Add latest changes from gitlab-org/gitlab@master

.gitlab/CODEOWNERS

@@ -2,13 +2,12 @@
 # project here: https://gitlab.com/gitlab-org/gitlab/-/project_members
 # As described in https://docs.gitlab.com/ee/user/project/code_owners.html
 
-# Backend Maintainers are the default for all ruby files
+[Backend]
 *.rb @gitlab-org/maintainers/rails-backend
 *.rake @gitlab-org/maintainers/rails-backend
 
-# Technical writing team are the default reviewers for all markdown docs
+[Documentation]
 /doc/ @gl-docsteam
-# Doc subpaths
 /doc/administration/monitoring/ @aqualls
 /doc/development/ @marcia @mjang1
 /doc/development/documentation/ @mikelewis
@@ -19,7 +18,7 @@
 /doc/user/project/clusters @aqualls
 /doc/.vale/ @marcel.amirault @eread @aqualls @mikelewis
 
-# Frontend maintainers should see everything in `app/assets/`
+[Frontend]
 *.scss @annabeldunstone @gitlab-org/maintainers/frontend
 *.js @gitlab-org/maintainers/frontend
 /app/assets/ @gitlab-org/maintainers/frontend
@@ -29,7 +28,7 @@
 /spec/frontend/ @gitlab-org/maintainers/frontend
 /ee/spec/frontend/ @gitlab-org/maintainers/frontend
 
-# Database maintainers should review changes in `db/`
+[Database]
 /db/ @gitlab-org/maintainers/database
 /ee/db/ @gitlab-org/maintainers/database
 /lib/gitlab/background_migration/ @gitlab-org/maintainers/database
@@ -41,19 +40,7 @@
 /app/finders/ @gitlab-org/maintainers/database
 /ee/app/finders/ @gitlab-org/maintainers/database
 
-# Feature specific owners
-/ee/lib/ee/gitlab/auth/ldap/ @dblessing @mkozono
-/lib/gitlab/auth/ldap/ @dblessing @mkozono
-/lib/gitlab/ci/templates/ @nolith @dosuken123
-/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
-/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab
-/ee/app/models/project_alias.rb @patrickbajao
-/ee/lib/api/project_aliases.rb @patrickbajao
-
-# Quality owned files
-/qa/ @gl-quality
-
-# Engineering Productivity owned files
+[Engineering Productivity]
 /.gitlab-ci.yml @gl-quality/eng-prod
 /.gitlab/ci/ @gl-quality/eng-prod
 /.gitlab/ci/docs.gitlab-ci.yml @gl-quality/eng-prod @gl-docsteam
@@ -66,16 +53,32 @@ Dangerfile @gl-quality/eng-prod
 /scripts/frontend/ @gl-quality/eng-prod @gitlab-org/maintainers/frontend
 .editorconfig @gl-quality/eng-prod
 
-# Telemetry owner files
-/ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry
-/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/grafana_embed_usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/cycle_analytics/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry
+[End-to-end]
+/qa/ @gl-quality
+
+[LDAP]
+/ee/lib/ee/gitlab/auth/ldap/ @dblessing @mkozono
+/lib/gitlab/auth/ldap/ @dblessing @mkozono
+
+[Templates]
+/lib/gitlab/ci/templates/ @nolith @dosuken123
+/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
+/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab
+
+[Project Alias]
+/ee/app/models/project_alias.rb @patrickbajao
+/ee/lib/api/project_aliases.rb @patrickbajao
 
 [Code Owners]
 /ee/lib/gitlab/code_owners.rb @reprazent @kerrizor @garyh
 /ee/lib/gitlab/code_owners/ @reprazent @kerrizor @garyh
 /ee/spec/lib/gitlab/code_owners/ @reprazent @kerrizor @garyh
 /doc/user/project/code_owners.md @reprazent @kerrizor @garyh
+
+[Telemetry]
+/ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry
+/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/telemetry
+/lib/gitlab/grafana_embed_usage_data.rb @gitlab-org/growth/telemetry
+/lib/gitlab/usage_data.rb @gitlab-org/growth/telemetry
+/lib/gitlab/cycle_analytics/usage_data.rb @gitlab-org/growth/telemetry
+/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry

app/models/clusters/applications/runner.rb

@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class Runner < ApplicationRecord
-      VERSION = '0.18.1'
+      VERSION = '0.19.0'
 
