Merge branch 'ce-to-ee' into 'master'

CE upstream

Closes gitlab-com/gitlab-docs#68 and #1051

See merge request !1225

app/assets/javascripts/build.js

@@ -67,16 +67,8 @@
 
     Build.prototype.initSidebar = function() {
       this.$sidebar = $('.js-build-sidebar');
-      this.sidebarTranslationLimits = {
-        min: $('.navbar-gitlab').outerHeight() + $('.layout-nav').outerHeight()
-      };
-      this.sidebarTranslationLimits.max = this.sidebarTranslationLimits.min + $('.scrolling-tabs-container').outerHeight();
-      this.$sidebar.css({
-        top: this.sidebarTranslationLimits.max
-      });
       this.$sidebar.niceScroll();
       this.$document.off('click', '.js-sidebar-build-toggle').on('click', '.js-sidebar-build-toggle', this.toggleSidebar);
-      this.$document.off('scroll.translateSidebar').on('scroll.translateSidebar', this.translateSidebar.bind(this));
     };
 
     Build.prototype.location = function() {
@@ -231,14 +223,6 @@
       return bootstrapBreakpoint === 'xs' || bootstrapBreakpoint === 'sm';
     };
 
-    Build.prototype.translateSidebar = function(e) {
-      var newPosition = this.sidebarTranslationLimits.max - (document.body.scrollTop || document.documentElement.scrollTop);
-      if (newPosition < this.sidebarTranslationLimits.min) newPosition = this.sidebarTranslationLimits.min;
-      this.$sidebar.css({
-        top: newPosition
-      });
-    };
-
     Build.prototype.toggleSidebar = function(shouldHide) {
       var shouldShow = typeof shouldHide === 'boolean' ? !shouldHide : undefined;
       this.$buildScroll.toggleClass('sidebar-expanded', shouldShow)
@@ -285,7 +269,7 @@
       e.preventDefault();
       $currentTarget = $(e.currentTarget);
       $.scrollTo($currentTarget.attr('href'), {
-        offset: -($('.navbar-gitlab').outerHeight() + $('.layout-nav').outerHeight())
+        offset: 0
       });
     };
 

app/assets/javascripts/diff_notes/components/jump_to_discussion.js.es6

@@ -181,7 +181,7 @@ const Vue = require('vue');
         }
 
         $.scrollTo($target, {
-          offset: -($('.navbar-gitlab').outerHeight() + $('.layout-nav').outerHeight())
+          offset: 0
         });
       }
     },

app/assets/javascripts/lib/utils/common_utils.js.es6

@@ -72,27 +72,18 @@
       // This is required to handle non-unicode characters in hash
       hash = decodeURIComponent(hash);
 
-      var navbar = document.querySelector('.navbar-gitlab');
-      var subnav = document.querySelector('.layout-nav');
-      var fixedTabs = document.querySelector('.js-tabs-affix');
-
-      var adjustment = 0;
-      if (navbar) adjustment -= navbar.offsetHeight;
-      if (subnav) adjustment -= subnav.offsetHeight;
-
       // scroll to user-generated markdown anchor if we cannot find a match
       if (document.getElementById(hash) === null) {
         var target = document.getElementById('user-content-' + hash);
         if (target && target.scrollIntoView) {
           target.scrollIntoView(true);
-          window.scrollBy(0, adjustment);
         }
       } else {
         // only adjust for fixedTabs when not targeting user-generated content
+        var fixedTabs = document.querySelector('.js-tabs-affix');
         if (fixedTabs) {
-          adjustment -= fixedTabs.offsetHeight;
+          window.scrollBy(0, -fixedTabs.offsetHeight);
         }
-        window.scrollBy(0, adjustment);
       }
     };
 
@@ -147,12 +138,10 @@
 
     gl.utils.scrollToElement = function($el) {
       var top = $el.offset().top;
-      gl.navBarHeight = gl.navBarHeight || $('.navbar-gitlab').height();
-      gl.navLinksHeight = gl.navLinksHeight || $('.nav-links').height();
       gl.mrTabsHeight = gl.mrTabsHeight || $('.merge-request-tabs').height();
 
       return $('body, html').animate({
-        scrollTop: top - (gl.navBarHeight + gl.navLinksHeight + gl.mrTabsHeight)
+        scrollTop: top - (gl.mrTabsHeight)
       }, 200);
     };
 

app/assets/javascripts/merge_request.js

@@ -115,8 +115,8 @@ require('./merge_request_tabs');
         e.preventDefault();
 
         textarea.val(textarea.data('messageWithDescription'));
-        $('p.js-with-description-hint').hide();
-        $('p.js-without-description-hint').show();
+        $('.js-with-description-hint').hide();
+        $('.js-without-description-hint').show();
       });
 
       $(document).on('click', 'a.js-without-description-link', function(e) {
@@ -124,8 +124,8 @@ require('./merge_request_tabs');
         e.preventDefault();
 
         textarea.val(textarea.data('messageWithoutDescription'));
-        $('p.js-with-description-hint').show();
-        $('p.js-without-description-hint').hide();
+        $('.js-with-description-hint').show();
+        $('.js-without-description-hint').hide();
       });
     };
 

app/assets/javascripts/merge_request_tabs.js.es6

@@ -125,9 +125,8 @@ require('./flash');
         if (this.diffViewType() === 'parallel') {
           this.expandViewContainer();
         }
-        const navBarHeight = $('.navbar-gitlab').outerHeight();
         $.scrollTo('.merge-request-details .merge-request-tabs', {
-          offset: -navBarHeight,
+          offset: 0,
         });
       } else {
         this.expandView();
@@ -140,11 +139,7 @@ require('./flash');
 
     scrollToElement(container) {
       if (location.hash) {
-        const offset = 0 - (
-          $('.navbar-gitlab').outerHeight() +
-          $('.layout-nav').outerHeight() +
-          $('.js-tabs-affix').outerHeight()
-        );
+        const offset = -$('.js-tabs-affix').outerHeight();
         const $el = $(`${container} ${location.hash}:not(.match)`);
         if ($el.length) {
           $.scrollTo($el[0], { offset });
@@ -330,14 +325,12 @@ require('./flash');
       if (Breakpoints.get().getBreakpointSize() === 'xs' || !$tabs.length) return;
 
       const $diffTabs = $('#diff-notes-app');
-      const $fixedNav = $('.navbar-fixed-top');
-      const $layoutNav = $('.layout-nav');
 
       $tabs.off('affix.bs.affix affix-top.bs.affix')
         .affix({
           offset: {
             top: () => (
-              $diffTabs.offset().top - $tabs.height() - $fixedNav.height() - $layoutNav.height()
+              $diffTabs.offset().top - $tabs.height()
             ),
           },
         })

app/assets/javascripts/sidebar.js.es6

@@ -6,7 +6,7 @@
   const sidebarBreakpoint = 1024;
 
   const pageSelector = '.page-with-sidebar';
-  const navbarSelector = '.navbar-fixed-top';
+  const navbarSelector = '.navbar-gitlab';
   const sidebarWrapperSelector = '.sidebar-wrapper';
   const sidebarContentSelector = '.nav-sidebar';
 
@@ -35,13 +35,16 @@
         window.innerWidth >= sidebarBreakpoint &&
         $(pageSelector).hasClass(expandedPageClass)
       );
+      $(window).on('resize', () => this.setSidebarHeight());
       $(document)
         .on('click', sidebarToggleSelector, () => this.toggleSidebar())
         .on('click', pinnedToggleSelector, () => this.togglePinnedState())
         .on('click', 'html, body, a, button', (e) => this.handleClickEvent(e))
         .on('DOMContentLoaded', () => this.renderState())
+        .on('scroll', () => this.setSidebarHeight())
         .on('todo:toggle', (e, count) => this.updateTodoCount(count));
       this.renderState();
+      this.setSidebarHeight();
     }
 
     handleClickEvent(e) {
@@ -64,6 +67,16 @@
       this.renderState();
     }
 
+    setSidebarHeight() {
+      const $navHeight = $('.navbar-gitlab').outerHeight() + $('.layout-nav').outerHeight();
+      const diff = $navHeight - $('body').scrollTop();
+      if (diff > 0) {
+        $('.js-right-sidebar').outerHeight($(window).height() - diff);
+      } else {
+        $('.js-right-sidebar').outerHeight('100%');
+      }
+    }
+
     togglePinnedState() {
       this.isPinned = !this.isPinned;
       if (!this.isPinned) {

app/assets/stylesheets/framework/header.scss

@@ -222,6 +222,10 @@ header {
       float: right;
       border-top: none;
 
+      @media (min-width: $screen-md-min) {
+        padding: 0;
+      }
+
       @media (max-width: $screen-xs-max) {
         float: none;
       }
@@ -272,7 +276,7 @@ header {
 
 .header-user {
   .dropdown-menu-nav {
-    width: 140px;
+    min-width: 140px;
     margin-top: -5px;
   }
 }

app/assets/stylesheets/framework/nav.scss

@@ -283,10 +283,7 @@
 }
 
 .layout-nav {
-  position: fixed;
-  top: $header-height;
   width: 100%;
-  z-index: 11;
   background: $gray-light;
   border-bottom: 1px solid $border-color;
   transition: padding $sidebar-transition-duration;
@@ -419,15 +416,20 @@
 }
 
 .page-with-layout-nav {
-  margin-top: $header-height + 2;
-
   .right-sidebar {
     top: ($header-height * 2) + 2;
   }
+
+  .build-sidebar {
+    top: ($header-height * 3) + 3;
+
+    &.affix {
+      top: 0;
+    }
+  }
 }
 
