Add latest changes from gitlab-org/gitlab@master

doc/administration/geo/replication/database.md

@@ -457,7 +457,7 @@ The replication process is now complete.
 ## PgBouncer support (optional)
-[PgBouncer](http://pgbouncer.github.io/) may be used with GitLab Geo to pool
+[PgBouncer](https://www.pgbouncer.org/) may be used with GitLab Geo to pool
 PostgreSQL connections. We recommend using PgBouncer if you use GitLab in a
 high-availability configuration with a cluster of nodes supporting a Geo
 **primary** node and another cluster of nodes supporting a Geo **secondary** node. For more

doc/administration/high_availability/pgbouncer.md

@@ -4,7 +4,7 @@ type: reference
 # Working with the bundle PgBouncer service
-As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://pgbouncer.github.io/) that can be managed through `/etc/gitlab/gitlab.rb`.
+As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://www.pgbouncer.org/) that can be managed through `/etc/gitlab/gitlab.rb`.
 In a High Availability setup, PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario.
@@ -177,7 +177,7 @@ If you enable Monitoring, it must be enabled on **all** PgBouncer servers.
 #### Administrative console
-As part of Omnibus GitLab, we provide a command `gitlab-ctl pgb-console` to automatically connect to the PgBouncer administrative console. Please see the [PgBouncer documentation](https://pgbouncer.github.io/usage.html#admin-console) for detailed instructions on how to interact with the console.
+As part of Omnibus GitLab, we provide a command `gitlab-ctl pgb-console` to automatically connect to the PgBouncer administrative console. Please see the [PgBouncer documentation](https://www.pgbouncer.org/usage.html#admin-console) for detailed instructions on how to interact with the console.
 To start a session, run

doc/administration/high_availability/redis.md

@@ -491,7 +491,7 @@ multiple machines with the Sentinel daemon.
 1. **You can omit this step if the Sentinels will be hosted in the same node as
    the other Redis instances.**
-   [Download/install](https://about.gitlab.com/downloads-ee) the
+   [Download/install](https://about.gitlab.com/install/) the
    Omnibus GitLab Enterprise Edition package using **steps 1 and 2** from the
    GitLab downloads page.
    - Make sure you select the correct Omnibus package, with the same version

doc/administration/packages/container_registry.md

@@ -877,6 +877,6 @@ The above image shows:
 - The HEAD request to the AWS bucket reported a 403 Unauthorized.
 What does this mean? This strongly suggests that the S3 user does not have the right
-[permissions to perform a HEAD request](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectHEAD.html).
+[permissions to perform a HEAD request](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html).
 The solution: check the [IAM permissions again](https://docs.docker.com/registry/storage-drivers/s3/).
 Once the right permissions were set, the error will go away.

doc/api/services.md

@@ -605,7 +605,7 @@ Set Jira service for a project.
 > Starting with GitLab 8.14, `api_url`, `issues_url`, `new_issue_url` and
 > `project_url` are replaced by `url`. If you are using an
-> older version, [follow this documentation][old-jira-api].
+> older version, [follow this documentation](https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable-ee/doc/api/services.md#jira).
 ```
 PUT /projects/:id/services/jira
@@ -1224,9 +1224,6 @@ Get Jenkins CI (Deprecated) service settings for a project.
 GET /projects/:id/services/jenkins-deprecated
 ```
-[jira-doc]: ../user/project/integrations/jira.md
-[old-jira-api]: https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable/doc/api/services.md#jira
-
 ## MockCI
 Mock an external CI. See [`gitlab-org/gitlab-mock-ci-service`](https://gitlab.com/gitlab-org/gitlab-mock-ci-service) for an example of a companion mock service.

doc/ci/docker/using_docker_build.md

@@ -174,7 +174,7 @@ support this.
    The above command will register a new Runner to use the special
    `docker:19.03.1` image, which is provided by Docker. **Notice that it's
    using the `privileged` mode to start the build and service
-   containers.** If you want to use [docker-in-docker] mode, you always
+   containers.** If you want to use [docker-in-docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always
    have to use `privileged = true` in your Docker containers.
    This will also mount `/certs/client` for the service and build
@@ -723,7 +723,6 @@ or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html) execut
 make sure that [`pull_policy`](https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work)
 is set to `always`.
-[docker-in-docker]: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
 [docker-cap]: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
 [2fa]: ../../user/profile/account/two_factor_authentication.md
 [pat]: ../../user/profile/personal_access_tokens.md

