk] | EE Only |
 | [LDAP Authentication](#ldap-authentication) | Authenticate users against centralized LDAP directory | [⤓][ldap-omnibus] | [⤓][ldap-charts] | [⤓][ldap-charts] | [❌](https://about.gitlab.com/pricing/#gitlab-com) | [⤓][gitlab-yml] | [⤓][ldap-gdk] | CE & EE |
 | [Outbound email (SMTP)](#outbound-email) | Send email messages to users | [⤓][outbound-email-omnibus] | [⤓][outbound-email-charts] | [⤓][outbound-email-charts] | [✅](../user/gitlab_com/index.md#mail-configuration) | [⤓][gitlab-yml] | [⤓][gitlab-yml] | CE & EE |
@@ -446,7 +446,7 @@ Sidekiq is a Ruby background job processor that pulls jobs from the Redis queue
 - Layer: Core Service (Processor)
 - Process: `unicorn`
 
-[Unicorn](https://bogomips.org/unicorn/) is a Ruby application server that is used to run the core Rails Application that provides the user facing features in GitLab. Often process output you will see this as `bundle` or `config.ru` depending on the GitLab version.
+[Unicorn](https://yhbt.net/unicorn/) is a Ruby application server that is used to run the core Rails Application that provides the user facing features in GitLab. Often process output you will see this as `bundle` or `config.ru` depending on the GitLab version.
 
 #### LDAP Authentication
 
@@ -494,13 +494,108 @@ Below we describe the different pathing that HTTP vs. SSH Git requests will take
 
 ### Web Request (80/443)
 
-When you make a Git request over HTTP, the request first takes the same steps as a web HTTP request
-through NGINX and GitLab Workhorse. However, the GitLab Workhorse then diverts the request towards
-Gitaly, which processes it directly.
+Git operations over HTTP use the stateless "smart" protocol described in the
+[Git documentation](https://git-scm.com/docs/http-protocol), but responsibility
+for handling these operations is split across several GitLab components.
+
+Here is a sequence diagram for `git fetch`. Note that all requests pass through
+NGINX as well as any other HTTP load balancers, but are not transformed in any
+way by them. All paths are presented relative to a `/namespace/project.git` URL.
+
+```mermaid
+sequenceDiagram
+    participant Git on client
+    participant NGINX
+    participant Workhorse
+    participant Rails
+    participant Gitaly
+    participant Git on server
+
+    Note left of Git on client: git fetch<br/>info-refs
+    Git on client->>+Workhorse: GET /info/refs?service=git-upload-pack
+    Workhorse->>+Rails: GET /info/refs?service=git-upload-pack
+    Note right of Rails: Auth check
+    Rails-->>-Workhorse: Gitlab::Workhorse.git_http_ok
+    Workhorse->>+Gitaly: SmartHTTPService.InfoRefsUploadPack request
+    Gitaly->>+Git on server: git upload-pack --stateless-rpc --advertise-refs
+    Git on server-->>-Gitaly: git upload-pack response
+    Gitaly-->>-Workhorse: SmartHTTPService.InfoRefsUploadPack response
+    Workhorse-->>-Git on client: 200 OK
+
+    Note left of Git on client: git fetch<br/>fetch-pack
+    Git on client->>+Workhorse: POST /git-upload-pack
+    Workhorse->>+Rails: POST /git-upload-pack
+    Note right of Rails: Auth check
+    Rails-->>-Workhorse: Gitlab::Workhorse.git_http_ok
+    Workhorse->>+Gitaly: SmartHTTPService.PostUploadPack request
+    Gitaly->>+Git on server: git upload-pack --stateless-rpc
+    Git on server-->>-Gitaly: git upload-pack response
+    Gitaly-->>-Workhorse: SmartHTTPService.PostUploadPack response
+    Workhorse-->>-Git on client: 200 OK
+```
+
+The sequence is similar for `git push`, except `git-receive-pack` is used
+instead of `git-upload-pack`.
 
