Automatic merge of gitlab-org/gitlab master

ff731313 · GitLab Bot · 882b214f · 687e5dff · ff731313 · ff731313
Commit ff731313 authored Aug 24, 2021 by GitLab Bot
13 changed files
--- a/db/post_migrate/20210706112800_remove_cloud_license_enabled_from_application_settings.rb
+++ b/db/post_migrate/20210706112800_remove_cloud_license_enabled_from_application_settings.rb
+# frozen_string_literal: true
+class RemoveCloudLicenseEnabledFromApplicationSettings < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+  disable_ddl_transaction!
+  def up
+    with_lock_retries do
+      remove_column :application_settings, :cloud_license_enabled
+    end
+  end
+  def down
+    with_lock_retries do
+      add_column :application_settings, :cloud_license_enabled, :boolean, null: false, default: false
+    end
+  end
+end
--- a/db/schema_migrations/20210706112800
+++ b/db/schema_migrations/20210706112800
+5dd1596d0d6e6f5aa39cbf8a65be294650bead7a099cf50917b438cf75529257
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -9598,7 +9598,6 @@ CREATE TABLE application_settings (
    encrypted_cloud_license_auth_token text,
    encrypted_cloud_license_auth_token_iv text,
    secret_detection_revocation_token_types_url text,
-    cloud_license_enabled boolean DEFAULT false NOT NULL,
    disable_feed_token boolean DEFAULT false NOT NULL,
    personal_access_token_prefix text,
    rate_limiting_response_text text,
--- a/doc/development/documentation/index.md
+++ b/doc/development/documentation/index.md
@@ -405,76 +405,7 @@ on how the left-side navigation menu is built and updated.
 ## Previewing the changes live
-NOTE:
+See how you can use review apps to [preview your changes live](review_apps.md).
-To preview your changes to documentation locally, follow this
-[development guide](https://gitlab.com/gitlab-org/gitlab-docs/blob/main/README.md#development-when-contributing-to-gitlab-documentation) or [these instructions for GDK](https://gitlab.com/gitlab-org/gitlab-development-kit/blob/main/doc/howto/gitlab_docs.md).
-The live preview is currently enabled for the following projects:
- [`gitlab`](https://gitlab.com/gitlab-org/gitlab)
- [`omnibus-gitlab`](https://gitlab.com/gitlab-org/omnibus-gitlab)
- [`gitlab-runner`](https://gitlab.com/gitlab-org/gitlab-runner)
-If your merge request has docs changes, you can use the manual `review-docs-deploy` job
-to deploy the docs review app for your merge request.
-![Manual trigger a docs build](img/manual_build_docs.png)
-You must push a branch to those repositories, as it doesn't work for forks.
-The `review-docs-deploy*` job:
-1. Triggers a cross project pipeline and build the docs site with your changes.
-In case the review app URL returns 404, this means that either the site is not
-yet deployed, or something went wrong with the remote pipeline. Give it a few
-minutes and it should appear online, otherwise you can check the status of the
-remote pipeline from the link in the merge request's job output.
-If the pipeline failed or got stuck, drop a line in the `#docs` chat channel.
-NOTE:
-Someone with no merge rights to the GitLab projects (think of forks from
-contributors) cannot run the manual job. In that case, you can
-ask someone from the GitLab team who has the permissions to do that for you.
-### Troubleshooting review apps
-In case the review app URL returns 404, follow these steps to debug:
-1. **Did you follow the URL from the merge request widget?** If yes, then check if
-   the link is the same as the one in the job output.
-1. **Did you follow the URL from the job output?** If yes, then it means that
-   either the site is not yet deployed or something went wrong with the remote
-   pipeline. Give it a few minutes and it should appear online, otherwise you
-   can check the status of the remote pipeline from the link in the job output.
-   If the pipeline failed or got stuck, drop a line in the `#docs` chat channel.
-### Technical aspects
-If you want to know the in-depth details, here's what's really happening:
-1. You manually run the `review-docs-deploy` job in a merge request.
