Merge branch 'master' into 'fix_oauth_doc'

# Conflicts:
#   doc/api/oauth2.md

.flayignore

 *.erb
 lib/gitlab/sanitizers/svg/whitelist.rb
+lib/gitlab/diff/position_tracer.rb

.gitlab-ci.yml

@@ -209,9 +209,6 @@ rubocop: *exec
 rake haml_lint: *exec
 rake scss_lint: *exec
 rake brakeman: *exec
-rake flog:
-  <<: *exec
-  allow_failure: yes
 rake flay:
   <<: *exec
   allow_failure: yes

CHANGELOG

@@ -2,17 +2,37 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.13.0 (unreleased)
   - Use gitlab-shell v3.6.2 (GIT TRACE logging)
+  - AbstractReferenceFilter caches project_refs on RequestStore when active
   - Speed-up group milestones show page
   - Log LDAP lookup errors and don't swallow unrelated exceptions. !6103 (Markus Koller)
   - Add more tests for calendar contribution (ClemMakesApps)
+  - Avoid database queries on Banzai::ReferenceParser::BaseParser for nodes without references
+  - Fix permission for setting an issue's due date
+  - Expose expires_at field when sharing project on API
+  - Allow the Koding integration to be configured through the API
   - Fix robots.txt disallowing access to groups starting with "s" (Matt Harrison)
+  - Use a ConnectionPool for Rails.cache on Sidekiq servers
+  - Replace `alias_method_chain` with `Module#prepend`
   - Only update issuable labels if they have been changed
+  - Take filters in account in issuable counters. !6496
   - Revoke button in Applications Settings underlines on hover.
+  - Fix Long commit messages overflow viewport in file tree
+  - Revert avoid touching file system on Build#artifacts?
   - Update ruby-prof to 0.16.2. !6026 (Elan Ruusamäe)
+  - Fix unnecessary escaping of reserved HTML characters in milestone title. !6533
   - Add organization field to user profile
+  - Fix resolved discussion display in side-by-side diff view !6575
   - Optimize GitHub importing for speed and memory
+  - API: expose pipeline data in builds API (!6502, Guilherme Salazar)
+  - Fix broken repository 500 errors in project list
+  - Close todos when accepting merge requests via the API !6486 (tonygambone)
 
-v 8.12.2 (unreleased)
+v 8.12.4 (unreleased)
+
+v 8.12.3
+  - Update Gitlab Shell to support low IO priority for storage moves
+
+v 8.12.2
   - Fix Import/Export not recognising correctly the imported services.
   - Fix snippets pagination
   - Fix List-Unsubscribe header in emails
@@ -20,11 +40,15 @@ v 8.12.2 (unreleased)
   - Fix an issue with the "Commits" section of the cycle analytics summary. !6513
   - Fix errors importing project feature and milestone models using GitLab project import
   - Make JWT messages Docker-compatible
+  - Fix duplicate branch entry in the merge request version compare dropdown
+  - Respect the fork_project permission when forking projects
+  - Only update issuable labels if they have been changed
+  - Fix bug where 'Search results' repeated many times when a search in the emoji search form is cleared (Xavier Bick) (@zeiv)
+  - Fix resolve discussion buttons endpoint path
 
 v 8.12.1
   - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST
   - Fix issue with search filter labels not displaying
-  - Fix bug where 'Search results' repeated many times when a search in the emoji search form is cleared (Xavier Bick) (@zeiv)
 
 v 8.12.0
   - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
@@ -34,13 +58,13 @@ v 8.12.0
   - Allow to set request_access_enabled for groups and projects
   - Cleanup misalignments in Issue list view !6206
   - Only create a protected branch upon a push to a new branch if a rule for that branch doesn't exist
+  - Add Pipelines for Commit
   - Prune events older than 12 months. (ritave)
   - Prepend blank line to `Closes` message on merge request linked to issue (lukehowell)
   - Fix issues/merge-request templates dropdown for forked projects
   - Filter tags by name !6121
   - Update gitlab shell secret file also when it is empty. !3774 (glensc)
   - Give project selection dropdowns responsive width, make non-wrapping.
-  - Fix resolve discussion buttons endpoint path
   - Fix note form hint showing slash commands supported for commits.
   - Make push events have equal vertical spacing.
   - API: Ensure invitees are not returned in Members API.
@@ -211,6 +235,12 @@ v 8.12.0
   - Fix non-master branch readme display in tree view
   - Add UX improvements for merge request version diffs
 
+v 8.11.8
+  - Respect the fork_project permission when forking projects
+  - Set a restrictive CORS policy on the API for credentialed requests
+  - API: disable rails session auth for non-GET/HEAD requests
+  - Escape HTML nodes in builds commands in CI linter
+
 v 8.11.7
   - Avoid conflict with admin labels when importing GitHub labels. !6158
   - Restores `fieldName` to allow only string values in `gl_dropdown.js`. !6234
@@ -430,6 +460,12 @@ v 8.11.0
   - Update gitlab_git gem to 10.4.7
   - Simplify SQL queries of marking a todo as done
 
+v 8.10.11
+  - Respect the fork_project permission when forking projects
+  - Set a restrictive CORS policy on the API for credentialed requests
+  - API: disable rails session auth for non-GET/HEAD requests
+  - Escape HTML nodes in builds commands in CI linter
+
 v 8.10.10
   - Allow the Rails cookie to be used for API authentication.
 
@@ -666,6 +702,12 @@ v 8.10.0
   - Show tooltip on GitLab export link in new project page
   - Fix import_data wrongly saved as a result of an invalid import_url !5206
 
+v 8.9.11
+  - Respect the fork_project permission when forking projects
+  - Set a restrictive CORS policy on the API for credentialed requests
+  - API: disable rails session auth for non-GET/HEAD requests
+  - Escape HTML nodes in builds commands in CI linter
+
 v 8.9.10
   - Allow the Rails cookie to be used for API authentication.
 

Gemfile

@@ -17,7 +17,7 @@ gem 'mysql2', '~> 0.3.16', group: :mysql
 gem 'pg', '~> 0.18.2', group: :postgres
 
 # Authentication libraries
-gem 'devise',                 '~> 4.0'
+gem 'devise',                 '~> 4.2'
 gem 'doorkeeper',             '~> 4.2.0'
 gem 'omniauth',               '~> 1.3.1'
 gem 'omniauth-auth0',         '~> 1.4.1'
@@ -51,7 +51,7 @@ gem 'browser', '~> 2.2'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem 'gitlab_git', '~> 10.6.6'
+gem 'gitlab_git', '~> 10.6.7'
 
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
@@ -300,7 +300,6 @@ group :development, :test do
   gem 'scss_lint', '~> 0.47.0', require: false
   gem 'haml_lint', '~> 0.18.2', require: false
   gem 'simplecov', '0.12.0', require: false
-  gem 'flog', '~> 4.3.2', require: false
   gem 'flay', '~> 2.6.1', require: false
   gem 'bundler-audit', '~> 0.5.0', require: false
 

Gemfile.lock

@@ -161,7 +161,7 @@ GEM
       activerecord (>= 3.2.0, < 5.1)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.1.1)
+    devise (4.2.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -209,9 +209,6 @@ GEM
     flay (2.6.1)
       ruby_parser (~> 3.0)
       sexp_processor (~> 4.0)
-    flog (4.3.2)
-      ruby_parser (~> 3.1, > 3.1.0)
-      sexp_processor (~> 4.4)
     flowdock (0.7.1)
       httparty (~> 0.7)
       multi_json
@@ -279,7 +276,7 @@ GEM
       diff-lcs (~> 1.1)
       mime-types (>= 1.16, < 3)
       posix-spawn (~> 0.3)
-    gitlab_git (10.6.6)
+    gitlab_git (10.6.7)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
       github-linguist (~> 4.7.0)
@@ -587,7 +584,7 @@ GEM
     request_store (1.3.1)
     rerun (0.11.0)
       listen (~> 3.0)
-    responders (2.1.1)
+    responders (2.3.0)
       railties (>= 4.2.0, < 5.1)
     rinku (2.0.0)
     rotp (2.1.2)
@@ -835,7 +832,7 @@ DEPENDENCIES
   d3_rails (~> 3.5.0)
   database_cleaner (~> 1.5.0)
   default_value_for (~> 3.0.0)
-  devise (~> 4.0)
+  devise (~> 4.2)
   devise-two-factor (~> 3.0.0)
   diffy (~> 3.0.3)
   doorkeeper (~> 4.2.0)
@@ -845,7 +842,6 @@ DEPENDENCIES
   factory_girl_rails (~> 4.6.0)
   ffaker (~> 2.0.0)
   flay (~> 2.6.1)
-  flog (~> 4.3.2)
   fog-aws (~> 0.9)
   fog-azure (~> 0.0)
   fog-core (~> 1.40)
@@ -861,7 +857,7 @@ DEPENDENCIES
   github-linguist (~> 4.7.0)
   github-markup (~> 1.4)
   gitlab-flowdock-git-hook (~> 1.0.1)
-  gitlab_git (~> 10.6.6)
+  gitlab_git (~> 10.6.7)
   gitlab_omniauth-ldap (~> 1.2.1)
   gollum-lib (~> 4.2)
   gollum-rugged_adapter (~> 0.4.2)

app/assets/javascripts/application.js

@@ -247,7 +247,7 @@
       $this.toggleClass('active');
       var notesHolders = $this.closest('.diff-file').find('.notes_holder');
       if ($this.hasClass('active')) {
-        notesHolders.show();
+        notesHolders.show().find('.hide').show();
       } else {
         notesHolders.hide();
       }

app/assets/stylesheets/pages/tree.scss

@@ -27,7 +27,12 @@
       }
 
       .last-commit {
-        @include str-truncated(60%);
+        @include str-truncated(506px);
+        
+        @media (min-width: $screen-sm-max) and (max-width: $screen-md-max) {
+          @include str-truncated(450px);
+        }
+        
       }
 
       .commit-history-link-spacer {

app/controllers/admin/groups_controller.rb

@@ -10,7 +10,7 @@ class Admin::GroupsController < Admin::ApplicationController
 
   def show
     @members = @group.members.order("access_level DESC").page(params[:members_page])
-    @requesters = @group.requesters
+    @requesters = AccessRequestsFinder.new(@group).execute(current_user)
     @projects = @group.projects.page(params[:projects_page])
   end
 

app/controllers/admin/projects_controller.rb

@@ -22,7 +22,7 @@ class Admin::ProjectsController < Admin::ApplicationController
     end
 
     @project_members = @project.members.page(params[:project_members_page])
-    @requesters = @project.requesters
+    @requesters = AccessRequestsFinder.new(@project).execute(current_user)
   end
 
   def transfer

app/controllers/groups/group_members_controller.rb

@@ -15,7 +15,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
     end
 
     @members = @members.order('access_level DESC').page(params[:page]).per(50)
-    @requesters = @group.requesters if can?(current_user, :admin_group, @group)
+    @requesters = AccessRequestsFinder.new(@group).execute(current_user)
 
