Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/reports.gitlab-ci.yml

+# Make sure to update all the similar conditions in other CI config files if you modify these conditions
+.if-canonical-gitlab-merge-request: &if-canonical-gitlab-merge-request
+  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID'
+
+# Make sure to update all the similar conditions in other CI config files if you modify these conditions
+.if-canonical-dot-com-gitlab-org-group-schedule: &if-canonical-dot-com-gitlab-org-group-schedule
+  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
+
+# Make sure to update all the similar conditions in other CI config files if you modify these conditions
+.if-master-refs: &if-master-refs
+  if: '$CI_COMMIT_REF_NAME == "master"'
+
+# Make sure to update all the similar conditions in other CI config files if you modify these conditions
+.if-default-refs: &if-default-refs
+  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG'
+
+# Make sure to update all the similar patterns in other CI config files if you modify these patterns
+.code-backstage-patterns: &code-backstage-patterns
+  - ".gitlab/ci/**/*"
+  - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
+  - ".csscomb.json"
+  - "Dockerfile.assets"
+  - "*_VERSION"
+  - "Gemfile{,.lock}"
+  - "Rakefile"
+  - "{babel.config,jest.config}.js"
+  - "config.ru"
+  - "{package.json,yarn.lock}"
+  - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+  - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
+  # Backstage changes
+  - "Dangerfile"
+  - "danger/**/*"
+  - "{,ee/}fixtures/**/*"
+  - "{,ee/}rubocop/**/*"
+  - "{,ee/}spec/**/*"
+  - "doc/README.md"  # Some RSpec test rely on this file
+
+# Make sure to update all the similar patterns in other CI config files if you modify these patterns
+.code-qa-patterns: &code-qa-patterns
+  - ".gitlab/ci/**/*"
+  - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
+  - ".csscomb.json"
+  - "Dockerfile.assets"
+  - "*_VERSION"
+  - "Gemfile{,.lock}"
+  - "Rakefile"
+  - "{babel.config,jest.config}.js"
+  - "config.ru"
+  - "{package.json,yarn.lock}"
+  - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+  - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
+  # QA changes
+  - ".dockerignore"
+  - "qa/**/*"
+
+# Make sure to update all the similar patterns in other CI config files if you modify these patterns
+.code-backstage-qa-patterns: &code-backstage-qa-patterns
+  - ".gitlab/ci/**/*"
+  - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml"
+  - ".csscomb.json"
+  - "Dockerfile.assets"
+  - "*_VERSION"
+  - "Gemfile{,.lock}"
+  - "Rakefile"
+  - "{babel.config,jest.config}.js"
+  - "config.ru"
+  - "{package.json,yarn.lock}"
+  - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
+  - "doc/api/graphql/reference/*" # Files in this folder are auto-generated
+  # Backstage changes
+  - "Dangerfile"
+  - "danger/**/*"
+  - "{,ee/}fixtures/**/*"
+  - "{,ee/}rubocop/**/*"
+  - "{,ee/}spec/**/*"
+  - "doc/README.md"  # Some RSpec test rely on this file
+  # QA changes
+  - ".dockerignore"
+  - "qa/**/*"
+
+.reports:rules:code_quality:
+  rules:
+    - if: '$CODE_QUALITY_DISABLED'
+      when: never
+    # - <<: *if-master-refs  # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
+    - <<: *if-default-refs
+      changes: *code-backstage-patterns
+
+.reports:rules:sast:
+  rules:
+    - if: '$SAST_DISABLED || $GITLAB_FEATURES !~ /\bsast\b/'
+      when: never
+    # - <<: *if-master-refs  # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
+    - <<: *if-default-refs
+      changes: *code-backstage-qa-patterns
+
+.reports:rules:dependency_scanning:
+  rules:
+    - if: '$DEPENDENCY_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\bdependency_scanning\b/'
+      when: never
+    # - <<: *if-master-refs  # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
+    - <<: *if-default-refs
+      changes: *code-backstage-qa-patterns
+
+.reports:rules:dast:
+  rules:
+    - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
+      when: never
+    - <<: *if-canonical-gitlab-merge-request
+      changes: *code-qa-patterns
+
 # include:
-#   - template: Code-Quality.gitlab-ci.yml
+#   - template: Jobs/Code-Quality.gitlab-ci.yml
 #   - template: Security/SAST.gitlab-ci.yml
 #   - template: Security/Dependency-Scanning.gitlab-ci.yml
 #   - template: Security/DAST.gitlab-ci.yml
@@ -10,8 +125,7 @@
 code_quality:
   extends:
     - .default-retry
-    - .default-only
-    - .only:changes-code-backstage
+    - .reports:rules:code_quality
   stage: test
   image: docker:stable
   allow_failure: true
@@ -38,12 +152,9 @@ code_quality:
     reports:
       codequality: gl-code-quality-report.json
     paths:
-      - gl-code-quality-report.json
-    expire_in: 1 week
+      - gl-code-quality-report.json  # GitLab-specific
+    expire_in: 1 week  # GitLab-specific
   dependencies: []
-  except:
-    variables:
-      - $CODE_QUALITY_DISABLED
 # We need to duplicate this job's definition because it seems it's impossible to
 # override an included `only.refs`.
@@ -53,16 +164,22 @@ code_quality:
 sast:
   extends:
     - .default-retry
-    - .default-only
-    - .only:changes-code-backstage-qa
+    - .reports:rules:sast
   stage: test
+  allow_failure: true
+  dependencies: []  # GitLab-specific
+  artifacts:
+    paths:
+      - gl-sast-report.json  # GitLab-specific
+    reports:
+      sast: gl-sast-report.json
+    expire_in: 1 week  # GitLab-specific
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
-    SAST_BRAKEMAN_LEVEL: 2
-    SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec
-  allow_failure: true
+    SAST_BRAKEMAN_LEVEL: 2  # GitLab-specific
+    SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec  # GitLab-specific
   services:
     - docker:stable-dind
   script:
@@ -73,61 +190,12 @@ sast:
           export DOCKER_HOST='tcp://localhost:2375'
         fi
       fi
-    - | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
