Add latest changes from gitlab-org/gitlab@master

cfc792b9 · GitLab Bot · 93c6764d · cfc792b9 · cfc792b9 · cfc792b9
Commit cfc792b9 authored Dec 10, 2019 by GitLab Bot
174 changed files
--- a/.gitattributes
+++ b/.gitattributes
 VERSION merge=ours
 Dangerfile gitlab-language=ruby
+*.pdf filter=lfs diff=lfs merge=lfs -text
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"
+image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-9.6-graphicsmagick-1.3.33"

 stages:
  - sync

--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -13,7 +13,7 @@
    - .default-before_script
    - .assets-compile-cache
    - .only:changes-code-backstage-qa
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.22-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-git-2.22-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-graphicsmagick-1.3.33-docker-19.03.1
  stage: test
  dependencies: ["setup-test-env"]
  needs: ["setup-test-env"]

--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -202,7 +202,7 @@
    - name: redis:alpine

 .use-pg10:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
  services:
    - name: postgres:10.9
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -216,7 +216,7 @@
    - name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12

 .use-pg10-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.3-golang-1.12-git-2.22-lfs-2.9-chrome-73.0-node-12.x-yarn-1.16-postgresql-10-graphicsmagick-1.3.33"
  services:
    - name: postgres:10.9
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]

--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
-8.14.1
+8.17.0
--- a/app/assets/javascripts/diffs/components/diff_file_header.vue
+++ b/app/assets/javascripts/diffs/components/diff_file_header.vue
@@ -2,7 +2,7 @@
 import _ from 'underscore';
 import { mapActions, mapGetters } from 'vuex';
 import { GlButton, GlTooltipDirective, GlTooltip, GlLoadingIcon } from '@gitlab/ui';
-import { polyfillSticky, stickyMonitor } from '~/lib/utils/sticky';
+import { polyfillSticky } from '~/lib/utils/sticky';
 import ClipboardButton from '~/vue_shared/components/clipboard_button.vue';
 import Icon from '~/vue_shared/components/icon.vue';
 import FileIcon from '~/vue_shared/components/file_icon.vue';
@@ -11,7 +11,7 @@ import { __, s__, sprintf } from '~/locale';
 import { diffViewerModes } from '~/ide/constants';
 import EditButton from './edit_button.vue';
 import DiffStats from './diff_stats.vue';
-import { scrollToElement, contentTop } from '~/lib/utils/common_utils';
+import { scrollToElement } from '~/lib/utils/common_utils';

 export default {
  components: {
@@ -127,8 +127,6 @@ export default {
  },
  mounted() {
    polyfillSticky(this.$refs.header);
-    const fileHeaderHeight = this.$refs.header.clientHeight;
-    stickyMonitor(this.$refs.header, contentTop() - fileHeaderHeight - 1, false);
  },
  methods: {
    ...mapActions('diffs', [

--- a/app/assets/javascripts/pages/projects/pages_domains/edit/index.js
+++ b/app/assets/javascripts/pages/projects/pages_domains/edit/index.js
--- a/app/assets/stylesheets/framework/dropdowns.scss
+++ b/app/assets/stylesheets/framework/dropdowns.scss
@@ -288,7 +288,7 @@
    list-style: none;
    padding: 0 1px;

-    a:not(.help-link),
+    > a,
    button,
    .menu-item {
      @include dropdown-link;

--- a/app/assets/stylesheets/framework/files.scss
+++ b/app/assets/stylesheets/framework/files.scss
@@ -334,10 +334,6 @@ span.idiff {
    padding: $gl-padding-8 $gl-padding;
    margin: 0;
    border-radius: $border-radius-default $border-radius-default 0 0;
-
-    &.is-stuck {
-      border-radius: 0;
-    }
  }

  .file-header-content {

--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -10,6 +10,7 @@
  .file-title-flex-parent {
    border-top-left-radius: $border-radius-default;
    border-top-right-radius: $border-radius-default;
+    box-shadow: 0 -2px 0 0 var(--white);
    cursor: pointer;

    @media (min-width: map-get($grid-breakpoints, md)) {

--- a/app/assets/stylesheets/utilities.scss
+++ b/app/assets/stylesheets/utilities.scss
@@ -29,6 +29,8 @@
 .border-color-default { border-color: $border-color; }
 .box-shadow-default { box-shadow: 0 2px 4px 0 $black-transparent; }

+.mh-50vh { max-height: 50vh; }
+
 .gl-w-64 { width: px-to-rem($grid-size * 8); }
 .gl-h-64 { height: px-to-rem($grid-size * 8); }
 .gl-bg-blue-500 { @include gl-bg-blue-500; }
--- a/app/controllers/projects/environments_controller.rb
+++ b/app/controllers/projects/environments_controller.rb
@@ -7,14 +7,15 @@ class Projects::EnvironmentsController < Projects::ApplicationController
  before_action :authorize_read_environment!
  before_action :authorize_create_environment!, only: [:new, :create]
  before_action :authorize_stop_environment!, only: [:stop]
-  before_action :authorize_update_environment!, only: [:edit, :update]
+  before_action :authorize_update_environment!, only: [:edit, :update, :cancel_auto_stop]
  before_action :authorize_admin_environment!, only: [:terminal, :terminal_websocket_authorize]
-  before_action :environment, only: [:show, :edit, :update, :stop, :terminal, :terminal_websocket_authorize, :metrics]
+  before_action :environment, only: [:show, :edit, :update, :stop, :terminal, :terminal_websocket_authorize, :metrics, :cancel_auto_stop]
  before_action :verify_api_request!, only: :terminal_websocket_authorize
-  before_action :expire_etag_cache, only: [:index]
+  before_action :expire_etag_cache, only: [:index], unless: -> { request.format.json? }
  before_action only: [:metrics, :additional_metrics, :metrics_dashboard] do
    push_frontend_feature_flag(:prometheus_computed_alerts)
  end
+  after_action :expire_etag_cache, only: [:cancel_auto_stop]

  def index
    @environments = project.environments
@@ -104,6 +105,27 @@ class Projects::EnvironmentsController < Projects::ApplicationController
    end
  end

+  def cancel_auto_stop
+    result = Environments::ResetAutoStopService.new(project, current_user)
+      .execute(environment)
+
+    if result[:status] == :success
+      respond_to do |format|
+        message = _('Auto stop successfully canceled.')
+
+        format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
+        format.json { render json: { message: message }, status: :ok }
+      end
+    else
+      respond_to do |format|
+        message = result[:message]
+
+        format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: message }) }
+        format.json { render json: { message: message }, status: :unprocessable_entity }
+      end
+    end
+  end
+
  def terminal
    # Currently, this acts as a hint to load the terminal details into the cache
    # if they aren't there already. In the future, users will need these details
@@ -175,8 +197,6 @@ class Projects::EnvironmentsController < Projects::ApplicationController
  end

  def expire_etag_cache
-    return if request.format.json?
-
    # this forces to reload json content
    Gitlab::EtagCaching::Store.new.tap do |store|
      store.touch(project_environments_path(project, format: :json))
@@ -222,6 +242,10 @@ class Projects::EnvironmentsController < Projects::ApplicationController
  def authorize_stop_environment!
    access_denied! unless can?(current_user, :stop_environment, environment)
  end
+
+  def authorize_update_environment!
+    access_denied! unless can?(current_user, :update_environment, environment)
+  end
 end

 Projects::EnvironmentsController.prepend_if_ee('EE::Projects::EnvironmentsController')
--- a/app/controllers/projects/pages_domains_controller.rb
+++ b/app/controllers/projects/pages_domains_controller.rb
@@ -8,7 +8,6 @@ class Projects::PagesDomainsController < Projects::ApplicationController
  before_action :domain, except: [:new, :create]

  def show
-    redirect_to edit_project_pages_domain_path(@project, @domain)
  end

  def new
@@ -24,17 +23,18 @@ class Projects::PagesDomainsController < Projects::ApplicationController
      flash[:alert] = 'Failed to verify domain ownership'
    end

-    redirect_to edit_project_pages_domain_path(@project, @domain)
+    redirect_to project_pages_domain_path(@project, @domain)
  end

  def edit
+    redirect_to project_pages_domain_path(@project, @domain)
  end

  def create
    @domain = @project.pages_domains.create(create_params)

    if @domain.valid?
-      redirect_to edit_project_pages_domain_path(@project, @domain)
+      redirect_to project_pages_domain_path(@project, @domain)
    else
      render 'new'
    end
@@ -46,7 +46,7 @@ class Projects::PagesDomainsController < Projects::ApplicationController
        status: :found,
        notice: 'Domain was updated'
    else
-      render 'edit'
+      render 'show'
    end
  end

@@ -68,7 +68,7 @@ class Projects::PagesDomainsController < Projects::ApplicationController
      flash[:alert] = @domain.errors.full_messages.join(', ')
    end

-    redirect_to edit_project_pages_domain_path(@project, @domain)
+    redirect_to project_pages_domain_path(@project, @domain)
  end

  private

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -13,7 +13,7 @@ module Projects
        Projects::UpdateService.new(project, current_user, update_params).tap do |service|
          result = service.execute
          if result[:status] == :success
-            flash[:notice] = _("Pipelines settings for '%{project_name}' were successfully updated.") % { project_name: @project.name }
+            flash[:toast] = _("Pipelines settings for '%{project_name}' were successfully updated.") % { project_name: @project.name }

            run_autodevops_pipeline(service)

@@ -39,7 +39,7 @@ module Projects
      def reset_registration_token
        @project.reset_runners_token!

-        flash[:notice] = _('New runners registration token has been generated!')
+        flash[:toast] = _("New runners registration token has been generated!")
        redirect_to namespace_project_settings_ci_cd_path
      end

@@ -65,12 +65,14 @@ module Projects
        return unless service.run_auto_devops_pipeline?

        if @project.empty_repo?
-          flash[:warning] = _("This repository is currently empty. A new Auto DevOps pipeline will be created after a new file has been pushed to a branch.")
+          flash[:notice] = _("This repository is currently empty. A new Auto DevOps pipeline will be created after a new file has been pushed to a branch.")
          return
        end

        CreatePipelineWorker.perform_async(project.id, current_user.id, project.default_branch, :web, ignore_skip_ci: true, save_on_errors: false)
-        flash[:success] = "A new Auto DevOps pipeline has been created, go to <a href=\"#{project_pipelines_path(@project)}\">Pipelines page</a> for details".html_safe
+
+        pipelines_link_start = '<a href="%{url}">'.html_safe % { url: project_pipelines_path(@project) }
+        flash[:toast] = _("A new Auto DevOps pipeline has been created, go to %{pipelines_link_start}Pipelines page%{pipelines_link_end} for details") % { pipelines_link_start: pipelines_link_start, pipelines_link_end: "</a>".html_safe }
      end

      def define_variables

--- a/app/graphql/resolvers/concerns/resolves_snippets.rb
+++ b/app/graphql/resolvers/concerns/resolves_snippets.rb
+# frozen_string_literal: true
+
+module ResolvesSnippets
+  extend ActiveSupport::Concern
+
+  included do
+    type Types::SnippetType, null: false
+
+    argument :ids, [GraphQL::ID_TYPE],
+             required: false,
+             description: 'Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"'
+
+    argument :visibility, Types::Snippets::VisibilityScopesEnum,
+             required: false,
+             description: 'The visibility of the snippet'
+  end
+
+  def resolve(**args)
+    resolve_snippets(args)
+  end
+
+  private
+
+  def resolve_snippets(args)
+    SnippetsFinder.new(context[:current_user], snippet_finder_params(args)).execute
+  end
+
+  def snippet_finder_params(args)
+    {
+      ids: resolve_ids(args[:ids]),
+      scope: args[:visibility]
+    }.merge(options_by_type(args[:type]))
+  end
+
+  def resolve_ids(ids)
+    Array.wrap(ids).map { |id| resolve_gid(id, :id) }
+  end
+
+  def resolve_gid(gid, argument)
+    return unless gid.present?
+
+    GlobalID.parse(gid)&.model_id.tap do |id|
+      raise Gitlab::Graphql::Errors::ArgumentError, "Invalid global id format for param #{argument}" if id.nil?
+    end
+  end
+
+  def options_by_type(type)
+    case type
+    when 'personal'
+      { only_personal: true }
+    when 'project'
+      { only_project: true }
+    else
+      {}
+    end
+  end
+end
--- a/app/graphql/resolvers/projects/snippets_resolver.rb
+++ b/app/graphql/resolvers/projects/snippets_resolver.rb
+# frozen_string_literal: true
+
+module Resolvers
+  module Projects
+    class SnippetsResolver < BaseResolver
+      include ResolvesSnippets
+
+      alias_method :project, :object
+
+      def resolve(**args)
+        return Snippet.none if project.nil?
+
+        super
+      end
+
+      private
+
+      def snippet_finder_params(args)
+        super.merge(project: project)
+      end
+    end
+  end
+end
--- a/app/graphql/resolvers/snippets_resolver.rb
+++ b/app/graphql/resolvers/snippets_resolver.rb
+# frozen_string_literal: true
+
+module Resolvers
+  class SnippetsResolver < BaseResolver
+    include ResolvesSnippets
+
+    ERROR_MESSAGE = 'Filtering by both an author and a project is not supported'
+
+    alias_method :user, :object
+
+    argument :author_id, GraphQL::ID_TYPE,
+              required: false,
+              description: 'The ID of an author'
+
+    argument :project_id, GraphQL::ID_TYPE,
+              required: false,
+              description: 'The ID of a project'
+
+    argument :type, Types::Snippets::TypeEnum,
+              required: false,
+              description: 'The type of snippet'
+
+    argument :explore,
+              GraphQL::BOOLEAN_TYPE,
+              required: false,
+              description: 'Explore personal snippets'
+
+    def resolve(**args)
+      if args[:author_id].present? && args[:project_id].present?
+        raise Gitlab::Graphql::Errors::ArgumentError, ERROR_MESSAGE
+      end
+
+      super
+    end
+
+    private
+
+    def snippet_finder_params(args)
+      super
+        .merge(author: resolve_gid(args[:author_id], :author),
+               project: resolve_gid(args[:project_id], :project),
+               explore: args[:explore])
+    end
+  end
+end
--- a/app/graphql/resolvers/users/snippets_resolver.rb
+++ b/app/graphql/resolvers/users/snippets_resolver.rb
+# frozen_string_literal: true
+
+module Resolvers
+  module Users
+    class SnippetsResolver < BaseResolver
+      include ResolvesSnippets
+
+      alias_method :user, :object
+
+      argument :type, Types::Snippets::TypeEnum,
+               required: false,
+               description: 'The type of snippet'
+
+      private
+
+      def snippet_finder_params(args)
+        super.merge(author: user)
+      end
+    end
+  end
+end
--- a/app/graphql/types/notes/noteable_type.rb
+++ b/app/graphql/types/notes/noteable_type.rb
@@ -15,6 +15,8 @@ module Types
            Types::IssueType
          when MergeRequest
            Types::MergeRequestType
+          when Snippet
+            Types::SnippetType
          else
            raise "Unknown GraphQL type for #{object}"
          end

