Merge branch 'ce-to-ee-2018-10-01' into 'master'

CE upstream - 2018-10-01 21:21 UTC Closes #2702 and #2697 See merge request gitlab-org/gitlab-ee!7743

Merge branch 'ce-to-ee-2018-10-01' into 'master'
CE upstream - 2018-10-01 21:21 UTC Closes #2702 and #2697 See merge request gitlab-org/gitlab-ee!7743
9afa4a5f · Douwe Maan · f367bcc6 · 39a4258a · 9afa4a5f · 9afa4a5f
Commit 9afa4a5f authored Oct 02, 2018 by Douwe Maan
152 changed files
--- a/app/assets/javascripts/issue_show/index.js
+++ b/app/assets/javascripts/issue_show/index.js
 import Vue from 'vue';
+import sanitize from 'sanitize-html';
 import issuableApp from './components/app.vue';
 import '../vue_shared/vue_resource_interceptor';
-document.addEventListener('DOMContentLoaded', () => {
+export default function initIssueableApp() {
  const initialDataEl = document.getElementById('js-issuable-app-initial-data');
-  const props = JSON.parse(initialDataEl.innerHTML.replace(/&quot;/g, '"'));
+  const props = JSON.parse(sanitize(initialDataEl.textContent).replace(/&quot;/g, '"'));
  return new Vue({
    el: document.getElementById('js-issuable-app'),
@@ -17,4 +18,4 @@ document.addEventListener('DOMContentLoaded', () => {
      });
    },
  });
-});
+}
--- a/app/assets/javascripts/pages/projects/issues/show.js
+++ b/app/assets/javascripts/pages/projects/issues/show.js
@@ -3,9 +3,10 @@ import Issue from '~/issue';
 import ShortcutsIssuable from '~/behaviors/shortcuts/shortcuts_issuable';
 import ZenMode from '~/zen_mode';
 import '~/notes/index';
-import '~/issue_show/index';
+import initIssueableApp from '~/issue_show';
 export default function () {
+  initIssueableApp();
  new Issue(); // eslint-disable-line no-new
  new ShortcutsIssuable(); // eslint-disable-line no-new
  new ZenMode(); // eslint-disable-line no-new

--- a/app/assets/javascripts/vue_shared/components/content_viewer/viewers/download_viewer.vue
+++ b/app/assets/javascripts/vue_shared/components/content_viewer/viewers/download_viewer.vue
 <script>
+import { Link } from '@gitlab-org/gitlab-ui';
 import Icon from '../../icon.vue';
 import { numberToHumanSize } from '../../../../lib/utils/number_utils';
 export default {
  components: {
+    'gl-link': Link,
    Icon,
  },
  props: {
@@ -37,7 +39,7 @@ export default {
          ({{ fileSizeReadable }})
        </template>
      </p>
-      <a
+      <gl-link
        :href="path"
        class="btn btn-default"
        rel="nofollow"
@@ -49,7 +51,7 @@ export default {
          css-classes="float-left append-right-8"
        />
        {{ __('Download') }}
-      </a>
+      </gl-link>
    </div>
  </div>
 </template>
--- a/app/assets/javascripts/vue_shared/components/user_avatar/user_avatar_link.vue
+++ b/app/assets/javascripts/vue_shared/components/user_avatar/user_avatar_link.vue
@@ -18,12 +18,14 @@
 */
+import { Link } from '@gitlab-org/gitlab-ui';
 import userAvatarImage from './user_avatar_image.vue';
 import tooltip from '../../directives/tooltip';
 export default {
  name: 'UserAvatarLink',
  components: {
+    'gl-link': Link,
    userAvatarImage,
  },
  directives: {
@@ -83,7 +85,7 @@ export default {
 </script>
 <template>
-  <a
+  <gl-link
    :href="linkHref"
    class="user-avatar-link">
    <user-avatar-image
@@ -99,5 +101,5 @@ export default {
      :title="tooltipText"
      :tooltip-placement="tooltipPlacement"
    >{{ username }}</span>
-  </a>
+  </gl-link>
 </template>
--- a/app/assets/stylesheets/framework/modal.scss
+++ b/app/assets/stylesheets/framework/modal.scss
@@ -59,7 +59,7 @@
  }
  @include media-breakpoint-up(sm) {
-    .btn:first-of-type {
+    .btn:nth-child(1) {
      margin-left: auto;
    }
  }