-      function propagate_env_vars() {
-        CURRENT_ENV=$(printenv)
-
-        for VAR_NAME; do
-          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
-        done
-      }
     - |
-      docker run \
-        $(propagate_env_vars \
-          SAST_BANDIT_EXCLUDED_PATHS \
-          SAST_ANALYZER_IMAGES \
-          SAST_ANALYZER_IMAGE_PREFIX \
-          SAST_ANALYZER_IMAGE_TAG \
-          SAST_DEFAULT_ANALYZERS \
-          SAST_PULL_ANALYZER_IMAGES \
-          SAST_BRAKEMAN_LEVEL \
-          SAST_FLAWFINDER_LEVEL \
-          SAST_GITLEAKS_ENTROPY_LEVEL \
-          SAST_GOSEC_LEVEL \
-          SAST_EXCLUDED_PATHS \
-          SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
-          SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
-          SAST_RUN_ANALYZER_TIMEOUT \
-          SAST_JAVA_VERSION \
-          ANT_HOME \
-          ANT_PATH \
-          GRADLE_PATH \
-          JAVA_OPTS \
-          JAVA_PATH \
-          JAVA_8_VERSION \
-          JAVA_11_VERSION \
-          MAVEN_CLI_OPTS \
-          MAVEN_PATH \
-          MAVEN_REPO_PATH \
-          SBT_PATH \
-          FAIL_NEVER \
-        ) \
+      ENVS=`printenv | grep -vE '^(DOCKER_|CI|GITLAB_|FF_|HOME|PWD|OLDPWD|PATH|SHLVL|HOSTNAME)' | sed -n '/^[^\t]/s/=.*//p' | sed '/^$/d' | sed 's/^/-e /g' | tr '\n' ' '`
+      docker run "$ENVS" \
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
         "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
-  artifacts:
-    expire_in: 7 days
-    paths:
-      - gl-sast-report.json
-    reports:
-      sast: gl-sast-report.json
-  dependencies: []
-  only:
-    variables:
-      - $GITLAB_FEATURES =~ /\bsast\b/
-  except:
-    variables:
-      - $SAST_DISABLED
 # We need to duplicate this job's definition because it seems it's impossible to
 # override an included `only.refs`.
@@ -135,14 +203,13 @@ sast:
 dependency_scanning:
   extends:
     - .default-retry
-    - .default-only
-    - .only:changes-code-backstage-qa
+    - .reports:rules:dependency_scanning
   stage: test
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
-    DS_EXCLUDED_PATHS: "qa/qa/ee/fixtures/secure_premade_reports,spec,ee/spec"
+    DS_EXCLUDED_PATHS: "qa/qa/ee/fixtures/secure_premade_reports,spec,ee/spec"  # GitLab-specific
   allow_failure: true
   services:
     - docker:stable-dind
@@ -174,23 +241,29 @@ dependency_scanning:
           DS_PULL_ANALYZER_IMAGE_TIMEOUT \
           DS_RUN_ANALYZER_TIMEOUT \
           DS_PYTHON_VERSION \
+          DS_PIP_VERSION \
           DS_PIP_DEPENDENCY_PATH \
+          GEMNASIUM_DB_LOCAL_PATH \
+          GEMNASIUM_DB_REMOTE_URL \
+          GEMNASIUM_DB_REF_NAME \
           PIP_INDEX_URL \
           PIP_EXTRA_INDEX_URL \
+          PIP_REQUIREMENTS_FILE \
+          MAVEN_CLI_OPTS \
+          BUNDLER_AUDIT_UPDATE_DISABLED \
+          BUNDLER_AUDIT_ADVISORY_DB_URL \
+          BUNDLER_AUDIT_ADVISORY_DB_REF_NAME \
         ) \
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
         "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
   artifacts:
+    paths:
+      - gl-dependency-scanning-report.json  # GitLab-specific
     reports:
       dependency_scanning: gl-dependency-scanning-report.json
+    expire_in: 1 week  # GitLab-specific
   dependencies: []
-  only:
-    variables:
-      - $GITLAB_FEATURES =~ /\bdependency_scanning\b/
-  except:
-    variables:
-      - $DEPENDENCY_SCANNING_DISABLED
 # We need to duplicate this job's definition because it seems it's impossible to
 # override an included `only.refs`.
@@ -198,40 +271,38 @@ dependency_scanning:
 dast:
   extends:
     - .default-retry
-    - .default-only
-    - .only:changes-code-qa
-    - .only-review
-  stage: qa
-  needs: ["review-deploy"]
-  dependencies: ["review-deploy"]
-  before_script:
-    - export DAST_WEBSITE="$(cat review_app_url.txt)"
+    - .reports:rules:dast
+  needs:
+    - job: review-deploy
+      artifacts: true
+  stage: qa  # GitLab-specific
   image:
-    name: "registry.gitlab.com/gitlab-org/security-products/dast:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable"
+    name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
   variables:
-  # URL to scan:
-  # DAST_WEBSITE: https://example.com/
-  #
-  # Time limit for target availability (scan is attempted even when timeout):
-  # DAST_TARGET_AVAILABILITY_TIMEOUT: 60
-  #
-  # Set these variables to scan with an authenticated user:
-  # DAST_AUTH_URL: https://example.com/sign-in
-  # DAST_USERNAME: john.doe@example.com
-  # DAST_PASSWORD: john-doe-password
-  # DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form
-  # DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form
-  # DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional: URLs to skip during the authenticated scan; comma-separated, no spaces in between
-  #
-  # Perform ZAP Full Scan, which includes both passive and active scanning:
-  # DAST_FULL_SCAN_ENABLED: "true"
+    # To be done in a later iteration
+    # DAST_USERNAME: "root"
+    # DAST_USERNAME_FIELD: "user[login]"
+    # DAST_PASSWORD_FIELD: "user[passowrd]"
   allow_failure: true
   script:
-    - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
+    - 'export DAST_WEBSITE="${DAST_WEBSITE:-$(cat environment_url.txt)}"'
+    # To be done in a later iteration
+    # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"'
+    # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"'
     - /analyze -t $DAST_WEBSITE
   artifacts:
-    expire_in: 7 days
     paths:
-      - gl-dast-report.json
+      - gl-dast-report.json  # GitLab-specific
     reports:
       dast: gl-dast-report.json
+    expire_in: 1 week  # GitLab-specific
+
+# To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
+# schedule:dast:
+#   extends: dast
+#   rules:
+#     - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
+#       when: never
+#     - <<: *if-canonical-dot-com-gitlab-org-group-schedule
+#   variables:
+#     DAST_FULL_SCAN_ENABLED: "true"

