Merge branch 'master' into ee-dispatcher-branches-create

.eslintrc

@@ -10,7 +10,6 @@
   ],
   "globals": {
     "__webpack_public_path__": true,
-    "_": false,
     "gl": false,
     "gon": false,
     "localStorage": false

.gitlab-ci.yml

@@ -648,6 +648,18 @@ qa:internal:
     - bundle install
     - bundle exec rspec
 
+qa:selectors:
+  <<: *dedicated-runner
+  <<: *except-docs
+  stage: test
+  variables:
+    SETUP_DB: "false"
+  services: []
+  script:
+    - cd qa/
+    - bundle install
+    - bundle exec bin/qa Test::Sanity::Selectors
+
 coverage:
   <<: *dedicated-runner
   <<: *except-docs-and-qa

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
 
+## 10.3.4 (2018-01-10)
+
+### Security (2 changes)
+
+- Fix LDAP external user/group bug on first sign in.
+- Deny persisting milestones from outside project/group scope on boards.
+
+
 ## 10.3.3 (2018-01-02)
 
 - No changes.
@@ -80,6 +88,14 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Add border for epic edit button.
 
 
+## 10.2.6 (2018-01-11)
+
+### Security (2 changes)
+
+- Fix LDAP external user/group bug on first sign in.
+- Deny persisting milestones from outside project/group scope on boards.
+
+
 ## 10.2.5 (2017-12-15)
 
 ### Fixed (1 change)
@@ -184,6 +200,14 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Enhance the documentation for gitlab-ctl replicate-geo-database. !3268
 
 
+## 10.1.6 (2018-01-11)
+
+### Security (2 changes)
+
+- Fix LDAP external user/group bug on first sign in.
+- Deny persisting milestones from outside project/group scope on boards.
+
+
 ## 10.1.5 (2017-12-07)
 
 - No changes.

CHANGELOG.md

@@ -2,6 +2,19 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 10.3.4 (2018-01-10)
+
+### Security (7 changes, 1 of them is from the community)
+
+- Prevent a SQL injection in the MilestonesFinder.
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix writable shared deploy keys.
+
+
 ## 10.3.3 (2018-01-02)
 
 ### Fixed (3 changes)
@@ -180,6 +193,21 @@ entry.
 - Clean up schema of the "merge_requests" table.
 
 
+## 10.2.6 (2018-01-11)
+
+### Security (9 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Fixed IPython notebook output not being sanitized.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.2.5 (2017-12-15)
 
 ### Fixed (8 changes)
@@ -446,6 +474,20 @@ entry.
 - Add Gitaly metrics to the performance bar.
 
 
+## 10.1.6 (2018-01-11)
+
+### Security (8 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.1.5 (2017-12-07)
 
 ### Security (5 changes)

GITALY_SERVER_VERSION

-0.66.0
+0.67.0

Gemfile

@@ -397,9 +397,6 @@ gem 'ruby-prof', '~> 0.16.2'
 # OAuth
 gem 'oauth2', '~> 1.4'
 
-# Soft deletion
-gem 'paranoia', '~> 2.3.1'
-
 # Health check
 gem 'health_check', '~> 2.6.0'
 
@@ -422,7 +419,7 @@ group :ed25519 do
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.64.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.69.0', require: 'gitaly'
 
 gem 'toml-rb', '~> 0.3.15', require: false
 

Gemfile.lock

@@ -308,7 +308,7 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     gherkin-ruby (0.3.2)
-    gitaly-proto (0.64.0)
+    gitaly-proto (0.69.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.0)
     github-linguist (4.7.6)
@@ -609,8 +609,6 @@ GEM
     orm_adapter (0.5.0)
     os (0.9.6)
     parallel (1.12.0)
-    paranoia (2.3.1)
-      activerecord (>= 4.0, < 5.2)
     parser (2.4.0.2)
       ast (~> 2.3)
     parslet (1.5.0)
@@ -1088,7 +1086,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.2.0)
-  gitaly-proto (~> 0.64.0)
+  gitaly-proto (~> 0.69.0)
   github-linguist (~> 4.7.0)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-license (~> 1.0)
@@ -1155,7 +1153,6 @@ DEPENDENCIES
   omniauth-twitter (~> 1.2.0)
   omniauth_crowd (~> 2.2.0)
   org-ruby (~> 0.9.12)
-  paranoia (~> 2.3.1)
   peek (~> 1.0.1)
   peek-gc (~> 0.0.2)
   peek-host (~> 1.0.0)