-1. The job runs the [`scripts/trigger-build`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/scripts/trigger-build)
-   script with the `docs deploy` flag, which triggers the "Triggered from `gitlab-org/gitlab` 'review-docs-deploy' job"
-   pipeline trigger in the `gitlab-org/gitlab-docs` project for the `$DOCS_BRANCH` (defaults to `main`).
-1. The preview URL is shown both at the job output and in the merge request
-   widget. You also get the link to the remote pipeline.
-1. In the `gitlab-org/gitlab-docs` project, the pipeline is created and it
-   [skips the test jobs](https://gitlab.com/gitlab-org/gitlab-docs/blob/8d5d5c750c602a835614b02f9db42ead1c4b2f5e/.gitlab-ci.yml#L50-55)
-   to lower the build time.
-1. Once the docs site is built, the HTML files are uploaded as artifacts.
-1. A specific runner tied only to the docs project, runs the Review App job
-   that downloads the artifacts and uses `rsync` to transfer the files over
-   to a location where NGINX serves them.
-The following GitLab features are used among others:
- [Manual jobs](../../ci/jobs/job_control.md#create-a-job-that-must-be-run-manually)
- [Multi project pipelines](../../ci/pipelines/multi_project_pipelines.md)
- [Review Apps](../../ci/review_apps/index.md)
- [Artifacts](../../ci/yaml/index.md#artifacts)
- [Specific runner](../../ci/runners/runners_scope.md#prevent-a-specific-runner-from-being-enabled-for-other-projects)
- [Pipelines for merge requests](../../ci/pipelines/merge_request_pipelines.md)
 ## Testing

--- a/doc/development/documentation/review_apps.md
+++ b/doc/development/documentation/review_apps.md
+---
+stage: none
+group: Documentation Guidelines
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+description: Learn how documentation review apps work.
+---
+# Documentation review apps
+If your merge request contains documentation changes, you can use a review app to preview
+how they would look if they were deployed to the [GitLab Docs site](https://docs.gitlab.com).
+Review apps are enabled for the following projects:
+- [GitLab](https://gitlab.com/gitlab-org/gitlab)
+- [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab)
+- [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-runner)
+- [GitLab Charts](https://gitlab.com/gitlab-org/charts/gitlab)
+Alternatively, check the [`gitlab-docs` development guide](https://gitlab.com/gitlab-org/gitlab-docs/blob/main/README.md#development-when-contributing-to-gitlab-documentation)
+or [the GDK documentation](https://gitlab.com/gitlab-org/gitlab-development-kit/blob/main/doc/howto/gitlab_docs.md)
+to render and preview the documentation locally.
+## How to trigger a review app
+If a merge request has documentation changes, use the `review-docs-deploy` manual job
+to deploy the documentation review app for your merge request.
+![Manual trigger a documentation review app](img/manual_build_docs.png)
+The `review-docs-deploy*` job triggers a cross project pipeline and builds the
+docs site with your changes. When the pipeline finishes, the review app URL
+appears in the merge request widget. Use it to navigate to your changes.
+You must have the Developer role in the project. Users without the Developer role, such
+as external contributors, cannot run the manual job. In that case, ask someone from
+the GitLab team to run the job.
+## Technical aspects
+If you want to know the in-depth details, here's what's really happening:
+1. You manually run the `review-docs-deploy` job in a merge request.
+1. The job runs the [`scripts/trigger-build`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/scripts/trigger-build)
+   script with the `docs deploy` flag, which triggers the "Triggered from `gitlab-org/gitlab` 'review-docs-deploy' job"
+   pipeline trigger in the `gitlab-org/gitlab-docs` project for the `$DOCS_BRANCH` (defaults to `main`).
+1. The preview URL is shown both at the job output and in the merge request
+   widget. You also get the link to the remote pipeline.
