Merge branch 'master' into 'docs/fix-example-dot-net'

# Conflicts:
#   doc/user/project/clusters/serverless/index.md

.codeclimate.yml

@@ -6,35 +6,35 @@ engines:
     enabled: true
     config:
       languages:
-      - ruby
-      - javascript
+        - ruby
+        - javascript
 ratings:
   paths:
-  - Gemfile.lock
-  - "**.erb"
-  - "**.haml"
-  - "**.rb"
-  - "**.rhtml"
-  - "**.slim"
-  - "**.inc"
-  - "**.js"
-  - "**.jsx"
-  - "**.module"
+    - Gemfile.lock
+    - "**.erb"
+    - "**.haml"
+    - "**.rb"
+    - "**.rhtml"
+    - "**.slim"
+    - "**.inc"
+    - "**.js"
+    - "**.jsx"
+    - "**.module"
 exclude_paths:
-- config/
-- db/
-- features/
-- node_modules/
-- spec/
-- vendor/
-- .yarn-cache/
-- tmp/
-- builds/
-- coverage/
-- public/
-- shared/
-- webpack-report/
-- log/
-- backups/
-- coverage-javascript/
-- plugins/
+  - config/
+  - db/
+  - features/
+  - node_modules/
+  - spec/
+  - vendor/
+  - .yarn-cache/
+  - tmp/
+  - builds/
+  - coverage/
+  - public/
+  - shared/
+  - webpack-report/
+  - log/
+  - backups/
+  - coverage-javascript/
+  - plugins/

.eslintignore

@@ -9,5 +9,6 @@
 /scripts/
 /tmp/
 /vendor/
+jest.config.js
 karma.config.js
 webpack.config.js

.eslintrc.yml

@@ -9,9 +9,6 @@ plugins:
   - import
   - html
 settings:
-  html/html-extensions:
-    - '.html'
-    - '.html.raw'
   import/resolver:
     webpack:
       config: './config/webpack.config.js'

.gitignore

@@ -59,8 +59,6 @@ eslint-report.html
 /public/uploads.*
 /public/uploads/
 /shared/artifacts/
-/spec/javascripts/fixtures/blob/pdf/
-/spec/javascripts/fixtures/blob/balsamiq/
 /rails_best_practices_output.html
 /tags
 /tmp/*
@@ -81,3 +79,4 @@ package-lock.json
 /junit_*.xml
 /coverage-frontend/
 jsdoc/
+**/tmp/rubocop_cache/**
\ No newline at end of file

.gitlab/CODEOWNERS.disabled → .gitlab/CODEOWNERS

 # Backend Maintainers are the default for all ruby files
-*.rb @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @nick.thomas @rspeicher @rymai @smcgivern
-*.rake @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @nick.thomas @rspeicher @rymai @smcgivern
+*.rb @ashmckenzie @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @mkozono @mayra-cabrera @nick.thomas @rspeicher @rymai @reprazent @smcgivern @tkuah
+*.rake @ashmckenzie @ayufan @dbalexandre @DouweM @dzaporozhets @godfat @grzesiek @mkozono @mayra-cabrera @nick.thomas @rspeicher @rymai @reprazent @smcgivern @tkuah
 # Technical writing team are the default reviewers for everything in `doc/`
 /doc/ @axil @marcia
@@ -18,3 +18,4 @@ db/ @abrandl @NikolayS
 /lib/gitlab/auth/ldap/ @dblessing @mkozono
 /lib/gitlab/ci/templates/ @nolith @zj
 /lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
+/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham

.gitlab/ci/cng.gitlab-ci.yml

+cloud-native-image:
+  image: ruby:2.6-alpine
+  before_script: []
+  dependencies: []
+  stage: post-test
+  allow_failure: true
+  variables:
+    GIT_DEPTH: "1"
+  cache: {}
+  when: manual
+  script:
+    - install_gitlab_gem
+    - CNG_PROJECT_PATH="gitlab-org/build/CNG" BUILD_TRIGGER_TOKEN=$CI_JOB_TOKEN ./scripts/trigger-build cng
+  only:
+    - tags@gitlab-org/gitlab-ce
+    - tags@gitlab-org/gitlab-ee

.gitlab/ci/docs.gitlab-ci.yml

+.review-docs: &review-docs
+  extends: .single-script-job-dedicated-runner
+  variables:
+    SCRIPT_NAME: trigger-build-docs
+  environment:
+    name: review-docs/$CI_COMMIT_REF_SLUG
+    # DOCS_REVIEW_APPS_DOMAIN and DOCS_GITLAB_REPO_SUFFIX are CI variables
+    # Discussion: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14236/diffs#note_40140693
+    url: http://$CI_ENVIRONMENT_SLUG.$DOCS_REVIEW_APPS_DOMAIN/$DOCS_GITLAB_REPO_SUFFIX
+    on_stop: review-docs-cleanup
+
+# Trigger a manual docs build in gitlab-docs only on non docs-only branches.
+# Useful to preview the docs changes live.
+review-docs-deploy-manual:
+  <<: *review-docs
+  stage: build
+  script:
+    - gem install gitlab --no-document
+    - ./$SCRIPT_NAME deploy
+  when: manual
+  only:
+    - branches@gitlab-org/gitlab-ce
+    - branches@gitlab-org/gitlab-ee
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+
+# Always trigger a docs build in gitlab-docs only on docs-only branches.
+# Useful to preview the docs changes live.
+review-docs-deploy:
+  <<: *review-docs
+  stage: post-test
+  script:
+    - gem install gitlab --no-document
+    - ./$SCRIPT_NAME deploy
+  only:
+    - /(^docs[\/-].*|.*-docs$)/@gitlab-org/gitlab-ce
+    - /(^docs[\/-].*|.*-docs$)/@gitlab-org/gitlab-ee
+  except:
+    - /(^qa[\/-].*|.*-qa$)/
+
+# Cleanup remote environment of gitlab-docs
+review-docs-cleanup:
+  <<: *review-docs
+  stage: post-cleanup
+  environment:
+    name: review-docs/$CI_COMMIT_REF_SLUG
+    action: stop
+  script:
+    - gem install gitlab --no-document
+    - ./$SCRIPT_NAME cleanup
+  when: manual
+  only:
+    - branches@gitlab-org/gitlab-ce
+    - branches@gitlab-org/gitlab-ee
+
+docs lint:
+  extends: .dedicated-runner
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-docs-lint"
+  stage: test
+  cache: {}
+  dependencies: []
+  before_script: []
+  script:
+    - scripts/lint-doc.sh
+    - scripts/lint-changelog-yaml
+    - mv doc/ /tmp/gitlab-docs/content/$DOCS_GITLAB_REPO_SUFFIX
+    - cd /tmp/gitlab-docs
+    # Build HTML from Markdown
+    - bundle exec nanoc
+    # Check the internal links
+    - bundle exec nanoc check internal_links
+    # Check the internal anchor links
+    - bundle exec nanoc check internal_anchors
+  except:
+    - /(^qa[\/-].*|.*-qa$)/

