Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-01-15

# Conflicts: # app/assets/javascripts/dispatcher.js # app/assets/stylesheets/framework.scss # doc/ci/autodeploy/index.md # doc/ci/examples/README.md # doc/ci/examples/dast.md # doc/ci/examples/sast_docker.md # doc/install/README.md # doc/topics/autodevops/index.md # spec/spec_helper.rb [ci skip]

Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-01-15
# Conflicts: # app/assets/javascripts/dispatcher.js # app/assets/stylesheets/framework.scss # doc/ci/autodeploy/index.md # doc/ci/examples/README.md # doc/ci/examples/dast.md # doc/ci/examples/sast_docker.md # doc/install/README.md # doc/topics/autodevops/index.md # spec/spec_helper.rb [ci skip]
159f844f · GitLab Bot · e2246dbd · 9e70ff34 · 159f844f · 159f844f
Commit 159f844f authored Jan 15, 2018 by GitLab Bot
33 changed files
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-0.67.0
+0.69.0
--- a/Gemfile
+++ b/Gemfile
@@ -419,7 +419,7 @@ group :ed25519 do
 end
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.69.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.73.0', require: 'gitaly'
 gem 'toml-rb', '~> 0.3.15', require: false

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -308,7 +308,7 @@ GEM
      po_to_json (>= 1.0.0)
      rails (>= 3.2.0)
    gherkin-ruby (0.3.2)
-    gitaly-proto (0.69.0)
+    gitaly-proto (0.73.0)
      google-protobuf (~> 3.1)
      grpc (~> 1.0)
    github-linguist (4.7.6)
@@ -1089,7 +1089,7 @@ DEPENDENCIES
  gettext (~> 3.2.2)
  gettext_i18n_rails (~> 1.8.0)
  gettext_i18n_rails_js (~> 1.2.0)
-  gitaly-proto (~> 0.69.0)
+  gitaly-proto (~> 0.73.0)
  github-linguist (~> 4.7.0)
  gitlab-flowdock-git-hook (~> 1.0.1)
  gitlab-license (~> 1.0)

--- a/app/assets/javascripts/dispatcher.js
+++ b/app/assets/javascripts/dispatcher.js
@@ -10,7 +10,6 @@ import notificationsDropdown from './notifications_dropdown';
 import groupAvatar from './group_avatar';
 import GroupLabelSubscription from './group_label_subscription';
 import LineHighlighter from './line_highlighter';
-import NewCommitForm from './new_commit_form';
 import Project from './project';
 import projectAvatar from './project_avatar';
 import MergeRequest from './merge_request';
@@ -34,7 +33,6 @@ import ShortcutsWiki from './shortcuts_wiki';
 import BlobViewer from './blob/viewer/index';
 import AutoWidthDropdownSelect from './issuable/auto_width_dropdown_select';
 import UsersSelect from './users_select';
-import RefSelectDropdown from './ref_select_dropdown';
 import GfmAutoComplete from './gfm_auto_complete';
 import Star from './star';
 import TreeView from './tree';
@@ -287,9 +285,9 @@ import initLDAPGroupsSelect from 'ee/ldap_groups_select'; // eslint-disable-line
          initApprovals();
          break;
        case 'projects:tags:new':
-          new ZenMode();
+          import('./pages/projects/tags/new')
-          new GLForm($('.tag-form'), true);
+            .then(callDefault)
-          new RefSelectDropdown($('.js-branch-select'));
+            .catch(fail);
          break;
        case 'projects:snippets:show':
          initNotes();
@@ -460,6 +458,7 @@ import initLDAPGroupsSelect from 'ee/ldap_groups_select'; // eslint-disable-line
          groupAvatar();
          break;
        case 'projects:tree:show':
+<<<<<<< HEAD
          shortcut_handler = new ShortcutsNavigation();
          new TreeView();
          new BlobViewer();
@@ -475,6 +474,12 @@ import initLDAPGroupsSelect from 'ee/ldap_groups_select'; // eslint-disable-line
          $('#tree-slider').waitForImages(function() {
            ajaxGet(document.querySelector('.js-tree-content').dataset.logsPath);
          });
+=======
+          import('./pages/projects/tree/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
+>>>>>>> upstream/master
          break;
        case 'projects:find_file:show':
          import('./pages/projects/find_file/show')

