Add latest changes from gitlab-org/gitlab@master

GITALY_SERVER_VERSION

@@ -1 +1 @@
-1.86.0
+1.87.0

Gemfile

@@ -26,8 +26,8 @@ gem 'marginalia', '~> 1.8.0'
 
 # Authentication libraries
 gem 'devise', '~> 4.6'
-gem 'doorkeeper', '~> 4.4.3'
-gem 'doorkeeper-openid_connect', '~> 1.5'
+gem 'doorkeeper', '~> 5.0.2'
+gem 'doorkeeper-openid_connect', '~> 1.6.3'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'

Gemfile.lock

@@ -243,10 +243,10 @@ GEM
     docile (1.3.1)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (4.4.3)
+    doorkeeper (5.0.2)
       railties (>= 4.2)
-    doorkeeper-openid_connect (1.5.0)
-      doorkeeper (~> 4.3)
+    doorkeeper-openid_connect (1.6.3)
+      doorkeeper (>= 5.0, < 5.2)
       json-jwt (~> 1.6)
     ed25519 (1.2.4)
     elasticsearch (6.8.0)
@@ -1197,8 +1197,8 @@ DEPENDENCIES
   diff_match_patch (~> 0.1.0)
   diffy (~> 3.1.0)
   discordrb-webhooks-blackst0ne (~> 3.3)
-  doorkeeper (~> 4.4.3)
-  doorkeeper-openid_connect (~> 1.5)
+  doorkeeper (~> 5.0.2)
+  doorkeeper-openid_connect (~> 1.6.3)
   ed25519 (~> 1.2)
   elasticsearch-api (~> 6.8)
   elasticsearch-model (~> 6.1)

app/assets/javascripts/monitoring/components/charts/time_series.vue

@@ -14,6 +14,7 @@ import {
   lineWidths,
   symbolSizes,
   dateFormats,
+  chartColorValues,
 } from '../../constants';
 import { makeDataSeries } from '~/helpers/monitor_helper';
 import { graphDataValidatorForValues } from '../../utils';
@@ -124,7 +125,7 @@ export default {
       // Transforms & supplements query data to render appropriate labels & styles
       // Input: [{ queryAttributes1 }, { queryAttributes2 }]
       // Output: [{ seriesAttributes1 }, { seriesAttributes2 }]
-      return this.graphData.metrics.reduce((acc, query) => {
+      return this.graphData.metrics.reduce((acc, query, i) => {
         const { appearance } = query;
         const lineType =
           appearance && appearance.line && appearance.line.type
@@ -145,7 +146,7 @@ export default {
           lineStyle: {
             type: lineType,
             width: lineWidth,
-            color: this.primaryColor,
+            color: chartColorValues[i % chartColorValues.length],
           },
           showSymbol: false,
           areaStyle: this.graphData.type === 'area-chart' ? areaStyle : undefined,

app/assets/javascripts/monitoring/constants.js

@@ -70,6 +70,13 @@ export const colorValues = {
   anomalyAreaColor: '#1f78d1',
 };
 
+export const chartColorValues = [
+  '#1f78d1', // $blue-500 (see variables.scss)
+  '#1aaa55', // $green-500
+  '#fc9403', // $orange-500
+  '#6d49cb', // $purple
+];
+
 export const lineTypes = {
   default: 'solid',
 };

app/controllers/oauth/applications_controller.rb

@@ -8,6 +8,10 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   include Gitlab::Experimentation::ControllerConcern
   include InitializesCurrentUserMode
 
