Merge branch '8-8-stable' of gitlab.com:gitlab-org/gitlab-ce into 8-8-stable-ee

.rubocop.yml

@@ -21,6 +21,7 @@ AllCops:
     - 'lib/email_validator.rb'
     - 'lib/gitlab/upgrader.rb'
     - 'lib/gitlab/seeder.rb'
+    - 'lib/templates/**/*'
 
 
 ##################### Style ##################################
@@ -531,7 +532,7 @@ Style/SpaceAroundKeyword:
 
 # Use a single space around operators.
 Style/SpaceAroundOperators:
-  Enabled: false
+  Enabled: true
 
 # Checks that the left block brace has or doesn't have space before it.
 Style/SpaceBeforeBlockBraces:

CHANGELOG

@@ -5,50 +5,69 @@ v 8.8.0 (unreleased)
   - Fix error when using link to uploads in global snippets
   - Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
   - Use a case-insensitive comparison in sanitizing URI schemes
+  - Toggle sign-up confirmation emails in application settings
   - Project#open_branches has been cleaned up and no longer loads entire records into memory.
   - Escape HTML in commit titles in system note messages
   - Improve multiple branch push performance by memoizing permission checking
   - Log to application.log when an admin starts and stops impersonating a user
+  - Changing the confidentiality of an issue now creates a new system note (Alex Moore-Niemi)
   - Updated gitlab_git to 10.1.0
   - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
   - Reduce delay in destroying a project from 1-minute to immediately
   - Make build status canceled if any of the jobs was canceled and none failed
   - Upgrade Sidekiq to 4.1.2
   - Added /health_check endpoint for checking service status
+  - Make 'upcoming' filter for milestones work better across projects
   - Sanitize repo paths in new project error message
   - Bump mail_room to 0.7.0 to fix stuck IDLE connections
   - Remove future dates from contribution calendar graph.
   - Support e-mail notifications for comments on project snippets
+  - Fix API leak of notes of unauthorized issues, snippets and merge requests
   - Use ActionDispatch Remote IP for Akismet checking
   - Fix error when visiting commit builds page before build was updated
   - Add 'l' shortcut to open Label dropdown on issuables and 'i' to create new issue on a project
   - Update SVG sanitizer to conform to SVG 1.1
   - Speed up push emails with multiple recipients by only generating the email once
   - Updated search UI
+  - Added authentication service for Container Registry
   - Display informative message when new milestone is created
   - Sanitize milestones and labels titles
   - Support multi-line tag messages. !3833 (Calin Seciu)
+  - Force users to reset their password after an admin changes it
   - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
   - Added button to toggle whitespaces changes on diff view
   - Backport GitHub Enterprise import support from EE
   - Create tags using Rugged for performance reasons. !3745
   - API: Expose Issue#user_notes_count. !3126 (Anton Popov)
   - Don't show forks button when user can't view forks
+  - Fix atom feed links and rendering
   - Files over 5MB can only be viewed in their raw form, files over 1MB without highlighting !3718
   - Add support for supressing text diffs using .gitattributes on the default branch (Matt Oakes)
   - Add eager load paths to help prevent dependency load issues in Sidekiq workers. !3724
   - Added multiple colors for labels in dropdowns when dups happen.
-  - Always group commits by server timezone, not commit timestamp
+  - Show commits in the same order as `git log`
   - Improve description for the Two-factor Authentication sign-in screen. (Connor Shea)
   - API support for the 'since' and 'until' operators on commit requests (Paco Guzman)
   - Fix Gravatar hint in user profile when Gravatar is disabled. !3988 (Artem Sidorenko)
   - Expire repository exists? and has_visible_content? caches after a push if necessary
-  - Fix unintentional filtering bug in issues sorted by milestone due (Takuya Noguchi)
+  - Fix unintentional filtering bug in Issue/MR sorted by milestone due (Takuya Noguchi)
   - Fix adding a todo for private group members (Ahmad Sherif)
   - Bump ace-rails-ap gem version from 2.0.1 to 4.0.2 which upgrades Ace Editor from 1.1.2 to 1.2.3
   - Total method execution timings are no longer tracked
   - Allow Admins to remove the Login with buttons for OAuth services and still be able to import !4034. (Andrei Gliga)
   - Add API endpoints for un/subscribing from/to a label. !4051 (Ahmad Sherif)
+  - Hide left sidebar on phone screens to give more space for content
+  - Redesign navigation for profile and group pages
+  - Add counter metrics for rails cache
+  - Import pull requests from GitHub where the source or target branches were removed
+  - All Grape API helpers are now instrumented
+  - Improve Issue formatting for the Slack Service (Jeroen van Baarsen)
+  - Fixed advice on invalid permissions on upload path !2948 (Ludovic Perrine)
+
+v 8.7.6
+  - Fix links on wiki pages for relative url setups. !4131 (Artem Sidorenko)
+  - Fix import from GitLab.com to a private instance failure. !4181
+  - Fix external imports not finding the import data. !4106
 
 v 8.7.5
   - Fix relative links in wiki pages. !4050
@@ -70,6 +89,7 @@ v 8.7.3
   - Merge request widget displays TeamCity build state and code coverage correctly again.
   - Fix the line code when importing PR review comments from GitHub. !4010
   - Wikis are now initialized on legacy projects when checking repositories
+  - Remove animate.css in favor of a smaller subset of animations. !3937 (Connor Shea)
 
 v 8.7.2
   - The "New Branch" button is now loaded asynchronously
@@ -905,7 +925,7 @@ v 8.1.3
   - Use issue editor as cross reference comment author when issue is edited with a new mention
   - Add Facebook authentication
 
-v 8.1.2
+v 8.1.1
   - Fix cloning Wiki repositories via HTTP (Stan Hu)
   - Add migration to remove satellites directory
   - Fix specific runners visibility
@@ -1530,20 +1550,17 @@ v 7.10.0
   - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller)
   - Fix merge request comments on files with multiple commits
   - Fix Resource Owner Password Authentication Flow
-
-v 7.9.4
-  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
-  - Fixed issue where only 25 commits would load in file listings
-  - Fix LDAP identities  after config update
-
-v 7.9.3
-  - Contains no changes
   - Add icons to Add dropdown items.
   - Allow admin to create public deploy keys that are accessible to any project.
   - Warn when gitlab-shell version doesn't match requirement.
   - Skip email confirmation when set by admin or via LDAP.
   - Only allow users to reference groups, projects, issues, MRs, commits they have access to.
 
+v 7.9.4
+  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
+  - Fixed issue where only 25 commits would load in file listings
+  - Fix LDAP identities  after config update
+
 v 7.9.3
   - Contains no changes
 

Gemfile

@@ -37,6 +37,7 @@ gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
 gem 'gssapi', group: :kerberos
 gem 'rack-oauth2',            '~> 1.2.1'
+gem 'jwt'
 
 # Spam and anti-bot protection
 gem 'recaptcha', require: 'recaptcha/rails'
@@ -234,7 +235,9 @@ gem 'request_store',      '~> 1.3.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
 gem 'net-ssh',            '~> 3.0.1'
+gem 'base32',             '~> 0.3.0'
 gem "gitlab-license", "~> 0.0.4"
+
 # Sentry integration
 gem 'sentry-raven', '~> 0.15'
 
@@ -333,7 +336,6 @@ gem "mail_room", "~> 0.7"
 gem 'email_reply_parser', '~> 0.5.8'
 
 ## CI
-gem 'activerecord-deprecated_finders', '~> 1.0.3'
 gem 'activerecord-session_store', '~> 0.1.0'
 gem "nested_form", '~> 0.3.2'
 

Gemfile.lock

@@ -33,7 +33,6 @@ GEM
       activemodel (= 4.2.6)
       activesupport (= 4.2.6)
       arel (~> 6.0)
-    activerecord-deprecated_finders (1.0.4)
     activerecord-session_store (0.1.2)
       actionpack (>= 4.0.0, < 5)
       activerecord (>= 4.0.0, < 5)
@@ -71,6 +70,7 @@ GEM
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
     babosa (1.0.2)
+    base32 (0.3.2)
     bcrypt (3.1.10)
     benchmark-ips (2.3.0)
     better_errors (1.0.1)
@@ -910,7 +910,6 @@ PLATFORMS
 DEPENDENCIES
   RedCloth (~> 4.2.9)
   ace-rails-ap (~> 4.0.2)
-  activerecord-deprecated_finders (~> 1.0.3)
   activerecord-session_store (~> 0.1.0)
   acts-as-taggable-on (~> 3.4)
   addressable (~> 2.3.8)
@@ -922,6 +921,7 @@ DEPENDENCIES
   attr_encrypted (~> 1.3.4)
   awesome_print (~> 1.2.0)
   babosa (~> 1.0.2)
+  base32 (~> 0.3.0)
   benchmark-ips
   better_errors (~> 1.0.1)
   binding_of_caller (~> 0.7.2)
@@ -988,6 +988,7 @@ DEPENDENCIES
   jquery-rails (~> 4.1.0)
   jquery-turbolinks (~> 2.1.0)
   jquery-ui-rails (~> 5.0.0)
+  jwt
   kaminari (~> 0.16.3)
   letter_opener_web (~> 1.3.0)
   licensee (~> 8.0.0)

app/assets/javascripts/notes.js.coffee

@@ -285,6 +285,7 @@ class @Notes
     form.addClass "js-main-target-form"
 
     form.find("#note_line_code").remove()
+    form.find("#note_type").remove()
 
   ###
   General note form setup.
@@ -472,6 +473,7 @@ class @Notes
   setupDiscussionNoteForm: (dataHolder, form) =>
     # setup note target
     form.attr 'id', "new-discussion-note-form-#{dataHolder.data("discussionId")}"
+    form.find("#note_type").val dataHolder.data("noteType")
     form.find("#line_type").val dataHolder.data("lineType")
     form.find("#note_commit_id").val dataHolder.data("commitId")
     form.find("#note_line_code").val dataHolder.data("lineCode")

app/assets/stylesheets/application.scss

@@ -10,7 +10,6 @@
  *= require dropzone/basic
  *= require cal-heatmap
  *= require cropper.css
- *= require animate
 */
 
 /*

app/assets/stylesheets/framework.scss

@@ -5,6 +5,7 @@
 @import 'framework/tw_bootstrap';
 @import "framework/layout";
 