--- a/app/assets/javascripts/pages/projects/tags/new/index.js
+++ b/app/assets/javascripts/pages/projects/tags/new/index.js
+import RefSelectDropdown from '../../../../ref_select_dropdown';
+import ZenMode from '../../../../zen_mode';
+import GLForm from '../../../../gl_form';
+export default () => {
+  new ZenMode(); // eslint-disable-line no-new
+  new GLForm($('.tag-form'), true); // eslint-disable-line no-new
+  new RefSelectDropdown($('.js-branch-select')); // eslint-disable-line no-new
+};
--- a/app/assets/javascripts/pages/projects/tree/show/index.js
+++ b/app/assets/javascripts/pages/projects/tree/show/index.js
+import TreeView from '../../../../tree';
+import ShortcutsNavigation from '../../../../shortcuts_navigation';
+import BlobViewer from '../../../../blob/viewer';
+import NewCommitForm from '../../../../new_commit_form';
+import { ajaxGet } from '../../../../lib/utils/common_utils';
+export default () => {
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+  new TreeView(); // eslint-disable-line no-new
+  new BlobViewer(); // eslint-disable-line no-new
+  new NewCommitForm($('.js-create-dir-form')); // eslint-disable-line no-new
+  $('#tree-slider').waitForImages(() =>
+    ajaxGet(document.querySelector('.js-tree-content').dataset.logsPath));
+};
--- a/app/assets/stylesheets/framework.scss
+++ b/app/assets/stylesheets/framework.scss
@@ -59,4 +59,7 @@
 @import "framework/memory_graph";
 @import "framework/responsive_tables";
 @import "framework/stacked-progress-bar";
+<<<<<<< HEAD
 @import "framework/sortable";
+=======
+>>>>>>> upstream/master
--- a/app/views/projects/jobs/_empty_state.html.haml
+++ b/app/views/projects/jobs/_empty_state.html.haml
 - illustration = local_assigns.fetch(:illustration)
 - illustration_size = local_assigns.fetch(:illustration_size)
 - title = local_assigns.fetch(:title)
- content = local_assigns.fetch(:content)
+- content = local_assigns.fetch(:content, nil)
 - action = local_assigns.fetch(:action, nil)
 .row.empty-state
@@ -11,7 +11,8 @@
  .col-xs-12
    .text-content
      %h4.text-center= title
-      %p= content
+      - if content
+        %p= content
      - if action
        .text-center
          = action
--- a/app/views/projects/jobs/show.html.haml
+++ b/app/views/projects/jobs/show.html.haml
@@ -95,14 +95,13 @@
        illustration: 'illustrations/manual_action.svg',
        illustration_size: 'svg-394',
        title: _('This job requires a manual action'),
-        content: _('This job depends on a user to trigger its process. Often they are used to deploy code to production environments.'),
+        content: _('This job depends on a user to trigger its process. Often they are used to deploy code to production environments'),
-        action: ( link_to _('Trigger this manual action'), play_project_job_path(@project, @build), class: 'btn btn-primary', title: _('Trigger this manual action') )
+        action: ( link_to _('Trigger this manual action'), play_project_job_path(@project, @build), method: :post, class: 'btn btn-primary', title: _('Trigger this manual action') )
    - else
      = render 'empty_state',
        illustration: 'illustrations/job_not_triggered.svg',
        illustration_size: 'svg-306',
-        title: _('This job has not been triggered yet'),
+        title: _('This job has not been triggered yet')
-        content: _('This job depends on upstream jobs that need to succeed in order for this job to be triggered.')
  = render "sidebar"