+  # Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
+  # defining or skipping this will result in a `403` response to all requests.
+  skip_before_action :authenticate_admin!
+
   prepend_before_action :verify_user_oauth_applications_enabled, except: :index
   prepend_before_action :authenticate_user!
   before_action :add_gon_variables

app/controllers/oauth/token_info_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Oauth::TokenInfoController < Doorkeeper::TokenInfoController
+  def show
+    if doorkeeper_token && doorkeeper_token.accessible?
+      token_json = doorkeeper_token.as_json
+
+      # maintain backwards compatibility
+      render json: token_json.merge(
+        'scopes'             => token_json[:scope],
+        'expires_in_seconds' => token_json[:expires_in]
+      ), status: :ok
+    else
+      error = Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request)
+      response.headers.merge!(error.headers)
+      render json: error.body, status: error.status
+    end
+  end
+end

changelogs/unreleased/DFredell-master-patch-45053.yml

@@ -0,0 +1,5 @@
+---
+title: Add a link to the variable priority override section from triggers page
+merge_request: 25264
+author: DFredell
+type: other

changelogs/unreleased/gitaly-version-v1.87.0.yml

@@ -0,0 +1,5 @@
+---
+title: Upgrade to Gitaly v1.87.0
+merge_request: 25370
+author:
+type: changed

changelogs/unreleased/jhyson-doorkeeper_upgrade_5.yml

@@ -0,0 +1,5 @@
+---
+title: Upgrade Doorkeeper to 5.0.2
+merge_request: 21173
+author:
+type: security

changelogs/unreleased/jivanvl-address-missing-colors-chart-panels.yml

@@ -0,0 +1,5 @@
+---
+title: Add missing colors on the monitoring dashboards
+merge_request: 24921
+author:
+type: fixed

config/initializers/doorkeeper.rb

@@ -113,53 +113,3 @@ Doorkeeper.configure do
 
   base_controller '::Gitlab::BaseDoorkeeperController'
 end
-
-# Monkey patch to avoid creating new applications if the scope of the
-# app created does not match the complete list of scopes of the configured app.
-# It also prevents the OAuth authorize application window to appear every time.
-
-# Remove after we upgrade the doorkeeper gem from version 4.x
-if Doorkeeper.gem_version > Gem::Version.new('5.0.0')
-  raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
-end
-
-module Doorkeeper
-  module AccessTokenMixin
-    module ClassMethods
-      def matching_token_for(application, resource_owner_or_id, scopes)
-        resource_owner_id =
-          if resource_owner_or_id.respond_to?(:to_key)
-            resource_owner_or_id.id
-          else
-            resource_owner_or_id
-          end
-
-        tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
-        tokens.detect do |token|
-          scopes_match?(token.scopes, scopes, application.try(:scopes))
-        end
-      end
-
-      def scopes_match?(token_scopes, param_scopes, app_scopes)
-        return true if token_scopes.empty? && param_scopes.empty?
-
-        (token_scopes.sort == param_scopes.sort) &&
-          Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
-            param_scopes.to_s,
-            Doorkeeper.configuration.scopes,
-            app_scopes)
-      end
-
-      def authorized_tokens_for(application_id, resource_owner_id)
-        ordered_by(:created_at, :desc)
-          .where(application_id: application_id,
-                 resource_owner_id: resource_owner_id,
-                 revoked_at: nil)
-      end
-
-      def last_authorized_token_for(application_id, resource_owner_id)
-        authorized_tokens_for(application_id, resource_owner_id).first
-      end
-    end
-  end
-end

config/routes.rb

@@ -24,7 +24,8 @@ Rails.application.routes.draw do
   use_doorkeeper do
     controllers applications: 'oauth/applications',
                 authorized_applications: 'oauth/authorized_applications',
-                authorizations: 'oauth/authorizations'
+                authorizations: 'oauth/authorizations',
+                token_info: 'oauth/token_info'
   end
 
   # This prefixless path is required because Jira gets confused if we set it up with a path

doc/api/applications.md

@@ -59,7 +59,7 @@ GET /applications
 Example request:
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/applications
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/applications
 ```
 
 Example response:

doc/api/discussions.md

@@ -111,7 +111,7 @@ GET /projects/:id/issues/:issue_iid/discussions
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions
 ```
 
 ### Get single issue discussion item
@@ -131,7 +131,7 @@ Parameters:
 | `discussion_id` | integer        | yes      | The ID of a discussion item |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
 
