Add latest changes from gitlab-org/gitlab@master

db/post_migrate/20191121122856_drop_packages_package_metadata_table.rb

+# frozen_string_literal: true
+
+class DropPackagesPackageMetadataTable < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def up
+    drop_table :packages_package_metadata
+  end
+
+  def down
+    create_table :packages_package_metadata do |t|
+      t.references :package, index: { unique: true }, null: false, foreign_key: { to_table: :packages_packages, on_delete: :cascade }, type: :integer
+      t.binary :metadata, null: false
+    end
+  end
+end

db/schema.rb

@@ -717,6 +717,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.jsonb "config_options"
     t.jsonb "config_variables"
     t.boolean "has_exposed_artifacts"
+    t.string "environment_auto_stop_in", limit: 255
     t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id", unique: true
     t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id_and_has_exposed_artifacts", where: "(has_exposed_artifacts IS TRUE)"
     t.index ["build_id"], name: "index_ci_builds_metadata_on_build_id_and_interruptible", where: "(interruptible = true)"
@@ -1447,6 +1448,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.string "environment_type"
     t.string "state", default: "available", null: false
     t.string "slug", null: false
+    t.datetime_with_timezone "auto_stop_at"
     t.index ["name"], name: "index_environments_on_name_varchar_pattern_ops", opclass: :varchar_pattern_ops
     t.index ["project_id", "name"], name: "index_environments_on_project_id_and_name", unique: true
     t.index ["project_id", "slug"], name: "index_environments_on_project_id_and_slug", unique: true
@@ -2822,6 +2824,20 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.index ["package_id"], name: "index_packages_conan_metadata_on_package_id", unique: true
   end
+  create_table "packages_dependencies", force: :cascade do |t|
+    t.string "name", limit: 255, null: false
+    t.string "version_pattern", limit: 255, null: false
+    t.index ["name", "version_pattern"], name: "index_packages_dependencies_on_name_and_version_pattern", unique: true
+  end
+
+  create_table "packages_dependency_links", force: :cascade do |t|
+    t.bigint "package_id", null: false
+    t.bigint "dependency_id", null: false
+    t.integer "dependency_type", limit: 2, null: false
+    t.index ["dependency_id"], name: "index_packages_dependency_links_on_dependency_id"
+    t.index ["package_id", "dependency_id", "dependency_type"], name: "idx_pkgs_dep_links_on_pkg_id_dependency_id_dependency_type", unique: true
+  end
+
   create_table "packages_maven_metadata", force: :cascade do |t|
     t.bigint "package_id", null: false
     t.datetime_with_timezone "created_at", null: false
@@ -2847,12 +2863,6 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.index ["package_id", "file_name"], name: "index_packages_package_files_on_package_id_and_file_name"
   end
-  create_table "packages_package_metadata", force: :cascade do |t|
-    t.integer "package_id", null: false
-    t.binary "metadata", null: false
-    t.index ["package_id"], name: "index_packages_package_metadata_on_package_id", unique: true
-  end
-
   create_table "packages_package_tags", force: :cascade do |t|
     t.integer "package_id", null: false
     t.string "name", limit: 255, null: false
@@ -2867,6 +2877,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.string "version"
     t.integer "package_type", limit: 2, null: false
     t.index ["name"], name: "index_packages_packages_on_name_trigram", opclass: :gin_trgm_ops, using: :gin
+    t.index ["project_id", "name", "version", "package_type"], name: "idx_packages_packages_on_project_id_name_version_package_type"
     t.index ["project_id"], name: "index_packages_packages_on_project_id"
   end
@@ -2929,6 +2940,7 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
     t.string "scopes", default: "--- []\n", null: false
     t.boolean "impersonation", default: false, null: false
     t.string "token_digest"
+    t.boolean "expire_notification_delivered", default: false, null: false
     t.index ["token_digest"], name: "index_personal_access_tokens_on_token_digest", unique: true
     t.index ["user_id", "expires_at"], name: "index_pat_on_user_id_and_expires_at"
     t.index ["user_id"], name: "index_personal_access_tokens_on_user_id"
@@ -4565,9 +4577,10 @@ ActiveRecord::Schema.define(version: 2019_12_04_093410) do
   add_foreign_key "operations_feature_flags_clients", "projects", on_delete: :cascade
   add_foreign_key "packages_conan_file_metadata", "packages_package_files", column: "package_file_id", on_delete: :cascade
   add_foreign_key "packages_conan_metadata", "packages_packages", column: "package_id", on_delete: :cascade
+  add_foreign_key "packages_dependency_links", "packages_dependencies", column: "dependency_id", on_delete: :cascade
+  add_foreign_key "packages_dependency_links", "packages_packages", column: "package_id", on_delete: :cascade
   add_foreign_key "packages_maven_metadata", "packages_packages", column: "package_id", name: "fk_be88aed360", on_delete: :cascade
   add_foreign_key "packages_package_files", "packages_packages", column: "package_id", name: "fk_86f0f182f8", on_delete: :cascade
-  add_foreign_key "packages_package_metadata", "packages_packages", column: "package_id", on_delete: :cascade
   add_foreign_key "packages_package_tags", "packages_packages", column: "package_id", on_delete: :cascade
   add_foreign_key "packages_packages", "projects", on_delete: :cascade
   add_foreign_key "pages_domain_acme_orders", "pages_domains", on_delete: :cascade

