Add latest changes from gitlab-org/gitlab@master

4cb5e501 · GitLab Bot · 0301a0ca · 4cb5e501 · 4cb5e501 · 4cb5e501
Commit 4cb5e501 authored Mar 13, 2020 by GitLab Bot
115 changed files
--- a/app/assets/images/cluster_app_logos/modsecurity.png
+++ b/app/assets/images/cluster_app_logos/modsecurity.png
--- a/app/assets/javascripts/clusters/clusters_bundle.js
+++ b/app/assets/javascripts/clusters/clusters_bundle.js
@@ -256,6 +256,7 @@ export default class Clusters {
    eventHub.$on('uninstallApplication', data => this.uninstallApplication(data));
    eventHub.$on('setCrossplaneProviderStack', data => this.setCrossplaneProviderStack(data));
    eventHub.$on('setIngressModSecurityEnabled', data => this.setIngressModSecurityEnabled(data));
+    eventHub.$on('resetIngressModSecurityEnabled', id => this.resetIngressModSecurityEnabled(id));
    // Add event listener to all the banner close buttons
    this.addBannerCloseHandler(this.unreachableContainer, 'unreachable');
    this.addBannerCloseHandler(this.authenticationFailureContainer, 'authentication_failure');
@@ -270,6 +271,7 @@ export default class Clusters {
    eventHub.$off('setCrossplaneProviderStack');
    eventHub.$off('uninstallApplication');
    eventHub.$off('setIngressModSecurityEnabled');
+    eventHub.$off('resetIngressModSecurityEnabled');
  }

  initPolling(method, successCallback, errorCallback) {
@@ -523,6 +525,10 @@ export default class Clusters {
    this.store.updateAppProperty(id, 'modsecurity_enabled', modSecurityEnabled);
  }

+  resetIngressModSecurityEnabled(id) {
+    this.store.updateAppProperty(id, 'isEditingModSecurityEnabled', false);
+  }
+
  destroy() {
    this.destroyed = true;


--- a/app/assets/javascripts/clusters/components/applications.vue
+++ b/app/assets/javascripts/clusters/components/applications.vue
@@ -119,9 +119,6 @@ export default {
    ingressInstalled() {
      return this.applications.ingress.status === APPLICATION_STATUS.INSTALLED;
    },
-    ingressEnableModsecurity() {
-      return this.applications.ingress.modsecurity_enabled;
-    },
    ingressExternalEndpoint() {
      return this.applications.ingress.externalIp || this.applications.ingress.externalHostname;
    },

--- a/app/assets/javascripts/clusters/components/ingress_modsecurity_settings.vue
+++ b/app/assets/javascripts/clusters/components/ingress_modsecurity_settings.vue
 <script>
 import _ from 'lodash';
 import { __ } from '../../locale';
-import LoadingButton from '~/vue_shared/components/loading_button.vue';
 import { APPLICATION_STATUS, INGRESS } from '~/clusters/constants';
-import { GlAlert, GlSprintf, GlLink } from '@gitlab/ui';
+import { GlAlert, GlSprintf, GlLink, GlToggle, GlButton } from '@gitlab/ui';
 import eventHub from '~/clusters/event_hub';
+import modSecurityLogo from 'images/cluster_app_logos/modsecurity.png';

-const { UPDATING, UNINSTALLING } = APPLICATION_STATUS;
+const { UPDATING, UNINSTALLING, INSTALLING, INSTALLED, UPDATED } = APPLICATION_STATUS;

 export default {
+  title: 'ModSecurity Web Application Firewall',
+  modsecurityUrl: 'https://modsecurity.org/about.html',
  components: {
-    LoadingButton,
    GlAlert,
    GlSprintf,
    GlLink,
+    GlToggle,
+    GlButton,
  },
  props: {
    ingress: {
@@ -26,6 +29,10 @@ export default {
      default: '',
    },
  },
+  data: () => ({
+    modSecurityLogo,
+    hasValueChanged: false,
+  }),
  computed: {
    modSecurityEnabled: {
      get() {
@@ -36,6 +43,11 @@ export default {
          id: INGRESS,
          modSecurityEnabled: isEnabled,
        });
+        if (this.hasValueChanged) {
+          this.resetStatus();
+        } else {
+          this.hasValueChanged = true;
+        }
      },
    },
    ingressModSecurityDescription() {
@@ -45,13 +57,21 @@ export default {
      return [UPDATING].includes(this.ingress.status);
    },
    saveButtonDisabled() {
-      return [UNINSTALLING, UPDATING].includes(this.ingress.status);
+      return [UNINSTALLING, UPDATING, INSTALLING].includes(this.ingress.status);
    },
    saveButtonLabel() {
      return this.saving ? __('Saving') : __('Save changes');
    },
-    ingressInstalled() {
-      return this.ingress.installed;
+    /**
+     * Returns true either when:
+     *   - The application is getting updated.
+     *   - The user has changed some of the settings for an application which is
+     *     neither getting installed nor updated.
+     */
+    showButtons() {
+      return (
+        this.saving || (this.hasValueChanged && [INSTALLED, UPDATED].includes(this.ingress.status))
+      );
    },
  },
  methods: {
@@ -60,6 +80,11 @@ export default {
        id: INGRESS,
        params: { modsecurity_enabled: this.ingress.modsecurity_enabled },
      });
+      this.resetStatus();
+    },
+    resetStatus() {
+      eventHub.$emit('resetIngressModSecurityEnabled', INGRESS);
+      this.hasValueChanged = false;
    },
  },
 };
@@ -75,42 +100,65 @@ export default {
      @dismiss="alert = null"
    >
      {{
-        s__('ClusterIntegration|Something went wrong while updating the Web Application Firewall.')
+        s__(
+          'ClusterIntegration|Something went wrong while trying to save your settings. Please try again.',
+        )
      }}
    </gl-alert>
-    <div class="form-group">
-      <div class="form-check form-check-inline">
-        <input
-          v-model="modSecurityEnabled"
-          type="checkbox"
-          autocomplete="off"
-          class="form-check-input"
+    <div class="gl-responsive-table-row-layout" role="row">
+      <div class="table-section append-right-8 section-align-top" role="gridcell">
+        <img
+          :src="modSecurityLogo"
+          :alt="`${$options.title} logo`"
+          class="cluster-application-logo avatar s40"
        />
-        <label class="form-check-label label-bold" for="ingress-enable-modsecurity">
-          {{ s__('ClusterIntegration|Enable Web Application Firewall') }}
-        </label>
      </div>
-      <p class="form-text text-muted">
+      <div class="table-section section-wrap" role="gridcell">
        <strong>
-          <gl-sprintf
-            :message="s__('ClusterIntegration|Learn more about %{linkStart}ModSecurity%{linkEnd}')"
-          >
-            <template #link="{ content }">
-              <gl-link :href="ingressModSecurityDescription" target="_blank"
-                >{{ content }}
-              </gl-link>
-            </template>
-          </gl-sprintf>
+          <gl-link :href="$options.modsecurityUrl" target="_blank">{{ $options.title }} </gl-link>
        </strong>
-      </p>
-      <loading-button
-        v-if="ingressInstalled"
-        class="btn-success mt-1"
-        :loading="saving"
-        :disabled="saveButtonDisabled"
-        :label="saveButtonLabel"
-        @click="updateApplication"
-      />
+        <div class="form-group">
+          <p class="form-text text-muted">
+            <strong>
+              <gl-sprintf
+                :message="
+                  s__(
+                    'ClusterIntegration|Real-time web application monitoring, logging and access control. %{linkStart}More information%{linkEnd}',
+                  )
+                "
+              >
+                <template #link="{ content }">
+                  <gl-link :href="ingressModSecurityDescription" target="_blank"
+                    >{{ content }}
+                  </gl-link>
+                </template>
+              </gl-sprintf>
+            </strong>
+          </p>
+          <div class="form-check form-check-inline mt-3">
+            <gl-toggle
+              v-model="modSecurityEnabled"
+              :label-on="__('Enabled')"
+              :label-off="__('Disabled')"
+              :disabled="saveButtonDisabled"
+              label-position="right"
+            />
+          </div>
+          <div v-if="showButtons">
+            <gl-button
+              class="btn-success inline mr-1"
+              :loading="saving"
+              :disabled="saveButtonDisabled"
+              @click="updateApplication"
+            >
+              {{ saveButtonLabel }}
+            </gl-button>
+            <gl-button :disabled="saveButtonDisabled" @click="resetStatus">
+              {{ __('Cancel') }}
+            </gl-button>
+          </div>
+        </div>
+      </div>
    </div>
  </div>
 </template>
--- a/app/assets/javascripts/clusters/stores/clusters_store.js
+++ b/app/assets/javascripts/clusters/stores/clusters_store.js
@@ -211,9 +211,7 @@ export default class ClusterStore {
        this.state.applications.ingress.externalIp = serverAppEntry.external_ip;
        this.state.applications.ingress.externalHostname = serverAppEntry.external_hostname;
        if (!this.state.applications.ingress.isEditingModSecurityEnabled) {
-          this.state.applications.ingress.modsecurity_enabled =
-            serverAppEntry.modsecurity_enabled ||
-            this.state.applications.ingress.modsecurity_enabled;
+          this.state.applications.ingress.modsecurity_enabled = serverAppEntry.modsecurity_enabled;
        }
      } else if (appId === CERT_MANAGER) {
        this.state.applications.cert_manager.email =

--- a/app/assets/javascripts/notes/components/discussion_counter.vue
+++ b/app/assets/javascripts/notes/components/discussion_counter.vue
@@ -77,6 +77,9 @@ export default {
          v-gl-tooltip
          title="Jump to next unresolved thread"
          class="btn btn-default discussion-next-btn"
+          data-track-event="click_button"
+          data-track-label="mr_next_unresolved_thread"
+          data-track-property="click_next_unresolved_thread_top"
          @click="jumpToNextDiscussion"
        >
          <icon name="comment-next" />

--- a/app/assets/javascripts/notes/components/discussion_jump_to_next_button.vue
+++ b/app/assets/javascripts/notes/components/discussion_jump_to_next_button.vue
@@ -28,6 +28,9 @@ export default {
      v-gl-tooltip
      class="btn btn-default discussion-next-btn"
      :title="s__('MergeRequests|Jump to next unresolved thread')"
+      data-track-event="click_button"
+      data-track-label="mr_next_unresolved_thread"
+      data-track-property="click_next_unresolved_thread"
      @click="jumpToNextRelativeDiscussion(fromDiscussionId)"
    >
      <icon name="comment-next" />

