Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-10-23

# Conflicts: # app/assets/stylesheets/pages/issues.scss # app/models/user.rb # db/schema.rb # locale/gitlab.pot [ci skip]

Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-10-23
# Conflicts: # app/assets/stylesheets/pages/issues.scss # app/models/user.rb # db/schema.rb # locale/gitlab.pot [ci skip]
af7bdf18 · GitLab Bot · 4cdade66 · ba3e6500 · af7bdf18 · af7bdf18
Commit af7bdf18 authored Oct 23, 2018 by GitLab Bot
48 changed files
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -903,7 +903,7 @@ gitlab:assets:compile:
      - public/assets/
 karma:
-  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
+  <<: *dedicated-no-docs-pull-cache-job
  <<: *use-pg
  dependencies:
    - compile-assets

--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-0.125.1
+0.126.0
--- a/app/assets/javascripts/filtered_search/issuable_filtered_search_token_keys.js
+++ b/app/assets/javascripts/filtered_search/issuable_filtered_search_token_keys.js
@@ -67,6 +67,11 @@ export const conditions = [
    tokenKey: 'milestone',
    value: 'none',
  },
+  {
+    url: 'milestone_title=Any+Milestone',
+    tokenKey: 'milestone',
+    value: 'any',
+  },
  {
    url: 'milestone_title=%23upcoming',
    tokenKey: 'milestone',

--- a/app/assets/stylesheets/pages/issues.scss
+++ b/app/assets/stylesheets/pages/issues.scss
@@ -330,6 +330,7 @@ ul.related-merge-requests > li {
    text-align: right;
  }
 }
+<<<<<<< HEAD
 .issue-token {
  display: inline-flex;
@@ -436,3 +437,5 @@ ul.related-merge-requests > li {
    font-size: 0.9em;
  }
 }
+=======
+>>>>>>> upstream/master
--- a/app/helpers/issuables_helper.rb
+++ b/app/helpers/issuables_helper.rb
@@ -388,8 +388,8 @@ module IssuablesHelper
    {
      todo_text: "Add todo",
      mark_text: "Mark todo as done",
-      todo_icon: (is_collapsed ? icon('plus-square') : nil),
+      todo_icon: (is_collapsed ? sprite_icon('todo-add') : nil),
-      mark_icon: (is_collapsed ? icon('check-square', class: 'todo-undone') : nil),
+      mark_icon: (is_collapsed ? sprite_icon('todo-done', css_class: 'todo-undone') : nil),
      issuable_id: issuable.id,
      issuable_type: issuable.class.name.underscore,
      url: project_todos_path(@project),

--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -281,6 +281,12 @@ module Ci
      stage unless stage.statuses_count.zero?
    end
+    def ref_exists?
+      project.repository.ref_exists?(git_ref)
+    rescue Gitlab::Git::Repository::NoRepository
+      false
+    end
    ##
    # TODO We do not completely switch to persisted stages because of
    # race conditions with setting statuses gitlab-ce#23257.
@@ -687,11 +693,11 @@ module Ci
    def push_details
      strong_memoize(:push_details) do
-        Gitlab::Git::Push.new(project, before_sha, sha, push_ref)
+        Gitlab::Git::Push.new(project, before_sha, sha, git_ref)
      end
    end
-    def push_ref
+    def git_ref
      if branch?
        Gitlab::Git::BRANCH_REF_PREFIX + ref.to_s
      elsif tag?

--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -3,7 +3,7 @@
 module Clusters
  module Applications
    class Runner < ActiveRecord::Base
-      VERSION = '0.1.34'.freeze
+      VERSION = '0.1.35'.freeze
      self.table_name = 'clusters_applications_runners'

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -561,6 +561,8 @@ class Project < ActiveRecord::Base
    self[:lfs_enabled] && Gitlab.config.lfs.enabled
  end
+  alias_method :lfs_enabled, :lfs_enabled?
  def auto_devops_enabled?
    if auto_devops&.enabled.nil?
      has_auto_devops_implicitly_enabled?

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -229,8 +229,11 @@ class User < ActiveRecord::Base
  delegate :path, to: :namespace, allow_nil: true, prefix: true
  delegate :notes_filter_for, to: :user_preference
  delegate :set_notes_filter, to: :user_preference
+<<<<<<< HEAD
  accepts_nested_attributes_for :namespace
+=======
+>>>>>>> upstream/master
  state_machine :state, initial: :active do
    event :block do

--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -13,7 +13,11 @@
      = pluralize @pipeline.total_size, "job"
      - if @pipeline.ref
        from
-        = link_to @pipeline.ref, project_ref_path(@project, @pipeline.ref), class: "ref-name"
+        - if @pipeline.ref_exists?
+          = link_to @pipeline.ref, project_ref_path(@project, @pipeline.ref), class: "ref-name"
+        - else
+          %span.ref-name
+            = @pipeline.ref
      - if @pipeline.duration
        in
        = time_interval_in_words(@pipeline.duration)

