Merge branch 'master' into 3328-one-request-deploy-boards

* master: (52 commits)
  Auto DevOps docs cleanup
  Document that group Owners can always create subgroups
  Prevent a database update on Geo secondaries
  CE->EE: Fix merge conflicts
  Added QUestion Mark to Feature Promotion Call
  Make resolve discussion icon gray
  this spec will correctly fail when reverting the fix
  Deleted another Fixture due to User Callout
  Fixture Creation removed
  Deleted Karma Specs for userCallout
  Removed User Callout for Customer Experience
  rework the spec
  Fix the "resolve discussion in a new issue" button
  Upgrade gitlab-markup gem
  Use Helper
  Changed based on Feedback
  Fix image diff swipe handle offset to correctly align with the frame
  Stop using Sidekiq for updating Key#last_used_at
  Use gitlab-workhorse 3.1.0
  Remove redundant WHERE from event queries
  ...

CHANGELOG.md

@@ -4,18 +4,19 @@ entry.
 
 ## 9.5.5 (2017-09-18)
 
+- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
 - [FIXED] Fix division by zero error in blame age mapping. !13803 (Jeff Stubler)
 - [FIXED] Fix problems sanitizing URLs with empty passwords. !14083
 - [FIXED] Fix a wrong `X-Gitlab-Event` header when testing webhooks. !14108
 - [FIXED] Fixes the 500 errors caused by a race condition in GPG's tmp directory handling. !14194 (Alexis Reigel)
 - [FIXED] Fix Pipeline Triggers to show triggered label and predefined variables (e.g. CI_PIPELINE_TRIGGERED). !14244
-- [FIXED] Disable GitLab Project Import Button if source disabled.
 - [FIXED] Fix project feature being deleted when updating project with invalid visibility level.
 - [FIXED] Fix new navigation wrapping and causing height to grow.
-- [FIXED] Normalize styles for empty state combo button.
 - [FIXED] Fix buttons with different height in merge request widget.
+- [FIXED] Normalize styles for empty state combo button.
 - [FIXED] Fix broken svg in jobs dropdown for success status.
 - [FIXED] Improve migrations using triggers.
+- [FIXED] Disable GitLab Project Import Button if source disabled.
 - [CHANGED] Update the GPG verification semantics: A GPG signature must additionally match the committer in order to be verified. !13771 (Alexis Reigel)
 - [OTHER] Fix repository equality check and avoid fetching ref if the commit is already available. This affects merge request creation performance. !13685
 - [OTHER] Update documentation for confidential issue. !14117

GITLAB_WORKHORSE_VERSION

-3.0.0
+3.1.0

Gemfile

@@ -126,7 +126,7 @@ gem 'faraday_middleware-aws-signers-v4'
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 1.11.0'
 gem 'deckar01-task_list', '2.0.0'
-gem 'gitlab-markup', '~> 1.5.1'
+gem 'gitlab-markup', '~> 1.6.2'
 gem 'redcarpet', '~> 3.4'
 gem 'RedCloth', '~> 4.3.2'
 gem 'rdoc', '~> 4.2'

Gemfile.lock

@@ -318,7 +318,7 @@ GEM
       mime-types (>= 1.16, < 3)
       posix-spawn (~> 0.3)
     gitlab-license (1.0.0)
-    gitlab-markup (1.5.1)
+    gitlab-markup (1.6.2)
     gitlab_omniauth-ldap (2.0.4)
       net-ldap (~> 0.16)
       omniauth (~> 1.3)
@@ -1064,7 +1064,7 @@ DEPENDENCIES
   github-linguist (~> 4.7.0)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-license (~> 1.0)
-  gitlab-markup (~> 1.5.1)
+  gitlab-markup (~> 1.6.2)
   gitlab_omniauth-ldap (~> 2.0.4)
   gollum-lib (~> 4.2)
   gollum-rugged_adapter (~> 0.4.4)

app/assets/javascripts/commit/image_file.js

@@ -134,8 +134,9 @@
               width: maxWidth + 1,
               height: maxHeight + 2
             });
+            // Set swipeBar left position to match image frame
             $swipeBar.css({
-              left: 0
+              left: 1
             });
 
             wrapPadding = parseInt($swipeWrap.css('right').replace('px', ''), 10);

app/assets/stylesheets/new_nav.scss

@@ -375,8 +375,6 @@ header.navbar-gitlab-new {
   display: flex;
   width: 100%;
   position: relative;
-  padding-top: $gl-padding;
-  padding-bottom: $gl-padding;
   align-items: center;
   border-bottom: 1px solid $border-color;
 }
@@ -388,6 +386,11 @@ header.navbar-gitlab-new {
   align-self: center;
   color: $gl-text-color-secondary;
 
+  @media (max-width: $screen-xs-max) {
+    padding-left: 17px;
+    border-left: 1px solid $gl-text-color-quaternary;
+  }
+
   .avatar-tile {
     margin-right: 4px;
     border: 1px solid $border-color;

app/assets/stylesheets/new_sidebar.scss

@@ -445,9 +445,8 @@ $new-sidebar-collapsed-width: 50px;
   background-color: transparent;
   border: 0;
   padding: 6px 16px;
-  margin: 0 16px 0 -15px;
+  margin: 0 0 0 -15px;
   height: 46px;
-  border-right: 1px solid $gl-text-color-quaternary;
 
   i {
     font-size: 20px;
@@ -455,7 +454,12 @@ $new-sidebar-collapsed-width: 50px;
   }
 
   @media (max-width: $screen-xs-max) {
-    display: inline-block;
+    display: flex;
+    align-items: center;
+
+    i {
+      font-size: 18px;
+    }
   }
 }
 

app/assets/stylesheets/pages/admin.scss

+.info-well {
+  .admin-well-statistics,
+  .admin-well-features {
+    padding-bottom: 46px;
+  }
+}

app/assets/stylesheets/pages/notes.scss

@@ -727,6 +727,12 @@ ul.notes {
     border-bottom-left-radius: 0;
   }
 
+  .btn {
+    svg path {
+      fill: $gray-darkest;
+    }
+  }
+
   .btn.discussion-create-issue-btn {
     margin-left: -4px;
     border-radius: 0;
@@ -741,10 +747,6 @@ ul.notes {
         border: 0;
       }
     }
-
-    .new-issue-for-discussion path {
-      fill: $gray-darkest;
-    }
   }
 }
 
@@ -817,16 +819,6 @@ ul.notes {
   vertical-align: middle;
 }
 
-.discussion-next-btn {
-  svg {
-    margin: 0;
-
-    path {
-      fill: $gray-darkest;
-    }
-  }
-}
-
 // Merge request notes in diffs
 .diff-file {
   // Diff is inline

app/controllers/projects/forks_controller.rb

@@ -9,14 +9,12 @@ class Projects::ForksController < Projects::ApplicationController
   def index
     base_query = project.forks.includes(:creator)
 
-    @forks               = base_query.merge(ProjectsFinder.new(current_user: current_user).execute)
+    forks                = ForkProjectsFinder.new(project, params: params.merge(search: params[:filter_projects]), current_user: current_user).execute
     @total_forks_count   = base_query.size
-    @private_forks_count = @total_forks_count - @forks.size
+    @private_forks_count = @total_forks_count - forks.size
     @public_forks_count  = @total_forks_count - @private_forks_count
 
-    @sort  = params[:sort] || 'id_desc'
-    @forks = @forks.search(params[:filter_projects]) if params[:filter_projects].present?
-    @forks = @forks.order_by(@sort).page(params[:page])
+    @forks = forks.page(params[:page])
 
     respond_to do |format|
       format.html

app/finders/fork_projects_finder.rb

+class ForkProjectsFinder < ProjectsFinder
+  def initialize(project, params: {}, current_user: nil)
+    project_ids = project.forks.includes(:creator).select(:id)
+    super(params: params, current_user: current_user, project_ids_relation: project_ids)
+  end
+end

app/helpers/milestones_helper.rb

@@ -94,6 +94,12 @@ module MilestonesHelper
     end
   end
 
+  def milestone_tooltip_title(milestone)
+    if milestone.due_date
+      [milestone.due_date.to_s(:medium), "(#{milestone_remaining_days(milestone)})"].join(' ')
+    end
+  end
+
   def milestone_remaining_days(milestone)
     if milestone.expired?
       content_tag(:strong, 'Past due')

app/models/event.rb

 class Event < ActiveRecord::Base
   include Sortable
   include IgnorableColumn
-  default_scope { reorder(nil).where.not(author_id: nil) }
+  default_scope { reorder(nil) }
 
   CREATED   = 1
   UPDATED   = 2
@@ -83,6 +83,12 @@ class Event < ActiveRecord::Base
   scope :merged, -> { where(action: MERGED) }
   scope :totals_by_author, -> { group(:author_id).count }
 
+  # Authors are required as they're used to display who pushed data.
+  #
+  # We're just validating the presence of the ID here as foreign key constraints
+  # should ensure the ID points to a valid user.
+  validates :author_id, presence: true
+
   self.inheritance_column = 'action'
 