.gitlab/ci/frontend.gitlab-ci.yml

+.assets-compile-cache: &assets-compile-cache
+  cache:
+    key: "assets-compile:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:v5"
+    paths:
+      - vendor/ruby/
+      - .yarn-cache/
+      - tmp/cache/assets/sprockets
+    policy: pull-push
+
+.use-pg: &use-pg
+  services:
+    - name: postgres:9.6
+      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
+    - name: redis:alpine
+
+gitlab:assets:compile:
+  <<: *assets-compile-cache
+  extends: .dedicated-no-docs-pull-cache-job
+  image: dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.6.3-git-2.21-chrome-73.0-node-8.x-yarn-1.12-graphicsmagick-1.3.29-docker-18.06.1
+  dependencies:
+    - setup-test-env
+  services:
+    - docker:stable-dind
+  variables:
+    NODE_ENV: "production"
+    RAILS_ENV: "production"
+    SETUP_DB: "false"
+    SKIP_STORAGE_VALIDATION: "true"
+    WEBPACK_REPORT: "true"
+    # we override the max_old_space_size to prevent OOM errors
+    NODE_OPTIONS: --max_old_space_size=3584
+    DOCKER_DRIVER: overlay2
+    DOCKER_HOST: tcp://docker:2375
+  script:
+    - node --version
+    - retry yarn install --frozen-lockfile --production --cache-folder .yarn-cache
+    - free -m
+    - retry bundle exec rake gitlab:assets:compile
+    - time scripts/build_assets_image
+    - scripts/clean-old-cached-assets
+    - rm -f /etc/apt/sources.list.d/google*.list  # We don't need to update Chrome here
+    # Play dependent manual jobs
+    - install_api_client_dependencies_with_apt
+    - play_job "review-build-cng" || true  # this job might not exist so ignore the failure if it cannot be played
+    - play_job "schedule:review-build-cng" || true  # this job might not exist so ignore the failure if it cannot be played
+  artifacts:
+    name: webpack-report
+    expire_in: 31d
+    paths:
+      - webpack-report/
+      - public/assets/
+  only:
+    - /.+/@gitlab-org/gitlab-ce
+    - /.+/@gitlab-org/gitlab-ee
+    - /.+/@gitlab/gitlabhq
+    - /.+/@gitlab/gitlab-ee
+  tags:
+    - docker
+    - gitlab-org
+
+compile-assets:
+  extends: .dedicated-runner
+  <<: *use-pg
+  <<: *assets-compile-cache
+  stage: prepare
+  script:
+    - node --version
+    - retry yarn install --frozen-lockfile --cache-folder .yarn-cache
+    - free -m
+    - retry bundle exec rake gitlab:assets:compile
+    - scripts/clean-old-cached-assets
+  variables:
+    # we override the max_old_space_size to prevent OOM errors
+    NODE_OPTIONS: --max_old_space_size=3584
+  artifacts:
+    expire_in: 7d
+    paths:
+      - node_modules
+      - public/assets
+  except:
+    refs:
+      - /(^docs[\/-].*|.*-docs$)/
+
+gitlab:ui:visual:
+  extends: .dedicated-runner
+  before_script: []
+  allow_failure: true
+  dependencies:
+    - compile-assets
+  script:
+    # Remove node modules from GitLab that may conflict with gitlab-ui
+    - rm -r node_modules
+    - git clone https://gitlab.com/gitlab-org/gitlab-ui.git
+    - cp public/assets/application-*.css gitlab-ui/styles/application.css
+    - cd gitlab-ui
+    - yarn install
+    - CSS_URL=./application.css yarn test
+  only:
+    changes:
+      - app/assets/stylesheets/*.scss
+      - app/assets/stylesheets/**/*.scss
+      - app/assets/stylesheets/**/**/*.scss
+  except:
+    refs:
+      - /(^docs[\/-].*|.*-docs$)/
+      - master
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[skip visual\]/i
+  artifacts:
+    paths:
+      - gitlab-ui/tests/__image_snapshots__/
+    when: always
+
+karma:
+  extends: .dedicated-no-docs-pull-cache-job
+  <<: *use-pg
+  dependencies:
+    - compile-assets
+    - setup-test-env
+  variables:
+    # we override the max_old_space_size to prevent OOM errors
+    NODE_OPTIONS: --max_old_space_size=3584
+  script:
+    - export BABEL_ENV=coverage CHROME_LOG_FILE=chrome_debug.log
+    - date
+    - scripts/gitaly-test-spawn
+    - date
+    - bundle exec rake karma
+  coverage: '/^Statements *: (\d+\.\d+%)/'
+  artifacts:
+    name: coverage-javascript
+    expire_in: 31d
+    when: always
+    paths:
+      - chrome_debug.log
+      - coverage-javascript/
+    reports:
+      junit: junit_karma.xml
+
+jest:
+  extends: .dedicated-no-docs-and-no-qa-pull-cache-job
+  <<: *use-pg
+  dependencies:
+    - compile-assets
+    - setup-test-env
+  script:
+    - scripts/gitaly-test-spawn
+    - date
+    - bundle exec rake karma:fixtures
+    - date
+    - yarn jest --ci --coverage
+  artifacts:
+    name: coverage-frontend
+    expire_in: 31d
+    when: always
+    paths:
+      - coverage-frontend/
+      - junit_jest.xml
+    reports:
+      junit: junit_jest.xml
+  cache:
+    key: jest
+    paths:
+      - tmp/jest/jest/
+    policy: pull-push
+
+qa:internal:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  services: []
+  script:
+    - cd qa/
+    - bundle install
+    - bundle exec rspec
+  dependencies:
+    - setup-test-env
+
+qa:selectors:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  services: []
+  script:
+    - cd qa/
+    - bundle install
+    - bundle exec bin/qa Test::Sanity::Selectors
+  dependencies:
+    - setup-test-env
+
+.qa-frontend-node: &qa-frontend-node
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  stage: test
+  cache:
+    key: "$CI_JOB_NAME"
+    paths:
+      - .yarn-cache/
+    policy: pull-push
+  dependencies: []
+  before_script: []
+  script:
+    - date
+    - yarn install --frozen-lockfile --cache-folder .yarn-cache
+    - date
+    - yarn run webpack-prod
+
+qa-frontend-node:8:
+  <<: *qa-frontend-node
+  image: node:8-alpine
+
+qa-frontend-node:10:
+  <<: *qa-frontend-node
+  image: node:10-alpine
+
+qa-frontend-node:latest:
+  <<: *qa-frontend-node
+  image: node:alpine
+  allow_failure: true
+
+lint:javascript:report:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  stage: post-test
+  dependencies: []
+  before_script: []
+  script:
+    - date
+    - yarn run eslint-report || true  # ignore exit code
+  artifacts:
+    name: eslint-report
+    expire_in: 31d
+    paths:
+      - eslint-report.html
+
+jsdoc:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  stage: post-test
+  dependencies:
+    - compile-assets
+  before_script: []
+  script:
+    - date
+    - yarn run jsdoc || true  # ignore exit code
+  artifacts:
+    name: jsdoc
+    expire_in: 31d
+    paths:
+      - jsdoc/

