Add latest changes from gitlab-org/gitlab@master

app/models/clusters/applications/ingress.rb

@@ -4,6 +4,7 @@ module Clusters
   module Applications
     class Ingress < ApplicationRecord
       VERSION = '1.29.7'
+      INGRESS_CONTAINER_NAME = 'nginx-ingress-controller'
       MODSECURITY_LOG_CONTAINER_NAME = 'modsecurity-log'
 
       self.table_name = 'clusters_applications_ingress'
@@ -69,7 +70,7 @@ module Clusters
       end
 
       def ingress_service
-        cluster.kubeclient.get_service('ingress-nginx-ingress-controller', Gitlab::Kubernetes::Helm::NAMESPACE)
+        cluster.kubeclient.get_service("ingress-#{INGRESS_CONTAINER_NAME}", Gitlab::Kubernetes::Helm::NAMESPACE)
       end
 
       private
@@ -123,7 +124,7 @@ module Clusters
               {
                 "name" => "modsecurity-template-volume",
                 "configMap" => {
-                  "name" => "ingress-nginx-ingress-controller",
+                  "name" => "ingress-#{INGRESS_CONTAINER_NAME}",
                   "items" => [
                     {
                       "key" => "modsecurity.conf",

app/models/service.rb

@@ -319,10 +319,6 @@ class Service < ApplicationRecord
     nil
   end
 
-  def self.find_by_template
-    find_by(template: true)
-  end
-
   # override if needed
   def supports_data_fields?
     false

app/models/user_bot_type_enums.rb

@@ -2,9 +2,6 @@
 
 module UserBotTypeEnums
   def self.bots
-    # When adding a new key, please ensure you are not conflicting
-    # with EE-only keys in app/models/user_type_enums.rb
-    # or app/models/user_bot_type_enums.rb
     {
       alert_bot: 2
     }

app/models/user_type_enums.rb

@@ -2,9 +2,6 @@
 
 module UserTypeEnums
   def self.types
-    # When adding a new key, please ensure you are not conflicting
-    # with EE-only keys in app/models/user_type_enums.rb
-    # or app/models/user_bot_type_enums.rb
     bots
   end
 

app/services/merge_requests/after_create_service.rb

+# frozen_string_literal: true
+
+module MergeRequests
+  class AfterCreateService < MergeRequests::BaseService
+    def execute(merge_request)
+      event_service.open_mr(merge_request, current_user)
+      notification_service.new_merge_request(merge_request, current_user)
+
+      # https://gitlab.com/gitlab-org/gitlab/issues/208813
+      if ::Feature.enabled?(:create_merge_request_pipelines_in_sidekiq, project)
+        create_pipeline_for(merge_request, current_user)
+        merge_request.update_head_pipeline
+      end
+
+      merge_request.diffs(include_stats: false).write_cache
+      merge_request.create_cross_references!(current_user)
+    end
+  end
+end

app/services/merge_requests/create_service.rb

@@ -13,19 +13,20 @@ module MergeRequests
       create(merge_request)
     end
 
-    def before_create(merge_request)
-      # current_user (defined in BaseService) is not available within run_after_commit block
-      user = current_user
-      merge_request.run_after_commit do
-        NewMergeRequestWorker.perform_async(merge_request.id, user.id)
-      end
-    end
-
     def after_create(issuable)
+      # Add new items to MergeRequests::AfterCreateService if they can
+      # be performed in Sidekiq
+      NewMergeRequestWorker.perform_async(issuable.id, current_user.id)
+
       todo_service.new_merge_request(issuable, current_user)
       issuable.cache_merge_request_closes_issues!(current_user)
+
+      # https://gitlab.com/gitlab-org/gitlab/issues/208813
+      unless ::Feature.enabled?(:create_merge_request_pipelines_in_sidekiq, project)
         create_pipeline_for(issuable, current_user)
         issuable.update_head_pipeline
+      end
+
       Gitlab::UsageDataCounters::MergeRequestCounter.count(:create)
       link_lfs_objects(issuable)
 

app/workers/new_merge_request_worker.rb

@@ -12,11 +12,9 @@ class NewMergeRequestWorker # rubocop:disable Scalability/IdempotentWorker
   def perform(merge_request_id, user_id)
     return unless objects_found?(merge_request_id, user_id)
 
-    EventCreateService.new.open_mr(issuable, user)
-    NotificationService.new.new_merge_request(issuable, user)
-
-    issuable.diffs(include_stats: false).write_cache
-    issuable.create_cross_references!(user)
+    MergeRequests::AfterCreateService
+      .new(issuable.target_project, user)
+      .execute(issuable)
   end
 
   def issuable_class

changelogs/unreleased/14707-add-nginx-throughput.yml

+---
+title: Add nginx request aggregations to WAF anomaly service
+merge_request: 25273
+author:
+type: added

changelogs/unreleased/create-remote-mirrors-docs.yml

+---
+title: Add documentation for create remote mirrors API
+merge_request: 26012
+author: Rajendra Kadam
+type: added

changelogs/unreleased/rs-remote-mirrors-docs.yml

+---
+title: Add remote mirrors API
+merge_request:
+author:
+type: added

doc/README.md

@@ -359,14 +359,14 @@ The following documentation relates to the DevOps **Secure** stage:
 
