Add latest changes from gitlab-org/gitlab@master

39 files changed, 243 insertions, 112 deletions

diff --git a/lib/gitlab/background_migration/add_gitlab_instance_administration_project.rb b/lib/gitlab/background_migration/add_gitlab_instance_administration_project.rb
deleted file mode 100644
index 730f1acee98..00000000000
--- a/lib/gitlab/background_migration/add_gitlab_instance_administration_project.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-# rubocop:disable Style/Documentation
-
-module Gitlab
-  module BackgroundMigration
-    class AddGitlabInstanceAdministrationProject
-      def perform
-        Rails.logger.info("Creating Gitlab instance administration project") # rubocop:disable Gitlab/RailsLogger
-
-        Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService.new.execute!
-      end
-    end
-  end
-end
diff --git a/lib/gitlab/background_migration/encrypt_runners_tokens.rb b/lib/gitlab/background_migration/encrypt_runners_tokens.rb
index 91e559a8765..ec64a73542e 100644
--- a/lib/gitlab/background_migration/encrypt_runners_tokens.rb
+++ b/lib/gitlab/background_migration/encrypt_runners_tokens.rb
@@ -13,7 +13,7 @@ module Gitlab
     #
     # We can solve this differently, see tech debt issue:
     #
-    # https://gitlab.com/gitlab-org/gitlab-ce/issues/54328
+    # https://gitlab.com/gitlab-org/gitlab-foss/issues/54328
     #
     class EncryptRunnersTokens < EncryptColumns
       def perform(model, from, to)
diff --git a/lib/gitlab/background_migration/fix_user_namespace_names.rb b/lib/gitlab/background_migration/fix_user_namespace_names.rb
index 1a207121be0..d767cbfd8f5 100644
--- a/lib/gitlab/background_migration/fix_user_namespace_names.rb
+++ b/lib/gitlab/background_migration/fix_user_namespace_names.rb
@@ -5,7 +5,7 @@ module Gitlab
     # This migration fixes the namespaces.name for all user-namespaces that have names
     # that aren't equal to the users name.
     # Then it uses the updated names of the namespaces to update the associated routes
-    # For more info see https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23272
+    # For more info see https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/23272
     class FixUserNamespaceNames
       def perform(from_id, to_id)
         fix_namespace_names(from_id, to_id)
diff --git a/lib/gitlab/background_migration/fix_user_project_route_names.rb b/lib/gitlab/background_migration/fix_user_project_route_names.rb
index b84ff32e712..6b99685fd68 100644
--- a/lib/gitlab/background_migration/fix_user_project_route_names.rb
+++ b/lib/gitlab/background_migration/fix_user_project_route_names.rb
@@ -4,7 +4,7 @@ module Gitlab
   module BackgroundMigration
     # This migration fixes the routes.name for all user-projects that have names
     # that don't start with the users name.
-    # For more info see https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23272
+    # For more info see https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/23272
     class FixUserProjectRouteNames
       def perform(from_id, to_id)
         ActiveRecord::Base.connection.execute <<~ROUTES_UPDATE
diff --git a/lib/gitlab/checks/diff_check.rb b/lib/gitlab/checks/diff_check.rb
index 6372d96c07d..5de71addd5f 100644
--- a/lib/gitlab/checks/diff_check.rb
+++ b/lib/gitlab/checks/diff_check.rb
@@ -62,7 +62,7 @@ module Gitlab
 
       def process_commits
         logger.log_timed(LOG_MESSAGES[:diff_content_check]) do
-          # n+1: https://gitlab.com/gitlab-org/gitlab-ee/issues/3593
+          # n+1: https://gitlab.com/gitlab-org/gitlab/issues/3593
           ::Gitlab::GitalyClient.allow_n_plus_1_calls do
             commits.each do |commit|
               logger.check_timeout_reached
diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb
index 5874b01ef2a..07d5be86b1e 100644
--- a/lib/gitlab/ci/config/entry/job.rb
+++ b/lib/gitlab/ci/config/entry/job.rb
@@ -149,7 +149,7 @@ module Gitlab
               @entries.delete(:type)
 