+1. In the `gitlab-org/gitlab-docs` project, the pipeline is created and it
+   [skips the test jobs](https://gitlab.com/gitlab-org/gitlab-docs/blob/8d5d5c750c602a835614b02f9db42ead1c4b2f5e/.gitlab-ci.yml#L50-55)
+   to lower the build time.
+1. Once the docs site is built, the HTML files are uploaded as artifacts.
+1. A specific runner tied only to the docs project, runs the Review App job
+   that downloads the artifacts and uses `rsync` to transfer the files over
+   to a location where NGINX serves them.
+The following GitLab features are used among others:
+- [Manual jobs](../../ci/jobs/job_control.md#create-a-job-that-must-be-run-manually)
+- [Multi project pipelines](../../ci/pipelines/multi_project_pipelines.md)
+- [Review Apps](../../ci/review_apps/index.md)
+- [Artifacts](../../ci/yaml/index.md#artifacts)
+- [Specific runner](../../ci/runners/runners_scope.md#prevent-a-specific-runner-from-being-enabled-for-other-projects)
+- [Pipelines for merge requests](../../ci/pipelines/merge_request_pipelines.md)
+## Troubleshooting review apps
+### Review app returns a 404 error
+If the review app URL returns a 404 error, either the site is not
+yet deployed, or something went wrong with the remote pipeline. You can:
+- Wait a few minutes and it should appear online.
+- Check the manual job's log and verify the URL. If the URL is different, try the
+  one from the job log.
+- Check the status of the remote pipeline from the link in the merge request's job output.
+  If the pipeline failed or got stuck, GitLab team members can ask for help in the `#docs`
+  chat channel. Contributors can ping a technical writer in the merge request.
+### Not enough disk space
+Sometimes the review app server is full and there is no more disk space. Each review
+app takes about 570MB of disk space.
+A cron job to remove review apps older than 20 days runs hourly,
+but the disk space still occasionally fills up. To manually free up more space,
+a GitLab technical writing team member can:
+1. Navigate to the [`gitlab-docs` schedules page](https://gitlab.com/gitlab-org/gitlab-docs/-/pipeline_schedules).
+1. Select the play button for the `Remove old review apps from review app server`
+   schedule. By default, this cleans up review apps older than 14 days.
+1. Navigate to the [pipelines page](https://gitlab.com/gitlab-org/gitlab-docs/-/pipelines)
+   and start the manual job called `clean-pages`.
+If the job says no review apps were found in that period, edit the `CLEAN_REVIEW_APPS_DAYS`
+variable in the schedule, and repeat the process above. Gradually decrease the variable
+until the free disk space reaches an acceptable amount (for example, 3GB).
+Remember to set it to 14 again when you're done.
+There's an issue to [migrate from the DigitalOcean server to GCP buckets](https://gitlab.com/gitlab-org/gitlab-docs/-/issues/735)),
+which should solve the disk space problem.
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -46,18 +46,18 @@ The following table lists project permissions available for each role:
 | Action                                                                                                                  | Guest    | Reporter | Developer | Maintainer | Owner |
 |-------------------------------------------------------------------------------------------------------------------------|----------|----------|-----------|------------|-------|
 | [Analytics](analytics/index.md):<br>View issue analytics **(PREMIUM)**                                                  | ✓        | ✓        | ✓         | ✓          | ✓     |
-| [Analytics](analytics/index.md):<br>View [merge request analytics](analytics/merge_request_analytics.md) **(PREMIUM)** | ✓        | ✓        | ✓         | ✓          | ✓     |
+| [Analytics](analytics/index.md):<br>View [merge request analytics](analytics/merge_request_analytics.md) **(PREMIUM)**  | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Analytics](analytics/index.md):<br>View value stream analytics                                                         | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Analytics](analytics/index.md):<br>View [DORA metrics](analytics/ci_cd_analytics.md)                                   |          | ✓        | ✓         | ✓          | ✓     |
 | [Analytics](analytics/index.md):<br>View [CI/CD analytics](analytics/ci_cd_analytics.md)                                |          | ✓        | ✓         | ✓          | ✓     |
