Add latest changes from gitlab-org/gitlab@master

6 files changed, 150 insertions, 94 deletions

diff --git a/doc/.vale/gitlab/spelling-exceptions.txt b/doc/.vale/gitlab/spelling-exceptions.txt
index 995cbf9ab62..bbbb0ae0dad 100644
--- a/doc/.vale/gitlab/spelling-exceptions.txt
+++ b/doc/.vale/gitlab/spelling-exceptions.txt
@@ -201,6 +201,7 @@ namespaced
 namespaces
 Nanoc
 NGINX
+Nurtch
 OAuth
 Okta
 offboarded
@@ -277,6 +278,7 @@ resync
 reverified
 reverifies
 reverify
+Rubix
 runbook
 runbooks
 runit
diff --git a/doc/api/releases/index.md b/doc/api/releases/index.md
index d327a76b683..2e1e206ecfd 100644
--- a/doc/api/releases/index.md
+++ b/doc/api/releases/index.md
@@ -286,7 +286,6 @@ Example response:
    ],
    "commit_path":"/root/awesome-app/commit/588440f66559714280628a4f9799f0c4eb880a4a",
    "tag_path":"/root/awesome-app/-/tags/v0.11.1",
-   "evidence_sha":"760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
    "assets":{
       "count":5,
       "sources":[
@@ -314,9 +313,15 @@ Example response:
             "url":"https://gitlab.example.com/root/awesome-app/-/tags/v0.11.1/binaries/linux-amd64",
             "external":true
          }
-      ],
-      "evidence_url":"https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json"
+      ]
    },
+   "evidences":[
+     {
+       sha: "760d6cdfb0879c3ffedec13af470e0f71cf52c6cde4d",
+       filepath: "https://gitlab.example.com/root/awesome-app/-/releases/v0.1/evidence.json",
+       collected_at: "2019-07-16T14:00:12.256Z"
+     }
+  ]
 }
 ```
 
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 69d057ad673..40f75008219 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -366,7 +366,7 @@ will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library](h
 
 More information on
 creating executable runbooks can be found in [our Runbooks
-documentation](../project/clusters/runbooks/index.md#executable-runbooks). Note that
+documentation](../project/clusters/runbooks/index.md#configure-an-executable-runbook-with-gitlab). Note that
 Ingress must be installed and have an IP address assigned before
 JupyterHub can be installed.
 
diff --git a/doc/user/project/clusters/runbooks/index.md b/doc/user/project/clusters/runbooks/index.md
index 5575cd1d2d4..623833af894 100644
--- a/doc/user/project/clusters/runbooks/index.md
+++ b/doc/user/project/clusters/runbooks/index.md
@@ -4,11 +4,10 @@ Runbooks are a collection of documented procedures that explain how to
 carry out a particular process, be it starting, stopping, debugging,
 or troubleshooting a particular system.
 
-Using [Jupyter Notebooks](https://jupyter.org/) and the [Rubix library](https://github.com/Nurtch/rubix),
+Using [Jupyter Notebooks](https://jupyter.org/) and the
+[Rubix library](https://github.com/Nurtch/rubix),
 users can get started writing their own executable runbooks.
 
-## Overview
-
 Historically, runbooks took the form of a decision tree or a detailed
 step-by-step guide depending on the condition or system.
 
@@ -22,121 +21,128 @@ pre-written code blocks or database queries against a given environment.
 
 The JupyterHub app offered via GitLab’s Kubernetes integration now ships
 with Nurtch’s Rubix library, providing a simple way to create DevOps
-runbooks. A sample runbook is provided, showcasing common operations. While Rubix makes it
-simple to create common Kubernetes and AWS workflows, you can also create them manually without
-Rubix.
+runbooks. A sample runbook is provided, showcasing common operations. While
+Rubix makes it simple to create common Kubernetes and AWS workflows, you can
+also create them manually without Rubix.
 
-**<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 Watch this [video](https://www.youtube.com/watch?v=Q_OqHIIUPjE)
-for an overview of how this is accomplished in GitLab!**
+for an overview of how this is accomplished in GitLab!
 
 ## Requirements
 
 To create an executable runbook, you will need:
 
-1. **Kubernetes** - A Kubernetes cluster is required to deploy the rest of the applications.
-    The simplest way to get started is to add a cluster using one of [GitLab's integrations](../add_remove_clusters.md#create-new-cluster).
-1. **Helm Tiller** - Helm is a package manager for Kubernetes and is required to install
-    all the other applications. It is installed in its own pod inside the cluster which
-    can run the Helm CLI in a safe environment.