               # This is something of a hack, see issue for details:
-              # https://gitlab.com/gitlab-org/gitlab-ce/issues/67150
+              # https://gitlab.com/gitlab-org/gitlab-foss/issues/67150
               if !only_defined? && has_rules?
                 @entries.delete(:only)
                 @entries.delete(:except)
diff --git a/lib/gitlab/ci/config/entry/root.rb b/lib/gitlab/ci/config/entry/root.rb
index 0589ad3edf9..07022ff7b54 100644
--- a/lib/gitlab/ci/config/entry/root.rb
+++ b/lib/gitlab/ci/config/entry/root.rb
@@ -132,12 +132,12 @@ module Gitlab
             return unless @config.is_a?(Hash)
 
             @jobs_config = @config
-              .except(*self.class.reserved_nodes_names)  # rubocop: disable CodeReuse/ActiveRecord
+              .except(*self.class.reserved_nodes_names)
               .select do |name, config|
               Entry::Jobs.find_type(name, config).present?
             end
 
-            @config = @config.except(*@jobs_config.keys) # rubocop: disable CodeReuse/ActiveRecord
+            @config = @config.except(*@jobs_config.keys)
           end
         end
       end
diff --git a/lib/gitlab/ci/templates/Android-Fastlane.gitlab-ci.yml b/lib/gitlab/ci/templates/Android-Fastlane.gitlab-ci.yml
index 2ca6e73a803..be584814271 100644
--- a/lib/gitlab/ci/templates/Android-Fastlane.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Android-Fastlane.gitlab-ci.yml
@@ -37,7 +37,7 @@ ensureContainer:
     - "mkdir -p ~/.docker && echo '{\"experimental\": \"enabled\"}' > ~/.docker/config.json"
     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     # Skip update container `script` if the container already exists
-    # via https://gitlab.com/gitlab-org/gitlab-ce/issues/26866#note_97609397 -> https://stackoverflow.com/a/52077071/796832
+    # via https://gitlab.com/gitlab-org/gitlab-foss/issues/26866#note_97609397 -> https://stackoverflow.com/a/52077071/796832
     - docker manifest inspect $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG > /dev/null && exit || true
 
 
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index f704266b73d..1ad9dd2913e 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -73,16 +73,16 @@ stages:
   - cleanup
 
 include:
-  - template: Jobs/Build.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
-  - template: Jobs/Test.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Jobs/Test.gitlab-ci.yml
-  - template: Jobs/Code-Quality.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
-  - template: Jobs/Deploy.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
-  - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
-  - template: Security/DAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
-  - template: Security/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
-  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
-  - template: Security/License-Management.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+  - template: Jobs/Build.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
+  - template: Jobs/Test.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Jobs/Test.gitlab-ci.yml
+  - template: Jobs/Code-Quality.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
+  - template: Jobs/Deploy.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+  - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
+  - template: Security/DAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+  - template: Security/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Management.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
 
 # Override DAST job to exclude master branch
 dast:
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
index a61731a24b7..88f4b72044c 100644
--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -4,13 +4,28 @@
 # List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings
 # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
 
-sast:
+.sast:
   stage: test
+  allow_failure: true
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
+  only:
+    refs:
+      - branches
+    variables:
+      - $GITLAB_FEATURES =~ /\bsast\b/
+
+variables:
+  SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
+  SAST_DISABLE_DIND: "false"
+
+sast:
+  extends: .sast
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
-  allow_failure: true
   services:
     - docker:stable-dind
   script:
@@ -63,15 +78,116 @@ sast:
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
         "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
-  artifacts:
-    reports:
-      sast: gl-sast-report.json
-  dependencies: []
-  only:
-    refs:
-      - branches
-    variables:
-      - $GITLAB_FEATURES =~ /\bsast\b/
   except:
     variables:
       - $SAST_DISABLED
+      - $SAST_DISABLE_DIND == 'true'
+
+.analyzer:
+  extends: .sast
+  except:
+    variables:
+      - $SAST_DISABLE_DIND == 'false'
+  script:
+    - /analyzer run
+
+bandit-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/'
+
+brakeman-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/brakeman"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/'
+
+eslint-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/eslint"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/'
+
+flawfinder-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/flawfinder"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c\b)/'
+
+gosec-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/gosec"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /go/'
+
+nodejs-scan-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/nodejs-scan"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/'
+
+phpcs-security-audit-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/phpcs-security-audit"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/'
+
+pmd-apex-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/pmd-apex"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/'
+
+secrets-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/secrets"
+
+security-code-scan-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/security-code-scan"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /c\#/ || $CI_PROJECT_REPOSITORY_LANGUAGES =~ /visual basic/'
+
+sobelow-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/sobelow"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/'
+
+spotbugs-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/spotbugs"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /java\b/'
+
+tslint-sast:
+  extends: .analyzer
+  image:
+    name: "$SAST_ANALYZER_IMAGE_PREFIX/tslint"
+  only:
+    variables:
+      - '$CI_PROJECT_REPOSITORY_LANGUAGES =~ /typescript/'
diff --git a/lib/gitlab/ci/trace.rb b/lib/gitlab/ci/trace.rb
index 9550bc6d39c..5b8c2d2f7c7 100644
--- a/lib/gitlab/ci/trace.rb
+++ b/lib/gitlab/ci/trace.rb
@@ -188,7 +188,7 @@ module Gitlab
       def create_build_trace!(job, path)
         File.open(path) do |stream|
           # TODO: Set `file_format: :raw` after we've cleaned up legacy traces migration
-          # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20307
+          # https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/20307
           job.create_job_artifacts_trace!(
             project: job.project,
             file_type: :trace,
diff --git a/lib/gitlab/data_builder/push.rb b/lib/gitlab/data_builder/push.rb
index 75d9a2d55b9..3460e07fdc5 100644
--- a/lib/gitlab/data_builder/push.rb
+++ b/lib/gitlab/data_builder/push.rb
@@ -73,7 +73,7 @@ module Gitlab
 