 ### Create new issue thread
@@ -319,7 +319,7 @@ GET /projects/:id/snippets/:snippet_id/discussions
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/discussions
 ```
 
 ### Get single snippet discussion item
@@ -526,7 +526,7 @@ GET /groups/:id/epics/:epic_id/discussions
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/discussions
 ```
 
 ### Get single epic discussion item
@@ -786,7 +786,7 @@ Diff comments contain also position:
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions
 ```
 
 ### Get single merge request discussion item
@@ -806,7 +806,7 @@ Parameters:
 | `discussion_id`     | integer        | yes      | The ID of a discussion item |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
 
 ### Create new merge request thread
@@ -1079,7 +1079,7 @@ Diff comments contain also position:
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions
 ```
 
 ### Get single commit discussion item
@@ -1099,7 +1099,7 @@ Parameters:
 | `discussion_id`     | integer        | yes      | The ID of a discussion item |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
 
 ### Create new commit thread

doc/api/issues.md

@@ -1401,7 +1401,7 @@ GET /projects/:id/issues/:issue_iid/time_stats
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/time_stats
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/time_stats
 ```
 
 Example response:
@@ -1429,7 +1429,7 @@ GET /projects/:id/issues/:issue_id/related_merge_requests
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/issues/11/related_merge_requests
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/issues/11/related_merge_requests
 ```
 
 Example response:
@@ -1658,7 +1658,7 @@ GET /projects/:id/issues/:issue_iid/participants
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/participants
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/participants
 ```
 
 Example response:
@@ -1702,7 +1702,7 @@ GET /projects/:id/issues/:issue_iid/user_agent_detail
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/user_agent_detail
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/user_agent_detail
 ```
 
 Example response:

doc/api/merge_requests.md

@@ -1632,7 +1632,7 @@ PUT /projects/:id/merge_requests/:merge_request_iid/rebase
 | `skip_ci`           | boolean | no       | Set to `true` to skip creating a CI pipeline |
 
 ```shell
-curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/76/merge_requests/1/rebase
+curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/76/merge_requests/1/rebase
 ```
 
 This is an asynchronous request. The API will return a `202 Accepted` response
@@ -2410,7 +2410,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/time_stats
 | `merge_request_iid` | integer | yes      | The internal ID of the merge request |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/93/time_stats
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/93/time_stats
 ```
 
 Example response:

doc/api/notes.md

@@ -80,7 +80,7 @@ GET /projects/:id/issues/:issue_iid/notes?sort=asc&order_by=updated_at
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes
 ```
 
 ### Get single issue note
@@ -98,7 +98,7 @@ Parameters:
 - `note_id` (required) - The ID of an issue note
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes/1
 ```
 
 ### Create new issue note
@@ -178,7 +178,7 @@ GET /projects/:id/snippets/:snippet_id/notes?sort=asc&order_by=updated_at
 | `order_by`          | string           | no         | Return snippet notes ordered by `created_at` or `updated_at` fields. Default is `created_at`
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes
 ```
 
 ### Get single snippet note
@@ -215,7 +215,7 @@ Parameters:
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes/11
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes/11
 ```
 
 ### Create new snippet note
@@ -296,7 +296,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/notes?sort=asc&order_by=upda
 | `order_by`          | string           | no         | Return merge request notes ordered by `created_at` or `updated_at` fields. Default is `created_at`
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes
 ```
 
 ### Get single merge request note
@@ -337,7 +337,7 @@ Parameters:
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes/1
 ```
 
 ### Create new merge request note
@@ -415,7 +415,7 @@ GET /groups/:id/epics/:epic_id/notes?sort=asc&order_by=updated_at
 | `order_by`          | string           | no         | Return epic notes ordered by `created_at` or `updated_at` fields. Default is `created_at` |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes
 ```
 
