diff --git a/.codeclimate.yml b/.codeclimate.yml index 2be8e63e84..ccc09fcc77 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -38,3 +38,4 @@ exclude_paths: - backups/ - coverage-javascript/ - plugins/ + - file_hooks/ diff --git a/.eslintrc.yml b/.eslintrc.yml index 8d34efc9a6..0639228fe5 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -1,6 +1,6 @@ extends: - - '@gitlab' - - plugin:promise/recommended + - plugin:@gitlab/default + - plugin:@gitlab/i18n - plugin:no-jquery/slim - plugin:no-jquery/deprecated-3.4 globals: @@ -16,9 +16,6 @@ settings: webpack: config: './config/webpack.config.js' rules: - "@gitlab/i18n/no-non-i18n-strings": error - "@gitlab/vue-i18n/no-bare-strings": error - "@gitlab/vue-i18n/no-bare-attribute-strings": error import/no-commonjs: error no-underscore-dangle: - error @@ -54,4 +51,4 @@ overrides: - files: - '**/spec/**/*' rules: - "@gitlab/i18n/no-non-i18n-strings": off + "@gitlab/require-i18n-strings": off diff --git a/.gitignore b/.gitignore index 4bebf3fd04..3120c1c1bd 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,7 @@ eslint-report.html /config/database*.yml /config/gitlab.yml /config/gitlab_ci.yml +/config/Gitlab.gitlab-license /config/initializers/rack_attack.rb /config/initializers/smtp_settings.rb /config/initializers/relative_url.rb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index be1818391c..9e808cc7a9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34" +image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34" stages: - sync @@ -12,10 +12,14 @@ stages: - post-qa - pages -# always use `gitlab-org` runners +# always use `gitlab-org` runners, however +# in cases where jobs require Docker-in-Docker, the job +# definition must be extended with `.use-docker-in-docker` default: tags: - gitlab-org + # All jobs are interruptible by default + interruptible: true workflow: rules: @@ -47,6 +51,7 @@ variables: BUILD_ASSETS_IMAGE: "false" ES_JAVA_OPTS: "-Xms256m -Xmx256m" ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200" + DOCKER_VERSION: "19.03.0" include: - local: .gitlab/ci/cache-repo.gitlab-ci.yml diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml index e77a75d282..27ceb6f37d 100644 --- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml +++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml @@ -3,15 +3,15 @@ - .default-retry - .default-cache - .default-before_script - - .use-pg9 + - .use-pg11 stage: test - needs: ["setup-test-env"] + needs: ["setup-test-env pg11"] variables: FIXTURE_PATH: "db/fixtures/development" SEED_CYCLE_ANALYTICS: "true" SEED_PRODUCTIVITY_ANALYTICS: "true" CYCLE_ANALYTICS_ISSUE_COUNT: 1 - SIZE: 0 # number of external projects to fork, requires network connection + SIZE: 0 # number of external projects to fork, requires network connection # SEED_NESTED_GROUPS: "false" # requires network connection run-dev-fixtures: @@ -26,7 +26,7 @@ run-dev-fixtures-ee: extends: - .run-dev-fixtures - .dev-fixtures:rules:ee-only - - .use-pg9-ee + - .use-pg11-ee script: - scripts/gitaly-test-spawn - cp ee/db/fixtures/development/* $FIXTURE_PATH diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml index 946db0c4be..b8a66decbb 100644 --- a/.gitlab/ci/docs.gitlab-ci.yml +++ b/.gitlab/ci/docs.gitlab-ci.yml @@ -66,9 +66,9 @@ graphql-reference-verify: - .default-cache - .default-before_script - .docs:rules:graphql-reference-verify - - .use-pg9 + - .use-pg11 stage: test - needs: ["setup-test-env"] + needs: ["setup-test-env pg11"] script: - bundle exec rake gitlab:graphql:check_docs - bundle exec rake gitlab:graphql:check_schema diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 8685ccc543..2b22162b0c 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -2,6 +2,8 @@ cache: paths: - vendor/ruby/ + - public/assets/webpack/ + - assets-hash.txt - .yarn-cache/ - tmp/cache/assets/sprockets - tmp/cache/babel-loader @@ -13,10 +15,9 @@ - .default-retry - .default-before_script - .assets-compile-cache - image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-graphicsmagick-1.3.34-docker-19.03.1 + - .use-docker-in-docker + image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-graphicsmagick-1.3.34-docker-19.03.1 stage: prepare - services: - - docker:19.03.0-dind variables: NODE_ENV: "production" RAILS_ENV: "production" @@ -25,27 +26,30 @@ WEBPACK_REPORT: "true" # we override the max_old_space_size to prevent OOM errors NODE_OPTIONS: --max_old_space_size=3584 - DOCKER_DRIVER: overlay2 - DOCKER_HOST: tcp://docker:2375 cache: - key: "assets-compile:production:vendor_ruby:.yarn-cache:tmp_cache_assets_sprockets:tmp_cache_webpack:v9" + key: "assets-compile:production:v1" artifacts: name: webpack-report expire_in: 31d paths: - webpack-report/ - - public/assets/ + - assets-compile.log + # We consume these files in GitLab UI for integration tests: + # https://gitlab.com/gitlab-org/gitlab-ui/-/blob/e88493b3c855aea30bf60baee692a64606b0eb1e/.storybook/preview-head.pug#L1 + - public/assets/application-*.css + - public/assets/application-*.css.gz + when: always script: - node --version - retry yarn install --frozen-lockfile --production --cache-folder .yarn-cache --prefer-offline - free -m - - retry bundle exec rake gitlab:assets:compile + - time bin/rake gitlab:assets:compile > assets-compile.log 2>&1 + # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists + # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines + # https://gitlab.com/gitlab-org/gitlab/issues/208389 - time scripts/build_assets_image - scripts/clean-old-cached-assets - rm -f /etc/apt/sources.list.d/google*.list # We don't need to update Chrome here - tags: - - gitlab-org - - docker gitlab:assets:compile pull-push-cache: extends: @@ -71,7 +75,7 @@ gitlab:assets:compile pull-cache: - node --version - retry yarn install --frozen-lockfile --cache-folder .yarn-cache --prefer-offline - free -m - - retry bundle exec rake gitlab:assets:compile + - time bin/rake gitlab:assets:compile > assets-compile.log 2>&1 - scripts/clean-old-cached-assets variables: SETUP_DB: "false" @@ -79,12 +83,14 @@ gitlab:assets:compile pull-cache: NODE_OPTIONS: --max_old_space_size=3584 WEBPACK_VENDOR_DLL: "true" cache: - key: "assets-compile:v9" + key: "assets-compile:test:v1" artifacts: expire_in: 7d paths: - node_modules - public/assets + - assets-compile.log + when: always compile-assets pull-push-cache: extends: @@ -100,7 +106,7 @@ compile-assets pull-push-cache as-if-foss: - .as-if-foss cache: policy: pull-push - key: "assets-compile:v9:foss" + key: "assets-compile:test:as-if-foss:v1" compile-assets pull-cache: extends: @@ -116,20 +122,16 @@ compile-assets pull-cache as-if-foss: - .as-if-foss cache: policy: pull - key: "assets-compile:v9:foss" + key: "assets-compile:test:as-if-foss:v1" .frontend-fixtures-base: extends: - .default-retry - .default-cache - .default-before_script - - .use-pg9 + - .use-pg11 stage: fixtures - needs: - - job: "setup-test-env" - artifacts: true - - job: "compile-assets pull-cache" - artifacts: true + needs: ["setup-test-env pg11", "compile-assets pull-cache"] script: - date - scripts/gitaly-test-spawn @@ -152,7 +154,7 @@ frontend-fixtures: frontend-fixtures-as-if-foss: extends: - .frontend-fixtures-base - - .frontend:rules:default-frontend-jobs-as-if-foss + - .frontend:rules:default-frontend-jobs-no-foss - .as-if-foss .frontend-job-base: @@ -195,7 +197,7 @@ karma: karma-as-if-foss: extends: - .karma-base - - .frontend:rules:default-frontend-jobs-as-if-foss + - .frontend:rules:default-frontend-jobs-no-foss - .as-if-foss needs: ["frontend-fixtures-as-if-foss"] @@ -230,7 +232,7 @@ jest: jest-as-if-foss: extends: - .jest-base - - .frontend:rules:default-frontend-jobs-as-if-foss + - .frontend:rules:default-frontend-jobs-no-foss - .as-if-foss needs: ["frontend-fixtures-as-if-foss"] cache: @@ -239,7 +241,7 @@ jest-as-if-foss: coverage-frontend: extends: - .default-retry - - .frontend:rules:default-frontend-jobs + - .frontend:rules:default-frontend-jobs-no-foss needs: ["jest"] stage: post-test before_script: @@ -258,7 +260,6 @@ coverage-frontend: .qa-frontend-node: extends: - .default-retry - - .default-cache - .frontend:rules:qa-frontend-node stage: test dependencies: [] @@ -288,7 +289,7 @@ webpack-dev-server: - .default-cache - .frontend:rules:default-frontend-jobs stage: test - needs: ["setup-test-env", "compile-assets pull-cache"] + needs: ["setup-test-env pg11", "compile-assets pull-cache"] variables: WEBPACK_MEMORY_TEST: "true" WEBPACK_VENDOR_DLL: "true" diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index d5c89eacbb..66b7c47efc 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -21,7 +21,7 @@ # Jobs that only need to pull cache .default-cache: cache: - key: "debian-stretch-ruby-2.6.5-pg9.6-node-12.x" + key: "debian-stretch-ruby-2.6.5-pg11-node-12.x" paths: - .go/pkg/mod - vendor/ruby @@ -30,32 +30,40 @@ policy: pull .use-pg9: + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34" services: - name: postgres:9.6.17 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:alpine variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg9-node-12.x" .use-pg10: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34" services: - name: postgres:10.12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:alpine variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg10-node-12.x" .use-pg11: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34" services: - name: postgres:11.6 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] - name: redis:alpine variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg11-node-12.x" .use-pg9-ee: + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-9.6-graphicsmagick-1.3.34" services: - name: postgres:9.6.17 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -63,9 +71,11 @@ - name: elasticsearch:6.4.2 variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg9-node-12.x" .use-pg10-ee: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-10-graphicsmagick-1.3.34" services: - name: postgres:10.12 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -73,9 +83,11 @@ - name: elasticsearch:6.4.2 variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg10-node-12.x" .use-pg11-ee: - image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.12-git-2.24-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34" + image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.5-golang-1.14-git-2.26-lfs-2.9-chrome-73.0-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34" services: - name: postgres:11.6 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] @@ -83,7 +95,29 @@ - name: elasticsearch:6.4.2 variables: POSTGRES_HOST_AUTH_METHOD: trust + cache: + key: "debian-stretch-ruby-2.6.5-pg11-node-12.x" + +# Pin kaniko to v0.16.0 due to https://github.com/GoogleContainerTools/kaniko/issues/1162 +.use-kaniko: + image: + name: gcr.io/kaniko-project/executor:debug-v0.16.0 + entrypoint: [""] + before_script: + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json .as-if-foss: variables: FOSS_ONLY: '1' + +.use-docker-in-docker: + image: docker:${DOCKER_VERSION} + services: + - docker:${DOCKER_VERSION}-dind + variables: + DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + DOCKER_TLS_CERTDIR: "" + tags: + # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions + - gitlab-org-docker diff --git a/.gitlab/ci/memory.gitlab-ci.yml b/.gitlab/ci/memory.gitlab-ci.yml index b2267b03c5..af75ff257e 100644 --- a/.gitlab/ci/memory.gitlab-ci.yml +++ b/.gitlab/ci/memory.gitlab-ci.yml @@ -8,9 +8,7 @@ memory-static: extends: .only-code-memory-job-base stage: test - needs: - - job: setup-test-env - artifacts: true + needs: ["setup-test-env pg11"] variables: SETUP_DB: "false" script: @@ -38,13 +36,9 @@ memory-static: memory-on-boot: extends: - .only-code-memory-job-base - - .use-pg10 + - .use-pg11 stage: test - needs: - - job: setup-test-env - artifacts: true - - job: compile-assets pull-cache - artifacts: true + needs: ["setup-test-env pg11", "compile-assets pull-cache"] variables: NODE_ENV: "production" RAILS_ENV: "production" diff --git a/.gitlab/ci/pages.gitlab-ci.yml b/.gitlab/ci/pages.gitlab-ci.yml index 983f675d1d..38d79ddb09 100644 --- a/.gitlab/ci/pages.gitlab-ci.yml +++ b/.gitlab/ci/pages.gitlab-ci.yml @@ -1,7 +1,6 @@ pages: extends: - .default-retry - - .default-cache - .pages:rules stage: pages dependencies: ["rspec:coverage", "karma", "gitlab:assets:compile pull-cache"] diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index b0713c0944..8a8f66a464 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -55,5 +55,9 @@ package-and-qa: extends: - .package-and-qa-base - .qa:rules:package-and-qa - needs: ["build-qa-image", "gitlab:assets:compile pull-cache"] + needs: + - job: build-qa-image + artifacts: false + - job: gitlab:assets:compile pull-cache + artifacts: false allow_failure: true diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index f9074adeab..28ec96b838 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -1,9 +1,5 @@ .rails:needs:setup-and-assets: - needs: - - job: setup-test-env - artifacts: true - - job: compile-assets pull-cache - artifacts: true + needs: ["setup-test-env pg11", "compile-assets pull-cache"] .rails-job-base: extends: @@ -12,12 +8,10 @@ - .default-before_script #################### -# ee and foss jobs # -setup-test-env: +# EE and FOSS jobs # +.base-setup-test-env: extends: - .rails-job-base - - .rails:rules:default-refs-code-backstage-qa - - .use-pg9 stage: prepare script: - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init' @@ -31,6 +25,24 @@ setup-test-env: cache: policy: pull-push +setup-test-env pg11: + extends: + - .base-setup-test-env + - .rails:rules:default-refs-code-backstage-qa + - .use-pg11 + +setup-test-env pg10: + extends: + - .base-setup-test-env + - .rails:rules:master-refs-code-backstage + - .use-pg10 + +setup-test-env pg9: + extends: + - .base-setup-test-env + - .rails:rules:nightly-master-refs-code-backstage + - .use-pg9 + static-analysis: extends: - .rails-job-base @@ -43,7 +55,7 @@ static-analysis: script: - scripts/static-analysis cache: - key: "debian-stretch-ruby-2.6-pg9.6-rubocop" + key: "ruby-2.6.5-pg11-rubocop" paths: - vendor/ruby - tmp/rubocop_cache @@ -63,13 +75,7 @@ downtime_check: .rspec-base: extends: .rails-job-base stage: test - needs: - - job: setup-test-env - artifacts: true - - job: retrieve-tests-metadata - artifacts: true - - job: compile-assets pull-cache - artifacts: true + needs: ["setup-test-env pg11", "retrieve-tests-metadata", "compile-assets pull-cache"] script: - source scripts/rspec_helpers.sh - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration" @@ -87,48 +93,37 @@ downtime_check: reports: junit: junit_rspec.xml -.rspec-base-quarantine: - extends: - - .rspec-base - - .use-pg9 - variables: - RSPEC_OPTS: "--tag quarantine -- spec/" - script: - - source scripts/rspec_helpers.sh - - rspec_simple_job "${RSPEC_OPTS}" - allow_failure: true - -.rspec-base-pg9: +.rspec-base-pg11: extends: - .rspec-base - .rails:rules:ee-and-foss - - .use-pg9 + - .use-pg11 .rspec-base-migration: script: - source scripts/rspec_helpers.sh - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration" -rspec migration pg9: +rspec migration pg11: extends: - - .rspec-base-pg9 + - .rspec-base-pg11 - .rspec-base-migration parallel: 5 -rspec unit pg9: - extends: .rspec-base-pg9 +rspec unit pg11: + extends: .rspec-base-pg11 parallel: 20 -rspec integration pg9: - extends: .rspec-base-pg9 +rspec integration pg11: + extends: .rspec-base-pg11 parallel: 8 -rspec system pg9: - extends: .rspec-base-pg9 +rspec system pg11: + extends: .rspec-base-pg11 parallel: 24 rspec fast_spec_helper: - extends: .rspec-base-pg9 + extends: .rspec-base-pg11 script: - bin/rspec spec/fast_spec_helper.rb @@ -136,11 +131,9 @@ rspec fast_spec_helper: extends: - .rails-job-base - .rails:rules:ee-and-foss - - .use-pg9 + - .use-pg11 stage: test - needs: - - job: setup-test-env - artifacts: true + needs: ["setup-test-env pg11"] db:migrate:reset: extends: .db-job-base @@ -204,8 +197,25 @@ gitlab:setup: rspec:coverage: extends: - .rails-job-base - - .rails:rules:ee-and-foss + - .rails:rules:ee-only stage: post-test + # We cannot use needs since it would mean needing 84 jobs (since most are parallelized) + # so we use `dependencies` here. + dependencies: + - setup-test-env pg11 + - rspec migration pg11 + - rspec unit pg11 + - rspec integration pg11 + - rspec system pg11 + - rspec-ee migration pg11 + - rspec-ee unit pg11 + - rspec-ee integration pg11 + - rspec-ee system pg11 + - rspec-ee unit pg11 geo + - rspec-ee integration pg11 geo + - rspec-ee system pg11 geo + - memory-static + - memory-on-boot variables: SETUP_DB: "false" cache: @@ -221,27 +231,23 @@ rspec:coverage: - coverage/index.html - coverage/assets/ - tmp/memory_test/ -# ee and foss jobs # +# EE and FOSS jobs # #################### #################### # master-only jobs # -rspec quarantine pg9: - extends: - - .rspec-base-quarantine - - .rails:rules:master-refs-code-backstage - .rspec-base-pg10: extends: - .rspec-base - .rails:rules:master-refs-code-backstage - .use-pg10 + needs: ["setup-test-env pg10", "retrieve-tests-metadata", "compile-assets pull-cache"] rspec migration pg10: extends: - .rspec-base-pg10 - .rspec-base-migration - parallel: 2 + parallel: 5 rspec unit pg10: extends: .rspec-base-pg10 @@ -257,42 +263,42 @@ rspec system pg10: # master-only jobs # #################### -############################ -# nightly master-only jobs # -.rspec-base-pg11: +###################### +# nightly-only jobs # +.rspec-base-pg9: extends: - .rspec-base - .rails:rules:nightly-master-refs-code-backstage - - .use-pg11 + - .use-pg9 + needs: ["setup-test-env pg9", "retrieve-tests-metadata", "compile-assets pull-cache"] -rspec migration pg11: +rspec migration pg9: extends: - - .rspec-base-pg11 + - .rspec-base-pg9 - .rspec-base-migration - parallel: 2 + parallel: 5 -rspec unit pg11: - extends: .rspec-base-pg11 +rspec unit pg9: + extends: .rspec-base-pg9 parallel: 20 -rspec integration pg11: - extends: .rspec-base-pg11 +rspec integration pg9: + extends: .rspec-base-pg9 parallel: 8 -rspec system pg11: - extends: .rspec-base-pg11 +rspec system pg9: + extends: .rspec-base-pg9 parallel: 24 -# nightly master-only jobs # -############################ +# nightly-only jobs # +##################### -######################### -# ee + master-only jobs # -rspec-ee quarantine pg9: +####################### +# EE master-only jobs # +.rspec-ee-base-pg10: extends: - - .rspec-base-quarantine - - .rails:rules:master-refs-code-backstage-ee-only - variables: - RSPEC_OPTS: "--tag quarantine -- ee/spec/" + - .rspec-base-ee + - .use-pg10-ee + needs: ["setup-test-env pg10", "retrieve-tests-metadata", "compile-assets pull-cache"] rspec-ee migration pg10: extends: @@ -318,73 +324,62 @@ rspec-ee system pg10: - .rspec-ee-base-pg10 - .rails:rules:master-refs-code-backstage parallel: 6 -# ee + master-only jobs # -######################### +# EE master-only jobs # +####################### -################# -# ee-only jobs # +################ +# EE-only jobs # .rspec-base-ee: extends: - .rspec-base - .rails:rules:ee-only -.rspec-base-pg9-as-if-foss: +.rspec-base-pg11-as-if-foss: extends: - .rspec-base-ee - .as-if-foss - - .use-pg9 - needs: - - job: setup-test-env - artifacts: true - - job: retrieve-tests-metadata - artifacts: true - - job: compile-assets pull-cache as-if-foss - artifacts: true + - .use-pg11 + needs: ["setup-test-env pg11", "retrieve-tests-metadata", "compile-assets pull-cache as-if-foss"] -.rspec-ee-base-pg9: +.rspec-ee-base-pg11: extends: - .rspec-base-ee - - .use-pg9-ee + - .use-pg11-ee -.rspec-ee-base-pg10: +rspec migration pg11-as-if-foss: extends: - - .rspec-base-ee - - .use-pg10-ee - -rspec migration pg9-as-if-foss: - extends: - - .rspec-base-pg9-as-if-foss + - .rspec-base-pg11-as-if-foss - .rspec-base-migration parallel: 5 -rspec unit pg9-as-if-foss: - extends: .rspec-base-pg9-as-if-foss +rspec unit pg11-as-if-foss: + extends: .rspec-base-pg11-as-if-foss parallel: 20 -rspec integration pg9-as-if-foss: - extends: .rspec-base-pg9-as-if-foss +rspec integration pg11-as-if-foss: + extends: .rspec-base-pg11-as-if-foss parallel: 8 -rspec system pg9-as-if-foss: - extends: .rspec-base-pg9-as-if-foss +rspec system pg11-as-if-foss: + extends: .rspec-base-pg11-as-if-foss parallel: 24 -rspec-ee migration pg9: +rspec-ee migration pg11: extends: - - .rspec-ee-base-pg9 + - .rspec-ee-base-pg11 - .rspec-base-migration parallel: 2 -rspec-ee unit pg9: - extends: .rspec-ee-base-pg9 +rspec-ee unit pg11: + extends: .rspec-ee-base-pg11 parallel: 10 -rspec-ee integration pg9: - extends: .rspec-ee-base-pg9 +rspec-ee integration pg11: + extends: .rspec-ee-base-pg11 parallel: 4 -rspec-ee system pg9: - extends: .rspec-ee-base-pg9 +rspec-ee system pg11: + extends: .rspec-ee-base-pg11 parallel: 6 .rspec-ee-base-geo: @@ -394,15 +389,39 @@ rspec-ee system pg9: - scripts/prepare_postgres_fdw.sh - rspec_paralellized_job "--tag ~quarantine --tag geo" +.rspec-ee-base-geo-pg11: + extends: + - .rspec-ee-base-geo + - .use-pg11-ee + +rspec-ee unit pg11 geo: + extends: .rspec-ee-base-geo-pg11 + parallel: 2 + +rspec-ee integration pg11 geo: + extends: .rspec-ee-base-geo-pg11 + +rspec-ee system pg11 geo: + extends: .rspec-ee-base-geo-pg11 + +db:rollback geo: + extends: + - db:rollback + - .rails:rules:ee-only + script: + - bundle exec rake geo:db:migrate VERSION=20170627195211 + - bundle exec rake geo:db:migrate +# EE-only jobs # +################ + +######################## +# EE nightly-only jobs # .rspec-ee-base-geo-pg9: extends: - .rspec-ee-base-geo - .use-pg9-ee - -.rspec-ee-base-geo-pg10: - extends: - - .rspec-ee-base-geo - - .use-pg10-ee + - .rails:rules:nightly-master-refs-code-backstage-ee-only + needs: ["setup-test-env pg9", "retrieve-tests-metadata", "compile-assets pull-cache"] rspec-ee unit pg9 geo: extends: .rspec-ee-base-geo-pg9 @@ -413,23 +432,5 @@ rspec-ee integration pg9 geo: rspec-ee system pg9 geo: extends: .rspec-ee-base-geo-pg9 - -rspec-ee unit pg10 geo: - extends: .rspec-ee-base-geo-pg10 - parallel: 2 - -rspec-ee integration pg10 geo: - extends: .rspec-ee-base-geo-pg10 - -rspec-ee system pg10 geo: - extends: .rspec-ee-base-geo-pg10 - -db:rollback geo: - extends: - - db:rollback - - .rails:rules:ee-only - script: - - bundle exec rake geo:db:migrate VERSION=20170627195211 - - bundle exec rake geo:db:migrate -# ee-only jobs # -################ +# EE nightly-only jobs # +######################## diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index f381c423f5..61915aa798 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -11,15 +11,14 @@ code_quality: extends: - .default-retry - .reports:rules:code_quality + - .use-docker-in-docker stage: test needs: [] - image: docker:stable allow_failure: true - services: - - docker:stable-dind variables: - DOCKER_DRIVER: overlay2 - DOCKER_TLS_CERTDIR: "" + # emptying DOCKER_HOST so it can be detected properly on kubernetes executor + # with the script below + DOCKER_HOST: "" CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.9" script: - | @@ -44,43 +43,59 @@ code_quality: # We need to duplicate this job's definition because it seems it's impossible to # override an included `only.refs`. # See https://gitlab.com/gitlab-org/gitlab/issues/31371. -# Once https://gitlab.com/gitlab-org/gitlab/merge_requests/16487 will be deployed -# to GitLab.com, we should be able to use the template and set SAST_DISABLE_DIND: "true". -sast: +.sast: extends: - .default-retry - .reports:rules:sast + - .use-docker-in-docker stage: test - allow_failure: true + # `needs: []` starts the job immediately in the pipeline + # https://docs.gitlab.com/ee/ci/yaml/README.html#needs needs: [] + allow_failure: true artifacts: paths: - gl-sast-report.json # GitLab-specific reports: sast: gl-sast-report.json expire_in: 1 week # GitLab-specific - image: docker:stable variables: + # emptying DOCKER_HOST so it can be detected properly on kubernetes executor + # with the script below + DOCKER_HOST: "" DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" + SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" + SAST_ANALYZER_IMAGE_TAG: 2 SAST_BRAKEMAN_LEVEL: 2 # GitLab-specific SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec # GitLab-specific - services: - - docker:stable-dind script: - - export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} - - | - if ! docker info &>/dev/null; then - if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then - export DOCKER_HOST='tcp://localhost:2375' - fi - fi - - | - ENVS=`printenv | grep -vE '^(DOCKER_|CI|GITLAB_|FF_|HOME|PWD|OLDPWD|PATH|SHLVL|HOSTNAME)' | sed -n '/^[^\t]/s/=.*//p' | sed '/^$/d' | sed 's/^/-e /g' | tr '\n' ' '` - docker run "$ENVS" \ - --volume "$PWD:/code" \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code + - /analyzer run + +brakeman-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG" + +eslint-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG" + +kubesec-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" + +nodejs-scan-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" + +secrets-sast: + extends: .sast + image: + name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets:$SAST_ANALYZER_IMAGE_TAG" # We need to duplicate this job's definition because it seems it's impossible to # override an included `only.refs`. @@ -89,16 +104,15 @@ dependency_scanning: extends: - .default-retry - .reports:rules:dependency_scanning + - .use-docker-in-docker stage: test needs: [] - image: docker:stable variables: - DOCKER_DRIVER: overlay2 - DOCKER_TLS_CERTDIR: "" + # emptying DOCKER_HOST so it can be detected properly on kubernetes executor + # with the script below + DOCKER_HOST: "" DS_EXCLUDED_PATHS: "qa/qa/ee/fixtures/secure_premade_reports,spec,ee/spec" # GitLab-specific allow_failure: true - services: - - docker:stable-dind script: - export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} - | @@ -157,9 +171,9 @@ dast: extends: - .default-retry - .reports:rules:dast - needs: - - job: review-deploy - artifacts: true + # This is needed so that manual jobs with needs don't block the pipeline. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. + dependencies: ["review-deploy"] stage: qa # GitLab-specific image: name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml index 14b1561ec1..06710b3b9d 100644 --- a/.gitlab/ci/review.gitlab-ci.yml +++ b/.gitlab/ci/review.gitlab-ci.yml @@ -1,37 +1,27 @@ .review-docker: extends: - .default-retry + - .use-docker-in-docker image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-qa-alpine-ruby-2.6 - services: - - docker:19.03.0-dind - tags: - - gitlab-org - - docker variables: - DOCKER_DRIVER: overlay2 - DOCKER_HOST: tcp://docker:2375 GITLAB_EDITION: "ce" build-qa-image: extends: - - .review-docker - - .review:rules:mr-and-schedule + - .use-kaniko + - .default-retry + - .review:rules:mr-and-schedule-auto stage: prepare script: - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - - export QA_MASTER_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:master" - - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" - - echo "${CI_JOB_TOKEN}" | docker login --username gitlab-ci-token --password-stdin ${CI_REGISTRY} - - time docker pull "${QA_MASTER_IMAGE}" - - time docker build --cache-from "${QA_MASTER_IMAGE}" --tag ${QA_IMAGE} --file ./qa/Dockerfile ./ - - time docker push ${QA_IMAGE} + - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" + - /kaniko/executor --context=${CI_PROJECT_DIR} --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile --destination=${QA_IMAGE} --cache=true -review-cleanup: +.review-cleanup-base: extends: - .default-retry - .review:rules:review-cleanup stage: prepare - image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base allow_failure: true environment: name: review/auto-cleanup @@ -42,10 +32,39 @@ review-cleanup: script: - ruby -rrubygems scripts/review_apps/automated_cleanup.rb +review-cleanup: + extends: + - .review-cleanup-base + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base + +review-cleanup-helm3: + extends: + - .review-cleanup-base + variables: + HELM_3: 1 + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14 + +review-gcp-cleanup: + extends: + - .review:rules:review-gcp-cleanup + stage: prepare + image: gcr.io/google.com/cloudsdktool/cloud-sdk:latest + allow_failure: true + environment: + name: review/auto-gcp-cleanup + action: stop + before_script: + - gcloud auth activate-service-account --key-file=$REVIEW_APPS_GCP_CREDENTIALS + - gcloud config set project $REVIEW_APPS_GCP_PROJECT + - apt-get install -y jq + - source scripts/review_apps/gcp_cleanup.sh + script: + - gcp_cleanup + review-build-cng: extends: - .default-retry - - .review:rules:mr-and-schedule + - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise image: ruby:2.6-alpine stage: review-prepare before_script: @@ -57,15 +76,18 @@ review-build-cng: artifacts: false script: - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng + # When the job is manual, review-deploy is also manual and we don't want people + # to have to manually start the jobs in sequence, so we do it for them. + - '[ -z $CI_JOB_MANUAL ] || play_job "review-deploy"' .review-workflow-base: extends: - .default-retry - image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base + image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14 variables: HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}" DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}" - GITLAB_HELM_CHART_REF: "v2.6.8" + GITLAB_HELM_CHART_REF: "v3.2.2" GITLAB_EDITION: "ce" environment: name: review/${CI_COMMIT_REF_NAME} @@ -76,11 +98,9 @@ review-build-cng: review-deploy: extends: - .review-workflow-base - - .review:rules:mr-and-schedule + - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise stage: review - needs: - - job: review-build-cng - artifacts: false + dependencies: [] resource_group: "review/${CI_COMMIT_REF_NAME}" allow_failure: true before_script: @@ -95,11 +115,14 @@ review-deploy: script: - check_kube_domain - ensure_namespace - - install_tiller - install_external_dns - download_chart - date - deploy || (display_deployment_debug && exit 1) + # When the job is manual, review-qa-smoke is also manual and we don't want people + # to have to manually start the jobs in sequence, so we do it for them. + - '[ -z $CI_JOB_MANUAL ] || play_job "review-qa-smoke"' + - '[ -z $CI_JOB_MANUAL ] || play_job "review-performance"' artifacts: paths: [environment_url.txt] expire_in: 2 days @@ -127,6 +150,7 @@ review-stop-failed-deployment: stage: prepare script: - delete_failed_release + - delete_helm2_release review-stop: extends: @@ -140,9 +164,9 @@ review-stop: .review-qa-base: extends: .review-docker stage: qa - needs: - - job: review-deploy - artifacts: true + # This is needed so that manual jobs with needs don't block the pipeline. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. + dependencies: ["review-deploy"] allow_failure: true variables: QA_ARTIFACTS_DIR: "${CI_PROJECT_DIR}/qa" @@ -156,7 +180,7 @@ review-stop: EE_LICENSE: "${REVIEW_APPS_EE_LICENSE}" before_script: - '[[ ! -d "ee/" ]] || export GITLAB_EDITION="ee"' - - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" + - export QA_IMAGE="${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-${GITLAB_EDITION}-qa:${CI_COMMIT_REF_SLUG}" - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" - echo "${CI_ENVIRONMENT_URL}" - echo "${QA_IMAGE}" @@ -172,7 +196,7 @@ review-stop: review-qa-smoke: extends: - .review-qa-base - - .review:rules:mr-only-auto + - .review:rules:mr-only-auto-if-frontend-manual-otherwise script: - gitlab-qa Test::Instance::Smoke "${QA_IMAGE}" "${CI_ENVIRONMENT_URL}" @@ -188,12 +212,15 @@ review-qa-all: review-performance: extends: - - .review-docker - - .review:rules:mr-and-schedule + - .default-retry + - .review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise + image: + name: sitespeedio/sitespeed.io:6.3.1 + entrypoint: [""] stage: qa - needs: - - job: review-deploy - artifacts: true + # This is needed so that manual jobs with needs don't block the pipeline. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979. + dependencies: ["review-deploy"] allow_failure: true before_script: - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)" @@ -202,7 +229,7 @@ review-performance: - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js - mkdir -p sitespeed-results script: - - docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}" + - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}" after_script: - mv sitespeed-results/data/performance.json performance.json artifacts: diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 3ef28e02e9..79ae782385 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -16,6 +16,9 @@ .if-master-refs: &if-master-refs if: '$CI_COMMIT_REF_NAME == "master"' +.if-auto-deploy-branches: &if-auto-deploy-branches + if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/' + .if-master-or-tag: &if-master-or-tag if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_TAG' @@ -57,6 +60,17 @@ - "doc/**/*" - ".markdownlint.json" +.frontend-dependency-patterns: &frontend-dependency-patterns + - "{package.json,yarn.lock}" + +.frontend-patterns: &frontend-patterns + - "{package.json,yarn.lock}" + - "{babel.config,jest.config}.js" + - ".csscomb.json" + - "Dockerfile.assets" + - "vendor/assets/**/*" + - "{,ee/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" + .backstage-patterns: &backstage-patterns - "Dangerfile" - "danger/**/*" @@ -66,39 +80,38 @@ - "doc/README.md" # Some RSpec test rely on this file .code-patterns: &code-patterns + - "{package.json,yarn.lock}" + - "{babel.config,jest.config}.js" + - ".csscomb.json" + - "Dockerfile.assets" + - "vendor/assets/**/*" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - - ".csscomb.json" - - "Dockerfile.assets" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - - "{babel.config,jest.config}.js" - "config.ru" - - "{package.json,yarn.lock}" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated -.frontend-dependency-patterns: &frontend-dependency-patterns - - "{package.json,yarn.lock}" - .qa-patterns: &qa-patterns - ".dockerignore" - "qa/**/*" .code-backstage-patterns: &code-backstage-patterns + - "{package.json,yarn.lock}" + - "{babel.config,jest.config}.js" + - ".csscomb.json" + - "Dockerfile.assets" + - "vendor/assets/**/*" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - - ".csscomb.json" - - "Dockerfile.assets" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - - "{babel.config,jest.config}.js" - "config.ru" - - "{package.json,yarn.lock}" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # Backstage changes @@ -110,17 +123,18 @@ - "doc/README.md" # Some RSpec test rely on this file .code-qa-patterns: &code-qa-patterns + - "{package.json,yarn.lock}" + - "{babel.config,jest.config}.js" + - ".csscomb.json" + - "Dockerfile.assets" + - "vendor/assets/**/*" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - - ".csscomb.json" - - "Dockerfile.assets" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - - "{babel.config,jest.config}.js" - "config.ru" - - "{package.json,yarn.lock}" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # QA changes @@ -128,17 +142,18 @@ - "qa/**/*" .code-backstage-qa-patterns: &code-backstage-qa-patterns + - "{package.json,yarn.lock}" + - "{babel.config,jest.config}.js" + - ".csscomb.json" + - "Dockerfile.assets" + - "vendor/assets/**/*" - ".gitlab/ci/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,scss-lint}.yml" - - ".csscomb.json" - - "Dockerfile.assets" - "*_VERSION" - "Gemfile{,.lock}" - "Rakefile" - - "{babel.config,jest.config}.js" - "config.ru" - - "{package.json,yarn.lock}" - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*" - "doc/api/graphql/reference/*" # Files in this folder are auto-generated # Backstage changes @@ -261,7 +276,7 @@ changes: *code-backstage-patterns when: on_success -.frontend:rules:default-frontend-jobs-as-if-foss: +.frontend:rules:default-frontend-jobs-no-foss: rules: - <<: *if-not-ee when: never @@ -272,6 +287,7 @@ .frontend:rules:qa-frontend-node: rules: - <<: *if-master-refs + changes: *frontend-dependency-patterns when: on_success - <<: *if-merge-request changes: *frontend-dependency-patterns @@ -291,6 +307,8 @@ ############### .pages:rules: rules: + - <<: *if-not-ee + when: never - <<: *if-dot-com-gitlab-org-master changes: *code-backstage-qa-patterns when: on_success @@ -343,20 +361,23 @@ - <<: *if-master-refs changes: *code-backstage-patterns when: on_success - -.rails:rules:master-refs-code-backstage-ee-only: - rules: - - <<: *if-not-ee - when: never - - <<: *if-master-refs - changes: *code-backstage-patterns - when: on_success + - changes: [".gitlab/ci/rails.gitlab-ci.yml"] .rails:rules:nightly-master-refs-code-backstage: rules: - <<: *if-nightly-master-schedule changes: *code-backstage-patterns when: on_success + - changes: [".gitlab/ci/rails.gitlab-ci.yml"] + +.rails:rules:nightly-master-refs-code-backstage-ee-only: + rules: + - <<: *if-not-ee + when: never + - <<: *if-nightly-master-schedule + changes: *code-backstage-patterns + when: on_success + - changes: [".gitlab/ci/rails.gitlab-ci.yml"] .rails:rules:ee-only: rules: @@ -414,8 +435,12 @@ rules: - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/' when: never + - <<: *if-dot-com-gitlab-org-merge-request + changes: *frontend-patterns + when: on_success - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns + when: manual .reports:schedule-dast: rules: @@ -426,7 +451,7 @@ ################ # Review rules # ################ -.review:rules:mr-and-schedule: +.review:rules:mr-and-schedule-auto: rules: - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns @@ -434,12 +459,33 @@ - <<: *if-dot-com-gitlab-org-schedule when: on_success +.review:rules:mr-and-schedule-auto-if-frontend-manual-otherwise: + rules: + - <<: *if-dot-com-gitlab-org-merge-request + changes: *frontend-patterns + when: on_success + - <<: *if-dot-com-gitlab-org-merge-request + changes: *code-qa-patterns + when: manual + allow_failure: true + - <<: *if-dot-com-gitlab-org-schedule + when: on_success + .review:rules:mr-only-auto: rules: - <<: *if-dot-com-gitlab-org-merge-request changes: *code-qa-patterns when: on_success +.review:rules:mr-only-auto-if-frontend-manual-otherwise: + rules: + - <<: *if-dot-com-gitlab-org-merge-request + changes: *frontend-patterns + when: on_success + - <<: *if-dot-com-gitlab-org-merge-request + changes: *code-qa-patterns + when: manual + .review:rules:mr-only-manual: rules: - <<: *if-dot-com-gitlab-org-merge-request @@ -454,6 +500,14 @@ - <<: *if-dot-com-gitlab-org-schedule when: on_success +.review:rules:review-gcp-cleanup: + rules: + - <<: *if-dot-com-gitlab-org-merge-request + changes: *code-qa-patterns + when: manual + - <<: *if-dot-com-gitlab-org-schedule + when: on_success + .review:rules:danger: rules: - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID' @@ -470,6 +524,14 @@ changes: *code-backstage-qa-patterns when: on_success +.setup:rules:dont-interrupt-me: + rules: + - <<: *if-master-or-tag + when: on_success + - <<: *if-auto-deploy-branches + when: on_success + - when: manual + .setup:rules:gitlab_git_test: rules: - <<: *if-default-refs diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index b1918961f3..e79f3939bc 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -7,9 +7,7 @@ cache gems: - .default-before_script - .setup:rules:cache-gems stage: test - needs: - - job: setup-test-env - artifacts: true + needs: ["setup-test-env pg11"] variables: SETUP_DB: "false" script: @@ -23,6 +21,17 @@ cache gems: - .default-retry needs: [] +dont-interrupt-me: + extends: .setup:rules:dont-interrupt-me + stage: sync + image: alpine:edge + interruptible: false + allow_failure: true + variables: + GIT_STRATEGY: none + script: + - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible." + gitlab_git_test: extends: - .minimal-job diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md index 0d9990657e..037f83c93d 100644 --- a/.gitlab/issue_templates/Bug.md +++ b/.gitlab/issue_templates/Bug.md @@ -45,6 +45,7 @@ logs, and code as it's tough to read otherwise.)
Expand for output related to GitLab environment info + 
 