 ### SSH Request (22)
 
-TODO
+Git operations over SSH can use the stateful protocol described in the
+[Git documentation](https://git-scm.com/docs/pack-protocol#_ssh_transport), but
+responsibility for handling them is split across several GitLab components.
+
+No GitLab components speak SSH directly - all SSH connections are made between
+Git on the client machine and the SSH server, which terminates the connection.
+To the SSH server, all connections are authenticated as the `git` user; GitLab
+users are differentiated by the SSH key presented by the client.
+
+Here is a sequence diagram for `git fetch`, assuming [Fast SSH key lookup](../administration/operations/fast_ssh_key_lookup.md)
+is enabled. Note that `AuthorizedKeysCommand` is an executable provided by
+[GitLab Shell](#gitlab-shell):
+
+```mermaid
+sequenceDiagram
+    participant Git on client
+    participant SSH server
+    participant AuthorizedKeysCommand
+    participant GitLab Shell
+    participant Rails
+    participant Gitaly
+    participant Git on server
+
+    Note left of Git on client: git fetch
+    Git on client->>SSH server: git fetch-pack
+    SSH server-->>AuthorizedKeysCommand: gitlab-shell-authorized-keys-check git AAAA...
+    AuthorizedKeysCommand-->>Rails: GET /internal/api/authorized_keys?key=AAAA...
+    Note right of Rails: Lookup key ID
+    Rails-->>SSH server: 200 OK, command="gitlab-shell upload-pack key_id=1"
+    SSH server-->>GitLab Shell: gitlab-shell upload-pack key_id=1
+    GitLab Shell-->>Rails: GET /internal/api/allowed?action=upload_pack&key_id=1
+    Note right of Rails: Auth check
+    Rails-->>GitLab Shell: 200 OK, { gitaly: ... }
+    GitLab Shell-->>Gitaly: SSHService.SSHUploadPack bidirectional request
+    Gitaly-->>Git on server: git upload-pack
+    Git on server->>Git on client: SSHService.SSHUploadPack bidirectional response
+```
+
+The `git push` operation is very similar, except `git receive-pack` is used
+instead of `git upload-pack`.
+
+If fast SSH key lookups are not enabled, the SSH server reads from the
+`~git/.ssh/authorized_keys` file to determine what command to run for a given
+SSH session. This is kept up to date by an [`AuthorizedKeysWorker`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/workers/authorized_keys_worker.rb)
+in Rails, scheduled to run whenever an SSH key is modified by a user.
+
+[SSH certificates](../administration/operations/ssh_certificates.md) may be used
+instead of keys. In this case, `AuthorizedKeysCommand` is replaced with an
+`AuthorizedPrincipalsCommand`. This extracts a username from the certificate
+without using the Rails internal API, which is used instead of `key_id` in the
+`/api/internal/allowed` call later.
+
+GitLab Shell also has a few operations that do not involve Gitaly, such as
+resetting two-factor authentication codes. These are handled in the same way,
+except there is no round-trip into Gitaly - Rails performs the action as part
+of the [internal API](internal_api.md) call, and GitLab Shell streams the
+response back to the user directly.
 
 ## System Layout
 

doc/development/chatops_on_gitlabcom.md

@@ -16,7 +16,7 @@ To request access to Chatops on GitLab.com:
 1. Log into <https://ops.gitlab.net/users/sign_in> **using the same username** as for GitLab.com (you may have to rename it).
 1. Ask in the [#production](https://gitlab.slack.com/messages/production) channel to add you by running `/chatops run member add <username> gitlab-com/chatops --ops`.
 
-NOTE: **Note:** If you had to change your username for GitLab.com on the first step, make sure [to reflect this information](https://gitlab.com/gitlab-com/www-gitlab-com#adding-yourself-to-the-team-page) on [the team page](https://about.gitlab.com/team).
+NOTE: **Note:** If you had to change your username for GitLab.com on the first step, make sure [to reflect this information](https://gitlab.com/gitlab-com/www-gitlab-com#adding-yourself-to-the-team-page) on [the team page](https://about.gitlab.com/company/team/).
 
 ## See also
 

doc/development/code_review.md

@@ -79,7 +79,7 @@ from teams other than your own.
 
