Merge branch 'master' into vue-mr-widget-state

* master: Split the setup-test-env job in two Remove the wait time for the login form check Fix protected branches API to accept name parameter with dot Update outdated docs for CI/CD quick start _never_ unset gitlab.full_path Backport to match EE icons Add horizontal scroll to wiki tables Update best_practices.md Remove duplicate list item in "General Guidelines" Section. Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController Move rugged-call from Project#write_repository_config to Git::Repository#write_config doc: Spelling fixes Update Auto DevOps template Disable scss-lint around text-decoration-skip Add text-decoration-skip: ink to all underlined elements Fix Shows signin tab after new user email confirmation Fixes mistake in change log doc.

Merge branch 'master' into vue-mr-widget-state
* master: Split the setup-test-env job in two Remove the wait time for the login form check Fix protected branches API to accept name parameter with dot Update outdated docs for CI/CD quick start _never_ unset gitlab.full_path Backport to match EE icons Add horizontal scroll to wiki tables Update best_practices.md Remove duplicate list item in "General Guidelines" Section. Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController Move rugged-call from Project#write_repository_config to Git::Repository#write_config doc: Spelling fixes Update Auto DevOps template Disable scss-lint around text-decoration-skip Add text-decoration-skip: ink to all underlined elements Fix Shows signin tab after new user email confirmation Fixes mistake in change log doc.
5de85992 · Filipa Lacerda · de6c27f6 · 68cc9ea2 · 5de85992 · 5de85992
71 changed file
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -290,7 +290,7 @@ flaky-examples-check:
    - scripts/merge-reports ${NEW_FLAKY_SPECS_REPORT} rspec_flaky/new_*_*.json
    - scripts/detect-new-flaky-examples $NEW_FLAKY_SPECS_REPORT

-setup-test-env:
+compile-assets:
  <<: *dedicated-runner
  <<: *except-docs
  <<: *use-pg
@@ -301,13 +301,25 @@ setup-test-env:
    - node --version
    - yarn install --frozen-lockfile --cache-folder .yarn-cache
    - bundle exec rake gitlab:assets:compile
-    - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init'
-    - scripts/gitaly-test-build # Do not use 'bundle exec' here
  artifacts:
    expire_in: 7d
    paths:
      - node_modules
      - public/assets
+
+setup-test-env:
+  <<: *dedicated-runner
+  <<: *except-docs
+  <<: *use-pg
+  stage: prepare
+  cache:
+    <<: *default-cache
+  script:
+    - bundle exec ruby -Ispec -e 'require "spec_helper" ; TestEnv.init'
+    - scripts/gitaly-test-build # Do not use 'bundle exec' here
+  artifacts:
+    expire_in: 7d
+    paths:
      - tmp/tests

 rspec-pg 0 26: *rspec-metadata-pg
@@ -664,6 +676,7 @@ lint:javascript:report:
  <<: *pull-cache
  stage: post-test
  dependencies:
+    - compile-assets
    - setup-test-env
  before_script: []
  script:

--- a/app/assets/javascripts/pages/sessions/new/signin_tabs_memoizer.js
+++ b/app/assets/javascripts/pages/sessions/new/signin_tabs_memoizer.js
-/* eslint no-param-reassign: ["error", { "props": false }]*/
-/* eslint no-new: "off" */
 import AccessorUtilities from '~/lib/utils/accessor';

 /**
@@ -11,6 +9,10 @@ export default class SigninTabsMemoizer {
    this.currentTabKey = currentTabKey;
    this.tabSelector = tabSelector;
    this.isLocalStorageAvailable = AccessorUtilities.isLocalStorageAccessSafe();
+    // sets selected tab if given as hash tag
+    if (window.location.hash) {
+      this.saveData(window.location.hash);
+    }

    this.bootstrap();
  }

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_closed.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_closed.js
@@ -12,7 +12,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" />
+      <status-icon status="warning" />
      <div class="media-body">
        <mr-widget-author-and-time
          actionText="Closed by"

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_conflicts.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_conflicts.js
@@ -11,7 +11,7 @@ export default {
  template: `
    <div class="mr-widget-body media">
      <status-icon
-        status="failed"
+        status="warning"
        :show-disabled-button="true" />
      <div class="media-body space-children">
        <span

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_failed_to_merge.js
@@ -51,7 +51,7 @@ export default {
        </span>
      </template>
      <template v-else>
-        <status-icon status="failed" :show-disabled-button="true" />
+        <status-icon status="warning" :show-disabled-button="true" />
        <div class="media-body space-children">
          <span class="bold">
            <span

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_missing_branch.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_missing_branch.js
@@ -24,7 +24,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="true" />
+      <status-icon status="warning" :show-disabled-button="true" />
      <div class="media-body space-children">
        <span class="bold js-branch-text">
          <span class="capitalize">

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_pipeline_blocked.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_pipeline_blocked.js
@@ -7,7 +7,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="true" />
+      <status-icon status="warning" :show-disabled-button="true" />
      <div class="media-body space-children">
        <span class="bold">
          Pipeline blocked. The pipeline for this merge request requires a manual action to proceed

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_pipeline_failed.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_pipeline_failed.js
@@ -7,7 +7,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="true" />
+      <status-icon status="warning" :show-disabled-button="true" />
      <div class="media-body space-children">
        <span class="bold">
          The pipeline for this merge request failed. Please retry the job or push a new commit to fix the failure