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -109,6 +109,15 @@ class ApplicationController < ActionController::Base
    request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay']
  end
+  def render(*args)
+    super.tap do
+      # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse
+      if response.content_type == 'text/html' && (400..599).cover?(response.status)
+        response.headers['X-GitLab-Custom-Error'] = '1'
+      end
+    end
+  end
  protected
  def append_info_to_payload(payload)

--- a/app/finders/events_finder.rb
+++ b/app/finders/events_finder.rb
@@ -12,6 +12,7 @@ class EventsFinder
  # Arguments:
  #   source - which user or project to looks for events on
  #   current_user - only return events for projects visible to this user
+  #                  WARNING: does not consider project feature visibility!
  #   params:
  #     action: string
  #     target_type: string

--- a/app/finders/user_recent_events_finder.rb
+++ b/app/finders/user_recent_events_finder.rb
@@ -3,6 +3,7 @@
 # Get user activity feed for projects common for a user and a logged in user
 #
 # - current_user: The user viewing the events
+#                 WARNING: does not consider project feature visibility!
 # - user: The user for which to load the events
 # - params:
 #   - offset: The page of events to return

--- a/app/models/blob_viewer/package_json.rb
+++ b/app/models/blob_viewer/package_json.rb
@@ -33,7 +33,8 @@ module BlobViewer
    end
    def homepage
-      json_data['homepage']
+      url = json_data['homepage']
+      url if Gitlab::UrlSanitizer.valid?(url)
    end
    def npm_url

--- a/app/models/ci/pipeline_variable.rb
+++ b/app/models/ci/pipeline_variable.rb
@@ -10,5 +10,9 @@ module Ci
    alias_attribute :secret_value, :value
    validates :key, uniqueness: { scope: :pipeline_id }
+    def hook_attrs
+      { key: key, value: value }
+    end
  end
 end
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -154,6 +154,8 @@ class Event < ActiveRecord::Base
    end
  end
+  # rubocop:disable Metrics/CyclomaticComplexity
+  # rubocop:disable Metrics/PerceivedComplexity
  def visible_to_user?(user = nil)
    if push? || commit_note?
      Ability.allowed?(user, :download_code, project)
@@ -165,12 +167,18 @@ class Event < ActiveRecord::Base
      Ability.allowed?(user, :read_issue, note? ? note_target : target)
    elsif merge_request? || merge_request_note?
      Ability.allowed?(user, :read_merge_request, note? ? note_target : target)
+    elsif personal_snippet_note?
+      Ability.allowed?(user, :read_personal_snippet, note_target)
+    elsif project_snippet_note?
+      Ability.allowed?(user, :read_project_snippet, note_target)
    elsif milestone?
-      Ability.allowed?(user, :read_project, project)
+      Ability.allowed?(user, :read_milestone, project)
    else
      false # No other event types are visible
    end
  end
+  # rubocop:enable Metrics/PerceivedComplexity
+  # rubocop:enable Metrics/CyclomaticComplexity
  def project_name
    if project
@@ -312,6 +320,10 @@ class Event < ActiveRecord::Base
    note? && target && target.for_snippet?
  end
+  def personal_snippet_note?
+    note? && target && target.for_personal_snippet?
+  end
  def note_target
    target.noteable
  end