 #### Security requirements
 
-View the updated documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/engineering/security/index.html#internal-application-security-reviews) for **when** and **how** to request a security review.
+View the updated documentation regarding [internal application security reviews](https://about.gitlab.com/handbook/engineering/security/#internal-application-security-reviews) for **when** and **how** to request a security review.
 
 ### The responsibility of the merge request author
 

doc/development/documentation/site_architecture/release_process.md

@@ -92,7 +92,7 @@ this needs to happen when the stable branches for all products have been created
    tagged with the branch name you created in the first step. In the end, the
    image will be uploaded in the [Container Registry](https://gitlab.com/gitlab-org/gitlab-docs/container_registry)
    and it will be listed under the
-   [`registry` environment folder](https://gitlab.com/gitlab-org/gitlab-docs/environments/folders/registry).
+   [`registry` environment folder](https://gitlab.com/gitlab-org/gitlab-docs/-/environments/folders/registry).
 
 Optionally, you can test locally by building the image and running it:
 
@@ -179,11 +179,11 @@ The dropdown merge requests should have now been merged into their respective
 version (stable branch), which will trigger another pipeline. At this point,
 you need to only babysit the pipelines and make sure they don't fail:
 
-1. Check the [pipelines page](https://gitlab.com/gitlab-org/gitlab-docs/pipelines)
+1. Check the pipelines page: `https://gitlab.com/gitlab-org/gitlab-docs/pipelines`
    and make sure all stable branches have green pipelines.
 1. After all the pipelines of the online versions succeed, merge the release merge request.
-1. Finally, run the [Build docker images weekly](https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules)
-   pipeline that will build the `:latest` and `:archives` Docker images.
+1. Finally, from `https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules` run
+   the `Build docker images weekly` pipeline that will build the `:latest` and `:archives` Docker images.
 
 Once the scheduled pipeline succeeds, the docs site will be deployed with all
 new versions online.
@@ -191,8 +191,7 @@ new versions online.
 ## Update an old Docker image with new upstream docs content
 
 If there are any changes to any of the stable branches of the products that are
-not included in the single Docker image, just
-[rerun the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new)
+not included in the single Docker image, just rerun the pipeline (`https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new`)
 for the version in question.
 
 ## Porting new website changes to old versions
@@ -239,7 +238,7 @@ branches for 12.2 were used, this wouldn't have failed, but as we can see from
 the [`compile_dev` job](https://gitlab.com/gitlab-org/gitlab-docs/-/jobs/328042427),
 the `master` branches were pulled.
 
-To fix this, [re-run the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new)
+To fix this, re-run the pipeline (`https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new`)
 for the `update-12-2-for-release-12-4` branch, by including the following environment variables:
 
 - `BRANCH_CE` set to `12-2-stable`

doc/development/documentation/workflow.md

@@ -62,7 +62,7 @@ responsible for:
 - Liaising with their Product Manager to understand what documentation must be delivered, and when.
 - Requesting technical reviews from other developers within their group.
 - Requesting documentation reviews from the Technical Writer
-  [assigned to the DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments)
+  [assigned to the DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments)
   that is delivering the new feature or feature enhancements.
 
 TIP: **Tip:**
@@ -92,7 +92,7 @@ the Product Manager and Technical Writer for a given issue:
   - Documentation [Structure and template](structure.md) page.
   - [Style Guide](styleguide.md).
   - [Markdown Guide](https://about.gitlab.com/handbook/engineering/ux/technical-writing/markdown-guide/).
-- Contact the Technical Writer for the relevant [DevOps stage](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments)
+- Contact the Technical Writer for the relevant [DevOps stage](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments)
   in your issue or merge request, or within `#docs` on GitLab Slack, if you:
   - Need any help to choose the correct place for documentation.
   - Want to discuss a documentation idea or outline.
@@ -423,7 +423,7 @@ Request help from the Technical Writing team if you:
 To request help:
 
 1. Locate the the Technical Writer for the relevant
-   [DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments).
+   [DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
 1. Either:
    - If urgent help is required, directly assign the Technical Writer in the issue or in the merge request.
    - If non-urgent help is required, ping the Technical Writer in the issue or merge request.
@@ -439,7 +439,7 @@ Maintainers must make a good-faith effort to ensure that the content:
 - Meets the [Documentation Guidelines](index.md) and [Style Guide](styleguide.md).
 
