Merge branch 'ce-to-ee-2018-12-06' into 'master'

CE upstream - 2018-12-06 10:22 UTC See merge request gitlab-org/gitlab-ee!8724

Merge branch 'ce-to-ee-2018-12-06' into 'master'
CE upstream - 2018-12-06 10:22 UTC See merge request gitlab-org/gitlab-ee!8724
d441533c · Robert Speicher · b16a0c27 · bacf614c · d441533c · d441533c
Commit d441533c authored Dec 07, 2018 by Robert Speicher
25 changed files
--- a/app/assets/javascripts/clusters/components/applications.vue
+++ b/app/assets/javascripts/clusters/components/applications.vue
@@ -296,7 +296,6 @@ export default {
        :request-status="applications.cert_manager.requestStatus"
        :request-reason="applications.cert_manager.requestReason"
        :disabled="!helmInstalled"
-        class="hide-bottom-border rounded-bottom"
        title-link="https://cert-manager.readthedocs.io/en/latest/#"
      >
        <div slot="description" v-html="certManagerDescription"></div>
@@ -396,6 +395,7 @@ export default {
        </div>
      </application-row>
      <application-row
+        v-if="isProjectCluster"
        id="knative"
        :logo-url="knativeLogo"
        :title="applications.knative.title"
@@ -405,7 +405,6 @@ export default {
        :request-reason="applications.knative.requestReason"
        :install-application-request-params="{ hostname: applications.knative.hostname }"
        :disabled="!helmInstalled"
-        class="hide-bottom-border rounded-bottom"
        title-link="https://github.com/knative/docs"
      >
        <div slot="description">
@@ -432,7 +431,7 @@ export default {
              />
            </div>
          </template>
-          <template v-else>
+          <template v-else-if="helmInstalled">
            <div class="form-group">
              <label for="knative-domainname">
                {{ s__('ClusterIntegration|Knative Domain Name:') }}

--- a/app/assets/javascripts/environments/components/environments_table.vue
+++ b/app/assets/javascripts/environments/components/environments_table.vue
@@ -88,7 +88,7 @@ export default {

      <template v-if="shouldRenderFolderContent(model)">
        <div v-if="model.isLoadingFolderContent" :key="`loading-item-${i}`">
-          <gl-loading-icon :size="2" />
+          <gl-loading-icon :size="2" class="prepend-top-16" />
        </div>

        <template v-else>

--- a/app/assets/javascripts/pipelines/components/pipeline_url.vue
+++ b/app/assets/javascripts/pipelines/components/pipeline_url.vue
@@ -65,7 +65,7 @@ export default {
        v-if="pipeline.flags.latest"
        v-gl-tooltip
        class="js-pipeline-url-latest badge badge-success"
-        title="Latest pipeline for this branch"
+        title="__('Latest pipeline for this branch')"
      >
        latest
      </span>
@@ -97,6 +97,14 @@ export default {
      <span v-if="pipeline.flags.stuck" class="js-pipeline-url-stuck badge badge-warning">
        stuck
      </span>
+      <span
+        v-if="pipeline.flags.merge_request"
+        v-gl-tooltip
+        title="__('This pipeline is run in a merge request context')"
+        class="js-pipeline-url-mergerequest badge badge-info"
+      >
+        merge request
+      </span>
    </div>
  </div>
 </template>
--- a/app/assets/stylesheets/framework.scss
+++ b/app/assets/stylesheets/framework.scss
@@ -67,3 +67,4 @@
 @import 'framework/feature_highlight';
 @import 'framework/terms';
 @import 'framework/read_more';
+@import 'framework/flex_grid';
--- a/app/assets/stylesheets/framework/flex_grid.scss
+++ b/app/assets/stylesheets/framework/flex_grid.scss
+.flex-grid {
+  .grid-row {
+    border-bottom: 1px solid $border-color;
+    padding: 0;
+
+    &:last-child {
+      border-bottom: 0;
+    }
+
+    @include media-breakpoint-down(md) {
+      border-bottom: 0;
+      border-right: 1px solid $border-color;
+
+      &:last-child {
+        border-right: 0;
+      }
+    }
+
+    @include media-breakpoint-down(xs) {
+      border-right: 0;
+      border-bottom: 1px solid $border-color;
+
+      &:last-child {
+        border-bottom: 0;
+      }
+    }
+  }
+
+  .grid-cell {
+    padding: 10px $gl-padding;
+    border-right: 1px solid $border-color;
+
+    &:last-child {
+      border-right: 0;
+    }
+
+    @include media-breakpoint-up(md) {
+      flex: 1;
+    }
+
+    @include media-breakpoint-down(md) {
+      border-right: 0;
+      flex: none;
+    }
+  }
+}
+
+.card {
+  .card-body.flex-grid {
+    padding: 0;
+  }
+}
--- a/app/presenters/group_clusterable_presenter.rb
+++ b/app/presenters/group_clusterable_presenter.rb
@@ -31,6 +31,6 @@ class GroupClusterablePresenter < ClusterablePresenter

