Add latest changes from gitlab-org/gitlab@master

18b84353 · GitLab Bot · 4359b965 · 18b84353 · 18b84353 · 18b84353
Commit 18b84353 authored Feb 21, 2020 by GitLab Bot
32 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -58,7 +58,7 @@ gem 'akismet', '~> 3.0'
 gem 'invisible_captcha', '~> 0.12.1'

 # Two-factor authentication
-gem 'devise-two-factor', '~> 3.0.0'
+gem 'devise-two-factor', '~> 3.1.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
 gem 'attr_encrypted', '~> 3.1.0'
 gem 'u2f', '~> 0.2.1'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -229,11 +229,11 @@ GEM
      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
-    devise-two-factor (3.0.0)
-      activesupport
+    devise-two-factor (3.1.0)
+      activesupport (< 6.1)
      attr_encrypted (>= 1.3, < 4, != 2)
      devise (~> 4.0)
-      railties
+      railties (< 6.1)
      rotp (~> 2.0)
    diff-lcs (1.3)
    diff_match_patch (0.1.0)
@@ -1193,7 +1193,7 @@ DEPENDENCIES
  derailed_benchmarks
  device_detector
  devise (~> 4.6)
-  devise-two-factor (~> 3.0.0)
+  devise-two-factor (~> 3.1.0)
  diff_match_patch (~> 0.1.0)
  diffy (~> 3.1.0)
  discordrb-webhooks-blackst0ne (~> 3.3)

--- a/app/assets/javascripts/clusters/components/applications.vue
+++ b/app/assets/javascripts/clusters/components/applications.vue
@@ -638,13 +638,8 @@ Crossplane runs inside your Kubernetes cluster and supports secure connectivity
        :status-reason="applications.elastic_stack.statusReason"
        :request-status="applications.elastic_stack.requestStatus"
        :request-reason="applications.elastic_stack.requestReason"
-        :version="applications.elastic_stack.version"
-        :chart-repo="applications.elastic_stack.chartRepo"
-        :update-available="applications.elastic_stack.updateAvailable"
        :installed="applications.elastic_stack.installed"
        :install-failed="applications.elastic_stack.installFailed"
-        :update-successful="applications.elastic_stack.updateSuccessful"
-        :update-failed="applications.elastic_stack.updateFailed"
        :uninstallable="applications.elastic_stack.uninstallable"
        :uninstall-successful="applications.elastic_stack.uninstallSuccessful"
        :uninstall-failed="applications.elastic_stack.uninstallFailed"

--- a/app/assets/javascripts/repository/components/preview/index.vue
+++ b/app/assets/javascripts/repository/components/preview/index.vue
@@ -2,6 +2,7 @@
 import $ from 'jquery';
 import '~/behaviors/markdown/render_gfm';
 import { GlLink, GlLoadingIcon } from '@gitlab/ui';
+import { handleLocationHash } from '~/lib/utils/common_utils';
 import getReadmeQuery from '../../queries/getReadme.query.graphql';

 export default {
@@ -36,6 +37,7 @@ export default {
    readme(newVal) {
      if (newVal) {
        this.$nextTick(() => {
+          handleLocationHash();
          $(this.$refs.readme).renderGFM();
        });
      }

--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -6,6 +6,9 @@ module Groups
      skip_cross_project_access_check :show
      before_action :authorize_admin_group!
      before_action :authorize_update_max_artifacts_size!, only: [:update]
+      before_action do
+        push_frontend_feature_flag(:new_variables_ui, @group)
+      end

      def show
        define_ci_variables

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -5,6 +5,9 @@ module Projects
    class CiCdController < Projects::ApplicationController
      before_action :authorize_admin_pipeline!
      before_action :define_variables
+      before_action do
+        push_frontend_feature_flag(:new_variables_ui, @project)
+      end

      def show
      end

--- a/app/views/ci/variables/_index.html.haml
+++ b/app/views/ci/variables/_index.html.haml
@@ -5,27 +5,34 @@
    - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protected-variables') }
    = s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }

-.row
-  .col-lg-12.js-ci-variable-list-section{ data: { save_endpoint: save_endpoint, maskable_regex: ci_variable_maskable_regex } }
-    .hide.alert.alert-danger.js-ci-variable-error-box
+- if Feature.enabled?(:new_variables_ui, @project || @group)
+  - is_group = !@group.nil?