+@import "framework/animations.scss";
 @import "framework/avatar.scss";
 @import "framework/blocks.scss";
 @import "framework/buttons.scss";

app/assets/stylesheets/framework/animations.scss

+// This file is based off animate.css 3.5.1, available here:
+// https://github.com/daneden/animate.css/blob/3.5.1/animate.css
+// 
+// animate.css - http://daneden.me/animate
+// Version - 3.5.1
+// Licensed under the MIT license - http://opensource.org/licenses/MIT
+// 
+// Copyright (c) 2016 Daniel Eden
+
+.animated {
+  -webkit-animation-duration: 1s;
+  animation-duration: 1s;
+  -webkit-animation-fill-mode: both;
+  animation-fill-mode: both;
+}
+
+.animated.infinite {
+  -webkit-animation-iteration-count: infinite;
+  animation-iteration-count: infinite;
+}
+
+.animated.hinge {
+  -webkit-animation-duration: 2s;
+  animation-duration: 2s;
+}
+
+.animated.flipOutX,
+.animated.flipOutY,
+.animated.bounceIn,
+.animated.bounceOut {
+  -webkit-animation-duration: .75s;
+  animation-duration: .75s;
+}
+
+@-webkit-keyframes pulse {
+  from {
+    -webkit-transform: scale3d(1, 1, 1);
+    transform: scale3d(1, 1, 1);
+  }
+
+  50% {
+    -webkit-transform: scale3d(1.05, 1.05, 1.05);
+    transform: scale3d(1.05, 1.05, 1.05);
+  }
+
+  to {
+    -webkit-transform: scale3d(1, 1, 1);
+    transform: scale3d(1, 1, 1);
+  }
+}
+
+@keyframes pulse {
+  from {
+    -webkit-transform: scale3d(1, 1, 1);
+    transform: scale3d(1, 1, 1);
+  }
+
+  50% {
+    -webkit-transform: scale3d(1.05, 1.05, 1.05);
+    transform: scale3d(1.05, 1.05, 1.05);
+  }
+
+  to {
+    -webkit-transform: scale3d(1, 1, 1);
+    transform: scale3d(1, 1, 1);
+  }
+}
+
+.pulse {
+  -webkit-animation-name: pulse;
+  animation-name: pulse;
+}

app/assets/stylesheets/framework/common.scss

@@ -293,7 +293,7 @@ table {
   text-shadow: none;
 
   @media (min-width: $screen-sm-min) {
-    margin-top: 11px;
+    margin-top: 8px;
   }
 }
 

app/assets/stylesheets/framework/gitlab-theme.scss

@@ -9,8 +9,7 @@
 @mixin gitlab-theme($color-light, $color, $color-darker, $color-dark) {
   .page-with-sidebar {
     .header-logo {
-      background-color: $color;
-      border-color: $color;
+      background: $color-darker;
 
       a {
         color: $color-light;
@@ -21,7 +20,7 @@
       }
 
       &:hover {
-        background-color: $color-darker;
+        background-color: $color-dark;
         a {
           color: #fff;
 
@@ -91,8 +90,8 @@
 }
 
 $theme-blue: #2980b9;
-$theme-charcoal: #333c47;
-$theme-graphite: #888;
+$theme-charcoal: #3d454d;
+$theme-graphite: #666;
 $theme-gray: #373737;
 $theme-green: #019875;
 $theme-violet: #548;
@@ -103,11 +102,11 @@ body {
   }
 
   &.ui_charcoal {
-    @include gitlab-theme(#c5d0de, $theme-charcoal, #2b333d, #24272d);
+    @include gitlab-theme(#d6d7d9, #485157, $theme-charcoal, #353b41);
   }
 
   &.ui_graphite {
-    @include gitlab-theme(#ccc, $theme-graphite, #777, #666);
+    @include gitlab-theme(#ccc, #777, $theme-graphite, #555);
   }
 
   &.ui_gray {

app/assets/stylesheets/framework/header.scss

@@ -6,12 +6,12 @@ header {
   transition-duration: .3s;
 
   &.navbar-empty {
-    height: 58px;
+    height: $header-height;
     background: #fff;
     border-bottom: 1px solid $btn-gray-hover;
 
     .center-logo {
-      margin: 11px 0;
+      margin: 8px 0;
       text-align: center;
 
       #tanuki-logo, img {

app/assets/stylesheets/framework/nav.scss

@@ -209,6 +209,15 @@
     float: right;
     padding: 7px 0 0;
 
+    @media (max-width: $screen-xs-min) {
+      float: none;
+      padding: 0 9px;
+
+      .dropdown-new {
+        width: 100%;
+      }
+    }
+
     i {
       color: $layout-link-gray;
     }
@@ -225,6 +234,10 @@
 
     .dropdown {
       margin-left: 7px;
+
+      @media (max-width: $screen-xs-min) {
+        margin-left: 0;
+      }
     }
   }
 
@@ -260,4 +273,10 @@
 
 .page-with-layout-nav {
   margin-top: 50px;
+
+  &.controls-dropdown-visible {
+    @media (max-width: $screen-xs-min) {
+      margin-top: 96px;
+    }
+  }
 }

app/assets/stylesheets/framework/sidebar.scss

@@ -312,7 +312,7 @@
     }
 
     .nav-sidebar li a {
-      width: 230px;
+      width: $sidebar_width;
 
       &.back-link {
         i {

app/assets/stylesheets/framework/variables.scss

@@ -2,7 +2,7 @@
  * Layout
  */
 $sidebar_collapsed_width: 62px;
-$sidebar_width: 230px;
+$sidebar_width: 220px;
 $gutter_collapsed_width: 62px;
 $gutter_width: 290px;
 $gutter_inner_width: 258px;
@@ -12,7 +12,7 @@ $gutter_inner_width: 258px;
  */
 $border-color:       #e5e5e5;
 $focus-border-color: #3aabf0;
-$table-border-color: #ececec;
+$table-border-color: #f0f0f0;
 $background-color:   #fafafa;
 
 /*

app/assets/stylesheets/framework/zen.scss

@@ -32,7 +32,7 @@
   }
 }
 
-.zen-cotrol {
+.zen-control {
   padding: 0;
   color: #555;
   background: none;

app/assets/stylesheets/pages/issuable.scss

@@ -125,7 +125,7 @@
 
 .right-sidebar {
   position: fixed;
-  top: 58px;
+  top: $header-height;
   bottom: 0;
   right: 0;
   z-index: 10;

app/assets/stylesheets/pages/notes.scss

@@ -226,8 +226,7 @@ ul.notes {
   }
 }
 
-.note-action-button,
-.discussion-action-button {
+.note-action-button {
   display: inline-block;
   margin-left: 10px;
   line-height: 24px;

app/assets/stylesheets/pages/projects.scss

@@ -7,7 +7,7 @@
 }
 .no-ssh-key-message, .project-limit-message {
   background-color: #f28d35;
-  margin-bottom: 16px;
+  margin-bottom: 0;
 }
 .new_project,
 .edit_project {

app/controllers/admin/abuse_reports_controller.rb

@@ -9,6 +9,6 @@ class Admin::AbuseReportsController < Admin::ApplicationController
     abuse_report.remove_user(deleted_by: current_user) if params[:remove_user]
     abuse_report.destroy
 
-    render nothing: true
+    head :ok
   end
 end

app/controllers/admin/application_settings_controller.rb

@@ -108,6 +108,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :email_author_in_body,
       :repository_checks_enabled,
       :metrics_packet_size,
+      :send_user_confirmation_email,
       restricted_visibility_levels: [],
       import_sources: [],
       disabled_oauth_sign_in_sources: []

app/controllers/admin/broadcast_messages_controller.rb

@@ -32,7 +32,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
 
     respond_to do |format|
       format.html { redirect_back_or_default(default: { action: 'index' }) }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/admin/keys_controller.rb

@@ -6,7 +6,7 @@ class Admin::KeysController < Admin::ApplicationController
 
     respond_to do |format|
       format.html
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/admin/spam_logs_controller.rb

@@ -11,7 +11,7 @@ class Admin::SpamLogsController < Admin::ApplicationController
       redirect_to admin_spam_logs_path, notice: "User #{spam_log.user.username} was successfully removed."
     else
       spam_log.destroy
-      render nothing: true
+      head :ok
     end
   end
 end

app/controllers/admin/users_controller.rb

@@ -119,6 +119,7 @@ class Admin::UsersController < Admin::ApplicationController
       user_params_with_pass.merge!(
         password: params[:user][:password],
         password_confirmation: params[:user][:password_confirmation],
+        password_expires_at: Time.now
       )
     end
 
@@ -153,7 +154,7 @@ class Admin::UsersController < Admin::ApplicationController
 
     respond_to do |format|
       format.html { redirect_back_or_admin_user(notice: "Successfully removed email.") }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/concerns/toggle_subscription_action.rb

@@ -6,7 +6,7 @@ module ToggleSubscriptionAction
 
     subscribable_resource.toggle_subscription(current_user)
 
-    render nothing: true
+    head :ok
   end
 
   private

app/controllers/dashboard/todos_controller.rb

@@ -12,7 +12,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to dashboard_todos_path, notice: todo_notice }
-      format.js { render nothing: true }
+      format.js { head :ok }
       format.json do
         render json: { count: @todos.size, done_count: current_user.todos.done.count }
       end
@@ -24,7 +24,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to dashboard_todos_path, notice: 'All todos were marked as done.' }
-      format.js { render nothing: true }
+      format.js { head :ok }
       format.json do
         find_todos
         render json: { count: @todos.size, done_count: current_user.todos.done.count }

app/controllers/groups/group_members_controller.rb

@@ -53,7 +53,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/jwt_controller.rb

