Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-22 21:11:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-22 21:11:13 +0300
commit: 88620da25def237534c9156d133be46d4da6310b (patch)
tree: 32c22437111e462f5804797f8b8d42a100a7cb10
parent: 2cdb1c566d84a3dbea0a2e5825fa112b046b6c83 (diff)
21 files changed, 222 insertions, 43 deletions
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index 778623a05c6..994be5c2b5c 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -44,7 +44,7 @@ class Projects::JobsController < Projects::ApplicationController
 
         render json: BuildSerializer
           .new(project: @project, current_user: @current_user)
-          .represent(@build, {}, BuildDetailsEntity)
+          .represent(@build.present(current_user: current_user), {}, BuildDetailsEntity)
       end
     end
   end
@@ -120,7 +120,7 @@ class Projects::JobsController < Projects::ApplicationController
   def status
     render json: BuildSerializer
       .new(project: @project, current_user: @current_user)
-      .represent_status(@build)
+      .represent_status(@build.present(current_user: current_user))
   end
 
   def erase
@@ -225,7 +225,6 @@ class Projects::JobsController < Projects::ApplicationController
 
   def find_job_as_build
     @build = project.builds.find(params[:id])
-      .present(current_user: current_user)
   end
 
   def find_job_as_processable
diff --git a/app/graphql/types/ci/runner_type.rb b/app/graphql/types/ci/runner_type.rb
index e2c8070af0c..a9e5ef576cf 100644
--- a/app/graphql/types/ci/runner_type.rb
+++ b/app/graphql/types/ci/runner_type.rb
@@ -7,6 +7,8 @@ module Types
       authorize :read_runner
       present_using ::Ci::RunnerPresenter
 
+      expose_permissions Types::PermissionTypes::Ci::Runner
+
       JOB_COUNT_LIMIT = 1000
 
       alias_method :runner, :object
diff --git a/app/graphql/types/permission_types/ci/runner.rb b/app/graphql/types/permission_types/ci/runner.rb
new file mode 100644
index 00000000000..2e92a4011e9
--- /dev/null
+++ b/app/graphql/types/permission_types/ci/runner.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    module Ci
+      class Runner < BasePermissionType
+        graphql_name 'RunnerPermissions'
+
+        abilities :read_runner, :update_runner, :delete_runner
+      end
+    end
+  end
+end
diff --git a/app/services/ci/queue/build_queue_service.rb b/app/services/ci/queue/build_queue_service.rb
index 3276c427923..3c886cb023f 100644
--- a/app/services/ci/queue/build_queue_service.rb
+++ b/app/services/ci/queue/build_queue_service.rb
@@ -90,7 +90,7 @@ module Ci
 
       def runner_projects_relation
         if ::Feature.enabled?(:ci_pending_builds_project_runners_decoupling, runner, default_enabled: :yaml)
-          runner.runner_projects.select(:project_id)
+          runner.runner_projects.select('"ci_runner_projects"."project_id"::bigint')
         else
           runner.projects.without_deleted.with_builds_enabled
         end
diff --git a/app/services/ci/retry_build_service.rb b/app/services/ci/retry_build_service.rb
index 08520c9514c..a465116000e 100644
--- a/app/services/ci/retry_build_service.rb
+++ b/app/services/ci/retry_build_service.rb
@@ -32,6 +32,11 @@ module Ci
 
     # rubocop: disable CodeReuse/ActiveRecord
     def reprocess!(build)
+      # Cloning a build requires a strict type check to ensure
+      # the attributes being used for the clone are taken straight
+      # from the model and not overridden by other abstractions.
+      raise TypeError unless build.instance_of?(Ci::Build)
+
       check_access!(build)
 
