Add latest changes from gitlab-org/gitlab@master

.gitlab-ci.yml

-image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
+image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
 
 stages:
   - sync

.gitlab/ci/dev-fixtures.gitlab-ci.yml

@@ -3,9 +3,9 @@
     - .default-retry
     - .default-cache
     - .default-before_script
-    - .use-pg9
+    - .use-pg10
   stage: test
-  needs: ["setup-test-env"]
+  needs: ["setup-test-env pg10"]
   variables:
     FIXTURE_PATH: "db/fixtures/development"
     SEED_CYCLE_ANALYTICS: "true"
@@ -26,7 +26,7 @@ run-dev-fixtures-ee:
   extends:
     - .run-dev-fixtures
     - .dev-fixtures:rules:ee-only
-    - .use-pg9-ee
+    - .use-pg10-ee
   script:
     - scripts/gitaly-test-spawn
     - cp ee/db/fixtures/development/* $FIXTURE_PATH

.gitlab/ci/docs.gitlab-ci.yml

@@ -66,9 +66,9 @@ graphql-reference-verify:
     - .default-cache
     - .default-before_script
     - .docs:rules:graphql-reference-verify
-    - .use-pg9
+    - .use-pg10
   stage: test
-  needs: ["setup-test-env"]
+  needs: ["setup-test-env pg10"]
   script:
     - bundle exec rake gitlab:graphql:check_docs
     - bundle exec rake gitlab:graphql:check_schema

.gitlab/ci/frontend.gitlab-ci.yml

@@ -135,13 +135,9 @@ compile-assets pull-cache as-if-foss:
     - .default-retry
     - .default-cache
     - .default-before_script
-    - .use-pg9
+    - .use-pg10
   stage: fixtures
-  needs:
-    - job: "setup-test-env"
-      artifacts: true
-    - job: "compile-assets pull-cache"
-      artifacts: true
+  needs: ["setup-test-env pg10", "compile-assets pull-cache"]
   script:
     - date
     - scripts/gitaly-test-spawn
@@ -270,7 +266,6 @@ coverage-frontend:
 .qa-frontend-node:
   extends:
     - .default-retry
-    - .default-cache
     - .frontend:rules:qa-frontend-node
   stage: test
   dependencies: []
@@ -300,7 +295,7 @@ webpack-dev-server:
     - .default-cache
     - .frontend:rules:default-frontend-jobs
   stage: test
-  needs: ["setup-test-env", "compile-assets pull-cache"]
+  needs: ["setup-test-env pg10", "compile-assets pull-cache"]
   variables:
     WEBPACK_MEMORY_TEST: "true"
     WEBPACK_VENDOR_DLL: "true"

.gitlab/ci/global.gitlab-ci.yml

@@ -21,7 +21,7 @@
 # Jobs that only need to pull cache
 .default-cache:
   cache:
-    key: "debian-stretch-ruby-2.6.5-pg9.6-node-12.x"
+    key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
     paths:
       - .go/pkg/mod
       - vendor/ruby
@@ -30,12 +30,15 @@
     policy: pull
 
 .use-pg9:
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
   services:
     - name: postgres:9.6.17
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
     - name: redis:alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg9-node-12.x"
 
 .use-pg10:
   image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
@@ -45,6 +48,8 @@
     - name: redis:alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
 
 .use-pg11:
   image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
@@ -54,8 +59,11 @@
     - name: redis:alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg11-node-12.x"
 
 .use-pg9-ee:
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34"
   services:
     - name: postgres:9.6.17
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -63,6 +71,8 @@
     - name: elasticsearch:6.4.2
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg9-node-12.x"
 
 .use-pg10-ee:
   image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34"
@@ -73,6 +83,8 @@
     - name: elasticsearch:6.4.2
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg10-node-12.x"
 
 .use-pg11-ee:
   image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
@@ -83,6 +95,8 @@
     - name: elasticsearch:6.4.2
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
+  cache:
+    key: "debian-stretch-ruby-2.6.5-pg11-node-12.x"
 
 .as-if-foss:
   variables:

.gitlab/ci/memory.gitlab-ci.yml

@@ -8,9 +8,7 @@
 memory-static:
   extends: .only-code-memory-job-base
   stage: test
-  needs:
-    - job: setup-test-env
-      artifacts: true
+  needs: ["setup-test-env pg10"]
   variables:
     SETUP_DB: "false"
   script:
@@ -40,11 +38,7 @@ memory-on-boot:
     - .only-code-memory-job-base
     - .use-pg10
   stage: test
-  needs:
-    - job: setup-test-env
-      artifacts: true
-    - job: compile-assets pull-cache
-      artifacts: true
+  needs: ["setup-test-env pg10", "compile-assets pull-cache"]
   variables:
     NODE_ENV: "production"
     RAILS_ENV: "production"

.gitlab/ci/pages.gitlab-ci.yml

 pages:
   extends:
     - .default-retry
-    - .default-cache
     - .pages:rules
   stage: pages
   dependencies: ["rspec:coverage", "karma", "gitlab:assets:compile pull-cache"]

.gitlab/ci/rules.gitlab-ci.yml

@@ -361,6 +361,7 @@
     - <<: *if-master-refs
       changes: *code-backstage-patterns
       when: on_success
+    - changes: [".gitlab/ci/rails.gitlab-ci.yml"]
 
 .rails:rules:master-refs-code-backstage-ee-only:
   rules:
@@ -369,12 +370,23 @@
     - <<: *if-master-refs
       changes: *code-backstage-patterns
       when: on_success
+    - changes: [".gitlab/ci/rails.gitlab-ci.yml"]
 
 .rails:rules:nightly-master-refs-code-backstage:
   rules:
     - <<: *if-nightly-master-schedule
       changes: *code-backstage-patterns
       when: on_success
+    - changes: [".gitlab/ci/rails.gitlab-ci.yml"]
+
+.rails:rules:nightly-master-refs-code-backstage-ee-only:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-nightly-master-schedule
+      changes: *code-backstage-patterns
+      when: on_success
+    - changes: [".gitlab/ci/rails.gitlab-ci.yml"]
 
 .rails:rules:ee-only:
   rules:

.gitlab/ci/setup.gitlab-ci.yml

@@ -7,9 +7,7 @@ cache gems:
     - .default-before_script
     - .setup:rules:cache-gems
   stage: test
-  needs:
-    - job: setup-test-env
-      artifacts: true
+  needs: ["setup-test-env pg10"]
   variables:
     SETUP_DB: "false"
   script:

.rubocop.yml

@@ -216,10 +216,8 @@ Gitlab/DuplicateSpecLocation:
   Exclude:
     - ee/spec/helpers/auth_helper_spec.rb
     - ee/spec/lib/gitlab/gl_repository_spec.rb
-    - ee/spec/models/namespace_spec.rb
     - ee/spec/services/merge_requests/refresh_service_spec.rb
     - ee/spec/helpers/ee/auth_helper_spec.rb
-    - ee/spec/models/ee/namespace_spec.rb
     - ee/spec/services/ee/merge_requests/refresh_service_spec.rb
 
 Cop/InjectEnterpriseEditionModule:
@@ -387,5 +385,4 @@ Performance/ChainArrayAllocation:
 RSpec/RepeatedExample:
   Exclude:
     - 'spec/features/merge_request/user_posts_diff_notes_spec.rb'
-    - 'spec/features/projects/files/template_type_dropdown_spec.rb'
     - 'spec/services/notification_service_spec.rb'

app/assets/javascripts/api.js

@@ -47,6 +47,7 @@ const Api = {
   adminStatisticsPath: '/api/:version/application/statistics',
   pipelineSinglePath: '/api/:version/projects/:id/pipelines/:pipeline_id',
   environmentsPath: '/api/:version/projects/:id/environments',
+  rawFilePath: '/api/:version/projects/:id/repository/files/:path/raw',
 
   group(groupId, callback) {
     const url = Api.buildUrl(Api.groupPath).replace(':id', groupId);
@@ -497,6 +498,14 @@ const Api = {
     return axios.get(url);
   },
 
+  getRawFile(id, path, params = { ref: 'master' }) {
+    const url = Api.buildUrl(this.rawFilePath)
+      .replace(':id', encodeURIComponent(id))
+      .replace(':path', encodeURIComponent(path));
+
+    return axios.get(url, { params });
+  },
+
   buildUrl(url) {
     return joinPaths(gon.relative_url_root || '', url.replace(':version', gon.api_version));
   },

app/assets/javascripts/static_site_editor/services/load_source_content.js

+import Api from '~/api';
+
+const extractTitle = content => {
+  const matches = content.match(/title: (.+)\n/i);
+
+  return matches ? Array.from(matches)[1] : '';
+};
+
+const loadSourceContent = ({ projectId, sourcePath }) =>
+  Api.getRawFile(projectId, sourcePath).then(({ data }) => ({
+    title: extractTitle(data),
+    content: data,
+  }));
+
+export default loadSourceContent;

app/graphql/resolvers/projects/jira_imports_resolver.rb

@@ -16,6 +16,8 @@ module Resolvers
       end
 
       def authorized_resource?(project)
+        return false unless Feature.enabled?(:jira_issue_import, project)
+
         Ability.allowed?(context[:current_user], :admin_project, project)
       end
     end

app/helpers/ci_variables_helper.rb

@@ -9,6 +9,8 @@ module CiVariablesHelper
     if entity.is_a?(Group)
       create_deploy_token_group_settings_ci_cd_path(entity, opts)
     else
+      # TODO: change this path to 'create_deploy_token_project_settings_ci_cd_path'
+      # See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356
       create_deploy_token_project_settings_repository_path(entity, opts)
     end
   end

app/models/concerns/has_repository.rb

@@ -11,6 +11,7 @@ module HasRepository
   extend ActiveSupport::Concern
   include AfterCommitQueue
   include Referable
+  include Gitlab::ShellAdapter
   include Gitlab::Utils::StrongMemoize
 
   delegate :base_dir, :disk_path, to: :storage

app/models/project.rb

@@ -4,7 +4,6 @@ require 'carrierwave/orm/activerecord'
 
 class Project < ApplicationRecord
   include Gitlab::ConfigHelper
-  include Gitlab::ShellAdapter
   include Gitlab::VisibilityLevel
   include AccessRequestable
   include Avatarable

app/models/user.rb

@@ -109,7 +109,6 @@ class User < ApplicationRecord
 
   # Groups
   has_many :members
-  has_one  :max_access_level_membership, -> { select(:id, :user_id, :access_level).order(access_level: :desc).readonly }, class_name: 'Member'
   has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
   has_many :groups, through: :group_members
   has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group
@@ -1080,7 +1079,7 @@ class User < ApplicationRecord
   end
 
   def highest_role
-    max_access_level_membership&.access_level || Gitlab::Access::NO_ACCESS
+    user_highest_role&.highest_access_level || Gitlab::Access::NO_ACCESS
   end
 
   def accessible_deploy_keys

app/views/layouts/nav/sidebar/_profile.html.haml

@@ -153,6 +153,9 @@
               %strong.fly-out-top-item-name
                 = _('Authentication Log')
 
-      = render_if_exists 'layouts/nav/sidebar/profile_pipeline_quota_link'
+      - if Feature.enabled?(:user_usage_quota)
+        = render_if_exists 'layouts/nav/sidebar/profile_usage_quotas_link'
+      - else
+        = render_if_exists 'layouts/nav/sidebar/profile_pipeline_quota_link'
 
     = render 'shared/sidebar_toggle_button'

app/workers/all_queues.yml

@@ -1021,7 +1021,7 @@
 - :name: emails_on_push
   :feature_category: :source_code_management
   :has_external_dependencies: 
-  :urgency: :high
+  :urgency: :low
   :resource_boundary: :cpu
   :weight: 2
   :idempotent: 

app/workers/emails_on_push_worker.rb

@@ -6,7 +6,7 @@ class EmailsOnPushWorker # rubocop:disable Scalability/IdempotentWorker
   attr_reader :email, :skip_premailer
 
   feature_category :source_code_management
-  urgency :high
+  urgency :low
   worker_resource_boundary :cpu
   weight 2
 

changelogs/unreleased/low-urgency-idempotent-email-worker.yml

+---
+title: Reduce urgency of EmailsOnPushWorker
+merge_request: 28783
+author:
+type: other

changelogs/unreleased/rc-filter_health_endpoint_metrics.yml

+---
+title: Filter health endpoint metrics
+merge_request: 27847
+author:
+type: added

changelogs/unreleased/replace_max_access_level_membership.yml

+---
+title: Remove User's association max_access_level_membership
+merge_request: 28757
+author:
+type: other

changelogs/unreleased/template-dropdown-spec.yml

+---
+title: Fix duplicate spec in template dropdown spec
+merge_request: 28858
+author: Rajendra Kadam
+type: added

config/routes/project.rb

@@ -73,6 +73,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
           resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
             post :reset_cache
             put :reset_registration_token
+            post :create_deploy_token, path: 'deploy_token/create'
           end
 
           resource :operations, only: [:show, :update] do
@@ -84,8 +85,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
           resource :integrations, only: [:show]
 
           resource :repository, only: [:show], controller: :repository do
-            # TODO: Move 'create_deploy_token' here to the ':ci_cd' resource above during 12.9.
-            # More details here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24102#note_287572556
+            # TODO: Removed this "create_deploy_token" route after change was made in app/helpers/ci_variables_helper.rb:14
+            # See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356
             post :create_deploy_token, path: 'deploy_token/create', to: 'ci_cd#create_deploy_token'
             post :cleanup
           end

doc/administration/auth/ldap-troubleshooting.md

@@ -634,7 +634,7 @@ The rails console is a valuable tool to help debug LDAP problems. It allows you
 directly interact with the application by running commands and seeing how GitLab
 responds to them.
 