+class JwtController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_before_action :verify_authenticity_token
+  before_action :authenticate_project_or_user
+
+  SERVICES = {
+    Auth::ContainerRegistryAuthenticationService::AUDIENCE => Auth::ContainerRegistryAuthenticationService,
+  }
+
+  def auth
+    service = SERVICES[params[:service]]
+    return head :not_found unless service
+
+    result = service.new(@project, @user, auth_params).execute
+
+    render json: result, status: result[:http_status]
+  end
+
+  private
+
+  def authenticate_project_or_user
+    authenticate_with_http_basic do |login, password|
+      # if it's possible we first try to authenticate project with login and password
+      @project = authenticate_project(login, password)
+      return if @project
+
+      @user = authenticate_user(login, password)
+      return if @user
+
+      render_403
+    end
+  end
+
+  def auth_params
+    params.permit(:service, :scope, :offline_token, :account, :client_id)
+  end
+
+  def authenticate_project(login, password)
+    if login == 'gitlab_ci_token'
+      Project.find_by(builds_enabled: true, runners_token: password)
+    end
+  end
+
+  def authenticate_user(login, password)
+    # TODO: this is a copy and paste from grack_auth,
+    # it should be refactored in the future
+
+    user = Gitlab::Auth.new.find(login, password)
+
+    # If the user authenticated successfully, we reset the auth failure count
+    # from Rack::Attack for that IP. A client may attempt to authenticate
+    # with a username and blank password first, and only after it receives
+    # a 401 error does it present a password. Resetting the count prevents
+    # false positives from occurring.
+    #
+    # Otherwise, we let Rack::Attack know there was a failed authentication
+    # attempt from this IP. This information is stored in the Rails cache
+    # (Redis) and will be used by the Rack::Attack middleware to decide
+    # whether to block requests from this IP.
+    config = Gitlab.config.rack_attack.git_basic_auth
+
+    if config.enabled
+      if user
+        # A successful login will reset the auth failure count from this IP
+        Rack::Attack::Allow2Ban.reset(request.ip, config)
+      else
+        banned = Rack::Attack::Allow2Ban.filter(request.ip, config) do
+          # Unless the IP is whitelisted, return true so that Allow2Ban
+          # increments the counter (stored in Rails.cache) for the IP
+          if config.ip_whitelist.include?(request.ip)
+            false
+          else
+            true
+          end
+        end
+
+        if banned
+          Rails.logger.info "IP #{request.ip} failed to login " \
+              "as #{login} but has been temporarily banned from Git auth"
+          return
+        end
+      end
+    end
+
+    user
+  end
+end

app/controllers/profiles/emails_controller.rb

@@ -24,7 +24,7 @@ class Profiles::EmailsController < Profiles::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to profile_emails_url }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/profiles/keys_controller.rb

@@ -32,7 +32,7 @@ class Profiles::KeysController < Profiles::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to profile_keys_url }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/projects/commit_controller.rb

@@ -17,11 +17,11 @@ class Projects::CommitController < Projects::ApplicationController
   def show
     apply_diff_view_cookie!
 
-    @line_notes = commit.notes.inline
+    @grouped_diff_notes = commit.notes.grouped_diff_notes
+
     @note = @project.build_commit_note(commit)
-    @notes = commit.notes.not_inline.fresh
+    @notes = commit.notes.non_diff_notes.fresh
     @noteable = @commit
-    @comments_allowed = @reply_allowed = true
     @comments_target = {
       noteable_type: 'Commit',
       commit_id: @commit.id

app/controllers/projects/compare_controller.rb

@@ -22,7 +22,8 @@ class Projects::CompareController < Projects::ApplicationController
       @base_commit = @project.merge_base_commit(@base_ref, @head_ref)
       @diffs = compare.diffs(diff_options)
       @diff_refs = [@base_commit, @commit]
-      @line_notes = []
+      @diff_notes_disabled = true
+      @grouped_diff_notes = {}
     end
   end
 

app/controllers/projects/container_registry_controller.rb

+class Projects::ContainerRegistryController < Projects::ApplicationController
+  before_action :verify_registry_enabled
+  before_action :authorize_read_container_image!
+  before_action :authorize_update_container_image!, only: [:destroy]
+  layout 'project'
+
+  def index
+    @tags = container_registry_repository.tags
+  end
+
+  def destroy
+    url = namespace_project_container_registry_index_path(project.namespace, project)
+
+    if tag.delete
+      redirect_to url
+    else
+      redirect_to url, alert: 'Failed to remove tag'
+    end
+  end
+
+  private
+
+  def verify_registry_enabled
+    render_404 unless Gitlab.config.registry.enabled
+  end
+
+  def container_registry_repository
+    @container_registry_repository ||= project.container_registry_repository
+  end
+
+  def tag
+    @tag ||= container_registry_repository.tag(params[:id])
+  end
+end

app/controllers/projects/imports_controller.rb

@@ -18,6 +18,7 @@ class Projects::ImportsController < Projects::ApplicationController
         @project.import_retry
       else
         @project.import_start
+        @project.add_import_job
       end
     end
 

app/controllers/projects/merge_requests_controller.rb

@@ -74,12 +74,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     # but we need it for the "View file @ ..." link by deleted files
     @base_commit ||= @merge_request.first_commit.parent || @merge_request.first_commit
 
-    @comments_allowed = @reply_allowed = true
     @comments_target = {
       noteable_type: 'MergeRequest',
       noteable_id: @merge_request.id
     }
-    @line_notes = @merge_request.notes.where("line_code is not null")
+
+    @grouped_diff_notes = @merge_request.notes.grouped_diff_notes
 
     respond_to do |format|
       format.html
@@ -118,6 +118,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     @commit = @merge_request.last_commit
     @base_commit = @merge_request.diff_base_commit
     @diffs = @merge_request.compare.diffs(diff_options) if @merge_request.compare
+    @diff_notes_disabled = true
 
     @ci_commit = @merge_request.ci_commit
     @statuses = @ci_commit.statuses if @ci_commit
@@ -333,7 +334,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
     @notes = @merge_request.mr_and_commit_notes.nonawards.inc_author.fresh
-    @discussions = Note.discussions_from_notes(@notes)
+    @discussions = @notes.discussions
     @noteable = @merge_request
 
     # Get commits from repository

app/controllers/projects/milestones_controller.rb

@@ -75,7 +75,7 @@ class Projects::MilestonesController < Projects::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to namespace_project_milestones_path }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/projects/notes_controller.rb

@@ -43,7 +43,7 @@ class Projects::NotesController < Projects::ApplicationController
     end
 
     respond_to do |format|
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -52,7 +52,7 @@ class Projects::NotesController < Projects::ApplicationController
     note.update_attribute(:attachment, nil)
 
     respond_to do |format|
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -96,7 +96,7 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def note_to_discussion_html(note)
-    return unless note.for_diff_line?
+    return unless note.diff_note?
 
     if params[:view] == 'parallel'
       template = "projects/notes/_diff_notes_with_reply_parallel"
@@ -120,7 +120,7 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def note_to_discussion_with_diff_html(note)
-    return unless note.for_diff_line?
+    return unless note.diff_note?
 
     render_to_string(
       "projects/notes/_discussion",
@@ -158,7 +158,7 @@ class Projects::NotesController < Projects::ApplicationController
   def note_params
     params.require(:note).permit(
       :note, :noteable, :noteable_id, :noteable_type, :project_id,
-      :attachment, :line_code, :commit_id
+      :attachment, :line_code, :commit_id, :type
     )
   end
 

app/controllers/projects/project_members_controller.rb

@@ -66,7 +66,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
       format.html do
         redirect_to namespace_project_project_members_path(@project.namespace, @project)
       end
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -94,7 +94,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
       respond_to do |format|
         format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
-        format.js { render nothing: true }
+        format.js { head :ok }
       end
     else
       if current_user == @project.owner

app/controllers/projects/protected_branches_controller.rb

@@ -39,7 +39,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to namespace_project_protected_branches_path }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 

app/controllers/projects/variables_controller.rb

@@ -3,20 +3,44 @@ class Projects::VariablesController < Projects::ApplicationController
 
   layout 'project_settings'
 
+  def index
+    @variable = Ci::Variable.new
+  end
+
   def show
+    @variable = @project.variables.find(params[:id])
   end
 
   def update
-    if project.update_attributes(project_params)
+    @variable = @project.variables.find(params[:id])
+
+    if @variable.update_attributes(project_params)
+      redirect_to namespace_project_variables_path(project.namespace, project), notice: 'Variable was successfully updated.'
+    else
+      render action: "show"
+    end
+  end
+
+  def create
+    @variable = Ci::Variable.new(project_params)
+
+    if @variable.valid? && @project.variables << @variable
       redirect_to namespace_project_variables_path(project.namespace, project), notice: 'Variables were successfully updated.'
     else
-      render action: 'show'
+      render action: "index"
+    end
   end
+
+  def destroy
+    @key = @project.variables.find(params[:id])
+    @key.destroy
+
+    redirect_to namespace_project_variables_path(project.namespace, project), notice: 'Variable was successfully removed.'
   end
 
   private
 
   def project_params
-    params.require(:project).permit({ variables_attributes: [:id, :key, :value, :_destroy] })
+    params.require(:variable).permit([:id, :key, :value, :_destroy])
   end
 end

app/controllers/projects_controller.rb

@@ -236,7 +236,8 @@ class ProjectsController < Projects::ApplicationController
   def project_params
     params.require(:project).permit(
       :name, :path, :description, :issues_tracker, :tag_list, :runners_token,
-      :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
+      :issues_enabled, :merge_requests_enabled, :snippets_enabled, :container_registry_enabled,
+      :issues_tracker_id, :default_branch,
       :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
       :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
       :public_builds,

app/controllers/registrations_controller.rb

@@ -37,8 +37,8 @@ class RegistrationsController < Devise::RegistrationsController
     super
   end
 
-  def after_sign_up_path_for(_resource)
-    users_almost_there_path
+  def after_sign_up_path_for(user)
+    user.confirmed_at.present? ? dashboard_projects_path : users_almost_there_path
   end
 
   def after_inactive_sign_up_path_for(_resource)

app/finders/issuable_finder.rb

@@ -253,8 +253,8 @@ class IssuableFinder
       if filter_by_no_milestone?
         items = items.where(milestone_id: [-1, nil])
       elsif filter_by_upcoming_milestone?
-        upcoming = Milestone.where(project_id: projects).upcoming
-        items = items.joins(:milestone).where(milestones: { title: upcoming.try(:title) })
+        upcoming_ids = Milestone.upcoming_ids_by_projects(projects)
+        items = items.joins(:milestone).where(milestone_id: upcoming_ids)
       else
         items = items.joins(:milestone).where(milestones: { title: params[:milestone_title] })
 

app/finders/notes_finder.rb

@@ -10,7 +10,7 @@ class NotesFinder
     notes =
       case target_type
       when "commit"
-        project.notes.for_commit_id(target_id).not_inline
+        project.notes.for_commit_id(target_id).non_diff_notes
       when "issue"
         project.issues.find(target_id).notes.nonawards.inc_author
       when "merge_request"

app/helpers/diff_helper.rb

@@ -55,22 +55,18 @@ module DiffHelper
     end
   end
 
-  def line_comments
-    @line_comments ||= @line_notes.select(&:active?).sort_by(&:created_at).group_by(&:line_code)
-  end
-
-  def organize_comments(type_left, type_right, line_code_left, line_code_right)
-    comments_left = comments_right = nil
+  def organize_comments(left, right)
+    notes_left = notes_right = nil
 
-    unless type_left.nil? && type_right == 'new'
-      comments_left = line_comments[line_code_left]
+    unless left[:type].nil? && right[:type] == 'new'
+      notes_left = @grouped_diff_notes[left[:line_code]]
     end
 