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js
@@ -69,7 +69,7 @@ export default {
    },
    iconClass() {
      if (this.status === 'failed' || !this.commitMessage.length || !this.mr.isMergeAllowed || this.mr.preventMerge) {
-        return 'failed';
+        return 'warning';
      }
      return 'success';
    },

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_sha_mismatch.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_sha_mismatch.js
@@ -7,7 +7,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="true" />
+      <status-icon status="warning" :show-disabled-button="true" />
      <div class="media-body space-children">
        <span class="bold">
          The source branch HEAD has recently changed. Please reload the page and review the changes before merging

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_unresolved_discussions.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_unresolved_discussions.js
@@ -10,7 +10,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="true" />
+      <status-icon status="warning" :show-disabled-button="true" />
      <div class="media-body space-children">
        <span class="bold">
          There are unresolved discussions. Please resolve these discussions

--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_wip.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_wip.js
@@ -37,7 +37,7 @@ export default {
  },
  template: `
    <div class="mr-widget-body media">
-      <status-icon status="failed" :show-disabled-button="Boolean(mr.removeWIPPath)" />
+      <status-icon status="warning" :show-disabled-button="Boolean(mr.removeWIPPath)" />
      <div class="media-body space-children">
        <span class="bold">
          This is a Work in Progress

--- a/app/assets/stylesheets/framework/layout.scss
+++ b/app/assets/stylesheets/framework/layout.scss
 html {
  overflow-y: scroll;

-  &.touch .tooltip { display: none !important; }
+  &.touch .tooltip {
+    display: none !important;
+  }
 }

 body {
+  // Improves readability for dyslexic users; supported only in Chrome/Safari so far
+  // scss-lint:disable PropertySpelling
+  text-decoration-skip: ink;
+  // scss-lint:enable PropertySpelling
  &.navless {
    background-color: $white-light !important;
  }

--- a/app/assets/stylesheets/framework/mixins.scss
+++ b/app/assets/stylesheets/framework/mixins.scss
@@ -17,6 +17,8 @@
 */
 @mixin markdown-table {
  width: auto;
+  display: block;
+  overflow-x: auto;
 }

 /*

--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -17,7 +17,7 @@ class ConfirmationsController < Devise::ConfirmationsController
    else
      Gitlab::AppLogger.info("Email Confirmed: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip}")
      flash[:notice] += " Please sign in."
-      new_session_path(:user)
+      new_session_path(:user, anchor: 'login-pane')
    end
  end


--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -201,6 +201,7 @@ module ApplicationSettingsHelper
      :metrics_sample_interval,
      :metrics_timeout,
      :password_authentication_enabled_for_web,
+      :password_authentication_enabled_for_git,
      :performance_bar_allowed_group_id,
      :performance_bar_enabled,
      :plantuml_enabled,

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1438,7 +1438,7 @@ class Project < ActiveRecord::Base
    # We'd need to keep track of project full path otherwise directory tree
    # created with hashed storage enabled cannot be usefully imported using
    # the import rake task.
-    repository.rugged.config['gitlab.fullpath'] = gl_full_path
+    repository.raw_repository.write_config(full_path: gl_full_path)
  rescue Gitlab::Git::Repository::NoRepository => e
    Rails.logger.error("Error writing to .git/config for project #{full_path} (#{id}): #{e.message}.")
    nil

--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -8,7 +8,7 @@
      .login-body
        = render 'devise/sessions/new_ldap', server: server
  - if password_authentication_enabled_for_web?
-    .login-box.tab-pane{ id: 'ldap-standard', role: 'tabpanel' }
+    .login-box.tab-pane{ id: 'login-pane', role: 'tabpanel' }
      .login-body
        = render 'devise/sessions/new_base'


--- a/app/views/devise/shared/_tabs_ldap.html.haml
+++ b/app/views/devise/shared/_tabs_ldap.html.haml
@@ -7,7 +7,7 @@
      = link_to server['label'], "##{server['provider_name']}",  'data-toggle' => 'tab'
  - if password_authentication_enabled_for_web?
    %li
-      = link_to 'Standard', '#ldap-standard', 'data-toggle' => 'tab'
+      = link_to 'Standard', '#login-pane', 'data-toggle' => 'tab'
  - if allow_signup?
    %li
      = link_to 'Register', '#register-pane', 'data-toggle' => 'tab'
--- a/changelogs/unreleased/41206-show-signin-pane-after-email-confirmation.yml
+++ b/changelogs/unreleased/41206-show-signin-pane-after-email-confirmation.yml
+---
+title: Shows signin tab after new user email confirmation
+merge_request: 16174
+author: Jacopo Beschi @jacopo-beschi
+type: fixed
--- a/changelogs/unreleased/41814-text-decoration-skip.yml
+++ b/changelogs/unreleased/41814-text-decoration-skip.yml
+---
+title: Improve readability of underlined links for dyslexic users
+merge_request:
+author:
+type: other
--- a/changelogs/unreleased/42206-permit-password-for-git-param.yml
+++ b/changelogs/unreleased/42206-permit-password-for-git-param.yml
+---
+title: Permits 'password_authentication_enabled_for_git' parameter for ApplicationSettingsController
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/42231-protected-branches-api-route-returns-404-for-branches-with-dots.yml
+++ b/changelogs/unreleased/42231-protected-branches-api-route-returns-404-for-branches-with-dots.yml
+---
+title: Fix protected branches API to accept name parameter with dot
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/fix-add-horizontal-scroll-to-wiki-tables.yml
+++ b/changelogs/unreleased/fix-add-horizontal-scroll-to-wiki-tables.yml
+---
+title: Add horizontal scroll to wiki tables
+merge_request: 16527
+author: George Tsiolis
+type: fixed
--- a/doc/administration/auth/okta.md
+++ b/doc/administration/auth/okta.md
@@ -144,7 +144,7 @@ Now that the Okta app is configured, it's time to enable it in GitLab.
 1. [Reconfigure][reconf] or [restart] GitLab for Omnibus and installations
   from source respectively for the changes to take effect.

