Merge branch '11-11-stable-patch-3' into '11-11-stable'

Prepare 11.11.3 release

See merge request gitlab-org/gitlab-ce!29405

GITALY_SERVER_VERSION

-1.42.3
+1.42.4

Gemfile

@@ -333,7 +333,7 @@ group :development, :test do
   gem 'database_cleaner', '~> 1.7.0'
   gem 'factory_bot_rails', '~> 4.8.2'
   gem 'rspec-rails', '~> 3.7.0'
-  gem 'rspec-retry', '~> 0.4.5'
+  gem 'rspec-retry', '~> 0.6.1'
   gem 'rspec_profiling', '~> 0.0.5'
   gem 'rspec-set', '~> 0.1.3'
   gem 'rspec-parameterized', require: false

Gemfile.lock

@@ -780,8 +780,8 @@ GEM
       rspec-expectations (~> 3.7.0)
       rspec-mocks (~> 3.7.0)
       rspec-support (~> 3.7.0)
-    rspec-retry (0.4.5)
-      rspec-core
+    rspec-retry (0.6.1)
+      rspec-core (> 3.3)
     rspec-set (0.1.3)
     rspec-support (3.7.1)
     rspec_junit_formatter (0.4.1)
@@ -1175,7 +1175,7 @@ DEPENDENCIES
   rqrcode-rails3 (~> 0.1.7)
   rspec-parameterized
   rspec-rails (~> 3.7.0)
-  rspec-retry (~> 0.4.5)
+  rspec-retry (~> 0.6.1)
   rspec-set (~> 0.1.3)
   rspec_junit_formatter
   rspec_profiling (~> 0.0.5)

app/assets/javascripts/gl_dropdown.js

@@ -561,6 +561,11 @@ GitLabDropdown = (function() {
         !$target.data('isLink')
       ) {
         e.stopPropagation();
+
+        // This prevents automatic scrolling to the top
+        if ($target.is('a')) {
+          return false;
+        }
       }
 
       return true;

app/models/ci/build.rb

@@ -352,7 +352,7 @@ module Ci
     end
 
     def retryable?
-      !archived? && (success? || failed?)
+      !archived? && (success? || failed? || canceled?)
     end
 
     def retries_count

app/presenters/ci/build_runner_presenter.rb

@@ -4,7 +4,6 @@ module Ci
   class BuildRunnerPresenter < SimpleDelegator
     include Gitlab::Utils::StrongMemoize
 
-    DEFAULT_GIT_DEPTH_MERGE_REQUEST = 10
     RUNNER_REMOTE_TAG_PREFIX = 'refs/tags/'.freeze
     RUNNER_REMOTE_BRANCH_PREFIX = 'refs/remotes/origin/'.freeze
 
@@ -28,7 +27,6 @@ module Ci
     def git_depth
       strong_memoize(:git_depth) do
         git_depth = variables&.find { |variable| variable[:key] == 'GIT_DEPTH' }&.dig(:value)
-        git_depth ||= DEFAULT_GIT_DEPTH_MERGE_REQUEST if merge_request_ref?
         git_depth.to_i
       end
     end
@@ -39,12 +37,13 @@ module Ci
       if git_depth > 0
         specs << refspec_for_branch(ref) if branch? || legacy_detached_merge_request_pipeline?
         specs << refspec_for_tag(ref) if tag?
-        specs << refspec_for_merge_request_ref if merge_request_ref?
       else
         specs << refspec_for_branch
         specs << refspec_for_tag
       end
 