   # "data" will be removed in 10.0 but it may be possible that JOINs happen that

app/models/issue.rb

@@ -310,8 +310,6 @@ class Issue < ActiveRecord::Base
   end
 
   def update_project_counter_caches
-    return unless update_project_counter_caches?
-
     Projects::OpenIssuesCountService.new(project).refresh_cache
   end
 

app/models/key.rb

@@ -4,8 +4,6 @@ class Key < ActiveRecord::Base
   include Gitlab::CurrentSettings
   include Sortable
 
-  LAST_USED_AT_REFRESH_TIME = 1.day.to_i
-
   belongs_to :user
 
   before_validation :generate_fingerprint
@@ -57,10 +55,7 @@ class Key < ActiveRecord::Base
   end
 
   def update_last_used_at
-    lease = Gitlab::ExclusiveLease.new("key_update_last_used_at:#{id}", timeout: LAST_USED_AT_REFRESH_TIME)
-    return unless lease.try_obtain
-
-    UseKeyWorker.perform_async(id)
+    Keys::LastUsedService.new(self).execute
   end
 
   def add_to_shell

app/models/merge_request.rb

@@ -987,8 +987,6 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def update_project_counter_caches
-    return unless update_project_counter_caches?
-
     Projects::OpenMergeRequestsCountService.new(target_project).refresh_cache
   end
 

app/models/milestone.rb

@@ -166,9 +166,7 @@ class Milestone < ActiveRecord::Base
   #   Milestone.first.to_reference(cross_namespace_project)  # => "gitlab-org/gitlab-ce%1"
   #   Milestone.first.to_reference(same_namespace_project)   # => "gitlab-ce%1"
   #
-  def to_reference(from_project = nil, format: :iid, full: false)
-    return if group_milestone? && format != :name
-
+  def to_reference(from_project = nil, format: :name, full: false)
     format_reference = milestone_format_reference(format)
     reference = "#{self.class.reference_prefix}#{format_reference}"
 
@@ -245,6 +243,10 @@ class Milestone < ActiveRecord::Base
   def milestone_format_reference(format = :iid)
     raise ArgumentError, 'Unknown format' unless [:iid, :name].include?(format)
 
+    if group_milestone? && format == :iid
+      raise ArgumentError, 'Cannot refer to a group milestone by an internal id!'
+    end
+
     if format == :name && !name.include?('"')
       %("#{name}")
     else

app/models/push_event.rb

@@ -3,12 +3,6 @@ class PushEvent < Event
   # different "action" value.
   validate :validate_push_action
 
-  # Authors are required as they're used to display who pushed data.
-  #
-  # We're just validating the presence of the ID here as foreign key constraints
-  # should ensure the ID points to a valid user.
-  validates :author_id, presence: true
-
   # The project is required to build links to commits, commit ranges, etc.
   #
   # We're just validating the presence of the ID here as foreign key constraints

app/services/issuable_base_service.rb

@@ -184,6 +184,7 @@ class IssuableBaseService < BaseService
       after_create(issuable)
       execute_hooks(issuable)
       invalidate_cache_counts(issuable, users: issuable.assignees)
+      issuable.update_project_counter_caches
     end
 
     issuable
@@ -195,8 +196,6 @@ class IssuableBaseService < BaseService
 
   def after_create(issuable)
     # To be overridden by subclasses
-
-    issuable.update_project_counter_caches
   end
 
   def before_update(issuable)
@@ -205,8 +204,6 @@ class IssuableBaseService < BaseService
 
   def after_update(issuable)
     # To be overridden by subclasses
-
-    issuable.update_project_counter_caches
   end
 
   def update(issuable)
@@ -231,6 +228,10 @@ class IssuableBaseService < BaseService
 
       before_update(issuable)
 
+      # We have to perform this check before saving the issuable as Rails resets
+      # the changed fields upon calling #save.
+      update_project_counters = issuable.update_project_counter_caches?
+
       if issuable.with_transaction_returning_status { issuable.save }
         # We do not touch as it will affect a update on updated_at field
         ActiveRecord::Base.no_touching do
@@ -251,6 +252,8 @@ class IssuableBaseService < BaseService
         after_update(issuable)
         issuable.create_new_cross_references!(current_user)
         execute_hooks(issuable, 'update')
+
+        issuable.update_project_counter_caches if update_project_counters
       end
     end
 

app/services/issues/close_service.rb

@@ -29,6 +29,7 @@ module Issues
         todo_service.close_issue(issue, current_user)
         execute_hooks(issue, 'close')
         invalidate_cache_counts(issue, users: issue.assignees)
+        issue.update_project_counter_caches
       end
 
       issue

app/services/keys/last_used_service.rb

+module Keys
+  class LastUsedService
+    prepend ::EE::Keys::LastUsedService
+
+    TIMEOUT = 1.day.to_i
+
+    attr_reader :key
+
+    # key - The Key for which to update the last used timestamp.
+    def initialize(key)
+      @key = key
+    end
+
+    def execute
+      # We _only_ want to update last_used_at and not also updated_at (which
+      # would be updated when using #touch).
+      key.update_column(:last_used_at, Time.zone.now) if update?
+    end
+
+    def update?
+      last_used = key.last_used_at
+
+      return false if last_used && (Time.zone.now - last_used) <= TIMEOUT
+
+      !!redis_lease.try_obtain
+    end
+
+    private
+
+    def redis_lease
+      Gitlab::ExclusiveLease
+        .new("key_update_last_used_at:#{key.id}", timeout: TIMEOUT)
+    end
+  end
+end

app/services/merge_requests/close_service.rb

@@ -14,6 +14,7 @@ module MergeRequests
         todo_service.close_merge_request(merge_request, current_user)
         execute_hooks(merge_request, 'close')
         invalidate_cache_counts(merge_request, users: merge_request.assignees)
+        merge_request.update_project_counter_caches
       end
 
       merge_request

app/services/projects/count_service.rb

@@ -2,6 +2,11 @@ module Projects
   # Base class for the various service classes that count project data (e.g.
   # issues or forks).
   class CountService
+    # The version of the cache format. This should be bumped whenever the
+    # underlying logic changes. This removes the need for explicitly flushing
+    # all caches.
+    VERSION = 1
+
     def initialize(project)
       @project = project
     end
@@ -37,7 +42,7 @@ module Projects
     end
 
     def cache_key
-      ['projects', @project.id, cache_key_name]
+      ['projects', 'count_service', VERSION, @project.id, cache_key_name]
     end
   end
 end

app/views/admin/dashboard/index.html.haml

@@ -10,7 +10,7 @@
     .row
       .col-md-4
         .info-well
-          .well-segment.admin-well
+          .well-segment.admin-well.admin-well-statistics
             %h4 Statistics
             %p
               Forks
@@ -46,7 +46,7 @@
                 = number_with_delimiter(User.active.count)
       .col-md-4
         .info-well
-          .well-segment.admin-well
+          .well-segment.admin-well.admin-well-features
             %h4 Features
             - sign_up = "Sign up"
             %p{ "aria-label" => "#{sign_up}: status " + (signup_enabled? ? "on" : "off") }
@@ -126,6 +126,10 @@
               GitLab API
               %span.pull-right
                 = API::API::version
+            %p
+              Gitaly
+              %span.pull-right
+                = Gitlab::GitalyClient.expected_server_version
             - if Gitlab.config.pages.enabled
               %p
                 GitLab Pages

app/views/dashboard/projects/index.html.haml

@@ -10,9 +10,6 @@
 = render "projects/last_push"
 
 %div{ class: container_class }
-  - if show_callout?('user_callout_dismissed')
-    = render 'shared/user_callout'
-
   - if has_projects_or_name?(@projects, params)
     = render 'dashboard/projects_head'
     = render 'projects'

app/views/discussions/_new_issue_for_all_discussions.html.haml

 - if merge_request.discussions_can_be_resolved_by?(current_user) && can?(current_user, :create_issue, @project)
   .btn-group{ role: "group", "v-if" => "unresolvedDiscussionCount > 0" }
-    .btn.btn-default.discussion-create-issue-btn.has-tooltip{ title: "Resolve all discussions in new issue",
-                                                             "aria-label" => "Resolve all discussions in a new issue",
-                                                             "data-container" => "body" }
-      = link_to custom_icon('icon_mr_issue'), new_project_issue_path(@project, merge_request_to_resolve_discussions_of: merge_request.iid), title: "Resolve all discussions in new issue", class: 'new-issue-for-discussion'
+    = link_to custom_icon('icon_mr_issue'),
+              new_project_issue_path(@project, merge_request_to_resolve_discussions_of: merge_request.iid),
+              title: 'Resolve all discussions in new issue',
+              aria: { label: 'Resolve all discussions in new issue' },
+              data: { container: 'body' },
+              class: 'new-issue-for-discussion btn btn-default discussion-create-issue-btn has-tooltip'