--- a/app/views/shared/issuable/_search_bar.html.haml
+++ b/app/views/shared/issuable/_search_bar.html.haml
@@ -36,7 +36,7 @@
                  %button.btn.btn-link{ type: 'button' }
                    = sprite_icon('search')
                    %span
-                      Press Enter or click to search
+                      = _('Press Enter or click to search')
              %ul.filter-dropdown{ data: { dynamic: true, dropdown: true } }
                %li.filter-dropdown-item
                  %button.btn.btn-link{ type: 'button' }
@@ -61,7 +61,7 @@
              %ul{ data: { dropdown: true } }
                %li.filter-dropdown-item{ data: { value: 'none' } }
                  %button.btn.btn-link{ type: 'button' }
-                    No Assignee
+                    = _('No Assignee')
                %li.divider.droplab-item-ignore
                - if current_user
                  = render 'shared/issuable/user_dropdown_item',
@@ -74,13 +74,16 @@
              %ul{ data: { dropdown: true } }
                %li.filter-dropdown-item{ data: { value: 'none' } }
                  %button.btn.btn-link{ type: 'button' }
-                    No Milestone
+                    = _('None')
+                %li.filter-dropdown-item{ data: { value: 'any' } }
+                  %button.btn.btn-link{ type: 'button' }
+                    = _('Any')
                %li.filter-dropdown-item{ data: { value: 'upcoming' } }
                  %button.btn.btn-link{ type: 'button' }
-                    Upcoming
+                    = _('Upcoming')
                %li.filter-dropdown-item{ 'data-value' => 'started' }
                  %button.btn.btn-link{ type: 'button' }
-                    Started
+                    = _('Started')
                %li.divider.droplab-item-ignore
              %ul.filter-dropdown{ data: { dynamic: true, dropdown: true } }
                %li.filter-dropdown-item
@@ -90,7 +93,7 @@
              %ul{ data: { dropdown: true } }
                %li.filter-dropdown-item{ data: { value: 'none' } }
                  %button.btn.btn-link{ type: 'button' }
-                    No Label
+                    = _('No Label')
                %li.divider.droplab-item-ignore
              %ul.filter-dropdown{ data: { dynamic: true, dropdown: true } }
                %li.filter-dropdown-item

--- a/app/views/shared/issuable/_sidebar_todo.html.haml
+++ b/app/views/shared/issuable/_sidebar_todo.html.haml
 - is_collapsed = local_assigns.fetch(:is_collapsed, false)
- mark_content = is_collapsed ? icon('check-square', class: 'todo-undone') : _('Mark todo as done')
+- mark_content = is_collapsed ? sprite_icon('todo-done', css_class: 'todo-undone') : _('Mark todo as done')
- todo_content = is_collapsed ? icon('plus-square') : _('Add todo')
+- todo_content = is_collapsed ? sprite_icon('todo-add') : _('Add todo')
 %button.issuable-todo-btn.js-issuable-todo{ type: 'button',
  class: (is_collapsed ? 'btn-blank sidebar-collapsed-icon dont-change-state has-tooltip' : 'btn btn-default issuable-header-btn float-right'),

--- a/app/views/shared/runners/show.html.haml
+++ b/app/views/shared/runners/show.html.haml
@@ -24,7 +24,7 @@
      %td= @runner.active? ? 'Yes' : 'No'
    %tr
      %td Protected
-      %td= @runner.active? ? _('Yes') : _('No')
+      %td= @runner.ref_protected? ? 'Yes' : 'No'
    %tr
      %td Can run untagged jobs
      %td= @runner.run_untagged? ? 'Yes' : 'No'