-1. **Ingress** - Ingress can provide load balancing, SSL termination, and name-based
-    virtual hosting. It acts as a web proxy for your applications.
-1. **JupyterHub** - [JupyterHub](https://jupyterhub.readthedocs.io/) is a multi-user service for managing notebooks across
-    a team. Jupyter Notebooks provide a web-based interactive programming environment
-    used for data analysis, visualization, and machine learning.
+- **Kubernetes** - A Kubernetes cluster is required to deploy the rest of the
+  applications. The simplest way to get started is to add a cluster using one
+  of [GitLab's integrations](../add_remove_clusters.md#create-new-cluster).
+- **Helm Tiller** - Helm is a package manager for Kubernetes and is required to
+  install all the other applications. It's installed in its own pod inside the
+  cluster which can run the Helm CLI in a safe environment.
+- **Ingress** - Ingress can provide load balancing, SSL termination, and name-based
+  virtual hosting. It acts as a web proxy for your applications.
+- **JupyterHub** - [JupyterHub](https://jupyterhub.readthedocs.io/) is a multi-user
+  service for managing notebooks across a team. Jupyter Notebooks provide a
+  web-based interactive programming environment used for data analysis,
+  visualization, and machine learning.
 
 ## Nurtch
 
-Nurtch is the company behind the [Rubix library](https://github.com/Nurtch/rubix). Rubix is
-an open-source Python library that makes it easy to perform common DevOps tasks inside Jupyter Notebooks.
-Tasks such as plotting Cloudwatch metrics and rolling your ECS/Kubernetes app are simplified
-down to a couple of lines of code. See the [Nurtch Documentation](http://docs.nurtch.com/en/latest/)
-for more information.
+Nurtch is the company behind the [Rubix library](https://github.com/Nurtch/rubix).
+Rubix is an open-source Python library that makes it easy to perform common
+DevOps tasks inside Jupyter Notebooks. Tasks such as plotting Cloudwatch metrics
+and rolling your ECS/Kubernetes app are simplified down to a couple of lines of
+code. See the [Nurtch Documentation](http://docs.nurtch.com/en/latest/) for more
+information.
 
 ## Configure an executable runbook with GitLab
 
 Follow this step-by-step guide to configure an executable runbook in GitLab using
-the components outlined above and the preloaded demo runbook.
-
-### 1. Add a Kubernetes cluster
-
-Follow the steps outlined in [Create new cluster](../add_remove_clusters.md#create-new-cluster)
-to add a Kubernetes cluster to your project.
-
-### 2. Install Helm Tiller, Ingress, and JupyterHub
-
-Once the cluster has been provisioned in GKE, click the **Install** button next to the **Helm Tiller** app.
-
-![install helm](img/helm-install.png)
+the components outlined above and the pre-loaded demo runbook.
 
-Once Tiller has been installed successfully, click the **Install** button next to the **Ingress** app.
+1. Add a Kubernetes cluster to your project by following the steps outlined in
+   [Create new cluster](../add_remove_clusters.md#create-new-cluster).
+1. After the cluster has been provisioned in GKE, click the **Install** button
+   next to the **Helm Tiller** application to install Helm Tiller.
 
-![install ingress](img/ingress-install.png)
+   ![install helm](img/helm-install.png)
 
-Once Ingress has been installed successfully, click the **Install** button next to the **JupyterHub** app.
+1. After Helm Tiller has been installed successfully, click the **Install** button next
+   to the **Ingress** application.
 
-![install jupyterhub](img/jupyterhub-install.png)
+   ![install ingress](img/ingress-install.png)
 
-### 3. Login to JupyterHub and start the server
+1. After Ingress has been installed successfully, click the **Install** button next
+   to the **JupyterHub** application. You will need the **Jupyter Hostname** provided
+   here in the next step.
 
-Once JupyterHub has been installed successfully, navigate to the displayed **Jupyter Hostname** URL and click
-**Sign in with GitLab**. Authentication is automatically enabled for any user of the GitLab instance via OAuth2. This
-will redirect to GitLab in order to authorize JupyterHub to use your GitLab account. Click **Authorize**.
+   ![install JupyterHub](img/jupyterhub-install.png)
 
-![authorize jupyter](img/authorize-jupyter.png)
+1. After JupyterHub has been installed successfully, open the **Jupyter Hostname**
+   in your browser. Click the **Sign in with GitLab** button to log in to
+   JupyterHub and start the server. Authentication is enabled for any user of the
+   GitLab instance with OAuth2. This button redirects you to a page at GitLab
+   requesting authorization for JupyterHub to use your GitLab account.