--- a/app/graphql/types/permission_types/project.rb
+++ b/app/graphql/types/permission_types/project.rb
@@ -10,13 +10,19 @@ module Types
                :remove_pages, :read_project, :create_merge_request_in,
                :read_wiki, :read_project_member, :create_issue, :upload_file,
                :read_cycle_analytics, :download_code, :download_wiki_code,
-                :fork_project, :create_project_snippet, :read_commit_status,
+                :fork_project, :read_commit_status,
                :request_access, :create_pipeline, :create_pipeline_schedule,
                :create_merge_request_from, :create_wiki, :push_code,
                :create_deployment, :push_to_delete_protected_branch,
                :admin_wiki, :admin_project, :update_pages,
                :admin_remote_mirror, :create_label, :update_wiki, :destroy_wiki,
                :create_pages, :destroy_pages, :read_pages_content, :admin_operations
+
+      permission_field :create_snippet
+
+      def create_snippet
+        Ability.allowed?(context[:current_user], :create_project_snippet, object)
+      end
    end
  end
 end

--- a/app/graphql/types/permission_types/snippet.rb
+++ b/app/graphql/types/permission_types/snippet.rb
+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    class Snippet < BasePermissionType
+      graphql_name 'SnippetPermissions'
+
+      abilities :create_note, :award_emoji
+
+      permission_field :read_snippet, method: :can_read_snippet?
+      permission_field :update_snippet, method: :can_update_snippet?
+      permission_field :admin_snippet, method: :can_admin_snippet?
+    end
+  end
+end
--- a/app/graphql/types/permission_types/user.rb
+++ b/app/graphql/types/permission_types/user.rb
+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    class User < BasePermissionType
+      graphql_name 'UserPermissions'
+
+      permission_field :create_snippet
+
+      def create_snippet
+        Ability.allowed?(context[:current_user], :create_personal_snippet)
+      end
+    end
+  end
+end
--- a/app/graphql/types/project_type.rb
+++ b/app/graphql/types/project_type.rb
@@ -151,5 +151,11 @@ module Types
          null: true,
          description: 'Detailed version of a Sentry error on the project',
          resolver: Resolvers::ErrorTracking::SentryDetailedErrorResolver
+
+    field :snippets,
+          Types::SnippetType.connection_type,
+          null: true,
+          description: 'Snippets of the project',
+          resolver: Resolvers::Projects::SnippetsResolver
  end
 end
--- a/app/graphql/types/query_type.rb
+++ b/app/graphql/types/query_type.rb
@@ -29,6 +29,12 @@ module Types
          resolver: Resolvers::MetadataResolver,
          description: 'Metadata about GitLab'

+    field :snippets,
+          Types::SnippetType.connection_type,
+          null: true,
+          resolver: Resolvers::SnippetsResolver,
+          description: 'Find Snippets visible to the current user'
+
    field :echo, GraphQL::STRING_TYPE, null: false, resolver: Resolvers::EchoResolver # rubocop:disable Graphql/Descriptions
  end
 end
--- a/app/graphql/types/snippet_type.rb
+++ b/app/graphql/types/snippet_type.rb
+# frozen_string_literal: true
+
+module Types
+  class SnippetType < BaseObject
+    graphql_name 'Snippet'
+    description 'Represents a snippet entry'
+
+    implements(Types::Notes::NoteableType)
+
+    present_using SnippetPresenter
+
+    authorize :read_snippet
+
+    expose_permissions Types::PermissionTypes::Snippet
+
+    field :id, GraphQL::ID_TYPE,
+          description: 'Id of the snippet',
+          null: false
+
+    field :title, GraphQL::STRING_TYPE,
+          description: 'Title of the snippet',
+          null: false
+
+    field :project, Types::ProjectType,
+          description: 'The project the snippet is associated with',
+          null: true,
+          authorize: :read_project,
+          resolve: -> (snippet, args, context) { Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, snippet.project_id).find }
+
+    field :author, Types::UserType,
+          description: 'The owner of the snippet',
+          null: false,
+          resolve: -> (snippet, args, context) { Gitlab::Graphql::Loaders::BatchModelLoader.new(User, snippet.author_id).find }
+
+    field :file_name, GraphQL::STRING_TYPE,
+          description: 'File Name of the snippet',
+          null: true
+
+    field :content, GraphQL::STRING_TYPE,
+          description: 'Content of the snippet',
+          null: false
+
+    field :description, GraphQL::STRING_TYPE,
+          description: 'Description of the snippet',
+          null: true
+
+    field :visibility, GraphQL::STRING_TYPE,
+          description: 'Visibility of the snippet',
+          null: false
+
+    field :created_at, Types::TimeType,
+          description: 'Timestamp this snippet was created',
+          null: false
+
+    field :updated_at, Types::TimeType,
+          description: 'Timestamp this snippet was updated',
+          null: false
+
+    field :web_url, type: GraphQL::STRING_TYPE,
+          description: 'Web URL of the snippet',
+          null: false
+
+    field :raw_url, type: GraphQL::STRING_TYPE,
+          description: 'Raw URL of the snippet',
+          null: false
+
+    markdown_field :description_html, null: true, method: :description
+  end
+end
--- a/app/graphql/types/snippets/type_enum.rb
+++ b/app/graphql/types/snippets/type_enum.rb
+# frozen_string_literal: true
+
+module Types
+  module Snippets
+    class TypeEnum < BaseEnum
+      value 'personal', value: 'personal'
+      value 'project', value: 'project'
+    end
+  end
+end
--- a/app/graphql/types/snippets/visibility_scopes_enum.rb
+++ b/app/graphql/types/snippets/visibility_scopes_enum.rb
+# frozen_string_literal: true
+
+module Types
+  module Snippets
+    class VisibilityScopesEnum < BaseEnum
+      value 'private',  value: 'are_private'
+      value 'internal', value: 'are_internal'
+      value 'public',   value: 'are_public'
+    end
+  end
+end
--- a/app/graphql/types/user_type.rb
+++ b/app/graphql/types/user_type.rb
@@ -8,6 +8,8 @@ module Types

    present_using UserPresenter

+    expose_permissions Types::PermissionTypes::User
+
    field :name, GraphQL::STRING_TYPE, null: false,
          description: 'Human-readable name of the user'
    field :username, GraphQL::STRING_TYPE, null: false,
@@ -19,5 +21,11 @@ module Types
    field :todos, Types::TodoType.connection_type, null: false,
          resolver: Resolvers::TodoResolver,
          description: 'Todos of the user'
+
+    field :snippets,
+          Types::SnippetType.connection_type,
+          null: true,
+          description: 'Snippets authored by the user',
+          resolver: Resolvers::Users::SnippetsResolver
  end
 end
--- a/app/mailers/emails/profile.rb
+++ b/app/mailers/emails/profile.rb
@@ -32,6 +32,18 @@ module Emails
      mail(to: @user.notification_email, subject: subject("GPG key was added to your account"))
    end
    # rubocop: enable CodeReuse/ActiveRecord
+
+    def access_token_about_to_expire_email(user)
+      return unless user
+
+      @user = user
+      @target_url = profile_personal_access_tokens_url
+      @days_to_expire = PersonalAccessToken::DAYS_TO_EXPIRE
+
+      Gitlab::I18n.with_locale(@user.preferred_language) do
+        mail(to: @user.notification_email, subject: subject(_("Your Personal Access Tokens will expire in %{days_to_expire} days or less") % { days_to_expire: @days_to_expire }))
+      end
+    end
  end
 end


--- a/app/models/clusters/applications/prometheus.rb
+++ b/app/models/clusters/applications/prometheus.rb
@@ -13,15 +13,21 @@ module Clusters
      include ::Clusters::Concerns::ApplicationStatus
      include ::Clusters::Concerns::ApplicationVersion
      include ::Clusters::Concerns::ApplicationData
+      include AfterCommitQueue

      default_value_for :version, VERSION

-      after_destroy :disable_prometheus_integration
+      after_destroy do
+        run_after_commit do
+          disable_prometheus_integration
+        end
+      end

      state_machine :status do
        after_transition any => [:installed] do |application|
-          application.cluster.projects.each do |project|
-            project.find_or_initialize_service('prometheus').update!(active: true)
+          application.run_after_commit do
+            Clusters::Applications::ActivateServiceWorker
+              .perform_async(application.cluster_id, ::PrometheusService.to_param) # rubocop:disable CodeReuse/ServiceClass
          end
        end
      end
@@ -98,9 +104,8 @@ module Clusters
      private

      def disable_prometheus_integration
-        cluster.projects.each do |project|
-          project.prometheus_service&.update!(active: false)
-        end
+        ::Clusters::Applications::DeactivateServiceWorker
+          .perform_async(cluster_id, ::PrometheusService.to_param) # rubocop:disable CodeReuse/ServiceClass
      end

      def kube_client

--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -34,6 +34,7 @@ module Clusters

    has_many :cluster_groups, class_name: 'Clusters::Group'
    has_many :groups, through: :cluster_groups, class_name: '::Group'
+    has_many :groups_projects, through: :groups, source: :projects, class_name: '::Project'

    # we force autosave to happen when we save `Cluster` model
    has_one :provider_gcp, class_name: 'Clusters::Providers::Gcp', autosave: true
@@ -177,6 +178,13 @@ module Clusters
      end
    end

+    def all_projects
+      return projects if project_type?
+      return groups_projects if group_type?
+
+      ::Project.all
+    end
+
    def status_name
      return cleanup_status_name if cleanup_errored?
      return :cleanup_ongoing unless cleanup_not_started?

