Add latest changes from gitlab-org/gitlab@master

.rubocop.yml

@@ -481,3 +481,13 @@ Rails/SaveBang:
     - 'ee/spec/**/*.rb'
     - 'qa/spec/**/*.rb'
     - 'qa/qa/specs/**/*.rb'
+
+Cop/PutProjectRoutesUnderScope:
+  Include:
+    - 'config/routes/project.rb'
+    - 'ee/config/routes/project.rb'
+
+Cop/PutGroupRoutesUnderScope:
+  Include:
+    - 'config/routes/group.rb'
+    - 'ee/config/routes/group.rb'

app/assets/javascripts/deploy_freeze/components/deploy_freeze_modal.vue

@@ -4,7 +4,7 @@ import { mapActions, mapState } from 'vuex';
 import { mapComputed } from '~/vuex_shared/bindings';
 import { __ } from '~/locale';
 import { MODAL_ID } from '../constants';
-import DeployFreezeTimezoneDropdown from './deploy_freeze_timezone_dropdown.vue';
+import TimezoneDropdown from '~/vue_shared/components/timezone_dropdown.vue';
 import { isValidCron } from 'cron-validator';
 
 export default {
@@ -14,7 +14,7 @@ export default {
     GlModal,
     GlSprintf,
     GlLink,
-    DeployFreezeTimezoneDropdown,
+    TimezoneDropdown,
   },
   modalOptions: {
     ref: 'modal',
@@ -39,7 +39,6 @@ export default {
       'timezoneData',
       'freezeStartCron',
       'freezeEndCron',
-      'selectedTimezone',
     ]),
     ...mapComputed([
       { key: 'freezeStartCron', updateFn: 'setFreezeStartCron' },
@@ -71,6 +70,14 @@ export default {
     freezeEndCronState() {
       return Boolean(!this.freezeEndCron || isValidCron(this.freezeEndCron));
     },
+    timezone: {
+      get() {
+        return this.selectedTimezone;
+      },
+      set(selectedTimezone) {
+        this.setSelectedTimezone(selectedTimezone);
+      },
+    },
   },
   methods: {
     ...mapActions(['addFreezePeriod', 'setSelectedTimezone', 'resetModal']),
@@ -137,11 +144,7 @@ export default {
     </gl-form-group>
 
     <gl-form-group :label="__('Cron time zone')" label-for="cron-time-zone-dropdown">
-      <deploy-freeze-timezone-dropdown
-        :timezone-data="timezoneData"
-        :value="selectedTimezone"
-        @selectTimezone="setSelectedTimezone"
-      />
+      <timezone-dropdown v-model="timezone" :timezone-data="timezoneData" />
     </gl-form-group>
   </gl-modal>
 </template>

app/assets/javascripts/deploy_freeze/store/actions.js

@@ -64,6 +64,7 @@ export const fetchFreezePeriods = ({ dispatch, state }) => {
 export const setSelectedTimezone = ({ commit }, timezone) => {
   commit(types.SET_SELECTED_TIMEZONE, timezone);
 };
+
 export const setFreezeStartCron = ({ commit }, { freezeStartCron }) => {
   commit(types.SET_FREEZE_START_CRON, freezeStartCron);
 };

app/assets/javascripts/design_management_new/components/upload/design_dropzone.vue

@@ -28,6 +28,12 @@ export default {
     dragging() {
       return this.dragCounter !== 0;
     },
+    iconStyles() {
+      return {
+        size: this.hasDesigns ? 24 : 16,
+        class: this.hasDesigns ? 'gl-mb-2' : 'gl-mr-3 gl-text-gray-700',
+      };
+    },
   },
   methods: {
     isValidUpload(files) {
@@ -90,7 +96,7 @@ export default {
           class="gl-display-flex gl-align-items-center gl-justify-content-center gl-text-center"
           data-testid="dropzone-area"
         >
-          <gl-icon name="upload" :size="24" :class="hasDesigns ? 'gl-mb-2' : 'gl-mr-4'" />
+          <gl-icon name="upload" :size="iconStyles.size" :class="iconStyles.class" />
           <p class="gl-font-weight-bold gl-mb-0">
             <gl-sprintf :message="__('Drop or %{linkStart}upload%{linkEnd} Designs to attach')">
               <template #link="{ content }">

app/assets/javascripts/incidents/components/incidents_list.vue

 <script>
-import { GlLoadingIcon, GlTable, GlAlert } from '@gitlab/ui';
+import {
+  GlLoadingIcon,
+  GlTable,
+  GlAlert,
+  GlAvatarsInline,
+  GlAvatarLink,
+  GlAvatar,
+  GlTooltipDirective,
+} from '@gitlab/ui';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
 import { s__ } from '~/locale';
 import getIncidents from '../graphql/queries/get_incidents.query.graphql';
@@ -37,8 +45,14 @@ export default {
     GlLoadingIcon,
     GlTable,
     GlAlert,
+    GlAvatarsInline,
+    GlAvatarLink,
+    GlAvatar,
     TimeAgoTooltip,
   },
+  directives: {
+    GlTooltip: GlTooltipDirective,
+  },
   inject: ['projectPath'],
   apollo: {
     incidents: {
@@ -78,10 +92,8 @@ export default {
     },
   },
   methods: {
-    getAssignees(assignees) {
-      return assignees.nodes?.length > 0
-        ? assignees.nodes[0]?.username
-        : s__('IncidentManagement|Unassigned');
+    hasAssignees(assignees) {
+      return Boolean(assignees.nodes?.length);
     },
   },
 };
@@ -114,8 +126,32 @@ export default {
       </template>
 
       <template #cell(assignees)="{ item }">
-        <div class="gl-max-w-full text-truncate" data-testid="assigneesField">
-          {{ getAssignees(item.assignees) }}
+        <div data-testid="incident-assignees">
+          <template v-if="hasAssignees(item.assignees)">
+            <gl-avatars-inline
+              :avatars="item.assignees.nodes"
+              :collapsed="true"
+              :max-visible="4"
+              :avatar-size="24"
+              badge-tooltip-prop="name"
+              :badge-tooltip-max-chars="100"
+            >
+              <template #avatar="{ avatar }">
+                <gl-avatar-link
+                  :key="avatar.username"
+                  v-gl-tooltip
+                  target="_blank"
+                  :href="avatar.webUrl"
+                  :title="avatar.name"
+                >
+                  <gl-avatar :src="avatar.avatarUrl" :label="avatar.name" :size="24" />
+                </gl-avatar-link>
+              </template>
+            </gl-avatars-inline>
+          </template>
+          <template v-else>
+            {{ $options.i18n.unassigned }}
+          </template>
         </div>
       </template>
 

app/assets/javascripts/incidents/constants.js

@@ -4,4 +4,5 @@ import { s__ } from '~/locale';
 export const I18N = {
   errorMsg: s__('IncidentManagement|There was an error displaying the incidents.'),
   noIncidents: s__('IncidentManagement|No incidents to display.'),
+  unassigned: s__('IncidentManagement|Unassigned'),
 };

app/assets/javascripts/incidents/graphql/queries/get_incidents.query.graphql

@@ -13,7 +13,10 @@ query getIncidents($projectPath: ID!, $labelNames: [String], $state: IssuableSta
         }
         assignees {
           nodes {
+            name
             username
+            avatarUrl
+            webUrl
           }
         }
       }

app/assets/javascripts/notes/components/discussion_keyboard_navigator.vue

@@ -2,9 +2,13 @@
 /* global Mousetrap */
 import 'mousetrap';
 import discussionNavigation from '~/notes/mixins/discussion_navigation';
+import eventHub from '~/notes/event_hub';
 
 export default {
   mixins: [discussionNavigation],
+  created() {
+    eventHub.$on('jumpToFirstUnresolvedDiscussion', this.jumpToFirstUnresolvedDiscussion);
+  },
   mounted() {
     Mousetrap.bind('n', this.jumpToNextDiscussion);
     Mousetrap.bind('p', this.jumpToPreviousDiscussion);
@@ -12,6 +16,8 @@ export default {
   beforeDestroy() {
     Mousetrap.unbind('n');
     Mousetrap.unbind('p');
+
+    eventHub.$off('jumpToFirstUnresolvedDiscussion', this.jumpToFirstUnresolvedDiscussion);
   },
   render() {
     return this.$slots.default;

app/assets/javascripts/notes/mixins/discussion_navigation.js

@@ -113,6 +113,14 @@ export default {
       handleDiscussionJump(this, this.previousUnresolvedDiscussionId);
     },
 
+    jumpToFirstUnresolvedDiscussion() {
+      this.setCurrentDiscussionId(null)
+        .then(() => {
+          this.jumpToNextDiscussion();
+        })
+        .catch(() => {});
+    },
+
     /**
      * Go to the next discussion from the given discussionId
      * @param {String} discussionId The id we are jumping from

app/assets/javascripts/projects/settings_service_desk/components/service_desk_setting.vue

 <script>
-import { GlDeprecatedButton, GlFormSelect, GlToggle, GlLoadingIcon } from '@gitlab/ui';
+import { GlButton, GlFormSelect, GlToggle, GlLoadingIcon } from '@gitlab/ui';
 import { __ } from '~/locale';
 import tooltip from '~/vue_shared/directives/tooltip';
 import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
@@ -13,7 +13,7 @@ export default {
   },
   components: {
     ClipboardButton,
-    GlDeprecatedButton,
+    GlButton,
     GlFormSelect,
     GlToggle,
     GlLoadingIcon,
@@ -157,12 +157,14 @@ export default {
             }}
           </span>
         </template>
-        <gl-deprecated-button
+        <gl-button
           variant="success"
+          class="gl-mt-5"
           :disabled="isTemplateSaving"
           @click="onSaveTemplate"
-          >{{ __('Save template') }}</gl-deprecated-button
         >
+          {{ __('Save template') }}
+        </gl-button>
       </div>
     </div>
   </div>

app/assets/javascripts/vue_merge_request_widget/components/states/unresolved_discussions.vue

 <script>
+import { GlButton } from '@gitlab/ui';
 import statusIcon from '../mr_widget_status_icon.vue';
+import notesEventHub from '~/notes/event_hub';
 
 export default {
   name: 'UnresolvedDiscussions',
   components: {
     statusIcon,
+    GlButton,
   },
   props: {
     mr: {
@@ -12,23 +15,39 @@ export default {
       required: true,
     },
   },
+  methods: {
+    jumpToFirstUnresolvedDiscussion() {
+      notesEventHub.$emit('jumpToFirstUnresolvedDiscussion');
+    },
+  },
 };
 </script>
 