--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -3,6 +3,16 @@
 class WebHook < ActiveRecord::Base
  include Sortable
+  attr_encrypted :token,
+                 mode:      :per_attribute_iv,
+                 algorithm: 'aes-256-gcm',
+                 key:       Settings.attr_encrypted_db_key_base_truncated
+  attr_encrypted :url,
+                 mode:      :per_attribute_iv,
+                 algorithm: 'aes-256-gcm',
+                 key:       Settings.attr_encrypted_db_key_base_truncated
  has_many :web_hook_logs, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
  validates :url, presence: true, public_url: { allow_localhost: lambda(&:allow_local_requests?),
@@ -27,4 +37,38 @@ class WebHook < ActiveRecord::Base
  def allow_local_requests?
    false
  end
+  # In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
+  # Ensure that the encrypted version always takes precedence if present.
+  alias_method :attr_encrypted_token, :token
+  def token
+    attr_encrypted_token.presence || read_attribute(:token)
+  end
+  # In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
+  # Pending a background migration to encrypt all fields, we should just clear
+  # the unencrypted value whenever the new value is set.
+  alias_method :'attr_encrypted_token=', :'token='
+  def token=(value)
+    self.attr_encrypted_token = value
+    write_attribute(:token, nil)
+  end
+  # In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
+  # Ensure that the encrypted version always takes precedence if present.
+  alias_method :attr_encrypted_url, :url
+  def url
+    attr_encrypted_url.presence || read_attribute(:url)
+  end
+  # In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
+  # Pending a background migration to encrypt all fields, we should just clear
+  # the unencrypted value whenever the new value is set.
+  alias_method :'attr_encrypted_url=', :'url='
+  def url=(value)
+    self.attr_encrypted_url = value
+    write_attribute(:url, nil)
+  end
 end
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -7,7 +7,6 @@ class MergeRequest < ActiveRecord::Base
  include Noteable
  include Referable
  include Presentable
-  include Elastic::MergeRequestsSearch
  include IgnorableColumn
  include TimeTrackable
  include ManualInverseAssociation

--- a/app/services/clusters/applications/check_installation_progress_service.rb
+++ b/app/services/clusters/applications/check_installation_progress_service.rb
@@ -14,8 +14,8 @@ module Clusters
        else
          check_timeout
        end
-      rescue Kubeclient::HttpError => ke
+      rescue Kubeclient::HttpError
-        app.make_errored!("Kubernetes error: #{ke.message}") unless app.errored?
+        app.make_errored!("Kubernetes error") unless app.errored?
      end
      private
@@ -27,7 +27,7 @@ module Clusters
      end
      def on_failed
-        app.make_errored!(installation_errors || 'Installation silently failed')
+        app.make_errored!('Installation failed')
      ensure
        remove_installation_pod
      end

--- a/app/services/clusters/applications/install_service.rb
+++ b/app/services/clusters/applications/install_service.rb
@@ -12,10 +12,10 @@ module Clusters
          ClusterWaitForAppInstallationWorker.perform_in(
            ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id)
-        rescue Kubeclient::HttpError => ke
+        rescue Kubeclient::HttpError
-          app.make_errored!("Kubernetes error: #{ke.message}")
+          app.make_errored!("Kubernetes error.")
-        rescue StandardError => e
+        rescue StandardError
-          app.make_errored!("Can't start installation process. #{e.message}")
+          app.make_errored!("Can't start installation process.")
        end
      end
    end

--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -9,7 +9,7 @@
 .project-empty-note-panel
  %div{ class: [container_class, ("limit-container-width" unless fluid_layout)] }
    .prepend-top-20
-    %h4
+    %h4.append-bottom-20
      = _('The repository for this project is empty')
    - if @project.can_current_user_push_code?