  override :learn_more_link
  def learn_more_link
-    link_to(s_('ClusterIntegration|Learn more about group Kubernetes clusters'), help_page_path('user/project/clusters/index'), target: '_blank', rel: 'noopener noreferrer')
+    link_to(s_('ClusterIntegration|Learn more about group Kubernetes clusters'), help_page_path('user/group/clusters/index'), target: '_blank', rel: 'noopener noreferrer')
  end
 end
--- a/app/serializers/pipeline_entity.rb
+++ b/app/serializers/pipeline_entity.rb
@@ -23,6 +23,7 @@ class PipelineEntity < Grape::Entity
    expose :latest?, as: :latest
    expose :stuck?, as: :stuck
    expose :auto_devops_source?, as: :auto_devops
+    expose :merge_request?, as: :merge_request
    expose :has_yaml_errors?, as: :yaml_errors
    expose :can_retry?, as: :retryable
    expose :can_cancel?, as: :cancelable

--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -24,6 +24,38 @@
      - if @pipeline.queued_duration
        = "(queued for #{time_interval_in_words(@pipeline.queued_duration)})"

+  .well-segment
+    .icon-container
+      = sprite_icon('flag')
+    - if @pipeline.latest?
+      %span.js-pipeline-url-latest.badge.badge-success.has-tooltip{ title: _("Latest pipeline for this branch") }
+        latest
+    - if @pipeline.has_yaml_errors?
+      %span.js-pipeline-url-yaml.badge.badge-danger.has-tooltip{ title: @pipeline.yaml_errors }
+        yaml invalid
+    - if @pipeline.failure_reason?
+      %span.js-pipeline-url-failure.badge.badge-danger.has-tooltip{ title: @pipeline.failure_reason }
+        error
+    - if @pipeline.auto_devops_source?
+      - popover_title_text = _('This pipeline makes use of a predefined CI/CD configuration enabled by <b>Auto DevOps.</b>').html_safe
+      - popover_content_url = help_page_path('topics/autodevops/index.md')
+      - popover_content_text = _('Learn more about Auto DevOps')
+      %a.js-pipeline-url-autodevops.badge.badge-info.autodevops-badge{ href: "#", tabindex: "0", role: "button", data: { container: "body",
+        toggle: "popover",
+        placement: "top",
+        html: "true",
+        trigger: "focus",
+        title: "<div class='autodevops-title'>#{popover_title_text}</div>",
+        content: "<a class='autodevops-link' href='#{popover_content_url}' target='_blank' rel='noopener noreferrer nofollow'>#{popover_content_text}</a>",
+      } }
+        Auto DevOps
+    - if @pipeline.merge_request?
+      %span.js-pipeline-url-mergerequest.badge.badge-info.has-tooltip{ title: "This pipeline is run in a merge request context" }
+        merge request
+    - if @pipeline.stuck?
+      %span.js-pipeline-url-stuck.badge.badge-warning
+        stuck
+
  .well-segment.branch-info
    .icon-container.commit-icon
      = custom_icon("icon_commit")