 If the author or reviewer has any questions, they can mention the writer who is assigned to the relevant
-[DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments).
+[DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
 
 The process involves the following:
 
@@ -449,7 +449,7 @@ The process involves the following:
 - Technical Writer (Optional). If not completed for a merge request prior to merging, must be scheduled
   post-merge. Schedule post-merge reviews only if an urgent merge is required. To request a:
   - Pre-merge review, assign the Technical Writer listed for the applicable
-    [DevOps stage group](https://about.gitlab.com/handbook/product/technical-writing/index.html#assignments).
+    [DevOps stage group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
   - Post-merge review, see [Post-merge reviews](#post-merge-reviews).
 - Maintainer. For merge requests, Maintainers:
   - Can always request any of the above reviews.

doc/development/fe_guide/frontend_faq.md

@@ -63,7 +63,7 @@ banner on top of the component examples indicates that:
 > component.
 
 For example, at the time of writing, this type of warning can be observed for
-[all form components](https://design.gitlab.com/components/forms). It, however,
+[all form components](https://design.gitlab.com/components/forms/). It, however,
 doesn't imply that the component should not be used.
 
 GitLab always asks to use `<gl-*>` components whenever a suitable component exists.

doc/development/understanding_explain_plans.md

@@ -765,5 +765,5 @@ exec ROLLBACK
 ## Further reading
 
 A more extensive guide on understanding query plans can be found in
-the [presentation](https://www.dalibo.org/_media/understanding_explain.pdf)
-from [Dalibo.org](https://www.dalibo.org/en/).
+the [presentation](https://public.dalibo.com/exports/conferences/_archives/_2012/201211_explain/understanding_explain.pdf)
+from [Dalibo.org](https://www.dalibo.com/en/).

doc/install/openshift_and_gitlab/index.md

@@ -36,7 +36,7 @@ test OpenShift easily:
 
 - [VirtualBox]
 - [Vagrant]
-- [OpenShift Client](https://docs.okd.io/latest/cli_reference/get_started_cli.html) (`oc` for short)
+- [OpenShift Client](https://docs.okd.io/3.11/cli_reference/get_started_cli.html) (`oc` for short)
 
 It is also important to mention that for the purposes of this tutorial, the
 latest Origin release is used:
@@ -99,7 +99,7 @@ landing page looks like:
 
 ![openshift web console](img/web-console.png)
 
-You can see that a number of [projects](https://docs.okd.io/latest/dev_guide/projects.html) are already created for testing purposes.
+You can see that a number of [projects](https://docs.okd.io/3.11/dev_guide/projects.html) are already created for testing purposes.
 
 If you head over the `openshift-infra` project, a number of services with their
 respective pods are there to explore.
@@ -107,7 +107,7 @@ respective pods are there to explore.
 ![openshift web console](img/openshift-infra-project.png)
 
 We are not going to explore the whole interface, but if you want to learn about
-the key concepts of OpenShift, read the [core concepts reference](https://docs.okd.io/latest/architecture/core_concepts/index.html)
+the key concepts of OpenShift, read the [core concepts reference](https://docs.okd.io/3.11/architecture/core_concepts/index.html)
 in the official documentation.
 
 ### Explore the OpenShift CLI
@@ -115,7 +115,7 @@ in the official documentation.
 OpenShift Client (`oc`), is a powerful CLI tool that talks to the OpenShift API
 and performs pretty much everything you can do from the web UI and much more.
 
-Assuming you have [installed](https://docs.okd.io/latest/cli_reference/get_started_cli.html) it, let's explore some of its main
+Assuming you have [installed](https://docs.okd.io/3.11/cli_reference/get_started_cli.html) it, let's explore some of its main
 functionalities.
 
 Let's first see the version of `oc`:
@@ -172,7 +172,7 @@ The last command should spit a bunch of information about the statuses of the
 pods and the services, which if you look closely is what we encountered in the
 second image when we explored the web console.
 
