Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into pages-guides

cf7386f3 · Marcia Ramos · 69b2bc4d · 7af8bb26 · cf7386f3 · cf7386f3
Commit cf7386f3 authored Feb 21, 2017 by Marcia Ramos
110 changed files
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -240,7 +240,7 @@ rake db:seed_fu:
    paths:
      - log/development.log

-karma:
+rake karma:
  cache:
    paths:
      - vendor/ruby
@@ -387,7 +387,7 @@ pages:
  <<: *dedicated-runner
  dependencies:
    - coverage
-    - karma
+    - rake karma
    - lint:javascript:report
  script:
    - mv public/ .public/

--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
-0.3.0
+0.3.1
--- a/Gemfile
+++ b/Gemfile
 source 'https://rubygems.org'

-gem 'rails', '4.2.7.1'
+gem 'rails', '4.2.8'
 gem 'rails-deprecated_sanitizer', '~> 1.0.3'

 # Responders respond_to and respond_with
@@ -34,7 +34,7 @@ gem 'omniauth-saml',          '~> 1.7.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
-gem 'omniauth-authentiq',     '~> 0.2.0'
+gem 'omniauth-authentiq',     '~> 0.3.0'
 gem 'rack-oauth2',            '~> 1.2.1'
 gem 'jwt',                    '~> 1.5.6'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,40 +3,39 @@ GEM
  specs:
    RedCloth (4.3.2)
    ace-rails-ap (4.1.0)
-    actionmailer (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      actionview (= 4.2.7.1)
-      activejob (= 4.2.7.1)
+    actionmailer (4.2.8)
+      actionpack (= 4.2.8)
+      actionview (= 4.2.8)
+      activejob (= 4.2.8)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.7.1)
-      actionview (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionpack (4.2.8)
+      actionview (= 4.2.8)
+      activesupport (= 4.2.8)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionview (4.2.8)
+      activesupport (= 4.2.8)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.7.1)
-      activesupport (= 4.2.7.1)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (4.2.8)
+      activesupport (= 4.2.8)
      globalid (>= 0.3.0)
-    activemodel (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activemodel (4.2.8)
+      activesupport (= 4.2.8)
      builder (~> 3.1)
-    activerecord (4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activerecord (4.2.8)
+      activemodel (= 4.2.8)
+      activesupport (= 4.2.8)
      arel (~> 6.0)
    activerecord_sane_schema_dumper (0.2)
      rails (>= 4, < 5)
-    activesupport (4.2.7.1)
+    activesupport (4.2.8)
      i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
@@ -47,7 +46,7 @@ GEM
      activerecord (>= 3.0)
    akismet (2.0.0)
    allocations (1.0.5)
-    arel (6.0.3)
+    arel (6.0.4)
    asana (0.4.0)
      faraday (~> 0.9)
      faraday_middleware (~> 0.9)
@@ -86,7 +85,7 @@ GEM
      sass (>= 3.3.4)
    brakeman (3.4.1)
    browser (2.2.0)
-    builder (3.2.2)
+    builder (3.2.3)
    bullet (5.2.0)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.10.0)
@@ -127,7 +126,7 @@ GEM
      execjs
    coffee-script-source (1.10.0)
    colorize (0.7.7)
-    concurrent-ruby (1.0.2)
+    concurrent-ruby (1.0.4)
    connection_pool (2.2.1)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
@@ -354,7 +353,7 @@ GEM
      json (~> 1.8)
      multi_xml (>= 0.5.2)
    httpclient (2.8.2)
-    i18n (0.7.0)
+    i18n (0.8.0)
    ice_nine (0.11.1)
    influxdb (0.2.3)
      cause
@@ -370,7 +369,7 @@ GEM
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (5.0.5)
      railties (>= 3.2.16)
-    json (1.8.3)
+    json (1.8.6)
    json-schema (2.6.2)
      addressable (~> 2.3.8)
    jwt (1.5.6)
@@ -429,9 +428,8 @@ GEM
    net-ssh (3.0.1)
    netrc (0.11.0)
    newrelic_rpm (3.16.0.318)
-    nokogiri (1.6.8)
+    nokogiri (1.6.8.1)
      mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
    numerizer (0.1.1)
    oauth (0.5.1)
    oauth2 (1.2.0)
@@ -448,7 +446,7 @@ GEM
      rack (>= 1.0, < 3)
    omniauth-auth0 (1.4.1)
      omniauth-oauth2 (~> 1.1)
-    omniauth-authentiq (0.2.2)
+    omniauth-authentiq (0.3.0)
      omniauth-oauth2 (~> 1.3, >= 1.3.1)
    omniauth-azure-oauth2 (0.0.6)
      jwt (~> 1.0)
@@ -506,7 +504,6 @@ GEM
    parser (2.3.1.4)
      ast (~> 2.2)
    pg (0.18.4)
-    pkg-config (1.1.7)
    poltergeist (1.9.0)
      capybara (~> 2.1)
      cliver (~> 0.3.1)
@@ -548,28 +545,28 @@ GEM
      rack
    rack-test (0.6.3)
      rack (>= 1.0)
-    rails (4.2.7.1)
-      actionmailer (= 4.2.7.1)
-      actionpack (= 4.2.7.1)
-      actionview (= 4.2.7.1)
-      activejob (= 4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activerecord (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    rails (4.2.8)
+      actionmailer (= 4.2.8)
+      actionpack (= 4.2.8)
+      actionview (= 4.2.8)
+      activejob (= 4.2.8)
+      activemodel (= 4.2.8)
+      activerecord (= 4.2.8)
+      activesupport (= 4.2.8)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.7.1)
+      railties (= 4.2.8)
      sprockets-rails
    rails-deprecated_sanitizer (1.0.3)
      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.7)
+    rails-dom-testing (1.0.8)
      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6.0)
+      nokogiri (~> 1.6)
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    railties (4.2.8)
+      actionpack (= 4.2.8)
+      activesupport (= 4.2.8)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rainbow (2.1.0)
@@ -733,10 +730,10 @@ GEM
      spring (>= 0.9.1)
    spring-commands-spinach (1.1.0)
      spring (>= 0.9.1)
-    sprockets (3.7.0)
+    sprockets (3.7.1)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (3.1.1)
+    sprockets-rails (3.2.0)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
@@ -760,7 +757,7 @@ GEM
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
-    thor (0.19.1)
+    thor (0.19.4)
    thread_safe (0.3.5)
    tilt (2.0.5)
    timecop (0.8.1)
@@ -925,7 +922,7 @@ DEPENDENCIES
  oj (~> 2.17.4)
  omniauth (~> 1.3.2)
  omniauth-auth0 (~> 1.4.1)
-  omniauth-authentiq (~> 0.2.0)
+  omniauth-authentiq (~> 0.3.0)
  omniauth-azure-oauth2 (~> 0.0.6)
  omniauth-cas3 (~> 1.1.2)
  omniauth-facebook (~> 4.0.0)
@@ -949,7 +946,7 @@ DEPENDENCIES
  rack-cors (~> 0.4.0)
  rack-oauth2 (~> 1.2.1)
  rack-proxy (~> 0.6.0)
-  rails (= 4.2.7.1)
+  rails (= 4.2.8)
  rails-deprecated_sanitizer (~> 1.0.3)
  rainbow (~> 2.1.0)
  rblineprof (~> 0.3.6)

--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ We're hiring developers, support people, and production engineers all the time,
 There are two editions of GitLab:

 - GitLab Community Edition (CE) is available freely under the MIT Expat license.
- GitLab Enterprise Edition (EE) includes [extra features](https://about.gitlab.com/features/#compare) that are more useful for organizations with more than 100 users. To use EE and get official support please [become a subscriber](https://about.gitlab.com/pricing/).
+- GitLab Enterprise Edition (EE) includes [extra features](https://about.gitlab.com/products/#compare-options) that are more useful for organizations with more than 100 users. To use EE and get official support please [become a subscriber](https://about.gitlab.com/products/).

 ## Website


--- a/app/assets/javascripts/filtered_search/filtered_search_manager.js.es6
+++ b/app/assets/javascripts/filtered_search/filtered_search_manager.js.es6
@@ -173,7 +173,7 @@
      tokens.forEach((token) => {
        const condition = gl.FilteredSearchTokenKeys
          .searchByConditionKeyValue(token.key, token.value.toLowerCase());
-        const { param } = gl.FilteredSearchTokenKeys.searchByKey(token.key);
+        const { param } = gl.FilteredSearchTokenKeys.searchByKey(token.key) || {};
        const keyParam = param ? `${token.key}_${param}` : token.key;
        let tokenPath = '';


--- a/app/assets/javascripts/filtered_search/filtered_search_tokenizer.js.es6
+++ b/app/assets/javascripts/filtered_search/filtered_search_tokenizer.js.es6
+require('./filtered_search_token_keys');
+
 (() => {
  class FilteredSearchTokenizer {
    static processTokens(input) {
+      const allowedKeys = gl.FilteredSearchTokenKeys.get().map(i => i.key);
      // Regex extracts `(token):(symbol)(value)`
      // Values that start with a double quote must end in a double quote (same for single)
-      const tokenRegex = /(\w+):([~%@]?)(?:('[^']*'{0,1})|("[^"]*"{0,1})|(\S+))/g;
+      const tokenRegex = new RegExp(`(${allowedKeys.join('|')}):([~%@]?)(?:('[^']*'{0,1})|("[^"]*"{0,1})|(\\S+))`, 'g');
      const tokens = [];
      let lastToken = null;
      const searchToken = input.replace(tokenRegex, (match, key, symbol, v1, v2, v3) => {

--- a/app/assets/javascripts/gl_dropdown.js
+++ b/app/assets/javascripts/gl_dropdown.js
@@ -47,9 +47,10 @@
          }
          // Only filter asynchronously only if option remote is set
          if (this.options.remote) {
-            $inputContainer.parent().addClass('is-loading');
            clearTimeout(timeout);
            return timeout = setTimeout(function() {
+              $inputContainer.parent().addClass('is-loading');
+
              return this.options.query(this.input.val(), function(data) {
                $inputContainer.parent().removeClass('is-loading');
                return this.options.callback(data);

--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -148,16 +148,11 @@ header {
    }

    .header-logo {
-      position: absolute;
-      left: 50%;
+      display: inline-block;
+      margin: 0 8px 0 3px;
+      position: relative;
      top: 7px;
      transition-duration: .3s;
-      z-index: 999;
-
-      #logo {
-        position: relative;
-        left: -50%;
-      }

      svg,
      img {
@@ -167,15 +162,6 @@ header {
      &:hover {
        cursor: pointer;
      }
-
-      @media (max-width: $screen-xs-max) {
-        right: 20px;
-        left: auto;
-
-        #logo {
-          left: auto;
-        }
-      }
    }

    .title {
@@ -183,7 +169,7 @@ header {
      padding-right: 20px;
      margin: 0;
      font-size: 18px;
-      max-width: 385px;
+      max-width: 450px;
      display: inline-block;
      line-height: $header-height;
      font-weight: normal;
@@ -193,10 +179,6 @@ header {
      vertical-align: top;
      white-space: nowrap;

-      @media (min-width: $screen-sm-min) and (max-width: $screen-sm-max) {
-        max-width: 300px;
-      }
-
      @media (max-width: $screen-xs-max) {
        max-width: 190px;
      }