--- a/changelogs/unreleased/52285-omniauth-jwt-ppk-support.yml
+++ b/changelogs/unreleased/52285-omniauth-jwt-ppk-support.yml
+---
+title: Support RSA and ECDSA algorithms in Omniauth JWT provider
+merge_request: 23411
+author: Michael Tsyganov
+type: fixed
--- a/changelogs/unreleased/54336-include-tags-into-pipeline-detail-view.yml
+++ b/changelogs/unreleased/54336-include-tags-into-pipeline-detail-view.yml
+---
+title: Merge request pipeline tag, and adds tags to pipeline view
+merge_request: 23364
+author:
+type: added
--- a/changelogs/unreleased/deprecated-instance-find.yml
+++ b/changelogs/unreleased/deprecated-instance-find.yml
+---
+title: 'Fix deprecation: You are passing an instance of ActiveRecord::Base to'
+merge_request: 23369
+author: Jasper Maes
+type: other
--- a/changelogs/unreleased/gt-add-top-padding-for-nested-environment-items-loading-icon.yml
+++ b/changelogs/unreleased/gt-add-top-padding-for-nested-environment-items-loading-icon.yml
+---
+title: Add top padding for nested environment items loading icon
+merge_request: 23580
+author: George Tsiolis
+type: fixed
--- a/changelogs/unreleased/mg-fix-knative-application-row.yml
+++ b/changelogs/unreleased/mg-fix-knative-application-row.yml
+---
+title: Hide Knative from group cluster applications until supported
+merge_request: 23577
+author:
+type: fixed
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -682,15 +682,15 @@ production: &base
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
      # - { name: 'jwt',
-      #     app_secret: 'YOUR_APP_SECRET',
      #     args: {
-      #             algorithm: 'HS256',
-      #             uid_claim: 'email',
-      #             required_claims: ["name", "email"],
-      #             info_map: { name: "name", email: "email" },
-      #             auth_url: 'https://example.com/',
-      #             valid_within: null,
-      #           }
+      #       secret: 'YOUR_APP_SECRET',
+      #       algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
+      #       uid_claim: 'email',
+      #       required_claims: ['name', 'email'],
+      #       info_map: { name: 'name', email: 'email' },
+      #       auth_url: 'https://example.com/',
+      #       valid_within: 3600 # 1 hour
+      #     }
      #   }
      # - { name: 'saml',
      #     label: 'Our SAML Provider',

--- a/doc/administration/auth/README.md
+++ b/doc/administration/auth/README.md
@@ -11,7 +11,7 @@ providers.
  and 389 Server
  - [LDAP for GitLab EE](ldap-ee.md): LDAP additions to GitLab Enterprise Editions **[STARTER ONLY]**
 - [OmniAuth](../../integration/omniauth.md) Sign in via Twitter, GitHub, GitLab.com, Google,
-  Bitbucket, Facebook, Shibboleth, Crowd, Azure and Authentiq ID
+  Bitbucket, Facebook, Shibboleth, Crowd, Azure, Authentiq ID, and JWT
 - [CAS](../../integration/cas.md) Configure GitLab to sign in using CAS
 - [SAML](../../integration/saml.md) Configure GitLab as a SAML 2.0 Service Provider
 - [Okta](okta.md) Configure GitLab to sign in using Okta

--- a/doc/administration/auth/jwt.md
+++ b/doc/administration/auth/jwt.md
@@ -26,15 +26,15 @@ JWT will provide you with a secret key for you to use.
    ```ruby
    gitlab_rails['omniauth_providers'] = [
      { name: 'jwt',
-        app_secret: 'YOUR_APP_SECRET',
        args: {
-                algorithm: 'HS256',
-                uid_claim: 'email',
-                required_claims: ["name", "email"],
-                info_maps: { name: "name", email: "email" },
-                auth_url: 'https://example.com/',
-                valid_within: nil,
-              }
+          secret: 'YOUR_APP_SECRET',
+          algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
+          uid_claim: 'email',
+          required_claims: ['name', 'email'],
+          info_maps: { name: 'name', email: 'email' },
+          auth_url: 'https://example.com/',
+          valid_within: 3600 # 1 hour
+        }
      }
    ]
    ```
@@ -43,15 +43,15 @@ JWT will provide you with a secret key for you to use.