     @group_member = @group.group_members.new
   end

app/controllers/projects/boards/issues_controller.rb

@@ -33,7 +33,7 @@ module Projects
 
       def issue
         @issue ||=
-          IssuesFinder.new(current_user, project_id: project.id, state: 'all')
+          IssuesFinder.new(current_user, project_id: project.id)
                       .execute
                       .where(iid: params[:id])
                       .first!

app/controllers/projects/commit_controller.rb

@@ -10,10 +10,11 @@ class Projects::CommitController < Projects::ApplicationController
   before_action :require_non_empty_project
   before_action :authorize_download_code!, except: [:cancel_builds, :retry_builds]
   before_action :authorize_update_build!, only: [:cancel_builds, :retry_builds]
+  before_action :authorize_read_pipeline!, only: [:pipelines]
   before_action :authorize_read_commit_status!, only: [:builds]
   before_action :commit
-  before_action :define_commit_vars, only: [:show, :diff_for_path, :builds]
-  before_action :define_status_vars, only: [:show, :builds]
+  before_action :define_commit_vars, only: [:show, :diff_for_path, :builds, :pipelines]
+  before_action :define_status_vars, only: [:show, :builds, :pipelines]
   before_action :define_note_vars, only: [:show, :diff_for_path]
   before_action :authorize_edit_tree!, only: [:revert, :cherry_pick]
 
@@ -31,6 +32,9 @@ class Projects::CommitController < Projects::ApplicationController
     render_diff_for_path(@commit.diffs(diff_options))
   end
 
+  def pipelines
+  end
+
   def builds
   end
 
@@ -96,10 +100,6 @@ class Projects::CommitController < Projects::ApplicationController
     @noteable = @commit ||= @project.commit(params[:id])
   end
 
-  def pipelines
-    @pipelines ||= project.pipelines.where(sha: commit.sha)
-  end
-
   def ci_builds
     @ci_builds ||= Ci::Build.where(pipeline: pipelines)
   end
@@ -134,8 +134,9 @@ class Projects::CommitController < Projects::ApplicationController
   end
 
   def define_status_vars
-    @statuses = CommitStatus.where(pipeline: pipelines).relevant
-    @builds = Ci::Build.where(pipeline: pipelines).relevant
+    @ci_pipelines = project.pipelines.where(sha: commit.sha)
+    @statuses = CommitStatus.where(pipeline: @ci_pipelines).relevant
+    @builds = Ci::Build.where(pipeline: @ci_pipelines).relevant
   end
 
   def assign_change_commit_vars(mr_source_branch)

app/controllers/projects/merge_requests_controller.rb

@@ -308,8 +308,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
       return
     end
 
-    TodoService.new.merge_merge_request(merge_request, current_user)
-
     @merge_request.update(merge_error: nil)
 
     if params[:merge_when_build_succeeds].present?

app/controllers/projects/project_members_controller.rb

@@ -29,7 +29,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
       @group_members = @group_members.order('access_level DESC')
     end
 
-    @requesters = @project.requesters if can?(current_user, :admin_project, @project)
+    @requesters = AccessRequestsFinder.new(@project).execute(current_user)
 
     @project_member = @project.project_members.new
     @project_group_links = @project.project_group_links

app/controllers/projects_controller.rb

@@ -137,10 +137,10 @@ class ProjectsController < Projects::ApplicationController
     noteable =
       case params[:type]
       when 'Issue'
-        IssuesFinder.new(current_user, project_id: @project.id, state: 'all').
+        IssuesFinder.new(current_user, project_id: @project.id).
           execute.find_by(iid: params[:type_id])
       when 'MergeRequest'
-        MergeRequestsFinder.new(current_user, project_id: @project.id, state: 'all').
+        MergeRequestsFinder.new(current_user, project_id: @project.id).
           execute.find_by(iid: params[:type_id])
       when 'Commit'
         @project.commit(params[:type_id])
@@ -324,7 +324,12 @@ class ProjectsController < Projects::ApplicationController
   end
 
   def repo_exists?
-    project.repository_exists? && !project.empty_repo?
+    project.repository_exists? && !project.empty_repo? && project.repo
+
+  rescue Gitlab::Git::Repository::NoRepository
+    project.repository.expire_exists_cache
+
+    false
   end
 
   def project_view_files?

app/finders/access_requests_finder.rb

+class AccessRequestsFinder
+  attr_accessor :source
+
+  # Arguments:
+  #   source - a Group or Project
+  def initialize(source)
+    @source = source
+  end
+
+  def execute(*args)
+    execute!(*args)
+  rescue Gitlab::Access::AccessDeniedError
+    []
+  end
+
+  def execute!(current_user)
+    raise Gitlab::Access::AccessDeniedError unless can_see_access_requests?(current_user)
+
+    source.requesters
+  end
+
+  private
+
+  def can_see_access_requests?(current_user)
+    source && Ability.allowed?(current_user, :"admin_#{source.class.to_s.underscore}", source)
+  end
+end

app/finders/issuable_finder.rb

@@ -183,17 +183,12 @@ class IssuableFinder
   end
 
   def by_state(items)
-    case params[:state]
-    when 'closed'
-      items.closed
-    when 'merged'
-      items.respond_to?(:merged) ? items.merged : items.closed
-    when 'all'
-      items
-    when 'opened'
-      items.opened
+    params[:state] ||= 'all'
+
+    if items.respond_to?(params[:state])
+      items.public_send(params[:state])
     else
-      raise 'You must specify default state'
+      items
     end
   end
 

app/helpers/application_helper.rb

@@ -280,32 +280,6 @@ module ApplicationHelper
     end
   end
 
-  def state_filters_text_for(entity, project)
-    titles = {
-      opened: "Open"
-    }
-
-    entity_title = titles[entity] || entity.to_s.humanize
-
-    count =
-      if project.nil?
-        nil
-      elsif current_controller?(:issues)
-        project.issues.visible_to_user(current_user).send(entity).count
-      elsif current_controller?(:merge_requests)
-        project.merge_requests.send(entity).count
-      end
-
-    html = content_tag :span, entity_title
-
-    if count.present?
-      html += " "
-      html += content_tag :span, number_with_delimiter(count), class: 'badge'
-    end
-
-    html.html_safe
-  end
-
   def truncate_first_line(message, length = 50)
     truncate(message.each_line.first.chomp, length: length) if message
   end

app/helpers/ci_status_helper.rb

@@ -56,7 +56,7 @@ module CiStatusHelper
 
   def render_commit_status(commit, tooltip_placement: 'auto left')
     project = commit.project
-    path = builds_namespace_project_commit_path(project.namespace, project, commit)
+    path = pipelines_namespace_project_commit_path(project.namespace, project, commit)
     render_status_with_link('commit', commit.status, path, tooltip_placement: tooltip_placement)
   end
 

app/helpers/issuables_helper.rb

@@ -94,6 +94,24 @@ module IssuablesHelper
     label_names.join(', ')
   end
 
+  def issuables_state_counter_text(issuable_type, state)
+    titles = {
+      opened: "Open"
+    }
+
+    state_title = titles[state] || state.to_s.humanize
+
+    count =
+      Rails.cache.fetch(issuables_state_counter_cache_key(issuable_type, state), expires_in: 2.minutes) do
+        issuables_count_for_state(issuable_type, state)
+      end
+
+    html = content_tag(:span, state_title)
+    html << " " << content_tag(:span, number_with_delimiter(count), class: 'badge')
+
+    html.html_safe
+  end
+
   private
 
   def sidebar_gutter_collapsed?
@@ -111,4 +129,22 @@ module IssuablesHelper
       issuable.open? ? :opened : :closed
     end
   end
+
+  def issuables_count_for_state(issuable_type, state)
+    issuables_finder = public_send("#{issuable_type}_finder")
+    issuables_finder.params[:state] = state
+
+    issuables_finder.execute.page(1).total_count
+  end
+
+  IRRELEVANT_PARAMS_FOR_CACHE_KEY = %i[utf8 sort page]
+  private_constant :IRRELEVANT_PARAMS_FOR_CACHE_KEY
+
+  def issuables_state_counter_cache_key(issuable_type, state)
+    opts = params.with_indifferent_access
+    opts[:state] = state
+    opts.except!(*IRRELEVANT_PARAMS_FOR_CACHE_KEY)
+
+    hexdigest(['issuables_count', issuable_type, opts.sort].flatten.join('-'))
+  end
 end

app/models/ci/build.rb

@@ -373,7 +373,7 @@ module Ci
     end
 
     def artifacts?
-      !artifacts_expired? && self[:artifacts_file].present?
+      !artifacts_expired? && artifacts_file.exists?
     end
 
     def artifacts_metadata?

app/models/milestone.rb

@@ -158,7 +158,7 @@ class Milestone < ActiveRecord::Base
   end
 
   def title=(value)
-    write_attribute(:title, Sanitize.clean(value.to_s)) if value.present?
+    write_attribute(:title, sanitize_title(value)) if value.present?
   end
 
   # Sorts the issues for the given IDs.
@@ -204,4 +204,8 @@ class Milestone < ActiveRecord::Base
       iid
     end
   end
+
+  def sanitize_title(value)
+    CGI.unescape_html(Sanitize.clean(value.to_s))
+  end
 end

app/services/issuable_base_service.rb

@@ -50,6 +50,7 @@ class IssuableBaseService < BaseService
       params.delete(:remove_label_ids)
       params.delete(:label_ids)
       params.delete(:assignee_id)
+      params.delete(:due_date)
     end
   end
 

app/services/merge_requests/post_merge_service.rb

@@ -7,6 +7,7 @@ module MergeRequests
   class PostMergeService < MergeRequests::BaseService
     def execute(merge_request)
       close_issues(merge_request)
+      todo_service.merge_merge_request(merge_request, current_user)
       merge_request.mark_as_merged
       create_merge_event(merge_request, current_user)
       create_note(merge_request)

app/services/projects/import_service.rb

@@ -44,6 +44,11 @@ module Projects
       begin
         gitlab_shell.import_repository(project.repository_storage_path, project.path_with_namespace, project.import_url)
       rescue => e
+        # Expire cache to prevent scenarios such as:
+        # 1. First import failed, but the repo was imported successfully, so +exists?+ returns true
+        # 2. Retried import, repo is broken or not imported but +exists?+ still returns true
+        project.repository.before_import if project.repository_exists?
+
         raise Error,  "Error importing repository #{project.import_url} into #{project.path_with_namespace} - #{e.message}"
       end
     end

