Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/groups/components/group_item.vue

@@ -122,7 +122,7 @@ export default {
               v-tooltip
               :href="group.relativePath"
               :title="group.fullName"
-              class="no-expand gl-mt-3 gl-mr-3"
+              class="no-expand gl-mt-3 gl-mr-3 gl-text-gray-900!"
               data-placement="bottom"
               >{{
                 // ending bracket must be by closing tag to prevent

app/assets/javascripts/groups/components/item_actions.vue

@@ -53,7 +53,7 @@ export default {
       :aria-label="leaveBtnTitle"
       data-container="body"
       data-placement="bottom"
-      class="leave-group btn btn-xs no-expand"
+      class="leave-group btn btn-xs no-expand gl-text-gray-700 gl-ml-5"
       @click.prevent="onLeaveGroup"
     >
       <icon name="leave" class="position-top-0" />
@@ -66,7 +66,7 @@ export default {
       :aria-label="editBtnTitle"
       data-container="body"
       data-placement="bottom"
-      class="edit-group btn btn-xs no-expand"
+      class="edit-group btn btn-xs no-expand gl-text-gray-700 gl-ml-5"
     >
       <icon name="settings" class="position-top-0 align-middle" />
     </a>

app/assets/javascripts/groups/components/item_stats.vue

@@ -44,26 +44,26 @@ export default {
 </script>
 
 <template>
-  <div class="stats">
+  <div class="stats gl-text-gray-700">
     <item-stats-value
       v-if="isGroup"
       :title="__('Subgroups')"
       :value="item.subgroupCount"
-      css-class="number-subgroups"
+      css-class="number-subgroups gl-ml-5"
       icon-name="folder-o"
     />
     <item-stats-value
       v-if="isGroup"
       :title="__('Projects')"
       :value="item.projectCount"
-      css-class="number-projects"
+      css-class="number-projects gl-ml-5"
       icon-name="bookmark"
     />
     <item-stats-value
       v-if="isGroup"
       :title="__('Members')"
       :value="item.memberCount"
-      css-class="number-users"
+      css-class="number-users gl-ml-5"
       icon-name="users"
     />
     <item-stats-value

app/assets/javascripts/snippets/components/edit.vue

@@ -11,7 +11,11 @@ import FormFooterActions from '~/vue_shared/components/form/form_footer_actions.
 import UpdateSnippetMutation from '../mutations/updateSnippet.mutation.graphql';
 import CreateSnippetMutation from '../mutations/createSnippet.mutation.graphql';
 import { getSnippetMixin } from '../mixins/snippets';
-import { SNIPPET_VISIBILITY_PRIVATE } from '../constants';
+import {
+  SNIPPET_VISIBILITY_PRIVATE,
+  SNIPPET_CREATE_MUTATION_ERROR,
+  SNIPPET_UPDATE_MUTATION_ERROR,
+} from '../constants';
 import SnippetBlobEdit from './snippet_blob_edit.vue';
 import SnippetVisibilityEdit from './snippet_visibility_edit.vue';
 import SnippetDescriptionEdit from './snippet_description_edit.vue';
@@ -98,7 +102,11 @@ export default {
       this.fileName = newName;
     },
     flashAPIFailure(err) {
-      Flash(sprintf(__("Can't update snippet: %{err}"), { err }));
+      const defaultErrorMsg = this.newSnippet
+        ? SNIPPET_CREATE_MUTATION_ERROR
+        : SNIPPET_UPDATE_MUTATION_ERROR;
+      Flash(sprintf(defaultErrorMsg, { err }));
+      this.isUpdating = false;
     },
     onNewSnippetFetched() {
       this.newSnippet = true;
@@ -151,7 +159,6 @@ export default {
           redirectTo(baseObj.snippet.webUrl);
         })
         .catch(e => {
-          this.isUpdating = false;
           this.flashAPIFailure(e);
         });
     },

app/assets/javascripts/snippets/constants.js

@@ -22,3 +22,6 @@ export const SNIPPET_VISIBILITY = {
     description: __('The snippet can be accessed without any authentication.'),
   },
 };
+
+export const SNIPPET_CREATE_MUTATION_ERROR = __("Can't create snippet: %{err}");
+export const SNIPPET_UPDATE_MUTATION_ERROR = __("Can't update snippet: %{err}");

app/assets/stylesheets/pages/groups.scss

@@ -14,17 +14,12 @@
   flex-direction: column;
   margin: 0;
 
-  .group-row-contents .controls > .btn:last-child {
-    margin: 0;
-  }
-
   li {
     .title {
       font-weight: 600;
     }
 
     a {
-      color: $gray-900;
       text-decoration: none;
 
       &:hover {
@@ -42,8 +37,6 @@
 }
 
 .group-row {
-  @include basic-list-stats;
-
   .description p {
     margin-bottom: 0;
     color: $gl-text-color-secondary;
@@ -454,29 +447,10 @@ table.pipeline-project-metrics tr td {
         min-width: 30px;
       }
 
-      > span:last-child {
-        margin-right: 0;
-      }
-
       .stat-value {
         margin: 2px 0 0 5px;
       }
     }
-
-    .controls {
-      flex-basis: 90px;
-
-      > .btn {
-        margin: 0 $btn-side-margin 0 0;
-        color: $gl-text-color-secondary;
-      }
-    }
-
-    .metadata {
-      @include media-breakpoint-up(md) {
-        flex-basis: 240px;
-      }
-    }
   }
 
   .project-row-contents .stats {

app/models/project_services/chat_message/pipeline_message.rb

@@ -183,7 +183,7 @@ module ChatMessage
       if ref_type == 'tag'
         "#{project_url}/-/tags/#{ref}"
       else
-        "#{project_url}/commits/#{ref}"
+        "#{project_url}/-/commits/#{ref}"
       end
     end
 