--- a/app/models/concerns/ci/metadatable.rb
+++ b/app/models/concerns/ci/metadatable.rb
@@ -17,6 +17,7 @@ module Ci
      delegate :timeout, to: :metadata, prefix: true, allow_nil: true
      delegate :interruptible, to: :metadata, prefix: false, allow_nil: true
      delegate :has_exposed_artifacts?, to: :metadata, prefix: false, allow_nil: true
+      delegate :environment_auto_stop_in, to: :metadata, prefix: false, allow_nil: true
      before_create :ensure_metadata
    end

@@ -47,8 +48,11 @@ module Ci
    def options=(value)
      write_metadata_attribute(:options, :config_options, value)

-      # Store presence of exposed artifacts in build metadata to make it easier to query
-      ensure_metadata.has_exposed_artifacts = value&.dig(:artifacts, :expose_as).present?
+      ensure_metadata.tap do |metadata|
+        # Store presence of exposed artifacts in build metadata to make it easier to query
+        metadata.has_exposed_artifacts = value&.dig(:artifacts, :expose_as).present?
+        metadata.environment_auto_stop_in = value&.dig(:environment, :auto_stop_in)
+      end
    end

    def yaml_variables=(value)

--- a/app/models/concerns/expirable.rb
+++ b/app/models/concerns/expirable.rb
@@ -3,6 +3,8 @@
 module Expirable
  extend ActiveSupport::Concern

+  DAYS_TO_EXPIRE = 7
+
  included do
    scope :expired, -> { where('expires_at <= ?', Time.current) }
  end
@@ -16,6 +18,6 @@ module Expirable
  end

  def expires_soon?
-    expires? && expires_at < 7.days.from_now
+    expires? && expires_at < DAYS_TO_EXPIRE.days.from_now
  end
 end
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -162,6 +162,10 @@ class Environment < ApplicationRecord
    stop_action&.play(current_user)
  end

+  def reset_auto_stop
+    update_column(:auto_stop_at, nil)
+  end
+
  def actions_for(environment)
    return [] unless manual_actions

@@ -261,6 +265,17 @@ class Environment < ApplicationRecord
    end
  end

+  def auto_stop_in
+    auto_stop_at - Time.now if auto_stop_at
+  end
+
+  def auto_stop_in=(value)
+    return unless value
+    return unless parsed_result = ChronicDuration.parse(value)
+
+    self.auto_stop_at = parsed_result.seconds.from_now
+  end
+
  private

  def generate_slug

--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -341,6 +341,6 @@ class Milestone < ApplicationRecord
  end

  def issues_finder_params
-    { project_id: project_id, group_id: group_id }.compact
+    { project_id: project_id, group_id: group_id, include_subgroups: group_id.present? }.compact
  end
 end
--- a/app/models/personal_access_token.rb
+++ b/app/models/personal_access_token.rb
@@ -16,6 +16,7 @@ class PersonalAccessToken < ApplicationRecord
  before_save :ensure_token

  scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") }
+  scope :expiring_and_not_notified, ->(date) { where(["revoked = false AND expire_notification_delivered = false AND expires_at >= NOW() AND expires_at <= ?", date]) }
  scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }
  scope :with_impersonation, -> { where(impersonation: true) }
  scope :without_impersonation, -> { where(impersonation: false) }

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -404,6 +404,7 @@ class Project < ApplicationRecord
  scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) }
  scope :with_project_feature, -> { joins('LEFT JOIN project_features ON projects.id = project_features.project_id') }
  scope :with_statistics, -> { includes(:statistics) }
+  scope :with_service, ->(service) { joins(service).eager_load(service) }
  scope :with_shared_runners, -> { where(shared_runners_enabled: true) }
  scope :with_container_registry, -> { where(container_registry_enabled: true) }
  scope :inside_path, ->(path) do
@@ -1256,8 +1257,9 @@ class Project < ApplicationRecord

  def all_clusters
    group_clusters = Clusters::Cluster.joins(:groups).where(cluster_groups: { group_id: ancestors_upto } )
+    instance_clusters = Clusters::Cluster.instance_type

-    Clusters::Cluster.from_union([clusters, group_clusters])
+    Clusters::Cluster.from_union([clusters, group_clusters, instance_clusters])
  end

  def items_for(entity)

--- a/app/models/project_services/prometheus_service.rb
+++ b/app/models/project_services/prometheus_service.rb
@@ -88,7 +88,7 @@ class PrometheusService < MonitoringService
    return false if template?
    return false unless project

-    project.clusters.enabled.any? { |cluster| cluster.application_prometheus_available? }
+    project.all_clusters.enabled.any? { |cluster| cluster.application_prometheus_available? }
  end

  def allow_local_api_url?

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -310,6 +310,13 @@ class User < ApplicationRecord
  scope :with_dashboard, -> (dashboard) { where(dashboard: dashboard) }
  scope :with_public_profile, -> { where(private_profile: false) }

+  scope :with_expiring_and_not_notified_personal_access_tokens, ->(at) do
+    where('EXISTS (?)',
+          ::PersonalAccessToken
+            .where('personal_access_tokens.user_id = users.id')
+            .expiring_and_not_notified(at).select(1))
+  end
+
  def self.with_visible_profile(user)
    return with_public_profile if user.nil?


--- a/app/policies/personal_snippet_policy.rb
+++ b/app/policies/personal_snippet_policy.rb
@@ -27,4 +27,7 @@ class PersonalSnippetPolicy < BasePolicy
  rule { can?(:create_note) }.enable :award_emoji

  rule { can?(:read_all_resources) }.enable :read_personal_snippet
+
+  # Aliasing the ability to ease GraphQL permissions check
+  rule { can?(:read_personal_snippet) }.enable :read_snippet
 end
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -262,6 +262,7 @@ class ProjectPolicy < BasePolicy
    enable :update_container_image
    enable :destroy_container_image
    enable :create_environment
+    enable :update_environment
    enable :create_deployment
    enable :update_deployment
    enable :create_release
@@ -278,8 +279,6 @@ class ProjectPolicy < BasePolicy
    enable :admin_board
    enable :push_to_delete_protected_branch
    enable :update_project_snippet
-    enable :update_environment
-    enable :update_deployment
    enable :admin_project_snippet
    enable :admin_project_member
    enable :admin_note

--- a/app/policies/project_snippet_policy.rb
+++ b/app/policies/project_snippet_policy.rb
@@ -45,6 +45,9 @@ class ProjectSnippetPolicy < BasePolicy
  end

  rule { ~can?(:read_project_snippet) }.prevent :create_note
+
+  # Aliasing the ability to ease GraphQL permissions check
+  rule { can?(:read_project_snippet) }.enable :read_snippet
 end

 ProjectSnippetPolicy.prepend_if_ee('EE::ProjectSnippetPolicy')
--- a/app/presenters/snippet_presenter.rb
+++ b/app/presenters/snippet_presenter.rb
+# frozen_string_literal: true
+
+class SnippetPresenter < Gitlab::View::Presenter::Delegated
+  presents :snippet
+
+  def web_url
+    Gitlab::UrlBuilder.build(snippet)
+  end
+
+  def raw_url
+    Gitlab::UrlBuilder.build(snippet, raw: true)
+  end
+
+  def can_read_snippet?
+    can_access_resource?("read")
+  end
+
+  def can_update_snippet?
+    can_access_resource?("update")
+  end
+
+  def can_admin_snippet?
+    can_access_resource?("admin")
+  end
+
+  private
+
+  def can_access_resource?(ability_prefix)
+    can?(current_user, ability_name(ability_prefix), snippet)
+  end
+
+  def ability_name(ability_prefix)
+    "#{ability_prefix}_#{snippet.class.underscore}".to_sym
+  end
+end
--- a/app/serializers/environment_entity.rb
+++ b/app/serializers/environment_entity.rb
@@ -24,6 +24,10 @@ class EnvironmentEntity < Grape::Entity
    stop_project_environment_path(environment.project, environment)
  end

+  expose :cancel_auto_stop_path, if: -> (*) { can_update_environment? } do |environment|
+    cancel_auto_stop_project_environment_path(environment.project, environment)
+  end
+
  expose :cluster_type, if: ->(environment, _) { cluster_platform_kubernetes? } do |environment|
    cluster.cluster_type
  end
@@ -37,6 +41,7 @@ class EnvironmentEntity < Grape::Entity
  end

  expose :created_at, :updated_at
+  expose :auto_stop_at, expose_nil: false

  expose :can_stop do |environment|
    environment.available? && can?(current_user, :stop_environment, environment)
@@ -54,6 +59,10 @@ class EnvironmentEntity < Grape::Entity
    can?(request.current_user, :create_environment_terminal, environment)
  end

+  def can_update_environment?
+    can?(current_user, :update_environment, environment)
+  end
+
  def cluster_platform_kubernetes?
    deployment_platform && deployment_platform.is_a?(Clusters::Platforms::Kubernetes)
  end

--- a/app/services/deployments/after_create_service.rb
+++ b/app/services/deployments/after_create_service.rb
@@ -29,6 +29,7 @@ module Deployments
          environment.external_url = url
        end

+        renew_auto_stop_in
        environment.fire_state_event(action)

        if environment.save && !environment.stopped?
@@ -63,6 +64,12 @@ module Deployments
    def action
      environment_options[:action] || 'start'
    end
+
+    def renew_auto_stop_in
+      return unless deployable
+
+      environment.auto_stop_in = deployable.environment_auto_stop_in
+    end
  end
 end


--- a/app/services/environments/reset_auto_stop_service.rb
+++ b/app/services/environments/reset_auto_stop_service.rb
+# frozen_string_literal: true
+
+module Environments
+  class ResetAutoStopService < ::BaseService
+    def execute(environment)
+      return error(_('Failed to cancel auto stop because you do not have permission to update the environment.')) unless can_update_environment?(environment)
+      return error(_('Failed to cancel auto stop because the environment is not set as auto stop.')) unless environment.auto_stop_at?
+
+      if environment.reset_auto_stop
+        success
+      else
+        error(_('Failed to cancel auto stop because failed to update the environment.'))
+      end
+    end
+
+    private
+
+    def can_update_environment?(environment)
+      can?(current_user, :update_environment, environment)
+    end
+  end
+end
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -58,6 +58,14 @@ class NotificationService
    end
  end

+  # Notify the owner of the personal access token, when it is about to expire
+  # And mark the token with about_to_expire_delivered
+  def access_token_about_to_expire(user)
+    return unless user.can?(:receive_notifications)
+
+    mailer.access_token_about_to_expire_email(user).deliver_later
+  end
+
  # When create an issue we should send an email to:
  #
  #  * issue assignee if their notification level is not Disabled

--- a/app/views/clusters/clusters/_banner.html.haml
+++ b/app/views/clusters/clusters/_banner.html.haml
@@ -6,17 +6,19 @@
  %span.spinner.spinner-dark.spinner-sm{ 'aria-label': 'Loading' }
  %span.prepend-left-4= s_('ClusterIntegration|Kubernetes cluster is being created...')

-.hidden.row.js-cluster-api-unreachable.bs-callout.bs-callout-warning{ role: 'alert' }
-  .col-11
+.hidden.row.js-cluster-api-unreachable.gl-alert.gl-alert-warning{ role: 'alert' }
+  = sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+  %button.js-close-banner.gl-alert-dismiss{ type: 'button', 'aria-label' => _('Dismiss') }
+    = sprite_icon('close', size: 16, css_class: 'gl-icon')
+  .gl-alert-body
    = s_('ClusterIntegration|Your cluster API is unreachable. Please ensure your API URL is correct.')
-  .col-1.p-0
-    %button.js-close-banner.close.cluster-application-banner-close.h-100.m-0= "×"

-.hidden.js-cluster-authentication-failure.row.js-cluster-api-unreachable.bs-callout.bs-callout-warning{ role: 'alert' }
-  .col-11
+.hidden.js-cluster-authentication-failure.js-cluster-api-unreachable.gl-alert.gl-alert-warning{ role: 'alert' }
+  = sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
+  %button.js-close-banner.gl-alert-dismiss{ type: 'button', 'aria-label' => _('Dismiss') }
+    = sprite_icon('close', size: 16, css_class: 'gl-icon')
+  .gl-alert-body
    = s_('ClusterIntegration|There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.')
-  .col-1.p-0
-    %button.js-close-banner.close.cluster-application-banner-close.h-100.m-0= "×"

 .hidden.js-cluster-success.bs-callout.bs-callout-success{ role: 'alert' }
  = s_("ClusterIntegration|Kubernetes cluster was successfully created.")
--- a/app/views/layouts/_flash.html.haml
+++ b/app/views/layouts/_flash.html.haml
+-# We currently only support `alert`, `notice`, `success`, 'toast'
 .flash-container.flash-container-page.sticky
-  -# We currently only support `alert`, `notice`, `success`
  - flash.each do |key, value|
-    -# Don't show a flash message if the message is nil
-    - if value
+    - if key == 'toast' && value
+      .js-toast-message{ data: { message: value } }
+    - elsif value
      %div{ class: "flash-#{key} mb-2" }
        %span= value
        %div{ class: "close-icon-wrapper js-close-icon" }

--- a/app/views/layouts/nav/sidebar/_project.html.haml
+++ b/app/views/layouts/nav/sidebar/_project.html.haml
@@ -144,8 +144,16 @@
                %strong.fly-out-top-item-name
                  = issue_tracker.title

+      - if (project_nav_tab? :labels) && !@project.issues_enabled?
+        = nav_link(controller: [:labels]) do
+          = link_to project_labels_path(@project), title: _('Labels'), class: 'shortcuts-labels qa-labels-items' do
+            .nav-icon-container
+              = sprite_icon('label')
+            %span.nav-item-name#js-onboarding-labels-link
+              = _('Labels')
+
      - if project_nav_tab? :merge_requests
-        = nav_link(controller: @project.issues_enabled? ? :merge_requests : [:merge_requests, :labels, :milestones]) do
+        = nav_link(controller: @project.issues_enabled? ? :merge_requests : [:merge_requests, :milestones]) do
          = link_to project_merge_requests_path(@project), class: 'shortcuts-merge_requests', data: { qa_selector: 'merge_requests_link' } do
            .nav-icon-container
              = sprite_icon('git-merge')