app/assets/javascripts/blob/blob_file_dropzone.js

@@ -4,6 +4,8 @@ import { visitUrl } from '../lib/utils/url_utility';
 import { HIDDEN_CLASS } from '../lib/utils/constants';
 import csrf from '../lib/utils/csrf';
 
+Dropzone.autoDiscover = false;
+
 function toggleLoading($el, $icon, loading) {
   if (loading) {
     $el.disable();

app/assets/javascripts/boards/components/board.js

 /* eslint-disable comma-dangle, space-before-function-paren, one-var */
-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 import Vue from 'vue';
 import boardPromotionState from 'ee/boards/components/board_promotion_state';
 import AccessorUtilities from '../../lib/utils/accessor';

app/assets/javascripts/boards/components/board_list.js

-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 import boardNewIssue from './board_new_issue';
 import boardCard from './board_card.vue';
 import eventHub from '../eventhub';

app/assets/javascripts/boards/components/project_select.vue

-
 <script>
   /* global ListIssue */
+  import _ from 'underscore';
   import eventHub from '../eventhub';
   import loadingIcon from '../../vue_shared/components/loading_icon.vue';
   import Api from '../../api';

app/assets/javascripts/create_merge_request_dropdown.js

 /* eslint-disable no-new */
+import _ from 'underscore';
 import Flash from './flash';
 import DropLab from './droplab/drop_lab';
 import ISetter from './droplab/plugins/input_setter';

app/assets/javascripts/dispatcher.js.rej

+diff a/app/assets/javascripts/dispatcher.js b/app/assets/javascripts/dispatcher.js	(rejected hunks)
+@@ -12,7 +12,6 @@ import notificationsDropdown from './notifications_dropdown';
+ import groupAvatar from './group_avatar';
+ import GroupLabelSubscription from './group_label_subscription';
+ import LineHighlighter from './line_highlighter';
+-import groupsSelect from './groups_select';
+ import Search from './search';
+ import initAdmin from './admin';
+ import NamespaceSelect from './namespace_select';

app/assets/javascripts/dropzone_input.js

@@ -3,6 +3,8 @@ import _ from 'underscore';
 import './preview_markdown';
 import csrf from './lib/utils/csrf';
 
+Dropzone.autoDiscover = false;
+
 export default function dropzoneInput(form) {
   const divHover = '<div class="div-dropzone-hover"></div>';
   const iconPaperclip = '<i class="fa fa-paperclip div-dropzone-icon"></i>';

app/assets/javascripts/environments/mixins/environments_mixin.js

 /**
  * Common code between environmets app and folder view
  */
-
+import _ from 'underscore';
 import Visibility from 'visibilityjs';
 import Poll from '../../lib/utils/poll';
 import {

app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js

+import _ from 'underscore';
 import DropLab from '~/droplab/drop_lab';
 import FilteredSearchContainer from './container';
 

app/assets/javascripts/filtered_search/filtered_search_manager.js

+import _ from 'underscore';
 import { visitUrl } from '../lib/utils/url_utility';
 import Flash from '../flash';
 import FilteredSearchContainer from './container';

app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js

+import _ from 'underscore';
 import AjaxCache from '../lib/utils/ajax_cache';
 import Flash from '../flash';
 import FilteredSearchContainer from './container';

app/assets/javascripts/ide/lib/editor.js

+import _ from 'underscore';
 import DecorationsController from './decorations/controller';
 import DirtyDiffController from './diff/controller';
 import Disposable from './common/disposable';

app/assets/javascripts/ide/stores/utils.js

+import _ from 'underscore';
+
 export const dataStructure = () => ({
   id: '',
   key: '',

app/assets/javascripts/issuable/related_issues/components/related_issues_root.vue

@@ -23,7 +23,7 @@ Your caret can stop touching a `rawReference` can happen in a variety of ways:
    and hide the `AddIssuableForm` area.
 