--- a/app/workers/repository_fork_worker.rb
+++ b/app/workers/repository_fork_worker.rb
@@ -17,10 +17,7 @@ class RepositoryForkWorker
                                          project.repository_storage_path, project.disk_path)
    raise "Unable to fork project #{project_id} for repository #{source_disk_path} -> #{project.disk_path}" unless result
-    project.repository.after_import
+    project.after_import
-    raise "Project #{project_id} had an invalid repository after fork" unless project.valid_repo?
-    project.import_finish
  end
  private

--- a/changelogs/unreleased/19493-fork-does-not-protect-default-branch.yml
+++ b/changelogs/unreleased/19493-fork-does-not-protect-default-branch.yml
+---
+title: Makes forking protect default branch on completion
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/38540-ssh-env-file.yml
+++ b/changelogs/unreleased/38540-ssh-env-file.yml
+---
+title: 'Closes #38540 - Remove .ssh/environment file that now breaks the gitlab:check
+  rake task'
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/42025-fix-issue-api.yml
+++ b/changelogs/unreleased/42025-fix-issue-api.yml
+---
+title: "[API] Fix creating issue when assignee_id is empty"
+merge_request:
+author:
+type: fixed
--- a/doc/ci/autodeploy/index.md
+++ b/doc/ci/autodeploy/index.md
@@ -37,7 +37,11 @@ during the deployment.
 We made a [simple guide](quick_start_guide.md) to using Auto Deploy with GitLab.com.
+<<<<<<< HEAD
 For a demonstration of GitLab Auto Deploy, read the blog post [Auto Deploy from GitLab to an OpenShift Container Cluster](https://about.gitlab.com/2017/05/16/devops-containers-gitlab-openshift/).
+=======
+For a demonstration of GitLab Auto Deploy, read the blog post [Auto Deploy from GitLab to an OpenShift Container Cluster](https://about.gitlab.com/2017/05/16/devops-containers-gitlab-openshift/)
+>>>>>>> upstream/master
 ## Supported templates

--- a/doc/ci/examples/README.md
+++ b/doc/ci/examples/README.md
@@ -43,7 +43,11 @@ There's also a collection of repositories with [example projects](https://gitlab
 ### Static Application Security Testing (SAST)
+<<<<<<< HEAD
 - **(EEU)** [Scan your code for vulnerabilities](sast.md)
+=======
+- **(EEU)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html)
+>>>>>>> upstream/master
 - [Scan your Docker images for vulnerabilities](sast_docker.md)
 ### Dynamic Application Security Testing (DAST)

--- a/doc/ci/examples/dast.md
+++ b/doc/ci/examples/dast.md
@@ -30,6 +30,10 @@ Starting with [GitLab Enterprise Edition Ultimate][ee] 10.4, this information wi
 be automatically extracted and shown right in the merge request widget. To do
 so, the CI job must be named `dast` and the artifact path must be
 `gl-dast-report.json`.
+<<<<<<< HEAD
 [Learn more on dynamic application security testing results shown in merge requests](../../user/project/merge_requests/dast.md).
+=======
+[Learn more on dynamic application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/dast.html).
+>>>>>>> upstream/master
 [ee]: https://about.gitlab.com/gitlab-ee/
--- a/doc/ci/examples/sast_docker.md
+++ b/doc/ci/examples/sast_docker.md
@@ -50,6 +50,10 @@ Starting with [GitLab Enterprise Edition Ultimate][ee] 10.4, this information wi
 be automatically extracted and shown right in the merge request widget. To do
 so, the CI/CD job must be named `sast:container` and the artifact path must be
 `gl-sast-container-report.json`.
+<<<<<<< HEAD
 [Learn more on application security testing results shown in merge requests](../../user/project/merge_requests/sast_docker.md).
+=======
+[Learn more on application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html).
+>>>>>>> upstream/master
 [ee]: https://about.gitlab.com/gitlab-ee/
--- a/doc/install/README.md
+++ b/doc/install/README.md
@@ -36,8 +36,11 @@ the full process of installing GitLab on Google Container Engine (GKE), pushing
 - [Install on AWS](https://about.gitlab.com/aws/)
 - _Testing only!_ [DigitalOcean and Docker Machine](digitaloceandocker.md) -
  Quickly test any version of GitLab on DigitalOcean using Docker Machine.
+<<<<<<< HEAD
 - [GitLab Pivotal Tile](pivotal/index.md) - Install and configure GitLab
  Enterprise Edition Premium on Pivotal Cloud Foundry.
+=======
+>>>>>>> upstream/master
 - [Getting started with GitLab and DigitalOcean](ttps://about.gitlab.com/2016/04/27/getting-started-with-gitlab-and-digitalocean/): requirements, installation process, updates.
 - [Demo: Cloud Native Development with GitLab](https://about.gitlab.com/2017/04/18/cloud-native-demo/): video demonstration on how to install GitLab on Kubernetes, build a project, create Review Apps, store Docker images in Container Registry, deploy to production on Kubernetes, and monitor with Prometheus.