--- a/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
+++ b/changelogs/unreleased/23197-add-custom-header-for-error-responses.yml
+---
+title: Set a header for custom error pages to prevent them from being intercepted
+  by gitlab-workhorse
+merge_request: 21870
+author: David Piegza
+type: fixed
--- a/changelogs/unreleased/45453-fix-delete-protected-branch-btn.yml
+++ b/changelogs/unreleased/45453-fix-delete-protected-branch-btn.yml
+---
+title: Fixes modal button alignment
+merge_request: 22024
+author: Jacopo Beschi @jacopo-beschi
+type: fixed
--- a/changelogs/unreleased/51021-more-attr-encrypted.yml
+++ b/changelogs/unreleased/51021-more-attr-encrypted.yml
+---
+title: Encrypt webhook tokens and URLs in the database
+merge_request: 21645
+author:
+type: security
--- a/changelogs/unreleased/add-gl-link-to-download-viewer.yml
+++ b/changelogs/unreleased/add-gl-link-to-download-viewer.yml
+---
+title: Add link component to DownloadViewer component
+merge_request: 21987
+author: George Tsiolis
+type: other
--- a/changelogs/unreleased/add-gl-link-to-user-avatar-link.yml
+++ b/changelogs/unreleased/add-gl-link-to-user-avatar-link.yml
+---
+title: Add link component to UserAvatarLink component
+merge_request: 21986
+author: George Tsiolis
+type: other
--- a/changelogs/unreleased/fix-events-finder-incomplete.yml
+++ b/changelogs/unreleased/fix-events-finder-incomplete.yml
+---
+title: Redact confidential events in the API
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/improve-empty-project-placeholder.yml
+++ b/changelogs/unreleased/improve-empty-project-placeholder.yml
+---
+title: Improve empty project placeholder for non-members and members without write access
+merge_request: 21977
+author: George Tsiolis
+type: other
--- a/changelogs/unreleased/lib-api-frozen-string-enable.yml
+++ b/changelogs/unreleased/lib-api-frozen-string-enable.yml
+---
+title: Enable frozen string in lib/api and lib/backup
+merge_request:
+author: gfyoung
+type: performance
--- a/changelogs/unreleased/pipeline-event-variables.yml
+++ b/changelogs/unreleased/pipeline-event-variables.yml
+---
+title: pipeline webhook event now contain pipeline variables
+merge_request: 18171
+author: Pierre Tardy
+type: added
--- a/changelogs/unreleased/security-2697-code-highlight-timeout.yml
+++ b/changelogs/unreleased/security-2697-code-highlight-timeout.yml
+---
+title: Set timeout for syntax highlighting
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/security-acet-issue-details.yml
+++ b/changelogs/unreleased/security-acet-issue-details.yml
+---
+title: Sanitize JSON data properly to fix XSS on Issue details page
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/security-package-json-xss.yml
+++ b/changelogs/unreleased/security-package-json-xss.yml
+---
+title: Fix xss vulnerability sourced from package.json
+merge_request:
+author:
+type: security
--- a/db/migrate/20180910115836_add_attr_encrypted_columns_to_web_hook.rb
+++ b/db/migrate/20180910115836_add_attr_encrypted_columns_to_web_hook.rb
+# frozen_string_literal: true
+class AddAttrEncryptedColumnsToWebHook < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  def change
+    add_column :web_hooks, :encrypted_token, :string
+    add_column :web_hooks, :encrypted_token_iv, :string
+    add_column :web_hooks, :encrypted_url, :string
+    add_column :web_hooks, :encrypted_url_iv, :string
+  end
+end
--- a/db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb
+++ b/db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb
+# frozen_string_literal: true
+class EncryptWebHooksColumns < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  BATCH_SIZE = 10000
+  RANGE_SIZE = 100
+  MIGRATION = 'EncryptColumns'
+  COLUMNS = [:token, :url]
+  WebHook = ::Gitlab::BackgroundMigration::Models::EncryptColumns::WebHook
+  disable_ddl_transaction!
+  def up
+    WebHook.each_batch(of: BATCH_SIZE) do |relation, index|
+      delay = index * 2.minutes
+      relation.each_batch(of: RANGE_SIZE) do |relation|
+        range = relation.pluck('MIN(id)', 'MAX(id)').first
+        args = [WebHook, COLUMNS, *range]
+        BackgroundMigrationWorker.perform_in(delay, MIGRATION, args)
+      end
+    end
+  end
+  def down
+    # noop
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -3045,6 +3045,10 @@ ActiveRecord::Schema.define(version: 20180920043317) do
    t.boolean "job_events", default: false, null: false
    t.boolean "confidential_note_events"
    t.text "push_events_branch_filter"
+    t.string "encrypted_token"
+    t.string "encrypted_token_iv"
+    t.string "encrypted_url"
+    t.string "encrypted_url_iv"
  end
  add_index "web_hooks", ["project_id"], name: "index_web_hooks_on_project_id", using: :btree

--- a/doc/user/project/integrations/webhooks.md
+++ b/doc/user/project/integrations/webhooks.md
@@ -968,7 +968,13 @@ X-Gitlab-Event: Pipeline Hook
      ],
      "created_at": "2016-08-12 15:23:28 UTC",
      "finished_at": "2016-08-12 15:26:29 UTC",
-      "duration": 63
+      "duration": 63,
+      "variables": [
+        {
+          "key": "NESTOR_PROD_ENVIRONMENT",
+          "value": "us-west-1"
+        }
+      ]
   },
   "user":{
      "name": "Administrator",

--- a/lib/api/access_requests.rb
+++ b/lib/api/access_requests.rb
+# frozen_string_literal: true
 module API
  class AccessRequests < Grape::API
    include PaginationParams