 ### Get single epic note
@@ -454,7 +454,7 @@ Parameters:
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes/1
 ```
 
 ### Create new epic note

doc/api/oauth2.md

@@ -102,7 +102,7 @@ CAUTION: **Important:**
 Avoid using this flow for applications that store data outside of the GitLab
 instance. If you do, make sure to verify `application id` associated with the
 access token before granting access to the data
-(see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)).
+(see [`/oauth/token/info`](#retrieving-the-token-info)).
 
 Unlike the web flow, the client receives an `access token` immediately as a
 result of the authorization request. The flow does not use the client secret
@@ -212,3 +212,34 @@ or you can put the token to the Authorization header:
 ```
 curl --header "Authorization: Bearer OAUTH-TOKEN" https://gitlab.example.com/api/v4/user
 ```
+
+## Retrieving the Token Info
+
+To verify the details of a token you can call the `token/info` endpoint. This is provided from the doorkeeper gem (see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)).
+
+You will need to supply the access token, either as a parameter
+
+```
+GET https://gitlab.example.com/oauth/token/info?access_token=OAUTH-TOKEN
+```
+
+Or in the Authorization header:
+
+```
+curl --header "Authorization: Bearer OAUTH-TOKEN" https://gitlab.example.com/oauth/token/info
+```
+
+You will receive the following in response:
+
+```json
+{
+    "resource_owner_id": 1,
+    "scope": ["api"],
+    "expires_in": null,
+    "application": {"uid": "1cb242f495280beb4291e64bee2a17f330902e499882fe8e1e2aa875519cab33"},
+    "created_at": 1575890427
+}
+```
+
+CAUTION: **Deprecated fields:**
+The fields `scopes` and `expires_in_seconds` are also included in the response. They are aliases for `scope` and `expires_in` respectively and have been included to prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#from-4x-to-5x). Please don't rely on these fields as they will be removed in a later release.

doc/api/project_snippets.md

@@ -177,7 +177,7 @@ Parameters:
 Example request:
 
 ```shell
-curl --request GET https://gitlab.com/api/v4/projects/:id/snippets/:snippet_id/raw \
+curl https://gitlab.com/api/v4/projects/:id/snippets/:snippet_id/raw \
      --header "PRIVATE-TOKEN: <your_access_token>"
 ```
 
@@ -199,7 +199,7 @@ GET /projects/:id/snippets/:snippet_id/user_agent_detail
 Example request:
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/snippets/2/user_agent_detail
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/snippets/2/user_agent_detail
 ```
 
 Example response:

doc/api/repository_files.md

@@ -25,7 +25,7 @@ GET /projects/:id/repository/files/:file_path
 ```
 
 ```shell
-curl --request GET --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb?ref=master'
+curl --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb?ref=master'
 ```
 
 Example response:
@@ -89,7 +89,7 @@ GET /projects/:id/repository/files/:file_path/blame
 ```
 
 ```shell
-curl --request GET --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/path%2Fto%2Ffile.rb/blame?ref=master'
+curl --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/path%2Fto%2Ffile.rb/blame?ref=master'
 ```
 
 Example response:
@@ -156,7 +156,7 @@ GET /projects/:id/repository/files/:file_path/raw
 ```
 
 ```shell
-curl --request GET --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb/raw?ref=master'
+curl --header 'PRIVATE-TOKEN: <your_access_token>' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb/raw?ref=master'
 ```
 
 Parameters:

doc/api/resource_label_events.md

@@ -65,7 +65,7 @@ GET /projects/:id/issues/:issue_iid/resource_label_events
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/resource_label_events
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/resource_label_events
 ```
 
 ### Get single issue label event
@@ -85,7 +85,7 @@ Parameters:
 | `resource_label_event_id` | integer        | yes      | The ID of a label event |
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/resource_label_events/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/resource_label_events/1
 ```
 
 ## Epics **(ULTIMATE)**
@@ -151,7 +151,7 @@ GET /groups/:id/epics/:epic_id/resource_label_events
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/11/resource_label_events
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/11/resource_label_events
 ```
 