       self.table_name = 'clusters_applications_runners'
 

changelogs/unreleased/iterations_add_daterange_constraint-unrevert.yml

@@ -0,0 +1,5 @@
+---
+title: Add btree_gist PGSQL extension and add DB constraints for Iteration date ranges
+merge_request: 33340
+author:
+type: added

changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-0.yml

@@ -0,0 +1,5 @@
+---
+title: Update GitLab Runner Helm Chart to 0.19.0
+merge_request: 37292
+author:
+type: other

config/dependency_decisions.yml

@@ -616,8 +616,8 @@
     :when: 2019-09-11 13:08:28.431132000 Z
 - - :whitelist
   - "(MIT OR CC0-1.0)"
-  - :who: 
-    :why: 
+  - :who:
+    :why:
     :versions: []
     :when: 2019-11-08 10:03:31.787226000 Z
 - - :whitelist
@@ -626,3 +626,9 @@
     :why: This license is public domain
     :versions: []
     :when: 2020-06-03 05:04:44.632875345 Z
+- - :whitelist
+  - 0BSD
+  - :who: Natalia Tepluhina
+    :why: This license is public domain
+    :versions: []
+    :when: 2020-07-17 10:50:44.632875345 Z

db/migrate/20200515152649_enable_btree_gist_extension.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class EnableBtreeGistExtension < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def up
+    execute 'CREATE EXTENSION IF NOT EXISTS btree_gist'
+  end
+
+  def down
+    execute 'DROP EXTENSION IF EXISTS btree_gist'
+  end
+end

db/migrate/20200515153633_iteration_date_range_constraint.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class IterationDateRangeConstraint < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def up
+    execute <<~SQL
+      ALTER TABLE sprints
+        ADD CONSTRAINT iteration_start_and_due_daterange_project_id_constraint
+        EXCLUDE USING gist
+        ( project_id WITH =,
+          daterange(start_date, due_date, '[]') WITH &&
+        )
+        WHERE (project_id IS NOT NULL)
+    SQL
+
+    execute <<~SQL
+      ALTER TABLE sprints
+        ADD CONSTRAINT iteration_start_and_due_daterange_group_id_constraint
+        EXCLUDE USING gist
+        ( group_id WITH =,
+          daterange(start_date, due_date, '[]') WITH &&
+        )
+        WHERE (group_id IS NOT NULL)
+    SQL
+  end
+
+  def down
+    execute <<~SQL
+      ALTER TABLE sprints
+        DROP CONSTRAINT IF EXISTS iteration_start_and_due_daterange_project_id_constraint
+    SQL
+
+    execute <<~SQL
+      ALTER TABLE sprints
+        DROP CONSTRAINT IF EXISTS iteration_start_and_due_daterange_group_id_constraint
+    SQL
+  end
+end

db/structure.sql

@@ -8,6 +8,8 @@ CREATE SCHEMA gitlab_partitions_static;
 
 COMMENT ON SCHEMA gitlab_partitions_static IS 'Schema to hold static partitions, e.g. for hash partitioning';
 
+CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
+
 CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA public;
 
 CREATE TABLE public.product_analytics_events_experimental (
@@ -17858,6 +17860,12 @@ ALTER TABLE ONLY public.issue_user_mentions
 ALTER TABLE ONLY public.issues
     ADD CONSTRAINT issues_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY public.sprints
+    ADD CONSTRAINT iteration_start_and_due_daterange_group_id_constraint EXCLUDE USING gist (group_id WITH =, daterange(start_date, due_date, '[]'::text) WITH &&) WHERE ((group_id IS NOT NULL));
+
+ALTER TABLE ONLY public.sprints
+    ADD CONSTRAINT iteration_start_and_due_daterange_project_id_constraint EXCLUDE USING gist (project_id WITH =, daterange(start_date, due_date, '[]'::text) WITH &&) WHERE ((project_id IS NOT NULL));
+
 ALTER TABLE ONLY public.jira_connect_installations
     ADD CONSTRAINT jira_connect_installations_pkey PRIMARY KEY (id);
 
@@ -23760,6 +23768,8 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200514000009
 20200514000132
 20200514000340
+20200515152649
+20200515153633
 20200515155620
 20200518091745
 20200518114540

doc/administration/pages/index.md

@@ -409,7 +409,7 @@ pages:
 ### Using a custom Certificate Authority (CA)
 
 NOTE: **Note:**
-[Before 13.2](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4289), when using Omnibus, a [workaround was required](https://docs.gitlab.com/13.1/ee/administration/pages/index.html#using-a-custom-certificate-authority-ca).
+[Before 13.3](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4411), when using Omnibus, a [workaround was required](https://docs.gitlab.com/13.1/ee/administration/pages/index.html#using-a-custom-certificate-authority-ca).
 