@@ -200,14 +200,14 @@ module ChatMessage
     end
 
     def pipeline_failed_jobs_url
-      "#{project_url}/pipelines/#{pipeline_id}/failures"
+      "#{project_url}/-/pipelines/#{pipeline_id}/failures"
     end
 
     def pipeline_url
       if failed_jobs.any?
         pipeline_failed_jobs_url
       else
-        "#{project_url}/pipelines/#{pipeline_id}"
+        "#{project_url}/-/pipelines/#{pipeline_id}"
       end
     end
 

app/models/project_services/hipchat_service.rb

@@ -252,8 +252,8 @@ class HipchatService < Service
     status = pipeline_attributes[:status]
     duration = pipeline_attributes[:duration]
 
-    branch_link = "<a href=\"#{project_url}/commits/#{CGI.escape(ref)}\">#{ref}</a>"
-    pipeline_url = "<a href=\"#{project_url}/pipelines/#{pipeline_id}\">##{pipeline_id}</a>"
+    branch_link = "<a href=\"#{project_url}/-/commits/#{CGI.escape(ref)}\">#{ref}</a>"
+    pipeline_url = "<a href=\"#{project_url}/-/pipelines/#{pipeline_id}\">##{pipeline_id}</a>"
 
     "#{project_link}: Pipeline #{pipeline_url} of #{branch_link} #{ref_type} by #{user_name} #{humanized_status(status)} in #{duration} second(s)"
   end

app/services/projects/update_remote_mirror_service.rb

@@ -27,7 +27,11 @@ module Projects
       remote_mirror.update_start!
 
       remote_mirror.ensure_remote!
-      repository.fetch_remote(remote_mirror.remote_name, ssh_auth: remote_mirror, no_tags: true)
+
+      # https://gitlab.com/gitlab-org/gitaly/-/issues/2670
+      if Feature.disabled?(:gitaly_ruby_remote_branches_ls_remote)
+        repository.fetch_remote(remote_mirror.remote_name, ssh_auth: remote_mirror, no_tags: true)
+      end
 
       response = remote_mirror.update_repository
 

changelogs/unreleased/213009-when-filtering-by-groups-icons-are-misaligned.yml

@@ -0,0 +1,6 @@
+---
+title: Improve spacing and wrapping of group actions buttons and stats in group list
+  view
+merge_request: 32786
+author:
+type: fixed

changelogs/unreleased/dz-redirect-unscoped-pipelines-routes.yml

@@ -0,0 +1,5 @@
+---
+title: Move pipelines routing under /-/ scope
+merge_request: 30730
+author:
+type: changed

changelogs/unreleased/fix-ecs-detached-branch-pipeline.yml

@@ -0,0 +1,5 @@
+---
+title: Fix CI rules for ECS related jobs
+merge_request: 33527
+author:
+type: fixed

changelogs/unreleased/fj-fix-snippet-import-from-database.yml

@@ -0,0 +1,5 @@
+---
+title: Fix snippet repository import edge cases
+merge_request: 33506
+author:
+type: fixed

changelogs/unreleased/mg-fix-katex-fonts.yml

@@ -0,0 +1,5 @@
+---
+title: Fix KaTeX font paths
+merge_request: 33338
+author:
+type: fixed

config/routes/project.rb

@@ -315,6 +315,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
         draw :issues
         draw :merge_requests
+        draw :pipelines
 
         # The wiki and repository routing contains wildcard characters so
         # its preferable to keep it below all other project routes
@@ -380,17 +381,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
       post 'alerts/notify', to: 'alerting/notifications#create'
 
-      # Unscoped route. It will be replaced with redirect to /-/pipelines/
-      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
-      draw :pipelines
-
-      # To ensure an old unscoped routing is used for the UI we need to
-      # add prefix 'as' to the scope routing and place it below original routing.
-      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
-      scope '-', as: 'scoped' do
-        draw :pipelines
-      end
-
       draw :legacy_builds
 
       resources :hooks, only: [:index, :create, :edit, :update, :destroy], constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope
@@ -486,6 +476,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
       # Deprecated unscoped routing.
       # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
       scope as: 'deprecated' do
+        draw :pipelines
         draw :repository
       end
 

config/webpack.config.js

@@ -244,6 +244,7 @@ module.exports = {
         loader: 'file-loader',
         options: {
           name: '[name].[contenthash:8].[ext]',
+          esModule: false,
         },
       },
     ],

doc/development/secure_coding_guidelines.md

@@ -213,7 +213,7 @@ the mitigations for a new feature.
 
 #### Feature-specific Mitigations
 
-For situtions in which a whitelist or GitLab:HTTP cannot be used, it will be necessary to implement mitigations directly in the feature. It is best to validate the destination IP addresses themselves, not just domain names, as DNS can be controlled by the attacker. Below are a list of mitigations that should be implemented.
+For situtions in which an allowlist or GitLab:HTTP cannot be used, it will be necessary to implement mitigations directly in the feature. It is best to validate the destination IP addresses themselves, not just domain names, as DNS can be controlled by the attacker. Below are a list of mitigations that should be implemented.
 
 **Important Note:** There are many tricks to bypass common SSRF validations. If feature-specific mitigations are necessary, they should be reviewed by the AppSec team, or a developer who has worked on SSRF mitigations previously.
 
@@ -276,10 +276,10 @@ For any and all input fields, ensure to define expectations on the type/format o
 - Treat all user input as untrusted.
 - Based on the expectations you [defined above](#setting-expectations):
   - Validate the [input size limits](https://youtu.be/2VFavqfDS6w?t=7582).
-  - Validate the input using a [whitelist approach](https://youtu.be/2VFavqfDS6w?t=7816) to only allow characters through which you are expecting to receive for the field.
+  - Validate the input using an [allowlist approach](https://youtu.be/2VFavqfDS6w?t=7816) to only allow characters through which you are expecting to receive for the field.
     - Input which fails validation should be **rejected**, and not sanitized.
 