 <template>
-  <div class="mr-widget-body media">
+  <div class="mr-widget-body media gl-flex-wrap">
     <status-icon :show-disabled-button="true" status="warning" />
-    <div class="media-body space-children">
-      <span class="bold">
-        {{ s__('mrWidget|There are unresolved threads. Please resolve these threads') }}
-      </span>
-      <a
+    <div class="media-body">
+      <span class="gl-ml-3 gl-font-weight-bold gl-display-block gl-w-100">{{
+        s__('mrWidget|Before this can be merged, one or more threads must be resolved.')
+      }}</span>
+      <gl-button
+        data-testid="jump-to-first"
+        class="gl-ml-3"
+        size="small"
+        icon="comment-next"
+        @click="jumpToFirstUnresolvedDiscussion"
+      >
+        {{ s__('mrWidget|Jump to first unresolved thread') }}
+      </gl-button>
+      <gl-button
         v-if="mr.createIssueToResolveDiscussionsPath"
         :href="mr.createIssueToResolveDiscussionsPath"
-        class="btn btn-default btn-sm js-create-issue"
+        class="js-create-issue gl-ml-3"
+        size="small"
+        icon="issue-new"
       >
-        {{ s__('mrWidget|Create an issue to resolve them later') }}
-      </a>
+        {{ s__('mrWidget|Resolve all threads in new issue') }}
+      </gl-button>
     </div>
   </div>
 </template>

app/assets/javascripts/deploy_freeze/components/deploy_freeze_timezone_dropdown.vue → app/assets/javascripts/vue_shared/components/timezone_dropdown.vue

@@ -4,7 +4,7 @@ import { __ } from '~/locale';
 import autofocusonshow from '~/vue_shared/directives/autofocusonshow';
 
 export default {
-  name: 'DeployFreezeTimezoneDropdown',
+  name: 'TimezoneDropdown',
   components: {
     GlNewDropdown,
     GlDropdownItem,
@@ -17,7 +17,7 @@ export default {
   props: {
     value: {
       type: String,
-      required: false,
+      required: true,
       default: '',
     },
     timezoneData: {
@@ -28,7 +28,7 @@ export default {
   },
   data() {
     return {
-      searchTerm: this.value || '',
+      searchTerm: '',
     };
   },
   tranlations: {
@@ -47,18 +47,13 @@ export default {
         timezone.formattedTimezone.toLowerCase().includes(lowerCasedSearchTerm),
       );
     },
-    selectTimezoneLabel() {
+    selectedTimezoneLabel() {
       return this.value || __('Select timezone');
     },
   },
-  watch: {
-    value(newVal) {
-      this.searchTerm = newVal;
-    },
-  },
   methods: {
-    selectTimezone(selected) {
-      this.$emit('selectTimezone', selected);
+    selectTimezone(selectedTimezone) {
+      this.$emit('input', selectedTimezone);
       this.searchTerm = '';
     },
     isSelected(timezone) {
@@ -81,9 +76,9 @@ export default {
 <template>
   <gl-new-dropdown :text="value" block lazy menu-class="gl-w-full!">
     <template #button-content>
-      <span ref="buttonText" class="gl-flex-grow-1" :class="{ 'gl-text-gray-500': !value }">{{
-        selectTimezoneLabel
-      }}</span>
+      <span class="gl-flex-grow-1" :class="{ 'gl-text-gray-500': !value }">
+        {{ selectedTimezoneLabel }}
+      </span>
       <gl-icon name="chevron-down" />
     </template>
 
@@ -100,7 +95,7 @@ export default {
       />
       {{ timezone.formattedTimezone }}
     </gl-dropdown-item>
-    <gl-dropdown-item v-if="!filteredResults.length" ref="noMatchingResults">
+    <gl-dropdown-item v-if="!filteredResults.length" data-testid="noMatchingResults">
       {{ $options.tranlations.noResultsText }}
     </gl-dropdown-item>
   </gl-new-dropdown>

app/models/ci/build.rb

@@ -73,8 +73,7 @@ module Ci
       return unless has_environment?
 
       strong_memoize(:persisted_environment) do
-        deployment&.environment ||
-          Environment.find_by(name: expanded_environment_name, project: project)
+        Environment.find_by(name: expanded_environment_name, project: project)
       end
     end
 
@@ -457,8 +456,7 @@ module Ci
       strong_memoize(:expanded_environment_name) do
         # We're using a persisted expanded environment name in order to avoid
         # variable expansion per request.
-        if Feature.enabled?(:ci_persisted_expanded_environment_name, project, default_enabled: true) &&
-          metadata&.expanded_environment_name.present?
+        if metadata&.expanded_environment_name.present?
           metadata.expanded_environment_name
         else
           ExpandVariables.expand(environment, -> { simple_variables })

app/models/issue.rb

@@ -30,6 +30,8 @@ class Issue < ApplicationRecord
   SORTING_PREFERENCE_FIELD = :issues_sort
 
   belongs_to :project
+  has_one :namespace, through: :project
+
   belongs_to :duplicated_to, class_name: 'Issue'
   belongs_to :closed_by, class_name: 'User'
   belongs_to :iteration, foreign_key: 'sprint_id'

app/policies/issue_policy.rb

@@ -40,3 +40,5 @@ class IssuePolicy < IssuablePolicy
     prevent :destroy_design
   end
 end
+
+IssuePolicy.prepend_if_ee('EE::IssuePolicy')

changelogs/unreleased/219908-service-desk-setting-button.yml

+---
+title: Migrate service desk setting button to gl-button
+merge_request: 37612
+author:
+type: changed

changelogs/unreleased/229530-assignee-in-incidents-list.yml

+---
+title: Display assignees in Incident List
+merge_request: 37608
+author:
+type: added

changelogs/unreleased/229961-ux-polish-fix-icon-styles.yml

+---
+title: 'Resolve UX Polish: Fix icon styles'
+merge_request: 37546
+author:
+type: fixed

changelogs/unreleased/230698-fix-create-release-asset-link.yml

+---
+title: Fix creating release asset links when using the API
+merge_request: 37557
+author:
+type: fixed

changelogs/unreleased/id-persisted-env.yml

+---
+title: Always use expanded env name to load persisted environment
+merge_request: 37585
+author:
+type: performance

changelogs/unreleased/resolve-threads-jump-to-thread-button.yml

+---
+title: Prompt to resolve unresolved threads on an MR is a button that jumps to the
+  first such thread
+merge_request: 36164
+author:
+type: added

config/routes/group.rb

@@ -5,23 +5,27 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
         controller: :groups,
         constraints: { id: Gitlab::PathRegex.full_namespace_route_regex, format: /(html|json|atom|ics)/ }) do
     scope(path: '-') do
-      get :edit, as: :edit_group
-      get :issues, as: :issues_group_calendar, action: :issues_calendar, constraints: lambda { |req| req.format == :ics }
-      get :issues, as: :issues_group
-      get :merge_requests, as: :merge_requests_group
-      get :projects, as: :projects_group
-      get :details, as: :details_group
-      get :activity, as: :activity_group
-      put :transfer, as: :transfer_group
-      post :export, as: :export_group
-      get :download_export, as: :download_export_group
+      # These routes are legit and the cop rule will be improved in
+      # https://gitlab.com/gitlab-org/gitlab/-/issues/230703
+      get :edit, as: :edit_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :issues, as: :issues_group_calendar, action: :issues_calendar, constraints: lambda { |req| req.format == :ics } # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :issues, as: :issues_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :merge_requests, as: :merge_requests_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :projects, as: :projects_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :details, as: :details_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :activity, as: :activity_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      put :transfer, as: :transfer_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      post :export, as: :export_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :download_export, as: :download_export_group # rubocop:disable Cop/PutGroupRoutesUnderScope
 
       # TODO: Remove as part of refactor in https://gitlab.com/gitlab-org/gitlab-foss/issues/49693
-      get 'shared', action: :show, as: :group_shared
-      get 'archived', action: :show, as: :group_archived
+      get 'shared', action: :show, as: :group_shared # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get 'archived', action: :show, as: :group_archived # rubocop:disable Cop/PutGroupRoutesUnderScope
     end
 
-    get '/', action: :show, as: :group_canonical
+    # These routes are legit and the cop rule will be improved in
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/230703
+    get '/', action: :show, as: :group_canonical # rubocop:disable Cop/PutGroupRoutesUnderScope
   end
 
   scope(path: 'groups/*group_id/-',
@@ -106,9 +110,11 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
         as: :group,
         constraints: { id: Gitlab::PathRegex.full_namespace_route_regex, format: /(html|json|atom)/ },
         controller: :groups) do
-    get '/', action: :show
-    patch '/', action: :update
-    put '/', action: :update
-    delete '/', action: :destroy
+    # These routes are legit and the cop rule will be improved in
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/230703
+    get '/', action: :show # rubocop:disable Cop/PutGroupRoutesUnderScope
+    patch '/', action: :update # rubocop:disable Cop/PutGroupRoutesUnderScope
+    put '/', action: :update # rubocop:disable Cop/PutGroupRoutesUnderScope
+    delete '/', action: :destroy # rubocop:disable Cop/PutGroupRoutesUnderScope
   end
 end

config/routes/project.rb

@@ -362,18 +362,18 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
       #
       # Service Desk
       #
-      get '/service_desk' => 'service_desk#show', as: :service_desk
-      put '/service_desk' => 'service_desk#update', as: :service_desk_refresh
+      get '/service_desk' => 'service_desk#show', as: :service_desk # rubocop:todo Cop/PutProjectRoutesUnderScope
+      put '/service_desk' => 'service_desk#update', as: :service_desk_refresh # rubocop:todo Cop/PutProjectRoutesUnderScope
 
       #
       # Templates
       #
-      get '/templates/:template_type/:key' => 'templates#show',
+      get '/templates/:template_type/:key' => 'templates#show', # rubocop:todo Cop/PutProjectRoutesUnderScope
           as: :template,
           defaults: { format: 'json' },
           constraints: { key: %r{[^/]+}, template_type: %r{issue|merge_request}, format: 'json' }
 
-      get '/description_templates/names/:template_type',
+      get '/description_templates/names/:template_type', # rubocop:todo Cop/PutProjectRoutesUnderScope
           to: 'templates#names',
           as: :template_names,
           defaults: { format: 'json' },
@@ -382,39 +382,39 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
       resource :pages, only: [:show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope
         resources :domains, except: :index, controller: 'pages_domains', constraints: { id: %r{[^/]+} } do # rubocop: disable Cop/PutProjectRoutesUnderScope
           member do
-            post :verify
-            post :retry_auto_ssl
-            delete :clean_certificate
+            post :verify # rubocop:todo Cop/PutProjectRoutesUnderScope
+            post :retry_auto_ssl # rubocop:todo Cop/PutProjectRoutesUnderScope
+            delete :clean_certificate # rubocop:todo Cop/PutProjectRoutesUnderScope
           end
         end
       end
 
       namespace :prometheus do
         resources :alerts, constraints: { id: /\d+/ }, only: [:index, :create, :show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope
-          post :notify, on: :collection
+          post :notify, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope
           member do
-            get :metrics_dashboard
+            get :metrics_dashboard # rubocop:todo Cop/PutProjectRoutesUnderScope
           end
         end
 
         resources :metrics, constraints: { id: %r{[^\/]+} }, only: [:index, :new, :create, :edit, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope
-          get :active_common, on: :collection
-          post :validate_query, on: :collection
+          get :active_common, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :validate_query, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
       end
 
