Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/monitoring/components/charts/column.vue

@@ -100,7 +100,7 @@ export default {
 };
 </script>
 <template>
-  <div class="prometheus-graph col-12 col-lg-6">
+  <div class="prometheus-graph">
     <div class="prometheus-graph-header">
       <h5 ref="graphTitle" class="prometheus-graph-title">{{ graphData.title }}</h5>
       <div ref="graphWidgets" class="prometheus-graph-widgets"><slot></slot></div>

app/assets/javascripts/monitoring/components/charts/empty_chart.vue

@@ -27,7 +27,7 @@ export default {
 };
 </script>
 <template>
-  <div class="prometheus-graph col-12 col-lg-6 d-flex flex-column justify-content-center">
+  <div class="prometheus-graph d-flex flex-column justify-content-center">
     <div class="prometheus-graph-header">
       <h5 ref="graphTitle" class="prometheus-graph-title">{{ graphTitle }}</h5>
     </div>

app/assets/javascripts/monitoring/components/charts/single_stat.vue

@@ -29,7 +29,7 @@ export default {
 };
 </script>
 <template>
-  <div class="prometheus-graph col-12 col-lg-6">
+  <div class="prometheus-graph">
     <div class="prometheus-graph-header">
       <h5 ref="graphTitle" class="prometheus-graph-title">{{ graphTitle }}</h5>
     </div>

app/assets/javascripts/monitoring/components/charts/time_series.vue

@@ -43,11 +43,6 @@ export default {
       required: false,
       default: '',
     },
-    showBorder: {
-      type: Boolean,
-      required: false,
-      default: false,
-    },
     singleEmbed: {
       type: Boolean,
       required: false,
@@ -272,11 +267,7 @@ export default {
 </script>
 
 <template>
-  <div
+  <div class="prometheus-graph">
-    class="prometheus-graph col-12"
-    :class="[showBorder ? 'p-2' : 'p-0', { 'col-lg-6': !singleEmbed }]"
-  >
-    <div :class="{ 'prometheus-graph-embed w-100 p-3': showBorder }">
     <div class="prometheus-graph-header">
       <h5 class="prometheus-graph-title js-graph-title">{{ graphData.title }}</h5>
       <gl-button
@@ -338,5 +329,4 @@ export default {
       </template>
     </component>
   </div>
-  </div>
 </template>

app/assets/javascripts/monitoring/components/dashboard.vue

@@ -456,6 +456,7 @@ export default {
           <panel-type
             v-for="(graphData, graphIndex) in groupData.metrics"
             :key="`panel-type-${graphIndex}`"
+            class="col-12 col-lg-6 pb-3"
             :clipboard-text="generateLink(groupData.group, graphData.title, graphData.y_label)"
             :graph-data="graphData"
             :dashboard-width="elWidth"
@@ -468,6 +469,7 @@ export default {
           <monitor-time-series-chart
             v-for="(graphData, graphIndex) in chartsWithData(groupData.metrics)"
             :key="graphIndex"
+            class="col-12 col-lg-6 pb-3"
             :graph-data="graphData"
             :deployment-data="deploymentData"
             :thresholds="getGraphAlertValues(graphData.queries)"

app/assets/javascripts/monitoring/components/embed.vue

@@ -95,6 +95,7 @@ export default {
       <monitor-time-series-chart
         v-for="graphData in charts"
         :key="graphData.title"
+        class="w-100"
         :graph-data="graphData"
         :container-width="elWidth"
         group-id="monitor-area-chart"

app/assets/javascripts/performance_bar/services/performance_bar_service.js

@@ -1,10 +1,6 @@
-import Vue from 'vue';
-import _ from 'underscore';
 import axios from '../../lib/utils/axios_utils';
 import { parseBoolean } from '~/lib/utils/common_utils';
 
-let vueResourceInterceptor;
-
 export default class PerformanceBarService {
   static fetchRequestDetails(peekUrl, requestId) {
     return axios.get(peekUrl, { params: { request_id: requestId } });
@@ -24,16 +20,11 @@ export default class PerformanceBarService {
       return response;
     };
 