+      specs << refspec_for_merge_request_ref if merge_request_ref?
+
       specs
     end
 

changelogs/unreleased/61246-fix-label-click-scroll-to-top.yml

+---
+title: Fix label click scrolling to top
+merge_request: 29202
+author:
+type: fixed

changelogs/unreleased/62713-fix-uninstalling-cluster-apps.yml

+---
+title: Fix connection to Tiller error while uninstalling
+merge_request: 29131
+author:
+type: fixed

changelogs/unreleased/revert-git-depth-for-merge-request.yml

+---
+title: Remove a default git depth in Pipelines for merge requests
+merge_request: 28926
+author:
+type: fixed

changelogs/unreleased/sh-fix-openid-connect-defaults.yml

+---
+title: Make OpenID Connect work without requiring a name
+merge_request: 29312
+author:
+type: fixed

changelogs/unreleased/sh-project-import-visibility-error.yml

+---
+title: Fix invalid visibility string comparison in project import
+merge_request: 28612
+author:
+type: fixed

doc/administration/auth/oidc.md

@@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to
       { 'name' => 'openid_connect',
         'label' => '<your_oidc_label>',
         'args' => {
+          "name' => 'openid_connect',
           'scope' => ['openid','profile'],
           'response_type' => 'code',
           'issuer' => '<your_oidc_url>',
@@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to
       - { name: 'openid_connect',
           label: '<your_oidc_label>',
           args: {
+            name: 'openid_connect',
             scope: ['openid','profile'],
             response_type: 'code',
             issuer: '<your_oidc_url>',
@@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula
 Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to
 sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user
 will be redirected to GitLab and will be signed in.
+
+## Example configurations
+
+The following configurations illustrate how to set up OpenID with
+different providers with Omnibus GitLab.
+
+### Google
+
+See the [Google
+documentation](https://developers.google.com/identity/protocols/OpenIDConnect)
+for more details:
+
+```ruby
+ gitlab_rails['omniauth_providers'] = [
+ {
+   'name' => 'openid_connect',
+   'label' => 'Google OpenID',
+   'args' => {
+     'name' => 'openid_connect',
+     'scope' => ['openid', 'profile', 'email'],
+     'response_type' => 'code',
+     'issuer' => 'https://accounts.google.com',
+     'client_auth_method' => 'query',
+     'discovery' => true,
+     'uid_field' => 'preferred_username',
+     'client_options' => {
+       'identifier' => '<YOUR PROJECT CLIENT ID>',
+       'secret' => '<YOUR PROJECT CLIENT SECRET>',
+       'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback',
+     }
+   }
+ }
+```

doc/ci/pipelines.md

@@ -266,9 +266,6 @@ Clicking on an individual job will show you its job trace, and allow you to:
 - Retry the job.
 - Erase the job trace.
 
-NOTE: **Note:**
-To prevent jobs from being bypassed or run out of order, canceled jobs can only be retried when the whole pipeline they belong to is retried.
-
 ### Seeing the failure reason for jobs
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17782) in GitLab 10.7.

doc/ci/variables/README.md

@@ -58,8 +58,29 @@ the need to specify the value itself.
 
 There are two types of variables supported by GitLab:
 
-- `env_var`: the runner will create environment variable named same as the variable key and set its value to the variable value.
-- `file`: the runner will write the variable value to a temporary file and set the path to this file as the value of an environment variable named same as the variable key.
+- "Variable": the Runner will create an environment variable named same as the variable key and set its value to the variable value.
+- "File": the Runner will write the variable value to a temporary file and set the path to this file as the value of an environment variable named same as the variable key.
+
+Many tools (like [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) and [kubectl](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable)) provide the ability to customise configuration using files by either providing the file path as a command line argument or an environment variable. Prior to the introduction of variable types, the common pattern was to use the value of a CI variable, save it in a file, and then use the newly created file in your script:
+
+```bash
+# Save the content of variable in a file
+echo "$KUBE_CA_PEM" > "$(pwd)/kube.ca.pem"
+ # Use the newly created file
+kubectl config set-cluster e2e --server="$KUBE_URL" --certificate-authority="$(pwd)/kube.ca.pem"
+```
+
+This can be simplified by creating a variable of type "File" and using it directly. For example, let's say we have the following variables.
+
+![CI/CD settings - variable types usage example](img/variable_types_usage_example.png)
+
+We can then call them from `.gitlab-ci.yml` like this:
+
+```bash
+kubectl config set-cluster e2e --server="$KUBE_URL" --certificate-authority="$KUBE_CA_PEM"
+```
+
+Variable types can be set via the [UI](#via-the-ui) or the [API](../../api/project_level_variables.md#create-variable), but not in `.gitlab-ci.yml`.
 