-      post 'alerts/notify', to: 'alerting/notifications#create'
+      post 'alerts/notify', to: 'alerting/notifications#create' # rubocop:todo Cop/PutProjectRoutesUnderScope
 
       draw :legacy_builds
 
       resources :hooks, only: [:index, :create, :edit, :update, :destroy], constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope
         member do
-          post :test
+          post :test # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
 
         resources :hook_logs, only: [:show] do # rubocop: disable Cop/PutProjectRoutesUnderScope
           member do
-            post :retry
+            post :retry # rubocop:todo Cop/PutProjectRoutesUnderScope
           end
         end
       end
@@ -431,7 +431,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
             resources :tags, only: [:index, :destroy], # rubocop: disable Cop/PutProjectRoutesUnderScope
                              constraints: { id: Gitlab::Regex.container_registry_tag_regex } do
               collection do
-                delete :bulk_destroy
+                delete :bulk_destroy # rubocop:todo Cop/PutProjectRoutesUnderScope
               end
             end
           end
@@ -440,32 +440,32 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
       resources :notes, only: [:create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope
         member do
-          delete :delete_attachment
-          post :resolve
-          delete :resolve, action: :unresolve
+          delete :delete_attachment # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :resolve # rubocop:todo Cop/PutProjectRoutesUnderScope
+          delete :resolve, action: :unresolve # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
       end
 
-      get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes'
+      get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes' # rubocop:todo Cop/PutProjectRoutesUnderScope
 
       resources :todos, only: [:create] # rubocop: disable Cop/PutProjectRoutesUnderScope
 
       resources :uploads, only: [:create] do # rubocop: disable Cop/PutProjectRoutesUnderScope
         collection do
-          get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }, format: false, defaults: { format: nil }
-          post :authorize
+          get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }, format: false, defaults: { format: nil } # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :authorize # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
       end
 
       resources :runners, only: [:index, :edit, :update, :destroy, :show] do # rubocop: disable Cop/PutProjectRoutesUnderScope
         member do
-          post :resume
-          post :pause
+          post :resume # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :pause # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
 
         collection do
-          post :toggle_shared_runners
-          post :toggle_group_runners
+          post :toggle_shared_runners # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :toggle_group_runners # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
       end
 
@@ -474,26 +474,26 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
         collection do
           scope '*ref', constraints: { ref: Gitlab::PathRegex.git_reference_regex } do
             constraints format: /svg/ do
-              get :pipeline
-              get :coverage
+              get :pipeline # rubocop:todo Cop/PutProjectRoutesUnderScope
+              get :coverage # rubocop:todo Cop/PutProjectRoutesUnderScope
             end
           end
         end
       end
 
       scope :usage_ping, controller: :usage_ping do
-        post :web_ide_clientside_preview
-        post :web_ide_pipelines_count
+        post :web_ide_clientside_preview # rubocop:todo Cop/PutProjectRoutesUnderScope
+        post :web_ide_pipelines_count # rubocop:todo Cop/PutProjectRoutesUnderScope
       end
 
       resources :web_ide_terminals, path: :ide_terminals, only: [:create, :show], constraints: { id: /\d+/, format: :json } do # rubocop: disable Cop/PutProjectRoutesUnderScope
         member do
-          post :cancel
-          post :retry
+          post :cancel # rubocop:todo Cop/PutProjectRoutesUnderScope
+          post :retry # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
 
         collection do
-          post :check_config
+          post :check_config # rubocop:todo Cop/PutProjectRoutesUnderScope
         end
       end
 
@@ -506,8 +506,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
         # Issue https://gitlab.com/gitlab-org/gitlab/-/issues/29572
         resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope
           member do
-            get :raw
-            post :mark_as_spam
+            get :raw # rubocop:todo Cop/PutProjectRoutesUnderScope
+            post :mark_as_spam # rubocop:todo Cop/PutProjectRoutesUnderScope
           end
         end
       end

doc/.vale/gitlab/AlertBoxStyle.yml

@@ -5,7 +5,7 @@
 #
 # For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles
 extends: existence
-message: 'Alert box "%s" must use the formatting detailed in the documentation style guide.'
+message: 'Alert box "%s" must use the formatting in the style guide.'
 link: https://docs.gitlab.com/ee/development/documentation/styleguide.html#alert-boxes
 level: error
 scope: raw
@@ -13,4 +13,4 @@ raw:
   - '((NOTE|TIP|CAUTION|DANGER): \*\*[^:]*\*\*)|'
   - '((NOTE: \*\*(NOTE|note):\*\*)|(TIP: \*\*(TIP|tip):\*\*)|(CAUTION: \*\*(CAUTION|caution):\*\*)|(DANGER: \*\*(DANGER|danger):\*\*))|'
   - '((NOTE|TIP|CAUTION|DANGER): \*\*.*\*\*.+)|'
-  - '((\n[ ]*(\*){1,2}(NOTE|Note|note|TIP|Tip|tip|CAUTION|Caution|caution|DANGER|Danger|danger):(\*){1,2})'
+  - '((\n[> ]*(\*){1,2}(NOTE|Note|note|TIP|Tip|tip|CAUTION|Caution|caution|DANGER|Danger|danger):(\*){1,2}))'

doc/administration/auth/okta.md

@@ -156,7 +156,7 @@ You might want to try this out on an incognito browser window.
 
 ## Configuring groups
 
->**Note:**
+NOTE: **Note:**
 Make sure the groups exist and are assigned to the Okta app.
 
 You can take a look of the [SAML documentation](../../integration/saml.md#saml-groups) on configuring groups.

doc/administration/git_annex.md

@@ -90,8 +90,8 @@ one is located in `config.yml` of GitLab Shell.
 
 ## Using GitLab git-annex
 
-> **Note:**
-> Your Git remotes must be using the SSH protocol, not HTTP(S).
+NOTE: **Note:**
+Your Git remotes must be using the SSH protocol, not HTTP(S).
 
 Here is an example workflow of uploading a very large file and then checking it
 into your Git repository:

doc/administration/issue_closing_pattern.md

 # Issue closing pattern **(CORE ONLY)**
 
->**Note:**
+NOTE: **Note:**
 This is the administration documentation. There is a separate [user documentation](../user/project/issues/managing_issues.md#closing-issues-automatically)
 on issue closing pattern.
 
@@ -16,7 +16,7 @@ is installed on.
 The default pattern can be located in [`gitlab.yml.example`](https://gitlab.com/gitlab-org/gitlab/blob/master/config/gitlab.yml.example)
 under the "Automatic issue closing" section.
 
-> **Tip:**
+TIP: **Tip:**
 You are advised to use <https://rubular.com> to test the issue closing pattern.
 Because Rubular doesn't understand `%{issue_ref}`, you can replace this by
 `#\d+` when testing your patterns, which matches only local issue references like `#123`.

doc/administration/monitoring/github_imports.md

@@ -6,8 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Monitoring GitHub imports
 
->**Note:**
-Available since [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14731).
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14731) in GitLab 10.2.
 
 The GitHub importer exposes various Prometheus metrics that you can use to
 monitor the health and progress of the importer.

doc/administration/monitoring/prometheus/index.md

@@ -227,7 +227,7 @@ To use an external Prometheus server:
 
 You can visit `http://localhost:9090` for the dashboard that Prometheus offers by default.
 
->**Note:**
+NOTE: **Note:**
 If SSL has been enabled on your GitLab instance, you may not be able to access
 Prometheus on the same browser as GitLab if using the same FQDN due to [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). We plan to
 [provide access via GitLab](https://gitlab.com/gitlab-org/multi-user-prometheus), but in the interim there are

doc/administration/pages/source.md

@@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # GitLab Pages administration for source installations
 
->**Note:**
+NOTE: **Note:**
 Before attempting to enable GitLab Pages, first make sure you have
 [installed GitLab](../../install/installation.md) successfully.
 
@@ -77,7 +77,7 @@ host that GitLab runs. For example, an entry would look like this:
 where `example.io` is the domain under which GitLab Pages will be served
 and `192.0.2.1` is the IP address of your GitLab instance.
 
-> **Note:**
+NOTE: **Note:**
 You should not use the GitLab domain to serve user pages. For more information
 see the [security section](#security).
 
@@ -349,7 +349,7 @@ world. Custom domains and TLS are supported.
 
 ## NGINX caveats
 
->**Note:**
+NOTE: **Note:**
 The following information applies only for installations from source.
 
 Be extra careful when setting up the domain name in the NGINX configuration. You must

doc/administration/repository_storage_paths.md

@@ -89,7 +89,7 @@ This example uses NFS. We do not recommend using EFS for storage as it may impac
 
 1. [Restart GitLab](restart_gitlab.md#installations-from-source) for the changes to take effect.
 
->**Note:**
+NOTE: **Note:**
 The [`gitlab_shell: repos_path` entry](https://gitlab.com/gitlab-org/gitlab-foss/-/blob/8-9-stable/config/gitlab.yml.example#L457) in `gitlab.yml` will be
 deprecated and replaced by `repositories: storages` in the future, so if you
 are upgrading from a version prior to 8.10, make sure to add the configuration

doc/administration/smime_signing_email.md

@@ -3,7 +3,7 @@
 Notification emails sent by GitLab can be signed with S/MIME for improved
 security.
 
-> **Note:**
+NOTE: **Note:**
 Please be aware that S/MIME certificates and TLS/SSL certificates are not the
 same and are used for different purposes: TLS creates a secure channel, whereas
 S/MIME signs and/or encrypts the message itself

doc/administration/troubleshooting/sidekiq.md

@@ -7,16 +7,18 @@ may be filling up. Users will notice when this happens because new branches
 may not show up and merge requests may not be updated. The following are some
 troubleshooting steps that will help you diagnose the bottleneck.
 
-> **Note:** GitLab administrators/users should consider working through these
-> debug steps with GitLab Support so the backtraces can be analyzed by our team.
-> It may reveal a bug or necessary improvement in GitLab.
->
-> **Note:** In any of the backtraces, be wary of suspecting cases where every
-> thread appears to be waiting in the database, Redis, or waiting to acquire
-> a mutex. This **may** mean there's contention in the database, for example,
-> but look for one thread that is different than the rest. This other thread
-> may be using all available CPU, or have a Ruby Global Interpreter Lock,
-> preventing other threads from continuing.
+NOTE **Note:**
+GitLab administrators/users should consider working through these
+debug steps with GitLab Support so the backtraces can be analyzed by our team.
+It may reveal a bug or necessary improvement in GitLab.
+
+NOTE: **Note:**
+In any of the backtraces, be wary of suspecting cases where every
+thread appears to be waiting in the database, Redis, or waiting to acquire
+a mutex. This **may** mean there's contention in the database, for example,
+but look for one thread that is different than the rest. This other thread
+may be using all available CPU, or have a Ruby Global Interpreter Lock,
+preventing other threads from continuing.
 
