Add latest changes from gitlab-org/gitlab@13-0-stable-ee

6 files changed, 260 insertions, 39 deletions

diff --git a/doc/ci/pipelines/img/pipelines_index.png b/doc/ci/pipelines/img/pipelines_index.png
deleted file mode 100644
index e168e7e23df..00000000000
--- a/doc/ci/pipelines/img/pipelines_index.png
+++ /dev/null
diff --git a/doc/ci/pipelines/img/pipelines_index_v13_0.png b/doc/ci/pipelines/img/pipelines_index_v13_0.png
new file mode 100644
index 00000000000..1dc5ea5d55c
--- /dev/null
+++ b/doc/ci/pipelines/img/pipelines_index_v13_0.png
diff --git a/doc/ci/pipelines/index.md b/doc/ci/pipelines/index.md
index 27e968c0a40..731cb196eaa 100644
--- a/doc/ci/pipelines/index.md
+++ b/doc/ci/pipelines/index.md
@@ -74,7 +74,7 @@ You can also configure specific aspects of your pipelines through the GitLab UI.
 
 - [Pipeline settings](settings.md) for each project.
 - [Pipeline schedules](schedules.md).
-- [Custom CI/CD variables](../variables/README.md#creating-a-custom-environment-variable).
+- [Custom CI/CD variables](../variables/README.md#custom-environment-variables).
 
 ### View pipelines
 
@@ -82,7 +82,7 @@ You can find the current and historical pipeline runs under your project's
 **CI/CD > Pipelines** page. You can also access pipelines for a merge request by navigating
 to its **Pipelines** tab.
 
-![Pipelines index page](img/pipelines_index.png)
+![Pipelines index page](img/pipelines_index_v13_0.png)
 
 Clicking a pipeline will bring you to the **Pipeline Details** page and show
 the jobs that were run for that pipeline. From here you can cancel a running pipeline,
@@ -93,6 +93,12 @@ latest pipeline for the last commit of a given branch is available at `/project/
 Also, `/project/pipelines/latest` will redirect you to the latest pipeline for the last commit
 on the project's default branch.
 
+[Starting in GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/215367),
+you can filter the pipeline list by:
+
+- Trigger author
+- Branch name
+
 ### Run a pipeline manually
 
 Pipelines can be manually executed, with predefined or manually-specified [variables](../variables/README.md).
@@ -153,7 +159,7 @@ You can do this straight from the pipeline graph. Just click the play button
 to execute that particular job.
 
 For example, your pipeline might start automatically, but it requires manual action to
-[deploy to production](../environments.md#configuring-manual-deployments). In the example below, the `production`
+[deploy to production](../environments/index.md#configuring-manual-deployments). In the example below, the `production`
 stage has a job with a manual action.
 
 ![Pipelines example](img/pipelines.png)
@@ -216,7 +222,7 @@ In the example:
 
 Visually, it can be viewed as:
 
-```text
+```plaintext
 0  1  2  3  4  5  6  7
    AAAAAAA
       BBBBBBB
@@ -225,7 +231,7 @@ Visually, it can be viewed as:
 
 The union of A, B, and C is (1, 4) and (6, 7). Therefore, the total running time is:
 