doc/administration/geo/replication/docker_registry.md

@@ -51,7 +51,7 @@ We need to make Docker Registry send notification events to the
        'threshold' => 5,
        'backoff' => '1s',
        'headers' => {
-         'Authorization' => ['<replace_with_a_secret_token>']
+         'Authorization' => ['<replace_with_a_secret_token>'] # An alphanumeric string. Case sensitive and must start with a letter.
        }
      }
    ]
@@ -59,7 +59,7 @@ We need to make Docker Registry send notification events to the
    NOTE: **Note:**
    If you use an external Registry (not the one integrated with GitLab), you must add
-   these settings to its configuration. In this case, you will also have to specify
+   these settings to its configuration yourself. In this case, you will also have to specify
    notification secret in `registry.notification_secret` section of
    `/etc/gitlab/gitlab.rb` file.
@@ -100,7 +100,7 @@ generate a short-lived JWT that is pull-only-capable to access the
    ```ruby
    gitlab_rails['geo_registry_replication_enabled'] = true
-   gitlab_rails['geo_registry_replication_primary_api_url'] = 'http://primary.example.com:5000/' # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
+   gitlab_rails['geo_registry_replication_primary_api_url'] = 'http://primary.example.com:4567/' # Primary registry address, it will be used by the secondary node to directly communicate to primary registry
    ```
 1. Reconfigure the **secondary** node for the change to take effect:

doc/api/graphql/index.md

@@ -61,6 +61,7 @@ The GraphQL API includes the following queries at the root level:
 1. `namespace` : Within a namespace it is also possible to fetch `projects`.
 1. `currentUser`: Information about the currently logged in user.
 1. `metaData`: Metadata about GitLab and the GraphQL API.
+1. `snippets`: Snippets visible to the currently logged in user.
 Root-level queries are defined in
 [`app/graphql/types/query_type.rb`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/graphql/types/query_type.rb).