.gitlab/ci/global.gitlab-ci.yml

+.dedicated-runner:
+  retry:
+    max: 2  # This is confusing but this means "3 runs at max".
+    when:
+      - unknown_failure
+      - api_failure
+      - runner_system_failure
+  tags:
+    - gitlab-org
+
+.default-cache: &default-cache
+  key: "debian-stretch-ruby-2.6.3-node-10.x"
+  paths:
+    - vendor/ruby
+    - .yarn-cache/
+    - vendor/gitaly-ruby
+
+.dedicated-runner-default-cache:
+  extends: .dedicated-runner
+  cache:
+    <<: *default-cache
+
+# Jobs that only need to pull cache
+.dedicated-pull-cache-job:
+  extends: .dedicated-runner
+  cache:
+    <<: *default-cache
+    policy: pull
+  stage: test
+
+.dedicated-no-docs-pull-cache-job:
+  extends: .dedicated-pull-cache-job
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+
+.dedicated-no-docs-and-no-qa-pull-cache-job:
+  extends: .dedicated-pull-cache-job
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+
+# Jobs that do not need a DB
+.dedicated-no-docs-no-db-pull-cache-job:
+  extends: .dedicated-no-docs-pull-cache-job
+  variables:
+    SETUP_DB: "false"
+
+.single-script-job-dedicated-runner:
+  extends: .dedicated-runner
+  image: ruby:2.6-alpine
+  stage: test
+  cache: {}
+  dependencies: []
+  variables:
+    GIT_STRATEGY: none
+  before_script:
+    # We don't clone the repo by using GIT_STRATEGY: none and only download the
+    # single script we need here so it's much faster than cloning.
+    - export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
+    - apk add --update openssl
+    - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
+    - chmod 755 $(basename $SCRIPT_NAME)

.gitlab/ci/pages.gitlab-ci.yml

+pages:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  before_script: []
+  stage: pages
+  dependencies:
+    - coverage
+    - karma
+    - gitlab:assets:compile
+    - lint:javascript:report
+    - jsdoc
+  script:
+    - mv public/ .public/
+    - mkdir public/
+    - mv coverage/ public/coverage-ruby/ || true
+    - mv coverage-javascript/ public/coverage-javascript/ || true
+    - mv eslint-report.html public/ || true
+    - mv webpack-report/ public/webpack-report/ || true
+    - cp .public/assets/application-*.css public/application.css || true
+    - cp .public/assets/application-*.css.gz public/application.css.gz || true
+    - mv jsdoc/ public/jsdoc/ || true
+  artifacts:
+    paths:
+      - public
+  only:
+    - master@gitlab-org/gitlab-ce
+    - master@gitlab-org/gitlab-ee

.gitlab/ci/qa.gitlab-ci.yml

+package-and-qa:
+  image: ruby:2.6-alpine
+  stage: review  # So even if review-deploy failed we can still run this
+  when: manual
+  before_script: []
+  dependencies: []
+  cache: {}
+  variables:
+    GIT_DEPTH: "1"
+  retry: 0
+  script:
+    - source scripts/utils.sh
+    - install_gitlab_gem
+    - ./scripts/trigger-build omnibus
+  only:
+    - /.+/@gitlab-org/gitlab-ce
+    - /.+/@gitlab-org/gitlab-ee

