Add latest changes from gitlab-org/gitlab@master

app/views/groups/settings/_remove.html.haml

+- if group.adjourned_deletion?
+  = render_if_exists 'groups/settings/adjourned_deletion', group: group
+- else
+  = render 'groups/settings/permanent_deletion', group: group
+

app/views/groups/show.html.haml

@@ -9,6 +9,8 @@
   = render 'groups/home_panel'
+  = render_if_exists 'groups/self_or_ancestor_marked_for_deletion_notice', group: @group
+
   .groups-listing{ data: { endpoints: { default: group_children_path(@group, format: :json), shared: group_shared_projects_path(@group, format: :json) } } }
     .top-area.group-nav-container.justify-content-between
       .scrolling-tabs-container.inner-page-scroll-tabs

app/views/kaminari/gitlab/_first_page.html.haml

--#  Link to the "First" page
--#  available local variables
--#    url:           url to the first page
--#    current_page:  a page object for the currently displayed page
--#    total_pages:   total number of pages
--#    per_page:      number of items to fetch per page
--#    remote:        data-remote
-%li.page-item.js-first-button
-  = link_to_unless current_page.first?, raw(t 'views.pagination.first'), url, remote: remote, class: 'page-link'

app/views/kaminari/gitlab/_last_page.html.haml

--#  Link to the "Last" page
--#  available local variables
--#    url:           url to the last page
--#    current_page:  a page object for the currently displayed page
--#    total_pages:   total number of pages
--#    per_page:      number of items to fetch per page
--#    remote:        data-remote
-%li.page-item.js-last-button
-  = link_to_unless current_page.last?, raw(t 'views.pagination.last'), url, {remote: remote, class: 'page-link'}

app/views/kaminari/gitlab/_next_page.html.haml

@@ -9,4 +9,6 @@
 - page_url = current_page.last? ? '#' : url
 %li.page-item.js-next-button{ class: ('disabled' if current_page.last?) }
-  = link_to raw(t 'views.pagination.next'), page_url, rel: 'next', remote: remote, class: 'page-link'
+  = link_to page_url, rel: 'next', remote: remote, class: 'page-link' do
+    = s_('Pagination|Next')
+    = sprite_icon('angle-right', size: 8)

app/views/kaminari/gitlab/_page.html.haml

@@ -6,5 +6,9 @@
 -#    total_pages:   total number of pages
 -#    per_page:      number of items to fetch per page
 -#    remote:        data-remote
-%li.page-item.js-pagination-page{ class: [active_when(page.current?), ('sibling' if page.next? || page.prev?), ('d-none d-md-block' if !page.current?) ] }
+%li.page-item.js-pagination-page{ class: [active_when(page.current?),
+  ('sibling' if page.next? || page.prev?),
+  ('js-first-button' if page.first?),
+  ('js-last-button' if page.last?),
+  ('d-none d-md-block' if !page.current?) ] }
   = link_to page, url, { remote: remote, rel: page.next? ? 'next' : page.prev? ? 'prev' : nil, class: 'page-link' }

app/views/kaminari/gitlab/_paginator.html.haml

@@ -8,14 +8,10 @@
 = paginator.render do
   .gl-pagination.prepend-top-default
     %ul.pagination.justify-content-center
-      - unless current_page.first?
-        = first_page_tag unless total_pages < 5 # As kaminari will always show the first 5 pages
       = prev_page_tag
       - each_page do |page|
-        - if page.left_outer? || page.right_outer? || page.inside_window?
+        - if page.left_outer? || page.right_outer? || page.inside_window? || page.first? || page.last?
           = page_tag page
         - elsif !page.was_truncated?
           = gap_tag
       = next_page_tag
-      - unless current_page.last?
-        = last_page_tag unless total_pages < 5

app/views/kaminari/gitlab/_prev_page.html.haml

@@ -9,4 +9,6 @@
 - page_url = current_page.first? ? '#' : url
 %li.page-item.js-previous-button{ class: ('disabled' if current_page.first?) }
-  = link_to raw(t 'views.pagination.previous'), page_url, rel: 'prev', remote: remote, class: 'page-link'
+  = link_to page_url, rel: 'prev', remote: remote, class: 'page-link' do
+    = sprite_icon('angle-left', size: 8)
+    = s_('Pagination|Prev')