doc/api/graphql/reference/gitlab_schema.graphql

@@ -4512,6 +4512,41 @@ type Project {
   """
   sharedRunnersEnabled: Boolean
+  """
+  Snippets of the project
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
+
   """
   (deprecated) Does this project have snippets enabled?. Use `snippets_access_level` instead
   """
@@ -4675,9 +4710,9 @@ type ProjectPermissions {
   createPipelineSchedule: Boolean!
   """
-  Whether or not a user can perform `create_project_snippet` on this resource
+  Whether or not a user can perform `create_snippet` on this resource
   """
-  createProjectSnippet: Boolean!
+  createSnippet: Boolean!
   """
   Whether or not a user can perform `create_wiki` on this resource
@@ -4882,6 +4917,61 @@ type Query {
     """
     fullPath: ID!
   ): Project
+
+  """
+  Find Snippets visible to the current user
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    The ID of an author
+    """
+    authorId: ID
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Explore personal snippets
+    """
+    explore: Boolean
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The ID of a project
+    """
+    projectId: ID
+
+    """
+    The type of snippet
+    """
+    type: TypeEnum
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
 }
 """
@@ -5137,6 +5227,193 @@ enum SentryErrorStatus {
   UNRESOLVED
 }
+"""
+Represents a snippet entry
+"""
+type Snippet implements Noteable {
+  """
+  The owner of the snippet
+  """
+  author: User!
+
+  """
+  Content of the snippet
+  """
+  content: String!
+
+  """
+  Timestamp this snippet was created
+  """
+  createdAt: Time!
+
+  """
+  Description of the snippet
+  """
+  description: String
+
+  """
+  The GitLab Flavored Markdown rendering of `description`
+  """
+  descriptionHtml: String
+
+  """
+  All discussions on this noteable
+  """
+  discussions(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): DiscussionConnection!
+
+  """
+  File Name of the snippet
+  """
+  fileName: String
+
+  """
+  Id of the snippet
+  """
+  id: ID!
+
+  """
+  All notes on this noteable
+  """
+  notes(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+  ): NoteConnection!
+
+  """
+  The project the snippet is associated with
+  """
+  project: Project
+
+  """
+  Raw URL of the snippet
+  """
+  rawUrl: String!
+
+  """
+  Title of the snippet
+  """
+  title: String!
+
+  """
+  Timestamp this snippet was updated
+  """
+  updatedAt: Time!
+
+  """
+  Permissions for the current user on the resource
+  """
+  userPermissions: SnippetPermissions!
+
+  """
+  Visibility of the snippet
+  """
+  visibility: String!
+
+  """
+  Web URL of the snippet
+  """
+  webUrl: String!
+}
+
+"""
+The connection type for Snippet.
+"""
+type SnippetConnection {
+  """
+  A list of edges.
+  """
+  edges: [SnippetEdge]
+
+  """
+  A list of nodes.
+  """
+  nodes: [Snippet]
+
+  """
+  Information to aid in pagination.
+  """
+  pageInfo: PageInfo!
+}
+
+"""
+An edge in a connection.
+"""
+type SnippetEdge {
+  """
+  A cursor for use in pagination.
+  """
+  cursor: String!
+
+  """
+  The item at the end of the edge.
+  """
+  node: Snippet
+}
+
+type SnippetPermissions {
+  """
+  Whether or not a user can perform `admin_snippet` on this resource
+  """
+  adminSnippet: Boolean!
+
+  """
+  Whether or not a user can perform `award_emoji` on this resource
+  """
+  awardEmoji: Boolean!
+
+  """
+  Whether or not a user can perform `create_note` on this resource
+  """
+  createNote: Boolean!
+
+  """
+  Whether or not a user can perform `read_snippet` on this resource
+  """
+  readSnippet: Boolean!
+
+  """
+  Whether or not a user can perform `update_snippet` on this resource
+  """
+  updateSnippet: Boolean!
+}
+
 type Submodule implements Entry {
   flatPath: String!
   id: ID!
@@ -5602,6 +5879,11 @@ type TreeEntryEdge {
   node: TreeEntry
 }
+enum TypeEnum {
+  personal
+  project
+}
+
 """
 Autogenerated input type of UpdateEpic
 """
@@ -5740,6 +6022,46 @@ type User {
   """
   name: String!
+  """
+  Snippets authored by the user
+  """
+  snippets(
+    """
+    Returns the elements in the list that come after the specified cursor.
+    """
+    after: String
+
+    """
+    Returns the elements in the list that come before the specified cursor.
+    """
+    before: String
+
+    """
+    Returns the first _n_ elements from the list.
+    """
+    first: Int
+
+    """
+    Array of global snippet ids, e.g., "gid://gitlab/ProjectSnippet/1"
+    """
+    ids: [ID!]
+
+    """
+    Returns the last _n_ elements from the list.
+    """
+    last: Int
+
+    """
+    The type of snippet
+    """
+    type: TypeEnum
+
+    """
+    The visibility of the snippet
+    """
+    visibility: VisibilityScopesEnum
+  ): SnippetConnection
+
   """
   Todos of the user
   """
@@ -5795,6 +6117,11 @@ type User {
     type: [TodoTargetEnum!]
   ): TodoConnection!
+  """
+  Permissions for the current user on the resource
+  """
+  userPermissions: UserPermissions!
+
   """
   Username of the user. Unique within this instance of GitLab
   """
@@ -5839,4 +6166,17 @@ type UserEdge {
   The item at the end of the edge.
   """
   node: User
+}
+
+type UserPermissions {
+  """
+  Whether or not a user can perform `create_snippet` on this resource
+  """
+  createSnippet: Boolean!
+}
+
+enum VisibilityScopesEnum {
+  internal
+  private
+  public
 }
\ No newline at end of file