app/services/slash_commands/interpret_service.rb

@@ -195,7 +195,7 @@ module SlashCommands
     params '<in 2 days | this Friday | December 31st>'
     condition do
       issuable.respond_to?(:due_date) &&
-        current_user.can?(:"update_#{issuable.to_ability_name}", issuable)
+        current_user.can?(:"admin_#{issuable.to_ability_name}", project)
     end
     command :due do |due_date_param|
       due_date = Chronic.parse(due_date_param).try(:to_date)
@@ -208,7 +208,7 @@ module SlashCommands
       issuable.persisted? &&
         issuable.respond_to?(:due_date) &&
         issuable.due_date? &&
-        current_user.can?(:"update_#{issuable.to_ability_name}", issuable)
+        current_user.can?(:"admin_#{issuable.to_ability_name}", project)
     end
     command :remove_due_date do
       @updates[:due_date] = nil

app/validators/namespace_validator.rb

@@ -5,7 +5,8 @@
 # Values are checked for formatting and exclusion from a list of reserved path
 # names.
 class NamespaceValidator < ActiveModel::EachValidator
-  RESERVED = %w(
+  RESERVED = %w[
+    .well-known
     admin
     all
     assets
@@ -31,7 +32,7 @@ class NamespaceValidator < ActiveModel::EachValidator
     u
     unsubscribes
     users
-  ).freeze
+  ].freeze
 
   def validate_each(record, attribute, value)
     unless value =~ Gitlab::Regex.namespace_regex

app/views/admin/broadcast_messages/_form.html.haml

@@ -18,11 +18,11 @@
   .form-group.js-toggle-colors-container.hide
     = f.label :color, "Background Color", class: 'control-label'
     .col-sm-10
-      = f.color_field :color, class: "form-control"
+      = f.text_field :color, class: "form-control"
   .form-group.js-toggle-colors-container.hide
     = f.label :font, "Font Color", class: 'control-label'
     .col-sm-10
-      = f.color_field :font, class: "form-control"
+      = f.text_field :font, class: "form-control"
   .form-group
     = f.label :starts_at, class: 'control-label'
     .col-sm-10.datetime-controls

app/views/admin/labels/_form.html.haml

@@ -14,7 +14,7 @@
     .col-sm-10
       .input-group
         .input-group-addon.label-color-preview  
-        = f.color_field :color, class: "form-control"
+        = f.text_field :color, class: "form-control"
       .help-block
         Choose any color.
         %br

app/views/admin/runners/index.html.haml

@@ -5,8 +5,10 @@
 
   %p.prepend-top-default
     %span
-      To register a new runner you should enter the following registration token.
-      With this token the runner will request a unique runner token and use that for future communication.
+      To register a new Runner you should enter the following registration
+      token.
+      With this token the Runner will request a unique Runner token and use
+      that for future communication.
       %br
       Registration token is
       %code{ id: 'runners-token' } #{current_application_settings.runners_registration_token}
@@ -24,27 +26,27 @@
 
   .bs-callout
     %p
-      A 'runner' is a process which runs a build.
-      You can setup as many runners as you need.
+      A 'Runner' is a process which runs a build.
+      You can setup as many Runners as you need.
       %br
-      Runners can be placed on separate users, servers, and even on your local machine.
+      Runners can be placed on separate users, servers, even on your local machine.
       %br
 
     %div
-      %span Each runner can be in one of the following states:
+      %span Each Runner can be in one of the following states:
       %ul
         %li
           %span.label.label-success shared
-          \- run builds from all unassigned projects
+          \- Runner runs builds from all unassigned projects
         %li
           %span.label.label-info specific
-          \- run builds from assigned projects
+          \- Runner runs builds from assigned projects
         %li
           %span.label.label-warning locked
-          \- runner cannot be assigned to other projects
+          \- Runner cannot be assigned to other projects
         %li
           %span.label.label-danger paused
-          \- runner will not receive any new builds
+          \- Runner will not receive any new builds
 
   .append-bottom-20.clearfix
     .pull-left

app/views/admin/runners/show.html.haml

@@ -11,14 +11,14 @@
 
 - if @runner.shared?
   .bs-callout.bs-callout-success
-    %h4 This runner will process builds from ALL UNASSIGNED projects
+    %h4 This Runner will process builds from ALL UNASSIGNED projects
     %p
-      If you want runners to build only specific projects, enable them in the table below.
+      If you want Runners to build only specific projects, enable them in the table below.
       Keep in mind that this is a one way transition.
 - else
   .bs-callout.bs-callout-info
-    %h4 This runner will process builds only from ASSIGNED projects
-    %p You can't make this a shared runner.
+    %h4 This Runner will process builds only from ASSIGNED projects
+    %p You can't make this a shared Runner.
 %hr
 
 .append-bottom-20
@@ -26,7 +26,7 @@
 
 .row
   .col-md-6
-    %h4 Restrict projects for this runner
+    %h4 Restrict projects for this Runner
     - if @runner.projects.any?
       %table.table.assigned-projects
         %thead
@@ -70,7 +70,7 @@
     = paginate @projects
 
   .col-md-6
-    %h4 Recent builds served by this runner
+    %h4 Recent builds served by this Runner
     %table.table.builds.runner-builds
       %thead
         %tr

app/views/explore/projects/_filter.html.haml

@@ -8,7 +8,7 @@
       - else
         Any
       %b.caret
-    %ul.dropdown-menu
+    %ul.dropdown-menu.dropdown-menu-align-right
       %li
         = link_to filter_projects_path(visibility_level: nil) do
           Any
@@ -28,7 +28,7 @@
       - else
         Any
       %b.caret
-    %ul.dropdown-menu
+    %ul.dropdown-menu.dropdown-menu-align-right
       %li
         = link_to filter_projects_path(tag: nil) do
           Any

app/views/projects/ci/pipelines/_pipeline.html.haml

 - status = pipeline.status
+- show_commit = local_assigns.fetch(:show_commit, true)
+- show_branch = local_assigns.fetch(:show_branch, true)
+
 %tr.commit
   %td.commit-link
     = link_to namespace_project_pipeline_path(pipeline.project.namespace, pipeline.project, pipeline.id) do
@@ -10,14 +13,14 @@
     .branch-commit
       = link_to namespace_project_pipeline_path(pipeline.project.namespace, pipeline.project, pipeline.id) do
         %span ##{pipeline.id}
-      - if pipeline.ref
-        - unless defined?(hide_branch) && hide_branch
-          .icon-container
-            = pipeline.tag? ? icon('tag') : icon('code-fork')
-          = link_to pipeline.ref, namespace_project_commits_path(pipeline.project.namespace, pipeline.project, pipeline.ref), class: "monospace branch-name"
-      .icon-container
-        = custom_icon("icon_commit")
-      = link_to pipeline.short_sha, namespace_project_commit_path(pipeline.project.namespace, pipeline.project, pipeline.sha), class: "commit-id monospace"
+      - if pipeline.ref && show_branch
+        .icon-container
+          = pipeline.tag? ? icon('tag') : icon('code-fork')
+        = link_to pipeline.ref, namespace_project_commits_path(pipeline.project.namespace, pipeline.project, pipeline.ref), class: "monospace branch-name"
+      - if show_commit
+        .icon-container
+          = custom_icon("icon_commit")
+        = link_to pipeline.short_sha, namespace_project_commit_path(pipeline.project.namespace, pipeline.project, pipeline.sha), class: "commit-id monospace"
       - if pipeline.latest?
         %span.label.label-success.has-tooltip{ title: 'Latest build for this branch' } latest
       - if pipeline.triggered?

app/views/projects/commit/_builds.html.haml

-- @pipelines.each do |pipeline|
+- @ci_pipelines.each do |pipeline|
   = render "pipeline", pipeline: pipeline, pipeline_details: true

app/views/projects/commit/_ci_menu.html.haml

@@ -3,6 +3,11 @@
     = link_to namespace_project_commit_path(@project.namespace, @project, @commit.id) do
       Changes
       %span.badge= @diffs.size
+  - if can?(current_user, :read_pipeline, @project)
+    = nav_link(path: 'commit#pipelines') do
+      = link_to pipelines_namespace_project_commit_path(@project.namespace, @project, @commit.id) do
+        Pipelines
+        %span.badge= @ci_pipelines.count
   = nav_link(path: 'commit#builds') do
     = link_to builds_namespace_project_commit_path(@project.namespace, @project, @commit.id) do
       Builds

app/views/projects/commit/_pipelines_list.haml

@@ -7,8 +7,8 @@
       %table.table.builds
         %tbody
           %th Status
-          %th Commit
+          %th Pipeline
           %th Stages
           %th
           %th
-        = render pipelines, commit_sha: true, stage: true, allow_retry: true, stages: pipelines.stages, status_icon_only: true, hide_branch: true
+        = render pipelines, commit_sha: true, stage: true, allow_retry: true, stages: pipelines.stages, status_icon_only: true, show_commit: false

app/views/projects/commit/pipelines.html.haml

+- page_title "Pipelines", "#{@commit.title} (#{@commit.short_id})", "Commits"
+
+.prepend-top-default
+  = render "commit_box"
+
+= render "ci_menu"
+= render "pipelines_list", pipelines: @ci_pipelines

app/views/projects/diffs/_file.html.haml

@@ -5,7 +5,7 @@
     - unless diff_file.submodule?
       .file-actions.hidden-xs
         - if blob_text_viewable?(blob)
-          = link_to '#', class: 'js-toggle-diff-comments btn active has-tooltip btn-file-option', title: "Toggle comments for this files", disabled: @diff_notes_disabled do
+          = link_to '#', class: 'js-toggle-diff-comments btn active has-tooltip btn-file-option', title: "Toggle comments for this file", disabled: @diff_notes_disabled do
             = icon('comment')
           \
 

app/views/projects/labels/_form.html.haml

@@ -14,7 +14,7 @@
     .col-sm-10
       .input-group
         .input-group-addon.label-color-preview  
-        = f.color_field :color, class: "form-control"
+        = f.text_field :color, class: "form-control"
       .help-block
         Choose any color.
         %br

app/views/projects/merge_requests/show/_versions.html.haml

@@ -58,11 +58,11 @@
                       .monospace #{short_sha(merge_request_diff.head_commit_sha)}
                       %small
                         = time_ago_with_tooltip(merge_request_diff.created_at)
-                  %li
-                    = link_to merge_request_version_path(@project, @merge_request, @merge_request_diff), class: ('is-active' unless @start_sha) do
-                      %strong
-                        #{@merge_request.target_branch} (base)
-                      .monospace #{short_sha(@merge_request_diff.base_commit_sha)}
+                %li
+                  = link_to merge_request_version_path(@project, @merge_request, @merge_request_diff), class: ('is-active' unless @start_sha) do
+                    %strong
+                      #{@merge_request.target_branch} (base)
+                    .monospace #{short_sha(@merge_request_diff.base_commit_sha)}
 