app/views/kaminari/gitlab/_without_count.html.haml

@@ -2,7 +2,11 @@
   %ul.pagination.justify-content-center
     - if previous_path
       %li.page-item.prev
-        = link_to(t('views.pagination.previous'), previous_path, rel: 'prev', class: 'page-link')
+        = link_to previous_path, rel: 'prev', class: 'page-link' do
+          = sprite_icon('angle-left', size: 8)
+          = s_('Pagination|Prev')
     - if next_path
       %li.page-item.next
-        = link_to(t('views.pagination.next'), next_path, rel: 'next', class: 'page-link')
+        = link_to next_path, rel: 'next', class: 'page-link' do
+          = s_('Pagination|Next')
+          = sprite_icon('angle-right', size: 8)

app/views/projects/settings/ci_cd/show.html.haml

@@ -62,12 +62,12 @@
   .settings-content
     = render 'projects/triggers/index'
-- if Feature.enabled?(:registry_retention_policies_settings, @project)
+- if settings_container_registry_expiration_policy_available?(@project)
   %section.settings.no-animate#js-registry-policies{ class: ('expanded' if expanded) }
     .settings-header
       %h4
         = _("Container Registry tag expiration policy")
-        = link_to icon('question-circle'), help_page_path('user/packages/container_registry/index', anchor: 'retention-and-expiration-policy'), target: '_blank', rel: 'noopener noreferrer'
+        = link_to icon('question-circle'), help_page_path('user/packages/container_registry/index', anchor: 'expiration-policy'), target: '_blank', rel: 'noopener noreferrer'
       %button.btn.js-settings-toggle{ type: 'button' }
         = expanded ? _('Collapse') : _('Expand')
       %p

app/views/projects/show.html.haml

@@ -20,6 +20,7 @@
   = render "archived_notice", project: @project
   = render_if_exists "projects/marked_for_deletion_notice", project: @project
+  = render_if_exists "projects/ancestor_group_marked_for_deletion_notice", project: @project
   - view_path = @project.default_view

changelogs/unreleased/33071-update-kaminari-templates.yml

+---
+title: Update Kaminari templates to match gl-pagination's markup
+merge_request: 23582
+author:
+type: other

changelogs/unreleased/33257-prevent-accidental-deletions-via-soft-delete-for-groups-ui-changes.yml

+---
+title: Add UI for 'soft-delete for groups' feature
+merge_request: 19483
+author:
+type: added

doc/administration/gitaly/index.md

@@ -885,6 +885,12 @@ you are seeing Gitaly errors. You can control the log level of the
 gRPC client with the `GRPC_LOG_LEVEL` environment variable. The
 default level is `WARN`.
+You can run a GRPC trace with:
+
+```sh
+GRPC_TRACE=all GRPC_VERBOSITY=DEBUG sudo gitlab-rake gitlab:gitaly:check
+```
+
 ### Observing `gitaly-ruby` traffic
 [`gitaly-ruby`](#gitaly-ruby) is an internal implementation detail of Gitaly,