 ## Log arguments to Sidekiq jobs
 

doc/api/access_requests.md

 # Group and project access requests API
 
- >**Note:** This feature was introduced in GitLab 8.11
+> Introduced in GitLab 8.11.
 
 ## Valid access levels
 

doc/api/admin_sidekiq_queues.md

 # Admin Sidekiq queues API
 
-> **Note:** This feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25998) in GitLab 12.9
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25998) in GitLab 12.9
 
 Delete jobs from a Sidekiq queue that match the given
 [metadata](../development/logging.md#logging-context-metadata-through-rails-or-grape-requests).

doc/api/epic_links.md

 # Epic Links API **(ULTIMATE)**
 
->**Note:**
-> This endpoint was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9188) in GitLab 11.8.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9188) in GitLab 11.8.
 
 Manages parent-child [epic relationships](../user/group/epics/index.md#multi-level-child-epics-ultimate).
 

doc/api/events.md

@@ -255,7 +255,8 @@ Example response:
 
 ## List a Project's visible events
 
->**Note:** This endpoint has been around longer than the others. Documentation was formerly located in the [Projects API pages](projects.md).
+NOTE: **Note:**
+This endpoint has been around longer than the others. Documentation was formerly located in the [Projects API pages](projects.md).
 
 Get a list of visible events for a particular project.
 

doc/api/group_activity_analytics.md

 # Group Activity Analytics API
 
-> **Note:** This feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26460) in GitLab 12.9.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26460) in GitLab 12.9.
 
 ## Get count of recently created issues for group
 

doc/api/merge_request_approvals.md

@@ -392,9 +392,11 @@ DELETE /projects/:id/approval_rules/:approval_rule_id
 
 ### Change allowed approvers
 
->**Note:** This API endpoint has been deprecated. Please use Approval Rule API instead.
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/183) in [GitLab Starter](https://about.gitlab.com/pricing/) 10.6.
 
+NOTE: **Note:**
+This API endpoint has been deprecated. Please use Approval Rule API instead.
+
 If you are allowed to, you can change approvers and approver groups using
 the following endpoint:
 
@@ -541,9 +543,11 @@ POST /projects/:id/merge_requests/:merge_request_iid/approvals
 
 ### Change allowed approvers for Merge Request
 
->**Note:** This API endpoint has been deprecated. Please use Approval Rule API instead.
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/183) in [GitLab Starter](https://about.gitlab.com/pricing/) 10.6.
 
+NOTE: **Note:**
+This API endpoint has been deprecated. Please use Approval Rule API instead.
+
 If you are allowed to, you can change approvers and approver groups using
 the following endpoint:
 

doc/api/projects.md

@@ -1228,7 +1228,7 @@ PUT /projects/:id
 | `only_mirror_protected_branches` | boolean | no | **(STARTER)** Only mirror protected branches |
 | `mirror_overwrites_diverged_branches` | boolean | no | **(STARTER)** Pull mirror overwrites diverged branches |
 | `packages_enabled` | boolean | no | Enable or disable packages repository feature |
-| `service_desk_enabled` | boolean | no | Enable or disable service desk feature |
+| `service_desk_enabled` | boolean | no | Enable or disable Service Desk feature |
 
 NOTE: **Note:**
 If your HTTP repository is not publicly accessible,
@@ -1258,7 +1258,7 @@ POST /projects/:id/fork
 
 ## List Forks of a project
 
->**Note:** This feature was introduced in GitLab 10.1
+> Introduced in GitLab 10.1.
 
 List the projects accessible to the calling user that have an established, forked relationship with the specified project
 

doc/api/protected_branches.md

 # Protected branches API
 
->**Note:** This feature was introduced in GitLab 9.5
+> Introduced in GitLab 9.5.
 
 **Valid access levels**
 

doc/api/protected_tags.md

 # Protected tags API
 
->**Note:** This feature was introduced in GitLab 11.3
+> Introduced in GitLab 11.3.
 
 **Valid access levels**
 

doc/api/services.md

 # Services API
 
->**Note:** This API requires an access token with Maintainer or Owner permissions
+NOTE: **Note:**
+This API requires an access token with Maintainer or Owner permissions
 
 ## List all active services
 
@@ -636,9 +637,9 @@ GET /projects/:id/services/github
 
 ## Hangouts Chat
 
-Google GSuite team collaboration tool.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20290) in GitLab 11.2.
 
->**Note:** This service was [introduced in v11.2](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20290)
+Google GSuite team collaboration tool.
 
 ### Create/Edit Hangouts Chat service
 
@@ -648,7 +649,8 @@ Set Hangouts Chat service for a project.
 PUT /projects/:id/services/hangouts-chat
 ```
 
->**Note:** Specific event parameters (for example, `push_events` flag) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
+NOTE: **Note:**
+Specific event parameters (for example, `push_events` flag) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
 
 Parameters:
 
@@ -1151,7 +1153,8 @@ Set Slack service for a project.
 PUT /projects/:id/services/slack
 ```
 
->**Note:** Specific event parameters (for example, `push_events` flag and `push_channel`) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
+NOTE: **Note:**
+Specific event parameters (for example, `push_events` flag and `push_channel`) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
 
 Parameters:
 
@@ -1260,7 +1263,8 @@ Set Mattermost service for a project.
 PUT /projects/:id/services/mattermost
 ```
 
->**Note:** Specific event parameters (for example, `push_events` flag and `push_channel`) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
+NOTE: **Note:**
+Specific event parameters (for example, `push_events` flag and `push_channel`) were [introduced in v10.4](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11435)
 
 Parameters:
 

doc/api/sidekiq_metrics.md

 # Sidekiq Metrics API
 
->**Note:** This endpoint is only available on GitLab 8.9 and above.
+> Introduced in GitLab 8.9.
 
 This API endpoint allows you to retrieve some information about the current state
 of Sidekiq, its jobs, queues, and processes.

doc/api/templates/licenses.md

@@ -120,7 +120,7 @@ GET /templates/licenses/:key
 | `project`  | string | no       | The copyrighted project name |
 | `fullname` | string | no       | The full-name of the copyright holder |
 
->**Note:**
+NOTE: **Note:**
 If you omit the `fullname` parameter but authenticate your request, the name of
 the authenticated user will be used to replace the copyright holder placeholder.
 

doc/api/version.md

 # Version API
 
->**Note:** This feature was introduced in GitLab 8.13
+> Introduced in GitLab 8.13.
 
 Retrieve version information for this GitLab instance. Responds `200 OK` for
 authenticated users.

doc/ci/examples/laravel_with_gitlab_and_envoy/index.md

@@ -150,7 +150,7 @@ Now, let's clone our repository on the server just to make sure the `deployer` u
 git clone git@gitlab.example.com:<USERNAME>/laravel-sample.git
 ```
 
->**Note:**
+NOTE: **Note:**
 Answer **yes** if asked `Are you sure you want to continue connecting (yes/no)?`.
 It adds GitLab.com to the known hosts.
 
@@ -174,7 +174,7 @@ server {
 }
 ```
 
->**Note:**
+NOTE: **Note:**
 You may replace the app's name in `/var/www/app/current/public` with the folder name of your application.
 
 ## Setting up Envoy
@@ -464,14 +464,14 @@ docker build -t registry.gitlab.com/<USERNAME>/laravel-sample .
 docker push registry.gitlab.com/<USERNAME>/laravel-sample
 ```
 
->**Note:**
+NOTE: **Note:**
 To run the above commands, we first need to have [Docker](https://docs.docker.com/engine/installation/) installed on our machine.
 
 Congratulations! You just pushed the first Docker image to the GitLab Registry, and if you refresh the page you should be able to see it:
 
 ![container registry page with image](img/container_registry_page_with_image.jpg)
 
->**Note:**
+NOTE: **Note:**
 You can also [use GitLab CI/CD](https://about.gitlab.com/blog/2016/05/23/gitlab-container-registry/#use-with-gitlab-ci) to build and push your Docker images, rather than doing that on your machine.
 
 We'll use this image further down in the `.gitlab-ci.yml` configuration file to handle the process of testing and deploying our app.
@@ -551,7 +551,7 @@ services:
 ...
 ```
 
->**Note:**
+NOTE: **Note:**
 If you wish to test your app with different PHP versions and [database management systems](../../services/README.md), you can define different `image` and `services` keywords for each test job.
 
 #### Variables

doc/ci/examples/test_phoenix_app_with_gitlab_ci_cd/index.md

@@ -123,7 +123,7 @@ Generated hello_gitlab_ci app
 The database for HelloGitlabCi.Repo has been created
 ```
 
-> **Note:**
+NOTE: **Note:**
 Phoenix assumes that our PostgreSQL database will have a `postgres` user account with the correct
 permissions and a password of `postgres`. If it's not your case, check
 [Ecto's instructions](https://hexdocs.pm/ecto/Ecto.html#module-repositories).
@@ -211,7 +211,8 @@ when running our Phoenix in our `localhost`.
   Without `.gitkeep`, Git will not upload this empty directory and we'll got an error when running our
   test on GitLab.
 
-  > **Note:** If we add a folder via the GitLab UI, GitLab itself will add the `.gitkeep` to that new dir.
+  NOTE: **Note:**
+  If we add a folder via the GitLab UI, GitLab itself will add the `.gitkeep` to that new dir.
 
 Now, let's run a local test and see if everything we did didn't break anything.
 

doc/ci/quick_start/README.md

@@ -82,7 +82,7 @@ blog about it](https://about.gitlab.com/blog/2015/05/06/why-were-replacing-gitla
 
 ### Creating a simple `.gitlab-ci.yml` file
 
->**Note:**
+NOTE: **Note:**
 `.gitlab-ci.yml` is a [YAML](https://en.wikipedia.org/wiki/YAML) file
 so you have to pay extra attention to indentation. Always use spaces, not tabs.
 

doc/ci/triggers/README.md

@@ -271,7 +271,7 @@ of all types of variables.
 
 ## Using cron to trigger nightly pipelines
 
->**Note:**
+NOTE: **Note:**
 The following behavior can also be achieved through GitLab's UI with
 [pipeline schedules](../pipelines/schedules.md).
 

doc/ci/yaml/README.md

@@ -305,19 +305,51 @@ To define your own `workflow: rules`, the configuration options currently availa
 - [`if`](#rulesif): Define a rule.
 - [`when`](#when): May be set to `always` or `never` only. If not provided, the default value is `always`​.
 