-| [Analytics](analytics/index.md):<br>View [code review analytics](analytics/code_review_analytics.md) **(PREMIUM)**                                            |          | ✓        | ✓         | ✓          | ✓     |
+| [Analytics](analytics/index.md):<br>View [code review analytics](analytics/code_review_analytics.md) **(PREMIUM)**      |          | ✓        | ✓         | ✓          | ✓     |
-| [Analytics](analytics/index.md):<br>View [repository analytics](analytics/repository_analytics.md)                                                           |          | ✓        | ✓         | ✓          | ✓     |
+| [Analytics](analytics/index.md):<br>View [repository analytics](analytics/repository_analytics.md)                      |          | ✓        | ✓         | ✓          | ✓     |
 | [Application security](application_security/index.md):<br>View licenses in [dependency list](application_security/dependency_list/index.md) **(ULTIMATE)**         | ✓ (*1*) | ✓ | ✓ | ✓ | ✓   |
 | [Application security](application_security/index.md):<br>Create and run [on-demand DAST scans](application_security/dast/index.md#on-demand-scans) **(ULTIMATE)** |    |    | ✓   | ✓   | ✓   |
 | [Application security](application_security/index.md):<br>Manage [security policy](application_security/policies/index.md) **(ULTIMATE)**                          |    |    | ✓   | ✓   | ✓   |
 | [Application security](application_security/index.md):<br>View [dependency list](application_security/dependency_list/index.md) **(ULTIMATE)**                     |    |    | ✓   | ✓   | ✓   |
 | [Application security](application_security/index.md):<br>View [threats list](application_security/threat_monitoring/index.md#threat-monitoring) **(ULTIMATE)**    |    |    | ✓   | ✓   | ✓   |
-| [Application security](application_security/index.md):<br>Create a [CVE ID Request](application_security/cve_id_request.md) **(FREE SAAS)**               |    |    |     | ✓   | ✓   |
+| [Application security](application_security/index.md):<br>Create a [CVE ID Request](application_security/cve_id_request.md) **(FREE SAAS)**                        |    |    |     | ✓   | ✓   |
 | [Application security](application_security/index.md):<br>Create or assign [security policy project](application_security/policies/index.md) **(ULTIMATE)**        |    |    |     |     | ✓   |
 | [CI/CD](../ci/README.md):<br>Download and browse job artifacts                                                          | ✓ (*3*)  | ✓        | ✓         | ✓          | ✓     |
 | [CI/CD](../ci/README.md):<br>View a job log                                                                             | ✓ (*3*)  | ✓        | ✓         | ✓          | ✓     |
@@ -74,13 +74,16 @@ The following table lists project permissions available for each role:
 | [CI/CD](../ci/README.md):<br>Run Web IDE's Interactive Web Terminals **(ULTIMATE ONLY)**                                |          |          |           | ✓          | ✓     |
 | [CI/CD](../ci/README.md):<br>Use [environment terminals](../ci/environments/index.md#web-terminals)                     |          |          |           | ✓          | ✓     |
 | [CI/CD](../ci/README.md):<br>Delete pipelines                                                                           |          |          |           |            | ✓     |
+| [Container Registry](packages/container_registry/index.md):<br>Create, edit, delete cleanup policies                 |          |          | ✓         | ✓          | ✓     |
+| [Container Registry](packages/container_registry/index.md):<br>Remove a container registry image                        |          |          | ✓         | ✓          | ✓     |
+| [Container Registry](packages/container_registry/index.md):<br>Update container registry                                |          |          | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Add Labels                                                                        | ✓ (*16*) | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Assign                                                                            | ✓ (*16*) | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Create                                                                            | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Create [confidential issues](project/issues/confidential_issues.md)               | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>View [Design Management](project/issues/design_management.md) pages               | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>View related issues                                                               | ✓        | ✓        | ✓         | ✓          | ✓     |