    ```
    - { name: 'jwt',
-        app_secret: 'YOUR_APP_SECRET',
        args: {
-                algorithm: 'HS256',
-                uid_claim: 'email',
-                required_claims: ["name", "email"],
-                info_map: { name: "name", email: "email" },
-                auth_url: 'https://example.com/',
-                valid_within: null,
-              }
+          secret: 'YOUR_APP_SECRET',
+          algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
+          uid_claim: 'email',
+          required_claims: ['name', 'email'],
+          info_map: { name: 'name', email: 'email' },
+          auth_url: 'https://example.com/',
+          valid_within: 3600 # 1 hour
+        }
      }
    ```

@@ -60,7 +60,7 @@ JWT will provide you with a secret key for you to use.

 1.  Change `YOUR_APP_SECRET` to the client secret and set `auth_url` to your redirect URL.
 1.  Save the configuration file.
-1.  [Reconfigure GitLab][] or [restart GitLab][] for the changes to take effect if you
+1.  [Reconfigure][] or [restart GitLab][] for the changes to take effect if you
    installed GitLab via Omnibus or from source respectively.

 On the sign in page there should now be a JWT icon below the regular sign in form.
@@ -68,5 +68,5 @@ Click the icon to begin the authentication process. JWT will ask the user to
 sign in and authorize the GitLab application. If everything goes well, the user
 will be redirected to GitLab and will be signed in.

-[reconfigure GitLab]: ../restart_gitlab.md#omnibus-gitlab-reconfigure
+[reconfigure]: ../restart_gitlab.md#omnibus-gitlab-reconfigure
 [restart GitLab]: ../restart_gitlab.md#installations-from-source
--- a/lib/omni_auth/strategies/jwt.rb
+++ b/lib/omni_auth/strategies/jwt.rb
 # frozen_string_literal: true

 require 'omniauth'
+require 'openssl'
 require 'jwt'

 module OmniAuth
@@ -37,7 +38,19 @@ module OmniAuth
      end

      def decoded
-        @decoded ||= ::JWT.decode(request.params['jwt'], options.secret, options.algorithm).first
+        secret =
+          case options.algorithm
+          when *%w[RS256 RS384 RS512]
+            OpenSSL::PKey::RSA.new(options.secret).public_key
+          when *%w[ES256 ES384 ES512]
+            OpenSSL::PKey::EC.new(options.secret).tap { |key| key.private_key = nil }
+          when *%w(HS256 HS384 HS512)
+            options.secret
+          else
+            raise NotImplementedError, "Unsupported algorithm: #{options.algorithm}"
+          end
+
+        @decoded ||= ::JWT.decode(request.params['jwt'], secret, true, { algorithm: options.algorithm }).first

        (options.required_claims || []).each do |field|
          raise ClaimInvalid, "Missing required '#{field}' claim" unless @decoded.key?(field.to_s)
@@ -45,7 +58,7 @@ module OmniAuth

        raise ClaimInvalid, "Missing required 'iat' claim" if options.valid_within && !@decoded["iat"]

-        if options.valid_within && (Time.now.to_i - @decoded["iat"]).abs > options.valid_within
+        if options.valid_within && (Time.now.to_i - @decoded["iat"]).abs > options.valid_within.to_i
          raise ClaimInvalid, "'iat' timestamp claim is too skewed from present"
        end


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -4939,6 +4939,9 @@ msgstr ""
 msgid "Latest changes"
 msgstr ""

+msgid "Latest pipeline for this branch"
+msgstr ""
+
 msgid "Learn how to %{no_packages_link_start}publish and share your Maven packages%{no_packages_link_end} with GitLab. Additional package types will be supported in future releases."
 msgstr ""

