Merge branch 'ce-to-ee-2018-06-20' into 'master'

CE upstream - 2018-06-20 15:42 UTC Closes gitaly#889 See merge request gitlab-org/gitlab-ee!6206

Merge branch 'ce-to-ee-2018-06-20' into 'master'
CE upstream - 2018-06-20 15:42 UTC Closes gitaly#889 See merge request gitlab-org/gitlab-ee!6206
4c636e3c · Stan Hu · 665b177d · e7b19554 · 4c636e3c · 4c636e3c
Commit 4c636e3c authored Jun 20, 2018 by Stan Hu
20 changed files
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -30,7 +30,7 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._
    - [Type labels](#type-labels)
    - [Subject labels](#subject-labels)
    - [Team labels](#team-labels)
-    - [Milestone labels](#milestone-labels)
+    - [Release Scoping labels](#release-scoping-labels)
    - [Bug Priority labels](#bug-priority-labels)
    - [Bug Severity labels](#bug-severity-labels)
        - [Severity impact guidance](#severity-impact-guidance)
@@ -134,7 +134,7 @@ Most issues will have labels for at least one of the following:
 - Type: ~"feature proposal", ~bug, ~customer, etc.
 - Subject: ~wiki, ~"container registry", ~ldap, ~api, ~frontend, etc.
 - Team: ~"CI/CD", ~Discussion, ~Quality, ~Platform, etc.
- Milestone: ~Deliverable, ~Stretch, ~"Next Patch Release"
+- Release Scoping: ~Deliverable, ~Stretch, ~"Next Patch Release"
 - Priority: ~P1, ~P2, ~P3, ~P4
 - Severity: ~S1, ~S2, ~S3, ~S4

@@ -208,10 +208,10 @@ indicate if an issue needs backend work, frontend work, or both.
 Team labels are always capitalized so that they show up as the first label for
 any issue.

-### Milestone labels
+### Release Scoping labels

-Milestone labels help us clearly communicate expectations of the work for the
-release. There are three levels of Milestone labels:
+Release Scoping labels help us clearly communicate expectations of the work for the
+release. There are three levels of Release Scoping labels:

 - ~Deliverable: Issues that are expected to be delivered in the current
  milestone.

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -832,7 +832,7 @@ GEM
    rubyzip (1.2.1)
    rufus-scheduler (3.4.0)
      et-orbi (~> 1.0)
-    rugged (0.27.1)
+    rugged (0.27.2)
    safe_yaml (1.0.4)
    sanitize (2.1.0)
      nokogiri (>= 1.4.4)

--- a/app/assets/stylesheets/bootstrap_migration.scss
+++ b/app/assets/stylesheets/bootstrap_migration.scss
@@ -89,11 +89,6 @@ a {
  color: $gl-link-color;
 }

-a:not(.btn):focus,
-a:not(.btn):active {
-  text-decoration: underline;
-}
-
 hr {
  overflow: hidden;
 }

--- a/app/assets/stylesheets/framework/contextual_sidebar.scss
+++ b/app/assets/stylesheets/framework/contextual_sidebar.scss
@@ -193,7 +193,6 @@
      &:focus {
        background: $link-active-background;
        color: $gl-text-color;
-        text-decoration: none;
      }
    }


--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -899,7 +899,7 @@ class Repository
    @root_ref_sha ||= commit(root_ref).sha
  end

-  delegate :merged_branch_names, :can_be_merged?, to: :raw_repository
+  delegate :merged_branch_names, to: :raw_repository

  def merge_base(first_commit_id, second_commit_id)
    first_commit_id = commit(first_commit_id).try(:id) || first_commit_id

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -298,6 +298,7 @@ class ProjectPolicy < BasePolicy
    prevent(*create_read_update_admin_destroy(:build))
    prevent(*create_read_update_admin_destroy(:pipeline_schedule))
    prevent(*create_read_update_admin_destroy(:environment))
+    prevent(*create_read_update_admin_destroy(:cluster))
    prevent(*create_read_update_admin_destroy(:deployment))
  end