 
-Once the application has been authorized you will taken back to the JupyterHub application. Click **Start My Server**.
-The server will take a couple of seconds to start.
+   ![authorize Jupyter](img/authorize-jupyter.png)
 
-### 4. Configure access
+1. Click **Authorize**, and you will be redirected to the JupyterHub application.
+1. Click **Start My Server**, and the server will start in a few seconds.
+1. To configure the runbook's access to your GitLab project, you must enter your
+   [GitLab Access Token](../../../profile/personal_access_tokens.md)
+   and your Project ID in the **Setup** section of the demo runbook:
 
-In order for the runbook to access your GitLab project, you will need to enter a
-[GitLab Access Token](../../../profile/personal_access_tokens.md)
-as well as your Project ID in the **Setup** section of the demo runbook.
+   1. Double-click the **DevOps-Runbook-Demo** folder located on the left panel.
 
-Double-click the **DevOps-Runbook-Demo** folder located on the left panel.
+      ![demo runbook](img/demo-runbook.png)
 
-![demo runbook](img/demo-runbook.png)
+   1. Double-click the `Nurtch-DevOps-Demo.ipynb` runbook.
 
-Double-click the "Nurtch-DevOps-Demo.ipynb" runbook.
+      ![sample runbook](img/sample-runbook.png)
 
-![sample runbook](img/sample-runbook.png)
+      Jupyter displays the runbook's contents in the right-hand side of the screen.
+      The **Setup** section displays your `PRIVATE_TOKEN` and your `PROJECT_ID`.
+      Enter these values, maintaining the single quotes as follows:
 
-The contents on the runbook will be displayed on the right side of the screen. Under the "Setup" section, you will find
-entries for both your `PRIVATE_TOKEN` and your `PROJECT_ID`. Enter both these values, conserving the single quotes as follows:
+      ```sql
+      PRIVATE_TOKEN = 'n671WNGecHugsdEDPsyo'
+      PROJECT_ID = '1234567'
+      ```
 
-```sql
-PRIVATE_TOKEN = 'n671WNGecHugsdEDPsyo'
-PROJECT_ID = '1234567'
-```
+   1. Update the `VARIABLE_NAME` on the last line of this section to match the name of
+      the variable you're using for your access token. In this example, our variable
+      name is `PRIVATE_TOKEN`.
 
-Update the `VARIABLE_NAME` on the last line of this section to match the name of the variable you are using for your
-access token. In this example our variable name is `PRIVATE_TOKEN`.
+      ```sql
+      VARIABLE_VALUE = project.variables.get('PRIVATE_TOKEN').value
+      ```
 
-```sql
-VARIABLE_VALUE = project.variables.get('PRIVATE_TOKEN').value
-```
+1. To configure the operation of a runbook, create and configure variables:
 
-### 5. Configure an operation
+   NOTE: **Note:**
+   For this example, we are using the **Run SQL queries in Notebook** section in the
+   sample runbook to query a PostgreSQL database. The first four lines of the following
+   code block define the variables that are required for this query to function:
 
-For this example we'll use the "**Run SQL queries in Notebook**" section in the sample runbook to query
-a PostgreSQL database. The first 4 lines of the section define the variables that are required for this query to function.
+   ```sql
+   %env DB_USER={project.variables.get('DB_USER').value}
+   %env DB_PASSWORD={project.variables.get('DB_PASSWORD').value}
+   %env DB_ENDPOINT={project.variables.get('DB_ENDPOINT').value}
+   %env DB_NAME={project.variables.get('DB_NAME').value}
+   ```
 
-```sql
-%env DB_USER={project.variables.get('DB_USER').value}
-%env DB_PASSWORD={project.variables.get('DB_PASSWORD').value}
-%env DB_ENDPOINT={project.variables.get('DB_ENDPOINT').value}
-%env DB_NAME={project.variables.get('DB_NAME').value}
-```
+   1. Navigate to **{settings}** **Settings >> CI/CD >> Variables** to create
+      the variables in your project.
 
-Create the matching variables in your project's **Settings >> CI/CD >> Variables**
+     ![GitLab variables](img/gitlab-variables.png)
 
-![gitlab variables](img/gitlab-variables.png)
+   1. Click **Save variables**.