-You might want to try this out on a incognito browser window.
+You might want to try this out on an incognito browser window.

 ## Configuring groups


--- a/doc/administration/container_registry.md
+++ b/doc/administration/container_registry.md
@@ -483,7 +483,7 @@ You can use GitLab as an auth endpoint and use a non-bundled Container Registry.
 1. A certificate keypair is required for GitLab and the Container Registry to
   communicate securely.  By default omnibus-gitlab will generate one keypair,
   which is saved to `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key`.
-   When using an non-bundled Container Registry, you will need to supply a
+   When using a non-bundled Container Registry, you will need to supply a
   custom certificate key. To do that, add the following to
   `/etc/gitlab/gitlab.rb`


--- a/doc/administration/high_availability/redis.md
+++ b/doc/administration/high_availability/redis.md
@@ -154,7 +154,7 @@ who will take all the decisions to restore the service availability by:
 - Reconfigure the old **Master** and demote to **Slave** when it comes back online

 You must have at least `3` Redis Sentinel servers, and they need to
-be each in a independent machine (that are believed to fail independently),
+be each in an independent machine (that are believed to fail independently),
 ideally in different geographical areas.

 You can configure them in the same machines where you've configured the other

--- a/doc/api/award_emoji.md
+++ b/doc/api/award_emoji.md
@@ -172,7 +172,7 @@ Parameters:
 | ---------   | ----    | -------- | -----------                 |
 | `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
 | `issue_iid` | integer | yes      | The internal ID of an issue |
-| `award_id`  | integer | yes      | The ID of a award_emoji     |
+| `award_id`  | integer | yes      | The ID of an award_emoji    |

 ```bash
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/1/issues/80/award_emoji/344
@@ -197,7 +197,7 @@ Parameters:
 | ---------   | ----    | -------- | -----------                 |
 | `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
 | `issue_iid` | integer | yes      | The internal ID of an issue |
-| `note_id`   | integer | yes      | The ID of an note           |
+| `note_id`   | integer | yes      | The ID of a note            |


 ```bash
@@ -323,7 +323,7 @@ Parameters:
 | `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
 | `issue_iid` | integer | yes      | The internal ID of an issue |
 | `note_id`   | integer | yes      | The ID of a note            |
-| `award_id`  | integer | yes      | The ID of a award_emoji     |
+| `award_id`  | integer | yes      | The ID of an award_emoji    |

 ```bash
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/1/issues/80/award_emoji/345

--- a/doc/api/group_milestones.md
+++ b/doc/api/group_milestones.md
@@ -73,7 +73,7 @@ POST /groups/:id/milestones
 Parameters:

 - `id` (required) - The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user
- `title` (required) - The title of an milestone
+- `title` (required) - The title of a milestone
 - `description` (optional) - The description of the milestone
 - `due_date` (optional) - The due date of the milestone
 - `start_date` (optional) - The start date of the milestone

--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -591,7 +591,7 @@ PUT /projects/:id/merge_requests/:merge_request_iid
 | `title`                | string  | no       | Title of MR                                                                     |
 | `assignee_id`          | integer | no       | The ID of the user to assign the merge request to. Set to `0` or provide an empty value to unassign all assignees.  |
 | `milestone_id`         | integer | no       | The ID of a milestone to assign the merge request to. Set to `0` or provide an empty value to unassign a milestone.|
-| `labels`               | string  | no       | Comma-separated label names for an merge request. Set to an empty string to unassign all labels.                   |
+| `labels`               | string  | no       | Comma-separated label names for a merge request. Set to an empty string to unassign all labels.                    |
 | `description`          | string  | no       | Description of MR                                                               |
 | `state_event`          | string  | no       | New state (close/reopen)                                                        |
 | `remove_source_branch` | boolean | no       | Flag indicating if a merge request should remove the source branch when merging |

--- a/doc/api/milestones.md
+++ b/doc/api/milestones.md
@@ -70,7 +70,7 @@ POST /projects/:id/milestones
 Parameters:

 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
- `title` (required) - The title of an milestone
+- `title` (required) - The title of a milestone
 - `description` (optional) - The description of the milestone
 - `due_date` (optional) - The due date of the milestone
 - `start_date` (optional) - The start date of the milestone

--- a/doc/api/notes.md
+++ b/doc/api/notes.md
@@ -158,7 +158,7 @@ Parameters:

 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
 - `snippet_id` (required) - The ID of a project snippet
- `note_id` (required) - The ID of an snippet note
+- `note_id` (required) - The ID of a snippet note