app/views/discussions/_new_issue_for_discussion.html.haml

@@ -2,7 +2,9 @@
   %new-issue-for-discussion-btn{ ":discussion-id" => "'#{discussion.id}'",
                                  "inline-template" => true }
     .btn-group{ role: "group", "v-if" => "showButton" }
-      .btn.btn-default.discussion-create-issue-btn.has-tooltip{ title: "Resolve this discussion in a new issue",
-                                                               "aria-label" => "Resolve this discussion in a new issue",
-                                                               "data-container" => "body" }
-        = link_to custom_icon('icon_mr_issue'), new_project_issue_path(@project, merge_request_to_resolve_discussions_of: merge_request.iid, discussion_to_resolve: discussion.id), title: "Resolve this discussion in a new issue", class: 'new-issue-for-discussion'
+      = link_to custom_icon('icon_mr_issue'),
+                new_project_issue_path(@project, merge_request_to_resolve_discussions_of: merge_request.iid, discussion_to_resolve: discussion.id),
+                title: 'Resolve this discussion in a new issue',
+                aria: { label: 'Resolve this discussion in a new issue' },
+                data: { container: 'body' },
+                class: 'new-issue-for-discussion btn btn-default discussion-create-issue-btn has-tooltip'

app/views/profiles/accounts/show.html.haml

@@ -74,7 +74,9 @@
       %h4.prepend-top-0.warning-title
         Change username
       %p
-        Changing your username will change path to all personal projects!
+        Changing your username can have unintended side effects.
+        = succeed '.' do
+          = link_to 'Learn more', help_page_path('user/profile/index', anchor: 'changing-your-username'), target: '_blank'
     .col-lg-8
       = form_for @user, url: update_username_profile_path, method: :put, html: {class: "update-username"} do |f|
         .form-group

app/views/projects/issues/_issue.html.haml

@@ -24,7 +24,7 @@
           - if issue.milestone
             %span.issuable-milestone.hidden-xs
                
-              = link_to project_issues_path(issue.project, milestone_title: issue.milestone.title) do
+              = link_to project_issues_path(issue.project, milestone_title: issue.milestone.title), data: { html: 1, toggle: 'tooltip', title: milestone_tooltip_title(issue.milestone) } do
                 = icon('clock-o')
                 = issue.milestone.title
           - if issue.due_date

app/views/projects/merge_requests/_merge_request.html.haml

@@ -23,7 +23,7 @@
         - if merge_request.milestone
           %span.issuable-milestone.hidden-xs
              
-            = link_to project_merge_requests_path(merge_request.project, milestone_title: merge_request.milestone.title) do
+            = link_to project_merge_requests_path(merge_request.project, milestone_title: merge_request.milestone.title), data: { html: 1, toggle: 'tooltip', title: milestone_tooltip_title(merge_request.milestone) } do
               = icon('clock-o')
               = merge_request.milestone.title
         - if merge_request.target_project.default_branch != merge_request.target_branch

app/views/shared/_group_form.html.haml

@@ -22,11 +22,9 @@
 
     - if @group.persisted?
       .alert.alert-warning.prepend-top-10
-        %ul
-          %li Changing group path can have unintended side effects.
-          %li Renaming group path will rename directory for all related projects
-          %li It will change web url for access group and group projects.
-          %li It will change the git path to repositories under this group.
+        Changing group path can have unintended side effects.
+        = succeed '.' do
+          = link_to 'Learn more', help_page_path('user/group/index', anchor: 'changing-a-groups-path'), target: '_blank'
 
 .form-group.group-name-holder
   = f.label :name, class: 'control-label' do

app/views/shared/_user_callout.html.haml

-.user-callout{ data: { uid: 'user_callout_dismissed' } }
-  .bordered-box.landing.content-block
-    %button.btn.btn-default.close.js-close-callout{ type: 'button',
-      'aria-label' => 'Dismiss customize experience box' }
-      = icon('times', class: 'dismiss-icon', 'aria-hidden' => 'true')
-    .svg-container
-      = custom_icon('icon_customization')
-    .user-callout-copy
-      %h4
-        Customize your experience
-      %p
-        Change syntax themes, default project pages, and more in preferences.
-      = link_to 'Check it out', profile_preferences_path, class: 'btn btn-primary js-close-callout'

app/views/shared/issuable/_sidebar.html.haml

@@ -26,7 +26,7 @@
           = icon('clock-o', 'aria-hidden': 'true')
           %span.milestone-title
             - if issuable.milestone
-              %span.has-tooltip{ title: "#{issuable.milestone.title}<br>#{milestone_remaining_days(issuable.milestone)}", data: { container: 'body', html: 1, placement: 'left' } }
+              %span.has-tooltip{ title: "#{issuable.milestone.title}<br>#{milestone_tooltip_title(issuable.milestone)}", data: { container: 'body', html: 1, placement: 'left' } }
                 = issuable.milestone.title
             - else
               None
@@ -37,7 +37,7 @@
             = link_to 'Edit', '#', class: 'js-sidebar-dropdown-toggle edit-link pull-right'
         .value.hide-collapsed
           - if issuable.milestone
-            = link_to issuable.milestone.title, milestone_path(issuable.milestone), class: "bold has-tooltip", title: milestone_remaining_days(issuable.milestone), data: { container: "body", html: 1 }
+            = link_to issuable.milestone.title, milestone_path(issuable.milestone), class: "bold has-tooltip", title: milestone_tooltip_title(issuable.milestone), data: { container: "body", html: 1 }
           - else
             %span.no-value None
 

app/views/shared/issuable/form/_title.html.haml

@@ -30,10 +30,10 @@
         merge request from being merged before it's ready.
 
   - if no_issuable_templates && can?(current_user, :push_code, issuable.project)
-    - if show_promotions?
-      = render 'shared/promotions/promote_issue_templates'
-    - else
+    - if @project.feature_available?(:issuable_default_templates)
       %p.help-block
         Add
         = link_to 'description templates', help_page_path('user/project/description_templates'), tabindex: -1
         to help your contributors communicate effectively!
+    - elsif show_promotions?
+      = render 'shared/promotions/promote_issue_templates'

app/views/users/show.html.haml

@@ -99,8 +99,6 @@
             Snippets
 
   %div{ class: container_class }
-    - if @user == current_user && show_callout?('user_callout_dismissed')
-      = render 'shared/user_callout'
     .tab-content
       #activity.tab-pane
         .row-content-block.calender-block.white.second-block.hidden-xs

app/workers/use_key_worker.rb

-class UseKeyWorker
-  include Sidekiq::Worker
-  include DedicatedSidekiqQueue
-
-  def perform(key_id)
-    key = Key.find(key_id)
-    key.touch(:last_used_at)
-  rescue ActiveRecord::RecordNotFound
-    Rails.logger.error("UseKeyWorker: couldn't find key with ID=#{key_id}, skipping job")
-
-    false
-  end
-end

changelogs/unreleased-ee/3142-fix-merge-request-approvals-validation-error.yml

+---
+title: Fix a merge request validation error on forked projects.
+merge_request: 2932
+author:
+type: fixed

changelogs/unreleased/14395-upgrade-gitlab-markup.yml

+---
+title: Upgrade gitlab-markup gem
+merge_request: 14395
+author: Markus Koller
+type: other

changelogs/unreleased/20049-projects-api-forks.yml

+---
+title: Add an API endpoint to determine the forks of a project
+merge_request:
+author:
+type: added

changelogs/unreleased/36884-gitaly-admin-version.yml

+---
+title: Add Gitaly version to Admin Dashboard
+merge_request: 14313
+author: Jacopo Beschi @jacopo-beschi
+type: added

changelogs/unreleased/38049-fix-resolve-in-new-issue-btn.yml

+---
+title: Fix the "resolve discussion in a new issue" button
+merge_request: 14357
+author:
+type: fixed

changelogs/unreleased/add_tooltip_for_milestone_in_issues_list.yml

+---
+title: Add tooltip for milestone due date to issue and merge request lists
+merge_request: 14318
+author: Vitaliy @blackst0ne Klachkov
+type: added

changelogs/unreleased/events-redundant-where.yml

+---
+title: Remove redundant WHERE from event queries
+merge_request:
+author:
+type: other

changelogs/unreleased/fix-gb-fix-moving-issue-with-ambiguous-references.yml

+---
+title: Fix errors when moving issue with reference to a group milestone
+merge_request: 14294
+author:
+type: fixed

changelogs/unreleased/fix-gpg-tmp-dir-removal-race-condition.yml

----
-title: Fixes the 500 errors caused by a race condition in GPG's tmp directory handling
-merge_request: 14194
-author: Alexis Reigel
-type: fixed

changelogs/unreleased/fix-image-diff-swipe-handle.yml

+---
+title: Fix image diff swipe handle offset to correctly align with the frame
+merge_request:
+author:
+type: fixed

changelogs/unreleased/fix-sm-37559-pipeline-triggered-through-api-not-showing-trigger-variables.yml