doc/ci/yaml/README.md

@@ -999,12 +999,11 @@ docker build:
       when: delayed
       start_in: '3 hours'
     - when: on_success # Otherwise include the job and set to run normally
-
 ```
 Additional job configuration may be added to rules in the future. If something
 useful isn't available, please
-[open an issue](https://www.gitlab.com/gitlab-org/gitlab/issues).
+[open an issue](https://gitlab.com/gitlab-org/gitlab/issues).
 ### `tags`

doc/development/testing_guide/end_to_end/flows.md

+# Flows in GitLab QA
+
+Flows are frequently used sequences of actions. They are a higher level
+of abstraction than page objects. Flows can include multiple page objects,
+or any other relevant code.
+
+For example, the sign in flow encapsulates two steps that are included
+in every browser UI test.
+
+```ruby
+# QA::Flow::Login
+
+def sign_in(as: nil)
+  Runtime::Browser.visit(:gitlab, Page::Main::Login)
+  Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as) }
+end
+
+# When used in a test
+
+it 'performs a test after signing in as the default user' do
+  Flow::Login.sign_in
+
+  # Perform the test
+end
+```
+
+`QA::Flow::Login` provides an even more useful flow, allowing a test to easily switch users.
+
+```ruby
+# QA::Flow::Login
+
+def while_signed_in(as: nil)
+  Page::Main::Menu.perform(&:sign_out_if_signed_in)
+
+  sign_in(as: as)
+
+  yield
+
+  Page::Main::Menu.perform(&:sign_out)
+end
+
+# When used in a test
+
+it 'performs a test as one user and verifies as another' do
+  user1 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
+  user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
+
+  Flow::Login.while_signed_in(as: user1) do
+    # Perform some setup as user1
+  end
+
+  Flow::Login.sign_in(as: user2)
+
+  # Perform the rest of the test as user2
+end
+```

doc/development/testing_guide/end_to_end/index.md

@@ -131,6 +131,7 @@ Continued reading:
 - [Style Guide](style_guide.md)
 - [Best Practices](best_practices.md)
 - [Testing with feature flags](feature_flags.md)
+- [Flows](flows.md)
 ## Where can I ask for help?

doc/integration/bitbucket.md

@@ -24,7 +24,7 @@ Bitbucket.org.
 GitLab 8.15 significantly simplified the way to integrate Bitbucket.org with
 GitLab. You are encouraged to upgrade your GitLab instance if you haven't done so
 already. If you're using GitLab 8.14 or below, [use the previous integration
-docs][bb-old].
+docs](https://gitlab.com/gitlab-org/gitlab/blob/8-14-stable-ee/doc/integration/bitbucket.md).
 To enable the Bitbucket OmniAuth provider you must register your application
 with Bitbucket.org. Bitbucket will generate an application ID and secret key for
@@ -135,9 +135,6 @@ GitLab and [start importing your projects][bb-import].
 If you want to import projects from Bitbucket, but don't want to enable signing in,
 you can [disable Sign-Ins in the admin panel](omniauth.md#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
-[init-oauth]: omniauth.md#initial-omniauth-configuration
 [bb-import]: ../user/project/import/bitbucket.md
-[bb-old]: https://gitlab.com/gitlab-org/gitlab/blob/8-14-stable/doc/integration/bitbucket.md
-[bitbucket-docs]: https://confluence.atlassian.com/bitbucket/use-the-ssh-protocol-with-bitbucket-cloud-221449711.html#UsetheSSHprotocolwithBitbucketCloud-KnownhostorBitbucket%27spublickeyfingerprints
 [reconfigure GitLab]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
 [restart]: ../administration/restart_gitlab.md#installations-from-source

doc/integration/saml.md

@@ -572,7 +572,7 @@ installations from source. Restart Unicorn using the `sudo gitlab-ctl restart un
 command on Omnibus installations and `sudo service gitlab restart` on installations
 from source.
-You may also find the [SSO Tracer](https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/)
+You may also find the [SAML Tracer](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)
 (Firefox) and [SAML Chrome Panel](https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace)
 (Chrome) browser extensions useful in your debugging.

doc/integration/ultra_auth.md

@@ -8,7 +8,7 @@ To enable UltraAuth OmniAuth provider, you must use UltraAuth's credentials for
 To get the credentials (a pair of Client ID and Client Secret), you must register an application on UltraAuth.
 1. Sign in to [UltraAuth](https://ultraauth.com).
-1. Navigate to [Create an App](https://ultraauth.com/select-strategy) and click on "Ruby on Rails".
+1. Navigate to **Create an App** and click on **Ruby on Rails**.
 1. Scroll down the page that is displayed to locate the **Client ID** and **Client Secret**.
    Keep this page open as you continue configuration.

doc/topics/autodevops/index.md

@@ -112,7 +112,7 @@ To make full use of Auto DevOps, you will need:
      NOTE: **Note:**
      If you are using your own Ingress instead of the one provided by GitLab's managed
      apps, ensure you are running at least version 0.9.0 of NGINX Ingress and
-     [enable Prometheus metrics](https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/customization/custom-vts-metrics-prometheus/nginx-vts-metrics-conf.yaml)
+     [enable Prometheus metrics](https://github.com/helm/charts/tree/master/stable/nginx-ingress#prometheus-metrics)
      in order for the response metrics to appear. You will also have to
      [annotate](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
      the NGINX Ingress deployment to be scraped by Prometheus using
@@ -698,6 +698,27 @@ workers:
     terminationGracePeriodSeconds: 60
 ```
+#### Running commands in the container
+
+Applications built with [Auto Build](#auto-build) using Herokuish, the default
+unless you have [a custom Dockerfile](#auto-build-using-a-dockerfile), may require
+commands to be wrapped as follows:
+
+```shell
+/bin/herokuish procfile exec $COMMAND
+```
+
+This might be neccessary, for example, when:
+
+- Attaching using `kubectl exec`.
+- Using GitLab's [Web Terminal](../../ci/environments.md#web-terminals).
+
+For example, to start a Rails console from the application root directory, run:
+
+```sh
+/bin/herokuish procfile exec bin/rails c
+```
+
 ### Auto Monitoring
 Once your application is deployed, Auto Monitoring makes it possible to monitor