 | Secure Topics                                                                                         | Description                                                            |
 |:------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------|
-| [Compliance Dashboard](user/application_security/compliance_dashboard/index.md) **(ULTIMATE)**        | View the most recent Merge Request activity in a group.                |
+| [Compliance Dashboard](user/compliance/compliance_dashboard/index.md) **(ULTIMATE)**        | View the most recent Merge Request activity in a group.                |
 | [Container Scanning](user/application_security/container_scanning/index.md) **(ULTIMATE)**            | Use Clair to scan docker images for known vulnerabilities.             |
 | [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)**                  | View your project's dependencies and their known vulnerabilities.      |
 | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)**          | Analyze your dependencies for known vulnerabilities.                   |
 | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities.            |
 | [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)**      | View vulnerabilities in all the projects in a group and its subgroups. |
 | [Instance Security Dashboard](user/application_security/security_dashboard/index.md#instance-security-dashboard) **(ULTIMATE)**      | View vulnerabilities in all the projects you're interested in. |
-| [License Compliance](user/application_security/license_compliance/index.md) **(ULTIMATE)**            | Search your project's dependencies for their licenses.                 |
+| [License Compliance](user/compliance/license_compliance/index.md) **(ULTIMATE)**            | Search your project's dependencies for their licenses.                 |
 | [Pipeline Security Dashboard](user/application_security/security_dashboard/index.md#pipeline-security-dashboard) **(ULTIMATE)**    | View the security reports for your project's pipelines.               |
 | [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)**    | View the latest security reports for your project.                     |
 | [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)**  | Analyze source code for known vulnerabilities.                         |

doc/administration/high_availability/README.md

@@ -20,12 +20,12 @@ watch [this 1 hour Q&A](https://www.youtube.com/watch?v=uCU8jdYzpac)
 with [John Northrup](https://gitlab.com/northrup), and live questions coming
 in from some of our customers.
 
-## Recommended Setups based on number of users
+## Recommended setups based on number of users
 
 - 1 - 1000 Users: A single-node [Omnibus](https://docs.gitlab.com/omnibus/) setup with frequent backups. Refer to the [requirements page](../../install/requirements.md) for further details of the specs you will require.
 - 2000 - 50000+ Users: A scaled HA environment based on one of our [Reference Architectures](#reference-architectures) below.
 
-## GitLab Components and Configuration Instructions
+## GitLab components and configuration instructions
 
 The GitLab application depends on the following [components](../../development/architecture.md#component-diagram)
 and services. They are included in the reference architectures along with our
@@ -48,7 +48,7 @@ in which you would typically configure them.
 
 In some cases, components can be combined on the same nodes to reduce complexity as well.
 
-## Reference Architectures
+## Reference architectures
 
 In this section we'll detail the Reference Architectures that can support large numbers
 of users. These were built, tested and verified by our Quality and Support teams.
@@ -69,12 +69,11 @@ how much automation you use, mirroring, and repo/change size. Additionally the
 shown memory values are given directly by [GCP machine types](https://cloud.google.com/compute/docs/machine-types).
 On different cloud vendors a best effort like for like can be used.
 
-### 2,000 User Configuration
+### 2,000 user configuration
 
-- **Supported Users (approximate):** 2,000
-- **Test RPS Rates:** API: 40 RPS, Web: 4 RPS, Git: 4 RPS
-- **Known Issues:** For the latest list of known performance issues head
-[here](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues).
+- **Supported users (approximate):** 2,000
+- **Test RPS rates:** API: 40 RPS, Web: 4 RPS, Git: 4 RPS
+- **Known issues:**  [List of known performance issues](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues)
 
 | Service                     | Nodes | Configuration[^8]     | GCP type      |
 | ----------------------------|-------|-----------------------|---------------|
@@ -91,12 +90,11 @@ On different cloud vendors a best effort like for like can be used.
 | External load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 | Internal load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 
-### 5,000 User Configuration
+### 5,000 user configuration
 
-- **Supported Users (approximate):** 5,000
-- **Test RPS Rates:** API: 100 RPS, Web: 10 RPS, Git: 10 RPS
-- **Known Issues:** For the latest list of known performance issues head
-[here](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues).
+- **Supported users (approximate):** 5,000
+- **Test RPS rates:** API: 100 RPS, Web: 10 RPS, Git: 10 RPS
+- **Known issues:**  [List of known performance issues](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues)
 
 | Service                     | Nodes | Configuration[^8]     | GCP type      |
 | ----------------------------|-------|-----------------------|---------------|
@@ -113,12 +111,11 @@ On different cloud vendors a best effort like for like can be used.
 | External load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 | Internal load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 
-### 10,000 User Configuration
+### 10,000 user configuration
 
-- **Supported Users (approximate):** 10,000
-- **Test RPS Rates:** API: 200 RPS, Web: 20 RPS, Git: 20 RPS
-- **Known Issues:** For the latest list of known performance issues head
-[here](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues).
+- **Supported users (approximate):** 10,000
+- **Test RPS rates:** API: 200 RPS, Web: 20 RPS, Git: 20 RPS
+- **Known issues:**  [List of known performance issues](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues)
 
 | Service                     | Nodes | Configuration[^8]     | GCP type      |
 | ----------------------------|-------|-----------------------|---------------|
@@ -138,12 +135,11 @@ On different cloud vendors a best effort like for like can be used.
 | External load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 | Internal load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 
-### 25,000 User Configuration
+### 25,000 user configuration
 
-- **Supported Users (approximate):** 25,000
-- **Test RPS Rates:** API: 500 RPS, Web: 50 RPS, Git: 50 RPS
-- **Known Issues:** For the latest list of known performance issues head
-[here](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues).
+- **Supported users (approximate):** 25,000
+- **Test RPS rates:** API: 500 RPS, Web: 50 RPS, Git: 50 RPS
+- **Known issues:**  [List of known performance issues](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues)
 
 | Service                     | Nodes | Configuration[^8]     | GCP type      |
 | ----------------------------|-------|-----------------------|---------------|
@@ -163,12 +159,11 @@ On different cloud vendors a best effort like for like can be used.
 | External load balancing node[^6] | 1 | 2 vCPU, 1.8GB Memory | n1-highcpu-2  |
 | Internal load balancing node[^6] | 1 | 4 vCPU, 3.6GB Memory | n1-highcpu-4  |
 