--- a/app/assets/javascripts/pages/admin/integrations/edit/index.js
+++ b/app/assets/javascripts/pages/admin/integrations/edit/index.js
+import IntegrationSettingsForm from '~/integrations/integration_settings_form';
+import PrometheusMetrics from '~/prometheus_metrics/prometheus_metrics';
+import initAlertsSettings from '~/alerts_service_settings';
+
+document.addEventListener('DOMContentLoaded', () => {
+  const prometheusSettingsWrapper = document.querySelector('.js-prometheus-metrics-monitoring');
+  const integrationSettingsForm = new IntegrationSettingsForm('.js-integration-settings-form');
+  integrationSettingsForm.init();
+
+  if (prometheusSettingsWrapper) {
+    const prometheusMetrics = new PrometheusMetrics('.js-prometheus-metrics-monitoring');
+    prometheusMetrics.loadActiveMetrics();
+  }
+
+  initAlertsSettings(document.querySelector('.js-alerts-service-settings'));
+});
--- a/app/assets/javascripts/pages/projects/snippets/show/index.js
+++ b/app/assets/javascripts/pages/projects/snippets/show/index.js
@@ -14,5 +14,6 @@ document.addEventListener('DOMContentLoaded', () => {
    snippetEmbed();
  } else {
    initSnippetsApp();
+    initNotes();
  }
 });
--- a/app/assets/javascripts/pages/snippets/show/index.js
+++ b/app/assets/javascripts/pages/snippets/show/index.js
@@ -14,5 +14,6 @@ document.addEventListener('DOMContentLoaded', () => {
    snippetEmbed();
  } else {
    initSnippetsApp();
+    initNotes();
  }
 });
--- a/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment.vue
@@ -64,7 +64,7 @@ export default {
            :deployment="deployment"
            :computed-deployment-status="computedDeploymentStatus"
            :show-visual-review-app="showVisualReviewApp"
-            :visual-review-app-metadata="visualReviewAppMeta"
+            :visual-review-app-meta="visualReviewAppMeta"
          />
        </div>
      </div>

--- a/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment_actions.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment_actions.vue
@@ -173,7 +173,7 @@ export default {
      :app-button-text="appButtonText"
      :deployment="deployment"
      :show-visual-review-app="showVisualReviewApp"
-      :visual-review-app-metadata="visualReviewAppMeta"
+      :visual-review-app-meta="visualReviewAppMeta"
    />
    <deployment-action-button
      v-if="stopUrl"

--- a/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment_view_button.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/deployment/deployment_view_button.vue
@@ -93,8 +93,10 @@ export default {
    />
    <visual-review-app-link
      v-if="showVisualReviewApp"
+      :view-app-display="appButtonText"
      :link="deploymentExternalUrl"
      :app-metadata="visualReviewAppMeta"
+      :changes="deployment.changes"
    />
  </span>
 </template>
--- a/app/assets/stylesheets/pages/profile.scss
+++ b/app/assets/stylesheets/pages/profile.scss
@@ -118,6 +118,14 @@
  }
 }

+.ssh-keys-list {
+  .last-used-at,
+  .expires,
+  .key-created-at {
+    line-height: 32px;
+  }
+}
+
 .key-created-at {
  line-height: 42px;
 }

--- a/app/controllers/admin/integrations_controller.rb
+++ b/app/controllers/admin/integrations_controller.rb
+# frozen_string_literal: true
+
+class Admin::IntegrationsController < Admin::ApplicationController
+  include ServiceParams
+
+  before_action :not_found, unless: :instance_level_integrations_enabled?
+  before_action :service, only: [:edit, :update, :test]
+
+  def edit
+  end
+
+  def update
+    @service.attributes = service_params[:service]
+
+    if @service.save(context: :manual_change)
+      redirect_to edit_admin_application_settings_integration_path(@service), notice: success_message
+    else
+      render :edit
+    end
+  end
+
+  def test
+    if @service.can_test?
+      render json: service_test_response, status: :ok
+    else
+      render json: {}, status: :not_found
+    end
+  end
+
+  private
+
+  def instance_level_integrations_enabled?
+    Feature.enabled?(:instance_level_integrations)
+  end
+
+  def project
+    # TODO: Change to something more meaningful
+    Project.first
+  end
+
+  def service
+    @service ||= project.find_or_initialize_service(params[:id])
+  end
+
+  def success_message
+    message = @service.active? ? _('activated') : _('settings saved, but not activated')
+
+    _('%{service_title} %{message}.') % { service_title: @service.title, message: message }
+  end
+
+  def service_test_response
+    unless @service.update(service_params[:service])
+      return { error: true, message: _('Validations failed.'), service_response: @service.errors.full_messages.join(','), test_failed: false }
+    end
+
+    data = @service.test_data(project, current_user)
+    outcome = @service.test(data)
+
+    unless outcome[:success]
+      return { error: true, message: _('Test failed.'), service_response: outcome[:result].to_s, test_failed: true }
+    end
+
+    {}
+  rescue Gitlab::HTTP::BlockedUrlError => e
+    { error: true, message: _('Test failed.'), service_response: e.message, test_failed: true }
+  end
+end
--- a/app/controllers/profiles/keys_controller.rb
+++ b/app/controllers/profiles/keys_controller.rb
@@ -55,6 +55,6 @@ class Profiles::KeysController < Profiles::ApplicationController
  private

  def key_params
-    params.require(:key).permit(:title, :key)
+    params.require(:key).permit(:title, :key, :expires_at)
  end
 end
--- a/app/controllers/projects/services_controller.rb
+++ b/app/controllers/projects/services_controller.rb
@@ -52,28 +52,26 @@ class Projects::ServicesController < Projects::ApplicationController
  private

  def service_test_response
-    if @service.update(service_params[:service])
-      data = @service.test_data(project, current_user)
-      outcome = @service.test(data)
-
-      if outcome[:success]
-        {}
-      else
-        { error: true, message: _('Test failed.'), service_response: outcome[:result].to_s, test_failed: true }
-      end
-    else
-      { error: true, message: _('Validations failed.'), service_response: @service.errors.full_messages.join(','), test_failed: false }
+    unless @service.update(service_params[:service])
+      return { error: true, message: _('Validations failed.'), service_response: @service.errors.full_messages.join(','), test_failed: false }
+    end
+
+    data = @service.test_data(project, current_user)
+    outcome = @service.test(data)
+
+    unless outcome[:success]
+      return { error: true, message: _('Test failed.'), service_response: outcome[:result].to_s, test_failed: true }
    end
+
+    {}
  rescue Gitlab::HTTP::BlockedUrlError => e
    { error: true, message: _('Test failed.'), service_response: e.message, test_failed: true }
  end

  def success_message
-    if @service.active?
-      _("%{service_title} activated.") % { service_title: @service.title }
-    else
-      _("%{service_title} settings saved, but not activated.") % { service_title: @service.title }
-    end
+    message = @service.active? ? _('activated') : _('settings saved, but not activated')
+
+    _('%{service_title} %{message}.') % { service_title: @service.title, message: message }
  end

  def service

--- a/app/models/clusters/applications/ingress.rb
+++ b/app/models/clusters/applications/ingress.rb
@@ -16,7 +16,7 @@ module Clusters
      include AfterCommitQueue

      default_value_for :ingress_type, :nginx
-      default_value_for :modsecurity_enabled, false
+      default_value_for :modsecurity_enabled, true
      default_value_for :version, VERSION

      enum ingress_type: {

--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -6,6 +6,7 @@ class Key < ApplicationRecord
  include AfterCommitQueue
  include Sortable
  include Sha256Attribute
+  include Expirable

  sha256_attribute :fingerprint_sha256


--- a/app/views/admin/integrations/_form.html.haml
+++ b/app/views/admin/integrations/_form.html.haml
+%h3.page-title
+  = @service.title
+
+%p= @service.description
+
+= form_for @service, as: :service, url: admin_application_settings_integration_path, method: :put, html: { class: 'gl-show-field-errors fieldset-form integration-settings-form js-integration-settings-form', data: { 'can-test' => @service.can_test?, 'test-url' => test_admin_application_settings_integration_path(@service) } } do |form|
+  = render 'shared/service_settings', form: form, service: @service
+
+  - if @service.editable?
+    .footer-block.row-content-block
+      = service_save_button(@service)
+      = link_to _('Cancel'), admin_application_settings_integration_path, class: 'btn btn-cancel'
--- a/app/views/admin/integrations/edit.html.haml
+++ b/app/views/admin/integrations/edit.html.haml
+- add_to_breadcrumbs _('Integrations'), admin_application_settings_integration_path
+- breadcrumb_title @service.title
+- page_title @service.title, _('Integrations')
+
+= render 'form'
--- a/app/views/admin/services/_form.html.haml
+++ b/app/views/admin/services/_form.html.haml
@@ -4,7 +4,7 @@
 %p #{@service.description} template.

 = form_for :service, url: admin_application_settings_service_path, method: :put, html: { class: 'fieldset-form' } do |form|
-  = render 'shared/service_settings', form: form, subject: @service
+  = render 'shared/service_settings', form: form, service: @service

  .footer-block.row-content-block
    = form.submit 'Save', class: 'btn btn-success'
--- a/app/views/profiles/keys/_form.html.haml
+++ b/app/views/profiles/keys/_form.html.haml
@@ -6,10 +6,15 @@
      = f.label :key, s_('Profiles|Key'), class: 'label-bold'
      %p= _("Paste your public SSH key, which is usually contained in the file '~/.ssh/id_ed25519.pub' or '~/.ssh/id_rsa.pub' and begins with 'ssh-ed25519' or 'ssh-rsa'. Don't use your private SSH key.")
      = f.text_area :key, class: "form-control js-add-ssh-key-validation-input qa-key-public-key-field", rows: 8, required: true, placeholder: s_('Profiles|Typically starts with "ssh-ed25519 …" or "ssh-rsa …"')
-    .form-group
-      = f.label :title, _('Title'), class: 'label-bold'
-      = f.text_field :title, class: "form-control input-lg qa-key-title-field", required: true, placeholder: s_('Profiles|e.g. My MacBook key')
-      %p.form-text.text-muted= _('Name your individual key via a title')
+    .form-row
+      .col.form-group
+        = f.label :title, _('Title'), class: 'label-bold'
+        = f.text_field :title, class: "form-control input-lg qa-key-title-field", required: true, placeholder: s_('Profiles|e.g. My MacBook key')
+        %p.form-text.text-muted= s_('Profiles|Give your individual key a title')
+
+      .col.form-group
+        = f.label :expires_at, s_('Profiles|Expires at'), class: 'label-bold'
+        = f.date_field :expires_at, class: "form-control input-lg qa-key-expiry-field", min: Date.tomorrow

    .js-add-ssh-key-validation-warning.hide
      .bs-callout.bs-callout-warning{ role: 'alert', aria_live: 'assertive' }

--- a/app/views/profiles/keys/_key.html.haml
+++ b/app/views/profiles/keys/_key.html.haml
-%li.key-list-item
-  .float-left.append-right-10
+%li.d-flex.align-items-center.key-list-item
+  .append-right-10
    - if key.valid?
-      = icon 'key', class: 'settings-list-icon d-none d-sm-block'
+      - if key.expired?
+        %span.d-inline-block.has-tooltip{ title: s_('Profiles|Your key has expired') }
+          = sprite_icon('warning-solid', size: 16, css_class: 'settings-list-icon d-none d-sm-block')
+      - else
+        = sprite_icon('key', size: 16, css_class: 'settings-list-icon d-none d-sm-block ')
    - else
-      = icon 'exclamation-triangle', class: 'settings-list-icon d-none d-sm-block has-tooltip',
-        title: key.errors.full_messages.join(', ')
+      %span.d-inline-block.has-tooltip{ title: key.errors.full_messages.join(', ') }
+        = sprite_icon('warning-solid', size: 16, css_class: 'settings-list-icon d-none d-sm-block')