       new_build = clone_build(build)
diff --git a/data/whats_new/202109200001_14_03.yml b/data/whats_new/202109200001_14_03.yml
new file mode 100644
index 00000000000..ab82772e637
--- /dev/null
+++ b/data/whats_new/202109200001_14_03.yml
@@ -0,0 +1,83 @@
+- title: Project-level DAST and secret detection scan execution policies
+  body: |
+     We have completed the first iterative step [toward our vision](https://about.gitlab.com/direction/protect/security_orchestration/) of bringing unified security policies to GitLab. Users can now require DAST and secret detection scans to run on a regular schedule or as part of project CI pipelines, independent of the `.gitlab-ci.yml` file's contents. This allows security teams to separately manage these scan requirements without allowing developers to change the configuration. You can get started with these policies on the **Security & Compliance > Policies** page.
+  stage: Protect
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: 'https://docs.gitlab.com/ee/user/application_security/policies/'
+  image_url: https://about.gitlab.com/images/14_3/security_policies.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Next Generation SAST to reduce Ruby false positives
+  body: |
+     GitLab SAST historically has been powered by [over a dozen open-source static analysis security analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). These analyzers have proactively identified millions of vulnerabilities for developers using GitLab every month. These tools use a variety of different approaches for identifying vulnerabilities from basic regex pattern matching to abstract syntax tree parsing which can lead to issues with false positives. GitLab's Secure tools already offer vulnerability fingerprinting allowing you to dismiss these false positives persistently, however, we want to go a step further and not require this manual triaging.
+
+     Today we're releasing the first version of our proprietary static application security testing engine built in-house and maintained by GitLab's Static Analysis and Vulnerability Research groups. Initially, this tool is focused on Ruby and Rails to help reduce false positives.
+  stage: Secure
+  self-managed: true
+  gitlab-com: true
+  packages: [Ultimate]
+  url: 'https://docs.gitlab.com/ee/user/application_security/sast/#false-positive-detection'
+  image_url: https://about.gitlab.com/images/14_3/secure-fp-reduction-ui.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Group-level permissions for Protected Environments
+  body: |
+      In this release, we are introducing group-level protected environments, based on the [deployment tier](https://docs.gitlab.com/ee/ci/environments/index.html#deployment-tier-of-environments) as the identifier. This enables operators to responsibly lock down deployments to higher tier environments without unnecessarily preventing developers from doing their work as the maintainers of their individual projects.
+  stage: Release
+  self-managed: true
+  gitlab-com: true
+  packages: [Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/ci/environments/protected_environments.html#group-level-protected-environments'
+  image_url: https://about.gitlab.com/images/growth/release.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Edit a table's structure visually in the new wiki editor
+  body: |
+      Editing a Markdown table that has 9 columns and 25 rows is one thing. But adding a tenth column to that table in Markdown? That involves very repetitive and error-prone edits to every row. One mistake or misplaced `|` and the table fails to render.
+
+      The new WYSIWYG Markdown editor in the wiki lets you quickly and easily insert a table using the button in the toolbar. After selecting the initial number of rows and columns, however, dealing with the structure of the table can be more difficult. In GitLab 14.3, you can now click on the caret icon in the top right corner of any selected cell to add or remove columns and rows, either before or after the selected cell. Now, as your content scales, the complexity doesn't follow suit.
+  stage: Create
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/user/project/wiki/#content-editor'
+  image_url: https://about.gitlab.com/images/14_3/wiki-editor-edit-table-structure.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Use variables in other variables
+  body: |
+      CI/CD pipeline execution scenarios can depend on expanding variables declared in a pipeline or using GitLab predefined variables within another variable declaration. In 14.3, we are enabling the "variables inside other variables" feature on GitLab SaaS. Now you can define a variable and use it in another variable definition within the same pipeline. You can also use GitLab predefined variables inside of another variable declaration. This feature simplifies your pipeline definition and eliminates pipeline management issues caused by the duplicating of variable data. Note - for GitLab self-managed customers the feature is disabled by default. To use this feature, your GitLab administrator will need to enable the [feature flag](https://docs.gitlab.com/ee/ci/variables/where_variables_can_be_used.html#nested-variable-expansion).
+  stage: Verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/ci/variables/#use-variables-in-other-variables'
+  image_url: https://about.gitlab.com/images/growth/verify.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Add GitLab CI/CD configuration conditionally with `include`
+  body: |
+       [`include`](https://docs.gitlab.com/ee/ci/yaml/index.html#include) is one of the most popular keywords to use when writing a full CI/CD pipeline. If you are building larger pipelines, you are probably using the `include` keyword to bring external YAML configuration into your pipeline.
+
+        In this release, we are expanding the power of the keyword so you can use `include` with [`rules`](https://docs.gitlab.com/ee/ci/yaml/index.html#include) conditions. Now, you can decide when external CI/CD configuration should or shouldn't be included. This will help you write a standardized pipeline with the ability to dynamically modify itself based on the conditions you choose.
+  stage: Verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/#amazing'
+  image_url: https://about.gitlab.com/images/14_3/conditional_include.png
+  published_at: 2021-09-22
+  release: 14.3
+- title: Grant group access to the GitLab Kubernetes Agent
+  body: |
+       The GitLab Kubernetes Agent provides a secure connection between a Kubernetes cluster and GitLab. Until GitLab 14.2, the CI/CD Tunnel enabled pushing to a cluster only from the same project where the Kubernetes Agent was registered. In GitLab 14.3, the Agent can be authorized to access entire groups. As a result, every project under the authorized group has access to the cluster without the need to register an agent for every project.
+  stage: Configure
+  self-managed: true
+  gitlab-com: true
+  packages: [Premium, Ultimate]
+  url: 'https://docs.gitlab.com/ee/user/clusters/agent/repository.html#authorize-groups-to-use-an-agent'
+  image_url: https://about.gitlab.com/images/growth/configure.png
+  published_at: 2021-09-22
+  release: 14.3
diff --git a/doc/administration/auth/ldap/index.md b/doc/administration/auth/ldap/index.md
index 8c52ffd0346..7ffb5f1447a 100644
--- a/doc/administration/auth/ldap/index.md
+++ b/doc/administration/auth/ldap/index.md
@@ -472,9 +472,9 @@ exchanged but no validation of the LDAP server's SSL certificate is performed.
 