 ### Get single epic label event
@@ -237,7 +237,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/resource_label_events
 ```
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/resource_label_events
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/resource_label_events
 ```
 
 ### Get single merge request label event

doc/api/search.md

@@ -26,7 +26,7 @@ The response depends on the requested scope.
 ### Scope: projects
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=projects&search=flight
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=projects&search=flight
 ```
 
 Example response:
@@ -57,7 +57,7 @@ Example response:
 ### Scope: issues
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=issues&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=issues&search=file
 ```
 
 Example response:
@@ -122,7 +122,7 @@ Example response:
 ### Scope: merge_requests
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=merge_requests&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=merge_requests&search=file
 ```
 
 Example response:
@@ -200,7 +200,7 @@ Example response:
 ### Scope: milestones
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=milestones&search=release
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=milestones&search=release
 ```
 
 Example response:
@@ -225,7 +225,7 @@ Example response:
 ### Scope: snippet_titles
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_titles&search=sample
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_titles&search=sample
 ```
 
 Example response:
@@ -256,7 +256,7 @@ Example response:
 ### Scope: snippet_blobs
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_blobs&search=test
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_blobs&search=test
 ```
 
 Example response:
@@ -289,7 +289,7 @@ Example response:
 This scope is available only if [Elasticsearch](../integration/elasticsearch.md) is enabled.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=wiki_blobs&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=wiki_blobs&search=bye
 ```
 
 Example response:
@@ -317,7 +317,7 @@ Example response:
 This scope is available only if [Elasticsearch](../integration/elasticsearch.md) is enabled.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=commits&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=commits&search=bye
 ```
 
 Example response:
@@ -360,7 +360,7 @@ to use a filter simply include it in your query like so: `a query filename:some_
 You may use wildcards (`*`) to use glob matching.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=blobs&search=installation
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=blobs&search=installation
 ```
 
 Example response:
@@ -386,7 +386,7 @@ Example response:
 ### Scope: users
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=users&search=doe
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=users&search=doe
 ```
 
 Example response:
@@ -429,7 +429,7 @@ The response depends on the requested scope.
 ### Scope: projects
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=projects&search=flight
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=projects&search=flight
 ```
 
 Example response:
@@ -460,7 +460,7 @@ Example response:
 ### Scope: issues
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=issues&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=issues&search=file
 ```
 
 Example response:
@@ -525,7 +525,7 @@ Example response:
 ### Scope: merge_requests
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=merge_requests&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=merge_requests&search=file
 ```
 
 Example response:
@@ -603,7 +603,7 @@ Example response:
 ### Scope: milestones
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=milestones&search=release
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=milestones&search=release
 ```
 
 Example response:
@@ -630,7 +630,7 @@ Example response:
 This scope is available only if [Elasticsearch](../integration/elasticsearch.md) is enabled.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=wiki_blobs&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=wiki_blobs&search=bye
 ```
 
 Example response:
@@ -658,7 +658,7 @@ Example response:
 This scope is available only if [Elasticsearch](../integration/elasticsearch.md) is enabled.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=commits&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=commits&search=bye
 ```
 
 Example response:
@@ -701,7 +701,7 @@ to use a filter simply include it in your query like so: `a query filename:some_
 You may use wildcards (`*`) to use glob matching.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=blobs&search=installation
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/6/search?scope=blobs&search=installation
 ```
 
 Example response:
@@ -727,7 +727,7 @@ Example response:
 ### Scope: users
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=users&search=doe
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=users&search=doe
 ```
 
 Example response:
@@ -769,7 +769,7 @@ The response depends on the requested scope.
 ### Scope: issues
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/12/search?scope=issues&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/12/search?scope=issues&search=file
 ```
 
 Example response:
@@ -834,7 +834,7 @@ Example response:
 ### Scope: merge_requests
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=merge_requests&search=file
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=merge_requests&search=file
 ```
 