     - unless @merge_request_diff.latest? && !@start_sha
       .comments-disabled-notif.content-block

app/views/projects/pipelines/index.html.haml

@@ -46,7 +46,7 @@
         %table.table.builds
           %tbody
             %th Status
-            %th Commit
+            %th Pipeline
             %th Stages
             %th
             %th

app/views/projects/runners/_form.html.haml

@@ -5,7 +5,7 @@
     .col-sm-10
       .checkbox
         = f.check_box :active
-        %span.light Paused runners don't accept new builds
+        %span.light Paused Runners don't accept new builds
   .form-group
     = label :run_untagged, 'Run untagged jobs', class: 'control-label'
     .col-sm-10
@@ -33,6 +33,6 @@
       Tags
     .col-sm-10
       = f.text_field :tag_list, value: runner.tag_list.to_s, class: 'form-control'
-      .help-block You can setup jobs to only use runners with specific tags
+      .help-block You can setup jobs to only use Runners with specific tags
   .form-actions
     = f.submit 'Save changes', class: 'btn btn-save'

app/views/projects/runners/_runner.html.haml

@@ -15,7 +15,7 @@
     .pull-right
       - if @project_runners.include?(runner)
         - if runner.belongs_to_one_project?
-          = link_to 'Remove runner', runner_path(runner), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger btn-sm'
+          = link_to 'Remove Runner', runner_path(runner), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger btn-sm'
         - else
           - runner_project = @project.runner_projects.find_by(runner_id: runner)
           = link_to 'Disable for this project', namespace_project_runner_project_path(@project.namespace, @project, runner_project), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger btn-sm'

app/views/projects/runners/_shared_runners.html.haml

-%h3 Shared runners
+%h3 Shared Runners
 
 .bs-callout.bs-callout-warning.shared-runners-description
   - if shared_runners_text.present?
     = markdown(shared_runners_text, pipeline: 'plain_markdown')
   - else
-    Shared runners execute code of different projects on the same Runner unless you configure GitLab Runner Autoscale with MaxBuilds 1 (which it is on GitLab.com).
+    GitLab Shared Runners execute code of different projects on the same Runner
+    unless you configure GitLab Runner Autoscale with MaxBuilds 1 (which it is
+    on GitLab.com).
   %hr
   - if @project.shared_runners_enabled?
     = link_to toggle_shared_runners_namespace_project_runners_path(@project.namespace, @project), class: 'btn btn-warning', method: :post do
-      Disable shared runners
+      Disable shared Runners
   - else
     = link_to toggle_shared_runners_namespace_project_runners_path(@project.namespace, @project), class: 'btn btn-success', method: :post do
-      Enable shared runners
+      Enable shared Runners
     for this project
 
 - if @shared_runners_count.zero?
-  This GitLab server does not provide any shared runners yet.
-  Please use specific runners or ask the administrator to create one.
+  This GitLab server does not provide any shared Runners yet.
+  Please use the specific Runners or ask your administrator to create one.
 - else
-  %h4.underlined-title Available shared runners - #{@shared_runners_count}
+  %h4.underlined-title Available shared Runners : #{@shared_runners_count}
   %ul.bordered-list.available-shared-runners
     = render partial: 'runner', collection: @shared_runners, as: :runner
   - if @shared_runners_count > 10

app/views/projects/runners/_specific_runners.html.haml

-%h3 Specific runners
+%h3 Specific Runners
 
 .bs-callout.help-callout
-  %h4 How to setup a new project specific runner
+  %h4 How to setup a specific Runner for a new project
 
   %ol
     %li
-      Install GitLab Runner software.
-      Checkout the #{link_to 'GitLab Runner section', 'https://about.gitlab.com/gitlab-ci/#gitlab-runner', target: '_blank'} to install it
+      Install a Runner compatible with GitLab CI
+      (checkout the #{link_to 'GitLab Runner section', 'https://about.gitlab.com/gitlab-ci/#gitlab-runner', target: '_blank'} for information on how to install it).
     %li
-      Specify the following URL during runner setup:
+      Specify the following URL during the Runner setup:
       %code #{ci_root_url(only_path: false)}
     %li
       Use the following registration token during setup:
       %code #{@project.runners_token}
     %li
-      Start runner!
+      Start the Runner!
 
 
 - if @project_runners.any?

app/views/projects/runners/index.html.haml

@@ -2,24 +2,24 @@
 
 .light.prepend-top-default
   %p
-    A 'runner' is a process which runs a build.
-    You can setup as many runners as you need.
+    A 'Runner' is a process which runs a build.
+    You can setup as many Runners as you need.
     %br
     Runners can be placed on separate users, servers, and even on your local machine.
 
-  %p Each runner can be in one of the following states:
+  %p Each Runner can be in one of the following states:
   %div
     %ul
       %li
         %span.label.label-success active
-        \- runner is active and can process any new build
+        \- Runner is active and can process any new builds
       %li
         %span.label.label-danger paused
-        \- runner is paused and will not receive any new build
+        \- Runner is paused and will not receive any new builds
 
 %hr
 
-%p.lead To start serving your builds you can either add specific runners to your project or use shared runners
+%p.lead To start serving your builds you can either add specific Runners to your project or use shared Runners
 .row
   .col-sm-6
     = render 'specific_runners'

app/views/shared/issuable/_nav.html.haml

+- type = local_assigns.fetch(:type, :issues)
+- page_context_word = type.to_s.humanize(capitalize: false)
+- issuables = @issues || @merge_requests
+
 %ul.nav-links.issues-state-filters
-  - if defined?(type) && type == :merge_requests
-    - page_context_word = 'merge requests'
-  - else
-    - page_context_word = 'issues'
   %li{class: ("active" if params[:state] == 'opened')}
     = link_to page_filter_path(state: 'opened', label: true), title: "Filter by #{page_context_word} that are currently opened." do
-      #{state_filters_text_for(:opened, @project)}
+      #{issuables_state_counter_text(type, :opened)}
 
-  - if defined?(type) && type == :merge_requests
+  - if type == :merge_requests
     %li{class: ("active" if params[:state] == 'merged')}
       = link_to page_filter_path(state: 'merged', label: true), title: 'Filter by merge requests that are currently merged.' do
-        #{state_filters_text_for(:merged, @project)}
+        #{issuables_state_counter_text(type, :merged)}
 
     %li{class: ("active" if params[:state] == 'closed')}
       = link_to page_filter_path(state: 'closed', label: true), title: 'Filter by merge requests that are currently closed and unmerged.' do
-        #{state_filters_text_for(:closed, @project)}
+        #{issuables_state_counter_text(type, :closed)}
   - else
     %li{class: ("active" if params[:state] == 'closed')}
       = link_to page_filter_path(state: 'closed', label: true), title: 'Filter by issues that are currently closed.' do
-        #{state_filters_text_for(:closed, @project)}
+        #{issuables_state_counter_text(type, :closed)}
 
   %li{class: ("active" if params[:state] == 'all')}
     = link_to page_filter_path(state: 'all', label: true), title: "Show all #{page_context_word}." do
-      #{state_filters_text_for(:all, @project)}
+      #{issuables_state_counter_text(type, :all)}

config/application.rb

@@ -99,13 +99,24 @@ module Gitlab
 
     config.action_view.sanitized_allowed_protocols = %w(smb)
 
-    config.middleware.use Rack::Attack
+    config.middleware.insert_before Warden::Manager, Rack::Attack
 
     # Allow access to GitLab API from other domains
-    config.middleware.use Rack::Cors do
+    config.middleware.insert_before Warden::Manager, Rack::Cors do
+      allow do
+        origins Gitlab.config.gitlab.url
+        resource '/api/*',
+          credentials: true,
+          headers: :any,
+          methods: :any,
+          expose: ['Link']
+      end
+
+      # Cross-origin requests must not have the session cookie available
       allow do
         origins '*'
         resource '/api/*',
+          credentials: false,
           headers: :any,
           methods: :any,
           expose: ['Link']
@@ -116,6 +127,10 @@ module Gitlab
     redis_config_hash = Gitlab::Redis.params
     redis_config_hash[:namespace] = Gitlab::Redis::CACHE_NAMESPACE
     redis_config_hash[:expires_in] = 2.weeks # Cache should not grow forever
+    if Sidekiq.server? # threaded context
+      redis_config_hash[:pool_size] = Sidekiq.options[:concurrency] + 5
+      redis_config_hash[:pool_timeout] = 1
+    end
     config.cache_store = :redis_store, redis_config_hash
 
     config.active_record.raise_in_transactional_callbacks = true

config/initializers/7_redis.rb

+# Make sure we initialize a Redis connection pool before Sidekiq starts
+# multi-threaded execution.
+Gitlab::Redis.with { nil }

config/initializers/attr_encrypted_no_db_connection.rb

 module AttrEncrypted
   module Adapters
     module ActiveRecord
-      def attribute_instance_methods_as_symbols_with_no_db_connection
-        # Use with_connection so the connection doesn't stay pinned to the thread.
-        connected = ::ActiveRecord::Base.connection_pool.with_connection(&:active?) rescue false
-        
-        if connected
-          # Call version from AttrEncrypted::Adapters::ActiveRecord
-          attribute_instance_methods_as_symbols_without_no_db_connection
-        else
-          # Call version from AttrEncrypted, i.e., `super` with regards to AttrEncrypted::Adapters::ActiveRecord
-          AttrEncrypted.instance_method(:attribute_instance_methods_as_symbols).bind(self).call
+      module DBConnectionQuerier
+        def attribute_instance_methods_as_symbols
+          # Use with_connection so the connection doesn't stay pinned to the thread.
+          connected = ::ActiveRecord::Base.connection_pool.with_connection(&:active?) rescue false
+
+          if connected
+            # Call version from AttrEncrypted::Adapters::ActiveRecord
+            super
+          else
+            # Call version from AttrEncrypted, i.e., `super` with regards to AttrEncrypted::Adapters::ActiveRecord
+            AttrEncrypted.instance_method(:attribute_instance_methods_as_symbols).bind(self).call
+          end
         end
       end
-
-      alias_method_chain :attribute_instance_methods_as_symbols, :no_db_connection
+      prepend DBConnectionQuerier
     end
   end
 end

config/initializers/connection_fix.rb

@@ -20,7 +20,7 @@ if defined?(ActiveRecord::ConnectionAdapters::Mysql2Adapter)
         execute_without_retry(*args)
       rescue ActiveRecord::StatementInvalid => e
         if e.message =~ /server has gone away/i
-          warn "Server timed out, retrying"
+          warn "Lost connection to MySQL server during query"
           reconnect!
           retry
         else

config/initializers/postgresql_limit_fix.rb

 if defined?(ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
   class ActiveRecord::ConnectionAdapters::PostgreSQLAdapter
+    module LimitFilter
+      def add_column(table_name, column_name, type, options = {})
+        options.delete(:limit) if type == :text
+        super(table_name, column_name, type, options)
+      end
+
+      def change_column(table_name, column_name, type, options = {})
+        options.delete(:limit) if type == :text
+        super(table_name, column_name, type, options)
+      end
+    end
+
+    prepend ActiveRecord::ConnectionAdapters::PostgreSQLAdapter::LimitFilter
+
     class TableDefinition
       def text(*args)
         options = args.extract_options!
@@ -9,18 +23,5 @@ if defined?(ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
         column_names.each { |name| column(name, type, options) }
       end
     end
-
-    def add_column_with_limit_filter(table_name, column_name, type, options = {})
-      options.delete(:limit) if type == :text
-      add_column_without_limit_filter(table_name, column_name, type, options)
-    end
-
-    def change_column_with_limit_filter(table_name, column_name, type, options = {})
-      options.delete(:limit) if type == :text
-      change_column_without_limit_filter(table_name, column_name, type, options)
-    end
-
-    alias_method_chain :add_column, :limit_filter
-    alias_method_chain :change_column, :limit_filter
   end
 end

config/routes.rb

@@ -635,6 +635,7 @@ Rails.application.routes.draw do
           member do
             get :branches
             get :builds
+            get :pipelines
             post :cancel_builds
             post :retry_builds
             post :revert

doc/README.md

@@ -19,6 +19,7 @@
 - [SSH](ssh/README.md) Setup your ssh keys and deploy keys for secure access to your projects.
 - [Webhooks](web_hooks/web_hooks.md) Let GitLab notify you when new code has been pushed to your project.
 - [Workflow](workflow/README.md) Using GitLab functionality and importing projects from GitHub and SVN.
+- [University](university/README.md) Learn Git and GitLab through videos and courses.
 