doc/user/profile/account/activating_deactivating_users.md → doc/user/admin_area/activating_deactivating_users.md

@@ -4,13 +4,17 @@ type: howto
 # Activating and deactivating users
+GitLab administrators can deactivate and activate users.
+
 ## Deactivating a user
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
-In order to temporarily prevent access by a GitLab user that has no recent activity, administrators can choose to deactivate the user.
-Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md), with the following differences:
+In order to temporarily prevent access by a GitLab user that has no recent activity, administrators
+can choose to deactivate the user.
+Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md),
+with the following differences:
 - It does not prohibit the user from logging back in via the UI.
 - Once a deactivated user logs back into the GitLab UI, their account is set to active.
@@ -19,11 +23,11 @@ A deactivated user:
 - Cannot access Git repositories or the API.
 - Will not receive any notifications from GitLab.
-- Will not be able to use [slash commands](../../../integration/slash_commands.md).
-Personal projects, group and user history of the deactivated user will be left intact.
-A user can be deactivated from the Admin area. To do this:
+- Will not be able to use [slash commands](../../integration/slash_commands.md).
+Personal projects, and group and user history of the deactivated user will be left intact.
+A user can be deactivated from the Admin Area. To do this:
 1. Navigate to  **Admin Area > Overview > Users**.
 1. Select a user.
@@ -34,16 +38,16 @@ Please note that for the deactivation option to be visible to an admin, the user
 - Must be currently active.
 - Should not have any activity in the last 180 days.
-Users can also be deactivated using the [GitLab API](../../../api/users.html#deactivate-user).
+Users can also be deactivated using the [GitLab API](../../api/users.html#deactivate-user).
 NOTE: **Note:**
-A deactivated user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
+A deactivated user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
 ## Activating a user
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
-A deactivated user can be activated from the Admin area.
+A deactivated user can be activated from the Admin Area.
 To do this:
@@ -52,10 +56,11 @@ To do this:
 1. Select a user.
 1. Under the **Account** tab, click **Activate user**.
-Users can also be activated using the [GitLab API](../../../api/users.html#activate-user).
+Users can also be activated using the [GitLab API](../../api/users.html#activate-user).
 NOTE: **Note:**
-Activating a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).
+Activating a user will change the user's state to active and it consumes a
+[seat](../../subscriptions/index.md#managing-subscriptions).
 TIP: **Tip:**
 A deactivated user can also activate their account by themselves by simply logging back via the UI.

doc/user/profile/account/blocking_unblocking_users.md → doc/user/admin_area/blocking_unblocking_users.md