-| [Issues](project/issues/index.md):<br>Set weight                                                                       | ✓ (*16*) | ✓        | ✓         | ✓          | ✓     |
+| [Issues](project/issues/index.md):<br>Set weight                                                                        | ✓ (*16*) | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>View [confidential issues](project/issues/confidential_issues.md)                 | (*2*)    | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Lock threads                                                                      |          | ✓        | ✓         | ✓          | ✓     |
 | [Issues](project/issues/index.md):<br>Manage related issues                                                             |          | ✓        | ✓         | ✓          | ✓     |
@@ -97,20 +100,28 @@ The following table lists project permissions available for each role:
 | [Merge requests](project/merge_requests/index.md):<br>Create                                                            |          |          | ✓         | ✓          | ✓     |
 | [Merge requests](project/merge_requests/index.md):<br>Add labels                                                        |          |          | ✓         | ✓          | ✓     |
 | [Merge requests](project/merge_requests/index.md):<br>Lock threads                                                      |          |          | ✓         | ✓          | ✓     |
-| [Merge requests](project/merge_requests/index.md):<br>Manage or accept                                                     |          |          | ✓         | ✓          | ✓     |
+| [Merge requests](project/merge_requests/index.md):<br>Manage or accept                                                  |          |          | ✓         | ✓          | ✓     |
 | [Merge requests](project/merge_requests/index.md):<br>Manage merge approval rules (project settings)                    |          |          |           | ✓          | ✓     |
 | [Merge requests](project/merge_requests/index.md):<br>Delete                                                            |          |          |           |            | ✓     |
+| [Package registry](packages/index.md):<br>Pull package                                                                  | ✓ (*1*)  | ✓        | ✓         | ✓          | ✓     |
+| [Package registry](packages/index.md):<br>Publish package                                                               |          |          | ✓         | ✓          | ✓     |
+| [Package registry](packages/index.md):<br>Delete package                                                                |          |          |           | ✓          | ✓     |
+| [Project operations](../operations/index.md):<br>View [Error Tracking](../operations/error_tracking.md) list            |          | ✓        | ✓         | ✓          | ✓     |
+| [Project operations](../operations/index.md):<br>Manage [Feature Flags](../operations/feature_flags.md) **(PREMIUM)**   |          |          | ✓         | ✓          | ✓     |
+| [Project operations](../operations/index.md):<br>Manage [Error Tracking](../operations/error_tracking.md)               |          |          |           | ✓          | ✓     |
 | [Projects](project/index.md):<br>Download project                                                                       | ✓ (*1*)  | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Leave comments                                                                         | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Reposition comments on images (posted by any user)                                     | ✓ (*10*) | ✓ (*10*) | ✓ (*10*)  | ✓          | ✓     |
 | [Projects](project/index.md):<br>View Insights **(ULTIMATE)**                                                           | ✓        | ✓        | ✓         | ✓          | ✓     |
+| [Projects](project/index.md):<br>View [releases](project/releases/index.md)                                             | ✓ (*6*)  | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>View Requirements **(ULTIMATE)**                                                       | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>View [time tracking](project/time_tracking.md) reports                                 | ✓ (*1*)  | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>View [wiki](project/wiki/index.md) pages                                               | ✓        | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Create [snippets](snippets.md)                                                         |          | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Manage labels                                                                          |          | ✓        | ✓         | ✓          | ✓     |