-### 50,000 User Configuration
+### 50,000 user configuration
 
-- **Supported Users (approximate):** 50,000
-- **Test RPS Rates:** API: 1000 RPS, Web: 100 RPS, Git: 100 RPS
-- **Known Issues:** For the latest list of known performance issues head
-[here](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues).
+- **Supported users (approximate):** 50,000
+- **Test RPS rates:** API: 1000 RPS, Web: 100 RPS, Git: 100 RPS
+- **Known issues:**  [List of known performance issues](https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=Quality%3Aperformance-issues)
 
 | Service                     | Nodes | Configuration[^8]     | GCP type      |
 | ----------------------------|-------|-----------------------|---------------|

doc/api/api_resources.md

@@ -61,6 +61,7 @@ The following API resources are available in the project context:
 | [Protected tags](protected_tags.md)                                 | `/projects/:id/protected_tags`                                                                                                                                                                        |
 | [Releases](releases/index.md)                                       | `/projects/:id/releases`                                                                                                                                                                              |
 | [Release links](releases/links.md)                                  | `/projects/:id/releases/.../assets/links`                                                                                                                                                             |
+| [Remote mirrors](remote_mirrors.md)                                 | `/projects/:id/remote_mirrors`                                                                                                                                                                        |
 | [Repositories](repositories.md)                                     | `/projects/:id/repository`                                                                                                                                                                            |
 | [Repository files](repository_files.md)                             | `/projects/:id/repository/files`                                                                                                                                                                      |
 | [Repository submodules](repository_submodules.md)                   | `/projects/:id/repository/submodules`                                                                                                                                                                 |

doc/api/remote_mirrors.md

+# Project remote mirrors API
+
+[Push mirrors](../user/project/repository/repository_mirroring.md#pushing-to-a-remote-repository-core)
+defined on a project's repository settings are called "remote mirrors", and the
+state of these mirrors can be queried and modified via the remote mirror API
+outlined below.
+
+## List a project's remote mirrors
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38121) in GitLab 12.9.
+
+Returns an Array of remote mirrors and their statuses:
+
+```text
+GET /projects/:id/remote_mirrors
+```
+
+Example request:
+
+```sh
+curl --header "PRIVATE-TOKEN: <your_access_token>" 'https://gitlab.example.com/api/v4/projects/42/remote_mirrors'
+```
+
+Example response:
+
+```json
+[
+  {
+    "enabled": true,
+    "id": 101486,
+    "last_error": null,
+    "last_successful_update_at": "2020-01-06T17:32:02.823Z",
+    "last_update_at": "2020-01-06T17:32:02.823Z",
+    "last_update_started_at": "2020-01-06T17:31:55.864Z",
+    "only_protected_branches": true,
+    "update_status": "finished",
+    "url": "https://*****:*****@gitlab.com/gitlab-org/security/gitlab.git"
+  }
+]
+```
+
+NOTE: **Note:**
+For security reasons, the `url` attribute will always be scrubbed of username
+and password information.
+
+## Create a remote mirror
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/24189) in GitLab 12.9.
+
+Create a remote mirror for a project. The mirror will be disabled by default. You can enable it by including the optional parameter `enabled` when creating it:
+
+```text
+POST /projects/:id/remote_mirrors
+```
+
+| Attribute                 | Type    | Required   | Description                                         |
+| :----------               | :-----  | :--------- | :------------                                       |
+| `url`                     | String  | yes        | The URL of the remote repository to be mirrored.    |
+| `enabled`                 | Boolean | no         | Determines if the mirror is enabled.                |
+| `only_protected_branches` | Boolean | no         | Determines if only protected branches are mirrored. |
+
+Example request:
+
+```sh
+curl --request POST --data "url=https://username:token@example.com/gitlab/example.git" --header "PRIVATE-TOKEN: <your_access_token>" 'https://gitlab.example.com/api/v4/projects/42/remote_mirrors'
+```
+
+Example response:
+
+```json
+{
+    "enabled": false,
+    "id": 101486,
+    "last_error": null,
+    "last_successful_update_at": null,
+    "last_update_at": null,
+    "last_update_started_at": null,
+    "only_protected_branches": false,
+    "update_status": "none",
+    "url": "https://*****:*****@example.com/gitlab/example.git"
+}
+```
+
+## Update a remote mirror's attributes
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38121) in GitLab 12.9.
+
+Toggle a remote mirror on or off, or change which types of branches are
+mirrored:
+
+```text
+PUT /projects/:id/remote_mirrors/:mirror_id
+```
+
+| Attribute                 | Type    | Required   | Description                                         |
+| :----------               | :-----  | :--------- | :------------                                       |
+| `mirror_id`               | Integer | yes        | The remote mirror ID.                               |
+| `enabled`                 | Boolean | no         | Determines if the mirror is enabled.                |
+| `only_protected_branches` | Boolean | no         | Determines if only protected branches are mirrored. |
+
+Example request:
+
+```sh
+curl --request PUT --data "enabled=false" --header "PRIVATE-TOKEN: <your_access_token>" 'https://gitlab.example.com/api/v4/projects/42/remote_mirrors/101486'
+```
+
+Example response:
+
+```json
+{
+    "enabled": false,
+    "id": 101486,
+    "last_error": null,
+    "last_successful_update_at": "2020-01-06T17:32:02.823Z",
+    "last_update_at": "2020-01-06T17:32:02.823Z",
+    "last_update_started_at": "2020-01-06T17:31:55.864Z",
+    "only_protected_branches": true,
+    "update_status": "finished",
+    "url": "https://*****:*****@gitlab.com/gitlab-org/security/gitlab.git"
+}
+```