 #### Masked variables
 

doc/development/architecture.md

@@ -462,3 +462,95 @@ Note: It is recommended to log into the `git` user using `sudo -i -u git` or `su
 ## GitLab.com
 
 We've also detailed [our architecture of GitLab.com](https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/) but this is probably over the top unless you have millions of users.
+
+[alertmanager-omnibus]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
+[alertmanager-charts]: https://github.com/helm/charts/tree/master/stable/prometheus
+[nginx-omnibus]: https://docs.gitlab.com/omnibus/settings/
+[nginx-charts]: https://docs.gitlab.com/charts/charts/nginx/
+[nginx-source]: ../install/installation.md#9-nginx
+[unicorn-omnibus]: https://docs.gitlab.com/omnibus/settings/unicorn.html
+[unicorn-charts]: https://docs.gitlab.com/charts/charts/gitlab/unicorn/
+[unicorn-source]: ../install/installation.md#configure-it
+[gitlab-yml]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example
+[sidekiq-omnibus]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
+[sidekiq-charts]: https://docs.gitlab.com/charts/charts/gitlab/sidekiq/
+[gitaly-omnibus]: ../administration/gitaly/index.md
+[gitaly-charts]: https://docs.gitlab.com/charts/charts/gitlab/gitaly/
+[gitaly-source]: ../install/installation.md#install-gitaly
+[workhorse-omnibus]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
+[workhorse-charts]: https://docs.gitlab.com/charts/charts/gitlab/unicorn/
+[workhorse-source]: ../install/installation.md#install-gitlab-workhorse
+[shell-omnibus]: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
+[shell-charts]: https://docs.gitlab.com/charts/charts/gitlab/gitlab-shell/
+[shell-source]: ../install/installation.md#install-gitlab-shell
+[pages-omnibus]: ../administration/pages/index.md
+[pages-charts]: https://gitlab.com/charts/gitlab/issues/37
+[pages-source]: ../install/installation.md#install-gitlab-pages
+[pages-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/pages.md
+[registry-omnibus]: ../administration/container_registry.md#container-registry-domain-configuration
+[registry-charts]: https://docs.gitlab.com/charts/charts/registry/
+[registry-source]: ../administration/container_registry.md#enable-the-container-registry
+[registry-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/registry.md
+[redis-omnibus]: https://docs.gitlab.com/omnibus/settings/redis.html
+[redis-charts]: https://docs.gitlab.com/charts/charts/redis/
+[redis-source]: ../install/installation.md#7-redis
+[postgres-omnibus]: https://docs.gitlab.com/omnibus/settings/database.html
+[postgres-charts]: https://github.com/helm/charts/tree/master/stable/postgresql
+[postgres-source]: ../install/installation.md#6-database
+[pgbouncer-omnibus]: ../administration/high_availability/pgbouncer.md
+[pgbouncer-charts]: https://docs.gitlab.com/charts/installation/deployment.html#postgresql
+[consul-omnibus]: ../administration/high_availability/consul.md
+[consul-charts]: https://docs.gitlab.com/charts/installation/deployment.html#postgresql
+[prometheus-omnibus]: ../administration/monitoring/prometheus/index.md
+[prometheus-charts]: https://github.com/helm/charts/tree/master/stable/prometheus
+[grafana-omnibus]: ../administration/monitoring/performance/grafana_configuration.md
+[grafana-charts]: https://github.com/helm/charts/tree/master/stable/grafana
+[sentry-omnibus]: https://docs.gitlab.com/omnibus/settings/configuration.html#error-reporting-and-logging-with-sentry
+[sentry-charts]: https://gitlab.com/charts/gitlab/issues/1319
+[jaeger-omnibus]: https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4104