-```text
+```plaintext
 (4 - 1) + (7 - 6) => 4
 ```
 
@@ -343,7 +349,7 @@ build ruby 2/3:
   stage: build
   script:
   - echo "ruby2"
-  
+
 build ruby 3/3:
   stage: build
   script:
@@ -367,10 +373,14 @@ evaluates the job names: `\d+[\s:\/\\]+\d+\s*`.
 When running manual jobs you can supply additional job specific variables.
 
 You can do this from the job page of the manual job you want to run with
-additional variables.
+additional variables. To access this page, click on the **name** of the manual job in
+the pipeline view, *not* the play (**{play}**) button.
 
-This is useful when you want to alter the execution of a job by using
-environment variables.
+This is useful when you want to alter the execution of a job that uses
+[custom environment variables](../variables/README.md#custom-environment-variables).
+Adding a variable name (key) and value here will override the value defined in
+[the UI or `.gitlab-ci.yml`](../variables/README.md#custom-environment-variables),
+for a single run of the manual job.
 
 ![Manual job variables](img/manual_job_variables.png)
 
@@ -387,7 +397,7 @@ For example, if you start rolling out new code and:
 
 - Users do not experience trouble, GitLab can automatically complete the deployment from 0% to 100%.
 - Users experience trouble with the new code, you can stop the timed incremental rollout by canceling the pipeline
-  and [rolling](../environments.md#retrying-and-rolling-back) back to the last stable version.
+  and [rolling](../environments/index.md#retrying-and-rolling-back) back to the last stable version.
 
 ![Pipelines example](img/pipeline_incremental_rollout.png)
 
@@ -545,15 +555,3 @@ To illustrate its life cycle:
    even if the commit history of the `example` branch has been overwritten by force-push.
 1. GitLab Runner fetches the persistent pipeline ref and gets source code from the checkout-SHA.
 1. When the pipeline finished, its persistent ref is cleaned up in a background process.
-
-NOTE: **NOTE**: At this moment, this feature is on by default and can be manually disabled
-by disabling `depend_on_persistent_pipeline_ref` feature flag. If you're interested in
-manually disabling this behavior, please ask the administrator
-to execute the following commands in rails console.
-
-```shell
-> sudo gitlab-rails console                                        # Login to Rails console of GitLab instance.
-> project = Project.find_by_full_path('namespace/project-name')    # Get the project instance.
-> Feature.disable(:depend_on_persistent_pipeline_ref, project)     # Disable the feature flag for specific project
-> Feature.disable(:depend_on_persistent_pipeline_ref)              # Disable the feature flag system-wide
-```
diff --git a/doc/ci/pipelines/job_artifacts.md b/doc/ci/pipelines/job_artifacts.md
index ed791ea9c4a..d4774016d9c 100644
--- a/doc/ci/pipelines/job_artifacts.md
+++ b/doc/ci/pipelines/job_artifacts.md
@@ -6,9 +6,9 @@ type: reference, howto
 # Job artifacts
 
 > - Introduced in GitLab 8.2 and GitLab Runner 0.7.0.
-> - Starting with GitLab 8.4 and GitLab Runner 1.0, the artifacts archive format changed to `ZIP`, and it is now possible to browse its contents, with the added ability of downloading the files separately.
+> - Starting with GitLab 8.4 and GitLab Runner 1.0, the artifacts archive format changed to `ZIP`, and it's now possible to browse its contents, with the added ability of downloading the files separately.
 > - In GitLab 8.17, builds were renamed to jobs.
-> - The artifacts browser will be available only for new artifacts that are sent to GitLab using GitLab Runner version 1.0 and up. It will not be possible to browse old artifacts already uploaded to GitLab.
+> - The artifacts browser will be available only for new artifacts that are sent to GitLab using GitLab Runner version 1.0 and up. It won't be possible to browse old artifacts already uploaded to GitLab.
 
 Job artifacts are a list of files and directories created by a job
 once it finishes. This feature is [enabled by default](../../administration/job_artifacts.md) in all
@@ -34,7 +34,7 @@ pdf:
     expire_in: 1 week
 ```
 
-A job named `pdf` calls the `xelatex` command in order to build a pdf file from
+A job named `pdf` calls the `xelatex` command in order to build a PDF file from
 the latex source file `mycv.tex`. We then define the `artifacts` paths which in
 turn are defined with the `paths` keyword. All paths to files and directories
 are relative to the repository that was cloned during the build.
@@ -42,28 +42,229 @@ are relative to the repository that was cloned during the build.
 The artifacts will be uploaded when the job succeeds by default, but can be set to upload
 when the job fails, or always, if the [`artifacts:when`](../yaml/README.md#artifactswhen)
 parameter is used. These uploaded artifacts will be kept in GitLab for 1 week as defined
-by the `expire_in` definition. You have the option to keep the artifacts from expiring
+by the `expire_in` definition. You can keep the artifacts from expiring
 via the [web interface](#browsing-artifacts). If the expiry time is not defined, it defaults
 to the [instance wide setting](../../user/admin_area/settings/continuous_integration.md#default-artifacts-expiration-core-only).
 
 For more examples on artifacts, follow the [artifacts reference in
 `.gitlab-ci.yml`](../yaml/README.md#artifacts).
 