-The list of `if` rules is evaluated until a single one is matched. If none
-match, the last `when` will be used:
+If a pipeline attempts to run but matches no rule, it's dropped and doesn't run.
+
+For example, with the following configuration, pipelines run for all `push` events (changes to
+branches and new tags) as long as they *don't* have `-wip` in the commit message. Scheduled
+pipelines and merge request pipelines don't run, as there's no rule allowing them.
 
 ```yaml
 workflow:
   rules:
     - if: $CI_COMMIT_REF_NAME =~ /-wip$/
       when: never
-    - if: $CI_COMMIT_TAG
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+```
+
+This example has strict rules, and no other pipelines can run.
+
+Alternatively, you can have loose rules by using only `when: never` rules, followed
+by a final `when: always` rule. This allows all types of pipelines, except for any
+that match the `when: never` rules:
+
+```yaml
+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "push"'
       when: never
     - when: always
 ```
 
+This example never allows pipelines for schedules or `push` (branches and tags) pipelines,
+but does allow pipelines in **all** other cases, *including* merge request pipelines.
+
+As with `rules` defined in jobs, be careful not to use a configuration that allows
+merge request pipelines and branch pipelines to run at the same time, or you could
+have [duplicate pipelines](#differences-between-rules-and-onlyexcept).
+
+Useful workflow rules clauses:
+
+| Clause                                                                    | Details                                                                                       |
+|---------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|
+| `if: '$CI_PIPELINE_SOURCE == "merge_request_event"'`                      | Allow or block merge request pipelines.                                                        |
+| `if: '$CI_PIPELINE_SOURCE == "push"'`                                     | Allow or block both branch pipelines and tag pipelines.                                        |
+| `if: $CI_COMMIT_BEFORE_SHA == '0000000000000000000000000000000000000000'` | Allow or block pipeline creation when new branches are created or pushed with no commits. |
+
 #### `workflow:rules` templates
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217732) in GitLab 13.0.

doc/development/api_styleguide.md

@@ -85,7 +85,7 @@ User.create(params) # imagine the user submitted `admin=1`... :)
 User.create(declared(params, include_parent_namespaces: false).to_h)
 ```
 
->**Note:**
+NOTE: **Note:**
 `declared(params)` return a `Hashie::Mash` object, on which you will have to
 call `.to_h`.
 

doc/development/background_migrations.md

@@ -29,10 +29,10 @@ Some examples where background migrations can be useful:
 - Populating one column based on JSON stored in another column.
 - Migrating data that depends on the output of external services (e.g. an API).
 
-> **Note:**
-> If the background migration is part of an important upgrade, make sure it's announced
-> in the release post. Discuss with your Project Manager if you're not sure the migration falls
-> into this category.
+NOTE: **Note:**
+If the background migration is part of an important upgrade, make sure it's announced
+in the release post. Discuss with your Project Manager if you're not sure the migration falls
+into this category.
 
 ## Isolation
 
@@ -123,7 +123,7 @@ once.
 
 ## Cleaning Up
 
->**Note:**
+NOTE: **Note:**
 Cleaning up any remaining background migrations _must_ be done in either a major
 or minor release, you _must not_ do this in a patch release.
 

doc/development/documentation/site_architecture/global_nav.md

@@ -304,9 +304,9 @@ Examples:
   # does not include index.html at the end
 
   docs:
-    - doc_title: Service Desk
-      doc_url: 'user/project/service_desk.html'
-      ee_only: false
+    - doc_title: Container Scanning
+      doc_url: 'user/application_security/container_scanning/'
+      ee_only: true
       # note that the URL above ends in html and, as the
       # document is EE-only, the attribute ee_only is set to true.
 ```

doc/development/documentation/styleguide.md

@@ -1767,7 +1767,8 @@ curl --data "name=foo" --header "PRIVATE-TOKEN: <your_access_token>" "https://gi
 
 #### Post data using JSON content
 
-> **Note:** In this example we create a new group. Watch carefully the single
+NOTE: **Note:**
+In this example we create a new group. Watch carefully the single
 and double quotes.
 
 ```shell

doc/development/fe_guide/style/javascript.md

@@ -10,7 +10,7 @@ linter to manage most of our JavaScript style guidelines.
 In addition to the style guidelines set by Airbnb, we also have a few specific rules
 listed below.
 
-> **Tip:**
+TIP: **Tip:**
 You can run eslint locally by running `yarn eslint`
 
 ## Avoid forEach

doc/development/i18n/proofreader.md

@@ -115,9 +115,10 @@ are very appreciative of the work done by translators and proofreaders!
 
 ## Become a proofreader
 
-> **Note:** Before requesting Proofreader permissions in CrowdIn please make
-> sure that you have a history of contributing translations to the GitLab
-> project.
+NOTE: **Note:**
+Before requesting Proofreader permissions in CrowdIn please make
+sure that you have a history of contributing translations to the GitLab
+project.
 
 1. Contribute translations to GitLab. See instructions for
    [translating GitLab](translation.md).

doc/development/licensed_feature_availability.md

@@ -8,7 +8,7 @@ on-premise or GitLab.com plans and features.
 
 GitLab.com plans are persisted on user groups and namespaces, therefore, if you're adding a
 feature such as [Related issues](../user/project/issues/related_issues.md) or
-[Service desk](../user/project/service_desk.md),
+[Service Desk](../user/project/service_desk.md),
 it should be restricted on namespace scope.
 
 1. Add the feature symbol on `EES_FEATURES`, `EEP_FEATURES` or `EEU_FEATURES` constants in

doc/development/query_recorder.md

@@ -20,7 +20,8 @@ end
 
 As an example you might create 5 issues in between counts, which would cause the query count to increase by 5 if an N+1 problem exists.
 
-> **Note:** In some cases the query count might change slightly between runs for unrelated reasons. In this case you might need to test `exceed_query_limit(control_count + acceptable_change)`, but this should be avoided if possible.
+NOTE: **Note:**
+In some cases the query count might change slightly between runs for unrelated reasons. In this case you might need to test `exceed_query_limit(control_count + acceptable_change)`, but this should be avoided if possible.
 
 ## Cached queries
 

doc/development/testing_guide/frontend_testing.md

@@ -24,9 +24,8 @@ We have started to migrate frontend tests to the [Jest](https://jestjs.io) testi
 
 Jest tests can be found in `/spec/frontend` and `/ee/spec/frontend` in EE.
 
-> **Note:**
->
-> Most examples have a Jest and Karma example. See the Karma examples only as explanation to what's going on in the code, should you stumble over some use cases during your discovery. The Jest examples are the one you should follow.
+NOTE: **Note:**
+Most examples have a Jest and Karma example. See the Karma examples only as explanation to what's going on in the code, should you stumble over some use cases during your discovery. The Jest examples are the one you should follow.
 
 ## Karma test suite
 

doc/install/azure/index.md

@@ -67,7 +67,8 @@ The first items we need to configure are the basic settings of the underlying vi
 1. Enter a `User name` - e.g. `gitlab-admin`
 1. Select an `Authentication type`, either **SSH public key** or **Password**:
 
-   > **Note:** if you're unsure which authentication type to use, select **Password**
+   NOTE: **Note:**
+   If you're unsure which authentication type to use, select **Password**
 
    1. If you chose **SSH public key** - enter your `SSH public key` into the field provided
    _(read the [SSH documentation](../../ssh/README.md) to learn more about how to set up SSH
@@ -78,8 +79,9 @@ The first items we need to configure are the basic settings of the underlying vi
 1. Choose the appropriate `Subscription` tier for your Azure account
 1. Choose an existing `Resource Group` or create a new one - e.g. **"GitLab-CE-Azure"**
 
-   > **Note:** a "Resource group" is a way to group related resources together for easier administration.
-   > We chose "GitLab-CE-Azure", but your resource group can have the same name as your VM.
+   NOTE **Note:**
+   A "Resource group" is a way to group related resources together for easier administration.
+   We chose "GitLab-CE-Azure", but your resource group can have the same name as your VM.
 
 1. Choose a `Location` - if you're unsure, select the default location
 
@@ -94,7 +96,8 @@ Check the settings you have entered, and then click **"OK"** when you're ready t
 Next, you need to choose the size of your VM - selecting features such as the number of CPU cores,
 the amount of RAM, the size of storage (and its speed), etc.
 
-> **Note:** in common with other cloud vendors, Azure operates a resource/usage pricing model, i.e.
+NOTE: **Note:**
+In common with other cloud vendors, Azure operates a resource/usage pricing model, i.e.
 the more resources your VM consumes the more it will cost you to run, so make your selection
 carefully. You'll see that Azure provides an _estimated_ monthly cost beneath each VM Size to help
 guide your selection.
@@ -105,7 +108,8 @@ ahead and select this one, but please choose the size which best meets your own
 
 ![Azure - Create Virtual Machine - Size](img/azure-create-virtual-machine-size.png)
 
-> **Note:** be aware that while your VM is active (known as "allocated"), it will incur
+NOTE: **Note:**
+Be aware that while your VM is active (known as "allocated"), it will incur
 "compute charges" which, ultimately, you will be billed for. So, even if you're using the
 free trial credits, you'll likely want to learn
 [how to properly shutdown an Azure VM to save money](https://build5nines.com/properly-shutdown-azure-vm-to-save-money/).
@@ -131,7 +135,8 @@ new VM. You'll be billed only for the VM itself (e.g. "Standard DS1 v2") because
 
 ![Azure - Create Virtual Machine - Purchase](img/azure-create-virtual-machine-purchase.png)
 
-> **Note:** at this stage, you can review and modify the any of the settings you have made during all
+NOTE: **Note:**
+At this stage, you can review and modify the any of the settings you have made during all
 previous steps, just click on any of the four steps to re-open them.
 
 When you have read and agreed to the terms of use and are ready to proceed, click **"Purchase"**.
@@ -173,7 +178,8 @@ _(the full domain name of your own VM will be different, of course)_.
 
 Click **"Save"** for the changes to take effect.
 
-> **Note:** if you want to use your own domain name, you will need to add a DNS `A` record at your
+NOTE **Note:**
+If you want to use your own domain name, you will need to add a DNS `A` record at your
 domain registrar which points to the public IP address of your Azure VM. If you do this, you'll need
 to make sure your VM is configured to use a _static_ public IP address (i.e. not a _dynamic_ one)
 or you will have to reconfigure the DNS `A` record each time Azure reassigns your VM a new public IP
@@ -189,7 +195,8 @@ Ports are opened by adding _security rules_ to the **"Network security group"**
 has been assigned to. If you followed the process above, then Azure will have automatically created
 an NSG named `GitLab-CE-nsg` and assigned the `GitLab-CE` VM to it.
 
-> **Note:** if you gave your VM a different name then the NSG automatically created by Azure will
+NOTE: **Note:**
+If you gave your VM a different name then the NSG automatically created by Azure will
 also have a different name - the name you have your VM, with `-nsg` appended to it.
 
 You can navigate to the NSG settings via many different routes in the Azure Portal, but one of the
@@ -320,7 +327,8 @@ Under the **"Components"** section, we can see that our VM is currently running
 GitLab. This is the version of GitLab which was contained in the Azure Marketplace
 **"GitLab Community Edition"** offering we used to build the VM when we wrote this tutorial.
 
-> **Note:** The version of GitLab in your own VM instance may well be different, but the update
+NOTE **Note:**
+The version of GitLab in your own VM instance may well be different, but the update
 process will still be the same.
 
 ### Connect via SSH
@@ -332,12 +340,11 @@ connect to it using SSH ([Secure Shell](https://en.wikipedia.org/wiki/Secure_She
 If you're running Windows, you'll need to connect using [PuTTY](https://www.putty.org) or an equivalent Windows SSH client.
 If you're running Linux or macOS, then you already have an SSH client installed.
 
-> **Note:**
->
-> - Remember that you will need to login with the username and password you specified
->   [when you created](#basics) your Azure VM
-> - If you need to reset your VM password, read
->   [how to reset SSH credentials for a user on an Azure VM](https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-ssh-connection).
+Remember that you will need to login with the username and password you specified
+[when you created](#basics) your Azure VM.
+
+If you need to reset your VM password, read
+[how to reset SSH credentials for a user on an Azure VM](https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-ssh-connection).
 
 #### SSH from the command-line
 

doc/install/openshift_and_gitlab/index.md

@@ -46,7 +46,7 @@ latest Origin release is used:
 - **OpenShift** `v1.3.0` (is pre-installed in the [VM image](https://app.vagrantup.com/openshift/boxes/origin-all-in-one))
 - **Kubernetes** `v1.3.0` (is pre-installed in the [VM image](https://app.vagrantup.com/openshift/boxes/origin-all-in-one))
 
->**Note:**
+NOTE: **Note:**
 If you intend to deploy GitLab on a production OpenShift cluster, there are some
 limitations to bare in mind. Read on the [limitations](#current-limitations)
 section for more information and follow the linked links for the relevant
@@ -266,7 +266,7 @@ And then let's import it in OpenShift:
 oc create -f openshift-template.json -n openshift
 ```
 