-Please refer to [this guide](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+Please refer to [this guide](../troubleshooting/debug.md#starting-a-rails-console-session)
 for instructions on how to use the rails console.
 
 #### Enable debug output

doc/administration/instance_limits.md

@@ -70,7 +70,7 @@ There is a limit when embedding metrics in GFM for performance reasons.
 On GitLab.com, the [maximum number of webhooks](../user/gitlab_com/index.md#maximum-number-of-webhooks) per project, and per group, is limited.
 
 To set this limit on a self-managed installation, run the following in the
-[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
+[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 # If limits don't exist for the default plan, you can create one with:
@@ -120,7 +120,7 @@ will fail with a `job_activity_limit_exceeded` error.
   This limit is disabled by default.
 
 To set this limit on a self-managed installation, run the following in the
-[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
+[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 # If limits don't exist for the default plan, you can create one with:
@@ -145,7 +145,7 @@ limit, the subscription will be considered invalid.
 - On [GitLab Starter](https://about.gitlab.com/pricing/#self-managed) tier or higher self-managed installations, this limit is defined for the `default` plan that affects all projects.
 
 To set this limit on a self-managed installation, run the following in the
-[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
+[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 Plan.default.limits.update!(ci_project_subscriptions: 500)
@@ -170,7 +170,7 @@ or higher tiers), this limit is defined for the `default` plan that affects all
 projects. By default, there is no limit.
 
 To set this limit on a self-managed installation, run the following in the
-[GitLab Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session):
+[GitLab Rails console](troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 Plan.default.limits.update!(ci_pipeline_schedules: 100)

doc/administration/repository_storage_types.md

@@ -100,7 +100,7 @@ The "Gitaly relative path" is shown there, for example:
 This is the path under `/var/opt/gitlab/git-data/repositories/` on a
 default Omnibus installation.
 
-In a [Rails console](troubleshooting/debug.md#starting-a-rails-console),
+In a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session),
 get this information using either the numeric project ID or the full path:
 
 ```ruby
@@ -112,7 +112,7 @@ Project.find_by_full_path('group/project').disk_path
 
 To translate from a hashed storage path to a project name:
 
-1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console).
+1. Start a [Rails console](troubleshooting/debug.md#starting-a-rails-console-session).
 1. Run the following:
 
 ```ruby

doc/administration/troubleshooting/debug.md

@@ -3,9 +3,10 @@
 Sometimes things don't work the way they should. Here are some tips on debugging issues out
 in production.
 
-## Starting a Rails console
+## Starting a Rails console session
 
-Troubleshooting and debugging often requires a rails console.
+Troubleshooting and debugging your GitLab instance often requires a
+[Rails console](https://guides.rubyonrails.org/command_line.html#rails-console).
 
 **For Omnibus installations**
 
@@ -13,22 +14,81 @@ Troubleshooting and debugging often requires a rails console.
 sudo gitlab-rails console
 ```
 
----
-
 **For installations from source**
 
 ```shell
-bundle exec rails console production
+sudo -u git -H bundle exec rails console -e production
 ```
 
 Kubernetes: the console is in the task-runner pod, refer to our [Kubernetes cheat sheet](kubernetes_cheat_sheet.md#gitlab-specific-kubernetes-information) for details.
 
+### Enabling Active Record logging
+
+You can enable output of Active Record debug logging in the Rails console
+session by running:
+
+```ruby
+ActiveRecord::Base.logger = Logger.new(STDOUT)
+```
+
+This will show information about database queries triggered by any Ruby code
+you may run in the console. To turn off logging again, run:
+
+```ruby
+ActiveRecord::Base.logger = nil
+```
+
+### Disabling database statement timeout
+
+You can disable the PostgreSQL statement timeout for the current Rails console
+session by running:
+
+```ruby
+ActiveRecord::Base.connection.execute('SET statement_timeout TO 0')
+```
+
+Note that this change only affects the current Rails console session and will
+not be persisted in the GitLab production environment or in the next Rails
+console session.
+
+### Output Rails console session history
+
+If you'd like to output your Rails console command history in a format that's
+easy to copy and save for future reference, you can run:
+
+```ruby
+puts Readline::HISTORY.to_a
+```
+
+## Using the Rails Runner
+
+If you need to run some Ruby code in thex context of your GitLab production
+environment, you can do so using the [Rails Runner](https://guides.rubyonrails.org/command_line.html#rails-runner).
+
+**For Omnibus installations**
+
+```shell
+sudo gitlab-rails runner "RAILS_COMMAND"
+
+# Example with a two-line Ruby script
+sudo gitlab-rails runner "user = User.first; puts user.username"
+```
+
+**For installations from source**
+
+```shell
+sudo -u git -H bundle exec rails runner -e production "RAILS_COMMAND"
+
+# Example with a two-line Ruby script
+sudo -u git -H bundle exec rails runner -e production "user = User.first; puts user.username"
+```
+
 ## Mail not working
 
 A common problem is that mails are not being sent for some reason. Suppose you configured
 an SMTP server, but you're not seeing mail delivered. Here's how to check the settings:
 
-1. Run a [Rails console.](#starting-a-rails-console)
+1. Run a [Rails console](#starting-a-rails-console-session).
 
 1. Look at the ActionMailer `delivery_method` to make sure it matches what you
    intended. If you configured SMTP, it should say `:smtp`. If you're using
@@ -168,7 +228,7 @@ separate Rails process to debug the issue:
 1. Log in to your GitLab account.
 1. Copy the URL that is causing problems (e.g. `https://gitlab.com/ABC`).
 1. Create a Personal Access Token for your user (Profile Settings -> Access Tokens).
-1. Bring up the [GitLab Rails console.](#starting-a-rails-console)
+1. Bring up the [GitLab Rails console.](#starting-a-rails-console-session)
 1. At the Rails console, run:
 
    ```ruby

doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md

@@ -25,36 +25,6 @@ mentioned above, we recommend running these scripts under the supervision of a
 Support Engineer, who can also verify that they will continue to work as they
 should and, if needed, update the script for the latest version of GitLab.
 
-## Use the Rails Runner
-
-If the script you want to run is short, you can use the Rails Runner to avoid
-entering the rails console in the first place. Here's an example of its use:
-
-```shell
-gitlab-rails runner "RAILS_COMMAND"
-
-# Example with a 2-line script
-gitlab-rails runner "user = User.first; puts user.username"
-```
-
-## Enable debug logging on rails console
-
-```ruby
-Rails.logger.level = 0
-```
-
-## Enable debug logging for ActiveRecord (db issues)
-
-```ruby
-ActiveRecord::Base.logger = Logger.new(STDOUT)
-```
-
-## Temporarily Disable Timeout
-
-```ruby
-ActiveRecord::Base.connection.execute('SET statement_timeout TO 0')
-```
-
 ## Find specific methods for an object
 
