Merge branch '12-0-stable-prepare-rc22' into '12-0-stable'

Prepare 12.0.0-rc22 release

See merge request gitlab-org/gitlab-ce!29865

19 files changed, 136 insertions, 54 deletions

diff --git a/changelogs/unreleased/63417-add-missing-class.yml b/changelogs/unreleased/63417-add-missing-class.yml
new file mode 100644
index 00000000000..3030f5c57e4
--- /dev/null
+++ b/changelogs/unreleased/63417-add-missing-class.yml
@@ -0,0 +1,5 @@
+---
+title: Indent collapsible sections
+merge_request: 29804
+author:
+type: other
diff --git a/doc/update/upgrading_from_source.md b/doc/update/upgrading_from_source.md
index bc8e5fed774..5e18769f0f1 100644
--- a/doc/update/upgrading_from_source.md
+++ b/doc/update/upgrading_from_source.md
@@ -4,6 +4,10 @@ comments: false
 
 # Upgrading Community Edition and Enterprise Edition from source
 
+NOTE: **Note:**
+Users wishing to upgrade to 12.0.0 will have to take some extra steps. See the
+version specific upgrade instructions for 12.0.0 for more details.
+
 Make sure you view this update guide from the branch (version) of GitLab you
 would like to install (e.g., `11.8`. You can select the version in the version
 dropdown at the top left corner of GitLab (below the menu bar).
@@ -404,6 +408,23 @@ Example:
 Additional instructions here.
 -->
 
+### 12.0.0
+
+In 12.0.0 we made various database related changes. These changes require that
+users first upgrade to the latest 11.11 patch release. Once upgraded to 11.11.x,
+users can upgrade to 12.0.x. You **can not** upgrade from 11.11.x to 12.1.0 or a
+newer version, instead you **must** first upgrade to 12.0.0. Failure to do so
+may result in database migrations not being applied, which could lead to
+application errors.
+
+Example 1: you are currently using GitLab 11.11.3, which is the latest patch
+release for 11.11.x. To upgrade, first upgrade to 12.0.0, then upgrade to any
+future versions.
+
+Example 2: you are currently using a version of GitLab 10.x. To upgrade, first
+upgrade to 11.11.3. Once upgraded to 11.11.3 you can safely upgrade to 12.0.0,
+then upgrade to any future versions.
+
 ## Things went south? Revert to previous version
 
 ### 1. Revert the code to the previous version
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index d2605cbfb5e..fde7d1aeaf7 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -89,10 +89,8 @@ are enabled.
 
 ![Project admin info](img/admin_project_quota_view.png)
 
-When the pipeline minutes quota for a group is set to a value different than 0,
-the **Pipelines quota** page is available to the group page settings list.
-You can see there an overview of the pipeline minutes quota of all projects of
-the group.
+You can see an overview of the pipeline minutes quota of all projects of
+a group in the **Usage Quotas** page available to the group page settings list.
 
 ![Group pipelines quota](img/group_pipelines_quota.png)
 
diff --git a/doc/user/admin_area/settings/img/group_pipelines_quota.png b/doc/user/admin_area/settings/img/group_pipelines_quota.png
index d94b609ad6f..318527426bd 100644
--- a/doc/user/admin_area/settings/img/group_pipelines_quota.png
+++ b/doc/user/admin_area/settings/img/group_pipelines_quota.png
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index b220d7197f4..34d4507210e 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -218,7 +218,7 @@ dependency_scanning:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of Dependency Scanning and their format may change in future.
 
-The Dependency Scanning tool emits a JSON report file. Here is an example of a structure for a report will all important parts of
+The Dependency Scanning tool emits a JSON report file. Here is an example of the report structure with all important parts of
 it highlighted:
 
 ```json-doc
@@ -343,10 +343,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`                         | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`                       | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`                         | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`                          | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`                          | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`                       | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`                     | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`                         | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`                         | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`                    | Path to the dependencies file (e.g., `yarn.lock`). Optional. |
 | `vulnerabilities[].location.dependency`              | A node that describes the dependency of a project where the vulnerability is located. |
 | `vulnerabilities[].location.dependency.package`      | A node that provides the information on the package where the vulnerability is located. |
@@ -360,7 +360,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].links`                            | An array of references to external documentation pieces or articles that describe the vulnerability further. Optional. |
 | `vulnerabilities[].links[].name`                     | Name of the vulnerability details link. Optional. |
 | `vulnerabilities[].links[].url`                      | URL of the vulnerability details document. Optional. |
-| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. |
+| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. Empty if no remediations provided by an underlying analyzer. |
 | `remediations[].fixes`                               | An array of strings that represent references to vulnerabilities fixed by this particular remediation. |
 | `remediations[].fixes[].cve`                         | A string value that describes a fixed vulnerability occurrence in the same format as `vulnerabilities[].cve`. |
 | `remediations[].summary`                             | Overview of how the vulnerabilities have been fixed. |
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 11361f8ad89..ec3f7fbde76 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -226,7 +226,7 @@ sast:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of SAST and their format may change in the future.
 
-The SAST tool emits a JSON report report file. Here is an example of a structure for a report will all important parts of
+The SAST tool emits a JSON report report file. Here is an example of the report structure with all important parts of
 it highlighted:
 