-    unless type_left.nil? && type_right.nil?
-      comments_right = line_comments[line_code_right]
+    unless left[:type].nil? && right[:type].nil?
+      notes_right = @grouped_diff_notes[right[:line_code]]
     end
 
-    [comments_left, comments_right]
+    [notes_left, notes_right]
   end
 
   def inline_diff_btn
@@ -96,8 +92,8 @@ module DiffHelper
     ].join(' ').html_safe
   end
 
-  def commit_for_diff(diff)
-    if diff.deleted_file
+  def commit_for_diff(diff_file)
+    if diff_file.deleted_file
       @base_commit || @commit.parent || @commit
     else
       @commit

app/helpers/events_helper.rb

@@ -3,7 +3,7 @@ module EventsHelper
     author = event.author
 
     if author
-      link_to author.name, user_path(author.username), title: h(author.name)
+      link_to author.name, user_path(author.username), title: author.name
     else
       event.author_name
     end
@@ -57,11 +57,7 @@ module EventsHelper
       words << event.ref_name
       words << "at"
     elsif event.commented?
-      if event.note_commit?
-        words << event.note_short_commit_id
-      else
-        words << "##{truncate event.note_target_iid}"
-      end
+      words << event.note_target_reference
       words << "at"
     elsif event.milestone?
       words << "##{event.target_iid}" if event.target_iid
@@ -84,22 +80,13 @@ module EventsHelper
     elsif event.merge_request?
       namespace_project_merge_request_url(event.project.namespace,
                                           event.project, event.merge_request)
-    elsif event.note? && event.note_commit?
+    elsif event.note? && event.commit_note?
       namespace_project_commit_url(event.project.namespace, event.project,
                                    event.note_target)
     elsif event.note?
       if event.note_target
-        if event.note_commit?
-          namespace_project_commit_path(event.project.namespace, event.project,
-                                        event.note_commit_id,
-                                        anchor: dom_id(event.target))
-        elsif event.note_project_snippet?
-          namespace_project_snippet_path(event.project.namespace,
-                                         event.project, event.note_target)
-        else
         event_note_target_path(event)
       end
-      end
     elsif event.push?
       push_event_feed_url(event)
     end
@@ -134,9 +121,16 @@ module EventsHelper
   end
 
   def event_note_target_path(event)
-    if event.note? && event.note_commit?
-      namespace_project_commit_path(event.project.namespace, event.project,
-                                    event.note_target)
+    if event.note? && event.commit_note?
+      namespace_project_commit_path(event.project.namespace,
+                                    event.project,
+                                    event.note_target,
+                                    anchor: dom_id(event.target))
+    elsif event.project_snippet_note?
+      namespace_project_snippet_path(event.project.namespace,
+                                     event.project,
+                                     event.note_target,
+                                     anchor: dom_id(event.target))
     else
       polymorphic_path([event.project.namespace.becomes(Namespace),
                         event.project, event.note_target],
@@ -146,30 +140,11 @@ module EventsHelper
 
   def event_note_title_html(event)
     if event.note_target
-      if event.note_commit?
-        link_to(
-          namespace_project_commit_path(event.project.namespace, event.project,
-                                        event.note_commit_id,
-                                        anchor: dom_id(event.target), title: h(event.target_title)),
-          class: "commit_short_id"
-        ) do
-          "#{event.note_target_type} #{event.note_short_commit_id}"
-        end
-      elsif event.note_project_snippet?
-        link_to(namespace_project_snippet_path(event.project.namespace,
-                                               event.project,
-                                               event.note_target), title: h(event.project.name)) do
-          "#{event.note_target_type} #{truncate event.note_target.to_reference}"
+      link_to(event_note_target_path(event), title: event.target_title, class: 'has-tooltip') do
+        "#{event.note_target_type} #{event.note_target_reference}"
       end
     else
-        link_to event_note_target_path(event) do
-          "#{event.note_target_type} #{truncate event.note_target.to_reference}"
-        end
-      end
-    else
-      content_tag :strong do
-        "(deleted)"
-      end
+      content_tag(:strong, '(deleted)')
     end
   end
 

app/helpers/gitlab_routing_helper.rb

@@ -33,6 +33,10 @@ module GitlabRoutingHelper
     namespace_project_builds_path(project.namespace, project, *args)
   end
 
+  def project_container_registry_path(project, *args)
+    namespace_project_container_registry_index_path(project.namespace, project, *args)
+  end
+
   def activity_project_path(project, *args)
     activity_namespace_project_path(project.namespace, project, *args)
   end

app/helpers/nav_helper.rb

@@ -43,4 +43,12 @@ module NavHelper
     class_name += " with-horizontal-nav" if defined?(nav) && nav
     class_name
   end
+
+  def layout_nav_class
+    "page-with-layout-nav" if defined?(nav) && nav
+  end
+
+  def layout_dropdown_class
+    "controls-dropdown-visible" if current_user
+  end
 end

app/helpers/notes_helper.rb

 module NotesHelper
   # Helps to distinguish e.g. commit notes in mr notes list
   def note_for_main_target?(note)
-    (@noteable.class.name == note.noteable_type && !note.for_diff_line?)
+    @noteable.class.name == note.noteable_type && !note.diff_note?
   end
 
   def note_target_fields(note)
@@ -15,16 +15,6 @@ module NotesHelper
     note.editable? && can?(current_user, :admin_note, note)
   end
 
-  def link_to_commit_diff_line_note(note)
-    if note.for_commit_diff_line?
-      link_to(
-        "#{note.diff_file_name}:L#{note.diff_new_line}",
-        namespace_project_commit_path(@project.namespace, @project,
-                                      note.noteable, anchor: note.line_code)
-      )
-    end
-  end
-
   def noteable_json(noteable)
     {
       id: noteable.id,
@@ -35,7 +25,7 @@ module NotesHelper
   end
 
   def link_to_new_diff_note(line_code, line_type = nil)
-    discussion_id = Note.build_discussion_id(
+    discussion_id = LegacyDiffNote.build_discussion_id(
       @comments_target[:noteable_type],
       @comments_target[:noteable_id] || @comments_target[:commit_id],
       line_code
@@ -45,9 +35,10 @@ module NotesHelper
       noteable_type: @comments_target[:noteable_type],
       noteable_id:   @comments_target[:noteable_id],
       commit_id:     @comments_target[:commit_id],
+      line_type:     line_type,
       line_code:     line_code,
-      discussion_id: discussion_id,
-      line_type:     line_type
+      note_type:     LegacyDiffNote.name,
+      discussion_id: discussion_id
     }
 
     button_tag(class: 'btn add-diff-note js-add-diff-note-button',
@@ -57,18 +48,24 @@ module NotesHelper
     end
   end
 
-  def link_to_reply_diff(note, line_type = nil)
+  def link_to_reply_discussion(note, line_type = nil)
     return unless current_user
 
     data = {
       noteable_type: note.noteable_type,
       noteable_id:   note.noteable_id,
       commit_id:     note.commit_id,
-      line_code:     note.line_code,
       discussion_id: note.discussion_id,
       line_type:     line_type
     }
 
+    if note.diff_note?
+      data.merge!(
+        line_code: note.line_code,
+        note_type: LegacyDiffNote.name
+      )
+    end
+
     button_tag 'Reply...', class: 'btn btn-text-field js-discussion-reply-button',
                            data: data, title: 'Add a reply'
   end

app/helpers/projects_helper.rb

@@ -124,11 +124,7 @@ module ProjectsHelper
   end
 
   def license_short_name(project)
-    no_license_key = project.repository.license_key.nil? ||
-      # Back-compat if cache contains 'no-license', can be removed in a few weeks
-      project.repository.license_key == 'no-license'
-
-    return 'LICENSE' if no_license_key
+    return 'LICENSE' if project.repository.license_key.nil?
 
     license = Licensee::License.new(project.repository.license_key)
 
@@ -152,6 +148,10 @@ module ProjectsHelper
       nav_tabs << :builds
     end
 
+    if Gitlab.config.registry.enabled && can?(current_user, :read_container_image, project)
+      nav_tabs << :container_registry
+    end
+
     if can?(current_user, :admin_project, project)
       nav_tabs << :settings
     end

app/models/ability.rb

@@ -75,6 +75,7 @@ class Ability
           :read_merge_request,
           :read_note,
           :read_commit_status,
+          :read_container_image,
           :download_code
         ]
 
@@ -217,6 +218,7 @@ class Ability
         :admin_label,
         :read_commit_status,
         :read_build,
+        :read_container_image,
       ]
     end
 
@@ -230,7 +232,9 @@ class Ability
         :update_build,
         :create_merge_request,
         :create_wiki,
-        :push_code
+        :push_code,
+        :create_container_image,
+        :update_container_image,
       ]
     end
 
@@ -259,6 +263,7 @@ class Ability
         :admin_project,
         :admin_commit_status,
         :admin_build,
+        :admin_container_image,
         :admin_pages,
       ]
     end
@@ -305,6 +310,10 @@ class Ability
         rules += named_abilities('build')
       end
 
+      unless project.container_registry_enabled
+        rules += named_abilities('container_image')
+      end
+
       rules
     end
 

app/models/application_setting.rb

@@ -120,7 +120,8 @@ class ApplicationSetting < ActiveRecord::Base
       recaptcha_enabled: false,
       akismet_enabled: false,
       repository_checks_enabled: true,
-      disabled_oauth_sign_in_sources: []
+      disabled_oauth_sign_in_sources: [],
+      send_user_confirmation_email: false
     )
   end
 

app/models/event.rb

@@ -86,7 +86,7 @@ class Event < ActiveRecord::Base
   end
 
   def target_title
-    target.title if target && target.respond_to?(:title)
+    target.try(:title)
   end
 
   def created?
@@ -272,28 +272,20 @@ class Event < ActiveRecord::Base
     branch? && project.default_branch != branch_name
   end
 
-  def note_commit_id
-    target.commit_id
-  end
-
   def target_iid
     target.respond_to?(:iid) ? target.iid : target_id
   end
 
-  def note_short_commit_id
-    Commit.truncate_sha(note_commit_id)
-  end
-
-  def note_commit?
-    target.noteable_type == "Commit"
+  def commit_note?
+    target.for_commit?
   end
 
   def issue_note?
-    note? && target && target.noteable_type == "Issue"
+    note? && target && target.for_issue?
   end
 
-  def note_project_snippet?
-    target.noteable_type == "Snippet"
+  def project_snippet_note?
+    target.for_snippet?
   end
 
   def note_target
@@ -301,19 +293,22 @@ class Event < ActiveRecord::Base
   end
 
   def note_target_id
-    if note_commit?
+    if commit_note?
       target.commit_id
     else
       target.noteable_id.to_s
     end
   end
 