--- a/app/assets/stylesheets/framework/nav.scss
+++ b/app/assets/stylesheets/framework/nav.scss
 @mixin fade($gradient-direction, $gradient-color) {
  visibility: hidden;
  opacity: 0;
-  z-index: 2;
+  z-index: 1;
  position: absolute;
  bottom: 12px;
  width: 43px;
@@ -18,7 +18,7 @@

  .fa {
    position: relative;
-    top: 5px;
+    top: 6px;
    font-size: 18px;
  }
 }
@@ -79,7 +79,6 @@
  }

  &.sub-nav {
-    text-align: center;
    background-color: $gray-normal;

    .container-fluid {
@@ -287,7 +286,6 @@
  background: $gray-light;
  border-bottom: 1px solid $border-color;
  transition: padding $sidebar-transition-duration;
-  text-align: center;

  .container-fluid {
    position: relative;
@@ -353,7 +351,7 @@
    right: -5px;

    .fa {
-      right: -7px;
+      right: -28px;
    }
  }

@@ -383,7 +381,7 @@
      left: 0;

      .fa {
-        left: 10px;
+        left: -4px;
      }
    }
  }

--- a/app/assets/stylesheets/pages/pipelines.scss
+++ b/app/assets/stylesheets/pages/pipelines.scss
@@ -222,6 +222,11 @@
      }
    }

+    .dropdown-menu {
+      max-height: 250px;
+      overflow-y: auto;
+    }
+
    .dropdown-toggle,
    .dropdown-menu {
      color: $gl-text-color-secondary;

--- a/app/assets/stylesheets/pages/projects.scss
+++ b/app/assets/stylesheets/pages/projects.scss
@@ -268,6 +268,13 @@
  }
 }

+.project-repo-buttons {
+  .project-action-button .dropdown-menu {
+    max-height: 250px;
+    overflow-y: auto;
+  }
+}
+
 .split-one {
  display: inline-table;
  margin-right: 12px;
@@ -645,29 +652,23 @@ pre.light-well {
  }
 }

-.project-last-commit {
-  @media (min-width: $screen-sm-min) {
-    margin-top: $gl-padding;
+.container-fluid.project-stats-container {
+  @media (max-width: $screen-xs-max) {
+    padding: 12px 0;
  }
+}

-  &.container-fluid {
-    padding-top: 12px;
-    padding-bottom: 12px;
-    background-color: $gray-light;
-    border: 1px solid $border-color;
-    border-right-width: 0;
-    border-left-width: 0;
+.project-last-commit {
+  background-color: $gray-light;
+  padding: 12px $gl-padding;
+  border: 1px solid $border-color;

-    @media (min-width: $screen-sm-min) {
-      border-right-width: 1px;
-      border-left-width: 1px;
-    }
+  @media (min-width: $screen-sm-min) {
+    margin-top: $gl-padding;
  }

-  &.container-limited {
-    @media (min-width: 1281px) {
-      border-radius: $border-radius-base;
-    }
+  @media (min-width: $screen-sm-min) {
+    border-radius: $border-radius-base;
  }

  .ci-status {

--- a/app/assets/stylesheets/pages/todos.scss
+++ b/app/assets/stylesheets/pages/todos.scss
@@ -43,6 +43,12 @@
    }
  }

+  .todo-avatar,
+  .todo-actions {
+    -webkit-flex: 0 0 auto;
+    flex: 0 0 auto;
+  }
+
  .todo-actions {
    display: -webkit-flex;
    display: flex;
@@ -55,8 +61,9 @@
  }

  .todo-item {
-    -webkit-flex: auto;
-    flex: auto;
+    -webkit-flex: 0 1 100%;
+    flex: 0 1 100%;
+    min-width: 0;
  }
 }

@@ -74,8 +81,29 @@

 .todo-item {
  .todo-title {
-    @include str-truncated(calc(100% - 174px));
-    overflow: visible;
+    display: flex;
+
+    & > .title-item {
+      -webkit-flex: 0 0 auto;
+      flex: 0 0 auto;
+      margin: 0 2px;
+
+      &:first-child {
+        margin-left: 0;
+      }
+
+      &:last-child {
+        margin-right: 0;
+      }
+    }
+
+    .todo-label {
+      -webkit-flex: 0 1 auto;
+      flex: 0 1 auto;
+      overflow: hidden;
+      text-overflow: ellipsis;
+      white-space: nowrap;
+    }
  }

  .status-box {
@@ -154,10 +182,12 @@

  .todo-item {
    .todo-title {
-      white-space: normal;
-      overflow: visible;
-      max-width: 100%;
+      flex-flow: row wrap;
      margin-bottom: 10px;
+
+      .todo-label {
+        white-space: normal;
+      }
    }

    .todo-body {

--- a/app/controllers/concerns/creates_commit.rb
+++ b/app/controllers/concerns/creates_commit.rb
@@ -104,23 +104,15 @@ module CreatesCommit
    if can?(current_user, :push_code, @project)
      # Edit file in this project
      @mr_source_project = @project
-
-      if @project.forked?
-        # Merge request from this project to fork origin
-        @mr_target_project = @project.forked_from_project
-        @mr_target_branch = @mr_target_project.repository.root_ref
-      else
-        # Merge request to this project
-        @mr_target_project = @project
-        @mr_target_branch = @ref || @target_branch
-      end
    else
      # Merge request from fork to this project
      @mr_source_project = current_user.fork_of(@project)
-      @mr_target_project = @project
-      @mr_target_branch = @ref || @target_branch
    end

+    # Merge request to this project
+    @mr_target_project = @project
+    @mr_target_branch = @ref || @target_branch
+
    @mr_source_branch = guess_mr_source_branch
  end


--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -78,6 +78,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    handle_omniauth
  end

+  def authentiq
+    if params['sid']
+      handle_service_ticket oauth['provider'], params['sid']
+    end
+    handle_omniauth
+  end
+
  private

  def handle_omniauth

--- a/app/helpers/namespaces_helper.rb
+++ b/app/helpers/namespaces_helper.rb
 module NamespacesHelper
+  def namespace_id_from(params)
+    params.dig(:project, :namespace_id) || params[:namespace_id]
+  end
+
  def namespaces_options(selected = :current_user, display_path: false, extra_group: nil)
    groups = current_user.owned_groups + current_user.masters_groups


--- a/app/models/concerns/spammable.rb
+++ b/app/models/concerns/spammable.rb
@@ -22,6 +22,10 @@ module Spammable
    delegate :ip_address, :user_agent, to: :user_agent_detail, allow_nil: true
  end

+  def submittable_as_spam_by?(current_user)
+    current_user && current_user.admin? && submittable_as_spam?
+  end
+
  def submittable_as_spam?
    if user_agent_detail
      user_agent_detail.submittable? && current_application_settings.akismet_enabled

--- a/app/services/users/destroy_service.rb
+++ b/app/services/users/destroy_service.rb
@@ -7,6 +7,10 @@ module Users
    end

    def execute(user, options = {})
+      unless current_user.admin? || current_user == user
+        raise Gitlab::Access::AccessDeniedError, "#{current_user} tried to destroy user #{user}!"
+      end
+
      if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
        user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
        return user

--- a/app/views/dashboard/todos/_todo.html.haml
+++ b/app/views/dashboard/todos/_todo.html.haml
 %li{ class: "todo todo-#{todo.done? ? 'done' : 'pending'}", id: dom_id(todo), data: { url: todo_target_path(todo) } }
-  = author_avatar(todo, size: 40)
+  .todo-avatar
+    = author_avatar(todo, size: 40)

  .todo-item.todo-block
    .todo-title.title
      - unless todo.build_failed? || todo.unmergeable?
        = todo_target_state_pill(todo)

-        %span.author-name
+        .title-item.author-name
          - if todo.author
            = link_to_author(todo)
          - else
            (removed)

-      %span.action-name
+      .title-item.action-name
        = todo_action_name(todo)

-      %span.todo-label
+      .title-item.todo-label
        - if todo.target
          = todo_target_link(todo)
        - else
          (removed)

-      &middot; #{time_ago_with_tooltip(todo.created_at)}
-      = todo_due_date(todo)
+      .title-item
+        &middot;
+
+      .title-item
+        #{time_ago_with_tooltip(todo.created_at)}
+        = todo_due_date(todo)

    .todo-body
      .todo-note

--- a/app/views/layouts/_page.html.haml
+++ b/app/views/layouts/_page.html.haml
 .page-with-sidebar{ class: page_gutter_class }
  - if defined?(nav) && nav
    .layout-nav
-      .container-fluid
+      %div{ class: container_class }
        = render "layouts/nav/#{nav}"
  .content-wrapper{ class: "#{layout_nav_class}" }
    = yield :sub_nav

--- a/app/views/layouts/header/_default.html.haml
+++ b/app/views/layouts/header/_default.html.haml
@@ -61,12 +61,12 @@
              %div
                = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in btn-success'

-      %h1.title= title
-
      .header-logo
        = link_to root_path, class: 'home', title: 'Dashboard', id: 'logo' do
          = brand_header_logo

+      %h1.title= title
+
      = yield :header_content

 = render 'shared/outdated_browser'

--- a/app/views/projects/commit/_pipeline.html.haml
+++ b/app/views/projects/commit/_pipeline.html.haml
@@ -3,7 +3,7 @@
    .pull-right
      - if can?(current_user, :update_pipeline, pipeline.project)
        - if pipeline.builds.latest.failed.any?(&:retryable?)
-          = link_to "Retry failed", retry_namespace_project_pipeline_path(pipeline.project.namespace, pipeline.project, pipeline.id), class: 'btn btn-grouped btn-primary', method: :post
+          = link_to "Retry", retry_namespace_project_pipeline_path(pipeline.project.namespace, pipeline.project, pipeline.id), class: 'js-retry-button btn btn-grouped btn-primary', method: :post

        - if pipeline.builds.running_or_pending.any?
          = link_to "Cancel running", cancel_namespace_project_pipeline_path(pipeline.project.namespace, pipeline.project, pipeline.id), data: { confirm: 'Are you sure?' }, class: 'btn btn-grouped btn-danger', method: :post

--- a/app/views/projects/issues/show.html.haml
+++ b/app/views/projects/issues/show.html.haml
@@ -40,7 +40,7 @@
                = link_to 'Close issue', issue_path(@issue, issue: { state_event: :close }, format: 'json'), data: {no_turbolink: true}, class: "btn-close #{issue_button_visibility(@issue, true)}", title: 'Close issue'
              %li
                = link_to 'Edit', edit_namespace_project_issue_path(@project.namespace, @project, @issue)
-            - if @issue.submittable_as_spam? && current_user.admin?
+            - if @issue.submittable_as_spam_by?(current_user)
              %li
                = link_to 'Submit as spam', mark_as_spam_namespace_project_issue_path(@project.namespace, @project, @issue), method: :post, class: 'btn-spam', title: 'Submit as spam'

