Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ee into reorder-issues-epic

# Conflicts:
#	ee/lib/api/epic_issues.rb
#	spec/ee/spec/requests/api/epic_issues_spec.rb

.gitlab-ci.yml

@@ -625,6 +625,14 @@ codequality:
   artifacts:
     paths: [codeclimate.json]
 
+sast:
+  image: registry.gitlab.com/gitlab-org/gl-sast:latest
+  before_script: []
+  script:
+    - /app/bin/run .
+  artifacts:
+    paths: [gl-sast-report.json]
+
 qa:internal:
   <<: *dedicated-runner
   <<: *except-docs

.rubocop.yml

@@ -3,6 +3,7 @@ inherit_gem:
     - rubocop-default.yml
 
 inherit_from: .rubocop_todo.yml
+require: ./rubocop/rubocop
 
 AllCops:
   TargetRailsVersion: 4.2

GITALY_SERVER_VERSION

-0.60.0
+0.64.0

Gemfile

@@ -12,7 +12,7 @@ gem 'sprockets', '~> 3.7.0'
 gem 'default_value_for', '~> 3.0.0'
 
 # Supported DBs
-gem 'mysql2', '~> 0.4.5', group: :mysql
+gem 'mysql2', '~> 0.4.10', group: :mysql
 gem 'pg', '~> 0.18.2', group: :postgres
 
 gem 'rugged', '~> 0.26.0'
@@ -295,7 +295,7 @@ group :metrics do
   gem 'influxdb', '~> 0.2', require: false
 
   # Prometheus
-  gem 'prometheus-client-mmap', '~> 0.7.0.beta43'
+  gem 'prometheus-client-mmap', '~> 0.7.0.beta44'
   gem 'raindrops', '~> 0.18'
 end
 
@@ -418,7 +418,7 @@ group :ed25519 do
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.61.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.62.0', require: 'gitaly'
 
 gem 'toml-rb', '~> 0.3.15', require: false
 

Gemfile.lock

@@ -308,7 +308,7 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     gherkin-ruby (0.3.2)
-    gitaly-proto (0.61.0)
+    gitaly-proto (0.62.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.0)
     github-linguist (4.7.6)
@@ -533,7 +533,7 @@ GEM
     mustermann (1.0.0)
     mustermann-grape (1.0.0)
       mustermann (~> 1.0.0)
-    mysql2 (0.4.5)
+    mysql2 (0.4.10)
     net-ldap (0.16.0)
     net-ntp (2.1.3)
     net-ssh (4.1.0)
@@ -663,7 +663,7 @@ GEM
       parser
       unparser
     procto (0.0.3)
-    prometheus-client-mmap (0.7.0.beta43)
+    prometheus-client-mmap (0.7.0.beta44)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
@@ -737,7 +737,7 @@ GEM
       json
     recursive-open-struct (1.0.0)
     redcarpet (3.4.0)
-    redis (3.3.3)
+    redis (3.3.5)
     redis-actionpack (5.0.2)
       actionpack (>= 4.0, < 6)
       redis-rack (>= 1, < 3)
@@ -868,11 +868,11 @@ GEM
       rack
     shoulda-matchers (3.1.2)
       activesupport (>= 4.0.0)
-    sidekiq (5.0.4)
+    sidekiq (5.0.5)
       concurrent-ruby (~> 1.0)
       connection_pool (~> 2.2, >= 2.2.0)
       rack-protection (>= 1.5.0)
-      redis (~> 3.3, >= 3.3.3)
+      redis (>= 3.3.4, < 5)
     sidekiq-cron (0.6.0)
       rufus-scheduler (>= 3.3.0)
       sidekiq (>= 4.2.1)
@@ -1081,7 +1081,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.2.0)
-  gitaly-proto (~> 0.61.0)
+  gitaly-proto (~> 0.62.0)
   github-linguist (~> 4.7.0)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-license (~> 1.0)
@@ -1124,7 +1124,7 @@ DEPENDENCIES
   method_source (~> 0.8)
   minitest (~> 5.7.0)
   mousetrap-rails (~> 1.4.6)
-  mysql2 (~> 0.4.5)
+  mysql2 (~> 0.4.10)
   net-ldap
   net-ntp
   net-ssh (~> 4.1.0)
@@ -1160,7 +1160,7 @@ DEPENDENCIES
   peek-sidekiq (~> 1.0.3)
   pg (~> 0.18.2)
   premailer-rails (~> 1.9.7)
-  prometheus-client-mmap (~> 0.7.0.beta43)
+  prometheus-client-mmap (~> 0.7.0.beta44)
   pry-byebug (~> 3.4.1)
   pry-rails (~> 0.3.4)
   rack-attack (~> 4.4.1)

app/assets/javascripts/boards/boards_bundle.js

@@ -108,7 +108,6 @@ $(() => {
 
             if (list.type === 'closed') {
               list.position = Infinity;
-              list.label = { description: 'Shows all closed issues. Moving an issue to this list closes it' };
             } else if (list.type === 'backlog') {
               list.position = -1;
             }

app/assets/javascripts/filtered_search/filtered_search_manager.js

@@ -140,7 +140,7 @@ class FilteredSearchManager {
     this.handleInputVisualTokenWrapper = this.handleInputVisualToken.bind(this);
     this.checkForEnterWrapper = this.checkForEnter.bind(this);
     this.onClearSearchWrapper = this.onClearSearch.bind(this);
-    this.checkForBackspaceWrapper = this.checkForBackspace.bind(this);
+    this.checkForBackspaceWrapper = this.checkForBackspace.call(this);
     this.removeSelectedTokenKeydownWrapper = this.removeSelectedTokenKeydown.bind(this);
     this.unselectEditTokensWrapper = this.unselectEditTokens.bind(this);
     this.editTokenWrapper = this.editToken.bind(this);
@@ -193,22 +193,34 @@ class FilteredSearchManager {
     this.unbindStateEvents();
   }
 
-  checkForBackspace(e) {
-    // 8 = Backspace Key
-    // 46 = Delete Key
-    if (e.keyCode === 8 || e.keyCode === 46) {
-      const { lastVisualToken } = gl.FilteredSearchVisualTokens.getLastVisualTokenBeforeInput();
+  checkForBackspace() {
+    let backspaceCount = 0;
+
+    // closure for keeping track of the number of backspace keystrokes
+    return (e) => {
+      // 8 = Backspace Key
+      // 46 = Delete Key
+      if (e.keyCode === 8 || e.keyCode === 46) {
+        const { lastVisualToken } = gl.FilteredSearchVisualTokens.getLastVisualTokenBeforeInput();
+        const { tokenName, tokenValue } = gl.DropdownUtils.getVisualTokenValues(lastVisualToken);
+        const canEdit = tokenName && this.canEdit && this.canEdit(tokenName, tokenValue);
+
+        if (this.filteredSearchInput.value === '' && lastVisualToken && canEdit) {
+          backspaceCount += 1;
+
+          if (backspaceCount === 2) {
+            backspaceCount = 0;
+            this.filteredSearchInput.value = gl.FilteredSearchVisualTokens.getLastTokenPartial();
+            gl.FilteredSearchVisualTokens.removeLastTokenPartial();
+          }
+        }
 