.gitlab/ci/review.gitlab-ci.yml

@@ -148,7 +148,7 @@ review-deploy:
     - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
     - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
     - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
-    - echo "${CI_ENVIRONMENT_URL}" > review_app_url.txt
+    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
     - source ./scripts/utils.sh
     - install_api_client_dependencies_with_apk
     - source scripts/review_apps/review-apps.sh
@@ -161,7 +161,7 @@ review-deploy:
     - date
     - deploy || (display_deployment_debug && exit 1)
   artifacts:
-    paths: [review_app_url.txt]
+    paths: [environment_url.txt]
     expire_in: 2 days
     when: always
@@ -216,7 +216,7 @@ review-stop:
   before_script:
     - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"'
     - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}"
-    - export CI_ENVIRONMENT_URL="$(cat review_app_url.txt)"
+    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
     - echo "${CI_ENVIRONMENT_URL}"
     - echo "${QA_IMAGE}"
     - source scripts/utils.sh
@@ -255,7 +255,7 @@ review-performance:
       artifacts: true
   allow_failure: true
   before_script:
-    - export CI_ENVIRONMENT_URL="$(cat review_app_url.txt)"
+    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
     - echo "${CI_ENVIRONMENT_URL}"
     - mkdir -p gitlab-exporter
     - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js