-Note that blacklists should be avoided, as it is near impossible to block all [variations of XSS](https://owasp.org/www-community/xss-filter-evasion-cheatsheet).
+Note that denylists should be avoided, as it is near impossible to block all [variations of XSS](https://owasp.org/www-community/xss-filter-evasion-cheatsheet).
 
 #### Output encoding
 
@@ -345,5 +345,5 @@ Once you've [determined when and where](#setting-expectations) the user submitte
 - [Input Validation](https://youtu.be/2VFavqfDS6w?t=7489)
 - [Validate size limits](https://youtu.be/2VFavqfDS6w?t=7582)
 - [RoR model validators](https://youtu.be/2VFavqfDS6w?t=7636)
-- [Whitelist input validation](https://youtu.be/2VFavqfDS6w?t=7816)
+- [Allowlist input validation](https://youtu.be/2VFavqfDS6w?t=7816)
 - [Content Security Policy](https://www.youtube.com/watch?v=2VFavqfDS6w&t=12991s)

doc/user/project/pages/getting_started/fork_sample_project.md

@@ -23,8 +23,8 @@ To fork a sample project and create a Pages website:
 1. Go to your project's **CI/CD > Pipelines** and click **Run pipeline**.
    GitLab CI/CD builds and deploys your site.
 
+The site can take approximately 30 minutes to deploy.
 When the pipeline is finished, go to **Settings > Pages** to find the link to your website from your project.
-It can take approximately 30 minutes to deploy.
 
 For every change pushed to your repository, GitLab CI/CD runs a new pipeline
 that immediately publishes your changes to the Pages site.

doc/user/project/pages/getting_started/new_or_existing_website.md

@@ -5,44 +5,41 @@ group: Release Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
-# Start a new Pages website from scratch or deploy an existing website
+# Create a Pages website by using a CI/CD template
 
-If you already have a website and want to deploy it with GitLab Pages,
-or, if you want to start a new site from scratch, you'll need to:
+GitLab provides `.gitlab-ci.yml` templates for the most popular Static Site Generators (SSGs).
+You can create your own `.gitlab-ci.yml` file from one of these templates, and run
+the CI/CD pipeline to generate a Pages website.
 
-- Create a new project in GitLab to hold your site content.
-- Set up GitLab CI/CD to deploy your website to Pages.
+Use a `.gitlab-ci.yml` template when you have an existing project that you want to add a Pages site to.
 
-To do so, follow the steps below.
+1. In the left sidebar, click **Project overview**.
+1. Click **Set up CI/CD**.
 
-1. From your **Project**'s **[Dashboard](https://gitlab.com/dashboard/projects)**,
-   click **New project**, and name it according to the
-   [Pages domain names](../getting_started_part_one.md#gitlab-pages-default-domain-names).
-1. Clone it to your local computer, add your website
-   files to your project, add, commit, and push to GitLab.
-   Alternatively, you can run `git init` in your local directory,
-   add the remote URL:
-   `git remote add origin git@gitlab.com:namespace/project-name.git`,
-   then add, commit, and push to GitLab.
-1. From the your **Project**'s page, click **Set up CI/CD**:
+   ![setup GitLab CI/CD](../img/setup_ci_v13_1.png)
 
-   ![setup GitLab CI/CD](../img/setup_ci.png)
+   If this button is not available, CI/CD is already configured for
+   your project. You may want to browse the `.gitlab-ci.yml` files
+   [in these projects instead](https://gitlab.com/pages).
 
-1. Choose one of the templates from the dropbox menu.
-   Pick up the template corresponding to the SSG you're using (or plain HTML).
+1. From the **Apply a template** list, choose a template for the SSG you're using.
+   You can also choose plain HTML.
 
-   ![gitlab-ci templates](../img/choose_ci_template.png)
+   ![gitlab-ci templates](../img/choose_ci_template_v13_1.png)
 
-   Note that, if you don't find a corresponding template, you can look into
-   [GitLab Pages group of sample projects](https://gitlab.com/pages),
-   you may find one among them that suits your needs, from which you
-   can copy `.gitlab-ci.yml`'s content and adjust for your case.
-   If you don't find it there either, [learn how to write a `.gitlab-ci.yml`
+   If you don't find a corresponding template, you can view the
+   [GitLab Pages group of sample projects](https://gitlab.com/pages).
+   These projects contain `.gitlab-ci.yml` files that you can modify for your needs.
+   You can also [learn how to write your own `.gitlab-ci.yml`
    file for GitLab Pages](../getting_started_part_four.md).
 
-Once you have both site files and `.gitlab-ci.yml` in your project's
-root, GitLab CI/CD will build your site and deploy it with Pages.
-Once the first build passes, you access your site by
-navigating to your **Project**'s **Settings** > **Pages**,
-where you'll find its default URL. It can take approximately 30 min to be
-deployed.
+1. Save and commit the `.gitlab-ci.yml` file.
+
+If everything is configured correctly, the site can take approximately 30 minutes to deploy.
+
+You can watch the pipeline run by going to **CI / CD > Pipelines**.
+When the pipeline is finished, go to **Settings > Pages** to find the link to
+your Pages website.
+
+For every change pushed to your repository, GitLab CI/CD runs a new pipeline
+that immediately publishes your changes to the Pages site.

doc/user/project/pages/getting_started/pages_bundled_template.md

@@ -5,27 +5,30 @@ group: Release Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
-# New Pages website from a bundled template
+# Create a Pages website from a new project template
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/47857) in GitLab 11.8.
 