-    %ul.ci-variable-list
-      = render 'ci/variables/variable_header'
-      - @variables.each.each do |variable|
-        = render 'ci/variables/variable_row', form_field: 'variables', variable: variable
-      = render 'ci/variables/variable_row', form_field: 'variables'
-    .prepend-top-20
-      %button.btn.btn-success.js-ci-variables-save-button{ type: 'button' }
-        %span.hide.js-ci-variables-save-loading-icon
-          = icon('spinner spin')
-        = _('Save variables')
-      %button.btn.btn-info.btn-inverted.prepend-left-10.js-secret-value-reveal-button{ type: 'button', data: { secret_reveal_status: "#{@variables.size == 0}" } }
-        - if @variables.size == 0
-          = n_('Hide value', 'Hide values', @variables.size)
-        - else
-          = n_('Reveal value', 'Reveal values', @variables.size)
-    - if !@group && @project.group
-      .settings-header.border-top.prepend-top-20
-        = render 'ci/group_variables/header'
-      .settings-content.pr-0
-        = render 'ci/group_variables/index'
+  #js-ci-project-variables{ data: { endpoint: save_endpoint, project_id: @project&.id || '', group: is_group.to_s, maskable_regex: ci_variable_maskable_regex} }
+
+- else
+  .row
+    .col-lg-12.js-ci-variable-list-section{ data: { save_endpoint: save_endpoint, maskable_regex: ci_variable_maskable_regex } }
+      .hide.alert.alert-danger.js-ci-variable-error-box
+
+      %ul.ci-variable-list
+        = render 'ci/variables/variable_header'
+        - @variables.each.each do |variable|
+          = render 'ci/variables/variable_row', form_field: 'variables', variable: variable
+        = render 'ci/variables/variable_row', form_field: 'variables'
+      .prepend-top-20
+        %button.btn.btn-success.js-ci-variables-save-button{ type: 'button' }
+          %span.hide.js-ci-variables-save-loading-icon
+            = icon('spinner spin')
+          = _('Save variables')
+        %button.btn.btn-info.btn-inverted.prepend-left-10.js-secret-value-reveal-button{ type: 'button', data: { secret_reveal_status: "#{@variables.size == 0}" } }
+          - if @variables.size == 0
+            = n_('Hide value', 'Hide values', @variables.size)
+          - else
+            = n_('Reveal value', 'Reveal values', @variables.size)
+
+- if !@group && @project.group
+  .settings-header.border-top.prepend-top-20
+    = render 'ci/group_variables/header'
+  .settings-content.pr-0
+    = render 'ci/group_variables/index'
--- a/changelogs/unreleased/10429_set_dast_default_git_strategy_to_none.yml
+++ b/changelogs/unreleased/10429_set_dast_default_git_strategy_to_none.yml
+---
+title: Project repositories are no longer cloned by default when running DAST
+merge_request: 25320
+author:
+type: performance
--- a/doc/.linting/vale/styles/gitlab/OxfordComma.yml
+++ b/doc/.linting/vale/styles/gitlab/OxfordComma.yml
+---
+# Checks for the lack of an Oxford comma. In some cases, will catch overly
+# complex sentence structures with lots of commas.
+#
+# For a list of all options, see https://errata-ai.github.io/vale/styles/
 extends: existence
-message: Use a comma before the last "and" in a list of three or more items.
+message: Use a comma before the last "and" or "or" in a list of four or more items.
 link: https://docs.gitlab.com/ee/development/documentation/styleguide.html#punctuation
 level: warning
-tokens:
-  - '(?:[^,]+,){1,}\s\w+\sand'
+raw:
+  - '(?:[\w-_` ]+,){2,}(?:[\w-_` ]+) (and|or)'
--- a/doc/administration/auth/authentiq.md
+++ b/doc/administration/auth/authentiq.md
@@ -66,7 +66,10 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t

 On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the icon to begin the authentication process.

- If the user has the Authentiq ID app installed in their iOS or Android device, they can scan the QR code, decide what personal details to share and sign in to your GitLab installation.
+- If the user has the Authentiq ID app installed in their iOS or Android device, they can:
+  1. Scan the QR code.
+  1. Decide what personal details to share.
+  1. Sign in to your GitLab installation.
 - If not they will be prompted to download the app and then follow the procedure above.

 If everything goes right, the user will be returned to GitLab and will be signed in.