 
-Back in Jupyter, click the "Run SQL queries in Notebook" heading and the click *Run*. The results will be
-displayed in-line as follows:
+   1. In Jupyter, click the **Run SQL queries in Notebook** heading, and then click
+      **Run**. The results are displayed inline as follows:
 
-![PostgreSQL query](img/postgres-query.png)
+      ![PostgreSQL query](img/postgres-query.png)
 
-You can try other operations such as running shell scripts or interacting with a Kubernetes cluster. Visit the
+You can try other operations, such as running shell scripts or interacting with a
+Kubernetes cluster. Visit the
 [Nurtch Documentation](http://docs.nurtch.com/) for more information.
diff --git a/doc/user/project/integrations/prometheus.md b/doc/user/project/integrations/prometheus.md
index 0e18b678133..041a70067d4 100644
--- a/doc/user/project/integrations/prometheus.md
+++ b/doc/user/project/integrations/prometheus.md
@@ -931,6 +931,14 @@ Prerequisites for embedding from a Grafana instance:
 1. In GitLab, paste the URL into a Markdown field and save. The chart will take a few moments to render.
    ![GitLab Rendered Grafana Panel](img/rendered_grafana_embed_v12_5.png)
 
+## Metrics dashboard visibility
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/201924) in GitLab 13.0.
+
+You can set the visibility of the metrics dashboard to **Only Project Members**
+or **Everyone With Access**. When set to **Everyone with Access**, the metrics
+dashboard, and all of the custom dashboard, YAML files, are visible to authenticated and non-authenticated users.
+
 ## Troubleshooting
 
 When troubleshooting issues with a managed Prometheus app, it is often useful to
diff --git a/doc/user/project/operations/feature_flags.md b/doc/user/project/operations/feature_flags.md
index 1000eecd692..fb6b808c47c 100644
--- a/doc/user/project/operations/feature_flags.md
+++ b/doc/user/project/operations/feature_flags.md
@@ -43,10 +43,10 @@ To add a new feature flag:
 1. Click on the **New Feature Flag** button.
 1. Give it a name.
 
-    NOTE: **Note:**
-    A name can contain only lowercase letters, digits, underscores (`_`)
-    and dashes (`-`), must start with a letter, and cannot end with a dash (`-`)
-    or an underscore (`_`).
+   NOTE: **Note:**
+   A name can contain only lowercase letters, digits, underscores (`_`)
+   and dashes (`-`), must start with a letter, and cannot end with a dash (`-`)
+   or an underscore (`_`).
 
 1. Give it a description (optional, 255 characters max).
 1. Define environment [specs](#define-environment-specs). If you want the flag on by default, enable the catch-all [wildcard spec (`*`)](#define-environment-specs)
@@ -91,6 +91,41 @@ NOTE: **NOTE**
 We'd highly recommend you to use the [Environment](../../../ci/environments.md)
 feature in order to quickly assess which flag is enabled per environment.
 
+## Feature flag behavior change in 13.0
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35555) in GitLab 13.0.
+
+Starting in GitLab 13.0, you can apply a feature flag strategy across multiple environment specs,
+without defining the strategy multiple times.
+
+This feature is under development and not ready for production use. It is
+deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
+can enable it for your instance.
+
+To enable it:
+
+```ruby
+Feature.enable(:feature_flags_new_version)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:feature_flags_new_version)
+```
+
+### Applying a strategy to environments
+
+After a strategy is defined, it applies to **All Environments** by default. To
+make a strategy apply to a specific environment spec:
+
+1. Click the **Add Environment** button.
+1. Create a new
+   [spec](../../../ci/environments.md#scoping-environments-with-specs).
+
+To apply the strategy to multiple environment specs, repeat these steps.
+
 ## Feature Flag strategies
 
 GitLab Feature Flag adopts [Unleash](https://unleash.github.io)
@@ -155,12 +190,12 @@ To get the access credentials that your application will need to talk to GitLab:
 
 1. Navigate to your project's **Operations > Feature Flags**.
 1. Click on the **Configure** button to see the values:
-    - **API URL**: URL where the client (application) connects to get a list of feature flags.
-    - **Instance ID**: Unique token that authorizes the retrieval of the feature flags.
-    - **Application name**: The name of the running environment. For instance,
-       if the application runs for production server, application name would be
-      `production` or similar. This value is used for
-      [the environment spec evaluation](#define-environment-specs).
+   - **API URL**: URL where the client (application) connects to get a list of feature flags.
+   - **Instance ID**: Unique token that authorizes the retrieval of the feature flags.
+   - **Application name**: The name of the running environment. For instance,
+     if the application runs for a production server, application name would be
+     `production` or similar. This value is used for
+     [the environment spec evaluation](#define-environment-specs).
 
 NOTE: **Note:**
 The meaning of these fields might change over time. For example, we are not sure