@@ -4948,6 +4951,9 @@ msgstr ""
 msgid "Learn more about %{issue_boards_url}, to keep track of issues in multiple lists, using labels, assignees, and milestones. If you’re missing something from issue boards, please create an issue on %{gitlab_issues_url}."
 msgstr ""

+msgid "Learn more about Auto DevOps"
+msgstr ""
+
 msgid "Learn more about Kubernetes"
 msgstr ""

@@ -8601,6 +8607,9 @@ msgstr ""
 msgid "This page will be removed in a future release."
 msgstr ""

+msgid "This pipeline makes use of a predefined CI/CD configuration enabled by <b>Auto DevOps.</b>"
+msgstr ""
+
 msgid "This project"
 msgstr ""


--- a/spec/features/merge_request/user_sees_merge_request_pipelines_spec.rb
+++ b/spec/features/merge_request/user_sees_merge_request_pipelines_spec.rb
@@ -110,6 +110,22 @@ describe 'Merge request > User sees merge request pipelines', :js do
        end
      end

+      it 'sees merge request tag for merge request pipelines' do
+        page.within('.ci-table') do
+          expect(all('.pipeline-tags')[0])
+            .to have_content("merge request")
+
+          expect(all('.pipeline-tags')[1])
+            .to have_content("merge request")
+
+          expect(all('.pipeline-tags')[2])
+            .not_to have_content("merge request")
+
+          expect(all('.pipeline-tags')[3])
+            .not_to have_content("merge request")
+        end
+      end
+
      it 'sees the latest merge request pipeline as the head pipeline' do
        page.within('.ci-widget-content') do
          expect(page).to have_content("##{merge_request_pipeline_2.id}")
@@ -276,6 +292,22 @@ describe 'Merge request > User sees merge request pipelines', :js do
        end
      end

+      it 'sees merge request tag for merge request pipelines' do
+        page.within('.ci-table') do
+          expect(all('.pipeline-tags')[0])
+            .to have_content("merge request")
+
+          expect(all('.pipeline-tags')[1])
+            .to have_content("merge request")
+
+          expect(all('.pipeline-tags')[2])
+            .not_to have_content("merge request")
+
+          expect(all('.pipeline-tags')[3])
+            .not_to have_content("merge request")
+        end
+      end
+
      it 'sees the latest merge request pipeline as the head pipeline' do
        page.within('.ci-widget-content') do
          expect(page).to have_content("##{merge_request_pipeline_2.id}")