 ```json-doc
@@ -272,7 +272,6 @@ it highlighted:
     },   
     {
       "category": "sast",
-      // "name" may be omitted because it could be not reported by a particular analyzer
       "message": "Probable insecure usage of temp file/directory.",
       "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
       "severity": "Medium",
@@ -318,10 +317,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`            | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`          | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`            | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`             | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`             | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`          | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`        | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`            | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`            | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`       | Path to the file where the vulnerability is located. Optional. |
 | `vulnerabilities[].location.start_line` | The first line of the code affected by the vulnerability. Optional. |
 | `vulnerabilities[].location.end_line`   | The last line of the code affected by the vulnerability. Optional. |
diff --git a/doc/user/group/img/group_storage_usage_quota.png b/doc/user/group/img/group_storage_usage_quota.png
new file mode 100644
index 00000000000..c5d81ad7a8b
--- /dev/null
+++ b/doc/user/group/img/group_storage_usage_quota.png
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index 97d309caf7c..4d39d15bb19 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -362,6 +362,14 @@ Define project templates at a group level by setting a group as the template sou
   for the group. **[STARTER ONLY]**
 - **Pipelines quota**: Keep track of the [pipeline quota](../admin_area/settings/continuous_integration.md) for the group.
 
+#### Storage usage quota **[STARTER]**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13294) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.0.
+
+A group owner can check the aggregated storage usage for all the project in a group, sub-groups included, in the **Storage** tab of the **Usage Quotas** page available to the group page settings list.
+
+![Group storage usage quota](img/group_storage_usage_quota.png)
+
 ## User contribution analysis **[STARTER]**
 
 With [GitLab Contribution Analytics](contribution_analytics/index.md),
diff --git a/doc/user/project/issues/img/link_zoom_call_in_issue.png b/doc/user/project/issues/img/link_zoom_call_in_issue.png
new file mode 100644
index 00000000000..3153a0a9b07
--- /dev/null
+++ b/doc/user/project/issues/img/link_zoom_call_in_issue.png
diff --git a/doc/user/project/issues/issue_data_and_actions.md b/doc/user/project/issues/issue_data_and_actions.md
index da585022263..ac26b672d99 100644
--- a/doc/user/project/issues/issue_data_and_actions.md
+++ b/doc/user/project/issues/issue_data_and_actions.md
@@ -149,6 +149,12 @@ The plain text title and description of the issue fill the top center of the iss
 The description fully supports [GitLab Flavored Markdown](../../markdown.md#gitlab-flavored-markdown-gfm),
 allowing many formatting options.
 
+##### 16.1 Zoom Call Links
+
+Including a link to a Zoom call in the description of an issue will result in a "Join Zoom meeting" button at the top of the issue, just under the header. To remove the button, edit the description and remove the Zoom call link.
+
+![Link Zoom Call in Issue](img/link_zoom_call_in_issue.png)
+
 #### 17. Mentions
 
 You can mention a user or a group present in your GitLab instance with `@username` or
diff --git a/lib/feature/gitaly.rb b/lib/feature/gitaly.rb
new file mode 100644
index 00000000000..d7a8f8a0b9e
--- /dev/null
+++ b/lib/feature/gitaly.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'set'
+
+class Feature
+  class Gitaly
+    # Server feature flags should use '_' to separate words.
+    # CATFILE_CACHE sets an incorrect example
+    CATFILE_CACHE = 'catfile-cache'.freeze
+
+    SERVER_FEATURE_FLAGS = [CATFILE_CACHE].freeze
+    DEFAULT_ON_FLAGS = Set.new([CATFILE_CACHE]).freeze
+
+    class << self
+      def enabled?(feature_flag)
+        return false unless Feature::FlipperFeature.table_exists?
+
+        default_on = DEFAULT_ON_FLAGS.include?(feature_flag)
+        Feature.enabled?("gitaly_#{feature_flag}", default_enabled: default_on)
+      rescue ActiveRecord::NoDatabaseError
+        false
+      end
+
+      def server_feature_flags
+        SERVER_FEATURE_FLAGS.map do |f|
+          ["gitaly-feature-#{f.tr('_', '-')}", enabled?(f).to_s]
+        end.to_h
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/ansi2html.rb b/lib/gitlab/ci/ansi2html.rb
index 6109b45ffd2..fc3223e7442 100644
--- a/lib/gitlab/ci/ansi2html.rb
+++ b/lib/gitlab/ci/ansi2html.rb
@@ -310,7 +310,7 @@ module Gitlab
 
           if @sections.any?
             css_classes << "section"
-            css_classes << "js-section-header" if @lineno_in_section == 0
+            css_classes << "js-section-header section-header" if @lineno_in_section == 0
             css_classes += sections.map { |section| "js-s-#{section}" }
           end
 