 */
-
+import _ from 'underscore';
 import Flash from '../../../flash';
 import eventHub from '../event_hub';
 import RelatedIssuesBlock from './related_issues_block.vue';

app/assets/javascripts/label_manager.js

 /* eslint-disable comma-dangle, class-methods-use-this, no-underscore-dangle, no-param-reassign, no-unused-vars, consistent-return, func-names, space-before-function-paren, max-len */
-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 
 import Flash from './flash';
 

app/assets/javascripts/milestone.js

-/* global Sortable */
-
 import Flash from './flash';
 
 export default class Milestone {

app/assets/javascripts/mirrors/mirror_pull.js

+import _ from 'underscore';
 import Flash from '../flash';
 import AUTH_METHOD from './constants';
 import { backOff } from '../lib/utils/common_utils';

app/assets/javascripts/abuse_reports.js → app/assets/javascripts/pages/admin/abuse_reports/abuse_reports.js

-import { truncate } from './lib/utils/text_utility';
+import { truncate } from '../../../lib/utils/text_utility';
 
 const MAX_MESSAGE_LENGTH = 500;
 const MESSAGE_CELL_SELECTOR = '.abuse-reports .message';

app/assets/javascripts/pages/admin/abuse_reports/index.js

+import AbuseReports from './abuse_reports';
+
+export default () => new AbuseReports();

app/assets/javascripts/admin.js → app/assets/javascripts/pages/admin/admin.js

-import { refreshCurrentPage } from './lib/utils/url_utility';
+import { refreshCurrentPage } from '../../lib/utils/url_utility';
 
 function showBlacklistType() {
   if ($('input[name="blacklist_type"]:checked').val() === 'file') {

app/assets/javascripts/broadcast_message.js → app/assets/javascripts/pages/admin/broadcast_messages/broadcast_message.js

+import _ from 'underscore';
+
 export default function initBroadcastMessagesForm() {
   $('input#broadcast_message_color').on('input', function onMessageColorInput() {
     const previewColor = $(this).val();

app/assets/javascripts/pages/admin/broadcast_messages/index.js

+import initBroadcastMessagesForm from './broadcast_message';
+
+export default () => initBroadcastMessagesForm();

app/assets/javascripts/pages/admin/cohorts/index.js

+import initUsagePing from './usage_ping';
+
+export default () => initUsagePing();

app/assets/javascripts/pages/admin/groups/edit/index.js

+import groupAvatar from '../../../../group_avatar';
+
+export default () => groupAvatar();

app/assets/javascripts/pages/admin/groups/new/index.js

+import BindInOut from '../../../../behaviors/bind_in_out';
+import Group from '../../../../group';
+import groupAvatar from '../../../../group_avatar';
+
+export default () => {
+  BindInOut.initAll();
+  new Group(); // eslint-disable-line no-new
+  groupAvatar();
+};

app/assets/javascripts/pages/admin/groups/show/index.js

+import UsersSelect from '../../../../users_select';
+
+export default () => new UsersSelect();

app/assets/javascripts/pages/admin/impersonation_tokens/index.js

+import DueDateSelectors from '../../../due_date_select';
+
+export default () => new DueDateSelectors();

app/assets/javascripts/pages/admin/index.js

+import initAdmin from './admin';
+
+export default () => initAdmin();

app/assets/javascripts/pages/admin/labels/edit/index.js

+import Labels from '../../../../labels';
+
+export default () => new Labels();

app/assets/javascripts/pages/admin/labels/new/index.js

+import Labels from '../../../../labels';
+
+export default () => new Labels();

app/assets/javascripts/pages/admin/projects/index.js

+import ProjectsList from '../../../projects_list';
+import NamespaceSelect from '../../../namespace_select';
+
+export default () => {
+  new ProjectsList(); // eslint-disable-line no-new
+
+  document.querySelectorAll('.js-namespace-select')
+    .forEach(dropdown => new NamespaceSelect({ dropdown }));
+};