--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -201,7 +201,11 @@ out.
 In GitLab Enterprise Edition Starter, differences between the source and
 target branches are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/code_quality_diff.md).
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality_diff.html).
+>>>>>>> upstream/master
 ### Auto SAST
@@ -214,7 +218,11 @@ report is created, it's uploaded as an artifact which you can later download and
 check out.
 In GitLab Enterprise Edition Ultimate, any security warnings are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/sast.md).
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html).
+>>>>>>> upstream/master
 ### Auto SAST for Docker images
@@ -227,7 +235,11 @@ created, it's uploaded as an artifact which you can later download and
 check out.
 In GitLab Enterprise Edition Ultimate, any security warnings are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/sast_docker.md).
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html).
+>>>>>>> upstream/master
 ### Auto DAST
@@ -240,7 +252,11 @@ issues. Once the report is created, it's uploaded as an artifact which you can
 later download and check out.
 In GitLab Enterprise Edition Ultimate, any security warnings are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/dast.md).
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/dast.html).
+>>>>>>> upstream/master
 ### Auto Browser Performance Testing

--- a/lib/api/circuit_breakers.rb
+++ b/lib/api/circuit_breakers.rb
@@ -17,11 +17,11 @@ module API
            end
            def storage_health
-              @failing_storage_health ||= Gitlab::Git::Storage::Health.for_all_storages
+              @storage_health ||= Gitlab::Git::Storage::Health.for_all_storages
            end
          end
-          desc 'Get all failing git storages' do
+          desc 'Get all git storages' do
            detail 'This feature was introduced in GitLab 9.5'
            success Entities::RepositoryStorageHealth
          end

--- a/lib/gitlab/git/gitlab_projects.rb
+++ b/lib/gitlab/git/gitlab_projects.rb
@@ -44,29 +44,13 @@ module Gitlab
      # Import project via git clone --bare
      # URL must be publicly cloneable
      def import_project(source, timeout)
-        # Skip import if repo already exists
+        Gitlab::GitalyClient.migrate(:import_repository) do |is_enabled|
-        return false if File.exist?(repository_absolute_path)
+          if is_enabled
+            gitaly_import_repository(source)
-        masked_source = mask_password_in_url(source)
+          else
+            git_import_repository(source, timeout)
-        logger.info "Importing project from <#{masked_source}> to <#{repository_absolute_path}>."
+          end
-        cmd = %W(git clone --bare -- #{source} #{repository_absolute_path})
-        success = run_with_timeout(cmd, timeout, nil)
-        unless success
-          logger.error("Importing project from <#{masked_source}> to <#{repository_absolute_path}> failed.")
-          FileUtils.rm_rf(repository_absolute_path)
-          return false
        end
-        Gitlab::Git::Repository.create_hooks(repository_absolute_path, global_hooks_path)
-        # The project was imported successfully.
-        # Remove the origin URL since it may contain password.
-        remove_origin_in_repo
-        true
      end
      def fork_repository(new_shard_path, new_repository_relative_path)
@@ -231,6 +215,42 @@ module Gitlab
          raise(ShardNameNotFoundError, "no shard found for path '#{shard_path}'")
      end
+      def git_import_repository(source, timeout)
+        # Skip import if repo already exists
+        return false if File.exist?(repository_absolute_path)
+        masked_source = mask_password_in_url(source)
+        logger.info "Importing project from <#{masked_source}> to <#{repository_absolute_path}>."
+        cmd = %W(git clone --bare -- #{source} #{repository_absolute_path})
+        success = run_with_timeout(cmd, timeout, nil)
+        unless success
+          logger.error("Importing project from <#{masked_source}> to <#{repository_absolute_path}> failed.")
+          FileUtils.rm_rf(repository_absolute_path)
+          return false
+        end
+        Gitlab::Git::Repository.create_hooks(repository_absolute_path, global_hooks_path)
+        # The project was imported successfully.
+        # Remove the origin URL since it may contain password.
+        remove_origin_in_repo
+        true
+      end
+      def gitaly_import_repository(source)
+        raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil)
+        Gitlab::GitalyClient::RepositoryService.new(raw_repository).import_repository(source)
+        true
+      rescue GRPC::BadStatus => e
+        @output << e.message
+        false
+      end
      def git_fork_repository(new_shard_path, new_repository_relative_path)
        from_path = repository_absolute_path
        to_path = File.join(new_shard_path, new_repository_relative_path)