 (For installations with omnibus-gitlab package run and paste the output of:
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index e0de8fab4a..7cb8871f5b 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md	
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md	
@@ -37,7 +37,7 @@ If applicable, any groups/projects that are happy to have this feature turned on
 - [ ] Coordinate a time to enable the flag with `#production` and `#g_delivery` on slack.
 - [ ] Announce on the issue an estimated time this will be enabled on GitLab.com
 - [ ] Enable on GitLab.com by running chatops command in `#production`
-- [ ] Cross post chatops slack command to `#support_gitlab-com` and in your team channel
+- [ ] Cross post chatops slack command to `#support_gitlab-com` ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#where-to-run-commands)) and in your team channel
 - [ ] Announce on the issue that the flag has been enabled
 - [ ] Remove feature flag and add changelog entry
 - [ ] After the flag removal is deployed, [clean up the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) by running chatops command in `#production` channel
diff --git a/.gitlab/issue_templates/Feature proposal.md b/.gitlab/issue_templates/Feature proposal.md
index 2bbef723b2..4b98b4e7ac 100644
--- a/.gitlab/issue_templates/Feature proposal.md	
+++ b/.gitlab/issue_templates/Feature proposal.md	
@@ -1,11 +1,15 @@
+
+
 ### Problem to solve
 