-The simplest way to create a GitLab Pages site is to use one of the most
-popular templates, which come already bundled with GitLab and are ready to go.
+GitLab provides templates for the most popular Static Site Generators (SSGs).
+You can create a new project from a template and run the CI/CD pipeline to generate a Pages website.
+
+Use a template when you want to test GitLab Pages or start a new project that's already
+configured to generate a Pages site.
 
 1. From the top navigation, click the **+** button and select **New project**.
 1. Select **Create from Template**.
-1. Choose one of the templates starting with **Pages**:
+1. Next to one of the templates starting with **Pages**, click **Use template**.
 
-   ![Project templates for Pages](../img/pages_project_templates_v11_8.png)
+   ![Project templates for Pages](../img/pages_project_templates_v13_1.png)
 
+1. Complete the form and click **Create project**.
 1. From the left sidebar, navigate to your project's **CI/CD > Pipelines**
    and click **Run pipeline** to trigger GitLab CI/CD to build and deploy your
-   site to the server.
-1. After the pipeline has finished successfully, wait approximately 30 minutes
-   for your website to be visible. After waiting 30 minutes, find the link to
-   visit your website from your project's **Settings > Pages**. If the link
-   leads to a 404 page, wait a few minutes and try again.
+   site.
 
-Your website is then visible on your domain and you can modify your files
-as you wish. For every modification pushed to your repository, GitLab CI/CD
-will run a new pipeline to immediately publish your changes to the server.
+The site can take approximately 30 minutes to deploy.
+When the pipeline is finished, go to **Settings > Pages** to find the link to
+your Pages website.
+
+For every change pushed to your repository, GitLab CI/CD runs a new pipeline
+that immediately publishes your changes to the Pages site.

doc/user/project/pages/index.md

@@ -16,36 +16,55 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 With GitLab Pages, you can publish static websites
 directly from a repository in GitLab.
 
-- Use for any personal or business website.
-- Use any Static Site Generator (SSG) or plain HTML.
-- Create websites for your projects, groups, or user account.
-- Host your site on your own GitLab instance or on GitLab.com for free.
-- Connect your custom domains and TLS certificates.
-- Attribute any license to your content.
-
 <div class="row">
 <div class="col-md-9">
 <p style="margin-top: 18px;">
-To publish a website with Pages, you can use any SSG,
-like Gatsby, Jekyll, Hugo, Middleman, Harp, Hexo, and Brunch, just to name a few. You can also
-publish any website written directly in plain HTML, CSS, and JavaScript.</p>
-<p>Pages does <strong>not</strong> support dynamic server-side processing, for instance, as <code>.php</code> and <code>.asp</code> requires. Learn more about
-<a href="https://about.gitlab.com/blog/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/">static websites vs dynamic websites</a>.</p>
-<p>Learn more about GitLab Pages:</p>
+<ul>
+<li>Use for any personal or business website.</li>
+<li>Use any Static Site Generator (SSG) or plain HTML.</li>
+<li>Create websites for your projects, groups, or user account.</li>
+<li>Host your site on your own GitLab instance or on GitLab.com for free.</li>
+<li>Connect your custom domains and TLS certificates.</li>
+<li>Attribute any license to your content.</li>
+</ul>
+</p>
 </div>
 <div class="col-md-3"><img src="img/ssgs_pages.png" alt="Examples of SSGs supported by Pages" class="image-noshadow middle display-block"></div>
 </div>
 
+To publish a website with Pages, you can use any SSG,
+like Gatsby, Jekyll, Hugo, Middleman, Harp, Hexo, and Brunch, just to name a few. You can also
+publish any website written directly in plain HTML, CSS, and JavaScript.
+
+Pages does **not** support dynamic server-side processing, for instance, as `.php` and `.asp` requires.
+Learn more about
+[static websites compared to dynamic websites](https://about.gitlab.com/blog/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/).
+
+## Getting started
+
+To create a GitLab Pages website:
+
 | Document | Description |
-| --- | --- |
-| [GitLab Pages domain names, URLs, and baseurls](getting_started_part_one.md) | How GitLab Pages default domains work. |
-| [GitLab CI/CD for GitLab Pages](getting_started_part_four.md) | Create your own site by using `.gitlab-ci.yml`. |
-| [Exploring GitLab Pages](introduction.md) | Requirements, technical aspects, specific GitLab CI/CD configuration options, Access Control, custom 404 pages, limitations, FAQ. |
-|---+---|
-| [Custom domains and SSL/TLS Certificates](custom_domains_ssl_tls_certification/index.md) | Add custom domains and subdomains to your website, configure DNS records and SSL/TLS certificates. |
+| -------- | ----------- |
+| [Use a `.gitlab-ci.yml` template](getting_started/new_or_existing_website.md) | Add a Pages site to an existing project. Use a pre-populated CI template file. |
+| [Create a `gitlab-ci.yml` file from scratch](getting_started_part_four.md)    | Add a Pages site to an existing project. Learn how to create and configure your own CI file. |
+| [Use a new project template](getting_started/pages_bundled_template.md)       | Create a new project with Pages already configured by using a new project template. |
+| [Fork a sample project](getting_started/fork_sample_project.md)               | Create a new project with Pages already configured by forking a sample project. |
+
+To update a GitLab Pages website:
+
+| Document | Description |
+| -------- | ----------- |
+| [GitLab Pages domain names, URLs, and baseurls](getting_started_part_one.md) | Learn about GitLab Pages default domains. |
+| [Explore GitLab Pages](introduction.md) | Requirements, technical aspects, specific GitLab CI/CD configuration options, Access Control, custom 404 pages, limitations, FAQ. |
+| [Custom domains and SSL/TLS Certificates](custom_domains_ssl_tls_certification/index.md) | Custom domains and subdomains, DNS records, and SSL/TLS certificates. |
 | [Let's Encrypt integration](custom_domains_ssl_tls_certification/lets_encrypt_integration.md) | Secure your Pages sites with Let's Encrypt certificates, which are automatically obtained and renewed by GitLab. |
 | [CloudFlare certificates](https://about.gitlab.com/blog/2017/02/07/setting-up-gitlab-pages-with-cloudflare-certificates/) | Secure your Pages site with CloudFlare certificates. |
-|---+---|
+
+Learn more and see examples:
+
+| Document | Description |
+| -------- | ----------- |
 | [Static vs dynamic websites](https://about.gitlab.com/blog/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/) | Static versus dynamic site overview. |
 | [Modern static site generators](https://about.gitlab.com/blog/2016/06/10/ssg-overview-gitlab-pages-part-2/) | SSG overview. |
 | [Build any SSG site with GitLab Pages](https://about.gitlab.com/blog/2016/06/17/ssg-overview-gitlab-pages-part-3-examples-ci/) | Use SSGs for GitLab Pages. |
@@ -68,30 +87,18 @@ You can either use GitLab's [default domain for GitLab Pages websites](getting_s
 `*.gitlab.io`, or your own domain (`example.com`). In that case, you'll
 need admin access to your domain's registrar (or control panel) to set it up with Pages.
 