-| [Projects](project/index.md):<br>View project statistics                                                        |          | ✓        | ✓         | ✓          | ✓     |
+| [Projects](project/index.md):<br>View project statistics                                                                |          | ✓        | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Create, edit, delete [milestones](project/milestones/index.md).                        |          |          | ✓         | ✓          | ✓     |
+| [Projects](project/index.md):<br>Create, edit, delete [releases](project/releases/index.md)                             |          |          | ✓ (*13*)  | ✓ (*13*)   | ✓ (*13*) |
 | [Projects](project/index.md):<br>Create, edit [wiki](project/wiki/index.md) pages                                       |          |          | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>Enable Review Apps                                                                     |          |          | ✓         | ✓          | ✓     |
 | [Projects](project/index.md):<br>View project [Audit Events](../administration/audit_events.md)                         |          |          | ✓ (*11*)  | ✓          | ✓     |
@@ -147,7 +158,7 @@ The following table lists project permissions available for each role:
 | [Repository](project/repository/index.md):<br>Enable or disable tag protection                                          |          |          |           | ✓          | ✓     |
 | [Repository](project/repository/index.md):<br>Manage [push rules](../push_rules/push_rules.md)                          |          |          |           | ✓          | ✓     |
 | [Repository](project/repository/index.md):<br>Push to protected branches                                                |          |          |           | ✓          | ✓     |
-| [Repository](project/repository/index.md):<br>Turn on or off protected branch push for developers                          |          |          |           | ✓          | ✓     |
+| [Repository](project/repository/index.md):<br>Turn on or off protected branch push for developers                       |          |          |           | ✓          | ✓     |
 | [Repository](project/repository/index.md):<br>Remove fork relationship                                                  |          |          |           |            | ✓     |
 | [Repository](project/repository/index.md):<br>Force push to protected branches (*4*)                                    |          |          |           |            |       |
 | [Repository](project/repository/index.md):<br>Remove protected branches (*4*)                                           |          |          |           |            |       |
@@ -162,7 +173,6 @@ The following table lists project permissions available for each role:
 | [Security dashboard](application_security/security_dashboard/index.md):<br>View vulnerability **(ULTIMATE)**                              |      |      | ✓     | ✓     | ✓     |
 | [Security dashboard](application_security/security_dashboard/index.md):<br>View vulnerability findings in [dependency list](application_security/dependency_list/index.md) **(ULTIMATE)** |      |      | ✓     | ✓     | ✓     |
 | Manage user-starred metrics dashboards (*7*)      | ✓       | ✓          | ✓           | ✓        | ✓      |
-| View [Releases](project/releases/index.md)        | ✓ (*6*) | ✓          | ✓           | ✓        | ✓      |
 | View allowed and denied licenses **(ULTIMATE)**   | ✓ (*1*) | ✓          | ✓           | ✓        | ✓      |
 | View GitLab Pages protected by [access control](project/pages/introduction.md#gitlab-pages-access-control) | ✓       | ✓          | ✓           | ✓        | ✓      |
 | View License Compliance reports **(ULTIMATE)**    | ✓ (*1*) | ✓          | ✓           | ✓        | ✓      |
@@ -172,24 +182,14 @@ The following table lists project permissions available for each role:
 | Create/edit requirements **(ULTIMATE)**           |         | ✓          | ✓           | ✓        | ✓      |
 | Import/export requirements **(ULTIMATE)**         |         | ✓          | ✓           | ✓        | ✓      |