 Not implemented by `Net::LDAP`.
 
-You should disable anonymous LDAP authentication and enable simple or SASL
-authentication. The TLS client authentication setting in your LDAP server cannot
-be mandatory and clients cannot be authenticated with the TLS protocol.
+You should disable anonymous LDAP authentication and enable simple or Simple Authentication
+and Security Layer (SASL) authentication. The TLS client authentication setting in your LDAP server
+cannot be mandatory and clients cannot be authenticated with the TLS protocol.
 
 ## Multiple LDAP servers **(PREMIUM SELF)**
 
diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md
index 682fba804a6..bb9fe9be7f4 100644
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -226,7 +226,7 @@ Activity history for projects and individuals' profiles was limited to one year
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/14939) in GitLab 12.7.
 
-There is a limit when embedding metrics in GFM for performance reasons.
+There is a limit when embedding metrics in GitLab Flavored Markdown (GFM) for performance reasons.
 
 - **Max limit**: 100 embeds.
 
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 251d16f1f26..93e165208fb 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -3904,6 +3904,8 @@ Input type: `RunnersRegistrationTokenResetInput`
 
 ### `Mutation.scanExecutionPolicyCommit`
 
+Commits the `policy_yaml` content to the assigned security policy project for the given project(`project_path`).
+
 Input type: `ScanExecutionPolicyCommitInput`
 
 #### Arguments
@@ -3925,6 +3927,8 @@ Input type: `ScanExecutionPolicyCommitInput`
 
 ### `Mutation.securityPolicyProjectAssign`
 
+Assigns the specified project(`security_policy_project_id`) as security policy project for the given project(`project_path`). If the project already has a security policy project, this reassigns the project's security policy project with the given `security_policy_project_id`.
+
 Input type: `SecurityPolicyProjectAssignInput`
 
 #### Arguments
@@ -3944,6 +3948,8 @@ Input type: `SecurityPolicyProjectAssignInput`
 
 ### `Mutation.securityPolicyProjectCreate`
 
+Creates and assigns a security policy project for the given project(`project_path`).
+
 Input type: `SecurityPolicyProjectCreateInput`
 
 #### Arguments
@@ -8407,6 +8413,7 @@ Represents the total number of issues and their weights for a particular day.
 | <a id="cirunnershortsha"></a>`shortSha` | [`String`](#string) | First eight characters of the runner's token used to authenticate new job requests. Used as the runner's unique ID. |
 | <a id="cirunnerstatus"></a>`status` | [`CiRunnerStatus!`](#cirunnerstatus) | Status of the runner. |
 | <a id="cirunnertaglist"></a>`tagList` | [`[String!]`](#string) | Tags associated with the runner. |
+| <a id="cirunneruserpermissions"></a>`userPermissions` | [`RunnerPermissions!`](#runnerpermissions) | Permissions for the current user on the resource. |
 | <a id="cirunnerversion"></a>`version` | [`String`](#string) | Version of the runner. |
 