 When using certificates issued by a custom CA, [Access Control](../../user/project/pages/pages_access_control.md#gitlab-pages-access-control) and
 the [online view of HTML job artifacts](../../ci/pipelines/job_artifacts.md#browsing-artifacts)

doc/administration/reference_architectures/1k_users.md

@@ -7,10 +7,10 @@ For a full list of reference architectures, see
 > - **Supported users (approximate):** 1,000
 > - **High Availability:** False
 
-| Users | Configuration([8](#footnotes))     | GCP            | AWS                 | Azure                  |
-|-------|------------------------------------|----------------|---------------------|------------------------|
-| 500   | 4 vCPU, 3.6GB Memory               | `n1-highcpu-4` | `c5.xlarge`         | F4s v2                 |
-| 1000  | 8 vCPU, 7.2GB Memory               | `n1-highcpu-8` | `c5.2xlarge`        | F8s v2                 |
+| Users       | Configuration([8](#footnotes))     | GCP            | AWS                 | Azure                  |
+|-------------|------------------------------------|----------------|---------------------|------------------------|
+| up to 500   | 4 vCPU, 3.6GB Memory               | `n1-highcpu-4` | `c5.xlarge`         | F4s v2                 |
+| up to 1000  | 8 vCPU, 7.2GB Memory               | `n1-highcpu-8` | `c5.2xlarge`        | F8s v2                 |
 
 In addition to the above, we recommend having at least
 2GB of swap on your server, even if you currently have

doc/api/members.md

@@ -172,6 +172,7 @@ Example response:
   "avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80&d=identicon",
   "web_url": "http://192.168.1.8:3000/root",
   "access_level": 30,
+  "email": "[email protected]",
   "expires_at": null,
   "group_saml_identity": null
 }
@@ -209,6 +210,7 @@ Example response:
   "avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80&d=identicon",
   "web_url": "http://192.168.1.8:3000/root",
   "access_level": 30,
+  "email": "[email protected]",
   "expires_at": null,
   "group_saml_identity": null
 }
@@ -247,6 +249,7 @@ Example response:
   "web_url": "http://192.168.1.8:3000/root",
   "expires_at": "2012-10-22T14:13:35Z",
   "access_level": 30,
+  "email": "[email protected]",
   "group_saml_identity": null
 }
 ```
@@ -284,6 +287,7 @@ Example response:
   "web_url": "http://192.168.1.8:3000/root",
   "expires_at": "2012-10-22T14:13:35Z",
   "access_level": 40,
+  "email": "[email protected]",
   "group_saml_identity": null
 }
 ```
@@ -320,6 +324,7 @@ Example response:
   "web_url": "http://192.168.1.8:3000/root",
   "expires_at": "2012-10-22T14:13:35Z",
   "access_level": 40,
+  "email": "[email protected]",
   "override": true
 }
 ```
@@ -356,6 +361,7 @@ Example response:
   "web_url": "http://192.168.1.8:3000/root",
   "expires_at": "2012-10-22T14:13:35Z",
   "access_level": 40,
+  "email": "[email protected]",
   "override": false
 }
 ```
@@ -383,3 +389,9 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
 ## Give a group access to a project
 
 See [share project with group](projects.md#share-project-with-group)
+
+## Limitations
+
+The `group_saml_identity` attribute is only visible to a group owner for [SSO enabled groups](../user/group/saml_sso/index.md).
+
+The `email` attribute is only visible to a group owner who manages the user through [Group Managed Accounts](../user/group/saml_sso/group_managed_accounts.md).