-## Getting started
-
-To get started with GitLab Pages, you can:
-
-- [Use a bundled website template that's ready to go](getting_started/pages_bundled_template.md).
-- [Copy an existing sample](getting_started/fork_sample_project.md).
-- [Create a website from scratch or deploy an existing one](getting_started/new_or_existing_website.md).
+The following diagrams show the workflows you might follow to get started with Pages.
 
 <img src="img/new_project_for_pages_v12_5.png" alt="New projects for GitLab Pages" class="image-noshadow">
 
-Optional features:
-
-- Use a [custom domain or subdomain](custom_domains_ssl_tls_certification/index.md#set-up-pages-with-a-custom-domain).
-- Add an [SSL/TLS certificate to secure your site under the HTTPS protocol](custom_domains_ssl_tls_certification/index.md#adding-an-ssltls-certificate-to-pages).
+## Access to your Pages site
 
 If you're using GitLab Pages default domain (`.gitlab.io`),
 your website will be automatically secure and available under
 HTTPS. If you're using your own custom domain, you can
 optionally secure it with SSL/TLS certificates.
 
-## Access to your Pages site
-
 If you're using GitLab.com, your website will be publicly available to the internet.
-
 To restrict access to your website, enable [GitLab Pages Access Control](pages_access_control.md).
 
 If you're using a self-managed instance (Core, Starter, Premium, or Ultimate),
@@ -113,7 +120,7 @@ to use and adapt to your own needs:
 
 ## Administer GitLab Pages for self-managed instances
 
-Enable and configure GitLab Pages on your own instance (GitLab Community Edition and Enterprise Editions) with
-the [admin guide](../../../administration/pages/index.md).
+If you are running a self-managed instance of GitLab (GitLab Community Edition and Enterprise Editions),
+[follow the administration steps](../../../administration/pages/index.md) to configure Pages.
 
-**<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> Watch a [video tutorial](https://www.youtube.com/watch?v=dD8c7WNcc6s) for getting started with GitLab Pages admin!**
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> Watch a [video tutorial](https://www.youtube.com/watch?v=dD8c7WNcc6s) about how to get started with GitLab Pages administration.

lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml

@@ -25,7 +25,9 @@ review_ecs:
       when: never
     - if: '$REVIEW_DISABLED'
       when: never
-    - if: '$CI_COMMIT_BRANCH != "master"'
+    - if: '$CI_COMMIT_BRANCH == "master"'
+      when: never
+    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
 
 production_ecs:
   extends: .deploy_to_ecs
@@ -37,4 +39,6 @@ production_ecs:
       when: never
     - if: '$CI_KUBERNETES_ACTIVE'
       when: never
-    - if: '$CI_COMMIT_BRANCH == "master"'
+    - if: '$CI_COMMIT_BRANCH != "master"'
+      when: never
+    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'

lib/gitlab/import_export/snippet_repo_restorer.rb

@@ -34,14 +34,7 @@ module Gitlab
       end
 
       def create_repository_from_db
-        snippet.create_repository
-
-        commit_attrs = {
-          branch_name: 'master',
-          message: 'Initial commit'
-        }
-
-        repository.create_file(@user, snippet.file_name, snippet.content, commit_attrs)
+        Gitlab::BackgroundMigration::BackfillSnippetRepositories.new.perform_by_ids([snippet.id])
       end
     end
   end

locale/gitlab.pot

@@ -3726,6 +3726,9 @@ msgstr ""
 msgid "Can override approvers and approvals required per merge request"
 msgstr ""
 
+msgid "Can't create snippet: %{err}"
+msgstr ""
+
 msgid "Can't edit as source branch was deleted"
 msgstr ""
 
@@ -18384,9 +18387,6 @@ msgstr ""
 msgid "Reports|Metrics reports failed loading results"
 msgstr ""
 
-msgid "Reports|Scanner"
-msgstr ""
-
 msgid "Reports|Severity"
 msgstr ""
 
@@ -19340,10 +19340,10 @@ msgstr ""
 msgid "SecurityReports|Remove project from dashboard"
 msgstr ""
 
-msgid "SecurityReports|Return to dashboard"
+msgid "SecurityReports|Report type"
 msgstr ""
 