app/assets/javascripts/pages/dashboard/activity/index.js

+import Activities from '~/activities';
+
+export default () => new Activities();

app/assets/javascripts/pages/help/index.js

+import VersionCheckImage from '../../version_check_image';
+
+export default () => VersionCheckImage.bindErrorEvent($('img.js-version-status-badge'));

app/assets/javascripts/pages/profiles/index/index.js

+import NotificationsForm from '../../../notifications_form';
+import notificationsDropdown from '../../../notifications_dropdown';
+
+export default () => {
+  new NotificationsForm(); // eslint-disable-line no-new
+  notificationsDropdown();
+};

app/assets/javascripts/pages/profiles/personal_access_tokens/index.js

+import DueDateSelectors from '../../../due_date_select';
+
+export default () => new DueDateSelectors();

app/assets/javascripts/pages/projects/pipelines/builds/index.js

+import Pipelines from '../../../../pipelines';
+
+export default () => {
+  const { controllerAction } = document.querySelector('.js-pipeline-container').dataset;
+  const pipelineStatusUrl = `${document.querySelector('.js-pipeline-tab-link a').getAttribute('href')}/status.json`;
+
+  new Pipelines({ // eslint-disable-line no-new
+    initTabs: true,
+    pipelineStatusUrl,
+    tabsOptions: {
+      action: controllerAction,
+      defaultAction: 'pipelines',
+      parentEl: '.pipelines-tabs',
+    },
+  });
+};

app/assets/javascripts/pages/projects/pipelines/new/index.js

+import NewBranchForm from '../../../../new_branch_form';
+
+export default () => {
+  new NewBranchForm($('.js-new-pipeline-form')); // eslint-disable-line no-new
+};

app/assets/javascripts/pages/projects/project_members/index.js

+import memberExpirationDate from '../../../member_expiration_date';
+import UsersSelect from '../../../users_select';
+import groupsSelect from '../../../groups_select';
+import Members from '../../../members';
+
+export default () => {
+  memberExpirationDate('.js-access-expiration-date-groups');
+  groupsSelect();
+  memberExpirationDate();
+  new Members(); // eslint-disable-line no-new
+  new UsersSelect(); // eslint-disable-line no-new
+};

app/assets/javascripts/pages/search/show/index.js

+import Search from './search';
+
+export default () => new Search();

app/assets/javascripts/search.js → app/assets/javascripts/pages/search/show/search.js

-import Flash from './flash';
-import Api from './api';
+import Flash from '~/flash';
+import Api from '~/api';
 
 export default class Search {
   constructor() {

app/assets/javascripts/pages/sessions/new/index.js

+import UsernameValidator from './username_validator';
+import SigninTabsMemoizer from './signin_tabs_memoizer';
+import OAuthRememberMe from './oauth_remember_me';
+
+export default () => {
+  new UsernameValidator(); // eslint-disable-line no-new
+  new SigninTabsMemoizer(); // eslint-disable-line no-new
+  new OAuthRememberMe({ // eslint-disable-line no-new
+    container: $('.omniauth-container'),
+  }).bindEvents();
+};

app/assets/javascripts/signin_tabs_memoizer.js → app/assets/javascripts/pages/sessions/new/signin_tabs_memoizer.js

 /* eslint no-param-reassign: ["error", { "props": false }]*/
 /* eslint no-new: "off" */
-import AccessorUtilities from './lib/utils/accessor';
+import AccessorUtilities from '~/lib/utils/accessor';
 
 /**
  * Memorize the last selected tab after reloading a page.