app/assets/javascripts/clusters/stores/clusters_store.js

@@ -257,6 +257,7 @@ export default class ClusterStore {
       name: environment.name,
       project: environment.project,
       environmentPath: environment.environment_path,
+      logsPath: environment.logs_path,
       lastDeployment: environment.last_deployment,
       rolloutStatus: {
         status: environment.rollout_status ? environment.rollout_status.status : null,

app/assets/javascripts/diffs/components/diff_line_gutter_content.vue

-<script>
-import { mapState, mapGetters, mapActions } from 'vuex';
-import { getParameterByName, parseBoolean } from '~/lib/utils/common_utils';
-import Icon from '~/vue_shared/components/icon.vue';
-import DiffGutterAvatars from './diff_gutter_avatars.vue';
-import { LINE_POSITION_RIGHT } from '../constants';
-
-export default {
-  components: {
-    DiffGutterAvatars,
-    Icon,
-  },
-  props: {
-    line: {
-      type: Object,
-      required: true,
-    },
-    fileHash: {
-      type: String,
-      required: true,
-    },
-    contextLinesPath: {
-      type: String,
-      required: true,
-    },
-    lineNumber: {
-      type: Number,
-      required: false,
-      default: 0,
-    },
-    linePosition: {
-      type: String,
-      required: false,
-      default: '',
-    },
-    showCommentButton: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-    isBottom: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-    isMatchLine: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-    isMetaLine: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-    isContextLine: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-    isHover: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
-  },
-  computed: {
-    ...mapState({
-      diffViewType: state => state.diffs.diffViewType,
-      diffFiles: state => state.diffs.diffFiles,
-    }),
-    ...mapGetters(['isLoggedIn']),
-    lineCode() {
-      return (
-        this.line.line_code ||
-        (this.line.left && this.line.left.line_code) ||
-        (this.line.right && this.line.right.line_code)
-      );
-    },
-    lineHref() {
-      return `#${this.line.line_code || ''}`;
-    },
-    shouldShowCommentButton() {
-      return (
-        this.isHover &&
-        !this.isMatchLine &&
-        !this.isContextLine &&
-        !this.isMetaLine &&
-        !this.hasDiscussions
-      );
-    },
-    hasDiscussions() {
-      return this.line.discussions && this.line.discussions.length > 0;
-    },
-    shouldShowAvatarsOnGutter() {
-      if (!this.line.type && this.linePosition === LINE_POSITION_RIGHT) {
-        return false;
-      }
-      return this.showCommentButton && this.hasDiscussions;
-    },
-    shouldRenderCommentButton() {
-      const isDiffHead = parseBoolean(getParameterByName('diff_head'));
-      return !isDiffHead && this.isLoggedIn && this.showCommentButton;
-    },
-  },
-  methods: {
-    ...mapActions('diffs', [
-      'loadMoreLines',
-      'showCommentForm',
-      'setHighlightedRow',
-      'toggleLineDiscussions',
-      'toggleLineDiscussionWrappers',
-    ]),
-    handleCommentButton() {
-      this.showCommentForm({ lineCode: this.line.line_code, fileHash: this.fileHash });
-    },
-  },
-};
-</script>
-
-<template>
-  <div>
-    <button
-      v-if="shouldRenderCommentButton"
-      v-show="shouldShowCommentButton"
-      type="button"
-      class="add-diff-note js-add-diff-note-button qa-diff-comment"
-      title="Add a comment to this line"
-      @click="handleCommentButton"
-    >
-      <icon :size="12" name="comment" />
-    </button>
-    <a
-      v-if="lineNumber"
-      ref="lineNumberRef"
-      :data-linenumber="lineNumber"
-      :href="lineHref"
-      @click="setHighlightedRow(lineCode)"
-    >
-    </a>
-    <diff-gutter-avatars
-      v-if="shouldShowAvatarsOnGutter"
-      :discussions="line.discussions"
-      :discussions-expanded="line.discussionsExpanded"
-      @toggleLineDiscussions="
-        toggleLineDiscussions({ lineCode, fileHash, expanded: !line.discussionsExpanded })
-      "
-    />
-  </div>
-</template>