.gitlab/ci/rails.gitlab-ci.yml

+.use-pg: &use-pg
+  services:
+    - name: postgres:9.6
+      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
+    - name: redis:alpine
+
+.use-pg-10: &use-pg-10
+  services:
+    - name: postgres:10.7
+      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
+    - name: redis:alpine
+
+.use-mysql: &use-mysql
+  services:
+    - mysql:5.7
+    - redis:alpine
+
+.only-schedules-master: &only-schedules-master
+  only:
+    - schedules@gitlab-org/gitlab-ce
+    - schedules@gitlab-org/gitlab-ee
+    - master@gitlab-org/gitlab-ce
+    - master@gitlab-org/gitlab-ee
+    - master@gitlab/gitlabhq
+    - master@gitlab/gitlab-ee
+
+.gitlab-setup: &gitlab-setup
+  extends: .dedicated-no-docs-and-no-qa-pull-cache-job
+  <<: *use-pg
+  variables:
+    SETUP_DB: "false"
+  script:
+    # Manually clone gitlab-test and only seed this project in
+    # db/fixtures/development/04_project.rb thanks to SIZE=1 below
+    - git clone https://gitlab.com/gitlab-org/gitlab-test.git
+       /home/git/repositories/gitlab-org/gitlab-test.git
+    - scripts/gitaly-test-spawn
+    - force=yes SIZE=1 FIXTURE_PATH="db/fixtures/development" bundle exec rake gitlab:setup
+  artifacts:
+    when: on_failure
+    expire_in: 1d
+    paths:
+      - log/development.log
+
+.rake-exec: &rake-exec
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  script:
+    - bundle exec rake $CI_JOB_NAME
+
+.rspec-metadata: &rspec-metadata
+  extends: .dedicated-pull-cache-job
+  stage: test
+  script:
+    - JOB_NAME=( $CI_JOB_NAME )
+    - TEST_TOOL=${JOB_NAME[0]}
+    - TEST_LEVEL=${JOB_NAME[1]}
+    - DATABASE=${JOB_NAME[2]}
+    - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${TEST_TOOL}_${TEST_LEVEL}_${DATABASE}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export KNAPSACK_GENERATE_REPORT=true KNAPSACK_LOG_LEVEL=debug KNAPSACK_TEST_DIR=spec
+    - export SUITE_FLAKY_RSPEC_REPORT_PATH=${FLAKY_RSPEC_SUITE_REPORT_PATH}
+    - export FLAKY_RSPEC_REPORT_PATH=rspec_flaky/all_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export NEW_FLAKY_RSPEC_REPORT_PATH=rspec_flaky/new_${TEST_TOOL}_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export FLAKY_RSPEC_GENERATE_REPORT=true
+    - export CACHE_CLASSES=true
+    - cp ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} ${KNAPSACK_REPORT_PATH}
+    - '[[ -f $FLAKY_RSPEC_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_REPORT_PATH}'
+    - '[[ -f $NEW_FLAKY_RSPEC_REPORT_PATH ]] || echo "{}" > ${NEW_FLAKY_RSPEC_REPORT_PATH}'
+    - scripts/gitaly-test-spawn
+    - date
+    - 'export KNAPSACK_TEST_FILE_PATTERN=$(ruby -r./lib/quality/test_level.rb -e "puts Quality::TestLevel.new.pattern(:${TEST_LEVEL})")'
+    - knapsack rspec "--color --format documentation --format RspecJunitFormatter --out junit_rspec.xml --tag level:${TEST_LEVEL} --tag ~geo"
+    - date
+  artifacts:
+    expire_in: 31d
+    when: always
+    paths:
+      - coverage/
+      - knapsack/
+      - rspec_flaky/
+      - rspec_profiling/
+      - tmp/capybara/
+    reports:
+      junit: junit_rspec.xml
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+
+.rspec-metadata-pg: &rspec-metadata-pg
+  <<: *rspec-metadata
+  <<: *use-pg
+
+.rspec-metadata-pg-10: &rspec-metadata-pg-10
+  <<: *rspec-metadata
+  <<: *use-pg-10
+  image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.21-chrome-73.0-node-10.x-yarn-1.12-postgresql-10-graphicsmagick-1.3.29"
+
+.rspec-metadata-mysql: &rspec-metadata-mysql
+  <<: *rspec-metadata
+  <<: *use-mysql
+
+# DB migration, rollback, and seed jobs
+.db-migrate-reset: &db-migrate-reset
+  extends: .dedicated-no-docs-and-no-qa-pull-cache-job
+  script:
+    - bundle exec rake db:migrate:reset
+  dependencies:
+    - setup-test-env
+
+.migration-paths: &migration-paths
+  extends: .dedicated-no-docs-and-no-qa-pull-cache-job
+  variables:
+    SETUP_DB: "false"
+  script:
+    - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v9.3.0
+    - git checkout -f FETCH_HEAD
+    - sed -i "s/gem 'oj', '~> 2.17.4'//" Gemfile
+    - sed -i "s/gem 'bootsnap', '~> 1.0.0'/gem 'bootsnap'/" Gemfile
+    - bundle update google-protobuf grpc bootsnap
+    - bundle install $BUNDLE_INSTALL_FLAGS
+    - date
+    - cp config/gitlab.yml.example config/gitlab.yml
+    - bundle exec rake db:drop db:create db:schema:load db:seed_fu
+    - date
+    - git checkout -f $CI_COMMIT_SHA
+    - bundle install $BUNDLE_INSTALL_FLAGS
+    - date
+    - . scripts/prepare_build.sh
+    - date
+    - bundle exec rake db:migrate
+  dependencies:
+    - setup-test-env
+
+setup-test-env:
+  extends: .dedicated-runner-default-cache