 .activities {
-
   .nav-block {
     border-bottom: 1px solid $border-color;
 

app/assets/stylesheets/framework/sidebar.scss

 .page-with-sidebar {
-  padding: $header-height 0 25px;
+  padding-bottom: 25px;
   transition: padding $sidebar-transition-duration;
 
   &.page-sidebar-pinned {
@@ -208,7 +208,9 @@ header.header-sidebar-pinned {
   padding-right: 0;
 
   @media (min-width: $screen-sm-min) {
-    padding-right: $sidebar_collapsed_width;
+    .content-wrapper {
+      padding-right: $sidebar_collapsed_width;
+    }
 
     .merge-request-tabs-holder.affix {
       right: $sidebar_collapsed_width;
@@ -234,7 +236,9 @@ header.header-sidebar-pinned {
   }
 
   @media (min-width: $screen-md-min) {
-    padding-right: $gutter_width;
+    .content-wrapper {
+      padding-right: $gutter_width;
+    }
 
     &:not(.with-overlay) .merge-request-tabs-holder.affix {
       right: $gutter_width;
@@ -252,4 +256,9 @@ header.header-sidebar-pinned {
 
 .right-sidebar {
   border-left: 1px solid $border-color;
+
+  &.affix {
+    position: fixed;
+    top: 0;
+  }
 }

app/assets/stylesheets/mailers/highlighted_diff_email.scss

@@ -138,6 +138,13 @@ pre {
   margin: 0;
 }
 
+blockquote {
+  color: $gl-grayish-blue;
+  padding: 0 0 0 15px;
+  margin: 0;
+  border-left: 3px solid $white-dark;
+}
+
 span.highlight_word {
   background-color: $highlighted-highlight-word !important;
 }

app/assets/stylesheets/pages/boards.scss

@@ -332,12 +332,8 @@
 
 .issue-boards-sidebar {
   &.right-sidebar {
-    top: 153px;
+    top: 0;
     bottom: 0;
-
-    @media (min-width: $screen-sm-min) {
-      top: 220px;
-    }
   }
 
   .issuable-sidebar-header {

app/assets/stylesheets/pages/events.scss

@@ -41,7 +41,6 @@
       word-wrap: break-word;
 
       .md {
-        color: $gl-grayish-blue;
         font-size: $gl-font-size;
 
         .label {

app/assets/stylesheets/pages/issuable.scss

@@ -189,7 +189,7 @@
 }
 
 .right-sidebar {
-  position: fixed;
+  position: absolute;
   top: $header-height;
   bottom: 0;
   right: 0;

app/assets/stylesheets/pages/merge_requests.scss

@@ -96,13 +96,6 @@
       padding-right: 4px;
     }
 
-    &.ci-success_with_warnings {
-
-      i {
-        color: $gl-warning;
-      }
-    }
-
     @media (max-width: $screen-xs-max) {
       flex-wrap: wrap;
     }
@@ -486,7 +479,7 @@
   background-color: $white-light;
 
   &.affix {
-    top: 100px;
+    top: 0;
     left: 0;
     z-index: 10;
     transition: right .15s;

app/assets/stylesheets/pages/pipelines.scss

@@ -94,6 +94,10 @@
       padding: 10px 8px;
     }
 
+    td.stage-cell {
+      padding: 10px 0;
+    }
+
     .commit-link {
       padding: 9px 8px 10px;
     }
@@ -291,12 +295,14 @@
     height: 22px;
     margin: 3px 6px 3px 0;
 
-    .tooltip {
-      white-space: nowrap;
+    // Hack to show a button tooltip inline
+    button.has-tooltip + .tooltip {
+      min-width: 105px;
     }
 
-    .tooltip-inner {
-      padding: 3px 4px;
+    // Bootstrap way of showing the content inline for anchors.
+    a.has-tooltip {
+      white-space: nowrap;
     }
 
     &:not(:last-child) {

app/assets/stylesheets/pages/tree.scss

@@ -171,8 +171,6 @@
 .tree-controls {
   float: right;
   margin-top: 11px;
-  position: relative;
-  z-index: 2;
 
   .project-action-button {
     margin-left: $btn-side-margin;

app/controllers/concerns/issuable_collections.rb

@@ -9,6 +9,28 @@ module IssuableCollections
 
   private
 
+  def issuable_meta_data(issuable_collection)
+    # map has to be used here since using pluck or select will
+    # throw an error when ordering issuables by priority which inserts
+    # a new order into the collection.
+    # We cannot use reorder to not mess up the paginated collection.
+    issuable_ids         = issuable_collection.map(&:id)
+    issuable_note_count  = Note.count_for_collection(issuable_ids, @collection_type)
+    issuable_votes_count = AwardEmoji.votes_for_collection(issuable_ids, @collection_type)
+
+    issuable_ids.each_with_object({}) do |id, issuable_meta|
+      downvotes = issuable_votes_count.find { |votes| votes.awardable_id == id && votes.downvote? }
+      upvotes   = issuable_votes_count.find { |votes| votes.awardable_id == id && votes.upvote? }
+      notes     = issuable_note_count.find  { |notes| notes.noteable_id == id }
+
+      issuable_meta[id] = Issuable::IssuableMeta.new(
+        upvotes.try(:count).to_i,
+        downvotes.try(:count).to_i,
+        notes.try(:count).to_i
+      )
+    end
+  end
+
   def issues_collection
     issues_finder.execute.preload(:project, :author, :assignee, :labels, :milestone, project: :namespace)
   end

app/controllers/concerns/issues_action.rb

@@ -9,6 +9,9 @@ module IssuesAction
               .non_archived
               .page(params[:page])
 
+    @collection_type    = "Issue"
+    @issuable_meta_data = issuable_meta_data(@issues)
+
     respond_to do |format|
       format.html
       format.atom { render layout: false }

app/controllers/concerns/merge_requests_action.rb

@@ -7,6 +7,9 @@ module MergeRequestsAction
 
     @merge_requests = merge_requests_collection
                       .page(params[:page])
+
+    @collection_type    = "MergeRequest"
+    @issuable_meta_data = issuable_meta_data(@merge_requests)
   end
 
   private

app/controllers/groups/group_members_controller.rb

@@ -12,7 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
     @sort = params[:sort].presence || sort_value_name
     @project = @group.projects.find(params[:project_id]) if params[:project_id]
 
-    @members = @group.group_members
+    @members = GroupMembersFinder.new(@group).execute
     @members = @members.non_invite unless can?(current_user, :admin_group, @group)
     @members = @members.search(params[:search]) if params[:search].present?
     @members = @members.sort(@sort)

app/controllers/projects/blob_controller.rb

@@ -61,10 +61,10 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def destroy
-    create_commit(Files::DeleteService, success_notice: "The file has been successfully deleted.",
-                                        success_path: namespace_project_tree_path(@project.namespace, @project, @target_branch),
-                                        failure_view: :show,
-                                        failure_path: namespace_project_blob_path(@project.namespace, @project, @id))
+    create_commit(Files::DestroyService, success_notice: "The file has been successfully deleted.",
+                                         success_path: namespace_project_tree_path(@project.namespace, @project, @target_branch),
+                                         failure_view: :show,
+                                         failure_path: namespace_project_blob_path(@project.namespace, @project, @id))
   end
 
   def diff

app/controllers/projects/issues_controller.rb

@@ -23,8 +23,11 @@ class Projects::IssuesController < Projects::ApplicationController
   respond_to :html
 
   def index
-    @issues = issues_collection
-    @issues = @issues.page(params[:page])
+    @collection_type    = "Issue"
+    @issues             = issues_collection
+    @issues             = @issues.page(params[:page])
+    @issuable_meta_data = issuable_meta_data(@issues)
+
     if @issues.out_of_range? && @issues.total_pages != 0
       return redirect_to url_for(params.merge(page: @issues.total_pages))
     end

app/controllers/projects/merge_requests_controller.rb

@@ -39,8 +39,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :authorize_can_resolve_conflicts!, only: [:conflicts, :conflict_for_path, :resolve_conflicts]
 
   def index
-    @merge_requests = merge_requests_collection
-    @merge_requests = @merge_requests.page(params[:page])
+    @collection_type    = "MergeRequest"
+    @merge_requests     = merge_requests_collection
+    @merge_requests     = @merge_requests.page(params[:page])
+    @issuable_meta_data = issuable_meta_data(@merge_requests)
+
     if @merge_requests.out_of_range? && @merge_requests.total_pages != 0
       return redirect_to url_for(params.merge(page: @merge_requests.total_pages))
     end

app/controllers/projects/wikis_controller.rb

@@ -87,13 +87,14 @@ class Projects::WikisController < Projects::ApplicationController
 
   def destroy
     @page = @project_wiki.find_page(params[:id])
+
     if @page
       @page.delete
 
       # Triggers repository update on secondary nodes when Geo is enabled
       Gitlab::Geo.notify_wiki_update(@project) if Gitlab::Geo.primary?
     end
-    
+
     redirect_to(
       namespace_project_wiki_path(@project.namespace, @project, :home),
       notice: "Page was successfully deleted"

app/finders/group_members_finder.rb

+class GroupMembersFinder < Projects::ApplicationController
+  def initialize(group)
+    @group = group
+  end
+
+  def execute
+    group_members = @group.members
+
+    return group_members unless @group.parent
+
+    parents_members = GroupMember.non_request.
+      where(source_id: @group.ancestors.select(:id)).
+      where.not(user_id: @group.users.select(:id))
+
+    wheres = ["members.id IN (#{group_members.select(:id).to_sql})"]
+    wheres << "members.id IN (#{parents_members.select(:id).to_sql})"
+
+    GroupMember.where(wheres.join(' OR '))
+  end
+end

app/models/award_emoji.rb

@@ -16,6 +16,14 @@ class AwardEmoji < ActiveRecord::Base
   scope :downvotes, -> { where(name: DOWNVOTE_NAME) }
   scope :upvotes,   -> { where(name: UPVOTE_NAME) }
 
