Add latest changes from gitlab-org/gitlab@master

7 files changed, 163 insertions, 20 deletions

diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md
index 663cfb11910..849e782da42 100644
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@@ -609,7 +609,7 @@ of removing unused tags. Currently, this is exposed using the API, but in the fu
 these controls will be migrated to the GitLab interface.
 
 Project maintainers can
-[delete Container Registry tags in bulk](../../api/container_registry.md#delete-repository-tags-in-bulk)
+[delete Container Registry tags in bulk](../../api/container_registry.md#delete-registry-repository-tags-in-bulk)
 periodically based on their own criteria, however, this alone does not recycle data,
 it only unlinks tags from manifests and image blobs. To recycle the Container
 Registry data in the whole GitLab instance, you can use the built-in command
diff --git a/doc/api/container_registry.md b/doc/api/container_registry.md
index 4baeec3653c..f9c6ec4e572 100644
--- a/doc/api/container_registry.md
+++ b/doc/api/container_registry.md
@@ -129,7 +129,7 @@ DELETE /projects/:id/registry/repositories/:repository_id
 curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2"
 ```
 
-## List repository tags
+## List registry repository tags
 
 ### Within a project
 
@@ -165,7 +165,7 @@ Example response:
 ]
 ```
 
-## Get details of a repository tag
+## Get details of a registry repository tag
 
 Get details of a registry repository tag.
 
@@ -198,7 +198,7 @@ Example response:
 }
 ```
 
-## Delete a repository tag
+## Delete a registry repository tag
 
 Delete a registry repository tag.
 
@@ -219,9 +219,9 @@ curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://git
 This action does not delete blobs. In order to delete them and recycle disk space,
 [run the garbage collection](https://docs.gitlab.com/omnibus/maintenance/README.html#removing-unused-layers-not-referenced-by-manifests).
 
-## Delete repository tags in bulk
+## Delete registry repository tags in bulk
 
-Delete repository tags in bulk based on given criteria.
+Delete registry repository tags in bulk based on given criteria.
 
 ```
 DELETE /projects/:id/registry/repositories/:repository_id/tags
@@ -231,7 +231,7 @@ DELETE /projects/:id/registry/repositories/:repository_id/tags
 | --------- | ---- | -------- | ----------- |
 | `id`      | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
 | `repository_id` | integer | yes | The ID of registry repository. |
-| `name_regex` | string | yes | The regex of the name to delete. To delete all tags specify `.*`. |
+| `name_regex` | string | yes | The [re2](https://github.com/google/re2/wiki/Syntax) regex of the name to delete. To delete all tags specify `.*`.|
 | `keep_n` | integer | no | The amount of latest tags of given name to keep. |
 | `older_than` | string | no | Tags to delete that are older than the given time, written in human readable form `1h`, `1d`, `1month`. |
 
diff --git a/doc/development/contributing/style_guides.md b/doc/development/contributing/style_guides.md
index 24c8de80e51..022c40a9d1b 100644
--- a/doc/development/contributing/style_guides.md
+++ b/doc/development/contributing/style_guides.md
@@ -18,6 +18,11 @@ RuboCop (and other checks) offenses on every modified file.
 This saves you time as you don't have to wait for the same errors to be detected
 by the CI.
 
+Overcommit relies on a pre-commit hook to prevent commits that violate its ruleset.
+If you wish to override this behavior, it can be done by passing the ENV variable
+`OVERCOMMIT_DISABLE`; i.e. `OVERCOMMIT_DISABLE=1 git rebase master` to rebase while
+disabling the Git hook.
+
 ## Ruby, Rails, RSpec
 
 Our codebase style is defined and enforced by [RuboCop](https://github.com/rubocop-hq/rubocop).
diff --git a/doc/install/aws/index.md b/doc/install/aws/index.md
index 5b74d74bbb0..21cecd84e75 100644
--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -4,6 +4,8 @@ type: howto
 
 # Installing GitLab HA on Amazon Web Services (AWS)
 
+DANGER: **Danger:** This guide is under review and the steps below will be revised and updated in due time. For more detail, please see [this epic](https://gitlab.com/groups/gitlab-org/-/epics/912).
+
 This page offers a walkthrough of a common HA (Highly Available) configuration
 for GitLab on AWS. You should customize it to accommodate your needs.
 