->**Note:**
+NOTE: **Note:**
 The `-n openshift` namespace flag is a trick to make the template available to all
 projects. If you recall from when we created the `gitlab` project, `oc` switched
 to it automatically, and that can be verified by the `oc status` command. If
@@ -313,7 +313,7 @@ If you are deploying to production you will want to change the **GitLab instance
 hostname** and use greater values for the volume sizes. If you don't provide a
 password for PostgreSQL, it will be created automatically.
 
->**Note:**
+NOTE: **Note:**
 The `gitlab.apps.10.2.2.2.nip.io` hostname that is used by default will
 resolve to the host with IP `10.2.2.2` which is the IP our VM uses. It is a
 trick to have distinct FQDNs pointing to services that are on our local network.

doc/integration/bitbucket.md

@@ -21,7 +21,7 @@ Bitbucket.org.
 
 ## Bitbucket OmniAuth provider
 
-> **Note:**
+NOTE: **Note:**
 GitLab 8.15 significantly simplified the way to integrate Bitbucket.org with
 GitLab. You are encouraged to upgrade your GitLab instance if you haven't done so
 already. If you're using GitLab 8.14 or below, [use the previous integration

doc/integration/jenkins_deprecated.md

 # Jenkins CI (deprecated) service
 
->**Note:** In GitLab 8.3, Jenkins integration using the
+NOTE: **Note:**
+In GitLab 8.3, Jenkins integration using the
 [GitLab Hook Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Hook+Plugin)
 was deprecated in favor of the
 [GitLab Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Plugin).

doc/integration/jira_development_panel.md

@@ -105,12 +105,11 @@ There are no special requirements if you are using GitLab.com.
    for all the projects in the GitLab group you specified in the previous step. These are refreshed
    every 60 minutes.
 
-   > **Note:**
-   > In the future, we plan on implementing real-time integration. If you need
-   > to refresh the data manually, you can do this from the `Applications -> DVCS
-   > accounts` screen where you initially set up the integration:
-   >
-   > ![Refresh GitLab information in Jira](img/jira_dev_panel_manual_refresh.png)
+   In the future, we plan on implementing real-time integration. If you need
+   to refresh the data manually, you can do this from the `Applications -> DVCS
+   accounts` screen where you initially set up the integration:
+
+   ![Refresh GitLab information in Jira](img/jira_dev_panel_manual_refresh.png)
 
 To connect additional GitLab projects from other GitLab top-level groups (or personal namespaces), repeat the above
 steps with additional Jira DVCS accounts.

doc/integration/kerberos.md

@@ -42,7 +42,7 @@ sudo chmod 0600 /etc/http.keytab
 
 **Installations from source**
 
->**Note:**
+NOTE: **Note:**
 For source installations, make sure the `kerberos` gem group
 [has been installed](../install/installation.md#install-gems).
 

doc/integration/omniauth.md

@@ -43,9 +43,9 @@ contains some settings that are common for all providers.
 Before configuring individual OmniAuth providers there are a few global settings
 that are in common for all providers that we need to consider.
 
-> **NOTE:**
-> Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
-> earlier version, you'll need to explicitly enable it.
+NOTE: **Note:**
+Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
+earlier version, you'll need to explicitly enable it.
 
 - `allow_single_sign_on` allows you to specify the providers you want to allow to
   automatically create an account. It defaults to `false`. If `false` users must
@@ -57,16 +57,16 @@ that are in common for all providers that we need to consider.
   be blocked by default and will have to be unblocked by an administrator before
   they are able to sign in.
 
-> **Note:**
-> If you set `block_auto_created_users` to `false`, make sure to only
-> define providers under `allow_single_sign_on` that you are able to control, like
-> SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on
-> the Internet will be able to successfully sign in to your GitLab without
-> administrative approval.
->
-> **Note:**
-> `auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP
-> and the OmniAuth provider.
+NOTE: **Note:**
+If you set `block_auto_created_users` to `false`, make sure to only
+define providers under `allow_single_sign_on` that you are able to control, like
+SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on
+the Internet will be able to successfully sign in to your GitLab without
+administrative approval.
+
+NOTE: **Note:**
+`auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP
+and the OmniAuth provider.
 
 To change these settings:
 
@@ -142,8 +142,7 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab
 
 ## Configure OmniAuth Providers as External
 
->**Note:**
-This setting was introduced with version 8.7 of GitLab
+> Introduced in GitLab 8.7.
 
 You can define which OmniAuth providers you want to be `external` so that all users
 **creating accounts, or logging in via these providers** will not be able to have
@@ -151,7 +150,7 @@ access to internal projects. You will need to use the full name of the provider,
 like `google_oauth2` for Google. Refer to the examples for the full names of the
 supported providers.
 
->**Note:**
+NOTE: **Note:**
 If you decide to remove an OmniAuth provider from the external providers list
 you will need to manually update the users that use this method to login, if you
 want their accounts to be upgraded to full internal accounts.
@@ -171,7 +170,7 @@ omniauth:
 
 ## Using Custom OmniAuth Providers
 
->**Note:**
+NOTE: **Note:**
 The following information only applies for installations from source.
 
 GitLab uses [OmniAuth](https://github.com/omniauth/omniauth) for authentication and already ships
@@ -224,12 +223,11 @@ we'd like to at least help those with specific needs.
 
 ## Enable or disable Sign In with an OmniAuth provider without disabling import sources
 
->**Note:**
-This setting was introduced with version 8.8 of GitLab.
+> Introduced in GitLab 8.8.
 
 Administrators are able to enable or disable Sign In via some OmniAuth providers.
 
->**Note:**
+NOTE: **Note:**
 By default Sign In is enabled via all the OAuth Providers that have been configured in `config/gitlab.yml`.
 
 In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings -> Sign-in Restrictions section -> Enabled OAuth Sign-In sources and select the providers you want to enable or disable.

doc/integration/saml.md

@@ -253,8 +253,7 @@ considered admin users.
 
 ### Auditor Groups **(STARTER ONLY)**
 
->**Note:**
-This setting is only available on GitLab 11.4 EE and above.
+> Introduced in [GitLab Starter](https://about.gitlab.com/pricing/) 11.4.
 
 The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell
 GitLab where to look for the groups in the SAML response, and which group(s) should be
@@ -379,7 +378,7 @@ You may also bypass the auto signin feature by browsing to
 
 ### `attribute_statements`
 
->**Note:**
+NOTE: **Note:**
 This setting should only be used to map attributes that are part of the
 OmniAuth `info` hash schema.
 

doc/security/user_file_uploads.md

@@ -18,7 +18,7 @@ notification emails, which are often read from email clients that are not
 authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your
 mobile device.
 
->**Note:**
+NOTE: **Note:**
 Non-image attachments do require authentication to be viewed.
 
 <!-- ## Troubleshooting

doc/topics/git/lfs/migrate_from_git_annex_to_git_lfs.md

 # Migration guide from Git Annex to Git LFS
 
->**Note:**
+NOTE: **Note:**
 Git Annex support [has been removed](https://gitlab.com/gitlab-org/gitlab/-/issues/1648) in GitLab Enterprise
 Edition 9.0 (2017/03/22).
 
@@ -30,7 +30,7 @@ ones that GitLab developed.
 
 ## Migration steps
 
->**Note:**
+NOTE: **Note:**
 Since Git Annex files are stored in a sub-directory of the normal repositories
 (`.git/annex/objects`) and LFS files are stored outside of the repositories,
 they are not compatible as they are using a different scheme. Therefore, the

doc/topics/gitlab_flow.md

@@ -266,11 +266,11 @@ One option is to use continuous integration (CI) to merge in `master` at the sta
 Another option is to only merge in from well-defined points in time, for example, a tagged release.
 You could also use [feature toggles](https://martinfowler.com/bliki/FeatureToggle.html) to hide incomplete features so you can still merge back into `master` every day.
 
-> **Note:** Don't confuse automatic branch testing with continuous integration.
-> Martin Fowler makes this distinction in [his article about feature branches](https://martinfowler.com/bliki/FeatureBranch.html):
->
-> "I've heard people say they are doing CI because they are running builds, perhaps using a CI server, on every branch with every commit.
-> That's continuous building, and a Good Thing, but there's no *integration*, so it's not CI."
+NOTE: **Note:**
+Don't confuse automatic branch testing with continuous integration.
+Martin Fowler makes this distinction in [his article about feature branches](https://martinfowler.com/bliki/FeatureBranch.html):
+"I've heard people say they are doing CI because they are running builds, perhaps using a CI server, on every branch with every commit.
+That's continuous building, and a Good Thing, but there's no *integration*, so it's not CI."
 
 In conclusion, you should try to prevent merge commits, but not eliminate them.
 Your codebase should be clean, but your history should represent what actually happened.

doc/topics/index.md

@@ -16,4 +16,5 @@ tutorials, technical overviews, blog posts) and videos.
 - [GitLab Pages](../user/project/pages/index.md)
 - [Offline GitLab](offline/index.md)
 
->**Note:** More topics will be available soon.
+NOTE: **Note:**
+More topics will be available soon.

doc/update/README.md

@@ -200,7 +200,7 @@ Below you can find some guides to help you change editions easily.
 
 ### Community to Enterprise Edition
 
->**Note:**
+NOTE: **Note:**
 The following guides are for subscribers of the Enterprise Edition only.
 