-
+
 
 ### Intended users
 
 
+* [Allison (Application Ops)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#allison-application-ops) -->
 
 ### Further details
 
-
+
 
 ### Proposal
 
@@ -35,14 +37,15 @@ Personas are described at https://about.gitlab.com/handbook/marketing/product-ma
 ### Documentation
 
 
+
+* Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
+* If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
 
 ### Availability & Testing
 
 
+
 
 ### Is this a cross-stage feature?
 
diff --git a/.gitlab/issue_templates/Migrations.md b/.gitlab/issue_templates/Migrations.md
new file mode 100644
index 0000000000..38fc7a31b2
--- /dev/null
+++ b/.gitlab/issue_templates/Migrations.md
@@ -0,0 +1,67 @@
+# Project Name | Migration Tracker
+
+
+## Background
+
+
+
+### Goals
+
+
+
+## Quick Facts
+
+
+
+ * **Timeline.** - 
+ * **Product.** - GitLab Gold/Ultimate or Commnunity Edition
+ * **Project's License.** What kind of OSI-approved license does your project use? 
+
+## Current Tooling and Replacements
+
+
+
+| Tool | Feature | GitLab feature | GitLab edition |
+| --- | --- | --- | --- |
+|  |  |  |  |
+
+## Collaborators
+
+
+
+## Related Issues
+
+
+
+### Blockers
+ * [ ] ADD_LINK_TO_ISSUE_HERE
+
+### Urgent
+ * [ ] 
+
+### Important but not urgent
+ * [ ] 
+
+### Nice to have
+ * [ ] 
+
+ 
+------
+
+/label ~"Open Source" ~movingtogitlab
+/cc @nuritzi 
\ No newline at end of file
diff --git a/.gitlab/issue_templates/Productivity Improvement.md b/.gitlab/issue_templates/Productivity Improvement.md
index 89505cd85b..79e1461392 100644
--- a/.gitlab/issue_templates/Productivity Improvement.md	
+++ b/.gitlab/issue_templates/Productivity Improvement.md	
@@ -25,13 +25,6 @@ Please provide pros/cons and a weight estimate for each solution.
 - [ ] All potential solutions are listed.
 - [ ] A solution has been chosen for the first iteration: `PUT THE CHOSEN SOLUTION HERE`
 
-## Who and when will the solution be implemented?
-
-
-
 ## Verify that the solution has improved the situation
 
 
 
 ### Possible fixes
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index 56be0453b3..2c80360d32 100644
--- a/.gitlab/issue_templates/Security developer workflow.md	
+++ b/.gitlab/issue_templates/Security developer workflow.md	
@@ -21,7 +21,7 @@ Set the title to: `Description of the original issue`
 - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
 - [ ] Follow the same [code review process]: Assign to a reviewer, then to a maintainer.
 
-After your merge request has being approved according to our [approval guidelines], you're ready to prepare the backports
+After your merge request has been approved according to our [approval guidelines], you're ready to prepare the backports
 
 ## Backports
 
diff --git a/.gitlab/issue_templates/Solution_validation b/.gitlab/issue_templates/Solution_validation
new file mode 100644
index 0000000000..27f97d8dd1
--- /dev/null
+++ b/.gitlab/issue_templates/Solution_validation
@@ -0,0 +1,32 @@
+
+
+#### What's this issue all about? (Background and context)
+
+#### What hypotheses and/or assumptions do you have?
+
+#### What questions are you trying to answer?
+
+#### What research methodology do you intend to use?
+
+
+
+#### What persona, persona segment, or customer type experiences the problem most acutely?
+
+#### What business decisions will be made based on this information?
+
+#### What, if any, relevant prior research already exists?
+
+
+
+#### Who will be leading the research?
+
+#### What timescales do you have in mind for the research?
+
+#### Relevant links (problem validation issue, design issue, script, prototype, notes, etc.)
+
+
+
+/label ~"workflow::solution validation"
\ No newline at end of file
diff --git a/.gitlab/merge_request_templates/New static analysis check.md b/.gitlab/merge_request_templates/New static analysis check.md
index b89b6f7dbc..8bbb3effb1 100644
--- a/.gitlab/merge_request_templates/New static analysis check.md	
+++ b/.gitlab/merge_request_templates/New static analysis check.md	
@@ -8,7 +8,6 @@ Please describe the proposal and add a link to the source (for example, http://w
 
 - [ ] Make sure this MR enables a static analysis check rule for new usage but
   ignores current offenses
-- [ ] Create a follow-up issue to fix the current offenses as a separate iteration: ISSUE_LINK
 - [ ] Mention this proposal in the relevant Slack channels (e.g. `#development`, `#backend`, `#frontend`)
 - [ ] If there is a choice to make between two potential styles, set up an emoji vote in the MR:
   - CHOICE_A: :a:
@@ -17,6 +16,7 @@ Please describe the proposal and add a link to the source (for example, http://w
 - [ ] The MR doesn't have significant objections, and is getting a majority of :+1: vs :-1: (remember that [we don't need to reach a consensus](https://about.gitlab.com/handbook/values/#collaboration-is-not-consensus))
 - [ ] (If applicable) One style is getting a majority of vote (compared to the other choice)
 - [ ] (If applicable) Update the MR with the chosen style
+- [ ] Create a follow-up issue to fix the current offenses as a separate iteration: ISSUE_LINK
 - [ ] Follow the [review process](https://docs.gitlab.com/ee/development/code_review.html) as usual
 - [ ] Once approved and merged by a maintainer, mention it again:
   - [ ] In the relevant Slack channels (e.g. `#development`, `#backend`, `#frontend`)
diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md
index 24fe44200d..af3839a96a 100644
--- a/.gitlab/merge_request_templates/Security Release.md	
+++ b/.gitlab/merge_request_templates/Security Release.md	
@@ -27,7 +27,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 
 ## Maintainer checklist
 - [ ] Correct milestone is applied and the title is matching across all backports
-- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines
+- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines and **when all backports including the MR targeting master are ready.**
 
 /label ~security
 
diff --git a/.haml-lint_todo.yml b/.haml-lint_todo.yml
index dd94d0b494..1417f37f76 100644
--- a/.haml-lint_todo.yml
+++ b/.haml-lint_todo.yml
@@ -409,7 +409,6 @@ linters:
       - 'ee/app/views/projects/push_rules/_index.html.haml'
       - 'ee/app/views/projects/services/gitlab_slack_application/_help.html.haml'
       - 'ee/app/views/projects/services/gitlab_slack_application/_slack_integration_form.html.haml'
-      - 'ee/app/views/projects/services/prometheus/_metrics.html.haml'
       - 'ee/app/views/projects/settings/slacks/edit.html.haml'
       - 'ee/app/views/shared/_additional_email_text.html.haml'
       - 'ee/app/views/shared/_mirror_update_button.html.haml'
diff --git a/.markdownlint.json b/.markdownlint.json
index 4e2f74c610..ce319756c5 100644
--- a/.markdownlint.json
+++ b/.markdownlint.json
@@ -22,7 +22,6 @@
     "style": "---"
   },
   "no-emphasis-as-heading": false,
-  "fenced-code-language": false,
   "first-line-h1": false,
   "code-block-style": {
     "style": "fenced"
@@ -43,6 +42,7 @@
       "CentOS",
       "Consul",
       "Debian",
+      "DevOps",
       "Elasticsearch",
       "Facebook",
       "Git LFS",
@@ -84,7 +84,9 @@
       "markdownlint",
       "Mattermost",
       "Microsoft",
+      "Minikube",
       "MinIO",
+      "ModSecurity",
       "NGINX Ingress",
       "NGINX",
       "OAuth",
@@ -98,9 +100,11 @@
       "Prometheus",
       "Puma",
       "Python",
+      "Rake",
       "Redis",
       "Redmine",
       "reCAPTCHA",
+      "Ruby",
       "runit",
       "Salesforce",
       "SAML",
@@ -123,6 +127,5 @@
       "YouTrack"
     ],
     "code_blocks": false
-  },
-  "code-fence-style": false
+  }
 }
diff --git a/.overcommit.yml.example b/.overcommit.yml.example
index b957a8bbd2..2cca4c0b48 100644
--- a/.overcommit.yml.example
+++ b/.overcommit.yml.example
@@ -15,8 +15,8 @@
 #
 # Uncomment the following lines to make the configuration take effect.
 
-# Make sure to run `cd tooling/overcommit && make && cd -`
-gemfile: 'tooling/overcommit/gems.rb'
+# Make sure to run `make -C tooling/overcommit`
+gemfile: 'tooling/overcommit/Gemfile'
 
 PostCheckout:
   BundleInstall:
@@ -28,7 +28,9 @@ PreCommit:
   EsLint:
     enabled: true
     # https://github.com/sds/overcommit/issues/338
-    command: './node_modules/eslint/bin/eslint.js'
+    required_executable: 'yarn'
+    command: ['yarn', 'eslint']
+    flags: []
   HamlLint:
     enabled: true
   MergeConflicts:
diff --git a/.rubocop.yml b/.rubocop.yml
index ebc27c4cc9..c98d027cee 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -7,6 +7,10 @@ require:
   - ./rubocop/rubocop
   - rubocop-rspec
 
+inherit_mode:
+  merge:
+    - Include
+
 AllCops:
   TargetRubyVersion: 2.6
   TargetRailsVersion: 5.0
@@ -21,8 +25,15 @@ AllCops:
     - 'generator_templates/**/*'
     - 'builds/**/*'
     - 'plugins/**/*'
+    - 'file_hooks/**/*'
   CacheRootDirectory: tmp
 
+Cop/StaticTranslationDefinition:
+  Enabled: true
+  Exclude:
+    - 'spec/**/*'
+    - 'ee/spec/**/*'
+
 # This cop checks whether some constant value isn't a
 # mutable literal (e.g. array or hash).
 Style/MutableConstant:
@@ -161,6 +172,14 @@ Rails/ApplicationRecord:
     - ee/db/**/*.rb
     - ee/spec/**/*.rb
 
+Rails/FindBy:
+  Enabled: true
+  Include:
+    - 'ee/app/**/*.rb'
+    - 'ee/lib/**/*.rb'
+    - 'spec/**/*.rb'
+    - 'ee/spec/**/*.rb'
+
 # GitLab ###################################################################
 
 Gitlab/ModuleWithInstanceVariables:
@@ -200,6 +219,14 @@ GitlabSecurity/PublicSend:
     - 'ee/lib/**/*.rake'
     - 'ee/spec/**/*'
 
+Gitlab/DuplicateSpecLocation:
+  Exclude:
+    - ee/spec/helpers/auth_helper_spec.rb
+    - ee/spec/lib/gitlab/gl_repository_spec.rb
+    - ee/spec/services/merge_requests/refresh_service_spec.rb
+    - ee/spec/helpers/ee/auth_helper_spec.rb
+    - ee/spec/services/ee/merge_requests/refresh_service_spec.rb
+
 Cop/InjectEnterpriseEditionModule:
   Enabled: true
   Exclude:
@@ -299,7 +326,10 @@ RSpec/ImplicitSubject:
   Enabled: false
 
 RSpec/LeakyConstantDeclaration:
-  Enabled: false
+  Enabled: true
+  Exclude:
+    - 'spec/**/*.rb'
+    - 'qa/spec/**/*.rb'
 
 RSpec/EmptyLineAfterHook:
   Enabled: false
@@ -347,3 +377,13 @@ Style/FloatDivision:
 
 Cop/BanCatchThrow:
   Enabled: true
+
+Performance/ReadlinesEach:
+  Enabled: true
+
+Performance/ChainArrayAllocation:
+  Enabled: true
+  Include:
+    - 'lib/gitlab/import_export/**/*'
+    - 'ee/lib/gitlab/import_export/**/*'
+    - 'ee/lib/ee/gitlab/import_export/**/*'
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index f6aa0e7700..66a025a8fe 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -251,10 +251,6 @@ RSpec/LetBeforeExamples:
 RSpec/PredicateMatcher:
   Enabled: false
 
-# Offense count: 69
-RSpec/RepeatedExample:
-  Enabled: false
-
 # Offense count: 584
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
@@ -273,14 +269,6 @@ RSpec/ScatteredSetup:
     - 'spec/requests/api/jobs_spec.rb'
     - 'spec/services/projects/create_service_spec.rb'
 
-# Offense count: 4
-RSpec/VoidExpect:
-  Exclude:
-    - 'spec/features/projects/services/user_activates_mattermost_slash_command_spec.rb'
-    - 'spec/models/ci/group_spec.rb'
-    - 'spec/models/ci/runner_spec.rb'
-    - 'spec/services/users/destroy_service_spec.rb'
-
 # Offense count: 10
 # Cop supports --auto-correct.
 Rails/ApplicationController:
@@ -491,13 +479,6 @@ Style/MultilineIfModifier:
     - 'app/services/ci/process_pipeline_service.rb'
     - 'lib/api/commit_statuses.rb'
 
-# Offense count: 34
-# Cop supports --auto-correct.
-# Configuration parameters: Whitelist.
-# Whitelist: be, be_a, be_an, be_between, be_falsey, be_kind_of, be_instance_of, be_truthy, be_within, eq, eql, end_with, include, match, raise_error, respond_to, start_with
-Style/NestedParenthesizedCalls:
-  Enabled: false
-
 # Offense count: 25
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, MinBodyLength.
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md
index c570a5d2fd..20d3075f78 100644
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -1,5 +1,25 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+## 12.9.4 (2020-04-16)
+
+- No changes.
+### Fixed (2 changes)
+
+- Update index_options to fix advanced search queries. !28712
+- Geo: Fix repository verification on the primary. !28893
+
+### Other (1 change)
+
+- Use prefix search instead of ngrams for sha fields. !27597
+
+
+## 12.9.3 (2020-04-14)
+
+### Security (1 change)
+
+- Fix filename bypass when uploading NuGet packages.
+
+
 ## 12.9.2 (2020-03-31)
 