--- a/doc/administration/auth/ldap-ee.md
+++ b/doc/administration/auth/ldap-ee.md
@@ -392,7 +392,7 @@ Group sync was written to be as performant as possible. Data is cached, database
 queries are optimized, and LDAP queries are minimized. The last benchmark run
 revealed the following metrics:

-For 20,000 LDAP users, 11,000 LDAP groups and 1,000 GitLab groups with 10
+For 20000 LDAP users, 11000 LDAP groups and 1000 GitLab groups with 10
 LDAP group links each:

 - Initial sync (no existing members assigned in GitLab) took 1.8 hours

--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -461,7 +461,8 @@ LDAP email address, and then sign into GitLab via their LDAP credentials.

 ## Enabling LDAP username lowercase

-Some LDAP servers, depending on their configurations, can return uppercase usernames. This can lead to several confusing issues like, for example, creating links or namespaces with uppercase names.
+Some LDAP servers, depending on their configurations, can return uppercase usernames.
+This can lead to several confusing issues such as creating links or namespaces with uppercase names.

 GitLab can automatically lowercase usernames provided by the LDAP server by enabling
 the configuration option `lowercase_usernames`. By default, this configuration option is `false`.

--- a/doc/administration/compliance.md
+++ b/doc/administration/compliance.md
@@ -14,6 +14,6 @@ GitLab’s [security features](../security/README.md) may also help you meet rel
 |**[Lock project membership to group](../user/group/index.md#member-lock-starter)**<br>Group owners can prevent new members from being added to projects within a group.|Starter+|✓|
 |**[LDAP group sync](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition gives admins the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools.|Starter+||
 |**[LDAP group sync filters](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions.|Premium+||
-|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze and track every change.|Premium+||
+|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze, and track every change.|Premium+||
 |**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.|Premium+||
 |**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. |Ultimate||
--- a/doc/administration/geo/disaster_recovery/background_verification.md
+++ b/doc/administration/geo/disaster_recovery/background_verification.md
@@ -176,7 +176,7 @@ progress to include them in [ee-1430]. For now, you can verify their integrity
 manually by following [these instructions][foreground-verification] on both
 nodes, and comparing the output between them.

-In GitLab EE 12.1, Geo calculates checksums for attachments, LFS objects and
+In GitLab EE 12.1, Geo calculates checksums for attachments, LFS objects, and
 archived traces on secondary nodes after the transfer, compares it with the
 stored checksums, and rejects transfers if mismatched. Please note that Geo
 currently does not support an automatic way to verify these data if they have

--- a/doc/administration/geo/disaster_recovery/planned_failover.md
+++ b/doc/administration/geo/disaster_recovery/planned_failover.md
@@ -187,7 +187,7 @@ access to the **primary** node during the maintenance window.
 1. On the **secondary** node, navigate to **Admin Area > Monitoring > Background Jobs > Queues**
   and wait for all the `geo` queues to drop to 0 queued and 0 running jobs.
 1. On the **secondary** node, use [these instructions][foreground-verification]
-   to verify the integrity of CI artifacts, LFS objects and uploads in file
+   to verify the integrity of CI artifacts, LFS objects, and uploads in file
   storage.

 At this point, your **secondary** node will contain an up-to-date copy of everything the

--- a/doc/administration/geo/replication/datatypes.md
+++ b/doc/administration/geo/replication/datatypes.md
@@ -13,7 +13,7 @@ We currently distinguish between three different data types:
 - [Blobs](#blobs)
 - [Database](#database)

-See the list below of each feature or component we replicate, its corresponding data type, replication and
+See the list below of each feature or component we replicate, its corresponding data type, replication, and
 verification methods:

 | Type     | Feature / component                           | Replication method                          | Verification method  |

--- a/doc/administration/geo/replication/index.md
+++ b/doc/administration/geo/replication/index.md
@@ -12,7 +12,8 @@ Replication with Geo is the solution for widely distributed development teams.

 Fetching large repositories can take a long time for teams located far from a single GitLab instance.

-Geo provides local, read-only instances of your GitLab instances, reducing the time it takes to clone and fetch large repositories and speeding up development.
+Geo provides local, read-only instances of your GitLab instances. This can reduce the time it takes
+to clone and fetch large repositories, speeding up development.