app/assets/javascripts/projects_dropdown/service/projects_service.js

+import _ from 'underscore';
 import Vue from 'vue';
 import VueResource from 'vue-resource';
 

app/assets/javascripts/shortcuts_blob.js

-/* global Mousetrap */
+import Mousetrap from 'mousetrap';
 import { getLocationHash, visitUrl } from './lib/utils/url_utility';
 import Shortcuts from './shortcuts';
 

app/assets/javascripts/shortcuts_find_file.js

-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 
 export default class ShortcutsFindFile extends ShortcutsNavigation {

app/assets/javascripts/shortcuts_issuable.js

-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import _ from 'underscore';
-import 'mousetrap';
 import Sidebar from './right_sidebar';
 import ShortcutsNavigation from './shortcuts_navigation';
 import { CopyAsGFM } from './behaviors/copy_as_gfm';

app/assets/javascripts/shortcuts_navigation.js

-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import findAndFollowLink from './shortcuts_dashboard_navigation';
 import Shortcuts from './shortcuts';
 

app/assets/javascripts/shortcuts_network.js

-/* global Mousetrap */
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 
 export default class ShortcutsNetwork extends ShortcutsNavigation {

app/assets/javascripts/shortcuts_wiki.js

-/* eslint-disable class-methods-use-this */
-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 import findAndFollowLink from './shortcuts_dashboard_navigation';
 
 export default class ShortcutsWiki extends ShortcutsNavigation {
   constructor() {
     super();
-    Mousetrap.bind('e', this.editWiki);
+    Mousetrap.bind('e', ShortcutsWiki.editWiki);
   }
 
-  editWiki() {
+  static editWiki() {
     findAndFollowLink('.js-wiki-edit');
   }
 }

app/assets/javascripts/zen_mode.js

 /* eslint-disable func-names, space-before-function-paren, wrap-iife, prefer-arrow-callback, no-unused-vars, consistent-return, camelcase, comma-dangle, max-len, class-methods-use-this */
-/* global Mousetrap */
 
 // Zen Mode (full screen) textarea
 //
@@ -8,9 +7,11 @@
 
 import 'vendor/jquery.scrollTo';
 import Dropzone from 'dropzone';
-import 'mousetrap';
+import Mousetrap from 'mousetrap';
 import 'mousetrap/plugins/pause/mousetrap-pause';
 
+Dropzone.autoDiscover = false;
+
 //
 // ### Events
 //

app/assets/stylesheets/pages/geo_nodes.scss

@@ -73,9 +73,13 @@
 }
 
 .geo-nodes {
-  .node-url-warning {
+  .node-status-icon-warning {
     fill: $gl-warning;
   }
+
+  .node-status-icon-failure {
+    fill: $gl-danger;
+  }
 }
 
 .node-details-list {

app/controllers/admin/runners_controller.rb

@@ -65,6 +65,7 @@ class Admin::RunnersController < Admin::ApplicationController
       else
         Project.all
       end
+
     @projects = @projects.where.not(id: runner.projects.select(:id)) if runner.projects.any?
     @projects = @projects.page(params[:page]).per(30)
   end

app/controllers/concerns/group_tree.rb

@@ -8,6 +8,7 @@ module GroupTree
                 # Only show root groups if no parent-id is given
                 groups.where(parent_id: params[:parent_id])
               end
+
     @groups = @groups.with_selects_for_list(archived: params[:archived])
                 .sort(@sort = params[:sort])
                 .page(params[:page])

app/controllers/concerns/routable_actions.rb

@@ -32,6 +32,7 @@ module RoutableActions
       if canonical_path.casecmp(requested_full_path) != 0
         flash[:notice] = "#{routable.class.to_s.titleize} '#{requested_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path."
       end
+
       redirect_to build_canonical_path(routable)
     end
   end

app/controllers/metrics_controller.rb

@@ -12,6 +12,7 @@ class MetricsController < ActionController::Base
                                           )
                  "# Metrics are disabled, see: #{help_page}\n"
                end
+
     render text: response, content_type: 'text/plain; version=0.0.4'
   end
 

app/controllers/omniauth_callbacks_controller.rb

@@ -86,6 +86,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     if ticket
       handle_service_ticket oauth['provider'], ticket
     end
+
     handle_omniauth
   end
 