-      const { tokenName, tokenValue } = gl.DropdownUtils.getVisualTokenValues(lastVisualToken);
-      const canEdit = tokenName && this.canEdit && this.canEdit(tokenName, tokenValue);
-      if (this.filteredSearchInput.value === '' && lastVisualToken && canEdit) {
-        this.filteredSearchInput.value = gl.FilteredSearchVisualTokens.getLastTokenPartial();
-        gl.FilteredSearchVisualTokens.removeLastTokenPartial();
+        // Reposition dropdown so that it is aligned with cursor
+        this.dropdownManager.updateCurrentDropdownOffset();
+      } else {
+        backspaceCount = 0;
       }
-
-      // Reposition dropdown so that it is aligned with cursor
-      this.dropdownManager.updateCurrentDropdownOffset();
-    }
+    };
   }
 
   checkForEnter(e) {

app/assets/javascripts/geo_nodes.js

@@ -14,7 +14,8 @@ const unhealthyIcon = 'fa-times';
 const unknownIcon = 'fa-times';
 const notAvailable = 'Not Available';
 const versionMismatch = 'Does not match the primary node version';
-const versionMismatchClass = 'geo-node-version-mismatch';
+const nodeMismatchClass = 'geo-node-mismatch';
+const storageMismatch = 'Does not match the primary storage configuration';
 
 class GeoNodeStatus {
   constructor(el) {
@@ -34,6 +35,7 @@ class GeoNodeStatus {
     this.$health = $('.js-health-message', this.$status.parent());
     this.$version = $('.js-gitlab-version', this.$status);
     this.$secondaryVersion = $('.js-secondary-version', this.$status);
+    this.$secondaryStorage = $('.js-secondary-storage-shards', this.$status);
     this.endpoint = this.$el.data('status-url');
     this.$advancedStatus = $('.js-advanced-geo-node-status-toggler', this.$status.parent());
     this.$advancedStatus.on('click', GeoNodeStatus.toggleShowAdvancedStatus.bind(this));
@@ -204,13 +206,23 @@ class GeoNodeStatus {
 
     if (!this.primaryVersion || (this.primaryVersion === status.version
       && this.primaryRevision === status.revision)) {
-      this.$secondaryVersion.removeClass(`${versionMismatchClass}`);
+      this.$secondaryVersion.removeClass(`${nodeMismatchClass}`);
       this.$secondaryVersion.text(`${status.version} (${status.revision})`);
     } else {
-      this.$secondaryVersion.addClass(`${versionMismatchClass}`);
+      this.$secondaryVersion.addClass(`${nodeMismatchClass}`);
       this.$secondaryVersion.text(`${status.version} (${status.revision}) - ${versionMismatch}`);
     }
 
+    if (status.storage_shards_match == null) {
+      this.$secondaryStorage.text('UNKNOWN');
+    } else if (status.storage_shards_match) {
+      this.$secondaryStorage.removeClass(`${nodeMismatchClass}`);
+      this.$secondaryStorage.text('OK');
+    } else {
+      this.$secondaryStorage.addClass(`${nodeMismatchClass}`);
+      this.$secondaryStorage.text(storageMismatch);
+    }
+
     if (status.repositories_count > 0) {
       const repositoriesStats = GeoNodeStatus.getSyncStatistics({
         syncedCount: status.repositories_synced_count,

app/assets/javascripts/job.js

 import _ from 'underscore';
 import { visitUrl } from './lib/utils/url_utility';
 import bp from './breakpoints';
-import { bytesToKiB } from './lib/utils/number_utils';
+import { numberToHumanSize } from './lib/utils/number_utils';
 import { setCiStatusFavicon } from './lib/utils/common_utils';
 import { timeFor } from './lib/utils/datetime_utility';
 
@@ -193,7 +193,7 @@ export default class Job {
         // we need to show a message warning the user about that.
         if (this.logBytes < log.total) {
           // size is in bytes, we need to calculate KiB
-          const size = bytesToKiB(this.logBytes);
+          const size = numberToHumanSize(this.logBytes);
           $('.js-truncated-info-size').html(`${size}`);
           this.$truncatedInfo.removeClass('hidden');
         } else {

app/assets/javascripts/lib/utils/text_utility.js

@@ -64,3 +64,12 @@ export const truncate = (string, maxLength) => `${string.substr(0, (maxLength -
 export function capitalizeFirstCharacter(text) {
   return `${text[0].toUpperCase()}${text.slice(1)}`;
 }
+
+/**
+ * Replaces all html tags from a string with the given replacement.
+ *
+ * @param {String} string
+ * @param {*} replace
+ * @returns {String}
+ */
+export const stripeHtml = (string, replace = '') => string.replace(/<[^>]*>/g, replace);

app/assets/javascripts/projects/project_new.js

 let hasUserDefinedProjectPath = false;
 
-const deriveProjectPathFromUrl = ($projectImportUrl, $projectPath) => {
+const deriveProjectPathFromUrl = ($projectImportUrl) => {
+  const $currentProjectPath = $projectImportUrl.parents('.toggle-import-form').find('#project_path');
   if (hasUserDefinedProjectPath) {
     return;
   }
@@ -21,7 +22,7 @@ const deriveProjectPathFromUrl = ($projectImportUrl, $projectPath) => {
   // extract everything after the last slash
   const pathMatch = /\/([^/]+)$/.exec(importUrl);
   if (pathMatch) {
-    $projectPath.val(pathMatch[1]);
+    $currentProjectPath.val(pathMatch[1]);
   }
 };
 
@@ -96,7 +97,7 @@ const bindEvents = () => {
     hasUserDefinedProjectPath = $projectPath.val().trim().length > 0;
   });
 
-  $projectImportUrl.keyup(() => deriveProjectPathFromUrl($projectImportUrl, $projectPath));
+  $projectImportUrl.keyup(() => deriveProjectPathFromUrl($projectImportUrl));
 
   $('.import_git').on('click', () => {
     const $projectMirror = $('#project_mirror');

app/assets/javascripts/vue_shared/components/expand_button.vue

+<script>
+  import { __ } from '~/locale';
+  /**
+   * Port of detail_behavior expand button.
+   *
+   * @example
+   * <expand-button>
+   *   <template slot="expanded">
+   *      Text goes here.
+   *    </template>
+   * </expand-button>
+   */
+  export default {
+    name: 'expandButton',
+    data() {
+      return {
+        isCollapsed: true,
+      };
+    },
+    computed: {
+      ariaLabel() {
+        return __('Click to expand text');
+      },
+    },
+    methods: {
+      onClick() {
+        this.isCollapsed = !this.isCollapsed;
+      },
+    },
+  };
+</script>
+<template>
+  <span>
+    <button
+      type="button"
+      v-show="isCollapsed"
+      class="text-expander btn-blank"
+      :aria-label="ariaLabel"
+      @click="onClick">
+      ...
+    </button>
+    <span v-show="!isCollapsed">
+      <slot name="expanded"></slot>
+    </span>
+  </span>
+</template>

app/assets/stylesheets/framework/blocks.scss

@@ -10,7 +10,6 @@
   color: $gl-text-color;
   font-weight: $gl-font-weight-normal;
   font-size: 14px;
-  line-height: 36px;
 
   &.diff-collapsed {
     padding: 5px;

app/assets/stylesheets/framework/contextual-sidebar.scss

@@ -358,10 +358,6 @@
   }
 
   .sidebar-top-level-items > li {
-    &.active a {
-      padding-left: 12px;
-    }
-
     .sidebar-sub-level-items {
       &:not(.flyout-list) {
         display: none;

app/assets/stylesheets/framework/lists.scss

@@ -12,6 +12,7 @@
     padding: 10px 15px;
     min-height: 20px;
     border-bottom: 1px solid $list-border;
+    word-wrap: break-word;
 
     &::after {
       content: " ";

app/assets/stylesheets/pages/events.scss

@@ -159,7 +159,6 @@
   }
 }
 
-
 /*
  * Last push widget
  */
@@ -182,6 +181,12 @@
   .event-item {
     padding-left: 0;
 
+    &.event-inline {
+      .event-title {
+        line-height: 20px;
+      }
+    }
+
     .event-title {
       white-space: normal;
       overflow: visible;

app/assets/stylesheets/pages/geo_nodes.scss

@@ -127,7 +127,7 @@
   }
 }
 
-.geo-node-version-mismatch {
+.geo-node-mismatch {
   color: $gl-danger;
 }
 

app/assets/stylesheets/pages/merge_requests.scss

@@ -799,6 +799,10 @@
       padding-left: 12px;
     }
 
+    .mr-widget-dast-code {
+      margin-left: 26px;
+    }
+
     .mr-widget-code-quality-list {
       list-style: none;
       padding: 0 12px;
@@ -826,6 +830,10 @@
       .neutral {
         color: $gl-gray-light;
       }
+
+      .modal-body {
+        color: $gl-text-color;
+      }
     }
   }
 }

app/assets/stylesheets/pages/settings.scss

@@ -293,3 +293,7 @@
     margin: 0 0 5px 17px;
   }
 }
+
+.deprecated-service {
+  cursor: default;
+}

app/controllers/passwords_controller.rb

 class PasswordsController < Devise::PasswordsController
   include Gitlab::CurrentSettings
 
+  skip_before_action :require_no_authentication, only: [:edit, :update]
+
   before_action :resource_from_email, only: [:create]
   before_action :check_password_authentication_available, only: [:create]
   before_action :throttle_reset,      only: [:create]

app/controllers/projects/branches_controller.rb

@@ -46,14 +46,16 @@ class Projects::BranchesController < Projects::ApplicationController
     result = CreateBranchService.new(project, current_user)
         .execute(branch_name, ref)
 