+[jaeger-charts]: https://gitlab.com/charts/gitlab/issues/1320
+[jaeger-source]: ../development/distributed_tracing.md#enabling-distributed-tracing
+[jaeger-gdk]: ../development/distributed_tracing.html#using-jaeger-in-the-gitlab-development-kit
+[redis-exporter-omnibus]: ../administration/monitoring/prometheus/redis_exporter.md
+[redis-exporter-charts]: https://docs.gitlab.com/charts/charts/redis/
+[postgres-exporter-omnibus]: ../administration/monitoring/prometheus/postgres_exporter.md
+[postgres-exporter-charts]: https://github.com/helm/charts/tree/master/stable/postgresql
+[pgbouncer-exporter-omnibus]: ../administration/monitoring/prometheus/pgbouncer_exporter.md
+[pgbouncer-exporter-charts]: https://docs.gitlab.com/charts/installation/deployment.html#postgresql
+[gitlab-monitor-omnibus]: ../administration/monitoring/prometheus/gitlab_monitor_exporter.md
+[gitab-monitor-charts]: https://gitlab.com/charts/gitlab/issues/319
+[node-exporter-omnibus]: ../administration/monitoring/prometheus/node_exporter.md
+[node-exporter-charts]: https://gitlab.com/charts/gitlab/issues/1332
+[mattermost-omnibus]: https://docs.gitlab.com/omnibus/gitlab-mattermost/
+[mattermost-charts]: https://docs.mattermost.com/install/install-mmte-helm-gitlab-helm.html
+[minio-omnibus]: https://min.io/download
+[minio-charts]: https://docs.gitlab.com/charts/charts/minio/
+[minio-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/object_storage.md
+[runner-omnibus]: https://docs.gitlab.com/runner/
+[runner-charts]: https://docs.gitlab.com/runner/install/kubernetes.html
+[runner-source]: https://docs.gitlab.com/runner/
+[runner-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/runner.md
+[database-migrations-omnibus]: https://docs.gitlab.com/omnibus/settings/database.html#disabling-automatic-database-migration
+[database-migrations-charts]: https://docs.gitlab.com/charts/charts/gitlab/migrations/
+[database-migrations-source]: ../update/upgrading_from_source.md#14-install-libs-migrations-etc
+[certificate-management-omnibus]: https://docs.gitlab.com/omnibus/settings/ssl.html
+[certificate-management-charts]: https://docs.gitlab.com/charts/installation/tls.html
+[certificate-management-source]: ../install/installation.md#using-https
+[certificate-management-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/https.md
+[geo-omnibus]: ../administration/geo/replication/index.md#setup-instructions
+[geo-charts]: https://gitlab.com/charts/gitlab/issues/8
+[geo-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/geo.md
+[ldap-omnibus]: ../administration/auth/ldap.md
+[ldap-charts]: https://docs.gitlab.com/charts/charts/globals.html#ldap
+[ldap-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/ldap.md
+[outbound-email-omnibus]: https://docs.gitlab.com/omnibus/settings/smtp.html
+[outbound-email-charts]: https://docs.gitlab.com/charts/installation/command-line-options.html#outgoing-email-configuration
+[inbound-email-omnibus]: ../administration/incoming_email.md
+[inbound-email-charts]: https://docs.gitlab.com/charts/installation/command-line-options.html#incoming-email-configuration
+[elasticsearch-omnibus]: ../integration/elasticsearch.md
+[elasticsearch-charts]: ../integration/elasticsearch.md
+[elasticsearch-source]: ../integration/elasticsearch.md
+[elasticsearch-gdk]: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/elasticsearch.md
+[sentry-integration]: ../user/project/operations/error_tracking.md
+[jaeger-integration]: ../user/project/operations/tracing.md
+[managed-k8s-apps]: ../user/project/clusters/index.md#installing-applications