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index e683d4e5bbe..47976389af6 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -31,10 +31,6 @@ module Gitlab
     MAXIMUM_GITALY_CALLS = 30
     CLIENT_NAME = (Sidekiq.server? ? 'gitlab-sidekiq' : 'gitlab-web').freeze
 
-    SERVER_FEATURE_CATFILE_CACHE = 'catfile-cache'.freeze
-    # Server feature flags should use '_' to separate words.
-    SERVER_FEATURE_FLAGS = [SERVER_FEATURE_CATFILE_CACHE].freeze
-
     MUTEX = Mutex.new
 
     define_histogram :gitaly_controller_action_duration_seconds do
@@ -223,9 +219,9 @@ module Gitlab
       metadata['call_site'] = feature.to_s if feature
       metadata['gitaly-servers'] = address_metadata(remote_storage) if remote_storage
       metadata['x-gitlab-correlation-id'] = Labkit::Correlation::CorrelationId.current_id if Labkit::Correlation::CorrelationId.current_id
-      metadata['gitaly-session-id'] = session_id if feature_enabled?(SERVER_FEATURE_CATFILE_CACHE)
+      metadata['gitaly-session-id'] = session_id if Feature::Gitaly.enabled?(Feature::Gitaly::CATFILE_CACHE)
 
-      metadata.merge!(server_feature_flags)
+      metadata.merge!(Feature::Gitaly.server_feature_flags)
 
       result = { metadata: metadata }
 
@@ -244,12 +240,6 @@ module Gitlab
       Gitlab::SafeRequestStore[:gitaly_session_id] ||= SecureRandom.uuid
     end
 
-    def self.server_feature_flags
-      SERVER_FEATURE_FLAGS.map do |f|
-        ["gitaly-feature-#{f.tr('_', '-')}", feature_enabled?(f).to_s]
-      end.to_h
-    end
-
     def self.token(storage)
       params = Gitlab.config.repositories.storages[storage]
       raise "storage not found: #{storage.inspect}" if params.nil?
@@ -257,12 +247,6 @@ module Gitlab
       params['gitaly_token'].presence || Gitlab.config.gitaly['token']
     end
 
-    def self.feature_enabled?(feature_name)
-      Feature::FlipperFeature.table_exists? && Feature.enabled?("gitaly_#{feature_name}")
-    rescue ActiveRecord::NoDatabaseError
-      false
-    end
-
     # Ensures that Gitaly is not being abuse through n+1 misuse etc
     def self.enforce_gitaly_request_limits(call_site)
       # Only count limits in request-response environments (not sidekiq for example)
@@ -295,7 +279,7 @@ module Gitlab
       # check if the limit is being exceeded while testing in those environments
       # In that case we can use a feature flag to indicate that we do want to
       # enforce request limits.
-      return true if feature_enabled?('enforce_requests_limits')
+      return true if Feature::Gitaly.enabled?('enforce_requests_limits')
 
       !(Rails.env.production? || ENV["GITALY_DISABLE_REQUEST_LIMITS"])
     end
diff --git a/lib/gitlab/gitaly_client/storage_settings.rb b/lib/gitlab/gitaly_client/storage_settings.rb
index 78ef6bfc0ec..7d1206e551b 100644
--- a/lib/gitlab/gitaly_client/storage_settings.rb
+++ b/lib/gitlab/gitaly_client/storage_settings.rb
@@ -34,7 +34,7 @@ module Gitlab
       def self.disk_access_denied?
         return false if rugged_enabled?
 