 | Move [test case](../ci/test_cases/index.md)       |         | ✓          | ✓           | ✓        | ✓      |
-| Pull [packages](packages/index.md)                | ✓ (*1*) | ✓          | ✓           | ✓        | ✓      |
 | Reopen [test case](../ci/test_cases/index.md)     |         | ✓          | ✓           | ✓        | ✓      |
-| View Error Tracking list                          |         | ✓          | ✓           | ✓        | ✓      |
 | View License list **(ULTIMATE)**                  |         | ✓          | ✓           | ✓        | ✓      |
 | View metrics dashboard annotations                |         | ✓          | ✓           | ✓        | ✓      |
-| Create/edit/delete [releases](project/releases/index.md)|   |            | ✓ (*13*)    | ✓ (*13*) | ✓ (*13*) |
-| Create/edit/delete a Cleanup policy               |         |            | ✓           | ✓        | ✓      |
 | Create/edit/delete metrics dashboard annotations  |         |            | ✓           | ✓        | ✓      |
-| Manage Feature Flags **(PREMIUM)**                |         |            | ✓           | ✓        | ✓      |
-| Publish [packages](packages/index.md)             |         |            | ✓           | ✓        | ✓      |
 | Read Terraform state                              |         |            | ✓           | ✓        | ✓      |
-| Remove a container registry image                 |         |            | ✓           | ✓        | ✓      |
-| Update a container registry                       |         |            | ✓           | ✓        | ✓      |
 | View Pods logs                                    |         |            | ✓           | ✓        | ✓      |
 | Configure project hooks                           |         |            |             | ✓        | ✓      |
-| Delete [packages](packages/index.md)              |         |            |             | ✓        | ✓      |
 | Manage clusters                                   |         |            |             | ✓        | ✓      |
-| Manage Error Tracking                             |         |            |             | ✓        | ✓      |
 | Manage GitLab Pages                               |         |            |             | ✓        | ✓      |
 | Manage GitLab Pages domains and certificates      |         |            |             | ✓        | ✓      |
 | Manage license policy **(ULTIMATE)**              |         |            |             | ✓        | ✓      |

--- a/ee/app/finders/boards/epic_boards_finder.rb
+++ b/ee/app/finders/boards/epic_boards_finder.rb
@@ -10,7 +10,7 @@ module Boards
    end
    def execute
-      relation = group.epic_boards
+      relation = init_relation
      relation = by_id(relation)
      relation.order_by_name_asc
@@ -18,6 +18,12 @@ module Boards
    private
+    def init_relation
+      return group.epic_boards unless params[:include_ancestor_groups]
+      ::Boards::EpicBoard.for_groups(group.self_and_ancestors)
+    end
    def by_id(relation)
      return relation unless params[:id].present?

--- a/ee/app/models/boards/epic_board.rb
+++ b/ee/app/models/boards/epic_board.rb
@@ -12,6 +12,7 @@ module Boards
    validates :name, length: { maximum: 255 }, presence: true
    scope :order_by_name_asc, -> { order(arel_table[:name].lower.asc).order(id: :asc) }
+    scope :for_groups, ->(ids) { where(group_id: ids) }
    def lists
      epic_lists

--- a/ee/app/services/boards/epics/create_service.rb
+++ b/ee/app/services/boards/epics/create_service.rb
@@ -34,7 +34,10 @@ module Boards
      end
      def board
-        @board ||= parent.epic_boards.find(params.delete(:board_id))
+        @board ||= Boards::EpicBoardsFinder
+          .new(group, include_ancestor_groups: true, id: params.delete(:board_id))
+          .execute
+          .first
      end
      def list
@@ -50,10 +53,8 @@ module Boards
      end
      def check_arguments
-        begin
+        unless board && Ability.allowed?(current_user, :read_epic_board, board)
-          board
+          return 'Board not found'
-        rescue ActiveRecord::RecordNotFound
-          return 'Board not found' if @board.blank?
        end
        begin

--- a/ee/spec/finders/boards/epic_boards_finder_spec.rb
+++ b/ee/spec/finders/boards/epic_boards_finder_spec.rb
@@ -4,11 +4,13 @@ require 'spec_helper'
 RSpec.describe Boards::EpicBoardsFinder do
  describe '#execute' do
-    let_it_be(:group) { create(:group) }
+    let_it_be(:parent_group) { create(:group) }
+    let_it_be(:group) { create(:group, parent: parent_group) }