doc/integration/github.md

@@ -21,10 +21,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
     - Application name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or something else descriptive.
     - Homepage URL: The URL of your GitLab installation. For example, `https://gitlab.example.com`.
     - Application description: Fill this in if you wish.
-    - Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth/github/callback`. Please make sure the port is included if your GitLab instance is not configured on default port.
+    - Authorization callback URL: `http(s)://${YOUR_DOMAIN}/users/auth`. Please make sure the port is included if your GitLab instance is not configured on default port.
     ![Register OAuth App](img/github_register_app.png)
 
-    NOTE: Be sure to append `/users/auth/github/callback` to the end of the callback URL
+    NOTE: Be sure to append `/users/auth` to the end of the callback URL
     to prevent a [OAuth2 convert
     redirect](http://tetraph.com/covert_redirect/) vulnerability.
 

doc/update/upgrading_from_source.md

@@ -114,7 +114,47 @@ sudo ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
 rm go1.10.5.linux-amd64.tar.gz
 ```
 
-### 6. Get latest code
+### 6. Update git
+
+NOTE: **Note:**
+GitLab 11.11 and higher only supports Git 2.21.x and newer, and
+[dropped support for older versions](https://gitlab.com/gitlab-org/gitlab-ce/issues/54255).
+Be sure to upgrade your installation if necessary.
+
+```bash
+# Make sure Git is version 2.21.0 or higher
+git --version
+
+# Remove packaged Git
+sudo apt-get remove git-core
+
+# Install dependencies
+sudo apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential
+
+# Download and compile pcre2 from source
+curl --silent --show-error --location https://ftp.pcre.org/pub/pcre/pcre2-10.33.tar.gz --output pcre2.tar.gz
+tar -xzf pcre2.tar.gz
+cd pcre2-10.33
+chmod +x configure
+./configure --prefix=/usr --enable-jit
+make
+make install
+
+# Download and compile from source
+cd /tmp
+curl --remote-name --location --progress https://www.kernel.org/pub/software/scm/git/git-2.21.0.tar.gz
+echo '85eca51c7404da75e353eba587f87fea9481ba41e162206a6f70ad8118147bee  git-2.21.0.tar.gz' | shasum -a256 -c - && tar -xzf git-2.21.0.tar.gz
+cd git-2.21.0/
+./configure --with-libpcre
+make prefix=/usr/local all
+
+# Install into /usr/local/bin
+sudo make prefix=/usr/local install
+
+# You should edit config/gitlab.yml, change the git -> bin_path to /usr/local/bin/git
+```
+
+### 7. Get latest code
 
 ```bash
 cd /home/git/gitlab
@@ -142,7 +182,7 @@ cd /home/git/gitlab
 sudo -u git -H git checkout BRANCH-ee
 ```
 
-### 7. Update gitlab-shell
+### 8. Update gitlab-shell
 
 ```bash
 cd /home/git/gitlab-shell
@@ -152,7 +192,7 @@ sudo -u git -H git checkout v$(</home/git/gitlab/GITLAB_SHELL_VERSION)
 sudo -u git -H bin/compile
 ```
 
-### 8. Update gitlab-workhorse
+### 9. Update gitlab-workhorse
 
 Install and compile gitlab-workhorse. GitLab-Workhorse uses
 [GNU Make](https://www.gnu.org/software/make/).
@@ -167,7 +207,7 @@ sudo -u git -H git checkout v$(</home/git/gitlab/GITLAB_WORKHORSE_VERSION)
 sudo -u git -H make
 ```
 