+  <<: *use-pg
+  stage: prepare
+  script:
+    - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init'
+    - scripts/gitaly-test-build  # Do not use 'bundle exec' here
+  artifacts:
+    expire_in: 7d
+    paths:
+      - tmp/tests
+      - config/secrets.yml
+      - vendor/gitaly-ruby
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+
+rspec unit pg:
+  <<: *rspec-metadata-pg
+  parallel: 20
+
+rspec integration pg:
+  <<: *rspec-metadata-pg
+  parallel: 6
+
+rspec system pg:
+  <<: *rspec-metadata-pg
+  parallel: 24
+
+rspec unit pg-10:
+  <<: *rspec-metadata-pg-10
+  <<: *only-schedules-master
+  parallel: 20
+
+rspec integration pg-10:
+  <<: *rspec-metadata-pg-10
+  <<: *only-schedules-master
+  parallel: 6
+
+rspec system pg-10:
+  <<: *rspec-metadata-pg-10
+  <<: *only-schedules-master
+  parallel: 24
+
+rspec unit mysql:
+  <<: *rspec-metadata-mysql
+  <<: *only-schedules-master
+  parallel: 20
+
+rspec integration mysql:
+  <<: *rspec-metadata-mysql
+  <<: *only-schedules-master
+  parallel: 6
+
+rspec system mysql:
+  <<: *rspec-metadata-mysql
+  <<: *only-schedules-master
+  parallel: 24
+
+.rspec-mysql-on-demand: &rspec-mysql-on-demand
+  only:
+    variables:
+      - $CI_COMMIT_MESSAGE =~ /\[run mysql\]/i
+      - $CI_COMMIT_REF_NAME =~ /mysql/
+
+rspec unit mysql on-demand:
+  <<: *rspec-metadata-mysql
+  <<: *rspec-mysql-on-demand
+  parallel: 20
+
+rspec integration mysql on-demand:
+  <<: *rspec-metadata-mysql
+  <<: *rspec-mysql-on-demand
+  parallel: 6
+
+rspec system mysql on-demand:
+  <<: *rspec-metadata-mysql
+  <<: *rspec-mysql-on-demand
+  parallel: 24
+
+rspec-fast-spec-helper:
+  <<: *rspec-metadata-pg
+  script:
+    - bundle exec rspec spec/fast_spec_helper.rb
+
+.rspec-quarantine: &rspec-quarantine
+  <<: *only-schedules-master
+  script:
+    - export CACHE_CLASSES=true
+    - scripts/gitaly-test-spawn
+    - bin/rspec --color --format documentation --tag quarantine -- spec/
+
+rspec quarantine pg:
+  <<: *rspec-metadata-pg
+  <<: *rspec-quarantine
+  allow_failure: true
+
+rspec quarantine mysql:
+  <<: *rspec-metadata-mysql
+  <<: *rspec-quarantine
+  <<: *only-schedules-master
+  allow_failure: true
+
+static-analysis:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  dependencies:
+    - compile-assets
+    - setup-test-env
+  script:
+    - scripts/static-analysis
+  cache:
+    key: "debian-stretch-ruby-2.6.3-node-10.x-and-rubocop"
+    paths:
+      - vendor/ruby
+      - .yarn-cache/
+      - tmp/rubocop_cache
+    policy: pull-push
+
+downtime_check:
+  <<: *rake-exec
+  except:
+    - master
+    - tags
+    - /^[\d-]+-stable(-ee)?$/
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+  dependencies:
+    - setup-test-env
+
+ee_compat_check:
+  <<: *rake-exec
+  dependencies: []
+  except:
+    - master
+    - tags
+    - /[\d-]+-stable(-ee)?/
+    - /^security-/
+    - branches@gitlab-org/gitlab-ee
+    - branches@gitlab/gitlab-ee
+  retry: 0
+  artifacts:
+    name: "${CI_JOB_NAME}_${CI_COMIT_REF_NAME}_${CI_COMMIT_SHA}"
+    when: always
+    expire_in: 10d
+    paths:
+      - ee_compat_check/patches/*.patch
+
+db:migrate:reset-pg:
+  <<: *db-migrate-reset
+  <<: *use-pg
+
+db:migrate:reset-mysql:
+  <<: *db-migrate-reset
+  <<: *use-mysql
+
+db:check-schema-pg:
+  <<: *db-migrate-reset
+  <<: *use-pg
+  script:
+    - source scripts/schema_changed.sh
+
+migration:path-pg:
+  <<: *migration-paths
+  <<: *use-pg
+
+migration:path-mysql:
+  <<: *migration-paths
+  <<: *use-mysql
+
+.db-rollback: &db-rollback
+  extends: .dedicated-no-docs-and-no-qa-pull-cache-job
+  script:
+    - bundle exec rake db:migrate VERSION=20170523121229
+    - bundle exec rake db:migrate
+  dependencies:
+    - setup-test-env
+
+db:rollback-pg:
+  <<: *db-rollback
+  <<: *use-pg
+
+db:rollback-mysql:
+  <<: *db-rollback
+  <<: *use-mysql
+
+gitlab:setup-pg:
+  <<: *gitlab-setup
+  <<: *use-pg
+  dependencies:
+    - setup-test-env
+
+gitlab:setup-mysql:
+  <<: *gitlab-setup
+  <<: *use-mysql
+  dependencies:
+    - setup-test-env
+
+coverage:
+  # Don't include dedicated-no-docs-no-db-pull-cache-job here since we need to
+  # download artifacts from all the rspec jobs instead of from setup-test-env only
+  extends: .dedicated-runner-default-cache
+  cache:
+    policy: pull
+  variables:
+    SETUP_DB: "false"
+  stage: post-test
+  script:
+    - bundle exec scripts/merge-simplecov
+  coverage: '/LOC \((\d+\.\d+%)\) covered.$/'
+  artifacts:
+    name: coverage
+    expire_in: 31d
+    paths:
+      - coverage/index.html
+      - coverage/assets/
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/