+### `artifacts:reports`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20390) in GitLab 11.2.
+> - Requires GitLab Runner 11.2 and above.
+
+The `artifacts:reports` keyword is used for collecting test reports, code quality
+reports, and security reports from jobs. It also exposes these reports in GitLab's
+UI (merge requests, pipeline views, and security dashboards).
+
+NOTE: **Note:**
+The test reports are collected regardless of the job results (success or failure).
+You can use [`artifacts:expire_in`](../yaml/README.md#artifactsexpire_in) to set up an expiration
+date for their artifacts.
+
+NOTE: **Note:**
+If you also want the ability to browse the report output files, include the
+[`artifacts:paths`](../yaml/README.md#artifactspaths) keyword.
+
+#### `artifacts:reports:junit`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20390) in GitLab 11.2.
+> - Requires GitLab Runner 11.2 and above.
+
+The `junit` report collects [JUnit XML files](https://www.ibm.com/support/knowledgecenter/en/SSQ2R2_14.1.0/com.ibm.rsar.analysis.codereview.cobol.doc/topics/cac_useresults_junit.html)
+as artifacts. Although JUnit was originally developed in Java, there are many
+[third party ports](https://en.wikipedia.org/wiki/JUnit#Ports) for other
+languages like JavaScript, Python, Ruby, and so on.
+
+See [JUnit test reports](../junit_test_reports.md) for more details and examples.
+Below is an example of collecting a JUnit XML file from Ruby's RSpec test tool:
+
+```yaml
+rspec:
+  stage: test
+  script:
+  - bundle install
+  - rspec --format RspecJunitFormatter --out rspec.xml
+  artifacts:
+    reports:
+      junit: rspec.xml
+```
+
+The collected JUnit reports will be uploaded to GitLab as an artifact and will
+be automatically shown in merge requests.
+
+NOTE: **Note:**
+In case the JUnit tool you use exports to multiple XML files, you can specify
+multiple test report paths within a single job and they will be automatically
+concatenated into a single file. Use a filename pattern (`junit: rspec-*.xml`),
+an array of filenames (`junit: [rspec-1.xml, rspec-2.xml, rspec-3.xml]`), or a
+combination thereof (`junit: [rspec.xml, test-results/TEST-*.xml]`).
+
+#### `artifacts:reports:dotenv`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/17066) in GitLab 12.9.
+> - Requires GitLab Runner 11.5 and later.
+
+The `dotenv` report collects a set of environment variables as artifacts.
+
+The collected variables are registered as runtime-created variables of the job,
+which is useful to [set dynamic environment URLs after a job finishes](../environments/index.md#set-dynamic-environment-urls-after-a-job-finishes).
+
+There are a couple of limitations on top of the [original dotenv rules](https://github.com/motdotla/dotenv#rules).
+
+- The variable key can contain only letters, digits and underscore ('_').
+- The size of the dotenv file must be smaller than 5 kilobytes.
+- The number of variables must be less than 10.
+- It does not support variable substitution in the dotenv file itself.
+- It does not support empty lines and comments (`#`) in dotenv file.
+- It does not support quote escape, spaces in a quote, a new line expansion in a quote, in dotenv file.
+
+#### `artifacts:reports:cobertura`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/3708) in GitLab 12.9.
+> - Requires [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 and above.
+
+The `cobertura` report collects [Cobertura coverage XML files](../../user/project/merge_requests/test_coverage_visualization.md).
+The collected Cobertura coverage reports will be uploaded to GitLab as an artifact
+and will be automatically shown in merge requests.
+
+Cobertura was originally developed for Java, but there are many
+third party ports for other languages like JavaScript, Python, Ruby, and so on.
+
+#### `artifacts:reports:terraform`
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207528) in GitLab 13.0.
+> - Requires [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 and above.
+
+The `terraform` report obtains a Terraform `tfplan.json` file. The collected Terraform
+plan report will be uploaded to GitLab as an artifact and will be automatically shown
+in merge requests.
+
+#### `artifacts:reports:codequality` **(STARTER)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `codequality` report collects [CodeQuality issues](../../user/project/merge_requests/code_quality.md)
+as artifacts.
+
+The collected Code Quality report will be uploaded to GitLab as an artifact and will
+be summarized in merge requests.
+
+#### `artifacts:reports:sast` **(ULTIMATE)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `sast` report collects [SAST vulnerabilities](../../user/application_security/sast/index.md)
+as artifacts.
+
+The collected SAST report will be uploaded to GitLab as an artifact and will be summarized
+in the merge requests and pipeline view. It's also used to provide data for security
+dashboards.
+
+#### `artifacts:reports:dependency_scanning` **(ULTIMATE)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `dependency_scanning` report collects [Dependency Scanning vulnerabilities](../../user/application_security/dependency_scanning/index.md)
+as artifacts.
+
+The collected Dependency Scanning report will be uploaded to GitLab as an artifact and will
+be summarized in the merge requests and pipeline view. It's also used to provide data for security
+dashboards.
+
+#### `artifacts:reports:container_scanning` **(ULTIMATE)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `container_scanning` report collects [Container Scanning vulnerabilities](../../user/application_security/container_scanning/index.md)
+as artifacts.
+
+The collected Container Scanning report will be uploaded to GitLab as an artifact and will
+be summarized in the merge requests and pipeline view. It's also used to provide data for security
+dashboards.
+
+#### `artifacts:reports:dast` **(ULTIMATE)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `dast` report collects [DAST vulnerabilities](../../user/application_security/dast/index.md)
+as artifacts.
+
+The collected DAST report will be uploaded to GitLab as an artifact and will
+be summarized in the merge requests and pipeline view. It's also used to provide data for security
+dashboards.
+
+#### `artifacts:reports:license_management` **(ULTIMATE)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+CAUTION: **Warning:**
+This artifact is still valid but is **deprecated** in favor of the
+[artifacts:reports:license_scanning](../pipelines/job_artifacts.md#artifactsreportslicense_scanning-ultimate)
+introduced in GitLab 12.8.
+
+The `license_management` report collects [Licenses](../../user/compliance/license_compliance/index.md)
+as artifacts.
+
+The collected License Compliance report will be uploaded to GitLab as an artifact and will
+be summarized in the merge requests and pipeline view. It's also used to provide data for security
+dashboards.
+
+#### `artifacts:reports:license_scanning` **(ULTIMATE)**
+
+> - Introduced in GitLab 12.8.
+> - Requires GitLab Runner 11.5 and above.
+
+The `license_scanning` report collects [Licenses](../../user/compliance/license_compliance/index.md)
+as artifacts.
+
+The License Compliance report will be uploaded to GitLab as an artifact and will
+be automatically shown in merge requests, pipeline view and provide data for security
+dashboards.
+
+#### `artifacts:reports:performance` **(PREMIUM)**
+
+> - Introduced in GitLab 11.5.
+> - Requires GitLab Runner 11.5 and above.
+
+The `performance` report collects [Performance metrics](../../user/project/merge_requests/browser_performance_testing.md)
+as artifacts.
+
+The collected Performance report will be uploaded to GitLab as an artifact and will
+be automatically shown in merge requests.
+
+#### `artifacts:reports:metrics` **(PREMIUM)**
+
+> Introduced in GitLab 11.10.
+
+The `metrics` report collects [Metrics](../metrics_reports.md)
+as artifacts.
+
+The collected Metrics report will be uploaded to GitLab as an artifact and will
+be automatically shown in merge requests.
+
 ## Browsing artifacts
 