-### 9. Update Gitaly
+### 10. Update Gitaly
 
 #### Compile Gitaly
 
@@ -178,7 +218,7 @@ sudo -u git -H git checkout v$(</home/git/gitlab/GITALY_SERVER_VERSION)
 sudo -u git -H make
 ```
 
-### 10. Update gitlab-pages
+### 11. Update gitlab-pages
 
 #### Only needed if you use GitLab Pages
 
@@ -195,7 +235,7 @@ sudo -u git -H git checkout v$(</home/git/gitlab/GITLAB_PAGES_VERSION)
 sudo -u git -H make
 ```
 
-### 11. Update MySQL permissions
+### 12. Update MySQL permissions
 
 If you are using MySQL you need to grant the GitLab user the necessary
 permissions on the database:
@@ -217,7 +257,7 @@ You can make this setting permanent by adding it to your `my.cnf`:
 log_bin_trust_function_creators=1
 ```
 
-### 12. Update configuration files
+### 13. Update configuration files
 
 #### New configuration options for `gitlab.yml`
 
@@ -291,7 +331,7 @@ For Ubuntu 16.04.1 LTS:
 sudo systemctl daemon-reload
 ```
 
-### 13. Install libs, migrations, etc.
+### 14. Install libs, migrations, etc.
 
 ```bash
 cd /home/git/gitlab
@@ -323,14 +363,14 @@ sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
 **MySQL installations**: Run through the `MySQL strings limits` and `Tables and
 data conversion to utf8mb4` [tasks](../install/database_mysql.md).
 
-### 14. Start application
+### 15. Start application
 