 Example response:
@@ -912,7 +912,7 @@ Example response:
 ### Scope: milestones
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/12/search?scope=milestones&search=release
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/12/search?scope=milestones&search=release
 ```
 
 Example response:
@@ -937,7 +937,7 @@ Example response:
 ### Scope: notes
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=notes&search=maxime
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=notes&search=maxime
 ```
 
 Example response:
@@ -986,7 +986,7 @@ results:
   times in the content.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=wiki_blobs&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=wiki_blobs&search=bye
 ```
 
 Example response:
@@ -1012,7 +1012,7 @@ Example response:
 ### Scope: commits
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=commits&search=bye
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=commits&search=bye
 ```
 
 Example response:
@@ -1059,7 +1059,7 @@ Blobs searches are performed on both filenames and contents. Search results:
   times in the content.
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=blobs&search=installation&ref=feature
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=blobs&search=installation&ref=feature
 ```
 
 Example response:
@@ -1085,7 +1085,7 @@ Example response:
 ### Scope: users
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=users&search=doe
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=users&search=doe
 ```
 
 Example response:

doc/api/snippets.md

@@ -367,7 +367,7 @@ GET /snippets/:id/user_agent_detail
 Example request:
 
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/snippets/1/user_agent_detail
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/snippets/1/user_agent_detail
 ```
 
 Example response:

doc/ci/ci_cd_for_external_repos/bitbucket_integration.md

@@ -30,7 +30,7 @@ To use GitLab CI/CD with a Bitbucket Cloud repository:
    using the Personal Access Token we just generated for authentication.
 
    ```text
-   https://gitlab.com/api/v4/projects/<NAMESPACE>%2F<PROJECT>/mirror/pull?private_token=<PERSONAL_ACCESS_TOKEN>
+   https://gitlab.com/api/v4/projects/<PROJECT_ID>/mirror/pull?private_token=<PERSONAL_ACCESS_TOKEN>
    ```
 
    The web hook Trigger should be set to 'Repository Push'.

doc/ci/triggers/README.md

@@ -249,6 +249,9 @@ curl --request POST \
   https://gitlab.example.com/api/v4/projects/9/trigger/pipeline
 ```
 
+Trigger variables have the [highest priority](../variables/README.md#priority-of-environment-variables)
+of all types of variables.
+
 ## Using cron to trigger nightly pipelines
 
 >**Note:**

doc/user/project/issues/related_issues.md

@@ -14,6 +14,12 @@ You can relate one issue to another by clicking the related issues "+" button
 in the header of the related issue block. Then, input the issue reference number
 or paste in the full URL of the issue.
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/2035) in GitLab 12.8.
+
+Additionally, you can select whether the current issue relates to, blocks, or is blocked by the issues being entered.
+
+![Adding a related issue](img/related_issues_add_v12_8.png)
+
 Issues of the same project can be specified just by the reference number.
 Issues from a different project require additional information like the
 group and the project name. For example:
@@ -23,9 +29,12 @@ group and the project name. For example:
 - different group: `group/project#44`
 
 Valid references will be added to a temporary list that you can review.
-When ready, click the green "Add related issues" button to submit.
+When you have added all the related issues, click **Add** to submit.
 
-![Adding a related issue](img/related_issues_add.png)
+Once you have finished adding all related issues, you will be able to see
+them categorized so their relationships can be better understood visually.
+
+![Related issue block](img/related_issue_block_v12_8.png)
 
 ## Removing a related issue
 
@@ -33,7 +42,7 @@ In the related issues block, click the "x" icon on the right-side of each issue
 token that you wish to remove. Due to the bi-directional relationship, it
 will no longer appear in either issue.
 