doc/api/graphql/reference/index.md

@@ -689,7 +689,6 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `downloadCode` | Boolean! | Whether or not a user can perform `download_code` on this resource |
 | `downloadWikiCode` | Boolean! | Whether or not a user can perform `download_wiki_code` on this resource |
 | `forkProject` | Boolean! | Whether or not a user can perform `fork_project` on this resource |
-| `createProjectSnippet` | Boolean! | Whether or not a user can perform `create_project_snippet` on this resource |
 | `readCommitStatus` | Boolean! | Whether or not a user can perform `read_commit_status` on this resource |
 | `requestAccess` | Boolean! | Whether or not a user can perform `request_access` on this resource |
 | `createPipeline` | Boolean! | Whether or not a user can perform `create_pipeline` on this resource |
@@ -710,6 +709,7 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `destroyPages` | Boolean! | Whether or not a user can perform `destroy_pages` on this resource |
 | `readPagesContent` | Boolean! | Whether or not a user can perform `read_pages_content` on this resource |
 | `adminOperations` | Boolean! | Whether or not a user can perform `admin_operations` on this resource |
+| `createSnippet` | Boolean! | Whether or not a user can perform `create_snippet` on this resource |
 | `readDesign` | Boolean! | Whether or not a user can perform `read_design` on this resource |
 | `createDesign` | Boolean! | Whether or not a user can perform `create_design` on this resource |
 | `destroyDesign` | Boolean! | Whether or not a user can perform `destroy_design` on this resource |
@@ -787,6 +787,35 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | `time` | Time! | Time the error frequency stats were recorded |
 | `count` | Int! | Count of errors received since the previously recorded time |
+### Snippet
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `userPermissions` | SnippetPermissions! | Permissions for the current user on the resource |
+| `id` | ID! | Id of the snippet |
+| `title` | String! | Title of the snippet |
+| `project` | Project | The project the snippet is associated with |
+| `author` | User! | The owner of the snippet |
+| `fileName` | String | File Name of the snippet |
+| `content` | String! | Content of the snippet |
+| `description` | String | Description of the snippet |
+| `visibility` | String! | Visibility of the snippet |
+| `createdAt` | Time! | Timestamp this snippet was created |
+| `updatedAt` | Time! | Timestamp this snippet was updated |
+| `webUrl` | String! | Web URL of the snippet |
+| `rawUrl` | String! | Raw URL of the snippet |
+| `descriptionHtml` | String | The GitLab Flavored Markdown rendering of `description` |
+
+### SnippetPermissions
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `createNote` | Boolean! | Whether or not a user can perform `create_note` on this resource |
+| `awardEmoji` | Boolean! | Whether or not a user can perform `award_emoji` on this resource |
+| `readSnippet` | Boolean! | Whether or not a user can perform `read_snippet` on this resource |
+| `updateSnippet` | Boolean! | Whether or not a user can perform `update_snippet` on this resource |
+| `adminSnippet` | Boolean! | Whether or not a user can perform `admin_snippet` on this resource |
+
 ### Submodule
 | Name  | Type  | Description |
@@ -892,7 +921,14 @@ The API can be explored interactively using the [GraphiQL IDE](../index.md#graph
 | Name  | Type  | Description |
 | ---   |  ---- | ----------  |
+| `userPermissions` | UserPermissions! | Permissions for the current user on the resource |
 | `name` | String! | Human-readable name of the user |
 | `username` | String! | Username of the user. Unique within this instance of GitLab |
 | `avatarUrl` | String! | URL of the user's avatar |
 | `webUrl` | String! | Web URL of the user |
+
+### UserPermissions
+
+| Name  | Type  | Description |
+| ---   |  ---- | ----------  |
+| `createSnippet` | Boolean! | Whether or not a user can perform `create_snippet` on this resource |

doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md

@@ -86,12 +86,15 @@ In case, you have a high-priority merge request (e.g. critical patch) to be merg
 you can use **Merge Immediately** option for bypassing the merge train.
 This is the fastest option to get the change merged into the target branch.
-![Merge Immediately](img/merge_train_immediate_merge.png)
+![Merge Immediately](img/merge_train_immediate_merge_v12_6.png)
 However, every time you merge a merge request immediately, it could affect the
 existing merge train to be reconstructed, specifically, it regenerates expected
 merge commits and pipelines. This means, merging immediately essentially wastes
-CI resources.
+CI resources. Because of these downsides, you will be asked to confirm before
+the merge is initiated:
+
+![Merge immediately confirmation dialog](img/merge_train_immediate_merge_confirmation_dialog_v12_6.png)
 ## Troubleshooting