 ### `CiStage`
@@ -13676,6 +13683,16 @@ Counts of requirements by their state.
 | <a id="runnerarchitecturedownloadlocation"></a>`downloadLocation` | [`String!`](#string) | Download location for the runner for the platform architecture. |
 | <a id="runnerarchitecturename"></a>`name` | [`String!`](#string) | Name of the runner platform architecture. |
 
+### `RunnerPermissions`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="runnerpermissionsdeleterunner"></a>`deleteRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `delete_runner` on this resource. |
+| <a id="runnerpermissionsreadrunner"></a>`readRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `read_runner` on this resource. |
+| <a id="runnerpermissionsupdaterunner"></a>`updateRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `update_runner` on this resource. |
+
 ### `RunnerPlatform`
 
 #### Fields
diff --git a/doc/ci/ssh_keys/index.md b/doc/ci/ssh_keys/index.md
index 1e761643a10..817263374f1 100644
--- a/doc/ci/ssh_keys/index.md
+++ b/doc/ci/ssh_keys/index.md
@@ -10,7 +10,7 @@ type: tutorial
 GitLab currently doesn't have built-in support for managing SSH keys in a build
 environment (where the GitLab Runner runs).
 
-The SSH keys can be useful when:
+Use SSH keys when:
 
 1. You want to checkout internal submodules
 1. You want to download private packages using your package manager (for example, Bundler)
@@ -45,9 +45,9 @@ check the [visibility of your pipelines](../pipelines/settings.md#change-which-u
 
 When your CI/CD jobs run inside Docker containers (meaning the environment is
 contained) and you want to deploy your code in a private server, you need a way
-to access it. This is where an SSH key pair comes in handy.
+to access it. In this case, you can use an SSH key pair.
 
-1. You first need to create an SSH key pair. For more information, follow
+1. You first must create an SSH key pair. For more information, follow
    the instructions to [generate an SSH key](../../ssh/index.md#generate-an-ssh-key-pair).
    **Do not** add a passphrase to the SSH key, or the `before_script` will
    prompt for it.
@@ -101,7 +101,7 @@ to access it. This is where an SSH key pair comes in handy.
 
 1. As a final step, add the _public_ key from the one you created in the first
    step to the services that you want to have an access to from within the build
-   environment. If you are accessing a private GitLab repository you need to add
+   environment. If you are accessing a private GitLab repository you must add
    it as a [deploy key](../../user/project/deploy_keys/index.md).
 
 That's it! You can now have access to private servers or repositories in your
@@ -130,7 +130,7 @@ on, and use that key for all projects that are run on this machine.
 
 1. As a final step, add the _public_ key from the one you created earlier to the
    services that you want to have an access to from within the build environment.
-   If you are accessing a private GitLab repository you need to add it as a
+   If you are accessing a private GitLab repository you must add it as a
    [deploy key](../../user/project/deploy_keys/index.md).
 
 After generating the key, try to sign in to the remote server to accept the
@@ -163,8 +163,8 @@ ssh-keyscan 1.2.3.4
 Create a new [CI/CD variable](../variables/index.md) with
 `SSH_KNOWN_HOSTS` as "Key", and as a "Value" add the output of `ssh-keyscan`.
 
-If you need to connect to multiple servers, all the server host keys
-need to be collected in the **Value** of the variable, one key per line.
+If you must connect to multiple servers, all the server host keys
+must be collected in the **Value** of the variable, one key per line.
 
 NOTE:
 By using a variable instead of `ssh-keyscan` directly inside
@@ -175,7 +175,7 @@ so there's something wrong with the server or the network.
 
