Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/error_tracking_settings/components/error_tracking_form.vue

@@ -32,12 +32,16 @@ export default {
             placeholder="https://mysentryserver.com"
             @input="updateApiHost"
           />
+          <p class="form-text text-muted">
+            {{
+              s__(
+                "ErrorTracking|If you self-host Sentry, enter the full URL of your Sentry instance. If you're using Sentry's hosted solution, enter https://sentry.io",
+              )
+            }}
+          </p>
           <!-- eslint-enable @gitlab/vue-i18n/no-bare-attribute-strings -->
         </div>
       </div>
-      <p class="form-text text-muted">
-        {{ s__('ErrorTracking|Find your hostname in your Sentry account settings page') }}
-      </p>
     </div>
     <div class="form-group" :class="{ 'gl-show-field-errors': connectError }">
       <label class="label-bold" for="error-tracking-token">

app/controllers/projects/raw_controller.rb

@@ -4,11 +4,15 @@
 class Projects::RawController < Projects::ApplicationController
   include ExtractsPath
   include SendsBlob
+  include StaticObjectExternalStorage
+
+  prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:blob) }
   before_action :require_non_empty_project
   before_action :assign_ref_vars
   before_action :authorize_download_code!
-  before_action :show_rate_limit, only: [:show]
+  before_action :show_rate_limit, only: [:show], unless: :external_storage_request?
+  before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled?
   def show
     @blob = @repository.blob_at(@commit.id, @path)

app/finders/pipelines_finder.rb

@@ -25,6 +25,7 @@ class PipelinesFinder
     items = by_name(items)
     items = by_username(items)
     items = by_yaml_errors(items)
+    items = by_updated_at(items)
     sort_items(items)
   end
@@ -128,6 +129,13 @@ class PipelinesFinder
   end
   # rubocop: enable CodeReuse/ActiveRecord
+  def by_updated_at(items)
+    items = items.updated_before(params[:updated_before]) if params[:updated_before].present?
+    items = items.updated_after(params[:updated_after]) if params[:updated_after].present?
+
+    items
+  end
+
   # rubocop: disable CodeReuse/ActiveRecord
   def sort_items(items)
     order_by = if ALLOWED_INDEXED_COLUMNS.include?(params[:order_by])

app/helpers/blob_helper.rb

@@ -215,14 +215,29 @@ module BlobHelper
     return if blob.binary? || blob.stored_externally?
     title = _('Open raw')
-    link_to icon('file-code-o'), blob_raw_path, class: 'btn btn-sm has-tooltip', target: '_blank', rel: 'noopener noreferrer', title: title, data: { container: 'body' }
+    link_to sprite_icon('doc-code'),
+      external_storage_url_or_path(blob_raw_path),
+      class: 'btn btn-sm has-tooltip',
+      target: '_blank',
+      rel: 'noopener noreferrer',
+      aria: { label: title },
+      title: title,
+      data: { container: 'body' }
   end
   def download_blob_button(blob)
     return if blob.empty?
     title = _('Download')
-    link_to sprite_icon('download'), blob_raw_path(inline: false), download: @path, class: 'btn btn-sm has-tooltip', target: '_blank', rel: 'noopener noreferrer', title: title, data: { container: 'body' }
+    link_to sprite_icon('download'),
+      external_storage_url_or_path(blob_raw_path(inline: false)),
+      download: @path,
+      class: 'btn btn-sm has-tooltip',
+      target: '_blank',
+      rel: 'noopener noreferrer',
+      aria: { label: title },
+      title: title,
+      data: { container: 'body' }
   end
   def blob_render_error_reason(viewer)

app/models/ci/pipeline.rb

@@ -14,6 +14,7 @@ module Ci
     include HasRef
     include ShaAttribute
     include FromUnion
+    include UpdatedAtFilterable
     sha_attribute :source_sha
     sha_attribute :target_sha
@@ -811,6 +812,10 @@ module Ci
       @persistent_ref ||= PersistentRef.new(pipeline: self)
     end
+    def find_successful_build_ids_by_names(names)
+      statuses.latest.success.where(name: names).pluck(:id)
+    end
+
     private
     def pipeline_data

app/models/concerns/ci/processable.rb

@@ -14,6 +14,8 @@ module Ci
       has_many :needs, class_name: 'Ci::BuildNeed', foreign_key: :build_id, inverse_of: :build
       accepts_nested_attributes_for :needs
+
+      scope :preload_needs, -> { preload(:needs) }
     end
     def schedulable?

app/services/ci/retry_pipeline_service.rb

@@ -9,13 +9,23 @@ module Ci
         raise Gitlab::Access::AccessDeniedError
       end
-      pipeline.retryable_builds.find_each do |build|
+      needs = Set.new
+
+      pipeline.retryable_builds.preload_needs.find_each do |build|
         next unless can?(current_user, :update_build, build)
         Ci::RetryBuildService.new(project, current_user)
           .reprocess!(build)
+
+        needs += build.needs.map(&:name)
       end
+      # In a DAG, the dependencies may have already completed. Figure out
+      # which builds have succeeded and use them to update the pipeline. If we don't
+      # do this, then builds will be stuck in the created state since their dependencies
+      # will never run.
+      completed_build_ids = pipeline.find_successful_build_ids_by_names(needs) if needs.any?
+
       pipeline.builds.latest.skipped.find_each do |skipped|
         retry_optimistic_lock(skipped) { |build| build.process }
       end
@@ -26,7 +36,7 @@ module Ci
       Ci::ProcessPipelineService
         .new(pipeline)
-        .execute
+        .execute(completed_build_ids)
     end
   end
 end