@@ -138,6 +139,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     # Only allow properly saved users to login.
     if @user.persisted? && @user.valid?
       log_audit_event(@user, with: oauth['provider'])
+
       if @user.two_factor_enabled?
         params[:remember_me] = '1' if remember_me?
         prompt_for_two_factor(@user)

app/controllers/projects/blob_controller.rb

@@ -150,6 +150,7 @@ class Projects::BlobController < Projects::ApplicationController
         if params[:file].present?
           params[:file_name] = params[:file].original_filename
         end
+
         File.join(@path, params[:file_name])
       elsif params[:file_path].present?
         params[:file_path]

app/controllers/projects/hooks_controller.rb

@@ -21,6 +21,7 @@ class Projects::HooksController < Projects::ApplicationController
       @hooks = @project.hooks.select(&:persisted?)
       flash[:alert] = @hook.errors.full_messages.join.html_safe
     end
+
     redirect_to project_settings_integrations_path(@project)
   end
 

app/controllers/projects/merge_requests/creations_controller.rb

@@ -50,6 +50,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
              else
                []
              end
+
     @diff_notes_disabled = true
 
     @environment = @merge_request.environments_for(current_user).last

app/controllers/projects_controller.rb

@@ -206,6 +206,7 @@ class ProjectsController < Projects::ApplicationController
     else
       flash[:alert] = _("Project export could not be deleted.")
     end
+
     redirect_to(edit_project_path(@project))
   end
 

app/controllers/sessions_controller.rb

@@ -29,6 +29,7 @@ class SessionsController < Devise::SessionsController
         resource.update_attributes(reset_password_token: nil,
                                    reset_password_sent_at: nil)
       end
+
       # hide the signed-in notification
       flash[:notice] = nil
       log_audit_event(current_user, resource, with: authentication_method)

app/finders/group_descendants_finder.rb

@@ -63,6 +63,7 @@ class GroupDescendantsFinder
     groups_table = Group.arel_table
     visible_to_user = groups_table[:visibility_level]
                       .in(Gitlab::VisibilityLevel.levels_for_user(current_user))
+
     if current_user
       authorized_groups = GroupsFinder.new(current_user,
                                            all_available: false)
@@ -115,6 +116,7 @@ class GroupDescendantsFinder
              else
                direct_child_groups
              end
+
     groups.with_selects_for_list(archived: params[:archived]).order_by(sort)
   end
 
@@ -140,6 +142,7 @@ class GroupDescendantsFinder
                else
                  direct_child_projects
                end
+
     projects.with_route.order_by(sort)
   end
 

app/finders/group_projects_finder.rb

@@ -34,6 +34,7 @@ class GroupProjectsFinder < ProjectsFinder
                else
                  collection_without_user
                end
+
     union(projects)
   end
 

app/helpers/kerberos_spnego_helper.rb

@@ -62,6 +62,7 @@ module KerberosSpnegoHelper
       else
         nil # accept any valid service principal name from keytab
       end
+
     gss.acquire_credentials(gss_service_name) # grab credentials from keytab
 
     # Decode token

app/helpers/markup_helper.rb

@@ -203,6 +203,7 @@ module MarkupHelper
           node.content = node.content.truncate(num_remaining)
           truncated = true
         end
+
         content_length += node.content.length
       end
 

app/helpers/merge_requests_helper.rb

@@ -86,6 +86,7 @@ module MergeRequestsHelper
       approvers_names = merge_request.approvers_left.map(&:name)
 
       str <<
+
         if more_approvals > 0
           " (from #{render_items_list(approvers_names + ["#{more_approvals} more"])})"
         elsif more_approvals < 0

app/helpers/milestones_helper.rb

@@ -163,6 +163,7 @@ module MilestonesHelper
 
   def show_burndown_placeholder?(warning)
     return false if cookies['hide_burndown_message'].present?
+
     return false unless @project.feature_available?(:burndown_charts, current_user) &&
         @project.feature_available?(:issue_weights, current_user)
 

app/helpers/nav_helper.rb

@@ -13,6 +13,7 @@ module NavHelper
         current_path?('issues#show') ||
         current_path?('milestones#show') ||
         current_path?('epics#show')
+
       if cookies[:collapsed_gutter] == 'true'
         %w[page-gutter right-sidebar-collapsed]
       else