doc/api/groups.md

@@ -633,7 +633,7 @@ Only available to group owners and administrators.
 This endpoint either:
 - Removes group, and queues a background job to delete all projects in the group as well.
-- Since GitLab 12.8, on [Premium](https://about.gitlab.com/pricing/premium/) or higher tiers, marks a group for deletion. The deletion will happen 7 days later by default, but this can be changed in the [instance settings](../user/admin_area/settings/visibility_and_access_controls.md#default-deletion-adjourned-period-premium-only).
+- Since [GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/issues/33257), on [Premium or Silver](https://about.gitlab.com/pricing/) or higher tiers, marks a group for deletion. The deletion will happen 7 days later by default, but this can be changed in the [instance settings](../user/admin_area/settings/visibility_and_access_controls.md#default-deletion-adjourned-period-premium-only).
 ```
 DELETE /groups/:id

doc/api/projects.md

@@ -1767,7 +1767,7 @@ Example response:
 This endpoint either:
 - Removes a project including all associated resources (issues, merge requests etc).
-- From GitLab 12.6 on Premium or higher tiers, marks a project for deletion. Actual
+- From [GitLab 12.6](https://gitlab.com/gitlab-org/gitlab/issues/32935) on [Premium or Silver](https://about.gitlab.com/pricing/) or higher tiers, marks a project for deletion. Actual
   deletion happens after number of days specified in
   [instance settings](../user/admin_area/settings/visibility_and_access_controls.md#default-deletion-adjourned-period-premium-only).

doc/development/documentation/site_architecture/release_process.md

@@ -62,6 +62,12 @@ The single docs version must be created before the release merge request, but
 this needs to happen when the stable branches for all products have been created.
 1. Make sure you're on the root path of the `gitlab-docs` repo.
+1. Make sure your `master` is updated:
+
+   ```sh
+   git pull origin master
+   ```
+
 1. Run the raketask to create the single version:
     ```sh
@@ -70,6 +76,17 @@ this needs to happen when the stable branches for all products have been created
     A new `Dockerfile.12.0` should have been created and committed to a new branch.
+1. Edit `.gitlab-ci.yml` and replace the `BRANCH_` variables with their respective
+   upstream stable branch. For example, 12.6 would look like:
+
+   ```yaml
+   variables:
+     BRANCH_EE: '12-6-stable-ee'
+     BRANCH_OMNIBUS: '12-6-stable'
+     BRANCH_RUNNER: '12-6-stable'
+     BRANCH_CHARTS: '2-6-stable'
+   ```
+
 1. Push the newly created branch, but **don't create a merge request**.
    Once you push, the `image:docker-singe` job will create a new Docker image
    tagged with the branch name you created in the first step. In the end, the
@@ -95,6 +112,7 @@ version and rotates the old one:
 1. Create a branch `release-X-Y`:
    ```sh
+   git checkout master
    git checkout -b release-12-0
    ```
@@ -143,16 +161,12 @@ version and rotates the old one:
 The versions dropdown is in a way "hardcoded". When the site is built, it looks
 at the contents of `content/_data/versions.yaml` and based on that, the dropdown
 is populated. So, older branches will have different content, which means the
-dropdown will be one or more releases behind. Remember that the new changes of
+dropdown will list one or more releases behind. Remember that the new changes of
 the dropdown are included in the unmerged `release-X-Y` branch.
 The content of `content/_data/versions.yaml` needs to change for all online
 versions:
-1. Before creating the merge request, [disable the scheduled pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules/228/edit)
-   by unchecking the "Active" option. Since all steps must run in sequence, we need
-   to do this to avoid race conditions in the event some previous versions are
-   updated before the release merge request is merged.
 1. Run the raketask that will create all the respective merge requests needed to
    update the dropdowns and will be set to automatically be merged when their
    pipelines succeed. The `release-X-Y` branch needs to be present locally,
@@ -162,7 +176,9 @@ versions:
    ./bin/rake release:dropdowns
    ```
-Once all are merged, proceed to the following and final step.
+1. [Visit the merge requests page](https://gitlab.com/gitlab-org/gitlab-docs/merge_requests?label_name%5B%5D=release>)
+   to check that their pipelines pass, and once all are merged, proceed to the
+   following and final step.
 TIP: **Tip:**
 In case a pipeline fails, see [troubleshooting](#troubleshooting).
@@ -176,8 +192,8 @@ you need to only babysit the pipelines and make sure they don't fail:
 1. Check the [pipelines page](https://gitlab.com/gitlab-org/gitlab-docs/pipelines)
    and make sure all stable branches have green pipelines.
 1. After all the pipelines of the online versions succeed, merge the release merge request.
-1. Finally, re-activate the [scheduled pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules/228/edit),
-   save it, and hit the play button to get it started.
+1. Finally, run the [Build docker images weekly](https://gitlab.com/gitlab-org/gitlab-docs/pipeline_schedules)