--- a/changelogs/unreleased/32959-update-todo-icon.yml
+++ b/changelogs/unreleased/32959-update-todo-icon.yml
+---
+title: Update Todo icons in collapsed sidebar for Issues and MRs
+merge_request: 22534
+author:
+type: changed
--- a/changelogs/unreleased/42611-removed-branch-link.yml
+++ b/changelogs/unreleased/42611-removed-branch-link.yml
+---
+title: Only render link to branch when branch still exists in pipeline page
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/52059-filter-milestone-by-none-any.yml
+++ b/changelogs/unreleased/52059-filter-milestone-by-none-any.yml
+---
+title: Added `Any` option to milestones filter
+merge_request: 22351
+author: Heinrich Lee Yu
+type: added
--- a/changelogs/unreleased/52840-fix-runners-details-page.yml
+++ b/changelogs/unreleased/52840-fix-runners-details-page.yml
+---
+title: Fix rendering of 'Protected' value on Runner details page
+merge_request: 22459
+author:
+type: fixed
--- a/changelogs/unreleased/add-new-kubernetes-spec-helpers.yml
+++ b/changelogs/unreleased/add-new-kubernetes-spec-helpers.yml
+---
+title: Introduce new kubernetes helpers
+merge_request: 22525
+author:
+type: other
--- a/changelogs/unreleased/add-role-binding-to-kubeclient.yml
+++ b/changelogs/unreleased/add-role-binding-to-kubeclient.yml
+---
+title: Allow kubeclient to call RoleBinding methods
+merge_request: 22524
+author:
+type: other
--- a/changelogs/unreleased/lfs-project-attribute-alias.yml
+++ b/changelogs/unreleased/lfs-project-attribute-alias.yml
+---
+title: Resolve LFS not correctly showing enabled
+merge_request: 22501
+author:
+type: fixed
--- a/changelogs/unreleased/sh-pages-eof-error.yml
+++ b/changelogs/unreleased/sh-pages-eof-error.yml
+---
+title: Fix EOF detection with CI artifacts metadata
+merge_request: 22479
+author:
+type: fixed
--- a/changelogs/unreleased/update-runner-chart-to-0-1-35.yml
+++ b/changelogs/unreleased/update-runner-chart-to-0-1-35.yml
+---
+title: Update used version of Runner Helm Chart to 0.1.35
+merge_request: 22541
+author:
+type: other
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -915,9 +915,6 @@ test:
      default:
        path: tmp/tests/repositories/
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
-      broken:
-        path: tmp/tests/non-existent-repositories
-        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
  gitaly:
    client_path: tmp/tests/gitaly

--- a/db/schema.rb
+++ b/db/schema.rb
@@ -3384,8 +3384,13 @@ ActiveRecord::Schema.define(version: 20181017131623) do
  add_foreign_key "u2f_registrations", "users"
  add_foreign_key "user_callouts", "users", on_delete: :cascade
  add_foreign_key "user_custom_attributes", "users", on_delete: :cascade
+<<<<<<< HEAD
  add_foreign_key "user_interacted_projects", "projects", on_delete: :cascade
  add_foreign_key "user_interacted_projects", "users", on_delete: :cascade
+=======
+  add_foreign_key "user_interacted_projects", "projects", name: "fk_722ceba4f7", on_delete: :cascade
+  add_foreign_key "user_interacted_projects", "users", name: "fk_0894651f08", on_delete: :cascade
+>>>>>>> upstream/master
  add_foreign_key "user_preferences", "users", on_delete: :cascade
  add_foreign_key "user_statuses", "users", on_delete: :cascade
  add_foreign_key "user_synced_attributes_metadata", "users", on_delete: :cascade