-
-  .key-list-item-info
+  .key-list-item-info.w-100.float-none
    = link_to path_to_key(key, is_admin), class: "title" do
      = key.title
    %span.text-truncate
      = key.fingerprint
-    .last-used-at
-      last used:
-      = key.last_used_at ? time_ago_with_tooltip(key.last_used_at) : 'n/a'
-  .float-right
-    %span.key-created-at
-      = s_('Profiles|Created %{time_ago}'.html_safe) % { time_ago:time_ago_with_tooltip(key.created_at)}
-    - if key.can_delete?
-      = link_to path_to_key(key, is_admin), data: { confirm: _('Are you sure?')}, method: :delete, class: "btn btn-transparent prepend-left-10" do
-        %span.sr-only= _('Remove')
-        = icon('trash')
+
+    .key-list-item-dates.d-flex.align-items-start.justify-content-between
+      %span.last-used-at.append-right-10
+        = s_('Profiles|Last used:')
+        = key.last_used_at ? time_ago_with_tooltip(key.last_used_at) : _('Never')
+      %span.expires.append-right-10
+        = s_('Profiles|Expires:')
+        = key.expires_at ? key.expires_at.to_date : _('Never')
+      %span.key-created-at
+        = s_('Profiles|Created %{time_ago}'.html_safe) % { time_ago:time_ago_with_tooltip(key.created_at)}
+        - if key.can_delete?
+          = link_to path_to_key(key, is_admin), data: { confirm: _('Are you sure?')}, method: :delete, class: "btn btn-transparent prepend-left-10 align-baseline" do
+            %span.sr-only= _('Remove')
+            = sprite_icon('remove', size: 16)
--- a/app/views/profiles/keys/_key_details.html.haml
+++ b/app/views/profiles/keys/_key_details.html.haml
@@ -11,9 +11,12 @@
        %li
          %span.light= _('Created on:')
          %strong= @key.created_at.to_s(:medium)
+        %li
+          %span.light= _('Expires:')
+          %strong= @key.expires_at.try(:to_s, :medium) || _('Never')
        %li
          %span.light= _('Last used on:')
-          %strong= @key.last_used_at.try(:to_s, :medium) || 'N/A'
+          %strong= @key.last_used_at.try(:to_s, :medium) || _('Never')

  .col-md-8
    = form_errors(@key, type: 'key') unless @key.valid?

--- a/app/views/profiles/keys/_key_table.html.haml
+++ b/app/views/profiles/keys/_key_table.html.haml
 - is_admin = local_assigns.fetch(:admin, false)

 - if @keys.any?
-  %ul.content-list{ data: { qa_selector: 'ssh_keys_list' } }
+  %ul.content-list.ssh-keys-list{ data: { qa_selector: 'ssh_keys_list' } }
    = render partial: 'profiles/keys/key', collection: @keys, locals: { is_admin: is_admin }
 - else
  %p.settings-message.text-center

--- a/app/views/projects/find_file/show.html.haml
+++ b/app/views/projects/find_file/show.html.haml
@@ -23,4 +23,5 @@
              = _('There are no matching files')
            %p.text-secondary
              = _('Try using a different search term to find the file you are looking for.')
-      = spinner nil, true
+      .text-center.prepend-top-default.loading
+        .spinner.spinner-md
--- a/app/views/projects/services/_form.html.haml
+++ b/app/views/projects/services/_form.html.haml
@@ -11,7 +11,7 @@
      %p= @service.detailed_description
  .col-lg-9
    = form_for(@service, as: :service, url: project_service_path(@project, @service.to_param), method: :put, html: { class: 'gl-show-field-errors integration-settings-form js-integration-settings-form', data: { 'can-test' => @service.can_test?, 'test-url' => test_project_service_path(@project, @service) } }) do |form|
-      = render 'shared/service_settings', form: form, subject: @service
+      = render 'shared/service_settings', form: form, service: @service
      - if @service.editable?
        .footer-block.row-content-block
          = service_save_button(@service)

--- a/app/views/shared/_service_settings.html.haml
+++ b/app/views/shared/_service_settings.html.haml
 = form_errors(@service)

 - if lookup_context.template_exists?('help', "projects/services/#{@service.to_param}", true)
-  = render "projects/services/#{@service.to_param}/help", subject: subject
+  = render "projects/services/#{@service.to_param}/help", subject: @service
 - elsif @service.help.present?
  .info-well
    .well-segment

--- a/changelogs/unreleased/208886-optimize-deployment-counters-related-to-the-deployment.yml
+++ b/changelogs/unreleased/208886-optimize-deployment-counters-related-to-the-deployment.yml
+---
+title: Optimize Deployment related counters
+merge_request: 26757
+author:
+type: performance
--- a/changelogs/unreleased/208914-crud-for-instance-level-integrations.yml
+++ b/changelogs/unreleased/208914-crud-for-instance-level-integrations.yml
+---
+title: Add CRUD for Instance-Level Integrations
+merge_request: 26454
+author:
+type: added
--- a/changelogs/unreleased/27227-widget-showing-changed-pages-for-visual-reviews.yml
+++ b/changelogs/unreleased/27227-widget-showing-changed-pages-for-visual-reviews.yml
+---
+title: Add changed pages dropdown to visual review modal
+merge_request:
+author:
+type: added
--- a/changelogs/unreleased/36243-introduce-an-optional-expiration-date-for-ssh-keys.yml
+++ b/changelogs/unreleased/36243-introduce-an-optional-expiration-date-for-ssh-keys.yml
+---
+title: Introduce optional expiry date for SSH Keys
+merge_request: 26351
+author:
+type: added
--- a/changelogs/unreleased/Resolve-Migrate--fa-spinner-app-views-projects-find_file.yml
+++ b/changelogs/unreleased/Resolve-Migrate--fa-spinner-app-views-projects-find_file.yml
+---
+title: Migrate .fa-spinner to .spinner for app/views/projects/find_file
+merge_request: 25051
+author: nuwe1
+type: other
--- a/changelogs/unreleased/feature-199458-track-jump-to-next-unresolved-thread.yml
+++ b/changelogs/unreleased/feature-199458-track-jump-to-next-unresolved-thread.yml
+---
+title: Added tracking to merge request jump to next thread buttons
+merge_request: 26319
+author: Martin Hobert
+type: added
--- a/changelogs/unreleased/replace_checkbox_by_toggle_for_modsecurity.yml
+++ b/changelogs/unreleased/replace_checkbox_by_toggle_for_modsecurity.yml
+---
+title: Replace checkbox by toggle for ModSecurity on Cluster App Page
+merge_request: 26720
+author:
+type: changed
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -121,6 +121,11 @@ namespace :admin do
    get '/', to: redirect('admin/application_settings/general'), as: nil

    resources :services, only: [:index, :edit, :update]
+    resources :integrations, only: [:edit, :update, :test] do
+      member do
+        put :test
+      end
+    end

    get :usage_data
    put :reset_registration_token

--- a/db/migrate/20200303055348_add_expires_at_to_keys.rb
+++ b/db/migrate/20200303055348_add_expires_at_to_keys.rb
+# frozen_string_literal: true
+
+class AddExpiresAtToKeys < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    add_column :keys, :expires_at, :datetime_with_timezone
+  end
+end
--- a/db/migrate/20200311084025_add_index_on_user_id_status_created_at_to_deployments.rb
+++ b/db/migrate/20200311084025_add_index_on_user_id_status_created_at_to_deployments.rb
+# frozen_string_literal: true
+
+class AddIndexOnUserIdStatusCreatedAtToDeployments < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :deployments, [:user_id, :status, :created_at]
+  end
+
+  def down
+    remove_concurrent_index :deployments, [:user_id, :status, :created_at]
+  end
+end
--- a/db/migrate/20200311094020_add_index_on_id_and_status_to_deployments.rb
+++ b/db/migrate/20200311094020_add_index_on_id_and_status_to_deployments.rb
+# frozen_string_literal: true
+
+class AddIndexOnIdAndStatusToDeployments < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :deployments, [:id, :status]
+  end
+
+  def down
+    remove_concurrent_index :deployments, [:id, :status]
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1409,6 +1409,7 @@ ActiveRecord::Schema.define(version: 2020_03_11_165635) do
    t.index ["environment_id", "id"], name: "index_deployments_on_environment_id_and_id"
    t.index ["environment_id", "iid", "project_id"], name: "index_deployments_on_environment_id_and_iid_and_project_id"
    t.index ["environment_id", "status"], name: "index_deployments_on_environment_id_and_status"
+    t.index ["id", "status"], name: "index_deployments_on_id_and_status"
    t.index ["id"], name: "partial_index_deployments_for_legacy_successful_deployments", where: "((finished_at IS NULL) AND (status = 2))"
    t.index ["project_id", "id"], name: "index_deployments_on_project_id_and_id", order: { id: :desc }
    t.index ["project_id", "iid"], name: "index_deployments_on_project_id_and_iid", unique: true
@@ -1417,6 +1418,7 @@ ActiveRecord::Schema.define(version: 2020_03_11_165635) do
    t.index ["project_id", "status"], name: "index_deployments_on_project_id_and_status"
    t.index ["project_id", "updated_at", "id"], name: "index_deployments_on_project_id_and_updated_at_and_id", order: { updated_at: :desc, id: :desc }
    t.index ["project_id"], name: "partial_index_deployments_for_project_id_and_tag", where: "(tag IS TRUE)"
+    t.index ["user_id", "status", "created_at"], name: "index_deployments_on_user_id_and_status_and_created_at"
  end

  create_table "description_versions", force: :cascade do |t|
@@ -2291,6 +2293,7 @@ ActiveRecord::Schema.define(version: 2020_03_11_165635) do
    t.boolean "public", default: false, null: false
    t.datetime "last_used_at"
    t.binary "fingerprint_sha256"
+    t.datetime_with_timezone "expires_at"
    t.index ["fingerprint"], name: "index_keys_on_fingerprint", unique: true
    t.index ["fingerprint_sha256"], name: "index_keys_on_fingerprint_sha256"
    t.index ["id", "type"], name: "index_on_deploy_keys_id_and_type_and_public", unique: true, where: "(public = true)"

--- a/doc/.linting/vale/styles/gitlab/SentenceSpacing.yml
+++ b/doc/.linting/vale/styles/gitlab/SentenceSpacing.yml
 ---
-# Checks the presence of more than one space between sentences or clauses.
+# Check for the following in common content scenarios:
+#
+# - No spaces.
+# - More than one space.
 #
 # For a list of all options, see https://errata-ai.github.io/vale/styles/
 extends: existence
-message: "'%s' should have one space between sentences or clauses."
+message: '"%s" must contain one and only one space.'
 link: https://docs.gitlab.com/ee/development/documentation/styleguide.html#punctuation
-level: warning
+level: error
 nonword: true
 tokens:
  - '[a-z][.?!,][A-Z]'
-  - '[.?!,] {2,}[\w]'
+  - '[\w.?!,\(\)\-":] {2,}[\w.?!,\(\)\-":]'
--- a/doc/README.md
+++ b/doc/README.md
@@ -109,7 +109,7 @@ The following documentation relates to the DevOps **Plan** stage:
 | Plan Topics                                                                                                                                                                                                                                                        | Description                                                                                                                                      |
 |:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------|
 | [Burndown Charts](user/project/milestones/burndown_charts.md) **(STARTER)**                                                                                                                                                                                        | Watch your project's progress throughout a specific milestone.                                                                                   |
-| [Discussions](user/discussions/index.md)                                                                                                                                                                                                                           | Threads, comments, and resolvable threads in issues, commits, and  merge requests.                                                           |
+| [Discussions](user/discussions/index.md)                                                                                                                                                                                                                           | Threads, comments, and resolvable threads in issues, commits, and merge requests.                                                           |
 | [Due Dates](user/project/issues/due_dates.md)                                                                                                                                                                                                                      | Keep track of issue deadlines.                                                                                                                   |
 | [Epics](user/group/epics/index.md) **(ULTIMATE)**                                                                                                                                                                                                                  | Tracking groups of issues that share a theme.                                                                                                    |
 | [Issues](user/project/issues/index.md), including [confidential issues](user/project/issues/confidential_issues.md),<br/>[issue and merge request templates](user/project/description_templates.md),<br/>and [moving issues](user/project/issues/managing_issues.md#moving-issues) | Project issues and restricting access to issues as well as creating templates for submitting new issues and merge requests. Also, moving issues between projects. |