 ### Fixed (4 changes)
@@ -152,6 +172,13 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Allow users to be marked as service users. !202680
 
 
+## 12.8.9 (2020-04-14)
+
+### Security (1 change)
+
+- Fix filename bypass when uploading NuGet packages.
+
+
 ## 12.8.7 (2020-03-16)
 
 ### Fixed (1 change)
@@ -305,6 +332,13 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Prepare DB structure for GMA forking changes. !22002
 
 
+## 12.7.9 (2020-04-14)
+
+### Security (1 change)
+
+- Fix filename bypass when uploading NuGet packages.
+
+
 ## 12.7.5
 
 ### Fixed (1 change)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8369e524b9..f2ca4d66b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,460 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.10.0 (2020-04-22)
+
+### Removed (3 changes)
+
+- Revert LDAP readonly attributes feature. !28541
+- Remove deprecated /ci/lint page. !28562
+- Remove open in file view link from Web IDE. !28705
+
+### Fixed (118 changes, 26 of them are from the community)
+
+- Return 202 for command only notes in REST API. !19624
+- Run SAST using awk to pass env variables directly to docker without creating .env file. !21174 (Florian Gaultier)
+- #42671: Project and group storage statistics now support values up to 8 PiB (up from 4GiB)
+. !23131 (Matthias van de Meent)
+- Fix 500 error on profile/chat_names for deleted projects. !24341
+- Migrate the database to activate projects prometheus service integration for projects with prometheus installed on shared k8s cluster. !24684
+- Fix archived corrupted projects not displaying in admin. !25171 (erickcspice)
+- Fix some Web IDE bugs with empty projects. !25463
+- Fix failing ci variable e2e test. !25924
+- Fix new file not being created in non-ascii character folders. !26165
+- Validate uniqueness of project_id and type when a new project service is created. !26308
+- Fix assignee dropdown on new issue page. !26971
+- Resolve Unable to expand multiple downstream pipelines. !27029
+- Hide admin user actions for ghost and bot users. !27162
+- Fix invalid ancestor group milestones when moving projects. !27262
+- Fix right sidebar when scrollbars are always visible. !27314 (Shawn @CasualBot)
+- Fix OpenAPI file detector. !27321 (Roger Meier)
+- Fix managed_free_namespaces scope to only groups without a license or a free license. !27356
+- Set commit status to failed if the TeamCity connection is refused. !27395
+- Resolve Improve format support message in issue design. !27409
+- Add tooltips with full path to file headers on file tree. !27437
+- Scope WAF Statistics anomalies to environment.external_url. !27466
+- Show the proper information in snippet edit form. !27479
+- Fixes the repository Vue router not working with Chinese characters. !27494
+- Fix smartcard config initialization. !27560
+- Fix audit event that weren't being created for failed LDAP log-in tries. !27608
+- Fix filtered search tokenization. !27648
+- Fix processing of GrapqhQL query complexity based on used resolvers. !27652
+- Update board scopes when promoting a label. !27662
+- Reuse default generated snippet file name in repository. !27673
+- Revert user bio back to non-italicized font to fix rendering of emojis. !27693
+- Filter out Releases with missing tags. !27716
+- Update detected languages for dependency scanning in no dind mode. !27723
+- Fix logic for ingress can_uninstall?. !27729
+- Fix dropped filter when paging groups. !27737 (Lee Tickett)
+- Amend GraphQL merge requests resolver to check for project presence. !27783
+- Fix bug issue template handling of markdown. !27808 (Lee Tickett)
+- Update discord notifications to be a single embed and include log messages. !27812 (Sam Bingner)
+- Update detected languages for sast in no dind mode. !27831
+- Fix bug inviting members whose emails start with numbers. !27848 (Lee Tickett)
+- Allow self monitoring project to query internal Prometheus even when "Allow local requests in webhooks and services" setting is false. !27865
+- Add missing docstring to Prometheus metric. !27868
+- Resolve Snippet creation failure bug. !27891
+- Fix optional params for deploy token API. !27961 (Nejc Habjan)
+- Use Ci::Pipeline#all_merge_requests.first as Ci::Build#merge_request. !27968
+- Fix bug tracking snippet shard name. !27979
+- Add `discussion_locked` to Webhook. !28018
+- Fix invalid class option for ionice. !28023
+- Improve SAST NO_DIND file detection with proper boundary conditions. !28036
+- Detect skipped specs in JUnit reports and set TestCase status. !28053
+- Allow 0 for pages size limit setting in admin settings. !28086
+- Fix wrong colors displayed in charts. !28095
+- Fix incorrect content returned on empty dotfile. !28144
+- Include LDAP UID attribute in default attributes for all LDAP lookups. !28148
+- Fix deploy token API to properly delete all associated deploy token records. !28156
+- Fix Gitlab::Auth to handle orphaned oauth tokens. !28159
+- Protect sidekiq admin UI with admin mode. !28164 (Diego Louzán)
+- Prevent overriding the username when creating a Deploy Token via the API. !28175 (Ayoub Mrini)
+- Resolve Snippet actions with binary data. !28191
+- Make all HTTPS cookies set SameSite to none. !28205
+- Don't send 'accept-encoding' in HttpIO requests. !28239
+- Gracefully handle missing latest CI pipeline. !28263
+- Fix error removing secondary email. !28267 (Lee Tickett)
+- Fix name of approvals column in merge requests. !28274 (Steffen Köhler)
+- Add management_project_id to group and project cluster creation, clarifies docs. !28289
+- Check first if feature flag version_snippet is enabled. !28352
+- Fix single stat panel percentile format support. !28365
+- Use CTE optimization for searching board issues. !28430
+- Fix missing synthetic milestone change notes for disabled milestone change event tracking feature flag. !28440
+- Fix Releases page for Guest users of private projects. !28447
+- Prevent ProjectUpdateRepositoryStorageWorker from moving to same filesystem. !28469
+- Return error message for create_merge_request. !28482
+- Include MR times in Milestone time overview. !28519 (Bob van de Vijver)
+- Fix daily report result to use average of coverage values if there are multiple builds for a given group name. !28556
+- Token creation uses HTTP status CREATED. !28587
+- Allow award emoji same name & user duplicates when Importing. !28588
+- Fix pagination in Merge Request GraphQL api. !28667 (briankabiro)
+- Remove duplicate spec in web hook service spec. !28669 (Rajendra Kadam)
+- Fix GraphQL SnippetType repo urls. !28673
+- Add missing ON DELETE FK constraints referencing users table. !28720
+- Update duplicate specs in notification service spec. !28742 (Rajendra Kadam)
+- Fix styling of MR dropdown in Web IDE. !28746
+- Better error message when importing a Github project and Github API rate limit is exceeded. !28785
+- Prevent false positives in Ci::Pipeline#all_merge_requests. !28800
+- Enable toggle all discussions button for logged out users. !28809 (Diego Louzán)
+- Fix display of PyCharm generated Jupyter notebooks. !28810 (Jan Beckmann)
+- Resolve Snippet update error with version flag disabled. !28815
+- Show multimetric embeds on a single chart. !28841
+- Fix race condition updating snippet without repository. !28851
+- Normalize signature mime types when filtering attachments in emails. !28865 (Diego Louzán)
+- Add autostop check to folder table. !28937
+- Fix 500 error on create release API when providing an invalid tag_name. !28969 (Sashi Kumar)
+- Fix missing group icons on profile page when screen < 576px. !28973
+- Stringify Sidekiq job args in exception logs. !28996
+- Ensure members are always added on Project Import when importing as admin. !29046
+- Elasticsearch recommendation alert does not appears while screen is loaded. !29097
+- Prevent wrong environment being used when processing Prometheus alert. !29119
+- Fix Slack slash commands using relative URL. !29160
+- Exclude 'trial_ends_on', 'shared_runners_minutes_limit' & 'extra_shared_runners_minutes_limit' from list of exported Group attributes. !29259
+- Group level container registry show subgroups repos. !29263
+- Move prepend to last line in finders files. !29274 (Rajendra Kadam)
+- Remove 'error' from diff note error message. !29281
+- Migrate legacy uploads out of deprecated paths. !29295
+- Move prepend to last line in commit status presenter. !29328 (Rajendra Kadam)
+- Move prepend to last line in app serializers. !29332 (Rajendra Kadam)
+- Move prepend to last line in app workers and uploaders. !29379 (Rajendra Kadam)
+- fix: Publish toolbar dissappears when submitting empty content. !29410
+- Replace deprecated GlLoadingIcon sizes. !29417
+- fix display head and base in version dropdowns. !29433
+- Fix Web IDE not showing diff when opening commit tab. !29439
+- Use music icon for files with .ogg extension. !29514
+- Fix dashboard processing error which prevented dashboards with unknown attributes inside panels from being displayed. !29517
+- Fix Deploy Token creation when no scope selected. !29614
+- Update auto-build-image to v0.2.2 with fixes for docker caching. !29730
+- Fix resolve WIP clearing merge request area. !29757
+- Enable the Add metric button for CE users. !29769
+- Fix Error 500 when inviting user to a few projects. !29778
+- Fixed whitespace toggle not showing the correct diff.
+- Fixed upload file creating a file in the wrong directory.
+
+### Deprecated (1 change)
+
+- Deprecate 'token' attribute from Runners API. !29481
+
+### Changed (62 changes, 7 of them are from the community)
+
+- Only enable searching of projects by full path / name on certain dropdowns. !21910
+- Support wiki events in activity streams. !23869
+- Fix for issue 26426: Details of runners of nested groups of an owned group are now available for users with enough permissions. !24169 (nachootal@gmail.com)
+- Rename "Project Services" to "Integrations" in frontend and docs. !26244
+- Support multiple Evidences for a Release. !26509
+- Move some global routes to - scope. !27106
+- Only display mirrored URL to users who can manage Repository settings. !27166
+- Disable lookup of other ActiveSessions to determine admin mode status. !27318 (Diego Louzán)
+- Extract X509::Signature from X509::Commit. !27327 (Roger Meier)
+- Show user statistics in admin area also in CE, and use daily generated data for these statistics. !27345
+- Update aws-ecs image location in CI template. !27382
+- Update More Pages button on Wiki Page. !27499
+- Update ApplicationLimits to prefer defaults. !27574
+- Allow external diff files to be removed. !27602
+- Add atomic and cleanup-on-fail parameters for Helm. !27721
+- Change the url when the timeslider changes. !27726
+- Add user_details.bio column and migrate data from users.bio. !27773
+- WAF settings will be read-only if there is a new version of ingress available. !27845
+- Add an helper to check if a notification_event is enabled. !27880 (Jacopo Beschi @jacopo-beschi)
+- Ensure freshness of settings with snippet creation. !27897
+- Update copies in Admin Panel > Repository Storage section. !27986
+- Add event tracking to Container regstry quickstart. !27990
+- Render snippet repository blobs. !28085
+- Accept `author_username` as a param in Merge Requests API. !28100
+- Use rich icons for thw rows on the file tree. !28112
+- Renamed Contribution Charts as Repository Analytics. !28162
+- Move Alerting feature to Core. !28196
+- Add file-based pipeline conditions to default Auto DevOps CI template. !28242
+- Make pipeline info in chat notifications concise. !28284
+- Use different approval icon if current user approved. !28290 (Steffen Köhler)
+- Remove repeated examples in user model specs. !28450 (Rajendra Kadam)
+- Show only active environments in monitoring dropdown. !28456
+- Enable container expiration policies by default for new projects. !28480
+- Show snippet error update to the user. !28516
+- Move 'Additional Metrics' feature to GitLab Core. !28527
+- Add ability to search by environment state in environments GraphQL API. !28567
+- Add correlation_id to project_mirror_data, expose in /import API endpoints. !28662
+- Add status column to container_registry. !28682
+- Cleanup the descriptions of some fields of GraphQL ProjectType. !28735
+- Add Project template for Static Site Editor / Middleman. !28758
+- Remove duplicate show spec in admin routing. !28790 (Rajendra Kadam)
+- Add Fluentd model for cluster apps. !28846
+- Add grab cursor for operations dashboard cards. !28868
+- Update copy when snippet git feature disabled. !28913
+- Expose relations that failed to import in /import endpoints. !28915
+- Update informational text on Edit Release page. !28938
+- Add support for dot (.) in variables masking. !29022
+- Update Auto DevOps docker version to 19.03.8. !29081
+- Make search redaction more robust. !29166
+- Enable async delete in container repository list. !29175
+- Make manual prometheus configuration section always editable. !29209
+- Adjust label title applied to issues on import from Jira. !29246
+- Track statistics per project for jira imported issues. !29406
+- Display local timezone in log explorer. !29409
+- Allow to retry submitting changes when an error occurs. !29434
+- Define dashboard dropdowns layout in flex to improve support smaller screens. !29477
+- Update auto-deploy-image to v0.13.0 for deploy job, enabling more granular control over service.enabled. !29524
+- Do not display branch link in saved changes message UI. !29611
+- Redesign Jira issue import UI. !29671
+- Add support for /file_hooks directory. !29675
+- Sort the project dropdown by star count when moving issues. !29766
+- Increase the timing of polling for the merge request widget.
+
+### Performance (45 changes)
+
+- Limits issues displayed on milestones. !23102
+- Optimize suggestions counters. !26443
+- Prefetch DNS for asset host. !26868
+- Move bots functionality to user_type column. !26981
+- Optimize projects_service_active queries performance in usage data. !27093
+- Optimize projects_mirrored_with_pipelines_enabled query performance in usage data. !27110
+- Optimize ldap keys counters query performance in usage data. !27309
+- Enable Workhorse upload acceleration for Project Import uploads via UI. !27332
+- Cache ES enabled namespaces and projects. !27348
+- Optimize template_repositories query by using batch counting. !27352
+- Reduce SQL queries when rendering webhook settings. !27359
+- Reduce number of SQL queries for service templates. !27396
+- Improve Advanced global search performance by using routing. !27398
+- Improve performance of the container repository cleanup tags service. !27441
+- Optimize usage ping queries by using batch counting. !27455
+- Fix redundant query execution when loading board issues. !27505
+- Optimize projects_enforcing_code_owner_approval counter query performance for usage ping. !27526
+- Optimize projects_reporting_ci_cd_back_to_github query performance for usage data. !27533
+- Optimize service desk enabled projects counter. !27589
+- Improve pagination in discussions API. !27697
+- Improve API response for archived project searchs. !27717