--- a/app/views/notify/access_token_about_to_expire_email.html.haml
+++ b/app/views/notify/access_token_about_to_expire_email.html.haml
+%p
+  = _('Hi %{username}!') % { username: sanitize_name(@user.name) }
+%p
+  = _('One or more of your personal access tokens will expire in %{days_to_expire} days or less.') % { days_to_expire: @days_to_expire }
+%p
+  - pat_link_start =  '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: @target_url }
+  = _('You can create a new one or check them in your %{pat_link_start}Personal Access Tokens%{pat_link_end} settings').html_safe % { pat_link_start: pat_link_start, pat_link_end: '</a>'.html_safe }
--- a/app/views/notify/access_token_about_to_expire_email.text.erb
+++ b/app/views/notify/access_token_about_to_expire_email.text.erb
+<%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %>
+
+<%= _('One or more of your personal access tokens will expire in %{days_to_expire} days or less.') % { days_to_expire: @days_to_expire} %>
+
+<%= _('You can create a new one or check them in your Personal Access Tokens settings %{pat_link}') % { pat_link: @target_url } %>
--- a/app/views/projects/environments/show.html.haml
+++ b/app/views/projects/environments/show.html.haml
@@ -5,7 +5,7 @@
 - content_for :page_specific_javascripts do
  = stylesheet_link_tag 'page_bundles/xterm'

- if can?(current_user, :stop_environment, @environment)
+- if @environment.available? && can?(current_user, :stop_environment, @environment)
  #stop-environment-modal.modal.fade{ tabindex: -1 }
    .modal-dialog
      .modal-content
@@ -40,7 +40,7 @@
    = render 'projects/environments/metrics_button', environment: @environment
    - if can?(current_user, :update_environment, @environment)
      = link_to _('Edit'), edit_project_environment_path(@project, @environment), class: 'btn'
-    - if can?(current_user, :stop_environment, @environment)
+    - if @environment.available? && can?(current_user, :stop_environment, @environment)
      = button_tag class: 'btn btn-danger', type: 'button', data: { toggle: 'modal',
        target: '#stop-environment-modal' } do
        = sprite_icon('stop')

--- a/app/views/projects/pages/_list.html.haml
+++ b/app/views/projects/pages/_list.html.haml
@@ -21,11 +21,11 @@
                  %span.badge.badge-danger
                    = s_('GitLabPages|Expired')
          %div
-            = link_to s_('GitLabPages|Edit'), edit_project_pages_domain_path(@project, domain), class: "btn btn-sm btn-grouped btn-success btn-inverted"
+            = link_to s_('GitLabPages|Edit'), project_pages_domain_path(@project, domain), class: "btn btn-sm btn-grouped btn-success btn-inverted"
            = link_to s_('GitLabPages|Remove'), project_pages_domain_path(@project, domain), data: { confirm: s_('GitLabPages|Are you sure?')}, method: :delete, class: "btn btn-remove btn-sm btn-grouped"
        - if verification_enabled && domain.unverified?
          %li.list-group-item.bs-callout-warning
-            - details_link_start = "<a href='#{edit_project_pages_domain_path(@project, domain)}'>".html_safe
+            - details_link_start = "<a href='#{project_pages_domain_path(@project, domain)}'>".html_safe
            - details_link_end = '</a>'.html_safe
            = s_('GitLabPages|%{domain} is not verified. To learn how to verify ownership, visit your %{link_start}domain details%{link_end}.').html_safe % { domain: domain.domain,
                link_start: details_link_start,

--- a/app/views/projects/pages_domains/edit.html.haml
+++ b/app/views/projects/pages_domains/edit.html.haml
- add_to_breadcrumbs _("Pages"), project_pages_path(@project)
- breadcrumb_title @domain.domain
- page_title @domain.domain
-
- verification_enabled = Gitlab::CurrentSettings.pages_domain_verification_enabled?
-
- if verification_enabled && @domain.unverified?
-  = content_for :flash_message do
-    .alert.alert-warning
-      .container-fluid.container-limited
-        = _("This domain is not verified. You will need to verify ownership before access is enabled.")
-
-%h3.page-title
-  = _('Pages Domain')
-= render 'projects/pages_domains/helper_text'
-%div
-  = form_for [@project.namespace.becomes(Namespace), @project, @domain], html: { class: 'fieldset-form' } do |f|
-    = render 'form', { f: f }
-    .form-actions.d-flex.justify-content-between
-      = f.submit _('Save Changes'), class: "btn btn-success"
-      = link_to _('Cancel'), project_pages_path(@project), class: 'btn btn-default btn-inverse'
--- a/app/views/projects/pages_domains/show.html.haml
+++ b/app/views/projects/pages_domains/show.html.haml
 - add_to_breadcrumbs _("Pages"), project_pages_path(@project)
 - breadcrumb_title @domain.domain
- page_title "#{@domain.domain}", _('Pages Domains')
- dns_record = "#{@domain.domain} CNAME #{@domain.project.pages_subdomain}.#{Settings.pages.host}."
+- page_title @domain.domain

 - verification_enabled = Gitlab::CurrentSettings.pages_domain_verification_enabled?

@@ -11,51 +10,12 @@
      .container-fluid.container-limited
        = _("This domain is not verified. You will need to verify ownership before access is enabled.")

-%h3.page-title.with-button
-  = link_to _('Edit'), edit_project_pages_domain_path(@project, @domain), class: 'btn btn-success float-right'
-  = _("Pages Domain")
-
-.table-holder
-  %table.table
-    %tr
-      %td
-        = _("Domain")
-      %td
-        = external_link(@domain.url, @domain.url)
-    %tr
-      %td
-        = _("DNS")
-      %td
-        .input-group
-          = text_field_tag :domain_dns, dns_record , class: "monospace js-select-on-focus form-control", readonly: true
-          .input-group-append
-            = clipboard_button(target: '#domain_dns', class: 'btn-default input-group-text d-none d-sm-block')
-        %p.form-text.text-muted
-          = _("To access this domain create a new DNS record")
-
-    - if verification_enabled
-      - verification_record = "#{@domain.verification_domain} TXT #{@domain.keyed_verification_code}"
-      %tr
-        %td
-          = _("Verification status")
-        %td
-          = form_tag verify_project_pages_domain_path(@project, @domain) do
-            .status-badge
-              - text, status = @domain.unverified? ? [_('Unverified'), 'badge-danger'] : [_('Verified'), 'badge-success']
-              .badge{ class: status }
-                = text
-              %button.btn.has-tooltip{ type: "submit", data: { container: 'body' }, title: _("Retry verification") }
-                = sprite_icon('redo')
-          .input-group
-            = text_field_tag :domain_verification, verification_record, class: "monospace js-select-on-focus form-control", readonly: true
-            .input-group-append
-              = clipboard_button(target: '#domain_verification', class: 'btn-default d-none d-sm-block')
-          %p.form-text.text-muted
-            - link_to_help = link_to(_('verify ownership'), help_page_path('user/project/pages/custom_domains_ssl_tls_certification/index.md', anchor: '4-verify-the-domains-ownership'))
-            = _("To %{link_to_help} of your domain, add the above key to a TXT record within to your DNS configuration.").html_safe % { link_to_help: link_to_help }
-
-    %tr
-      %td
-        = _("Certificate")
-      %td
-        = render 'lets_encrypt_callout', auto_ssl_available_and_enabled: false
+%h3.page-title
+  = _('Pages Domain')
+= render 'projects/pages_domains/helper_text'
+%div
+  = form_for [@project.namespace.becomes(Namespace), @project, @domain], html: { class: 'fieldset-form' } do |f|
+    = render 'form', { f: f }
+    .form-actions.d-flex.justify-content-between
+      = f.submit _('Save Changes'), class: "btn btn-success"
+      = link_to _('Cancel'), project_pages_path(@project), class: 'btn btn-default btn-inverse'
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -33,7 +33,7 @@
        .block.milestone{ data: { qa_selector: 'milestone_block' } }
          .sidebar-collapsed-icon.has-tooltip{ title: sidebar_milestone_tooltip_label(milestone), data: { container: 'body', html: 'true', placement: 'left', boundary: 'viewport' } }
            = icon('clock-o', 'aria-hidden': 'true')
-            %span.milestone-title.collapse-truncated-title{ data: { qa_selector: 'milestone_title' } }
+            %span.milestone-title.collapse-truncated-title
              - if milestone.present?
                = milestone[:title]
              - else
@@ -45,7 +45,7 @@
              = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right', data: { track_label: "right_sidebar", track_property: "milestone", track_event: "click_edit_button", track_value: "" }
          .value.hide-collapsed
            - if milestone.present?
-              = link_to milestone[:title], milestone[:web_url], class: "bold has-tooltip", title: sidebar_milestone_remaining_days(milestone), data: { container: "body", html: 'true', boundary: 'viewport', qa_selector: 'milestone_link' }
+              = link_to milestone[:title], milestone[:web_url], class: "bold has-tooltip", title: sidebar_milestone_remaining_days(milestone), data: { container: "body", html: 'true', boundary: 'viewport', qa_selector: 'milestone_link', qa_title: milestone[:title] }
            - else
              %span.no-value
                = _('None')

--- a/app/workers/all_queues.yml
+++ b/app/workers/all_queues.yml
@@ -16,6 +16,7 @@
 - cronjob:pages_domain_verification_cron
 - cronjob:pages_domain_removal_cron
 - cronjob:pages_domain_ssl_renewal_cron
+- cronjob:personal_access_tokens_expiring
 - cronjob:pipeline_schedule
 - cronjob:prune_old_events
 - cronjob:remove_expired_group_links
@@ -51,6 +52,8 @@
 - gcp_cluster:clusters_cleanup_app
 - gcp_cluster:clusters_cleanup_project_namespace
 - gcp_cluster:clusters_cleanup_service_account
+- gcp_cluster:clusters_applications_activate_service
+- gcp_cluster:clusters_applications_deactivate_service

 - github_import_advance_stage
 - github_importer:github_import_import_diff_note

--- a/app/workers/clusters/applications/activate_service_worker.rb
+++ b/app/workers/clusters/applications/activate_service_worker.rb
+# frozen_string_literal: true
+
+module Clusters
+  module Applications
+    class ActivateServiceWorker
+      include ApplicationWorker
+      include ClusterQueue
+
+      def perform(cluster_id, service_name)
+        cluster = Clusters::Cluster.find_by_id(cluster_id)
+        return unless cluster
+
+        cluster.all_projects.find_each do |project|
+          project.find_or_initialize_service(service_name).update!(active: true)
+        end
+      end
+    end
+  end
+end
--- a/app/workers/clusters/applications/deactivate_service_worker.rb
+++ b/app/workers/clusters/applications/deactivate_service_worker.rb
+# frozen_string_literal: true
+
+module Clusters
+  module Applications
+    class DeactivateServiceWorker
+      include ApplicationWorker
+      include ClusterQueue
+
+      def perform(cluster_id, service_name)
+        cluster = Clusters::Cluster.find_by_id(cluster_id)
+        raise cluster_missing_error(service_name) unless cluster
+
+        service = "#{service_name}_service".to_sym
+        cluster.all_projects.with_service(service).find_each do |project|
+          project.public_send(service).update!(active: false) # rubocop:disable GitlabSecurity/PublicSend
+        end
+      end
+
+      def cluster_missing_error(service)
+        ActiveRecord::RecordNotFound.new("Can't deactivate #{service} services, host cluster not found! Some inconsistent records may be left in database.")
+      end
+    end
+  end
+end
--- a/app/workers/personal_access_tokens/expiring_worker.rb
+++ b/app/workers/personal_access_tokens/expiring_worker.rb
+# frozen_string_literal: true
+
+module PersonalAccessTokens
+  class ExpiringWorker
+    include ApplicationWorker
+    include CronjobQueue
+
+    feature_category :authentication_and_authorization
+
+    def perform(*args)
+      notification_service = NotificationService.new
+      limit_date = PersonalAccessToken::DAYS_TO_EXPIRE.days.from_now.to_date
+
+      User.with_expiring_and_not_notified_personal_access_tokens(limit_date).find_each do |user|
+        notification_service.access_token_about_to_expire(user)
+
+        Rails.logger.info "#{self.class}: Notifying User #{user.id} about expiring tokens" # rubocop:disable Gitlab/RailsLogger
+
+        user.personal_access_tokens.expiring_and_not_notified(limit_date).update_all(expire_notification_delivered: true)
+      end
+    end
+  end
+end
--- a/changelogs/unreleased/14857-new-metric-button-not-visible-when-prometheus-app-installed-on-grou.yml
+++ b/changelogs/unreleased/14857-new-metric-button-not-visible-when-prometheus-app-installed-on-grou.yml
+---
+title: Activate projects Prometheus service integration when Prometheus managed application is installed on shared cluster
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/20298-labels-management-is-not-accessible-when-issues-are-disabled.yml
+++ b/changelogs/unreleased/20298-labels-management-is-not-accessible-when-issues-are-disabled.yml
+---
+title: Display Labels item in sidebar when Issues are disabled
+merge_request: 20817
+author:
+type: fixed
--- a/changelogs/unreleased/32897-convert-alerts-to-toasts.yml
+++ b/changelogs/unreleased/32897-convert-alerts-to-toasts.yml
+---
+title: Convert flash alerts to toasts
+merge_request: 20356
+author:
+type: added
--- a/changelogs/unreleased/35145-cluster-alert-warning-is-using-wrong-padding.yml
+++ b/changelogs/unreleased/35145-cluster-alert-warning-is-using-wrong-padding.yml
+---
+title: Update padding for cluster alert warning
+merge_request: 20036
+author: George Tsiolis
+type: fixed
--- a/changelogs/unreleased/36205-issues-in-group-milestones.yml
+++ b/changelogs/unreleased/36205-issues-in-group-milestones.yml
+---
+title: Retrieve issues from subgroups when rendering group milestone
+merge_request: 21024
+author:
+type: fixed
--- a/changelogs/unreleased/8524-add-ds-var.yml
+++ b/changelogs/unreleased/8524-add-ds-var.yml
+---
+title: Add dependency scanning flag for specifying pip requirements file for scanning.
+merge_request: 21219
+author:
+type: added
--- a/changelogs/unreleased/fj-36079-snippet-graphql-endpoints.yml
+++ b/changelogs/unreleased/fj-36079-snippet-graphql-endpoints.yml
+---
+title: Add Snippet GraphQL resolver endpoints
+merge_request: 20613
+author:
+type: added
--- a/changelogs/unreleased/sa-pat-expiration-notification.yml
+++ b/changelogs/unreleased/sa-pat-expiration-notification.yml
+---
+title: Add Personal Access Token expiration reminder
+merge_request: 19296
+author:
+type: added
--- a/changelogs/unreleased/userwithid-per-env-backend.yml
+++ b/changelogs/unreleased/userwithid-per-env-backend.yml
+---
+title: Add feature to allow specifying userWithId strategies per environment spec
+merge_request: 20325
+author:
+type: added
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -366,6 +366,9 @@ production: &base
    # Send admin emails once a week
    admin_email_worker:
      cron: "0 0 * * 0"
+    # Send emails for personal tokens which are about to expire
+    personal_access_tokens_expiring_worker:
+      cron: "0 1 * * *"