app/assets/javascripts/diffs/components/diff_table_cell.vue

 <script>
 import { mapGetters, mapActions } from 'vuex';
-import DiffLineGutterContent from './diff_line_gutter_content.vue';
+import { GlIcon } from '@gitlab/ui';
+import { getParameterByName, parseBoolean } from '~/lib/utils/common_utils';
+import DiffGutterAvatars from './diff_gutter_avatars.vue';
 import {
   MATCH_LINE_TYPE,
   CONTEXT_LINE_TYPE,
+  LINE_POSITION_RIGHT,
   EMPTY_CELL_TYPE,
   OLD_LINE_TYPE,
   OLD_NO_NEW_LINE_TYPE,
   NEW_NO_NEW_LINE_TYPE,
   LINE_HOVER_CLASS_NAME,
   LINE_UNFOLD_CLASS_NAME,
-  INLINE_DIFF_VIEW_TYPE,
 } from '../constants';
 export default {
   components: {
-    DiffLineGutterContent,
+    DiffGutterAvatars,
+    GlIcon,
   },
   props: {
     line: {
@@ -33,12 +36,6 @@ export default {
     isHighlighted: {
       type: Boolean,
       required: true,
-      default: false,
-    },
-    diffViewType: {
-      type: String,
-      required: false,
-      default: INLINE_DIFF_VIEW_TYPE,
     },
     showCommentButton: {
       type: Boolean,
@@ -73,6 +70,38 @@ export default {
   },
   computed: {
     ...mapGetters(['isLoggedIn']),
+    lineCode() {
+      return (
+        this.line.line_code ||
+        (this.line.left && this.line.left.line_code) ||
+        (this.line.right && this.line.right.line_code)
+      );
+    },
+    lineHref() {
+      return `#${this.line.line_code || ''}`;
+    },
+    shouldShowCommentButton() {
+      return (
+        this.isHover &&
+        !this.isMatchLine &&
+        !this.isContextLine &&
+        !this.isMetaLine &&
+        !this.hasDiscussions
+      );
+    },
+    hasDiscussions() {
+      return this.line.discussions && this.line.discussions.length > 0;
+    },
+    shouldShowAvatarsOnGutter() {
+      if (!this.line.type && this.linePosition === LINE_POSITION_RIGHT) {
+        return false;
+      }
+      return this.showCommentButton && this.hasDiscussions;
+    },
+    shouldRenderCommentButton() {
+      const isDiffHead = parseBoolean(getParameterByName('diff_head'));
+      return !isDiffHead && this.isLoggedIn && this.showCommentButton;
+    },
     isMatchLine() {
       return this.line.type === MATCH_LINE_TYPE;
     },
@@ -107,24 +136,45 @@ export default {
       return this.lineType === OLD_LINE_TYPE ? this.line.old_line : this.line.new_line;
     },
   },
-  methods: mapActions('diffs', ['setHighlightedRow']),
+  methods: {
+    ...mapActions('diffs', ['showCommentForm', 'setHighlightedRow', 'toggleLineDiscussions']),
+    handleCommentButton() {
+      this.showCommentForm({ lineCode: this.line.line_code, fileHash: this.fileHash });
+    },
+  },
 };
 </script>
 <template>
-  <td :class="classNameMap">
-    <diff-line-gutter-content
-      :line="line"
-      :file-hash="fileHash"
-      :context-lines-path="contextLinesPath"
-      :line-position="linePosition"
-      :line-number="lineNumber"
-      :show-comment-button="showCommentButton"
-      :is-hover="isHover"
-      :is-bottom="isBottom"
-      :is-match-line="isMatchLine"
-      :is-context-line="isContentLine"
-      :is-meta-line="isMetaLine"
-    />
+  <td ref="td" :class="classNameMap">
+    <div>
+      <button
+        v-if="shouldRenderCommentButton"
+        v-show="shouldShowCommentButton"
+        ref="addDiffNoteButton"
+        type="button"
+        class="add-diff-note js-add-diff-note-button qa-diff-comment"
+        title="Add a comment to this line"
+        @click="handleCommentButton"
+      >
+        <gl-icon :size="12" name="comment" />
+      </button>
+      <a
+        v-if="lineNumber"
+        ref="lineNumberRef"
+        :data-linenumber="lineNumber"
+        :href="lineHref"
+        @click="setHighlightedRow(lineCode)"
+      >
+      </a>
+      <diff-gutter-avatars
+        v-if="shouldShowAvatarsOnGutter"
+        :discussions="line.discussions"
+        :discussions-expanded="line.discussionsExpanded"
+        @toggleLineDiscussions="
+          toggleLineDiscussions({ lineCode, fileHash, expanded: !line.discussionsExpanded })
+        "
+      />
+    </div>
   </td>
 </template>