 ```json
 {

--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -982,7 +982,7 @@ Example response:
 ## Unarchive a project

 Unarchives the project if the user is either admin or the project owner of this project. This action is
-idempotent, thus unarchiving an non-archived project will not change the project.
+idempotent, thus unarchiving a non-archived project will not change the project.

 ```
 POST /projects/:id/unarchive

--- a/doc/ci/environments.md
+++ b/doc/ci/environments.md
@@ -455,7 +455,7 @@ Mappings are defined as entries in the root YAML array, and are identified by a
      - Literal periods (`.`) should be escaped as `\.`.
 - `public`
    - a string, starting and ending with `'`.
-      - Can include `\N` expressions to refer to capture groups in the `source` regular expression in order of their occurence, starting with `\1`.
+      - Can include `\N` expressions to refer to capture groups in the `source` regular expression in order of their occurrence, starting with `\1`.

 The public path for a source path is determined by finding the first `source` expression that matches it, and returning the corresponding `public` path, replacing the `\N` expressions with the values of the `()` capture groups if appropriate.


--- a/doc/ci/examples/php.md
+++ b/doc/ci/examples/php.md
@@ -167,7 +167,7 @@ Finally, push to GitLab and let the tests begin!
 ### Test against different PHP versions in Shell builds

 The [phpenv][] project allows you to easily manage different versions of PHP
-each with its own config. This is specially usefull when testing PHP projects
+each with its own config. This is especially useful when testing PHP projects
 with the Shell executor.

 You will have to install it on your build machine under the `gitlab-runner`
@@ -227,7 +227,7 @@ following in your `.gitlab-ci.yml`:
 ...

 # Composer stores all downloaded packages in the vendor/ directory.
-# Do not use the following if the vendor/ directory is commited to
+# Do not use the following if the vendor/ directory is committed to
 # your git repository.
 cache:
  paths:

--- a/doc/ci/examples/test-and-deploy-python-application-to-heroku.md
+++ b/doc/ci/examples/test-and-deploy-python-application-to-heroku.md
@@ -42,7 +42,7 @@ production:
 This project has three jobs:
 1. `test` - used to test Django application,
 2. `staging` - used to automatically deploy staging environment every push to `master` branch
-3. `production` - used to automatically deploy production environmnet for every created tag
+3. `production` - used to automatically deploy production environment for every created tag

 ## Store API keys


--- a/doc/ci/quick_start/README.md
+++ b/doc/ci/quick_start/README.md
@@ -135,9 +135,9 @@ Clicking on it you will be directed to the jobs page for that specific commit.

 ![Single commit jobs page](img/single_commit_status_pending.png)

-Notice that there are two jobs pending which are named after what we wrote in
-`.gitlab-ci.yml`. The red triangle indicates that there is no Runner configured
-yet for these jobs.
+Notice that there is a pending job which is named after what we wrote in
+`.gitlab-ci.yml`. "stuck" indicates that there is no Runner configured
+yet for this job.

 The next step is to configure a Runner so that it picks the pending jobs.


--- a/doc/ci/ssh_keys/README.md
+++ b/doc/ci/ssh_keys/README.md
@@ -194,7 +194,7 @@ before_script:

  ##
  ## You can optionally disable host key checking. Be aware that by adding that
-  ## you are suspectible to man-in-the-middle attacks.
+  ## you are susceptible to man-in-the-middle attacks.
  ## WARNING: Use this only with the Docker executor, if you use it with shell
  ## you will overwrite your user's SSH config.
  ##

--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -87,7 +87,7 @@ future GitLab releases.**

 ## 9.0 Renaming

-To follow conventions of naming across GitLab, and to futher move away from the
+To follow conventions of naming across GitLab, and to further move away from the
 `build` term and toward `job` CI variables have been renamed for the 9.0
 release.


--- a/doc/development/automatic_ce_ee_merge.md
+++ b/doc/development/automatic_ce_ee_merge.md
@@ -61,7 +61,7 @@ against EE.
 1. Tries to apply it to current EE `master`
 1. If it applies cleanly, the job succeeds

-In the case where the job fails, it means you should create a `ee-<ce_branch>`
+In the case where the job fails, it means you should create an `ee-<ce_branch>`
 or `<ce_branch>-ee` branch, push it to EE and open a merge request against EE
 `master`.
 At this point if you retry the failing job in your CE merge request, it should

--- a/doc/development/background_migrations.md
+++ b/doc/development/background_migrations.md
@@ -123,7 +123,7 @@ roughly be as follows:
     scheduling jobs for newly created data.
  1. In a post-deployment migration you'll need to ensure no jobs remain. To do
     so you can use `Gitlab::BackgroundMigration.steal` to process any remaining
-     jobs before continueing.
+     jobs before continuing.
  1. Remove the old column.

 ## Example

--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@@ -12,9 +12,9 @@ following format:

 ```yaml
 ---
-title: "Going through change[log]s"
+title: "Change[log]s"
 merge_request: 1972
-author: Ozzy Osbourne
+author: Black Sabbath
 type: added
 ```


--- a/doc/development/doc_styleguide.md
+++ b/doc/development/doc_styleguide.md
@@ -420,7 +420,7 @@ the style below as a guide:
 In this case:

 - before each step list the installation method is declared in bold
- three dashes (`---`) are used to create an horizontal line and separate the
+- three dashes (`---`) are used to create a horizontal line and separate the
  two methods
 - the code blocks are indented one or more spaces under the list item to render
  correctly

--- a/doc/development/fe_guide/axios.md
+++ b/doc/development/fe_guide/axios.md
@@ -56,7 +56,7 @@ To help us mock the responses we need we use [axios-mock-adapter][axios-mock-ada

 ### Mock poll requests on tests with axios

-Because polling function requires an header object, we need to always include an object as the third argument:
+Because polling function requires a header object, we need to always include an object as the third argument:

 ```javascript
  mock.onGet('/users').reply(200, { foo: 'bar' }, {});

--- a/doc/development/fe_guide/vue.md
+++ b/doc/development/fe_guide/vue.md
@@ -456,7 +456,7 @@ describe('Todos App', () => {
 });
 ```
 #### `mountComponent` helper
-There is an helper in `spec/javascripts/helpers/vue_mount_component_helper.js` that allows you to mount a component with the given props:
+There is a helper in `spec/javascripts/helpers/vue_mount_component_helper.js` that allows you to mount a component with the given props:

 ```javascript
 import Vue from 'vue';

--- a/doc/development/migration_style_guide.md
+++ b/doc/development/migration_style_guide.md
@@ -4,7 +4,7 @@ When writing migrations for GitLab, you have to take into account that
 these will be ran by hundreds of thousands of organizations of all sizes, some with
 many years of data in their database.

-In addition, having to take a server offline for a a upgrade small or big is a
+In addition, having to take a server offline for an upgrade small or big is a
 big burden for most organizations. For this reason it is important that your
 migrations are written carefully, can be applied online and adhere to the style
 guide below.