-    if params[:issue_iid]
+    success = (result[:status] == :success)
+
+    if params[:issue_iid] && success
       issue = IssuesFinder.new(current_user, project_id: @project.id).find_by(iid: params[:issue_iid])
       SystemNoteService.new_issue_branch(issue, @project, current_user, branch_name) if issue
     end
 
     respond_to do |format|
       format.html do
-        if result[:status] == :success
+        if success
           if redirect_to_autodeploy
             redirect_to url_to_autodeploy_setup(project, branch_name),
               notice: view_context.autodeploy_flash_notice(branch_name)
@@ -67,7 +69,7 @@ class Projects::BranchesController < Projects::ApplicationController
       end
 
       format.json do
-        if result[:status] == :success
+        if success
           render json: { name: branch_name, url: project_tree_url(@project, branch_name) }
         else
           render json: result[:messsage], status: :unprocessable_entity

app/controllers/projects/runners_controller.rb

@@ -29,17 +29,17 @@ class Projects::RunnersController < Projects::ApplicationController
 
   def resume
     if Ci::UpdateRunnerService.new(@runner).update(active: true)
-      redirect_to runner_path(@runner), notice: 'Runner was successfully updated.'
+      redirect_to runners_path(@project), notice: 'Runner was successfully updated.'
     else
-      redirect_to runner_path(@runner), alert: 'Runner was not updated.'
+      redirect_to runners_path(@project), alert: 'Runner was not updated.'
     end
   end
 
   def pause
     if Ci::UpdateRunnerService.new(@runner).update(active: false)
-      redirect_to runner_path(@runner), notice: 'Runner was successfully updated.'
+      redirect_to runners_path(@project), notice: 'Runner was successfully updated.'
     else
-      redirect_to runner_path(@runner), alert: 'Runner was not updated.'
+      redirect_to runners_path(@project), alert: 'Runner was not updated.'
     end
   end
 

app/finders/labels_finder.rb

 class LabelsFinder < UnionFinder
+  include Gitlab::Utils::StrongMemoize
+
   def initialize(current_user, params = {})
     @current_user = current_user
     @params = params
@@ -32,6 +34,8 @@ class LabelsFinder < UnionFinder
           label_ids << project.labels
         end
       end
+    elsif only_group_labels?
+      label_ids << Label.where(group_id: group.id)
     else
       label_ids << Label.where(group_id: projects.group_ids)
       label_ids << Label.where(project_id: projects.select(:id))
@@ -51,6 +55,13 @@ class LabelsFinder < UnionFinder
     items.where(title: title)
   end
 
+  def group
+    strong_memoize(:group) do
+      group = Group.find(params[:group_id])
+      authorized_to_read_labels?(group) && group
+    end
+  end
+
   def group?
     params[:group_id].present?
   end
@@ -63,6 +74,10 @@ class LabelsFinder < UnionFinder
     params[:project_ids].present?
   end
 
+  def only_group_labels?
+    params[:only_group_labels]
+  end
+
   def title
     params[:title] || params[:name]
   end
@@ -96,9 +111,9 @@ class LabelsFinder < UnionFinder
     @projects
   end
 
-  def authorized_to_read_labels?(project)
+  def authorized_to_read_labels?(label_parent)
     return true if skip_authorization
 
-    Ability.allowed?(current_user, :read_label, project)
+    Ability.allowed?(current_user, :read_label, label_parent)
   end
 end

app/helpers/button_helper.rb

@@ -112,7 +112,7 @@ module ButtonHelper
   def geo_button(modal_target: nil)
     data = { placement: 'bottom', container: 'body', toggle: 'modal', target: modal_target }
     content_tag :button,
-                icon('globe'),
+                sprite_icon('geo-nodes', size: 15),
                 class: 'btn btn-geo has-tooltip',
                 data: data,
                 type: :button,

app/helpers/services_helper.rb

@@ -29,5 +29,16 @@ module ServicesHelper
     "#{event}_events"
   end
 
+  def service_save_button(service)
+    button_tag(class: 'btn btn-save', type: 'submit', disabled: service.deprecated?) do
+      icon('spinner spin', class: 'hidden js-btn-spinner') +
+        content_tag(:span, 'Save changes', class: 'js-btn-label')
+    end
+  end
+
+  def disable_fields_service?(service)
+    !current_controller?("admin/services") && service.deprecated?
+  end
+
   extend self
 end

app/models/diff_discussion.rb

@@ -23,8 +23,13 @@ class DiffDiscussion < Discussion
   def merge_request_version_params
     return unless for_merge_request?
 
+    version_params = get_params
+
+    return version_params unless on_merge_request_commit? && commit_id
+
+    version_params ||= {}
     version_params.tap do |params|
-      params[:commit_id] = commit_id if on_merge_request_commit?
+      params[:commit_id] = commit_id
     end
   end
 
@@ -37,7 +42,7 @@ class DiffDiscussion < Discussion
 
   private
 
-  def version_params
+  def get_params
     return {} if active?
 
     noteable.version_params_for(position.diff_refs)

app/models/project_services/kubernetes_service.rb

@@ -33,6 +33,7 @@ class KubernetesService < DeploymentService
 
   before_validation :enforce_namespace_to_lower_case
 
+  validate :deprecation_validation, unless: :template?
   validates :namespace,
     allow_blank: true,
     length: 1..63,
@@ -147,6 +148,17 @@ class KubernetesService < DeploymentService
     @kubeclient ||= build_kubeclient!
   end
 
+  def deprecated?
+    !active
+  end
+
+  def deprecation_message
+    content = <<-MESSAGE.strip_heredoc
+    Kubernetes service integration has been deprecated. #{deprecated_message_content} your clusters using the new <a href=\'#{Gitlab::Routing.url_helpers.project_clusters_path(project)}'/>Clusters</a> page
+      MESSAGE
+    content.html_safe
+  end
+
   TEMPLATE_PLACEHOLDER = 'Kubernetes namespace'.freeze
 
   private
@@ -228,4 +240,20 @@ class KubernetesService < DeploymentService
   def enforce_namespace_to_lower_case
     self.namespace = self.namespace&.downcase
   end
+
+  def deprecation_validation
+    return if active_changed?(from: true, to: false)
+
+    if deprecated?
+      errors[:base] << deprecation_message
+    end
+  end
+
+  def deprecated_message_content
+    if active?
+      "Your cluster information on this page is still editable, but you are advised to disable and reconfigure"
+    else
+      "Fields on this page are now uneditable, you can configure"
+    end
+  end
 end

app/models/repository.rb

@@ -1059,10 +1059,6 @@ class Repository
     raw_repository.fetch_source_branch!(source_repository.raw_repository, source_branch, local_ref)
   end
 
-  def remote_exists?(name)
-    raw_repository.remote_exists?(name)
-  end
-
   def compare_source_branch(target_branch_name, source_repository, source_branch_name, straight:)
     raw_repository.compare_source_branch(target_branch_name, source_repository.raw_repository, source_branch_name, straight: straight)
   end

app/models/service.rb

@@ -269,6 +269,14 @@ class Service < ActiveRecord::Base
     service
   end
 
+  def deprecated?
+    false
+  end
+
+  def deprecation_message
+    nil
+  end
+
   private
 
   def cache_project_has_external_issue_tracker

app/models/storage_shard.rb

+# This is an in-memory structure only. The repository storage configuration is
+# in gitlab.yml and not in the database. This model makes it easier to work
+# with the configuration.
+class StorageShard
+  include ActiveModel::Model
+
+  attr_accessor :name, :path
+
+  validates :name, presence: true
+  validates :path, presence: true
+
+  # Generates an array of StorageShard objects from the currrent storage
+  # configuration using the gitlab.yml array of key/value pairs:
+  #
+  # {"default"=>{"path"=>"/home/git/repositories", ...}
+  #
+  # The key is the shard name, and the values are the parameters for that shard.
+  def self.all
+    Settings.repositories.storages.map do |name, params|
+      config = params.symbolize_keys.merge(name: name)
+      config.slice!(*allowed_params)
+      StorageShard.new(config)
+    end
+  end
+
+  def self.allowed_params
+    %i(name path).freeze
+  end
+end

app/models/user.rb

@@ -96,8 +96,8 @@ class User < ActiveRecord::Base
   has_one :user_synced_attributes_metadata, autosave: true
 