----
-title: Fix Pipeline Triggers to show triggered label and predefined variables (e.g.
-  CI_PIPELINE_TRIGGERED)
-merge_request: 14244
-author:
-type: fixed

changelogs/unreleased/issue_37640.yml

----
-title: Fix project feature being deleted when updating project with invalid visibility
-  level
-merge_request:
-author:
-type: fixed

changelogs/unreleased/mk-clarify-moving-namespaces.yml

+---
+title: Expand docs for changing username or group path
+merge_request: 13914
+author:
+type: other

changelogs/unreleased/remove-use-key-worker.yml

+---
+title: Stop using Sidekiq for updating Key#last_used_at
+merge_request:
+author:
+type: changed

config/sidekiq_queues.yml

@@ -38,7 +38,6 @@
   - [invalid_gpg_signature_update, 2]
   - [create_gpg_signature, 2]
   - [upload_checksum, 1]
-  - [use_key, 1]
   - [repository_fork, 1]
   - [repository_import, 1]
   - [project_service, 1]

db/fixtures/development/04_project.rb

@@ -4,9 +4,9 @@ Sidekiq::Testing.inline! do
   Gitlab::Seeder.quiet do
     project_urls = [
       'https://gitlab.com/gitlab-org/gitlab-test.git',
-      'https://gitlab.com/gitlab-org/gitlab-ce.git',
-      'https://gitlab.com/gitlab-org/gitlab-ci.git',
       'https://gitlab.com/gitlab-org/gitlab-shell.git',
+      'https://gitlab.com/gnuwget/wget2.git',
+      'https://gitlab.com/Commit451/LabCoat.git',
       'https://github.com/documentcloud/underscore.git',
       'https://github.com/twitter/flight.git',
       'https://github.com/twitter/typeahead.js.git',

doc/api/projects.md

@@ -645,6 +645,98 @@ POST /projects/:id/fork
 | `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `namespace` | integer/string | yes | The ID or path of the namespace that the project will be forked to |
 
+## List Forks of a project
+
+>**Note:** This feature was introduced in GitLab 10.1
+
+List the projects accessible to the calling user that have an established, forked relationship with the specified project
+
+```
+GET /projects/:id/forks
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
+| `archived` | boolean | no | Limit by archived status |
+| `visibility` | string | no | Limit by visibility `public`, `internal`, or `private` |
+| `order_by` | string | no | Return projects ordered by `id`, `name`, `path`, `created_at`, `updated_at`, or `last_activity_at` fields. Default is `created_at` |
+| `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` |
+| `search` | string | no | Return list of projects matching the search criteria |
+| `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
+| `owned` | boolean | no | Limit by projects owned by the current user |
+| `membership` | boolean | no | Limit by projects that the current user is a member of |
+| `starred` | boolean | no | Limit by projects starred by the current user |
+| `statistics` | boolean | no | Include project statistics |
+| `with_issues_enabled` | boolean | no | Limit by enabled issues feature |
+| `with_merge_requests_enabled` | boolean | no | Limit by enabled merge requests feature |
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/projects/5/forks"
+```
+
+Example responses:
+
+```json
+[
+  {
+    "id": 3,
+    "description": null,
+    "default_branch": "master",
+    "visibility": "internal",
+    "ssh_url_to_repo": "git@example.com:diaspora/diaspora-project-site.git",
+    "http_url_to_repo": "http://example.com/diaspora/diaspora-project-site.git",
+    "web_url": "http://example.com/diaspora/diaspora-project-site",
+    "tag_list": [
+      "example",
+      "disapora project"
+    ],
+    "name": "Diaspora Project Site",
+    "name_with_namespace": "Diaspora / Diaspora Project Site",
+    "path": "diaspora-project-site",
+    "path_with_namespace": "diaspora/diaspora-project-site",
+    "issues_enabled": true,
+    "open_issues_count": 1,
+    "merge_requests_enabled": true,
+    "jobs_enabled": true,
+    "wiki_enabled": true,
+    "snippets_enabled": false,
+    "resolve_outdated_diff_discussions": false,
+    "container_registry_enabled": false,
+    "created_at": "2013-09-30T13:46:02Z",
+    "last_activity_at": "2013-09-30T13:46:02Z",
+    "creator_id": 3,
+    "namespace": {
+      "id": 3,
+      "name": "Diaspora",
+      "path": "diaspora",
+      "kind": "group",
+      "full_path": "diaspora"
+    },
+    "import_status": "none",
+    "archived": true,
+    "avatar_url": "http://example.com/uploads/project/avatar/3/uploads/avatar.png",
+    "shared_runners_enabled": true,
+    "forks_count": 0,
+    "star_count": 1,
+    "public_jobs": true,
+    "shared_with_groups": [],
+    "only_allow_merge_if_pipeline_succeeds": false,
+    "only_allow_merge_if_all_discussions_are_resolved": false,
+    "request_access_enabled": false,
+    "_links": {
+      "self": "http://example.com/api/v4/projects",
+      "issues": "http://example.com/api/v4/projects/1/issues",
+      "merge_requests": "http://example.com/api/v4/projects/1/merge_requests",
+      "repo_branches": "http://example.com/api/v4/projects/1/repository_branches",
+      "labels": "http://example.com/api/v4/projects/1/labels",
+      "events": "http://example.com/api/v4/projects/1/events",
+      "members": "http://example.com/api/v4/projects/1/members"
+    }
+  }
+]
+```
+
 ## Star a project
 
 Stars a given project. Returns status code `304` if the project is already starred.

doc/topics/autodevops/quick_start_guide.md

 # Auto DevOps: quick start guide
 
-> [Introduced][ce-37115] in GitLab 10.0. Auto DevOps is currently in Beta and
-**not recommended for production use**.
+DANGER: Auto DevOps is currently in **Beta** and _not recommended for production use_.
+
+> [Introduced][ce-37115] in GitLab 10.0.
 
 This is a step-by-step guide to deploying a project hosted on GitLab.com to
 Google Cloud, using Auto DevOps.
 
 We made a minimal [Ruby
-application](https://gitlab.com/gitlab-examples/minimal-ruby-app) to use as an
-example for this guide. It contains two files:
+application](https://gitlab.com/auto-devops-examples/minimal-ruby-app) to use
+as an example for this guide. It contains two main files:
 
 * `server.rb` - our application. It will start an HTTP server on port 5000 and
   render "Hello, world!"
@@ -113,11 +114,9 @@ assigned to the cluster IP.
 In your GitLab.com project, go to **Settings > CI/CD** and find the Auto DevOps
 section. Select "Enable Auto DevOps", add in your base domain, and save.
 
-![auto devops settings](img/auto_devops_settings.png)
-
 Next, a pipeline needs to be triggered. Since the test project doesn't have a
 `.gitlab-ci.yml`, you need to either push a change to the repository or
-manually visit `https://gitlab.com/<username>/minimal-ruby-app/pipelines/run`,
+manually visit `https://gitlab.com/<username>/minimal-ruby-app/pipelines/new`,
 where `<username>` is your username.
 
 This will create a new pipeline with several jobs: `build`, `test`, `codequality`,

doc/user/group/index.md

@@ -188,6 +188,27 @@ Besides giving you the option to edit any settings you've previously
 set when [creating the group](#create-a-new-group), you can also
 access further configurations for your group.
 
+#### Changing a group's path
+
+> **Note:** If you want to retain ownership over the original namespace and
+protect the URL redirects, then instead of changing a group's path or renaming a
+username, you can create a new group and transfer projects to it.
+
+Changing a group's path can have unintended side effects.
+
+* Existing web URLs for the group and anything under it (i.e. projects) will
+redirect to the new URLs
+* Existing Git remote URLs for projects under the group will no longer work, but
+Git responses will show an error with the new remote URL
+* The original namespace can be claimed again by any group or user, which will
+destroy web redirects and Git remote warnings
+* If you are vacating the path so it can be claimed by another group or user,
+you may need to rename the group name as well since both names and paths must be
+unique
+
+> It is currently not possible to rename a namespace if it contains a
+project with container registry tags, because the project cannot be moved.
+
 #### Enforce 2FA to group members
 
 Add a security layer to your group by

doc/user/group/subgroups/index.md

@@ -84,10 +84,13 @@ structure.
   a subgroup. For more information check the [permissions table][permissions].
 - For a list of words that are not allowed to be used as group names see the
   [reserved names][reserved].
+- Users can always create subgroups if they are explicitly added as an Owner to
+  a parent group even if group creation is disabled by an administrator in their
+  settings.
 
 To create a subgroup:
 
-1. In the group's dashboard go to the **Subgroups** page and click **Create subgroup**.
+1. In the group's dashboard go to the **Subgroups** page and click **New subgroup**.
 
     ![Subgroups page](img/create_subgroup_button.png)
 
@@ -100,9 +103,7 @@ To create a subgroup:
 1. Click the **Create group** button and you will be taken to the new group's
    dashboard page.
 
----
-
-You can follow the same process to create any subsequent groups.
+Follow the same process to create any subsequent groups.
 
 ## Membership
 

doc/user/profile/index.md

@@ -8,10 +8,27 @@ experience according to the best approach to their cases.
 Your `username` is a unique [`namespace`](../group/index.md#namespaces)
 related to your user ID.
 
+### Changing your username
+
 You can change your `username` from your
-[profile settings](#profile-settings). To avoid breaking
-paths when you change your `username`, we suggest you follow
-[this procedure from the GitLab Team Handbook](https://about.gitlab.com/handbook/tools-and-tips/#how-to-change-your-username-at-gitlabcom).
+[profile settings](#profile-settings).
+
+> **Note:** If you want to retain ownership over the original namespace and
+protect the URL redirects, then instead of changing your username, you can
+create a new group and transfer projects to it.
+Alternatively, you can follow [this detailed procedure from the GitLab Team Handbook](https://about.gitlab.com/handbook/tools-and-tips/#how-to-change-your-username-at-gitlabcom).
+
+Changing your username can have unintended side effects.
+
+* Existing web URLs for the user and anything under it (i.e. projects) will
+redirect to the new URLs
+* Existing Git remote URLs for projects under the user will no longer work, but
+Git responses will show an error with the new remote URL
+* The original namespace can be claimed again by any group or user, which will
+destroy any web redirects and Git remote warnings
+
+> It is currently not possible to rename a namespace if it contains a
+project with container registry tags, because the project cannot be moved.
 