doc/ci/README.md

@@ -133,7 +133,7 @@ Its feature set is listed on the table below according to DevOps stages.
 | **Secure** ||
 | [Container Scanning](../user/application_security/container_scanning/index.md) **(ULTIMATE)** | Check your Docker containers for known vulnerabilities.|
 | [Dependency Scanning](../user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
-| [License Compliance](../user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project dependencies for their licenses. |
+| [License Compliance](../user/compliance/license_compliance/index.md) **(ULTIMATE)** | Search your project dependencies for their licenses. |
 | [Security Test reports](../user/application_security/index.md) **(ULTIMATE)** | Check for app vulnerabilities. |
 
 ## Examples

doc/ci/examples/license_management.md

 ---
-redirect_to: '../../user/application_security/license_compliance/index.md'
+redirect_to: '../../user/compliance/license_compliance/index.md'
 ---
 
-This document was moved to [another location](../../user/application_security/license_compliance/index.md).
+This document was moved to [another location](../../user/compliance/license_compliance/index.md).

doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md

@@ -140,15 +140,15 @@ workaround you'd be able to take immediately. If it's not available or acceptabl
 please read through this section.
 
 Merge train is enabled by default when you enable [Pipelines for merged results](../index.md),
-however, you can forcibly disable this feature by disabling the feature flag `:merge_trains_enabled`.
-After you disabled this feature, all the existing merge trains will be aborted and
-you will no longer see the **Start/Add Merge Train** button in merge requests.
+however, you can disable this feature by setting the `:disable_merge_trains` feature flag to `enable`.
+When you disable this feature, all existing merge trains are aborted and
+the **Start/Add Merge Train** button no longer appears in merge requests.
 
 To check if the feature flag is enabled on your GitLab instance,
-please ask administrator to execute the following commands:
+please ask an administrator to execute the following commands **(CORE ONLY)**:
 
 ```shell
 > sudo gitlab-rails console                         # Login to Rails console of GitLab instance.
-> Feature.enabled?(:merge_trains_enabled)           # Check if it's enabled or not.
-> Feature.disable(:merge_trains_enabled)            # Disable the feature flag.
+> Feature.enabled?(:disable_merge_trains)           # Check if it's disabled or not.
+> Feature.enable(:disable_merge_trains)             # Disable Merge Trains.
 ```

doc/ci/yaml/README.md

@@ -2268,7 +2268,7 @@ introduced in GitLab 12.8.
 
 > Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above.
 
-The `license_management` report collects [Licenses](../../user/application_security/license_compliance/index.md)
+The `license_management` report collects [Licenses](../../user/compliance/license_compliance/index.md)
 as artifacts.
 
 The collected License Compliance report will be uploaded to GitLab as an artifact and will
@@ -2279,7 +2279,7 @@ dashboards. It is not available for download through the web interface.
 
 > Introduced in GitLab 12.8. Requires GitLab Runner 11.5 and above.
 
-The `license_scanning` report collects [Licenses](../../user/application_security/license_compliance/index.md)
+The `license_scanning` report collects [Licenses](../../user/compliance/license_compliance/index.md)
 as artifacts.
 
 The License Compliance report will be uploaded to GitLab as an artifact and will

doc/development/go_guide/index.md

@@ -109,7 +109,7 @@ become available, you will be able to share job templates like this
 Dependencies should be kept to the minimum. The introduction of a new
 dependency should be argued in the merge request, as per our [Approval
 Guidelines](../code_review.md#approval-guidelines). Both [License
-Management](../../user/application_security/license_compliance/index.md)
+Management](../../user/compliance/license_compliance/index.md)
 **(ULTIMATE)** and [Dependency
 Scanning](../../user/application_security/dependency_scanning/index.md)
 **(ULTIMATE)** should be activated on all projects to ensure new dependencies

doc/development/testing_guide/best_practices.md

@@ -52,6 +52,13 @@ bundle exec guard
 
 When using spring and guard together, use `SPRING=1 bundle exec guard` instead to make use of spring.
 
+Use [Factory Doctor](https://test-prof.evilmartians.io/#/factory_doctor.md) to find cases on un-necessary database manipulation, which can cause slow tests.
+
+```shell
+# run test for path
+FDOC=1 bin/rspec spec/[path]/[to]/[spec].rb
+```
+
 ### General guidelines
 
 - Use a single, top-level `describe ClassName` block.

doc/topics/autodevops/index.md

@@ -474,7 +474,7 @@ report is created, it's uploaded as an artifact which you can later download and
 check out.
 
 Any licenses are also shown in the merge request widget. Read more how
-[License Compliance works](../../user/application_security/license_compliance/index.md).
+[License Compliance works](../../user/compliance/license_compliance/index.md).
 