--- a/lib/api/api.rb
+++ b/lib/api/api.rb
+# frozen_string_literal: true
 module API
  class API < Grape::API
    include APIGuard

--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
+# frozen_string_literal: true
 # Guard API with OAuth 2.0 Access Token
 require 'rack/oauth2'

--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
+# frozen_string_literal: true
 module API
  # External applications API
  class Applications < Grape::API

--- a/lib/api/avatar.rb
+++ b/lib/api/avatar.rb
+# frozen_string_literal: true
 module API
  class Avatar < Grape::API
    resource :avatar do

--- a/lib/api/award_emoji.rb
+++ b/lib/api/award_emoji.rb
+# frozen_string_literal: true
 module API
  class AwardEmoji < Grape::API
    include PaginationParams

--- a/lib/api/badges.rb
+++ b/lib/api/badges.rb
+# frozen_string_literal: true
 module API
  class Badges < Grape::API
    include PaginationParams

--- a/lib/api/boards.rb
+++ b/lib/api/boards.rb
+# frozen_string_literal: true
 module API
  class Boards < Grape::API
    include BoardsResponses

--- a/lib/api/boards_responses.rb
+++ b/lib/api/boards_responses.rb
+# frozen_string_literal: true
 module API
  module BoardsResponses
    extend ActiveSupport::Concern

--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
+# frozen_string_literal: true
 require 'mime/types'
 module API

--- a/lib/api/broadcast_messages.rb
+++ b/lib/api/broadcast_messages.rb
+# frozen_string_literal: true
 module API
  class BroadcastMessages < Grape::API
    include PaginationParams

--- a/lib/api/circuit_breakers.rb
+++ b/lib/api/circuit_breakers.rb
+# frozen_string_literal: true
 module API
  class CircuitBreakers < Grape::API
    before { authenticated_as_admin! }

--- a/lib/api/commit_statuses.rb
+++ b/lib/api/commit_statuses.rb
+# frozen_string_literal: true
 require 'mime/types'
 module API

--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
+# frozen_string_literal: true
 require 'mime/types'
 module API

--- a/lib/api/custom_attributes_endpoints.rb
+++ b/lib/api/custom_attributes_endpoints.rb
+# frozen_string_literal: true
 module API
  module CustomAttributesEndpoints
    extend ActiveSupport::Concern

--- a/lib/api/deploy_keys.rb
+++ b/lib/api/deploy_keys.rb
+# frozen_string_literal: true
 module API
  class DeployKeys < Grape::API
    include PaginationParams

--- a/lib/api/deployments.rb
+++ b/lib/api/deployments.rb
+# frozen_string_literal: true
 module API
  # Deployments RESTful API endpoints
  class Deployments < Grape::API

--- a/lib/api/discussions.rb
+++ b/lib/api/discussions.rb
+# frozen_string_literal: true
 module API
  class Discussions < Grape::API
    include PaginationParams

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
+# frozen_string_literal: true
 module API
  module Entities
    class WikiPageBasic < Grape::Entity

--- a/lib/api/environments.rb
+++ b/lib/api/environments.rb
+# frozen_string_literal: true
 module API
  # Environments RESTfull API endpoints
  class Environments < Grape::API

--- a/lib/api/events.rb
+++ b/lib/api/events.rb
+# frozen_string_literal: true
 module API
  class Events < Grape::API
    include PaginationParams
@@ -16,12 +18,27 @@ module API
                        desc: 'Return events sorted in ascending and descending order'
      end
+      RedactedEvent = OpenStruct.new(target_title: 'Confidential event').freeze
+      def redact_events(events)
+        events.map do |event|
+          if event.visible_to_user?(current_user)
+            event
+          else
+            RedactedEvent
+          end
+        end
+      end
      # rubocop: disable CodeReuse/ActiveRecord
-      def present_events(events)
+      def present_events(events, redact: true)
        events = events.reorder(created_at: params[:sort])
                 .with_associations
-        present paginate(events), with: Entities::Event
+        events = paginate(events)
+        events = redact_events(events) if redact
+        present events, with: Entities::Event
      end
      # rubocop: enable CodeReuse/ActiveRecord
    end
@@ -44,7 +61,8 @@ module API
        events = EventsFinder.new(params.merge(source: current_user, current_user: current_user)).execute.preload(:author, :target)
-        present_events(events)
+        # Since we're viewing our own events, redaction is unnecessary
+        present_events(events, redact: false)
      end
      # rubocop: enable CodeReuse/ActiveRecord
    end