         # For performance purposes maximum 20 latest commits
         # will be passed as post receive hook data.
-        # n+1: https://gitlab.com/gitlab-org/gitlab-ce/issues/38259
+        # n+1: https://gitlab.com/gitlab-org/gitlab-foss/issues/38259
         commit_attrs = Gitlab::GitalyClient.allow_n_plus_1_calls do
           commits_limited.map do |commit|
             commit.hook_attrs(with_changed_files: with_changed_files)
diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb
index e4e93b59a36..bea9eb8cb31 100644
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
@@ -14,7 +14,7 @@ module Gitlab
     MAX_TIMESTAMP_VALUE = Time.at((1 << 31) - 1).freeze
 
     # The maximum number of characters for text fields, to avoid DoS attacks via parsing huge text fields
-    # https://gitlab.com/gitlab-org/gitlab-ce/issues/61974
+    # https://gitlab.com/gitlab-org/gitlab-foss/issues/61974
     MAX_TEXT_SIZE_LIMIT = 1_000_000
 
     # Minimum schema version from which migrations are supported
diff --git a/lib/gitlab/diff/highlight.rb b/lib/gitlab/diff/highlight.rb
index d2484217ab9..ca7974930af 100644
--- a/lib/gitlab/diff/highlight.rb
+++ b/lib/gitlab/diff/highlight.rb
@@ -35,7 +35,7 @@ module Gitlab
             # match the blob, which is a bug. But we shouldn't fail to render
             # completely in that case, even though we want to report the error.
             rescue RangeError => e
-              Gitlab::Sentry.track_exception(e, issue_url: 'https://gitlab.com/gitlab-org/gitlab-ce/issues/45441')
+              Gitlab::Sentry.track_exception(e, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/45441')
             end
           end
 