   # Groups
-  has_many :members, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
-  has_many :group_members, -> { where(requested_at: nil) }, dependent: :destroy, source: 'GroupMember' # rubocop:disable Cop/ActiveRecordDependent
+  has_many :members
+  has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
   has_many :groups, through: :group_members
   has_many :owned_groups, -> { where members: { access_level: Gitlab::Access::OWNER } }, through: :group_members, source: :group
   has_many :masters_groups, -> { where members: { access_level: Gitlab::Access::MASTER } }, through: :group_members, source: :group
@@ -105,7 +105,7 @@ class User < ActiveRecord::Base
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
   has_many :personal_projects,        through: :namespace, source: :projects
-  has_many :project_members, -> { where(requested_at: nil) }, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+  has_many :project_members, -> { where(requested_at: nil) }
   has_many :projects,                 through: :project_members
   has_many :created_projects,         foreign_key: :creator_id, class_name: 'Project'
   has_many :users_star_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
@@ -812,10 +812,7 @@ class User < ActiveRecord::Base
     # `User.select(:id)` raises
     # `ActiveModel::MissingAttributeError: missing attribute: projects_limit`
     # without this safeguard!
-    return unless has_attribute?(:projects_limit)
-
-    connection_default_value_defined = new_record? && !projects_limit_changed?
-    return unless projects_limit.nil? || connection_default_value_defined
+    return unless has_attribute?(:projects_limit) && projects_limit.nil?
 
     self.projects_limit = current_application_settings.default_projects_limit
   end

app/policies/group_policy.rb

@@ -33,6 +33,7 @@ class GroupPolicy < BasePolicy
   rule { public_group }.policy do
     enable :read_group
     enable :read_list
+    enable :read_label
   end
 
   rule { logged_in_viewable }.enable :read_group
@@ -41,6 +42,7 @@ class GroupPolicy < BasePolicy
     enable :read_group
     enable :read_list
     enable :upload_file
+    enable :read_label
   end
 
   rule { admin }             .enable :read_group

app/services/merge_requests/conflicts/list_service.rb

@@ -23,7 +23,7 @@ module MergeRequests
           # when there are no conflict files.
           conflicts.files.each(&:lines)
           @conflicts_can_be_resolved_in_ui = conflicts.files.length > 0
-        rescue Rugged::OdbError, Gitlab::Git::Conflict::Parser::UnresolvableError, Gitlab::Git::Conflict::Resolver::ConflictSideMissing
+        rescue Gitlab::Git::CommandError, Gitlab::Git::Conflict::Parser::UnresolvableError, Gitlab::Git::Conflict::Resolver::ConflictSideMissing
           @conflicts_can_be_resolved_in_ui = false
         end
       end

app/services/projects/fork_service.rb

@@ -26,7 +26,7 @@ module Projects
         name:                   @project.name,
         path:                   @project.path,
         shared_runners_enabled: @project.shared_runners_enabled,
-        namespace_id:           @params[:namespace].try(:id) || current_user.namespace.id
+        namespace_id:           target_namespace.id
       }
 
       if @project.avatar.present? && @project.avatar.image?
@@ -74,14 +74,14 @@ module Projects
       Projects::ForksCountService.new(@project).refresh_cache
     end
 
+    def target_namespace
+      @target_namespace ||= @params[:namespace] || current_user.namespace
+    end
+
     def allowed_visibility_level
-      project_level = @project.visibility_level
+      target_level = [@project.visibility_level, target_namespace.visibility_level].min
 
-      if Gitlab::VisibilityLevel.non_restricted_level?(project_level)
-        project_level
-      else
-        Gitlab::VisibilityLevel.highest_allowed_level
-      end
+      Gitlab::VisibilityLevel.closest_allowed_level(target_level)
     end
   end
 end

app/services/users/destroy_service.rb

@@ -31,6 +31,11 @@ module Users
         return user
       end
 
+      # Calling all before/after_destroy hooks for the user because
+      # there is no dependent: destroy in the relationship. And the removal
+      # is done by a foreign_key. Otherwise they won't be called
+      user.members.find_each { |member| member.run_callbacks(:destroy) }
+
       user.solo_owned_groups.each do |group|
         Groups::DestroyService.new(group, current_user).execute
       end

app/views/doorkeeper/applications/show.html.haml

+- add_to_breadcrumbs "Applications", oauth_applications_path
+- breadcrumb_title @application.name
 - page_title @application.name, "Applications"
 - @content_class = "limit-container-width" unless fluid_layout
 

app/views/layouts/nav/_dashboard.html.haml

@@ -63,4 +63,4 @@
   - if Gitlab::Geo.secondary? && Gitlab::Geo.primary_node_configured?
     %li
       = link_to Gitlab::Geo.primary_node.url, title: 'Go to primary node', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
-        = icon('globe fw')
+        = sprite_icon('geo-nodes', size: 18)

app/views/layouts/nav/sidebar/_admin.html.haml

@@ -131,7 +131,7 @@
           %span.badge.count= number_with_delimiter(AbuseReport.count(:all))
         %ul.sidebar-sub-level-items.is-fly-out-only
           = nav_link(controller: :abuse_reports, html_options: { class: "fly-out-top-item" } ) do
-            = link_to admin_broadcast_messages_path do
+            = link_to admin_abuse_reports_path do
               %strong.fly-out-top-item-name
                 #{ _('Abuse Reports') }
               %span.badge.count.merge_counter.js-merge-counter.fly-out-badge= number_with_delimiter(AbuseReport.count(:all))

app/views/profiles/audit_log.html.haml

@@ -4,7 +4,7 @@
 
 .row.prepend-top-default
   .col-lg-4.profile-settings-sidebar
-    %h3.prepend-top-0
+    %h4.prepend-top-0
       = page_title
     %p
       This is a security log of important events involving your account.

app/views/profiles/gpg_keys/index.html.haml

 - page_title "GPG Keys"
+- @content_class = "limit-container-width" unless fluid_layout
 = render 'profiles/head'
 
 .row.prepend-top-default

app/views/profiles/keys/show.html.haml

+- add_to_breadcrumbs "SSH Keys", profile_keys_path
+- breadcrumb_title @key.title
 - page_title @key.title, "SSH Keys"
 - @content_class = "limit-container-width" unless fluid_layout
 = render 'profiles/head'

app/views/profiles/notifications/show.html.haml

@@ -10,16 +10,16 @@
           %li= msg
 
   = hidden_field_tag :notification_type, 'global'
-  .row
+  .row.prepend-top-default
     .col-lg-4.profile-settings-sidebar
-      %h4
+      %h4.prepend-top-0
         = page_title
       %p
         You can specify notification level per group or per project.
       %p
         By default, all projects and groups will use the global notifications setting.
     .col-lg-8
-      %h5
+      %h5.prepend-top-0
         Global notification settings
 
       = form_for @user, url: profile_notifications_path, method: :put, html: { class: 'update-notifications prepend-top-default' } do |f|

app/views/projects/jobs/show.html.haml

@@ -62,7 +62,7 @@
         .js-truncated-info.truncated-info.hidden-xs.pull-left.hidden<
           Showing last
           %span.js-truncated-info-size.truncated-info-size><
-          KiB of log -
+          of log -
           %a.js-raw-link.raw-link{ href: raw_project_job_path(@project, @build) }>< Complete Raw
 
         .controllers.pull-right

app/views/projects/merge_requests/diffs/_diffs.html.haml

@@ -4,14 +4,17 @@
 = render 'projects/merge_requests/diffs/commit_widget'
 