-  def note_target_iid
-    if note_target.respond_to?(:iid)
-      note_target.iid
+  def note_target_reference
+    return unless note_target
+
+    # Commit#to_reference returns the full SHA, but we want the short one here
+    if commit_note?
+      note_target.short_id
     else
-      note_target_id
-    end.to_s
+      note_target.to_reference
+    end
   end
 
   def note_target_type

app/models/legacy_diff_note.rb

+class LegacyDiffNote < Note
+  serialize :st_diff
+
+  validates :line_code, presence: true, line_code: true
+
+  before_create :set_diff
+
+  class << self
+    def build_discussion_id(noteable_type, noteable_id, line_code, active = true)
+      [super(noteable_type, noteable_id), line_code, active].join("-")
+    end
+  end
+
+  def diff_note?
+    true
+  end
+
+  def legacy_diff_note?
+    true
+  end
+
+  def discussion_id
+    @discussion_id ||= self.class.build_discussion_id(noteable_type, noteable_id || commit_id, line_code, active?)
+  end
+
+  def diff_file_hash
+    line_code.split('_')[0] if line_code
+  end
+
+  def diff_old_line
+    line_code.split('_')[1].to_i if line_code
+  end
+
+  def diff_new_line
+    line_code.split('_')[2].to_i if line_code
+  end
+
+  def diff
+    @diff ||= Gitlab::Git::Diff.new(st_diff) if st_diff.respond_to?(:map)
+  end
+
+  def diff_file_path
+    diff.new_path.presence || diff.old_path
+  end
+
+  def diff_lines
+    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.each_line)
+  end
+
+  def diff_line
+    @diff_line ||= diff_lines.find { |line| generate_line_code(line) == self.line_code }
+  end
+
+  def diff_line_text
+    diff_line.try(:text)
+  end
+
+  def diff_line_type
+    diff_line.try(:type)
+  end
+
+  def highlighted_diff_lines
+    Gitlab::Diff::Highlight.new(diff_lines).highlight
+  end
+
+  def truncated_diff_lines
+    max_number_of_lines = 16
+    prev_match_line = nil
+    prev_lines = []
+
+    highlighted_diff_lines.each do |line|
+      if line.type == "match"
+        prev_lines.clear
+        prev_match_line = line
+      else
+        prev_lines << line
+
+        break if generate_line_code(line) == self.line_code
+
+        prev_lines.shift if prev_lines.length >= max_number_of_lines
+      end
+    end
+
+    prev_lines
+  end
+
+  # Check if this note is part of an "active" discussion
+  #
+  # This will always return true for anything except MergeRequest noteables,
+  # which have special logic.
+  #
+  # If the note's current diff cannot be matched in the MergeRequest's current
+  # diff, it's considered inactive.
+  def active?
+    return @active if defined?(@active)
+    return true if for_commit?
+    return true unless self.diff
+    return false unless noteable
+
+    noteable_diff = find_noteable_diff
+
+    if noteable_diff
+      parsed_lines = Gitlab::Diff::Parser.new.parse(noteable_diff.diff.each_line)
+
+      @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line_text }
+    else
+      @active = false
+    end
+
+    @active
+  end
+
+  private
+
+  def find_diff
+    return nil unless noteable
+    return @diff if defined?(@diff)
+
+    @diff = noteable.diffs(Commit.max_diff_options).find do |d|
+      d.new_path && Digest::SHA1.hexdigest(d.new_path) == diff_file_hash
+    end
+  end
+
+  def set_diff
+    # First lets find notes with same diff
+    # before iterating over all mr diffs
+    diff = diff_for_line_code unless for_merge_request?
+    diff ||= find_diff
+
+    self.st_diff = diff.to_hash if diff
+  end
+
+  def diff_for_line_code
+    attributes = {
+      noteable_type: noteable_type,
+      line_code: line_code
+    }
+
+    if for_commit?
+      attributes[:commit_id] = commit_id
+    else
+      attributes[:noteable_id] = noteable_id
+    end
+
+    self.class.where(attributes).last.try(:diff)
+  end
+
+  def generate_line_code(line)
+    Gitlab::Diff::LineCode.generate(diff_file_path, line.new_pos, line.old_pos)
+  end
+
+  # Find the diff on noteable that matches our own
+  def find_noteable_diff
+    diffs = noteable.diffs(Commit.max_diff_options)
+    diffs.find { |d| d.new_path == self.diff.new_path }
+  end
+end

app/models/merge_request.rb

@@ -29,6 +29,10 @@ class MergeRequest < ActiveRecord::Base
   # when creating new merge request
   attr_accessor :can_be_created, :compare_commits, :compare
 
+  # Temporary fields to store target_sha, and base_sha to
+  # compare when importing pull requests from GitHub
+  attr_accessor :base_target_sha, :head_source_sha
+
   state_machine :state, initial: :opened do
     event :close do
       transition [:reopened, :opened] => :closed
@@ -546,10 +550,14 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def target_sha
-    @target_sha ||= target_project.repository.commit(target_branch).try(:sha)
+    return @base_target_sha if defined?(@base_target_sha)
+
+    target_project.repository.commit(target_branch).try(:sha)
   end
 
   def source_sha
+    return @head_source_sha if defined?(@head_source_sha)
+
     last_commit.try(:sha) || source_tip.try(:sha)
   end
 

app/models/merge_request_diff.rb

@@ -6,7 +6,7 @@ class MergeRequestDiff < ActiveRecord::Base
 
   belongs_to :merge_request
 
-  delegate :target_branch, :source_branch, to: :merge_request, prefix: nil
+  delegate :head_source_sha, :target_branch, :source_branch, to: :merge_request, prefix: nil
 
   state_machine :state, initial: :empty do
     state :collected
@@ -38,8 +38,8 @@ class MergeRequestDiff < ActiveRecord::Base
       @diffs_no_whitespace ||= begin
         compare = Gitlab::Git::Compare.new(
           self.repository.raw_repository,
-          self.target_branch,
-          self.source_sha,
+          self.base,
+          self.head,
         )
         compare.diffs(options)
       end
@@ -98,9 +98,7 @@ class MergeRequestDiff < ActiveRecord::Base
     commits = compare.commits
 
     if commits.present?
-      commits = Commit.decorate(commits, merge_request.source_project).
-        sort_by(&:created_at).
-        reverse
+      commits = Commit.decorate(commits, merge_request.source_project).reverse
     end
 
     commits
@@ -144,7 +142,7 @@ class MergeRequestDiff < ActiveRecord::Base
 
     self.st_diffs = new_diffs
 
-    self.base_commit_sha = self.repository.merge_base(self.source_sha, self.target_branch)
+    self.base_commit_sha = self.repository.merge_base(self.head, self.base)
 
     self.save
   end
@@ -160,10 +158,24 @@ class MergeRequestDiff < ActiveRecord::Base
   end
 
   def source_sha
+    return head_source_sha if head_source_sha.present?
+
     source_commit = merge_request.source_project.commit(source_branch)
     source_commit.try(:sha)
   end
 
+  def target_sha
+    merge_request.target_sha
+  end
+
+  def base
+    self.target_sha || self.target_branch
+  end
+
+  def head
+    self.source_sha
+  end
+
   def compare
     @compare ||=
       begin
@@ -172,8 +184,8 @@ class MergeRequestDiff < ActiveRecord::Base
 
         Gitlab::Git::Compare.new(
           self.repository.raw_repository,
-          self.target_branch,
-          self.source_sha
+          self.base,
+          self.head
         )
       end
   end

app/models/milestone.rb

@@ -68,8 +68,18 @@ class Milestone < ActiveRecord::Base
     @link_reference_pattern ||= super("milestones", /(?<milestone>\d+)/)
   end
 
-  def self.upcoming
-    self.where('due_date > ?', Time.now).reorder(due_date: :asc).first
+  def self.upcoming_ids_by_projects(projects)
+    rel = unscoped.of_projects(projects).active.where('due_date > ?', Time.now)
+
+    if Gitlab::Database.postgresql?
+      rel.order(:project_id, :due_date).select('DISTINCT ON (project_id) id')
+    else
+      rel.
+        group(:project_id).
+        having('due_date = MIN(due_date)').
+        pluck(:id, :project_id, :due_date).
+        map(&:first)
+    end
   end
 
   def to_reference(from_project = nil)

app/models/namespace.rb

@@ -110,6 +110,10 @@ class Namespace < ActiveRecord::Base
     # Ensure old directory exists before moving it
     gitlab_shell.add_namespace(path_was)
 
+    if any_project_has_container_registry_tags?
+      raise Exception.new('Namespace cannot be moved, because at least one project has tags in container registry')
+    end
+
     if gitlab_shell.mv_namespace(path_was, path)
       Gitlab::UploadsTransfer.new.rename_namespace(path_was, path)
       Gitlab::PagesTransfer.new.rename_namespace(path_was, path)
@@ -132,6 +136,10 @@ class Namespace < ActiveRecord::Base
     end
   end
 
+  def any_project_has_container_registry_tags?
+    projects.any?(&:has_container_registry_tags?)
+  end
+
   def send_update_instructions
     projects.each do |project|
       project.send_move_instructions("#{path_was}/#{project.path}")

app/models/note.rb

-require 'carrierwave/orm/activerecord'
-
 class Note < ActiveRecord::Base
+  extend ActiveModel::Naming
   include Gitlab::CurrentSettings
   include Participable
   include Mentionable
@@ -21,14 +20,13 @@ class Note < ActiveRecord::Base
   delegate :gfm_reference, :local_reference, to: :noteable
   delegate :name, to: :project, prefix: true
   delegate :name, :email, to: :author, prefix: true
+  delegate :title, to: :noteable, allow_nil: true
 
   before_validation :set_award!
-  before_validation :clear_blank_line_code!
 
   validates :note, :project, presence: true
   validates :note, uniqueness: { scope: [:author, :noteable_type, :noteable_id] }, if: ->(n) { n.is_award }
   validates :note, inclusion: { in: Emoji.emojis_names }, if: ->(n) { n.is_award }
-  validates :line_code, line_code: true, allow_blank: true
   # Attachments are deprecated and are handled by Markdown uploader
   validates :attachment, file_size: { maximum: :max_attachment_size }
 