doc/development/packages.md

@@ -23,19 +23,12 @@ The goal of the Package group is to build a set of features that, within three y
 | [Bower](https://gitlab.com/gitlab-org/gitlab/issues/36888) | Boost your front end development by hosting your own Bower components.  |
 | [Chef](https://gitlab.com/gitlab-org/gitlab/issues/36889) | Configuration management with Chef using all the benefits of a repository manager. |
 | [CocoaPods](https://gitlab.com/gitlab-org/gitlab/issues/36890) | Speed up development with Xcode and CocoaPods. |
-| [Conan](https://docs.gitlab.com/ee/user/packages/conan_repository/) *12.6+* | A standardized way to share and version control C/C++ libraries across projects. |
 | [Conda](https://gitlab.com/gitlab-org/gitlab/issues/36891) | Secure and private local Conda repositories. |
 | [CRAN](https://gitlab.com/gitlab-org/gitlab/issues/36892) | Deploy and resolve CRAN packages for the R language. |
 | [Debian](https://gitlab.com/gitlab-org/gitlab/issues/5835) | Host and provision Debian packages. |
-| [Docker](https://docs.gitlab.com/ee/user/packages/container_registry/) *8.8+* | Host your own secure private Docker registries and proxy external Docker registries such as Docker Hub. |
 | [Go](https://gitlab.com/gitlab-org/gitlab/issues/9773) | Resolve Go dependencies from and publish your Go packages to GitLab.  |
-| [Helm](https://gitlab.com/gitlab-org/gitlab/issues/18997) | Manage your Helm Charts in GitLab and gain control over deployments to your Kubernetes cluster. |
-| [Maven](https://docs.gitlab.com/ee/user/packages/maven_repository/index.html) *11.3+*| The GitLab Maven Repository enables every project in GitLab to have its own space to store Maven packages. |
-| [npm](https://docs.gitlab.com/ee/user/packages/npm_registry/index.html) *11.7+* | Host your own node.js packages. |
-| [NuGet](https://gitlab.com/gitlab-org/gitlab/issues/20050) *Planned for 12.7*| Host NuGet packages in GitLab, and pull libraries into your various Visual Studio .NET applications. |
 | [Opkg](https://gitlab.com/gitlab-org/gitlab/issues/36894) | Optimize your work with OpenWrt using Opkg repositories. |
 | [P2](https://gitlab.com/gitlab-org/gitlab/issues/36895) | Host all your Eclipse plugins in your own GitLab P2 repository. |
-| [PHP Composer](https://gitlab.com/gitlab-org/gitlab/issues/15886) | Provision Composer packages from GitLab and access Packagist and other remote Composer metadata repositories. |
 | [Puppet](https://gitlab.com/gitlab-org/gitlab/issues/36897) | Configuration management meets repository management with Puppet repositories. |
 | [PyPi](https://gitlab.com/gitlab-org/gitlab/issues/10483) | Host PyPi distributions. |
 | [RPM](https://gitlab.com/gitlab-org/gitlab/issues/5932) | Distribute RPMs directly from GitLab. |