 ```ruby
@@ -85,12 +55,6 @@ o = Object.where('attribute like ?', 'ex')
 Rails.cache.instance_variable_get(:@data).keys
 ```
 
-## Rails console history
-
-```ruby
-puts Readline::HISTORY.to_a
-```
-
 ## Profile a page
 
 ```ruby

doc/administration/troubleshooting/navigating_gitlab_via_rails_console.md

@@ -3,7 +3,7 @@
 At the heart of GitLab is a web application [built using the Ruby on Rails
 framework](https://about.gitlab.com/blog/2018/10/29/why-we-use-rails-to-build-gitlab/).
 Thanks to this, we also get access to the amazing tools built right into Rails.
-In this guide, we'll introduce the [Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+In this guide, we'll introduce the [Rails console](debug.md#starting-a-rails-console-session)
 and the basics of interacting with your GitLab instance from the command line.
 
 CAUTION: **CAUTION:**

doc/administration/troubleshooting/ssl.md

@@ -23,7 +23,7 @@ After configuring a GitLab instance with an internal CA certificate, you might n
   More details here: https://curl.haxx.se/docs/sslcerts.html
   ```
 
-- Testing via the [rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session) also fails:
+- Testing via the [rails console](debug.md#starting-a-rails-console-session) also fails:
 
   ```ruby
   uri = URI.parse("https://gitlab.domain.tld")

doc/api/groups.md

@@ -552,7 +552,6 @@ PUT /groups/:id
 | `membership_lock`                    | boolean | no       | **(STARTER)** Prevent adding new members to project membership within this group. |
 | `share_with_group_lock`              | boolean | no       | Prevent sharing a project with another group within this group. |
 | `visibility`                         | string  | no       | The visibility level of the group. Can be `private`, `internal`, or `public`. |
-| `share_with_group_lock`              | boolean | no       | Prevent sharing a project with another group within this group. |
 | `require_two_factor_authentication`  | boolean | no       | Require all users in this group to setup Two-factor authentication. |
 | `two_factor_grace_period`            | integer | no       | Time before Two-factor authentication is enforced (in hours). |
 | `project_creation_level`             | string  | no       | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |

doc/api/merge_request_approvals.md

@@ -676,7 +676,8 @@ This includes additional information about the users who have already approved
         }
       ],
       "source_rule": null,
-      "approved": true
+      "approved": true,
+      "overridden": false
     }
   ]
 }
@@ -753,7 +754,8 @@ GET /projects/:id/merge_requests/:merge_request_iid/approval_rules
         "ldap_access": null
       }
     ],
-    "contains_hidden_groups": false
+    "contains_hidden_groups": false,
+    "overridden": false
   }
 ]
 ```
@@ -837,7 +839,8 @@ will be used.
       "ldap_access": null
     }
   ],
-  "contains_hidden_groups": false
+  "contains_hidden_groups": false,
+  "overridden": false
 }
 ```
 
@@ -921,7 +924,8 @@ These are system generated rules.
       "ldap_access": null
     }
   ],
-  "contains_hidden_groups": false
+  "contains_hidden_groups": false,
+  "overridden": false
 }
 ```
 

doc/api/projects.md

@@ -970,6 +970,7 @@ GET /projects/:id/users
 
 | Attribute    | Type          | Required | Description |
 | ------------ | ------------- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `search`     | string        | no       | Search for specific users |
 | `skip_users` | integer array | no       | Filter out users with the specified IDs |
 
@@ -1515,6 +1516,7 @@ GET /projects/:id/starrers
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `search` | string | no | Search for specific users. |
 
 ```shell
@@ -1558,6 +1560,10 @@ Get languages used in a project with percentage value.
 GET /projects/:id/languages
 ```
 
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
+
 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/languages"
 ```
@@ -2183,6 +2189,7 @@ PUT /projects/:id/transfer
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `namespace` | integer/string | yes | The ID or path of the namespace to transfer to project to |
 
 ## Branches

doc/ci/yaml/README.md

@@ -2549,7 +2549,7 @@ This example creates four paths of execution:
 