--- a/lib/gitlab/gitaly_client/commit_service.rb
+++ b/lib/gitlab/gitaly_client/commit_service.rb
@@ -177,7 +177,7 @@ module Gitlab
        response = GitalyClient.call(@repository.storage, :commit_service, :list_commits_by_oid, request, timeout: GitalyClient.medium_timeout)
        consume_commits_response(response)
-      rescue GRPC::Unknown # If no repository is found, happens mainly during testing
+      rescue GRPC::NotFound # If no repository is found, happens mainly during testing
        []
      end

--- a/lib/gitlab/gitaly_client/repository_service.rb
+++ b/lib/gitlab/gitaly_client/repository_service.rb
@@ -100,6 +100,21 @@ module Gitlab
        )
      end
+      def import_repository(source)
+        request = Gitaly::CreateRepositoryFromURLRequest.new(
+          repository: @gitaly_repo,
+          url: source
+        )
+        GitalyClient.call(
+          @storage,
+          :repository_service,
+          :create_repository_from_url,
+          request,
+          timeout: GitalyClient.default_timeout
+        )
+      end
      def rebase_in_progress?(rebase_id)
        request = Gitaly::IsRebaseInProgressRequest.new(
          repository: @gitaly_repo,

--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -36,7 +36,11 @@ module Gitlab
        def complete_command(namespace_name)
          return unless chart
-          "helm install #{chart} --name #{name} --namespace #{namespace_name} >/dev/null"
+          if chart_values_file
+            "helm install #{chart} --name #{name} --namespace #{namespace_name} -f /data/helm/#{name}/config/values.yaml >/dev/null"
+          else
+            "helm install #{chart} --name #{name} --namespace #{namespace_name} >/dev/null"
+          end
        end
        def install_dps_command

--- a/lib/gitlab/kubernetes/helm/pod.rb
+++ b/lib/gitlab/kubernetes/helm/pod.rb
@@ -10,9 +10,10 @@ module Gitlab
        def generate
          spec = { containers: [container_specification], restartPolicy: 'Never' }
          if command.chart_values_file
-            generate_config_map
+            create_config_map
-            spec['volumes'] = volumes_specification
+            spec[:volumes] = volumes_specification
          end
          ::Kubeclient::Resource.new(metadata: metadata, spec: spec)
@@ -35,19 +36,39 @@ module Gitlab
        end
        def labels
-          { 'gitlab.org/action': 'install', 'gitlab.org/application': command.name }
+          {
+            'gitlab.org/action': 'install',
+            'gitlab.org/application': command.name
+          }
        end
        def metadata
-          { name: command.pod_name, namespace: namespace_name, labels: labels }
+          {
+            name: command.pod_name,
+            namespace: namespace_name,
+            labels: labels
+          }
        end
        def volume_mounts_specification
-          [{ name: 'config-volume', mountPath: '/etc/config' }]
+          [
+            {
+              name: 'configuration-volume',
+              mountPath: "/data/helm/#{command.name}/config"
+            }
+          ]
        end
        def volumes_specification
-          [{ name: 'config-volume', configMap: { name: 'values-config' } }]
+          [
+            {
+              name: 'configuration-volume',
+              configMap: {
+                name: 'values-content-configuration',
+                items: [{ key: 'values', path: 'values.yaml' }]
+              }
+            }
+          ]
        end
        def generate_pod_env(command)
@@ -58,10 +79,10 @@ module Gitlab
          }.map { |key, value| { name: key, value: value } }
        end
-        def generate_config_map
+        def create_config_map
          resource = ::Kubeclient::Resource.new
-          resource.metadata = { name: 'values-config', namespace: namespace_name }
+          resource.metadata = { name: 'values-content-configuration', namespace: namespace_name, labels: { name: 'values-content-configuration' } }
-          resource.data = YAML.load_file(command.chart_values_file)
+          resource.data = { values: File.read(command.chart_values_file) }
          kubeclient.create_config_map(resource)
        end
      end