.gitlab/ci/reports.gitlab-ci.yml

+include:
+  - template: Code-Quality.gitlab-ci.yml
+
+code_quality:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  # gitlab-org runners set `privileged: false` but we need to have it set to true
+  # since we're using Docker in Docker
+  tags: []
+  before_script: []
+  cache: {}
+  dependencies: []
+  variables:
+    SETUP_DB: "false"
+
+sast:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  image: docker:stable
+  variables:
+    SAST_CONFIDENCE_LEVEL: 2
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  tags: []
+  before_script: []
+  cache: {}
+  dependencies: []
+  services:
+    - docker:stable-dind
+  script:
+    - | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
+      function propagate_env_vars() {
+        CURRENT_ENV=$(printenv)
+
+        for VAR_NAME; do
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
+        done
+      }
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - |
+      docker run \
+        $(propagate_env_vars \
+          SAST_ANALYZER_IMAGES \
+          SAST_ANALYZER_IMAGE_PREFIX \
+          SAST_ANALYZER_IMAGE_TAG \
+          SAST_DEFAULT_ANALYZERS \
+          SAST_BRAKEMAN_LEVEL \
+          SAST_GOSEC_LEVEL \
+          SAST_FLAWFINDER_LEVEL \
+          SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
+          SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
+          SAST_RUN_ANALYZER_TIMEOUT \
+        ) \
+        --volume "$PWD:/code" \
+        --volume /var/run/docker.sock:/var/run/docker.sock \
+        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+
+dependency_scanning:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  tags: []
+  before_script: []
+  cache: {}
+  dependencies: []
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - | # this is required to avoid undesirable reset of Docker image ENV variables being set on build stage
+      function propagate_env_vars() {
+        CURRENT_ENV=$(printenv)
+
+        for VAR_NAME; do
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
+        done
+      }
+    - |
+      docker run \
+        $(propagate_env_vars \
+          DS_ANALYZER_IMAGES \
+          DS_ANALYZER_IMAGE_PREFIX \
+          DS_ANALYZER_IMAGE_TAG \
+          DS_DEFAULT_ANALYZERS \
+          DEP_SCAN_DISABLE_REMOTE_CHECKS \
+          DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
+          DS_PULL_ANALYZER_IMAGE_TIMEOUT \
+          DS_RUN_ANALYZER_TIMEOUT \
+        ) \
+        --volume "$PWD:/code" \
+        --volume /var/run/docker.sock:/var/run/docker.sock \
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
+  artifacts:
+    reports:
+      dependency_scanning: gl-dependency-scanning-report.json

.gitlab/ci/review.gitlab-ci.yml

+.review-only: &review-only
+  only:
+    refs:
+      - branches@gitlab-org/gitlab-ce
+      - branches@gitlab-org/gitlab-ee
+    kubernetes: active
+  except:
+    refs:
+      - master
+      - /(^docs[\/-].*|.*-docs$)/
+
+.review-schedules-only: &review-schedules-only
+  only:
+    refs:
+      - schedules@gitlab-org/gitlab-ce
+      - schedules@gitlab-org/gitlab-ee
+    kubernetes: active
+    variables:
+      - $REVIEW_APP_CLEANUP
+  except:
+    refs:
+      - tags
+      - /(^docs[\/-].*|.*-docs$)/
+
+.review-base: &review-base
+  extends: .dedicated-runner
+  <<: *review-only
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
+  cache: {}
+  dependencies: []
+  before_script:
+    - source scripts/utils.sh
+
+.review-docker: &review-docker
+  <<: *review-base
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine
+  services:
+    - docker:stable-dind
+  tags:
+    - gitlab-org
+    - docker
+  variables: &review-docker-variables
+    DOCKER_DRIVER: overlay2
+    DOCKER_HOST: tcp://docker:2375
+    LATEST_QA_IMAGE: "gitlab/${CI_PROJECT_NAME}-qa:nightly"
+    QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/${CI_PROJECT_NAME}-qa:${CI_COMMIT_REF_SLUG}"
+
+build-qa-image:
+  <<: *review-docker
+  stage: test
+  script:
+    - time docker build --cache-from ${LATEST_QA_IMAGE} --tag ${QA_IMAGE} ./qa/
+    - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY}
+    - time docker push ${QA_IMAGE}
+
+.review-build-cng-base: &review-build-cng-base
+  image: ruby:2.6-alpine
+  stage: test
+  when: manual
+  before_script:
+    - source scripts/utils.sh
+    - install_api_client_dependencies_with_apk
+    - install_gitlab_gem
+  dependencies: []
+  cache: {}
+  script:
+    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
+
+review-build-cng:
+  <<: *review-only
+  <<: *review-build-cng-base
+
+schedule:review-build-cng:
+  <<: *review-schedules-only
+  <<: *review-build-cng-base
+
+.review-deploy-base: &review-deploy-base
+  <<: *review-base
+  allow_failure: true
+  stage: review
+  variables:
+    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
+    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
+    GITLAB_HELM_CHART_REF: "master"
+  environment: &review-environment
+    name: review/${CI_COMMIT_REF_NAME}
+    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
+    on_stop: review-stop
+  before_script:
+    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
+    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
+    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
+    - echo "${CI_ENVIRONMENT_URL}" > review_app_url.txt
+    - source scripts/utils.sh
+    - install_api_client_dependencies_with_apk
+    - source scripts/review_apps/review-apps.sh
+  script:
+    - perform_review_app_deployment
+  artifacts:
+    paths:
+      - review_app_url.txt
+    expire_in: 2 days
+    when: always
+
+review-deploy:
+  <<: *review-deploy-base
+
+schedule:review-deploy:
+  <<: *review-deploy-base
+  <<: *review-schedules-only
+  script:
+    - perform_review_app_deployment
+
+review-stop:
+  <<: *review-base
+  stage: review
+  when: manual
+  allow_failure: true
+  variables:
+    GIT_DEPTH: "1"
+  environment:
+    <<: *review-environment
+    action: stop
+  script:
+    - source scripts/review_apps/review-apps.sh
+    - delete
+    - cleanup
+
+.review-qa-base: &review-qa-base
+  <<: *review-docker
+  allow_failure: true
+  stage: qa
+  variables:
+    <<: *review-docker-variables
+    QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa"
+    QA_CAN_TEST_GIT_PROTOCOL_V2: "false"
+    GITLAB_USERNAME: "root"
+    GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
+    GITLAB_ADMIN_USERNAME: "root"
+    GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
+    GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
+    EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}"
+    QA_DEBUG: "true"
+  dependencies:
+    - review-deploy
+  artifacts:
+    paths:
+      - ./qa/gitlab-qa-run-*
+    expire_in: 7 days
+    when: always
+  before_script:
+    - export CI_ENVIRONMENT_URL="$(cat review_app_url.txt)"
+    - echo "${CI_ENVIRONMENT_URL}"
+    - echo "${QA_IMAGE}"
+    - source scripts/utils.sh
+    - install_api_client_dependencies_with_apk
+    - gem install gitlab-qa --no-document ${GITLAB_QA_VERSION:+ --version ${GITLAB_QA_VERSION}}
+
+review-qa-smoke:
+  <<: *review-qa-base
+  script:
+    - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
+
+review-qa-all:
+  <<: *review-qa-base
+  allow_failure: true
+  when: manual
+  parallel: 5
+  script:
+    - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/review-qa-all_master_report.json
+    - export KNAPSACK_TEST_FILE_PATTERN=qa/specs/features/**/*_spec.rb
+    - gitlab-qa Test::Instance::Any "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}"
+
+.review-performance-base: &review-performance-base
+  <<: *review-qa-base
+  allow_failure: true
+  before_script:
+    - export CI_ENVIRONMENT_URL="$(cat review_app_url.txt)"
+    - echo "${CI_ENVIRONMENT_URL}"
+    - mkdir -p gitlab-exporter
+    - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
+    - mkdir -p sitespeed-results
+  script:
+    - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
+  after_script:
+    - mv sitespeed-results/data/performance.json performance.json
+  artifacts:
+    paths:
+      - sitespeed-results/
+    reports:
+      performance: performance.json
+
+review-performance:
+  <<: *review-performance-base
+
+schedule:review-performance:
+  <<: *review-performance-base
+  <<: *review-schedules-only
+  dependencies:
+    - schedule:review-deploy
+
+schedule:review-cleanup:
+  <<: *review-base
+  <<: *review-schedules-only
+  stage: build
+  allow_failure: true
+  environment:
+    name: review/auto-cleanup
+    action: stop
+  before_script:
+    - source scripts/utils.sh
+    - install_gitlab_gem
+  script:
+    - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
+
+danger-review:
+  extends: .dedicated-pull-cache-job
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger
+  stage: test
+  dependencies: []
+  before_script: []
+  only:
+    variables:
+      - $DANGER_GITLAB_API_TOKEN
+  except:
+    refs:
+      - master
+    variables:
+      - $CI_COMMIT_REF_NAME =~ /^ce-to-ee-.*/
+      - $CI_COMMIT_REF_NAME =~ /.*-stable(-ee)?-prepare-.*/
+  script:
+    - git version
+    - node --version
+    - yarn install --frozen-lockfile --cache-folder .yarn-cache
+    - danger --fail-on-errors=true