 ## User profile
 

ee/app/controllers/ee/projects/merge_requests/application_controller.rb

@@ -36,8 +36,15 @@ module EE
         def clamp_approvals_before_merge(mr_params)
           return mr_params unless mr_params[:approvals_before_merge]
 
-          target_project = @project.forked_from_project if @project.id.to_s != mr_params[:target_project_id]
-          target_project ||= @project
+          # Target the MR target project in priority, else it depends whether the project
+          # is forked.
+          target_project = if @merge_request
+                             @merge_request.target_project
+                           elsif @project.forked? && @project.id.to_s != mr_params[:target_project_id]
+                             @project.forked_from_project
+                           else
+                             @project
+                           end
 
           if mr_params[:approvals_before_merge].to_i <= target_project.approvals_before_merge
             mr_params[:approvals_before_merge] = nil

ee/app/services/ee/keys/last_used_service.rb

+module EE
+  module Keys
+    module LastUsedService
+      def update?
+        raise NotImplementedError unless defined?(super)
+
+        !::Gitlab::Geo.secondary? && super
+      end
+    end
+  end
+end

ee/app/views/shared/promotions/_promote_burndown_charts.html.haml

-- if show_promotions? && show_callout?('promote_burndown_charts_dismissed')
+- if show_project_feature_promotion?(:burndown_charts, 'promote_burndown_charts_dismissed')
   .user-callout.promotion-callout#promote_burndown_charts{ data: { uid: 'promote_burndown_charts_dismissed' } }
     .bordered-box.content-block
       %button.btn.btn-default.close.js-close-callout{ type: 'button', 'aria-label' => 'Dismiss burndown charts promotion' }

ee/app/views/shared/promotions/_promote_issue_templates.html.haml

 .help-block
   = _('Add')
-  = link_to 'description templates', 'javascript:void(0);', id: 'promotion-issue-template-link', data: {toggle: 'dropdown'}
+  = link_to 'description templates', 'javascript:void(0);', id: 'promotion-issue-template-link', data: {toggle: 'dropdown'}, tabindex: -1
   = _('to help your contributors communicate effectively!')
   .dropdown.promotion-issue-template
     .dropdown-menu.promotion-issue-template-message

lib/api/projects.rb

@@ -76,8 +76,11 @@ module API
         optional :import_url, type: String, desc: 'URL from which the project is imported'
       end
 
-      def present_projects(options = {})
-        projects = ProjectsFinder.new(current_user: current_user, params: project_finder_params).execute
+      def load_projects
+        ProjectsFinder.new(current_user: current_user, params: project_finder_params).execute
+      end
+
+      def present_projects(projects, options = {})
         projects = reorder_projects(projects)
         projects = projects.with_statistics if params[:statistics]
         projects = projects.with_issues_enabled if params[:with_issues_enabled]
@@ -117,7 +120,7 @@ module API
 
         params[:user] = user
 
-        present_projects
+        present_projects load_projects
       end
     end
 
@@ -130,7 +133,7 @@ module API
         use :statistics_params
       end
       get do
-        present_projects
+        present_projects load_projects
       end
 
       desc 'Create new project' do
@@ -235,6 +238,18 @@ module API
         end
       end
 
+      desc 'List forks of this project' do
+        success Entities::Project
+      end
+      params do
+        use :collection_params
+      end
+      get ':id/forks' do
+        forks = ForkProjectsFinder.new(user_project, params: project_finder_params, current_user: current_user).execute
+
+        present_projects forks
+      end
+
       desc 'Update an existing project' do
         success Entities::Project
       end

lib/backup/manager.rb

@@ -79,7 +79,7 @@ module Backup
             # - 1495527122_gitlab_backup.tar
             # - 1495527068_2017_05_23_gitlab_backup.tar
             # - 1495527097_2017_05_23_9.3.0-pre_gitlab_backup.tar
-            next unless file =~ /(\d+)(?:_\d{4}_\d{2}_\d{2}(_\d+\.\d+\.\d+.*)?)?_gitlab_backup\.tar$/
+            next unless file =~ /^(\d{10})(?:_\d{4}_\d{2}_\d{2}(_\d+\.\d+\.\d+((-|\.)(pre|rc\d))?)?)?_gitlab_backup\.tar$/
 
             timestamp = $1.to_i
 

lib/gitlab/gfm/reference_rewriter.rb

@@ -29,6 +29,8 @@ module Gitlab
     #  http://gitlab.com/some/link/#1234, and code `puts #1234`'
     #
     class ReferenceRewriter
+      RewriteError = Class.new(StandardError)
+
       def initialize(text, source_project, current_user)
         @text = text
         @source_project = source_project
@@ -61,6 +63,10 @@ module Gitlab
         cross_reference = build_cross_reference(referable, target_project)
         return reference if reference == cross_reference
 
+        if cross_reference.nil?
+          raise RewriteError, "Unspecified reference detected for #{referable.class.name}"
+        end
+
         new_text = before + cross_reference + after
         substitution_valid?(new_text) ? cross_reference : reference
       end

lib/gitlab/git/operation_service.rb

 module Gitlab
   module Git
     class OperationService
+      include Gitlab::Git::Popen
+
       WithBranchResult = Struct.new(:newrev, :repo_created, :branch_created) do
         alias_method :repo_created?, :repo_created
         alias_method :branch_created?, :branch_created
@@ -150,7 +152,7 @@ module Gitlab
         # (and have!) accidentally reset the ref to an earlier state, clobbering
         # commits. See also https://github.com/libgit2/libgit2/issues/1534.
         command = %W[#{Gitlab.config.git.bin_path} update-ref --stdin -z]
-        _, status = Gitlab::Popen.popen(
+        _, status = popen(
           command,
           repository.path) do |stdin|
           stdin.write("update #{ref}\x00#{newrev}\x00#{oldrev}\x00")

lib/gitlab/git/popen.rb

@@ -5,17 +5,21 @@ require 'open3'
 module Gitlab
   module Git
     module Popen
-      def popen(cmd, path)
+      def popen(cmd, path, vars = {})
         unless cmd.is_a?(Array)
           raise "System commands must be given as an array of strings"
         end
 
-        vars = { "PWD" => path }
+        path ||= Dir.pwd
+        vars['PWD'] = path
         options = { chdir: path }
 
         @cmd_output = ""
         @cmd_status = 0
         Open3.popen3(vars, *cmd, options) do |stdin, stdout, stderr, wait_thr|
+          yield(stdin) if block_given?
+          stdin.close
+
           @cmd_output << stdout.read
           @cmd_output << stderr.read
           @cmd_status = wait_thr.value.exitstatus

lib/gitlab/git/repository.rb

@@ -490,7 +490,7 @@ module Gitlab
 
             # Not found -> ["", 0]
             # Found -> ["b8d95eb4969eefacb0a58f6a28f6803f8070e7b9 commit\trefs/environments/production/77\n", 0]
-            Gitlab::Popen.popen(args, @path).first.split.last
+            popen(args, @path).first.split.last
           end
         end
       end
@@ -792,9 +792,7 @@ module Gitlab
         end
 
         command = %W[#{Gitlab.config.git.bin_path} update-ref --stdin -z]
-        message, status = Gitlab::Popen.popen(
-          command,
-          path) do |stdin|
+        message, status = popen(command, path) do |stdin|
           stdin.write(instructions.join)
         end
 

lib/gitlab/git/rev_list.rb

@@ -3,6 +3,8 @@
 module Gitlab
   module Git
     class RevList
+      include Gitlab::Git::Popen
+
       attr_reader :oldrev, :newrev, :path_to_repo
 
       def initialize(path_to_repo:, newrev:, oldrev: nil)
@@ -26,7 +28,7 @@ module Gitlab
       private
 
       def execute(args)
-        output, status = Gitlab::Popen.popen(args, nil, Gitlab::Git::Env.all.stringify_keys)
+        output, status = popen(args, nil, Gitlab::Git::Env.all.stringify_keys)
 
         unless status.zero?
           raise "Got a non-zero exit code while calling out `#{args.join(' ')}`."