app/helpers/snippets_helper.rb

@@ -89,6 +89,7 @@ module SnippetsHelper
         snippet_chunk = [lined_content[line_number]]
         snippet_start_line = line_number
       end
+
       last_line = line_number
     end
     # Add final chunk to chunk array

app/helpers/submodule_helper.rb

@@ -58,6 +58,7 @@ module SubmoduleHelper
     url_no_dotgit = url.chomp('.git')
     return true if url_no_dotgit == [Gitlab.config.gitlab.url, '/', namespace, '/',
                                      project].join('')
+
     url_with_dotgit = url_no_dotgit + '.git'
     url_with_dotgit == Gitlab::Shell.new.url_to_repo([namespace, '/', project].join(''))
   end

app/helpers/todos_helper.rb

@@ -30,6 +30,7 @@ module TodosHelper
       else
         todo.target_reference
       end
+
     link_to text, todo_target_path(todo), class: 'has-tooltip', title: todo.target.title
   end
 

app/models/application_setting.rb

@@ -465,6 +465,7 @@ class ApplicationSetting < ActiveRecord::Base
         super(group_full_path)
         Gitlab::PerformanceBar.expire_allowed_user_ids_cache
       end
+
       return
     end
 

app/models/ci/pipeline_schedule.rb

@@ -2,8 +2,9 @@ module Ci
   class PipelineSchedule < ActiveRecord::Base
     extend Gitlab::Ci::Model
     include Importable
+    include IgnorableColumn
 
-    acts_as_paranoid
+    ignore_column :deleted_at
 
     belongs_to :project
     belongs_to :owner, class_name: 'User'

app/models/ci/trigger.rb

 module Ci
   class Trigger < ActiveRecord::Base
     extend Gitlab::Ci::Model
+    include IgnorableColumn
 
-    acts_as_paranoid
+    ignore_column :deleted_at
 
     belongs_to :project
     belongs_to :owner, class_name: "User"

app/models/concerns/internal_id.rb

@@ -10,7 +10,6 @@ module InternalId
     if iid.blank?
       parent = project || group
       records = parent.public_send(self.class.name.tableize) # rubocop:disable GitlabSecurity/PublicSend
-      records = records.with_deleted if self.paranoid?
       max_iid = records.maximum(:iid)
 
       self.iid = max_iid.to_i + 1

app/models/concerns/issuable.rb

@@ -324,6 +324,7 @@ module Issuable
     includes = []
     includes << :author unless notes.authors_loaded?
     includes << :award_emoji unless notes.award_emojis_loaded?
+
     if includes.any?
       notes.includes(includes)
     else

app/models/concerns/loaded_in_group_list.rb

@@ -25,6 +25,7 @@ module LoadedInGroupList
 
       base_count = projects.project(Arel.star.count.as('preloaded_project_count'))
                      .where(projects[:namespace_id].eq(namespaces[:id]))
+
       if archived == 'only'
         base_count.where(projects[:archived].eq(true))
       elsif Gitlab::Utils.to_boolean(archived)

app/models/issue.rb

@@ -16,7 +16,7 @@ class Issue < ActiveRecord::Base
   include ThrottledTouch
   include IgnorableColumn
 
-  ignore_column :assignee_id, :branch_name
+  ignore_column :assignee_id, :branch_name, :deleted_at
 
   WEIGHT_RANGE = 1..9
   WEIGHT_ALL = 'Everything'.freeze
@@ -93,8 +93,6 @@ class Issue < ActiveRecord::Base
     end
   end
 
-  acts_as_paranoid
-
   class << self
     alias_method :in_parents, :in_projects
   end

app/models/label.rb

@@ -135,6 +135,7 @@ class Label < ActiveRecord::Base
                else
                  priorities.find_by(project: project)
                end
+
     priority.try(:priority)
   end
 

app/models/merge_request.rb

@@ -12,7 +12,8 @@ class MergeRequest < ActiveRecord::Base
   include Gitlab::Utils::StrongMemoize
 
   ignore_column :locked_at,
-                :ref_fetched
+                :ref_fetched,
+                :deleted_at
 