--- a/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md
+++ b/doc/administration/auth/how_to_configure_ldap_gitlab_ce/index.md
@@ -14,7 +14,7 @@ GitLab has supported LDAP integration since [version 2.2](https://about.gitlab.c

 ### Choosing an LDAP Server

-The main reason organizations choose to utilize a LDAP server is to keep the entire organization's user base consolidated into a central repository. Users can access multiple applications and systems across the  IT environment using a single login. Because LDAP is an open, vendor-neutral, industry standard application protocol, the number of applications using LDAP authentication continues to increase.
+The main reason organizations choose to utilize a LDAP server is to keep the entire organization's user base consolidated into a central repository. Users can access multiple applications and systems across the IT environment using a single login. Because LDAP is an open, vendor-neutral, industry standard application protocol, the number of applications using LDAP authentication continues to increase.

 There are many commercial and open source [directory servers](https://en.wikipedia.org/wiki/Directory_service#LDAP_implementations) that support the LDAP protocol. Deciding on the right directory server highly depends on the existing IT environment in which the server will be integrated with.

@@ -32,9 +32,9 @@ For example, [Active Directory](https://docs.microsoft.com/en-us/previous-versio

 We won't cover the installation and configuration of Windows Server or Active Directory Domain Services in this tutorial. There are a number of resources online to guide you through this process:

- Install Windows Server 2012  - (`technet.microsoft.com`) - [Installing Windows Server 2012](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134246(v=ws.11))
+- Install Windows Server 2012 - (`technet.microsoft.com`) - [Installing Windows Server 2012](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134246(v=ws.11))

- Install Active Directory Domain Services (AD DS) (`technet.microsoft.com`)- [Install Active Directory Domain Services](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-#BKMK_PS)
+- Install Active Directory Domain Services (AD DS) (`technet.microsoft.com`) - [Install Active Directory Domain Services](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-#BKMK_PS)

 > **Shortcut:** You can quickly install AD DS via PowerShell using
 `Install-WindowsFeature AD-Domain-Services -IncludeManagementTools`

--- a/doc/administration/geo/replication/troubleshooting.md
+++ b/doc/administration/geo/replication/troubleshooting.md
@@ -215,7 +215,7 @@ sudo gitlab-rake gitlab:geo:check
   - Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the admin are of the **primary** node.
   - Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field.

-1. Check returns Exception: PG::UndefinedTable: ERROR:  relation "geo_nodes" does not exist
+1. Check returns `Exception: PG::UndefinedTable: ERROR:  relation "geo_nodes" does not exist`

   ```plaintext
   Checking Geo ...
@@ -252,7 +252,7 @@ sudo gitlab-rake gitlab:geo:check
 The following sections outline troubleshooting steps for fixing replication
 errors.

-### Message: "ERROR:  replication slots can only be used if max_replication_slots > 0"?
+### Message: `ERROR:  replication slots can only be used if max_replication_slots > 0`?

 This means that the `max_replication_slots` PostgreSQL variable needs to
 be set on the **primary** database. In GitLab 9.4, we have made this setting
@@ -263,7 +263,7 @@ Be sure to restart PostgreSQL for this to take
 effect. See the [PostgreSQL replication
 setup][database-pg-replication] guide for more details.

-### Message: "FATAL:  could not start WAL streaming: ERROR:  replication slot "geo_secondary_my_domain_com" does not exist"?
+### Message: `FATAL:  could not start WAL streaming: ERROR:  replication slot "geo_secondary_my_domain_com" does not exist`?

 This occurs when PostgreSQL does not have a replication slot for the
 **secondary** node by that name.

--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -777,7 +777,7 @@ two checks. The result of both of these checks is cached.
    see if we can access filesystem underneath the Gitaly server
    directly. If so, use the Rugged patch.

-To see if GitLab  Rails can access the repo filesystem directly, we use
+To see if GitLab Rails can access the repo filesystem directly, we use
 the following heuristic:

 - Gitaly ensures that the filesystem has a metadata file in its root
@@ -1010,7 +1010,7 @@ unset https_proxy

 When updating the `gitaly['listen_addr']` or `gitaly['prometheus_listen_addr']` values, Gitaly may continue to listen on the old address after a `sudo gitlab-ctl reconfigure`.

-When this occurs, performing a `sudo gitlab-ctl restart` will resolve the issue.  This will no longer be necessary after [this issue](https://gitlab.com/gitlab-org/gitaly/issues/2521) is resolved.
+When this occurs, performing a `sudo gitlab-ctl restart` will resolve the issue. This will no longer be necessary after [this issue](https://gitlab.com/gitlab-org/gitaly/issues/2521) is resolved.

 ### Praefect


--- a/doc/administration/high_availability/README.md
+++ b/doc/administration/high_availability/README.md
@@ -78,24 +78,41 @@ References:

 ## GitLab components and configuration instructions

-The GitLab application depends on the following [components](../../development/architecture.md#component-diagram)
-and services. They are included in the reference architectures along with our
-recommendations for their use and configuration. They are presented in the order
-in which you would typically configure them.
-
-| Component                                                                                                                                                         | Description                                                                                                                       | Configuration Instructions                                   |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------|
-| [Load Balancer(s)](load_balancer.md)[^6]                                                                                                                          | Handles load balancing for the GitLab nodes where required.                                                                       | [Load balancer HA configuration](load_balancer.md)                               |
-| [Consul](../../development/architecture.md#consul)[^3]                                                                                     | Service discovery and health checks/failover                                                                                      | [Consul HA configuration](consul.md) **(PREMIUM ONLY)**                                     |
-| [PostgreSQL](../../development/architecture.md#postgresql)                                                                                 | Database                                                                                                                          | [Database HA configuration](database.md) |
-| [PgBouncer](../../development/architecture.md#pgbouncer)                                                                                   | Database Pool Manager                                                                                                             | [PgBouncer HA configuration](pgbouncer.md) **(PREMIUM ONLY)**                                  |
-| [Redis](../../development/architecture.md#redis)[^3] with Redis Sentinel                                                                   | Key/Value store for shared data with HA watcher service                                                                           | [Redis HA configuration](redis.md)        |
-| [Gitaly](../../development/architecture.md#gitaly)[^2] [^5] [^7]                                                                           | Recommended high-level storage for Git repository data.                                                                           | [Gitaly HA configuration](gitaly.md)                                      |
-| [Sidekiq](../../development/architecture.md#sidekiq)                                                                                       | Asynchronous/Background jobs                                                                                                      |                                                        |
-| [Cloud Object Storage service](object_storage.md)[^4]                                                                                                                | Recommended store for shared data objects such as LFS, Uploads, Artifacts, etc...                                              | [Cloud Object Storage configuration](object_storage.md)                              |
-| [GitLab application nodes](../../development/architecture.md#unicorn)[^1]                                                                  | (Unicorn / Puma, Workhorse) - Web-requests (UI, API, Git over HTTP)                                                               | [GitLab app HA/scaling configuration](gitlab.md)                                      |
-| [NFS](nfs.md)[^5] [^7]                                                                                                                                            | Shared disk storage service. Can be used as an alternative for Gitaly or Object Storage. Required for GitLab Pages.               | [NFS configuration](nfs.md)                                         |
-| [Prometheus](../../development/architecture.md#prometheus) and [Grafana](../../development/architecture.md#grafana) | GitLab environment monitoring                                                                                                     | [Monitoring node for scaling/HA](monitoring_node.md)                             |
+The GitLab application depends on the following [components](../../development/architecture.md#component-diagram).
+It can also depend on several third party services depending on
+your environment setup. Here we'll detail both in the order in which
+you would typically configure them along with our recommendations for
+their use and configuration.
+
+### Third party services
+
+Here's some details of several third party services a typical environment
+will depend on. The services can be provided by numerous applications
+or providers and further advice can be given on how best to select.
+These should be configured first, before the [GitLab components](#gitlab-components).
+
+| Component                                              | Description                                                                                                         | Configuration instructions                              |
+|--------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
+| [Load Balancer(s)](load_balancer.md)[^6]               | Handles load balancing for the GitLab nodes where required                                                          | [Load balancer HA configuration](load_balancer.md)      |
+| [Cloud Object Storage service](object_storage.md)[^4]  | Recommended store for shared data objects                                                                           | [Cloud Object Storage configuration](object_storage.md) |
+| [NFS](nfs.md)[^5] [^7]                                 | Shared disk storage service. Can be used as an alternative for Gitaly or Object Storage. Required for GitLab Pages  | [NFS configuration](nfs.md)                             |
+
+### GitLab components
+
+Next are all of the components provided directly by GitLab. As mentioned
+earlier, they are presented in the typical order you would configure
+them.
+
+| Component                                                                                                           | Description                                                         | Configuration instructions                                    |
+|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------|---------------------------------------------------------------|
+| [Consul](../../development/architecture.md#consul)[^3]                                                              | Service discovery and health checks/failover                        | [Consul HA configuration](consul.md) **(PREMIUM ONLY)**       |
+| [PostgreSQL](../../development/architecture.md#postgresql)                                                          | Database                                                            | [Database HA configuration](database.md)                      |
+| [PgBouncer](../../development/architecture.md#pgbouncer)                                                            | Database Pool Manager                                               | [PgBouncer HA configuration](pgbouncer.md) **(PREMIUM ONLY)** |
+| [Redis](../../development/architecture.md#redis)[^3] with Redis Sentinel                                            | Key/Value store for shared data with HA watcher service             | [Redis HA configuration](redis.md)                            |
+| [Gitaly](../../development/architecture.md#gitaly)[^2] [^5] [^7]                                                    | Recommended high-level storage for Git repository data              | [Gitaly HA configuration](gitaly.md)                          |
+| [Sidekiq](../../development/architecture.md#sidekiq)                                                                | Asynchronous/Background jobs                                        |                                                               |
+| [GitLab application nodes](../../development/architecture.md#unicorn)[^1]                                           | (Unicorn / Puma, Workhorse) - Web-requests (UI, API, Git over HTTP) | [GitLab app HA/scaling configuration](gitlab.md)              |
+| [Prometheus](../../development/architecture.md#prometheus) and [Grafana](../../development/architecture.md#grafana) | GitLab environment monitoring                                       | [Monitoring node for scaling/HA](monitoring_node.md)          |

 In some cases, components can be combined on the same nodes to reduce complexity as well.


--- a/doc/administration/high_availability/monitoring_node.md
+++ b/doc/administration/high_availability/monitoring_node.md
@@ -74,8 +74,8 @@ Omnibus:
 ## Migrating to Service Discovery

 Once monitoring using Service Discovery is enabled with `consul['monitoring_service_discovery'] =  true`,
-ensure that `prometheus['scrape_configs']` is not set  in `/etc/gitlab/gitlab.rb`. Setting both
-`consul['monitoring_service_discovery'] =  true` and `prometheus['scrape_configs']` in `/etc/gitlab/gitlab.rb`
+ensure that `prometheus['scrape_configs']` is not set in `/etc/gitlab/gitlab.rb`. Setting both
+`consul['monitoring_service_discovery'] = true` and `prometheus['scrape_configs']` in `/etc/gitlab/gitlab.rb`
 will result in errors.

 <!-- ## Troubleshooting

--- a/doc/administration/lfs/manage_large_binaries_with_git_lfs.md
+++ b/doc/administration/lfs/manage_large_binaries_with_git_lfs.md
@@ -113,7 +113,7 @@ created or updated with the following content:
 ```