-You can always read more about `oc` in the [OpenShift CLI documentation](https://docs.okd.io/latest/cli_reference/get_started_cli.html).
+You can always read more about `oc` in the [OpenShift CLI documentation](https://docs.okd.io/3.11/cli_reference/get_started_cli.html).
 
 ### Troubleshooting the all-in-one VM
 
@@ -248,7 +248,7 @@ The next step is to import the OpenShift template for GitLab.
 
 ### Import the template
 
-The [template](https://docs.okd.io/latest/architecture/core_concepts/templates.html) is basically a JSON file which describes a set of
+The [template](https://docs.okd.io/3.11/architecture/core_concepts/templates.html) is basically a JSON file which describes a set of
 related object definitions to be created together, as well as a set of
 parameters for those objects.
 
@@ -364,7 +364,7 @@ of resources, you'd be happy to know that you can scale up with the push of a
 button.
 
 In the **Overview** page just click the up arrow button in the pod where
-GitLab is. The change is instant and you can see the number of [replicas](https://docs.okd.io/latest/architecture/core_concepts/deployments.html#replication-controllers) now
+GitLab is. The change is instant and you can see the number of [replicas](https://docs.okd.io/3.11/architecture/core_concepts/deployments.html#replication-controllers) now
 running scaled to 2.
 
 ![GitLab scale](img/gitlab-scale.png)
@@ -382,7 +382,7 @@ scale up. If a pod is in pending state for too long, you can navigate to
 ### Scale GitLab using the `oc` CLI
 
 Using `oc` is super easy to scale up the replicas of a pod. You may want to
-skim through the [basic CLI operations](https://docs.okd.io/latest/cli_reference/basic_cli_operations.html) to get a taste how the CLI
+skim through the [basic CLI operations](https://docs.okd.io/3.11/cli_reference/basic_cli_operations.html) to get a taste how the CLI
 commands are used. Pay extra attention to the object types as we will use some
 of them and their abbreviated versions below.
 
@@ -455,7 +455,7 @@ In case you were wondering whether there is an option to autoscale a pod based
 on the resources of your server, the answer is yes, of course there is.
 
 We will not expand on this matter, but feel free to read the documentation on
-OpenShift's website about [autoscaling](https://docs.okd.io/latest/dev_guide/pod_autoscaling.html).
+OpenShift's website about [autoscaling](https://docs.okd.io/3.11/dev_guide/pod_autoscaling.html).
 
 ## Current limitations
 
@@ -470,7 +470,7 @@ bother us. In any case, it is something to keep in mind when deploying GitLab
 on a production cluster.
 
 In order to deploy GitLab on a production cluster, you will need to assign the
-GitLab service account to the `anyuid` [Security Context Constraints](https://docs.okd.io/latest/admin_guide/manage_scc.html).
+GitLab service account to the `anyuid` [Security Context Constraints](https://docs.okd.io/3.11/admin_guide/manage_scc.html).
 
 For OpenShift v3.0, you will need to do this manually:
 

doc/topics/authentication/index.md

@@ -47,4 +47,4 @@ This page gathers all the resources for the topic **Authentication** within GitL
 - [Kanboard Plugin GitLab Authentication](https://github.com/kanboard/plugin-gitlab-auth)
 - [Jenkins GitLab OAuth Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+OAuth+Plugin)
 - [How to customize GitLab to support OpenID authentication](http://eric.van-der-vlist.com/blog/2013/11/23/how-to-customize-gitlab-to-support-openid-authentication/)
-- [OKD - Configuring Authentication and User Agent](https://docs.okd.io/latest/install_config/configuring_authentication.html#GitLab)
+- [OKD - Configuring Authentication and User Agent](https://docs.okd.io/3.11/install_config/configuring_authentication.html#GitLab)

doc/user/markdown.md

@@ -154,7 +154,7 @@ Color written inside backticks will be followed by a color "chip":
 
 ### Diagrams and flowcharts
 
-It's possible to generate diagrams and flowcharts from text in GitLab using [Mermaid](https://mermaidjs.github.io/) or [PlantUML](http://plantuml.com).
+It's possible to generate diagrams and flowcharts from text in GitLab using [Mermaid](https://mermaidjs.github.io/) or [PlantUML](https://plantuml.com).
 