--- a/changelogs/unreleased/47631-operations-kubernetes-option-is-always-visible-when-repository-or-builds-are-disabled.yml
+++ b/changelogs/unreleased/47631-operations-kubernetes-option-is-always-visible-when-repository-or-builds-are-disabled.yml
+---
+title: Omits operartions and kubernetes item from project sidebar when repository or builds are disabled
+merge_request: 19835
+author:
+type: fixed
--- a/changelogs/unreleased/blackst0ne-rails5-found-new-routes-that-could-cause-conflicts-with-existing-namespaced-routes.yml
+++ b/changelogs/unreleased/blackst0ne-rails5-found-new-routes-that-could-cause-conflicts-with-existing-namespaced-routes.yml
+---
+title: "[Rails5] Fix ActionCable '/cable' mountpoint conflict"
+merge_request: 20015
+author: "@blackst0ne"
+type: fixed
--- a/changelogs/unreleased/fix-favicon-cross-origin.yml
+++ b/changelogs/unreleased/fix-favicon-cross-origin.yml
+---
+title: Serve favicon image always from the main GitLab domain to avoid issues with CORS
+merge_request: 19810
+author: Alexis Reigel
+type: fixed
--- a/changelogs/unreleased/sh-bump-rugged-0-27-2.yml
+++ b/changelogs/unreleased/sh-bump-rugged-0-27-2.yml
+---
+title: Bump rugged to 0.27.2
+merge_request:
+author:
+type: fixed
--- a/config/application.rb
+++ b/config/application.rb
@@ -71,6 +71,13 @@ module Gitlab
    # Configure the default encoding used in templates for Ruby 1.9.
    config.encoding = "utf-8"

+    # ActionCable mount point.
+    # The default Rails' mount point is `/cable` which may conflict with existing
+    # namespaces/users.
+    # https://github.com/rails/rails/blob/5-0-stable/actioncable/lib/action_cable.rb#L38
+    # Please change this value when configuring ActionCable for real usage.
+    config.action_cable.mount_path = "-" if rails5?
+
    # Configure sensitive parameters which will be filtered from the log file.
    #
    # Parameters filtered:

--- a/doc/api/members.md
+++ b/doc/api/members.md
@@ -173,3 +173,7 @@ DELETE /projects/:id/members/:user_id
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/:id/members/:user_id
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/:id/members/:user_id
 ```
+
+## Give a group access to a project
+
+Look at [share project with group](projects.md#share-project-with-group)
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -1225,7 +1225,7 @@ POST /projects/:id/share
 | --------- | ---- | -------- | ----------- |
 | `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `group_id` | integer | yes | The ID of the group to share with |
-| `group_access` | integer | yes | The permissions level to grant the group |
+| `group_access` | integer | yes | The [permissions level](members.md) to grant the group |
 | `expires_at` | string | no | Share expiration date in ISO 8601 format: 2016-09-26 |

 ## Delete a shared project link within a group

--- a/lib/gitlab/favicon.rb
+++ b/lib/gitlab/favicon.rb
@@ -2,10 +2,10 @@ module Gitlab
  class Favicon
    class << self
      def main
-        return appearance_favicon.url if appearance_favicon.exists?
-
        image_name =
-          if Gitlab::Utils.to_boolean(ENV['CANARY'])
+          if appearance_favicon.exists?
+            appearance_favicon.url
+          elsif Gitlab::Utils.to_boolean(ENV['CANARY'])
            'favicon-yellow.png'
          elsif Rails.env.development?
            'favicon-green.png'
@@ -13,7 +13,7 @@ module Gitlab
            'favicon.png'
          end

-        ActionController::Base.helpers.image_path(image_name)
+        ActionController::Base.helpers.image_path(image_name, host: host)
      end

      def status_overlay(status_name)
@@ -22,7 +22,7 @@ module Gitlab
          "#{status_name}.png"
        )

-        ActionController::Base.helpers.image_path(path)
+        ActionController::Base.helpers.image_path(path, host: host)
      end

      def available_status_names
@@ -35,6 +35,16 @@ module Gitlab

      private

+      # we only want to create full urls when there's a different asset_host
+      # configured.
+      def host
+        if Gitlab::Application.config.asset_host.nil? || Gitlab::Application.config.asset_host == Gitlab.config.gitlab.base_url
+          nil
+        else
+          Gitlab.config.gitlab.base_url
+        end
+      end
+
      def appearance
        RequestStore.store[:appearance] ||= (Appearance.current || Appearance.new)
      end

--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -1417,13 +1417,8 @@ module Gitlab
      end

      def can_be_merged?(source_sha, target_branch)
-        gitaly_migrate(:can_be_merged) do |is_enabled|
-          if is_enabled
-            gitaly_can_be_merged?(source_sha, find_branch(target_branch, true).target)
-          else
-            rugged_can_be_merged?(source_sha, target_branch)
-          end
-        end
+        target_sha = find_branch(target_branch, true).target
+        !gitaly_conflicts_client(source_sha, target_sha).conflicts?
      end

      def search_files_by_name(query, ref)
@@ -2246,14 +2241,6 @@ module Gitlab
        run_git(['fetch', remote_name], env: env).last.zero?
      end

-      def gitaly_can_be_merged?(their_commit, our_commit)
-        !gitaly_conflicts_client(our_commit, their_commit).conflicts?
-      end
-
-      def rugged_can_be_merged?(their_commit, our_commit)
-        !rugged.merge_commits(our_commit, their_commit).conflicts?
-      end
-
      def gitlab_projects_error
        raise CommandError, @gitlab_projects.output
      end

--- a/lib/tasks/gettext.rake
+++ b/lib/tasks/gettext.rake
@@ -53,25 +53,34 @@ namespace :gettext do
  task :updated_check do
    # Removing all pre-translated files speeds up `gettext:find` as the
    # files don't need to be merged.
-    `rm locale/*/gitlab.po`
+    # Having `LC_MESSAGES/gitlab.mo files present also confuses the output.
+    FileUtils.rm Dir['locale/**/gitlab.*']
+
+    # Make sure we start out with a clean pot.file
+    `git checkout -- locale/gitlab.pot`

    # `gettext:find` writes touches to temp files to `stderr` which would cause
-    # `static-analysis` to report failures. We can ignore these
-    silence_stream(STDERR) { Rake::Task['gettext:find'].invoke }
+    # `static-analysis` to report failures. We can ignore these.
+    silence_stream($stderr) do
+      Rake::Task['gettext:find'].invoke
+    end

-    changed_files = `git diff --name-only`.lines.map(&:strip)
+    pot_diff = `git diff -- locale/gitlab.pot`.strip

    # reset the locale folder for potential next tasks
    `git checkout -- locale`

-    if changed_files.include?('locale/gitlab.pot')
+    if pot_diff.present?
      raise <<~MSG
        Newly translated strings found, please add them to `gitlab.pot` by running:

-          bundle exec rake gettext:find; git checkout -- locale/*/gitlab.po;
+          rm locale/**/gitlab.*; bin/rake gettext:find; git checkout -- locale/*/gitlab.po

        Then commit and push the resulting changes to `locale/gitlab.pot`.

+        The diff was:
+
+        #{pot_diff}
      MSG
    end
  end

--- a/lib/tasks/lint.rake
+++ b/lib/tasks/lint.rake
@@ -17,13 +17,22 @@ unless Rails.env.production?
      Rake::Task['eslint'].invoke
    end

+    desc "GitLab | lint | Lint HAML files"
+    task :haml do
+      begin
+        Rake::Task['haml_lint'].invoke
+      rescue RuntimeError # The haml_lint tasks raise a RuntimeError
+        exit(1)
+      end
+    end
+
    desc "GitLab | lint | Run several lint checks"
    task :all do
      status = 0

      %w[
        config_lint