--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -411,6 +411,23 @@ args: {
 }
 ```
+### `uid_attribute`
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/43806) in GitLab 10.7.
+By default, the `uid` is set as the `name_id` in the SAML response. If you'd like to designate a unique attribute for the `uid`, you can set the `uid_attribute`. In the example below, the value of `uid` attribute in the SAML response is set as the `uid_attribute`.
+```yaml
+args: {
+        assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
+        idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
+        idp_sso_target_url: 'https://login.example.com/idp',
+        issuer: 'https://gitlab.example.com',
+        name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+        uid_attribute: 'uid'
+}
+```
 ## Troubleshooting
 ### 500 error after login

--- a/doc/user/project/milestones/index.md
+++ b/doc/user/project/milestones/index.md
@@ -74,7 +74,8 @@ From the project issue/merge request list pages and the group issue/merge reques
 When filtering by milestone, in addition to choosing a specific project milestone or group milestone, you can choose a special milestone filter.
- **No Milestone**: Show issues or merge requests with no assigned milestone.
+- **None**: Show issues or merge requests with no assigned milestone.
+- **Any**: Show issues or merge requests that have an assigned milestone.
 - **Upcoming**: Show issues or merge requests that have been assigned the open milestone that has the next upcoming due date (i.e. nearest due date in the future).
 - **Started**: Show issues or merge requests that have an assigned milestone with a start date that is before today.

--- a/lib/gitlab/ci/build/artifacts/metadata.rb
+++ b/lib/gitlab/ci/build/artifacts/metadata.rb
@@ -59,9 +59,12 @@ module Gitlab
            until gz.eof?
              begin
-                path = read_string(gz).force_encoding('UTF-8')
+                path = read_string(gz)&.force_encoding('UTF-8')
-                meta = read_string(gz).force_encoding('UTF-8')
+                meta = read_string(gz)&.force_encoding('UTF-8')
+                # We might hit an EOF while reading either value, so we should
+                # abort if we don't get any data.
+                next unless path && meta
                next unless path.valid_encoding? && meta.valid_encoding?
                next unless path =~ match_pattern
                next if path =~ INVALID_PATH_PATTERN

--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -937,7 +937,7 @@ database (#{dbname}) using a super user and running:
 For MySQL you instead need to run:
-    GRANT ALL PRIVILEGES ON *.* TO #{user}@'%'
+    GRANT ALL PRIVILEGES ON #{dbname}.* TO #{user}@'%'
 Both queries will grant the user super user permissions, ensuring you don't run
 into similar problems in the future (e.g. when new tables are created).

--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -45,6 +45,13 @@ module Gitlab
        :update_cluster_role_binding,
        to: :rbac_client
+      # RBAC methods delegates to the apis/rbac.authorization.k8s.io api
+      # group client
+      delegate :create_role_binding,
+        :get_role_binding,
+        :update_role_binding,
+        to: :rbac_client
      # Deployments resource is currently on the apis/extensions api group
      delegate :get_deployments,
        to: :extensions_client

--- a/lib/gitlab/kubernetes/role_binding.rb
+++ b/lib/gitlab/kubernetes/role_binding.rb
+# frozen_string_literal: true
+module Gitlab
+  module Kubernetes
+    class RoleBinding
+      attr_reader :role_name, :namespace, :service_account_name
+      def initialize(role_name:, namespace:, service_account_name:)
+        @role_name = role_name
+        @namespace = namespace
+        @service_account_name = service_account_name
+      end
+      def generate
+        ::Kubeclient::Resource.new.tap do |resource|
+          resource.metadata = metadata
+          resource.roleRef  = role_ref
+          resource.subjects = subjects
+        end
+      end
+      private
+      def metadata
+        { name: "gitlab-#{namespace}", namespace: namespace }
+      end
+      def role_ref
+        {
+          apiGroup: 'rbac.authorization.k8s.io',
+          kind: 'Role',
+          name: role_name
+        }
+      end
+      def subjects
+        [
+          {
+            kind: 'ServiceAccount',
+            name: service_account_name,
+            namespace: namespace
+          }
+        ]
+      end
+    end
+  end
+end
--- a/lib/gitlab/setup_helper.rb
+++ b/lib/gitlab/setup_helper.rb
@@ -32,7 +32,10 @@ module Gitlab
        end
        if Rails.env.test?
-          storages << { name: 'test_second_storage', path: Rails.root.join('tmp', 'tests', 'second_storage').to_s }
+          storage_path = Rails.root.join('tmp', 'tests', 'second_storage').to_s
+          FileUtils.mkdir(storage_path) unless File.exist?(storage_path)