 If you wish to upgrade your GitLab installation from Community to Enterprise

doc/user/application_security/index.md

@@ -64,6 +64,7 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Secret Detection](secret_detection/index.md) **(ULTIMATE)**                | Analyze Git history for leaked secrets.                                |
 | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**             | View vulnerabilities in all your projects and groups.                  |
 | [Static Application Security Testing (SAST)](sast/index.md) **(ULTIMATE)**   | Analyze source code for known vulnerabilities.                         |
+| [Coverage fuzzing](coverage_fuzzing/index.md) **(ULTIMATE)**                 | Find unknown bugs and vulnerabilities with coverage-guided fuzzing.    |
 
 ## Security Scanning with Auto DevOps
 

doc/user/compliance/license_compliance/index.md

@@ -64,6 +64,7 @@ The following languages and package managers are supported.
 
 NOTE: **Note:**
 Java 8 and Gradle 1.x projects are not supported.
+The minimum supported version of Maven is 3.2.5.
 
 ### Experimental support
 
@@ -99,10 +100,6 @@ For older versions of GitLab from 11.9 to 12.7, you must
 For GitLab versions earlier than 11.9, you can copy and use the job as defined
 that template.
 
-NOTE: **Note:**
-GitLab 13.0 removes the `License-Management.gitlab-ci.yml` template.
-Use `License-Scanning.gitlab-ci.yml` instead.
-
 Add the following to your `.gitlab-ci.yml` file:
 
 ```yaml
@@ -110,13 +107,12 @@ include:
   - template: Security/License-Scanning.gitlab-ci.yml
 ```
 
-The included template will create a `license_scanning` job in your CI/CD pipeline
-and scan your dependencies to find their licenses.
+The included template creates a `license_scanning` job in your CI/CD pipeline and scans your
+dependencies to find their licenses.
 
 NOTE: **Note:**
-Before GitLab 12.8, the `license_scanning` job was named `license_management`.
-GitLab 13.0 removes the `license_management` job,
-so you're advised to migrate to the `license_scanning` job and used the new
+Before GitLab 12.8, the `license_scanning` job was named `license_management`. GitLab 13.0 removes
+the `license_management` job, so you must migrate to the `license_scanning` job and use the new
 `License-Scanning.gitlab-ci.yml` template.
 
 The results will be saved as a

doc/user/discussions/index.md

@@ -242,7 +242,7 @@ After you click on the image, a comment form will be displayed that would be the
 of your thread. Once you save your comment, you will see a new badge displayed on
 top of your image. This badge represents your thread.
 
->**Note:**
+NOTE: **Note:**
 This thread badge is typically associated with a number that is only used as a visual
 reference for each thread. In the merge request thread tab,
 this badge will be indicated with a comment icon since each thread will render a new

doc/user/markdown.md

@@ -258,7 +258,8 @@ If you're new to this, don't be <img src="https://gitlab.com/gitlab-org/gitlab-f
 
 Consult the [Emoji Cheat Sheet](https://www.webfx.com/tools/emoji-cheat-sheet/) for a list of all supported emoji codes. <img src="https://gitlab.com/gitlab-org/gitlab-foss/raw/master/app/assets/images/emoji/thumbsup.png" width="20px" height="20px" style="display:inline;margin:0">
 
-> **Note:** The emoji example above uses hard-coded images for this documentation. The emoji,
+NOTE: **Note:**
+The emoji example above uses hard-coded images for this documentation. The emoji,
 when rendered within GitLab, may appear different depending on the OS and browser used.
 
 Most emoji are natively supported on macOS, Windows, iOS, Android, and will fall back on image-based emoji where there is no support.

doc/user/permissions.md

@@ -432,7 +432,7 @@ instance and project. In addition, all admins can use the admin interface under
 NOTE: **Note:**
 In GitLab 11.0, the Master role was renamed to Maintainer.
 
->**Note:**
+NOTE: **Note:**
 GitLab 8.12 has a completely redesigned job permissions system.
 Read all about the [new model and its implications](project/new_ci_build_permissions_model.md).
 

doc/user/project/import/gitea.md

@@ -11,7 +11,7 @@ Import your projects from Gitea to GitLab with minimal effort.
 
 ## Overview
 
->**Note:**
+NOTE: **Note:**
 This requires Gitea `v1.0.0` or newer.
 
 - At its current state, Gitea importer can import:

doc/user/project/import/gitlab_com.md

@@ -13,7 +13,7 @@ mind that it is possible only if GitLab.com integration is enabled on your GitLa
 
 To get to the importer page you need to go to "New project" page.
 
->**Note:**
+NOTE: **Note:**
 If you are interested in importing Wiki and Merge Request data to your new instance,
 you'll need to follow the instructions for [exporting a project](../settings/import_export.md#exporting-a-project-and-its-data)
 

doc/user/project/integrations/webhooks.md

@@ -6,25 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Webhooks
 
-> **Note:**
-> Starting from GitLab 8.5:
->
-> - the `repository` key is deprecated in favor of the `project` key
-> - the `project.ssh_url` key is deprecated in favor of the `project.git_ssh_url` key
-> - the `project.http_url` key is deprecated in favor of the `project.git_http_url` key
->
-> **Note:**
-> Starting from GitLab 11.1, the logs of webhooks are automatically removed after
-> one month.
->
-> **Note:**
-> Starting from GitLab 11.2:
->
-> - The `description` field for issues, merge requests, comments, and wiki pages
->   is rewritten so that simple Markdown image references (like
->   `![](/uploads/...)`) have their target URL changed to an absolute URL. See
->   [image URL rewriting](#image-url-rewriting) for more details.
-
 Project webhooks allow you to trigger a URL if for example new code is pushed or
 a new issue is created. You can configure webhooks to listen for specific events
 like pushes, issues or merge requests. GitLab will send a POST request with data
@@ -56,6 +37,24 @@ Navigate to the webhooks page by going to your project's
 NOTE: **Note:**
 On GitLab.com, the [maximum number of webhooks](../../../user/gitlab_com/index.md#maximum-number-of-webhooks) per project, and per group, is limited.
 
+## Version history
+
+Starting from GitLab 8.5:
+
+- the `repository` key is deprecated in favor of the `project` key
+- the `project.ssh_url` key is deprecated in favor of the `project.git_ssh_url` key
+- the `project.http_url` key is deprecated in favor of the `project.git_http_url` key
+
+Starting from GitLab 11.1, the logs of webhooks are automatically removed after
+one month.
+
+Starting from GitLab 11.2:
+
+- The `description` field for issues, merge requests, comments, and wiki pages
+  is rewritten so that simple Markdown image references (like
+  `![](/uploads/...)`) have their target URL changed to an absolute URL. See
+  [image URL rewriting](#image-url-rewriting) for more details.
+
 ## Use-cases
 
 - You can set up a webhook in GitLab to send a notification to
@@ -1345,7 +1344,8 @@ On this page, you can see data that GitLab sends (request headers and body) and
 
 From this page, you can repeat delivery with the same data by clicking `Resend Request` button.
 
-> **Note:** If URL or secret token of the webhook were updated, data will be delivered to the new address.
+NOTE: **Note:**
+If URL or secret token of the webhook were updated, data will be delivered to the new address.
 
 ### Receiving duplicate or multiple webhook requests triggered by one event
 

doc/user/project/issues/confidential_issues.md

@@ -46,7 +46,8 @@ system note in the issue's comments.
 
 ## Indications of a confidential issue
 
->**Note:** If you don't have [enough permissions](#permissions-and-access-to-confidential-issues),
+NOTE: **Note:**
+If you don't have [enough permissions](#permissions-and-access-to-confidential-issues),
 you won't be able to see the confidential issues at all.
 
 There are a few things that visually separate a confidential issue from a

doc/user/project/issues/design_management.md

@@ -110,7 +110,7 @@ instead of directly on the issue description.
 To upload Design images, drag files from your computer and drop them in the Design Management section,
 or click **upload** to select images from your file browser:
 
-![Designs empty state](img/design_management_upload_v13.2.png)
+![Designs empty state](img/design_management_upload_v13.3.png)
 
 [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34353) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.9,
 you can drag and drop designs onto the dedicated drop zone to upload them.

doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md

@@ -132,7 +132,7 @@ specific commit page.
 
 ![MR diff](img/merge_request_diff.png)
 
->**Tip:**
+TIP: **Tip:**
 You can append `?w=1` while on the diffs page of a merge request to ignore any
 whitespace changes.
 
@@ -277,7 +277,7 @@ Merge Request again.
 Here are some tips that will help you be more efficient with merge requests in
 the command line.
 
-> **Note:**
+NOTE: **Note:**
 This section might move in its own document in the future.
 
 ### Checkout merge requests locally

doc/user/project/pages/getting_started_part_one.md

@@ -13,7 +13,7 @@ according to your intended website's URL.
 
 ## GitLab Pages default domain names
 
->**Note:**
+NOTE: **Note:**
 If you use your own GitLab instance to deploy your
 site with GitLab Pages, check with your sysadmin what's your
 Pages wildcard domain. This guide is valid for any GitLab instance,

doc/user/project/repository/web_editor.md

@@ -46,7 +46,7 @@ has already been created, which creates a link to the license itself.
 
 ![New file button](img/web_editor_template_dropdown_buttons.png)
 
->**Note:**
+NOTE: **Note:**
 The **Set up CI/CD** button will not appear on an empty repository. You have to at
 least add a file in order for the button to show up.
 

doc/user/project/service_desk.md

@@ -111,7 +111,7 @@ The **Thank you email** is the email sent to a user after they submit an issue.
 The file name of the template has to be `thank_you.md`.
 You can use `%{ISSUE_ID}` placeholder which will be replaced by an issue IID in the email and
 `%{ISSUE_PATH}` placeholder which will be replaced by project path and the issue IID.
-As the service desk issues are created as confidential (only project members can see them)
+As the Service Desk issues are created as confidential (only project members can see them)
 the response email does not provide the issue link.
 
 #### New note email

doc/user/project/settings/index.md

@@ -128,7 +128,7 @@ no longer actively maintained. Projects that have been archived can also be
 unarchived. Only project Owners and Admin users have the
 [permissions](../../permissions.md#project-members-permissions) to archive a project.
 