 NOTE: **Note:**
 Check the [requirements](#requirements-for-running-geo) carefully before setting up Geo.
@@ -269,7 +270,7 @@ For answers to common questions, see the [Geo FAQ](faq.md).

 Since GitLab 9.5, Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`.

-This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into Elasticsearch, Splunk, etc.
+This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into, for example, Elasticsearch or Splunk.

 For example:


--- a/doc/administration/git_annex.md
+++ b/doc/administration/git_annex.md
@@ -18,7 +18,7 @@ you can.

 Not being able to version control large binaries is a big problem for many
 larger organizations.
-Videos, photos, audio, compiled binaries and many other types of files are too
+Videos, photos, audio, compiled binaries, and many other types of files are too
 large. As a workaround, people keep artwork-in-progress in a Dropbox folder and
 only check in the final result. This results in using outdated files, not
 having a complete history and increases the risk of losing work.
@@ -41,13 +41,13 @@ configuration options required to enable it.

 `git-annex` needs to be installed both on the server and the client side.

-For Debian-like systems (e.g., Debian, Ubuntu) this can be achieved by running:
+For Debian-like systems (for example, Debian and Ubuntu) this can be achieved by running:

 ```
 sudo apt-get update && sudo apt-get install git-annex
 ```

-For RedHat-like systems (e.g., CentOS, RHEL) this can be achieved by running:
+For RedHat-like systems (for example, CentOS and RHEL) this can be achieved by running:

 ```
 sudo yum install epel-release && sudo yum install git-annex

--- a/doc/administration/incoming_email.md
+++ b/doc/administration/incoming_email.md
@@ -81,7 +81,7 @@ incoming email domain to `hooli.com`, an attacker could abuse the "Create new
 issue by email" or
 "[Create new merge request by email](../user/project/merge_requests/creating_merge_requests.md#new-merge-request-by-email-core-only)"
 features by using a project's unique address as the email when signing up for
-Slack, which would send a confirmation email, which would create a new issue or
+Slack. This would send a confirmation email, which would create a new issue or
 merge request on the project owned by the attacker, allowing them to click the
 confirmation link and validate their account on your company's private Slack
 instance.

--- a/doc/administration/index.md
+++ b/doc/administration/index.md
@@ -76,7 +76,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.

 ### Maintaining GitLab

- [Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, etc.
+- [Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, and more.
  - [Backup and restore](../raketasks/backup_restore.md): Backup and restore your GitLab instance.
 - [Operations](operations/index.md): Keeping GitLab up and running (clean up Redis sessions, moving repositories, Sidekiq MemoryKiller, Unicorn).
 - [Restart GitLab](restart_gitlab.md): Learn how to restart GitLab and its components.
@@ -107,7 +107,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
 - [Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
 - [Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
 - [Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
- [Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS and additional providers.
+- [Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS, and additional providers.
  - [Sync LDAP](auth/ldap-ee.md) **(STARTER ONLY)**
  - [Kerberos authentication](../integration/kerberos.md) **(STARTER ONLY)**
  - See also other [authentication](../topics/authentication/index.md#gitlab-administrators) topics (for example, enforcing 2FA).
@@ -230,4 +230,3 @@ who are aware of the risks.
  - [Strace zine](https://wizardzines.com/zines/strace/)
 - GitLab.com-specific resources:
  - [Group SAML/SCIM setup](troubleshooting/group_saml_scim.md)
-  
\ No newline at end of file
--- a/doc/administration/monitoring/performance/grafana_configuration.md
+++ b/doc/administration/monitoring/performance/grafana_configuration.md
@@ -148,7 +148,14 @@ However, you should **not** reinstate your old data _except_ under one of the fo
 1. If you are certain that you changed your default admin password when you enabled Grafana
 1. If you run GitLab in a private network, accessed only by trusted users, and your Grafana login page has not been exposed to the internet

-If you require access to your old Grafana data but do not meet one of these criteria, you may consider reinstating it temporarily, [exporting the dashboards](https://grafana.com/docs/reference/export_import/#exporting-a-dashboard) you need, then refreshing the data and [re-importing your dashboards](https://grafana.com/docs/reference/export_import/#importing-a-dashboard). Note that this poses a temporary vulnerability while your old Grafana data is in use, and the decision to do so should be weighed carefully with your need to access existing data and dashboards.
+If you require access to your old Grafana data but do not meet one of these criteria, you may consider:
+
+1. Reinstating it temporarily.
+1. [Exporting the dashboards](https://grafana.com/docs/reference/export_import/#exporting-a-dashboard) you need.
+1. Refreshing the data and [re-importing your dashboards](https://grafana.com/docs/reference/export_import/#importing-a-dashboard).
+
+DANGER: **Danger:**
+This poses a temporary vulnerability while your old Grafana data is in use and the decision to do so should be weighed carefully with your need to access existing data and dashboards.

 For more information and further mitigation details, please refer to our [blog post on the security release](https://about.gitlab.com/blog/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/).


--- a/doc/administration/restart_gitlab.md
+++ b/doc/administration/restart_gitlab.md
@@ -87,8 +87,8 @@ Reconfiguring GitLab should occur in the event that something in its
 configuration (`/etc/gitlab/gitlab.rb`) has changed.

 When you run this command, [Chef], the underlying configuration management
-application that powers Omnibus GitLab, will make sure that all directories,
-permissions, services, etc., are in place and in the same shape that they were
+application that powers Omnibus GitLab, will make sure that all things like directories,
+permissions, and services are in place and in the same shape that they were
 initially shipped.

 It will also restart GitLab components where needed, if any of their
@@ -128,7 +128,7 @@ The GitLab MailRoom email processor with pid 28114 is running.
 GitLab and all its components are up and running.
 ```