+          storages << { name: 'test_second_storage', path: storage_path }
        end
        config = { socket_path: address.sub(/\Aunix:/, ''), storage: storages }

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -5254,6 +5254,12 @@ msgstr ""
 msgid "No"
 msgstr ""
+<<<<<<< HEAD
+=======
+msgid "No Assignee"
+msgstr ""
+>>>>>>> upstream/master
 msgid "No Label"
 msgstr ""
@@ -7233,6 +7239,7 @@ msgstr ""
 msgid "Something went wrong while closing the %{issuable}. Please try again later"
 msgstr ""
+<<<<<<< HEAD
 msgid "Something went wrong while fetching %{listType} list"
 msgstr ""
@@ -7242,6 +7249,11 @@ msgstr ""
 msgid "Something went wrong while fetching group member contributions"
 msgstr ""
+=======
+msgid "Something went wrong while fetching comments. Please try again."
+msgstr ""
+>>>>>>> upstream/master
 msgid "Something went wrong while fetching the projects."
 msgstr ""
@@ -8376,6 +8388,9 @@ msgstr ""
 msgid "Up to date"
 msgstr ""
+msgid "Upcoming"
+msgstr ""
 msgid "Update"
 msgstr ""

--- a/spec/factories/ci/runners.rb
+++ b/spec/factories/ci/runners.rb
@@ -47,5 +47,15 @@ FactoryBot.define do
    trait :ref_protected do
      access_level :ref_protected
    end
+    trait :tagged_only do
+      run_untagged false
+      tag_list %w(tag1 tag2)
+    end
+    trait :locked do
+      locked true
+    end
  end
 end
--- a/spec/features/issues/filtered_search/dropdown_milestone_spec.rb
+++ b/spec/features/issues/filtered_search/dropdown_milestone_spec.rb
@@ -189,13 +189,21 @@ describe 'Dropdown milestone', :js do
    end
    it 'selects `no milestone`' do
-      click_static_milestone('No Milestone')
+      click_static_milestone('None')
      expect(page).to have_css(js_dropdown_milestone, visible: false)
      expect_tokens([milestone_token('none', false)])
      expect_filtered_search_input_empty
    end
+    it 'selects `any milestone`' do
+      click_static_milestone('Any')
+      expect(page).to have_css(js_dropdown_milestone, visible: false)
+      expect_tokens([milestone_token('any', false)])
+      expect_filtered_search_input_empty
+    end
    it 'selects `upcoming milestone`' do
      click_static_milestone('Upcoming')

--- a/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/spec/features/projects/pipelines/pipeline_spec.rb
@@ -68,6 +68,10 @@ describe 'Pipeline', :js do
      expect(page).to have_css('#js-tab-pipeline.active')
    end
+    it 'shows link to the pipeline ref' do
+      expect(page).to have_link(pipeline.ref)
+    end
    it_behaves_like 'showing user status' do
      let(:user_with_status) { pipeline.user }
@@ -236,6 +240,20 @@ describe 'Pipeline', :js do
        it { expect(page).not_to have_content('Cancel running') }
      end
    end
+    context 'when pipeline ref does not exist in repository anymore' do
+      let(:pipeline) do
+        create(:ci_empty_pipeline, project: project,
+                                   ref: 'non-existent',
+                                   sha: project.commit.id,
+                                   user: user)
+      end
+      it 'does not render link to the pipeline ref' do
+        expect(page).not_to have_link(pipeline.ref)
+        expect(page).to have_content(pipeline.ref)
+      end
+    end
  end
  context 'when user does not have access to read jobs' do

--- a/spec/javascripts/collapsed_sidebar_todo_spec.js
+++ b/spec/javascripts/collapsed_sidebar_todo_spec.js
@@ -45,8 +45,10 @@ describe('Issuable right sidebar collapsed todo toggle', () => {
    expect(document.querySelector('.js-issuable-todo.sidebar-collapsed-icon')).not.toBeNull();
    expect(
-      document.querySelector('.js-issuable-todo.sidebar-collapsed-icon .fa-plus-square'),
+      document
-    ).not.toBeNull();
+        .querySelector('.js-issuable-todo.sidebar-collapsed-icon svg use')
+        .getAttribute('xlink:href'),
+    ).toContain('todo-add');
    expect(
      document.querySelector('.js-issuable-todo.sidebar-collapsed-icon .todo-undone'),
@@ -68,8 +70,10 @@ describe('Issuable right sidebar collapsed todo toggle', () => {
      ).not.toBeNull();
      expect(
-        document.querySelector('.js-issuable-todo.sidebar-collapsed-icon .fa-check-square'),
+        document
-      ).not.toBeNull();
+          .querySelector('.js-issuable-todo.sidebar-collapsed-icon svg.todo-undone use')
+          .getAttribute('xlink:href'),
+      ).toContain('todo-done');
      done();
    });

--- a/spec/lib/gitaly/server_spec.rb
+++ b/spec/lib/gitaly/server_spec.rb
@@ -26,9 +26,7 @@ describe Gitaly::Server do
      end
    end
-    context 'when the storage is not readable' do
+    context 'when the storage is not readable', :broken_storage do
-      let(:server) { described_class.new('broken') }
      it 'returns false' do
        expect(server).not_to be_readable
      end
@@ -42,9 +40,7 @@ describe Gitaly::Server do
      end
    end