@@ -50,7 +50,7 @@
        - if can?(current_user, :update_issue, @issue)
          = link_to 'Reopen issue', issue_path(@issue, issue: { state_event: :reopen }, format: 'json'), data: {no_turbolink: true}, class: "hidden-xs hidden-sm btn btn-grouped btn-reopen #{issue_button_visibility(@issue, false)}", title: 'Reopen issue'
          = link_to 'Close issue', issue_path(@issue, issue: { state_event: :close }, format: 'json'), data: {no_turbolink: true}, class: "hidden-xs hidden-sm btn btn-grouped btn-close #{issue_button_visibility(@issue, true)}", title: 'Close issue'
-          - if @issue.submittable_as_spam? && current_user.admin?
+          - if @issue.submittable_as_spam_by?(current_user)
            = link_to 'Submit as spam', mark_as_spam_namespace_project_issue_path(@project.namespace, @project, @issue), method: :post, class: 'hidden-xs hidden-sm btn btn-grouped btn-spam', title: 'Submit as spam'
          = link_to 'Edit', edit_namespace_project_issue_path(@project.namespace, @project, @issue), class: 'hidden-xs hidden-sm btn btn-grouped issuable-edit'


--- a/app/views/projects/new.html.haml
+++ b/app/views/projects/new.html.haml
@@ -22,7 +22,7 @@
                - if current_user.can_select_namespace?
                  .input-group-addon
                    = root_url
-                  = f.select :namespace_id, namespaces_options(params[:namespace_id] || :current_user, display_path: true), {}, {class: 'select2 js-select-namespace', tabindex: 1}
+                  = f.select :namespace_id, namespaces_options(namespace_id_from(params) || :current_user, display_path: true), {}, {class: 'select2 js-select-namespace', tabindex: 1}

                - else
                  .input-group-addon.static-namespace

--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -8,7 +8,7 @@
  .header-action-buttons
    - if can?(current_user, :update_pipeline, @pipeline.project)
      - if @pipeline.retryable?
-        = link_to "Retry failed", retry_namespace_project_pipeline_path(@pipeline.project.namespace, @pipeline.project, @pipeline.id), class: 'btn btn-inverted-secondary', method: :post
+        = link_to "Retry", retry_namespace_project_pipeline_path(@pipeline.project.namespace, @pipeline.project, @pipeline.id), class: 'js-retry-button btn btn-inverted-secondary', method: :post
      - if @pipeline.cancelable?
        = link_to "Cancel running", cancel_namespace_project_pipeline_path(@pipeline.project.namespace, @pipeline.project, @pipeline.id), data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post


--- a/app/views/projects/pipelines_settings/_show.html.haml
+++ b/app/views/projects/pipelines_settings/_show.html.haml
@@ -60,7 +60,7 @@
          = f.label :build_coverage_regex, "Test coverage parsing", class: 'label-light'
          .input-group
            %span.input-group-addon /
-            = f.text_field :build_coverage_regex, class: 'form-control', placeholder: '\(\d+.\d+\%\) covered'
+            = f.text_field :build_coverage_regex, class: 'form-control', placeholder: 'Regular expression'
            %span.input-group-addon /
          %p.help-block
            A regular expression that will be used to find the test coverage

--- a/app/views/projects/show.html.haml
+++ b/app/views/projects/show.html.haml
@@ -13,69 +13,70 @@
 = render "home_panel"

 - if current_user && can?(current_user, :download_code, @project)
-  %nav.project-stats{ class: container_class }
-    %ul.nav
-      %li
-        = link_to project_files_path(@project) do
-          Files (#{storage_counter(@project.statistics.total_repository_size)})
-      %li
-        = link_to namespace_project_commits_path(@project.namespace, @project, current_ref) do
-          #{'Commit'.pluralize(@project.statistics.commit_count)} (#{number_with_delimiter(@project.statistics.commit_count)})
-      %li
-        = link_to namespace_project_branches_path(@project.namespace, @project) do
-          #{'Branch'.pluralize(@repository.branch_count)} (#{number_with_delimiter(@repository.branch_count)})
-      %li
-        = link_to namespace_project_tags_path(@project.namespace, @project) do
-          #{'Tag'.pluralize(@repository.tag_count)} (#{number_with_delimiter(@repository.tag_count)})
-
-      - if default_project_view != 'readme' && @repository.readme
+  .project-stats-container{ class: container_class }
+    %nav.project-stats
+      %ul.nav
        %li
-          = link_to 'Readme', readme_path(@project)
-
-      - if @repository.changelog
+          = link_to project_files_path(@project) do
+            Files (#{storage_counter(@project.statistics.total_repository_size)})
        %li
-          = link_to 'Changelog', changelog_path(@project)
-
-      - if @repository.license_blob
+          = link_to namespace_project_commits_path(@project.namespace, @project, current_ref) do
+            #{'Commit'.pluralize(@project.statistics.commit_count)} (#{number_with_delimiter(@project.statistics.commit_count)})
        %li
-          = link_to license_short_name(@project), license_path(@project)
-
-      - if @repository.contribution_guide
+          = link_to namespace_project_branches_path(@project.namespace, @project) do
+            #{'Branch'.pluralize(@repository.branch_count)} (#{number_with_delimiter(@repository.branch_count)})
        %li
-          = link_to 'Contribution guide', contribution_guide_path(@project)
+          = link_to namespace_project_tags_path(@project.namespace, @project) do
+            #{'Tag'.pluralize(@repository.tag_count)} (#{number_with_delimiter(@repository.tag_count)})

-      - if @repository.gitlab_ci_yml
-        %li
-          = link_to 'CI configuration', ci_configuration_path(@project)
+        - if default_project_view != 'readme' && @repository.readme
+          %li
+            = link_to 'Readme', readme_path(@project)
+
+        - if @repository.changelog
+          %li
+            = link_to 'Changelog', changelog_path(@project)
+
+        - if @repository.license_blob
+          %li
+            = link_to license_short_name(@project), license_path(@project)
+
+        - if @repository.contribution_guide
+          %li
+            = link_to 'Contribution guide', contribution_guide_path(@project)
+
+        - if @repository.gitlab_ci_yml
+          %li
+            = link_to 'CI configuration', ci_configuration_path(@project)

-      - if current_user && can_push_branch?(@project, @project.default_branch)
-        - unless @repository.changelog
-          %li.missing
-            = link_to add_special_file_path(@project, file_name: 'CHANGELOG') do
-              Add Changelog
-        - unless @repository.license_blob
-          %li.missing
-            = link_to add_special_file_path(@project, file_name: 'LICENSE') do
-              Add License
-        - unless @repository.contribution_guide
-          %li.missing
-            = link_to add_special_file_path(@project, file_name: 'CONTRIBUTING.md', commit_message: 'Add contribution guide') do
-              Add Contribution guide
-        - unless @repository.gitlab_ci_yml
-          %li.missing
-            = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml') do
-              Set up CI
-        - if koding_enabled? && @repository.koding_yml.blank?
-          %li.missing
-            = link_to 'Set up Koding', add_koding_stack_path(@project)
-        - if @repository.gitlab_ci_yml.blank? && @project.deployment_service.present?
-          %li.missing
-            = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml', commit_message: 'Set up auto deploy', target_branch: 'auto-deploy', context: 'autodeploy') do
-              Set up auto deploy
+        - if current_user && can_push_branch?(@project, @project.default_branch)
+          - unless @repository.changelog
+            %li.missing
+              = link_to add_special_file_path(@project, file_name: 'CHANGELOG') do
+                Add Changelog
+          - unless @repository.license_blob
+            %li.missing
+              = link_to add_special_file_path(@project, file_name: 'LICENSE') do
+                Add License
+          - unless @repository.contribution_guide
+            %li.missing
+              = link_to add_special_file_path(@project, file_name: 'CONTRIBUTING.md', commit_message: 'Add contribution guide') do
+                Add Contribution guide
+          - unless @repository.gitlab_ci_yml
+            %li.missing
+              = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml') do
+                Set up CI
+          - if koding_enabled? && @repository.koding_yml.blank?
+            %li.missing
+              = link_to 'Set up Koding', add_koding_stack_path(@project)
+          - if @repository.gitlab_ci_yml.blank? && @project.deployment_service.present?
+            %li.missing
+              = link_to add_special_file_path(@project, file_name: '.gitlab-ci.yml', commit_message: 'Set up auto deploy', target_branch: 'auto-deploy', context: 'autodeploy') do
+                Set up auto deploy

-  - if @repository.commit
-    .project-last-commit{ class: container_class }
-      = render 'projects/last_commit', commit: @repository.commit, ref: current_ref, project: @project
+    - if @repository.commit
+      .project-last-commit
+        = render 'projects/last_commit', commit: @repository.commit, ref: current_ref, project: @project

 %div{ class: container_class }
  - if @project.archived?

--- a/app/views/projects/snippets/_actions.html.haml
+++ b/app/views/projects/snippets/_actions.html.haml
@@ -10,7 +10,7 @@
  - if can?(current_user, :create_project_snippet, @project)
    = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: 'btn btn-grouped btn-inverted btn-create', title: "New snippet" do
      New snippet
-  - if @snippet.submittable_as_spam? && current_user.admin?
+  - if @snippet.submittable_as_spam_by?(current_user)
    = link_to 'Submit as spam', mark_as_spam_namespace_project_snippet_path(@project.namespace, @project, @snippet), method: :post, class: 'btn btn-grouped btn-spam', title: 'Submit as spam'
 - if can?(current_user, :create_project_snippet, @project) || can?(current_user, :update_project_snippet, @snippet)
  .visible-xs-block.dropdown
@@ -31,6 +31,6 @@
          %li
            = link_to edit_namespace_project_snippet_path(@project.namespace, @project, @snippet) do
              Edit
-        - if @snippet.submittable_as_spam? && current_user.admin?
+        - if @snippet.submittable_as_spam_by?(current_user)
          %li
            = link_to 'Submit as spam', mark_as_spam_namespace_project_snippet_path(@project.namespace, @project, @snippet), method: :post
--- a/app/views/search/_results.html.haml
+++ b/app/views/search/_results.html.haml
@@ -11,7 +11,7 @@

  .results.prepend-top-10
    - if @scope == 'commits'
-      %ul.list-unstyled
+      %ul.content-list.commit-list.table-list.table-wide
        = render partial: "search/results/commit", collection: @search_objects
    - else
      .search-results