spec/ee/spec/services/ee/keys/last_used_service_spec.rb

+require 'spec_helper'
+
+describe Keys::LastUsedService do
+  it 'does not run on Geo secondaries', :clean_gitlab_redis_shared_state do
+    key = create(:key, last_used_at: 1.year.ago)
+    original_time = key.last_used_at
+
+    allow(::Gitlab::Geo).to receive(:secondary?).and_return(true)
+    described_class.new(key).execute
+
+    expect(key.reload.last_used_at).to be_like_time(original_time)
+  end
+end

spec/features/user_callout_spec.rb

-require 'spec_helper'
-
-describe 'User Callouts', js: true do
-  let(:user) { create(:user) }
-  let(:another_user) { create(:user) }
-  let(:project) { create(:project, path: 'gitlab', name: 'sample') }
-
-  before do
-    sign_in(user)
-    project.team << [user, :master]
-  end
-
-  it 'takes you to the profile preferences when the link is clicked' do
-    visit dashboard_projects_path
-    click_link 'Check it out'
-    expect(current_path).to eq profile_preferences_path
-  end
-
-  it 'does not show when cookie is set' do
-    visit dashboard_projects_path
-
-    within('.user-callout') do
-      find('.close').trigger('click')
-    end
-
-    visit dashboard_projects_path
-
-    expect(page).not_to have_selector('.user-callout')
-  end
-
-  describe 'user callout should appear in two routes' do
-    it 'shows up on the user profile' do
-      visit user_path(user)
-      expect(find('.user-callout')).to have_content 'Customize your experience'
-    end
-
-    it 'shows up on the dashboard projects' do
-      visit dashboard_projects_path
-      expect(find('.user-callout')).to have_content 'Customize your experience'
-    end
-  end
-
-  it 'hides the user callout when click on the dismiss icon' do
-    visit user_path(user)
-    within('.user-callout') do
-      find('.close').click
-    end
-    expect(page).not_to have_selector('.user-callout')
-  end
-
-  it 'does not show callout on another users profile' do
-    visit user_path(another_user)
-    expect(page).not_to have_selector('.user-callout')
-  end
-end

spec/finders/fork_projects_finder_spec.rb

+require 'spec_helper'
+
+describe ForkProjectsFinder do
+  let(:source_project) { create(:project, :empty_repo) }
+  let(:private_fork) { create(:project, :private, :empty_repo, name: 'A') }
+  let(:internal_fork) { create(:project, :internal, :empty_repo, name: 'B') }
+  let(:public_fork) { create(:project, :public, :empty_repo, name: 'C') }
+
+  let(:non_member) { create(:user) }
+  let(:private_fork_member) { create(:user) }
+
+  before do
+    private_fork.add_developer(private_fork_member)
+
+    source_project.forks << private_fork
+    source_project.forks << internal_fork
+    source_project.forks << public_fork
+  end
+
+  describe '#execute' do
+    let(:finder) { described_class.new(source_project, params: {}, current_user: current_user) }
+
+    subject { finder.execute }
+
+    describe 'without a user' do
+      let(:current_user) { nil }
+
+      it { is_expected.to eq([public_fork]) }
+    end
+
+    describe 'with a user' do
+      let(:current_user) { non_member }
+
+      it { is_expected.to eq([public_fork, internal_fork]) }
+    end
+
+    describe 'with a member' do
+      let(:current_user) { private_fork_member }
+
+      it { is_expected.to eq([public_fork, internal_fork, private_fork]) }
+    end
+  end
+end

spec/javascripts/fixtures/dashboard.rb

-require 'spec_helper'
-
-describe Dashboard::ProjectsController, '(JavaScript fixtures)', type: :controller do
-  include JavaScriptFixturesHelpers
-
-  let(:admin) { create(:admin) }
-  let(:namespace) { create(:namespace, name: 'frontend-fixtures' )}
-  let(:project) { create(:project, namespace: namespace, path: 'builds-project') }
-
-  render_views
-
-  before(:all) do
-    clean_frontend_fixtures('dashboard/')
-  end
-
-  before do
-    sign_in(admin)
-  end
-
-  after do
-    remove_repository(project)
-  end
-
-  it 'dashboard/user-callout.html.raw' do |example|
-    rendered = render_template('shared/_user_callout')
-    store_frontend_fixture(rendered, example.description)
-  end
-
-  private
-
-  def render_template(template_file_name)
-    controller.prepend_view_path(JavaScriptFixturesHelpers::FIXTURE_PATH)
-    controller.render_to_string(template_file_name, layout: false)
-  end
-end

spec/javascripts/user_callout_spec.js

-import Cookies from 'js-cookie';
-import UserCallout from '~/user_callout';
-
-const USER_CALLOUT_COOKIE = 'user_callout_dismissed';
-
-describe('UserCallout', function () {
-  const fixtureName = 'dashboard/user-callout.html.raw';
-  preloadFixtures(fixtureName);
-
-  beforeEach(() => {
-    loadFixtures(fixtureName);
-    Cookies.remove(USER_CALLOUT_COOKIE);
-
-    this.userCallout = new UserCallout();
-    this.closeButton = $('.js-close-callout.close');
-    this.userCalloutBtn = $('.js-close-callout:not(.close)');
-  });
-
-  it('hides when user clicks on the dismiss-icon', (done) => {
-    this.closeButton.click();
-    expect(Cookies.get(USER_CALLOUT_COOKIE)).toBe('true');
-
-    setTimeout(() => {
-      expect(
-        document.querySelector('.user-callout'),
-      ).toBeNull();
-
-      done();
-    });
-  });
-
-  it('hides when user clicks on the "check it out" button', () => {
-    this.userCalloutBtn.click();
-    expect(Cookies.get(USER_CALLOUT_COOKIE)).toBe('true');
-  });
-
-  describe('Sets cookie with setCalloutPerProject', () => {
-    beforeEach(() => {
-      spyOn(Cookies, 'set').and.callFake(() => {});
-      document.querySelector('.user-callout').setAttribute('data-project-path', 'foo/bar');
-      this.userCallout = new UserCallout({ setCalloutPerProject: true });
-    });
-
-    it('sets a cookie when the user clicks the close button', () => {
-      this.userCalloutBtn.click();
-      expect(Cookies.set).toHaveBeenCalledWith('user_callout_dismissed', 'true', Object({ expires: 365, path: 'foo/bar' }));
-    });
-  });
-});

spec/lib/banzai/filter/milestone_reference_filter_spec.rb

@@ -296,7 +296,7 @@ describe Banzai::Filter::MilestoneReferenceFilter do
 
   context 'project milestones' do
     let(:milestone) { create(:milestone, project: project) }
-    let(:reference) { milestone.to_reference }
+    let(:reference) { milestone.to_reference(format: :iid) }
 
     include_examples 'reference parsing'
 

spec/lib/gitlab/backup/manager_spec.rb

@@ -26,6 +26,8 @@ describe Backup::Manager do
       [
         '1451606400_2016_01_01_1.2.3_gitlab_backup.tar',
         '1451520000_2015_12_31_4.5.6_gitlab_backup.tar',
+        '1451520000_2015_12_31_4.5.6-pre_gitlab_backup.tar',
+        '1451520000_2015_12_31_4.5.6-rc1_gitlab_backup.tar',
         '1451510000_2015_12_30_gitlab_backup.tar',
         '1450742400_2015_12_22_gitlab_backup.tar',
         '1449878400_gitlab_backup.tar',
@@ -57,6 +59,30 @@ describe Backup::Manager do
       end
     end
 
+    context 'when no valid file is found' do
+      let(:files) do
+        [
+          '14516064000_2016_01_01_1.2.3_gitlab_backup.tar',
+          'foo_1451520000_2015_12_31_4.5.6_gitlab_backup.tar',
+          '1451520000_2015_12_31_4.5.6-foo_gitlab_backup.tar'
+        ]
+      end
+
+      before do
+        allow(Gitlab.config.backup).to receive(:keep_time).and_return(1)
+
+        subject.remove_old
+      end
+
+      it 'removes no files' do
+        expect(FileUtils).not_to have_received(:rm)
+      end
+
+      it 'prints a done message' do
+        expect(progress).to have_received(:puts).with('done. (0 removed)')
+      end
+    end
+
     context 'when there are no files older than keep_time' do
       before do
         # Set to 30 days
@@ -84,28 +110,30 @@ describe Backup::Manager do
 
       it 'removes matching files with a human-readable versioned timestamp' do
         expect(FileUtils).to have_received(:rm).with(files[1])
-      end
-
-      it 'removes matching files with a human-readable non-versioned timestamp' do
         expect(FileUtils).to have_received(:rm).with(files[2])
         expect(FileUtils).to have_received(:rm).with(files[3])
       end
 
-      it 'removes matching files without a human-readable timestamp' do
+      it 'removes matching files with a human-readable non-versioned timestamp' do
         expect(FileUtils).to have_received(:rm).with(files[4])
         expect(FileUtils).to have_received(:rm).with(files[5])
       end
 
+      it 'removes matching files without a human-readable timestamp' do
+        expect(FileUtils).to have_received(:rm).with(files[6])
+        expect(FileUtils).to have_received(:rm).with(files[7])
+      end
+
       it 'does not remove files that are not old enough' do
         expect(FileUtils).not_to have_received(:rm).with(files[0])
       end
 
       it 'does not remove non-matching files' do
-        expect(FileUtils).not_to have_received(:rm).with(files[6])
+        expect(FileUtils).not_to have_received(:rm).with(files[8])
       end
 
       it 'prints a done message' do
-        expect(progress).to have_received(:puts).with('done. (5 removed)')
+        expect(progress).to have_received(:puts).with('done. (7 removed)')
       end
     end
 