-        !temporarily_allowed?(ALLOW_KEY) && GitalyClient.feature_enabled?(DISK_ACCESS_DENIED_FLAG)
+        !temporarily_allowed?(ALLOW_KEY) && Feature::Gitaly.enabled?(DISK_ACCESS_DENIED_FLAG)
       rescue
         false # Err on the side of caution, don't break gitlab for people
       end
diff --git a/spec/lib/feature/gitaly_spec.rb b/spec/lib/feature/gitaly_spec.rb
new file mode 100644
index 00000000000..0e24a927d4c
--- /dev/null
+++ b/spec/lib/feature/gitaly_spec.rb
@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe Feature::Gitaly do
+  let(:feature_flag) { "mep_mep" }
+
+  before do
+    stub_const("#{described_class}::SERVER_FEATURE_FLAGS", [feature_flag])
+  end
+
+  describe ".enabled?" do
+    context 'when the gate is closed' do
+      before do
+        stub_feature_flags(gitaly_mep_mep: false)
+      end
+
+      it 'returns false' do
+        expect(described_class.enabled?(feature_flag)).to be(false)
+      end
+    end
+
+    context 'when the flag defaults to on' do
+      it 'returns true' do
+        expect(described_class.enabled?(feature_flag)).to be(true)
+      end
+    end
+  end
+
+  describe ".server_feature_flags" do
+    context 'when one flag is disabled' do
+      before do
+        stub_feature_flags(gitaly_mep_mep: false)
+      end
+
+      subject { described_class.server_feature_flags }
+
+      it { is_expected.to be_a(Hash) }
+      it { is_expected.to eq("gitaly-feature-mep-mep" => "false") }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/ansi2html_spec.rb b/spec/lib/gitlab/ci/ansi2html_spec.rb
index ac4612dda92..3d57ce431ab 100644
--- a/spec/lib/gitlab/ci/ansi2html_spec.rb
+++ b/spec/lib/gitlab/ci/ansi2html_spec.rb
@@ -231,8 +231,8 @@ describe Gitlab::Ci::Ansi2html do
 
       it 'prints light red' do
         text = "#{section_start}\e[91mHello\e[0m\n#{section_end}"
-        header = %{<span class="term-fg-l-red section js-section-header js-s-#{class_name(section_name)}">Hello</span>}
-        line_break = %{<span class="section js-section-header js-s-#{class_name(section_name)}"><br/></span>}
+        header = %{<span class="term-fg-l-red section js-section-header section-header js-s-#{class_name(section_name)}">Hello</span>}
+        line_break = %{<span class="section js-section-header section-header js-s-#{class_name(section_name)}"><br/></span>}
         line = %{<span class="section line s_#{class_name(section_name)}"></span>}
         empty_line = %{<span class="section js-s-#{class_name(section_name)}"></span>}
         html = "#{section_start_html}#{header}#{line_break}#{line}#{empty_line}#{section_end_html}"
diff --git a/spec/lib/gitlab/gitaly_client/storage_settings_spec.rb b/spec/lib/gitlab/gitaly_client/storage_settings_spec.rb
index bb10be2a4dc..f2f53982b09 100644
--- a/spec/lib/gitlab/gitaly_client/storage_settings_spec.rb
+++ b/spec/lib/gitlab/gitaly_client/storage_settings_spec.rb
@@ -28,12 +28,16 @@ describe Gitlab::GitalyClient::StorageSettings do
   end
 
   describe '.disk_access_denied?' do
-    it 'return false when Rugged is enabled', :enable_rugged do
-      expect(described_class.disk_access_denied?).to be_falsey
+    context 'when Rugged is enabled', :enable_rugged do
+      it 'returns false' do
+        expect(described_class.disk_access_denied?).to be_falsey
+      end
     end
 
-    it 'returns true' do
-      expect(described_class.disk_access_denied?).to be_truthy
+    context 'when Rugged is disabled' do
+      it 'returns true' do
+        expect(described_class.disk_access_denied?).to be_truthy
+      end
     end
   end
 end
diff --git a/spec/lib/gitlab/gitaly_client_spec.rb b/spec/lib/gitlab/gitaly_client_spec.rb
index da1eb0c2618..eed233f1f3e 100644
--- a/spec/lib/gitlab/gitaly_client_spec.rb
+++ b/spec/lib/gitlab/gitaly_client_spec.rb
@@ -330,20 +330,6 @@ describe Gitlab::GitalyClient do
     end
   end
 
-  describe 'feature_enabled?' do
-    let(:feature_name) { 'my_feature' }
-    let(:real_feature_name) { "gitaly_#{feature_name}" }
-
-    before do
-      allow(Feature).to receive(:enabled?).and_return(false)
-    end
-
-    it 'returns false' do
-      expect(Feature).to receive(:enabled?).with(real_feature_name)
-      expect(described_class.feature_enabled?(feature_name)).to be(false)
-    end
-  end
-
   describe 'timeouts' do
     context 'with default values' do
       before do
diff --git a/spec/support/helpers/cycle_analytics_helpers.rb b/spec/support/helpers/cycle_analytics_helpers.rb
index 33648292037..100e439ef44 100644
--- a/spec/support/helpers/cycle_analytics_helpers.rb
+++ b/spec/support/helpers/cycle_analytics_helpers.rb
@@ -10,7 +10,7 @@ module CycleAnalyticsHelpers
     repository = project.repository
     oldrev = repository.commit(branch_name)&.sha || Gitlab::Git::BLANK_SHA
 
-    if Timecop.frozen? && Gitlab::GitalyClient.feature_enabled?(:operation_user_commit_files)
+    if Timecop.frozen?
       mock_gitaly_multi_action_dates(repository, commit_time)
     end