doc/development/testing_guide/review_apps.md

@@ -186,22 +186,89 @@ secure note named `gitlab-{ce,ee} Review App's root password`.
    `review-qa-raise-e-12chm0-migrations.1-nqwtx`.
 1. Click on the `Container logs` link.
-### Diagnosing unhealthy review-app releases
-
-If [Review App Stability](https://gitlab.com/gitlab-org/quality/team-tasks/issues/93) dips this may be a signal
-that the `review-apps-ce/ee` cluster is unhealthy. Leading indicators may be healthcheck failures leading to restarts or majority failure for Review App deployments.
-
-The following items may help diagnose this:
-
-- [Review Apps Health dashboard](https://app.google.stackdriver.com/dashboards/6798952013815386466?project=gitlab-review-apps&timeDomain=1d)
-  - Aids in identifying load spikes on the cluster, and if nodes are problematic or the entire cluster is trending towards unhealthy.
-- `kubectl top nodes | sort --key 3 --numeric` - can identify if node spikes are common or load on specific nodes which may get rebalanced by the Kubernetes scheduler.
-- `kubectl top pods | sort --key 2 --numeric` -
-- [K9s] - K9s is a powerful command line dashboard which allows you to filter by labels. This can help identify trends with apps exceeding the [review-app resource requests](https://gitlab.com/gitlab-org/gitlab/blob/master/scripts/review_apps/base-config.yaml). Kubernetes will schedule pods to nodes based on resource requests and allow for CPU usage up to the limits.
-  - In K9s you can sort or add filters by typing the `/` character
-    - `-lrelease=<review-app-slug>` - filters down to all pods for a release. This aids in determining what is having issues in a single deployment
-    - `-lapp=<app>` - filters down to all pods for a specific app. This aids in determining resource usage by app.
-  - You can scroll to a Kubernetes resource and hit `d`(describe), `s`(shell), `l`(logs) for a deeper inspection
+## Diagnosing unhealthy Review App releases
+
+If [Review App Stability](https://app.periscopedata.com/app/gitlab/496118/Engineering-Productivity-Sandbox?widget=6690556&udv=785399)
+dips this may be a signal that the `review-apps-ce/ee` cluster is unhealthy.
+Leading indicators may be healthcheck failures leading to restarts or majority failure for Review App deployments.
+
+The [Review Apps Overview dashboard](https://app.google.stackdriver.com/dashboards/6798952013815386466?project=gitlab-review-apps&timeDomain=1d)
+aids in identifying load spikes on the cluster, and if nodes are problematic or the entire cluster is trending towards unhealthy.
+
+### Node count is always increasing (i.e. never stabilizing or decreasing)
+
+**Potential cause:**
+
+That could be a sign that the [`schedule:review-cleanup`][gitlab-ci-yml] job is
+failing to cleanup stale Review Apps and Kubernetes resources.
+
+**Where to look for further debugging:**
+
+Look at the latest `schedule:review-cleanup` job log, and identify look for any
+unexpected failure.
+
+### p99 CPU utilization is at 100% for most of the nodes and/or many components
+
+**Potential cause:**
+
+This could be a sign that Helm is failing to deploy Review Apps. When Helm has a
+lot of `FAILED` releases, it seems that the CPU utilization is increasing, probably
+due to Helm or Kubernetes trying to recreate the components.
+
+**Where to look for further debugging:**
+
+Look at a recent `review-deploy` job log, and at the Tiller logs.
+
+**Useful commands:**
+
+```shell
+# Identify if node spikes are common or load on specific nodes which may get rebalanced by the Kubernetes scheduler
+› kubectl top nodes | sort --key 3 --numeric
+
+# Identify pods under heavy CPU load
+› kubectl top pods | sort --key 2 --numeric
+```
+
+### The `logging/user/events/FailedMount` chart is going up
+
+**Potential cause:**
+
+This could be a sign that there are too many stale secrets and/or config maps.
+
+**Where to look for further debugging:**
+
+Look at [the list of Configurations](https://console.cloud.google.com/kubernetes/config?project=gitlab-review-apps)
+or `kubectl get secret,cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-'`.
+
+Any secrets or config maps older than 5 days are suspect and should be deleted.
+
+**Useful commands:**
+
+```
+# List secrets and config maps ordered by created date
+› kubectl get secret,cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-'
+
+# Delete all secrets that are 5 to 9 days old
+› kubectl get secret --sort-by='{.metadata.creationTimestamp}' | grep '^review-' | grep '[5-9]d$' | cut -d' ' -f1 | xargs kubectl delete secret
+
+# Delete all secrets that are 10 to 99 days old
+› kubectl get secret --sort-by='{.metadata.creationTimestamp}' | grep '^review-' | grep '[1-9][0-9]d$' | cut -d' ' -f1 | xargs kubectl delete secret
+
+# Delete all config maps that are 5 to 9 days old
+› kubectl get cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-' | grep -v 'dns-gitlab-review-app' | grep '[5-9]d$' | cut -d' ' -f1 | xargs kubectl delete cm
+
+# Delete all config maps that are 10 to 99 days old
+› kubectl get cm --sort-by='{.metadata.creationTimestamp}' | grep 'review-' | grep -v 'dns-gitlab-review-app' | grep '[1-9][0-9]d$' | cut -d' ' -f1 | xargs kubectl delete cm
+```
+
+### Using K9s
+
+[K9s] is a powerful command line dashboard which allows you to filter by labels. This can help identify trends with apps exceeding the [review-app resource requests](https://gitlab.com/gitlab-org/gitlab/blob/master/scripts/review_apps/base-config.yaml). Kubernetes will schedule pods to nodes based on resource requests and allow for CPU usage up to the limits.
+
+- In K9s you can sort or add filters by typing the `/` character
+  - `-lrelease=<review-app-slug>` - filters down to all pods for a release. This aids in determining what is having issues in a single deployment
+  - `-lapp=<app>` - filters down to all pods for a specific app. This aids in determining resource usage by app.
+- You can scroll to a Kubernetes resource and hit `d`(describe), `s`(shell), `l`(logs) for a deeper inspection
 ![K9s](img/k9s.png)