-msgid "SecurityReports|Scanner type"
+msgid "SecurityReports|Return to dashboard"
 msgstr ""
 
 msgid "SecurityReports|Security Dashboard"
@@ -25958,7 +25958,7 @@ msgstr ""
 msgid "ciReport|All projects"
 msgstr ""
 
-msgid "ciReport|All scanner types"
+msgid "ciReport|All report types"
 msgstr ""
 
 msgid "ciReport|All severities"

spec/frontend/snippets/components/edit_spec.js

@@ -1,5 +1,6 @@
 import { shallowMount } from '@vue/test-utils';
 import axios from '~/lib/utils/axios_utils';
+import Flash from '~/flash';
 
 import { GlLoadingIcon } from '@gitlab/ui';
 import { joinPaths, redirectTo } from '~/lib/utils/url_utility';
@@ -10,6 +11,7 @@ import SnippetVisibilityEdit from '~/snippets/components/snippet_visibility_edit
 import SnippetBlobEdit from '~/snippets/components/snippet_blob_edit.vue';
 import TitleField from '~/vue_shared/components/form/title.vue';
 import FormFooterActions from '~/vue_shared/components/form/form_footer_actions.vue';
+import { SNIPPET_CREATE_MUTATION_ERROR, SNIPPET_UPDATE_MUTATION_ERROR } from '~/snippets/constants';
 
 import UpdateSnippetMutation from '~/snippets/mutations/updateSnippet.mutation.graphql';
 import CreateSnippetMutation from '~/snippets/mutations/createSnippet.mutation.graphql';
@@ -27,6 +29,8 @@ jest.mock('~/lib/utils/url_utility', () => ({
     .mockReturnValue('contentApiURL'),
 }));
 
+jest.mock('~/flash');
+
 let flashSpy;
 
 const contentMock = 'Foo Bar';
@@ -290,6 +294,26 @@ describe('Snippet Edit app', () => {
           expect(flashSpy).toHaveBeenCalledWith(apiError);
         });
       });
+
+      it.each`
+        isNew    | status        | expectation
+        ${true}  | ${`new`}      | ${SNIPPET_CREATE_MUTATION_ERROR.replace('%{err}', '')}
+        ${false} | ${`existing`} | ${SNIPPET_UPDATE_MUTATION_ERROR.replace('%{err}', '')}
+      `(
+        `renders the correct error message if mutation fails for $status snippet`,
+        ({ isNew, expectation }) => {
+          createComponent({
+            data: {
+              newSnippet: isNew,
+            },
+            mutationRes: mutationTypes.REJECT,
+          });
+          wrapper.vm.handleFormSubmit();
+          return waitForPromises().then(() => {
+            expect(Flash).toHaveBeenCalledWith(expect.stringContaining(expectation));
+          });
+        },
+      );
     });
   });
 });

spec/lib/gitlab/ci/status/stage/play_manual_spec.rb

@@ -31,7 +31,7 @@ describe Gitlab::Ci::Status::Stage::PlayManual do
 
     subject { play_manual.action_path }
 
-    it { is_expected.to eq("/#{pipeline.project.full_path}/pipelines/#{pipeline.id}/stages/#{stage.name}/play_manual") }
+    it { is_expected.to eq("/#{pipeline.project.full_path}/-/pipelines/#{pipeline.id}/stages/#{stage.name}/play_manual") }
   end
 
   describe '#action_method' do

spec/lib/gitlab/etag_caching/router_spec.rb

@@ -23,7 +23,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'matches issue title endpoint' do
     result = described_class.match(
-      '/my-group/my-project/issues/123/realtime_changes'
+      '/my-group/my-project/-/issues/123/realtime_changes'
     )
 
     expect(result).to be_present
@@ -32,7 +32,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'matches with a project name that includes a suffix of create' do
     result = described_class.match(
-      '/group/test-create/issues/123/realtime_changes'
+      '/group/test-create/-/issues/123/realtime_changes'
     )
 
     expect(result).to be_present
@@ -41,7 +41,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'matches with a project name that includes a prefix of create' do
     result = described_class.match(
-      '/group/create-test/issues/123/realtime_changes'
+      '/group/create-test/-/issues/123/realtime_changes'
     )
 
     expect(result).to be_present
@@ -50,7 +50,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'matches project pipelines endpoint' do
     result = described_class.match(
-      '/my-group/my-project/pipelines.json'
+      '/my-group/my-project/-/pipelines.json'
     )
 
     expect(result).to be_present
@@ -95,7 +95,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'does not match blob with confusing name' do
     result = described_class.match(
-      '/my-group/my-project/blob/master/pipelines.json'
+      '/my-group/my-project/-/blob/master/pipelines.json'
     )
 
     expect(result).to be_blank
@@ -121,7 +121,7 @@ describe Gitlab::EtagCaching::Router do
 
   it 'matches pipeline#show endpoint' do
     result = described_class.match(
-      '/my-group/my-project/pipelines/2.json'
+      '/my-group/my-project/-/pipelines/2.json'
     )
 
     expect(result).to be_present

spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb

@@ -25,10 +25,9 @@ describe Gitlab::ImportExport::SnippetRepoRestorer do
       expect(snippet.repository_exists?).to be_falsey
 
       aggregate_failures do
-        expect(restorer.restore).to be_truthy
-
-        expect(snippet.repository_exists?).to be_truthy
-        expect(snippet.snippet_repository).not_to be_nil
+        expect do
+          expect(restorer.restore).to be_truthy
+        end.to change { SnippetRepository.count }.by(1)
 
         blob = snippet.repository.blob_at('HEAD', snippet.file_name)
         expect(blob).not_to be_nil