--- a/doc/development/rake_tasks.md
+++ b/doc/development/rake_tasks.md
@@ -8,7 +8,7 @@ Note that if your db user does not have advanced privileges you must create the
 bundle exec rake setup
 ```

-The `setup` task is a alias for `gitlab:setup`.
+The `setup` task is an alias for `gitlab:setup`.
 This tasks calls `db:reset` to create the database, calls `add_limits_mysql` that adds limits to the database schema in case of a MySQL database and finally it calls `db:seed_fu` to seed the database.
 Note: `db:setup` calls `db:seed` but this does nothing.


--- a/doc/development/testing_guide/best_practices.md
+++ b/doc/development/testing_guide/best_practices.md
@@ -26,7 +26,6 @@ Here are some things to keep in mind regarding test performance:
 - Use `.method` to describe class methods and `#method` to describe instance
  methods.
 - Use `context` to test branching logic.
- Don't assert against the absolute value of a sequence-generated attribute (see [Gotchas](../gotchas.md#dont-assert-against-the-absolute-value-of-a-sequence-generated-attribute)).
 - Try to match the ordering of tests to the ordering within the class.
 - Try to follow the [Four-Phase Test][four-phase-test] pattern, using newlines
  to separate phases.

--- a/doc/development/ux_guide/animation.md
+++ b/doc/development/ux_guide/animation.md
@@ -27,7 +27,7 @@ View the [interactive example](http://codepen.io/awhildy/full/GNyEvM/) here.

 ### Dropdowns

-The dropdown menu should feel like it is appearing from the triggering element. Combining a position shift `400ms cubic-bezier(0.23, 1, 0.32, 1)` with a opacity animation `200ms linear` on the second half of the motion achieves this affect.
+The dropdown menu should feel like it is appearing from the triggering element. Combining a position shift `400ms cubic-bezier(0.23, 1, 0.32, 1)` with an opacity animation `200ms linear` on the second half of the motion achieves this affect.

 View the [interactive example](http://codepen.io/awhildy/full/jVLJpb/) here.


--- a/doc/development/ux_guide/components.md
+++ b/doc/development/ux_guide/components.md
@@ -108,7 +108,7 @@ Primary buttons communicate the main call to action. There should only be one ca
 ![Primary button example](img/button-primary.png)

 #### Secondary
-Secondary buttons are for alternative commands. They should be conveyed by a button with an stroke, and no background fill.
+Secondary buttons are for alternative commands. They should be conveyed by a button with a stroke, and no background fill.

 ![Secondary button example](img/button-secondary.png)

@@ -181,7 +181,7 @@ A count element is used in navigation contexts where it is helpful to indicate t

 ## Lists

-Lists are used where ever there is a single column of information to display. Ths [issues list](https://gitlab.com/gitlab-org/gitlab-ce/issues) is an example of a important list in the GitLab UI.
+Lists are used where ever there is a single column of information to display. Ths [issues list](https://gitlab.com/gitlab-org/gitlab-ce/issues) is an example of an important list in the GitLab UI.

 ### Types

@@ -269,7 +269,7 @@ Modals are only used for having a conversation and confirmation with the user. T
 * Modals contain the header, body, and actions.
  * **Header(1):** The header title is a question instead of a descriptive phrase.
  * **Body(2):** The content in body should never be ambiguous and unclear. It provides specific information.
-  * **Actions(3):** Contains a affirmative action, a dismissive action, and an extra action. The order of actions from left to right: Dismissive action → Extra action → Affirmative action
+  * **Actions(3):** Contains an affirmative action, a dismissive action, and an extra action. The order of actions from left to right: Dismissive action → Extra action → Affirmative action
 * Confirmations regarding labels should keep labeling styling.
 * References to commits, branches, and tags should be **monospaced**.


--- a/doc/development/ux_guide/copy.md
+++ b/doc/development/ux_guide/copy.md
@@ -27,7 +27,7 @@ This means that, as a rule, copy should be very short. A long message or label i

 >**Example:**
 Use `Add` instead of `Add issue` as a button label.
-Preferrably use context and placement of controls to make it obvious what clicking on them will do.
+Preferably use context and placement of controls to make it obvious what clicking on them will do.

 ---


--- a/doc/install/azure/index.md
+++ b/doc/install/azure/index.md
@@ -178,7 +178,7 @@ address. Read [IP address types and allocation methods in Azure][Azure-IP-Addres

 At this stage you should have a running and fully operational VM. However, none of the services on 
 your VM (e.g. GitLab) will be publicly accessible via the internet until you have opened up the 
-neccessary ports to enable access to those services.
+necessary ports to enable access to those services.

 Ports are opened by adding _security rules_ to the **"Network security group"** (NSG) which our VM 
 has been assigned to. If you followed the process above, then Azure will have automatically created 
@@ -436,4 +436,4 @@ Check out our other [Technical Articles][GitLab-Technical-Articles] or browse th

 [SSH]: https://en.wikipedia.org/wiki/Secure_Shell
 [PuTTY]: http://www.putty.org/
-[Using-SSH-In-Putty]: https://mediatemple.net/community/products/dv/204404604/using-ssh-in-putty-
\ No newline at end of file
+[Using-SSH-In-Putty]: https://mediatemple.net/community/products/dv/204404604/using-ssh-in-putty-
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -431,7 +431,7 @@ GitLab Shell is an SSH access and repository management software developed speci
 **Note:** GitLab Shell application startup time can be greatly reduced by disabling RubyGems. This can be done in several manners:

 * Export `RUBYOPT=--disable-gems` environment variable for the processes
-* Compile Ruby with `configure --disable-rubygems` to disable RubyGems by default. Not recommened for system-wide Ruby.
+* Compile Ruby with `configure --disable-rubygems` to disable RubyGems by default. Not recommended for system-wide Ruby.
 * Omnibus GitLab [replaces the *shebang* line of the `gitlab-shell/bin/*` scripts](https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1707)

 ### Install gitlab-workhorse
@@ -442,7 +442,7 @@ which is the recommended location.

    sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production

-You can specify a different Git repository by providing it as an extra paramter:
+You can specify a different Git repository by providing it as an extra parameter:

    sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse,https://example.com/gitlab-workhorse.git]" RAILS_ENV=production

@@ -486,7 +486,7 @@ Make GitLab start on boot:
    # Fetch Gitaly source with Git and compile with Go
    sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly]" RAILS_ENV=production