 ## Administrator documentation
 

doc/api/builds.md

@@ -40,6 +40,12 @@ Example of response
     "finished_at": "2015-12-24T17:54:27.895Z",
     "id": 7,
     "name": "teaspoon",
+    "pipeline": {
+      "id": 6,
+      "ref": "master",
+      "sha": "0ff3ae198f8601a285adcf5c0fff204ee6fba5fd",
+      "status": "pending"
+    }
     "ref": "master",
     "runner": null,
     "stage": "test",
@@ -78,6 +84,12 @@ Example of response
     "finished_at": "2015-12-24T17:54:24.921Z",
     "id": 6,
     "name": "spinach:other",
+    "pipeline": {
+      "id": 6,
+      "ref": "master",
+      "sha": "0ff3ae198f8601a285adcf5c0fff204ee6fba5fd",
+      "status": "pending"
+    }
     "ref": "master",
     "runner": null,
     "stage": "test",
@@ -146,6 +158,12 @@ Example of response
     "finished_at": "2016-01-11T10:14:09.526Z",
     "id": 69,
     "name": "rubocop",
+    "pipeline": {
+      "id": 6,
+      "ref": "master",
+      "sha": "0ff3ae198f8601a285adcf5c0fff204ee6fba5fd",
+      "status": "pending"
+    }
     "ref": "master",
     "runner": null,
     "stage": "test",
@@ -170,6 +188,12 @@ Example of response
     "finished_at": "2015-12-24T17:54:33.913Z",
     "id": 9,
     "name": "brakeman",
+    "pipeline": {
+      "id": 6,
+      "ref": "master",
+      "sha": "0ff3ae198f8601a285adcf5c0fff204ee6fba5fd",
+      "status": "pending"
+    }
     "ref": "master",
     "runner": null,
     "stage": "test",
@@ -231,6 +255,12 @@ Example of response
   "finished_at": "2015-12-24T17:54:31.198Z",
   "id": 8,
   "name": "rubocop",
+  "pipeline": {
+    "id": 6,
+    "ref": "master",
+    "sha": "0ff3ae198f8601a285adcf5c0fff204ee6fba5fd",
+    "status": "pending"
+  }
   "ref": "master",
   "runner": null,
   "stage": "test",

doc/api/oauth2.md

@@ -48,7 +48,7 @@ You should then use the `code` to request an access token.
 >**Important:**
 It is highly recommended that you send a `state` value with the request to `/oauth/authorize` and
 validate that value is returned and matches in the redirect request.
-This is important to prevent [CSFR attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow),
+This is important to prevent [CSRF attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow),
 `state` really should have been a requirement in the standard!
 
 ### 3. Requesting the access token
@@ -134,4 +134,4 @@ access_token = client.password.get_token('user@example.com', 'secret')
 puts access_token.token
 ```
 
-[personal access tokens]: ./README.md#personal-access-tokens
+[personal access tokens]: ./README.md#personal-access-tokens
\ No newline at end of file

doc/api/projects.md

@@ -899,6 +899,7 @@ Parameters:
 - `id` (required) - The ID or NAMESPACE/PROJECT_NAME of the project to be forked
 - `group_id` (required) - The ID of a group
 - `group_access` (required) - Level of permissions for sharing
+- `expires_at` - Share expiration date in ISO 8601 format: 2016-09-26
 
 ## Hooks
 

doc/api/settings.md

@@ -41,7 +41,9 @@ Example response:
    "gravatar_enabled" : true,
    "sign_in_text" : null,
    "container_registry_token_expire_delay": 5,
-   "repository_storage": "default"
+   "repository_storage": "default",
+   "koding_enabled": false,
+   "koding_url": null
 }
 ```
 
@@ -72,7 +74,9 @@ PUT /application/settings
 | `after_sign_out_path` | string | no | Where to redirect users after logout |
 | `container_registry_token_expire_delay` | integer | no | Container Registry token duration in minutes |
 | `repository_storage` | string | no | Storage path for new projects. The value should be the name of one of the repository storage paths defined in your gitlab.yml |
-| `enabled_git_access_protocol` | string | no | Enabled protocols for Git access. Allowed values are: `ssh`, `http`, and `nil` to allow both protocols.
+| `enabled_git_access_protocol` | string | no | Enabled protocols for Git access. Allowed values are: `ssh`, `http`, and `nil` to allow both protocols. |
+| `koding_enabled` | boolean | no | Enable Koding integration. Default is `false`. |
+| `koding_url` | string | yes (if `koding_enabled` is `true`) |  The Koding instance URL for integration. |
 
 ```bash
 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/application/settings?signup_enabled=false&default_project_visibility=1
@@ -103,6 +107,8 @@ Example response:
   "user_oauth_applications": true,
   "after_sign_out_path": "",
   "container_registry_token_expire_delay": 5,
-  "repository_storage": "default"
+  "repository_storage": "default",
+  "koding_enabled": false,
+  "koding_url": null
 }
 ```

doc/install/installation.md

@@ -381,7 +381,7 @@ sudo usermod -aG redis git
 GitLab Shell is an SSH access and repository management software developed specially for GitLab.
 
     # Run the installation task for gitlab-shell (replace `REDIS_URL` if needed):
-    sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production SKIP_STORAGE_VALIDATION=true
 
     # By default, the gitlab-shell config is generated from your main GitLab config.
     # You can review (and modify) the gitlab-shell config as follows:

doc/university/README.md

+
+## What is GitLab University
+
+_GitLab University_ has as a goal to teach the fundamentals of **Version Control with Git and GitLab** through courses that cover topics which can be mastered in around 2 hours.
+
+_University materials don't replace our [Documentation](http://docs.gitlab.com) or [Blog Articles](https://about.gitlab.com/blog/)._
+
+---
+
+### On this page
+
++ [GITx] Git
++ [OPSx] DevOps
++ [GLBx] GitLab Basics
++ [INTx] GitLab Integrations
++ [GLFx] GitLab Workflows
++ [GLEx] GitLab Enterprise Edition extra features
++ [GCIx] GitLab CI
++ [ECO] Ecosystem
++ [COM] Competition comparison
++ [SPTx] Support Bootcamp
++ [SLSx] Sales Bootcamp
++ [TRAx] Trainings
+
+---
+
++ [GIT1] [Version Control Systems](https://docs.google.com/presentation/d/16sX7hUrCZyOFbpvnrAFrg6tVO5_yT98IgdAqOmXwBho/edit#slide=id.g72f2e4906_2_29)
++ [GIT2] [Operating Systems and How Git Works](https://drive.google.com/a/gitlab.com/file/d/0B41DBToSSIG_OVYxVFJDOGI3Vzg/view?usp=sharing)
++ [GIT3] [Intro to Git](https://www.codeschool.com/account/courses/try-git)
+
+---
+
++ [OPS1] [What is Omnibus](https://www.youtube.com/watch?v=XTmpKudd-Oo)
++ [OPS2] [Installing GitLab](https://www.youtube.com/watch?v=Q69YaOjqNhg)
++ [OPS3] [Configuring an external PostgreSQL database](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#using-a-non-packaged-postgresql-database-management-server)
++ [OPS5] [Importing from Other Tools or SVN](http://doc.gitlab.com/ee/workflow/importing/)
++ [OPS6] [High Availability Documentation](https://about.gitlab.com/high-availability/)
++ [OPS7] [Managing LDAP, Active Directory](https://www.youtube.com/watch?v=HPMjM-14qa8)
++ [OPS8] [Scalability and High Availability](https://www.youtube.com/watch?v=cXRMJJb6sp4&list=PLFGfElNsQthbQu_IWlNOxul0TbS_2JH-e&index=2)
++ [OPS9] [High Availability on AWS](high-availability/aws/README.md)
+
+---
+
++ [GLB1] [Terminology](glossary/README.md)
++ [GLB2] [GitLab Basics](http://doc.gitlab.com/ce/gitlab-basics/README.html)
++ [GLB3] [Demo of GitLab.com](https://www.youtube.com/watch?v=WaiL5DGEMR4)
++ [GLB4] [Create and Add your SSH key to GitLab](https://www.youtube.com/watch?v=54mxyLo3Mqk)
++ [GLB5] [Repositories, Projects and Groups](https://www.youtube.com/watch?v=4TWfh1aKHHw&index=1&list=PLFGfElNsQthbQu_IWlNOxul0TbS_2JH-e)
++ [GLB6] [Creating a Project in GitLab](https://www.youtube.com/watch?v=7p0hrpNaJ14)
++ [GLB7] [Issues and Merge Requests](https://www.youtube.com/watch?v=raXvuwet78M)
++ [GLB8] [Big files in Git (Git LFS, Annex)](https://gitlab.com/gitlab-org/University/blob/master/classes/git_lfs_and_annex.md)
+
+---
+
++ [INT1] [JIRA and Jenkins integrations in GitLab](https://gitlabmeetings.webex.com/gitlabmeetings/ldr.php?RCID=44b548147a67ab4d8a62274047146415)
++ [INT2] [Integrating JIRA with GitLab](http://doc.gitlab.com/ee/integration/jira.html)
++ [INT3] [Integrating Jenkins with GitLab](http://doc.gitlab.com/ee/integration/jenkins.html)
++ [INT4] [Integrating Bamboo with GitLab](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/project_services/bamboo.md)
++ [INT5] [Documentation on Integrating Slack with GitLab](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/integration/slack.md)
+
+---
+
++ [GLF1] [GitLab Flow](https://www.youtube.com/watch?v=UGotqAUACZA)
+
+---
+
++ [GLE1] [Configuring an external MySQL database](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#using-a-mysql-database-management-server-enterprise-edition-only)
++ [GLE2] [Managing Permissions within EE](https://www.youtube.com/watch?v=DjUoIrkiNuM)
++ [GLE3] [Upcoming in EE and Big files in Git (Git LFS, Annex)](https://gitlab.com/gitlab-org/University/blob/master/classes/upcoming_in_ee.md)
+
+---
+
++ [GCI1] [GitLab CI product page](https://about.gitlab.com/gitlab-ci/)
++ [GCI2] [Setting up GitLab Runner For Continuous Integration](https://about.gitlab.com/2016/03/01/gitlab-runner-with-docker/)
+
+---
+
++ [COM1] [GitLab compared to other tools](https://about.gitlab.com/comparison/)
++ [COM2] [Compare GitLab versions](https://about.gitlab.com/features/#compare)
++ [COM3] [Innersourcing article](https://about.gitlab.com/2014/09/05/innersourcing-using-the-open-source-workflow-to-improve-collaboration-within-an-organization/)
+
+---
+
++ [ECO1] [Ecosystem Overview](https://www.youtube.com/watch?v=sXlhgPK1NTY&list=PLFGfElNsQthbQu_IWlNOxul0TbS_2JH-e&index=6)
++ [ECO2] [Positioning FAQ](https://about.gitlab.com/handbook/positioning-faq)
++ [ECO3] [GitLab Ecosystem slides](https://docs.google.com/presentation/d/1vCU-NbZWz8NTNK8Vu3y4zGMAHb5DpC8PE5mHtw1PWfI/edit)
++ [ECO4] [Customer Use-Cases](https://about.gitlab.com/handbook/use-cases/)
+
+---
+
++ [SPT1] [Support Path](support/README.md)
++ [SPT2] [End User Training Material](https://gitlab.com/gitlab-org/University/blob/master/training/user_training.md)
++ [SPT3] [Materials for Training Sessions](https://gitlab.com/gitlab-org/University/tree/master/training/topics)
+
+---
+
++ [SLS1] [Sales Path (redirect to sales handbook)](https://about.gitlab.com/handbook/sales-onboarding/)
++ [SLS2] [GitLab Direction](https://about.gitlab.com/direction/)
+
+---
+
++ [TRA1] [End User Training](training/end-user/README.md)
+
+---
+
+### External Resources
+
++ [DOC] GitLab Documentation
+  + [Set up and use GitLab Pages](http://doc.gitlab.com/ee/pages/README.html)
+  + [Markdown Reference](http://doc.gitlab.com/ce/markdown/markdown.html)
+
++ [GLW] GitLab Workshop (@ Platzi)
+  + [GitLab Workshop Part 1: Basics of Git and GitLab](https://courses.platzi.com/classes/git-gitlab/)
+  + [Create a GitLab Account](https://courses.platzi.com/classes/git-gitlab/concepto/first-steps/create-an-account-on-gitlab/material/)
+
++ [GLY] GitLab YouTube Videos
+  + [Making GitLab Great for Everyone, our response to the Dear GitHub letter](https://www.youtube.com/watch?v=GGC40y4vMx0)
+  + [Compared to Atlassian (Recorded on 2016-03-03) ](https://youtu.be/Nbzp1t45ERo)
+
++ [GLI] GitLab Team-Only Access
+  + [GitLab architecture for noobs](https://dev.gitlab.org/gitlab/gitlabhq/blob/master/doc/development/architecture.md)
+  + [Client Assessment of GitLab versus GitHub](https://docs.google.com/a/gitlab.com/spreadsheets/d/18cRF9Y5I6I7Z_ab6qhBEW55YpEMyU4PitZYjomVHM-M/edit?usp=sharing)
+
++ [KNT] Slides & Keynotes by GitLabbers & other individuals
+  + [Why Git and GitLab slide deck](https://docs.google.com/a/gitlab.com/presentation/d/1RcZhFmn5VPvoFu6UMxhMOy7lAsToeBZRjLRn0LIdaNc/)
+  + [Git Workshop](https://docs.google.com/presentation/d/1JzTYD8ij9slejV2-TO-NzjCvlvj6mVn9BORePXNJoMI/)
+
++ Others (not created by GitLab)
+  + [Dev Ops terminology](https://xebialabs.com/glossary/)
+  + [Continuous Delivery vs Continuous Deployment](https://www.youtube.com/watch?v=igwFj8PPSnw)
+  + [Periodic Table of DevOps Tools](https://xebialabs.com/periodic-table-of-devops-tools/)
+  + [State of Dev Ops 2015 Report by Puppet Labs](https://puppetlabs.com/sites/default/files/2015-state-of-devops-report.pdf) Insightful Chapters to understand the Impact of Continuous Delivery on Performance (Chapter 4), the Application Architecture (Chapter 5) and How IT Managers can help their teams win (Chapter 6).
+  + [2011 WSJ article by Mark Andreeson - Software is Eating the World](http://www.wsj.com/articles/SB10001424053111903480904576512250915629460)
+  + [2014 Blog post by Chris Dixon - Software eats software development](http://cdixon.org/2014/04/13/software-eats-software-development/)
+  + [2015 Venture Beat article - Actually, Open Source is Eating the World](http://venturebeat.com/2015/12/06/its-actually-open-source-software-thats-eating-the-world/)
+  + [Customer review of GitLab with talking points on why they prefer GitLab](https://www.enovate.co.uk/web-design-blog/2015/11/25/gitlab-review/)
+  + [3rd party tool comparison](http://technologyconversations.com/2015/10/16/github-vs-gitlabs-vs-bitbucket-server-formerly-stash/)
+  + [Amazon's transition to Continuous Delivery](https://www.youtube.com/watch?v=esEFaY0FDKc)
+  + [Article on Continuous Integration from ThoughtWorks](https://www.thoughtworks.com/continuous-integration)

doc/university/process/README.md

+---
+title: University | Process
+---
+
+## Suggesting improvements
+
+If you would like to teach a class or participate or help in any way please
+submit a merge request and assign it to [Job](https://gitlab.com/u/JobV).
+
+If you have suggestions for additional courses you would like to see,
+please submit a merge request to add an upcoming class, assign to
+[Chad](https://gitlab.com/u/chadmalchow) and /cc [Job](https://gitlab.com/u/JobV).
+
+## Adding classes
+
+1. All training materials of any kind should be added to [GitLab CE](https://gitlab.com/gitlab-org/gitlab-ce/)
+   to ensure they are available to a broad audience (don't use any other repo or
+   storage for training materials).
+1. Don't make materials that are needlessly specific to one group of people, try
+   to keep the wording broad and inclusive (don't make things for only GitLab Inc.
+   people, only interns, only customers, etc.).
+1. To allow people to contribute all content should be in git.
+1. The content can go in a subdirectory under `/doc/university/`.
+1. To make, view or modify the slides of the classes use [Deckset](http://www.decksetapp.com/)
+   or [RevealJS](http://lab.hakim.se/reveal-js/). Do not use Powerpoint or Google
+   Slides since this prevents everyone from contributing.
+1. Please upload any video recordings to our Youtube channel. We prefer them to
+   be public, if needed they can be unlisted but if so they should be linked from
+   this page.
+1. Please create a merge request and assign to [SeanPackham](https://gitlab.com/u/SeanPackham).