diff --git a/lib/gitlab/ee_compat_check.rb b/lib/gitlab/ee_compat_check.rb
index 5cd90814ca3..707e45dfb71 100644
--- a/lib/gitlab/ee_compat_check.rb
+++ b/lib/gitlab/ee_compat_check.rb
@@ -4,8 +4,8 @@
 module Gitlab
   # Checks if a set of migrations requires downtime or not.
   class EeCompatCheck
-    CANONICAL_CE_PROJECT_URL = 'https://gitlab.com/gitlab-org/gitlab-ce'
-    CANONICAL_EE_REPO_URL = 'https://gitlab.com/gitlab-org/gitlab-ee.git'
+    CANONICAL_CE_PROJECT_URL = 'https://gitlab.com/gitlab-org/gitlab-foss'
+    CANONICAL_EE_REPO_URL = 'https://gitlab.com/gitlab-org/gitlab.git'
     CHECK_DIR = Rails.root.join('ee_compat_check')
     IGNORED_FILES_REGEX = /VERSION|CHANGELOG\.md|doc\/.+/i.freeze
     PLEASE_READ_THIS_BANNER = %Q{
diff --git a/lib/gitlab/etag_caching/router.rb b/lib/gitlab/etag_caching/router.rb
index 7b921ab6199..3d14a8dde8d 100644
--- a/lib/gitlab/etag_caching/router.rb
+++ b/lib/gitlab/etag_caching/router.rb
@@ -53,6 +53,10 @@ module Gitlab
           'project_build'
         ),
         Gitlab::EtagCaching::Router::Route.new(
+          %r(#{RESERVED_WORDS_PREFIX}/clusters/\d+/environments\z),
+          'cluster_environments'
+        ),
+        Gitlab::EtagCaching::Router::Route.new(
           %r(#{RESERVED_WORDS_PREFIX}/environments\.json\z),
           'environments'
         ),
diff --git a/lib/gitlab/git/keep_around.rb b/lib/gitlab/git/keep_around.rb
new file mode 100644
index 00000000000..d58f10bdbb7
--- /dev/null
+++ b/lib/gitlab/git/keep_around.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# Makes sure a commit is kept around when Git garbage collection runs.
+# Git GC will delete commits from the repository that are no longer in any
+# branches or tags, but we want to keep some of these commits around, for
+# example if they have comments or CI builds.
+#
+# For Geo's sake, pass in multiple shas rather than calling it multiple times,
+# to avoid unnecessary syncing.
+module Gitlab
+  module Git
+    class KeepAround
+      def self.execute(repository, shas)
+        new(repository).execute(shas)
+      end
+
+      def initialize(repository)
+        @repository = repository
+      end
+
+      def execute(shas)
+        shas.each do |sha|
+          next unless sha.present? && commit_by(oid: sha)
+
+          next if kept_around?(sha)
+
+          # This will still fail if the file is corrupted (e.g. 0 bytes)
+          raw_repository.write_ref(keep_around_ref_name(sha), sha)
+        rescue Gitlab::Git::CommandError => ex
+          Rails.logger.error "Unable to create keep-around reference for repository #{disk_path}: #{ex}" # rubocop:disable Gitlab/RailsLogger
+        end
+      end
+
+      def kept_around?(sha)
+        ref_exists?(keep_around_ref_name(sha))
+      end
+
+      delegate :commit_by, :raw_repository, :ref_exists?, :disk_path, to: :@repository
+      private :commit_by, :raw_repository, :ref_exists?, :disk_path
+
+      private
+
+      def keep_around_ref_name(sha)
+        "refs/#{::Repository::REF_KEEP_AROUND}/#{sha}"
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb
index 1d317c389d2..4b797a0e397 100644
--- a/lib/gitlab/gpg/commit.rb
+++ b/lib/gitlab/gpg/commit.rb
@@ -80,7 +80,7 @@ module Gitlab
 
       def gpgme_signature
         GPGME::Crypto.new.verify(signature_text, signed_text: signed_text) do |verified_signature|
-          # Return the first signature for now: https://gitlab.com/gitlab-org/gitlab-ce/issues/54932
+          # Return the first signature for now: https://gitlab.com/gitlab-org/gitlab-foss/issues/54932
           break verified_signature
         end
       rescue GPGME::Error
diff --git a/lib/gitlab/graphql/authorize/authorize_resource.rb b/lib/gitlab/graphql/authorize/authorize_resource.rb
index 6844367454f..df60b9d8346 100644
--- a/lib/gitlab/graphql/authorize/authorize_resource.rb
+++ b/lib/gitlab/graphql/authorize/authorize_resource.rb
@@ -46,7 +46,7 @@ module Gitlab
         # this was named `#authorized?`, however it conflicts with the native
         # graphql gem version
         # TODO consider adopting the gem's built in authorization system
-        # https://gitlab.com/gitlab-org/gitlab-ee/issues/13984
+        # https://gitlab.com/gitlab-org/gitlab/issues/13984
         def authorized_resource?(object)
           # Sanity check. We don't want to accidentally allow a developer to authorize
           # without first adding permissions to authorize against
diff --git a/lib/gitlab/import_export/lfs_restorer.rb b/lib/gitlab/import_export/lfs_restorer.rb
index 1de8a5bf9ec..ef83cdf24b1 100644
--- a/lib/gitlab/import_export/lfs_restorer.rb
+++ b/lib/gitlab/import_export/lfs_restorer.rb
@@ -50,7 +50,7 @@ module Gitlab
         # with a single `lfs_objects_projects` relation.
         #
         # This allows us backwards-compatibility without version bumping.
-        # See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30830#note_192608870
+        # See https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/30830#note_192608870
         return ['project'] unless has_lfs_json?
 