 - if @merge_request_diff&.empty?
-  .nothing-here-block
-    = image_tag 'illustrations/merge_request_changes_empty.svg'
-    = succeed '.' do
-      No changes between
-      %span.ref-name= @merge_request.source_branch
-      and
-      %span.ref-name= @merge_request.target_branch
-      %p= link_to 'Create commit', project_new_blob_path(@project, @merge_request.source_branch), class: 'btn btn-save'
+  .row.empty-state.nothing-here-block
+    .col-xs-12
+      .svg-content= image_tag 'illustrations/merge_request_changes_empty.svg'
+    .col-xs-12
+      .text-content.text-center
+        %p
+          No changes between
+          %span.ref-name= @merge_request.source_branch
+          and
+          %span.ref-name= @merge_request.target_branch
+          .text-center= link_to 'Create commit', project_new_blob_path(@project, @merge_request.source_branch), class: 'btn btn-save'
 - else
   - diff_viewable = @merge_request_diff ? @merge_request_diff.collected? || @merge_request_diff.overflow? : true
   - if diff_viewable

app/views/projects/runners/_runner.html.haml

@@ -17,6 +17,10 @@
 
     .pull-right
       - if @project_runners.include?(runner)
+        - if runner.active?
+          = link_to 'Pause', pause_project_runner_path(@project, runner), method: :post, class: 'btn btn-sm btn-danger', data: { confirm: "Are you sure?" }
+        - else
+          = link_to 'Resume', resume_project_runner_path(@project, runner), method: :post, class: 'btn btn-success btn-sm'
         - if runner.belongs_to_one_project?
           = link_to 'Remove Runner', runner_path(runner), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger btn-sm'
         - else

app/views/projects/services/_deprecated_message.html.haml

+.flash-container.flash-container-page
+  .flash-alert.deprecated-service
+    %span= @service.deprecation_message

app/views/projects/services/_form.html.haml

@@ -13,10 +13,7 @@
       = render 'shared/service_settings', form: form, subject: @service
       - if @service.editable?
         .footer-block.row-content-block
-          %button.btn.btn-save{ type: 'submit' }
-            = icon('spinner spin', class: 'hidden js-btn-spinner')
-            %span.js-btn-label
-              Save changes
+          = service_save_button(@service)
            
           - if @service.valid? && @service.activated?
             - unless @service.can_test?

app/views/projects/services/edit.html.haml

@@ -2,4 +2,6 @@
 - page_title @service.title, "Services"
 - add_to_breadcrumbs("Settings", edit_project_path(@project))
 
+= render 'deprecated_message' if @service.deprecation_message
+
 = render 'form'

app/views/shared/_field.html.haml

@@ -7,6 +7,7 @@
 - choices = field[:choices]
 - default_choice = field[:default_choice]
 - help = field[:help]
+- disabled = disable_fields_service?(@service)
 
 .form-group
   - if type == "password" && value.present?
@@ -15,14 +16,14 @@
     = form.label name, title, class: "control-label"
   .col-sm-10
     - if type == 'text'
-      = form.text_field name, class: "form-control", placeholder: placeholder, required: required
+      = form.text_field name, class: "form-control", placeholder: placeholder, required: required, disabled: disabled
     - elsif type == 'textarea'
-      = form.text_area name, rows: 5, class: "form-control", placeholder: placeholder, required: required
+      = form.text_area name, rows: 5, class: "form-control", placeholder: placeholder, required: required, disabled: disabled
     - elsif type == 'checkbox'
-      = form.check_box name
+      = form.check_box name, disabled: disabled
     - elsif type == 'select'
-      = form.select name, options_for_select(choices, value ? value : default_choice), {}, { class: "form-control" }
+      = form.select name, options_for_select(choices, value ? value : default_choice), {}, { class: "form-control", disabled: disabled}
     - elsif type == 'password'
-      = form.password_field name, autocomplete: "new-password", class: "form-control", required: value.blank? && required
+      = form.password_field name, autocomplete: "new-password", class: "form-control", required: value.blank? && required, disabled: disabled
     - if help
       %span.help-block= help

app/views/shared/_recaptcha_form.html.haml

 - resource_name = spammable.class.model_name.singular
 - humanized_resource_name = spammable.class.model_name.human.downcase
 - script = local_assigns.fetch(:script, true)
+- method = params[:action] == 'create' ? :post : :put
 - has_submit = local_assigns.fetch(:has_submit, true)
 
-= form_for resource_name, method: :post, html: { class: 'recaptcha-form js-recaptcha-form' } do |f|
+= form_for resource_name, method: method, html: { class: 'recaptcha-form js-recaptcha-form' } do |f|
   .recaptcha
     - params[resource_name].each do |field, value|
       = hidden_field(resource_name, field, value: value)

app/views/shared/_service_settings.html.haml

@@ -11,7 +11,7 @@
     .form-group
       = form.label :active, "Active", class: "control-label"
       .col-sm-10
-        = form.check_box :active
+        = form.check_box :active, disabled: disable_fields_service?(@service)
 
   - if @service.supported_events.present?
     .form-group

changelogs/unreleased-ee/4250-api-epic-issues.yml

+---
+title: Add api for epic_issue associations
+merge_request:
+author:
+type: added

changelogs/unreleased-ee/4348-show-dast-results-in-the-mr-widget.yml

+---
+title: Show results from DAST scan in the merge request widget
+merge_request: 3885
+author:
+type: added

changelogs/unreleased-ee/ee-issue_3413.yml

+---
+title: Add group boards API endpoint
+merge_request:
+author:
+type: added

changelogs/unreleased-ee/sh-api-shard-config.yml

+---
+title: Check if shard configuration is same across Geo nodes
+merge_request:
+author:
+type: added

changelogs/unreleased/dm-issue-move-transaction-error.yml → changelogs/unreleased-ee/show-correct-edition-for-ee-free.yml

 ---
-title: Execute project hooks and services after commit when moving an issue
+title: Record EE instances without a license correctly in usage ping
 merge_request:
 author:
 type: fixed

changelogs/unreleased-ee/tc-geo-ux-polish.yml

+---
+title: Geo UI polish
+merge_request:
+author:
+type: changed

changelogs/unreleased/16036-ignore-lost-found-folder-during-backup-on-a-volume.yml

+---
+title: "Ignore lost+found folder during backup on a volume"
+merge_request: 16036
+author: Julien Millau
+type: fixed
\ No newline at end of file

changelogs/unreleased/16117-improve-search-for-issues.yml

+---
+title: Improve search query for issues.
+merge_request:
+author:
+type: performance

changelogs/unreleased/20035-pause-resume-runners.yml

+---
+title: Add pause/resume button to project runners
+merge_request: 16032
+author: Mario de la Ossa
+type: added

changelogs/unreleased/24347-dont-post-system-note-when-branch-creation-fails.yml

+---
+title: Fix when branch creation fails don't post system note
+merge_request:
+author: Mateusz Bajorski
+type: fixed

changelogs/unreleased/31995-project-limit-default-fix.yml

+---
+title: User#projects_limit remove DB default and added NOT NULL constraint
+merge_request: 16165
+author: Mario de la Ossa
+type: fixed

changelogs/unreleased/32364-updating-slack-notification-not-working-by-api.yml

+---
+title: Support new chat notifications parameters in Services API
+merge_request: 11435
+author:
+type: added

changelogs/unreleased/38596-fix-backspace-visual-token-clearing.yml

+---
+title: Clears visual token on second backspace
+merge_request:
+author: Martin Wortschack
+type: fixed

changelogs/unreleased/40274-user-settings-breadcrumbs.yml

+---
+title: Fix breadcrumbs in User Settings
+merge_request: 16172
+author: rfwatson
+type: fixed

changelogs/unreleased/41054-disable-creation-of-new-kubernetes-integrations.yml

+---
+title: Disable creation of new Kubernetes Integrations unless they're active or created
+  from template
+merge_request: 41054
+author:
+type: added

changelogs/unreleased/bump_mysql_gem.yml

+---
+title: Bump mysql2 gem version from 0.4.5 to 0.4.10
+merge_request:
+author: asaparov
+type: other

changelogs/unreleased/bvl-fix-unlinking-with-lfs-objects.yml

----
-title: Don't link LFS objects to a project when unlinking forks when they were already
-  linked
-merge_request: 16006
-author:
-type: fixed

changelogs/unreleased/bvl-fork-public-project-to-private-namespace.yml

+---
+title: Allow forking a public project to a private group
+merge_request: 16050
+author:
+type: changed

changelogs/unreleased/fix-abuse-reports-link-url.yml

+---
+title: Fix abuse reports link url in admin area navbar
+merge_request: 16068
+author: megos
+type: fixed

changelogs/unreleased/fix-activity-inline-event-line-height.yml

+---
+title: Fix activity inline event line height on mobile
+merge_request: 16121
+author: George Tsiolis
+type: fixed

changelogs/unreleased/fix-profile-settings-content-width.yml

+---
+title: Adjust content width for User Settings, GPG Keys
+merge_request: 16093
+author: George Tsiolis
+type: fixed

changelogs/unreleased/fix-profile-settings-sidebar-heading.yml

+---
+title: Keep typographic hierarchy in User Settings
+merge_request: 16090
+author: George Tsiolis
+type: fixed