.gitlab/ci/setup.gitlab-ci.yml

+# Insurance in case a gem needed by one of our releases gets yanked from
+# rubygems.org in the future.
+cache gems:
+  extends: .dedicated-no-docs-no-db-pull-cache-job
+  script:
+    - bundle package --all --all-platforms
+  artifacts:
+    paths:
+      - vendor/cache
+  only:
+    - master@gitlab-org/gitlab-ce
+    - master@gitlab-org/gitlab-ee
+    - tags
+  dependencies:
+    - setup-test-env
+
+gitlab_git_test:
+  extends: .dedicated-runner
+  variables:
+    SETUP_DB: "false"
+  before_script: []
+  dependencies: []
+  cache: {}
+  script:
+    - spec/support/prepare-gitlab-git-test-for-commit --check-for-changes
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+
+no_ee_check:
+  extends: .dedicated-runner
+  variables:
+    SETUP_DB: "false"
+  before_script: []
+  dependencies: []
+  cache: {}
+  script:
+    - scripts/no-ee-check
+  only:
+    - /.+/@gitlab-org/gitlab-ce
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/

.gitlab/ci/test-metadata.gitlab-ci.yml

+.tests-metadata-state: &tests-metadata-state
+  extends: .dedicated-runner
+  variables:
+    TESTS_METADATA_S3_BUCKET: "gitlab-ce-cache"
+  before_script:
+    - source scripts/utils.sh
+  artifacts:
+    expire_in: 31d
+    paths:
+      - knapsack/
+      - rspec_flaky/
+      - rspec_profiling/
+
+retrieve-tests-metadata:
+  <<: *tests-metadata-state
+  stage: prepare
+  cache:
+    key: tests_metadata
+    policy: pull
+  script:
+    - mkdir -p knapsack/${CI_PROJECT_NAME}/
+    - wget -O $KNAPSACK_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$KNAPSACK_RSPEC_SUITE_REPORT_PATH || rm $KNAPSACK_RSPEC_SUITE_REPORT_PATH
+    - '[[ -f $KNAPSACK_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}'
+    - mkdir -p rspec_flaky/
+    - mkdir -p rspec_profiling/
+    - wget -O $FLAKY_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$FLAKY_RSPEC_SUITE_REPORT_PATH || rm $FLAKY_RSPEC_SUITE_REPORT_PATH
+    - '[[ -f $FLAKY_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_SUITE_REPORT_PATH}'
+  except:
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+
+update-tests-metadata:
+  <<: *tests-metadata-state
+  stage: post-test
+  cache:
+    key: tests_metadata
+    paths:
+      - knapsack/
+      - rspec_flaky/
+    policy: push
+  script:
+    - retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document
+    - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec_*_pg_node_*.json
+    - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $KNAPSACK_RSPEC_SUITE_REPORT_PATH'
+    - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json
+    - scripts/merge-reports ${FLAKY_RSPEC_SUITE_REPORT_PATH} rspec_flaky/all_*_*.json
+    - FLAKY_RSPEC_GENERATE_REPORT=1 scripts/prune-old-flaky-specs ${FLAKY_RSPEC_SUITE_REPORT_PATH}
+    - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $FLAKY_RSPEC_SUITE_REPORT_PATH'
+    - rm -f rspec_flaky/all_*.json rspec_flaky/new_*.json
+    - scripts/insert-rspec-profiling-data
+  only:
+    - master@gitlab-org/gitlab-ce
+    - master@gitlab-org/gitlab-ee
+    - master@gitlab/gitlabhq
+    - master@gitlab/gitlab-ee
+
+flaky-examples-check:
+  extends: .dedicated-runner
+  image: ruby:2.6-alpine
+  services: []
+  before_script: []
+  variables:
+    SETUP_DB: "false"
+    USE_BUNDLE_INSTALL: "false"
+    NEW_FLAKY_SPECS_REPORT: rspec_flaky/report-new.json
+  stage: post-test
+  allow_failure: true
+  retry: 0
+  only:
+    - branches
+  except:
+    - master
+    - /(^docs[\/-].*|.*-docs$)/
+    - /(^qa[\/-].*|.*-qa$)/
+  artifacts:
+    expire_in: 30d
+    paths:
+      - rspec_flaky/
+  script:
+    - '[[ -f $NEW_FLAKY_SPECS_REPORT ]] || echo "{}" > ${NEW_FLAKY_SPECS_REPORT}'
+    - scripts/merge-reports ${NEW_FLAKY_SPECS_REPORT} rspec_flaky/new_*_*.json
+    - scripts/detect-new-flaky-examples $NEW_FLAKY_SPECS_REPORT

.gitlab/ci/yaml.gitlab-ci.yml

+# Yamllint of *.yml for .gitlab-ci.yml.
+# This uses rules from project root `.yamllint`.
+lint-ci-gitlab:
+  extends: .dedicated-runner
+  before_script: []
+  dependencies: []
+  image: sdesbure/yamllint:latest
+  script:
+    - yamllint .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates

.gitlab/issue_templates/Bug.md

@@ -27,9 +27,9 @@ and verify the issue you're about to submit isn't a duplicate.
 ### Example Project
-(If possible, please create an example project here on GitLab.com that exhibits the problematic behaviour, and link to it here in the bug report)
-(If you are using an older version of GitLab, this will also determine whether the bug has been fixed in a more recent version)
+(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)
+(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)
 ### What is the current *bug* behavior?
@@ -42,7 +42,7 @@ and verify the issue you're about to submit isn't a duplicate.
 ### Relevant logs and/or screenshots
 (Paste any relevant logs - please use code blocks (```) to format console output,
-logs, and code as it's very hard to read otherwise.)
+logs, and code as it's tough to read otherwise.)
 ### Output of checks

.gitlab/issue_templates/Database Reviewer.md

+#### Database Reviewer Checklist
+
+Thank you for becoming a ~database reviewer! Please work on the list
+below to complete your setup. For any question, reach out to #database
+an mention `@abrandl`.
+
+- [ ] Change issue title to include your name: `Database Reviewer Checklist: Your Name`
+- [ ] Review general [code review guide](https://docs.gitlab.com/ee/development/code_review.html)
+- [ ] Review [database review documentation](https://about.gitlab.com/handbook/engineering/workflow/code-review/database.html)
+- [ ] Familiarize with [migration helpers](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/database/migration_helpers.rb) and review usage in existing migrations
+- [ ] Read [database migration style guide](https://docs.gitlab.com/ee/development/migration_style_guide.html)
+- [ ] Familiarize with best practices in [database guides](https://docs.gitlab.com/ee/development/#database-guides)
+- [ ] Watch [Optimising Rails Database Queries: Episode 1](https://www.youtube.com/watch?v=79GurlaxhsI)
+- [ ] Read [Understanding EXPLAIN plans](https://docs.gitlab.com/ee/development/understanding_explain_plans.html)
+- [ ] Review [database best practices](https://docs.gitlab.com/ee/development/#best-practices)
+- [ ] Review how we use [database instances restored from a backup](https://ops.gitlab.net/gitlab-com/gl-infra/gitlab-restore/postgres-gprd) for testing and make sure you're set up to execute pipelines (check [README.md](https://ops.gitlab.net/gitlab-com/gl-infra/gitlab-restore/postgres-gprd/blob/master/README.md) and reach out to @abrandl since this is currently subject to being changed)
+- [ ] Get yourself added to [`@gl-database`](https://gitlab.com/groups/gl-database/-/group_members) group and respond to @-mentions to the group (reach out to any maintainer on the group to get added). You will get TODOs on gitlab.com for group mentions.
+- [ ] Make sure you have proper access to at least a read-only replica in staging and production
+- [ ] Indicate in `data/team.yml` your role as a database reviewer ([example MR](https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/19600/diffs)). Assign MR to your manager for merge.
+- [ ] Send one MR to improve the [review documentation](https://about.gitlab.com/handbook/engineering/workflow/code-review/database.html) or the [issue template](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab/issue_templates/Database%20Reviewer.md)
+
+Note that *approving and accepting* merge requests is *restricted* to
+Database Maintainers only. As a reviewer, pass the MR to a maintainer
+for approval.
+
+You're all set! Watch out for TODOs on GitLab.com.
+
+###### Where to go for questions?
+
+Reach out to `#database` on Slack and mention `@abrandl` for any questions.
+
+cc @abrandl
+
+/label ~meta ~database