+   pipeline that will build the `:latest` and `:archives` Docker images.
 Once the scheduled pipeline succeeds, the docs site will be deployed with all
 new versions online.
@@ -214,6 +230,10 @@ Releasing a new version is a long process that involves many moving parts.
 ### `test_internal_links_and_anchors` failing on dropdown merge requests
+NOTE: **Note:**
+We now pin versions in the `.gitlab-ci.yml` of the respective branch,
+so the steps below are deprecated.
+
 When [updating the dropdown for the stable versions](#4-update-the-dropdown-for-all-online-versions),
 there may be cases where some links might fail. The process of how the
 dropdown MRs are created have a caveat, and that is that the tests run by
@@ -229,7 +249,7 @@ branches for 12.2 were used, this wouldn't have failed, but as we can see from
 the [`compile_dev` job](https://gitlab.com/gitlab-org/gitlab-docs/-/jobs/328042427),
 the `master` branches were pulled.
-To fix this, you need to [re-run the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new)
+To fix this, [re-run the pipeline](https://gitlab.com/gitlab-org/gitlab-docs/pipelines/new)
 for the `update-12-2-for-release-12-4` branch, by including the following environment variables:
 - `BRANCH_CE` set to `12-2-stable`

doc/development/permissions.md

@@ -61,3 +61,42 @@ is stored in the `project_authorizations` table.
 Confidential issues can be accessed only by project members who are at least
 reporters (they can't be accessed by guests). Additionally they can be accessed
 by their authors and assignees.
+
+### Licensed features
+
+Some features can be accessed only if the user has the correct license plan.
+
+## Permission dependencies
+
+Feature policies can be quite complex and consist of multiple rules.
+Quite often, one permission can be based on another.
+
+Designing good permissions means reusing existing permissions as much as possible
+and making access to features granular.
+
+In the case of a complex resource, it should be broken into smaller pieces of information
+and each piece should be granted a different permission.
+
+A good example in this case is the _Merge Request widget_ and the _Security reports_.
+Depending on the visibility level of the _Pipelines_, the _Security reports_ will be either visible
+in the widget or not. So, the _Merge Request widget_, the _Pipelines_, and the _Security reports_,
+have separate permissions. Moreover, the permissions for the _Merge Request widget_
+and the _Pipelines_ are dependencies of the _Security reports_.
+
+### Permission dependencies of Secure features
+
+Secure features have complex permissions since these features are integrated
+into different features like Merge Requests and CI flow.
+
+ Here is a list of some permission dependencies.
+
+| Activity level | Resource | Locations |Permission dependency|
+|----------------|----------|-----------|-----|
+| View | License information | Dependency list, License Compliance | Can view repo |
+| View | Dependency information | Dependency list, License Compliance | Can view repo |
+| View | Vulnerabilities information | Dependency list | Can view security findings |
+| View | Black/Whitelisted licenses for the project | License Compliance, Merge request  | Can view repo |
+| View | Security findings | Merge Request, CI job page, Pipeline security tab | Can read the project and CI jobs |
+| View | Vulnerability feedback | Merge Request | Can read security findings |
+| View | Dependency List page | Project | Can access Dependency information |
+| View | License Compliance page | Project | Can access License information|

doc/user/group/index.md

@@ -314,6 +314,30 @@ If you want to retain ownership over the original namespace and
 protect the URL redirects, then instead of changing a group's path or renaming a
 username, you can create a new group and transfer projects to it.
+### Remove a group
+
+To remove a group and its contents:
+
+1. Navigate to your group's **{settings}** **Settings > General** page.
+1. Expand the **Path, transfer, remove** section.
+1. In the Remove group section, click the **Remove group** button.
+1. Confirm the action when asked to.
+
+This action either:
+
+- Removes the group, and also queues a background job to delete all projects in that group.
+- Since [GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/issues/33257), on [Premium or Silver](https://about.gitlab.com/pricing/premium/) or higher tiers, marks a group for deletion. The deletion will happen 7 days later by default, but this can be changed in the [instance settings](../admin_area/settings/visibility_and_access_controls.md#default-deletion-adjourned-period-premium-only).
+
+### Restore a group **(PREMIUM)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/33257) in GitLab 12.8.
+
+To restore a group that is marked for deletion:
+
+1. Navigate to your group's **{settings}** **Settings > General** page.
+1. Expand the **Path, transfer, remove** section.
+1. In the Restore group section, click the **Restore group** button.
+
 #### Enforce 2FA to group members
 Add a security layer to your group by