 Now that the `SSH_KNOWN_HOSTS` variable is created, in addition to the
 [content of `.gitlab-ci.yml`](#ssh-keys-when-using-the-docker-executor)
-above, here's what more you need to add:
+above, you must add:
 
 ```yaml
 before_script:
@@ -209,5 +209,5 @@ We have set up an [Example SSH Project](https://gitlab.com/gitlab-examples/ssh-p
 that runs on [GitLab.com](https://gitlab.com) using our publicly available
 [shared runners](../runners/index.md).
 
-Want to hack on it? Simply fork it, commit and push your changes. Within a few
+Want to hack on it? Fork it, commit, and push your changes. In a few
 moments the changes is picked by a public runner and the job starts.
diff --git a/doc/development/documentation/styleguide/word_list.md b/doc/development/documentation/styleguide/word_list.md
index 2c6aab1a3aa..0f1f9f7467d 100644
--- a/doc/development/documentation/styleguide/word_list.md
+++ b/doc/development/documentation/styleguide/word_list.md
@@ -416,6 +416,13 @@ Do not use **note that** because it's wordy.
 - Do: You can change the settings.
 - Do not: Note that you can change the settings.
 
+## once
+
+The word **once** means **one time**. Don't use it to mean **after** or **when**.
+
+- Do: When the process is complete...
+- Do not: Once the process is complete...
+
 ## Owner
 
 When writing about the Owner role:
@@ -523,6 +530,13 @@ You can use **single sign-on**.
 
 Do not use **simply** or **simple**. If the user doesn't find the process to be simple, we lose their trust. ([Vale](../testing.md#vale) rule: [`Simplicity.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/.vale/gitlab/Simplicity.yml))
 
+## since
+
+The word **since** indicates a timeframe. For example, **Since 1984, Bon Jovi has existed**. Don't use **since** to mean **because**.
+
+- Do: Because you have the Developer role, you can delete the widget.
+- Do not: Since you have the Developer role, you can delete the widget.
+
 ## slashes
 
 Instead of **and/or**, use **or** or re-write the sentence. This rule also applies to other slashes, like **follow/unfollow**. Some exceptions (like **CI/CD**) are allowed.
diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md
index b6f772dee17..21766a0726a 100644
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -1129,14 +1129,14 @@ GitLab backup script to be too slow. If your GitLab instance has a lot of forked
 projects, the regular backup task also duplicates the Git data for all of them.
 In these cases, consider using file system snapshots as part of your backup strategy.
 
-Example: Amazon EBS
+Example: Amazon Elastic Block Store (EBS)
 
 > A GitLab server using Omnibus GitLab hosted on Amazon AWS.
 > An EBS drive containing an ext4 file system is mounted at `/var/opt/gitlab`.
 > In this case you could make an application backup by taking an EBS snapshot.
 > The backup includes all repositories, uploads and PostgreSQL data.
 
-Example: LVM snapshots + rsync
+Example: Logical Volume Manager (LVM) snapshots + rsync
 
 > A GitLab server using Omnibus GitLab, with an LVM logical volume mounted at `/var/opt/gitlab`.
 > Replicating the `/var/opt/gitlab` directory using rsync would not be reliable because too many files would change while rsync is running.
diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md
index c0e5d0695cc..7c94ad0bed2 100644