doc/university/training/end-user/README.md

+
+# Training
+
+This training material is the markdown used to generate training slides
+which can be found at [End User Slides](https://gitlab-org.gitlab.io/end-user-training-slides/#/)
+through it's [RevealJS](https://gitlab.com/gitlab-org/end-user-training-slides)
+project.
+
+---
+
+## Git Intro
+
+---
+
+### What is a Version Control System (VCS)
+
+- Records changes to a file
+- Maintains history of changes
+- Disaster Recovery
+- Types of VCS: Local, Centralized and Distributed
+
+---
+
+### Short Story of Git
+
+- 1991-2002: The Linux kernel was being maintaned by sharing archived files
+  and patches.
+- 2002: The Linux kernel project began using a DVCS called BitKeeper
+- 2005: BitKeeper revoked the free-of-charge status and Git was created
+
+---
+
+### What is Git
+
+- Distributed Version Control System
+- Great branching model that adapts well to most workflows
+- Fast and reliable
+- Keeps a complete history
+- Disaster recovery friendly
+- Open Source
+
+---
+
+### Getting Help
+
+- Use the tools at your disposal when you get stuck.
+  - Use `git help <command>` command
+  - Use Google (i.e. StackOverflow, Google groups)
+  - Read documentation at https://git-scm.com
+
+---
+
+## Git Setup
+Workshop Time!
+
+---
+
+### Setup
+
+- Windows: Install 'Git for Windows'
+  - https://git-for-windows.github.io
+- Mac: Type `git` in the Terminal application.
+  - If it's not installed, it will prompt you to install it.
+- Linux
+  - Debian: `sudo apt-get install git-all`
+  - Red Hat `sudo yum install git-all`
+
+---
+
+### Configure
+
+- One-time configuration of the Git client:
+
+```bash
+git config --global user.name "Your Name"
+git config --global user.email you@example.com
+```    
+
+- If you don't use the global flag you can setup a different author for
+  each project
+- Check settings with:
+
+```bash
+git config --global --list
+```
+- You might want or be required to use an SSH key.
+    - Instructions: [SSH](http://doc.gitlab.com/ce/ssh/README.html)
+
+---
+
+### Workspace
+
+- Choose a directory on you machine easy to access
+- Create a workspace or development directory
+- This is where we'll be working and adding content
+
+---
+
+```bash
+mkdir ~/development
+cd ~/development
+
+-or-
+
+mkdir ~/workspace
+cd ~/workspace  
+```
+
+---
+
+## Git Basics
+
+---  
+
+### Git Workflow
+
+- Untracked files
+    - New files that Git has not been told to track previously.
+- Working area (Workspace)
+    - Files that have been modified but are not committed.
+- Staging area (Index)
+    - Modified files that have been marked to go in the next commit.
+- Upstream
+    - Hosted repository on a shared server
+
+---
+
+### GitLab
+
+- GitLab is an application to code, test and deploy.
+- Provides repository management with access controls, code reviews,
+  issue tracking, Merge Requests, and other features.
+- The hosted version of GitLab is gitlab.com
+
+---  
+
+### New Project
+
+- Sign in into your gitlab.com account
+- Create a project
+- Choose to import from 'Any Repo by URL' and use https://gitlab.com/gitlab-org/training-examples.git
+- On your machine clone the `training-examples` project
+
+---
+
+### Git and GitLab basics
+
+1. Edit `edit_this_file.rb` in `training-examples`
+2. See it listed as a changed file (working area)
+3. View the differences
+4. Stage the file
+5. Commit
+6. Push the commit to the remote
+7. View the git log
+
+---
+
+```shell
+# Edit `edit_this_file.rb`
+git status
+git diff
+git add <file>
+git commit -m 'My change'
+git push origin master
+git log
+```
+
+---  
+
+### Feature Branching
+
+1. Create a new feature branch called `squash_some_bugs`
+2. Edit `bugs.rb` and remove all the bugs.
+3. Commit
+4. Push
+
+---
+
+```shell
+git checkout -b squash_some_bugs
+# Edit `bugs.rb`
+git status
+git add bugs.rb
+git commit -m 'Fix some buggy code'
+git push origin squash_some_bugs
+```
+
+---
+
+## Merge Request
+
+---
+
+### Merge requests
+
+- When you want feedback create a merge request
+- Target is the ‘default’ branch (usually master)
+- Assign or mention the person you would like to review
+- Add `WIP` to the title if it's a work in progress
+- When accepting, always delete the branch
+- Anyone can comment, not just the assignee
+- Push corrections to the same branch
+
+
+---
+
+### Merge request example
+
+- Create your first merge request
+  - Use the blue button in the activity feed
+  - View the diff (changes) and leave a comment
+  - Push a new commit to the same branch
+  - Review the changes again and notice the update
+
+---
+
+### Feedback and Collaboration
+
+- Merge requests are a time for feedback and collaboration
+- Giving feedback is hard
+- Be as kind as possible
+- Receiving feedback is hard
+- Be as receptive as possible
+- Feedback is about the best code, not the person. You are not your code
+- Feedback and Collaboration
+
+---
+
+### Feedback and Collaboration
+
+- Review the Thoughtbot code-review guide for suggestions to follow when reviewing merge requests:[Thoughtbot](https://github.com/thoughtbot/guides/tree/master/code-review)
+- See GitLab merge requests for examples: [Merge Requests](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests)
+
+---
+
+## Merge Conflicts
+
+---
+
+### Merge Conflicts
+* Happen often
+* Learning to fix conflicts is hard
+* Practice makes perfect
+* Force push after fixing conflicts. Be careful!
+
+---
+
+### Example Plan
+1. Checkout a new branch and edit conflicts.rb. Add 'Line4' and 'Line5'.
+2. Commit and push
+3. Checkout master and edit conflicts.rb. Add 'Line6' and 'Line7' below 'Line3'.
+4. Commit and push to master
+5. Create a merge request and watch it fail
+6. Rebase our new branch with master
+7. Fix conflicts on the conflicts.rb file.
+8. Stage the file and continue rebasing
+9. Force push the changes
+10. Finally continue with the Merge Request
+
+---
+
+### Example 1/2
+
+    git checkout -b conflicts_branch
+
+    # vi conflicts.rb
+    # Add 'Line4' and 'Line5'
+
+    git commit -am "add line4 and line5"
+    git push origin conflicts_branch
+
+    git checkout master
+
+    # vi conflicts.rb
+    # Add 'Line6' and 'Line7'
+    git commit -am "add line6 and line7"
+    git push origin master
+
+---
+
+### Example 2/2
+
+Create a merge request on the GitLab web UI. You'll see a conflict warning.
+
+    git checkout conflicts_branch
+    git fetch
+    git rebase master
+
+    # Fix conflicts by editing the files.
+
+    git add conflicts.rb
+    # No need to commit this file
+
+    git rebase --continue
+
+    # Remember that we have rewritten our commit history so we
+    # need to force push so that our remote branch is restructured
+    git push origin conflicts_branch -f
+
+---
+
+### Notes
+
+* When to use `git merge` and when to use `git rebase`
+* Rebase when updating your branch with master
+* Merge when bringing changes from feature to master
+* Reference: https://www.atlassian.com/git/tutorials/merging-vs-rebasing/
+
+---
+
+## Revert and Unstage
+
+---
+
+### Unstage
+
+To remove files from stage use reset HEAD. Where HEAD is the last commit of the current branch:
+
+    git reset HEAD <file>
+
+This will unstage the file but maintain the modifications. To revert the file back to the state it was in before the changes we can use:
+
+    git checkout -- <file>
+
+To remove a file from disk and repo use 'git rm' and to rm a dir use the '-r' flag:
+
+    git rm '*.txt'
+    git rm -r <dirname>
+
+If we want to remove a file from the repository but keep it on disk, say we forgot to add it to our .gitignore file then use `--cache`:
+
+    git rm <filename> --cache
+
+---
+
+### Undo Commits
+
+Undo last commit putting everything back into the staging area:
+
+    git reset --soft HEAD^
+
+Add files and change message with:
+
+    git commit --amend -m "New Message"
+
+Undo last and remove changes
+
+    git reset --hard HEAD^
+
+Same as last one but for two commits back:
+
+    git reset --hard HEAD^^
+
+Don't reset after pushing
+
+---
+
+### Reset Workflow
+
+1. Edit file again 'edit_this_file.rb'
+2. Check status
+3. Add and commit with wrong message
+4. Check log
+5. Amend commit
+6. Check log
+7. Soft reset
+8. Check log
+9. Pull for updates
+10. Push changes
+
+----
+
+    # Change file edit_this_file.rb
+    git status
+    git commit -am "kjkfjkg"
+    git log
+    git commit --amend -m "New comment added"
+    git log
+    git reset --soft HEAD^
+    git log
+    git pull origin master
+    git push origin master
+
+---
+
+### Note
+
+git revert vs git reset  
+Reset removes the commit while revert removes the changes but leaves the commit  
+Revert is safer considering we can revert a revert  
+
+
+    # Changed file
+    git commit -am "bug introduced"
+    git revert HEAD
+    # New commit created reverting changes
+    # Now we want to re apply the reverted commit
+    git log # take hash from the revert commit
+    git revert <rev commit hash>
+    # reverted commit is back (new commit created again)
+
+---
+
+## Questions
+
+---
+
+## Instructor Notes
+
+---
+
+### Version Control
+ - Local VCS was used with a filesystem or a simple db.
+ - Centralized VCS such as Subversion includes collaboration but
+   still is prone to data loss as the main server is the single point of
+   failure.
+ - Distributed VCS enables the team to have a complete copy of the project
+   and work with little dependency to the main server. In case of a main
+   server failing the project can be recovered by any of the latest copies
+   from the team

doc/user/markdown.md

@@ -27,6 +27,7 @@
 * [Horizontal Rule](#horizontal-rule)
 * [Line Breaks](#line-breaks)
 * [Tables](#tables)
+* [Footnotes](#footnotes)
 
 **[Wiki-Specific Markdown](#wiki-specific-markdown)**
 
@@ -699,6 +700,15 @@ By including colons in the header row, you can align the text within that column
 | Cell 1       | Cell 2   | Cell 3        | Cell 4       | Cell 5   | Cell 6        |
 | Cell 7       | Cell 8   | Cell 9        | Cell 10      | Cell 11  | Cell 12       |
 
+## Footnotes
+
+You can add footnotes to your text as follows.[^1]
+[^1]: This is my awesome footnote.
+
+```
+You can add footnotes to your text as follows.[^1]
+[^1]: This is my awesome footnote.
+```
 
 ## Wiki-specific Markdown
 

lib/api/access_requests.rb

@@ -16,9 +16,9 @@ module API
         #  GET /projects/:id/access_requests
         get ":id/access_requests" do
           source = find_source(source_type, params[:id])
-          authorize_admin_source!(source_type, source)
 
-          access_requesters = paginate(source.requesters.includes(:user))
+          access_requesters = AccessRequestsFinder.new(source).execute!(current_user)
+          access_requesters = paginate(access_requesters.includes(:user))
 
           present access_requesters.map(&:user), with: Entities::AccessRequester, source: source
         end

lib/api/entities.rb

@@ -343,7 +343,7 @@ module API
     end
 
     class ProjectGroupLink < Grape::Entity
-      expose :id, :project_id, :group_id, :group_access
+      expose :id, :project_id, :group_id, :group_access, :expires_at
     end
 
     class Todo < Grape::Entity
@@ -494,6 +494,8 @@ module API
       expose :after_sign_out_path
       expose :container_registry_token_expire_delay
       expose :repository_storage
+      expose :koding_enabled
+      expose :koding_url
     end
 
     class Release < Grape::Entity
@@ -545,6 +547,10 @@ module API
       expose :filename, :size
     end
 
+    class PipelineBasic < Grape::Entity
+      expose :id, :sha, :ref, :status
+    end
+
     class Build < Grape::Entity
       expose :id, :status, :stage, :name, :ref, :tag, :coverage
       expose :created_at, :started_at, :finished_at
@@ -552,6 +558,7 @@ module API
       expose :artifacts_file, using: BuildArtifactFile, if: -> (build, opts) { build.artifacts? }
       expose :commit, with: RepoCommit
       expose :runner, with: Runner
+      expose :pipeline, with: PipelineBasic
     end
 
     class Trigger < Grape::Entity
@@ -562,8 +569,8 @@ module API
       expose :key, :value
     end
 
-    class Pipeline < Grape::Entity
-      expose :id, :status, :ref, :sha, :before_sha, :tag, :yaml_errors
+    class Pipeline < PipelineBasic
+      expose :before_sha, :tag, :yaml_errors
 
       expose :user, with: Entities::UserBasic
       expose :created_at, :updated_at, :started_at, :finished_at, :committed_at

lib/api/internal.rb

@@ -90,7 +90,7 @@ module API
 
         {
           username: token_handler.actor_name,
-          lfs_token: token_handler.generate,
+          lfs_token: token_handler.token,
           repository_http_path: project.http_url_to_repo
         }
       end

lib/api/milestones.rb

@@ -108,8 +108,7 @@ module API
 
         finder_params = {
           project_id: user_project.id,
-          milestone_title: @milestone.title,
-          state: 'all'
+          milestone_title: @milestone.title
         }
 
         issues = IssuesFinder.new(current_user, finder_params).execute

lib/api/projects.rb

@@ -393,23 +393,24 @@ module API
       # Share project with group
       #
       # Parameters:
-      #   id (required) - The ID of a project
-      #   group_id (required) - The ID of a group
+      #   id (required)           - The ID of a project
+      #   group_id (required)     - The ID of a group
       #   group_access (required) - Level of permissions for sharing
+      #   expires_at (optional)   - Share expiration date
       #
       # Example Request:
       #   POST /projects/:id/share
       post ":id/share" do
         authorize! :admin_project, user_project
         required_attributes! [:group_id, :group_access]
+        attrs = attributes_for_keys [:group_id, :group_access, :expires_at]
 
         unless user_project.allowed_to_share_with_group?
           return render_api_error!("The project sharing with group is disabled", 400)
         end
 