--- a/app/views/search/results/_snippet_blob.html.haml
+++ b/app/views/search/results/_snippet_blob.html.haml
@@ -12,41 +12,34 @@
    %span.light= time_ago_with_tooltip(snippet.created_at)
  %h4.snippet-title
  - snippet_path = reliable_snippet_path(snippet)
-  = link_to snippet_path do
-    .file-holder
-      .js-file-title.file-title
+  .file-holder
+    .js-file-title.file-title
+      = link_to snippet_path do
        %i.fa.fa-file
        %strong= snippet.file_name
-      - if markup?(snippet.file_name)
-        .file-content.wiki
+    - if markup?(snippet.file_name)
+      .file-content.wiki
+        - snippet_chunks.each do |chunk|
+          - unless chunk[:data].empty?
+            = render_markup(snippet.file_name, chunk[:data])
+          - else
+            .file-content.code
+              .nothing-here-block Empty file
+    - else
+      .file-content.code.js-syntax-highlight
+        .line-numbers
          - snippet_chunks.each do |chunk|
            - unless chunk[:data].empty?
-              = render_markup(snippet.file_name, chunk[:data])
+              - Gitlab::Git::Util.count_lines(chunk[:data]).times do |index|
+                - offset = defined?(chunk[:start_line]) ? chunk[:start_line] : 1
+                - i = index + offset
+                = link_to snippet_path+"#L#{i}", id: "L#{i}", rel: "#L#{i}", class: "diff-line-num" do
+                  %i.fa.fa-link
+                  = i
+        .blob-content
+          - snippet_chunks.each do |chunk|
+            - unless chunk[:data].empty?
+              = highlight(snippet.file_name, chunk[:data], repository: nil, plain: snippet.no_highlighting?)
            - else
              .file-content.code
                .nothing-here-block Empty file
-      - else
-        .file-content.code.js-syntax-highlight
-          .line-numbers
-            - snippet_chunks.each do |chunk|
-              - unless chunk[:data].empty?
-                - Gitlab::Git::Util.count_lines(chunk[:data]).times do |index|
-                  - offset = defined?(chunk[:start_line]) ? chunk[:start_line] : 1
-                  - i = index + offset
-                  = link_to snippet_path+"#L#{i}", id: "L#{i}", rel: "#L#{i}", class: "diff-line-num" do
-                    %i.fa.fa-link
-                    = i
-                - unless snippet == snippet_chunks.last
-                  %a.diff-line-num
-                    = "."
-          %pre.code
-            %code
-              - snippet_chunks.each do |chunk|
-                - unless chunk[:data].empty?
-                  = chunk[:data]
-                  - unless chunk == snippet_chunks.last
-                    %a
-                      = "..."
-                - else
-                  .file-content.code
-                    .nothing-here-block Empty file
--- a/app/views/shared/members/_member.html.haml
+++ b/app/views/shared/members/_member.html.haml
@@ -61,7 +61,7 @@
                = dropdown_title("Change permissions")
                .dropdown-content
                  %ul
-                    - Gitlab::Access.options.each do |role, role_id|
+                    - member.class.access_level_roles.each do |role, role_id|
                      %li
                        = link_to role, "javascript:void(0)",
                          class: ("is-active" if member.access_level == role_id),

--- a/app/views/snippets/_actions.html.haml
+++ b/app/views/snippets/_actions.html.haml
@@ -9,7 +9,7 @@
      Delete
  = link_to new_snippet_path, class: "btn btn-grouped btn-inverted btn-create", title: "New snippet" do
    New snippet
-  - if @snippet.submittable_as_spam? && current_user.admin?
+  - if @snippet.submittable_as_spam_by?(current_user)
    = link_to 'Submit as spam', mark_as_spam_snippet_path(@snippet), method: :post, class: 'btn btn-grouped btn-spam', title: 'Submit as spam'
 .visible-xs-block.dropdown
  %button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } }
@@ -28,6 +28,6 @@
        %li
          = link_to edit_snippet_path(@snippet) do
            Edit
-      - if @snippet.submittable_as_spam? && current_user.admin?
+      - if @snippet.submittable_as_spam_by?(current_user)
        %li
          = link_to 'Submit as spam', mark_as_spam_snippet_path(@snippet), method: :post
--- a/app/workers/delete_user_worker.rb
+++ b/app/workers/delete_user_worker.rb
@@ -7,5 +7,7 @@ class DeleteUserWorker
    current_user = User.find(current_user_id)

    Users::DestroyService.new(current_user).execute(delete_user, options.symbolize_keys)
+  rescue Gitlab::Access::AccessDeniedError => e
+    Rails.logger.warn("User could not be destroyed: #{e}")
  end
 end
--- a/changelogs/unreleased/26206-fix-download-dropdown.yml
+++ b/changelogs/unreleased/26206-fix-download-dropdown.yml
+---
+title: Set dropdown height fixed to 250px and make it scrollable
+merge_request: 9063
+author:
--- a/changelogs/unreleased/26315-unify-labels-filter-behavior.yml
+++ b/changelogs/unreleased/26315-unify-labels-filter-behavior.yml
+---
+title: Unify issues search behavior by always filtering when ALL labels matches
+merge_request: 8849
+author:
--- a/changelogs/unreleased/27934-left-align-nav.yml
+++ b/changelogs/unreleased/27934-left-align-nav.yml
+---
+title: Left align navigation
+merge_request:
+author:
--- a/changelogs/unreleased/28186-long-group-names-overflow-out-of-todos-view.yml
+++ b/changelogs/unreleased/28186-long-group-names-overflow-out-of-todos-view.yml
+---
+title: Truncate long Todo titles for non-mobile screens
+merge_request: 9311
+author:
--- a/changelogs/unreleased/28204-option-to-disable-webpack-dev-server-livereload.yml
+++ b/changelogs/unreleased/28204-option-to-disable-webpack-dev-server-livereload.yml
+---
+title: Pick up option from GDK to disable webpack dev server livereload
+merge_request:
+author:
--- a/changelogs/unreleased/28357-colon-search.yml
+++ b/changelogs/unreleased/28357-colon-search.yml
+---
+title: Allow searching issues for strings containing colons
+merge_request:
+author:
--- a/changelogs/unreleased/28389-ux-problem-with-pipeline-coverage-placeholder.yml
+++ b/changelogs/unreleased/28389-ux-problem-with-pipeline-coverage-placeholder.yml
+---
+title: Changed coverage reg expression placeholder text to be more like a placeholder
+merge_request:
+author:
--- a/changelogs/unreleased/9381-authentiq-backchannel-logout.yml
+++ b/changelogs/unreleased/9381-authentiq-backchannel-logout.yml
+---
+title: Adds remote logout functionality to the Authentiq OAuth provider
+merge_request: 9381
+author: Alexandros Keramidas
--- a/changelogs/unreleased/api-star-restful.yml
+++ b/changelogs/unreleased/api-star-restful.yml
+---
+title: 'API: Moved `DELETE /projects/:id/star` to `POST /projects/:id/unstar`'
+merge_request: 9328
+author: Robert Schilling
--- a/changelogs/unreleased/api-todos-restful.yml
+++ b/changelogs/unreleased/api-todos-restful.yml
+---
+title: 'API: Use POST requests to mark todos as done'
+merge_request: 9410
+author: Robert Schilling
--- a/changelogs/unreleased/artifactsdoc.yml
+++ b/changelogs/unreleased/artifactsdoc.yml
+---
+title: Added documentation for permalinks to most recent build artifacts.
+merge_request: 8934
+author: Christian Godenschwager
--- a/changelogs/unreleased/commit-search-ui-fix.yml
+++ b/changelogs/unreleased/commit-search-ui-fix.yml
+---
+title: Fixed commit search UI
+merge_request:
+author:
--- a/changelogs/unreleased/feature-github-find-users-by-email.yml
+++ b/changelogs/unreleased/feature-github-find-users-by-email.yml
+---
+title: GitHub Importer - Find users based on GitHub email address
+merge_request: 8958
+author:
--- a/changelogs/unreleased/group-memebrs-owner-level.yml
+++ b/changelogs/unreleased/group-memebrs-owner-level.yml
+---
+title: Added option to update to owner for group members
+merge_request:
+author:
--- a/changelogs/unreleased/rename-retry-failed-pipeline-to-retry.yml
+++ b/changelogs/unreleased/rename-retry-failed-pipeline-to-retry.yml
+---
+title: Rename retry failed button on pipeline page to just retry
+merge_request:
+author:
--- a/changelogs/unreleased/sh-delete-user-permission-check.yml
+++ b/changelogs/unreleased/sh-delete-user-permission-check.yml
+---
+title: Add user deletion permission check in `Users::DestroyService`
+merge_request:
+author:
--- a/changelogs/unreleased/snippets-search.yml
+++ b/changelogs/unreleased/snippets-search.yml
+---
+title: Fix snippets search result spacing
+merge_request:
+author:
--- a/changelogs/unreleased/updated-pages-0-3-1.yml
+++ b/changelogs/unreleased/updated-pages-0-3-1.yml
+---
+title: Update GitLab Pages to v0.3.1
+merge_request:
+author:
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -240,6 +240,17 @@ Devise.setup do |config|
          true
        end
      end
+      if provider['name'] == 'authentiq'
+        provider['args'][:remote_sign_out_handler] = lambda do |request|
+          authentiq_session = request.params['sid']
+          if Gitlab::OAuth::Session.valid?(:authentiq, authentiq_session)
+            Gitlab::OAuth::Session.destroy(:authentiq, authentiq_session)
+            true
+          else
+            false
+          end
+        end
+      end

      if provider['name'] == 'shibboleth'
        provider['args'][:fail_with_empty_uid] = true

--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -10,6 +10,7 @@ var ROOT_PATH = path.resolve(__dirname, '..');
 var IS_PRODUCTION = process.env.NODE_ENV === 'production';
 var IS_DEV_SERVER = process.argv[1].indexOf('webpack-dev-server') !== -1;
 var DEV_SERVER_PORT = parseInt(process.env.DEV_SERVER_PORT, 10) || 3808;
+var DEV_SERVER_LIVERELOAD = process.env.DEV_SERVER_LIVERELOAD !== 'false';

 var config = {
  context: path.join(ROOT_PATH, 'app/assets/javascripts'),
@@ -114,6 +115,7 @@ if (IS_DEV_SERVER) {
    port: DEV_SERVER_PORT,
    headers: { 'Access-Control-Allow-Origin': '*' },
    stats: 'errors-only',
+    inline: DEV_SERVER_LIVERELOAD
  };
  config.output.publicPath = '//localhost:' + DEV_SERVER_PORT + config.output.publicPath;
 }

--- a/db/migrate/20170210103609_add_index_to_user_agent_detail.rb
+++ b/db/migrate/20170210103609_add_index_to_user_agent_detail.rb
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddIndexToUserAgentDetail < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def change
+    add_concurrent_index(:user_agent_details, [:subject_id, :subject_type])
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1218,6 +1218,8 @@ ActiveRecord::Schema.define(version: 20170215200045) do
    t.datetime "updated_at", null: false
  end

+  add_index "user_agent_details", ["subject_id", "subject_type"], name: "index_user_agent_details_on_subject_id_and_subject_type", using: :btree
+
  create_table "users", force: :cascade do |t|
    t.string "email", default: "", null: false
    t.string "encrypted_password", default: "", null: false

--- a/doc/administration/auth/authentiq.md
+++ b/doc/administration/auth/authentiq.md
@@ -54,7 +54,7 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
 5. The `scope` is set to request the user's name, email (required and signed), and permission to send push notifications to sign in on subsequent visits.
 See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq#scopes-and-redirect-uri-configuration) for more information on scopes and modifiers.

-6. Change 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' to the Client credentials you received in step 1.
+6. Change `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` to the Client credentials you received in step 1.

 7. Save the configuration file.


--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -30,7 +30,7 @@ GET /issues?milestone=1.0.0&state=opened
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `state`   | string  | no    | Return all issues or just those that are `opened` or `closed`|
-| `labels`  | string  | no    | Comma-separated list of label names, issues with any of the labels will be returned |
+| `labels`  | string  | no    | Comma-separated list of label names, issues must have all labels to be returned |
 | `milestone` | string| no    | The milestone title |
 | `order_by`| string  | no    | Return requests ordered by `created_at` or `updated_at` fields. Default is `created_at` |
 | `sort`    | string  | no    | Return requests sorted in `asc` or `desc` order. Default is `desc`  |
@@ -188,7 +188,7 @@ GET /projects/:id/issues?milestone=1.0.0&state=opened
 | `id`      | integer | yes   | The ID of a project |
 | `iid`     | integer | no    | Return the issue having the given `iid` |
 | `state`   | string  | no    | Return all issues or just those that are `opened` or `closed`|
-| `labels`  | string  | no    | Comma-separated list of label names, issues with any of the labels will be returned |
+| `labels`  | string  | no    | Comma-separated list of label names, issues must have all labels to be returned |
 | `milestone` | string| no    | The milestone title |
 | `order_by`| string  | no    | Return requests ordered by `created_at` or `updated_at` fields. Default is `created_at` |
 | `sort`    | string  | no    | Return requests sorted in `asc` or `desc` order. Default is `desc`  |

--- a/doc/api/pipelines.md
+++ b/doc/api/pipelines.md
@@ -163,7 +163,7 @@ Example of response
 }
 ```

-## Retry failed builds in a pipeline
+## Retry builds in a pipeline

 > [Introduced][ce-5837] in GitLab 8.11


--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -609,7 +609,7 @@ Example response:
 Unstars a given project. Returns status code `304` if the project is not starred.