+  class << self
+    def votes_for_collection(ids, type)
+      select('name', 'awardable_id', 'COUNT(*) as count').
+        where('name IN (?) AND awardable_type = ? AND awardable_id IN (?)', [DOWNVOTE_NAME, UPVOTE_NAME], type, ids).
+        group('name', 'awardable_id')
+    end
+  end
+
   def downvote?
     self.name == DOWNVOTE_NAME
   end

app/models/concerns/issuable.rb

@@ -15,6 +15,11 @@ module Issuable
   include Taskable
   include TimeTrackable
 
+  # This object is used to gather issuable meta data for displaying
+  # upvotes, downvotes and notes count for issues and merge requests
+  # lists avoiding n+1 queries and improving performance.
+  IssuableMeta = Struct.new(:upvotes, :downvotes, :notes_count)
+
   included do
     cache_markdown_field :title, pipeline: :single_line
     cache_markdown_field :description

app/models/group.rb

@@ -250,7 +250,7 @@ class Group < Namespace
   end
 
   def members_with_parents
-    GroupMember.where(requested_at: nil, source_id: ancestors.map(&:id).push(id))
+    GroupMember.non_request.where(source_id: ancestors.map(&:id).push(id))
   end
 
   def users_with_parents

app/models/member.rb

@@ -48,6 +48,7 @@ class Member < ActiveRecord::Base
   scope :invite, -> { where.not(invite_token: nil) }
   scope :non_invite, -> { where(invite_token: nil) }
   scope :request, -> { where.not(requested_at: nil) }
+  scope :non_request, -> { where(requested_at: nil) }
 
   scope :has_access, -> { active.where('access_level > 0') }
 

app/models/note.rb

@@ -110,6 +110,12 @@ class Note < ActiveRecord::Base
       Discussion.for_diff_notes(active_notes).
         map { |d| [d.line_code, d] }.to_h
     end
+
+    def count_for_collection(ids, type)
+      user.select('noteable_id', 'COUNT(*) as count').
+        group(:noteable_id).
+        where(noteable_type: type, noteable_id: ids)
+    end
   end
 
   def searchable?

app/models/project.rb

@@ -508,7 +508,7 @@ class Project < ActiveRecord::Base
   def reset_cache_and_import_attrs
     ProjectCacheWorker.perform_async(self.id)
 
-    self.import_data.destroy if !mirror? && self.import_data
+    self.import_data&.destroy unless mirror?
   end
 
   def import_url=(value)

app/models/repository.rb

@@ -943,8 +943,7 @@ class Repository
     raise 'Invalid merge target' if our_commit.nil?
     raise 'Invalid merge source' if their_commit.nil?
 
-    GitOperationService.new(user, self).with_branch(
-      target_branch) do |start_commit|
+    GitOperationService.new(user, self).with_branch(target_branch) do |start_commit|
       merge_request&.update(in_progress_merge_commit_sha: their_commit.oid)
 
       their_commit.oid

app/services/files/delete_service.rb → app/services/files/destroy_service.rb

 module Files
-  class DeleteService < Files::BaseService
+  class DestroyService < Files::BaseService
     def commit
       repository.remove_file(
         current_user,

app/services/issues/build_service.rb

@@ -44,7 +44,15 @@ module Issues
     end
 
     def issue_params
-      @issue_params ||= issue_params_with_info_from_merge_request.merge(params.slice(:title, :description))
+      @issue_params ||= issue_params_with_info_from_merge_request.merge(whitelisted_issue_params)
+    end
+
+    def whitelisted_issue_params
+      if can?(current_user, :admin_issue, project)
+        params.slice(:title, :description, :milestone_id)
+      else
+        params.slice(:title, :description)
+      end
     end
   end
 end

app/views/layouts/header/_default.html.haml

-%header.navbar.navbar-fixed-top.navbar-gitlab{ class: nav_header_class }
+%header.navbar.navbar-gitlab{ class: nav_header_class }
   %a.sr-only.gl-accessibility{ href: "#content-body", tabindex: "1" } Skip to content
   .container-fluid
     .header-content

app/views/projects/builds/_sidebar.html.haml

 - builds = @build.pipeline.builds.to_a
 
-%aside.right-sidebar.right-sidebar-expanded.build-sidebar.js-build-sidebar
+%aside.right-sidebar.right-sidebar-expanded.build-sidebar.js-build-sidebar.js-right-sidebar{ data: { "offset-top" => "151", "spy" => "affix" } }
   .block.build-sidebar-header.visible-xs-block.visible-sm-block.append-bottom-default
     Job
     %strong ##{@build.id}

app/views/projects/ci/pipelines/_pipeline.html.haml

@@ -15,7 +15,7 @@
     - else
       %span.api.monospace API
     - if pipeline.latest?
-      %span.label.label-success.has-tooltip{ title: 'Latest job for this branch' } latest
+      %span.label.label-success.has-tooltip{ title: 'Latest pipeline for this branch' } latest
     - if pipeline.triggered?
       %span.label.label-primary triggered
     - if pipeline.yaml_errors.present?
@@ -61,7 +61,7 @@
         .btn-group.inline
           - if actions.any?
             .btn-group
-              %button.dropdown-toggle.btn.btn-default.has-tooltip.js-pipeline-dropdown-manual-actions{ type: 'button', title: 'Manual job', data: { toggle: 'dropdown', placement: 'top' }, 'aria-label' => 'Manual job' }
+              %button.dropdown-toggle.btn.btn-default.has-tooltip.js-pipeline-dropdown-manual-actions{ type: 'button', title: 'Manual pipeline', data: { toggle: 'dropdown', placement: 'top' }, 'aria-label' => 'Manual pipeline' }
                 = custom_icon('icon_play')
                 = icon('caret-down', 'aria-hidden' => 'true')
               %ul.dropdown-menu.dropdown-menu-align-right

app/views/projects/environments/terminal.html.haml

@@ -16,6 +16,8 @@
 
       .col-sm-6
         .nav-controls
+          = link_to @environment.external_url, class: 'btn btn-default' do
+            = icon('external-link')
           = render 'projects/deployments/actions', deployment: @environment.last_deployment
 
 .terminal-container{ class: container_class }

app/views/projects/issues/_issue.html.haml

@@ -17,22 +17,7 @@
             %li
               = link_to_member(@project, issue.assignee, name: false, title: "Assigned to :name")
 
-          - upvotes, downvotes = issue.upvotes, issue.downvotes
-          - if upvotes > 0
-            %li
-              = icon('thumbs-up')
-              = upvotes
-
-          - if downvotes > 0
-            %li
-              = icon('thumbs-down')
-              = downvotes
-
-          - note_count = issue.notes.user.count
-          %li
-            = link_to issue_path(issue, anchor: 'notes'), class: ('no-comments' if note_count.zero?) do
-              = icon('comments')
-              = note_count
+          = render 'shared/issuable_meta_data', issuable: issue
 
       .issue-info
         #{issuable_reference(issue)} ·

app/views/projects/merge_requests/_merge_request.html.haml

@@ -29,22 +29,7 @@
           %li
             = link_to_member(merge_request.source_project, merge_request.assignee, name: false, title: "Assigned to :name")
 
-        - upvotes, downvotes = merge_request.upvotes, merge_request.downvotes
-        - if upvotes > 0
-          %li
-            = icon('thumbs-up')
-            = upvotes
-
-        - if downvotes > 0
-          %li
-            = icon('thumbs-down')
-            = downvotes
-
-        - note_count = merge_request.related_notes.user.count
-        %li
-          = link_to merge_request_path(merge_request, anchor: 'notes'), class: ('no-comments' if note_count.zero?) do
-            = icon('comments')
-            = note_count
+        = render 'shared/issuable_meta_data', issuable: merge_request
 
     .merge-request-info
       #{issuable_reference(merge_request)} ·

app/views/projects/merge_requests/widget/_heading.html.haml

@@ -9,8 +9,9 @@
           Pipeline
           = link_to "##{@pipeline.id}", namespace_project_pipeline_path(@pipeline.project.namespace, @pipeline.project, @pipeline.id), class: 'pipeline'
           = ci_label_for_status(status)
-        .mr-widget-pipeline-graph
-          = render 'shared/mini_pipeline_graph', pipeline: @pipeline, klass: 'js-pipeline-inline-mr-widget-graph'
+        - if @pipeline.stages.any?
+          .mr-widget-pipeline-graph
+            = render 'shared/mini_pipeline_graph', pipeline: @pipeline, klass: 'js-pipeline-inline-mr-widget-graph'
         %span
           for
           = succeed "." do

app/views/projects/merge_requests/widget/_show.html.haml

@@ -17,11 +17,11 @@
     ci_status: "#{@merge_request.head_pipeline ? @merge_request.head_pipeline.status : ''}",
     ci_message: {
       normal: "Pipeline {{status}} for \"{{title}}\"",
-      preparing: "{{status}} job for \"{{title}}\""
+      preparing: "{{status}} pipeline for \"{{title}}\""
     },
     ci_enable: #{@project.ci_service ? "true" : "false"},
     ci_title: {
-      preparing: "{{status}} job",
+      preparing: "{{status}} pipeline",
       normal: "Pipeline {{status}}"
     },
     ci_sha: "#{@merge_request.head_pipeline ? @merge_request.head_pipeline.short_sha : ''}",

app/views/projects/merge_requests/widget/open/_build_failed.html.haml

 %h4
   = icon('exclamation-triangle')
-  The job for this merge request failed
+  The pipeline for this merge request failed
 