 ### Auto Container Scanning **(ULTIMATE)**
 

doc/user/application_security/compliance_dashboard/index.md

 ---
-type: reference, howto
+redirect_to: '../../compliance/compliance_dashboard/index.md'
 ---
 
-# Compliance Dashboard **(ULTIMATE)**
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36524) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8.
-
-The Compliance Dashboard gives you the ability to see a group's Merge Request activity
-by providing a high-level view for all projects in the group. For example, code approved
-for merging into production.
-
-## Overview
-
-To access the Compliance Dashboard for a group, navigate to **{shield}** **Security & Compliance > Compliance** on the group's menu.
-
-![Compliance Dashboard](img/compliance_dashboard_v12_8.png)
-
-## Use cases
-
-This feature is for people who care about the compliance status of projects within their group.
-
-You can use the dashboard to:
-
-- Get an overview of the latest Merge Request for each project.
-- See if Merge Requests were approved and by whom.
-
-## Permissions
-
-- On [GitLab Ultimate](https://about.gitlab.com/pricing/) tier.
-- By **Administrators** and **Group Owners**.
+This document was moved to [another location](../../compliance/compliance_dashboard/index.md).

doc/user/application_security/dependency_list/index.md

@@ -48,8 +48,8 @@ vulnerability will then be displayed below it.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10536) in GitLab Ultimate 12.3.
 
-If the [License Compliance](../license_compliance/index.md) CI job is configured,
-the [discovered licenses](../license_compliance/index.md#supported-languages-and-package-managers) will be displayed on this page.
+If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured,
+the [discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) will be displayed on this page.
 
 ## Downloading the Dependency List
 

doc/user/application_security/index.md

@@ -19,12 +19,10 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 
 | Secure scanning tool                                                         | Description                                                            |
 |:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------|
-| [Compliance Dashboard](compliance_dashboard/index.md) **(ULTIMATE)**         | View the most recent Merge Request activity in a group.                |
 | [Container Scanning](container_scanning/index.md) **(ULTIMATE)**             | Scan Docker containers for known vulnerabilities.                      |
 | [Dependency List](dependency_list/index.md) **(ULTIMATE)**                   | View your project's dependencies and their known vulnerabilities.      |
 | [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)**           | Analyze your dependencies for known vulnerabilities.                   |
 | [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)**  | Analyze running web applications for known vulnerabilities.            |
-| [License Compliance](license_compliance/index.md) **(ULTIMATE)**             | Search your project's dependencies for their licenses.                 |
 | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**             | View vulnerabilities in all your projects and groups.                  |
 | [Static Application Security Testing (SAST)](sast/index.md) **(ULTIMATE)**   | Analyze source code for known vulnerabilities.                         |
 
@@ -185,7 +183,7 @@ with the number of approvals required greater than zero.
 
 Once this group is added to your project, the approval rule is enabled for all Merge Requests. To
 configure how this rule behaves, you can choose which licenses to `approve` or `blacklist` in the
-[project policies for License Compliance](license_compliance/index.md#project-policies-for-license-compliance)
+[project policies for License Compliance](../compliance/license_compliance/index.md#project-policies-for-license-compliance)
 section.
 
 Any code changes cause the approvals required to reset.

doc/user/application_security/license_management/index.md

 ---
-redirect_to: ../license_compliance/index.md
+redirect_to: ../../compliance/license_compliance/index.md
 ---
 
-This document was moved to [another location](../license_compliance/index.md).
+This document was moved to [another location](../../compliance/license_compliance/index.md).

doc/user/compliance/compliance_dashboard/index.md

+---
+type: reference, howto
+---
+
+# Compliance Dashboard **(ULTIMATE)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36524) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8.
+
+The Compliance Dashboard gives you the ability to see a group's Merge Request activity
+by providing a high-level view for all projects in the group. For example, code approved
+for merging into production.
+
+## Overview
+
+To access the Compliance Dashboard for a group, navigate to **{shield}** **Security & Compliance > Compliance** on the group's menu.
+
+![Compliance Dashboard](img/compliance_dashboard_v12_8.png)
+
+## Use cases
+
+This feature is for people who care about the compliance status of projects within their group.
+
+You can use the dashboard to:
+
+- Get an overview of the latest Merge Request for each project.
+- See if Merge Requests were approved and by whom.
+
+## Permissions
+
+- On [GitLab Ultimate](https://about.gitlab.com/pricing/) tier.
+- By **Administrators** and **Group Owners**.

doc/user/compliance/index.md

+# Compliance **(ULTIMATE)**
+
+The compliance tools provided by GitLab let you keep an eye on various aspects of your project. The
+following compliance tools are available:
+
+- [Compliance Dashboard](compliance_dashboard/index.md): View recent merge request activity across
+  all projects in a group. This lets you see if merge requests were approved, and by whom.
+- [License Compliance](license_compliance/index.md): Search your project's dependencies for their
+  licenses. This lets you determine if the licenses of your project's dependencies are compatible
+  with your project's license.

doc/user/project/code_owners.md

@@ -25,8 +25,18 @@ specify themselves as a code owner, all before the new changes
 get merged to the default branch.
 
 When a file matches multiple entries in the `CODEOWNERS` file,
-the users from all entries are displayed on the blob page of
-the given file.
+the users from last pattern matching the file are displayed on the
+blob page of the given file. For example, you have the following
+`CODEOWNERS` file:
+
+```
+README.md @user1
+
+# This line would also match the file README.md
+*.md @user2
+```
+
+The user that would show for `README.md` would be `@user2`.
 
 ## Approvals by Code Owners
 

doc/user/project/import/index.md

@@ -29,15 +29,14 @@ If you only need to migrate Git repos, you can [import each project by URL](repo
 If you want to retain all metadata like issues and merge requests, you can use
 the [import/export feature](../settings/import_export.md) to export projects from self-managed GitLab and import those projects into GitLab.com.
 
-NOTE: **Note:**
-This approach assumes all users from the self-managed instance have already been migrated.
-If the users haven't been migrated yet, the user conducting the import
-will take the place of all references to the missing user(s).
+All GitLab user associations (such as comment author) will be changed to the user importing the project. For more information, please see [the import notes](../settings/import_export.md#important-notes).
 