-This should restart Unicorn, Sidekiq, GitLab Workhorse and [Mailroom][]
+This should restart Unicorn, Sidekiq, GitLab Workhorse, and [Mailroom][]
 (if enabled). The init service file that does all the magic can be found on
 your server in `/etc/init.d/gitlab`.

@@ -149,8 +149,8 @@ If you are using other init systems, like systemd, you can check the

 There is no single command to restart the entire GitLab application installed via
 the [cloud native Helm Chart](https://docs.gitlab.com/charts/). Usually, it should be
-enough to restart a specific component separately (`gitaly`, `unicorn`,
-`workhorse`, `gitlab-shell`, etc.) by deleting all the pods related to it:
+enough to restart a specific component separately (for example, `gitaly`, `unicorn`,
+`workhorse`, or `gitlab-shell`) by deleting all the pods related to it:

 ```shell
 kubectl delete pods -l release=<helm release name>,app=<component name>

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -351,6 +351,11 @@ dast:
    - /analyze -z"-config replacer.full_list\(0\).description=auth -config replacer.full_list\(0\).enabled=true -config replacer.full_list\(0\).matchtype=REQ_HEADER -config replacer.full_list\(0\).matchstr=Authorization -config replacer.full_list\(0\).regex=false -config replacer.full_list\(0\).replacement=TOKEN" -t $DAST_WEBSITE
 ```

+### Cloning the project's repository
+
+The DAST job does not require the project's repository to be present when running, so by default
+[`GIT_STRATEGY`](../../../ci/yaml/README.md#git-strategy) is set to `none`.
+
 ## Reports

 The DAST job can emit various reports.

--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -18,6 +18,7 @@ dast:
  image:
    name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
  variables:
+    GIT_STRATEGY: none
  # URL to scan:
  # DAST_WEBSITE: https://example.com/
  #

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -111,6 +111,11 @@ msgid_plural "%d fixed test results"
 msgstr[0] ""
 msgstr[1] ""

+msgid "%d group selected"
+msgid_plural "%d groups selected"
+msgstr[0] ""
+msgstr[1] ""
+
 msgid "%d inaccessible merge request"
 msgid_plural "%d inaccessible merge requests"
 msgstr[0] ""
@@ -171,6 +176,11 @@ msgid_plural "%d seconds"
 msgstr[0] ""
 msgstr[1] ""

+msgid "%d shard selected"
+msgid_plural "%d shards selected"
+msgstr[0] ""
+msgstr[1] ""
+
 msgid "%d staged change"
 msgid_plural "%d staged changes"
 msgstr[0] ""
@@ -3599,6 +3609,9 @@ msgstr ""
 msgid "Choose what content you want to see on a group’s overview page"
 msgstr ""

+msgid "Choose which groups you wish to synchronize to this secondary node"
+msgstr ""
+
 msgid "Choose which repositories you want to connect and run CI/CD pipelines."
 msgstr ""

@@ -9921,6 +9934,9 @@ msgstr ""
 msgid "Groups can also be nested by creating %{subgroup_docs_link_start}subgroups%{subgroup_docs_link_end}."
 msgstr ""