   include ::EE::MergeRequest
   include Elastic::MergeRequestsSearch
@@ -155,8 +156,6 @@ class MergeRequest < ActiveRecord::Base
 
   after_save :keep_around_commit
 
-  acts_as_paranoid
-
   def self.reference_prefix
     '!'
   end
@@ -820,6 +819,7 @@ class MergeRequest < ActiveRecord::Base
     if !include_description && closes_issues_references.present?
       message << "Closes #{closes_issues_references.to_sentence}"
     end
+
     message << "#{description}" if include_description && description.present?
     message << "See merge request #{to_reference(full: true)}"
 

app/models/namespace.rb

 class Namespace < ActiveRecord::Base
-  acts_as_paranoid without_default_scope: true
-
   prepend EE::Namespace
   include CacheMarkdownField
   include Sortable
@@ -11,6 +9,9 @@ class Namespace < ActiveRecord::Base
   include AfterCommitQueue
   include Storage::LegacyNamespace
   include Gitlab::SQL::Pattern
+  include IgnorableColumn
+
+  ignore_column :deleted_at
 
   # Prevent users from creating unreasonably deep level of nesting.
   # The number 20 was taken based on maximum nesting level of
@@ -230,12 +231,6 @@ class Namespace < ActiveRecord::Base
     has_parent?
   end
 
-  def soft_delete_without_removing_associations
-    # We can't use paranoia's `#destroy` since this will hard-delete projects.
-    # Project uses `pending_delete` instead of the acts_as_paranoia gem.
-    self.deleted_at = Time.now
-  end
-
   def multiple_issue_boards_available?(user = nil)
     feature_available?(:multiple_issue_boards)
   end

app/models/network/graph.rb

@@ -224,6 +224,7 @@ module Network
           space_base = parents.first.space
         end
       end
+
       space_base
     end
 

app/models/notification_recipient.rb

@@ -9,6 +9,7 @@ class NotificationRecipient
     group: nil,
     skip_read_ability: false
   )
+
     unless NotificationSetting.levels.key?(type) || type == :subscription
       raise ArgumentError, "invalid type: #{type.inspect}"
     end

app/models/project.rb

@@ -643,6 +643,7 @@ class Project < ActiveRecord::Base
       project_import_data.data ||= {}
       project_import_data.data = project_import_data.data.merge(data)
     end
+
     if credentials
       project_import_data.credentials ||= {}
       project_import_data.credentials = project_import_data.credentials.merge(credentials)

app/models/project_services/hipchat_service.rb

@@ -110,6 +110,7 @@ class HipchatService < Service
 
     message = ""
     message << "#{push[:user_name]} "
+
     if Gitlab::Git.blank_ref?(before)
       message << "pushed new #{ref_type} <a href=\""\
                  "#{project_url}/commits/#{CGI.escape(ref)}\">#{ref}</a>"\

app/models/repository.rb

@@ -110,6 +110,10 @@ class Repository
     "#<#{self.class.name}:#{@disk_path}>"
   end
 
+  def create_hooks
+    Gitlab::Git::Repository.create_hooks(path_to_repo, Gitlab.config.gitlab_shell.hooks_path)
+  end
+
   def commit(ref = 'HEAD')
     return nil unless exists?
     return ref if ref.is_a?(::Commit)
@@ -1069,6 +1073,7 @@ class Repository
           else
             cache.fetch(key, &block)
           end
+
         instance_variable_set(ivar, value)
       rescue Rugged::ReferenceError, Gitlab::Git::Repository::NoRepository
         # Even if the above `#exists?` check passes these errors might still

app/models/service.rb

@@ -252,6 +252,7 @@ class Service < ActiveRecord::Base
       teamcity
       microsoft_teams
     ]
+
     if Rails.env.development?
       service_names += %w[mock_ci mock_deployment mock_monitoring]
     end

app/serializers/issue_entity.rb

@@ -6,7 +6,6 @@ class IssueEntity < IssuableEntity
   expose :updated_by_id
   expose :created_at
   expose :updated_at
-  expose :deleted_at
   expose :milestone, using: API::Entities::Milestone
   expose :labels, using: LabelEntity
   expose :lock_version