--- a/lib/api/features.rb
+++ b/lib/api/features.rb
+# frozen_string_literal: true
 module API
  class Features < Grape::API
    before { authenticated_as_admin! }

--- a/lib/api/files.rb
+++ b/lib/api/files.rb
+# frozen_string_literal: true
 module API
  class Files < Grape::API
    FILE_ENDPOINT_REQUIREMENTS = API::PROJECT_ENDPOINT_REQUIREMENTS.merge(file_path: API::NO_SLASH_URL_PART_REGEX)

--- a/lib/api/group_boards.rb
+++ b/lib/api/group_boards.rb
+# frozen_string_literal: true
 module API
  class GroupBoards < Grape::API
    include BoardsResponses

--- a/lib/api/group_milestones.rb
+++ b/lib/api/group_milestones.rb
+# frozen_string_literal: true
 module API
  class GroupMilestones < Grape::API
    include MilestoneResponses

--- a/lib/api/group_variables.rb
+++ b/lib/api/group_variables.rb
+# frozen_string_literal: true
 module API
  class GroupVariables < Grape::API
    include PaginationParams

--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
+# frozen_string_literal: true
 module API
  class Groups < Grape::API
    include PaginationParams

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    prepend EE::API::Helpers
@@ -394,9 +396,10 @@ module API
      # lifted from https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb#L60
      trace = exception.backtrace
-      message = "\n#{exception.class} (#{exception.message}):\n"
+      message = ["\n#{exception.class} (#{exception.message}):\n"]
      message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
      message << "  " << trace.join("\n  ")
+      message = message.join
      API.logger.add Logger::FATAL, message

--- a/lib/api/helpers/badges_helpers.rb
+++ b/lib/api/helpers/badges_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module BadgesHelpers

--- a/lib/api/helpers/common_helpers.rb
+++ b/lib/api/helpers/common_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module CommonHelpers

--- a/lib/api/helpers/custom_attributes.rb
+++ b/lib/api/helpers/custom_attributes.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module CustomAttributes

--- a/lib/api/helpers/custom_validators.rb
+++ b/lib/api/helpers/custom_validators.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module CustomValidators

--- a/lib/api/helpers/headers_helpers.rb
+++ b/lib/api/helpers/headers_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module HeadersHelpers

--- a/lib/api/helpers/internal_helpers.rb
+++ b/lib/api/helpers/internal_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module InternalHelpers

--- a/lib/api/helpers/members_helpers.rb
+++ b/lib/api/helpers/members_helpers.rb
+# frozen_string_literal: true
 # rubocop:disable GitlabSecurity/PublicSend
 module API

--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module NotesHelpers

--- a/lib/api/helpers/pagination.rb
+++ b/lib/api/helpers/pagination.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module Pagination

--- a/lib/api/helpers/project_snapshots_helpers.rb
+++ b/lib/api/helpers/project_snapshots_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module ProjectSnapshotsHelpers

--- a/lib/api/helpers/projects_helpers.rb
+++ b/lib/api/helpers/projects_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module ProjectsHelpers

--- a/lib/api/helpers/related_resources_helpers.rb
+++ b/lib/api/helpers/related_resources_helpers.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module RelatedResourcesHelpers

--- a/lib/api/helpers/runner.rb
+++ b/lib/api/helpers/runner.rb
+# frozen_string_literal: true
 module API
  module Helpers
    module Runner

--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
+# frozen_string_literal: true
 module API
  # Internal access API
  class Internal < Grape::API

--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
+# frozen_string_literal: true
 module API
  class Issues < Grape::API
    include PaginationParams

--- a/lib/api/job_artifacts.rb
+++ b/lib/api/job_artifacts.rb
+# frozen_string_literal: true
 module API
  class JobArtifacts < Grape::API
    before { authenticate_non_get! }

--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
+# frozen_string_literal: true
 module API
  class Jobs < Grape::API
    include PaginationParams