app/assets/javascripts/environments/components/environments_table.vue

@@ -162,8 +162,7 @@ export default {
             :is-loading="model.isLoadingDeployBoard"
             :is-empty="model.isEmptyDeployBoard"
             :has-legacy-app-label="model.hasLegacyAppLabel"
-            :project-path="model.project_path"
-            :environment-name="model.name"
+            :logs-path="model.logs_path"
           />
         </div>
       </div>

app/assets/javascripts/error_tracking/details.js

@@ -8,28 +8,30 @@ import csrf from '~/lib/utils/csrf';
 Vue.use(VueApollo);
 export default () => {
+  const selector = '#js-error_details';
+
+  const domEl = document.querySelector(selector);
+  const {
+    issueId,
+    projectPath,
+    issueUpdatePath,
+    issueStackTracePath,
+    projectIssuesPath,
+  } = domEl.dataset;
+
   const apolloProvider = new VueApollo({
     defaultClient: createDefaultClient(),
   });
   // eslint-disable-next-line no-new
   new Vue({
-    el: '#js-error_details',
+    el: selector,
     apolloProvider,
     components: {
       ErrorDetails,
     },
     store,
     render(createElement) {
-      const domEl = document.querySelector(this.$options.el);
-      const {
-        issueId,
-        projectPath,
-        issueUpdatePath,
-        issueStackTracePath,
-        projectIssuesPath,
-      } = domEl.dataset;
-
       return createElement('error-details', {
         props: {
           issueId,

app/assets/javascripts/error_tracking/list.js

@@ -4,27 +4,29 @@ import store from './store';
 import ErrorTrackingList from './components/error_tracking_list.vue';
 export default () => {
+  const selector = '#js-error_tracking';
+
+  const domEl = document.querySelector(selector);
+  const {
+    indexPath,
+    enableErrorTrackingLink,
+    illustrationPath,
+    projectPath,
+    listPath,
+  } = domEl.dataset;
+  let { errorTrackingEnabled, userCanEnableErrorTracking } = domEl.dataset;
+
+  errorTrackingEnabled = parseBoolean(errorTrackingEnabled);
+  userCanEnableErrorTracking = parseBoolean(userCanEnableErrorTracking);
+
   // eslint-disable-next-line no-new
   new Vue({
-    el: '#js-error_tracking',
+    el: selector,
     components: {
       ErrorTrackingList,
     },
     store,
     render(createElement) {
-      const domEl = document.querySelector(this.$options.el);
-      const {
-        indexPath,
-        enableErrorTrackingLink,
-        illustrationPath,
-        projectPath,
-        listPath,
-      } = domEl.dataset;
-      let { errorTrackingEnabled, userCanEnableErrorTracking } = domEl.dataset;
-
-      errorTrackingEnabled = parseBoolean(errorTrackingEnabled);
-      userCanEnableErrorTracking = parseBoolean(userCanEnableErrorTracking);
-
       return createElement('error-tracking-list', {
         props: {
           indexPath,