doc/integration/elasticsearch.md

@@ -145,7 +145,7 @@ The following Elasticsearch settings are available:
 | `Number of Elasticsearch shards`                      | Elasticsearch indexes are split into multiple shards for performance reasons. In general, larger indexes need to have more shards. Changes to this value do not take effect until the index is recreated. You can read more about tradeoffs in the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#create-index-settings) |
 | `Number of Elasticsearch replicas`                    | Each Elasticsearch shard can have a number of replicas. These are a complete copy of the shard, and can provide increased query performance or resilience against hardware failure. Increasing this value will greatly increase total disk space required by the index. |
 | `Limit namespaces and projects that can be indexed`   | Enabling this will allow you to select namespaces and projects to index. All other namespaces and projects will use database search instead. Please note that if you enable this option but do not select any namespaces or projects, none will be indexed. [Read more below](#limiting-namespaces-and-projects).
-| `Using AWS hosted Elasticsearch with IAM credentials` | Sign your Elasticsearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) or [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli). The policies must be configured to allow `es:*` actions. |
+| `Using AWS hosted Elasticsearch with IAM credentials` | Sign your Elasticsearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli), or [AWS ECS Tasks Credentials](https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html). The policies must be configured to allow `es:*` actions. |
 | `AWS Region`                                          | The AWS region your Elasticsearch service is located in. |
 | `AWS Access Key`                                      | The AWS access key. |
 | `AWS Secret Access Key`                               | The AWS secret access key. |

doc/user/project/merge_requests/code_quality.md

@@ -7,7 +7,8 @@ type: reference, howto
 
 # Code Quality
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in [GitLab Starter](https://about.gitlab.com/pricing/) 9.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in [GitLab Starter](https://about.gitlab.com/pricing/) 9.3.
+> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
 
 Ensuring your project's code stays simple, readable and easy to contribute to can be problematic. With the help of [GitLab CI/CD](../../../ci/README.md), you can analyze your
 source code quality using GitLab Code Quality.

lib/gitlab/danger/helper.rb

@@ -124,7 +124,7 @@ def label_for_category(category)
       }.freeze
       # First-match win, so be sure to put more specific regex at the top...
       CATEGORIES = {
-        [%r{usage_data}, %r{^(\+|-).*(count|distinct_count)\(.*\)(.*)$}] => [:database, :backend],
+        [%r{usage_data\.rb}, %r{^(\+|-).*(count|distinct_count)\(.*\)(.*)$}] => [:database, :backend],
 
         %r{\Adoc/.*(\.(md|png|gif|jpg))\z} => :docs,
         %r{\A(CONTRIBUTING|LICENSE|MAINTENANCE|PHILOSOPHY|PROCESS|README)(\.md)?\z} => :docs,

package.json

@@ -49,7 +49,7 @@
     "@sentry/browser": "^5.10.2",
     "@sourcegraph/code-host-integration": "0.0.48",
     "@toast-ui/editor": "^2.2.0",
-    "@toast-ui/vue-editor": "^2.2.0",
+    "@toast-ui/vue-editor": "^2.3.0",
     "apollo-cache-inmemory": "^1.6.3",
     "apollo-client": "^2.6.4",
     "apollo-link": "^1.2.11",

spec/lib/gitlab/danger/helper_spec.rb

@@ -295,9 +295,13 @@
 
     context 'having specific changes' do
       it 'has database and backend categories' do
-        allow(fake_git).to receive(:diff_for_file).with('usage_data.rb') { double(:diff, patch: "+ count(User.active)") }
+        changed_files = ['usage_data.rb', 'lib/gitlab/usage_data.rb', 'ee/lib/ee/gitlab/usage_data.rb']
 
-        expect(helper.categories_for_file('usage_data.rb')).to eq([:database, :backend])
+        changed_files.each do |file|
+          allow(fake_git).to receive(:diff_for_file).with(file) { double(:diff, patch: "+ count(User.active)") }
+
+          expect(helper.categories_for_file(file)).to eq([:database, :backend])
+        end
       end
 
       it 'has backend category' do
@@ -311,6 +315,13 @@
 
         expect(helper.categories_for_file('user.rb')).to eq([:backend])
       end
+
+      it 'has backend category for files that are not usage_data.rb' do
+        changed_file = 'usage_data/topology.rb'
+        allow(fake_git).to receive(:diff_for_file).with(changed_file) { double(:diff, patch: "+ count(User.active)") }
+
+        expect(helper.categories_for_file(changed_file)).to eq([:backend])
+      end
     end
   end