 If you need to migrate all data over, you can leverage our [API](../../../api/README.md) to migrate from self-managed to GitLab.com.
 The order of assets to migrate from a self-managed instance to GitLab.com is the following:
 
-1. [Users](../../../api/users.md)
+NOTE: **Note:**
+When migrating to GitLab.com, users would need to be manually created unless [SCIM](../../../user/group/saml_sso/scim_setup.md) is going to be used. Creating users with the API is limited to self-hosted instances as it requires administrator access.
+
 1. [Groups](../../../api/groups.md)
 1. [Projects](../../../api/projects.md)
 1. [Project variables](../../../api/project_level_variables.md)
@@ -56,3 +55,5 @@ then restore it on the new server.
 
 In the event of merging two GitLab instances together (for example, both instances have existing data on them and one can't be wiped),
 refer to the instructions in [Migrating from self-managed GitLab to GitLab.com](#migrating-from-self-managed-gitlab-to-gitlabcom).
+
+Additionally, you can migrate users using the [Users API](../../../api/users.md) with an admin user.

doc/user/project/index.md

@@ -100,7 +100,7 @@ When you create a project in GitLab, you'll have access to a large number of
 - [Maven packages](../packages/maven_repository/index.md): your private Maven repository in GitLab. **(PREMIUM)**
 - [NPM packages](../packages/npm_registry/index.md): your private NPM package registry in GitLab. **(PREMIUM)**
 - [Code owners](code_owners.md): specify code owners for certain files **(STARTER)**
-- [License Compliance](../application_security/license_compliance/index.md): approve and blacklist licenses for projects. **(ULTIMATE)**
+- [License Compliance](../compliance/license_compliance/index.md): approve and blacklist licenses for projects. **(ULTIMATE)**
 - [Dependency List](../application_security/dependency_list/index.md): view project dependencies. **(ULTIMATE)**
 
 ### Project integrations

doc/user/project/merge_requests/index.md

@@ -21,7 +21,7 @@ A. Consider you are a software developer working in a team:
 1. You gather feedback from your team
 1. You work on the implementation optimizing code with [Code Quality reports](code_quality.md) **(STARTER)**
 1. You verify your changes with [JUnit test reports](../../../ci/junit_test_reports.md) in GitLab CI/CD
-1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../application_security/license_compliance/index.md) **(ULTIMATE)**
+1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../compliance/license_compliance/index.md) **(ULTIMATE)**
 1. You request the [approval](merge_request_approvals.md) from your manager **(STARTER)**
 1. Your manager:
    1. Pushes a commit with their final review
@@ -97,6 +97,7 @@ or link to useful information directly in the merge request page:
 | [Display arbitrary job artifacts](../../../ci/yaml/README.md#artifactsexpose_as)                       | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../pipelines/job_artifacts.md) in merge requests.                                                |
 | [GitLab CI/CD](../../../ci/README.md)                                                                  | Build, test, and deploy your code in a per-branch basis with built-in CI/CD.                                                                                                                              |
 | [JUnit test reports](../../../ci/junit_test_reports.md)                                                | Configure your CI jobs to use JUnit test reports, and let GitLab display a report on the merge request so that it’s easier and faster to identify the failure without having to check the entire job log. |
+| [License Compliance](../../compliance/license_compliance/index.md) **(ULTIMATE)**                      | Manage the licenses of your dependencies. |
 | [Metrics Reports](../../../ci/metrics_reports.md) **(PREMIUM)**                                        | Display the Metrics Report on the merge request so that it's fast and easy to identify changes to important metrics.                                                                                      |
 | [Multi-Project pipelines](../../../ci/multi_project_pipelines.md) **(PREMIUM)**                        | When you set up GitLab CI/CD across multiple projects, you can visualize the entire pipeline, including all cross-project interdependencies.                                                              |
 | [Pipelines for merge requests](../../../ci/merge_request_pipelines/index.md)                           | Customize a specific pipeline structure for merge requests in order to speed the cycle up by running only important jobs.                                                                                 |
@@ -112,7 +113,6 @@ generated by scanning and reporting any vulnerabilities found in your project:
 | [Container Scanning](../../application_security/container_scanning/index.md)            | Analyze your Docker images for known vulnerabilities.            |
 | [Dynamic Application Security Testing (DAST)](../../application_security/dast/index.md) | Analyze your running web applications for known vulnerabilities. |
 | [Dependency Scanning](../../application_security/dependency_scanning/index.md)          | Analyze your dependencies for known vulnerabilities.             |
-| [License Compliance](../../application_security/license_compliance/index.md)            | Manage the licenses of your dependencies.                        |
 | [Static Application Security Testing (SAST)](../../application_security/sast/index.md)  | Analyze your source code for known vulnerabilities.              |
 
 ## Authorization for merge requests

doc/user/project/merge_requests/license_management.md

 ---
-redirect_to: '../../application_security/license_compliance/index.md'
+redirect_to: '../../compliance/license_compliance/index.md'
 ---
 
-This document was moved to [another location](../../application_security/license_compliance/index.md).
+This document was moved to [another location](../../compliance/license_compliance/index.md).

doc/user/project/repository/repository_mirroring.md

@@ -69,6 +69,11 @@ Changes pushed to files in the repository are automatically pushed to the remote
 In the case of a diverged branch, you will see an error indicated at the **Mirroring repositories**
 section.
 