 You can also register a file type as lockable without using LFS
-(In order to be able to lock/unlock a file you need a remote server that implements the  LFS File Locking API),
+(In order to be able to lock/unlock a file you need a remote server that implements the LFS File Locking API),
 in order to do that you can edit the `.gitattributes` file manually:

 ```shell

--- a/doc/administration/monitoring/performance/influxdb_configuration.md
+++ b/doc/administration/monitoring/performance/influxdb_configuration.md
@@ -150,7 +150,7 @@ before creating a database.

 _**Note:** If you [created an admin user](#create-a-new-admin-user) and enabled
 [HTTP authentication](#http), remember to append the username (`-username <username>`)
-and password (`-password <password>`)  you set earlier to the commands below._
+and password (`-password <password>`) you set earlier to the commands below._

 Run the following command to create a database named `gitlab`:


--- a/doc/administration/troubleshooting/sidekiq.md
+++ b/doc/administration/troubleshooting/sidekiq.md
@@ -307,4 +307,4 @@ has number of drawbacks, as mentioned in [Why Ruby’s Timeout is dangerous (and
 > - while creating an object to save to the database afterwards
 > - in any of your code, regardless of whether it could have possibly raised an exception before
 >
-> Nobody writes code to defend against an exception being raised on literally any line. That’s not even possible. So Thread.raise is  basically like a sneak attack on your code that could result in almost anything. It would probably be okay if it were pure-functional code that did not modify any state. But this is Ruby, so that’s unlikely :)
+> Nobody writes code to defend against an exception being raised on literally any line. That’s not even possible. So Thread.raise is basically like a sneak attack on your code that could result in almost anything. It would probably be okay if it were pure-functional code that did not modify any state. But this is Ruby, so that’s unlikely :)
--- a/doc/api/epic_issues.md
+++ b/doc/api/epic_issues.md
@@ -8,7 +8,7 @@ Epics are available only in Ultimate. If epics feature is not available a `403`

 ## List issues for an epic

-Gets all issues that are assigned to an epic and the authenticated user has  access to.
+Gets all issues that are assigned to an epic and the authenticated user has access to.

 ```plaintext
 GET /groups/:id/epics/:epic_iid/issues
@@ -17,7 +17,7 @@ GET /groups/:id/epics/:epic_iid/issues
 | Attribute           | Type             | Required   | Description                                                                            |
 | ------------------- | ---------------- | ---------- | ---------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.  |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.  |

 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5/issues/
@@ -113,8 +113,8 @@ POST /groups/:id/epics/:epic_iid/issues/:issue_id
 | Attribute           | Type             | Required   | Description                                                                            |
 | ------------------- | ---------------- | ---------- | ---------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.  |
-| `issue_id`          | integer/string   | yes        | The ID  of the issue.          |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.  |
+| `issue_id`          | integer/string   | yes        | The ID of the issue.          |

 ```shell
 curl --header POST "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5/issues/55
@@ -219,8 +219,8 @@ DELETE /groups/:id/epics/:epic_iid/issues/:epic_issue_id
 | Attribute           | Type             | Required   | Description                                                                                          |
 | ------------------- | ---------------- | ---------- | -----------------------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.                |
-| `epic_issue_id`     | integer/string   | yes        | The ID  of the issue - epic association.     |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.                |
+| `epic_issue_id`     | integer/string   | yes        | The ID of the issue - epic association.     |

 ```shell
 curl --header DELETE "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5/issues/11
@@ -325,7 +325,7 @@ PUT /groups/:id/epics/:epic_iid/issues/:epic_issue_id
 | Attribute           | Type             | Required   | Description                                                                                          |
 | ------------------- | ---------------- | ---------- | -----------------------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.                |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.                |
 | `epic_issue_id`     | integer/string   | yes        | The ID of the issue - epic association.     |
 | `move_before_id`    | integer/string   | no         | The ID of the issue - epic association that should be placed before the link in the question.     |
 | `move_after_id`     | integer/string   | no         | The ID of the issue - epic association that should be placed after the link in the question.     |

--- a/doc/api/epics.md
+++ b/doc/api/epics.md
@@ -167,7 +167,7 @@ GET /groups/:id/epics/:epic_iid
 | Attribute           | Type             | Required   | Description                                                                            |
 | ------------------- | ---------------- | ---------- | ---------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.  |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.  |

 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5
@@ -309,7 +309,7 @@ PUT /groups/:id/epics/:epic_iid
 | Attribute           | Type             | Required   | Description                                                                            |
 | ------------------- | ---------------- | ---------- | ---------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic  |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic  |
 | `title`             | string           | no         | The title of an epic |
 | `description`       | string           | no         | The description of an epic. Limited to 1,048,576 characters.  |
 | `labels`            | string           | no         | The comma separated list of labels |
@@ -379,7 +379,7 @@ DELETE /groups/:id/epics/:epic_iid
 | Attribute           | Type             | Required   | Description                                                                            |
 | ------------------- | ---------------- | ---------- | ---------------------------------------------------------------------------------------|
 | `id`                | integer/string   | yes        | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user                |
-| `epic_iid`          | integer/string   | yes        | The internal ID  of the epic.  |
+| `epic_iid`          | integer/string   | yes        | The internal ID of the epic.  |

 ```shell
 curl --header DELETE "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/1/epics/5

--- a/doc/api/group_level_variables.md
+++ b/doc/api/group_level_variables.md
-# Group-level Variables  API
+# Group-level Variables API

 > [Introduced][ce-34519] in GitLab 9.5


--- a/doc/api/keys.md
+++ b/doc/api/keys.md
@@ -24,6 +24,7 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" 'https://gitlab.example.com/a
  "title": "Sample key 25",
  "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1256k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
  "created_at": "2015-09-03T07:24:44.627Z",
+  "expires_at": "2020-05-05T00:00:00.000Z"
  "user": {
    "name": "John Smith",
    "username": "john_smith",
@@ -92,6 +93,7 @@ Example response:
  "title": "Sample key 1",
  "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1016k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
  "created_at": "2019-11-14T15:11:13.222Z",
+  "expires_at": "2020-05-05T00:00:00.000Z"
  "user": {
    "id": 1,
    "name": "Administrator",

--- a/doc/api/merge_request_context_commits.md
+++ b/doc/api/merge_request_context_commits.md
-# Merge request context commits  API
+# Merge request context commits API

 ## List MR context commits


--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -1296,13 +1296,13 @@ PUT /projects/:id/merge_requests/:merge_request_iid/merge
 Parameters:

 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
- `merge_request_iid` (required)            - Internal ID of MR
- `merge_commit_message` (optional)         - Custom merge commit message
- `squash_commit_message` (optional)        - Custom squash commit message
- `squash` (optional)                       - if `true` the commits will be squashed into a single commit on merge
- `should_remove_source_branch` (optional)  - if `true` removes the source branch
+- `merge_request_iid` (required) - Internal ID of MR
+- `merge_commit_message` (optional) - Custom merge commit message
+- `squash_commit_message` (optional) - Custom squash commit message
+- `squash` (optional) - if `true` the commits will be squashed into a single commit on merge
+- `should_remove_source_branch` (optional) - if `true` removes the source branch
 - `merge_when_pipeline_succeeds` (optional) - if `true` the MR is merged when the pipeline succeeds
- `sha` (optional)                          - if present, then this SHA must match the HEAD of the source branch, otherwise the merge will fail
+- `sha` (optional) - if present, then this SHA must match the HEAD of the source branch, otherwise the merge will fail

 ```json
 {
@@ -1457,7 +1457,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/merge_ref
 Parameters:

 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
- `merge_request_iid` (required)            - Internal ID of MR
+- `merge_request_iid` (required) - Internal ID of MR

 ```json
 {

--- a/doc/api/pipeline_schedules.md
+++ b/doc/api/pipeline_schedules.md
@@ -141,7 +141,7 @@ curl --request POST --header "PRIVATE-TOKEN: k5ESFgWY2Qf5xEvDcFxZ" --form descri

 ## Edit a pipeline schedule

-Updates the pipeline schedule  of a project. Once the update is done, it will be rescheduled automatically.
+Updates the pipeline schedule of a project. Once the update is done, it will be rescheduled automatically.

 ```plaintext
 PUT /projects/:id/pipeline_schedules/:pipeline_schedule_id

--- a/doc/api/services.md
+++ b/doc/api/services.md
@@ -658,7 +658,7 @@ Send IRC messages, on update, to a list of recipients through an Irker gateway.

 Set Irker (IRC gateway) service for a project.