--- a/lib/api/keys.rb
+++ b/lib/api/keys.rb
+# frozen_string_literal: true
 module API
  # Keys API
  class Keys < Grape::API

--- a/lib/api/labels.rb
+++ b/lib/api/labels.rb
+# frozen_string_literal: true
 module API
  class Labels < Grape::API
    include PaginationParams

--- a/lib/api/lint.rb
+++ b/lib/api/lint.rb
+# frozen_string_literal: true
 module API
  class Lint < Grape::API
    namespace :ci do

--- a/lib/api/markdown.rb
+++ b/lib/api/markdown.rb
+# frozen_string_literal: true
 module API
  class Markdown < Grape::API
    params do

--- a/lib/api/members.rb
+++ b/lib/api/members.rb
+# frozen_string_literal: true
 module API
  class Members < Grape::API
    include PaginationParams

--- a/lib/api/merge_request_diffs.rb
+++ b/lib/api/merge_request_diffs.rb
+# frozen_string_literal: true
 module API
  # MergeRequestDiff API
  class MergeRequestDiffs < Grape::API

--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
+# frozen_string_literal: true
 module API
  class MergeRequests < Grape::API
    include PaginationParams

--- a/lib/api/milestone_responses.rb
+++ b/lib/api/milestone_responses.rb
+# frozen_string_literal: true
 module API
  module MilestoneResponses
    extend ActiveSupport::Concern

--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
+# frozen_string_literal: true
 module API
  class Namespaces < Grape::API
    include PaginationParams

--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
+# frozen_string_literal: true
 module API
  class Notes < Grape::API
    include PaginationParams

--- a/lib/api/notification_settings.rb
+++ b/lib/api/notification_settings.rb
+# frozen_string_literal: true
 module API
  # notification_settings API
  class NotificationSettings < Grape::API

--- a/lib/api/pages_domains.rb
+++ b/lib/api/pages_domains.rb
+# frozen_string_literal: true
 module API
  class PagesDomains < Grape::API
    include PaginationParams

--- a/lib/api/pagination_params.rb
+++ b/lib/api/pagination_params.rb
+# frozen_string_literal: true
 module API
  # Concern for declare pagination params.
  #

--- a/lib/api/pipeline_schedules.rb
+++ b/lib/api/pipeline_schedules.rb
+# frozen_string_literal: true
 module API
  class PipelineSchedules < Grape::API
    include PaginationParams

--- a/lib/api/pipelines.rb
+++ b/lib/api/pipelines.rb
+# frozen_string_literal: true
 module API
  class Pipelines < Grape::API
    include PaginationParams

--- a/lib/api/project_export.rb
+++ b/lib/api/project_export.rb
+# frozen_string_literal: true
 module API
  class ProjectExport < Grape::API
    before do

--- a/lib/api/project_hooks.rb
+++ b/lib/api/project_hooks.rb
+# frozen_string_literal: true
 module API
  class ProjectHooks < Grape::API
    include PaginationParams

--- a/lib/api/project_import.rb
+++ b/lib/api/project_import.rb
+# frozen_string_literal: true
 module API
  class ProjectImport < Grape::API
    include PaginationParams

--- a/lib/api/project_milestones.rb
+++ b/lib/api/project_milestones.rb
+# frozen_string_literal: true
 module API
  class ProjectMilestones < Grape::API
    include PaginationParams

--- a/lib/api/project_snapshots.rb
+++ b/lib/api/project_snapshots.rb
+# frozen_string_literal: true
 module API
  class ProjectSnapshots < Grape::API
    helpers ::API::Helpers::ProjectSnapshotsHelpers

--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
+# frozen_string_literal: true
 module API
  class ProjectSnippets < Grape::API
    include PaginationParams

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
+# frozen_string_literal: true
 require_dependency 'declarative_policy'
 module API

--- a/lib/api/projects_relation_builder.rb
+++ b/lib/api/projects_relation_builder.rb
+# frozen_string_literal: true
 module API
  module ProjectsRelationBuilder
    extend ActiveSupport::Concern