-You can specify a different Git repository by providing it as an extra paramter:
+You can specify a different Git repository by providing it as an extra parameter:

    sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,https://example.com/gitaly.git]" RAILS_ENV=production

@@ -656,7 +656,7 @@ Checkout the [GitLab Runner section](https://about.gitlab.com/gitlab-ci/#gitlab-

 ### Adding your Trusted Proxies

-If you are using a reverse proxy on an separate machine, you may want to add the
+If you are using a reverse proxy on a separate machine, you may want to add the
 proxy to the trusted proxies list. Otherwise users will appear signed in from the
 proxy's IP address.


--- a/doc/topics/git/how_to_install_git/index.md
+++ b/doc/topics/git/how_to_install_git/index.md
@@ -14,7 +14,7 @@ This article will show you how to install Git on macOS, Ubuntu Linux and Windows
 Although it is easy to use the version of Git shipped with macOS
 or install the latest version of Git on macOS by downloading it from the project website,
 we recommend installing it via Homebrew to get access to
-an extensive selection of dependancy managed libraries and applications.
+an extensive selection of dependency managed libraries and applications.

 If you are sure you don't need access to any additional development libraries
 or don't have approximately 15gb of available disk space for Xcode and Homebrew

--- a/doc/university/glossary/README.md
+++ b/doc/university/glossary/README.md
@@ -229,7 +229,7 @@ Our free on Premise solution with >100,000 users

 ### GitLab CI

-Our own Continuos Integration [feature](https://about.gitlab.com/gitlab-ci/) that is shipped with each instance
+Our own Continuous Integration [feature](https://about.gitlab.com/gitlab-ci/) that is shipped with each instance

 ### GitLab EE


--- a/doc/university/high-availability/aws/README.md
+++ b/doc/university/high-availability/aws/README.md
@@ -147,7 +147,7 @@ change which will be helpful is the database name for which we can use
 ## ElastiCache

 EC is an in-memory hosted caching solution. Redis maintains its own
-persistance and is used for certain types of application.
+persistence and is used for certain types of application.

 Let's choose the ElastiCache service in the Database section from our
 AWS console. Now lets create a cache subnet group which will be very
@@ -311,7 +311,7 @@ Here is a tricky part though, when adding subnets we need to associate
 public subnets instead of the private ones where our instances will
 actually live.

-On the secruity group section let's create a new one named
+On the security group section let's create a new one named
 `gitlab-loadbalancer-sec-group` and allow both HTTP ad HTTPS traffic
 from anywhere.


--- a/doc/user/profile/account/two_factor_authentication.md
+++ b/doc/user/profile/account/two_factor_authentication.md
@@ -212,7 +212,7 @@ Sign in and re-enable two-factor authentication as soon as possible.
    For example, if a user is trying to access a GitLab instance from `first.host.xyz` and `second.host.xyz`:

    - The user logs in via `first.host.xyz` and registers their U2F key.
-    - The user logs out and attempts to log in via `first.host.xyz` - U2F authentication suceeds.
+    - The user logs out and attempts to log in via `first.host.xyz` - U2F authentication succeeds.
    - The user logs out and attempts to log in via `second.host.xyz` - U2F authentication fails, because
    the U2F key has only been registered on `first.host.xyz`.


--- a/doc/user/project/integrations/emails_on_push.md
+++ b/doc/user/project/integrations/emails_on_push.md
@@ -10,7 +10,7 @@ In the _Recipients_ area, provide a list of emails separated by commas.

 You can configure any of the following settings depending on your preference.

-+ **Push events** - Email will be triggered when a push event is recieved
+ **Push events** - Email will be triggered when a push event is received
 + **Tag push events** - Email will be triggered when a tag is created and pushed
 + **Send from committer** - Send notifications from the committer's email address if the domain is part of the domain GitLab is running on (e.g. `user@gitlab.com`).
 + **Disable code diffs** - Don't include possibly sensitive code diffs in notification body.

--- a/doc/user/project/integrations/webhooks.md
+++ b/doc/user/project/integrations/webhooks.md
@@ -316,7 +316,7 @@ X-Gitlab-Event: Issue Hook
 Triggered when a new comment is made on commits, merge requests, issues, and code snippets.
 The note data will be stored in `object_attributes` (e.g. `note`, `noteable_type`). The
 payload will also include information about the target of the comment. For example,
-a comment on a issue will include the specific issue information under the `issue` key.
+a comment on an issue will include the specific issue information under the `issue` key.
 Valid target types:

 1. `commit`

--- a/doc/user/project/issues/crosslinking_issues.md
+++ b/doc/user/project/issues/crosslinking_issues.md
@@ -40,7 +40,7 @@ issues around that same idea.
 You do that as explained above, when
 [mentioning an issue from a commit message](#from-commit-messages).

-When mentioning the issue "A" in a issue "B", the issue "A" will also
+When mentioning the issue "A" in issue "B", the issue "A" will also
 display a notification in its tracker. The same is valid for mentioning
 issues in merge requests.


--- a/doc/user/project/milestones/index.md
+++ b/doc/user/project/milestones/index.md
@@ -52,7 +52,7 @@ special options available when filtering by milestone:
 The milestone sidebar shows percentage complete, start date and due date,
 issues, total issue weight, total issue time spent, and merge requests.

-The percentage complete is calcualted as: Closed and merged merge requests plus all closed issues divided by
+The percentage complete is calculated as: Closed and merged merge requests plus all closed issues divided by
 total merge requests and issues.

 ![Milestone sidebar](img/sidebar.png)

--- a/doc/user/project/new_ci_build_permissions_model.md
+++ b/doc/user/project/new_ci_build_permissions_model.md
@@ -91,7 +91,7 @@ to steal the tokens of other jobs.

 Since 9.0 [pipeline triggers][triggers] do support the new permission model.
 The new triggers do impersonate their associated user including their access
-to projects and their project permissions. To migrate trigger to use new permisison
+to projects and their project permissions. To migrate trigger to use new permission
 model use **Take ownership**.

 ## Before GitLab 8.12

--- a/doc/user/project/pages/introduction.md
+++ b/doc/user/project/pages/introduction.md
@@ -373,7 +373,7 @@ configuration.
 If the case of `404.html`, there are different scenarios. For example:

 - If you use project Pages (served under `/projectname/`) and try to access