--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@@ -54,16 +54,6 @@ namespace :gitlab do
      # (Re)create hooks
      Rake::Task['gitlab:shell:create_hooks'].invoke
-      # Required for debian packaging with PKGR: Setup .ssh/environment with
-      # the current PATH, so that the correct ruby version gets loaded
-      # Requires to set "PermitUserEnvironment yes" in sshd config (should not
-      # be an issue since it is more than likely that there are no "normal"
-      # user accounts on a gitlab server). The alternative is for the admin to
-      # install a ruby (1.9.3+) in the global path.
-      File.open(File.join(user_home, ".ssh", "environment"), "w+") do |f|
-        f.puts "PATH=#{ENV['PATH']}"
-      end
      Gitlab::Shell.ensure_secret_token!
    end

--- a/spec/features/projects/jobs_spec.rb
+++ b/spec/features/projects/jobs_spec.rb
@@ -391,9 +391,18 @@ feature 'Jobs' do
      it 'shows manual action empty state' do
        expect(page).to have_content('This job requires a manual action')
-        expect(page).to have_content('This job depends on a user to trigger its process. Often they are used to deploy code to production environments.')
+        expect(page).to have_content('This job depends on a user to trigger its process. Often they are used to deploy code to production environments')
        expect(page).to have_link('Trigger this manual action')
      end
+      it 'plays manual action', :js do
+        click_link 'Trigger this manual action'
+        wait_for_requests
+        expect(page).to have_content('This job has not been triggered')
+        expect(page).to have_content('This job is stuck, because the project doesn\'t have any runners online assigned to it.')
+        expect(page).to have_content('pending')
+      end
    end
    context 'Non triggered job' do
@@ -403,9 +412,8 @@ feature 'Jobs' do
        visit project_job_path(project, job)
      end
-      it 'shows manual action empty state' do
+      it 'shows empty state' do
        expect(page).to have_content('This job has not been triggered yet')
-        expect(page).to have_content('This job depends on upstream jobs that need to succeed in order for this job to be triggered.')
      end
    end
  end