 ```
-DELETE /projects/:id/star
+POST /projects/:id/unstar
 ```

 | Attribute | Type | Required | Description |
@@ -617,7 +617,7 @@ DELETE /projects/:id/star
 | `id` | integer/string | yes | The ID of the project or NAMESPACE/PROJECT_NAME |

 ```bash
-curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/5/star"
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/5/unstar"
 ```

 Example response:
@@ -1194,4 +1194,4 @@ Parameters:
 | --------- | ---- | -------- | ----------- |
 | `query` | string | yes | A string contained in the project name |
 | `order_by` | string | no | Return requests ordered by `id`, `name`, `created_at` or `last_activity_at` fields |
-| `sort` | string | no | Return requests sorted in `asc` or `desc` order |
\ No newline at end of file
+| `sort` | string | no | Return requests sorted in `asc` or `desc` order |
--- a/doc/api/todos.md
+++ b/doc/api/todos.md
@@ -184,7 +184,7 @@ Marks a single pending todo given by its ID for the current user as done. The
 todo marked as done is returned in the response.

 ```
-DELETE /todos/:id
+POST /todos/:id/mark_as_done
 ```

 Parameters:
@@ -194,7 +194,7 @@ Parameters:
 | `id` | integer | yes | The ID of a todo |

 ```bash
-curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/todos/130
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/todos/130/mark_as_done
 ```

 Example Response:
@@ -277,20 +277,15 @@ Example Response:

 ## Mark all todos as done

-Marks all pending todos for the current user as done. It returns the number of marked todos.
+Marks all pending todos for the current user as done. It returns the HTTP status code `204` with an empty response.

 ```
-DELETE /todos
+POST /todos/mark_as_done
 ```

 ```bash
-curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/todos
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/todos/donmark_as_donee
 ```

-Example Response:
-
-```json
-3
-```

 [ce-3188]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3188
--- a/doc/api/v3_to_v4.md
+++ b/doc/api/v3_to_v4.md
@@ -13,6 +13,7 @@ changes are in V4:
 - Project snippets do not return deprecated field `expires_at`
 - Endpoints under `projects/:id/keys` have been removed (use `projects/:id/deploy_keys`)
 - Status 409 returned for POST `project/:id/members` when a member already exists
+- Moved `DELETE /projects/:id/star` to `POST /projects/:id/unstar`
 - Removed the following deprecated Templates endpoints (these are still accessible with `/templates` prefix)
  - `/licences`
  - `/licences/:key`
@@ -23,7 +24,9 @@ changes are in V4:
  - `/gitlab_ci_ymls/:key`
  - `/dockerfiles/:key`
 - Moved `/projects/fork/:id` to `/projects/:id/fork`
+- Moved `DELETE /todos` to `POST /todos/mark_as_done` and `DELETE /todos/:todo_id` to `POST /todos/:todo_id/mark_as_done`
 - Endpoints `/projects/owned`, `/projects/visible`, `/projects/starred` & `/projects/all` are consolidated into `/projects` using query parameters
 - Return pagination headers for all endpoints that return an array
 - Removed `DELETE projects/:id/deploy_keys/:key_id/disable`. Use `DELETE projects/:id/deploy_keys/:key_id` instead
 - Moved `PUT /users/:id/(block|unblock)` to `POST /users/:id/(block|unblock)`
+- Labels filter on `projects/:id/issues` and `/issues` now matches only issues containing all labels (i.e.: Logical AND, not OR)
--- a/doc/ci/docker/using_docker_images.md
+++ b/doc/ci/docker/using_docker_images.md
@@ -39,13 +39,15 @@ accessible during the build process.

 ## What is an image

-The `image` keyword is the name of the docker image that is present in the
-local Docker Engine (list all images with `docker images`) or any image that
-can be found at [Docker Hub][hub]. For more information about images and Docker
-Hub please read the [Docker Fundamentals][] documentation.
+The `image` keyword is the name of the docker image the docker executor
+will run to perform the CI tasks.  

-In short, with `image` we refer to the docker image, which will be used to
-create a container on which your job will run.
+By default the executor will only pull images from [Docker Hub][hub],
+but this can be configured in the `gitlab-runner/config.toml` by setting
+the [docker pull policy][] to allow using local images.
+
+For more information about images and Docker Hub please read
+the [Docker Fundamentals][] documentation.

 ## What is a service

@@ -271,6 +273,7 @@ containers as well as all volumes (`-v`) that were created with the container
 creation.

 [Docker Fundamentals]: https://docs.docker.com/engine/understanding-docker/
+[docker pull policy]: https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work
 [hub]: https://hub.docker.com/
 [linking-containers]: https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/
 [tutum/wordpress]: https://hub.docker.com/r/tutum/wordpress/

--- a/doc/development/licensing.md
+++ b/doc/development/licensing.md
@@ -64,6 +64,10 @@ Libraries with the following licenses are unacceptable for use:
 - [GNU AGPLv3][AGPLv3]: AGPL-licensed libraries cannot be linked to from non-GPL projects.
 - [Open Software License (OSL)][OSL]: is a copyleft license. In addition, the FSF [recommend against its use][OSL-GNU].

+## Requesting Approval for Licenses
+
+Libraries that are not listed in the [Acceptable Licenses][Acceptable-Licenses] or [Unacceptable Licenses][Unacceptable-Licenses] list can be submitted to the legal team for review. Please create an issue in the [Organization Repository][Org-Repo] and cc `@gl-legal`. After a decision has been made, the original requestor is responsible for updating this document.
+
 ## Notes

 Decisions regarding the GNU GPL licenses are based on information provided by [The GNU Project][GNU-GPL-FAQ], as well as [the Open Source Initiative][OSI-GPL], which both state that linking GPL libraries makes the program itself GPL.
@@ -96,3 +100,6 @@ Gems which are included only in the "development" or "test" groups by Bundler ar
 [OSI-GPL]: https://opensource.org/faq#linking-proprietary-code
 [OSL]: https://opensource.org/licenses/OSL-3.0
 [OSL-GNU]: https://www.gnu.org/licenses/license-list.en.html#OSL
+[Org-Repo]: https://gitlab.com/gitlab-com/organization
+[Acceptable-Licenses]: #acceptable-licenses
+[Unacceptable-Licenses]: #unacceptable-licenses
--- a/doc/development/testing.md
+++ b/doc/development/testing.md
@@ -95,6 +95,25 @@ so we need to set some guidelines for their use going forward:

 [lets-not]: https://robots.thoughtbot.com/lets-not

+### Time-sensitive tests
+
+[Timecop](https://github.com/travisjeffery/timecop) is available in our
+Ruby-based tests for verifying things that are time-sensitive. Any test that
+exercises or verifies something time-sensitive should make use of Timecop to
+prevent transient test failures.
+
+Example:
+
+```ruby
+it 'is overdue' do
+  issue = build(:issue, due_date: Date.tomorrow)
+
+  Timecop.freeze(3.days.from_now) do
+    expect(issue).to be_overdue
+  end
+end
+```
+
 ### Test speed

 GitLab has a massive test suite that, without parallelization, can take more

--- a/doc/development/ux_guide/copy.md
+++ b/doc/development/ux_guide/copy.md
@@ -176,4 +176,4 @@ Portions of this page are modifications based on work created and shared by the
 [products]: https://about.gitlab.com/products/ "GitLab products page"
 [serial comma]: https://en.wikipedia.org/wiki/Serial_comma "“Serial comma” in Wikipedia"
 [android project]: http://source.android.com/
-[creative commons]: http://creativecommons.org/licenses/by/2.5/
\ No newline at end of file
+[creative commons]: http://creativecommons.org/licenses/by/2.5/
--- a/doc/development/ux_guide/img/harry-robison.png
+++ b/doc/development/ux_guide/img/harry-robison.png
--- a/doc/development/ux_guide/img/james-mackey.png
+++ b/doc/development/ux_guide/img/james-mackey.png
--- a/doc/development/ux_guide/img/steven-lyons.png
+++ b/doc/development/ux_guide/img/steven-lyons.png
--- a/doc/development/ux_guide/users.md
+++ b/doc/development/ux_guide/users.md
--- a/doc/user/project/pipelines/job_artifacts.md
+++ b/doc/user/project/pipelines/job_artifacts.md
@@ -90,18 +90,43 @@ inside GitLab that make that possible.
 It is possible to download the latest artifacts of a job via a well known URL
 so you can use it for scripting purposes.

-The structure of the URL is the following:
+The structure of the URL to download the whole artifacts archive is the following:

 ```
 https://example.com/<namespace>/<project>/builds/artifacts/<ref>/download?job=<job_name>
 ```

-For example, to download the latest artifacts of the job named `rspec 6 20` of
+To download a single file from the artifacts use the following URL:
+
+```
+https://example.com/<namespace>/<project>/builds/artifacts/<ref>/file/<path_to_file>?job=<job_name>
+```
+
+For example, to download the latest artifacts of the job named `coverage` of
 the `master` branch of the `gitlab-ce` project that belongs to the `gitlab-org`
 namespace, the URL would be:

 ```
-https://gitlab.com/gitlab-org/gitlab-ce/builds/artifacts/master/download?job=rspec+6+20
+https://gitlab.com/gitlab-org/gitlab-ce/builds/artifacts/master/download?job=coverage
+```
+
+To download the file `coverage/index.html` from the same
+artifacts use the following URL:
+
+```
+https://gitlab.com/gitlab-org/gitlab-ce/builds/artifacts/master/file/coverage/index.html?job=coverage
+```
+
+There is also a URL to browse the latest job artifacts:
+
+```
+https://example.com/<namespace>/<project>/builds/artifacts/<ref>/browse?job=<job_name>
+```
+
+For example:
+
+```
+https://gitlab.com/gitlab-org/gitlab-ce/builds/artifacts/master/browse?job=coverage
 ```

 The latest builds are also exposed in the UI in various places. Specifically,

--- a/features/project/merge_requests/revert.feature
+++ b/features/project/merge_requests/revert.feature
@@ -5,6 +5,7 @@ Feature: Revert Merge Requests
      And I am signed in as a developer of the project
      And I am on the Merge Request detail page
      And I click on Accept Merge Request
+      And I am on the Merge Request detail page

  @javascript
  Scenario: I revert a merge request

--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -19,6 +19,7 @@ module API
      mount ::API::V3::Repositories
      mount ::API::V3::SystemHooks
      mount ::API::V3::Tags
+      mount ::API::V3::Todos
      mount ::API::V3::Templates
      mount ::API::V3::Users
    end

--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -10,17 +10,9 @@ module API

        args.delete(:id)
        args[:milestone_title] = args.delete(:milestone)
+        args[:label_name] = args.delete(:labels)

-        match_all_labels = args.delete(:match_all_labels)
-        labels = args.delete(:labels)
-        args[:label_name] = labels if match_all_labels
-
-        issues = IssuesFinder.new(current_user, args).execute.inc_notes_with_associations
-
-        # TODO: Remove in 9.0  pass `label_name: args.delete(:labels)` to IssuesFinder
-        if !match_all_labels && labels.present?
-          issues = issues.includes(:labels).where('labels.title' => labels.split(','))
-        end
+        issues = IssuesFinder.new(current_user, args).execute

        issues.reorder(args[:order_by] => args[:sort])
      end
@@ -77,7 +69,7 @@ module API
      get ":id/issues" do
        group = find_group!(params[:id])

-        issues = find_issues(group_id: group.id, state: params[:state] || 'opened', match_all_labels: true)
+        issues = find_issues(group_id: group.id, state: params[:state] || 'opened')

        present paginate(issues), with: Entities::Issue, current_user: current_user
      end

--- a/lib/api/pipelines.rb
+++ b/lib/api/pipelines.rb
@@ -23,7 +23,7 @@ module API
        pipelines = PipelinesFinder.new(user_project).execute(scope: params[:scope])
        present paginate(pipelines), with: Entities::Pipeline
      end
-      
+
      desc 'Create a new pipeline' do
        detail 'This feature was introduced in GitLab 8.14'
        success Entities::Pipeline
@@ -58,7 +58,7 @@ module API
        present pipeline, with: Entities::Pipeline
      end

-      desc 'Retry failed builds in the pipeline' do
+      desc 'Retry builds in the pipeline' do
        detail 'This feature was introduced in GitLab 8.11.'
        success Entities::Pipeline
      end

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -266,7 +266,7 @@ module API
      desc 'Unstar a project' do
        success Entities::Project
      end
-      delete ':id/star' do
+      post ':id/unstar' do
        if current_user.starred?(user_project)
          current_user.toggle_star(user_project)
          user_project.reload

--- a/lib/api/todos.rb
+++ b/lib/api/todos.rb
@@ -58,7 +58,7 @@ module API
      params do
        requires :id, type: Integer, desc: 'The ID of the todo being marked as done'
      end
-      delete ':id' do
+      post ':id/mark_as_done' do
        todo = current_user.todos.find(params[:id])
        TodoService.new.mark_todos_as_done([todo], current_user)

@@ -66,9 +66,11 @@ module API
      end

      desc 'Mark all todos as done'
-      delete do
+      post '/mark_as_done' do
        todos = find_todos
        TodoService.new.mark_todos_as_done(todos, current_user)
+
+        no_content!
      end
    end
  end

--- a/lib/api/v3/todos.rb
+++ b/lib/api/v3/todos.rb
+module API
+  module V3
+    class Todos < Grape::API
+      before { authenticate! }
+
+      resource :todos do
+        desc 'Mark a todo as done' do
+          success ::API::Entities::Todo
+        end
+        params do
+          requires :id, type: Integer, desc: 'The ID of the todo being marked as done'
+        end
+        delete ':id' do
+          todo = current_user.todos.find(params[:id])
+          TodoService.new.mark_todos_as_done([todo], current_user)
+
+          present todo.reload, with: ::API::Entities::Todo, current_user: current_user
+        end
+
+        desc 'Mark all todos as done'
+        delete do
+          todos = TodosFinder.new(current_user, params).execute
+          TodoService.new.mark_todos_as_done(todos, current_user)
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -54,7 +54,7 @@ module Gitlab

        disable_statement_timeout

-        key_name = "fk_#{source}_#{target}_#{column}"
+        key_name = concurrent_foreign_key_name(source, column)

        # Using NOT VALID allows us to create a key without immediately
        # validating it. This means we keep the ALTER TABLE lock only for a
@@ -74,6 +74,15 @@ module Gitlab
        execute("ALTER TABLE #{source} VALIDATE CONSTRAINT #{key_name};")
      end

+      # Returns the name for a concurrent foreign key.
+      #
+      # PostgreSQL constraint names have a limit of 63 bytes. The logic used
+      # here is based on Rails' foreign_key_name() method, which unfortunately
+      # is private so we can't rely on it directly.
+      def concurrent_foreign_key_name(table, column)
+        "fk_#{Digest::SHA256.hexdigest("#{table}_#{column}_fk").first(10)}"
+      end
+
      # Long-running migrations may take more than the timeout allowed by
      # the database. Disable the session's statement timeout to ensure
      # migrations don't get killed prematurely. (PostgreSQL only)

--- a/lib/gitlab/github_import/base_formatter.rb
+++ b/lib/gitlab/github_import/base_formatter.rb
 module Gitlab
  module GithubImport
    class BaseFormatter
-      attr_reader :formatter, :project, :raw_data
+      attr_reader :client, :formatter, :project, :raw_data

-      def initialize(project, raw_data)
+      def initialize(project, raw_data, client = nil)
        @project = project
        @raw_data = raw_data
+        @client = client
        @formatter = Gitlab::ImportFormatter.new
      end

@@ -18,19 +19,6 @@ module Gitlab
      def url
        raw_data.url || ''
      end
-
-      private
-
-      def gitlab_user_id(github_id)
-        User.joins(:identities).
-          find_by("identities.extern_uid = ? AND identities.provider = 'github'", github_id.to_s).
-          try(:id)
-      end
-
-      def gitlab_author_id
-        return @gitlab_author_id if defined?(@gitlab_author_id)
-        @gitlab_author_id = gitlab_user_id(raw_data.user.id)
-      end
    end
  end
 end
--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@@ -10,6 +10,7 @@ module Gitlab
        @access_token = access_token
        @host = host.to_s.sub(%r{/+\z}, '')
        @api_version = api_version
+        @users = {}

        if access_token
          ::Octokit.auto_paginate = false
@@ -64,6 +65,13 @@ module Gitlab
        api.respond_to?(method) || super
      end

+      def user(login)
+        return nil unless login.present?
+        return @users[login] if @users.key?(login)
+
+        @users[login] = api.user(login)
+      end
+
      private

      def api_endpoint

--- a/lib/gitlab/github_import/comment_formatter.rb
+++ b/lib/gitlab/github_import/comment_formatter.rb
 module Gitlab
  module GithubImport
    class CommentFormatter < BaseFormatter
+      attr_writer :author_id
+
      def attributes
        {
          project: project,
@@ -17,11 +19,11 @@ module Gitlab
      private

      def author
-        raw_data.user.login
+        @author ||= UserFormatter.new(client, raw_data.user)
      end

      def author_id
-        gitlab_author_id || project.creator_id
+        author.gitlab_id || project.creator_id
      end

      def body
@@ -52,10 +54,10 @@ module Gitlab
      end

      def note
-        if gitlab_author_id
+        if author.gitlab_id
          body
        else
-          formatter.author_line(author) + body
+          formatter.author_line(author.login) + body
        end
      end


--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -110,7 +110,7 @@ module Gitlab
      def import_issues
        fetch_resources(:issues, repo, state: :all, sort: :created, direction: :asc, per_page: 100) do |issues|
          issues.each do |raw|
-            gh_issue = IssueFormatter.new(project, raw)
+            gh_issue = IssueFormatter.new(project, raw, client)

            begin
              issuable =
@@ -131,7 +131,8 @@ module Gitlab
      def import_pull_requests
        fetch_resources(:pull_requests, repo, state: :all, sort: :created, direction: :asc, per_page: 100) do |pull_requests|
          pull_requests.each do |raw|
-            gh_pull_request = PullRequestFormatter.new(project, raw)
+            gh_pull_request = PullRequestFormatter.new(project, raw, client)
+
            next unless gh_pull_request.valid?

            begin
@@ -209,14 +210,16 @@ module Gitlab
        ActiveRecord::Base.no_touching do
          comments.each do |raw|
            begin
-              comment         = CommentFormatter.new(project, raw)
+              comment = CommentFormatter.new(project, raw, client)
+
              # GH does not return info about comment's parent, so we guess it by checking its URL!
              *_, parent, iid = URI(raw.html_url).path.split('/')
-              if parent == 'issues'
-                issuable = Issue.find_by(project_id: project.id, iid: iid)
-              else
-                issuable = MergeRequest.find_by(target_project_id: project.id, iid: iid)
-              end
+
+              issuable = if parent == 'issues'
+                           Issue.find_by(project_id: project.id, iid: iid)
+                         else
+                           MergeRequest.find_by(target_project_id: project.id, iid: iid)
+                         end

              next unless issuable


--- a/lib/gitlab/github_import/issuable_formatter.rb
+++ b/lib/gitlab/github_import/issuable_formatter.rb
 module Gitlab
  module GithubImport
    class IssuableFormatter < BaseFormatter
+      attr_writer :assignee_id, :author_id
+
      def project_association
        raise NotImplementedError
      end
@@ -23,18 +25,24 @@ module Gitlab
        raw_data.assignee.present?
      end

-      def assignee_id
+      def author
+        @author ||= UserFormatter.new(client, raw_data.user)
+      end
+
+      def author_id
+        @author_id ||= author.gitlab_id || project.creator_id
+      end
+
+      def assignee
        if assigned?
-          gitlab_user_id(raw_data.assignee.id)
+          @assignee ||= UserFormatter.new(client, raw_data.assignee)
        end
      end

-      def author
-        raw_data.user.login
-      end
+      def assignee_id
+        return @assignee_id if defined?(@assignee_id)

-      def author_id
-        gitlab_author_id || project.creator_id
+        @assignee_id = assignee.try(:gitlab_id)
      end

      def body
@@ -42,10 +50,10 @@ module Gitlab
      end

      def description
-        if gitlab_author_id
+        if author.gitlab_id
          body
        else
-          formatter.author_line(author) + body
+          formatter.author_line(author.login) + body
        end
      end


--- a/lib/gitlab/github_import/user_formatter.rb
+++ b/lib/gitlab/github_import/user_formatter.rb
+module Gitlab
+  module GithubImport
+    class UserFormatter
+      attr_reader :client, :raw
+
+      delegate :id, :login, to: :raw, allow_nil: true