    # Remove outdated repository archives
    repository_archive_cache_worker:

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -407,6 +407,9 @@ Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::D
 Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
 Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
+Settings.cron_jobs['personal_access_tokens_expiring_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['personal_access_tokens_expiring_worker']['cron'] ||= '0 1 * * *'
+Settings.cron_jobs['personal_access_tokens_expiring_worker']['job_class'] = 'PersonalAccessTokens::ExpiringWorker'
 Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
 Settings.cron_jobs['repository_archive_cache_worker']['job_class'] = 'RepositoryArchiveCacheWorker'

--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -224,6 +224,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        resources :environments, except: [:destroy] do
          member do
            post :stop
+            post :cancel_auto_stop
            get :terminal
            get :metrics
            get :additional_metrics

--- a/db/migrate/20191004151428_add_auto_stop_in_to_environments.rb
+++ b/db/migrate/20191004151428_add_auto_stop_in_to_environments.rb
+# frozen_string_literal: true
+
+class AddAutoStopInToEnvironments < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    add_column :environments, :auto_stop_at, :datetime_with_timezone
+  end
+end
--- a/db/migrate/20191014123159_add_expire_notification_delivered_to_personal_access_tokens.rb
+++ b/db/migrate/20191014123159_add_expire_notification_delivered_to_personal_access_tokens.rb
+# frozen_string_literal: true
+
+class AddExpireNotificationDeliveredToPersonalAccessTokens < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :personal_access_tokens, :expire_notification_delivered, :boolean, default: false
+  end
+
+  def down
+    remove_column :personal_access_tokens, :expire_notification_delivered
+  end
+end
--- a/db/migrate/20191121111621_create_packages_dependencies.rb
+++ b/db/migrate/20191121111621_create_packages_dependencies.rb
+# frozen_string_literal: true
+
+class CreatePackagesDependencies < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    create_table :packages_dependencies do |t|
+      t.string :name, null: false, limit: 255
+      t.string :version_pattern, null: false, limit: 255
+    end
+
+    add_index :packages_dependencies, [:name, :version_pattern], unique: true
+  end
+end
--- a/db/migrate/20191121121947_create_packages_dependency_links.rb
+++ b/db/migrate/20191121121947_create_packages_dependency_links.rb
+# frozen_string_literal: true
+
+class CreatePackagesDependencyLinks < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    create_table :packages_dependency_links do |t|
+      t.references :package, index: false, null: false, foreign_key: { to_table: :packages_packages, on_delete: :cascade }, type: :bigint
+      t.references :dependency, null: false, foreign_key: { to_table: :packages_dependencies, on_delete: :cascade }, type: :bigint
+      t.integer :dependency_type, limit: 2, null: false
+    end
+
+    add_index :packages_dependency_links, [:package_id, :dependency_id, :dependency_type], unique: true, name: 'idx_pkgs_dep_links_on_pkg_id_dependency_id_dependency_type'
+  end
+end
--- a/db/migrate/20191121161018_add_project_id_name_version_package_type_index_to_packages_packages.rb
+++ b/db/migrate/20191121161018_add_project_id_name_version_package_type_index_to_packages_packages.rb
+# frozen_string_literal: true
+
+class AddProjectIdNameVersionPackageTypeIndexToPackagesPackages < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+  INDEX_NAME = 'idx_packages_packages_on_project_id_name_version_package_type'.freeze
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :packages_packages,
+                         [:project_id, :name, :version, :package_type],
+                         name: INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index :packages_packages,
+                            [:project_id, :name, :version, :package_type],
+                            name: INDEX_NAME
+  end
+end
--- a/db/migrate/20191202181924_add_environment_auto_stop_in_to_ci_builds_metadata.rb
+++ b/db/migrate/20191202181924_add_environment_auto_stop_in_to_ci_builds_metadata.rb
+# frozen_string_literal: true
+
+class AddEnvironmentAutoStopInToCiBuildsMetadata < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def up
+    add_column :ci_builds_metadata, :environment_auto_stop_in, :string, limit: 255
+  end
+
+  def down
+    remove_column :ci_builds_metadata, :environment_auto_stop_in
+  end
+end
--- a/db/post_migrate/20191118211629_migrate_ops_feature_flags_scopes_target_user_ids.rb
+++ b/db/post_migrate/20191118211629_migrate_ops_feature_flags_scopes_target_user_ids.rb
+# frozen_string_literal: true
+
+class MigrateOpsFeatureFlagsScopesTargetUserIds < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  class OperationsFeatureFlagScope < ActiveRecord::Base
+    include EachBatch
+    self.table_name = 'operations_feature_flag_scopes'
+    self.inheritance_column = :_type_disabled
+  end
+
+  ###
+  # 2019-11-26
+  #
+  # There are about 1000 rows in the operations_feature_flag_scopes table on gitlab.com.
+  # This migration will update about 30 of them.
+  # https://gitlab.com/gitlab-org/gitlab/merge_requests/20325#note_250742098
+  #
+  # This should take a few seconds to run.
+  # https://gitlab.com/gitlab-org/gitlab/merge_requests/20325#note_254871603
+  #
+  ###
+  def up
+    OperationsFeatureFlagScope.where("strategies @> ?", [{ 'name': 'userWithId' }].to_json).each_batch do |scopes|
+      scopes.each do |scope|
+        if scope.active
+          default_strategy = scope.strategies.find { |s| s['name'] == 'default' }
+
+          if default_strategy.present?
+            scope.update({ strategies: [default_strategy] })
+          end
+        else
+          user_with_id_strategy = scope.strategies.find { |s| s['name'] == 'userWithId' }
+
+          scope.update({
+            active: true,
+            strategies: [user_with_id_strategy]
+          })
+        end
+      end
+    end
+  end
+
+  def down
+    # This is not reversible.
+    # The old Target Users feature required the same list of user ids to be applied to each environment scope.
+    # Now we allow the list of user ids to differ for each scope.
+  end
+end
--- a/db/post_migrate/20191121122856_drop_packages_package_metadata_table.rb
+++ b/db/post_migrate/20191121122856_drop_packages_package_metadata_table.rb
+# frozen_string_literal: true
+
+class DropPackagesPackageMetadataTable < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def up
+    drop_table :packages_package_metadata
+  end
+
+  def down
+    create_table :packages_package_metadata do |t|
+      t.references :package, index: { unique: true }, null: false, foreign_key: { to_table: :packages_packages, on_delete: :cascade }, type: :integer
+      t.binary :metadata, null: false
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -717,6 +717,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.jsonb "config_options"
    t.jsonb "config_variables"
    t.boolean "has_exposed_artifacts"
+    t.string "environment_auto_stop_in", limit: 255
    t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id", unique: true
    t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id_and_has_exposed_artifacts", where: "(has_exposed_artifacts IS TRUE)"
    t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id_and_interruptible", where: "(interruptible = true)"
@@ -1447,6 +1448,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.string "environment_type"
    t.string "state", default: "available", null: false
    t.string "slug", null: false
+    t.datetime_with_timezone "auto_stop_at"
    t.index ["name"], name: "index_environments_on_name_varchar_pattern_ops", opclass: :varchar_pattern_ops
    t.index ["project_id", "name"], name: "index_environments_on_project_id_and_name", unique: true
    t.index ["project_id", "slug"], name: "index_environments_on_project_id_and_slug", unique: true
@@ -2822,6 +2824,20 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.index ["package_id"], name: "index_packages_conan_metadata_on_package_id", unique: true
  end

+  create_table "packages_dependencies", force: :cascade do |t|
+    t.string "name", limit: 255, null: false
+    t.string "version_pattern", limit: 255, null: false
+    t.index ["name", "version_pattern"], name: "index_packages_dependencies_on_name_and_version_pattern", unique: true
+  end
+
+  create_table "packages_dependency_links", force: :cascade do |t|
+    t.bigint "package_id", null: false
+    t.bigint "dependency_id", null: false
+    t.integer "dependency_type", limit: 2, null: false
+    t.index ["dependency_id"], name: "index_packages_dependency_links_on_dependency_id"
+    t.index ["package_id", "dependency_id", "dependency_type"], name: "idx_pkgs_dep_links_on_pkg_id_dependency_id_dependency_type", unique: true
+  end
+
  create_table "packages_maven_metadata", force: :cascade do |t|
    t.bigint "package_id", null: false
    t.datetime_with_timezone "created_at", null: false
@@ -2847,12 +2863,6 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.index ["package_id", "file_name"], name: "index_packages_package_files_on_package_id_and_file_name"
  end

-  create_table "packages_package_metadata", force: :cascade do |t|
-    t.integer "package_id", null: false
-    t.binary "metadata", null: false
-    t.index ["package_id"], name: "index_packages_package_metadata_on_package_id", unique: true
-  end
-
  create_table "packages_package_tags", force: :cascade do |t|
    t.integer "package_id", null: false
    t.string "name", limit: 255, null: false
@@ -2867,6 +2877,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.string "version"
    t.integer "package_type", limit: 2, null: false
    t.index ["name"], name: "index_packages_packages_on_name_trigram", opclass: :gin_trgm_ops, using: :gin
+    t.index ["project_id", "name", "version", "package_type"], name: "idx_packages_packages_on_project_id_name_version_package_type"
    t.index ["project_id"], name: "index_packages_packages_on_project_id"
  end

@@ -2929,6 +2940,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
    t.string "scopes", default: "--- []\n", null: false
    t.boolean "impersonation", default: false, null: false
    t.string "token_digest"
+    t.boolean "expire_notification_delivered", default: false, null: false
    t.index ["token_digest"], name: "index_personal_access_tokens_on_token_digest", unique: true
    t.index ["user_id", "expires_at"], name: "index_pat_on_user_id_and_expires_at"
    t.index ["user_id"], name: "index_personal_access_tokens_on_user_id"
@@ -4565,9 +4577,10 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
  add_foreign_key "operations_feature_flags_clients", "projects", on_delete: :cascade
  add_foreign_key "packages_conan_file_metadata", "packages_package_files", column: "package_file_id", on_delete: :cascade
  add_foreign_key "packages_conan_metadata", "packages_packages", column: "package_id", on_delete: :cascade
+  add_foreign_key "packages_dependency_links", "packages_dependencies", column: "dependency_id", on_delete: :cascade
+  add_foreign_key "packages_dependency_links", "packages_packages", column: "package_id", on_delete: :cascade
  add_foreign_key "packages_maven_metadata", "packages_packages", column: "package_id", name: "fk_be88aed360", on_delete: :cascade
  add_foreign_key "packages_package_files", "packages_packages", column: "package_id", name: "fk_86f0f182f8", on_delete: :cascade
-  add_foreign_key "packages_package_metadata", "packages_packages", column: "package_id", on_delete: :cascade
  add_foreign_key "packages_package_tags", "packages_packages", column: "package_id", on_delete: :cascade
  add_foreign_key "packages_packages", "projects", on_delete: :cascade
  add_foreign_key "pages_domain_acme_orders", "pages_domains", on_delete: :cascade

--- a/doc/administration/geo/replication/docker_registry.md
+++ b/doc/administration/geo/replication/docker_registry.md
@@ -51,7 +51,7 @@ We need to make Docker Registry send notification events to the
       'threshold' => 5,
       'backoff' => '1s',
       'headers' => {
-         'Authorization' => ['<replace_with_a_secret_token>']
+         'Authorization' => ['<replace_with_a_secret_token>'] # An alphanumeric string. Case sensitive and must start with a letter.
       }
     }
   ]
@@ -59,7 +59,7 @@ We need to make Docker Registry send notification events to the

   NOTE: **Note:**
   If you use an external Registry (not the one integrated with GitLab), you must add
-   these settings to its configuration. In this case, you will also have to specify
+   these settings to its configuration yourself. In this case, you will also have to specify
   notification secret in `registry.notification_secret` section of
   `/etc/gitlab/gitlab.rb` file.