-> NOTE: Irker does NOT have built-in authentication, which makes it vulnerable to spamming IRC channels if it is hosted outside of a  firewall. Please make sure you run the daemon within a secured network  to prevent abuse. For more details, read: <http://www.catb.org/~esr/irker/security.html>.
+> NOTE: Irker does NOT have built-in authentication, which makes it vulnerable to spamming IRC channels if it is hosted outside of a firewall. Please make sure you run the daemon within a secured network to prevent abuse. For more details, read: <http://www.catb.org/~esr/irker/security.html>.

 ```plaintext
 PUT /projects/:id/services/irker

--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -239,7 +239,7 @@ are listed in the descriptions of the relevant settings.
 | `external_auth_client_key_pass`          | string           | no                                   | Passphrase to use for the private key when authenticating with the external service this is encrypted when stored |
 | `external_auth_client_key`               | string           | required by: `external_auth_client_cert` | Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored |
 | `external_authorization_service_default_label` | string     | required by: `external_authorization_service_enabled` | The default classification label to use when requesting authorization and no classification label has been specified on the project |
-| `external_authorization_service_enabled` | boolean          | no                                   | (**If enabled, requires:** `external_authorization_service_default_label`, `external_authorization_service_timeout` and `external_authorization_service_url` )  Enable using an external authorization service for accessing projects |
+| `external_authorization_service_enabled` | boolean          | no                                   | (**If enabled, requires:** `external_authorization_service_default_label`, `external_authorization_service_timeout` and `external_authorization_service_url`) Enable using an external authorization service for accessing projects |
 | `external_authorization_service_timeout` | float            | required by: `external_authorization_service_enabled` | The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001) |
 | `external_authorization_service_url`     | string           | required by: `external_authorization_service_enabled` | URL to which authorization requests will be directed |
 | `file_template_project_id`               | integer          | no                                   | **(PREMIUM)** The ID of a project to load custom file templates from |

--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -754,7 +754,7 @@ POST /user/keys
 Parameters:

 - `title` (required) - new SSH Key's title
- `key` (required)   - new SSH key
+- `key` (required) - new SSH key

 ```json
 {
@@ -791,9 +791,9 @@ POST /users/:id/keys

 Parameters:

- `id` (required)    - id of specified user
+- `id` (required) - id of specified user
 - `title` (required) - new SSH Key's title
- `key` (required)   - new SSH key
+- `key` (required) - new SSH key

 ## Delete SSH key for current user

@@ -819,7 +819,7 @@ DELETE /users/:id/keys/:key_id
 Parameters:

 - `id` (required) - id of specified user
- `key_id` (required)  - SSH key ID
+- `key_id` (required) - SSH key ID

 ## List all GPG keys

@@ -1130,7 +1130,7 @@ POST /users/:id/emails

 Parameters:

- `id` (required)    - id of specified user
+- `id` (required) - id of specified user
 - `email` (required) - email address
 - `skip_confirmation` (optional) - Skip confirmation and assume e-mail is verified - true or false (default)

@@ -1158,7 +1158,7 @@ DELETE /users/:id/emails/:email_id
 Parameters:

 - `id` (required) - id of specified user
- `email_id` (required)  - email ID
+- `email_id` (required) - email ID

 ## Block user


--- a/doc/ci/examples/deployment/composer-npm-deploy.md
+++ b/doc/ci/examples/deployment/composer-npm-deploy.md
@@ -23,7 +23,7 @@ before_script:
  - php -r "unlink('composer-setup.php');"
 ```

-This will make sure we have all requirements ready. Next, we want to run `composer install` to fetch all PHP dependencies  and `npm install` to load Node.js packages, then run the `npm` script. We need to append them  into `before_script` section:
+This will make sure we have all requirements ready. Next, we want to run `composer install` to fetch all PHP dependencies and `npm install` to load Node.js packages, then run the `npm` script. We need to append them into `before_script` section:

 ```yaml
 before_script:

--- a/doc/ci/jenkins/index.md
+++ b/doc/ci/jenkins/index.md
@@ -53,7 +53,7 @@ There are some high level differences between the products worth mentioning:
  - by [webhook](../triggers/README.md#triggering-a-pipeline-from-a-webhook)
  - by [ChatOps](../chatops/README.md)

-  You can control which jobs run in which cases, depending on how they are triggered,
+- You can control which jobs run in which cases, depending on how they are triggered,
  with the [`rules` syntax](../yaml/README.md#rules).
 - GitLab [pipeline scheduling concepts](../pipelines/schedules.md) are also different than with Jenkins.
 - All jobs within a single stage always run in parallel, and all stages run in sequence. We are planning
@@ -78,7 +78,9 @@ There are some high level differences between the products worth mentioning:
  also leverage [`protected environments`](../yaml/README.md#protecting-manual-jobs-premium)
  to control who is able to approve them.
 - GitLab comes with a [container registry](../../user/packages/container_registry/index.md), and we recommend using
-  container images to set up your build environment.
+  container images to set up your build environment. For example, set up one pipeline that builds your build environment
+  itself and publish that to the container registry. Then, have your pipelines use this instead of each building their
+  own environment, which will be slower and may be less consistent. We have extensive docs on [how to use the Container Registry](../../user/packages/container_registry/index.md).
 - Totally stuck and not sure where to turn for advice? The [GitLab community forum](https://forum.gitlab.com/) can be a great resource.

 ## Groovy vs. YAML

--- a/doc/ci/pipelines/schedules.md
+++ b/doc/ci/pipelines/schedules.md
@@ -86,7 +86,7 @@ To change the Sidekiq worker's frequency:
 1. Edit the `gitlab_rails['pipeline_schedule_worker_cron']` value in your instance's `gitlab.rb` file.
 1. [Reconfigure GitLab](../../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.

-For GitLab.com, refer to the [dedicated settings page](../../user/gitlab_com/index.md#cron-jobs).
+For GitLab.com, refer to the [dedicated settings page](../../user/gitlab_com/index.md#gitlab-cicd).

 ## Working with scheduled pipelines


--- a/doc/ci/review_apps/index.md
+++ b/doc/ci/review_apps/index.md
@@ -200,7 +200,8 @@ Feature.enable(:anonymous_visual_review_feedback)
 The feedback form is served through a script you add to pages in your Review App.
 If you have [Developer permissions](../../user/permissions.md) to the project,
 you can access it by clicking the **Review** button in the **Pipeline** section
-of the merge request.
+of the merge request. The form modal will also show a dropdown for changed pages
+if [route maps](#route-maps) are configured in the project.

 ![review button](img/review_button.png)


--- a/doc/ci/services/postgres.md
+++ b/doc/ci/services/postgres.md
@@ -119,7 +119,7 @@ We have set up an [Example PostgreSQL Project][postgres-example-repo] for your
 convenience that runs on [GitLab.com](https://gitlab.com) using our publicly
 available [shared runners](../runners/README.md).

-Want to hack on it? Simply fork it, commit and push  your changes. Within a few
+Want to hack on it? Simply fork it, commit and push your changes. Within a few
 moments the changes will be picked by a public runner and the job will begin.

 [hub-pg]: https://hub.docker.com/_/postgres

--- a/doc/ci/services/redis.md
+++ b/doc/ci/services/redis.md
@@ -66,5 +66,5 @@ We have set up an [Example Redis Project](https://gitlab.com/gitlab-examples/red
 that runs on [GitLab.com](https://gitlab.com) using our publicly available
 [shared runners](../runners/README.md).

-Want to hack on it? Simply fork it, commit and push  your changes. Within a few
+Want to hack on it? Simply fork it, commit and push your changes. Within a few
 moments the changes will be picked by a public runner and the job will begin.
--- a/doc/ci/triggers/README.md
+++ b/doc/ci/triggers/README.md
@@ -123,7 +123,7 @@ settings page which provides self-explanatory examples.
 When a rerun of a pipeline is triggered, the information is exposed in GitLab's
 UI under the **Jobs** page and the jobs are marked as triggered 'by API'.

-![Marked rebuilds as  on jobs page](img/builds_page.png)
+![Marked rebuilds as on jobs page](img/builds_page.png)

 ---


--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
@@ -867,6 +867,10 @@ CAUTION: **Warning:**
 There are some points to be aware of when
 [using this feature with new branches or tags *without* pipelines for merge requests](#using-onlychanges-without-pipelines-for-merge-requests).

+CAUTION: **Warning:**
+There are some points to be aware of when
+[using this feature with scheduled pipelines](#using-onlychanges-with-scheduled-pipelines).
+
 ##### Using `only:changes` with pipelines for merge requests

 With [pipelines for merge requests](../merge_request_pipelines/index.md),
@@ -931,6 +935,12 @@ This could result in some unexpected behavior, including:
 - When pushing a new commit, the changed files are calculated using the previous commit
  as the base SHA.

+##### Using `only:changes` with scheduled pipelines
+
+`only:changes` always evaluates as "true" in [Scheduled pipelines](../pipelines/schedules.md).
+All files are considered to have "changed" when a scheduled pipeline
+runs.
+
 ### `rules`

 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/29011) in GitLab 12.3.
@@ -3042,7 +3052,7 @@ include:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/53903) in GitLab 11.7.

 To include files from another private project under the same GitLab instance,
-use `include:file`. This file is referenced using full  paths relative to the
+use `include:file`. This file is referenced using full paths relative to the
 root directory (`/`). For example:

 ```yaml

--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@@ -455,7 +455,7 @@ helped us with overall code quality (using delegation, `&.` those
 types of things), and making the code more robust.

 **["Support multiple assignees for merge requests"](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/10161)**:
-A  good example of collaboration on an MR touching multiple parts of the codebase. Nick pointed out interesting edge cases, James Lopes also joined in raising concerns on import/export feature.
+A good example of collaboration on an MR touching multiple parts of the codebase. Nick pointed out interesting edge cases, James Lopes also joined in raising concerns on import/export feature.

 ### Credits


--- a/doc/development/contributing/issue_workflow.md
+++ b/doc/development/contributing/issue_workflow.md
@@ -137,7 +137,7 @@ their color is `#A8D695`.
 with `_` replaced with a space.

 For instance, the "Continuous Integration" group is represented by the
-~"group::continuous integration"  label in the `gitlab-org` group since its key
+~"group::continuous integration" label in the `gitlab-org` group since its key
 under `stages.manage.groups` is `continuous_integration`.

 The current group labels can be found by [searching the labels list for `group::`](https://gitlab.com/groups/gitlab-org/-/labels?search=group::).

--- a/doc/development/database_review.md
+++ b/doc/development/database_review.md
@@ -185,6 +185,6 @@ NOTE: **Note:** Keep in mind that all runtimes should be measured against GitLab

 | Migration Type | Execution Time Recommended | Notes |
 |----|----|---|
-| Regular migrations on `db/migrate` | `3 minutes` | A valid exception  are index creation as this can take a long time. |
+| Regular migrations on `db/migrate` | `3 minutes` | A valid exception are index creation as this can take a long time. |
 | Post migrations on `db/post_migrate` | `10 minutes` | |
 | Background migrations | --- | Since these are suitable for larger tables, it's not possible to set a precise timing guideline, however, any single query must stay below `1 second` execution time with cold caches. |
--- a/doc/development/fe_guide/development_process.md
+++ b/doc/development/fe_guide/development_process.md
@@ -4,7 +4,7 @@ You can find more about the organization of the frontend team in the [handbook](

 ## Development Checklist

-The idea is to remind us about specific topics during the time we build a new feature or start something. This is a common practice in other industries (like pilots) that also use  standardised checklists to reduce problems early on.
+The idea is to remind us about specific topics during the time we build a new feature or start something. This is a common practice in other industries (like pilots) that also use standardised checklists to reduce problems early on.

 Copy the content over to your issue or merge request and if something doesn't apply simply remove it from your current list.


--- a/doc/development/fe_guide/icons.md
+++ b/doc/development/fe_guide/icons.md
@@ -65,7 +65,7 @@ export default {
 </template>
 ```

- **name** Name of the Icon in the SVG Sprite  ([Overview is available here][svg-preview]).
+- **name** Name of the Icon in the SVG Sprite ([Overview is available here][svg-preview]).
 - **size (optional)** Number value for the size which is then mapped to a specific CSS class
  (Available Sizes: 8, 12, 16, 18, 24, 32, 48, 72 are mapped to `sXX` css classes)
 - **css-classes (optional)** Additional CSS Classes to add to the svg tag.