@@ -4,12 +4,15 @@ type: howto
 # Blocking and unblocking users
+GitLab administrators block and unblock users.
+
 ## Blocking a user
-Inorder to completely prevent access of a user to the GitLab instance, admin can choose to block the user.
-Users can be blocked [via an abuse report](../../admin_area/abuse_reports.md#blocking-users),
-or directly from the Admin area. To do this:
+In order to completely prevent access of a user to the GitLab instance, administrators can choose to
+block the user.
+Users can be blocked [via an abuse report](abuse_reports.md#blocking-users),
+or directly from the Admin Area. To do this:
 1. Navigate to  **Admin Area > Overview > Users**.
 1. Select a user.
@@ -20,25 +23,26 @@ A blocked user:
 - Will not be able to login.
 - Cannot access Git repositories or the API.
 - Will not receive any notifications from GitLab.
-- Will not be able to use [slash commands](../../../integration/slash_commands.md).
-Personal projects, group and user history of the blocked user will be left intact.
-Users can also be blocked using the [GitLab API](../../../api/users.html#block-user).
+- Will not be able to use [slash commands](../../integration/slash_commands.md).
+Personal projects, and group and user history of the blocked user will be left intact.
+Users can also be blocked using the [GitLab API](../../api/users.html#block-user).
 NOTE: **Note:**
-A blocked user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
+A blocked user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
 ## Unblocking a user
-A blocked user can be unblocked from the Admin area. To do this:
+A blocked user can be unblocked from the Admin Area. To do this:
 1. Navigate to  **Admin Area > Overview > Users**.
 1. Click on the **Blocked** tab.
 1. Select a user.
 1. Under the **Account** tab, click **Unblock user**.
-Users can also be unblocked using the [GitLab API](../../../api/users.html#unblock-user).
+Users can also be unblocked using the [GitLab API](../../api/users.html#unblock-user).
 NOTE: **Note:**
-Unblocking a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).
+Unblocking a user will change the user's state to active and it consumes a
+[seat](../../subscriptions/index.md#managing-subscriptions).

doc/user/admin_area/index.md

@@ -112,8 +112,8 @@ To list users matching a specific criteria, click on one of the following tabs o
 - **2FA Enabled**
 - **2FA Disabled**
 - **External**
-- **[Blocked](../profile/account/blocking_unblocking_users.md)**
-- **[Deactivated](../profile/account/activating_deactivating_users.md)**
+- **[Blocked](blocking_unblocking_users.md)**
+- **[Deactivated](activating_deactivating_users.md)**
 - **Without projects**
 For each user, their username, email address, are listed, also the date their account was

doc/user/admin_area/monitoring/health_check.md

@@ -13,7 +13,7 @@ type: concepts, howto
 GitLab provides liveness and readiness probes to indicate service health and
 reachability to required services. These probes report on the status of the
 database connection, Redis connection, and access to the filesystem. These
-endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold
+endpoints [can be provided to schedulers like Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) to hold
 traffic until the system is ready or restart the container as needed.
 ## IP whitelist
@@ -169,4 +169,3 @@ but commented out to help encourage others to add to it in the future. -->
 [pingdom]: https://www.pingdom.com
 [nagios-health]: https://nagios-plugins.org/doc/man/check_http.html
 [newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring
-[kubernetes]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/

doc/user/application_security/dependency_scanning/index.md

@@ -59,7 +59,7 @@ The following languages and dependency managers are supported.
 | Go ([Golang](https://golang.org/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/7132 "Dependency Scanning for Go")) | not available |
 | PHP ([Composer](https://getcomposer.org/))  | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
 | Python ([pip](https://pip.pypa.io/en/stable/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| Python ([Pipfile](https://docs.pipenv.org/en/latest/basics/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/11756 "Pipfile.lock support for Dependency Scanning"))| not available |
+| Python ([Pipfile](https://pipenv.kennethreitz.org/en/latest/basics/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/11756 "Pipfile.lock support for Dependency Scanning"))| not available |
 | Python ([poetry](https://poetry.eustace.io/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/7006 "Support Poetry in Dependency Scanning")) | not available |
 | Ruby ([gem](https://rubygems.org/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium), [bundler-audit](https://github.com/rubysec/bundler-audit) |

doc/user/clusters/management_project.md

@@ -34,8 +34,10 @@ Management projects are restricted to the following:
 ### Selecting a cluster management project
-This will be implemented as part of [this
-issue](https://gitlab.com/gitlab-org/gitlab/issues/32810).
+You can select a management project for the cluster under **Advanced
+settings**.
+
+![Selecting a cluster management project under Advanced settings](img/advanced-settings-cluster-management-project-v12_5.png)
 ### Configuring your pipeline