--- a/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/spec/features/projects/pipelines/pipeline_spec.rb
@@ -499,4 +499,154 @@ describe 'Pipeline', :js do
      end
    end
  end
+
+  context 'when user sees pipeline flags in a pipeline detail page' do
+    let(:project) { create(:project, :repository) }
+
+    context 'when pipeline is latest' do
+      include_context 'pipeline builds'
+
+      let(:pipeline) do
+        create(:ci_pipeline,
+               project: project,
+               ref: 'master',
+               sha: project.commit.id,
+               user: user)
+      end
+
+      before do
+        visit project_pipeline_path(project, pipeline)
+      end
+
+      it 'contains badge that indicates it is the latest build' do
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_content 'latest'
+        end
+      end
+    end
+
+    context 'when pipeline has configuration errors' do
+      include_context 'pipeline builds'
+
+      let(:pipeline) do
+        create(:ci_pipeline,
+               :invalid,
+               project: project,
+               ref: 'master',
+               sha: project.commit.id,
+               user: user)
+      end
+
+      before do
+        visit project_pipeline_path(project, pipeline)
+      end
+
+      it 'contains badge that indicates errors' do
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_content 'yaml invalid'
+        end
+      end
+
+      it 'contains badge with tooltip which contains error' do
+        expect(pipeline).to have_yaml_errors
+
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_selector(
+            %Q{span[title="#{pipeline.yaml_errors}"]})
+        end
+      end
+
+      it 'contains badge that indicates failure reason' do
+        expect(page).to have_content 'error'
+      end
+
+      it 'contains badge with tooltip which contains failure reason' do
+        expect(pipeline.failure_reason?).to eq true
+
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_selector(
+            %Q{span[title="#{pipeline.present.failure_reason}"]})
+        end
+      end
+    end
+
+    context 'when pipeline is stuck' do
+      include_context 'pipeline builds'
+
+      let(:pipeline) do
+        create(:ci_pipeline,
+               project: project,
+               ref: 'master',
+               sha: project.commit.id,
+               user: user)
+      end
+
+      before do
+        create(:ci_build, :pending, pipeline: pipeline)
+        visit project_pipeline_path(project, pipeline)
+      end
+
+      it 'contains badge that indicates being stuck' do
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_content 'stuck'
+        end
+      end
+    end
+
+    context 'when pipeline uses auto devops' do
+      include_context 'pipeline builds'
+
+      let(:project) { create(:project, :repository, auto_devops_attributes: { enabled: true }) }
+      let(:pipeline) do
+        create(:ci_pipeline,
+               :auto_devops_source,
+               project: project,
+               ref: 'master',
+               sha: project.commit.id,
+               user: user)
+      end
+
+      before do
+        visit project_pipeline_path(project, pipeline)
+      end
+
+      it 'contains badge that indicates using auto devops' do
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_content 'Auto DevOps'
+        end
+      end
+    end
+
+    context 'when pipeline runs in a merge request context' do
+      include_context 'pipeline builds'
+
+      let(:pipeline) do
+        create(:ci_pipeline,
+               source: :merge_request,
+               project: merge_request.source_project,
+               ref: 'feature',
+               sha: merge_request.diff_head_sha,
+               user: user,
+               merge_request: merge_request)
+      end
+
+      let(:merge_request) do
+        create(:merge_request,
+               source_project: project,
+               source_branch: 'feature',
+               target_project: project,
+               target_branch: 'master')
+      end
+
+      before do
+        visit project_pipeline_path(project, pipeline)
+      end
+
+      it 'contains badge that indicates merge request pipeline' do
+        page.within(all('.well-segment')[1]) do
+          expect(page).to have_content 'merge request'
+        end
+      end
+    end
+  end
 end
--- a/spec/javascripts/clusters/components/applications_spec.js
+++ b/spec/javascripts/clusters/components/applications_spec.js
 import Vue from 'vue';
 import applications from '~/clusters/components/applications.vue';
+import { CLUSTER_TYPE } from '~/clusters/constants';
 import mountComponent from 'spec/helpers/vue_mount_component_helper';

 describe('Applications', () => {
@@ -14,9 +15,10 @@ describe('Applications', () => {
    vm.$destroy();
  });

-  describe('', () => {
+  describe('Project cluster applications', () => {
    beforeEach(() => {
      vm = mountComponent(Applications, {
+        type: CLUSTER_TYPE.PROJECT,
        applications: {
          helm: { title: 'Helm Tiller' },
          ingress: { title: 'Ingress' },
@@ -30,31 +32,76 @@ describe('Applications', () => {
    });

    it('renders a row for Helm Tiller', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-helm')).toBeDefined();
+      expect(vm.$el.querySelector('.js-cluster-application-row-helm')).not.toBeNull();
    });

    it('renders a row for Ingress', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-ingress')).toBeDefined();
+      expect(vm.$el.querySelector('.js-cluster-application-row-ingress')).not.toBeNull();
    });

    it('renders a row for Cert-Manager', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-cert_manager')).toBeDefined();
+      expect(vm.$el.querySelector('.js-cluster-application-row-cert_manager')).not.toBeNull();
    });

    it('renders a row for Prometheus', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-prometheus')).toBeDefined();
+      expect(vm.$el.querySelector('.js-cluster-application-row-prometheus')).not.toBeNull();
    });

    it('renders a row for GitLab Runner', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-runner')).toBeDefined();
+      expect(vm.$el.querySelector('.js-cluster-application-row-runner')).not.toBeNull();
    });