+msgid "Groups to synchronize"
+msgstr ""
+
 msgid "Groups with access to %{strong_start}%{group_name}%{strong_end}"
 msgstr ""

@@ -17145,6 +17161,9 @@ msgstr ""
 msgid "Select group or project"
 msgstr ""

+msgid "Select groups to replicate"
+msgstr ""
+
 msgid "Select labels"
 msgstr ""

@@ -17544,9 +17563,6 @@ msgstr ""
 msgid "Severity: %{severity}"
 msgstr ""

-msgid "Shards selected: %{count}"
-msgstr ""
-
 msgid "Shards to synchronize"
 msgstr ""

@@ -19461,6 +19477,9 @@ msgstr ""
 msgid "There was an error fetching the Designs"
 msgstr ""

+msgid "There was an error fetching the Node's Groups"
+msgstr ""
+
 msgid "There was an error fetching the environments information."
 msgstr ""


--- a/spec/features/group_variables_spec.rb
+++ b/spec/features/group_variables_spec.rb
@@ -11,7 +11,7 @@ describe 'Group variables', :js do
  before do
    group.add_owner(user)
    gitlab_sign_in(user)
-
+    stub_feature_flags(new_variables_ui: false)
    visit page_path
  end


--- a/spec/features/project_group_variables_spec.rb
+++ b/spec/features/project_group_variables_spec.rb
@@ -24,6 +24,7 @@ describe 'Project group variables', :js do
    sign_in(user)
    project.add_maintainer(user)
    group.add_owner(user)
+    stub_feature_flags(new_variables_ui: false)
  end

  it 'project in group shows inherited vars from ancestor group' do

--- a/spec/features/project_variables_spec.rb
+++ b/spec/features/project_variables_spec.rb
@@ -12,7 +12,7 @@ describe 'Project variables', :js do
    sign_in(user)
    project.add_maintainer(user)
    project.variables << variable
-
+    stub_feature_flags(new_variables_ui: false)
    visit page_path
  end


--- a/spec/features/projects/settings/registry_settings_spec.rb
+++ b/spec/features/projects/settings/registry_settings_spec.rb
@@ -10,6 +10,7 @@ describe 'Project > Settings > CI/CD > Container registry tag expiration policy'
  before do
    sign_in(user)
    stub_container_registry_config(enabled: true)
+    stub_feature_flags(new_variables_ui: false)
  end

  context 'as owner' do

--- a/spec/frontend/fixtures/groups.rb
+++ b/spec/frontend/fixtures/groups.rb
@@ -15,6 +15,7 @@ describe 'Groups (JavaScript fixtures)', type: :controller do
  end

  before do
+    stub_feature_flags(new_variables_ui: false)
    group.add_maintainer(admin)
    sign_in(admin)
  end

--- a/spec/frontend/fixtures/projects.rb
+++ b/spec/frontend/fixtures/projects.rb
@@ -20,6 +20,7 @@ describe 'Projects (JavaScript fixtures)', type: :controller do
  end

  before do
+    stub_feature_flags(new_variables_ui: false)
    project.add_maintainer(admin)
    sign_in(admin)
    allow(SecureRandom).to receive(:hex).and_return('securerandomhex:thereisnospoon')

--- a/spec/frontend/repository/components/preview/index_spec.js
+++ b/spec/frontend/repository/components/preview/index_spec.js
 import { shallowMount } from '@vue/test-utils';
 import { GlLoadingIcon } from '@gitlab/ui';
+import { handleLocationHash } from '~/lib/utils/common_utils';
 import Preview from '~/repository/components/preview/index.vue';

+jest.mock('~/lib/utils/common_utils');
+
 let vm;
 let $apollo;

@@ -38,6 +41,22 @@ describe('Repository file preview component', () => {
    });
  });

+  it('handles hash after render', () => {
+    factory({
+      webUrl: 'http://test.com',
+      name: 'README.md',
+    });
+
+    vm.setData({ readme: { html: '<div class="blob">test</div>' } });
+
+    return vm.vm
+      .$nextTick()
+      .then(vm.vm.$nextTick())
+      .then(() => {
+        expect(handleLocationHash).toHaveBeenCalled();
+      });
+  });
+
  it('renders loading icon', () => {
    factory({
      webUrl: 'http://test.com',