changelogs/unreleased/33099-updated_at-filters-for-pipelines-api.yml

+---
+title: Add updated_before and updated_after filters to the Pipelines API endpoint
+merge_request: 21133
+author:
+type: added

changelogs/unreleased/9983-document-make-using-gitlab-auth-with-vault-easy.yml

+---
+title: Resolve Document - Make using GitLab auth with Vault easy
+merge_request: 19980
+author:
+type: other

changelogs/unreleased/ab-keyset-pagination.yml

+---
+title: Keyset pagination for REST API (Project endpoint)
+merge_request: 21194
+author:
+type: added

changelogs/unreleased/allow-raw-blobs-to-be-served-from-external-storage.yml

+---
+title: Allow raw blobs to be served from an external storage
+merge_request: 20936
+author:
+type: added

changelogs/unreleased/sentry-url-helper-text.yml

+---
+title: Update helper text for sentry error tracking settings
+merge_request: 20663
+author: Rajendra Kadam
+type: added

changelogs/unreleased/sh-fix-pipeline-retry-dag.yml

+---
+title: Fix pipeline retry in a CI DAG
+merge_request: 21296
+author:
+type: fixed

doc/administration/high_availability/README.md

@@ -4,18 +4,19 @@ type: reference, concepts
 # Scaling and High Availability
-GitLab supports several different types of clustering and high-availability.
+GitLab supports a number of options for scaling your self-managed instance and configuring high availability (HA).
 The solution you choose will be based on the level of scalability and
 availability you require. The easiest solutions are scalable, but not necessarily
 highly available.
-GitLab provides a service that is usually essential to most organizations: it
+GitLab provides a service that is essential to most organizations: it
 enables people to collaborate on code in a timely fashion. Any downtime should
-therefore be short and planned. Luckily, GitLab provides a solid setup even on
-a single server without special measures. Due to the distributed nature
-of Git, developers can still commit code locally even when GitLab is not
+therefore be short and planned. Due to the distributed nature
+of Git, developers can continue to commit code locally even when GitLab is not
 available. However, some GitLab features such as the issue tracker and
-Continuous Integration are not available when GitLab is down.
+continuous integration are not available when GitLab is down.
+If you require all GitLab functionality to be highly available,
+consider the options outlined below.
 **Keep in mind that all highly-available solutions come with a trade-off between
 cost/complexity and uptime**. The more uptime you want, the more complex the
@@ -25,8 +26,8 @@ solution should balance the costs against the benefits.
 There are many options when choosing a highly-available GitLab architecture. We
 recommend engaging with GitLab Support to choose the best architecture for your
-use case. This page contains some various options and guidelines based on
-experience with GitLab.com and Enterprise Edition on-premises customers.
+use case. This page contains recommendations based on
+experience with GitLab.com and internal scale testing.
 For detailed insight into how GitLab scales and configures GitLab.com, you can
 watch [this 1 hour Q&A](https://www.youtube.com/watch?v=uCU8jdYzpac)

doc/administration/restart_gitlab.md

@@ -8,6 +8,7 @@ If you want the TL;DR versions, jump to:
 - [Omnibus GitLab restart](#omnibus-gitlab-restart)
 - [Omnibus GitLab reconfigure](#omnibus-gitlab-reconfigure)
 - [Source installation restart](#installations-from-source)
+- [Helm chart installation restart](#helm-chart-installations)
 ## Omnibus installations
@@ -143,3 +144,16 @@ If you are using other init systems, like systemd, you can check the
 [chef]: https://www.chef.io/products/chef-infra/ "Chef official website"
 [src-service]: https://gitlab.com/gitlab-org/gitlab/blob/master/lib/support/init.d/gitlab "GitLab init service file"
 [gl-recipes]: https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/init "GitLab Recipes repository"
+
+## Helm chart installations
+
+There is no single command to restart the entire GitLab application installed via
+the [cloud native Helm Chart](https://docs.gitlab.com/charts/). Usually, it should be
+enough to restart a specific component separately (`gitaly`, `unicorn`,
+`workhorse`, `gitlab-shell`, etc.) by deleting all the pods related to it:
+
+```bash
+kubectl delete pods -l release=<helm release name>,app=<component name>
+```
+
+The release name can be obtained from the output of the `helm list` command.

doc/api/pipelines.md

@@ -18,6 +18,8 @@ GET /projects/:id/pipelines
 | `yaml_errors`| boolean  | no       | Returns pipelines with invalid configurations |
 | `name`| string  | no       | The name of the user who triggered pipelines |
 | `username`| string  | no       | The username of the user who triggered pipelines |
+| `updated_after` | datetime | no | Return pipelines updated after the specified date. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
+| `updated_before` | datetime | no | Return pipelines updated before the specified date. Format: ISO 8601 YYYY-MM-DDTHH:MM:SSZ |
 | `order_by`| string  | no       | Order pipelines by `id`, `status`, `ref`, `updated_at` or `user_id` (default: `id`) |
 | `sort`    | string  | no       | Sort pipelines in `asc` or `desc` order (default: `desc`) |

doc/integration/README.md

@@ -30,6 +30,7 @@ GitLab can be configured to authenticate access requests with the following auth
 - Use [OmniAuth](omniauth.md) to enable sign in via Twitter, GitHub, GitLab.com, Google,
 Bitbucket, Facebook, Shibboleth, SAML, Crowd, Azure or Authentiq ID.
 - Use GitLab as an [OpenID Connect](openid_connect_provider.md) identity provider.
+- Authenticate to [Vault](vault.md) through GitLab OpenID Connect.
 - Configure GitLab as a [SAML](saml.md) 2.0 Service Provider.
 ## Security enhancements