--- a/spec/lib/gitlab/git/gitlab_projects_spec.rb
+++ b/spec/lib/gitlab/git/gitlab_projects_spec.rb
@@ -158,39 +158,55 @@ describe Gitlab::Git::GitlabProjects do
    subject { gl_projects.import_project(import_url, timeout) }
-    context 'success import' do
+    shared_examples 'importing repository' do
-      it 'imports a repo' do
+      context 'success import' do
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+        it 'imports a repo' do
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
-        message = "Importing project from <#{import_url}> to <#{tmp_repo_path}>."
+          is_expected.to be_truthy
-        expect(logger).to receive(:info).with(message)
-        is_expected.to be_truthy
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_truthy
+        end
+      end
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_truthy
+      context 'already exists' do
+        it "doesn't import" do
+          FileUtils.mkdir_p(tmp_repo_path)
+          is_expected.to be_falsy
+        end
      end
    end
-    context 'already exists' do
+    context 'when Gitaly import_repository feature is enabled' do
-      it "doesn't import" do
+      it_behaves_like 'importing repository'
-        FileUtils.mkdir_p(tmp_repo_path)
+    end
+    context 'when Gitaly import_repository feature is disabled', :disable_gitaly do
+      describe 'logging' do
+        it 'imports a repo' do
+          message = "Importing project from <#{import_url}> to <#{tmp_repo_path}>."
+          expect(logger).to receive(:info).with(message)
-        is_expected.to be_falsy
+          subject
+        end
      end
-    end
-    context 'timeout' do
+      context 'timeout' do
-      it 'does not import a repo' do
+        it 'does not import a repo' do
-        stub_spawn_timeout(cmd, timeout, nil)
+          stub_spawn_timeout(cmd, timeout, nil)
-        message = "Importing project from <#{import_url}> to <#{tmp_repo_path}> failed."
+          message = "Importing project from <#{import_url}> to <#{tmp_repo_path}> failed."
-        expect(logger).to receive(:error).with(message)
+          expect(logger).to receive(:error).with(message)
-        is_expected.to be_falsy
+          is_expected.to be_falsy
-        expect(gl_projects.output).to eq("Timed out\n")
+          expect(gl_projects.output).to eq("Timed out\n")
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+        end
      end
+      it_behaves_like 'importing repository'
    end
  end

--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -100,6 +100,25 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        is_expected.to eq(command)
      end
    end
+    context 'when chart values file is present' do
+      let(:install_command) { described_class.new(prometheus.name, chart: prometheus.chart, chart_values_file: prometheus.chart_values_file) }
+      let(:command) do
+        <<~MSG.chomp
+        set -eo pipefail
+        apk add -U ca-certificates openssl >/dev/null
+        wget -q -O - https://kubernetes-helm.storage.googleapis.com/helm-v2.7.0-linux-amd64.tar.gz | tar zxC /tmp >/dev/null
+        mv /tmp/linux-amd64/helm /usr/bin/
+        helm init --client-only >/dev/null
+        helm install #{prometheus.chart} --name #{prometheus.name} --namespace #{namespace.name} -f /data/helm/#{prometheus.name}/config/values.yaml >/dev/null
+        MSG
+      end
+      it 'should return appropriate command' do
+        is_expected.to eq(command)
+      end
+    end
  end
  describe "#pod_name" do

--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -52,18 +52,20 @@ describe Gitlab::Kubernetes::Helm::Pod do
      it 'should include volumes for the container' do
        container = subject.generate.spec.containers.first
-        expect(container.volumeMounts.first['name']).to eq('config-volume')
+        expect(container.volumeMounts.first['name']).to eq('configuration-volume')
-        expect(container.volumeMounts.first['mountPath']).to eq('/etc/config')
+        expect(container.volumeMounts.first['mountPath']).to eq("/data/helm/#{app.name}/config")
      end
      it 'should include a volume inside the specification' do
        spec = subject.generate.spec
-        expect(spec.volumes.first['name']).to eq('config-volume')
+        expect(spec.volumes.first['name']).to eq('configuration-volume')
      end
      it 'should mount configMap specification in the volume' do
        spec = subject.generate.spec
-        expect(spec.volumes.first.configMap['name']).to eq('values-config')
+        expect(spec.volumes.first.configMap['name']).to eq('values-content-configuration')
+        expect(spec.volumes.first.configMap['items'].first['key']).to eq('values')
+        expect(spec.volumes.first.configMap['items'].first['path']).to eq('values.yaml')
      end
    end

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -104,11 +104,14 @@ RSpec.configure do |config|
    TestEnv.init
  end
+<<<<<<< HEAD
  config.before(:all) do
    License.destroy_all
    TestLicense.init
  end
+=======
+>>>>>>> upstream/master
  config.before(:example) do
    # Skip pre-receive hook check so we can use the web editor and merge.
    allow_any_instance_of(Gitlab::Git::Hook).to receive(:trigger).and_return([true, nil])