 %p
   Please retry the job or push a new commit to fix the failure.

app/views/projects/new.html.haml

@@ -94,9 +94,8 @@
         .form-group.project-visibility-level-holder
           = f.label :visibility_level, class: 'label-light' do
             Visibility Level
-            = link_to "(?)", help_page_path("public_access/public_access")
-          = render 'shared/visibility_level', f: f, visibility_level: default_project_visibility, can_change_visibility_level: true, form_model: @project
-
+            = link_to icon('question-circle'), help_page_path("public_access/public_access")
+          = render 'shared/visibility_level', f: f, visibility_level: default_project_visibility, can_change_visibility_level: true, form_model: @project, with_label: false
 
         = f.submit 'Create project', class: "btn btn-create project-submit", tabindex: 4
         = link_to 'Cancel', dashboard_projects_path, class: 'btn btn-cancel'

app/views/projects/triggers/_index.html.haml

@@ -65,7 +65,7 @@
           In the
           %code .gitlab-ci.yml
           of another project, include the following snippet.
-          The project will be rebuilt at the end of the job.
+          The project will be rebuilt at the end of the pipeline.
 
         %pre
           :plain
@@ -89,7 +89,7 @@
         %p.light
           Add
           %code variables[VARIABLE]=VALUE
-          to an API request. Variable values can be used to distinguish between triggered jobs and normal jobs.
+          to an API request. Variable values can be used to distinguish between triggered pipelines and normal pipelines.
 
           With cURL:
 

app/views/projects/wikis/_sidebar.html.haml

-%aside.right-sidebar.right-sidebar-expanded.wiki-sidebar.js-wiki-sidebar
+%aside.right-sidebar.right-sidebar-expanded.wiki-sidebar.js-wiki-sidebar.js-right-sidebar{ data: { "offset-top" => "101", "spy" => "affix" } }
   .block.wiki-sidebar-header.append-bottom-default
     %a.gutter-toggle.pull-right.visible-xs-block.visible-sm-block.js-sidebar-wiki-toggle{ href: "#" }
       = icon('angle-double-right')

app/views/shared/_commit_message_container.html.haml

@@ -17,9 +17,9 @@
         Try to keep the first line under 52 characters
         and the others under 72.
     - if descriptions.present?
-      %p.hint.js-with-description-hint
+      .hint.js-with-description-hint
         = link_to "#", class: "js-with-description-link" do
           Include description in commit message
-      %p.hint.js-without-description-hint.hide
+      .hint.js-without-description-hint.hide
         = link_to "#", class: "js-without-description-link" do
           Don't include description in commit message

app/views/shared/_issuable_meta_data.html.haml

+- note_count         = @issuable_meta_data[issuable.id].notes_count
+- issue_votes        = @issuable_meta_data[issuable.id]
+- upvotes, downvotes = issue_votes.upvotes, issue_votes.downvotes
+- issuable_url       = @collection_type == "Issue" ? issue_path(issuable, anchor: 'notes') : merge_request_path(issuable, anchor: 'notes')
+
+- if upvotes > 0
+  %li
+    = icon('thumbs-up')
+    = upvotes
+
+- if downvotes > 0
+  %li
+    = icon('thumbs-down')
+    = downvotes
+
+%li
+  = link_to issuable_url, class: ('no-comments' if note_count.zero?) do
+    = icon('comments')
+    = note_count

app/views/shared/_visibility_level.html.haml

+- with_label = local_assigns.fetch(:with_label, true)
+
 .form-group.project-visibility-level-holder
-  = f.label :visibility_level, class: 'control-label' do
-    Visibility Level
-    = link_to icon('question-circle'), help_page_path("public_access/public_access")
-  .col-sm-10
+  - if with_label
+    = f.label :visibility_level, class: 'control-label' do
+      Visibility Level
+      = link_to icon('question-circle'), help_page_path("public_access/public_access")
+  %div{ :class => ("col-sm-10" if with_label) }
     - if can_change_visibility_level
       = render('shared/visibility_radios', model_method: :visibility_level, form: f, selected_level: visibility_level, form_model: form_model)
     - else

app/views/shared/issuable/_sidebar.html.haml

@@ -2,7 +2,7 @@
 - content_for :page_specific_javascripts do
   = page_specific_javascript_bundle_tag('issuable')
 
-%aside.right-sidebar{ class: sidebar_gutter_collapsed_class, 'aria-live' => 'polite' }
+%aside.right-sidebar.js-right-sidebar{ data: { "offset-top" => "101", "spy" => "affix" }, class: sidebar_gutter_collapsed_class, 'aria-live' => 'polite' }
   .issuable-sidebar
     - can_edit_issuable = can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
     .block.issuable-sidebar-header

app/views/shared/members/_member.html.haml

@@ -22,9 +22,9 @@
         %label.label.label-danger
           %strong Blocked
 
-      - if source.instance_of?(Group) && !@group
+      - if source.instance_of?(Group) && source != @group
         ·
-        = link_to source.name, source, class: "member-group-link"
+        = link_to source.full_name, source, class: "member-group-link"
 
       .hidden-xs.cgray
         - if member.request?
@@ -47,9 +47,10 @@
           = link_to member.created_by.name, user_path(member.created_by)
         = time_ago_with_tooltip(member.created_at)
   - if show_roles
+    - current_resource = @project || @group
     .controls.member-controls
       = render 'shared/members/ee/ldap_tag', can_override: can_override_member, visible: false
-      - if show_controls && (member.respond_to?(:group) && @group) || (member.respond_to?(:project) && @project)
+      - if show_controls && member.source == current_resource
         - if user != current_user
           = form_for member, remote: true, html: { class: 'form-horizontal js-edit-member-form' } do |f|
             = f.hidden_field :access_level

changelogs/unreleased/1051-api-create-users-without-password.yml

+---
+title: Optionally make users created via the API set their password
+merge_request: 8957
+author: Joost Rijneveld

changelogs/unreleased/27336-add-environment-url-link-to-terminal-page.yml

+---
+title: Added external environment link to web terminal view
+merge_request: 8303
+author:

changelogs/unreleased/27608-fixes-markdown-in-activity-feed-is-light-gray.yml

+---
+title: Fixes markdown in activity-feed is gray
+merge_request: 9179
+author:

changelogs/unreleased/27783-fix-fe-doc-broken-link.yml

+---
+title: Fixes FE Doc broken link
+merge_request: 9120
+author:

changelogs/unreleased/27963-tooltips-jobs.yml

+---
+title: Fix tooltips in mini pipeline graph
+merge_request:
+author:

changelogs/unreleased/27987-skipped-pipeline-mr-graph.yml

+---
+title: Show pipeline graph in MR widget if there are any stages
+merge_request:
+author:

changelogs/unreleased/27991-success-with-warnings-caret.yml

+---
+title: Fix icon colors in merge request widget mini graph
+merge_request:
+author:

changelogs/unreleased/27994-fix-mr-widget-jump.yml

+---
+title: Fix MR widget jump
+merge_request: 9146
+author:

changelogs/unreleased/28029-improve-blockquote-formatting-on-emails.yml

+---
+title: Improve blockquote formatting in notification emails
+merge_request:
+author:

changelogs/unreleased/fix-job-to-pipeline-renaming.yml

+---
+title: Fix job to pipeline renaming
+merge_request: 9147
+author:

changelogs/unreleased/fix_issue_from_milestone.yml

+---
+title: fix milestone does not automatically assign when create issue from milestone
+merge_request:
+author:

changelogs/unreleased/issue-newproj-layout.yml

+---
+title: Removed duplicate "Visibility Level" label on New Project page
+merge_request:
+author: Robert Marcano

changelogs/unreleased/issue_25900.yml

+---
+title: Gather issuable metadata to avoid n+1 queries on index view
+merge_request:
+author:

changelogs/unreleased/rename_files_delete_service.yml

+---
+title: Rename Files::DeleteService to Files::DestroyService
+merge_request: 9110
+author: dixpac

changelogs/unreleased/sh-add-index-to-ci-trigger-requests.yml

+---
+title: Add index to ci_trigger_requests for commit_id
+merge_request:
+author:

changelogs/unreleased/static-navbar.yml

+---
+title: Remove fixed positioning from top nav
+merge_request: !7547
+author:

config/initializers/rspec_profiling.rb

@@ -4,6 +4,12 @@ module RspecProfilingConnection
   end
 end
 
+module RspecProfilingGitBranchCi
+  def branch
+    ENV['CI_BUILD_REF_NAME'] || super
+  end
+end
+
 if Rails.env.test?
   RspecProfiling.configure do |config|
     if ENV['RSPEC_PROFILING_POSTGRES_URL']
@@ -11,4 +17,6 @@ if Rails.env.test?
       config.collector = RspecProfiling::Collectors::PSQL
     end
   end
+
+  RspecProfiling::VCS::Git.prepend(RspecProfilingGitBranchCi) if ENV.has_key?('CI')
 end

db/migrate/20160812054342_add_group_id_columns_to_protected_branch_access_levels.rb