 #### Mermaid
 

doc/user/project/pages/getting_started/fork_sample_project.md

@@ -48,13 +48,21 @@ You can also take some **optional** further steps:
 
 - _Remove the fork relationship._ The fork relationship is necessary to contribute back to the project you originally forked from. If you don't have any intentions to do so, you can remove it. To do so, navigate to your project's **Settings**, expand **Advanced settings**, and scroll down to **Remove fork relationship**:
 
-  ![remove fork relationship](../img/remove_fork_relationship.png)
+  ![Remove fork relationship](../img/remove_fork_relationship.png)
 
 - _Make it a user or group website._ To turn a **project website** forked
   from the Pages group into a **user/group** website, you'll need to:
   - Rename it to `namespace.gitlab.io`: go to your project's
     **Settings > General** and expand **Advanced**. Scroll down to
-    **Rename repository** and change the path to `namespace.gitlab.io`.
+    **Change path** and change the path to `namespace.gitlab.io`.
+
+    For example, consider the group `https://gitlab.com/gitlab-tests`:
+   `gitlab-tests` is the group's namespace, the repository path should be set
+    to `gitlab-tests.gitlab.io` (yes, weird like that), and the
+    resulting URL for your Pages website will be `https://gitlab-tests.gitlab.io`.
+
+    ![Change repo's path](../img/change_path_v12_10.png)
+
   - Adjust your SSG's [base URL](../getting_started_part_one.md#urls-and-baseurls) from `"project-name"` to
     `""`. This setting will be at a different place for each SSG, as each of them
     have their own structure and file tree. Most likely, it will be in the SSG's

lib/gitlab/git_access_snippet.rb

@@ -98,10 +98,7 @@ module Gitlab
 
     def check_single_change_access(change)
       Checks::SnippetCheck.new(change, logger: logger).validate!
-
-      if Feature.enabled?(:snippet_count_check)
-        Checks::PushFileCountCheck.new(change, repository: repository, limit: Snippet::MAX_FILE_COUNT, logger: logger).validate!
-      end
+      Checks::PushFileCountCheck.new(change, repository: repository, limit: Snippet::MAX_FILE_COUNT, logger: logger).validate!
     rescue Checks::TimedLogger::TimeoutError
       raise TimeoutError, logger.full_message
     end

lib/gitlab/metrics/dashboard/service_selector.rb

@@ -13,6 +13,7 @@ module Gitlab
           include Gitlab::Utils::StrongMemoize
 
           SERVICES = [
+            ::Metrics::Dashboard::GitlabAlertEmbedService,
             ::Metrics::Dashboard::CustomMetricEmbedService,
             ::Metrics::Dashboard::GrafanaMetricEmbedService,
             ::Metrics::Dashboard::DynamicEmbedService,

lib/gitlab/middleware/rails_queue_duration.rb

@@ -32,6 +32,7 @@ module Gitlab
       def metric_rails_queue_duration_seconds
         @metric_rails_queue_duration_seconds ||= Gitlab::Metrics.histogram(
           :gitlab_rails_queue_duration_seconds,
+          'Measures latency between GitLab Workhorse forwarding a request to Rails',
           Gitlab::Metrics::Transaction::BASE_LABELS
         )
       end

locale/gitlab.pot

@@ -459,6 +459,9 @@ msgstr[1] ""
 msgid "%{strong_start}%{human_size}%{strong_end} Files"
 msgstr ""
 
+msgid "%{strong_start}%{human_size}%{strong_end} Storage"
+msgstr ""
+
 msgid "%{strong_start}%{release_count}%{strong_end} Release"
 msgid_plural "%{strong_start}%{release_count}%{strong_end} Releases"
 msgstr[0] ""
@@ -11766,7 +11769,7 @@ msgstr ""
 msgid "LicenseCompliance|Add a license"
 msgstr ""
 
-msgid "LicenseCompliance|Add licenses manually to approve or blacklist"
+msgid "LicenseCompliance|Add license and related policy"
 msgstr ""
 
 msgid "LicenseCompliance|Allow"
@@ -11784,7 +11787,7 @@ msgstr ""
 msgid "LicenseCompliance|Deny"
 msgstr ""
 