--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
--- a/lib/api/protected_tags.rb
+++ b/lib/api/protected_tags.rb
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
--- a/lib/api/scope.rb
+++ b/lib/api/scope.rb
--- a/lib/api/search.rb
+++ b/lib/api/search.rb
--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
--- a/lib/api/sidekiq_metrics.rb
+++ b/lib/api/sidekiq_metrics.rb
--- a/lib/api/snippets.rb
+++ b/lib/api/snippets.rb
--- a/lib/api/subscriptions.rb
+++ b/lib/api/subscriptions.rb
--- a/lib/api/system_hooks.rb
+++ b/lib/api/system_hooks.rb
--- a/lib/api/tags.rb
+++ b/lib/api/tags.rb
--- a/lib/api/templates.rb
+++ b/lib/api/templates.rb
--- a/lib/api/time_tracking_endpoints.rb
+++ b/lib/api/time_tracking_endpoints.rb
--- a/lib/api/todos.rb
+++ b/lib/api/todos.rb
--- a/lib/api/triggers.rb
+++ b/lib/api/triggers.rb
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
--- a/lib/api/variables.rb
+++ b/lib/api/variables.rb
--- a/lib/api/version.rb
+++ b/lib/api/version.rb
--- a/lib/api/wikis.rb
+++ b/lib/api/wikis.rb
--- a/lib/backup/artifacts.rb
+++ b/lib/backup/artifacts.rb
--- a/lib/backup/builds.rb
+++ b/lib/backup/builds.rb
--- a/lib/backup/database.rb
+++ b/lib/backup/database.rb
--- a/lib/backup/files.rb
+++ b/lib/backup/files.rb
--- a/lib/backup/helper.rb
+++ b/lib/backup/helper.rb
--- a/lib/backup/lfs.rb
+++ b/lib/backup/lfs.rb
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
--- a/lib/backup/pages.rb
+++ b/lib/backup/pages.rb
--- a/lib/backup/registry.rb
+++ b/lib/backup/registry.rb
--- a/lib/backup/repository.rb
+++ b/lib/backup/repository.rb
--- a/lib/backup/uploads.rb
+++ b/lib/backup/uploads.rb
--- a/lib/gitlab/background_migration/encrypt_columns.rb
+++ b/lib/gitlab/background_migration/encrypt_columns.rb
--- a/lib/gitlab/background_migration/models/encrypt_columns/web_hook.rb
+++ b/lib/gitlab/background_migration/models/encrypt_columns/web_hook.rb
--- a/lib/gitlab/data_builder/pipeline.rb
+++ b/lib/gitlab/data_builder/pipeline.rb
--- a/lib/gitlab/highlight.rb
+++ b/lib/gitlab/highlight.rb
--- a/lib/gitlab/import_export/import_export.yml
+++ b/lib/gitlab/import_export/import_export.yml
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
--- a/spec/features/issues/issue_detail_spec.rb
+++ b/spec/features/issues/issue_detail_spec.rb
--- a/spec/javascripts/issue_show/index_spec.js
+++ b/spec/javascripts/issue_show/index_spec.js
--- a/spec/lib/backup/manager_spec.rb
+++ b/spec/lib/backup/manager_spec.rb
--- a/spec/lib/backup/repository_spec.rb
+++ b/spec/lib/backup/repository_spec.rb
--- a/spec/lib/gitlab/background_migration/encrypt_columns_spec.rb
+++ b/spec/lib/gitlab/background_migration/encrypt_columns_spec.rb
--- a/spec/lib/gitlab/data_builder/pipeline_spec.rb
+++ b/spec/lib/gitlab/data_builder/pipeline_spec.rb
--- a/spec/lib/gitlab/highlight_spec.rb
+++ b/spec/lib/gitlab/highlight_spec.rb
--- a/spec/models/blob_viewer/package_json_spec.rb
+++ b/spec/models/blob_viewer/package_json_spec.rb
--- a/spec/models/ci/pipeline_variable_spec.rb
+++ b/spec/models/ci/pipeline_variable_spec.rb
--- a/spec/models/event_spec.rb
+++ b/spec/models/event_spec.rb
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
--- a/spec/requests/api/redacted_events_spec.rb
+++ b/spec/requests/api/redacted_events_spec.rb
--- a/spec/services/clusters/applications/check_installation_progress_service_spec.rb
+++ b/spec/services/clusters/applications/check_installation_progress_service_spec.rb
--- a/spec/services/clusters/applications/install_service_spec.rb
+++ b/spec/services/clusters/applications/install_service_spec.rb