@@ -20,9 +20,9 @@ class AddGroupIdColumnsToProtectedBranchAccessLevels < ActiveRecord::Migration
 
   def change
     add_column :protected_branch_merge_access_levels, :group_id, :integer
-    add_foreign_key :protected_branch_merge_access_levels, :namespaces, column: :group_id
+    add_foreign_key :protected_branch_merge_access_levels, :namespaces, column: :group_id # rubocop: disable Migration/AddConcurrentForeignKey
 
     add_column :protected_branch_push_access_levels, :group_id, :integer
-    add_foreign_key :protected_branch_push_access_levels, :namespaces, column: :group_id
+    add_foreign_key :protected_branch_push_access_levels, :namespaces, column: :group_id # rubocop: disable Migration/AddConcurrentForeignKey
   end
 end

db/migrate/20160916101334_add_approver_groups.rb

@@ -20,6 +20,6 @@ class AddApproverGroups < ActiveRecord::Migration
       t.index :group_id
     end
 
-    add_foreign_key :approver_groups, :namespaces, column: :group_id, on_delete: :cascade
+    add_foreign_key :approver_groups, :namespaces, column: :group_id, on_delete: :cascade # rubocop: disable Migration/AddConcurrentForeignKey
   end
 end

db/migrate/20160919145149_add_group_id_to_labels.rb

@@ -7,7 +7,7 @@ class AddGroupIdToLabels < ActiveRecord::Migration
 
   def change
     add_column :labels, :group_id, :integer
-    add_foreign_key :labels, :namespaces, column: :group_id, on_delete: :cascade
+    add_foreign_key :labels, :namespaces, column: :group_id, on_delete: :cascade # rubocop: disable Migration/AddConcurrentForeignKey
     add_concurrent_index :labels, :group_id
   end
 end

db/migrate/20161020083353_add_pipeline_id_to_merge_request_metrics.rb

@@ -28,6 +28,6 @@ class AddPipelineIdToMergeRequestMetrics < ActiveRecord::Migration
   def change
     add_column :merge_request_metrics, :pipeline_id, :integer
     add_concurrent_index :merge_request_metrics, :pipeline_id
-    add_foreign_key :merge_request_metrics, :ci_commits, column: :pipeline_id, on_delete: :cascade
+    add_foreign_key :merge_request_metrics, :ci_commits, column: :pipeline_id, on_delete: :cascade # rubocop: disable Migration/AddConcurrentForeignKey
   end
 end

db/migrate/20161031171301_add_project_id_to_subscriptions.rb

@@ -5,7 +5,7 @@ class AddProjectIdToSubscriptions < ActiveRecord::Migration
 
   def up
     add_column :subscriptions, :project_id, :integer
-    add_foreign_key :subscriptions, :projects, column: :project_id, on_delete: :cascade
+    add_foreign_key :subscriptions, :projects, column: :project_id, on_delete: :cascade # rubocop: disable Migration/AddConcurrentForeignKey
   end
 
   def down

db/migrate/20170210075922_add_index_to_ci_trigger_requests_for_commit_id.rb

+class AddIndexToCiTriggerRequestsForCommitId < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def change
+    add_concurrent_index :ci_trigger_requests, :commit_id
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170207150212) do
+ActiveRecord::Schema.define(version: 20170210075922) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -119,7 +119,6 @@ ActiveRecord::Schema.define(version: 20170207150212) do
     t.boolean "plantuml_enabled"
     t.integer "shared_runners_minutes", default: 0, null: false
     t.integer "repository_size_limit", limit: 8, default: 0
-    t.integer "max_pages_size", default: 100, null: false
     t.integer "terminal_max_session_time", default: 0, null: false
   end
 
@@ -407,6 +406,8 @@ ActiveRecord::Schema.define(version: 20170207150212) do
     t.integer "commit_id"
   end
 
+  add_index "ci_trigger_requests", ["commit_id"], name: "index_ci_trigger_requests_on_commit_id", using: :btree
+
   create_table "ci_triggers", force: :cascade do |t|
     t.string "token"
     t.integer "project_id"

doc/api/users.md

@@ -218,7 +218,7 @@ Parameters:
 
 ## User creation
 
-Creates a new user. Note only administrators can create new users.
+Creates a new user. Note only administrators can create new users. Either `password` or `reset_password` should be specified (`reset_password` takes priority).
 
 ```
 POST /users
@@ -227,7 +227,8 @@ POST /users
 Parameters:
 
 - `email` (required)            - Email
-- `password` (required)         - Password
+- `password` (optional)         - Password
+- `reset_password` (optional)   - Send user password reset link - true or false(default)
 - `username` (required)         - Username
 - `name` (required)             - Name
 - `skype` (optional)            - Skype ID

doc/development/frontend.md

@@ -50,7 +50,7 @@ Let's look into each of them:
 This is the index file of your new feature. This is where the root Vue instance
 of the new feature should be.
 
-Don't forget to follow [these steps.][page-specific-javascript]
+Don't forget to follow [these steps.][page_specific_javascript]
 
 **A folder for Components**
 
@@ -250,23 +250,17 @@ information.
 
 ### Running frontend tests
 
-`rake teaspoon` runs the frontend-only (JavaScript) tests.
+`rake karma` runs the frontend-only (JavaScript) tests.
 It consists of two subtasks:
 
-- `rake teaspoon:fixtures` (re-)generates fixtures
-- `rake teaspoon:tests` actually executes the tests
+- `rake karma:fixtures` (re-)generates fixtures
+- `rake karma:tests` actually executes the tests
 
-As long as the fixtures don't change, `rake teaspoon:tests` is sufficient
+As long as the fixtures don't change, `rake karma:tests` is sufficient
 (and saves you some time).
 
-If you need to debug your tests and/or application code while they're
-running, navigate to [localhost:3000/teaspoon](http://localhost:3000/teaspoon)
-in your browser, open DevTools, and run tests for individual files by clicking
-on them. This is also much faster than setting up and running tests from the
-command line.
-
 Please note: Not all of the frontend fixtures are generated. Some are still static
-files. These will not be touched by `rake teaspoon:fixtures`.
+files. These will not be touched by `rake karma:fixtures`.
 
 ## Design Patterns
 
@@ -323,54 +317,13 @@ gl.MyThing = MyThing;
 
 For our currently-supported browsers, see our [requirements][requirements].
 
-[rails]: http://rubyonrails.org/
-[haml]: http://haml.info/
-[hamlit]: https://github.com/k0kubun/hamlit
-[hamlit-limits]: https://github.com/k0kubun/hamlit/blob/master/REFERENCE.md#limitations
-[scss]: http://sass-lang.com/
-[es6]: https://babeljs.io/
-[sprockets]: https://github.com/rails/sprockets
-[jquery]: https://jquery.com/
-[vue]: http://vuejs.org/
-[vue-docs]: http://vuejs.org/guide/index.html
-[web-page-test]: http://www.webpagetest.org/
-[pagespeed-insights]: https://developers.google.com/speed/pagespeed/insights/
-[google-devtools-profiling]: https://developers.google.com/web/tools/chrome-devtools/profile/?hl=en
-[browser-diet]: https://browserdiet.com/
-[d3]: https://d3js.org/
-[chartjs]: http://www.chartjs.org/
-[page-specific-js-example]: https://gitlab.com/gitlab-org/gitlab-ce/blob/13bb9ed77f405c5f6ee4fdbc964ecf635c9a223f/app/views/projects/graphs/_head.html.haml#L6-8
-[chrome-accessibility-developer-tools]: https://github.com/GoogleChrome/accessibility-developer-tools
-[audit-rules]: https://github.com/GoogleChrome/accessibility-developer-tools/wiki/Audit-Rules
-[observatory-cli]: https://github.com/mozilla/http-observatory-cli
-[qualys-ssl]: https://www.ssllabs.com/ssltest/analyze.html
-[secure_headers]: https://github.com/twitter/secureheaders
-[mdn-csp]: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
-[github-eng-csp]: http://githubengineering.com/githubs-csp-journey/
-[dropbox-csp-1]: https://blogs.dropbox.com/tech/2015/09/on-csp-reporting-and-filtering/
-[dropbox-csp-2]: https://blogs.dropbox.com/tech/2015/09/unsafe-inline-and-nonce-deployment/
-[dropbox-csp-3]: https://blogs.dropbox.com/tech/2015/09/csp-the-unexpected-eval/
-[dropbox-csp-4]: https://blogs.dropbox.com/tech/2015/09/csp-third-party-integrations-and-privilege-separation/
-[mdn-sri]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
-[github-eng-sri]: http://githubengineering.com/subresource-integrity/
-[sprockets-sri]: https://github.com/rails/sprockets-rails#sri-support
-[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting
-[scss-style-guide]: scss_styleguide.md
-[requirements]: ../install/requirements.md#supported-web-browsers
-[issue-boards]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/app/assets/javascripts/boards
-[environments-table]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/app/assets/javascripts/environments
-[page_specific_javascript]: https://docs.gitlab.com/ce/development/frontend.html#page-specific-javascript
-[component-system]: https://vuejs.org/v2/guide/#Composing-with-Components
-[state-management]: https://vuejs.org/v2/guide/state-management.html#Simple-State-Management-from-Scratch
-[vue-resource-repo]: https://github.com/pagekit/vue-resource
-[issue-boards-service]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/javascripts/boards/services/board_service.js.es6
 
 ## Gotchas
 
 ### Spec errors due to use of ES6 features in `.js` files
 
 If you see very generic JavaScript errors (e.g. `jQuery is undefined`) being
-thrown in Teaspoon, Spinach, or Rspec tests but can't reproduce them manually,
+thrown in Karma, Spinach, or Rspec tests but can't reproduce them manually,
 you may have included `ES6`-style JavaScript in files that don't have the
 `.js.es6` file extension. Either use ES5-friendly JavaScript or rename the file
 you're working in (`git mv <file.js> <file.js.es6>`).
@@ -438,3 +391,46 @@ Scenario: Developer can approve merge request
     Then I should see approved merge request "Bug NS-04"
 