 The maximum number of jobs that can be defined within `needs:` defaults to 10, but
 can be changed to 50 via a feature flag. To change the limit to 50,
-[start a Rails console session](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+[start a Rails console session](../../administration/troubleshooting/debug.md#starting-a-rails-console-session)
 and run:
 
 ```ruby

doc/development/pipelines.md

@@ -176,7 +176,7 @@ graph RL;
   O[coverage-frontend];
   N["pages (master only)"];
   Q[package-and-qa];
-  S["RSpec<br/>(e.g. rspec unit pg9)"]
+  S["RSpec<br/>(e.g. rspec unit pg10)"]
   T[retrieve-tests-metadata];
   QA["qa:internal, qa:selectors"];
   QA2["qa:internal-as-if-foss, qa:selectors-as-if-foss<br/>(EE default refs only)"];

doc/install/aws/index.md

@@ -315,10 +315,8 @@ persistence and is used for certain types of the GitLab application.
 
 1. Navigate back to the ElastiCache dashboard.
 1. Select **Redis** on the left menu and click **Create** to create a new
-   Redis cluster. Depending on your load, you can choose whether to enable
-   cluster mode or not. Even without cluster mode on, you still get the
-   chance to deploy Redis in multi availability zones. In this guide, we chose
-   not to enable it.
+   Redis cluster. Do not enable **Cluster Mode** as it is [not supported](../../administration/high_availability/redis.md#provide-your-own-redis-instance-core-only). Even without cluster mode on, you still get the
+   chance to deploy Redis in multiple availability zones.
 1. In the settings section:
    1. Give the cluster a name (`gitlab-redis`) and a description.
    1. For the version, select the latest of `5.0` series (e.g., `5.0.6`).
@@ -383,6 +381,37 @@ EC2 instances running Linux use private key files for SSH authentication. You'll
 
 Storing private key files on your bastion host is a bad idea. To get around this, use SSH agent forwarding on your client. See [Securely Connect to Linux Instances Running in a Private Amazon VPC](https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/) for a step-by-step guide on how to use SSH agent forwarding.
 
+## Setting up Gitaly
+
+CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released.
+
+Gitaly is a service that provides high-level RPC access to Git repositories.
+It should be enabled and configured on a separate EC2 instance in one of the
+[private subnets](#subnets) we configured previously.
+
+Let's create an EC2 instance where we'll install Gitaly:
+
+1. From the EC2 dashboard, click **Launch instance**.
+1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**.
+1. Choose an instance type. We'll pick a **c5.xlarge**.
+1. Click **Configure Instance Details**.
+   1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier.
+   1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier.
+   1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`.
+   1. Click **Add Storage**.
+1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.)
+   1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`.
+1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`.
+1. Click on **Configure Security Group** and let's **Create a new security group**.
+   1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both.
+   1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`.
+1. Click **Review and launch** followed by **Launch** if you're happy with your settings.
+1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**.
+
+  > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
+
+Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server).
+
 ## Deploying GitLab inside an auto scaling group
 
 We'll use AWS's wizard to deploy GitLab and then SSH into the instance to
@@ -551,37 +580,6 @@ sudo gitlab-ctl status
 
 If everything looks good, you should be able to reach GitLab in your browser.
 
-### Setting up Gitaly
-
-CAUTION: **Caution:** In this architecture, having a single Gitaly server creates a single point of failure. This limitation will be removed once [Gitaly HA](https://gitlab.com/groups/gitlab-org/-/epics/842) is released.
-
-Gitaly is a service that provides high-level RPC access to Git repositories.
-It should be enabled and configured on a separate EC2 instance in one of the
-[private subnets](#subnets) we configured previously.
-
-Let's create an EC2 instance where we'll install Gitaly:
-
-1. From the EC2 dashboard, click **Launch instance**.
-1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**.
-1. Choose an instance type. We'll pick a **c5.xlarge**.
-1. Click **Configure Instance Details**.
-   1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier.
-   1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier.
-   1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`.
-   1. Click **Add Storage**.
-1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisoned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.)
-   1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisoned IOPS SSD (io1)`.
-1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`.
-1. Click on **Configure Security Group** and let's **Create a new security group**.
-   1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both.
-   1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`.
-1. Click **Review and launch** followed by **Launch** if you're happy with your settings.
-1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**.
-
-  > **Optional:** Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/).
-
-Now that we have our EC2 instance ready, follow the [documentation to install GitLab and set up Gitaly on its own server](../../administration/gitaly/index.md#running-gitaly-on-its-own-server).
-
 ### Using Amazon S3 object storage
 
 GitLab stores many objects outside the Git repository, many of which can be

doc/integration/github.md

@@ -151,7 +151,7 @@ via Omnibus, or [restart GitLab] if you installed from source.
 Check the [`production.log`](../administration/logs.md#productionlog)
 on your GitLab server to obtain further details. If you are getting the error like
 `Faraday::ConnectionFailed (execution expired)` in the log, there may be a connectivity issue
-between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session)
 and run the commands below replacing `<github_url>` with the URL of your GitHub Enterprise instance:
 
 ```ruby

doc/raketasks/import.md

@@ -125,7 +125,7 @@ There is an [open issue to add a migration to make all bare repositories
 importable](https://gitlab.com/gitlab-org/gitlab-foss/issues/41776).
 
 Until then, you may wish to manually migrate repositories yourself. You can use
-[Rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+[Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session)
 to do so. In a Rails console session, run the following to migrate a project:
 
 ```ruby

doc/update/README.md

@@ -122,7 +122,7 @@ If using GitLab 12.9 and newer, run:
 sudo gitlab-rails runner -e production 'puts Gitlab::BackgroundMigration.remaining'
 ```
 
-If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console):
+If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 puts Sidekiq::Queue.new("background_migration").size
@@ -140,7 +140,7 @@ cd /home/git/gitlab
 sudo -u git -H bundle exec rails runner -e production 'puts Gitlab::BackgroundMigration.remaining'
 ```
 
-If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console):
+If using GitLab 12.8 and older, run the following using a [Rails console](../administration/troubleshooting/debug.md#starting-a-rails-console-session):
 
 ```ruby
 puts Sidekiq::Queue.new("background_migration").size

doc/user/application_security/dependency_scanning/index.md

@@ -160,6 +160,7 @@ The following variables are used for configuring specific analyzers (used for a
 | `GEMNASIUM_DB_LOCAL_PATH`               | `gemnasium`        | `/gemnasium-db`              | Path to local gemnasium database. |
 | `GEMNASIUM_DB_REMOTE_URL`               | `gemnasium`        | `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git` | Repository URL for fetching the gemnasium database. |
 | `GEMNASIUM_DB_REF_NAME`                 | `gemnasium`        | `master`                     | Branch name for remote repository database. `GEMNASIUM_DB_REMOTE_URL` is required. |
+| `DS_REMEDIATE`                          | `gemnasium`        | `"true"`                       | Enable automatic remediation of vulnerable dependencies.  |
 | `PIP_INDEX_URL`                         | `gemnasium-python` | `https://pypi.org/simple`    | Base URL of Python Package Index. |
 | `PIP_EXTRA_INDEX_URL`                   | `gemnasium-python` |                              | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
 | `PIP_REQUIREMENTS_FILE`                 | `gemnasium-python` |                              | Pip requirements file to be scanned. |
@@ -167,7 +168,7 @@ The following variables are used for configuring specific analyzers (used for a
 | `DS_PIP_DEPENDENCY_PATH`                | `gemnasium-python` |                              | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) |
 | `DS_PYTHON_VERSION`                     | `retire.js`        |                              | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)|
 | `MAVEN_CLI_OPTS`                        | `gemnasium-maven`  | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). |
-| `BUNDLER_AUDIT_UPDATE_DISABLED`         | `bundler-audit`    | `false`                      | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline environment. |
+| `BUNDLER_AUDIT_UPDATE_DISABLED`         | `bundler-audit`    | `"false"`                      | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
 | `BUNDLER_AUDIT_ADVISORY_DB_URL`         | `bundler-audit`    | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. |
 | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME`    | `bundler-audit`    | `master`                     | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. |
 | `RETIREJS_JS_ADVISORY_DB`               | `retire.js`        | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json` | Path or URL to Retire.js js vulnerability data file. |

doc/user/application_security/threat_monitoring/index.md

@@ -13,6 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page.
 GitLab supports statistics for the following security features:
 
 - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity)
+- [Container Network Policies](../../../topics/autodevops/index.md#network-policy)
 