-When a project is archived, the repository, issues, merge requests, and all
+When a project is archived, the repository, packages, issues, merge requests, and all
 other features are read-only. Archived projects are also hidden
 in project listings.
 

doc/user/upgrade_email_bypass.md

+# Updating to GitLab 13.2: Email confirmation issues
+
+In the [GitLab 13.0.1 security release](https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/),
+we described a security issue that allowed users to bypass the email verification process.
+In that notice, we strongly recommended that you upgrade all affected installations to the
+latest version as soon as possible.
+
+There is a chance that users on a self-managed instance may be unable to commit code and
+sign in. For more information, see the following resolved and closed
+[security issue](https://gitlab.com/gitlab-org/gitlab/-/issues/121664).
+
+This page can help you identify the users at risk, as well as potential issues of the update.
+
+## The risk: users get emails that require confirmation
+
+During the update process to GitLab 13.2, a background migration is run for accounts that meet the
+conditions for the security issue. Such users are marked as _unconfirmed_.
+
+An initial email is sent to _unconfirmed_ users to describe the issue. A second email is then
+sent within five minutes, with a link for users to re-confirm the subject email address.
+
+## Do the confirmation emails expire?
+
+The links in these re-confirmation emails expire after one day by default. Users who click an expired link will be asked to request a new re-confirmation email. Any user can request a new re-confirmation email from `http://gitlab.example.com/users/confirmation/new`.
+
+## Generate a list of affected users
+
+You can generate this list before and after the upgrade using different methods.
+
+### Before an upgrade to GitLab 13.2
+
+Use the following code to search for users who:
+
+- Are currently confirmed.
+- Include identical `confirmed_at` times.
+- Also have a secondary email address.
+
+```ruby
+emails_and_users_that_will_be_unconfirmed = Email.joins(:user).merge(User.active).where('emails.confirmed_at IS NOT NULL').where('emails.confirmed_at = users.confirmed_at').where('emails.email <> users.email')
+```
+
+### After an upgrade to GitLab 13.2
+
+Use the following code to search for users who:
+
+- Are currently **not** confirmed.
+- Are also pending confirmation on or after the date of upgrade.
+
+```ruby
+users_apparently_pending_reconfirmation = User.where(confirmed_at: nil).where('confirmation_sent_at >= ?', date_of_upgrade_to_13_2)
+```
+
+## What does it look like when a user is blocked?
+
+A regular user might receive a message that says "You have to confirm your email address before continuing". This message could includes a 404 or 422 error code, when the user tries to sign in.
+
+NOTE: **Note:**
+We hope to improve the [sign-in experience for an unverified user](https://gitlab.com/gitlab-org/gitlab/-/issues/29279) in a future release.
+
+When an affected user commits code to a Git repository, that user may see the following message:
+
+```shell
+Your account has been blocked. Fatal: Could not read from remote repository
+```
+
+You can assure your users that they have not been [Blocked](admin_area/blocking_unblocking_users.md) by an administrator.
+When affected users see this message, they must confirm their email address before they can commit code.
+
+## What do I need to know as an administrator of a GitLab Self-Managed Instance?
+
+You have the following options to help your users:
+
+- They can confirm their address through the email that they received.
+- They can confirm the subject email address themselves by navigating to `https://gitlab.example.com/users/confirmation/new`.
+
+As an administrator, you may also confirm a user in the [Admin Area](admin_area/#administering-users).
+
+## What do I do if I am an administrator and I am locked out?
+
+If you are an administrator and cannot otherwise verify your email address, sign in to your GitLab
+instance with a [Rails console session](../administration/troubleshooting/navigating_gitlab_via_rails_console.md#starting-a-rails-console-session).
+Once connected, run the following commands to confirm your administrator account:
+
+```ruby
+admin = User.find_by_username "root" #replace with your admin username
+admin.confirmed_at = Time.zone.now
+admin.save!
+```
+
+## What about LDAP users?
+
+LDAP users should NOT be affected.

lib/api/release/links.rb

@@ -40,7 +40,7 @@ module API
               requires :name, type: String, desc: 'The name of the link'
               requires :url, type: String, desc: 'The URL of the link'
               optional :filepath, type: String, desc: 'The filepath of the link'
-              optional :link_type, type: String, desc: 'The link type'
+              optional :link_type, type: String, desc: 'The link type, one of: "runbook", "image", "package" or "other"'
             end
             post 'links' do
               authorize! :create_release, release

lib/api/releases.rb

@@ -50,8 +50,10 @@ module API
         optional :ref,         type: String, desc: 'The commit sha or branch name'
         optional :assets, type: Hash do
           optional :links, type: Array do
-            requires :name, type: String
-            requires :url, type: String
+            requires :name, type: String, desc: 'The name of the link'
+            requires :url, type: String, desc: 'The URL of the link'
+            optional :filepath, type: String, desc: 'The filepath of the link'
+            optional :link_type, type: String, desc: 'The link type, one of: "runbook", "image", "package" or "other"'
           end
         end
         optional :milestones, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The titles of the related milestones', default: []

locale/gitlab.pot

@@ -19557,6 +19557,9 @@ msgstr ""
 msgid "Related Merged Requests"
 msgstr ""
 
+msgid "Related issues"
+msgstr ""
+
 msgid "Related merge requests"
 msgstr ""
 
@@ -26443,6 +26446,9 @@ msgstr ""
 msgid "VulnerabilityManagement|Confirmed %{timeago} by %{user}"
 msgstr ""
 
+msgid "VulnerabilityManagement|Could not process %{issueReference}: %{errorMessage}."
+msgstr ""
+
 msgid "VulnerabilityManagement|Detected %{timeago} in pipeline %{pipelineLink}"
 msgstr ""
 
@@ -26470,6 +26476,9 @@ msgstr ""
 msgid "VulnerabilityManagement|Something went wrong while trying to save the comment. Please try again later."
 msgstr ""
 
+msgid "VulnerabilityManagement|Something went wrong while trying to unlink the issue. Please try again later."
+msgstr ""
+
 msgid "VulnerabilityManagement|Something went wrong, could not create an issue."
 msgstr ""
 
@@ -26485,6 +26494,9 @@ msgstr ""
 msgid "VulnerabilityManagement|Will not fix or a false-positive"
 msgstr ""
 
+msgid "VulnerabilityManagement|invalid issue link or ID"
+msgstr ""
+
 msgid "VulnerabilityStatusTypes|All"
 msgstr ""
 
@@ -28451,6 +28463,9 @@ msgstr ""
 msgid "mrWidget|Are you adding technical debt or code vulnerabilities?"
 msgstr ""
 
+msgid "mrWidget|Before this can be merged, one or more threads must be resolved."
+msgstr ""
+
 msgid "mrWidget|Cancel automatic merge"
 msgstr ""
 
@@ -28475,9 +28490,6 @@ msgstr ""
 msgid "mrWidget|Closes"
 msgstr ""
 
-msgid "mrWidget|Create an issue to resolve them later"
-msgstr ""
-
 msgid "mrWidget|Delete source branch"
 msgstr ""
 
@@ -28511,6 +28523,9 @@ msgstr ""
 msgid "mrWidget|In the merge train at position %{mergeTrainPosition}"
 msgstr ""
 
+msgid "mrWidget|Jump to first unresolved thread"
+msgstr ""
+
 msgid "mrWidget|Loading deployment statistics"
 msgstr ""
 
@@ -28574,6 +28589,9 @@ msgstr ""
 msgid "mrWidget|Request to merge"
 msgstr ""
 
+msgid "mrWidget|Resolve all threads in new issue"
+msgstr ""
+
 msgid "mrWidget|Resolve conflicts"
 msgstr ""
 
@@ -28625,9 +28643,6 @@ msgstr ""
 msgid "mrWidget|There are merge conflicts"
 msgstr ""
 
-msgid "mrWidget|There are unresolved threads. Please resolve these threads"
-msgstr ""
-
 msgid "mrWidget|This feature merges changes from the target branch to the source branch. You cannot use this feature since the source branch is protected."
 msgstr ""
 

qa/qa/page/project/operations/kubernetes/add_existing.rb

@@ -20,7 +20,7 @@ module QA
             end
 
             def set_api_url(api_url)
-              fill_in 'cluster_platform_kubernetes_attributes_api_url', with: api_url
+              fill_in 'cluster_platform_kubernetes_attributes_api_url', with: QA::Runtime::Env.cluster_api_url || api_url
             end
 
             def set_ca_certificate(ca_certificate)

qa/qa/runtime/env.rb

@@ -107,6 +107,10 @@ module QA
         ENV['CI'] || ENV['CI_SERVER']
       end
 
+      def cluster_api_url
+        ENV['CLUSTER_API_URL']
+      end
+
       def qa_cookies
         ENV['QA_COOKIES'] && ENV['QA_COOKIES'].split(';')
       end

qa/qa/service/cluster_provider/k3s.rb

@@ -10,6 +10,7 @@ module QA
 
         def setup
           @k3s = Service::DockerRun::K3s.new.tap do |k3s|
+            k3s.remove!
             k3s.register!
 
             shell "kubectl config set-cluster k3s --server https://#{k3s.host_name}:6443 --insecure-skip-tls-verify"

qa/qa/service/docker_run/k3s.rb

@@ -33,7 +33,9 @@ module QA
             --name #{@name}
             --publish 6443:6443
             --privileged
-            #{@image} server --cluster-secret some-secret
+            #{@image} server
+            --cluster-secret some-secret
+            --no-deploy traefik
           CMD
 
           command.gsub!("--network #{network} ", '') unless QA::Runtime::Env.running_in_ci?

qa/qa/specs/features/browser_ui/8_monitor/all_monitor_core_features_spec.rb

@@ -2,9 +2,9 @@
 
 module QA
   RSpec.describe 'Monitor' do
-    describe 'with Prometheus in a Gitlab-managed cluster', :orchestrated, :kubernetes do
+    describe 'with Prometheus in a Gitlab-managed cluster', :orchestrated, :kubernetes, :requires_admin do
       before :all do
-        @cluster = Service::KubernetesCluster.new.create!
+        @cluster = Service::KubernetesCluster.new(provider_class: Service::ClusterProvider::K3s).create!
         @project = Resource::Project.fabricate_via_api! do |project|
           project.name = 'monitoring-project'
           project.auto_devops_enabled = true

rubocop/cop/put_group_routes_under_scope.rb

 # frozen_string_literal: true
 
+require_relative '../routes_under_scope'
+
 module RuboCop
   module Cop
     # Checks for a group routes outside '/-/' scope.
     # For more information see: https://gitlab.com/gitlab-org/gitlab/issues/29572
     class PutGroupRoutesUnderScope < RuboCop::Cop::Cop
+      include RoutesUnderScope
+
       MSG = 'Put new group routes under /-/ scope'
 
       def_node_matcher :dash_scope?, <<~PATTERN
         (:send nil? :scope (hash <(pair (sym :path)(str "groups/*group_id/-")) ...>))
       PATTERN
-
-      def on_send(node)
-        return unless in_group_routes?(node)
-        return unless resource?(node)
-        return unless outside_scope?(node)
-
-        add_offense(node)
-      end
-
-      def outside_scope?(node)
-        node.each_ancestor(:block).none? do |parent|
-          dash_scope?(parent.to_a.first)
-        end
-      end
-
-      def in_group_routes?(node)
-        path = node.location.expression.source_buffer.name
-        dirname = File.dirname(path)
-        filename = File.basename(path)
-
-        dirname.end_with?('config/routes') &&
-          filename.end_with?('group.rb')
-      end
-
-      def resource?(node)
-        node.method_name == :resource ||
-          node.method_name == :resources
-      end
     end
   end
 end