-    vueResourceInterceptor = (request, next) => next(interceptor);
-
-    Vue.http.interceptors.push(vueResourceInterceptor);
-
     return axios.interceptors.response.use(interceptor);
   }
 
   static removeInterceptor(interceptor) {
     axios.interceptors.response.eject(interceptor);
-    Vue.http.interceptors = _.without(Vue.http.interceptors, vueResourceInterceptor);
   }
 
   static callbackParams(response, peekUrl) {

app/assets/stylesheets/pages/issues.scss

@@ -29,10 +29,6 @@
       .author-link {
         display: inline-block;
       }
-
-      .issuable-comments {
-        height: 18px;
-      }
     }
 
     .icon-merge-request-unmerged {

app/assets/stylesheets/pages/merge_requests.scss

@@ -461,10 +461,6 @@
       .author-link {
         display: inline-block;
       }
-
-      .issuable-comments {
-        height: 18px;
-      }
     }
 
     .merge-request-title {

app/controllers/admin/application_settings_controller.rb

@@ -6,15 +6,16 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
   before_action :set_application_setting
   before_action :whitelist_query_limiting, only: [:usage_data]
 
-  VALID_SETTING_PANELS = %w(show integrations repository templates
+  VALID_SETTING_PANELS = %w(general integrations repository templates
                             ci_cd reporting metrics_and_profiling
                             network geo preferences).freeze
 
-  def show
+  VALID_SETTING_PANELS.each do |action|
+    define_method(action) { perform_update if submitted? }
   end
 
-  (VALID_SETTING_PANELS - %w(show)).each do |action|
+  def show
-    define_method(action) { perform_update if submitted? }
+    render :general
   end
 
   def update
@@ -144,7 +145,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
   end
 
   def render_update_error
-    action = VALID_SETTING_PANELS.include?(action_name) ? action_name : :show
+    action = VALID_SETTING_PANELS.include?(action_name) ? action_name : :general
 
     render action
   end

app/views/admin/application_settings/_account_and_limit.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-account-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-account-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_diff_limits.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-merge-request-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-merge-request-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_external_authorization_service_form.html.haml

@@ -8,7 +8,7 @@
       = _('External Classification Policy Authorization')
   .settings-content
 
-    = form_for @application_setting, url: admin_application_settings_path(anchor: 'js-external-auth-settings'), html: { class: 'fieldset-form' } do |f|
+    = form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-external-auth-settings'), html: { class: 'fieldset-form' } do |f|
       = form_errors(@application_setting)
 
       %fieldset

app/views/admin/application_settings/_signin.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-signin-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-signin-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_signup.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-signup-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-signup-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_terminal.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-terminal-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-terminal-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_terms.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-terms-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-terms-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/_visibility_and_access.html.haml

@@ -1,4 +1,4 @@
-= form_for @application_setting, url: admin_application_settings_path(anchor: 'js-visibility-settings'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-visibility-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset

app/views/admin/application_settings/general.html.haml

@@ -1,5 +1,5 @@
-- breadcrumb_title _("Settings")
+- breadcrumb_title _("General")
-- page_title _("Settings")
+- page_title _("General")
 - @content_class = "limit-container-width" unless fluid_layout
 
 %section.settings.as-visibility-access.no-animate#js-visibility-settings{ class: ('expanded' if expanded_by_default?) }
@@ -90,7 +90,7 @@
     %p
       = _('Manage Web IDE features')
   .settings-content
-    = form_for @application_setting, url: admin_application_settings_path(anchor: "#js-web-ide-settings"), html: { class: 'fieldset-form' } do |f|
+    = form_for @application_setting, url: general_admin_application_settings_path(anchor: "#js-web-ide-settings"), html: { class: 'fieldset-form' } do |f|
       = form_errors(@application_setting)
 
       %fieldset

app/views/layouts/nav/sidebar/_admin.html.haml

@@ -232,7 +232,7 @@
                 = _('Settings')
             %li.divider.fly-out-top-item
             = nav_link(path: 'application_settings#show') do
-              = link_to admin_application_settings_path, title: _('General'), class: 'qa-admin-settings-general-item' do
+              = link_to general_admin_application_settings_path, title: _('General'), class: 'qa-admin-settings-general-item' do
                 %span
                   = _('General')
             = nav_link(path: 'application_settings#integrations') do

app/views/projects/services/_form.html.haml

@@ -2,8 +2,10 @@
   .col-lg-3
     %h4.prepend-top-0
       = @service.title
-      = boolean_to_icon @service.activated?
+      - [true, false].each do |value|
-
+        - hide_class = 'd-none' if @service.activated? != value
+        %span.js-service-active-status{ class: hide_class, data: { value: value.to_s } }
+          = boolean_to_icon value
     %p= #{@service.description}.
 