@@ -100,7 +100,7 @@ generate a short-lived JWT that is pull-only-capable to access the

   ```ruby
   gitlab_rails['geo_registry_replication_enabled'] = true
-   gitlab_rails['geo_registry_replication_primary_api_url'] = 'http://primary.example.com:5000/' # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
+   gitlab_rails['geo_registry_replication_primary_api_url'] = 'http://primary.example.com:4567/' # Primary registry address, it will be used by the secondary node to directly communicate to primary registry
   ```

 1. Reconfigure the **secondary** node for the change to take effect:

--- a/doc/api/graphql/index.md
+++ b/doc/api/graphql/index.md
@@ -61,6 +61,7 @@ The GraphQL API includes the following queries at the root level:
 1. `namespace` : Within a namespace it is also possible to fetch `projects`.
 1. `currentUser`: Information about the currently logged in user.
 1. `metaData`: Metadata about GitLab and the GraphQL API.
+1. `snippets`: Snippets visible to the currently logged in user.

 Root-level queries are defined in
 [`app/graphql/types/query_type.rb`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/graphql/types/query_type.rb).

--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -4512,6 +4512,41 @@ type Project {
  """
  sharedRunnersEnabled: Boolean

+  """
+  Snippets of the project
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
+
  """
  (deprecated) Does this project have snippets enabled?. Use `snippets_access_level` instead
  """
@@ -4675,9 +4710,9 @@ type ProjectPermissions {
  createPipelineSchedule: Boolean!

  """
-  Whether or not a user can perform `create_project_snippet` on this resource
+  Whether or not a user can perform `create_snippet` on this resource
  """
-  createProjectSnippet: Boolean!
+  createSnippet: Boolean!

  """
  Whether or not a user can perform `create_wiki` on this resource
@@ -4882,6 +4917,61 @@ type Query {
    """
    fullPath: ID!
  ): Project
+
+  """
+  Find Snippets visible to the current user
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    The ID of an author
+    """
+    authorId: ID
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Explore personal snippets
+    """
+    explore: Boolean
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The ID of a project
+    """
+    projectId: ID
+
+    """
+    The type of snippet
+    """
+    type: TypeEnum
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
 }

 """
@@ -5137,6 +5227,193 @@ enum SentryErrorStatus {
  UNRESOLVED
 }

+"""
+Represents a snippet entry
+"""
+type Snippet implements Noteable {
+  """
+  The owner of the snippet
+  """
+  author: User!
+
+  """
+  Content of the snippet
+  """
+  content: String!
+
+  """
+  Timestamp this snippet was created
+  """
+  createdAt: Time!
+
+  """
+  Description of the snippet
+  """
+  description: String
+
+  """
+  The GitLab Flavored Markdown rendering of `description`
+  """
+  descriptionHtml: String
+
+  """
+  All discussions on this noteable
+  """
+  discussions(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): DiscussionConnection!
+
+  """
+  File Name of the snippet
+  """
+  fileName: String
+
+  """
+  Id of the snippet
+  """
+  id: ID!
+
+  """
+  All notes on this noteable
+  """
+  notes(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): NoteConnection!
+
+  """
+  The project the snippet is associated with
+  """
+  project: Project
+
+  """
+  Raw URL of the snippet
+  """
+  rawUrl: String!
+
+  """
+  Title of the snippet
+  """
+  title: String!
+
+  """
+  Timestamp this snippet was updated
+  """
+  updatedAt: Time!
+
+  """
+  Permissions for the current user on the resource
+  """
+  userPermissions: SnippetPermissions!
+
+  """
+  Visibility of the snippet
+  """
+  visibility: String!
+
+  """
+  Web URL of the snippet
+  """
+  webUrl: String!
+}
+
+"""
+The connection type for Snippet.
+"""
+type SnippetConnection {
+  """
+  A list of edges.
+  """
+  edges: [SnippetEdge]
+
+  """
+  A list of nodes.
+  """
+  nodes: [Snippet]
+
+  """
+  Information to aid in pagination.
+  """
+  pageInfo: PageInfo!
+}
+
+"""
+An edge in a connection.
+"""
+type SnippetEdge {
+  """
+  A cursor for use in pagination.
+  """
+  cursor: String!
+
+  """
+  The item at the end of the edge.
+  """
+  node: Snippet
+}
+
+type SnippetPermissions {
+  """
+  Whether or not a user can perform `admin_snippet` on this resource
+  """
+  adminSnippet: Boolean!
+
+  """
+  Whether or not a user can perform `award_emoji` on this resource
+  """
+  awardEmoji: Boolean!
+
+  """
+  Whether or not a user can perform `create_note` on this resource
+  """
+  createNote: Boolean!
+
+  """
+  Whether or not a user can perform `read_snippet` on this resource
+  """
+  readSnippet: Boolean!
+
+  """
+  Whether or not a user can perform `update_snippet` on this resource
+  """
+  updateSnippet: Boolean!
+}
+
 type Submodule implements Entry {
  flatPath: String!
  id: ID!
@@ -5602,6 +5879,11 @@ type TreeEntryEdge {
  node: TreeEntry
 }

+enum TypeEnum {
+  personal
+  project
+}
+
 """
 Autogenerated input type of UpdateEpic
 """
@@ -5740,6 +6022,46 @@ type User {
  """
  name: String!

+  """
+  Snippets authored by the user
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The type of snippet
+    """
+    type: TypeEnum
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
+
  """
  Todos of the user
  """
@@ -5795,6 +6117,11 @@ type User {
    type: [TodoTargetEnum!]
  ): TodoConnection!

+  """
+  Permissions for the current user on the resource
+  """
+  userPermissions: UserPermissions!
+
  """
  Username of the user. Unique within this instance of GitLab
  """
@@ -5839,4 +6166,17 @@ type UserEdge {
  The item at the end of the edge.
  """
  node: User
+}
+
+type UserPermissions {
+  """
+  Whether or not a user can perform `create_snippet` on this resource
+  """
+  createSnippet: Boolean!
+}
+
+enum VisibilityScopesEnum {
+  internal
+  private
+  public
 }
\ No newline at end of file
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -689,7 +689,6 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `downloadCode` | Boolean! | Whether or not a user can perform `download_code` on this resource |
 | `downloadWikiCode` | Boolean! | Whether or not a user can perform `download_wiki_code` on this resource |
 | `forkProject` | Boolean! | Whether or not a user can perform `fork_project` on this resource |
-| `createProjectSnippet` | Boolean! | Whether or not a user can perform `create_project_snippet` on this resource |
 | `readCommitStatus` | Boolean! | Whether or not a user can perform `read_commit_status` on this resource |
 | `requestAccess` | Boolean! | Whether or not a user can perform `request_access` on this resource |
 | `createPipeline` | Boolean! | Whether or not a user can perform `create_pipeline` on this resource |
@@ -710,6 +709,7 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `destroyPages` | Boolean! | Whether or not a user can perform `destroy_pages` on this resource |
 | `readPagesContent` | Boolean! | Whether or not a user can perform `read_pages_content` on this resource |
 | `adminOperations` | Boolean! | Whether or not a user can perform `admin_operations` on this resource |
+| `createSnippet` | Boolean! | Whether or not a user can perform `create_snippet` on this resource |
 | `readDesign` | Boolean! | Whether or not a user can perform `read_design` on this resource |
 | `createDesign` | Boolean! | Whether or not a user can perform `create_design` on this resource |
 | `destroyDesign` | Boolean! | Whether or not a user can perform `destroy_design` on this resource |
@@ -787,6 +787,35 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `time` | Time! | Time the error frequency stats were recorded |
 | `count` | Int! | Count of errors received since the previously recorded time |

+### Snippet
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `userPermissions` | SnippetPermissions! | Permissions for the current user on the resource |
+| `id` | ID! | Id of the snippet |
+| `title` | String! | Title of the snippet |
+| `project` | Project | The project the snippet is associated with |
+| `author` | User! | The owner of the snippet |
+| `fileName` | String | File Name of the snippet |
+| `content` | String! | Content of the snippet |
+| `description` | String | Description of the snippet |
+| `visibility` | String! | Visibility of the snippet |
+| `createdAt` | Time! | Timestamp this snippet was created |
+| `updatedAt` | Time! | Timestamp this snippet was updated |
+| `webUrl` | String! | Web URL of the snippet |
+| `rawUrl` | String! | Raw URL of the snippet |
+| `descriptionHtml` | String | The GitLab Flavored Markdown rendering of `description` |
+
+### SnippetPermissions
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `createNote` | Boolean! | Whether or not a user can perform `create_note` on this resource |
+| `awardEmoji` | Boolean! | Whether or not a user can perform `award_emoji` on this resource |
+| `readSnippet` | Boolean! | Whether or not a user can perform `read_snippet` on this resource |
+| `updateSnippet` | Boolean! | Whether or not a user can perform `update_snippet` on this resource |
+| `adminSnippet` | Boolean! | Whether or not a user can perform `admin_snippet` on this resource |
+
 ### Submodule

 | Name  | Type  | Description |
@@ -892,7 +921,14 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph

 | Name  | Type  | Description |
 | ---   |  ---- | ----------  |
+| `userPermissions` | UserPermissions! | Permissions for the current user on the resource |
 | `name` | String! | Human-readable name of the user |
 | `username` | String! | Username of the user. Unique within this instance of GitLab |
 | `avatarUrl` | String! | URL of the user's avatar |
 | `webUrl` | String! | Web URL of the user |
+
+### UserPermissions
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `createSnippet` | Boolean! | Whether or not a user can perform `create_snippet` on this resource |
--- a/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/img/merge_train_immediate_merge_confirmation_dialog_v12_6.png
+++ b/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/img/merge_train_immediate_merge_confirmation_dialog_v12_6.png
--- a/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/img/merge_train_immediate_merge_v12_6.png
+++ b/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/img/merge_train_immediate_merge_v12_6.png
--- a/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md
+++ b/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md
@@ -86,12 +86,15 @@ In case, you have a high-priority merge request (e.g. critical patch) to be merg
 you can use **Merge Immediately** option for bypassing the merge train.
 This is the fastest option to get the change merged into the target branch.