         lfs_json[oid]
diff --git a/lib/gitlab/json_cache.rb b/lib/gitlab/json_cache.rb
index 84c6817f3c7..9aa71db6b18 100644
--- a/lib/gitlab/json_cache.rb
+++ b/lib/gitlab/json_cache.rb
@@ -79,7 +79,7 @@ module Gitlab
       # is being applied on ActiveRecord::Associations::CollectionAssociation#scope
       # when the new_record? method incorrectly returns false.
       #
-      # See https://gitlab.com/gitlab-org/gitlab-ee/issues/9903#note_145329964
+      # See https://gitlab.com/gitlab-org/gitlab/issues/9903#note_145329964
       klass
         .allocate
         .init_with(
diff --git a/lib/gitlab/kubernetes/helm/reset_command.rb b/lib/gitlab/kubernetes/helm/reset_command.rb
index a35ffa34c58..c8349639ec3 100644
--- a/lib/gitlab/kubernetes/helm/reset_command.rb
+++ b/lib/gitlab/kubernetes/helm/reset_command.rb
@@ -33,10 +33,10 @@ module Gitlab
         private
 
         # This method can be delete once we upgrade Helm to > 12.13.0
-        # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27096#note_159695900
+        # https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/27096#note_159695900
         #
         # Tracking this method to be removed here:
-        # https://gitlab.com/gitlab-org/gitlab-ce/issues/52791#note_199374155
+        # https://gitlab.com/gitlab-org/gitlab-foss/issues/52791#note_199374155
         def delete_tiller_replicaset
           delete_args = %w[replicaset -n gitlab-managed-apps -l name=tiller]
 
diff --git a/lib/gitlab/legacy_github_import/label_formatter.rb b/lib/gitlab/legacy_github_import/label_formatter.rb
index 89200e794d8..0b6e4612843 100644
--- a/lib/gitlab/legacy_github_import/label_formatter.rb
+++ b/lib/gitlab/legacy_github_import/label_formatter.rb
@@ -15,7 +15,6 @@ module Gitlab
         :labels
       end
 
-      # rubocop: disable CodeReuse/ActiveRecord
       def create!
         params  = attributes.except(:project)
         service = ::Labels::FindOrCreateService.new(nil, project, params)
@@ -25,7 +24,6 @@ module Gitlab
 
         label
       end
-      # rubocop: enable CodeReuse/ActiveRecord
 
       private
 
diff --git a/lib/gitlab/metrics/dashboard/errors.rb b/lib/gitlab/metrics/dashboard/errors.rb
index 1739a4e6738..d41bd2c43c7 100644
--- a/lib/gitlab/metrics/dashboard/errors.rb
+++ b/lib/gitlab/metrics/dashboard/errors.rb
@@ -7,14 +7,16 @@ module Gitlab
   module Metrics
     module Dashboard
       module Errors
+        DashboardProcessingError = Class.new(StandardError)
         PanelNotFoundError = Class.new(StandardError)
+        LayoutError = Class.new(DashboardProcessingError)
+        MissingQueryError = Class.new(DashboardProcessingError)
 
-        PROCESSING_ERROR = Gitlab::Metrics::Dashboard::Stages::BaseStage::DashboardProcessingError
         NOT_FOUND_ERROR = Gitlab::Template::Finders::RepoTemplateFinder::FileNotFoundError
 
         def handle_errors(error)
           case error
-          when PROCESSING_ERROR
+          when DashboardProcessingError
             error(error.message, :unprocessable_entity)
           when NOT_FOUND_ERROR
             error("#{dashboard_path} could not be found.", :not_found)
diff --git a/lib/gitlab/metrics/dashboard/finder.rb b/lib/gitlab/metrics/dashboard/finder.rb
index 66c4d662a6c..c3169418371 100644
--- a/lib/gitlab/metrics/dashboard/finder.rb
+++ b/lib/gitlab/metrics/dashboard/finder.rb
@@ -28,9 +28,9 @@ module Gitlab
           # @param options - y_label [String] Y-Axis label of
           #         a panel. Used by embedded dashboards.
           # @return [Hash]
-          def find(project, user, environment, options = {})
+          def find(project, user, options = {})
             service_for(options)
-              .new(project, user, options.merge(environment: environment))
+              .new(project, user, options)
               .get_dashboard
           end
 