 ```
+
+
+[rails]: http://rubyonrails.org/
+[haml]: http://haml.info/
+[hamlit]: https://github.com/k0kubun/hamlit
+[hamlit-limits]: https://github.com/k0kubun/hamlit/blob/master/REFERENCE.md#limitations
+[scss]: http://sass-lang.com/
+[es6]: https://babeljs.io/
+[sprockets]: https://github.com/rails/sprockets
+[jquery]: https://jquery.com/
+[vue]: http://vuejs.org/
+[vue-docs]: http://vuejs.org/guide/index.html
+[web-page-test]: http://www.webpagetest.org/
+[pagespeed-insights]: https://developers.google.com/speed/pagespeed/insights/
+[google-devtools-profiling]: https://developers.google.com/web/tools/chrome-devtools/profile/?hl=en
+[browser-diet]: https://browserdiet.com/
+[d3]: https://d3js.org/
+[chartjs]: http://www.chartjs.org/
+[page-specific-js-example]: https://gitlab.com/gitlab-org/gitlab-ce/blob/13bb9ed77f405c5f6ee4fdbc964ecf635c9a223f/app/views/projects/graphs/_head.html.haml#L6-8
+[chrome-accessibility-developer-tools]: https://github.com/GoogleChrome/accessibility-developer-tools
+[audit-rules]: https://github.com/GoogleChrome/accessibility-developer-tools/wiki/Audit-Rules
+[observatory-cli]: https://github.com/mozilla/http-observatory-cli
+[qualys-ssl]: https://www.ssllabs.com/ssltest/analyze.html
+[secure_headers]: https://github.com/twitter/secureheaders
+[mdn-csp]: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
+[github-eng-csp]: http://githubengineering.com/githubs-csp-journey/
+[dropbox-csp-1]: https://blogs.dropbox.com/tech/2015/09/on-csp-reporting-and-filtering/
+[dropbox-csp-2]: https://blogs.dropbox.com/tech/2015/09/unsafe-inline-and-nonce-deployment/
+[dropbox-csp-3]: https://blogs.dropbox.com/tech/2015/09/csp-the-unexpected-eval/
+[dropbox-csp-4]: https://blogs.dropbox.com/tech/2015/09/csp-third-party-integrations-and-privilege-separation/
+[mdn-sri]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
+[github-eng-sri]: http://githubengineering.com/subresource-integrity/
+[sprockets-sri]: https://github.com/rails/sprockets-rails#sri-support
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting
+[scss-style-guide]: scss_styleguide.md
+[requirements]: ../install/requirements.md#supported-web-browsers
+[issue-boards]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/app/assets/javascripts/boards
+[environments-table]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/app/assets/javascripts/environments
+[page_specific_javascript]: https://docs.gitlab.com/ce/development/frontend.html#page-specific-javascript
+[component-system]: https://vuejs.org/v2/guide/#Composing-with-Components
+[state-management]: https://vuejs.org/v2/guide/state-management.html#Simple-State-Management-from-Scratch
+[vue-resource-repo]: https://github.com/pagekit/vue-resource
+[issue-boards-service]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/assets/javascripts/boards/services/board_service.js.es6

doc/development/rake_tasks.md

@@ -17,14 +17,14 @@ Note: `db:setup` calls `db:seed` but this does nothing.
 In order to run the test you can use the following commands:
 - `rake spinach` to run the spinach suite
 - `rake spec` to run the rspec suite
-- `rake teaspoon` to run the teaspoon test suite
+- `rake karma` to run the karma test suite
 - `rake gitlab:test` to run all the tests
 
-Note: Both `rake spinach` and `rake spec` takes significant time to pass. 
+Note: Both `rake spinach` and `rake spec` takes significant time to pass.
 Instead of running full test suite locally you can save a lot of time by running
-a single test or directory related to your changes. After you submit merge request 
-CI will run full test suite for you. Green CI status in the merge request means 
-full test suite is passed.  
+a single test or directory related to your changes. After you submit merge request
+CI will run full test suite for you. Green CI status in the merge request means
+full test suite is passed.
 
 Note: You can't run `rspec .` since this will try to run all the `_spec.rb`
 files it can find, also the ones in `/tmp`

doc/development/testing.md

@@ -31,9 +31,8 @@ GitLab uses [factory_girl] as a test fixture replacement.
 
 ## JavaScript
 
-GitLab uses [Teaspoon] to run its [Jasmine] JavaScript specs. They can be run on
-the command line via `bundle exec teaspoon`, or via a web browser at
-`http://localhost:3000/teaspoon` when the Rails server is running.
+GitLab uses [Karma] to run its [Jasmine] JavaScript specs. They can be run on
+the command line via `bundle exec karma`.
 
 - JavaScript tests live in `spec/javascripts/`, matching the folder structure of
   `app/assets/javascripts/`: `app/assets/javascripts/behaviors/autosize.js.es6` has a corresponding
@@ -51,7 +50,7 @@ the command line via `bundle exec teaspoon`, or via a web browser at
   [`Notification`](https://developer.mozilla.org/en-US/docs/Web/API/notification),
   which will have to be stubbed.
 
-[Teaspoon]: https://github.com/modeset/teaspoon
+[Karma]: https://github.com/karma-runner/karma
 [Jasmine]: https://github.com/jasmine/jasmine
 
 ## RSpec

doc/user/project/issue_board.md

 # Issue board
 
-> [Introduced][ce-5554] in GitLab 8.11.
+>**Notes:**
+- [Introduced][ce-5554] in GitLab 8.11.
+- The Backlog column was replaced by the **Add issues** button in GitLab 8.17.
 
 The GitLab Issue Board is a software project management tool used to plan,
 organize, and visualize a workflow for a feature or product release.
@@ -28,13 +30,11 @@ Below is a table of the definitions used for GitLab's Issue Board.
 | **List**        | Each label that exists in the issue tracker can have its own dedicated list. Every list is named after the label it is based on and is represented by a column which contains all the issues associated with that label. You can think of a list like the results you get when you filter the issues by a label in your issue tracker. |
 | **Card**        | Every card represents an issue and it is shown under the list for which it has a label. The information you can see on a card consists of the issue number, the issue title, the assignee and the labels associated with it. You can drag cards around from one list to another. Issues inside lists are [ordered by priority](labels.md#prioritize-labels). |
 
-There are three types of lists, the ones you create based on your labels, and
-two default:
+There are two types of lists, the ones you create based on your labels, and
+one default:
 
-- **Backlog** (default): shows all issues that do not fall in one of the other lists. Always appears on the very left.
-- **Done** (default): shows all closed issues. Always appears on the very right.
-Label list: a list based on a label. It shows all issues with that label.
 - Label list: a list based on a label. It shows all opened issues with that label.
+- **Done** (default): shows all closed issues. Always appears on the very right.
 
 ![GitLab Issue Board](img/issue_board.png)
 
@@ -55,10 +55,10 @@ In short, here's a list of actions you can take in an Issue Board:
 If you are not able to perform one or more of the things above, make sure you
 have the right [permissions](#permissions).
 
-## First time using the Issue Board
+## First time using the issue board
 
-The first time you navigate to your Issue Board, you will be presented with the
-two default lists (**Backlog** and **Done**) and a welcoming message that gives
+The first time you navigate to your Issue Board, you will be presented with
+a default list (**Done**) and a welcoming message that gives
 you two options. You can either create a predefined set of labels and create
 their corresponding lists to the Issue Board or opt-out and use your own lists.
 
@@ -93,23 +93,26 @@ in the list's heading. A confirmation dialog will appear for you to confirm.
 Deleting a list doesn't have any effect in issues and labels, it's just the
 list view that is removed. You can always add it back later if you need.
 
-## Searching issues in the Backlog list
+## Adding issues to a list
+
+You can add issues to a list by clicking the **Add issues** button that is
+present in the upper right corner of the issue board. This will open up a modal
+window where you can see all the issues that do not belong to any list.
+
+Select one or more issues by clicking on the cards and then click **Add issues**
+to add them to the selected list. You can limit the issues you want to add to
+the list by filtering by author, assignee, milestone and label.
 
-The very first time you start using the Issue Board, it is very likely your
-issue tracker is already populated with labels and issues. In that case,
-**Backlog** will have all the issues that don't belong to another list, and
-**Done** will have all the closed ones.
+![Bulk adding issues to lists](img/issue_boards_add_issues_modal.png)
 
-For performance and visibility reasons, each list shows the first 20 issues
-by default. If you have more than 20, you have to start scrolling down for the
-next 20 issues to appear. This can be cumbersome if your issue tracker hosts
-hundreds of issues, and for that reason it is easier to search for issues to
-move from **Backlog** to another list.
+## Removing an issue from a list
 
-Start typing in the search bar under the **Backlog** list and the relevant
-issues will appear.
+Removing an issue from a list can be done by clicking on the issue card and then
+clicking the **Remove from board** button in the sidebar. Under the hood, the
+respective label is removed, and as such it's also removed from the list and the
+board itself.
 