+
+      def initialize(client, raw)
+        @client = client
+        @raw = raw
+      end
+
+      def gitlab_id
+        return @gitlab_id if defined?(@gitlab_id)
+
+        @gitlab_id = find_by_external_uid || find_by_email
+      end
+
+      private
+
+      def email
+        @email ||= client.user(raw.login).try(:email)
+      end
+
+      def find_by_email
+        return nil unless email
+
+        User.find_by_any_email(email)
+            .try(:id)
+      end
+
+      def find_by_external_uid
+        return nil unless id
+
+        identities = ::Identity.arel_table
+
+        User.select(:id)
+            .joins(:identities).where(identities[:provider].eq(:github)
+            .and(identities[:extern_uid].eq(id)))
+            .first
+            .try(:id)
+      end
+    end
+  end
+end
--- a/spec/controllers/projects/blob_controller_spec.rb
+++ b/spec/controllers/projects/blob_controller_spec.rb
@@ -86,32 +86,47 @@ describe Projects::BlobController do
    end

    context 'when user has forked project' do
-      let(:guest) { create(:user) }
-      let!(:forked_project) { Projects::ForkService.new(project, guest).execute }
-      let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, source_branch: "fork-test-1", target_branch: "master") }
-
-      before { sign_in(guest) }
-
-      it "redirects to forked project new merge request" do
-        default_params[:target_branch] = "fork-test-1"
-        default_params[:create_merge_request] = 1
-
-        allow_any_instance_of(Files::UpdateService).to receive(:commit).and_return(:success)
-
-        put :update, default_params
-
-        expect(response).to redirect_to(
-          new_namespace_project_merge_request_path(
-            forked_project.namespace,
-            forked_project,
-            merge_request: {
-              source_project_id: forked_project.id,
-              target_project_id: project.id,
-              source_branch: "fork-test-1",
-              target_branch: "master"
-            }
+      let(:forked_project_link) { create(:forked_project_link, forked_from_project: project) }
+      let!(:forked_project) { forked_project_link.forked_to_project }
+      let(:guest) { forked_project.owner }
+
+      before do
+        sign_in(guest)
+      end
+
+      context 'when editing on the fork' do
+        before do
+          default_params[:namespace_id] = forked_project.namespace.to_param
+          default_params[:project_id] = forked_project.to_param
+        end
+
+        it 'redirects to blob' do
+          put :update, default_params
+
+          expect(response).to redirect_to(namespace_project_blob_path(forked_project.namespace, forked_project, 'master/CHANGELOG'))
+        end
+      end
+
+      context 'when editing on the original repository' do
+        it "redirects to forked project new merge request" do
+          default_params[:target_branch] = "fork-test-1"
+          default_params[:create_merge_request] = 1
+
+          put :update, default_params
+
+          expect(response).to redirect_to(
+            new_namespace_project_merge_request_path(
+              forked_project.namespace,
+              forked_project,
+              merge_request: {
+                source_project_id: forked_project.id,
+                target_project_id: project.id,
+                source_branch: "fork-test-1",
+                target_branch: "master"
+              }
+            )
          )
-        )
+        end
      end
    end
  end

--- a/spec/features/commits_spec.rb
+++ b/spec/features/commits_spec.rb
@@ -153,7 +153,7 @@ describe 'Commits' do
          expect(page).to have_content pipeline.git_author_name
          expect(page).to have_link('Download artifacts')
          expect(page).not_to have_link('Cancel running')
-          expect(page).not_to have_link('Retry failed')
+          expect(page).not_to have_link('Retry')
        end
      end

@@ -172,7 +172,7 @@ describe 'Commits' do
          expect(page).to have_content pipeline.git_author_name
          expect(page).not_to have_link('Download artifacts')
          expect(page).not_to have_link('Cancel running')
-          expect(page).not_to have_link('Retry failed')
+          expect(page).not_to have_link('Retry')
        end
      end
    end

--- a/spec/features/groups/members/list_spec.rb
+++ b/spec/features/groups/members/list_spec.rb
@@ -30,6 +30,21 @@ feature 'Groups members list', feature: true do
    expect(second_row).to be_blank
  end

+  it 'updates user to owner level', :js do
+    group.add_owner(user1)
+    group.add_developer(user2)
+
+    visit group_group_members_path(group)
+
+    page.within(second_row) do
+      click_button('Developer')
+
+      click_link('Owner')
+
+      expect(page).to have_button('Owner')
+    end
+  end
+
  def first_row
    page.all('ul.content-list > li')[0]
  end

--- a/spec/features/projects/new_project_spec.rb
+++ b/spec/features/projects/new_project_spec.rb
@@ -19,6 +19,51 @@ feature "New project", feature: true do
    end
  end

+  context "Namespace selector" do
+    context "with user namespace" do
+      before do
+        visit new_project_path
+      end
+
+      it "selects the user namespace" do
+        namespace = find("#project_namespace_id")
+
+        expect(namespace.text).to eq user.username
+      end
+    end
+
+    context "with group namespace" do
+      let(:group) { create(:group, :private, owner: user) }
+
+      before do
+        group.add_owner(user)
+        visit new_project_path(namespace_id: group.id)
+      end
+
+      it "selects the group namespace" do
+        namespace = find("#project_namespace_id option[selected]")
+
+        expect(namespace.text).to eq group.name
+      end
+
+      context "on validation error" do
+        before do
+          fill_in('project_path', with: 'private-group-project')
+          choose('Internal')
+          click_button('Create project')
+
+          expect(page).to have_css '.project-edit-errors .alert.alert-danger'
+        end
+
+        it "selects the group namespace" do
+          namespace = find("#project_namespace_id option[selected]")
+
+          expect(namespace.text).to eq group.name
+        end
+      end
+    end
+  end
+
  context 'Import project options' do
    before do
      visit new_project_path

--- a/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/spec/features/projects/pipelines/pipeline_spec.rb
@@ -54,7 +54,7 @@ describe 'Pipeline', :feature, :js do
      expect(page).to have_content('Build')
      expect(page).to have_content('Test')
      expect(page).to have_content('Deploy')
-      expect(page).to have_content('Retry failed')
+      expect(page).to have_content('Retry')
      expect(page).to have_content('Cancel running')
    end

@@ -164,9 +164,9 @@ describe 'Pipeline', :feature, :js do
      it { expect(page).not_to have_content('retried') }

      context 'when retrying' do
-        before { click_on 'Retry failed' }
+        before { find('.js-retry-button').trigger('click') }

-        it { expect(page).not_to have_content('Retry failed') }
+        it { expect(page).not_to have_content('Retry') }
      end
    end

@@ -198,7 +198,7 @@ describe 'Pipeline', :feature, :js do
      expect(page).to have_content(build_failed.id)
      expect(page).to have_content(build_running.id)
      expect(page).to have_content(build_external.id)
-      expect(page).to have_content('Retry failed')
+      expect(page).to have_content('Retry')
      expect(page).to have_content('Cancel running')
      expect(page).to have_link('Play')
    end
@@ -226,9 +226,9 @@ describe 'Pipeline', :feature, :js do
      it { expect(page).not_to have_content('retried') }

      context 'when retrying' do
-        before { click_on 'Retry failed' }
+        before { find('.js-retry-button').trigger('click') }

-        it { expect(page).not_to have_content('Retry failed') }
+        it { expect(page).not_to have_content('Retry') }
        it { expect(page).to have_selector('.retried') }
      end
    end

--- a/spec/features/projects/ref_switcher_spec.rb
+++ b/spec/features/projects/ref_switcher_spec.rb
@@ -20,6 +20,8 @@ feature 'Ref switcher', feature: true, js: true do
      input.set 'binary'
      wait_for_ajax

+      expect(find('.dropdown-content ul')).to have_selector('li', count: 6)
+
      page.within '.dropdown-content ul' do
        input.native.send_keys :enter
      end

--- a/spec/javascripts/filtered_search/filtered_search_tokenizer_spec.js.es6
+++ b/spec/javascripts/filtered_search/filtered_search_tokenizer_spec.js.es6
@@ -99,6 +99,29 @@ require('~/filtered_search/filtered_search_tokenizer');
        expect(results.tokens[2].value).toBe('Doing');
        expect(results.tokens[2].symbol).toBe('~');
      });
+
+      it('returns search value for invalid tokens', () => {
+        const results = gl.FilteredSearchTokenizer.processTokens('fake:token');
+        expect(results.lastToken).toBe('fake:token');
+        expect(results.searchToken).toBe('fake:token');
+        expect(results.tokens.length).toEqual(0);
+      });
+
+      it('returns search value and token for mix of valid and invalid tokens', () => {
+        const results = gl.FilteredSearchTokenizer.processTokens('label:real fake:token');
+        expect(results.tokens.length).toEqual(1);
+        expect(results.tokens[0].key).toBe('label');
+        expect(results.tokens[0].value).toBe('real');
+        expect(results.tokens[0].symbol).toBe('');
+        expect(results.lastToken).toBe('fake:token');
+        expect(results.searchToken).toBe('fake:token');
+      });
+
+      it('returns search value for invalid symbols', () => {
+        const results = gl.FilteredSearchTokenizer.processTokens('std::includes');
+        expect(results.lastToken).toBe('std::includes');
+        expect(results.searchToken).toBe('std::includes');
+      });
    });
  });
 })();
--- a/spec/lib/gitlab/database/migration_helpers_spec.rb
+++ b/spec/lib/gitlab/database/migration_helpers_spec.rb
@@ -101,6 +101,16 @@ describe Gitlab::Database::MigrationHelpers, lib: true do
    end
  end

+  describe '#concurrent_foreign_key_name' do
+    it 'returns the name for a foreign key' do
+      name = model.concurrent_foreign_key_name(:this_is_a_very_long_table_name,
+                                               :with_a_very_long_column_name)
+
+      expect(name).to be_an_instance_of(String)
+      expect(name.length).to eq(13)
+    end
+  end
+
  describe '#disable_statement_timeout' do
    context 'using PostgreSQL' do
      it 'disables statement timeouts' do

--- a/spec/lib/gitlab/github_import/comment_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/comment_formatter_spec.rb
 require 'spec_helper'

 describe Gitlab::GithubImport::CommentFormatter, lib: true do
+  let(:client) { double }
  let(:project) { create(:empty_project) }
-  let(:octocat) { double(id: 123456, login: 'octocat') }
+  let(:octocat) { double(id: 123456, login: 'octocat', email: 'octocat@example.com') }
  let(:created_at) { DateTime.strptime('2013-04-10T20:09:31Z') }
  let(:updated_at) { DateTime.strptime('2014-03-03T18:58:10Z') }
  let(:base) do
@@ -16,7 +17,11 @@ describe Gitlab::GithubImport::CommentFormatter, lib: true do
    }
  end

-  subject(:comment) { described_class.new(project, raw)}
+  subject(:comment) { described_class.new(project, raw, client) }
+
+  before do
+    allow(client).to receive(:user).and_return(octocat)
+  end

  describe '#attributes' do
    context 'when do not reference a portion of the diff' do
@@ -69,8 +74,15 @@ describe Gitlab::GithubImport::CommentFormatter, lib: true do
    context 'when author is a GitLab user' do
      let(:raw) { double(base.merge(user: octocat)) }

-      it 'returns GitLab user id as author_id' do
+      it 'returns GitLab user id associated with GitHub id as author_id' do
        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')
+
+        expect(comment.attributes.fetch(:author_id)).to eq gl_user.id
+      end
+
+      it 'returns GitLab user id associated with GitHub email as author_id' do
+        gl_user = create(:user, email: octocat.email)