@@ -43,8 +41,6 @@ class Note < ActiveRecord::Base
   scope :nonawards, ->{ where(is_award: false) }
   scope :searchable, ->{ where("is_award IS FALSE AND system IS FALSE") }
   scope :for_commit_id, ->(commit_id) { where(noteable_type: "Commit", commit_id: commit_id) }
-  scope :inline, ->{ where("line_code IS NOT NULL") }
-  scope :not_inline, ->{ where(line_code: nil) }
   scope :system, ->{ where(system: true) }
   scope :user, ->{ where(system: false) }
   scope :common, ->{ where(noteable_type: ["", nil]) }
@@ -52,38 +48,31 @@ class Note < ActiveRecord::Base
   scope :inc_author_project, ->{ includes(:project, :author) }
   scope :inc_author, ->{ includes(:author) }
 
+  scope :legacy_diff_notes, ->{ where(type: 'LegacyDiffNote') }
+  scope :non_diff_notes, ->{ where(type: ['Note', nil]) }
+
   scope :with_associations, -> do
     includes(:author, :noteable, :updated_by,
              project: [:project_members, { group: [:group_members] }])
   end
 
-  serialize :st_diff
-  before_create :set_diff, if: ->(n) { n.line_code.present? }
+  before_validation :clear_blank_line_code!
 
   class << self
-    def discussions_from_notes(notes)
-      discussion_ids = []
-      discussions = []
-
-      notes.each do |note|
-        next if discussion_ids.include?(note.discussion_id)
-
-        # don't group notes for the main target
-        if !note.for_diff_line? && note.for_merge_request?
-          discussions << [note]
-        else
-          discussions << notes.select do |other_note|
-            note.discussion_id == other_note.discussion_id
-          end
-          discussion_ids << note.discussion_id
+    def model_name
+      ActiveModel::Name.new(self, nil, 'note')
     end
+
+    def build_discussion_id(noteable_type, noteable_id)
+      [:discussion, noteable_type.try(:underscore), noteable_id].join("-")
     end
 
-      discussions
+    def discussions
+      all.group_by(&:discussion_id).values
     end
 
-    def build_discussion_id(type, id, line_code)
-      [:discussion, type.try(:underscore), id, line_code].join("-").to_sym
+    def grouped_diff_notes
+      legacy_diff_notes.select(&:active?).sort_by(&:created_at).group_by(&:line_code)
     end
 
     # Searches for notes matching the given query.
@@ -122,167 +111,39 @@ class Note < ActiveRecord::Base
     system && SystemNoteService.cross_reference?(note)
   end
 
-  def max_attachment_size
-    current_application_settings.max_attachment_size.megabytes.to_i
-  end
-
-  def find_diff
-    return nil unless noteable
-    return @diff if defined?(@diff)
-
-    # Don't use ||= because nil is a valid value for @diff
-    @diff = noteable.diffs(Commit.max_diff_options).find do |d|
-      Digest::SHA1.hexdigest(d.new_path) == diff_file_index if d.new_path
-    end
-  end
-
-  def hook_attrs
-    attributes
-  end
-
-  def set_diff
-    # First lets find notes with same diff
-    # before iterating over all mr diffs
-    diff = diff_for_line_code unless for_merge_request?
-    diff ||= find_diff
-
-    self.st_diff = diff.to_hash if diff
+  def diff_note?
+    false
   end
 
-  def diff
-    @diff ||= Gitlab::Git::Diff.new(st_diff) if st_diff.respond_to?(:map)
+  def legacy_diff_note?
+    false
   end
 
-  def diff_for_line_code
-    Note.where(noteable_id: noteable_id, noteable_type: noteable_type, line_code: line_code).last.try(:diff)
-  end
-
-  # Check if this note is part of an "active" discussion
-  #
-  # This will always return true for anything except MergeRequest noteables,
-  # which have special logic.
-  #
-  # If the note's current diff cannot be matched in the MergeRequest's current
-  # diff, it's considered inactive.
   def active?
-    return true unless self.diff
-    return false unless noteable
-    return @active if defined?(@active)
-
-    noteable_diff = find_noteable_diff
-
-    if noteable_diff
-      parsed_lines = Gitlab::Diff::Parser.new.parse(noteable_diff.diff.each_line)
-
-      @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line }
-    else
-      @active = false
-    end
-
-    @active
-  end
-
-  def diff_file_index
-    line_code.split('_')[0] if line_code
-  end
-
-  def diff_file_name
-    diff.new_path if diff
-  end
-
-  def file_path
-    if diff.new_path.present?
-      diff.new_path
-    elsif diff.old_path.present?
-      diff.old_path
-    end
-  end
-
-  def diff_old_line
-    line_code.split('_')[1].to_i if line_code
-  end
-
-  def diff_new_line
-    line_code.split('_')[2].to_i if line_code
-  end
-
-  def generate_line_code(line)
-    Gitlab::Diff::LineCode.generate(file_path, line.new_pos, line.old_pos)
-  end
-
-  def diff_line
-    return @diff_line if @diff_line
-
-    if diff
-      diff_lines.each do |line|
-        if generate_line_code(line) == self.line_code
-          @diff_line = line.text
-        end
-      end
+    true
   end
 
-    @diff_line
-  end
-
-  def diff_line_type
-    return @diff_line_type if @diff_line_type
-
-    if diff
-      diff_lines.each do |line|
-        if generate_line_code(line) == self.line_code
-          @diff_line_type = line.type
-        end
-      end
-    end
-
-    @diff_line_type
-  end
-
-  def truncated_diff_lines
-    max_number_of_lines = 16
-    prev_match_line = nil
-    prev_lines = []
-
-    highlighted_diff_lines.each do |line|
-      if line.type == "match"
-        prev_lines.clear
-        prev_match_line = line
+  def discussion_id
+    @discussion_id ||=
+      if for_merge_request?
+        [:discussion, :note, id].join("-")
       else
-        prev_lines << line
-
-        break if generate_line_code(line) == self.line_code
-
-        prev_lines.shift if prev_lines.length >= max_number_of_lines
-      end
-    end
-
-    prev_lines
+        self.class.build_discussion_id(noteable_type, noteable_id || commit_id)
       end
-
-  def diff_lines
-    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.each_line)
   end
 
-  def highlighted_diff_lines
-    Gitlab::Diff::Highlight.new(diff_lines).highlight
+  def max_attachment_size
+    current_application_settings.max_attachment_size.megabytes.to_i
   end
 
-  def discussion_id
-    @discussion_id ||= Note.build_discussion_id(noteable_type, noteable_id || commit_id, line_code)
+  def hook_attrs
+    attributes
   end
 
   def for_commit?
     noteable_type == "Commit"
   end
 
-  def for_commit_diff_line?
-    for_commit? && for_diff_line?
-  end
-
-  def for_diff_line?
-    line_code.present?
-  end
-
   def for_issue?
     noteable_type == "Issue"
   end
@@ -291,10 +152,6 @@ class Note < ActiveRecord::Base
     noteable_type == "MergeRequest"
   end
 
-  def for_merge_request_diff_line?
-    for_merge_request? && for_diff_line?
-  end
-
   def for_snippet?
     noteable_type == "Snippet"
   end
@@ -367,14 +224,8 @@ class Note < ActiveRecord::Base
     self.line_code = nil if self.line_code.blank?
   end
 
-  # Find the diff on noteable that matches our own
-  def find_noteable_diff
-    diffs = noteable.diffs(Commit.max_diff_options)
-    diffs.find { |d| d.new_path == self.diff.new_path }
-  end
-
   def awards_supported?
-    (for_issue? || for_merge_request?) && !for_diff_line?
+    (for_issue? || for_merge_request?) && !diff_note?
   end
 
   def contains_emoji_only?

app/models/project.rb

@@ -23,6 +23,7 @@ class Project < ActiveRecord::Base
   default_value_for :builds_enabled, gitlab_config_features.builds
   default_value_for :wiki_enabled, gitlab_config_features.wiki
   default_value_for :snippets_enabled, gitlab_config_features.snippets
+  default_value_for :container_registry_enabled, gitlab_config_features.container_registry
   default_value_for(:shared_runners_enabled) { current_application_settings.shared_runners_enabled }
 
   # set last_activity_at to the same as created_at
@@ -43,6 +44,8 @@ class Project < ActiveRecord::Base
   attr_accessor :new_default_branch
   attr_accessor :old_path_with_namespace
 
+  alias_attribute :title, :name
+
   # Relations
   belongs_to :creator, foreign_key: 'creator_id', class_name: 'User'
   belongs_to :group, -> { where(type: Group) }, foreign_key: 'namespace_id'
@@ -178,20 +181,20 @@ class Project < ActiveRecord::Base
 
   scope :sorted_by_activity, -> { reorder(last_activity_at: :desc) }
   scope :sorted_by_stars, -> { reorder('projects.star_count DESC') }
-  scope :sorted_by_names, -> { joins(:namespace).reorder('namespaces.name ASC, projects.name ASC') }
 
-  scope :without_user, ->(user)  { where('projects.id NOT IN (:ids)', ids: user.authorized_projects.map(&:id) ) }
-  scope :without_team, ->(team) { team.projects.present? ? where('projects.id NOT IN (:ids)', ids: team.projects.map(&:id)) : scoped  }
-  scope :not_in_group, ->(group) { where('projects.id NOT IN (:ids)', ids: group.project_ids ) }
   scope :in_namespace, ->(namespace_ids) { where(namespace_id: namespace_ids) }
-  scope :in_group_namespace, -> { joins(:group) }
   scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
   scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) }
+  scope :visible_to_user, ->(user) { where(id: user.authorized_projects.select(:id).reorder(nil)) }
   scope :non_archived, -> { where(archived: false) }
   scope :mirror, -> { where(mirror: true) }
   scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct }
+  scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) }
   scope :with_remote_mirrors, -> { joins(:remote_mirrors).where(remote_mirrors: { enabled: true }).distinct }
 
+  scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
+  scope :abandoned, -> { where('projects.last_activity_at < ?', 6.months.ago) }
+
   state_machine :import_status, initial: :none do
     event :import_start do
       transition [:none, :finished] => :started
@@ -214,7 +217,7 @@ class Project < ActiveRecord::Base
     state :failed
 
     after_transition any => :started, do: :schedule_add_import_job
-    after_transition any => :finished, do: :reset_cache_and_import_attrs
+    after_transition any => :finished, do: :clear_import_data
 
     after_transition started: :finished do |project, transaction|
       if project.mirror?
@@ -238,18 +241,6 @@ class Project < ActiveRecord::Base
   end
 
   class << self
-    def abandoned
-      where('projects.last_activity_at < ?', 6.months.ago)
-    end
-
-    def with_push
-      joins(:events).where('events.action = ?', Event::PUSHED)
-    end
-
-    def active
-      joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC')
-    end
-
     # Searches for a list of projects based on the query given in `query`.
     #
     # On PostgreSQL this method uses "ILIKE" to perform a case-insensitive
@@ -311,10 +302,6 @@ class Project < ActiveRecord::Base
         projects.iwhere('projects.path' => project_path).take
     end
 