changelogs/unreleased/fix-remove-unnecessary-sidebar-element-alignment.yml

+---
+title: Remove unnecessary sidebar element realignment
+merge_request: 16159
+author: George Tsiolis
+type: fixed

changelogs/unreleased/fj-40053-error-500-members-list.yml

+---
+title: Fixing error 500 when member exist but not the user
+merge_request: 15970
+author:
+type: fixed

changelogs/unreleased/jivl-fix-import-project-url-bug.yml

+---
+title: Fix import project url not updating project name
+merge_request: 16120
+author:
+type: fixed

changelogs/unreleased/ldap_username_attributes.yml

+---
+title: Modify `LDAP::Person` to return username value based on attributes
+merge_request:
+author:
+type: fixed

changelogs/unreleased/pawel-reduce_cardinality_of_prometheus_metrics.yml

----
-title: Reduce the number of buckets in gitlab_cache_operation_duration_seconds metric
-merge_request: 15881
-author:
-type: changed

changelogs/unreleased/sh-catch-invalid-uri-markdown.yml

+---
+title: Gracefully handle garbled URIs in Markdown
+merge_request:
+author:
+type: fixed

changelogs/unreleased/sh-make-kib-human.yml

+---
+title: Humanize the units of "Showing last X KiB of log" in job trace
+merge_request:
+author:
+type: fixed

changelogs/unreleased/show_proper_labels_in_board_issue_sidebar_when_issue_is_closed.yml

+---
+title: show None when issue is in closed list and no labels assigned
+merge_request: 15976
+author: Christiaan Van den Poel
+type: fixed

config.ru

@@ -17,6 +17,11 @@ end
 
 require ::File.expand_path('../config/environment',  __FILE__)
 
+warmup do |app|
+  client = Rack::MockRequest.new(app)
+  client.get('/')
+end
+
 map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do
   run Gitlab::Application
 end

config/initializers/active_record_data_types.rb

@@ -79,3 +79,8 @@ elsif Gitlab::Database.mysql?
     NATIVE_DATABASE_TYPES[:datetime_with_timezone] = { name: 'timestamp' }
   end
 end
+
+# Ensure `datetime_with_timezone` columns are correctly written to schema.rb
+if (ActiveRecord::Base.connection.active? rescue false)
+  ActiveRecord::Base.connection.send :reload_type_map
+end

config/initializers/asset_sync.rb

@@ -14,8 +14,8 @@ AssetSync.configure do |config|
   config.fog_directory = ENV['FOG_DIRECTORY'] if ENV.has_key?('FOG_DIRECTORY')
   config.fog_region = ENV['FOG_REGION'] if ENV.has_key?('FOG_REGION')
 
-  config.aws_access_key_id = ENV['AWS_ACCESS_KEY_ID'] if ENV.has_key?('AWS_ACCESS_KEY_ID')
-  config.aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY'] if ENV.has_key?('AWS_SECRET_ACCESS_KEY')
+  config.aws_access_key_id = ENV['ASSETS_AWS_ACCESS_KEY_ID'] if ENV.has_key?('ASSETS_AWS_ACCESS_KEY_ID')
+  config.aws_secret_access_key = ENV['ASSETS_AWS_SECRET_ACCESS_KEY'] if ENV.has_key?('ASSETS_AWS_SECRET_ACCESS_KEY')
   config.aws_reduced_redundancy = ENV['AWS_REDUCED_REDUNDANCY'] == true  if ENV.has_key?('AWS_REDUCED_REDUNDANCY')
 
   config.rackspace_username = ENV['RACKSPACE_USERNAME'] if ENV.has_key?('RACKSPACE_USERNAME')

config/routes/project.rb

@@ -423,8 +423,8 @@ constraints(ProjectUrlConstrainer.new) do
 
       resources :runners, only: [:index, :edit, :update, :destroy, :show] do
         member do
-          get :resume
-          get :pause
+          post :resume
+          post :pause
         end
 
         collection do

db/migrate/20171019141859_fix_dev_timezone_schema.rb

+class FixDevTimezoneSchema < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # The this migrations tries to help solve unwanted changes to `schema.rb`
+  # while developing GitLab. Installations created before we started using
+  # `datetime_with_timezone` are likely to face this problem. Updating those
+  # columns to the new type should help fix this.
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  TIMEZONE_TABLES = %i(appearances ci_group_variables ci_pipeline_schedule_variables events gpg_keys gpg_signatures project_auto_devops)
+
+  def up
+    return unless Rails.env.development? || Rails.env.test?
+
+    TIMEZONE_TABLES.each do |table|
+      change_column table, :created_at, :datetime_with_timezone
+      change_column table, :updated_at, :datetime_with_timezone
+    end
+  end
+
+  def down
+  end
+end

db/migrate/20171106151218_issues_moved_to_id_foreign_key.rb

@@ -15,8 +15,20 @@ class IssuesMovedToIdForeignKey < ActiveRecord::Migration
     self.table_name = 'issues'
 
     def self.with_orphaned_moved_to_issues
-      where('NOT EXISTS (SELECT true FROM issues WHERE issues.id = issues.moved_to_id)')
-        .where('moved_to_id IS NOT NULL')
+      if Gitlab::Database.postgresql?
+        # Be careful to use a second table here for comparison otherwise we'll null
+        # out all rows that don't have id == moved.to_id!
+        where('NOT EXISTS (SELECT true FROM issues B WHERE issues.moved_to_id = B.id)')
+          .where('moved_to_id IS NOT NULL')
+      else
+        # MySQL doesn't allow modification of the same table in a subquery,
+        # and using a temporary table isn't automatically guaranteed to work
+        # due to the MySQL query optimizer. See
+        # https://dev.mysql.com/doc/refman/5.7/en/update.html for more
+        # details.
+        joins('LEFT JOIN issues AS b ON issues.moved_to_id = b.id')
+          .where('issues.moved_to_id IS NOT NULL AND b.id IS NULL')
+      end
     end
   end
 

db/migrate/20171216111734_clean_up_for_members.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class CleanUpForMembers < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  class Member < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'members'
+  end
+
+  def up
+    condition = <<~EOF.squish
+      invite_token IS NULL AND
+      NOT EXISTS (SELECT 1 FROM users WHERE users.id = members.user_id)
+    EOF
+
+    Member.each_batch(of: 10_000) do |batch|
+      batch.where(condition).delete_all
+    end
+  end
+
+  def down
+  end
+end

db/migrate/20171216112339_add_foreign_key_for_members.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddForeignKeyForMembers < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_foreign_key(:members,
+                               :users,
+                               column: :user_id)
+  end
+
+  def down
+    remove_foreign_key(:members, column: :user_id)
+  end
+end

db/migrate/20171229225929_change_user_project_limit_not_null_and_remove_default.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class ChangeUserProjectLimitNotNullAndRemoveDefault < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  # When a migration requires downtime you **must** uncomment the following
+  # constant and define a short and easy to understand explanation as to why the
+  # migration requires downtime.
+  # DOWNTIME_REASON = ''
+
+  # When using the methods "add_concurrent_index", "remove_concurrent_index" or
+  # "add_column_with_default" you must disable the use of transactions
+  # as these methods can not run in an existing transaction.
+  # When using "add_concurrent_index" or "remove_concurrent_index" methods make sure
+  # that either of them is the _only_ method called in the migration,
+  # any other changes should go in a separate migration.
+  # This ensures that upon failure _only_ the index creation or removing fails
+  # and can be retried or reverted easily.
+  #
+  # To disable transactions uncomment the following line and remove these
+  # comments:
+  # disable_ddl_transaction!
+
+  def up
+    # Set Users#projects_limit to NOT NULL and remove the default value
+    change_column_null :users, :projects_limit, false
+    change_column_default :users, :projects_limit, nil
+  end
+
+  def down
+    change_column_null :users, :projects_limit, true
+    change_column_default :users, :projects_limit, 10
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171220191323) do
+ActiveRecord::Schema.define(version: 20171229225929) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -749,8 +749,8 @@ ActiveRecord::Schema.define(version: 20171220191323) do
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string "confirmation_token"
-    t.datetime "confirmed_at"
-    t.datetime "confirmation_sent_at"
+    t.datetime_with_timezone "confirmed_at"
+    t.datetime_with_timezone "confirmation_sent_at"
   end
 