doc/subscriptions/index.md

@@ -223,6 +223,46 @@ The following table describes details of your subscription for groups:
 | Subscription start date | Date your subscription started. If this is for a Free plan, is the date you transitioned off your group's paid plan. |
 | Subscription end date | Date your current subscription will end. Does not apply to Free plans. |
+#### CI pipeline minutes
+
+CI pipeline minutes are the execution time for your [pipelines](../ci/pipelines.md) on our shared runners. Each [GitLab.com tier](https://about.gitlab.com/pricing/) includes a monthly quota of CI pipeline minutes. The quota is applied per group, shared across all members of that group, its subgroups and nested projects. To view the usage, navigate to the group's page, then **Settings > Usage Quotas**.
+
+Only pipeline minutes for our shared runners are restricted. If you have a specific runner setup for your projects, there is no limit to your build time on GitLab.com.
+
+The minutes limit only applies to private projects. The available quota is reset on the first of each calendar month at midnight UTC.
+
+If you reach your limit, you can [purchase additional CI minutes](#extra-shared-runners-pipeline-minutes), or upgrade your account to [Silver or Gold](https://about.gitlab.com/pricing/). Note, your own runners can still be used even if you reach your limits.
+
+##### How pipeline quota usage is calculated
+
+Pipeline quota usage is calculated as the sum of the duration of each individual job. This is slightly different to how pipeline _duration_ is [calculated](https://docs.gitlab.com/ee/ci/pipelines.html#how-pipeline-duration-is-calculated). Pipeline quota usage doesn't consider the intersection of jobs.
+
+A simple example is:
+
+A (1, 3)
+B (2, 4)
+C (6, 7)
+
+In the example:
+
+A begins at 1 and ends at 3.
+B begins at 2 and ends at 4.
+C begins at 6 and ends at 7.
+Visually, it can be viewed as:
+
+```
+0  1  2  3  4  5  6  7
+   AAAAAAA
+      BBBBBBB
+                  CCCC
+```
+
+The sum of each individual job is being calculated therefore in this example, `8` runner minutes would be used for this pipeline:
+
+```
+A + B + C = 3 + 3 + 2 => 8
+```
+
 #### Extra Shared Runners pipeline minutes
 If you're using GitLab.com, you can purchase additional CI minutes so your

doc/topics/autodevops/index.md

@@ -1340,26 +1340,28 @@ spec:
   service account for your project. For help debugging this issue, see
   [Troubleshooting failed deployment jobs](../../user/project/clusters/index.md#troubleshooting).
-### Disable the banner instance wide
-If an administrator would like to disable the banners on an instance level, this
-feature can be disabled either through the console:
-```sh
-sudo gitlab-rails console
-```
-Then run:
-```ruby
-Feature.get(:auto_devops_banner_disabled).enable
-```
-Or through the HTTP API with an admin access token:
-```sh
-curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https://gitlab.example.com/api/v4/features/auto_devops_banner_disabled
-```
+### Auto DevOps banner
+The following Auto DevOps banner will show for maintainers+ on new projects when Auto DevOps is not enabled
+![Auto DevOps banner](img/autodevops_banner_v12_6.png)
+The banner can be disabled:
+- Per user when they dismiss it.
+- Project-wide by explicitly [disabling Auto DevOps](#enablingdisabling-auto-devops).
+- By a GitLab administrator for an entire GitLab instance by either:
+  - Running the following in a Rails console:
+
+    ```ruby
+    Feature.get(:auto_devops_banner_disabled).enable
+    ```
+  - Through the REST API with an admin access token:
+    ```sh
+    curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https://gitlab.example.com/api/v4/features/auto_devops_banner_disabled
+    ```
 [ce-37115]: https://gitlab.com/gitlab-org/gitlab-foss/issues/37115
 [docker-in-docker]: ../../docker/using_docker_build.md#use-docker-in-docker-executor

doc/user/application_security/dependency_scanning/index.md

@@ -143,6 +143,7 @@ using environment variables.
 | `DS_RUN_ANALYZER_TIMEOUT`               | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. |
 | `PIP_INDEX_URL`                         | Base URL of Python Package Index (default `https://pypi.org/simple`). |
 | `PIP_EXTRA_INDEX_URL`                   | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
+| `PIP_REQUIREMENTS_FILE`                 | Pip requirements file to be scanned. |
 | `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to the maven analyzer during the project's build phase (see example for [using private repos](#using-private-maven-repos)). |
 | `BUNDLER_AUDIT_UPDATE_DISABLED`         | Disable automatic updates for the `bundler-audit` analyzer (default: `"false"`). Useful if you're running Dependency Scanning in an offline, air-gapped environment.|