-    def find_by_ci_id(id)
-      find_by(ci_id: id.to_i)
-    end
-
     def visibility_levels
       Gitlab::VisibilityLevel.options
     end
@@ -345,10 +332,6 @@ class Project < ActiveRecord::Base
 
       joins(join_body).reorder('join_note_counts.amount DESC')
     end
-
-    def visible_to_user(user)
-      where(id: user.authorized_projects.select(:id).reorder(nil))
-    end
   end
 
   def team
@@ -359,6 +342,30 @@ class Project < ActiveRecord::Base
     @repository ||= Repository.new(path_with_namespace, self)
   end
 
+  def container_registry_repository
+    return unless Gitlab.config.registry.enabled
+
+    @container_registry_repository ||= begin
+      token = Auth::ContainerRegistryAuthenticationService.full_access_token(path_with_namespace)
+      url = Gitlab.config.registry.api_url
+      host_port = Gitlab.config.registry.host_port
+      registry = ContainerRegistry::Registry.new(url, token: token, path: host_port)
+      registry.repository(path_with_namespace)
+    end
+  end
+
+  def container_registry_repository_url
+    if Gitlab.config.registry.enabled
+      "#{Gitlab.config.registry.host_port}/#{path_with_namespace}"
+    end
+  end
+
+  def has_container_registry_tags?
+    return unless container_registry_repository
+
+    container_registry_repository.tags.any?
+  end
+
   def commit(id = 'HEAD')
     repository.commit(id)
   end
@@ -372,10 +379,6 @@ class Project < ActiveRecord::Base
     id && persisted?
   end
 
-  def schedule_add_import_job
-    run_after_commit(:add_import_job)
-  end
-
   def add_import_job
     if repository_exists?
       if mirror?
@@ -398,12 +401,12 @@ class Project < ActiveRecord::Base
     end
   end
 
-  def reset_cache_and_import_attrs
+  def clear_import_data
     update(import_error: nil)
 
     ProjectCacheWorker.perform_async(self.id)
 
-    self.import_data.destroy if !mirror? && import_data
+    self.import_data.destroy if !mirror? && self.import_data
   end
 
   def import_url=(value)
@@ -856,6 +859,11 @@ class Project < ActiveRecord::Base
 
     expire_caches_before_rename(old_path_with_namespace)
 
+    if has_container_registry_tags?
+      # we currently doesn't support renaming repository if it contains tags in container registry
+      raise Exception.new('Project cannot be renamed, because tags are present in its container registry')
+    end
+
     if gitlab_shell.mv_repository(old_path_with_namespace, new_path_with_namespace)
       # If repository moved successfully we need to send update instructions to users.
       # However we cannot allow rollback since we moved repository

app/models/project_services/external_wiki_service.rb

@@ -25,7 +25,7 @@ class ExternalWikiService < Service
 
   def execute(_data)
     @response = HTTParty.get(properties['external_wiki_url'], verify: true) rescue nil
-    if @response !=200
+    if @response != 200
       nil
     end
   end

app/models/project_services/slack_service/issue_message.rb

@@ -34,7 +34,12 @@ class SlackService
     private
 
     def message
-      "#{user_name} #{state} #{issue_link} in #{project_link}: *#{title}*"
+      case state
+      when "opened"
+        "[#{project_link}] Issue #{state} by #{user_name}"
+      else
+        "[#{project_link}] Issue #{issue_link} #{state} by #{user_name}"
+      end
     end
 
     def opened_issue?
@@ -42,7 +47,11 @@ class SlackService
     end
 
     def description_message
-      [{ text: format(description), color: attachment_color }]
+      [{
+        title: issue_title,
+        title_link: issue_url,
+        text: format(description),
+        color: "#C95823" }]
     end
 
     def project_link
@@ -50,7 +59,11 @@ class SlackService
     end
 
     def issue_link
-      "[issue ##{issue_iid}](#{issue_url})"
+      "[#{issue_title}](#{issue_url})"
+    end
+
+    def issue_title
+      "##{issue_iid} #{title}"
     end
   end
 end

app/models/project_wiki.rb

@@ -42,7 +42,7 @@ class ProjectWiki
   end
 
   def wiki_base_path
-    ["/", @project.path_with_namespace, "/wikis"].join('')
+    [Gitlab.config.gitlab.relative_url_root, "/", @project.path_with_namespace, "/wikis"].join('')
   end
 
   # Returns the Gollum::Wiki object.

app/models/repository.rb

@@ -245,8 +245,8 @@ class Repository
     cache.fetch(:branch_names) { branches.map(&:name) }
   end
 
-  def branch_exists?(name)
-    branch_names.include?(name)
+  def branch_exists?(branch_name)
+    branch_names.include?(branch_name)
   end
 
   def tag_names

app/models/user.rb

@@ -114,6 +114,7 @@ class User < ActiveRecord::Base
   before_save :ensure_external_user_rights
   after_save :ensure_namespace_correct
   after_initialize :set_projects_limit
+  before_create :check_confirmation_email
   after_create :post_create_hook
   after_destroy :post_destroy_hook
 
@@ -339,6 +340,10 @@ class User < ActiveRecord::Base
     @reset_token
   end
 
+  def check_confirmation_email
+    skip_confirmation! unless current_application_settings.send_user_confirmation_email
+  end
+
   def recently_sent_password_reset?
     reset_password_sent_at.present? && reset_password_sent_at >= 1.minute.ago
   end
@@ -424,11 +429,6 @@ class User < ActiveRecord::Base
                     owned_groups.select(:id), namespace.id).joins(:namespace)
   end
 
-  # Team membership in authorized projects
-  def tm_in_authorized_projects
-    ProjectMember.where(source_id: authorized_projects.map(&:id), user_id: self.id)
-  end
-
   def is_admin?
     admin
   end
@@ -518,10 +518,6 @@ class User < ActiveRecord::Base
     "#{name} (#{username})"
   end
 
-  def tm_of(project)
-    project.project_member_by_id(self.id)
-  end
-
   def already_forked?(project)
     !!fork_of(project)
   end

app/services/auth/container_registry_authentication_service.rb

+module Auth
+  class ContainerRegistryAuthenticationService < BaseService
+    AUDIENCE = 'container_registry'
+
+    def execute
+      return error('not found', 404) unless registry.enabled
+
+      if params[:offline_token]
+        return error('unauthorized', 401) unless current_user
+      else
+        return error('forbidden', 403) unless scope
+      end
+
+      { token: authorized_token(scope).encoded }
+    end
+
+    def self.full_access_token(*names)
+      registry = Gitlab.config.registry
+      token = JSONWebToken::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = AUDIENCE
+      token[:access] = names.map do |name|
+        { type: 'repository', name: name, actions: %w(pull push) }
+      end
+      token.encoded
+    end
+
+    private
+
+    def authorized_token(*accesses)
+      token = JSONWebToken::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = params[:service]
+      token.subject = current_user.try(:username)
+      token[:access] = accesses.compact
+      token
+    end
+
+    def scope
+      return unless params[:scope]
+
+      @scope ||= process_scope(params[:scope])
+    end
+
+    def process_scope(scope)
+      type, name, actions = scope.split(':', 3)
+      actions = actions.split(',')
+      return unless type == 'repository'
+
+      process_repository_access(type, name, actions)
+    end
+
+    def process_repository_access(type, name, actions)
+      requested_project = Project.find_with_namespace(name)
+      return unless requested_project
+
+      actions = actions.select do |action|
+        can_access?(requested_project, action)
+      end
+
+      { type: type, name: name, actions: actions } if actions.present?
+    end
+
+    def can_access?(requested_project, requested_action)
+      return false unless requested_project.container_registry_enabled?
+
+      case requested_action
+      when 'pull'
+        requested_project == project || can?(current_user, :read_container_image, requested_project)
+      when 'push'
+        requested_project == project || can?(current_user, :create_container_image, requested_project)
+      else
+        false
+      end
+    end
+
+    def registry
+      Gitlab.config.registry
+    end
+  end
+end

app/services/issues/update_service.rb

@@ -24,6 +24,10 @@ module Issues
         todo_service.reassigned_issue(issue, current_user)
       end
 
+      if issue.previous_changes.include?('confidential')
+        create_confidentiality_note(issue)
+      end
+
       added_labels = issue.labels - old_labels
       if added_labels.present?
         notification_service.relabeled_issue(issue, added_labels, current_user)
@@ -37,5 +41,11 @@ module Issues
     def close_service
       Issues::CloseService
     end
+
+    private
+
+    def create_confidentiality_note(issue)
+      SystemNoteService.change_issue_confidentiality(issue, issue.project, current_user)
+    end
   end
 end

app/services/projects/create_service.rb

@@ -6,6 +6,7 @@ module Projects
 
     def execute
       forked_from_project_id = params.delete(:forked_from_project_id)
+      import_data = params.delete(:import_data)
 
       @project = Project.new(params)
 
@@ -49,16 +50,14 @@ module Projects
         @project.build_forked_project_link(forked_from_project_id: forked_from_project_id)
       end
 
-      Project.transaction do
-        @project.save
+      save_project_and_import_data(import_data)
 
-        if @project.persisted? && !@project.import?
-          raise 'Failed to create repository' unless @project.create_repository
-        end
-      end
+      @project.import_start if @project.import?
 
       after_create_actions if @project.persisted?
 