   add_index "emails", ["confirmation_token"], name: "index_emails_on_confirmation_token", unique: true, using: :btree
@@ -2258,8 +2258,8 @@ ActiveRecord::Schema.define(version: 20171220191323) do
   add_index "user_agent_details", ["subject_id", "subject_type"], name: "index_user_agent_details_on_subject_id_and_subject_type", using: :btree
 
   create_table "user_custom_attributes", force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime_with_timezone "created_at", null: false
+    t.datetime_with_timezone "updated_at", null: false
     t.integer "user_id", null: false
     t.string "key", null: false
     t.string "value", null: false
@@ -2293,7 +2293,7 @@ ActiveRecord::Schema.define(version: 20171220191323) do
     t.datetime "updated_at"
     t.string "name"
     t.boolean "admin", default: false, null: false
-    t.integer "projects_limit", default: 10
+    t.integer "projects_limit", null: false
     t.string "skype", default: "", null: false
     t.string "linkedin", default: "", null: false
     t.string "twitter", default: "", null: false
@@ -2526,6 +2526,7 @@ ActiveRecord::Schema.define(version: 20171220191323) do
   add_foreign_key "labels", "projects", name: "fk_7de4989a69", on_delete: :cascade
   add_foreign_key "lists", "boards", name: "fk_0d3f677137", on_delete: :cascade
   add_foreign_key "lists", "labels", name: "fk_7a5553d60f", on_delete: :cascade
+  add_foreign_key "members", "users", name: "fk_2e88fb7ce9", on_delete: :cascade
   add_foreign_key "merge_request_diff_commits", "merge_request_diffs", on_delete: :cascade
   add_foreign_key "merge_request_diff_files", "merge_request_diffs", on_delete: :cascade
   add_foreign_key "merge_request_diffs", "merge_requests", name: "fk_8483f3258f", on_delete: :cascade

doc/administration/integration/plantuml.md

@@ -58,30 +58,32 @@ our AsciiDoc snippets, wikis and repos using delimited blocks:
 
 - **Markdown**
 
-      ```plantuml
-      Bob -> Alice : hello
-      Alice -> Bob : Go Away
-      ```
+    <pre>
+    ```plantuml
+    Bob -> Alice : hello
+    Alice -> Bob : Go Away
+    ```
+    </pre>
 
 - **AsciiDoc**
 
-    ```
+    <pre>
     [plantuml, format="png", id="myDiagram", width="200px"]
     --
     Bob->Alice : hello
     Alice -> Bob : Go Away
     --
-    ```
+    </pre>
 
 - **reStructuredText**
 
-    ```
+    <pre>
     .. plantuml::
        :caption: Caption with **bold** and *italic*
 
        Bob -> Alice: hello
        Alice -> Bob: Go Away
-    ```
+    </pre>
 
     You can also use the `uml::` directive for compatibility with [sphinxcontrib-plantuml](https://pypi.python.org/pypi/sphinxcontrib-plantuml), but please note that we currently only support the `caption` option.
 

doc/api/README.md

@@ -18,6 +18,7 @@ following locations:
 - [Deployments](deployments.md)
 - [Deploy Keys](deploy_keys.md)
 - [Environments](environments.md)
+- [Epic Issues](epic_issues.md)
 - [Events](events.md)
 - [Feature flags](features.md)
 - [Geo Nodes](geo_nodes.md)
@@ -28,6 +29,7 @@ following locations:
 - [Group Members](members.md)
 - [Issues](issues.md)
 - [Issue Boards](boards.md)
+- **(EEP)** [Group Issue Boards] (group_boards.md)
 - [Jobs](jobs.md)
 - [Keys](keys.md)
 - [Labels](labels.md)

doc/api/boards.md

@@ -15,10 +15,10 @@ GET /projects/:id/boards
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`   | integer/string  | yes    | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
 
 ```bash
-curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/:id/boards
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards
 ```
 
 Example response:
@@ -28,7 +28,7 @@ Example response:
   {
     "id" : 1,
     "project": {
-      "id": 3,
+      "id": 5,
       "name": "Diaspora Project Site",
       "name_with_namespace": "Diaspora / Diaspora Project Site",
       "path": "diaspora-project-site",
@@ -73,6 +73,159 @@ Example response:
 ]
 ```
 
+## Single board
+
+Get a single board.
+
+```
+GET /projects/:id/boards/:board_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1
+```
+
+Example response:
+
+```json
+  {
+    "id": 1,
+    "name:": "project issue board",
+    "project": {
+      "id": 5,
+      "name": "Diaspora Project Site",
+      "name_with_namespace": "Diaspora / Diaspora Project Site",
+      "path": "diaspora-project-site",
+      "path_with_namespace": "diaspora/diaspora-project-site",
+      "http_url_to_repo": "http://example.com/diaspora/diaspora-project-site.git",
+      "web_url": "http://example.com/diaspora/diaspora-project-site"
+    },
+    "milestone":   {
+      "id": 12
+      "title": "10.0"
+    },
+    "lists" : [
+      {
+        "id" : 1,
+        "label" : {
+          "name" : "Testing",
+          "color" : "#F0AD4E",
+          "description" : null
+        },
+        "position" : 1
+      },
+      {
+        "id" : 2,
+        "label" : {
+          "name" : "Ready",
+          "color" : "#FF0000",
+          "description" : null
+        },
+        "position" : 2
+      },
+      {
+        "id" : 3,
+        "label" : {
+          "name" : "Production",
+          "color" : "#FF5F00",
+          "description" : null
+        },
+        "position" : 3
+      }
+    ]
+  }
+```
+
+## Create a board (EES-Only)
+
+Creates a board.
+
+```
+POST /projects/:id/boards
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `name` | string | yes | The name of the new board |
+
+```bash
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards?name=newboard
+```
+
+Example response:
+
+```json
+  {
+    "id": 1,
+    "project": {
+      "id": 5,
+      "name": "Diaspora Project Site",
+      "name_with_namespace": "Diaspora / Diaspora Project Site",
+      "path": "diaspora-project-site",
+      "path_with_namespace": "diaspora/diaspora-project-site",
+      "http_url_to_repo": "http://example.com/diaspora/diaspora-project-site.git",
+      "web_url": "http://example.com/diaspora/diaspora-project-site"
+    },
+    "name": "newboard",
+    "milestone":   {
+      "id": 12
+      "title": "10.0"
+    },
+    "lists" : [
+      {
+        "id" : 1,
+        "label" : {
+          "name" : "Testing",
+          "color" : "#F0AD4E",
+          "description" : null
+        },
+        "position" : 1
+      },
+      {
+        "id" : 2,
+        "label" : {
+          "name" : "Ready",
+          "color" : "#FF0000",
+          "description" : null
+        },
+        "position" : 2
+      },
+      {
+        "id" : 3,
+        "label" : {
+          "name" : "Production",
+          "color" : "#FF5F00",
+          "description" : null
+        },
+        "position" : 3
+      }
+    ]
+  }
+```
+
+## Delete a board (EES-Only)
+
+Deletes a board.
+
+```
+DELETE /projects/:id/boards/:board_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1
+```
+
 ## List board lists
 
 Get a list of the board's lists.
@@ -84,8 +237,8 @@ GET /projects/:id/boards/:board_id/lists
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`   | integer/string  | yes    | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `board_id`   | integer  | yes    | The ID of a board |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
 
 ```bash
 curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1/lists
@@ -135,9 +288,9 @@ GET /projects/:id/boards/:board_id/lists/:list_id
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`      | integer/string | yes   | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `board_id`   | integer  | yes    | The ID of a board |
-| `list_id`| integer | yes   | The ID of a board's list |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id`| integer | yes | The ID of a board's list |
 
 ```bash
 curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1/lists/1
@@ -167,9 +320,9 @@ POST /projects/:id/boards/:board_id/lists
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`            | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `board_id`   | integer  | yes    | The ID of a board |
-| `label_id`         | integer  | yes | The ID of a label |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `label_id` | integer | yes | The ID of a label |
 
 ```bash
 curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1/lists?label_id=5
@@ -199,10 +352,10 @@ PUT /projects/:id/boards/:board_id/lists/:list_id
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`            | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `board_id`   | integer  | yes    | The ID of a board |
-| `list_id`      | integer | yes | The ID of a board's list |
-| `position`         | integer  | yes  | The position of the list |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id` | integer | yes | The ID of a board's list |
+| `position` | integer | yes | The position of the list |
 
 ```bash
 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1/lists/1?position=2
@@ -232,9 +385,9 @@ DELETE /projects/:id/boards/:board_id/lists/:list_id
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`            | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `board_id`   | integer  | yes    | The ID of a board |
-| `list_id`      | integer | yes | The ID of a board's list |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id` | integer | yes | The ID of a board's list |
 