-        haml_lint
+        lint:haml
        scss_lint
        flay
        gettext:lint
@@ -39,13 +48,12 @@ unless Rails.env.production?
          $stderr.reopen(wr_err)

          begin
-            begin
-              Rake::Task[task].invoke
-            rescue RuntimeError # The haml_lint tasks raise a RuntimeError
-              exit(1)
-            end
+            Rake::Task[task].invoke
          rescue SystemExit => ex
-            msg = "*** Rake task #{task} failed with the following error(s):"
+            msg = "*** Rake task #{task} exited:"
+            raise ex
+          rescue => ex
+            msg = "*** Rake task #{task} raised #{ex.class}:"
            raise ex
          ensure
            $stdout.reopen(stdout)

--- a/spec/lib/gitlab/favicon_spec.rb
+++ b/spec/lib/gitlab/favicon_spec.rb
@@ -21,6 +21,21 @@ RSpec.describe Gitlab::Favicon, :request_store do
      create :appearance, favicon: fixture_file_upload('spec/fixtures/dk.png')
      expect(described_class.main).to match %r{/uploads/-/system/appearance/favicon/\d+/dk.png}
    end
+
+    context 'asset host' do
+      before do
+        allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production'))
+      end
+
+      it 'returns a relative url when the asset host is not configured' do
+        expect(described_class.main).to match %r{^/assets/favicon-(?:\h+).png$}
+      end
+
+      it 'returns a full url when the asset host is configured' do
+        allow(Gitlab::Application.config).to receive(:asset_host).and_return('http://assets.local')
+        expect(described_class.main).to match %r{^http://localhost/assets/favicon-(?:\h+).png$}
+      end
+    end
  end

  describe '.status_overlay' do

--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -434,44 +434,34 @@ describe Repository do
  end

  describe '#can_be_merged?' do
-    shared_examples 'can be merged' do
-      context 'mergeable branches' do
-        subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }
+    context 'mergeable branches' do
+      subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }

-        it { is_expected.to be_truthy }
-      end
-
-      context 'non-mergeable branches without conflict sides missing' do
-        subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }
-
-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_truthy }
+    end

-      context 'non-mergeable branches with conflict sides missing' do
-        subject { repository.can_be_merged?('conflict-missing-side', 'conflict-start') }
+    context 'non-mergeable branches without conflict sides missing' do
+      subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }

-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_falsey }
+    end

-      context 'non merged branch' do
-        subject { repository.merged_to_root_ref?('fix') }
+    context 'non-mergeable branches with conflict sides missing' do
+      subject { repository.can_be_merged?('conflict-missing-side', 'conflict-start') }

-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_falsey }
+    end

-      context 'non existent branch' do
-        subject { repository.merged_to_root_ref?('non_existent_branch') }
+    context 'non merged branch' do
+      subject { repository.merged_to_root_ref?('fix') }

-        it { is_expected.to be_nil }
-      end
+      it { is_expected.to be_falsey }
    end

-    context 'when Gitaly can_be_merged feature is enabled' do
-      it_behaves_like 'can be merged'
-    end
+    context 'non existent branch' do
+      subject { repository.merged_to_root_ref?('non_existent_branch') }

-    context 'when Gitaly can_be_merged feature is disabled', :disable_gitaly do
-      it_behaves_like 'can be merged'
+      it { is_expected.to be_nil }
    end
  end


--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -151,6 +151,44 @@ describe ProjectPolicy do
    end
  end

+  context 'builds feature' do
+    subject { described_class.new(owner, project) }
+
+    it 'disallows all permissions when the feature is disabled' do
+      project.project_feature.update(builds_access_level: ProjectFeature::DISABLED)
+
+      builds_permissions = [
+        :create_pipeline, :update_pipeline, :admin_pipeline, :destroy_pipeline,
+        :create_build, :read_build, :update_build, :admin_build, :destroy_build,
+        :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
+        :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
+        :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster,
+        :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment
+      ]
+
+      expect_disallowed(*builds_permissions)
+    end
+  end
+
+  context 'repository feature' do
+    subject { described_class.new(owner, project) }
+
+    it 'disallows all permissions when the feature is disabled' do
+      project.project_feature.update(repository_access_level: ProjectFeature::DISABLED)
+
+      repository_permissions = [
+        :create_pipeline, :update_pipeline, :admin_pipeline, :destroy_pipeline,
+        :create_build, :read_build, :update_build, :admin_build, :destroy_build,
+        :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
+        :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
+        :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster,
+        :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment
+      ]
+
+      expect_disallowed(*repository_permissions)
+    end
+  end
+
  shared_examples 'archived project policies' do
    let(:feature_write_abilities) do
      described_class::READONLY_FEATURES_WHEN_ARCHIVED.flat_map do |feature|