     - if @service.respond_to?(:detailed_description)

changelogs/unreleased/remove-vue-resource-from-performance-bar-service.yml

@@ -0,0 +1,5 @@
+---
+title: Remove vue-resource from PerformanceBarService
+merge_request: 32428
+author: Lee Tickett
+type: other

config/routes/admin.rb

@@ -110,7 +110,7 @@ namespace :admin do
     put :reset_registration_token
     put :reset_health_check_token
     put :clear_repository_check_states
-    match :integrations, :repository, :templates, :ci_cd, :reporting, :metrics_and_profiling, :network, :geo, :preferences, via: [:get, :patch]
+    match :general, :integrations, :repository, :templates, :ci_cd, :reporting, :metrics_and_profiling, :network, :geo, :preferences, via: [:get, :patch]
     get :lets_encrypt_terms_of_service
   end
 

doc/api/epics.md

@@ -49,6 +49,8 @@ GET /groups/:id/epics?state=opened
 | `created_before`    | datetime         | no         | Return epics created on or before the given time                                                                            |
 | `updated_after`     | datetime         | no         | Return epics updated on or after the given time                                                                             |
 | `updated_before`    | datetime         | no         | Return epics updated on or before the given time                                                                            |
+| `include_ancestor_groups` | boolean    | no         | Include epics from the requested group's ancestors. Default is `false`                                                      |
+| `include_descendant_groups` | boolean  | no         | Include epics from the requested group's descendants. Default is `true`                                                     |
 
 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics

doc/user/application_security/container_scanning/index.md

@@ -11,7 +11,7 @@ in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.4.
 
 If you are using [GitLab CI/CD](../../../ci/README.md), you can check your Docker
 images (or more precisely the containers) for known vulnerabilities by using
-[Clair](https://github.com/coreos/clair) and [clair-scanner](https://github.com/arminc/clair-scanner),
+[Clair](https://github.com/coreos/clair) and [klar](https://github.com/optiopay/klar),
 two open source tools for Vulnerability Static Analysis for containers.
 
 You can take advantage of Container Scanning by either [including the CI job](#configuration) in
@@ -90,10 +90,6 @@ artifact available. Behind the scenes, the
 [GitLab Container Scanning analyzer](https://gitlab.com/gitlab-org/security-products/container-scanning)
 is used and runs the scans.
 
-If you want to whitelist some specific vulnerabilities, you can do so by defining
-them in a YAML file named `clair-whitelist.yml`. Read more in the
-[Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file).
-
 ## Example
 