    it('renders a row for Jupyter', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-jupyter')).not.toBe(null);
+      expect(vm.$el.querySelector('.js-cluster-application-row-jupyter')).not.toBeNull();
    });

    it('renders a row for Knative', () => {
-      expect(vm.$el.querySelector('.js-cluster-application-row-knative')).not.toBe(null);
+      expect(vm.$el.querySelector('.js-cluster-application-row-knative')).not.toBeNull();
+    });
+  });
+
+  describe('Group cluster applications', () => {
+    beforeEach(() => {
+      vm = mountComponent(Applications, {
+        type: CLUSTER_TYPE.GROUP,
+        applications: {
+          helm: { title: 'Helm Tiller' },
+          ingress: { title: 'Ingress' },
+          cert_manager: { title: 'Cert-Manager' },
+          runner: { title: 'GitLab Runner' },
+          prometheus: { title: 'Prometheus' },
+          jupyter: { title: 'JupyterHub' },
+          knative: { title: 'Knative' },
+        },
+      });
+    });
+
+    it('renders a row for Helm Tiller', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-helm')).not.toBeNull();
+    });
+
+    it('renders a row for Ingress', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-ingress')).not.toBeNull();
+    });
+
+    it('renders a row for Cert-Manager', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-cert_manager')).not.toBeNull();
+    });
+
+    it('renders a row for Prometheus', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-prometheus')).toBeNull();
+    });
+
+    it('renders a row for GitLab Runner', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-runner')).toBeNull();
+    });
+
+    it('renders a row for Jupyter', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-jupyter')).toBeNull();
+    });
+
+    it('renders a row for Knative', () => {
+      expect(vm.$el.querySelector('.js-cluster-application-row-knative')).toBeNull();
    });
  });


--- a/spec/javascripts/pipelines/pipeline_url_spec.js
+++ b/spec/javascripts/pipelines/pipeline_url_spec.js
@@ -90,7 +90,7 @@ describe('Pipeline Url Component', () => {
    expect(component.$el.querySelector('.js-pipeline-url-api').textContent).toContain('API');
  });

-  it('should render latest, yaml invalid and stuck flags when provided', () => {
+  it('should render latest, yaml invalid, merge request, and stuck flags when provided', () => {
    const component = new PipelineUrlComponent({
      propsData: {
        pipeline: {
@@ -100,6 +100,7 @@ describe('Pipeline Url Component', () => {
            latest: true,
            yaml_errors: true,
            stuck: true,
+            merge_request: true,
          },
        },
        autoDevopsHelpPath: 'foo',
@@ -111,6 +112,10 @@ describe('Pipeline Url Component', () => {
      'yaml invalid',
    );

+    expect(component.$el.querySelector('.js-pipeline-url-mergerequest').textContent).toContain(
+      'merge request',
+    );
+
    expect(component.$el.querySelector('.js-pipeline-url-stuck').textContent).toContain('stuck');
  });


--- a/spec/lib/omni_auth/strategies/jwt_spec.rb
+++ b/spec/lib/omni_auth/strategies/jwt_spec.rb
@@ -4,12 +4,10 @@ describe OmniAuth::Strategies::Jwt do
  include Rack::Test::Methods
  include DeviseHelpers

-  context '.decoded' do
-    let(:strategy) { described_class.new({}) }
+  context '#decoded' do
+    subject { described_class.new({}) }
    let(:timestamp) { Time.now.to_i }
    let(:jwt_config) { Devise.omniauth_configs[:jwt] }
-    let(:key) { JWT.encode(claims, jwt_config.strategy.secret) }
-
    let(:claims) do
      {
        id: 123,
@@ -18,19 +16,55 @@ describe OmniAuth::Strategies::Jwt do
        iat: timestamp
      }
    end
+    let(:algorithm) { 'HS256' }
+    let(:secret) { jwt_config.strategy.secret }
+    let(:private_key) { secret }
+    let(:payload) { JWT.encode(claims, private_key, algorithm) }

    before do
-      allow_any_instance_of(OmniAuth::Strategy).to receive(:options).and_return(jwt_config.strategy)
-      allow_any_instance_of(Rack::Request).to receive(:params).and_return({ 'jwt' => key })
+      subject.options[:secret] = secret
+      subject.options[:algorithm] = algorithm
+
+      expect_next_instance_of(Rack::Request) do |rack_request|
+        expect(rack_request).to receive(:params).and_return('jwt' => payload)
+      end
    end