+
        expect(comment.attributes.fetch(:author_id)).to eq gl_user.id
      end


--- a/spec/lib/gitlab/github_import/importer_spec.rb
+++ b/spec/lib/gitlab/github_import/importer_spec.rb
@@ -44,6 +44,7 @@ describe Gitlab::GithubImport::Importer, lib: true do
      allow_any_instance_of(Octokit::Client).to receive(:rate_limit!).and_raise(Octokit::NotFound)
      allow_any_instance_of(Gitlab::Shell).to receive(:import_repository).and_raise(Gitlab::Shell::Error)

+      allow_any_instance_of(Octokit::Client).to receive(:user).and_return(octocat)
      allow_any_instance_of(Octokit::Client).to receive(:labels).and_return([label1, label2])
      allow_any_instance_of(Octokit::Client).to receive(:milestones).and_return([milestone, milestone])
      allow_any_instance_of(Octokit::Client).to receive(:issues).and_return([issue1, issue2])
@@ -53,7 +54,8 @@ describe Gitlab::GithubImport::Importer, lib: true do
      allow_any_instance_of(Octokit::Client).to receive(:last_response).and_return(double(rels: { next: nil }))
      allow_any_instance_of(Octokit::Client).to receive(:releases).and_return([release1, release2])
    end
-    let(:octocat) { double(id: 123456, login: 'octocat') }
+
+    let(:octocat) { double(id: 123456, login: 'octocat', email: 'octocat@example.com') }
    let(:created_at) { DateTime.strptime('2011-01-26T19:01:12Z') }
    let(:updated_at) { DateTime.strptime('2011-01-27T19:01:12Z') }
    let(:label1) do
@@ -125,6 +127,7 @@ describe Gitlab::GithubImport::Importer, lib: true do
      )
    end

+    let!(:user) { create(:user, email: octocat.email) }
    let(:repository) { double(id: 1, fork: false) }
    let(:source_sha) { create(:commit, project: project).id }
    let(:source_branch) { double(ref: 'feature', repo: repository, sha: source_sha) }

--- a/spec/lib/gitlab/github_import/issue_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/issue_formatter_spec.rb
 require 'spec_helper'

 describe Gitlab::GithubImport::IssueFormatter, lib: true do
+  let(:client) { double }
  let!(:project) { create(:empty_project, namespace: create(:namespace, path: 'octocat')) }
-  let(:octocat) { double(id: 123456, login: 'octocat') }
+  let(:octocat) { double(id: 123456, login: 'octocat', email: 'octocat@example.com') }
  let(:created_at) { DateTime.strptime('2011-01-26T19:01:12Z') }
  let(:updated_at) { DateTime.strptime('2011-01-27T19:01:12Z') }

@@ -23,7 +24,11 @@ describe Gitlab::GithubImport::IssueFormatter, lib: true do
    }
  end

-  subject(:issue) { described_class.new(project, raw_data) }
+  subject(:issue) { described_class.new(project, raw_data, client) }
+
+  before do
+    allow(client).to receive(:user).and_return(octocat)
+  end

  shared_examples 'Gitlab::GithubImport::IssueFormatter#attributes' do
    context 'when issue is open' do
@@ -75,11 +80,17 @@ describe Gitlab::GithubImport::IssueFormatter, lib: true do
        expect(issue.attributes.fetch(:assignee_id)).to be_nil
      end

-      it 'returns GitLab user id as assignee_id when is a GitLab user' do
+      it 'returns GitLab user id associated with GitHub id as assignee_id' do
        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')

        expect(issue.attributes.fetch(:assignee_id)).to eq gl_user.id
      end
+
+      it 'returns GitLab user id associated with GitHub email as assignee_id' do
+        gl_user = create(:user, email: octocat.email)
+
+        expect(issue.attributes.fetch(:assignee_id)).to eq gl_user.id
+      end
    end

    context 'when it has a milestone' do
@@ -100,16 +111,22 @@ describe Gitlab::GithubImport::IssueFormatter, lib: true do
    context 'when author is a GitLab user' do
      let(:raw_data) { double(base_data.merge(user: octocat)) }

-      it 'returns project#creator_id as author_id when is not a GitLab user' do
+      it 'returns project creator_id as author_id when is not a GitLab user' do
        expect(issue.attributes.fetch(:author_id)).to eq project.creator_id
      end

-      it 'returns GitLab user id as author_id when is a GitLab user' do
+      it 'returns GitLab user id associated with GitHub id as author_id' do
        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')

        expect(issue.attributes.fetch(:author_id)).to eq gl_user.id
      end

+      it 'returns GitLab user id associated with GitHub email as author_id' do
+        gl_user = create(:user, email: octocat.email)
+
+        expect(issue.attributes.fetch(:author_id)).to eq gl_user.id
+      end
+
      it 'returns description without created at tag line' do
        create(:omniauth_user, extern_uid: octocat.id, provider: 'github')


--- a/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
 require 'spec_helper'

 describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
+  let(:client) { double }
  let(:project) { create(:project, :repository) }
  let(:source_sha) { create(:commit, project: project).id }
  let(:target_sha) { create(:commit, project: project, git_commit: RepoHelpers.another_sample_commit).id }
@@ -10,7 +11,7 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
  let(:target_repo) { repository }
  let(:target_branch) { double(ref: 'master', repo: target_repo, sha: target_sha) }
  let(:removed_branch) { double(ref: 'removed-branch', repo: source_repo, sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b') }
-  let(:octocat) { double(id: 123456, login: 'octocat') }
+  let(:octocat) { double(id: 123456, login: 'octocat', email: 'octocat@example.com') }
  let(:created_at) { DateTime.strptime('2011-01-26T19:01:12Z') }
  let(:updated_at) { DateTime.strptime('2011-01-27T19:01:12Z') }
  let(:base_data) do
@@ -32,7 +33,11 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
    }
  end

-  subject(:pull_request) { described_class.new(project, raw_data) }
+  subject(:pull_request) { described_class.new(project, raw_data, client) }
+
+  before do
+    allow(client).to receive(:user).and_return(octocat)
+  end

  shared_examples 'Gitlab::GithubImport::PullRequestFormatter#attributes' do
    context 'when pull request is open' do
@@ -121,26 +126,38 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
        expect(pull_request.attributes.fetch(:assignee_id)).to be_nil
      end

-      it 'returns GitLab user id as assignee_id when is a GitLab user' do
+      it 'returns GitLab user id associated with GitHub id as assignee_id' do
        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')

        expect(pull_request.attributes.fetch(:assignee_id)).to eq gl_user.id
      end
+
+      it 'returns GitLab user id associated with GitHub email as assignee_id' do
+        gl_user = create(:user, email: octocat.email)
+
+        expect(pull_request.attributes.fetch(:assignee_id)).to eq gl_user.id
+      end
    end

    context 'when author is a GitLab user' do
      let(:raw_data) { double(base_data.merge(user: octocat)) }

-      it 'returns project#creator_id as author_id when is not a GitLab user' do
+      it 'returns project creator_id as author_id when is not a GitLab user' do
        expect(pull_request.attributes.fetch(:author_id)).to eq project.creator_id
      end

-      it 'returns GitLab user id as author_id when is a GitLab user' do
+      it 'returns GitLab user id associated with GitHub id as author_id' do
        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')

        expect(pull_request.attributes.fetch(:author_id)).to eq gl_user.id
      end

+      it 'returns GitLab user id associated with GitHub email as author_id' do
+        gl_user = create(:user, email: octocat.email)
+
+        expect(pull_request.attributes.fetch(:author_id)).to eq gl_user.id
+      end
+
      it 'returns description without created at tag line' do
        create(:omniauth_user, extern_uid: octocat.id, provider: 'github')


--- a/spec/lib/gitlab/github_import/user_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/user_formatter_spec.rb
+require 'spec_helper'
+
+describe Gitlab::GithubImport::UserFormatter, lib: true do
+  let(:client) { double }
+  let(:octocat) { double(id: 123456, login: 'octocat', email: 'octocat@example.com') }
+
+  subject(:user) { described_class.new(client, octocat) }
+
+  before do
+    allow(client).to receive(:user).and_return(octocat)
+  end
+
+  describe '#gitlab_id' do
+    context 'when GitHub user is a GitLab user' do
+      it 'return GitLab user id when user associated their account with GitHub' do
+        gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')
+
+        expect(user.gitlab_id).to eq gl_user.id
+      end
+
+      it 'returns GitLab user id when user primary email matches GitHub email' do
+        gl_user = create(:user, email: octocat.email)
+
+        expect(user.gitlab_id).to eq gl_user.id
+      end
+
+      it 'returns GitLab user id when any of user linked emails matches GitHub email' do
+        gl_user = create(:user, email: 'johndoe@example.com')
+        create(:email, user: gl_user, email: octocat.email)
+
+        expect(user.gitlab_id).to eq gl_user.id
+      end
+    end
+
+    it 'returns nil when GitHub user is not a GitLab user' do
+      expect(user.gitlab_id).to be_nil
+    end
+  end
+end
--- a/spec/models/concerns/spammable_spec.rb
+++ b/spec/models/concerns/spammable_spec.rb
@@ -14,8 +14,9 @@ describe Issue, 'Spammable' do
  end

  describe 'InstanceMethods' do
+    let(:issue) { build(:issue, spam: true) }
+
    it 'should be invalid if spam' do
-      issue = build(:issue, spam: true)
      expect(issue.valid?).to be_falsey
    end

@@ -29,5 +30,20 @@ describe Issue, 'Spammable' do
        expect(issue.check_for_spam?).to eq(false)
      end
    end
+
+    describe '#submittable_as_spam_by?' do
+      let(:admin) { build(:admin) }
+      let(:user) { build(:user) }
+
+      before do
+        allow(issue).to receive(:submittable_as_spam?).and_return(true)
+      end
+
+      it 'tests if the user can submit spam' do
+        expect(issue.submittable_as_spam_by?(admin)).to be(true)
+        expect(issue.submittable_as_spam_by?(user)).to be(false)
+        expect(issue.submittable_as_spam_by?(nil)).to be_nil
+      end
+    end
  end
 end
--- a/spec/requests/api/commit_statuses_spec.rb
+++ b/spec/requests/api/commit_statuses_spec.rb
@@ -21,10 +21,6 @@ describe API::CommitStatuses, api: true do
      let!(:master) { project.pipelines.create(sha: commit.id, ref: 'master') }
      let!(:develop) { project.pipelines.create(sha: commit.id, ref: 'develop') }

-      it_behaves_like 'a paginated resources' do
-        let(:request) { get api(get_url, reporter) }
-      end
-
      context "reporter user" do
        let(:statuses_id) { json_response.map { |status| status['id'] } }

@@ -45,6 +41,7 @@ describe API::CommitStatuses, api: true do
          it 'returns latest commit statuses' do
            expect(response).to have_http_status(200)

+            expect(response).to include_pagination_headers
            expect(json_response).to be_an Array
            expect(statuses_id).to contain_exactly(status3.id, status4.id, status5.id, status6.id)
            json_response.sort_by!{ |status| status['id'] }

--- a/spec/requests/api/deployments_spec.rb
+++ b/spec/requests/api/deployments_spec.rb
@@ -14,10 +14,6 @@ describe API::Deployments, api: true  do

  describe 'GET /projects/:id/deployments' do
    context 'as member of the project' do
-      it_behaves_like 'a paginated resources' do
-        let(:request) { get api("/projects/#{project.id}/deployments", user) }
-      end
-
      it 'returns projects deployments' do
        get api("/projects/#{project.id}/deployments", user)


--- a/spec/requests/api/environments_spec.rb
+++ b/spec/requests/api/environments_spec.rb
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
--- a/spec/requests/api/todos_spec.rb
+++ b/spec/requests/api/todos_spec.rb
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
--- a/spec/requests/api/v3/todos_spec.rb
+++ b/spec/requests/api/v3/todos_spec.rb
--- a/spec/services/users/destroy_spec.rb
+++ b/spec/services/users/destroy_spec.rb
--- a/spec/support/api/pagination_shared_examples.rb
+++ b/spec/support/api/pagination_shared_examples.rb