-    context 'when the storage is not writeable' do
+    context 'when the storage is not writeable', :broken_storage do
-      let(:server) { described_class.new('broken') }
      it 'returns false' do
        expect(server).not_to be_writeable
      end

--- a/spec/lib/gitlab/ci/build/artifacts/metadata_spec.rb
+++ b/spec/lib/gitlab/ci/build/artifacts/metadata_spec.rb
@@ -112,4 +112,34 @@ describe Gitlab::Ci::Build::Artifacts::Metadata do
      end
    end
  end
+  context 'generated metadata' do
+    let(:tmpfile) { Tempfile.new('test-metadata') }
+    let(:generator) { CiArtifactMetadataGenerator.new(tmpfile) }
+    let(:entry_count) { 5 }
+    before do
+      tmpfile.binmode
+      (1..entry_count).each do |index|
+        generator.add_entry("public/test-#{index}.txt")
+      end
+      generator.write
+    end
+    after do
+      File.unlink(tmpfile.path)
+    end
+    describe '#find_entries!' do
+      it 'reads expected number of entries' do
+        stream = File.open(tmpfile.path)
+        metadata = described_class.new(stream, 'public', { recursive: true })
+        expect(metadata.find_entries!.count).to eq entry_count
+      end
+    end
+  end
 end
--- a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
@@ -335,7 +335,7 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
        restored_project_json
-        expect(project.lfs_enabled).to be_nil
+        expect(project.lfs_enabled).to be_falsey
      end
    end

--- a/spec/lib/gitlab/kubernetes/role_binding_spec.rb
+++ b/spec/lib/gitlab/kubernetes/role_binding_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Gitlab::Kubernetes::RoleBinding, '#generate' do
+  let(:role_name) { 'edit' }
+  let(:namespace) { 'my-namespace' }
+  let(:service_account_name) { 'my-service-account' }
+  let(:subjects) do
+    [
+      {
+        kind: 'ServiceAccount',
+        name: service_account_name,
+        namespace: namespace
+      }
+    ]
+  end
+  let(:role_ref) do
+    {
+      apiGroup: 'rbac.authorization.k8s.io',
+      kind: 'Role',
+      name: role_name
+    }
+  end
+  let(:resource) do
+    ::Kubeclient::Resource.new(
+      metadata: { name: "gitlab-#{namespace}", namespace: namespace },
+      roleRef: role_ref,
+      subjects: subjects
+    )
+  end
+  subject do
+    described_class.new(
+      role_name: role_name,
+      namespace: namespace,
+      service_account_name: service_account_name
+    ).generate
+  end
+  it 'should build a Kubeclient Resource' do
+    is_expected.to eq(resource)
+  end
+end
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -788,6 +788,41 @@ describe Ci::Pipeline, :mailer do
    end
  end
+  describe 'ref_exists?' do
+    context 'when repository exists' do
+      using RSpec::Parameterized::TableSyntax
+      let(:project) { create(:project, :repository) }
+      where(:tag, :ref, :result) do
+        false | 'master'              | true
+        false | 'non-existent-branch' | false
+        true  | 'v1.1.0'              | true
+        true  | 'non-existent-tag'    | false
+      end
+      with_them do
+        let(:pipeline) do
+          create(:ci_empty_pipeline, project: project, tag: tag, ref: ref)
+        end
+        it "correctly detects ref" do
+          expect(pipeline.ref_exists?).to be result
+        end
+      end
+    end
+    context 'when repository does not exist' do
+      let(:pipeline) do
+        create(:ci_empty_pipeline, project: project, ref: 'master')
+      end
+      it 'always returns false' do
+        expect(pipeline.ref_exists?).to eq false
+      end
+    end
+  end
  context 'with non-empty project' do
    let(:project) { create(:project, :repository) }

--- a/spec/models/clusters/applications/runner_spec.rb
+++ b/spec/models/clusters/applications/runner_spec.rb
@@ -17,7 +17,7 @@ describe Clusters::Applications::Runner do
      let(:application) { create(:clusters_applications_runner, :scheduled, version: '0.1.30') }
      it 'updates the application version' do
-        expect(application.reload.version).to eq('0.1.34')
+        expect(application.reload.version).to eq('0.1.35')
      end
    end
  end
@@ -45,7 +45,7 @@ describe Clusters::Applications::Runner do
    it 'should be initialized with 4 arguments' do
      expect(subject.name).to eq('runner')
      expect(subject.chart).to eq('runner/gitlab-runner')
-      expect(subject.version).to eq('0.1.34')
+      expect(subject.version).to eq('0.1.35')
      expect(subject).not_to be_rbac
      expect(subject.repository).to eq('https://charts.gitlab.io')
      expect(subject.files).to eq(gitlab_runner.files)
@@ -63,7 +63,7 @@ describe Clusters::Applications::Runner do
      let(:gitlab_runner) { create(:clusters_applications_runner, :errored, runner: ci_runner, version: '0.1.13') }
      it 'should be initialized with the locked version' do
-        expect(subject.version).to eq('0.1.34')
+        expect(subject.version).to eq('0.1.35')
      end