-> - From GitLab 9.2, PDFs, images, videos and other formats can be previewed directly in the job artifacts browser without the need to download them.
+> - From GitLab 9.2, PDFs, images, videos, and other formats can be previewed directly in the job artifacts browser without the need to download them.
 > - Introduced in [GitLab 10.1](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14399), HTML files in a public project can be previewed directly in a new tab without the need to download them when [GitLab Pages](../../administration/pages/index.md) is enabled. The same applies for textual formats (currently supported extensions: `.txt`, `.json`, and `.log`).
 > - Introduced in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16675), artifacts in private projects can be previewed when [GitLab Pages access control](../../administration/pages/index.md#access-control) is enabled.
 
 After a job finishes, if you visit the job's specific page, there are three
 buttons. You can download the artifacts archive or browse its contents, whereas
-the **Keep** button appears only if you have set an [expiry date](../yaml/README.md#artifactsexpire_in) to the
+the **Keep** button appears only if you've set an [expiry date](../yaml/README.md#artifactsexpire_in) to the
 artifacts in case you changed your mind and want to keep them.
 
 ![Job artifacts browser button](img/job_artifacts_browser_button.png)
 
 The archive browser shows the name and the actual file size of each file in the
-archive. If your artifacts contained directories, then you are also able to
+archive. If your artifacts contained directories, then you're also able to
 browse inside them.
 