+      @project.add_import_job if @project.import?
+
       @project
     rescue => e
       message = "Unable to save project: #{e.message}"
@@ -94,8 +93,6 @@ module Projects
         @project.team << [current_user, :master, current_user]
       end
 
-      @project.import_start if @project.import?
-
       predefined_git_hook = GitHook.find_by(is_sample: true)
 
       if predefined_git_hook
@@ -103,5 +100,15 @@ module Projects
         project.git_hook = git_hook
       end
     end
+
+    def save_project_and_import_data(import_data)
+      Project.transaction do
+        @project.create_or_update_import_data(data: import_data[:data], credentials: import_data[:credentials]) if import_data
+
+        if @project.save && !@project.import?
+          raise 'Failed to create repository' unless @project.create_repository
+        end
+      end
+    end
   end
 end

app/services/projects/destroy_service.rb

@@ -23,6 +23,10 @@ module Projects
       Project.transaction do
         project.destroy!
         trash_repositories!
+
+        unless remove_registry_tags
+          raise_error('Failed to remove project container registry. Please try again or contact administrator')
+        end
       end
 
       log_info("Project \"#{project.path_with_namespace}\" was removed")
@@ -80,6 +84,12 @@ module Projects
       end
     end
 
+    def remove_registry_tags
+      return true unless Gitlab.config.registry.enabled
+
+      project.container_registry_repository.delete_tags
+    end
+
     def raise_error(message)
       raise DestroyError.new(message)
     end

app/services/projects/transfer_service.rb

@@ -34,6 +34,11 @@ module Projects
           raise TransferError.new("Project with same path in target namespace already exists")
         end
 
+        if project.has_container_registry_tags?
+          # we currently doesn't support renaming repository if it contains tags in container registry
+          raise TransferError.new('Project cannot be transferred, because tags are present in its container registry')
+        end
+
         project.expire_caches_before_rename(old_path)
 
         # Apply new namespace id and visibility level

app/services/system_note_service.rb

@@ -169,12 +169,26 @@ class SystemNoteService
   #
   # Returns the created Note object
   def self.change_title(noteable, project, author, old_title)
-    return unless noteable.respond_to?(:title)
-
     body = "Title changed from **#{old_title}** to **#{noteable.title}**"
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
 
+  # Called when the confidentiality changes
+  #
+  # issue   - Issue object
+  # project - Project owning the issue
+  # author  - User performing the change
+  #
+  # Example Note text:
+  #
+  # "Made the issue confidential"
+  #
+  # Returns the created Note object
+  def self.change_issue_confidentiality(issue, project, author)
+    body = issue.confidential ? 'Made the issue confidential' : 'Made the issue visible'
+    create_note(noteable: issue, project: project, author: author, note: body)
+  end
+
   # Called when a branch in Noteable is changed
   #
   # noteable    - Noteable object

app/views/admin/application_settings/_form.html.haml

@@ -103,6 +103,12 @@
           = f.label :signup_enabled do
             = f.check_box :signup_enabled
             Sign-up enabled
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :send_user_confirmation_email do
+            = f.check_box :send_user_confirmation_email
+            Send confirmation email on sign-up
     .form-group
       .col-sm-offset-2.col-sm-10
         .checkbox

app/views/events/event/_common.html.haml

@@ -4,7 +4,7 @@
     = event_action_name(event)
 
   - if event.target
-    %strong= link_to event.target.reference_link_text, [event.project.namespace.becomes(Namespace), event.project, event.target]
+    %strong= link_to event.target.reference_link_text, [event.project.namespace.becomes(Namespace), event.project, event.target], title: event.target_title
 
   = event_preposition(event)
 

app/views/groups/_activities.html.haml

@@ -4,7 +4,7 @@
 .nav-block
   - if current_user
     .controls
-      = link_to dashboard_projects_path(:atom, { private_token: current_user.private_token }), class: 'btn rss-btn' do
+      = link_to group_path(@group, format: :atom, private_token: current_user.private_token), class: 'btn rss-btn' do
         %i.fa.fa-rss
   = render 'shared/event_filter'
 

app/views/groups/issues.atom.builder

 xml.instruct!
 xml.feed "xmlns" => "http://www.w3.org/2005/Atom", "xmlns:media" => "http://search.yahoo.com/mrss/" do
-  xml.title   "#{@user.name} issues"
-  xml.link    href: issues_dashboard_url(format: :atom, private_token: @user.private_token), rel: "self", type: "application/atom+xml"
-  xml.link    href: issues_dashboard_url, rel: "alternate", type: "text/html"
-  xml.id      issues_dashboard_url
+  xml.title   "#{@group.name} issues"
+  xml.link    href: issues_group_url(format: :atom, private_token: current_user.try(:private_token)), rel: "self", type: "application/atom+xml"
+  xml.link    href: issues_group_url, rel: "alternate", type: "text/html"
+  xml.id      issues_group_url
   xml.updated @issues.first.created_at.xmlschema if @issues.any?
 
   @issues.each do |issue|

app/views/layouts/_page.html.haml

 .page-with-sidebar{ class: "#{page_sidebar_class} #{page_gutter_class}" }
-  = render "layouts/broadcast"
   .sidebar-wrapper.nicescroll{ class: nav_sidebar_class }
     .header-logo
       %a#logo
@@ -26,7 +25,8 @@
     .layout-nav
       .container-fluid
         = render "layouts/nav/#{nav}"
-  .content-wrapper{ class: ('page-with-layout-nav' if defined?(nav) && nav) }
+  .content-wrapper{ class: "#{layout_nav_class} #{layout_dropdown_class}" }
+    = render "layouts/broadcast"
     = render "layouts/flash"
     = yield :flash_message
     %div{ class: (container_class unless @no_container) }

app/views/layouts/nav/_group_settings.html.haml

 - if current_user
   - if access = @group.users.find_by(id: current_user.id)
     .controls
-      %span.dropdown.group-settings-dropdown
+      .dropdown.group-settings-dropdown
         %a.dropdown-new.btn.btn-default#group-settings-button{href: '#', 'data-toggle' => 'dropdown'}
           = icon('cog')
           = icon('caret-down')

app/views/layouts/nav/_project.html.haml

@@ -46,6 +46,13 @@
           Builds
           %span.count.builds_counter= number_with_delimiter(@project.builds.running_or_pending.count(:all))
 
+  - if project_nav_tab? :container_registry
+    = nav_link(controller: %w(container_registry)) do
+      = link_to project_container_registry_path(@project), title: 'Container Registry', class: 'shortcuts-container-registry' do
+        = icon('hdd-o fw')
+        %span
+          Container Registry
+
   - if project_nav_tab? :graphs
     = nav_link(controller: %w(graphs)) do
       = link_to namespace_project_graph_path(@project.namespace, @project, current_ref), title: 'Graphs',  class: 'shortcuts-graphs' do

app/views/notify/note_merge_request_email.html.haml

-- if @note.diff_file_name
+- if @note.legacy_diff_note?
   %p.details
     New comment on diff for
-    = link_to @note.diff_file_name, @target_url
+    = link_to @note.diff_file_path, @target_url
     \:
 
 = render 'note_message'

app/views/projects/_md_preview.html.haml

@@ -8,7 +8,7 @@
         %a.js-md-preview-button{ href: "#md-preview-holder", tabindex: -1 }
           Preview
       %li.pull-right
-        %button.zen-cotrol.zen-control-full.js-zen-enter{ type: 'button', tabindex: -1 }
+        %button.zen-control.zen-control-full.js-zen-enter{ type: 'button', tabindex: -1 }
           Go full screen
 
   .md-write-holder

app/views/projects/_zen.html.haml

@@ -4,5 +4,5 @@
     = f.text_area attr, class: classes, placeholder: placeholder
   - else
     = text_area_tag attr, nil, class: classes, placeholder: placeholder
-  %a.zen-cotrol.zen-control-leave.js-zen-leave{ href: "#" }
+  %a.zen-control.zen-control-leave.js-zen-leave{ href: "#" }
     = icon('compress')

app/views/projects/commits/_commits.html.haml

@@ -3,7 +3,7 @@
 
 - commits, hidden = limited_commits(@commits)
 
-- commits.group_by { |c| c.committed_date.in_time_zone.to_date }.sort.reverse.each do |day, commits|
+- commits.chunk { |c| c.committed_date.in_time_zone.to_date }.each do |day, commits|
   .row.commits-row
     .col-md-2.hidden-xs.hidden-sm
       %h5.commits-row-date

app/views/projects/container_registry/_header_title.html.haml

+- header_title project_title(@project, "Container Registry", project_container_registry_path(@project))

app/views/projects/container_registry/_tag.html.haml

+%tr.tag
+  %td
+    = escape_once(tag.name)
+    = clipboard_button(clipboard_text: "docker pull #{tag.path}")
+  %td
+    - if layer = tag.layers.first
+      %span.has-tooltip{ title: "#{layer.revision}" }
+        = layer.short_revision
+    - else
+      \-
+  %td
+    = number_to_human_size(tag.total_size)
+    ·
+    = pluralize(tag.layers.size, "layer")
+  %td
+    = time_ago_in_words(tag.created_at)
+  - if can?(current_user, :update_container_image, @project)
+    %td.content
+      .controls.hidden-xs.pull-right
+        = link_to namespace_project_container_registry_path(@project.namespace, @project, tag.name), class: 'btn btn-remove has-tooltip', title: "Remove", data: { confirm: "Are you sure?" }, method: :delete do
+          = icon("trash cred")

app/views/projects/container_registry/index.html.haml

+- page_title "Container Registry"
+= render "header_title"
+
+%hr
+
+%ul.content-list
+  .light.prepend-top-default
+    %p
+      A 'container image' is a snapshot of a container.
+      You can host your container images with GitLab.
+      %br
+      To start using container images hosted on GitLab you first need to login:
+      %pre
+        %code
+          docker login #{Gitlab.config.registry.host_port}
+      %br
+      Then you are free to create and upload a container image with build and push commands:
+      %pre
+        docker build -t #{escape_once(@project.container_registry_repository_url)} .
+        %br
+        docker push #{escape_once(@project.container_registry_repository_url)}
+
+  - if @tags.blank?
+    %li
+      .nothing-here-block No images in Container Registry for this project.
+
+  - else
+    .table-holder
+      %table.table.tags
+        %thead
+          %tr
+            %th Name
+            %th Image ID
+            %th Size
+            %th Created
+            - if can?(current_user, :update_container_image, @project)
+              %th
+
+        - @tags.each do |tag|
+          = render 'tag', tag: tag
\ No newline at end of file

app/views/projects/deploy_keys/index.html.haml

@@ -19,7 +19,7 @@
       %ul.well-list
         = render @enabled_keys
     - else
-      .profile-settings-message.text-center
+      .settings-message.text-center
         No deploy keys found. Create one with the form above or add existing one below.
     %h5.prepend-top-default
       Deploy keys from projects you have access to (#{@available_project_keys.size})
@@ -27,7 +27,7 @@
       %ul.well-list
         = render @available_project_keys
     - else
-      .profile-settings-message.text-center
+      .settings-message.text-center
         No deploy keys from your projects could be found. Create one with the form above or add existing one below.
     - if @available_public_keys.any?
       %h5.prepend-top-default

app/views/projects/diffs/_line.html.haml

@@ -15,7 +15,7 @@
         = link_text
       - else
         = link_to "", "##{line_code}", id: line_code, data: { linenumber: link_text }
-      - if @comments_allowed && can?(current_user, :create_note, @project)
+      - if !@diff_notes_disabled && can?(current_user, :create_note, @project)
         = link_to_new_diff_note(line_code)
     %td.new_line.diff-line-num{ class: type, data: { linenumber: line.new_pos } }
       - link_text = type == "old" ? " ".html_safe : line.new_pos