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 9678ff4de5a..5d7bba32ead 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -48,8 +48,6 @@ However, DAST can be [configured](#full-scan)
 to also perform a so-called "active scan". That is, attack your application and produce a more extensive security report.
 It can be very useful combined with [Review Apps](../../../ci/review_apps/index.md).
 
-The [`dast`](https://gitlab.com/gitlab-org/security-products/dast/container_registry) Docker image in GitLab container registry is updated on a weekly basis to have all [`owasp2docker-weekly`](https://hub.docker.com/r/owasp/zap2docker-weekly/) updates in it.
-
 ## Use cases
 
 It helps you automatically find security vulnerabilities in your running web
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 9a6f61c9c8c..24f28e547b3 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -240,7 +240,8 @@ build:
       - target/
 
 spotbugs-sast:
-  dependencies: build
+  dependencies:
+    - build
   script:
     - /analyzer run -compile=false
   variables:
diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md
index f65042d2684..27c6a580797 100644
--- a/doc/user/packages/maven_repository/index.md
+++ b/doc/user/packages/maven_repository/index.md
@@ -25,11 +25,78 @@ You should then be able to see the **Packages** section on the left sidebar.
 Next, you must configure your project to authorize with the GitLab Maven
 repository.
 
-## Authenticating to the GitLab Maven Repository
+## Getting Started
 
-If a project is private or you want to upload Maven artifacts to GitLab,
-credentials will need to be provided for authorization. Support is available for
-[personal access tokens](#authenticating-with-a-personal-access-token) and
+This section will cover installing Maven and building a package. This is a
+quickstart to help if you're new to building Maven packages. If you're already
+using Maven and understand how to build your own packages, move onto the
+[next section](#adding-the-gitlab-package-registry-as-a-maven-remote).
+
+### Installing Maven
+
+Follow the instructions at [maven.apache.org](https://maven.apache.org/install.html)
+to download and install Maven for your local development environment. Once
+installation is complete, verify you can use Maven in your terminal by running:
+
+```shell
+mvn --version
+```
+
+You should see something similar to the below printed in the output:
+
+```shell
+Apache Maven 3.6.1 (d66c9c0b3152b2e69ee9bac180bb8fcc8e6af555; 2019-04-04T20:00:29+01:00)
+Maven home: /Users/<your_user>/apache-maven-3.6.1
+Java version: 12.0.2, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk-12.0.2.jdk/Contents/Home
+Default locale: en_GB, platform encoding: UTF-8
+OS name: "mac os x", version: "10.15.2", arch: "x86_64", family: "mac"
+```
+
+### Creating a project
+
+Understanding how to create a full Java project is outside the scope of this
+guide but you can follow the steps below to create a new project that can be
+published to the GitLab Package Registry.
+
+Start by opening your terminal and creating a directory where you would like to
+store the project in your environment. From inside the directory, you can run
+the following Maven command to initalize a new package:
+
+```shell
+mvn archetype:generate -DgroupId=com.mycompany.mydepartment -DartifactId=my-project -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
+```
+
+The arguments are as follows:
+
+- `DgroupId`: A unique string that identifies your package. You should follow
+the [Maven naming conventions](https://maven.apache.org/guides/mini/guide-naming-conventions.html).
+- `DartifactId`: The name of the JAR, appended to the end of the `DgroupId`.
+- `DarchetypeArtifactId`: The archetype used to create the intial structure of
+the project.
+- `DinteractiveMode`: Create the project using batch mode (optional).
+
+After running the command, you should see the following message, indicating that
+your project has been set up successfully:
+
+```shell
+...
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time:  3.429 s
+[INFO] Finished at: 2020-01-28T11:47:04Z
+[INFO] ------------------------------------------------------------------------
+```
+
+You should see a new directory where you ran this command matching your
+`DartifactId` parameter (in this case it should be `my-project`).
+
+## Adding the GitLab Package Registry as a Maven remote
+
+The next step is to add the GitLab Package Registry as a Maven remote. If a
+project is private or you want to upload Maven artifacts to GitLab,
+credentials will need to be provided for authorization too. Support is available
+for [personal access tokens](#authenticating-with-a-personal-access-token) and
 [CI job tokens](#authenticating-with-a-ci-job-token) only.
 [Deploy tokens](../../project/deploy_tokens/index.md) and regular username/password
 credentials do not work.
@@ -92,7 +159,9 @@ You can read more on
 ## Configuring your project to use the GitLab Maven repository URL
 
 To download and upload packages from GitLab, you need a `repository` and
-`distributionManagement` section in your `pom.xml` file.
+`distributionManagement` section in your `pom.xml` file. If you're following the
+steps from above, then you'll need to add the following information to your
+`my-project/pom.xml` file.
 