--- a/doc/development/file_storage.md
+++ b/doc/development/file_storage.md
@@ -40,7 +40,7 @@ they are still not 100% standardized. You can see them below:
 | Issues/MR/Notes Legacy Markdown attachments | no | uploads/-/system/note/attachment/:id/:filename            | `AttachmentUploader`   | Note       |
 | Design Management design thumbnails (EE) | yes | uploads/-/system/design_management/action/image_v432x230/:id/:filename | `DesignManagement::DesignV432x230Uploader` | DesignManagement::Action |
 | CI Artifacts (CE)                     | yes    | `shared/artifacts/:disk_hash[0..1]/:disk_hash[2..3]/:disk_hash/:year_:month_:date/:job_id/:job_artifact_id` (:disk_hash is SHA256 digest of project_id) | `JobArtifactUploader`  | Ci::JobArtifact  |
-| LFS Objects  (CE)                     | yes    | shared/lfs-objects/:hex/:hex/:object_hash                   | `LfsObjectUploader`    | LfsObject  |
+| LFS Objects (CE)                      | yes    | shared/lfs-objects/:hex/:hex/:object_hash                   | `LfsObjectUploader`    | LfsObject  |
 | External merge request diffs          | yes    | shared/external-diffs/merge_request_diffs/mr-:parent_id/diff-:id | `ExternalDiffUploader` | MergeRequestDiff |

 CI Artifacts and LFS Objects behave differently in CE and EE. In CE they inherit the `GitlabUploader`

--- a/doc/development/permissions.md
+++ b/doc/development/permissions.md
@@ -9,11 +9,11 @@ anything that deals with permissions, all of them should be considered.

 Groups and projects can have the following visibility levels:

- public (20) -  an entity is visible to everyone
+- public (20) - an entity is visible to everyone
 - internal (10) - an entity is visible to logged in users
 - private (0) - an entity is visible only to the approved members of the entity

-The visibility level of a group can be changed  only if all subgroups and
+The visibility level of a group can be changed only if all subgroups and
 subprojects have the same or lower visibility level. (e.g., a group can be set
 to internal only if all subgroups and projects are internal or private).


--- a/doc/development/query_recorder.md
+++ b/doc/development/query_recorder.md
@@ -65,7 +65,7 @@ There are multiple ways to find the source of queries.
   `QueryRecorder#occurrences_by_line_method` returns a sorted array based on `data`, sorted by `count`.

 1. You can output the call backtrace for the specific `QueryRecorder` instance you want
-   by using `ActiveRecord::QueryRecorder.new(query_recorder_debug: true)`.  The output
+   by using `ActiveRecord::QueryRecorder.new(query_recorder_debug: true)`. The output
   will be in `test.log`

 1. Using the environment variable `QUERY_RECORDER_DEBUG`, the call backtrace will be output for all tests.

--- a/doc/development/scalability.md
+++ b/doc/development/scalability.md
@@ -67,7 +67,7 @@ kind of partitioning.
 Sharding is likely more difficult and will require significant changes
 to the schema and application. For example, if we have to store projects
 in many different databases, we immediately run into the question, "How
-can we retrieve data across different projects?"  One answer to this is
+can we retrieve data across different projects?" One answer to this is
 to abstract data access into API calls that abstract the database from
 the application, but this is a significant amount of work.


--- a/doc/development/testing_guide/end_to_end/best_practices.md
+++ b/doc/development/testing_guide/end_to_end/best_practices.md
@@ -10,7 +10,7 @@ But if the login feature is already covered with end-to-end tests through the GU

 Let's say that, on average, the process to perform a successful login through the GUI takes 2 seconds.

-Now, realize that almost all tests need the user to be logged in, and that we need every test to run in isolation, meaning that tests cannot interfere with each other. This would  mean that for every test the user needs to log in, and "waste 2 seconds".
+Now, realize that almost all tests need the user to be logged in, and that we need every test to run in isolation, meaning that tests cannot interfere with each other. This would mean that for every test the user needs to log in, and "waste 2 seconds".

 Now, multiply the number of tests per 2 seconds, and as your test suite grows, the time to run it grows with it, and this is not sustainable.


--- a/doc/development/testing_guide/end_to_end/quick_start_guide.md
+++ b/doc/development/testing_guide/end_to_end/quick_start_guide.md
@@ -39,7 +39,7 @@ Sometimes you may notice that there is already good coverage in lower test level

 - Take a look at the [How to test at the correct level?](https://gitlab.com/gitlab-org/gitlab/blob/master/doc/development/testing_guide/testing_levels.md#how-to-test-at-the-correct-level) section of the [Testing levels](https://gitlab.com/gitlab-org/gitlab/blob/master/doc/development/testing_guide/testing_levels.md) document

- Look into the frequency in which such a feature is changed  (_Stable features that don't change very often might not be worth covering with end-to-end tests if they're already covered in lower levels_)
+- Look into the frequency in which such a feature is changed (_Stable features that don't change very often might not be worth covering with end-to-end tests if they're already covered in lower levels_)

 - Finally, discuss with the developer(s) involved in developing the feature and the tests themselves, to get their feeling


--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -353,7 +353,7 @@ TIP: **Tip:** If you do not want to maintain bastion hosts, you can set up [AWS
 1. Review all your settings and, if you're happy, click **Launch**.
 1. Acknowledge that you have access to an existing key pair or create a new one. Click **Launch Instance**.

-Confirm that you can SHH into the instance:
+Confirm that you can SSH into the instance:

 1. On the EC2 Dashboard, click on **Instances** in the left menu.
 1. Select **Bastion Host A** from your list of instances.
@@ -367,6 +367,12 @@ Confirm that you can SHH into the instance:
   1. Under the **Add Tags** section, we’ll set `Key: Name` and `Value: Bastion Host B` so that we can easily identify our two instances.
   1. For the security group, select the existing `bastion-sec-group` we created above.

+### Use SSH Agent Forwarding
+
+EC2 instances running Linux use private key files for SSH authentication. You'll connect to your bastion host using an SSH client and the private key file stored on your client. Since the private key file is not present on the bastion host, you will not be able to connect to your instances in private subnets.
+
+Storing private key files on your bastion host is a bad idea. To get around this, use SSH agent forwarding on your client. See [Securely Connect to Linux Instances Running in a Private Amazon VPC](https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/) for a step-by-step guide on how to use SSH agent forwarding.
+
 ## Deploying GitLab inside an auto scaling group

 We'll use AWS's wizard to deploy GitLab and then SSH into the instance to

--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -563,7 +563,7 @@ NOTE: **Note:**
 If you want to use HTTPS, see [Using HTTPS](#using-https) for the additional steps.

 NOTE: **Note:**
-Make sure your hostname can be resolved on the machine itself by either a proper DNS record or an additional line in `/etc/hosts` ("127.0.0.1  hostname"). This might be necessary, for example, if you set up GitLab behind a reverse proxy. If the hostname cannot be resolved, the final installation check will fail with `Check GitLab API access: FAILED. code: 401` and pushing commits will be rejected with `[remote rejected] master -> master (hook declined)`.
+Make sure your hostname can be resolved on the machine itself by either a proper DNS record or an additional line in `/etc/hosts` ("127.0.0.1 hostname"). This might be necessary, for example, if you set up GitLab behind a reverse proxy. If the hostname cannot be resolved, the final installation check will fail with `Check GitLab API access: FAILED. code: 401` and pushing commits will be rejected with `[remote rejected] master -> master (hook declined)`.

 NOTE: **Note:**
 GitLab Shell application startup time can be greatly reduced by disabling RubyGems. This can be done in several ways:

--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@@ -42,7 +42,7 @@ Please consider using a virtual machine to run GitLab.

 ### Ruby versions

-GitLab requires Ruby (MRI) 2.6. Beginning in GitLab 12.2, we  no longer support Ruby 2.5 and lower.
+GitLab requires Ruby (MRI) 2.6. Beginning in GitLab 12.2, we no longer support Ruby 2.5 and lower.

 You must use the standard MRI implementation of Ruby.
 We love [JRuby](https://www.jruby.org/) and [Rubinius](https://rubinius.com), but GitLab

--- a/doc/integration/jira_development_panel.md
+++ b/doc/integration/jira_development_panel.md
@@ -131,7 +131,7 @@ The **GitLab for Jira** App is only compatible with GitLab.com **and** Jira Clou
 1. After installing, click **Get started** to go to the configurations page. This page is always available under **Jira Settings > Apps > Manage apps**.

   ![Start GitLab App configuration on Jira](img/jira_dev_panel_setup_com_2.png)
-1. Enter the group or personal namespace in the **Namespace** field and click **Link namespace to Jira**.   Make sure you are logged in on GitLab.com and the namespace has a Silver or above license. The user setting up _GitLab for Jira_ must have **Maintainer** access to the GitLab namespace.
+1. Enter the group or personal namespace in the **Namespace** field and click **Link namespace to Jira**. Make sure you are logged in on GitLab.com and the namespace has a Silver or above license. The user setting up _GitLab for Jira_ must have **Maintainer** access to the GitLab namespace.

 NOTE: **Note:**
 The GitLab user only needs access when adding a new namespace. For syncing with Jira, we do not depend on the user's token.
@@ -150,7 +150,7 @@ In this case, enable cross-site cookies in your browser.

 ## Usage

-Once the integration is set up on GitLab and Jira you may refer any Jira issue by its ID in branch names, commit messages and  merge request titles on GitLab's side,
+Once the integration is set up on GitLab and Jira you may refer any Jira issue by its ID in branch names, commit messages and merge request titles on GitLab's side,
 and you will be able to see the linked `branches`, `commits`, and `merge requests` when entering a Jira issue
 (inside the Jira issue, merge requests will be called "pull requests").