app/assets/javascripts/monitoring/components/charts/time_series.vue

@@ -18,6 +18,17 @@ import {
 import { makeDataSeries } from '~/helpers/monitor_helper';
 import { graphDataValidatorForValues } from '../../utils';
+/**
+ * A "virtual" coordinates system for the deployment icons.
+ * Deployment icons are displayed along the [min, max]
+ * range at height `pos`.
+ */
+const deploymentYAxisCoords = {
+  min: 0,
+  pos: 3, // 3% height of chart's grid
+  max: 100,
+};
+
 const THROTTLED_DATAZOOM_WAIT = 1000; // miliseconds
 const timestampToISODate = timestamp => new Date(timestamp).toISOString();
@@ -145,10 +156,33 @@ export default {
       }, []);
     },
     chartOptionSeries() {
-      return (this.option.series || []).concat(this.scatterSeries ? [this.scatterSeries] : []);
+      return (this.option.series || []).concat(
+        this.deploymentSeries ? [this.deploymentSeries] : [],
+      );
     },
     chartOptions() {
       const option = omit(this.option, 'series');
+
+      const dataYAxis = {
+        name: this.yAxisLabel,
+        nameGap: 50, // same as gitlab-ui's default
+        nameLocation: 'center', // same as gitlab-ui's default
+        boundaryGap: [0.1, 0.1],
+        scale: true,
+        axisLabel: {
+          formatter: num => roundOffFloat(num, 3).toString(),
+        },
+      };
+      const deploymentsYAxis = {
+        show: false,
+        min: deploymentYAxisCoords.min,
+        max: deploymentYAxisCoords.max,
+        axisLabel: {
+          // formatter fn required to trigger tooltip re-positioning
+          formatter: () => {},
+        },
+      };
+
       return {
         series: this.chartOptionSeries,
         xAxis: {
@@ -161,12 +195,7 @@ export default {
             snap: true,
           },
         },
-        yAxis: {
-          name: this.yAxisLabel,
-          axisLabel: {
-            formatter: num => roundOffFloat(num, 3).toString(),
-          },
-        },
+        yAxis: [dataYAxis, deploymentsYAxis],
         dataZoom: [this.dataZoomConfig],
         ...option,
       };
@@ -228,10 +257,16 @@ export default {
         return acc;
       }, []);
     },
-    scatterSeries() {
+    deploymentSeries() {
       return {
         type: graphTypes.deploymentData,
-        data: this.recentDeployments.map(deployment => [deployment.createdAt, 0]),
+
+        yAxisIndex: 1, // deploymentsYAxis index
+        data: this.recentDeployments.map(deployment => [
+          deployment.createdAt,
+          deploymentYAxisCoords.pos,
+        ]),
+
         symbol: this.svgs.rocket,
         symbolSize: symbolSizes.default,
         itemStyle: {
@@ -265,6 +300,7 @@ export default {
     formatTooltipText(params) {
       this.tooltip.title = dateFormat(params.value, dateFormats.default);
       this.tooltip.content = [];
+
       params.seriesData.forEach(dataPoint => {
         if (dataPoint.value) {
           const [xVal, yVal] = dataPoint.value;

app/assets/javascripts/registry/shared/components/expiration_policy_fields.vue

@@ -82,7 +82,7 @@ export default {
     regexHelpText() {
       return sprintf(
         s__(
-          'ContainerRegistry|Wildcards such as %{codeStart}*-stable%{codeEnd} or %{codeStart}production/*%{codeEnd} are supported.  To select all tags, use %{codeStart}.*%{codeEnd}',
+          'ContainerRegistry|Wildcards such as %{codeStart}.*-stable%{codeEnd} or %{codeStart}production/.*%{codeEnd} are supported.  To select all tags, use %{codeStart}.*%{codeEnd}',
         ),
         {
           codeStart: '<code>',

app/assets/javascripts/snippet/collapsible_input.js

+const hide = el => el.classList.add('d-none');
+const show = el => el.classList.remove('d-none');
+
+const setupCollapsibleInput = el => {
+  const collapsedEl = el.querySelector('.js-collapsed');
+  const expandedEl = el.querySelector('.js-expanded');
+  const collapsedInputEl = collapsedEl.querySelector('textarea,input,select');
+  const expandedInputEl = expandedEl.querySelector('textarea,input,select');
+  const formEl = el.closest('form');
+
+  const collapse = () => {
+    hide(expandedEl);
+    show(collapsedEl);
+  };
+
+  const expand = () => {
+    hide(collapsedEl);
+    show(expandedEl);
+  };
+
+  // NOTE:
+  // We add focus listener to all form inputs so that we can collapse
+  // when something is focused that's not the expanded input.
+  formEl.addEventListener('focusin', e => {
+    if (e.target === collapsedInputEl) {
+      expand();
+      expandedInputEl.focus();
+    } else if (!el.contains(e.target) && !expandedInputEl.value) {
+      collapse();
+    }
+  });
+};
+
+/**
+ * Usage in HAML
+ *
+ * .js-collapsible-input
+ *   .js-collapsed{ class: ('d-none' if is_expanded) }
+ *     = input
+ *   .js-expanded{ class: ('d-none' if !is_expanded) }
+ *     = big_input
+ */
+export default () => {
+  Array.from(document.querySelectorAll('.js-collapsible-input')).forEach(setupCollapsibleInput);
+};