spec/lib/gitlab/patch/action_dispatch_journey_formatter_spec.rb

@@ -7,7 +7,7 @@ describe Gitlab::Patch::ActionDispatchJourneyFormatter do
   let(:project) { create(:project, namespace: group) }
   let(:pipeline) { create(:ci_empty_pipeline, project: project) }
   let(:url) { Gitlab::Routing.url_helpers.project_pipeline_url(project, pipeline) }
-  let(:expected_path) { "#{project.full_path}/pipelines/#{pipeline.id}" }
+  let(:expected_path) { "#{project.full_path}/-/pipelines/#{pipeline.id}" }
 
   context 'custom implementation of #missing_keys' do
     before do

spec/models/ci/build_spec.rb

@@ -2286,7 +2286,7 @@ describe Ci::Build do
       let(:predefined_variables) do
         [
           { key: 'CI_PIPELINE_ID', value: pipeline.id.to_s, public: true, masked: false },
-          { key: 'CI_PIPELINE_URL', value: project.web_url + "/pipelines/#{pipeline.id}", public: true, masked: false },
+          { key: 'CI_PIPELINE_URL', value: project.web_url + "/-/pipelines/#{pipeline.id}", public: true, masked: false },
           { key: 'CI_JOB_ID', value: build.id.to_s, public: true, masked: false },
           { key: 'CI_JOB_URL', value: project.web_url + "/-/jobs/#{build.id}", public: true, masked: false },
           { key: 'CI_JOB_TOKEN', value: 'my-token', public: false, masked: true },

spec/models/project_services/chat_message/pipeline_message_spec.rb

@@ -61,8 +61,8 @@ describe ChatMessage::PipelineMessage do
 
   it "returns the pipeline summary in the activity's title" do
     expect(subject.activity[:title]).to eq(
-      "Pipeline [#123](http://example.gitlab.com/pipelines/123)" \
-        " of branch [develop](http://example.gitlab.com/commits/develop)" \
+      "Pipeline [#123](http://example.gitlab.com/-/pipelines/123)" \
+        " of branch [develop](http://example.gitlab.com/-/commits/develop)" \
         " by The Hacker (hacker) has passed"
     )
   end
@@ -74,8 +74,8 @@ describe ChatMessage::PipelineMessage do
 
     it "returns the summary with a 'failed' status" do
       expect(subject.activity[:title]).to eq(
-        "Pipeline [#123](http://example.gitlab.com/pipelines/123)" \
-          " of branch [develop](http://example.gitlab.com/commits/develop)" \
+        "Pipeline [#123](http://example.gitlab.com/-/pipelines/123)" \
+          " of branch [develop](http://example.gitlab.com/-/commits/develop)" \
           " by The Hacker (hacker) has failed"
       )
     end
@@ -88,8 +88,8 @@ describe ChatMessage::PipelineMessage do
 
     it "returns the summary with a 'passed with warnings' status" do
       expect(subject.activity[:title]).to eq(
-        "Pipeline [#123](http://example.gitlab.com/pipelines/123)" \
-          " of branch [develop](http://example.gitlab.com/commits/develop)" \
+        "Pipeline [#123](http://example.gitlab.com/-/pipelines/123)" \
+          " of branch [develop](http://example.gitlab.com/-/commits/develop)" \
           " by The Hacker (hacker) has passed with warnings"
       )
     end
@@ -102,8 +102,8 @@ describe ChatMessage::PipelineMessage do
 
     it "returns the summary with 'API' as the username" do
       expect(subject.activity[:title]).to eq(
-        "Pipeline [#123](http://example.gitlab.com/pipelines/123)" \
-          " of branch [develop](http://example.gitlab.com/commits/develop)" \
+        "Pipeline [#123](http://example.gitlab.com/-/pipelines/123)" \
+          " of branch [develop](http://example.gitlab.com/-/commits/develop)" \
           " by API has passed"
       )
     end
@@ -134,8 +134,8 @@ describe ChatMessage::PipelineMessage do
   it "returns the pipeline summary as the attachment's fallback property" do
     expect(subject.attachments.first[:fallback]).to eq(
       "<http://example.gitlab.com|project_name>:" \
-        " Pipeline <http://example.gitlab.com/pipelines/123|#123>" \
-        " of branch <http://example.gitlab.com/commits/develop|develop>" \
+        " Pipeline <http://example.gitlab.com/-/pipelines/123|#123>" \
+        " of branch <http://example.gitlab.com/-/commits/develop|develop>" \
         " by The Hacker (hacker) has passed in 02:00:10"
     )
   end
@@ -199,7 +199,7 @@ describe ChatMessage::PipelineMessage do
   end
 
   it "returns the pipeline URL as the attachment's title_link property" do
-    expect(subject.attachments.first[:title_link]).to eq("http://example.gitlab.com/pipelines/123")
+    expect(subject.attachments.first[:title_link]).to eq("http://example.gitlab.com/-/pipelines/123")
   end
 
   it "returns two attachment fields" do
@@ -209,7 +209,7 @@ describe ChatMessage::PipelineMessage do
   it "returns the commit message as the attachment's second field property" do
     expect(subject.attachments.first[:fields][0]).to eq({
       title: "Branch",
-      value: "<http://example.gitlab.com/commits/develop|develop>",
+      value: "<http://example.gitlab.com/-/commits/develop|develop>",
       short: true
     })
   end
@@ -237,7 +237,7 @@ describe ChatMessage::PipelineMessage do
     it "returns the stage name and link to the 'Failed jobs' tab on the pipeline's page as the attachment's third field property" do
       expect(subject.attachments.first[:fields][2]).to eq({
         title: "Failed stage",
-        value: "<http://example.gitlab.com/pipelines/123/failures|test>",
+        value: "<http://example.gitlab.com/-/pipelines/123/failures|test>",
         short: true
       })
     end
@@ -261,7 +261,7 @@ describe ChatMessage::PipelineMessage do
     it "returns the stage names and links to the 'Failed jobs' tab on the pipeline's page as the attachment's third field property" do
       expect(subject.attachments.first[:fields][2]).to eq({
         title: "Failed stages",
-        value: "<http://example.gitlab.com/pipelines/123/failures|stage-2>, <http://example.gitlab.com/pipelines/123/failures|stage-1>, <http://example.gitlab.com/pipelines/123/failures|stage-3>",
+        value: "<http://example.gitlab.com/-/pipelines/123/failures|stage-2>, <http://example.gitlab.com/-/pipelines/123/failures|stage-1>, <http://example.gitlab.com/-/pipelines/123/failures|stage-3>",
         short: true
       })
     end
@@ -271,7 +271,7 @@ describe ChatMessage::PipelineMessage do
         "<http://example.gitlab.com/-/jobs/#{i}|job-#{i}>"
       end
 