doc/user/packages/npm_registry/index.md

@@ -122,7 +122,7 @@ Then, you could run `npm publish` either locally or via GitLab CI/CD:
 - **GitLab CI/CD:** Set an `NPM_TOKEN` [variable](../../../ci/variables/README.md)
   under your project's **Settings > CI/CD > Variables**.
-  
+
 ### Authenticating with a CI job token
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9104) in GitLab Premium 12.5.
@@ -130,7 +130,7 @@ Then, you could run `npm publish` either locally or via GitLab CI/CD:
 If you’re using NPM with GitLab CI/CD, a CI job token can be used instead of a personal access token.
 The token will inherit the permissions of the user that generates the pipeline.
-Add a corresponding section to your `.npmrc` file:  
+Add a corresponding section to your `.npmrc` file:
 ```ini
 @foo:registry=https://gitlab.com/api/v4/packages/npm/
@@ -226,3 +226,19 @@ And the `.npmrc` file should look like:
 //gitlab.com/api/v4/packages/npm/:_authToken=<your_oauth_token>
 @foo:registry=https://gitlab.com/api/v4/packages/npm/
 ```
+
+## NPM dependencies metadata
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/11867) in GitLab Premium 12.6.
+
+Starting from GitLab 12.6, new packages published to the GitLab NPM Registry expose the following attributes to the NPM client:
+
+- name
+- version
+- dist-tags
+- dependencies
+  - dependencies
+  - devDependencies
+  - bundleDependencies
+  - peerDependencies
+  - deprecated

doc/user/project/pipelines/settings.md

@@ -73,37 +73,40 @@ For information about setting a maximum artifact size for a project, see
 By default we look for the `.gitlab-ci.yml` file in the project's root
 directory. If needed, you can specify an alternate path and file name, including locations outside the project.
-Hosting the configuration file in a separate project will allow stricter control of the
-configuration file. You can limit access to the project hosting the configuration to only people
-with proper authorization, and users can use the configuration for their pipelines,
-without being able to modify it.
-If the CI configuration will stay within the repository, but in a
-location different than the default,
-the path must be relative to the root directory. Examples of valid paths and file names:
+To customize the path:
+1. Go to the project's **Settings > CI / CD**.
+1. Expand the **General pipelines** section.
+1. Provide a value in the **Custom CI configuration path** field.
+1. Click **Save changes**.
+
+If the CI configuration is stored within the repository in a non-default
+location, the path must be relative to the root directory. Examples of valid
+paths and file names include:
 - `.gitlab-ci.yml` (default)
 - `.my-custom-file.yml`
 - `my/path/.gitlab-ci.yml`
 - `my/path/.my-custom-file.yml`
+If the CI configuration will be hosted on an external site, the URL link must end with `.yml`:
+
+- `http://example.com/generate/ci/config.yml`
+
 If the CI configuration will be hosted in a different project within GitLab, the path must be relative
 to the root directory in the other project, with the group and project name added to the end:
 - `.gitlab-ci.yml@mygroup/another-project`
 - `my/path/.my-custom-file.yml@mygroup/another-project`
-If the CI configuration will be hosted on an external site, different than the GitLab instance,
-the URL link must end with `.yml`:
-
-- `http://example.com/generate/ci/config.yml`
-The path can be customized at a project level. To customize the path:
-1. Go to the project's **Settings > CI / CD**.
-1. Expand the **General pipelines** section.
-1. Provide a value in the **Custom CI configuration path** field.
-1. Click **Save changes**.
+Hosting the configuration file in a separate project allows stricter control of the
+configuration file. For example:
+- Create a public project to host the configuration file.
+- Give write permissions on the project only to users who are allowed to edit the file.
+Other users and projects will be able to access the configuration file without being
+able to edit it.
 ## Test coverage parsing

doc/user/project/repository/forking_workflow.md

@@ -37,6 +37,10 @@ After the forking is done, you can start working on the newly created
 repository. There, you will have full [Owner](../../permissions.md)
 access, so you can set it up as you please.
+CAUTION: **CAUTION:**
+From GitLab 12.6 onwards, if the [visibility of an upstream project is reduced](../../../public_access/public_access.md#reducing-visibility)
+in any way, the fork relationship with all its forks will be removed.
+
 ## Merging upstream
 Once you are ready to send your code back to the main project, you need

lib/gitlab/ci/config/entry/environment.rb

@@ -10,7 +10,7 @@ module Gitlab
         class Environment < ::Gitlab::Config::Entry::Node
           include ::Gitlab::Config::Entry::Configurable
-          ALLOWED_KEYS = %i[name url action on_stop kubernetes].freeze
+          ALLOWED_KEYS = %i[name url action on_stop auto_stop_in kubernetes].freeze
           entry :kubernetes, Entry::Kubernetes, description: 'Kubernetes deployment configuration.'
@@ -49,6 +49,7 @@ module Gitlab
               validates :on_stop, type: String, allow_nil: true
               validates :kubernetes, type: Hash, allow_nil: true
+              validates :auto_stop_in, duration: true, allow_nil: true
             end
           end
@@ -80,6 +81,10 @@ module Gitlab
             value[:kubernetes]
           end
+          def auto_stop_in
+            value[:auto_stop_in]
+          end
+
           def value
             case @config
             when String then { name: @config, action: 'start' }