-![Issue Board search Backlog](img/issue_board_search_backlog.png)
+![Remove issue from list](img/issue_boards_remove_issue.png)
 
 ## Filtering issues
 
@@ -142,8 +145,8 @@ A typical workflow of using the Issue Board would be:
    and gets automatically closed.
 
 For instance you can create a list based on the label of 'Frontend' and one for
-'Backend'. A designer can start working on an issue by dragging it from
-**Backlog** to 'Frontend'. That way, everyone knows that this issue is now being
+'Backend'. A designer can start working on an issue by adding it to the
+'Frontend' list. That way, everyone knows that this issue is now being
 worked on by the designers. Then, once they're done, all they have to do is
 drag it over to the next list, 'Backend', where a backend developer can
 eventually pick it up. Once they’re done, they move it to **Done**, to close the

doc/user/project/merge_requests.md

-# Merge Requests
-
-Merge requests allow you to exchange changes you made to source code and
-collaborate with other people on the same project.
-
-## Authorization for merge requests
-
-There are two main ways to have a merge request flow with GitLab:
-
-1. Working with [protected branches][] in a single repository
-1. Working with forks of an authoritative project
-
-[Learn more about the authorization for merge requests.](merge_requests/authorization_for_merge_requests.md)
-
-## Cherry-pick changes
-
-Cherry-pick any commit in the UI by simply clicking the **Cherry-pick** button
-in a merged merge requests or a commit.
-
-[Learn more about cherry-picking changes.](merge_requests/cherry_pick_changes.md)
-
-## Merge when pipeline succeeds
-
-When reviewing a merge request that looks ready to merge but still has one or
-more CI builds running, you can set it to be merged automatically when CI
-pipeline succeeds. This way, you don't have to wait for the pipeline to finish
-and remember to merge the request manually.
-
-[Learn more about merging when pipeline succeeds.](merge_requests/merge_when_pipeline_succeeds.md)
-
-## Resolve discussion comments in merge requests reviews
-
-Keep track of the progress during a code review with resolving comments.
-Resolving comments prevents you from forgetting to address feedback and lets
-you hide discussions that are no longer relevant.
-
-[Read more about resolving discussion comments in merge requests reviews.](merge_requests/merge_request_discussion_resolution.md)
-
-## Squash and merge
-
-GitLab allows you to squash all changes present in a merge request into a single
-commit when merging, to allow for a neater commit history.
-
-[Learn more about squash and merge.](merge_requests/squash_and_merge)
-
-## Resolve conflicts
-
-When a merge request has conflicts, GitLab may provide the option to resolve
-those conflicts in the GitLab UI.
-
-[Learn more about resolving merge conflicts in the UI.](merge_requests/resolve_conflicts.md)
-
-## Revert changes
-
-GitLab implements Git's powerful feature to revert any commit with introducing
-a **Revert** button in merge requests and commit details.
-
-[Learn more about reverting changes in the UI](merge_requests/revert_changes.md)
-
-## Merge requests versions
-
-Every time you push to a branch that is tied to a merge request, a new version
-of merge request diff is created. When you visit a merge request that contains
-more than one pushes, you can select and compare the versions of those merge
-request diffs.
-
-[Read more about the merge requests versions.](merge_requests/versions.md)
-
-## Work In Progress merge requests
-
-To prevent merge requests from accidentally being accepted before they're
-completely ready, GitLab blocks the "Accept" button for merge requests that
-have been marked as a **Work In Progress**.
-
-[Learn more about settings a merge request as "Work In Progress".](merge_requests/work_in_progress_merge_requests.md)
-
-## Merge request approvals
-
-> Included in [GitLab Enterprise Edition Starter][products].
-
-If you want to make sure every merge request is approved by one or more people,
-you can enforce this workflow by using merge request approvals. Merge request
-approvals allow you to set the number of necessary approvals and predefine a
-list of approvers that will need to approve every merge request in a project.
-
-[Read more about merge request approvals.](merge_requests/merge_request_approvals.md)
-
-## Fast-forward merge requests
-
-> Included in [GitLab Enterprise Edition Starter][products].
-
-If you prefer a linear Git history and a way to accept merge requests without
-creating merge commits, you can configure this on a per-project basis.
-
-[Read more about fast-forward merge requests.](merge_requests/fast_forward_merge.md)
-
-## Ignore whitespace changes in Merge Request diff view
-
-If you click the **Hide whitespace changes** button, you can see the diff
-without whitespace changes (if there are any). This is also working when on a
-specific commit page.
-
-![MR diff](merge_requests/img/merge_request_diff.png)
-
->**Tip:**
-You can append `?w=1` while on the diffs page of a merge request to ignore any
-whitespace changes.
-
-## Tips
-
-Here are some tips that will help you be more efficient with merge requests in
-the command line.
-
-> **Note:**
-This section might move in its own document in the future.
-
-### Checkout merge requests locally
-
-A merge request contains all the history from a repository, plus the additional
-commits added to the branch associated with the merge request. Here's a few
-tricks to checkout a merge request locally.
-
-Please note that you can checkout a merge request locally even if the source
-project is a fork (even a private fork) of the target project.
-
-#### Checkout locally by adding a git alias
-
-Add the following alias to your `~/.gitconfig`:
-
-```
-[alias]
-    mr = !sh -c 'git fetch $1 merge-requests/$2/head:mr-$1-$2 && git checkout mr-$1-$2' -
-```
-
-Now you can check out a particular merge request from any repository and any
-remote. For example, to check out the merge request with ID 5 as shown in GitLab
-from the `upstream` remote, do:
-
-```
-git mr upstream 5
-```
-
-This will fetch the merge request into a local `mr-upstream-5` branch and check
-it out.
-
-#### Checkout locally by modifying `.git/config` for a given repository
-
-Locate the section for your GitLab remote in the `.git/config` file. It looks
-like this:
-
-```
-[remote "origin"]
-  url = https://gitlab.com/gitlab-org/gitlab-ce.git
-  fetch = +refs/heads/*:refs/remotes/origin/*
-```
-
-You can open the file with:
-
-```
-git config -e
-```
-
-Now add the following line to the above section:
-
-```
-fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*
-```
-
-In the end, it should look like this:
-
-```
-[remote "origin"]
-  url = https://gitlab.com/gitlab-org/gitlab-ce.git
-  fetch = +refs/heads/*:refs/remotes/origin/*
-  fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*
-```
-
-Now you can fetch all the merge requests:
-
-```
-git fetch origin
-
-...
-From https://gitlab.com/gitlab-org/gitlab-ce.git
- * [new ref]         refs/merge-requests/1/head -> origin/merge-requests/1
- * [new ref]         refs/merge-requests/2/head -> origin/merge-requests/2
-...
-```
-
-And to check out a particular merge request:
-
-```
-git checkout origin/merge-requests/1
-```
-
-[products]: https://about.gitlab.com/products/ "GitLab products page"
-[protected branches]: protected_branches.md
+This document was moved to [merge_requests/index.md](merge_requests/index.md).