 ## Web Application Firewall
 
@@ -38,3 +39,38 @@ about your Ingress traffic:
 If a significant percentage of traffic is anomalous, you should
 investigate it for potential threats by
 [examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity).
+
+## Container Network Policy
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
+
+The **Container Network Policy** section provides packet flow metrics for
+your application's Kubernetes namespace. This section has the following
+prerequisites:
+
+- Your project contains at least one [environment](../../../ci/environments.md)
+- You've [installed Cilium](../../clusters/applications.md#install-cilium-using-gitlab-cicd)
+- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration)
+
+If you're using custom Helm values for Cilium, you must enable Hubble
+with flow metrics for each namespace by adding the following lines to
+your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
+
+```yaml
+metrics:
+  enabled:
+    - 'flow:sourceContext=namespace;destinationContext=namespace'
+```
+
+The **Container Network Policy** section displays the following information
+about your packet flow:
+
+- The total amount of the inbound and outbound packets
+- The proportion of packets dropped according to the configured
+  policies
+- The per-second average rate of the forwarded and dropped packets
+  accumulated over time window for the requested time interval
+
+If a significant percentage of packets is dropped, you should
+investigate it for potential threats by
+[examining the Cilium logs](../../clusters/applications.md#install-cilium-using-gitlab-cicd).

doc/user/clusters/applications.md

@@ -825,6 +825,28 @@ agent:
     enabled: false
 ```
 
+The [Hubble](https://github.com/cilium/hubble) monitoring daemon is
+enabled by default and it's set to collect per namespace flow
+metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md)
+dashboard. You can disable Hubble by adding the following to
+`.gitlab/managed-apps/config.yaml`:
+
+```yaml
+cilium:
+  installed: true
+  hubble:
+    installed: false
+```
+
+You can also adjust Helm values for Hubble via
+`.gitlab/managed-apps/cilium/hubble-values.yaml`:
+
+```yaml
+metrics:
+  enabled:
+    - 'flow:sourceContext=namespace;destinationContext=namespace'
+```
+
 ### Install Vault using GitLab CI/CD
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9982) in GitLab 12.9.

doc/user/packages/container_registry/index.md

@@ -7,6 +7,7 @@
 >   to pass a [personal access token](../../profile/personal_access_tokens.md) instead of your password in order to
 >   login to GitLab's Container Registry.
 > - Multiple level image names support was added in GitLab 9.1.
+> - The group level Container Registry was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23315) in GitLab 12.10.
 
 NOTE: **Note:**
 This document is the user guide. To learn how to enable GitLab Container
@@ -47,11 +48,51 @@ project:
 
 ## Control Container Registry from within GitLab
 
-GitLab offers a simple Container Registry management panel. Go to your project
-and click **Packages > Container Registry** in the project menu.
+GitLab offers a simple Container Registry management panel. This management panel is available
+for both projects and groups.
 
-This view will show you all Docker images in your project and will easily allow you to
-delete them.
+### Control Container Registry for your project
+
+Navigate to your project's **{package}** **Packages > Container Registry**.
+
+![Container Registry project repositories](img/container_registry_repositories_with_quickstart_v12_10.png)
+
+This view will:
+
+- Show all the image repositories that belong to the project.
+- Allow you to [delete](#delete-images-from-within-gitlab) one or more image repository.
+- Allow you to navigate to the image repository details page.
+- Show a **Quick start** dropdown with the most common commands to log in, build and push
+- Optionally, a banner will be visible if the [expiration policy](#expiration-policy) is enabled for this project.
+
+### Control Container Registry for your group
+
+Navigate to your groups's **{package}** **Packages > Container Registry**.
+
+![Container Registry group repositories](img/container_registry_group_repositories_v12_10.png)
+
+This view will:
+
+- Show all the image repositories of the projects that belong to this group.
+- Allow to [delete](#delete-images-from-within-gitlab) one or more image repositories.
+- Allow to navigate to a specific image repository details page.
+
+### Image Repository details page
+
+Clicking on the name of any image repository will navigate to the details.
+
+![Container Registry project repository details](img/container_registry_repository_details_v12.10.png)
+
+NOTE: **Note:**
+The following page has the same functionalities both in the **Group level container registry**
+and in the **Project level container registry**.
+
+This view:
+
+- Shows all the image repository details.
+- Shows all the tags of the image repository.
+- Allows you to quickly copy the tag path (by clicking on the clipboard button near the tag name).
+- Allows you to [delete one or more tags](#delete-images-from-within-gitlab).
 
 ## Use images from GitLab Container Registry
 

doc/user/packages/nuget_repository/index.md

@@ -18,7 +18,7 @@ NuGet CLI is probably already installed.
 
 Alternatively, you can use [.NET SDK 3.0 or later](https://dotnet.microsoft.com/download/dotnet-core/3.0), which installs NuGet CLI.
 
-You can confirm that [nuget CLI](https://www.nuget.org/) is properly installed with:
+You can confirm that [NuGet CLI](https://www.nuget.org/) is properly installed with:
 