-msgid "LicenseCompliance|Here you can approve or blacklist licenses for this project. Using %{ci} or %{license} will allow you to see if there are any unmanaged licenses and approve or blacklist them in merge request."
+msgid "LicenseCompliance|Here you can allow or deny licenses for this project. Using %{ci} or %{license} will allow you to see if there are any unmanaged licenses and allow or deny them in merge request."
 msgstr ""
 
 msgid "LicenseCompliance|License"

scripts/review_apps/base-config.yaml

@@ -111,7 +111,6 @@ nginx-ingress:
   controller:
     config:
       ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
-    replicaCount: 2
     resources:
       requests:
         cpu: 100m
@@ -119,7 +118,6 @@ nginx-ingress:
       limits:
         cpu: 200m
         memory: 675M
-    minAvailable: 1
     service:
       enableHttp: false
     livenessProbe:
@@ -134,7 +132,6 @@ nginx-ingress:
       limits:
         cpu: 10m
         memory: 24M
-    replicaCount: 1
 postgresql:
   metrics:
     enabled: false

scripts/review_apps/review-apps.sh

@@ -279,7 +279,7 @@ function deploy() {
   IMAGE_REPOSITORY="registry.gitlab.com/gitlab-org/build/cng-mirror"
   gitlab_migrations_image_repository="${IMAGE_REPOSITORY}/gitlab-rails-${edition}"
   gitlab_sidekiq_image_repository="${IMAGE_REPOSITORY}/gitlab-sidekiq-${edition}"
-  gitlab_unicorn_image_repository="${IMAGE_REPOSITORY}/gitlab-unicorn-${edition}"
+  gitlab_unicorn_image_repository="${IMAGE_REPOSITORY}/gitlab-webservice-${edition}"
   gitlab_task_runner_image_repository="${IMAGE_REPOSITORY}/gitlab-task-runner-${edition}"
   gitlab_gitaly_image_repository="${IMAGE_REPOSITORY}/gitaly"
   gitlab_shell_image_repository="${IMAGE_REPOSITORY}/gitlab-shell"

spec/graphql/mutations/concerns/mutations/resolves_issuable_spec.rb

@@ -59,6 +59,12 @@ describe Mutations::ResolvesIssuable do
 
         expect(result).to be_nil
       end
+
+      it 'returns nil if parent path is empty' do
+        result = mutation.resolve_issuable(type: type, parent_path: "", iid: issuable.iid)
+
+        expect(result).to be_nil
+      end
     end
   end
 

spec/graphql/resolvers/merge_requests_resolver_spec.rb

@@ -52,6 +52,12 @@ describe Resolvers::MergeRequestsResolver do
 
       expect(result).to be_empty
     end
+
+    it 'resolves an unknown project to be empty' do
+      result = batch_sync { resolve_mr(nil, iid: iid_1) }
+
+      expect(result.compact).to be_empty
+    end
   end
 
   def resolve_mr(project, args)

spec/lib/gitlab/git_access_snippet_spec.rb

@@ -209,16 +209,6 @@ describe Gitlab::GitAccessSnippet do
 
       expect { push_access_check }.to raise_forbidden('foo')
     end
-
-    context 'when feature flag :snippet_count_check is disabled' do
-      it 'does not check push file count' do
-        stub_feature_flags(snippet_count_check: false)
-
-        expect(Gitlab::Checks::PushFileCountCheck).not_to receive(:new)
-
-        expect { push_access_check }.not_to raise_error
-      end
-    end
   end
 
   private

spec/lib/gitlab/middleware/rails_queue_duration_spec.rb

@@ -9,7 +9,7 @@ describe Gitlab::Middleware::RailsQueueDuration do
   let(:transaction) { Gitlab::Metrics::WebTransaction.new(env) }
 
   before do
-    expect(app).to receive(:call).with(env).and_return('yay')
+    allow(app).to receive(:call).with(env).and_return('yay')
   end
 