 Depending on your workflow and the amount of Maven packages you have, there are
 3 ways you can configure your project to use the GitLab endpoint for Maven packages:
@@ -133,7 +202,7 @@ would look like:
 ```
 
 The `id` must be the same with what you
-[defined in `settings.xml`](#authenticating-to-the-gitlab-maven-repository).
+[defined in `settings.xml`](#adding-the-gitlab-package-registry-as-a-maven-remote).
 
 Replace `PROJECT_ID` with your project ID which can be found on the home page
 of your project.
@@ -186,7 +255,7 @@ the `distributionManagement` section:
 ```
 
 The `id` must be the same with what you
-[defined in `settings.xml`](#authenticating-to-the-gitlab-maven-repository).
+[defined in `settings.xml`](#adding-the-gitlab-package-registry-as-a-maven-remote).
 
 Replace `my-group` with your group name and `PROJECT_ID` with your project ID
 which can be found on the home page of your project.
@@ -241,7 +310,7 @@ the `distributionManagement` section:
 ```
 
 The `id` must be the same with what you
-[defined in `settings.xml`](#authenticating-to-the-gitlab-maven-repository).
+[defined in `settings.xml`](#adding-the-gitlab-package-registry-as-a-maven-remote).
 
 Replace `PROJECT_ID` with your project ID which can be found on the home page
 of your project.
@@ -257,17 +326,85 @@ project's ID can be used for uploading.
 
 ## Uploading packages
 
-Once you have set up the [authentication](#authenticating-to-the-gitlab-maven-repository)
-and [configuration](#configuring-your-project-to-use-the-gitlab-maven-repository-url),
+Once you have set up the [remote and authentication](#adding-the-gitlab-package-registry-as-a-maven-remote)
+and [configured your project](#configuring-your-project-to-use-the-gitlab-maven-repository-url),
 test to upload a Maven artifact from a project of yours:
 
 ```shell
 mvn deploy
 ```
 
+If the deploy is successful, you should see the build success message again:
+
+```shell
+...
+[INFO] BUILD SUCCESS
+...
+```
+
+You should also see that the upload was uploaded to the correct registry:
+
+```shell
+Uploading to gitlab-maven: https://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven/com/mycompany/mydepartment/my-project/1.0-SNAPSHOT/my-project-1.0-20200128.120857-1.jar
+```
+
 You can then navigate to your project's **Packages** page and see the uploaded
 artifacts or even delete them.
 
+## Installing a package
+
+Installing a package from the GitLab Package Registry requires that you set up
+the [remote and authentication](#adding-the-gitlab-package-registry-as-a-maven-remote)
+as above. Once this is completed, there are two ways for installaing a package.
+
+### Install with `mvn install`
+
+Add the dependency manually to your project `pom.xml` file. To add the example
+created above, the XML would look like:
+
+```xml
+<dependency>
+  <groupId>com.mycompany.mydepartment</groupId>
+  <artifactId>my-project</artifactId>
+  <version>1.0-SNAPSHOT</version>
+</dependency>
+```
+
+Then, inside your project, run the following:
+
+```shell
+mvn install
+```
+
+Provided everything is set up correctly, you should see the dependency
+downloaded from the GitLab Package Registry:
+
+```shell
+Downloading from gitlab-maven: http://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven/com/mycompany/mydepartment/my-project/1.0-SNAPSHOT/my-project-1.0-20200128.120857-1.pom
+```
+
+### Install with `mvn dependency:get`
+
+The second way to install packages is to use the Maven commands directly.
+Inside your project directory, run:
+
+```shell
+mvn dependency:get -Dartifact=com.nickkipling.app:nick-test-app:1.1-SNAPSHOT
+```
+
+You should see the same downloading message confirming that the project was
+retrieved from the GitLab Package Registry.
+
+TIP: **Tip:**
+Both the XML block and Maven command are readily copy and pastable from the
+Package details page, allowing for quick and easy installation.
+
+## Removing a package
+
+In the packages view of your project page, you can delete packages by clicking
+the red trash icons or by clicking the **Delete** button on the package details
+page.
+
 ## Creating Maven packages with GitLab CI/CD
 
 Once you have your repository configured to use the GitLab Maven Repository,