-      expected_jobs << "and <http://example.gitlab.com/pipelines/123/failures|15 more>"
+      expected_jobs << "and <http://example.gitlab.com/-/pipelines/123/failures|15 more>"
 
       expect(subject.attachments.first[:fields][3]).to eq({
         title: "Failed jobs",
@@ -369,8 +369,8 @@ describe ChatMessage::PipelineMessage do
     it 'returns the pipeline summary as the attachments in markdown format' do
       expect(subject.attachments).to eq(
         "[project_name](http://example.gitlab.com):" \
-          " Pipeline [#123](http://example.gitlab.com/pipelines/123)" \
-          " of branch [develop](http://example.gitlab.com/commits/develop)" \
+          " Pipeline [#123](http://example.gitlab.com/-/pipelines/123)" \
+          " of branch [develop](http://example.gitlab.com/-/commits/develop)" \
           " by The Hacker (hacker) has passed in 02:00:10"
       )
     end

spec/models/project_services/hipchat_service_spec.rb

@@ -327,8 +327,8 @@ describe HipchatService do
           user_name = data[:user][:name]
 
           expect(message).to eq("<a href=\"#{project_url}\">#{project_name}</a>: " \
-            "Pipeline <a href=\"#{project_url}/pipelines/#{pipeline.id}\">##{pipeline.id}</a> " \
-            "of <a href=\"#{project_url}/commits/#{ref}\">#{ref}</a> #{ref_type} " \
+            "Pipeline <a href=\"#{project_url}/-/pipelines/#{pipeline.id}\">##{pipeline.id}</a> " \
+            "of <a href=\"#{project_url}/-/commits/#{ref}\">#{ref}</a> #{ref_type} " \
             "by #{user_name} failed in #{duration} second(s)")
         end
       end

spec/serializers/merge_request_widget_entity_spec.rb

@@ -178,7 +178,7 @@ describe MergeRequestWidgetEntity do
     project.add_maintainer(user)
 
     expect(subject[:new_project_pipeline_path])
-      .to eq("/#{resource.project.full_path}/pipelines/new")
+      .to eq("/#{resource.project.full_path}/-/pipelines/new")
   end
 
   describe 'when source project is deleted' do

spec/services/ci/expire_pipeline_cache_service_spec.rb

@@ -10,9 +10,9 @@ describe Ci::ExpirePipelineCacheService do
 
   describe '#execute' do
     it 'invalidates Etag caching for project pipelines path' do
-      pipelines_path = "/#{project.full_path}/pipelines.json"
+      pipelines_path = "/#{project.full_path}/-/pipelines.json"
       new_mr_pipelines_path = "/#{project.full_path}/-/merge_requests/new.json"
-      pipeline_path = "/#{project.full_path}/pipelines/#{pipeline.id}.json"
+      pipeline_path = "/#{project.full_path}/-/pipelines/#{pipeline.id}.json"
 
       expect_any_instance_of(Gitlab::EtagCaching::Store).to receive(:touch).with(pipelines_path)
       expect_any_instance_of(Gitlab::EtagCaching::Store).to receive(:touch).with(new_mr_pipelines_path)

spec/services/projects/update_remote_mirror_service_spec.rb

@@ -10,6 +10,10 @@ describe Projects::UpdateRemoteMirrorService do
 
   subject(:service) { described_class.new(project, project.creator) }
 
+  before do
+    stub_feature_flags(gitaly_ruby_remote_branches_ls_remote: false)
+  end
+
   describe '#execute' do
     subject(:execute!) { service.execute(remote_mirror, 0) }
 
@@ -102,6 +106,19 @@ describe Projects::UpdateRemoteMirrorService do
         expect(remote_mirror.last_error).to include("refs/heads/develop")
       end
     end
+
+    # https://gitlab.com/gitlab-org/gitaly/-/issues/2670
+    context 'when `gitaly_ruby_remote_branches_ls_remote` is enabled' do
+      before do
+        stub_feature_flags(gitaly_ruby_remote_branches_ls_remote: true)
+      end
+
+      it 'does not perform a fetch' do
+        expect(project.repository).not_to receive(:fetch_remote)
+
+        execute!
+      end
+    end
   end
 
   def stub_fetch_remote(project, remote_name:, ssh_auth:)

spec/workers/expire_job_cache_worker_spec.rb

@@ -13,7 +13,7 @@ describe ExpireJobCacheWorker do
 
       include_examples 'an idempotent worker' do
         it 'invalidates Etag caching for the job path' do
-          pipeline_path = "/#{project.full_path}/pipelines/#{pipeline.id}.json"
+          pipeline_path = "/#{project.full_path}/-/pipelines/#{pipeline.id}.json"
           job_path = "/#{project.full_path}/builds/#{job.id}.json"
 
           spy_store = Gitlab::EtagCaching::Store.new