--- a/spec/workers/repository_fork_worker_spec.rb
+++ b/spec/workers/repository_fork_worker_spec.rb
@@ -47,6 +47,14 @@ describe RepositoryForkWorker do
      perform!
    end
+    it 'protects the default branch' do
+      expect_fork_repository.and_return(true)
+      perform!
+      expect(fork_project.protected_branches.first.name).to eq(fork_project.default_branch)
+    end
    it 'flushes various caches' do
      expect_fork_repository.and_return(true)

--- a/vendor/prometheus/values.yaml
+++ b/vendor/prometheus/values.yaml
-alertmanager: |
+alertmanager:
  enabled: false
-kubeStateMetrics: |
+kubeStateMetrics:
-  enabled: 'false'
+  enabled: false
-nodeExporter: |
+nodeExporter:
-  enabled: 'false'
+  enabled: false
-pushgateway: |
+pushgateway:
-  enabled: 'false'
+  enabled: false
-serverFiles: |
+serverFiles:
-  alerts: ''
+  alerts: ""
-  rules: ''
+  rules: ""
  prometheus.yml: |-
-    rule_files: |
+    rule_files:
      - /etc/config/rules
      - /etc/config/alerts
-    scrape_configs: |
+    scrape_configs:
      - job_name: prometheus
-        static_configs: |
+        static_configs:
          - targets:
            - localhost:9090
      - job_name: 'kubernetes-apiservers'
-        kubernetes_sd_configs: |
+        kubernetes_sd_configs:
          - role: endpoints
        scheme: https
        tls_config:
@@ -37,14 +40,17 @@ serverFiles: |
          - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
            action: keep
            regex: default;kubernetes;https
      - job_name: 'kubernetes-nodes'
        scheme: https
        tls_config:
          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
          insecure_skip_verify: true
        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
        kubernetes_sd_configs:
          - role: node
        relabel_configs:
          - action: labelmap
            regex: __meta_kubernetes_node_label_(.+)
@@ -54,14 +60,15 @@ serverFiles: |
            regex: (.+)
            target_label: __metrics_path__
            replacement: /api/v1/nodes/${1}/proxy/metrics
      - job_name: 'kubernetes-service-endpoints'
        kubernetes_sd_configs:
          - role: endpoints
-        relabel_configs: |
+        relabel_configs:
          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
            action: keep
-            regex: 'true'
+            regex: true
          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
            action: replace
            target_label: __scheme__
@@ -83,24 +90,30 @@ serverFiles: |
          - source_labels: [__meta_kubernetes_service_name]
            action: replace
            target_label: kubernetes_name
      - job_name: 'prometheus-pushgateway'
        honor_labels: true
-        kubernetes_sd_configs: |
+        kubernetes_sd_configs:
          - role: service
-        relabel_configs: |
+        relabel_configs:
          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
            action: keep
            regex: pushgateway
      - job_name: 'kubernetes-services'
        metrics_path: /probe
-        params: |
+        params:
          module: [http_2xx]
-        kubernetes_sd_configs: |
+        kubernetes_sd_configs:
          - role: service
-        relabel_configs: |
+        relabel_configs:
          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
            action: keep
-            regex: 'true'
+            regex: true
          - source_labels: [__address__]
            target_label: __param_target
          - target_label: __address__
@@ -113,17 +126,25 @@ serverFiles: |
            target_label: kubernetes_namespace
          - source_labels: [__meta_kubernetes_service_name]
            target_label: kubernetes_name
      - job_name: 'kubernetes-pods'
        kubernetes_sd_configs:
          - role: pod
        relabel_configs:
          - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
            action: keep
-            regex: 'true'
+            regex: true
          - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
            action: replace
            target_label: __metrics_path__
            regex: (.+)
+          - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
+            action: replace
+            regex: (.+):(?:\d+);(\d+)
+            replacement: ${1}:${2}
+            target_label: __address__
          - action: labelmap
            regex: __meta_kubernetes_pod_label_(.+)
          - source_labels: [__meta_kubernetes_namespace]