-        link = user_project.project_group_links.new
-        link.group_id = params[:group_id]
-        link.group_access = params[:group_access]
+        link = user_project.project_group_links.new(attrs)
+
         if link.save
           present link, with: Entities::ProjectGroupLink
         else

lib/banzai/filter/abstract_reference_filter.rb

@@ -64,7 +64,7 @@ module Banzai
         end
       end
 
-      def project_from_ref_cache(ref)
+      def project_from_ref_cached(ref)
         if RequestStore.active?
           cache = project_refs_cache
 
@@ -146,7 +146,7 @@ module Banzai
       # have `gfm` and `gfm-OBJECT_NAME` class names attached for styling.
       def object_link_filter(text, pattern, link_text: nil)
         references_in(text, pattern) do |match, id, project_ref, matches|
-          project = project_from_ref_cache(project_ref)
+          project = project_from_ref_cached(project_ref)
 
           if project && object = find_object_cached(project, id)
             title = object_link_title(object)
@@ -243,11 +243,27 @@ module Banzai
         end
       end
 
-      # Returns the projects for the given paths.
-      def find_projects_for_paths(paths)
+      def projects_relation_for_paths(paths)
         Project.where_paths_in(paths).includes(:namespace)
       end
 
+      # Returns projects for the given paths.
+      def find_projects_for_paths(paths)
+        if RequestStore.active?
+          to_query = paths - project_refs_cache.keys
+
+          unless to_query.empty?
+            projects_relation_for_paths(to_query).each do |project|
+              get_or_set_cache(project_refs_cache, project.path_with_namespace) { project }
+            end
+          end
+
+          project_refs_cache.slice(*paths).values
+        else
+          projects_relation_for_paths(paths)
+        end
+      end
+
       def current_project_path
         @current_project_path ||= project.path_with_namespace
       end

lib/banzai/filter/issue_reference_filter.rb

@@ -66,7 +66,7 @@ module Banzai
         end
       end
 
-      def find_projects_for_paths(paths)
+      def projects_relation_for_paths(paths)
         super(paths).includes(:gitlab_issue_tracker_service)
       end
     end

lib/banzai/filter/task_list_filter.rb

@@ -10,19 +10,21 @@ module Banzai
     # task_list gem.
     #
     # See https://github.com/github/task_list/pull/60
-    class TaskListFilter < TaskList::Filter
-      def add_css_class_with_fix(node, *new_class_names)
+    module ClassNamesFilter
+      def add_css_class(node, *new_class_names)
         if new_class_names.include?('task-list')
           # Don't add class to all lists
           return
         elsif new_class_names.include?('task-list-item')
-          add_css_class_without_fix(node.parent, 'task-list')
+          super(node.parent, 'task-list')
         end
 
-        add_css_class_without_fix(node, *new_class_names)
+        super(node, *new_class_names)
       end
+    end
 
-      alias_method_chain :add_css_class, :fix
+    class TaskListFilter < TaskList::Filter
+      prepend ClassNamesFilter
     end
   end
 end

lib/banzai/reference_parser/base_parser.rb

@@ -79,7 +79,11 @@ module Banzai
       def referenced_by(nodes)
         ids = unique_attribute_values(nodes, self.class.data_attribute)
 
-        references_relation.where(id: ids)
+        if ids.empty?
+          references_relation.none
+        else
+          references_relation.where(id: ids)
+        end
       end
 
       # Returns the ActiveRecord::Relation to use for querying references in the

lib/ci/version_info.rb

-class VersionInfo
-  include Comparable
-
-  attr_reader :major, :minor, :patch
-
-  def self.parse(str)
-    if str && m = str.match(/(\d+)\.(\d+)\.(\d+)/)
-      VersionInfo.new(m[1].to_i, m[2].to_i, m[3].to_i)
-    else
-      VersionInfo.new
-    end
-  end
-
-  def initialize(major = 0, minor = 0, patch = 0)
-    @major = major
-    @minor = minor
-    @patch = patch
-  end
-
-  def <=>(other)
-    return unless other.is_a? VersionInfo
-    return unless valid? && other.valid?
-
-    if other.major < @major
-      1
-    elsif @major < other.major
-      -1
-    elsif other.minor < @minor
-      1
-    elsif @minor < other.minor
-      -1
-    elsif other.patch < @patch
-      1
-    elsif @patch < other.patch
-      -1
-    else
-      0
-    end
-  end
-
-  def to_s
-    if valid?
-      "%d.%d.%d" % [@major, @minor, @patch]
-    else
-      "Unknown"
-    end
-  end
-
-  def valid?
-    @major >= 0 && @minor >= 0 && @patch >= 0 && @major + @minor + @patch > 0
-  end
-end

lib/gitlab/auth.rb

@@ -124,7 +124,7 @@ module Gitlab
             read_authentication_abilities
           end
 
-        Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.value, password)
+        Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.token, password)
       end
 
       def build_access_token_check(login, password)

lib/gitlab/lfs_token.rb

@@ -17,19 +17,13 @@ module Gitlab
         end
     end
 
-    def generate
-      token = Devise.friendly_token(TOKEN_LENGTH)
-
+    def token
       Gitlab::Redis.with do |redis|
+        token = redis.get(redis_key)
+        token ||= Devise.friendly_token(TOKEN_LENGTH)
         redis.set(redis_key, token, ex: EXPIRY_TIME)
-      end
 
-      token
-    end
-
-    def value
-      Gitlab::Redis.with do |redis|
-        redis.get(redis_key)
+        token
       end
     end
 

lib/gitlab/redis.rb

@@ -11,13 +11,6 @@ module Gitlab
     DEFAULT_REDIS_URL = 'redis://localhost:6379'
     CONFIG_FILE = File.expand_path('../../config/resque.yml', __dir__)
 
-    # To be thread-safe we must be careful when writing the class instance
-    # variables @_raw_config and @pool. Because @pool depends on @_raw_config we need two
-    # mutexes to prevent deadlock.
-    RAW_CONFIG_MUTEX = Mutex.new
-    POOL_MUTEX = Mutex.new
-    private_constant :RAW_CONFIG_MUTEX, :POOL_MUTEX
-
     class << self
       # Do NOT cache in an instance variable. Result may be mutated by caller.
       def params
@@ -31,24 +24,19 @@ module Gitlab
       end
 
       def with
-        if @pool.nil?
-          POOL_MUTEX.synchronize do
-            @pool = ConnectionPool.new { ::Redis.new(params) }
-          end
-        end
+        @pool ||= ConnectionPool.new { ::Redis.new(params) }
         @pool.with { |redis| yield redis }
       end
 
       def _raw_config
         return @_raw_config if defined?(@_raw_config)
 
-        RAW_CONFIG_MUTEX.synchronize do
-          begin
-            @_raw_config = File.read(CONFIG_FILE).freeze
-          rescue Errno::ENOENT
-            @_raw_config = false
-          end
+        begin
+          @_raw_config = File.read(CONFIG_FILE).freeze
+        rescue Errno::ENOENT
+          @_raw_config = false
         end
+
         @_raw_config
       end
     end

lib/tasks/flog.rake

-desc 'Code complexity analyze via flog'
-task :flog do
-  output = %x(bundle exec flog -m app/ lib/gitlab)
-  exit_code = 0
-  minimum_score = 70
-  output = output.lines
-
-  # Skip total complexity score
-  output.shift
-
-  # Skip some trash info
-  output.shift
-
-  output.each do |line|
-    score, method = line.split(" ")
-    score = score.to_i
-
-    if score > minimum_score
-      exit_code = 1
-      puts "High complexity in #{method}. Score: #{score}"
-    end
-  end
-
-  exit exit_code
-end

scripts/prepare_build.sh

@@ -39,7 +39,7 @@ if [ -f /.dockerenv ] || [ -f ./dockerinit ]; then
     cp config/resque.yml.example config/resque.yml
     sed -i 's/localhost/redis/g' config/resque.yml
 
-    export FLAGS=(--path vendor --retry 3)
+    export FLAGS=(--path vendor --retry 3 --quiet)
 else
     export PATH=$HOME/bin:/usr/local/bin:/usr/bin:/bin
     cp config/database.yml.mysql config/database.yml

spec/controllers/projects/repositories_controller_spec.rb

@@ -8,7 +8,7 @@ describe Projects::RepositoriesController do
       it 'responds with redirect in correct format' do
         get :archive, namespace_id: project.namespace.path, project_id: project.path, format: "zip"
 
-        expect(response.content_type).to start_with 'text/html'
+        expect(response.header["Content-Type"]).to start_with('text/html')
         expect(response).to be_redirect
       end
     end

spec/controllers/projects_controller_spec.rb

@@ -63,6 +63,28 @@ describe ProjectsController do
       end
     end
 
+    context "project with broken repo" do
+      let(:empty_project) { create(:project_broken_repo, :public) }
+
+      before { sign_in(user) }
+
+      User.project_views.keys.each do |project_view|
+        context "with #{project_view} view set" do
+          before do
+            user.update_attributes(project_view: project_view)
+
+            get :show, namespace_id: empty_project.namespace.path, id: empty_project.path
+          end
+
+          it "renders the empty project view" do
+            allow(Project).to receive(:repo).and_raise(Gitlab::Git::Repository::NoRepository)
+
+            expect(response).to render_template('projects/no_repo')
+          end
+        end
+      end
+    end
+
     context "rendering default project view" do
       render_views
 

spec/factories/projects.rb

@@ -27,6 +27,14 @@ FactoryGirl.define do
       end
     end
 
+    trait :broken_repo do
+      after(:create) do |project|
+        project.create_repository
+
+        FileUtils.rm_r(File.join(project.repository_storage_path, "#{project.path_with_namespace}.git", 'refs'))
+      end
+    end
+
     # Nest Project Feature attributes
     transient do
       wiki_access_level ProjectFeature::ENABLED
@@ -56,6 +64,13 @@ FactoryGirl.define do
     empty_repo
   end
 
+  # Project with broken repository
+  #
+  # Project with an invalid repository state
+  factory :project_broken_repo, parent: :empty_project do
+    broken_repo
+  end
+
   # Project with test repository
   #
   # Test repository source can be found at

spec/features/dashboard_issues_spec.rb

@@ -21,6 +21,7 @@ describe "Dashboard Issues filtering", feature: true, js: true do
 
       click_link 'No Milestone'
 
+      expect(page).to have_issuable_counts(open: 1, closed: 0, all: 1)
       expect(page).to have_selector('.issue', count: 1)
     end
 
@@ -29,6 +30,7 @@ describe "Dashboard Issues filtering", feature: true, js: true do
 
       click_link 'Any Milestone'
 
+      expect(page).to have_issuable_counts(open: 2, closed: 0, all: 2)
       expect(page).to have_selector('.issue', count: 2)
     end
 
@@ -39,6 +41,7 @@ describe "Dashboard Issues filtering", feature: true, js: true do
         click_link milestone.title
       end
 
+      expect(page).to have_issuable_counts(open: 1, closed: 0, all: 1)
       expect(page).to have_selector('.issue', count: 1)
     end
   end