+- Optimize ci builds counters in usage data. !27770
+- Enable streaming serializer feature flag by default. !27813
+- Harden jira usage data. !27973
+- Create merge request pipelines in background jobs. !28024
+- Optimize ci builds non distinct counters in usage data. !28027
+- Remove feature flag 'export_fast_serialize' and 'export_fast_serialize_with_raw_json'. !28037
+- Improve API response for descending internal project searches. !28038
+- Make Rails.cache and Gitlab::Redis::Cache share the same Redis connection pool. !28074
+- Introduce rate limit for creating issues via web UI. !28129
+- Introduce rate limit for creating issues via API. !28130
+- Remove unnecessary index index_ci_builds_on_name_for_security_reports_values. !28224
+- Disallow distinct count for regular batch count. !28518
+- Resolve an N+1 in merge request CI variables. !28688
+- Use faster streaming serializer for project exports. !28925
+- Add index for created_at of resource_milestone_events. !28929
+- Optimize issues with embedded grafana charts usage counter. !28936
+- Avoid scheduling duplicate sidekiq jobs. !29116
+- Optimize projects with repositories enabled usage data. !29117
+- Use diff-stats for calculating raw diffs modified paths. !29134
+- Optimize protected branches usage data. !29148
+- Refresh only existing MRs on push. !29420
+- Reduce SQL requests number for CreateCommitSignatureWorker. !29479
+- Remove redundant index from projects table. !29507
+- Add index on users.unlock_token. !276298
+
+### Added (140 changes, 33 of them are from the community)
+
+- New package list is enabled which includes filtering by type. !18860
+- Create a rake task to cleanup unused LFS files. !21747
+- Support Asciidoc docname attribute. !22313 (Jouke Witteveen)
+- Adds features to delete stopped environments. !22629
+- Highlight line which includes search term is code search results. !22914 (Alex Terekhov (terales))
+- Allow embedded metrics charts to be hidden. !23929
+- Add toggle all discussions button to MRs. !24670 (Martin Hobert & Diego Louzán)
+- Store daily code coverages into ci_daily_report_results table. !24695
+- Add cluster management project template. !25318
+- Add limit metric to lists. !25532
+- Add support for Okta as a SCIM provider. !25649
+- Add grape custom validator for git reference params. !26102 (Rajendra Kadam)
+- Add healthy column to clusters_applications_prometheus table. !26168
+- Add API endpoint to list runners for a group. !26328
+- Add unlock_membership_to_ldap boolean to Groups. !26474
+- Adds wiki metadata models. !26529
+- Create model to store Terraform state files. !26619
+- Improve logs dropdown with more clear labels. !26635
+- Add all pods view to logs explorer. !26883
+- Add first_contribution to single merge request API. !26926
+- Populate user_highest_roles table. !27127
+- Add option for switching between blocking and logging for WAF. !27133
+- Add bar chart support to monitoring dashboard. !27155
+- Start merge request for custom dashboard if new branch is provided. !27189
+- Update user's highest role to keep the users statistics up to date. !27231
+- Make "Value Stream" the default page that appears when clicking the project-level "Analytics" sidebar item. !27279 (Gilang Gumilar)
+- Add metric to derive new users count. !27351
+- Display cluster type in cluster info page. !27366
+- Improve logs filters on mobile, simplify kubernetes API logs filters. !27484
+- Adds branch information to the package details title section. !27488
+- Add forking_access_level to projects API. !27514 (Mathieu Parent)
+- Add a DB column to track external issue and epic ids when importing from external sources. !27522
+- Added Edit Title shared component. !27582
+- Add metrics dashboard annotation model, relation, policy, create and delete services. To provide interface for create and delete operations. !27583
+- Adds filter by name to the packages list. !27586
+- Allow querying of Jira imports and their status via GraphQL. !27587
+- Update Gitaly to 12.9.0-rc5. !27631
+- Add filtered search for elastic search in logs. !27654
+- Add cost factor fields to ci runners. !27666
+- Add auto_ssl_failed to pages_domains. !27671
+- Allow to start Jira import through graphql mutation. !27684
+- Add terraform report to merge request widget. !27700
+- Read metadata from Wiki front-matter. !27706
+- Support custom graceful timeout for Sidekiq Cluster processes. !27710
+- Show storage size on project page. !27724 (Roger Meier)
+- Upload a design by copy/pasting the file into the Design Tab. !27776
+- Update Active checkbox component to use toggle. !27778
+- Add namespace_storage_size_limit to application settings. !27786
+- Add issues to graphQL group endpoint. !27789
+- Enable container registry at the group level. !27814
+- Expose created_at property in Groups API. !27824
+- Add an endpoint to allow group admin users to purge the dependency proxy for a group. !27843
+- Filter health endpoint metrics. !27847
+- Add support for system note metadata in project Import/Export. !27853 (Melvin Vermeeren)
+- Add daily job to create users statistics. !27883
+- Add DS_REMEDIATE env var to dependency scanning template. !27947
+- Add Swift Dockerfile to GitLab templates. !28035
+- Generate JWT and provide it to CI jobs for integration with other systems. !28063
+- Update user's highest role to keep the users statistics up to date. !28087
+- Add jira_imports table to track current jira import progress as well as historical imports data. !28108
+- Add initial support for Cloud Native Buildpacks in Auto DevOps builds. !28165
+- Add app server type to usage ping. !28189
+- Add last_activity_before and last_activity_after filter to /api/projects endpoint. !28221 (Roger Meier)
+- Expose basic project services attributes through GraphQL. !28234
+- Add environment-state flag to metrics data. !28237
+- Allow defining of metric step in dashboard yml. !28247
+- Separate validators into own class files. !28266 (Rajendra Kadam)
+- Refactor push rules and add push_rule_id columns in project settings and application settings. !28286
+- Added support for single-token deletion via option/ctrl-backspace or search-filter clearing via command-backspace in filtered search. !28295 (James Becker)
+- Enable log explorer to use the full height of the screen. !28312
+- Automatically assign id to each panel within dashboard to support panel scoped annotations. !28341
+- Add Praefect rake task to print out replica checksums. !28369
+- Add rake task to update x509 signatures. !28406 (Roger Meier)
+- Add application setting to enable container expiration and retention policies on pre 12.8 projects. !28479
+- Add Prometheus alerts automatically after Prometheus Service was created. !28503
+- Add ability to filter commits by author. !28509
+- Add usage data metrics for instance level clusters and clusters with management projects. !28510
+- Add slash command support for merge train. !28532
+- Add metrics dashboard annotations to GraphQL API. !28550
+- Refactor duplicate specs in wiki page specs. !28551 (Rajendra Kadam)
+- Refactor duplicate member specs. !28574 (Rajendra Kadam)
+- Remove design management as a license feature. !28589
+- Add api endpoint to get x509 signature. !28590 (Roger Meier)
+- Refactored Snippet edit form to Vue. !28600
+- Add support for database-independent embedded metric charts. !28618
+- Fix issuable duplicate spec. !28632 (Rajendra Kadam)
+- Fix build duplicate spec. !28633 (Rajendra Kadam)
+- Remove duplicate specs in ability model. !28644 (Rajendra Kadam)
+- Remove duplicate specs in update service spec. !28650 (Rajendra Kadam)
+- Add added_lines and removed_lines columns to merge_request_metrics table. !28658
+- Remove duplicate specs in pipeline message spec. !28664 (Rajendra Kadam)
+- Implement Terraform State API with locking. !28692
+- Move export issues feature to core. !28703
+- Add status endpoint to Pages Internal API. !28743
+- Enable last user activity logging on the REST API. !28755
+- Refresh metrics dashboard data without reloading the page. !28756
+- Update duplicate specs in update large table spec. !28787 (Rajendra Kadam)
+- Fix duplicate spec in factory relation spec. !28794 (Rajendra Kadam)
+- Remove duplicate spec from changelog spec. !28801 (Rajendra Kadam)
+- Remove duplicate spec from closing issue spec. !28803 (Rajendra Kadam)
+- Allow Release links to be edited on the Edit Release page. !28816
+- Create operations_user_lists table. !28822
+- Added the clone button for Snippet view. !28840
+- Add Fluentd table for cluster apps. !28844
+- Fix duplicate spec from user helper spec. !28854 (Rajendra Kadam)
+- Add missing spec for gitlab schema. !28855 (Rajendra Kadam)
+- Fix duplciate spec in merge requests. !28856 (Rajendra Kadam)
+- Fix duplicate spec in environment finder. !28857 (Rajendra Kadam)
+- Fix duplicate spec in template dropdown spec. !28858 (Rajendra Kadam)
+- Fix duplicate spec in user post diff notes. !28859 (Rajendra Kadam)
+- Fix duplicate spec in filter issues. !28860 (Rajendra Kadam)
+- Remove `ci_dag_support` feature flag. !28863 (Lee Tickett)
+- Validate dependency on job generating a CI config when using dynamic child pipelines. !28901
+- Add read_api scope to personal access tokens for granting read only API access. !28944
+- Add a new default format(engineering notation) for yAxis labels in monitor charts. !28953
+- Add write_registry scope to deploy tokens for container registry push access. !28958
+- Add Nginx error percentage metric. !28983
+- Provide configuration options for Static Site Editor. !29058
+- Remove blobs_fetch_in_batches feature flag. !29069
+- API endpoint to create annotations for environments dashboard. !29089
+- Add graphQL interface to fetch metrics dashboard. !29112
+- Add typed AWS environment variables for access keys & region. !29124
+- Add line range to diff note position. !29135
+- Add push rules association for groups. !29144
+- Gather historical pod list from Elasticsearch. !29168
+- Save changes in Static Site Editor using REST GitLab API. !29286
+- Add temporary empty message when no result is found. !29306
+- Add API endpoint to get users without projects. !29347
+- Add status page url field to DB and setting model. !29357
+- Add metrics_dashboard_access_level to project features. !29371
+- Add a database column to enable or disable group owners from changing the default branch protection setting of a group. !29397
+- Allow sorting of issue and MR discussions. !29492
+- Update UI for project and group settings CI variables. !29584
+- Add GRADLE_CLI_OPTS and SBT_CLI_OPTS env vars to dependency scanning orchestrator. !29595
+- Add name_regex_keep to container_expiration_policies. !29618
+- Adds Knative and Fluentd as CI/CD managed applications. !29637
+- Add jira issues import feature.
+- Add wildcard case in documentation for artifacts. (Fábio Matavelli)
+- Add namespace storage size limit setting.
+- Add placeholders to broadcast message notifications.
+
+### Other (48 changes, 16 of them are from the community)
+
+- Convert schema to plain SQL using structure.sql. !22808
+- Provide link to a survey for Knative users. !23025
+- Complete the migration of Job Artifact to Security Scan. !24244
+- Migrate .fa-spinner to .spinner for app/views/shared/notes. !25028 (nuwe1)
+- Migrate .fa-spinner to .spinner for app/views/ci/variables. !25030 (nuwe1)
+- Migrate .fa-spinner to .spinner for ee/app/views/projects/settings. !25038 (nuwe1)
+- Migrate .fa-spinner to .spinner for app/views/projects/mirrors. !25041 (nuwe1)
+- Migrate .fa-spinner to .spinner for app/views/projects/network. !25050 (nuwe1)
+- Migrate .fa-spinner to .spinner for app/views/groups. !25053 (nuwe1)
+- Replace underscore with lodash for ./app/assets/javascripts/vue_shared. !25108 (Tobias Spagert)
+- Remove health_status column from epics. !26302
+- Show object access warning when disabling repo LFS. !26696
+- Update icons in Sentry Error Tracking list for ignored/resolved errors. !27125
+- Use Ruby 2.7 in specs to remove Ruby 2.1/2.2/2.3. !27269 (Takuya Noguchi)
+- Fill user_type for ghost users. !27387
+- Add Bitbucket Importer metrics. !27524
+- Consume remaining LinkLFsObjectsProjects jobs. !27558
+- Update GitLab Runner Helm Chart to 0.15.0. !27670
+- Log Redis call count and duration to log files. !27735
+- Use id instead of cve where possible when parsing remediations. !27815
+- Log member additions when importing Project/Group. !27930
+- Change project_export_worker urgency to throttled. !27941
+- Add missing track_exception() call to Ci::CreateJobArtifactsService. !27954
+- Add possibility to conigure additional rails hosts with env variable. !28133
+- Remove new issue tooltip. !28261 (Victor Wu)
+- Improve message when promoting project labels. !28265
+- Change the link to chart copy text. !28371
+- Conditional mocking of admin mode in specs by directory. !28420 (Diego Louzán)
+- Align color and font-weight styles of heading elements and their typography classes. !28422
+- Fix merge request thread’s icon buttons color. !28465
+- Updated spinner next to forking message. !28506 (Victor Wu)
+- Replaced old-style buttons with the new ones on Snippet view. !28614
+- Change redo for retry icon in metrics dashboard. !28670
+- Remove User's association max_access_level_membership. !28757
+- Reduce urgency of EmailsOnPushWorker. !28783
+- Use concern instead of service to update highest role. !28791
+- Normalize error message between Gitea and Fogbugz importers. !28802
+- Fix keyboard shortcut to navigate to your groups. !28873 (Victor Wu)
+- Fix keyboard shortcut to navigate to dashboard activity. !28985 (Victor Wu)
+- Remove unused index for vulnerability severity levels. !29023
+- Update query labels dynamically for embedded charts. !29034
+- Refactor projects/:id/packages API to supply only necessary params to PackagesFinder. !29052 (Sashi Kumar)
+- Implement showing CI bridge error messages. !29123
+- Update GitLab Shell to v12.1.0. !29167
+- Update GitLab Elasticsearch Indexer. !29256
+- Add Gitlab User-Agent to ContainerRegistry::Client. !29294 (Sashi Kumar)
+- Improve error message in DAST CI template. !29388
+- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)
+
+
+## 12.9.4 (2020-04-16)
+
+- No changes.
+### Fixed (5 changes, 1 of them is from the community)
+
+- Fix not working File upload from Project overview page. !26828 (Gilang Gumilar)
+- Fix storage rollback regression caused by previous refactor. !28496
+- Fix incorrect regex used in FileUploader#extract_dynamic_path. !28683
+- Fully qualify id columns for keyset pagination (Projects API). !29026
+- Fix Slack notifications when upgrading from old GitLab versions. !29111
+
+
 ## 12.9.3 (2020-04-14)
 
 ### Security (3 changes)
@@ -508,6 +962,15 @@ entry.
 - Improvement in token reference.
 
 
+## 12.8.9 (2020-04-14)
+
+### Security (3 changes)
+
+- Refresh ProjectAuthorization during Group deletion.
+- Prevent filename bypass on artifact upload.
+- Update rack and related gems to 2.0.9 to fix security issue.
+
+
 ## 12.8.7 (2020-03-16)
 
 ### Fixed (1 change, 1 of them is from the community)
@@ -1098,6 +1561,15 @@ entry.
 - Add clarifying content to account fields.
 