@@ -121,14 +149,14 @@ describe Backup::Manager do
       end
 
       it 'removes the remaining expected files' do
-        expect(FileUtils).to have_received(:rm).with(files[2])
-        expect(FileUtils).to have_received(:rm).with(files[3])
         expect(FileUtils).to have_received(:rm).with(files[4])
         expect(FileUtils).to have_received(:rm).with(files[5])
+        expect(FileUtils).to have_received(:rm).with(files[6])
+        expect(FileUtils).to have_received(:rm).with(files[7])
       end
 
       it 'sets the correct removed count' do
-        expect(progress).to have_received(:puts).with('done. (4 removed)')
+        expect(progress).to have_received(:puts).with('done. (6 removed)')
       end
 
       it 'prints the error from file that could not be removed' do

spec/lib/gitlab/checks/force_push_spec.rb

@@ -5,13 +5,13 @@ describe Gitlab::Checks::ForcePush do
 
   context "exit code checking", skip_gitaly_mock: true do
     it "does not raise a runtime error if the `popen` call to git returns a zero exit code" do
-      allow(Gitlab::Popen).to receive(:popen).and_return(['normal output', 0])
+      allow_any_instance_of(Gitlab::Git::RevList).to receive(:popen).and_return(['normal output', 0])
 
       expect { described_class.force_push?(project, 'oldrev', 'newrev') }.not_to raise_error
     end
 
     it "raises a runtime error if the `popen` call to git returns a non-zero exit code" do
-      allow(Gitlab::Popen).to receive(:popen).and_return(['error', 1])
+      allow_any_instance_of(Gitlab::Git::RevList).to receive(:popen).and_return(['error', 1])
 
       expect { described_class.force_push?(project, 'oldrev', 'newrev') }.to raise_error(RuntimeError)
     end

spec/lib/gitlab/gfm/reference_rewriter_spec.rb

 require 'spec_helper'
 
 describe Gitlab::Gfm::ReferenceRewriter do
-  let(:text) { 'some text' }
-  let(:old_project) { create(:project, name: 'old-project') }
-  let(:new_project) { create(:project, name: 'new-project') }
+  let(:group) { create(:group) }
+  let(:old_project) { create(:project, name: 'old-project', group: group) }
+  let(:new_project) { create(:project, name: 'new-project', group: group) }
   let(:user) { create(:user) }
 
+  let(:old_project_ref) { old_project.to_reference(new_project) }
+  let(:text) { 'some text' }
+
   before do
     old_project.team << [user, :reporter]
   end
@@ -39,7 +42,7 @@ describe Gitlab::Gfm::ReferenceRewriter do
         it { is_expected.not_to include merge_request.to_reference(new_project) }
       end
 
-      context 'description ambigous elements' do
+      context 'rewrite ambigous references' do
         context 'url' do
           let(:url) { 'http://gitlab.com/#1' }
           let(:text) { "This references #1, but not #{url}" }
@@ -66,23 +69,21 @@ describe Gitlab::Gfm::ReferenceRewriter do
 
         context 'description with project labels' do
           let!(:label) { create(:label, id: 123, name: 'test', project: old_project) }
-          let(:project_ref) { old_project.to_reference(new_project) }
 
           context 'label referenced by id' do
             let(:text) { '#1 and ~123' }
-            it { is_expected.to eq %Q{#{project_ref}#1 and #{project_ref}~123} }
+            it { is_expected.to eq %Q{#{old_project_ref}#1 and #{old_project_ref}~123} }
           end
 
           context 'label referenced by text' do
             let(:text) { '#1 and ~"test"' }
-            it { is_expected.to eq %Q{#{project_ref}#1 and #{project_ref}~123} }
+            it { is_expected.to eq %Q{#{old_project_ref}#1 and #{old_project_ref}~123} }
           end
         end
 
         context 'description with group labels' do
           let(:old_group) { create(:group) }
           let!(:group_label) { create(:group_label, id: 321, name: 'group label', group: old_group) }
-          let(:project_ref) { old_project.to_reference(new_project) }
 
           before do
             old_project.update(namespace: old_group)
@@ -90,21 +91,53 @@ describe Gitlab::Gfm::ReferenceRewriter do
 
           context 'label referenced by id' do
             let(:text) { '#1 and ~321' }
-            it { is_expected.to eq %Q{#{project_ref}#1 and #{project_ref}~321} }
+            it { is_expected.to eq %Q{#{old_project_ref}#1 and #{old_project_ref}~321} }
           end
 
           context 'label referenced by text' do
             let(:text) { '#1 and ~"group label"' }
-            it { is_expected.to eq %Q{#{project_ref}#1 and #{project_ref}~321} }
+            it { is_expected.to eq %Q{#{old_project_ref}#1 and #{old_project_ref}~321} }
           end
         end
       end
+    end
+
+    context 'reference contains project milestone' do
+      let!(:milestone) do
+        create(:milestone, title: '9.0', project: old_project)
+      end
+
+      let(:text) { 'milestone: %"9.0"' }
+
+      it { is_expected.to eq %Q[milestone: #{old_project_ref}%"9.0"] }
+    end
+
+    context 'when referring to group milestone' do
+      let!(:milestone) do
+        create(:milestone, title: '10.0', group: group)
+      end
+
+      let(:text) { 'milestone %"10.0"' }
+
+      it { is_expected.to eq text }
+    end
+
+    context 'when referable has a nil reference' do
+      before do
+        create(:milestone, title: '9.0', project: old_project)
+
+        allow_any_instance_of(Milestone)
+          .to receive(:to_reference)
+          .and_return(nil)
+      end
 
-      context 'reference contains milestone' do
-        let(:milestone) { create(:milestone) }
-        let(:text) { "milestone ref: #{milestone.to_reference}" }
+      let(:text) { 'milestone: %"9.0"' }
 
-        it { is_expected.to eq text }
+      it 'raises an error that should be fixed' do
+        expect { subject }.to raise_error(
+          described_class::RewriteError,
+          'Unspecified reference detected for Milestone'
+        )
       end
     end
   end

spec/lib/gitlab/git/repository_spec.rb

@@ -481,7 +481,7 @@ describe Gitlab::Git::Repository, seed_helper: true do
     end
 
     it 'raises an error if it failed' do
-      expect(Gitlab::Popen).to receive(:popen).and_return(['Error', 1])
+      expect(@repo).to receive(:popen).and_return(['Error', 1])
 
       expect do
         @repo.delete_refs('refs/heads/fix')

spec/lib/gitlab/git/rev_list_spec.rb

@@ -14,7 +14,7 @@ describe Gitlab::Git::RevList do
     let(:rev_list) { described_class.new(newrev: 'newrev', path_to_repo: project.repository.path_to_repo) }
 
     it 'calls out to `popen`' do
-      expect(Gitlab::Popen).to receive(:popen).with([
+      expect(rev_list).to receive(:popen).with([
         Gitlab.config.git.bin_path,
         "--git-dir=#{project.repository.path_to_repo}",
         'rev-list',
@@ -36,7 +36,7 @@ describe Gitlab::Git::RevList do
     let(:rev_list) { described_class.new(oldrev: 'oldrev', newrev: 'newrev', path_to_repo: project.repository.path_to_repo) }
 
     it 'calls out to `popen`' do
-      expect(Gitlab::Popen).to receive(:popen).with([
+      expect(rev_list).to receive(:popen).with([
         Gitlab.config.git.bin_path,
         "--git-dir=#{project.repository.path_to_repo}",
         'rev-list',

spec/models/key_spec.rb

@@ -37,30 +37,17 @@ describe Key, :mailer do
     end
 
     describe "#update_last_used_at" do
-      let(:key) { create(:key) }
-
-      context 'when key was not updated during the last day' do
-        before do
-          allow_any_instance_of(Gitlab::ExclusiveLease).to receive(:try_obtain)
-            .and_return('000000')
-        end
-
-        it 'enqueues a UseKeyWorker job' do
-          expect(UseKeyWorker).to receive(:perform_async).with(key.id)
-          key.update_last_used_at
-        end
-      end
+      it 'updates the last used timestamp' do
+        key = build(:key)
+        service = double(:service)
+
+        expect(Keys::LastUsedService).to receive(:new)
+          .with(key)
+          .and_return(service)
 
-      context 'when key was updated during the last day' do
-        before do
-          allow_any_instance_of(Gitlab::ExclusiveLease).to receive(:try_obtain)
-            .and_return(false)
-        end
+        expect(service).to receive(:execute)
 
-        it 'does not enqueue a UseKeyWorker job' do
-          expect(UseKeyWorker).not_to receive(:perform_async)
-          key.update_last_used_at
-        end
+        key.update_last_used_at
       end
     end
   end

spec/models/milestone_spec.rb

@@ -240,7 +240,7 @@ describe Milestone do
       let(:milestone) { build_stubbed(:milestone, iid: 1, project: project, name: 'milestone') }
 
       it 'returns a String reference to the object' do
-        expect(milestone.to_reference).to eq '%1'
+        expect(milestone.to_reference).to eq '%"milestone"'
       end
 
       it 'returns a reference by name when the format is set to :name' do
@@ -248,24 +248,29 @@ describe Milestone do
       end
 
       it 'supports a cross-project reference' do
-        expect(milestone.to_reference(another_project)).to eq 'sample-project%1'
+        expect(milestone.to_reference(another_project)).to eq 'sample-project%"milestone"'
       end
     end
 
     context 'for a group milestone' do
       let(:milestone) { build_stubbed(:milestone, iid: 1, group: group, name: 'milestone') }
 