-![Merge Immediately](img/merge_train_immediate_merge.png)
+![Merge Immediately](img/merge_train_immediate_merge_v12_6.png)

 However, every time you merge a merge request immediately, it could affect the
 existing merge train to be reconstructed, specifically, it regenerates expected
 merge commits and pipelines. This means, merging immediately essentially wastes
-CI resources.
+CI resources. Because of these downsides, you will be asked to confirm before
+the merge is initiated:
+
+![Merge immediately confirmation dialog](img/merge_train_immediate_merge_confirmation_dialog_v12_6.png)

 ## Troubleshooting


--- a/doc/development/packages.md
+++ b/doc/development/packages.md
@@ -23,19 +23,12 @@ The goal of the Package group is to build a set of features that, within three y
 | [Bower](https://gitlab.com/gitlab-org/gitlab/issues/36888) | Boost your front end development by hosting your own Bower components.  |
 | [Chef](https://gitlab.com/gitlab-org/gitlab/issues/36889) | Configuration management with Chef using all the benefits of a repository manager. |
 | [CocoaPods](https://gitlab.com/gitlab-org/gitlab/issues/36890) | Speed up development with Xcode and CocoaPods. |
-| [Conan](https://docs.gitlab.com/ee/user/packages/conan_repository/) *12.6+* | A standardized way to share and version control C/C++ libraries across projects. |
 | [Conda](https://gitlab.com/gitlab-org/gitlab/issues/36891) | Secure and private local Conda repositories. |
 | [CRAN](https://gitlab.com/gitlab-org/gitlab/issues/36892) | Deploy and resolve CRAN packages for the R language. |
 | [Debian](https://gitlab.com/gitlab-org/gitlab/issues/5835) | Host and provision Debian packages. |
-| [Docker](https://docs.gitlab.com/ee/user/packages/container_registry/) *8.8+* | Host your own secure private Docker registries and proxy external Docker registries such as Docker Hub. |
 | [Go](https://gitlab.com/gitlab-org/gitlab/issues/9773) | Resolve Go dependencies from and publish your Go packages to GitLab.  |
-| [Helm](https://gitlab.com/gitlab-org/gitlab/issues/18997) | Manage your Helm Charts in GitLab and gain control over deployments to your Kubernetes cluster. |
-| [Maven](https://docs.gitlab.com/ee/user/packages/maven_repository/index.html) *11.3+*| The GitLab Maven Repository enables every project in GitLab to have its own space to store Maven packages. |
-| [npm](https://docs.gitlab.com/ee/user/packages/npm_registry/index.html) *11.7+* | Host your own node.js packages. |
-| [NuGet](https://gitlab.com/gitlab-org/gitlab/issues/20050) *Planned for 12.7*| Host NuGet packages in GitLab, and pull libraries into your various Visual Studio .NET applications. |
 | [Opkg](https://gitlab.com/gitlab-org/gitlab/issues/36894) | Optimize your work with OpenWrt using Opkg repositories. |
 | [P2](https://gitlab.com/gitlab-org/gitlab/issues/36895) | Host all your Eclipse plugins in your own GitLab P2 repository. |
-| [PHP Composer](https://gitlab.com/gitlab-org/gitlab/issues/15886) | Provision Composer packages from GitLab and access Packagist and other remote Composer metadata repositories. |
 | [Puppet](https://gitlab.com/gitlab-org/gitlab/issues/36897) | Configuration management meets repository management with Puppet repositories. |
 | [PyPi](https://gitlab.com/gitlab-org/gitlab/issues/10483) | Host PyPi distributions. |
 | [RPM](https://gitlab.com/gitlab-org/gitlab/issues/5932) | Distribute RPMs directly from GitLab. |

--- a/doc/development/testing_guide/review_apps.md
+++ b/doc/development/testing_guide/review_apps.md
@@ -186,22 +186,89 @@ secure note named `gitlab-{ce,ee} Review App's root password`.
   `review-qa-raise-e-12chm0-migrations.1-nqwtx`.
 1. Click on the `Container logs` link.

-### Diagnosing unhealthy review-app releases
-
-If [Review App Stability](https://gitlab.com/gitlab-org/quality/team-tasks/issues/93) dips this may be a signal
-that the `review-apps-ce/ee` cluster is unhealthy. Leading indicators may be healthcheck failures leading to restarts or majority failure for Review App deployments.
-
-The following items may help diagnose this:
-
- [Review Apps Health dashboard](https://app.google.stackdriver.com/dashboards/6798952013815386466?project=gitlab-review-apps&timeDomain=1d)
-  - Aids in identifying load spikes on the cluster, and if nodes are problematic or the entire cluster is trending towards unhealthy.
- `kubectl top nodes | sort --key 3 --numeric` - can identify if node spikes are common or load on specific nodes which may get rebalanced by the Kubernetes scheduler.
- `kubectl top pods | sort --key 2 --numeric` -
- [K9s] - K9s is a powerful command line dashboard which allows you to filter by labels. This can help identify trends with apps exceeding the [review-app resource requests](https://gitlab.com/gitlab-org/gitlab/blob/master/scripts/review_apps/base-config.yaml). Kubernetes will schedule pods to nodes based on resource requests and allow for CPU usage up to the limits.
-  - In K9s you can sort or add filters by typing the `/` character
-    - `-lrelease=<review-app-slug>` - filters down to all pods for a release. This aids in determining what is having issues in a single deployment
-    - `-lapp=<app>` - filters down to all pods for a specific app. This aids in determining resource usage by app.
-  - You can scroll to a Kubernetes resource and hit `d`(describe), `s`(shell), `l`(logs) for a deeper inspection
+## Diagnosing unhealthy Review App releases
+
+If [Review App Stability](https://app.periscopedata.com/app/gitlab/496118/Engineering-Productivity-Sandbox?widget=6690556&udv=785399)
+dips this may be a signal that the `review-apps-ce/ee` cluster is unhealthy.
+Leading indicators may be healthcheck failures leading to restarts or majority failure for Review App deployments.
+
+The [Review Apps Overview dashboard](https://app.google.stackdriver.com/dashboards/6798952013815386466?project=gitlab-review-apps&timeDomain=1d)
+aids in identifying load spikes on the cluster, and if nodes are problematic or the entire cluster is trending towards unhealthy.
+
+### Node count is always increasing (i.e. never stabilizing or decreasing)
+
+**Potential cause:**
+
+That could be a sign that the [`schedule:review-cleanup`][gitlab-ci-yml] job is
+failing to cleanup stale Review Apps and Kubernetes resources.
+
+**Where to look for further debugging:**
+
+Look at the latest `schedule:review-cleanup` job log, and identify look for any
+unexpected failure.
+
+### p99 CPU utilization is at 100% for most of the nodes and/or many components
+
+**Potential cause:**
+
+This could be a sign that Helm is failing to deploy Review Apps. When Helm has a
+lot of `FAILED` releases, it seems that the CPU utilization is increasing, probably
+due to Helm or Kubernetes trying to recreate the components.
+
+**Where to look for further debugging:**
+
+Look at a recent `review-deploy` job log, and at the Tiller logs.
+
+**Useful commands:**
+
+```shell
+# Identify if node spikes are common or load on specific nodes which may get rebalanced by the Kubernetes scheduler
+› kubectl top nodes | sort --key 3 --numeric
+
+# Identify pods under heavy CPU load
+› kubectl top pods | sort --key 2 --numeric
+```
+
+### The `logging/user/events/FailedMount` chart is going up
+
+**Potential cause:**
+
+This could be a sign that there are too many stale secrets and/or config maps.
+
+**Where to look for further debugging:**
+
+Look at [the list of Configurations](https://console.cloud.google.com/kubernetes/config?project=gitlab-review-apps)
+or `kubectl get secret,cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-'`.
+
+Any secrets or config maps older than 5 days are suspect and should be deleted.
+
+**Useful commands:**
+
+```
+# List secrets and config maps ordered by created date
+› kubectl get secret,cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-'
+
+# Delete all secrets that are 5 to 9 days old
+› kubectl get secret --sort-by='{.metadata.creationTimestamp}' | grep '^review-' | grep '[5-9]d$' | cut -d' ' -f1 | xargs kubectl delete secret
+
+# Delete all secrets that are 10 to 99 days old
+› kubectl get secret --sort-by='{.metadata.creationTimestamp}' | grep '^review-' | grep '[1-9][0-9]d$' | cut -d' ' -f1 | xargs kubectl delete secret
+
+# Delete all config maps that are 5 to 9 days old
+› kubectl get cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-' | grep -v 'dns-gitlab-review-app' | grep '[5-9]d$' | cut -d' ' -f1 | xargs kubectl delete cm
+
+# Delete all config maps that are 10 to 99 days old
+› kubectl get cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-' | grep -v 'dns-gitlab-review-app' | grep '[1-9][0-9]d$' | cut -d' ' -f1 | xargs kubectl delete cm
+```
+
+### Using K9s
+
+[K9s] is a powerful command line dashboard which allows you to filter by labels. This can help identify trends with apps exceeding the [review-app resource requests](https://gitlab.com/gitlab-org/gitlab/blob/master/scripts/review_apps/base-config.yaml). Kubernetes will schedule pods to nodes based on resource requests and allow for CPU usage up to the limits.
+
+- In K9s you can sort or add filters by typing the `/` character
+  - `-lrelease=<review-app-slug>` - filters down to all pods for a release. This aids in determining what is having issues in a single deployment
+  - `-lapp=<app>` - filters down to all pods for a specific app. This aids in determining resource usage by app.
+- You can scroll to a Kubernetes resource and hit `d`(describe), `s`(shell), `l`(logs) for a deeper inspection

 ![K9s](img/k9s.png)


--- a/doc/subscriptions/index.md
+++ b/doc/subscriptions/index.md
@@ -223,6 +223,46 @@ The following table describes details of your subscription for groups:
 | Subscription start date | Date your subscription started. If this is for a Free plan, is the date you transitioned off your group's paid plan. |
 | Subscription end date | Date your current subscription will end. Does not apply to Free plans. |

+#### CI pipeline minutes
+
+CI pipeline minutes are the execution time for your [pipelines](../ci/pipelines.md) on our shared runners. Each [GitLab.com tier](https://about.gitlab.com/pricing/) includes a monthly quota of CI pipeline minutes. The quota is applied per group, shared across all members of that group, its subgroups and nested projects. To view the usage, navigate to the group's page, then **Settings > Usage Quotas**.
+
+Only pipeline minutes for our shared runners are restricted. If you have a specific runner setup for your projects, there is no limit to your build time on GitLab.com.
+
+The minutes limit only applies to private projects. The available quota is reset on the first of each calendar month at midnight UTC.
+
+If you reach your limit, you can [purchase additional CI minutes](#extra-shared-runners-pipeline-minutes), or upgrade your account to [Silver or Gold](https://about.gitlab.com/pricing/). Note, your own runners can still be used even if you reach your limits.
+
+##### How pipeline quota usage is calculated
+
+Pipeline quota usage is calculated as the sum of the duration of each individual job. This is slightly different to how pipeline _duration_ is [calculated](https://docs.gitlab.com/ee/ci/pipelines.html#how-pipeline-duration-is-calculated). Pipeline quota usage doesn't consider the intersection of jobs.
+
+A simple example is:
+
+A (1, 3)
+B (2, 4)
+C (6, 7)
+
+In the example:
+
+A begins at 1 and ends at 3.
+B begins at 2 and ends at 4.
+C begins at 6 and ends at 7.
+Visually, it can be viewed as:
+
+```
+0  1  2  3  4  5  6  7
+   AAAAAAA
+      BBBBBBB
+                  CCCC
+```
+
+The sum of each individual job is being calculated therefore in this example, `8` runner minutes would be used for this pipeline:
+
+```
+A + B + C = 3 + 3 + 2 => 8
+```
+
 #### Extra Shared Runners pipeline minutes

 If you're using GitLab.com, you can purchase additional CI minutes so your

--- a/doc/topics/autodevops/img/autodevops_banner_v12_6.png
+++ b/doc/topics/autodevops/img/autodevops_banner_v12_6.png
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -1340,26 +1340,28 @@ spec:
  service account for your project. For help debugging this issue, see
  [Troubleshooting failed deployment jobs](../../user/project/clusters/index.md#troubleshooting).

-### Disable the banner instance wide
+### Auto DevOps banner

-If an administrator would like to disable the banners on an instance level, this
-feature can be disabled either through the console:
+The following Auto DevOps banner will show for maintainers+ on new projects when Auto DevOps is not enabled

-```sh
-sudo gitlab-rails console
-```
+![Auto DevOps banner](img/autodevops_banner_v12_6.png)

-Then run:
+The banner can be disabled:

-```ruby
-Feature.get(:auto_devops_banner_disabled).enable
-```
+- Per user when they dismiss it.
+- Project-wide by explicitly [disabling Auto DevOps](#enablingdisabling-auto-devops).
+- By a GitLab administrator for an entire GitLab instance by either:
+  - Running the following in a Rails console:
+
+    ```ruby
+    Feature.get(:auto_devops_banner_disabled).enable
+    ```

-Or through the HTTP API with an admin access token:
+  - Through the REST API with an admin access token:

-```sh
-curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https://gitlab.example.com/api/v4/features/auto_devops_banner_disabled
-```
+    ```sh
+    curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https://gitlab.example.com/api/v4/features/auto_devops_banner_disabled
+    ```

 [ce-37115]: https://gitlab.com/gitlab-org/gitlab-foss/issues/37115
 [docker-in-docker]: ../../docker/using_docker_build.md#use-docker-in-docker-executor

--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -143,6 +143,7 @@ using environment variables.
 | `DS_RUN_ANALYZER_TIMEOUT`               | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. |
 | `PIP_INDEX_URL`                         | Base URL of Python Package Index (default `https://pypi.org/simple`). |
 | `PIP_EXTRA_INDEX_URL`                   | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
+| `PIP_REQUIREMENTS_FILE`                 | Pip requirements file to be scanned. |
 | `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to the maven analyzer during the project's build phase (see example for [using private repos](#using-private-maven-repos)). |
 | `BUNDLER_AUDIT_UPDATE_DISABLED`         | Disable automatic updates for the `bundler-audit` analyzer (default: `"false"`). Useful if you're running Dependency Scanning in an offline, air-gapped environment.|


--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@@ -122,7 +122,7 @@ Then, you could run `npm publish` either locally or via GitLab CI/CD:

 - **GitLab CI/CD:** Set an `NPM_TOKEN` [variable](../../../ci/variables/README.md)
  under your project's **Settings > CI/CD > Variables**.
-  
+
 ### Authenticating with a CI job token

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9104) in GitLab Premium 12.5.
@@ -130,7 +130,7 @@ Then, you could run `npm publish` either locally or via GitLab CI/CD:
 If you’re using NPM with GitLab CI/CD, a CI job token can be used instead of a personal access token.
 The token will inherit the permissions of the user that generates the pipeline.