 ```bash
 sudo service gitlab start
 sudo service nginx restart
 ```
 
-### 15. Check application status
+### 16. Check application status
 
 Check if GitLab and its environment are configured correctly:
 

doc/user/project/integrations/mattermost.md

@@ -27,9 +27,11 @@ There, you will see a checkbox with the following events that can be triggered:
 - Confidential issue
 - Merge request
 - Note
+- Confidential note
 - Tag push
 - Pipeline
 - Wiki page
+- Deployment
 
 Below each of these event checkboxes, you have an input field to enter
 which Mattermost channel you want to send that event message. Enter your preferred channel handle (the hash sign `#` is optional).

lib/gitlab/import_export/project_tree_restorer.rb

@@ -129,7 +129,7 @@ module Gitlab
 
       def visibility_level
         level = override_params['visibility_level'] || json_params['visibility_level'] || @project.visibility_level
-        level = @project.group.visibility_level if @project.group && level > @project.group.visibility_level
+        level = @project.group.visibility_level if @project.group && level.to_i > @project.group.visibility_level
 
         { 'visibility_level' => level }
       end

lib/gitlab/kubernetes/helm/api.rb

@@ -24,6 +24,7 @@ module Gitlab
 
         def uninstall(command)
           namespace.ensure_exists!
+          create_config_map(command)
 
           delete_pod!(command.pod_name)
           kubeclient.create_pod(command.pod_resource)

lib/gitlab/omniauth_initializer.rb

@@ -63,6 +63,12 @@ module Gitlab
         { remote_sign_out_handler: authentiq_signout_handler }
       when 'shibboleth'
         { fail_with_empty_uid: true }
+      when 'openid_connect'
+        # If a name argument is omitted, OmniAuth will expect that the
+        # matching route is /auth/users/openidconnect instead of
+        # /auth/users/openid_connect because of
+        # https://gitlab.com/gitlab-org/gitlab-ce/issues/62208#note_178780341.
+        { name: 'openid_connect' }
       else
         {}
       end

spec/features/projects/jobs_spec.rb

@@ -936,8 +936,8 @@ describe 'Jobs', :clean_gitlab_redis_shared_state do
         find('.js-cancel-job').click
       end
 
-      it 'loads the page and shows no controls' do
-        expect(page).not_to have_content 'Retry'
+      it 'loads the page and shows all needed controls' do
+        expect(page).to have_content 'Retry'
       end
     end
   end
@@ -946,7 +946,7 @@ describe 'Jobs', :clean_gitlab_redis_shared_state do
     context "Job from project", :js do
       before do
         job.run!
-        job.drop!(:script_failure)
+        job.cancel!
         visit project_job_path(project, job)
         wait_for_requests
 

spec/features/projects/pipelines/pipeline_spec.rb

@@ -115,11 +115,11 @@ describe 'Pipeline', :js do
           end
         end
 
-        it 'cancels the running build and does not show retry button' do
+        it 'cancels the running build and shows retry button' do
           find('#ci-badge-deploy .ci-action-icon-container').click
 
           page.within('#ci-badge-deploy') do
-            expect(page).not_to have_css('.js-icon-retry')
+            expect(page).to have_css('.js-icon-retry')
           end
         end
       end
@@ -133,11 +133,11 @@ describe 'Pipeline', :js do
           end
         end
 
-        it 'cancels the preparing build and does not show retry button' do
+        it 'cancels the preparing build and shows retry button' do
           find('#ci-badge-deploy .ci-action-icon-container').click
 
           page.within('#ci-badge-deploy') do
-            expect(page).not_to have_css('.js-icon-retry')
+            expect(page).to have_css('.js-icon-retry')
           end
         end
       end

spec/lib/gitlab/ci/status/build/factory_spec.rb

@@ -163,11 +163,11 @@ describe Gitlab::Ci::Status::Build::Factory do
 
     it 'matches correct extended statuses' do
       expect(factory.extended_statuses)
-        .to eq [Gitlab::Ci::Status::Build::Canceled]
+        .to eq [Gitlab::Ci::Status::Build::Canceled, Gitlab::Ci::Status::Build::Retryable]
     end
 
-    it 'does not fabricate a retryable build status' do
-      expect(status).not_to be_a Gitlab::Ci::Status::Build::Retryable
+    it 'fabricates a retryable build status' do
+      expect(status).to be_a Gitlab::Ci::Status::Build::Retryable
     end
 
     it 'fabricates status with correct details' do
@@ -177,7 +177,7 @@ describe Gitlab::Ci::Status::Build::Factory do
       expect(status.illustration).to include(:image, :size, :title)
       expect(status.label).to eq 'canceled'
       expect(status).to have_details
-      expect(status).not_to have_action
+      expect(status).to have_action
     end
   end
 

spec/lib/gitlab/import_export/project_tree_restorer_spec.rb

@@ -348,6 +348,19 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
     end
 
     context 'when the project has overridden params in import data' do
+      it 'handles string versions of visibility_level' do
+        # Project needs to be in a group for visibility level comparison