 ```bash
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/5/boards/1/lists/1

doc/api/group_boards.md

+# Group Issue Boards API
+
+Every API call to group boards must be authenticated.
+
+If a user is not a member of a group and the group is private, a `GET`
+request will result in `404` status code.
+
+## Group Board
+
+Lists Issue Boards in the given group.
+
+```
+GET /groups/:id/boards
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards
+```
+
+Example response:
+
+```json
+[
+  {
+    "id": 1,
+    "name:": "group issue board",
+    "group_id": 5,
+    "milestone":   {
+      "id": 12
+      "title": "10.0"
+    },
+    "lists" : [
+      {
+        "id" : 1,
+        "label" : {
+          "name" : "Testing",
+          "color" : "#F0AD4E",
+          "description" : null
+        },
+        "position" : 1
+      },
+      {
+        "id" : 2,
+        "label" : {
+          "name" : "Ready",
+          "color" : "#FF0000",
+          "description" : null
+        },
+        "position" : 2
+      },
+      {
+        "id" : 3,
+        "label" : {
+          "name" : "Production",
+          "color" : "#FF5F00",
+          "description" : null
+        },
+        "position" : 3
+      }
+    ]
+  }
+]
+```
+
+## Single board
+
+Gets a single board.
+
+```
+GET /groups/:id/boards/:board_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1
+```
+
+Example response:
+
+```json
+  {
+    "id": 1,
+    "name:": "group issue board",
+    "group_id": 5,
+    "milestone":   {
+      "id": 12
+      "title": "10.0"
+    },
+    "lists" : [
+      {
+        "id" : 1,
+        "label" : {
+          "name" : "Testing",
+          "color" : "#F0AD4E",
+          "description" : null
+        },
+        "position" : 1
+      },
+      {
+        "id" : 2,
+        "label" : {
+          "name" : "Ready",
+          "color" : "#FF0000",
+          "description" : null
+        },
+        "position" : 2
+      },
+      {
+        "id" : 3,
+        "label" : {
+          "name" : "Production",
+          "color" : "#FF5F00",
+          "description" : null
+        },
+        "position" : 3
+      }
+    ]
+  }
+```
+
+## Create a board
+
+Creates a board.
+
+```
+POST /groups/:id/boards
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `name` | string | yes | The name of the new board |
+
+```bash
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards?name=newboard
+```
+
+Example response:
+
+```json
+  {
+    "id": 1,
+    "name": "newboard",
+    "group_id": 5,
+    "milestone":   {
+      "id": 12
+      "title": "10.0"
+    },
+    "lists" : [
+      {
+        "id" : 1,
+        "label" : {
+          "name" : "Testing",
+          "color" : "#F0AD4E",
+          "description" : null
+        },
+        "position" : 1
+      },
+      {
+        "id" : 2,
+        "label" : {
+          "name" : "Ready",
+          "color" : "#FF0000",
+          "description" : null
+        },
+        "position" : 2
+      },
+      {
+        "id" : 3,
+        "label" : {
+          "name" : "Production",
+          "color" : "#FF5F00",
+          "description" : null
+        },
+        "position" : 3
+      }
+    ]
+  }
+```
+
+## Delete a board
+
+Deletes a board.
+
+```
+DELETE /groups/:id/boards/:board_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1
+```
+
+## List board lists
+
+Get a list of the board's lists.
+Does not include `backlog` and `closed` lists
+
+```
+GET /groups/:id/boards/:board_id/lists
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1/lists
+```
+
+Example response:
+
+```json
+[
+  {
+    "id" : 1,
+    "label" : {
+      "name" : "Testing",
+      "color" : "#F0AD4E",
+      "description" : null
+    },
+    "position" : 1
+  },
+  {
+    "id" : 2,
+    "label" : {
+      "name" : "Ready",
+      "color" : "#FF0000",
+      "description" : null
+    },
+    "position" : 2
+  },
+  {
+    "id" : 3,
+    "label" : {
+      "name" : "Production",
+      "color" : "#FF5F00",
+      "description" : null
+    },
+    "position" : 3
+  }
+]
+```
+
+## Single board list
+
+Get a single board list.
+
+```
+GET /groups/:id/boards/:board_id/lists/:list_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id` | integer | yes | The ID of a board's list |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1/lists/1
+```
+
+Example response:
+
+```json
+{
+  "id" : 1,
+  "label" : {
+    "name" : "Testing",
+    "color" : "#F0AD4E",
+    "description" : null
+  },
+  "position" : 1
+}
+```
+
+## New board list
+
+Creates a new Issue Board list.
+
+```
+POST /groups/:id/boards/:board_id/lists
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `label_id` | integer | yes | The ID of a label |
+
+```bash
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1/lists?label_id=5
+```
+
+Example response:
+
+```json
+{
+  "id" : 1,
+  "label" : {
+    "name" : "Testing",
+    "color" : "#F0AD4E",
+    "description" : null
+  },
+  "position" : 1
+}
+```
+
+## Edit board list
+
+Updates an existing Issue Board list. This call is used to change list position.
+
+```
+PUT /groups/:id/boards/:board_id/lists/:list_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`            | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id` | integer | yes | The ID of a board's list |
+| `position` | integer | yes | The position of the list |
+
+```bash
+curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/group/5/boards/1/lists/1?position=2
+```
+
+Example response:
+
+```json
+{
+  "id" : 1,
+  "label" : {
+    "name" : "Testing",
+    "color" : "#F0AD4E",
+    "description" : null
+  },
+  "position" : 1
+}
+```
+
+## Delete a board list
+
+Only for admins and group owners. Soft deletes the board list in question.
+
+```
+DELETE /groups/:id/boards/:board_id/lists/:list_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `board_id` | integer | yes | The ID of a board |
+| `list_id` | integer | yes | The ID of a board's list |
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/5/boards/1/lists/1
+```

doc/ci/examples/README.md

@@ -58,6 +58,10 @@ Apart from those, here is an collection of tutorials and guides on setting up yo
 
 - [Scan your code for vulnerabilities](sast.md)
 
+### Dynamic Application Security Testing (DAST)
+
+- [Scan your app for vulnerabilities](dast.md)
+
 ### Browser Performance Testing with Sitespeed.io
 
 - [Analyze browser performance with Sitespeed.io](browser_performance.md)

doc/ci/examples/code_climate.md

@@ -16,8 +16,7 @@ codequality:
     - docker:dind
   script:
     - docker pull codeclimate/codeclimate
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate init
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json
+    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > codeclimate.json || true
   artifacts:
     paths: [codeclimate.json]
 ```

doc/ci/examples/dast.md

+# Dynamic application security testing with GitLab CI/CD
+
+NOTE: **Note:**
+In order to use this tool, a [GitLab Enterprise Edition Ultimate][ee] license
+is needed.
+
+This example shows how to run
+[Dynamic Application Security Testing (DAST)](https://en.wikipedia.org/wiki/Dynamic_program_analysis)
+on your project's source code by using GitLab CI/CD.
+
+All you need is a GitLab Runner with the Docker executor (the shared Runners on
+GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`,
+called `dast`:
+
+```yaml
+dast:
+  image: owasp/zap2docker-stable
+  script:
+    - mkdir /zap/wrk/
+    - /zap/zap-baseline.py -J gl-dast-report.json -t http://dzaporozhets.me/ || true
+    - cp /zap/wrk/gl-dast-report.json .
+  artifacts:
+    paths: [gl-dast-report.json]
+```
+
+DAST is using a popular open source tool 
+[OWASP ZAProxy](https://github.com/zaproxy/zaproxy) to perform an analysis.
+
+The above example will create a `dast` job in your CI pipeline and will allow
+you to download and analyze the report artifact in JSON format.
+
+TIP: **Tip:**
+Starting with GitLab Enterprise Edition Ultimate 10.4, this information will
+be automatically extracted and shown right in the merge request widget. To do
+so, the CI job must be named `dast` and the artifact path must be
+`gl-dast-report.json`.
+[Learn more on application security testing results shown in merge requests](../../user/project/merge_requests/sast.md).
+
+[ee]: https://about.gitlab.com/gitlab-ee/