+### Configuring push mirrors through the API
+
+You can also create and modify project push mirrors through the
+[remote mirrors API](../../../api/remote_mirrors.md).
+
 ### Push only protected branches **(CORE)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3350) in [GitLab Starter](https://about.gitlab.com/pricing/) 10.3.

spec/fixtures/trace/sample_trace

@@ -2772,8 +2772,6 @@ Service
     should return false by default
   #deprecation_message
     should be empty by default
-  .find_by_template
-    returns service template
   #api_field_names
     filters out sensitive fields
 

spec/models/analytics/cycle_analytics/project_stage_spec.rb

@@ -8,7 +8,7 @@ describe Analytics::CycleAnalytics::ProjectStage do
   end
 
   it 'default stages must be valid' do
-    project = create(:project)
+    project = build(:project)
 
     Gitlab::Analytics::CycleAnalytics::DefaultStages.all.each do |params|
       stage = described_class.new(params.merge(project: project))
@@ -17,13 +17,13 @@ describe Analytics::CycleAnalytics::ProjectStage do
   end
 
   it_behaves_like 'cycle analytics stage' do
-    let(:parent) { create(:project) }
+    let(:parent) { build(:project) }
     let(:parent_name) { :project }
   end
 
   context 'relative positioning' do
     it_behaves_like 'a class that supports relative positioning' do
-      let(:project) { create(:project) }
+      let(:project) { build(:project) }
       let(:factory) { :cycle_analytics_project_stage }
       let(:default_params) { { project: project } }
     end

spec/models/clusters/cluster_spec.rb

@@ -573,17 +573,17 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
   end
 
   describe '#allow_user_defined_namespace?' do
-    let(:cluster) { create(:cluster, :provided_by_gcp) }
-
     subject { cluster.allow_user_defined_namespace? }
 
     context 'project type cluster' do
       context 'gitlab managed' do
+        let(:cluster) { build(:cluster, :provided_by_gcp) }
+
         it { is_expected.to be_truthy }
       end
 
       context 'not managed' do
-        let(:cluster) { create(:cluster, :provided_by_gcp, managed: false) }
+        let(:cluster) { build(:cluster, :provided_by_gcp, managed: false) }
 
         it { is_expected.to be_truthy }
       end
@@ -591,13 +591,13 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
 
     context 'group type cluster' do
       context 'gitlab managed' do
-        let(:cluster) { create(:cluster, :provided_by_gcp, :group) }
+        let(:cluster) { build(:cluster, :provided_by_gcp, :group) }
 
         it { is_expected.to be_falsey }
       end
 
       context 'not managed' do
-        let(:cluster) { create(:cluster, :provided_by_gcp, :group, managed: false) }
+        let(:cluster) { build(:cluster, :provided_by_gcp, :group, managed: false) }
 
         it { is_expected.to be_truthy }
       end
@@ -605,13 +605,13 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
 
     context 'instance type cluster' do
       context 'gitlab managed' do
-        let(:cluster) { create(:cluster, :provided_by_gcp, :instance) }
+        let(:cluster) { build(:cluster, :provided_by_gcp, :instance) }
 
         it { is_expected.to be_falsey }
       end
 
       context 'not managed' do
-        let(:cluster) { create(:cluster, :provided_by_gcp, :instance, managed: false) }
+        let(:cluster) { build(:cluster, :provided_by_gcp, :instance, managed: false) }
 
         it { is_expected.to be_truthy }
       end
@@ -649,18 +649,18 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
   end
 
   describe '#kube_ingress_domain' do
-    let(:cluster) { create(:cluster, :provided_by_gcp) }
+    let(:cluster) { build(:cluster, :provided_by_gcp) }
 
     subject { cluster.kube_ingress_domain }
 
     context 'with domain set in cluster' do
-      let(:cluster) { create(:cluster, :provided_by_gcp, :with_domain) }
+      let(:cluster) { build(:cluster, :provided_by_gcp, :with_domain) }
 
       it { is_expected.to eq(cluster.domain) }
     end
 
     context 'with no domain on cluster' do
-      let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
+      let(:cluster) { build(:cluster, :project, :provided_by_gcp) }
       let(:project) { cluster.project }
 
       context 'with domain set at instance level' do
@@ -754,7 +754,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
     end
 
     context 'with no domain' do
-      let(:cluster) { create(:cluster, :provided_by_gcp, :project) }
+      let(:cluster) { build(:cluster, :provided_by_gcp, :project) }
 
       it 'returns an empty array' do
         expect(subject.to_hash).to be_empty
@@ -782,7 +782,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
     subject { cluster.status_name }
 
     context 'the cluster has a provider' do
-      let(:cluster) { create(:cluster, :provided_by_gcp) }
+      let(:cluster) { build(:cluster, :provided_by_gcp) }
       let(:provider_status) { :errored }
 
       before do
@@ -816,7 +816,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
     end
 
     context 'there is a cached connection status' do
-      let(:cluster) { create(:cluster, :provided_by_user) }
+      let(:cluster) { build(:cluster, :provided_by_user) }
 
       before do
         allow(cluster).to receive(:connection_status).and_return(:connected)
@@ -826,7 +826,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
     end
 
     context 'there is no connection status in the cache' do
-      let(:cluster) { create(:cluster, :provided_by_user) }
+      let(:cluster) { build(:cluster, :provided_by_user) }
 
       before do
         allow(cluster).to receive(:connection_status).and_return(nil)

spec/models/error_tracking/project_error_tracking_setting_spec.rb

@@ -8,7 +8,7 @@ describe ErrorTracking::ProjectErrorTrackingSetting do
 
   let_it_be(:project) { create(:project) }
 
-  subject(:setting) { create(:project_error_tracking_setting, project: project) }
+  subject(:setting) { build(:project_error_tracking_setting, project: project) }
 
   describe 'Associations' do
     it { is_expected.to belong_to(:project) }

spec/models/merge_request_spec.rb

@@ -276,6 +276,8 @@ describe MergeRequest do
   end
 
   describe 'respond to' do
+    subject { build(:merge_request) }
+
     it { is_expected.to respond_to(:unchecked?) }
     it { is_expected.to respond_to(:checking?) }
     it { is_expected.to respond_to(:can_be_merged?) }