 The following is a sample `.gitlab-ci.yml` that will build your Docker Image, push it to the container registry and run Container Scanning.
@@ -124,6 +120,31 @@ build:
     - docker push $IMAGE
 ```
 
+## Vulnerability Whitelisting
+
+If you want to whitelist specific vulnerabilities, you'll need to:
+
+   1. Set `GIT_STRATEGY: fetch` in your `.gitlab-ci.yml` file by following the instructions described in the
+   [overriding the Container Scanning template](#overriding-the-container-scanning-template) section of this document.
+   1. Define the whitelisted vulnerabilities in a YAML file named `clair-whitelist.yml` which must use the format described
+   in the [following whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml).
+   1. Add the `clair-whitelist.yml` file to the git repository of your project
+
+### Overriding the Container Scanning template
+
+If you want to override the job definition (for example, change properties like
+`variables`), you need to declare a `container_scanning` job after the
+template inclusion and specify any additional keys under it. For example:
+
+```yaml
+include:
+  - template: Container-Scanning.gitlab-ci.yml
+
+container_scanning:
+  variables:
+    GIT_STRATEGY: fetch
+```
+
 ## Security Dashboard
 
 The Security Dashboard is a good place to get an overview of all the security

doc/user/project/operations/feature_flags.md

@@ -120,6 +120,8 @@ A feature flag may be enabled for a list of target users. It is implemented
 using the Unleash [`userWithId`](https://unleash.github.io/docs/activation_strategy#userwithid)
 activation strategy.
 
+The feature will always be enabled for all users in the list across all environments even if the matching environment spec **Status** is disabled.
+
 ![Feature flag target users](img/target_users_v12_2.png)
 
 CAUTION: **Caution:**

qa/qa/page/admin/settings/general.rb

@@ -7,7 +7,7 @@ module QA
         class General < Page::Base
           include QA::Page::Settings::Common
 
-          view 'app/views/admin/application_settings/show.html.haml' do
+          view 'app/views/admin/application_settings/general.html.haml' do
             element :account_and_limit_settings
           end
 

spec/controllers/admin/application_settings_controller_spec.rb

@@ -118,32 +118,7 @@ describe Admin::ApplicationSettingsController do
     end
 
     describe 'verify panel actions' do
-      shared_examples 'renders correct panels' do
+      (Admin::ApplicationSettingsController::VALID_SETTING_PANELS - %w(templates geo)).each do |valid_action|
-        it 'renders correct action on error' do
-          expect_next_instance_of(ApplicationSettings::UpdateService) do |service|
-            allow(service).to receive(:execute).and_return(false)
-          end
-
-          patch action, params: { application_setting: { unused_param: true } }
-
-          expect(subject).to render_template(action)
-        end
-
-        it 'redirects to same panel on success' do
-          expect_next_instance_of(ApplicationSettings::UpdateService) do |service|
-            allow(service).to receive(:execute).and_return(true)
-          end
-
-          referer_path = public_send("#{action}_admin_application_settings_path")
-          request.env["HTTP_REFERER"] = referer_path
-
-          patch action, params: { application_setting: { unused_param: true } }
-
-          expect(subject).to redirect_to(referer_path)
-        end
-      end
-
-      (Admin::ApplicationSettingsController::VALID_SETTING_PANELS - %w(show templates geo)).each do |valid_action|
         it_behaves_like 'renders correct panels' do
           let(:action) { valid_action }
         end

spec/features/admin/admin_disables_git_access_protocol_spec.rb

@@ -76,6 +76,7 @@ describe 'Admin disables Git access protocol', :js do
   context 'with nothing disabled' do
     before do
       create(:personal_key, user: admin)
+      allow_all_protocols
     end
 
     it 'shows default SSH url and protocol selection dropdown' do
@@ -107,6 +108,10 @@ describe 'Admin disables Git access protocol', :js do
     visit project_path(project)
   end
 
+  def allow_all_protocols
+    switch_git_protocol(1)
+  end
+
   def disable_http_protocol
     switch_git_protocol(2)
   end

spec/features/admin/admin_settings_spec.rb

@@ -15,7 +15,7 @@ describe 'Admin updates settings' do
 
   context 'General page' do
     before do
-      visit admin_application_settings_path
+      visit general_admin_application_settings_path
     end
 
     it 'Change visibility settings' do

spec/frontend/fixtures/application_settings.rb

@@ -26,7 +26,7 @@ describe Admin::ApplicationSettingsController, '(JavaScript fixtures)', type: :c
   it 'application_settings/accounts_and_limit.html' do
     stub_application_setting(user_default_external: false)
 
-    get :show
+    get :general
 
     expect(response).to be_successful
   end

spec/javascripts/test_bundle.js

@@ -210,7 +210,7 @@ if (process.env.BABEL_ENV === 'coverage') {
     './terminal/terminal_bundle.js',
     './users/users_bundle.js',
     './issue_show/index.js',
-    './pages/admin/application_settings/show/index.js',
+    './pages/admin/application_settings/general/index.js',
   ];
 
   describe('Uncovered files', function() {

spec/support/shared_examples/controllers/application_settings_shared_examples.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+shared_examples 'renders correct panels' do
+  it 'renders correct action on error' do
+    expect_next_instance_of(ApplicationSettings::UpdateService) do |service|
+      allow(service).to receive(:execute).and_return(false)
+    end
+
+    patch action, params: { application_setting: { unused_param: true } }
+
+    expect(subject).to render_template(action)
+  end
+
+  it 'redirects to same panel on success' do
+    expect_next_instance_of(ApplicationSettings::UpdateService) do |service|
+      allow(service).to receive(:execute).and_return(true)
+    end
+
+    referer_path = public_send("#{action}_admin_application_settings_path")
+    request.env["HTTP_REFERER"] = referer_path
+
+    patch action, params: { application_setting: { unused_param: true } }
+
+    expect(subject).to redirect_to(referer_path)
+  end
+end