    let_it_be(:epic_board1) { create(:epic_board, name: 'Acd', group: group) }
    let_it_be(:epic_board2) { create(:epic_board, name: 'abd', group: group) }
    let_it_be(:epic_board3) { create(:epic_board, name: 'Bbd', group: group) }
    let_it_be(:epic_board4) { create(:epic_board) }
+    let_it_be(:epic_board5) { create(:epic_board, name: 'foo', group: parent_group) }
    let(:params) { {} }
@@ -18,6 +20,14 @@ RSpec.describe Boards::EpicBoardsFinder do
      expect(result).to eq([epic_board2, epic_board1, epic_board3])
    end
+    context 'when include_ancestor_groups parameter is set' do
+      let(:params) { { include_ancestor_groups: true } }
+      it 'finds all epic boards in the group or ancestor groups' do
+        expect(result).to eq([epic_board2, epic_board1, epic_board3, epic_board5])
+      end
+    end
    context 'when ID parameter is set' do
      let(:params) { { id: epic_board2.id } }

--- a/ee/spec/models/boards/epic_board_spec.rb
+++ b/ee/spec/models/boards/epic_board_spec.rb
@@ -15,13 +15,21 @@ RSpec.describe Boards::EpicBoard do
    it { is_expected.to validate_length_of(:name).is_at_most(255) }
  end
-  describe '.order_by_name_asc' do
+  describe 'scopes' do
    let_it_be(:board1) { create(:epic_board, name: 'B') }
    let_it_be(:board2) { create(:epic_board, name: 'a') }
    let_it_be(:board3) { create(:epic_board, name: 'A') }
-    it 'returns in case-insensitive alphabetical order and then by ascending ID' do
+    describe '.order_by_name_asc' do
-      expect(described_class.order_by_name_asc).to eq [board2, board3, board1]
+      it 'returns in case-insensitive alphabetical order and then by ascending ID' do
+        expect(described_class.order_by_name_asc).to eq [board2, board3, board1]
+      end
+    end
+    describe '.for_groups' do
+      it 'returns boards only in selected groups' do
+        expect(described_class.for_groups([board1.group_id, board2.group_id])).to match_array([board1, board2])
+      end
    end
  end
 end
--- a/ee/spec/services/boards/epics/create_service_spec.rb
+++ b/ee/spec/services/boards/epics/create_service_spec.rb
@@ -4,7 +4,8 @@ require 'spec_helper'
 RSpec.describe Boards::Epics::CreateService do
  let_it_be(:user) { create(:user) }
-  let_it_be(:group) { create(:group) }
+  let_it_be(:parent_group) { create(:group) }
+  let_it_be(:group) { create(:group, parent: parent_group) }
  let_it_be(:board) { create(:epic_board, group: group) }
  describe '#execute' do
@@ -19,34 +20,41 @@ RSpec.describe Boards::Epics::CreateService do
    let(:params) { valid_params }
-    subject do
+    subject(:response) do
      described_class.new(group, user, params).execute
    end
    shared_examples 'epic creation error' do |error_pattern|
      it 'does not create epic' do
-        response = subject
        expect(response).to be_error
        expect(response.message).to match(error_pattern)
      end
    end
+    shared_examples 'success epic creation' do
+      it 'creates an epic' do
+        expect(response).to be_success
+        expect(response.payload).to be_a(Epic)
+      end
+      specify { expect { subject }.to change { Epic.count }.by(1) }
+    end
    context 'when epics feature is available' do
      before do
        stub_licensed_features(epics: true)
        group.add_developer(user)
      end
-      context 'when arguments are valid' do
+      it_behaves_like 'success epic creation'
-        it 'creates an epic' do
-          response = subject
-          expect(response).to be_success
+      context 'when board is in an ancestor group' do
-          expect(response.payload).to be_a(Epic)
+        let_it_be(:parent_board) { create(:epic_board, group: parent_group) }
-        end
+        let_it_be(:parent_list) { create(:epic_list, epic_board: parent_board) }
+        let(:params) { valid_params.merge(board_id: parent_board.id, list_id: parent_list.id) }
-        specify { expect { subject }.to change { Epic.count }.by(1) }
+        it_behaves_like 'success epic creation'
      end
      context 'when arguments are not valid' do

--- a/qa/qa/specs/features/ee/browser_ui/4_verify/pipelines_for_merged_results_and_merge_trains_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/4_verify/pipelines_for_merged_results_and_merge_trains_spec.rb
@@ -3,7 +3,7 @@
 require 'faker'
 module QA
-  RSpec.describe 'Verify', :runner do
+  RSpec.describe 'Verify', :runner, :reliable do
    describe 'Pipelines for merged results and merge trains' do
      let(:executor) { "qa-runner-#{Faker::Alphanumeric.alphanumeric(8)}" }