spec/models/service_spec.rb

@@ -406,14 +406,6 @@ describe Service do
     end
   end
 
-  describe '.find_by_template' do
-    let!(:service) { create(:service, template: true) }
-
-    it 'returns service template' do
-      expect(described_class.find_by_template).to eq(service)
-    end
-  end
-
   describe '#api_field_names' do
     let(:fake_service) do
       Class.new(Service) do

spec/services/merge_requests/after_create_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe MergeRequests::AfterCreateService do
+  let_it_be(:merge_request) { create(:merge_request) }
+
+  subject(:after_create_service) do
+    described_class.new(merge_request.target_project, merge_request.author)
+  end
+
+  describe '#execute' do
+    let(:event_service) { instance_double('EventCreateService', open_mr: true) }
+    let(:notification_service) { instance_double('NotificationService', new_merge_request: true) }
+
+    before do
+      allow(after_create_service).to receive(:event_service).and_return(event_service)
+      allow(after_create_service).to receive(:notification_service).and_return(notification_service)
+    end
+
+    it 'creates a merge request open event' do
+      expect(event_service)
+        .to receive(:open_mr).with(merge_request, merge_request.author)
+
+      after_create_service.execute(merge_request)
+    end
+
+    it 'creates a new merge request notification' do
+      expect(notification_service)
+        .to receive(:new_merge_request).with(merge_request, merge_request.author)
+
+      after_create_service.execute(merge_request)
+    end
+
+    it 'writes diffs to the cache' do
+      expect(merge_request)
+        .to receive_message_chain(:diffs, :write_cache)
+
+      after_create_service.execute(merge_request)
+    end
+
+    it 'creates cross references' do
+      expect(merge_request)
+        .to receive(:create_cross_references!).with(merge_request.author)
+
+      after_create_service.execute(merge_request)
+    end
+
+    it 'creates a pipeline and updates the HEAD pipeline' do
+      expect(after_create_service)
+        .to receive(:create_pipeline_for).with(merge_request, merge_request.author)
+      expect(merge_request).to receive(:update_head_pipeline)
+
+      after_create_service.execute(merge_request)
+    end
+
+    # https://gitlab.com/gitlab-org/gitlab/issues/208813
+    context 'when the create_merge_request_pipelines_in_sidekiq flag is disabled' do
+      before do
+        stub_feature_flags(create_merge_request_pipelines_in_sidekiq: false)
+      end
+
+      it 'does not create a pipeline or update the HEAD pipeline' do
+        expect(after_create_service).not_to receive(:create_pipeline_for)
+        expect(merge_request).not_to receive(:update_head_pipeline)
+
+        after_create_service.execute(merge_request)
+      end
+    end
+  end
+end

spec/services/merge_requests/create_service_spec.rb

@@ -129,7 +129,23 @@ describe MergeRequests::CreateService, :clean_gitlab_redis_shared_state do
         end
       end
 
-      context 'when head pipelines already exist for merge request source branch' do
+      # https://gitlab.com/gitlab-org/gitlab/issues/208813
+      context 'when the create_merge_request_pipelines_in_sidekiq flag is disabled' do
+        before do
+          stub_feature_flags(create_merge_request_pipelines_in_sidekiq: false)
+        end
+
+        it 'creates a pipeline and updates the HEAD pipeline' do
+          expect(service).to receive(:create_pipeline_for)
+          expect_next_instance_of(MergeRequest) do |merge_request|
+            expect(merge_request).to receive(:update_head_pipeline)
+          end
+
+          service.execute
+        end
+      end
+
+      context 'when head pipelines already exist for merge request source branch', :sidekiq_inline do
         let(:shas) { project.repository.commits(opts[:source_branch], limit: 2).map(&:id) }
         let!(:pipeline_1) { create(:ci_pipeline, project: project, ref: opts[:source_branch], project_id: project.id, sha: shas[1]) }
         let!(:pipeline_2) { create(:ci_pipeline, project: project, ref: opts[:source_branch], project_id: project.id, sha: shas[0]) }
@@ -175,7 +191,7 @@ describe MergeRequests::CreateService, :clean_gitlab_redis_shared_state do
         end
       end
 
-      describe 'Pipelines for merge requests' do
+      describe 'Pipelines for merge requests', :sidekiq_inline do
         before do
           stub_ci_pipeline_yaml_file(config)
         end
@@ -216,7 +232,9 @@ describe MergeRequests::CreateService, :clean_gitlab_redis_shared_state do
               target_project.add_maintainer(user)
             end
 
-            it 'create legacy detached merge request pipeline for fork merge request', :sidekiq_might_not_need_inline do
+            it 'create legacy detached merge request pipeline for fork merge request' do
+              merge_request.reload
+
               expect(merge_request.actual_head_pipeline)
                 .to be_legacy_detached_merge_request_pipeline
             end
@@ -228,6 +246,8 @@ describe MergeRequests::CreateService, :clean_gitlab_redis_shared_state do
             end
 
             it 'create legacy detached merge request pipeline for non-fork merge request' do
+              merge_request.reload
+
               expect(merge_request.actual_head_pipeline)
                 .to be_legacy_detached_merge_request_pipeline
             end
@@ -262,6 +282,8 @@ describe MergeRequests::CreateService, :clean_gitlab_redis_shared_state do
             end
 
             it 'sets the latest detached merge request pipeline as the head pipeline' do
+              merge_request.reload
+
               expect(merge_request.actual_head_pipeline).to be_merge_request_event
             end
           end