-  `/projectname/non/exsiting_file`, GitLab Pages will try to serve first
+  `/projectname/non/existing_file`, GitLab Pages will try to serve first
  `/projectname/404.html`, and then `/404.html`.
 - If you use user/group Pages (served under `/`) and try to access
  `/non/existing_file` GitLab Pages will try to serve `/404.html`.

--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -2,7 +2,7 @@ module API
  class ProtectedBranches < Grape::API
    include PaginationParams

-    BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX)
+    BRANCH_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(name: API::NO_SLASH_URL_PART_REGEX)

    before { authorize_admin_project }


--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -1317,6 +1317,10 @@ module Gitlab
      end
      # rubocop:enable Metrics/ParameterLists

+      def write_config(full_path:)
+        rugged.config['gitlab.fullpath'] = full_path if full_path.present?
+      end
+
      def gitaly_repository
        Gitlab::GitalyClient::Util.repository(@storage, @relative_path, @gl_repository)
      end

--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -19,15 +19,17 @@ module QA
        end

        def sign_in_using_credentials
-          if page.has_content?('Change your password')
+          using_wait_time 0 do
+            if page.has_content?('Change your password')
+              fill_in :user_password, with: Runtime::User.password
+              fill_in :user_password_confirmation, with: Runtime::User.password
+              click_button 'Change your password'
+            end
+
+            fill_in :user_login, with: Runtime::User.name
            fill_in :user_password, with: Runtime::User.password
-            fill_in :user_password_confirmation, with: Runtime::User.password
-            click_button 'Change your password'
+            click_button 'Sign in'
          end
-
-          fill_in :user_login, with: Runtime::User.name
-          fill_in :user_password, with: Runtime::User.password
-          click_button 'Sign in'
        end

        def self.path

--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -51,6 +51,13 @@ describe Admin::ApplicationSettingsController do
      sign_in(admin)
    end

+    it 'updates the password_authentication_enabled_for_git setting' do
+      put :update, application_setting: { password_authentication_enabled_for_git: "0" }
+
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.password_authentication_enabled_for_git).to eq(false)
+    end
+
    it 'updates the default_project_visibility for string value' do
      put :update, application_setting: { default_project_visibility: "20" }


--- a/spec/javascripts/signin_tabs_memoizer_spec.js
+++ b/spec/javascripts/signin_tabs_memoizer_spec.js
@@ -53,6 +53,13 @@ import SigninTabsMemoizer from '~/pages/sessions/new/signin_tabs_memoizer';
      expect(memo.readData()).toEqual('#standard');
    });

+    it('overrides last selected tab with hash tag when given', () => {
+      window.location.hash = '#ldap';
+      createMemoizer();
+
+      expect(memo.readData()).toEqual('#ldap');
+    });
+
    describe('class constructor', () => {
      beforeEach(() => {
        memo = createMemoizer();

--- a/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
+++ b/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
@@ -170,14 +170,14 @@ describe('MRWidgetReadyToMerge', () => {
        expect(vm.iconClass).toEqual('success');
      });

-      it('shows x for failed status', () => {
+      it('shows warning icon for failed status', () => {
        vm.mr.hasCI = true;
-        expect(vm.iconClass).toEqual('failed');
+        expect(vm.iconClass).toEqual('warning');
      });

-      it('shows x for merge not allowed', () => {
+      it('shows warning icon for merge not allowed', () => {
        vm.mr.hasCI = true;
-        expect(vm.iconClass).toEqual('failed');
+        expect(vm.iconClass).toEqual('warning');
      });
    });


--- a/spec/requests/api/protected_branches_spec.rb
+++ b/spec/requests/api/protected_branches_spec.rb
@@ -80,6 +80,12 @@ describe API::ProtectedBranches do

        it_behaves_like 'protected branch'
      end
+
+      context 'when protected branch contains a period' do
+        let(:protected_name) { 'my.feature' }
+
+        it_behaves_like 'protected branch'
+      end
    end

    context 'when authenticated as a guest' do

--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@@ -42,6 +42,7 @@ stages:
  - build
  - test
  - review
+  - dast
  - staging
  - canary
  - production
@@ -130,6 +131,23 @@ sast:container:
  artifacts:
    paths: [gl-sast-container-report.json]

+dast:
+  stage: dast
+  allow_failure: true
+  image: owasp/zap2docker-stable
+  variables:
+    POSTGRES_DB: "false"
+  script:
+    - dast
+  artifacts:
+    paths: [gl-dast-report.json]
+  only:
+    refs:
+      - branches
+    kubernetes: active
+  except:
+    - master
+
 review:
  stage: review
  script:
@@ -270,8 +288,8 @@ production:
    docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
    apk add -U wget ca-certificates
    docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
-    wget https://github.com/arminc/clair-scanner/releases/download/v6/clair-scanner_linux_386
-    mv clair-scanner_linux_386 clair-scanner
+    wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+    mv clair-scanner_linux_amd64 clair-scanner
    chmod +x clair-scanner
    touch clair-whitelist.yml
    ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
@@ -327,6 +345,12 @@ production:
      replicas="$new_replicas"
    fi

+    if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
+      secret_name='gitlab-registry'
+    else
+      secret_name=''
+    fi
+
    helm upgrade --install \
      --wait \
      --set service.enabled="$service_enabled" \
@@ -334,6 +358,7 @@ production:
      --set image.repository="$CI_APPLICATION_REPOSITORY" \
      --set image.tag="$CI_APPLICATION_TAG" \
      --set image.pullPolicy=IfNotPresent \
+      --set image.secrets[0].name="$secret_name" \
      --set application.track="$track" \
      --set application.database_url="$DATABASE_URL" \
      --set service.url="$CI_ENVIRONMENT_URL" \
@@ -462,6 +487,11 @@ production:
  }

  function create_secret() {
+    echo "Create secret..."
+    if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then
+      return
+    fi
+
    kubectl create secret -n "$KUBE_NAMESPACE" \
      docker-registry gitlab-registry \
      --docker-server="$CI_REGISTRY" \
@@ -471,6 +501,14 @@ production:
      -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
  }

+  function dast() {
+    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
+
+    mkdir /zap/wrk/
+    /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true
+    cp /zap/wrk/gl-dast-report.json .
+  }
+
  function performance() {
    export CI_ENVIRONMENT_URL=$(cat environment_url.txt)