-![Removing a related issue](img/related_issues_remove.png)
+![Removing a related issue](img/related_issues_remove_v12_8.png)
 
 Please access our [permissions](../../permissions.md) page for more information.
 

lib/gitlab/database_importers/self_monitoring/project/create_service.rb

@@ -91,6 +91,8 @@ module Gitlab
           end
 
           def create_environment(result)
+            return success(result) if result[:project].environments.exists?
+
             environment = ::Environment.new(project_id: result[:project].id, name: 'production')
 
             if environment.save

spec/controllers/oauth/token_info_controller_spec.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Oauth::TokenInfoController do
+  describe '#show' do
+    context 'when the user is not authenticated' do
+      it 'responds with a 401' do
+        get :show
+
+        expect(response.status).to eq 401
+        expect(JSON.parse(response.body)).to include('error' => 'invalid_request')
+      end
+    end
+
+    context 'when the request is valid' do
+      let(:application) { create(:oauth_application, scopes: 'api') }
+      let(:access_token) do
+        create(:oauth_access_token, expires_in: 5.minutes, application: application)
+      end
+
+      it 'responds with the token info' do
+        get :show, params: { access_token: access_token.token }
+
+        expect(response.status).to eq 200
+        expect(JSON.parse(response.body)).to eq(
+          'scope'              => %w[api],
+          'scopes'             => %w[api],
+          'created_at'         => access_token.created_at.to_i,
+          'expires_in'         => access_token.expires_in,
+          'application'        => { 'uid' => application.uid },
+          'resource_owner_id'  => access_token.resource_owner_id,
+          'expires_in_seconds' => access_token.expires_in
+        )
+      end
+    end
+
+    context 'when the doorkeeper_token is not recognised' do
+      it 'responds with a 401' do
+        get :show, params: { access_token: 'unknown_token' }
+
+        expect(response.status).to eq 401
+        expect(JSON.parse(response.body)).to include('error' => 'invalid_request')
+      end
+    end
+
+    context 'when the token is expired' do
+      let(:access_token) do
+        create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes)
+      end
+
+      it 'responds with a 401' do
+        get :show, params: { access_token: access_token.token }
+
+        expect(response.status).to eq 401
+        expect(JSON.parse(response.body)).to include('error' => 'invalid_request')
+      end
+    end
+
+    context 'when the token is revoked' do
+      let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) }
+
+      it 'responds with a 401' do
+        get :show, params: { access_token: access_token.token }
+
+        expect(response.status).to eq 401
+        expect(JSON.parse(response.body)).to include('error' => 'invalid_request')
+      end
+    end
+  end
+end

spec/frontend/monitoring/components/charts/time_series_spec.js

@@ -3,6 +3,7 @@ import { setTestTimeout } from 'helpers/timeout';
 import { GlLink } from '@gitlab/ui';
 import { GlAreaChart, GlLineChart, GlChartSeriesLabel } from '@gitlab/ui/dist/charts';
 import { shallowWrapperContainsSlotText } from 'helpers/vue_test_utils_helper';
+import { chartColorValues } from '~/monitoring/constants';
 import { createStore } from '~/monitoring/stores';
 import TimeSeries from '~/monitoring/components/charts/time_series.vue';
 import * as types from '~/monitoring/stores/mutation_types';
@@ -315,6 +316,10 @@ describe('Time series component', () => {
         it('formats line width correctly', () => {
           expect(chartData[0].lineStyle.width).toBe(2);
         });
+
+        it('formats line color correctly', () => {
+          expect(chartData[0].lineStyle.color).toBe(chartColorValues[0]);
+        });
       });
 
       describe('chartOptions', () => {

spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb

@@ -76,6 +76,14 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
 
       it_behaves_like 'has prometheus service', 'http://localhost:9090'
 
+      it 'is idempotent' do
+        result1 = subject.execute
+        expect(result1[:status]).to eq(:success)
+
+        result2 = subject.execute
+        expect(result2[:status]).to eq(:success)
+      end
+
       it "tracks successful install" do
         expect(::Gitlab::Tracking).to receive(:event).twice
         expect(::Gitlab::Tracking).to receive(:event).with('self_monitoring', 'project_created')