+        # to happen
+        group = create(:group)
+        project.group = group
+
+        project.create_import_data(data: { override_params: { visibility_level: Gitlab::VisibilityLevel::INTERNAL.to_s } })
+
+        restored_project_json
+
+        expect(project.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
+      end
+
       it 'overwrites the params stored in the JSON' do
         project.create_import_data(data: { override_params: { description: "Overridden" } })
 

spec/lib/gitlab/kubernetes/helm/api_spec.rb

@@ -36,6 +36,8 @@ describe Gitlab::Kubernetes::Helm::Api do
   describe '#uninstall' do
     before do
       allow(client).to receive(:create_pod).and_return(nil)
+      allow(client).to receive(:get_config_map).and_return(nil)
+      allow(client).to receive(:create_config_map).and_return(nil)
       allow(client).to receive(:delete_pod).and_return(nil)
       allow(namespace).to receive(:ensure_exists!).once
     end
@@ -53,6 +55,28 @@ describe Gitlab::Kubernetes::Helm::Api do
 
       subject.uninstall(command)
     end
+
+    context 'with a ConfigMap' do
+      let(:resource) { Gitlab::Kubernetes::ConfigMap.new(application_name, files).generate }
+
+      it 'creates a ConfigMap on kubeclient' do
+        expect(client).to receive(:create_config_map).with(resource).once
+
+        subject.install(command)
+      end
+
+      context 'config map already exists' do
+        before do
+          expect(client).to receive(:get_config_map).with("values-content-configuration-#{application_name}", gitlab_namespace).and_return(resource)
+        end
+
+        it 'updates the config map' do
+          expect(client).to receive(:update_config_map).with(resource).once
+
+          subject.install(command)
+        end
+      end
+    end
   end
 
   describe '#install' do

spec/lib/gitlab/omniauth_initializer_spec.rb

@@ -83,5 +83,13 @@ describe Gitlab::OmniauthInitializer do
 
       subject.execute([cas3_config])
     end
+
+    it 'configures name for openid_connect' do
+      openid_connect_config = { 'name' => 'openid_connect', 'args' => {} }
+
+      expect(devise_config).to receive(:omniauth).with(:openid_connect, name: 'openid_connect')
+
+      subject.execute([openid_connect_config])
+    end
   end
 end

spec/models/ci/build_spec.rb

@@ -1434,7 +1434,7 @@ describe Ci::Build do
             build.cancel!
           end
 
-          it { is_expected.not_to be_retryable }
+          it { is_expected.to be_retryable }
         end
       end
 
@@ -1964,7 +1964,7 @@ describe Ci::Build do
       context 'when build has been canceled' do
         subject { build_stubbed(:ci_build, :manual, status: :canceled) }
 
-        it { is_expected.not_to be_playable }
+        it { is_expected.to be_playable }
       end
 
       context 'when build is successful' do

spec/presenters/ci/build_runner_presenter_spec.rb

@@ -136,24 +136,6 @@ describe Ci::BuildRunnerPresenter do
         is_expected.to eq(1)
       end
     end
-
-    context 'when pipeline is detached merge request pipeline' do
-      let(:merge_request) { create(:merge_request, :with_detached_merge_request_pipeline) }
-      let(:pipeline) { merge_request.all_pipelines.first }
-      let(:build) { create(:ci_build, ref: pipeline.ref, pipeline: pipeline) }
-
-      it 'returns the default git depth for pipelines for merge requests' do
-        is_expected.to eq(described_class::DEFAULT_GIT_DEPTH_MERGE_REQUEST)
-      end
-
-      context 'when pipeline is legacy detached merge request pipeline' do
-        let(:merge_request) { create(:merge_request, :with_legacy_detached_merge_request_pipeline) }
-
-        it 'behaves as branch pipeline' do
-          is_expected.to eq(0)
-        end
-      end
-    end
   end
 
   describe '#refspecs' do
@@ -191,7 +173,9 @@ describe Ci::BuildRunnerPresenter do
 
       it 'returns the correct refspecs' do
         is_expected
-          .to contain_exactly('+refs/merge-requests/1/head:refs/merge-requests/1/head')
+          .to contain_exactly('+refs/heads/*:refs/remotes/origin/*',
+                              '+refs/tags/*:refs/tags/*',
+                              '+refs/merge-requests/1/head:refs/merge-requests/1/head')
       end
 
       context 'when pipeline is legacy detached merge request pipeline' do

spec/requests/api/jobs_spec.rb

@@ -863,7 +863,7 @@ describe API::Jobs do
   end
 
   describe 'POST /projects/:id/jobs/:job_id/retry' do
-    let(:job) { create(:ci_build, :failed, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :canceled, pipeline: pipeline) }
 
     before do
       post api("/projects/#{project.id}/jobs/#{job.id}/retry", api_user)
@@ -873,7 +873,7 @@ describe API::Jobs do
       context 'user with :update_build permission' do
         it 'retries non-running job' do
           expect(response).to have_gitlab_http_status(201)
-          expect(project.builds.first.status).to eq('failed')
+          expect(project.builds.first.status).to eq('canceled')
           expect(json_response['status']).to eq('pending')
         end
       end