 ```shell
 nuget help
@@ -36,6 +36,18 @@ Available commands:
 [output truncated]
 ```
 
+### macOS support
+
+For macOS, you can also use [Mono](https://www.mono-project.com/) to run
+the NuGet CLI. For Homebrew users, run `brew install mono` to install
+Mono. Then you should be able to download the Windows C# binary
+`nuget.exe` from the [NuGet CLI page](https://www.nuget.org/downloads)
+and run:
+
+```shell
+mono nuget.exe
+```
+
 ## Enabling the NuGet Repository
 
 NOTE: **Note:**

lib/gitlab/metrics/requests_rack_middleware.rb

@@ -15,6 +15,8 @@ module Gitlab
         "report" =>  %w(404)
       }.freeze
 
+      HEALTH_ENDPOINT = /^\/-\/(liveness|readiness|health|metrics)\/?$/.freeze
+
       def initialize(app)
         @app = app
       end
@@ -32,6 +34,10 @@ module Gitlab
                                                            {}, [0.05, 0.1, 0.25, 0.5, 0.7, 1, 2.5, 5, 10, 25])
       end
 
+      def self.http_health_requests_total
+        @http_health_requests_total ||= ::Gitlab::Metrics.counter(:http_health_requests_total, 'Health endpoint request count')
+      end
+
       def self.initialize_http_request_duration_seconds
         HTTP_METHODS.each do |method, statuses|
           statuses.each do |status|
@@ -43,8 +49,13 @@ module Gitlab
       def call(env)
         method = env['REQUEST_METHOD'].downcase
         started = Time.now.to_f
+
         begin
-          RequestsRackMiddleware.http_request_total.increment(method: method)
+          if health_endpoint?(env['PATH_INFO'])
+            RequestsRackMiddleware.http_health_requests_total.increment(method: method)
+          else
+            RequestsRackMiddleware.http_request_total.increment(method: method)
+          end
 
           status, headers, body = @app.call(env)
 
@@ -57,6 +68,12 @@ module Gitlab
           raise
         end
       end
+
+      def health_endpoint?(path)
+        return false if path.blank?
+
+        HEALTH_ENDPOINT.match?(CGI.unescape(path))
+      end
     end
   end
 end

locale/gitlab.pot

@@ -21969,6 +21969,9 @@ msgstr ""
 msgid "UsageQuota|Usage of group resources across the projects in the %{strong_start}%{group_name}%{strong_end} group"
 msgstr ""
 
+msgid "UsageQuota|Usage of resources across your projects"
+msgstr ""
+
 msgid "UsageQuota|Usage since"
 msgstr ""
 

package.json

@@ -40,7 +40,7 @@
     "@babel/preset-env": "^7.8.4",
     "@gitlab/at.js": "1.5.5",
     "@gitlab/svgs": "1.117.0",
-    "@gitlab/ui": "11.0.1",
+    "@gitlab/ui": "11.0.3",
     "@gitlab/visual-review-tools": "1.5.1",
     "@sentry/browser": "^5.10.2",
     "@sourcegraph/code-host-integration": "0.0.34",

spec/features/projects/files/template_type_dropdown_spec.rb

@@ -40,10 +40,6 @@ describe 'Projects > Files > Template type dropdown selector', :js do
       check_type_selector_display(true)
     end
 
-    it 'is displayed when input matches' do
-      check_type_selector_display(true)
-    end
-
     it 'selects every template type correctly' do
       try_selecting_all_types
     end

spec/frontend/api_spec.js

@@ -631,4 +631,32 @@ describe('Api', () => {
       });
     });
   });
+
+  describe('getRawFile', () => {
+    const dummyProjectPath = 'gitlab-org/gitlab';
+    const dummyFilePath = 'doc/CONTRIBUTING.md';
+    const expectedUrl = `${dummyUrlRoot}/api/${dummyApiVersion}/projects/${encodeURIComponent(
+      dummyProjectPath,
+    )}/repository/files/${encodeURIComponent(dummyFilePath)}/raw`;
+
+    describe('when the raw file is successfully fetched', () => {
+      it('resolves the Promise', () => {
+        mock.onGet(expectedUrl).replyOnce(200);
+
+        return Api.getRawFile(dummyProjectPath, dummyFilePath).then(() => {
+          expect(mock.history.get).toHaveLength(1);
+        });
+      });
+    });
+
+    describe('when an error occurs while getting a raw file', () => {
+      it('rejects the Promise', () => {
+        mock.onDelete(expectedUrl).replyOnce(500);
+
+        return Api.getRawFile(dummyProjectPath, dummyFilePath).catch(() => {
+          expect(mock.history.get).toHaveLength(1);
+        });
+      });
+    });
+  });
 });

spec/frontend/static_site_editor/mock_data.js

+export const sourceContent = `
+---
+layout: handbook-page-toc
+title: Handbook
+twitter_image: '/images/tweets/handbook-gitlab.png'
+---
+
+## On this page
+{:.no_toc .hidden-md .hidden-lg}
+
+- TOC
+{:toc .hidden-md .hidden-lg}
+`;
+
+export const sourceContentTitle = 'Handbook';
+
+export const projectId = '123456';
+export const sourcePath = 'foobar.md.html';

spec/frontend/static_site_editor/services/load_source_content_spec.js

+import Api from '~/api';
+
+import loadSourceContent from '~/static_site_editor/services/load_source_content';
+
+import { sourceContent, sourceContentTitle, projectId, sourcePath } from '../mock_data';
+
+describe('loadSourceContent', () => {
+  describe('requesting source content succeeds', () => {
+    let result;
+
+    beforeEach(() => {
+      jest.spyOn(Api, 'getRawFile').mockResolvedValue({ data: sourceContent });
+
+      return loadSourceContent({ projectId, sourcePath }).then(_result => {
+        result = _result;
+      });
+    });
+
+    it('calls getRawFile API with project id and source path', () => {
+      expect(Api.getRawFile).toHaveBeenCalledWith(projectId, sourcePath);
+    });
+
+    it('extracts page title from source content', () => {
+      expect(result.title).toBe(sourceContentTitle);
+    });
+
+    it('returns raw content', () => {
+      expect(result.content).toBe(sourceContent);
+    });
+  });
+});

spec/graphql/resolvers/projects/jira_imports_resolver_spec.rb

@@ -14,6 +14,16 @@ describe Resolvers::Projects::JiraImportsResolver do
       data
     end
 
+    context 'when feature flag disabled' do
+      let_it_be(:project) { create(:project, :private, import_data: jira_import_data) }
+
+      before do
+        stub_feature_flags(jira_issue_import: false)
+      end
+
+      it_behaves_like 'no jira import access'
+    end
+
     context 'when project does not have Jira import data' do
       let_it_be(:project) { create(:project, :private, import_data: nil) }
 

spec/lib/gitlab/metrics/requests_rack_middleware_spec.rb

@@ -36,6 +36,74 @@ describe Gitlab::Metrics::RequestsRackMiddleware do
 
         Timecop.scale(3600) { subject.call(env) }
       end
+
+      context 'request is a health check endpoint' do
+        it 'increments health endpoint counter' do
+          env['PATH_INFO'] = '/-/liveness'
+
+          expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
+
+          subject.call(env)
+        end
+
+        context 'with trailing slash' do
+          before do
+            env['PATH_INFO'] = '/-/liveness/'
+          end
+
+          it 'increments health endpoint counter' do
+            expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
+
+            subject.call(env)
+          end
+        end
+
+        context 'with percent encoded values' do
+          before do
+            env['PATH_INFO'] = '/-/%6D%65%74%72%69%63%73' # /-/metrics
+          end
+
+          it 'increments health endpoint counter' do
+            expect(described_class).to receive_message_chain(:http_health_requests_total, :increment).with(method: 'get')
+
+            subject.call(env)