-Add a corresponding section to your `.npmrc` file:  
+Add a corresponding section to your `.npmrc` file:

 ```ini
 @foo:registry=https://gitlab.com/api/v4/packages/npm/
@@ -226,3 +226,19 @@ And the `.npmrc` file should look like:
 //gitlab.com/api/v4/packages/npm/:_authToken=<your_oauth_token>
 @foo:registry=https://gitlab.com/api/v4/packages/npm/
 ```
+
+## NPM dependencies metadata
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/11867) in GitLab Premium 12.6.
+
+Starting from GitLab 12.6, new packages published to the GitLab NPM Registry expose the following attributes to the NPM client:
+
+- name
+- version
+- dist-tags
+- dependencies
+  - dependencies
+  - devDependencies
+  - bundleDependencies
+  - peerDependencies
+  - deprecated
--- a/doc/user/project/pipelines/settings.md
+++ b/doc/user/project/pipelines/settings.md
@@ -73,37 +73,40 @@ For information about setting a maximum artifact size for a project, see
 By default we look for the `.gitlab-ci.yml` file in the project's root
 directory. If needed, you can specify an alternate path and file name, including locations outside the project.

-Hosting the configuration file in a separate project will allow stricter control of the
-configuration file. You can limit access to the project hosting the configuration to only people
-with proper authorization, and users can use the configuration for their pipelines,
-without being able to modify it.
+To customize the path:

-If the CI configuration will stay within the repository, but in a
-location different than the default,
-the path must be relative to the root directory. Examples of valid paths and file names:
+1. Go to the project's **Settings > CI / CD**.
+1. Expand the **General pipelines** section.
+1. Provide a value in the **Custom CI configuration path** field.
+1. Click **Save changes**.
+
+If the CI configuration is stored within the repository in a non-default
+location, the path must be relative to the root directory. Examples of valid
+paths and file names include:

 - `.gitlab-ci.yml` (default)
 - `.my-custom-file.yml`
 - `my/path/.gitlab-ci.yml`
 - `my/path/.my-custom-file.yml`

+If the CI configuration will be hosted on an external site, the URL link must end with `.yml`:
+
+- `http://example.com/generate/ci/config.yml`
+
 If the CI configuration will be hosted in a different project within GitLab, the path must be relative
 to the root directory in the other project, with the group and project name added to the end:

 - `.gitlab-ci.yml@mygroup/another-project`
 - `my/path/.my-custom-file.yml@mygroup/another-project`

-If the CI configuration will be hosted on an external site, different than the GitLab instance,
-the URL link must end with `.yml`:
-
- `http://example.com/generate/ci/config.yml`
+Hosting the configuration file in a separate project allows stricter control of the
+configuration file. For example:

-The path can be customized at a project level. To customize the path:
+- Create a public project to host the configuration file.
+- Give write permissions on the project only to users who are allowed to edit the file.

-1. Go to the project's **Settings > CI / CD**.
-1. Expand the **General pipelines** section.
-1. Provide a value in the **Custom CI configuration path** field.
-1. Click **Save changes**.
+Other users and projects will be able to access the configuration file without being
+able to edit it.

 ## Test coverage parsing


--- a/doc/user/project/repository/forking_workflow.md
+++ b/doc/user/project/repository/forking_workflow.md
@@ -37,6 +37,10 @@ After the forking is done, you can start working on the newly created
 repository. There, you will have full [Owner](../../permissions.md)
 access, so you can set it up as you please.

+CAUTION: **CAUTION:**
+From GitLab 12.6 onwards, if the [visibility of an upstream project is reduced](../../../public_access/public_access.md#reducing-visibility)
+in any way, the fork relationship with all its forks will be removed.
+
 ## Merging upstream

 Once you are ready to send your code back to the main project, you need

--- a/lib/gitlab/ci/config/entry/environment.rb
+++ b/lib/gitlab/ci/config/entry/environment.rb
@@ -10,7 +10,7 @@ module Gitlab
        class Environment < ::Gitlab::Config::Entry::Node
          include ::Gitlab::Config::Entry::Configurable

-          ALLOWED_KEYS = %i[name url action on_stop kubernetes].freeze
+          ALLOWED_KEYS = %i[name url action on_stop auto_stop_in kubernetes].freeze

          entry :kubernetes, Entry::Kubernetes, description: 'Kubernetes deployment configuration.'

@@ -49,6 +49,7 @@ module Gitlab

              validates :on_stop, type: String, allow_nil: true
              validates :kubernetes, type: Hash, allow_nil: true
+              validates :auto_stop_in, duration: true, allow_nil: true
            end
          end

@@ -80,6 +81,10 @@ module Gitlab
            value[:kubernetes]
          end

+          def auto_stop_in
+            value[:auto_stop_in]
+          end
+
          def value
            case @config
            when String then { name: @config, action: 'start' }

--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
--- a/lib/gitlab/import_export/file_importer.rb
+++ b/lib/gitlab/import_export/file_importer.rb
--- a/lib/gitlab/import_export/importer.rb
+++ b/lib/gitlab/import_export/importer.rb
--- a/lib/gitlab/import_export/members_mapper.rb
+++ b/lib/gitlab/import_export/members_mapper.rb
--- a/lib/gitlab/import_export/project_tree_restorer.rb
+++ b/lib/gitlab/import_export/project_tree_restorer.rb
--- a/lib/gitlab/import_export/relation_tree_restorer.rb
+++ b/lib/gitlab/import_export/relation_tree_restorer.rb
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
--- a/package.json
+++ b/package.json
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
--- a/qa/qa/page/issuable/sidebar.rb
+++ b/qa/qa/page/issuable/sidebar.rb
--- a/qa/qa/page/layout/performance_bar.rb
+++ b/qa/qa/page/layout/performance_bar.rb
--- a/qa/qa/specs/features/browser_ui/3_create/merge_request/create_merge_request_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/merge_request/create_merge_request_spec.rb
--- a/qa/qa/specs/features/browser_ui/3_create/repository/add_file_template_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/add_file_template_spec.rb
--- a/qa/qa/specs/features/browser_ui/3_create/web_ide/add_file_template_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/web_ide/add_file_template_spec.rb
--- a/scripts/gitaly_test.rb
+++ b/scripts/gitaly_test.rb
--- a/scripts/lint-conflicts.sh
+++ b/scripts/lint-conflicts.sh
--- a/spec/controllers/projects/environments_controller_spec.rb
+++ b/spec/controllers/projects/environments_controller_spec.rb
--- a/spec/controllers/projects/pages_domains_controller_spec.rb
+++ b/spec/controllers/projects/pages_domains_controller_spec.rb
--- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
--- a/spec/factories/environments.rb
+++ b/spec/factories/environments.rb
--- a/spec/features/merge_request/user_suggests_changes_on_diff_spec.rb
+++ b/spec/features/merge_request/user_suggests_changes_on_diff_spec.rb
--- a/spec/features/projects/environments/environments_spec.rb
+++ b/spec/features/projects/environments/environments_spec.rb
--- a/spec/features/projects/features_visibility_spec.rb
+++ b/spec/features/projects/features_visibility_spec.rb
--- a/spec/features/projects/pages_lets_encrypt_spec.rb
+++ b/spec/features/projects/pages_lets_encrypt_spec.rb
--- a/spec/fixtures/api/schemas/environment.json
+++ b/spec/fixtures/api/schemas/environment.json
--- a/spec/fixtures/git-cheat-sheet.pdf
+++ b/spec/fixtures/git-cheat-sheet.pdf
--- a/spec/fixtures/lib/gitlab/import_export/with_invalid_records/project.json
+++ b/spec/fixtures/lib/gitlab/import_export/with_invalid_records/project.json
--- a/spec/graphql/resolvers/projects/snippets_resolver_spec.rb
+++ b/spec/graphql/resolvers/projects/snippets_resolver_spec.rb
--- a/spec/graphql/resolvers/snippets_resolver_spec.rb
+++ b/spec/graphql/resolvers/snippets_resolver_spec.rb
--- a/spec/graphql/resolvers/users/snippets_resolver_spec.rb
+++ b/spec/graphql/resolvers/users/snippets_resolver_spec.rb
--- a/spec/graphql/types/permission_types/project_spec.rb
+++ b/spec/graphql/types/permission_types/project_spec.rb
--- a/spec/graphql/types/permission_types/snippet_spec.rb
+++ b/spec/graphql/types/permission_types/snippet_spec.rb
--- a/spec/graphql/types/permission_types/user_spec.rb
+++ b/spec/graphql/types/permission_types/user_spec.rb
--- a/spec/graphql/types/project_type_spec.rb
+++ b/spec/graphql/types/project_type_spec.rb
--- a/spec/graphql/types/query_type_spec.rb
+++ b/spec/graphql/types/query_type_spec.rb
--- a/spec/graphql/types/snippet_type_spec.rb
+++ b/spec/graphql/types/snippet_type_spec.rb
--- a/spec/graphql/types/user_type_spec.rb
+++ b/spec/graphql/types/user_type_spec.rb
--- a/spec/javascripts/merge_request_spec.js
+++ b/spec/javascripts/merge_request_spec.js
--- a/spec/lib/gitlab/ci/config/entry/environment_spec.rb
+++ b/spec/lib/gitlab/ci/config/entry/environment_spec.rb
--- a/spec/lib/gitlab/database_spec.rb
+++ b/spec/lib/gitlab/database_spec.rb
--- a/spec/lib/gitlab/import_export/file_importer_spec.rb
+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb
--- a/spec/lib/gitlab/import_export/members_mapper_spec.rb
+++ b/spec/lib/gitlab/import_export/members_mapper_spec.rb
--- a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
--- a/spec/lib/gitlab/import_export/relation_factory_spec.rb
+++ b/spec/lib/gitlab/import_export/relation_factory_spec.rb
--- a/spec/lib/gitlab/import_export/relation_tree_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/relation_tree_restorer_spec.rb
--- a/spec/mailers/emails/profile_spec.rb
+++ b/spec/mailers/emails/profile_spec.rb
--- a/spec/migrations/migrate_ops_feature_flags_scopes_target_user_ids_spec.rb
+++ b/spec/migrations/migrate_ops_feature_flags_scopes_target_user_ids_spec.rb
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
--- a/spec/models/clusters/applications/prometheus_spec.rb
+++ b/spec/models/clusters/applications/prometheus_spec.rb
--- a/spec/models/clusters/cluster_spec.rb
+++ b/spec/models/clusters/cluster_spec.rb
--- a/spec/models/concerns/milestoneish_spec.rb
+++ b/spec/models/concerns/milestoneish_spec.rb
--- a/spec/models/environment_spec.rb
+++ b/spec/models/environment_spec.rb
--- a/spec/models/error_tracking/project_error_tracking_setting_spec.rb
+++ b/spec/models/error_tracking/project_error_tracking_setting_spec.rb
--- a/spec/models/personal_access_token_spec.rb
+++ b/spec/models/personal_access_token_spec.rb
--- a/spec/models/project_services/prometheus_service_spec.rb
+++ b/spec/models/project_services/prometheus_service_spec.rb
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
--- a/spec/policies/environment_policy_spec.rb
+++ b/spec/policies/environment_policy_spec.rb
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
--- a/spec/presenters/snippet_presenter_spec.rb
+++ b/spec/presenters/snippet_presenter_spec.rb
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
--- a/spec/serializers/environment_entity_spec.rb
+++ b/spec/serializers/environment_entity_spec.rb
--- a/spec/services/ci/create_pipeline_service_spec.rb
+++ b/spec/services/ci/create_pipeline_service_spec.rb
--- a/spec/services/deployments/after_create_service_spec.rb
+++ b/spec/services/deployments/after_create_service_spec.rb
--- a/spec/services/environments/reset_auto_stop_service_spec.rb
+++ b/spec/services/environments/reset_auto_stop_service_spec.rb
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
--- a/spec/support/shared_contexts/policies/project_policy_shared_context.rb
+++ b/spec/support/shared_contexts/policies/project_policy_shared_context.rb
--- a/spec/support/shared_examples/controllers/environments_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/environments_controller_shared_examples.rb
--- a/spec/support/shared_examples/lib/gitlab/import_export/project_tree_restorer_shared_examples.rb
+++ b/spec/support/shared_examples/lib/gitlab/import_export/project_tree_restorer_shared_examples.rb
--- a/spec/views/projects/pages_domains/show.html.haml_spec.rb
+++ b/spec/views/projects/pages_domains/show.html.haml_spec.rb
--- a/spec/workers/clusters/applications/activate_service_worker_spec.rb
+++ b/spec/workers/clusters/applications/activate_service_worker_spec.rb
--- a/spec/workers/clusters/applications/deactivate_service_worker_spec.rb
+++ b/spec/workers/clusters/applications/deactivate_service_worker_spec.rb
--- a/spec/workers/personal_access_tokens/expiring_worker_spec.rb
+++ b/spec/workers/personal_access_tokens/expiring_worker_spec.rb