diff --git a/lib/gitlab/metrics/dashboard/processor.rb b/lib/gitlab/metrics/dashboard/processor.rb
index c0fa3bb2f3a..bfdee76a818 100644
--- a/lib/gitlab/metrics/dashboard/processor.rb
+++ b/lib/gitlab/metrics/dashboard/processor.rb
@@ -8,43 +8,23 @@ module Gitlab
       # the UI. These includes shared metric info, custom metrics
       # info, and alerts (only in EE).
       class Processor
-        SYSTEM_SEQUENCE = [
-          Stages::CommonMetricsInserter,
-          Stages::ProjectMetricsInserter,
-          Stages::EndpointInserter,
-          Stages::Sorter
-        ].freeze
-
-        PROJECT_SEQUENCE = [
-          Stages::CommonMetricsInserter,
-          Stages::EndpointInserter,
-          Stages::Sorter
-        ].freeze
-
-        def initialize(project, environment, dashboard)
+        def initialize(project, dashboard, sequence, params)
           @project = project
-          @environment = environment
           @dashboard = dashboard
+          @sequence = sequence
+          @params = params
         end
 
         # Returns a new dashboard hash with the results of
         # running transforms on the dashboard.
-        def process(insert_project_metrics:)
+        def process
           @dashboard.deep_symbolize_keys.tap do |dashboard|
-            sequence(insert_project_metrics).each do |stage|
-              stage.new(@project, @environment, dashboard).transform!
+            @sequence.each do |stage|
+              stage.new(@project, dashboard, @params).transform!
             end
           end
         end
-
-        private
-
-        def sequence(insert_project_metrics)
-          insert_project_metrics ? SYSTEM_SEQUENCE : PROJECT_SEQUENCE
-        end
       end
     end
   end
 end
-
-Gitlab::Metrics::Dashboard::Processor.prepend_if_ee('EE::Gitlab::Metrics::Dashboard::Processor')
diff --git a/lib/gitlab/metrics/dashboard/service_selector.rb b/lib/gitlab/metrics/dashboard/service_selector.rb
index 934ba9145a2..10b686fbb81 100644
--- a/lib/gitlab/metrics/dashboard/service_selector.rb
+++ b/lib/gitlab/metrics/dashboard/service_selector.rb
@@ -48,3 +48,5 @@ module Gitlab
     end
   end
 end
+
+Gitlab::Metrics::Dashboard::ServiceSelector.prepend_if_ee('EE::Gitlab::Metrics::Dashboard::ServiceSelector')
diff --git a/lib/gitlab/metrics/dashboard/stages/base_stage.rb b/lib/gitlab/metrics/dashboard/stages/base_stage.rb
index 514ed50e58d..f9e4ae4b4b5 100644
--- a/lib/gitlab/metrics/dashboard/stages/base_stage.rb
+++ b/lib/gitlab/metrics/dashboard/stages/base_stage.rb
@@ -7,15 +7,12 @@ module Gitlab
         class BaseStage
           include Gitlab::Metrics::Dashboard::Defaults
 
-          DashboardProcessingError = Class.new(StandardError)
-          LayoutError = Class.new(DashboardProcessingError)
+          attr_reader :project, :dashboard, :params
 
-          attr_reader :project, :environment, :dashboard
-
-          def initialize(project, environment, dashboard)
+          def initialize(project, dashboard, params)
             @project = project
-            @environment = environment
             @dashboard = dashboard
+            @params = params
           end
 
           # Entry-point to the stage
@@ -26,15 +23,15 @@ module Gitlab
           protected
 
           def missing_panel_groups!
-            raise LayoutError.new('Top-level key :panel_groups must be an array')
+            raise Errors::LayoutError.new('Top-level key :panel_groups must be an array')
           end
 
           def missing_panels!
-            raise LayoutError.new('Each "panel_group" must define an array :panels')
+            raise Errors::LayoutError.new('Each "panel_group" must define an array :panels')
           end
 
           def missing_metrics!
-            raise LayoutError.new('Each "panel" must define an array :metrics')
+            raise Errors::LayoutError.new('Each "panel" must define an array :metrics')
           end
 