app/assets/javascripts/snippet/snippet_bundle.js

 /* global ace */
 import $ from 'jquery';
+import setupCollapsibleInputs from './collapsible_input';
 export default () => {
   const editor = ace.edit('editor');
@@ -8,4 +9,6 @@ export default () => {
   $('.snippet-form-holder form').on('submit', () => {
     $('.snippet-file-content').val(editor.getValue());
   });
+
+  setupCollapsibleInputs();
 };

app/controllers/admin/users_controller.rb

@@ -75,7 +75,9 @@ class Admin::UsersController < Admin::ApplicationController
   end
   def block
-    if update_user { |user| user.block }
+    result = Users::BlockService.new(current_user).execute(user)
+
+    if result[:status] = :success
       redirect_back_or_admin_user(notice: _("Successfully blocked"))
     else
       redirect_back_or_admin_user(alert: _("Error occurred. User was not blocked"))

app/helpers/projects_helper.rb

@@ -717,6 +717,6 @@ module ProjectsHelper
   def settings_container_registry_expiration_policy_available?(project)
     Feature.enabled?(:registry_retention_policies_settings, project) &&
       Gitlab.config.registry.enabled &&
-      can?(current_user, :read_container_image, project)
+      can?(current_user, :destroy_container_image, project)
   end
 end

app/models/commit.rb

@@ -244,6 +244,8 @@ class Commit
   # Discover issues should be closed when this commit is pushed to a project's
   # default branch.
   def closes_issues(current_user = self.committer)
+    return unless repository.repo_type.project?
+
     Gitlab::ClosingIssueExtractor.new(project, current_user).closed_by_message(safe_message)
   end
@@ -297,7 +299,11 @@ class Commit
   end
   def merge_requests
-    @merge_requests ||= project&.merge_requests&.by_commit_sha(sha)
+    strong_memoize(:merge_requests) do
+      next MergeRequest.none unless repository.repo_type.project? && project
+
+      project.merge_requests.by_commit_sha(sha)
+    end
   end
   def method_missing(method, *args, &block)
@@ -507,7 +513,7 @@ class Commit
   end
   def commit_reference(from, referable_commit_id, full: false)
-    base = project&.to_reference_base(from, full: full)
+    base = container.to_reference_base(from, full: full)
     if base.present?
       "#{base}#{self.class.reference_prefix}#{referable_commit_id}"

app/models/concerns/has_repository.rb

 # frozen_string_literal: true
+# This concern is created to handle repository actions.
+# It should be include inside any object capable
+# of directly having a repository, like project or snippet.
+#
+# It also includes `Referable`, therefore the method
+# `to_reference` should be overriden in case the object
+# needs any special behavior.
 module HasRepository
   extend ActiveSupport::Concern
   include Gitlab::ShellAdapter
   include AfterCommitQueue
+  include Referable
   include Gitlab::Utils::StrongMemoize
   delegate :base_dir, :disk_path, to: :storage

app/models/personal_snippet.rb

@@ -2,4 +2,8 @@
 class PersonalSnippet < Snippet
   include WithUploads
+
+  def web_url(only_path: nil)
+    Gitlab::Routing.url_helpers.snippet_url(self, only_path: only_path)
+  end
 end

app/models/project.rb

@@ -9,7 +9,6 @@ class Project < ApplicationRecord
   include AccessRequestable
   include Avatarable
   include CacheMarkdownField
-  include Referable
   include Sortable
   include AfterCommitQueue
   include CaseSensitivity
@@ -2336,6 +2335,10 @@ class Project < ApplicationRecord
     false
   end
+  def self_monitoring?
+    Gitlab::CurrentSettings.self_monitoring_project_id == id
+  end
+
   private
   def closest_namespace_setting(name)

app/models/project_snippet.rb

@@ -5,4 +5,8 @@ class ProjectSnippet < Snippet
   validates :project, presence: true
   validates :secret, inclusion: { in: [false] }
+
+  def web_url(only_path: nil)
+    Gitlab::Routing.url_helpers.project_snippet_url(project, self, only_path: only_path)
+  end
 end

app/models/repository.rb

@@ -1131,7 +1131,11 @@ class Repository
   end
   def project
-    container
+    if repo_type.snippet?
+      container.project
+    else
+      container
+    end
   end
   private
@@ -1145,7 +1149,7 @@ class Repository
                Gitlab::Git::Commit.find(raw_repository, oid_or_ref)
              end
-    ::Commit.new(commit, project) if commit
+    ::Commit.new(commit, container) if commit
   end
   def cache