    end
  end

--- a/spec/support/helpers/ci_artifact_metadata_generator.rb
+++ b/spec/support/helpers/ci_artifact_metadata_generator.rb
+# frozen_sting_literal: true
+# This generates fake CI metadata .gz for testing
+# Based off https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/internal/zipartifacts/metadata.go
+class CiArtifactMetadataGenerator
+  attr_accessor :entries, :output
+  ARTIFACT_METADATA = "GitLab Build Artifacts Metadata 0.0.2\n".freeze
+  def initialize(stream)
+    @entries = {}
+    @output = Zlib::GzipWriter.new(stream)
+  end
+  def add_entry(filename)
+    @entries[filename] = { CRC: rand(0xfffffff), Comment: FFaker::Lorem.sentence(10) }
+  end
+  def write
+    write_version
+    write_errors
+    write_entries
+    output.close
+  end
+  private
+  def write_version
+    write_string(ARTIFACT_METADATA)
+  end
+  def write_errors
+    write_string('{}')
+  end
+  def write_entries
+    entries.each do |filename, metadata|
+      write_string(filename)
+      write_string(metadata.to_json + "\n")
+    end
+  end
+  def write_string(data)
+    bytes = [data.length].pack('L>')
+    output.write(bytes)
+    output.write(data)
+  end
+end
--- a/spec/support/helpers/kubernetes_helpers.rb
+++ b/spec/support/helpers/kubernetes_helpers.rb
@@ -44,10 +44,11 @@ module KubernetesHelpers
    WebMock.stub_request(:get, deployments_url).to_return(response || kube_deployments_response)
  end
-  def stub_kubeclient_get_secret(api_url, namespace: 'default', **options)
+  def stub_kubeclient_get_secret(api_url, **options)
    options[:metadata_name] ||= "default-token-1"
+    options[:namespace] ||= "default"
-    WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{namespace}/secrets/#{options[:metadata_name]}")
+    WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{options[:namespace]}/secrets/#{options[:metadata_name]}")
      .to_return(kube_response(kube_v1_secret_body(options)))
  end
@@ -76,6 +77,21 @@ module KubernetesHelpers
      .to_return(kube_response({}))
  end
+  def stub_kubeclient_create_role_binding(api_url, namespace: 'default')
+    WebMock.stub_request(:post, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings")
+      .to_return(kube_response({}))
+  end
+  def stub_kubeclient_create_namespace(api_url)
+    WebMock.stub_request(:post, api_url + "/api/v1/namespaces")
+      .to_return(kube_response({}))
+  end
+  def stub_kubeclient_get_namespace(api_url, namespace: 'default')
+    WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{namespace}")
+      .to_return(kube_response({}))
+  end
  def kube_v1_secret_body(**options)
    {
      "kind" => "SecretList",
@@ -98,7 +114,8 @@ module KubernetesHelpers
        { "name" => "deployments", "namespaced" => true, "kind" => "Deployment" },
        { "name" => "secrets", "namespaced" => true, "kind" => "Secret" },
        { "name" => "serviceaccounts", "namespaced" => true, "kind" => "ServiceAccount" },
-        { "name" => "services", "namespaced" => true, "kind" => "Service" }
+        { "name" => "services", "namespaced" => true, "kind" => "Service" },
+        { "name" => "namespaces", "namespaced" => true, "kind" => "Namespace" }
      ]
    }
  end

--- a/spec/support/helpers/test_env.rb
+++ b/spec/support/helpers/test_env.rb
@@ -70,7 +70,6 @@ module TestEnv
  TMP_TEST_PATH = Rails.root.join('tmp', 'tests', '**')
  REPOS_STORAGE = 'default'.freeze
-  BROKEN_STORAGE = 'broken'.freeze
  # Test environment
  #
@@ -159,10 +158,6 @@ module TestEnv
      version: Gitlab::GitalyClient.expected_server_version,
      task: "gitlab:gitaly:install[#{gitaly_dir},#{repos_path}]") do
-      # Re-create config, to specify the broken storage path
-      storage_paths = { 'default' => repos_path, 'broken' => broken_path }
-      Gitlab::SetupHelper.create_gitaly_configuration(gitaly_dir, storage_paths, force: true)
      start_gitaly(gitaly_dir)
    end
  end
@@ -257,10 +252,6 @@ module TestEnv
    @repos_path ||= Gitlab.config.repositories.storages[REPOS_STORAGE].legacy_disk_path
  end
-  def broken_path
-    @broken_path ||= Gitlab.config.repositories.storages[BROKEN_STORAGE].legacy_disk_path
-  end
  def backup_path
    Gitlab.config.backup.path
  end

--- a/spec/support/stored_repositories.rb
+++ b/spec/support/stored_repositories.rb
 RSpec.configure do |config|
-  config.before(:all, :broken_storage) do
-    FileUtils.rm_rf Gitlab.config.repositories.storages.broken.legacy_disk_path
-  end
  config.before(:each, :broken_storage) do
    allow(Gitlab::GitalyClient).to receive(:call) do
      raise GRPC::Unavailable.new('Gitaly broken in this spec')

--- a/spec/views/shared/runners/show.html.haml_spec.rb
+++ b/spec/views/shared/runners/show.html.haml_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'shared/runners/show.html.haml' do
+  include PageLayoutHelper
+  let(:runner) do
+    create(:ci_runner, name: 'test runner',
+                       version: '11.4.0',