 
+## 12.7.9 (2020-04-14)
+
+### Security (3 changes)
+
+- Refresh ProjectAuthorization during Group deletion.
+- Prevent filename bypass on artifact upload.
+- Update rack and related gems to 2.0.9 to fix security issue.
+
+
 ## 12.7.5
 
 ### Fixed (4 changes, 1 of them is from the community)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 07c5481ea9..99aa66d3c1 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-12.9.3
+66fd5d1b9018ebf5427141c733234060b45bf626
diff --git a/GITLAB_ELASTICSEARCH_INDEXER_VERSION b/GITLAB_ELASTICSEARCH_INDEXER_VERSION
index 7ec1d6db40..ccbccc3dc6 100644
--- a/GITLAB_ELASTICSEARCH_INDEXER_VERSION
+++ b/GITLAB_ELASTICSEARCH_INDEXER_VERSION
@@ -1 +1 @@
-2.1.0
+2.2.0
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION
index 4044f90867..685332623b 100644
--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
@@ -1 +1 @@
-12.0.0
+12.2.0
diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION
index 2465b5f7b8..57b9fc187c 100644
--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
@@ -1 +1 @@
-8.25.2
+8.30.1
diff --git a/Gemfile b/Gemfile
index 326174c75f..d15628eb83 100644
--- a/Gemfile
+++ b/Gemfile
@@ -87,7 +87,7 @@ gem 'grape-entity', '~> 0.7.1'
 gem 'rack-cors', '~> 1.0.6', require: 'rack/cors'
 
 # GraphQL API
-gem 'graphql', '~> 1.9.19'
+gem 'graphql', '~> 1.10.5'
 # NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab/issues/31771
 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
 # https://gitlab.com/gitlab-org/gitlab/issues/31747
@@ -149,7 +149,7 @@ gem 'wikicloth', '0.8.1'
 gem 'asciidoctor', '~> 2.0.10'
 gem 'asciidoctor-include-ext', '~> 0.3.1', require: false
 gem 'asciidoctor-plantuml', '0.0.10'
-gem 'rouge', '~> 3.17.0'
+gem 'rouge', '~> 3.18.0'
 gem 'truncato', '~> 0.7.11'
 gem 'bootstrap_form', '~> 4.2.0'
 gem 'nokogiri', '~> 1.10.5'
@@ -301,7 +301,7 @@ gem 'sentry-raven', '~> 2.9'
 gem 'premailer-rails', '~> 1.10.3'
 
 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '0.11.0'
+gem 'gitlab-labkit', '0.12.0'
 
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
@@ -319,7 +319,7 @@ gem 'peek', '~> 1.1'
 gem 'snowplow-tracker', '~> 0.6.1'
 
 # Memory benchmarks
-gem 'gitlab-derailed_benchmarks', require: false
+gem 'derailed_benchmarks', require: false
 
 # Metrics
 group :metrics do
@@ -366,7 +366,7 @@ group :development, :test do
   gem 'spring', '~> 2.0.0'
   gem 'spring-commands-rspec', '~> 1.0.4'
 
-  gem 'gitlab-styles', '~> 3.1.0', require: false
+  gem 'gitlab-styles', '~> 3.2.0', require: false
   # Pin these dependencies, otherwise a new rule could break the CI pipelines
   gem 'rubocop', '~> 0.74.0'
   gem 'rubocop-performance', '~> 1.4.1'
@@ -399,7 +399,6 @@ group :test do
   gem 'fuubar', '~> 2.2.0'
   gem 'rspec-retry', '~> 0.6.1'
   gem 'rspec_profiling', '~> 0.0.5'
-  gem 'rspec-set', '~> 0.1.3'
   gem 'rspec-parameterized', require: false
 
   gem 'capybara', '~> 3.22.0'
@@ -425,7 +424,7 @@ gem 'gitlab-mail_room', '~> 0.0.3', require: 'mail_room'
 gem 'email_reply_trimmer', '~> 0.1'
 gem 'html2text'
 
-gem 'ruby-prof', '~> 1.0.0'
+gem 'ruby-prof', '~> 1.3.0'
 gem 'stackprof', '~> 0.2.15', require: false
 gem 'rbtrace', '~> 0.4', require: false
 gem 'memory_profiler', '~> 0.9', require: false
@@ -493,3 +492,6 @@ gem 'erubi', '~> 1.9.0'
 # Monkey-patched in `config/initializers/mail_encoding_patch.rb`
 # See https://gitlab.com/gitlab-org/gitlab/issues/197386
 gem 'mail', '= 2.7.1'
+
+# File encryption
+gem 'lockbox', '~> 0.3.3'
diff --git a/Gemfile.lock b/Gemfile.lock
index 220735f0e2..64bf4ec44d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -211,6 +211,17 @@ GEM
     declarative-option (0.1.0)
     default_value_for (3.3.0)
       activerecord (>= 3.2.0, < 6.1)
+    derailed_benchmarks (1.7.0)
+      benchmark-ips (~> 2)
+      get_process_mem (~> 0)
+      heapy (~> 0)
+      memory_profiler (~> 0)
+      mini_histogram (~> 0)
+      rack (>= 1)
+      rake (> 10, < 14)
+      ruby-statistics (>= 2.1)
+      thor (>= 0.19, < 2)
+      unicode_plot (>= 0.0.4, < 1.0.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     device_detector (1.0.0)
@@ -259,6 +270,7 @@ GEM
       launchy (~> 2.1)
       mail (~> 2.7)
     encryptor (3.0.0)
+    enumerable-statistics (2.0.1)
     equalizer (0.0.11)
     erubi (1.9.0)
     escape_utils (1.2.1)
@@ -290,7 +302,7 @@ GEM
     fast_blank (1.0.0)
     fast_gettext (1.6.0)
     ffaker (2.10.0)
-    ffi (1.11.3)
+    ffi (1.12.2)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
@@ -371,16 +383,7 @@ GEM
     github-markup (1.7.0)
     gitlab-chronic (0.10.5)
       numerizer (~> 0.2)
-    gitlab-derailed_benchmarks (1.6.1)
-      benchmark-ips (~> 2)
-      get_process_mem (~> 0)
-      heapy (~> 0)
-      memory_profiler (~> 0)
-      rack (>= 1)
-      rake (> 10, < 14)
-      ruby-statistics (>= 2.1)
-      thor (>= 0.19, < 2)
-    gitlab-labkit (0.11.0)
+    gitlab-labkit (0.12.0)
       actionpack (>= 5.0.0, < 6.1.0)
       activesupport (>= 5.0.0, < 6.1.0)
       grpc (~> 1.19)
@@ -398,7 +401,7 @@ GEM
       gitlab-puma (>= 2.7, < 5)
     gitlab-sidekiq-fetcher (0.5.2)
       sidekiq (~> 5)
-    gitlab-styles (3.1.0)
+    gitlab-styles (3.2.0)
       rubocop (~> 0.74.0)
       rubocop-gitlab-security (~> 0.1.0)
       rubocop-performance (~> 1.4.1)
@@ -456,7 +459,7 @@ GEM
     graphiql-rails (1.4.10)
       railties
       sprockets-rails
-    graphql (1.9.19)
+    graphql (1.10.5)
     graphql-docs (1.6.0)
       commonmarker (~> 0.16)
       escape_utils (~> 1.2)
@@ -605,6 +608,7 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
     locale (2.1.2)
+    lockbox (0.3.3)
     lograge (0.10.0)
       actionpack (>= 4)
       activesupport (>= 4)
@@ -631,6 +635,7 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
     mimemagic (0.3.3)
+    mini_histogram (0.1.3)
     mini_magick (4.9.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
@@ -750,7 +755,7 @@ GEM
     orm_adapter (0.5.0)
     os (1.0.0)
     parallel (1.19.1)
-    parser (2.6.5.0)
+    parser (2.7.0.4)
       ast (~> 2.4.0)
     parslet (1.8.2)
     peek (1.1.0)
@@ -889,7 +894,7 @@ GEM
     retriable (3.1.2)
     rinku (2.0.0)
     rotp (2.1.2)
-    rouge (3.17.0)
+    rouge (3.18.0)
     rqrcode (0.7.0)
       chunky_png
     rqrcode-rails3 (0.1.7)
@@ -922,7 +927,6 @@ GEM
       rspec-support (~> 3.9)
     rspec-retry (0.6.1)
       rspec-core (> 3.3)
-    rspec-set (0.1.3)
     rspec-support (3.9.2)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
@@ -951,7 +955,7 @@ GEM
       i18n
     ruby-fogbugz (0.2.1)
       crack (~> 0.4)
-    ruby-prof (1.0.0)
+    ruby-prof (1.3.1)
     ruby-progressbar (1.10.1)
     ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
@@ -1084,6 +1088,8 @@ GEM
       unf_ext
     unf_ext (0.0.7.5)
     unicode-display_width (1.6.0)
+    unicode_plot (0.0.4)
+      enumerable-statistics (>= 2.0.1)
     unicode_utils (1.4.0)
     unicorn (5.4.1)
       kgio (~> 2.6)
@@ -1094,13 +1100,13 @@ GEM
     uniform_notifier (1.13.0)
     unleash (0.1.5)
       murmurhash3 (~> 0.1.6)
-    unparser (0.4.5)
+    unparser (0.4.7)
       abstract_type (~> 0.0.7)
       adamantium (~> 0.2.0)
       concord (~> 0.1.5)
       diff-lcs (~> 1.3)
       equalizer (~> 0.0.9)
-      parser (~> 2.6.3)
+      parser (>= 2.6.5)
       procto (~> 0.0.2)
     validate_email (0.1.6)
       activemodel (>= 3.0)
@@ -1189,6 +1195,7 @@ DEPENDENCIES
   database_cleaner (~> 1.7.0)
   deckar01-task_list (= 2.3.1)
   default_value_for (~> 3.3.0)
+  derailed_benchmarks
   device_detector
   devise (~> 4.6)
   devise-two-factor (~> 3.1.0)
@@ -1231,8 +1238,7 @@ DEPENDENCIES
   gitaly (~> 12.9.0.pre.rc4)
   github-markup (~> 1.7.0)
   gitlab-chronic (~> 0.10.5)
-  gitlab-derailed_benchmarks
-  gitlab-labkit (= 0.11.0)
+  gitlab-labkit (= 0.12.0)
   gitlab-license (~> 1.0)
   gitlab-mail_room (~> 0.0.3)
   gitlab-markup (~> 1.7.0)
@@ -1240,7 +1246,7 @@ DEPENDENCIES
   gitlab-puma (~> 4.3.3.gitlab.2)
   gitlab-puma_worker_killer (~> 0.1.1.gitlab.1)
   gitlab-sidekiq-fetcher (= 0.5.2)
-  gitlab-styles (~> 3.1.0)
+  gitlab-styles (~> 3.2.0)
   gitlab_chronic_duration (~> 0.10.6.2)
   gitlab_omniauth-ldap (~> 2.1.1)
   gon (~> 6.2)
@@ -1252,7 +1258,7 @@ DEPENDENCIES
   grape-path-helpers (~> 1.2)
   grape_logging (~> 1.7)
   graphiql-rails (~> 1.4.10)
-  graphql (~> 1.9.19)
+  graphql (~> 1.10.5)
   graphql-docs (~> 1.6.0)
   grpc (~> 1.24.0)
   gssapi
@@ -1280,6 +1286,7 @@ DEPENDENCIES
   license_finder (~> 5.4)
   licensee (~> 8.9)
   liquid (~> 4.0)
+  lockbox (~> 0.3.3)
   lograge (~> 0.5)
   loofah (~> 2.2)
   lru_redux
@@ -1346,19 +1353,18 @@ DEPENDENCIES
   request_store (~> 1.3)
   responders (~> 3.0)
   retriable (~> 3.1.2)
-  rouge (~> 3.17.0)
+  rouge (~> 3.18.0)
   rqrcode-rails3 (~> 0.1.7)
   rspec-parameterized
   rspec-rails (~> 4.0.0.beta4)
   rspec-retry (~> 0.6.1)
-  rspec-set (~> 0.1.3)
   rspec_junit_formatter
   rspec_profiling (~> 0.0.5)
   rubocop (~> 0.74.0)
   rubocop-performance (~> 1.4.1)
   rubocop-rspec (~> 1.37.0)
   ruby-fogbugz (~> 0.2.1)
-  ruby-prof (~> 1.0.0)
+  ruby-prof (~> 1.3.0)
   ruby-progressbar
   ruby_parser (~> 3.8)
   rubyzip (~> 2.0.0)
diff --git a/Procfile b/Procfile
deleted file mode 100644
index 1776fd9794..0000000000
--- a/Procfile
+++ /dev/null
@@ -1,6 +0,0 @@
-# For DEVELOPMENT only. Production uses Runit in
-# https://gitlab.com/gitlab-org/omnibus-gitlab or the init scripts in
-# lib/support/init.d, which call scripts in bin/ .
-#
-web: RAILS_ENV=development bin/web start_foreground
-worker: RAILS_ENV=development bin/background_jobs start_foreground
diff --git a/VERSION b/VERSION
index 07c5481ea9..4de623cfef 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-12.9.3
+12.10.0
diff --git a/app/assets/javascripts/admin/application_settings/setup_metrics_and_profiling.js b/app/assets/javascripts/admin/application_settings/setup_metrics_and_profiling.js
new file mode 100644
index 0000000000..b4803be4d5
--- /dev/null
+++ b/app/assets/javascripts/admin/application_settings/setup_metrics_and_profiling.js
@@ -0,0 +1,8 @@
+import PayloadPreviewer from '~/pages/admin/application_settings/payload_previewer';
+
+export default () => {
+  new PayloadPreviewer(
+    document.querySelector('.js-usage-ping-payload-trigger'),
+    document.querySelector('.js-usage-ping-payload'),
+  ).init();
+};
diff --git a/app/assets/javascripts/alerts_service_settings/components/alerts_service_form.vue b/app/assets/javascripts/alerts_service_settings/components/alerts_service_form.vue
index 5e16f6f387..785598142f 100644
--- a/app/assets/javascripts/alerts_service_settings/components/alerts_service_form.vue
+++ b/app/assets/javascripts/alerts_service_settings/components/alerts_service_form.vue
@@ -1,6 +1,12 @@
 