           def for_metrics
diff --git a/lib/gitlab/metrics/dashboard/stages/endpoint_inserter.rb b/lib/gitlab/metrics/dashboard/stages/endpoint_inserter.rb
index 2a959854be0..c00ef208848 100644
--- a/lib/gitlab/metrics/dashboard/stages/endpoint_inserter.rb
+++ b/lib/gitlab/metrics/dashboard/stages/endpoint_inserter.rb
@@ -5,9 +5,9 @@ module Gitlab
     module Dashboard
       module Stages
         class EndpointInserter < BaseStage
-          MissingQueryError = Class.new(DashboardProcessingError)
-
           def transform!
+            raise Errors::DashboardProcessingError.new('Environment is required for Stages::EndpointInserter') unless params[:environment]
+
             for_metrics do |metric|
               metric[:prometheus_endpoint_path] = endpoint_for_metric(metric)
             end
@@ -18,7 +18,7 @@ module Gitlab
           def endpoint_for_metric(metric)
             Gitlab::Routing.url_helpers.prometheus_api_project_environment_path(
               project,
-              environment,
+              params[:environment],
               proxy_path: query_type(metric),
               query: query_for_metric(metric)
             )
@@ -31,7 +31,7 @@ module Gitlab
           def query_for_metric(metric)
             query = metric[query_type(metric)]
 
-            raise MissingQueryError.new('Each "metric" must define one of :query or :query_range') unless query
+            raise Errors::MissingQueryError.new('Each "metric" must define one of :query or :query_range') unless query
 
             query
           end
diff --git a/lib/gitlab/middleware/basic_health_check.rb b/lib/gitlab/middleware/basic_health_check.rb
index 84e49805428..1f8f87fc33f 100644
--- a/lib/gitlab/middleware/basic_health_check.rb
+++ b/lib/gitlab/middleware/basic_health_check.rb
@@ -27,7 +27,7 @@ module Gitlab
         # We should be using ActionDispatch::Request instead of
         # Rack::Request to be consistent with Rails, but due to a Rails
         # bug described in
-        # https://gitlab.com/gitlab-org/gitlab-ce/issues/58573#note_149799010
+        # https://gitlab.com/gitlab-org/gitlab-foss/issues/58573#note_149799010
         # hosts behind a load balancer will only see 127.0.0.1 for the
         # load balancer's IP.
         request = Rack::Request.new(env)
diff --git a/lib/gitlab/multi_collection_paginator.rb b/lib/gitlab/multi_collection_paginator.rb
index 5375077d7dc..33e0c6aa9b7 100644
--- a/lib/gitlab/multi_collection_paginator.rb
+++ b/lib/gitlab/multi_collection_paginator.rb
@@ -55,7 +55,6 @@ module Gitlab
       @first_collection_page_count = first_collection_page.total_pages
     end
 
-    # rubocop: disable CodeReuse/ActiveRecord
     def first_collection_last_page_size
       return @first_collection_last_page_size if defined?(@first_collection_last_page_size)
 
@@ -63,6 +62,5 @@ module Gitlab
                                            .except(:select)
                                            .size
     end
-    # rubocop: enable CodeReuse/ActiveRecord
   end
 end
diff --git a/lib/gitlab/pages_client.rb b/lib/gitlab/pages_client.rb
index 281eafb142f..30a1f9ede25 100644
--- a/lib/gitlab/pages_client.rb
+++ b/lib/gitlab/pages_client.rb
@@ -109,7 +109,7 @@ module Gitlab
           File.link(f.path, token_path)
         end
       rescue Errno::EACCES => ex
-        # TODO stop rescuing this exception in GitLab 11.0 https://gitlab.com/gitlab-org/gitlab-ce/issues/45672
+        # TODO stop rescuing this exception in GitLab 11.0 https://gitlab.com/gitlab-org/gitlab-foss/issues/45672
         Rails.logger.error("Could not write pages admin token file: #{ex}") # rubocop:disable Gitlab/RailsLogger
       rescue Errno::EEXIST
         # Another process wrote the token file concurrently with us. Use their token, not ours.
diff --git a/lib/gitlab/patch/active_record_query_cache.rb b/lib/gitlab/patch/active_record_query_cache.rb
index 71d66bdbe02..d6b649cdea7 100644
--- a/lib/gitlab/patch/active_record_query_cache.rb
+++ b/lib/gitlab/patch/active_record_query_cache.rb
@@ -4,7 +4,7 @@
 # ActiveRecord connection used in tests
 # https://github.com/rails/rails/issues/36587
 