-    it 'decodes the user information' do
-      result = strategy.decoded
+    ECDSA_NAMED_CURVES = {
+      'ES256' => 'prime256v1',
+      'ES384' => 'secp384r1',
+      'ES512' => 'secp521r1'
+    }.freeze

-      expect(result["id"]).to eq(123)
-      expect(result["name"]).to eq("user_example")
-      expect(result["email"]).to eq("user@example.com")
-      expect(result["iat"]).to eq(timestamp)
+    {
+      OpenSSL::PKey::RSA => %w[RS256 RS384 RS512],
+      OpenSSL::PKey::EC => %w[ES256 ES384 ES512],
+      String => %w[HS256 HS384 HS512]
+    }.each do |private_key_class, algorithms|
+      algorithms.each do |algorithm|
+        context "when the #{algorithm} algorithm is used" do
+          let(:algorithm) { algorithm }
+          let(:secret) do
+            if private_key_class == OpenSSL::PKey::RSA
+              private_key_class.generate(2048)
+                .to_pem
+            elsif private_key_class == OpenSSL::PKey::EC
+              private_key_class.new(ECDSA_NAMED_CURVES[algorithm])
+                .tap { |key| key.generate_key! }
+                .to_pem
+            else
+              private_key_class.new(jwt_config.strategy.secret)
+            end
+          end
+          let(:private_key) { private_key_class ? private_key_class.new(secret) : secret }
+
+          it 'decodes the user information' do
+            result = subject.decoded
+
+            expect(result).to eq(claims.stringify_keys)
+          end
+        end
+      end
    end

    context 'required claims is missing' do
@@ -43,7 +77,7 @@ describe OmniAuth::Strategies::Jwt do
      end

      it 'raises error' do
-        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
+        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
      end
    end

@@ -57,11 +91,12 @@ describe OmniAuth::Strategies::Jwt do
      end

      before do
-        jwt_config.strategy.valid_within = Time.now.to_i
+        # Omniauth config values are always strings!
+        subject.options[:valid_within] = 2.days.to_s
      end

      it 'raises error' do
-        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
+        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
      end
    end

@@ -76,11 +111,12 @@ describe OmniAuth::Strategies::Jwt do
      end

      before do
-        jwt_config.strategy.valid_within = 2.seconds
+        # Omniauth config values are always strings!
+        subject.options[:valid_within] = 2.seconds.to_s
      end

      it 'raises error' do
-        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
+        expect { subject.decoded }.to raise_error(OmniAuth::Strategies::Jwt::ClaimInvalid)
      end
    end
  end

--- a/spec/serializers/pipeline_entity_spec.rb
+++ b/spec/serializers/pipeline_entity_spec.rb
@@ -44,7 +44,7 @@ describe PipelineEntity do
        expect(subject).to include :flags
        expect(subject[:flags])
          .to include :latest, :stuck, :auto_devops,
-                      :yaml_errors, :retryable, :cancelable
+                      :yaml_errors, :retryable, :cancelable, :merge_request
      end
    end


--- a/spec/workers/rebase_worker_spec.rb
+++ b/spec/workers/rebase_worker_spec.rb
@@ -19,7 +19,7 @@ describe RebaseWorker, '#perform' do
      expect(MergeRequests::RebaseService)
        .to receive(:new).with(forked_project, merge_request.author).and_call_original

-      subject.perform(merge_request, merge_request.author)
+      subject.perform(merge_request.id, merge_request.author.id)
    end
  end
 end