-      it 'returns nil with the default format' do
-        expect(milestone.to_reference).to be_nil
+      it 'returns a group milestone reference with a default format' do
+        expect(milestone.to_reference).to eq '%"milestone"'
       end
 
       it 'returns a reference by name when the format is set to :name' do
         expect(milestone.to_reference(format: :name)).to eq '%"milestone"'
       end
 
-      it 'does not supports cross-project references' do
+      it 'does supports cross-project references within a group' do
         expect(milestone.to_reference(another_project, format: :name)).to eq '%"milestone"'
       end
+
+      it 'raises an error when using iid format' do
+        expect { milestone.to_reference(format: :iid) }
+          .to raise_error(ArgumentError, 'Cannot refer to a group milestone by an internal id!')
+      end
     end
   end
 

spec/requests/api/projects_spec.rb

@@ -1232,6 +1232,59 @@ describe API::Projects do
         end
       end
     end
+
+    describe 'GET /projects/:id/forks' do
+      let(:private_fork) { create(:project, :private, :empty_repo) }
+      let(:member) { create(:user) }
+      let(:non_member) { create(:user) }
+
+      before do
+        private_fork.add_developer(member)
+      end
+
+      context 'for a forked project' do
+        before do
+          post api("/projects/#{private_fork.id}/fork/#{project_fork_source.id}", admin)
+          private_fork.reload
+          expect(private_fork.forked_from_project).not_to be_nil
+          expect(private_fork.forked?).to be_truthy
+          project_fork_source.reload
+          expect(project_fork_source.forks.length).to eq(1)
+          expect(project_fork_source.forks).to include(private_fork)
+        end
+
+        context 'for a user that can access the forks' do
+          it 'returns the forks' do
+            get api("/projects/#{project_fork_source.id}/forks", member)
+
+            expect(response).to have_http_status(200)
+            expect(response).to include_pagination_headers
+            expect(json_response.length).to eq(1)
+            expect(json_response[0]['name']).to eq(private_fork.name)
+          end
+        end
+
+        context 'for a user that cannot access the forks' do
+          it 'returns an empty array' do
+            get api("/projects/#{project_fork_source.id}/forks", non_member)
+
+            expect(response).to have_http_status(200)
+            expect(response).to include_pagination_headers
+            expect(json_response.length).to eq(0)
+          end
+        end
+      end
+
+      context 'for a non-forked project' do
+        it 'returns an empty array' do
+          get api("/projects/#{project_fork_source.id}/forks")
+
+          expect(response).to have_http_status(200)
+          expect(response).to include_pagination_headers
+          expect(json_response.length).to eq(0)
+        end
+      end
+    end
   end
 
   describe "POST /projects/:id/share" do

spec/services/issues/close_service_spec.rb

@@ -42,7 +42,7 @@ describe Issues::CloseService do
       service.execute(issue)
     end
 
-    it 'refreshes the number of open issues' do
+    it 'refreshes the number of open issues', :use_clean_rails_memory_store_caching do
       expect { service.execute(issue) }
         .to change { project.open_issues_count }.from(1).to(0)
     end

spec/services/issues/create_service_spec.rb

@@ -35,7 +35,7 @@ describe Issues::CreateService do
         expect(issue.due_date).to eq Date.tomorrow
       end
 
-      it 'refreshes the number of open issues' do
+      it 'refreshes the number of open issues', :use_clean_rails_memory_store_caching do
         expect { issue }.to change { project.open_issues_count }.from(0).to(1)
       end
 

spec/services/issues/update_service_spec.rb

@@ -64,6 +64,13 @@ describe Issues::UpdateService, :mailer do
         expect(issue.due_date).to eq Date.tomorrow
       end
 
+      it 'refreshes the number of open issues when the issue is made confidential', :use_clean_rails_memory_store_caching do
+        issue # make sure the issue is created first so our counts are correct.
+
+        expect { update_issue(confidential: true) }
+          .to change { project.open_issues_count }.from(1).to(0)
+      end
+
       it 'updates open issue counter for assignees when issue is reassigned' do
         update_issue(assignee_ids: [user2.id])
 

spec/services/keys/last_used_service_spec.rb

+require 'spec_helper'
+
+describe Keys::LastUsedService do
+  describe '#execute', :clean_gitlab_redis_shared_state do
+    it 'updates the key when it has not been used recently' do
+      key = create(:key, last_used_at: 1.year.ago)
+      time = Time.zone.now
+
+      Timecop.freeze(time) { described_class.new(key).execute }
+
+      expect(key.last_used_at).to eq(time)
+    end
+
+    it 'does not update the key when it has been used recently' do
+      time = 1.minute.ago
+      key = create(:key, last_used_at: time)
+
+      described_class.new(key).execute
+
+      expect(key.last_used_at).to eq(time)
+    end
+
+    it 'does not update the updated_at field' do
+      # Since a lot of these updates could happen in parallel for different keys
+      # we want these updates to be as lightweight as possible, hence we want to
+      # make sure we _only_ update last_used_at and not always updated_at.
+      key = create(:key, last_used_at: 1.year.ago)
+
+      expect { described_class.new(key).execute }.not_to change { key.updated_at }
+    end
+  end
+
+  describe '#update?', :clean_gitlab_redis_shared_state do
+    it 'returns true when no last used timestamp is present' do
+      key = build(:key, last_used_at: nil)
+      service = described_class.new(key)
+
+      expect(service.update?).to eq(true)
+    end
+
+    it 'returns true when the key needs to be updated' do
+      key = build(:key, last_used_at: 1.year.ago)
+      service = described_class.new(key)
+
+      expect(service.update?).to eq(true)
+    end
+
+    it 'returns false when a lease has already been obtained' do
+      key = build(:key, last_used_at: 1.year.ago)
+      service = described_class.new(key)
+
+      expect(service.update?).to eq(true)
+      expect(service.update?).to eq(false)
+    end
+
+    it 'returns false when the key does not yet need to be updated' do
+      key = build(:key, last_used_at: 1.minute.ago)
+      service = described_class.new(key)
+
+      expect(service.update?).to eq(false)
+    end
+  end
+end

spec/services/merge_requests/close_service_spec.rb

@@ -52,7 +52,7 @@ describe MergeRequests::CloseService do
       end
     end
 
-    it 'refreshes the number of open merge requests for a valid MR' do
+    it 'refreshes the number of open merge requests for a valid MR', :use_clean_rails_memory_store_caching do
       service = described_class.new(project, user, {})
 
       expect { service.execute(merge_request) }

spec/services/merge_requests/create_service_spec.rb

@@ -37,7 +37,7 @@ describe MergeRequests::CreateService do
         expect(service).to have_received(:execute_hooks).with(merge_request)
       end
 
-      it 'refreshes the number of open merge requests' do
+      it 'refreshes the number of open merge requests', :use_clean_rails_memory_store_caching do
         expect { service.execute }
           .to change { project.open_merge_requests_count }.from(0).to(1)
       end

spec/services/projects/count_service_spec.rb

@@ -66,8 +66,8 @@ describe Projects::CountService do
 
   describe '#cache_key' do
     it 'returns the cache key as an Array' do
-      allow(service).to receive(:cache_key_name).and_return('count_service')
-      expect(service.cache_key).to eq(['projects', 1, 'count_service'])
+      allow(service).to receive(:cache_key_name).and_return('foo')
+      expect(service.cache_key).to eq(['projects', 'count_service', described_class::VERSION, 1, 'foo'])
     end
   end
 end

spec/services/system_note_service_spec.rb

@@ -232,7 +232,9 @@ describe SystemNoteService do
 
       context 'when milestone added' do
         it 'sets the note text' do
-          expect(subject.note).to eq "changed milestone to #{milestone.to_reference}"
+          reference = milestone.to_reference(format: :iid)
+
+          expect(subject.note).to eq "changed milestone to #{reference}"
         end
       end
 

spec/workers/use_key_worker_spec.rb

-require 'spec_helper'
-
-describe UseKeyWorker do
-  describe "#perform" do
-    it "updates the key's last_used_at attribute to the current time when it exists" do
-      worker = described_class.new
-      key = create(:key)
-      current_time = Time.zone.now
-
-      Timecop.freeze(current_time) do
-        expect { worker.perform(key.id) }
-          .to change { key.reload.last_used_at }.from(nil).to be_like_time(current_time)
-      end
-    end
-
-    it "returns false and skips the job when the key doesn't exist" do
-      worker = described_class.new
-      key = create(:key)
-
-      expect(worker.perform(key.id + 1)).to eq false
-    end
-  end
-end

vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml

@@ -271,10 +271,6 @@ production:
       --version="$CI_PIPELINE_ID-$CI_JOB_ID" \
       "$name" \
       chart/
-
-    if [[ "$track" == "stable" ]]; then
-      kubectl rollout status -n "$KUBE_NAMESPACE" -w "deployment/${CI_ENVIRONMENT_SLUG}-auto-deploy"
-    fi
   }
 
   function install_dependencies() {