--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
@@ -74,7 +74,7 @@ allowlist:
 The allowed entries can be separated by semicolons, commas or whitespaces
 (including newlines) and be in different formats like hostnames, IP addresses and/or
 IP ranges. IPv6 is supported. Hostnames that contain Unicode characters should
-use IDNA encoding.
+use Internationalising Domain Names in Applications (IDNA) encoding.
 
 The allowlist can hold a maximum of 1000 entries. Each entry can be a maximum of
 255 characters.
diff --git a/doc/topics/plan_and_track.md b/doc/topics/plan_and_track.md
index 662898e88fc..86c5287b331 100644
--- a/doc/topics/plan_and_track.md
+++ b/doc/topics/plan_and_track.md
@@ -1,6 +1,6 @@
 ---
-stage: 
-group: 
+stage: Plan
+group: Project Management
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -11,18 +11,32 @@ with milestones and track your team's time. Learn how to save time with
 quick actions, see how GitLab renders Markdown text, and learn how to
 use Git to interact with GitLab.
 
-- [Epics](../user/group/epics/index.md)
+## Basic workflow features
+
+Planning features everyone needs to use day-to-day.
+
+- [Keyboard shortcuts](../user/shortcuts.md)
+- [Markdown](../user/markdown.md)
+- [Quick actions](../user/project/quick_actions.md)
+- [To-Do lists](../user/todos.md)
+- [Using Git](../topics/git/index.md)
+
+## Team Planning
+
+Get work done as a team.
+
+- [Comments and threads](../user/discussions/index.md)
 - [Issues](../user/project/issues/index.md)
-- [Labels](../user/project/labels.md)
-- [Discussions](../user/discussions/index.md)
 - [Iterations](../user/group/iterations/index.md)
+- [Labels](../user/project/labels.md)
 - [Milestones](../user/project/milestones/index.md)
 - [Requirements](../user/project/requirements/index.md)
-- [Roadmaps](../user/group/roadmap/index.md)
 - [Time tracking](../user/project/time_tracking.md)
 - [Wikis](../user/project/wiki/index.md)
-- [Keyboard shortcuts](../user/shortcuts.md)
-- [Quick actions](../user/project/quick_actions.md)
-- [Markdown](../user/markdown.md)
-- [To-Do lists](../user/todos.md)
-- [Using Git](../topics/git/index.md)
+
+## Portfolio Management
+
+Align your work across teams.
+
+- [Epics](../user/group/epics/index.md)
+- [Roadmaps](../user/group/roadmap/index.md)
diff --git a/doc/user/admin_area/settings/instance_template_repository.md b/doc/user/admin_area/settings/instance_template_repository.md
index 862bf3b1652..044863729db 100644
--- a/doc/user/admin_area/settings/instance_template_repository.md
+++ b/doc/user/admin_area/settings/instance_template_repository.md
@@ -31,6 +31,8 @@ After you add templates, you can use them for the entire instance.
 They are available in the [Web Editor's dropdown](../../project/repository/web_editor.md#template-dropdowns)
 and through the [API settings](../../../api/settings.md).
 
+## Supported file types and locations
+
 Templates must be added to a specific subdirectory in the repository,
 corresponding to the kind of template. The following types of custom templates
 are supported:
diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md
index ad25ec7edbf..1df430c8287 100644
--- a/doc/user/packages/dependency_proxy/index.md
+++ b/doc/user/packages/dependency_proxy/index.md
@@ -227,7 +227,7 @@ script:
 