 
diff --git a/app/assets/javascripts/blob/components/blob_embeddable.vue b/app/assets/javascripts/blob/components/blob_embeddable.vue
index 26bd020830..00b915ec8b 100644
--- a/app/assets/javascripts/blob/components/blob_embeddable.vue
+++ b/app/assets/javascripts/blob/components/blob_embeddable.vue
@@ -1,11 +1,11 @@
 
 
diff --git a/app/assets/javascripts/blob/components/blob_header_viewer_switcher.vue b/app/assets/javascripts/blob/components/blob_header_viewer_switcher.vue
index 689fa7638f..7155a1d35b 100644
--- a/app/assets/javascripts/blob/components/blob_header_viewer_switcher.vue
+++ b/app/assets/javascripts/blob/components/blob_header_viewer_switcher.vue
@@ -1,5 +1,5 @@
 
 
diff --git a/app/assets/javascripts/blob/pipeline_tour_success_modal.vue b/app/assets/javascripts/blob/pipeline_tour_success_modal.vue
index 0739b4d5e3..3ccd84037a 100644
--- a/app/assets/javascripts/blob/pipeline_tour_success_modal.vue
+++ b/app/assets/javascripts/blob/pipeline_tour_success_modal.vue
@@ -3,6 +3,9 @@ import { GlModal, GlSprintf, GlLink } from '@gitlab/ui';
 import { sprintf, s__, __ } from '~/locale';
 import Cookies from 'js-cookie';
 import { glEmojiTag } from '~/emoji';
+import Tracking from '~/tracking';
+
+const trackingMixin = Tracking.mixin();
 
 export default {
   beginnerLink:
@@ -18,11 +21,14 @@ export default {
     },
     false,
   ),
+  goToTrackValue: 10,
+  trackEvent: 'click_button',
   components: {
     GlModal,
     GlSprintf,
     GlLink,
   },
+  mixins: [trackingMixin],
   props: {
     goToPipelinesPath: {
       type: String,
@@ -32,8 +38,26 @@ export default {
       type: String,
       required: true,
     },
+    humanAccess: {
+      type: String,
+      required: true,
+    },
+  },
+  data() {
+    return {
+      trackLabel: 'congratulate_first_pipeline',
+    };
+  },
+  computed: {
+    tracking() {
+      return {
+        label: this.trackLabel,
+        property: this.humanAccess,
+      };
+    },
   },
   mounted() {
+    this.track();
     this.disableModalFromRenderingAgain();
   },
   methods: {
@@ -72,7 +96,17 @@ export default {
       
     
     
   
 
diff --git a/app/assets/javascripts/blob/suggest_gitlab_ci_yml/components/popover.vue b/app/assets/javascripts/blob/suggest_gitlab_ci_yml/components/popover.vue
index 7f0c232eea..5023496e2c 100644
--- a/app/assets/javascripts/blob/suggest_gitlab_ci_yml/components/popover.vue
+++ b/app/assets/javascripts/blob/suggest_gitlab_ci_yml/components/popover.vue
@@ -1,7 +1,6 @@
 
+
+
diff --git a/app/assets/javascripts/boards/components/board_delete.js b/app/assets/javascripts/boards/components/board_delete.js
index a06db359c9..cc15dc82db 100644
--- a/app/assets/javascripts/boards/components/board_delete.js
+++ b/app/assets/javascripts/boards/components/board_delete.js
@@ -7,6 +7,7 @@ export default Vue.extend({
     list: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
   methods: {
diff --git a/app/assets/javascripts/boards/components/board_new_issue.vue b/app/assets/javascripts/boards/components/board_new_issue.vue
index f9a08f151c..deebe12210 100644
--- a/app/assets/javascripts/boards/components/board_new_issue.vue
+++ b/app/assets/javascripts/boards/components/board_new_issue.vue
@@ -1,6 +1,6 @@
 
+
diff --git a/app/assets/javascripts/ci_variable_list/components/ci_key_field.vue b/app/assets/javascripts/ci_variable_list/components/ci_key_field.vue
new file mode 100644
index 0000000000..f5c2cc57f3
--- /dev/null
+++ b/app/assets/javascripts/ci_variable_list/components/ci_key_field.vue
@@ -0,0 +1,169 @@
+
+
diff --git a/app/assets/javascripts/ci_variable_list/components/ci_variable_autocomplete_tokens.js b/app/assets/javascripts/ci_variable_list/components/ci_variable_autocomplete_tokens.js
new file mode 100644
index 0000000000..9022bf5151
--- /dev/null
+++ b/app/assets/javascripts/ci_variable_list/components/ci_variable_autocomplete_tokens.js
@@ -0,0 +1,29 @@
+import { __ } from '~/locale';
+
+import { AWS_ACCESS_KEY_ID, AWS_DEFAULT_REGION, AWS_SECRET_ACCESS_KEY } from '../constants';
+
+export const awsTokens = {
+  [AWS_ACCESS_KEY_ID]: {
+    name: AWS_ACCESS_KEY_ID,
+    /* Checks for exactly twenty characters that match key.
+       Based on greps suggested by Amazon at:
+       https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/
+    */
+    validation: val => /^[A-Za-z0-9]{20}$/.test(val),
+    invalidMessage: __('This variable does not match the expected pattern.'),
+  },
+  [AWS_DEFAULT_REGION]: {
+    name: AWS_DEFAULT_REGION,
+  },
+  [AWS_SECRET_ACCESS_KEY]: {
+    name: AWS_SECRET_ACCESS_KEY,
+    /* Checks for exactly forty characters that match secret.
+       Based on greps suggested by Amazon at:
+       https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/
+    */
+    validation: val => /^[A-Za-z0-9/+=]{40}$/.test(val),
+    invalidMessage: __('This variable does not match the expected pattern.'),
+  },
+};
+
+export const awsTokenList = Object.keys(awsTokens);
diff --git a/app/assets/javascripts/ci_variable_list/components/ci_variable_modal.vue b/app/assets/javascripts/ci_variable_list/components/ci_variable_modal.vue
index 0ccc58ec2d..8f5acd4a0a 100644
--- a/app/assets/javascripts/ci_variable_list/components/ci_variable_modal.vue
+++ b/app/assets/javascripts/ci_variable_list/components/ci_variable_modal.vue
@@ -1,9 +1,6 @@
 
 
@@ -71,22 +110,55 @@ export default {
       {{ s__('ClusterIntegration|Something went wrong while updating Knative domain name.') }}
     
 
-    
+        
+          {{ domain.domain }}
+        
+        
+      
+
+      
+    
+
     
   
diff --git a/app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue b/app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue
index c31ba7ef14..b35adae335 100644
--- a/app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue
+++ b/app/assets/javascripts/clusters/components/remove_cluster_confirmation.vue
@@ -1,7 +1,7 @@
 
+
diff --git a/app/assets/javascripts/custom_metrics/components/custom_metrics_form_fields.vue b/app/assets/javascripts/custom_metrics/components/custom_metrics_form_fields.vue
new file mode 100644
index 0000000000..f5207b47f6
--- /dev/null
+++ b/app/assets/javascripts/custom_metrics/components/custom_metrics_form_fields.vue
@@ -0,0 +1,294 @@
+
+
+
diff --git a/app/assets/javascripts/custom_metrics/components/delete_custom_metric_modal.vue b/app/assets/javascripts/custom_metrics/components/delete_custom_metric_modal.vue
new file mode 100644
index 0000000000..34e4aeb290
--- /dev/null
+++ b/app/assets/javascripts/custom_metrics/components/delete_custom_metric_modal.vue
@@ -0,0 +1,54 @@
+
+
diff --git a/app/assets/javascripts/custom_metrics/constants.js b/app/assets/javascripts/custom_metrics/constants.js
new file mode 100644
index 0000000000..2526445fdf
--- /dev/null
+++ b/app/assets/javascripts/custom_metrics/constants.js
@@ -0,0 +1,12 @@
+export const queryTypes = {
+  business: 'business',
+  response: 'response',
+  system: 'system',
+};
+
+export const formDataValidator = val => {
+  const fieldNames = Object.keys(val);
+  const requiredFields = ['title', 'query', 'yLabel', 'unit', 'group', 'legend'];
+
+  return requiredFields.every(name => fieldNames.includes(name));
+};
diff --git a/app/assets/javascripts/custom_metrics/index.js b/app/assets/javascripts/custom_metrics/index.js
new file mode 100644
index 0000000000..4c279daf5f
--- /dev/null
+++ b/app/assets/javascripts/custom_metrics/index.js
@@ -0,0 +1,47 @@
+import Vue from 'vue';
+import { parseBoolean } from '~/lib/utils/common_utils';
+import CustomMetricsForm from './components/custom_metrics_form.vue';
+
+export default () => {
+  // eslint-disable-next-line no-new
+  new Vue({
+    el: '#js-custom-metrics',
+    components: {
+      CustomMetricsForm,
+    },
+    render(createElement) {
+      const domEl = document.querySelector(this.$options.el);
+      const {
+        customMetricsPath,
+        editProjectServicePath,
+        validateQueryPath,
+        title,
+        query,
+        yLabel,
+        unit,
+        group,
+        legend,
+      } = domEl.dataset;
+      let { metricPersisted } = domEl.dataset;
+
+      metricPersisted = parseBoolean(metricPersisted);
+
+      return createElement('custom-metrics-form', {
+        props: {
+          customMetricsPath,
+          metricPersisted,
+          editProjectServicePath,
+          validateQueryPath,
+          formData: {
+            title,
+            query,
+            yLabel,
+            unit,
+            group,
+            legend,
+          },
+        },
+      });
+    },
+  });
+};
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_code_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_code_component.vue
index 55e5f4ffad..6b757c6972 100644
--- a/app/assets/javascripts/cycle_analytics/components/stage_code_component.vue
+++ b/app/assets/javascripts/cycle_analytics/components/stage_code_component.vue
@@ -13,10 +13,12 @@ export default {
     items: {
       type: Array,
       default: () => [],
+      required: false,
     },
     stage: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
 };
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_component.vue
index c4f5172df3..cc7ae74dd3 100644
--- a/app/assets/javascripts/cycle_analytics/components/stage_component.vue
+++ b/app/assets/javascripts/cycle_analytics/components/stage_component.vue
@@ -13,10 +13,12 @@ export default {
     items: {
       type: Array,
       default: () => [],
+      required: false,
     },
     stage: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
 };
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue
index a295c8b496..d61e699555 100644
--- a/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue
+++ b/app/assets/javascripts/cycle_analytics/components/stage_review_component.vue
@@ -15,10 +15,12 @@ export default {
     items: {
       type: Array,
       default: () => [],
+      required: false,
     },
     stage: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
 };
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_staging_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_staging_component.vue
index c5146c3bf8..2a507b7e60 100644
--- a/app/assets/javascripts/cycle_analytics/components/stage_staging_component.vue
+++ b/app/assets/javascripts/cycle_analytics/components/stage_staging_component.vue
@@ -16,10 +16,12 @@ export default {
     items: {
       type: Array,
       default: () => [],
+      required: false,
     },
     stage: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
   computed: {
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_test_component.vue b/app/assets/javascripts/cycle_analytics/components/stage_test_component.vue
index 3572138421..caff6f9c34 100644
--- a/app/assets/javascripts/cycle_analytics/components/stage_test_component.vue
+++ b/app/assets/javascripts/cycle_analytics/components/stage_test_component.vue
@@ -15,10 +15,12 @@ export default {
     items: {
       type: Array,
       default: () => [],
+      required: false,
     },
     stage: {
       type: Object,
       default: () => ({}),
+      required: false,
     },
   },
   computed: {
diff --git a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
index 6d2b11e39d..f609ca5f22 100644
--- a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
+++ b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
@@ -59,16 +59,10 @@ export default () => {
         service: this.createCycleAnalyticsService(cycleAnalyticsEl.dataset.requestPath),
       };
     },
-    defaultNumberOfSummaryItems: 3,
     computed: {
       currentStage() {
         return this.store.currentActiveStage();
       },
-      summaryTableColumnClass() {
-        return this.state.summary.length === this.$options.defaultNumberOfSummaryItems
-          ? 'col-sm-3'
-          : 'col-sm-4';
-      },
     },
     created() {
       // Conditional check placed here to prevent this method from being called on the
diff --git a/app/assets/javascripts/deploy_keys/components/app.vue b/app/assets/javascripts/deploy_keys/components/app.vue
index 048f3a2485..5505704f43 100644
--- a/app/assets/javascripts/deploy_keys/components/app.vue
+++ b/app/assets/javascripts/deploy_keys/components/app.vue
@@ -119,7 +119,7 @@ export default {