+                       ip_address: '127.1.2.3',
+                       revision: 'abcd1234',
+                       architecture: 'amd64' )
+  end
+  before do
+    assign(:runner, runner)
+  end
+  subject do
+    render
+    rendered
+  end
+  describe 'Page title' do
+    before do
+      expect_any_instance_of(PageLayoutHelper).to receive(:page_title).with("#{runner.description} ##{runner.id}", 'Runners')
+    end
+    it 'sets proper page title' do
+      render
+    end
+  end
+  describe 'Runner id and type' do
+    context 'when runner is of type instance' do
+      it { is_expected.to have_content("Runner ##{runner.id} Shared") }
+    end
+    context 'when runner is of type group' do
+      let(:runner) { create(:ci_runner, :group) }
+      it { is_expected.to have_content("Runner ##{runner.id} Group") }
+    end
+    context 'when runner is of type project' do
+      let(:runner) { create(:ci_runner, :project) }
+      it { is_expected.to have_content("Runner ##{runner.id} Specific") }
+    end
+  end
+  describe 'Active value' do
+    context 'when runner is active' do
+      it { is_expected.to have_content('Active Yes') }
+    end
+    context 'when runner is inactive' do
+      let(:runner) { create(:ci_runner, :inactive) }
+      it { is_expected.to have_content('Active No') }
+    end
+  end
+  describe 'Protected value' do
+    context 'when runner is not protected' do
+      it { is_expected.to have_content('Protected No') }
+    end
+    context 'when runner is protected' do
+      let(:runner) { create(:ci_runner, :ref_protected) }
+      it { is_expected.to have_content('Protected Yes') }
+    end
+  end
+  describe 'Can run untagged jobs value' do
+    context 'when runner run untagged job is set' do
+      it { is_expected.to have_content('Can run untagged jobs Yes') }
+    end
+    context 'when runner run untagged job is unset' do
+      let(:runner) { create(:ci_runner, :tagged_only) }
+      it { is_expected.to have_content('Can run untagged jobs No') }
+    end
+  end
+  describe 'Locked to this project value' do
+    context 'when runner locked is not set' do
+      it { is_expected.to have_content('Locked to this project No') }
+      context 'when runner is of type group' do
+        let(:runner) { create(:ci_runner, :group) }
+        it { is_expected.not_to have_content('Locked to this project') }
+      end
+    end
+    context 'when runner locked is set' do
+      let(:runner) { create(:ci_runner, :locked) }
+      it { is_expected.to have_content('Locked to this project Yes') }
+      context 'when runner is of type group' do
+        let(:runner) { create(:ci_runner, :group, :locked) }
+        it { is_expected.not_to have_content('Locked to this project') }
+      end
+    end
+  end
+  describe 'Tags value' do
+    context 'when runner does not have tags' do
+      it { is_expected.to have_content('Tags') }
+      it { is_expected.not_to have_selector('span.badge.badge-primary')}
+    end
+    context 'when runner have tags' do
+      let(:runner) { create(:ci_runner, tag_list: %w(tag2 tag3 tag1)) }
+      it { is_expected.to have_content('Tags tag1 tag2 tag3') }
+      it { is_expected.to have_selector('span.badge.badge-primary')}
+    end
+  end
+  describe 'Metadata values' do
+    it { is_expected.to have_content("Name #{runner.name}") }
+    it { is_expected.to have_content("Version #{runner.version}") }
+    it { is_expected.to have_content("IP Address #{runner.ip_address}") }
+    it { is_expected.to have_content("Revision #{runner.revision}") }
+    it { is_expected.to have_content("Platform #{runner.platform}") }
+    it { is_expected.to have_content("Architecture #{runner.architecture}") }
+    it { is_expected.to have_content("Description #{runner.description}") }
+  end
+  describe 'Maximum job timeout value' do
+    let(:runner) { create(:ci_runner, maximum_timeout: 5400) }
+    it { is_expected.to have_content('Maximum job timeout 1h 30m') }
+  end
+  describe 'Last contact value' do
+    context 'when runner have not contacted yet' do
+      it { is_expected.to have_content('Last contact Never') }
+    end
+    context 'when runner have already contacted' do
+      let(:runner) { create(:ci_runner, contacted_at: DateTime.now - 6.days) }
+      let(:expected_contacted_at) { I18n.localize(runner.contacted_at, format: "%b %d, %Y") }
+      it { is_expected.to have_content("Last contact #{expected_contacted_at}") }
+    end
+  end
+end
--- a/spec/workers/repository_check/batch_worker_spec.rb
+++ b/spec/workers/repository_check/batch_worker_spec.rb
@@ -51,7 +51,7 @@ describe RepositoryCheck::BatchWorker do
  it 'does nothing when shard is unhealthy' do
    shard_name = 'broken'
-    create(:project, created_at: 1.week.ago, repository_storage: shard_name)
+    create(:project, :broken_storage, created_at: 1.week.ago)
    expect(subject.perform(shard_name)).to eq(nil)
  end