-# To be removed with https://gitlab.com/gitlab-org/gitlab-ce/issues/64413
+# To be removed with https://gitlab.com/gitlab-org/gitlab-foss/issues/64413
 
 module Gitlab
   module Patch
diff --git a/lib/gitlab/phabricator_import/issues/task_importer.rb b/lib/gitlab/phabricator_import/issues/task_importer.rb
index 77ee11c7cdd..c17f3e1729a 100644
--- a/lib/gitlab/phabricator_import/issues/task_importer.rb
+++ b/lib/gitlab/phabricator_import/issues/task_importer.rb
@@ -12,7 +12,7 @@ module Gitlab
 
           # TODO: Reformat the description with attachments, escaping accidental
           # links and add attachments
-          # https://gitlab.com/gitlab-org/gitlab-ce/issues/60603
+          # https://gitlab.com/gitlab-org/gitlab-foss/issues/60603
           issue.assign_attributes(task.issue_attributes)
 
           save!
diff --git a/lib/gitlab/request_context.rb b/lib/gitlab/request_context.rb
index f6d289476c5..ab2549d5e68 100644
--- a/lib/gitlab/request_context.rb
+++ b/lib/gitlab/request_context.rb
@@ -16,7 +16,7 @@ module Gitlab
       # We should be using ActionDispatch::Request instead of
       # Rack::Request to be consistent with Rails, but due to a Rails
       # bug described in
-      # https://gitlab.com/gitlab-org/gitlab-ce/issues/58573#note_149799010
+      # https://gitlab.com/gitlab-org/gitlab-foss/issues/58573#note_149799010
       # hosts behind a load balancer will only see 127.0.0.1 for the
       # load balancer's IP.
       req = Rack::Request.new(env)
diff --git a/lib/gitlab/shell.rb b/lib/gitlab/shell.rb
index 9e813968093..7dbed591b84 100644
--- a/lib/gitlab/shell.rb
+++ b/lib/gitlab/shell.rb
@@ -232,7 +232,7 @@ module Gitlab
     #   add_namespace("default", "gitlab")
     #
     def add_namespace(storage, name)
-      # https://gitlab.com/gitlab-org/gitlab-ce/issues/58012
+      # https://gitlab.com/gitlab-org/gitlab-foss/issues/58012
       Gitlab::GitalyClient.allow_n_plus_1_calls do
         Gitlab::GitalyClient::NamespaceService.new(storage).add(name)
       end
diff --git a/lib/gitlab/tracking.rb b/lib/gitlab/tracking.rb
index ef669b03c87..78177c6d306 100644
--- a/lib/gitlab/tracking.rb
+++ b/lib/gitlab/tracking.rb
@@ -24,8 +24,8 @@ module Gitlab
           hostname: Gitlab::CurrentSettings.snowplow_collector_hostname,
           cookie_domain: Gitlab::CurrentSettings.snowplow_cookie_domain,
           app_id: Gitlab::CurrentSettings.snowplow_site_id,
-          page_tracking_enabled: additional_features,
-          activity_tracking_enabled: additional_features
+          form_tracking: additional_features,
+          link_click_tracking: additional_features
         }.transform_keys! { |key| key.to_s.camelize(:lower).to_sym }
       end
 
diff --git a/lib/gitlab/url_blockers/url_whitelist.rb b/lib/gitlab/url_blockers/url_whitelist.rb
index a0cfcbc49a3..7622de4fdbe 100644
--- a/lib/gitlab/url_blockers/url_whitelist.rb
+++ b/lib/gitlab/url_blockers/url_whitelist.rb
@@ -30,7 +30,7 @@ module Gitlab
         # Gitlab::CurrentSettings creates an ApplicationSetting which then
         # calls this method.
         #
-        # See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833
+        # See https://gitlab.com/gitlab-org/gitlab/issues/9833
         def outbound_local_requests_whitelist_arrays
           return [[], []] unless ApplicationSetting.current
 
diff --git a/lib/gitlab/utils/override.rb b/lib/gitlab/utils/override.rb
index f5299439fce..35aea209cb9 100644
--- a/lib/gitlab/utils/override.rb
+++ b/lib/gitlab/utils/override.rb
@@ -115,7 +115,7 @@ module Gitlab
       #     end
       #
       # This would make sure we're overriding something. See:
-      # https://gitlab.com/gitlab-org/gitlab-ee/issues/1819
+      # https://gitlab.com/gitlab-org/gitlab/issues/1819
       def override(method_name)
         return unless ENV['STATIC_VERIFICATION']