+          end
+        end
+      end
+
+      context 'request is not a health check endpoint' do
+        it 'does not increment health endpoint counter' do
+          env['PATH_INFO'] = '/-/ordinary-requests'
+
+          expect(described_class).not_to receive(:http_health_requests_total)
+
+          subject.call(env)
+        end
+
+        context 'path info is a root path' do
+          before do
+            env['PATH_INFO'] = '/-/'
+          end
+
+          it 'does not increment health endpoint counter' do
+            expect(described_class).not_to receive(:http_health_requests_total)
+
+            subject.call(env)
+          end
+        end
+
+        context 'path info is a subpath' do
+          before do
+            env['PATH_INFO'] = '/-/health/subpath'
+          end
+
+          it 'does not increment health endpoint counter' do
+            expect(described_class).not_to receive(:http_health_requests_total)
+
+            subject.call(env)
+          end
+        end
+      end
     end
 
     context '@app.call throws exception' do

spec/models/user_spec.rb

@@ -28,7 +28,6 @@ describe User, :do_not_mock_admin_mode do
   describe 'associations' do
     it { is_expected.to have_one(:namespace) }
     it { is_expected.to have_one(:status) }
-    it { is_expected.to have_one(:max_access_level_membership) }
     it { is_expected.to have_one(:user_detail) }
     it { is_expected.to have_one(:user_highest_role) }
     it { is_expected.to have_many(:snippets).dependent(:destroy) }
@@ -1000,91 +999,42 @@ describe User, :do_not_mock_admin_mode do
   end
 
   describe '#highest_role' do
-    let(:user) { create(:user) }
-    let(:group) { create(:group) }
-
-    context 'with association :max_access_level_membership' do
-      let(:another_user) { create(:user) }
-
-      before do
-        create(:project, group: group) do |project|
-          group.add_user(user, GroupMember::GUEST)
-          group.add_user(another_user, GroupMember::DEVELOPER)
-        end
-
-        create(:project, group: create(:group)) do |project|
-          project.add_guest(another_user)
-        end
-
-        create(:project, group: create(:group)) do |project|
-          project.add_maintainer(user)
-        end
-      end
-
-      it 'returns the correct highest role' do
-        users = User.includes(:max_access_level_membership).where(id: [user.id, another_user.id])
-
-        expect(users.collect { |u| [u.id, u.highest_role] }).to contain_exactly(
-          [user.id, Gitlab::Access::MAINTAINER],
-          [another_user.id, Gitlab::Access::DEVELOPER]
-        )
-      end
-    end
-
-    it 'returns NO_ACCESS if none has been set' do
-      expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
-    end
-
-    it 'returns MAINTAINER if user is maintainer of a project' do
-      create(:project, group: group) do |project|
-        project.add_maintainer(user)
-      end
-
-      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
-    end
+    let_it_be(:user) { create(:user) }
 
-    it 'returns the highest role if user is member of multiple projects' do
-      create(:project, group: group) do |project|
-        project.add_maintainer(user)
+    context 'when user_highest_role does not exist' do
+      it 'returns NO_ACCESS' do
+        expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
       end
-
-      create(:project, group: group) do |project|
-        project.add_developer(user)
-      end
-
-      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
     end
 
-    it 'returns MAINTAINER if user is maintainer of a group' do
-      create(:group) do |group|
-        group.add_user(user, GroupMember::MAINTAINER)
-      end
-
-      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
-    end
+    context 'when user_highest_role exists' do
+      context 'stored highest access level is nil' do
+        it 'returns Gitlab::Access::NO_ACCESS' do
+          create(:user_highest_role, user: user)
 
-    it 'returns the highest role if user is member of multiple groups' do
-      create(:group) do |group|
-        group.add_user(user, GroupMember::MAINTAINER)
+          expect(user.highest_role).to eq(Gitlab::Access::NO_ACCESS)
+        end
       end
 
-      create(:group) do |group|
-        group.add_user(user, GroupMember::DEVELOPER)
-      end
+      context 'stored highest access level present' do
+        context 'with association :user_highest_role' do
+          let(:another_user) { create(:user) }
 
-      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
-    end
+          before do
+            create(:user_highest_role, :maintainer, user: user)
+            create(:user_highest_role, :developer, user: another_user)
+          end
 
-    it 'returns the highest role if user is member of multiple groups and projects' do
-      create(:group) do |group|
-        group.add_user(user, GroupMember::DEVELOPER)
-      end
+          it 'returns the correct highest role' do
+            users = User.includes(:user_highest_role).where(id: [user.id, another_user.id])
 
-      create(:project, group: group) do |project|
-        project.add_maintainer(user)
+            expect(users.collect { |u| [u.id, u.highest_role] }).to contain_exactly(
+              [user.id, Gitlab::Access::MAINTAINER],
+              [another_user.id, Gitlab::Access::DEVELOPER]
+            )
+          end
+        end
       end
-
-      expect(user.highest_role).to eq(Gitlab::Access::MAINTAINER)
     end
   end
 

spec/routing/project_routing_spec.rb

@@ -802,7 +802,7 @@ describe 'project routing' do
 
     # TODO: remove this test as part of https://gitlab.com/gitlab-org/gitlab/issues/207079 (12.9)
     it 'to ci_cd#create_deploy_token' do
-      expect(post('gitlab/gitlabhq/-/settings/repository/deploy_token/create')).to route_to('projects/settings/ci_cd#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(post('gitlab/gitlabhq/-/settings/ci_cd/deploy_token/create')).to route_to('projects/settings/ci_cd#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
   end
 

spec/support/shared_examples/models/concerns/has_repository_shared_examples.rb

@@ -167,6 +167,7 @@ RSpec.shared_examples 'model with repository' do
   describe 'Respond to' do
     it { is_expected.to respond_to(:base_dir) }
     it { is_expected.to respond_to(:disk_path) }
+    it { is_expected.to respond_to(:gitlab_shell) }
   end
 
   describe '.pick_repository_storage' do

yarn.lock

@@ -786,10 +786,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-1.117.0.tgz#05239ddcf529c62ca29e1ec1a25a7e24efb98207"
   integrity sha512-dGy/VWuRAFCTZX3Yqu1+RnAHTSUWafteIk/RMfUCN9B/EMbYzjhYsNy0NLVoZ23Rj/KGv1bUGHvyQCoPP6VzpA==
 
-"@gitlab/ui@11.0.1":
-  version "11.0.1"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-11.0.1.tgz#7d9fdb823590c72c232b7dee06b86c3e8766ba28"
-  integrity sha512-JlZULrpmm2jELsVHfcMpE0uiam+hA+5tL4+xZxiHoG+i9UlTQCAteMHOgJVT7pQYvjPAoSnw9XzTATEEcHVcOw==
+"@gitlab/ui@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-11.0.3.tgz#7ef5aa78e8b3226c189487cb1d131859180bf539"
+  integrity sha512-BCV0+3xJCiBOvdpDlDm6YMnsAP1l4L03e5y0Nqtw8T6hITCL86eGTs0IEPzmE/v2x+03sK4QSHa6rf0dqlvwDg==
   dependencies:
     "@babel/standalone" "^7.0.0"
     "@gitlab/vue-toasted" "^1.3.0"