   describe '#call' do
@@ -42,6 +42,13 @@ describe Gitlab::Middleware::RailsQueueDuration do
           expect(middleware.call(env)).to eq('yay')
         end
       end
+
+      it 'creates a metric with a docstring' do
+        metric = middleware.send(:metric_rails_queue_duration_seconds)
+
+        expect(metric).to be_instance_of(Prometheus::Client::Histogram)
+        expect(metric.docstring).to eq('Measures latency between GitLab Workhorse forwarding a request to Rails')
+      end
     end
   end
 end

spec/presenters/project_presenter_spec.rb

@@ -179,6 +179,16 @@ describe ProjectPresenter do
       end
     end
 
+    describe '#storage_anchor_data' do
+      it 'returns storage data' do
+        expect(presenter.storage_anchor_data).to have_attributes(
+          is_link: true,
+          label:  a_string_including('0 Bytes'),
+          link: nil
+        )
+      end
+    end
+
     describe '#releases_anchor_data' do
       it 'does not return release count' do
         expect(presenter.releases_anchor_data).to be_nil
@@ -232,6 +242,16 @@ describe ProjectPresenter do
       end
     end
 
+    describe '#storage_anchor_data' do
+      it 'returns storage data' do
+        expect(presenter.storage_anchor_data).to have_attributes(
+          is_link: true,
+          label:  a_string_including('0 Bytes'),
+          link: presenter.project_tree_path(project)
+        )
+      end
+    end
+
     describe '#releases_anchor_data' do
       it 'returns release count if user can read release' do
         project.add_maintainer(user)

spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Metrics::Dashboard::GitlabAlertEmbedService do
+  include MetricsDashboardHelpers
+
+  let_it_be(:alert) { create(:prometheus_alert) }
+  let_it_be(:project) { alert.project }
+  let_it_be(:user) { create(:user) }
+  let(:alert_id) { alert.id }
+
+  before do
+    project.add_maintainer(user)
+    project.clear_memoization(:licensed_feature_available)
+  end
+
+  describe '.valid_params?' do
+    let(:valid_params) do
+      {
+        embedded: true,
+        prometheus_alert_id: alert_id
+      }
+    end
+
+    subject { described_class.valid_params?(params) }
+
+    let(:params) { valid_params }
+
+    it { is_expected.to be_truthy }
+
+    context 'missing embedded' do
+      let(:params) { valid_params.except(:embedded) }
+
+      it { is_expected.to be_falsey }
+    end
+
+    context 'not embedded' do
+      let(:params) { valid_params.merge(embedded: 'false') }
+
+      it { is_expected.to be_falsey }
+    end
+
+    context 'missing alert id' do
+      let(:params) { valid_params.except(:prometheus_alert_id) }
+
+      it { is_expected.to be_falsey }
+    end
+
+    context 'missing alert id' do
+      let(:params) { valid_params.merge(prometheus_alert_id: 'none') }
+
+      it { is_expected.to be_falsey }
+    end
+  end
+
+  describe '#get_dashboard' do
+    let(:service_params) do
+      [
+        project,
+        user,
+        {
+          embedded: true,
+          prometheus_alert_id: alert_id
+        }
+      ]
+    end
+
+    let(:service_call) { described_class.new(*service_params).get_dashboard }
+
+    context 'when alerting is available' do
+      it_behaves_like 'valid embedded dashboard service response'
+      it_behaves_like 'raises error for users with insufficient permissions'
+
+      it 'uses the metric info corresponding to the alert' do
+        result = service_call
+        metrics = result[:dashboard][:panel_groups][0][:panels][0][:metrics]
+
+        expect(metrics.length).to eq 1
+        expect(metrics.first[:metric_id]).to eq alert.prometheus_metric_id
+      end
+
+      context 'when the metric does not exist' do
+        let(:alert_id) { -4 }
+
+        it_behaves_like 'misconfigured dashboard service response', :not_found
+      end
+
+      it 'does not cache the unprocessed dashboard' do
+        expect(Gitlab::Metrics::Dashboard::Cache).not_to receive(:fetch)
+
+        described_class.new(*service_params).get_dashboard
+      end
+    end
+  end
+end