 Below you can see what browsing looks like. In this case we have browsed inside
@@ -75,20 +276,20 @@ one HTML file that you can view directly online when
 
 ## Downloading artifacts
 
-If you need to download the whole archive, there are buttons in various places
+If you need to download an artifact or the whole archive, there are buttons in various places
 in the GitLab UI to do this:
 
 1. While on the pipelines page, you can see the download icon for each job's
-   artifacts archive in the right corner:
+   artifacts and archive in the right corner:
 
    ![Job artifacts in Pipelines page](img/job_artifacts_pipelines_page.png)
 
 1. While on the **Jobs** page, you can see the download icon for each job's
-   artifacts archive in the right corner:
+   artifacts and archive in the right corner:
 
    ![Job artifacts in Builds page](img/job_artifacts_builds_page.png)
 
-1. While inside a specific job, you are presented with a download button
+1. While inside a specific job, you're presented with a download button
    along with the one that browses the archive:
 
    ![Job artifacts browser button](img/job_artifacts_browser_button.png)
@@ -100,7 +301,7 @@ in the GitLab UI to do this:
 
 ## Downloading the latest artifacts
 
-It is possible to download the latest artifacts of a job via a well known URL
+It's possible to download the latest artifacts of a job via a well known URL
 so you can use it for scripting purposes.
 
 NOTE: **Note:**
@@ -151,7 +352,7 @@ For example:
 https://gitlab.com/gitlab-org/gitlab/-/jobs/artifacts/master/browse?job=coverage
 ```
 
-There is also a URL to specific files, including html files that
+There is also a URL to specific files, including HTML files that
 are shown in [GitLab Pages](../../administration/pages/index.md):
 
 ```plaintext
diff --git a/doc/ci/pipelines/schedules.md b/doc/ci/pipelines/schedules.md
index 0ca794c5411..0c0a613c628 100644
--- a/doc/ci/pipelines/schedules.md
+++ b/doc/ci/pipelines/schedules.md
@@ -21,6 +21,15 @@ Pipeline schedules can be used to also run [pipelines](index.md) at specific int
 In addition to using the GitLab UI, pipeline schedules can be maintained using the
 [Pipeline schedules API](../../api/pipeline_schedules.md).
 
+## Prerequisites
+
+In order for a scheduled pipeline to be created successfully:
+
+- The schedule owner must have [permissions](../../user/permissions.md) to merge into the target branch.
+- The pipeline configuration must be valid.
+
+Otherwise the pipeline is not created.
+
 ## Configuring pipeline schedules
 
 To schedule a pipeline for project:
diff --git a/doc/ci/pipelines/settings.md b/doc/ci/pipelines/settings.md
index 3221023f73a..0a859b5b68f 100644
--- a/doc/ci/pipelines/settings.md
+++ b/doc/ci/pipelines/settings.md
@@ -130,6 +130,16 @@ in the jobs table.
 A few examples of known coverage tools for a variety of languages can be found
 in the pipelines settings page.
 
+### Download test coverage history
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/209121) in GitLab 12.10.
+
+If you want to see the evolution of your project code coverage over time,
+you can download a CSV file with this data. From your project:
+
+1. Go to **{chart}** **Project Analytics > Repository**.
+1. Click **Download raw data (.csv)**
+
 ### Removing color codes
 
 Some test coverage tools output with ANSI color codes that won't be
@@ -162,6 +172,9 @@ This also determines the visibility of these related features:
 - Job artifacts
 - The [pipeline security dashboard](../../user/application_security/security_dashboard/index.md#pipeline-security) **(ULTIMATE)**
 
+NOTE: **Note:**
+Currently, job logs and artifacts are [not yet visible for guest users and non-project members](https://gitlab.com/gitlab-org/gitlab/-/issues/25649).
+
 If **Public pipelines** is enabled (default):
 
 - For **public** projects, anyone can view the pipelines and related features.
@@ -237,7 +250,7 @@ Depending on the status of your job, a badge can have the following values:
 
 You can access a pipeline status badge image using the following link:
 
-```text
+```plaintext
 https://example.gitlab.com/<namespace>/<project>/badges/<branch>/pipeline.svg
 ```
 
@@ -249,7 +262,7 @@ pipeline can have the test coverage percentage value defined.
 
 The test coverage badge can be accessed using following link:
 
-```text
+```plaintext
 https://example.gitlab.com/<namespace>/<project>/badges/<branch>/coverage.svg
 ```
 
@@ -268,7 +281,7 @@ Pipeline badges can be rendered in different styles by adding the `style=style_n
 
 #### Flat (default)
 
-```text
+```plaintext
 https://example.gitlab.com/<namespace>/<project>/badges/<branch>/coverage.svg?style=flat
 ```
 
@@ -278,7 +291,7 @@ https://example.gitlab.com/<namespace>/<project>/badges/<branch>/coverage.svg?st
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/30120) in GitLab 11.8.
 
-```text
+```plaintext
 https://example.gitlab.com/<namespace>/<project>/badges/<branch>/coverage.svg?style=flat-square
 ```