--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
@@ -248,7 +248,7 @@ OmniauthKerberosSpnegoController: failed to process Negotiate/Kerberos authentic
 ```

 This is usually seen when the browser is unable to contact the Kerberos server
-directly. It will fall back to an  unsupported mechanism known as
+directly. It will fall back to an unsupported mechanism known as
 [`IAKERB`](https://k5wiki.kerberos.org/wiki/Projects/IAKERB), which tries to use
 the GitLab server as an intermediary to the Kerberos server.


--- a/doc/ssh/README.md
+++ b/doc/ssh/README.md
@@ -186,8 +186,11 @@ Now, it's time to add the newly created public key to your GitLab account.
   1. Navigating to **SSH Keys** and pasting your **public** key from the clipboard into the **Key** field. If you:
      - Created the key with a comment, this will appear in the **Title** field.
      - Created the key without a comment, give your key an identifiable title like _Work Laptop_ or _Home Workstation_.
+   1. Choose an (optional) expiry date for the key under "Expires at" section. (Introduced in [GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/-/issues/36243))
   1. Click the **Add key** button.

+SSH keys that have "expired" using this procedure will still be valid in GitLab workflows. As the GitLab-configured expiration date is not included in the SSH key itself, you can still export public SSH keys as needed.
+
   NOTE: **Note:**
   If you manually copied your public SSH key make sure you copied the entire
   key starting with `ssh-ed25519` (or `ssh-rsa`) and ending with your email.

--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -666,7 +666,7 @@ To use Auto Deploy on a Kubernetes 1.16+ cluster, you must:
   This will opt-in to using a version of the PostgreSQL chart that supports Kubernetes
   1.16 and higher.

-CAUTION: **Caution:** Opting into `AUTO_DEVOPS_POSTGRES_CHANNEL` version `2` will delete
+DANGER: **Danger:** Opting into `AUTO_DEVOPS_POSTGRES_CHANNEL` version `2` will delete
 the version `1` PostgreSQL database. Please backup the contents of the PostgreSQL database
 first before opting into version `2`, so that you can restore into the version `2` database.


--- a/doc/user/analytics/value_stream_analytics.md
+++ b/doc/user/analytics/value_stream_analytics.md
@@ -133,12 +133,12 @@ environments is configured.
 From the above example you can conclude the time it took each stage to complete
 as long as their total time:

- **Issue**:  2h (11:00 - 09:00)
- **Plan**:   1h (12:00 - 11:00)
- **Code**:   2h (14:00 - 12:00)
- **Test**:   5min
+- **Issue**: 2h (11:00 - 09:00)
+- **Plan**: 1h (12:00 - 11:00)
+- **Code**: 2h (14:00 - 12:00)
+- **Test**: 5min
 - **Review**: 5h (19:00 - 14:00)
- **Staging**:  30min (19:30 - 19:00)
+- **Staging**: 30min (19:30 - 19:00)
 - **Total**: Since this stage measures the sum of median time of all
  previous stages, we cannot calculate it if we don't know the status of the
  stages before. In case this is the very first cycle that is run in the project,

--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -13,6 +13,35 @@ information provided, you can immediately begin risk analysis and remediation.
 For an overview of application security with GitLab, see
 [Security Deep Dive](https://www.youtube.com/watch?v=k4vEJnGYy84).

+## Quick start
+
+Get started quickly with Dependency Scanning, License Scanning, and Static Application Security
+Testing (SAST) by adding the following to your `.gitlab-ci.yml`:
+
+```yaml
+include:
+  - template: Dependency-Scanning.gitlab-ci.yml
+  - template: License-Scanning.gitlab-ci.yml
+  - template: SAST.gitlab-ci.yml
+```
+
+To add Dynamic Application Security Testing (DAST) scanning, add the following to your
+`.gitlab-ci.yml` and replace `https://staging.example.com` with a staging server's web address:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+variables:
+  DAST_WEBSITE: https://staging.example.com
+```
+
+To ensure the DAST scanner runs *after* deploying the application to the staging server, review the [DAST full documentation](dast/index.md).
+
+To add Container Scanning, follow the steps listed in the [Container Scanning documentation](container_scanning/index.md#requirements).
+
+To further configure any of the other scanners, refer to each scanner's documentation.
+
 ## Security scanning tools

 GitLab uses the following tools to scan and report known vulnerabilities found in your project.

--- a/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png
+++ b/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png
--- a/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png
+++ b/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png
--- a/doc/user/compliance/license_compliance/img/policies_v12_9.png
+++ b/doc/user/compliance/license_compliance/img/policies_v12_9.png
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -50,7 +50,7 @@ The following languages and package managers are supported.
 | Language   | Package managers                                                  | Scan Tool                                                |
 |------------|-------------------------------------------------------------------|----------------------------------------------------------|
 | JavaScript | [Bower](https://bower.io/), [npm](https://www.npmjs.com/), [yarn](https://yarnpkg.com/) ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)) |[License Finder](https://github.com/pivotal/LicenseFinder)|
-| Go         | [Godep](https://github.com/tools/godep), go get ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), gvt ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), glide ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), dep ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), trash ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types))  and govendor ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), [go mod](https://github.com/golang/go/wiki/Modules) ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types))   |[License Finder](https://github.com/pivotal/LicenseFinder)|
+| Go         | [Godep](https://github.com/tools/godep), go get ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), gvt ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), glide ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), dep ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), trash ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)) and govendor ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types)), [go mod](https://github.com/golang/go/wiki/Modules) ([experimental support](https://github.com/pivotal/LicenseFinder#experimental-project-types))   |[License Finder](https://github.com/pivotal/LicenseFinder)|
 | Java       | [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) |[License Finder](https://github.com/pivotal/LicenseFinder)|
 | .NET      | [Nuget](https://www.nuget.org/) (.NET Framework is supported via the [mono project](https://www.mono-project.com/). Windows specific dependencies are not supported at this time.)  |[License Finder](https://github.com/pivotal/LicenseFinder)|
 | Python     | [pip](https://pip.pypa.io/en/stable/)                             |[License Finder](https://github.com/pivotal/LicenseFinder)|
@@ -324,3 +324,19 @@ in your project's sidebar, and you'll see the licenses displayed, where:
 - **Component:** The components which have this license.

 ![License List](img/license_list_v12_6.png)
+
+## Policies
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22465) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
+
+The **Policies** tab allows you to see your project's software license policies
+and the associated classifications for each.
+
+Policies can be configured by maintainers of the project.
+
+![Edit Policy](img/policies_maintainer_edit_v12_9.png)
+![Add Policy](img/policies_maintainer_add_v12_9.png)
+
+Developers of the project can view the policies configured in a project.
+
+![View Policies](img/policies_v12_9.png)
--- a/doc/user/gitlab_com/index.md
+++ b/doc/user/gitlab_com/index.md
@@ -74,7 +74,7 @@ Below are the current settings regarding [GitLab CI/CD](../../ci/README.md).
 | -----------             | ----------------- | ------------- |
 | Artifacts maximum size (uncompressed) | 1G                | 100M          |
 | Artifacts [expiry time](../../ci/yaml/README.md#artifactsexpire_in)   | kept forever           | deleted after 30 days unless otherwise specified    |
-| Scheduled Pipeline Cron | `*/5 * * * *` | `*/19 * * * *` |
+| Scheduled Pipeline Cron | `*/5 * * * *` | `19 * * * *` |
 | [Max jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines) | `500` for Free tier, unlimited otherwise | Unlimited

 ## Repository size limit
@@ -372,15 +372,6 @@ NOTE: **Note:**
 The `SIDEKIQ_MEMORY_KILLER_MAX_RSS` setting is `16000000` on Sidekiq import
 nodes and Sidekiq export nodes.

-## Cron jobs
-
-Periodically executed jobs by Sidekiq, to self-heal GitLab, do external
-synchronizations, run scheduled pipelines, etc.:
-
-| Setting                     | GitLab.com   | Default      |
-|--------                     |------------- |------------- |
-| `pipeline_schedule_worker`  | `19 * * * *` | `19 * * * *` |
-
 ## PostgreSQL

 GitLab.com being a fairly large installation of GitLab means we have changed

--- a/doc/user/project/integrations/prometheus.md
+++ b/doc/user/project/integrations/prometheus.md
@@ -170,7 +170,7 @@ Variables for Prometheus queries must be lowercase.
 There are 2 methods to specify a variable in a query or dashboard:

 1. Variables can be specified using the [Liquid template format](https://help.shopify.com/en/themes/liquid/basics), for example `{{ci_environment_slug}}` ([added](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20793) in GitLab 12.6).
-1. You can also enclose it in quotation marks with curly braces with a leading percent, for example `"%{ci_environment_slug}"`. This method is deprecated  though and support will be [removed in the next major release](https://gitlab.com/gitlab-org/gitlab/issues/37990).
+1. You can also enclose it in quotation marks with curly braces with a leading percent, for example `"%{ci_environment_slug}"`. This method is deprecated though and support will be [removed in the next major release](https://gitlab.com/gitlab-org/gitlab/issues/37990).

 ### Defining custom dashboards per project


--- a/doc/user/project/issues/design_management.md
+++ b/doc/user/project/issues/design_management.md
@@ -46,10 +46,16 @@ If the requirements are not met, the **Designs** tab displays a message to the u
  Designs support short references in Markdown, but this needs to be enabled by setting
  the `:design_management_reference_filter_gfm_pipeline` feature flag.

+## Supported files
+
+Files uploaded must have a file extension of either `png`, `jpg`, `jpeg`,
+`gif`, `bmp`, `tiff` or `ico`.
+
+Support for [SVG files](https://gitlab.com/gitlab-org/gitlab/issues/12771)
+and [PDFs](https://gitlab.com/gitlab-org/gitlab/issues/32811) is planned for a future release.
+
 ## Limitations

- Files uploaded must have a file extension of either `png`, `jpg`, `jpeg`, `gif`, `bmp`, `tiff` or `ico`.
-  The [`svg` extension is not yet supported](https://gitlab.com/gitlab-org/gitlab/issues/12771).
 - Design uploads are limited to 10 files at a time.
 - Design Management data
  [isn't deleted when a project is destroyed](https://gitlab.com/gitlab-org/gitlab/issues/13429) yet.
@@ -77,6 +83,11 @@ of the design, and will replace the previous version.
 Designs cannot be added if the issue has been moved, or its
 [discussion is locked](../../discussions/#lock-discussions).

+[Introduced](https://gitlab.com/gitlab-org/gitlab/issues/34353) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.9,
+you can drag and drop designs onto the dedicated dropzone to upload them.
+
+![Drag and drop design uploads](img/design_drag_and_drop_uploads_v12_9.png)
+
 ### Skipped designs

 Designs with the same filename as an existing uploaded design _and_ whose content has not changed will be skipped.

--- a/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png
+++ b/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png
--- a/doc/user/project/merge_requests/code_quality.md
+++ b/doc/user/project/merge_requests/code_quality.md
@@ -27,6 +27,8 @@ in the merge request widget area:

 ![Code Quality Widget](img/code_quality.png)

+For more information, see the Code Climate list of [Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability).
+
 ## Use cases

 For instance, consider the following workflow:

--- a/doc/user/project/releases/img/release_with_milestone_v12_9.png
+++ b/doc/user/project/releases/img/release_with_milestone_v12_9.png
--- a/doc/user/project/releases/img/releases_v12_9.png
+++ b/doc/user/project/releases/img/releases_v12_9.png
--- a/doc/user/project/releases/index.md
+++ b/doc/user/project/releases/index.md
--- a/lib/api/entities/ssh_key.rb
+++ b/lib/api/entities/ssh_key.rb
--- a/lib/gitlab/auth/key_status_checker.rb
+++ b/lib/gitlab/auth/key_status_checker.rb
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
--- a/spec/controllers/admin/integrations_controller_spec.rb
+++ b/spec/controllers/admin/integrations_controller_spec.rb
--- a/spec/controllers/profiles/keys_controller_spec.rb
+++ b/spec/controllers/profiles/keys_controller_spec.rb
--- a/spec/frontend/clusters/components/ingress_modsecurity_settings_spec.js
+++ b/spec/frontend/clusters/components/ingress_modsecurity_settings_spec.js
--- a/spec/frontend/clusters/services/mock_data.js
+++ b/spec/frontend/clusters/services/mock_data.js
--- a/spec/frontend/notes/components/__snapshots__/discussion_jump_to_next_button_spec.js.snap
+++ b/spec/frontend/notes/components/__snapshots__/discussion_jump_to_next_button_spec.js.snap
--- a/spec/frontend/notes/components/discussion_jump_to_next_button_spec.js
+++ b/spec/frontend/notes/components/discussion_jump_to_next_button_spec.js
--- a/spec/lib/gitlab/auth/key_status_checker_spec.rb
+++ b/spec/lib/gitlab/auth/key_status_checker_spec.rb
--- a/spec/models/clusters/applications/ingress_spec.rb
+++ b/spec/models/clusters/applications/ingress_spec.rb
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
--- a/spec/requests/api/keys_spec.rb
+++ b/spec/requests/api/keys_spec.rb