 ```shell
 # Note, you must have jq installed to run this command
-TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq --raw-output .token) && curl --head --header "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest" 2>&1 | grep RateLimit
+TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq --raw-output .token) && curl --head --header "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest" 2>&1 | grep --ignore-case RateLimit
 ...
 ```
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index e6e1b4af5c8..d11ad6ab9a9 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -694,6 +694,9 @@ msgstr ""
 msgid "%{label_for_message} unavailable"
 msgstr ""
 
+msgid "%{lessThan} 1 hour"
+msgstr ""
+
 msgid "%{lets_encrypt_link_start}Let's Encrypt%{lets_encrypt_link_end} is a free, automated, and open certificate authority (CA) that issues digital certificates to enable HTTPS (SSL/TLS) for sites."
 msgstr ""
 
@@ -1054,9 +1057,6 @@ msgstr ""
 msgid "%{wildcards_link_start}Wildcards%{wildcards_link_end} such as %{code_tag_start}v*%{code_tag_end} or %{code_tag_start}*-release%{code_tag_end} are supported."
 msgstr ""
 
-msgid "&lt; 1 hour"
-msgstr ""
-
 msgid "'%{data}' at %{location} does not match format: %{format}"
 msgstr ""
 
@@ -9516,6 +9516,9 @@ msgstr ""
 msgid "Create commit"
 msgstr ""
 
+msgid "Create common files more quickly, and standardize their format."
+msgstr ""
+
 msgid "Create confidential merge request"
 msgstr ""
 
@@ -16829,6 +16832,9 @@ msgstr ""
 msgid "How do I use a web terminal?"
 msgstr ""
 
+msgid "How do I use file templates?"
+msgstr ""
+
 msgid "How it works"
 msgstr ""
 
@@ -30385,10 +30391,10 @@ msgstr ""
 msgid "Select a repository"
 msgstr ""
 
-msgid "Select a role"
+msgid "Select a repository containing templates for common files."
 msgstr ""
 
-msgid "Select a shared template repository for all projects on this instance."
+msgid "Select a role"
 msgstr ""
 
 msgid "Select a template repository"
@@ -30793,9 +30799,6 @@ msgstr ""
 msgid "Set a password on your account to pull or push via %{protocol}."
 msgstr ""
 
-msgid "Set a template repository for projects in this group"
-msgstr ""
-
 msgid "Set access permissions for this token."
 msgstr ""
 
@@ -33110,7 +33113,7 @@ msgstr ""
 msgid "Template to append to all Service Desk issues"
 msgstr ""
 
-msgid "TemplateRepository|Select a repository to make its templates available to all projects. %{link_start}What should the repository contain?%{link_end} "
+msgid "TemplateRepository|Create common files more quickly, and standardize their format."
 msgstr ""
 
 msgid "Templates"
@@ -38018,6 +38021,9 @@ msgstr ""
 msgid "What is your job title? (optional)"
 msgstr ""
 
+msgid "What templates can I create?"
+msgstr ""
+
 msgid "What will you use this group for?"
 msgstr ""
 
diff --git a/spec/graphql/types/ci/runner_type_spec.rb b/spec/graphql/types/ci/runner_type_spec.rb
index cff4c459d79..a0cecca310a 100644
--- a/spec/graphql/types/ci/runner_type_spec.rb
+++ b/spec/graphql/types/ci/runner_type_spec.rb
@@ -11,7 +11,7 @@ RSpec.describe GitlabSchema.types['CiRunner'] do
     expected_fields = %w[
       id description contacted_at maximum_timeout access_level active status
       version short_sha revision locked run_untagged ip_address runner_type tag_list
-      project_count job_count
+      project_count job_count user_permissions
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)
diff --git a/spec/graphql/types/permission_types/ci/runner_spec.rb b/spec/graphql/types/permission_types/ci/runner_spec.rb
new file mode 100644
index 00000000000..e5fbbb346e4
--- /dev/null
+++ b/spec/graphql/types/permission_types/ci/runner_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Types::PermissionTypes::Ci::Runner do
+  it do
+    expected_permissions = [
+      :read_runner, :update_runner, :delete_runner
+    ]
+
+    expected_permissions.each do |permission|
+      expect(described_class).to have_graphql_field(permission)
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/ci/runner_spec.rb b/spec/requests/api/graphql/ci/runner_spec.rb
index 74547196445..23b0493474b 100644
--- a/spec/requests/api/graphql/ci/runner_spec.rb
+++ b/spec/requests/api/graphql/ci/runner_spec.rb
@@ -61,7 +61,12 @@ RSpec.describe 'Query.runner(id)' do
         'ipAddress' => runner.ip_address,
         'runnerType' => runner.instance_type? ? 'INSTANCE_TYPE' : 'PROJECT_TYPE',
         'jobCount' => 0,
-        'projectCount' => nil
+        'projectCount' => nil,
+        'userPermissions' => {
+          'readRunner' => true,
+          'updateRunner' => true,
+          'deleteRunner' => true
+        }
       )
       expect(runner_data['tagList']).to match_array runner.tag_list
     end
diff --git a/spec/services/ci/retry_build_service_spec.rb b/spec/services/ci/retry_build_service_spec.rb
index ce2e6ba5e15..4369863e953 100644
--- a/spec/services/ci/retry_build_service_spec.rb
+++ b/spec/services/ci/retry_build_service_spec.rb
@@ -283,6 +283,10 @@ RSpec.describe Ci::RetryBuildService do
       end
     end
 
+    it 'raises an error when an unexpected class is passed' do
+      expect { service.reprocess!(create(:ci_build).present) }.to raise_error(TypeError)
+    end
+
     context 'when user has ability to execute build' do
       before do
         stub_not_protect_default_branch
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-22 21:11:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-22 21:11:13 +0300
commit	88620da25def237534c9156d133be46d4da6310b (patch)
tree	32c22437111e462f5804797f8b8d42a100a7cb10
parent	2cdb1c566d84a3dbea0a2e5825fa112b046b6c83 (diff)