doc/user/project/merge_requests/index.md

+# Merge requests
+
+Merge requests allow you to exchange changes you made to source code and
+collaborate with other people on the same project.
+
+## Authorization for merge requests
+
+There are two main ways to have a merge request flow with GitLab:
+
+1. Working with [protected branches][] in a single repository
+1. Working with forks of an authoritative project
+
+[Learn more about the authorization for merge requests.](authorization_for_merge_requests.md)
+
+## Cherry-pick changes
+
+Cherry-pick any commit in the UI by simply clicking the **Cherry-pick** button
+in a merged merge requests or a commit.
+
+[Learn more about cherry-picking changes.](cherry_pick_changes.md)
+
+## Merge when pipeline succeeds
+
+When reviewing a merge request that looks ready to merge but still has one or
+more CI builds running, you can set it to be merged automatically when CI
+pipeline succeeds. This way, you don't have to wait for the pipeline to finish
+and remember to merge the request manually.
+
+[Learn more about merging when pipeline succeeds.](merge_when_pipeline_succeeds.md)
+
+## Resolve discussion comments in merge requests reviews
+
+Keep track of the progress during a code review with resolving comments.
+Resolving comments prevents you from forgetting to address feedback and lets
+you hide discussions that are no longer relevant.
+
+[Read more about resolving discussion comments in merge requests reviews.](merge_request_discussion_resolution.md)
+
+## Squash and merge
+
+GitLab allows you to squash all changes present in a merge request into a single
+commit when merging, to allow for a neater commit history.
+
+[Learn more about squash and merge.](merge_requests/squash_and_merge)
+
+## Resolve conflicts
+
+When a merge request has conflicts, GitLab may provide the option to resolve
+those conflicts in the GitLab UI.
+
+[Learn more about resolving merge conflicts in the UI.](resolve_conflicts.md)
+
+## Revert changes
+
+GitLab implements Git's powerful feature to revert any commit with introducing
+a **Revert** button in merge requests and commit details.
+
+[Learn more about reverting changes in the UI](revert_changes.md)
+
+## Merge requests versions
+
+Every time you push to a branch that is tied to a merge request, a new version
+of merge request diff is created. When you visit a merge request that contains
+more than one pushes, you can select and compare the versions of those merge
+request diffs.
+
+[Read more about the merge requests versions.](versions.md)
+
+## Work In Progress merge requests
+
+To prevent merge requests from accidentally being accepted before they're
+completely ready, GitLab blocks the "Accept" button for merge requests that
+have been marked as a **Work In Progress**.
+
+[Learn more about settings a merge request as "Work In Progress".](work_in_progress_merge_requests.md)
+
+## Merge request approvals
+
+> Included in [GitLab Enterprise Edition Starter][products].
+
+If you want to make sure every merge request is approved by one or more people,
+you can enforce this workflow by using merge request approvals. Merge request
+approvals allow you to set the number of necessary approvals and predefine a
+list of approvers that will need to approve every merge request in a project.
+
+[Read more about merge request approvals.](merge_requests/merge_request_approvals.md)
+
+## Fast-forward merge requests
+
+> Included in [GitLab Enterprise Edition Starter][products].
+
+If you prefer a linear Git history and a way to accept merge requests without
+creating merge commits, you can configure this on a per-project basis.
+
+[Read more about fast-forward merge requests.](merge_requests/fast_forward_merge.md)
+
+## Ignore whitespace changes in Merge Request diff view
+
+If you click the **Hide whitespace changes** button, you can see the diff
+without whitespace changes (if there are any). This is also working when on a
+specific commit page.
+
+![MR diff](img/merge_request_diff.png)
+
+>**Tip:**
+You can append `?w=1` while on the diffs page of a merge request to ignore any
+whitespace changes.
+
+## Tips
+
+Here are some tips that will help you be more efficient with merge requests in
+the command line.
+
+> **Note:**
+This section might move in its own document in the future.
+
+### Checkout merge requests locally
+
+A merge request contains all the history from a repository, plus the additional
+commits added to the branch associated with the merge request. Here's a few
+tricks to checkout a merge request locally.
+
+Please note that you can checkout a merge request locally even if the source
+project is a fork (even a private fork) of the target project.
+
+#### Checkout locally by adding a git alias
+
+Add the following alias to your `~/.gitconfig`:
+
+```
+[alias]
+    mr = !sh -c 'git fetch $1 merge-requests/$2/head:mr-$1-$2 && git checkout mr-$1-$2' -
+```
+
+Now you can check out a particular merge request from any repository and any
+remote. For example, to check out the merge request with ID 5 as shown in GitLab
+from the `upstream` remote, do:
+
+```
+git mr upstream 5
+```
+
+This will fetch the merge request into a local `mr-upstream-5` branch and check
+it out.
+
+#### Checkout locally by modifying `.git/config` for a given repository
+
+Locate the section for your GitLab remote in the `.git/config` file. It looks
+like this:
+
+```
+[remote "origin"]
+  url = https://gitlab.com/gitlab-org/gitlab-ce.git
+  fetch = +refs/heads/*:refs/remotes/origin/*
+```
+
+You can open the file with:
+
+```
+git config -e
+```
+
+Now add the following line to the above section:
+
+```
+fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*
+```
+
+In the end, it should look like this:
+
+```
+[remote "origin"]
+  url = https://gitlab.com/gitlab-org/gitlab-ce.git
+  fetch = +refs/heads/*:refs/remotes/origin/*
+  fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*
+```
+
+Now you can fetch all the merge requests:
+
+```
+git fetch origin
+
+...
+From https://gitlab.com/gitlab-org/gitlab-ce.git
+ * [new ref]         refs/merge-requests/1/head -> origin/merge-requests/1
+ * [new ref]         refs/merge-requests/2/head -> origin/merge-requests/2
+...
+```
+
+And to check out a particular merge request:
+
+```
+git checkout origin/merge-requests/1
+```
+
+[products]: https://about.gitlab.com/products/ "GitLab products page"
+[protected branches]: protected_branches.md

doc/user/project/merge_requests/versions.md

 # Merge requests versions
 
-> Will be [introduced][ce-5467] in GitLab 8.12.
+>**Notes:**
+- [Introduced][ce-5467] in GitLab 8.12.
+- Comments are disabled while viewing outdated merge versions or comparing to
+  versions other than base.
+- Merge request versions are based on push not on commit. So, if you pushed 5
+  commits in a single push, it will be a single option in the dropdown. If you
+  pushed 5 times, that will count for 5 options.
 
 Every time you push to a branch that is tied to a merge request, a new version
 of merge request diff is created. When you visit a merge request that contains
@@ -30,13 +36,4 @@ changes appears as a system note.
 
 ![Merge request versions system note](img/versions_system_note.png)
 
----
-
->**Notes:**
-- Comments are disabled while viewing outdated merge versions or comparing to
-  versions other than base.
-- Merge request versions are based on push not on commit. So, if you pushed 5
-  commits in a single push, it will be a single option in the dropdown. If you
-  pushed 5 times, that will count for 5 options.
-
 [ce-5467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5467

doc/workflow/README.md

@@ -30,7 +30,7 @@
 - [Web Editor](../user/project/repository/web_editor.md)
 - [Releases](releases.md)
 - [Milestones](milestones.md)
-- [Merge Requests](../user/project/merge_requests.md)
+- [Merge Requests](../user/project/merge_requests/index.md)
   - [Authorization for merge requests](../user/project/merge_requests/authorization_for_merge_requests.md)
   - [Cherry-pick changes](../user/project/merge_requests/cherry_pick_changes.md)
   - [Merge when pipeline succeeds](../user/project/merge_requests/merge_when_pipeline_succeeds.md)

lib/api/files.rb

@@ -117,7 +117,7 @@ module API
         authorize! :push_code, user_project
 
         file_params = declared_params(include_missing: false)
-        result = ::Files::DeleteService.new(user_project, current_user, commit_params(file_params)).execute
+        result = ::Files::DestroyService.new(user_project, current_user, commit_params(file_params)).execute
 
         if result[:status] == :success
           status(200)

lib/api/users.rb

@@ -84,7 +84,9 @@ module API
       end
       params do
         requires :email, type: String, desc: 'The email of the user'
-        requires :password, type: String, desc: 'The password of the new user'
+        optional :password, type: String, desc: 'The password of the new user'
+        optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token'
+        at_least_one_of :password, :reset_password
         requires :name, type: String, desc: 'The name of the user'
         requires :username, type: String, desc: 'The username of the user'
         use :optional_attributes
@@ -96,8 +98,18 @@ module API
         user_params = declared_params(include_missing: false)
         identity_attrs = user_params.slice(:provider, :extern_uid)
         confirm = user_params.delete(:confirm)
+        user = User.new(user_params.except(:extern_uid, :provider, :reset_password))
+
+        if user_params.delete(:reset_password)
+          user.attributes = {
+            force_random_password: true,
+            password_expires_at: nil,
+            created_by_id: current_user.id
+          }
+          user.generate_password
+          user.generate_reset_token
+        end
 
-        user = User.new(user_params.except(:extern_uid, :provider))
         user.skip_confirmation! unless confirm
 
         if identity_attrs.any?

lib/gitlab/database/migration_helpers.rb

@@ -26,11 +26,59 @@ module Gitlab
         add_index(table_name, column_name, options)
       end
 
+      # Adds a foreign key with only minimal locking on the tables involved.
+      #
+      # This method only requires minimal locking when using PostgreSQL. When
+      # using MySQL this method will use Rails' default `add_foreign_key`.
+      #
+      # source - The source table containing the foreign key.
+      # target - The target table the key points to.
+      # column - The name of the column to create the foreign key on.
+      # on_delete - The action to perform when associated data is removed,
+      #             defaults to "CASCADE".
+      def add_concurrent_foreign_key(source, target, column:, on_delete: :cascade)
+        # Transactions would result in ALTER TABLE locks being held for the
+        # duration of the transaction, defeating the purpose of this method.
+        if transaction_open?
+          raise 'add_concurrent_foreign_key can not be run inside a transaction'
+        end
+
+        # While MySQL does allow disabling of foreign keys it has no equivalent
+        # of PostgreSQL's "VALIDATE CONSTRAINT". As a result we'll just fall
+        # back to the normal foreign key procedure.
+        if Database.mysql?
+          return add_foreign_key(source, target,
+                                 column: column,
+                                 on_delete: on_delete)
+        end
+
+        disable_statement_timeout
+
+        key_name = "fk_#{source}_#{target}_#{column}"
+
+        # Using NOT VALID allows us to create a key without immediately
+        # validating it. This means we keep the ALTER TABLE lock only for a
+        # short period of time. The key _is_ enforced for any newly created
+        # data.
+        execute <<-EOF.strip_heredoc
+        ALTER TABLE #{source}
+        ADD CONSTRAINT #{key_name}
+        FOREIGN KEY (#{column})
+        REFERENCES #{target} (id)
+        ON DELETE #{on_delete} NOT VALID;
+        EOF
+
+        # Validate the existing constraint. This can potentially take a very
+        # long time to complete, but fortunately does not lock the source table
+        # while running.
+        execute("ALTER TABLE #{source} VALIDATE CONSTRAINT #{key_name};")
+      end
+
       # Long-running migrations may take more than the timeout allowed by
       # the database. Disable the session's statement timeout to ensure
       # migrations don't get killed prematurely. (PostgreSQL only)
       def disable_statement_timeout
-        ActiveRecord::Base.connection.execute('SET statement_timeout TO 0') if Database.postgresql?
+        execute('SET statement_timeout TO 0') if Database.postgresql?
       end
 
       # Updates the value of a column in batches.

rubocop/cop/migration/add_concurrent_foreign_key.rb

+require_relative '../../migration_helpers'
+
+module RuboCop
+  module Cop
+    module Migration
+      # Cop that checks if `add_concurrent_foreign_key` is used instead of
+      # `add_foreign_key`.
+      class AddConcurrentForeignKey < RuboCop::Cop::Cop
+        include MigrationHelpers
+
+        MSG = '`add_foreign_key` requires downtime, use `add_concurrent_foreign_key` instead'
+
+        def on_send(node)
+          return unless in_migration?(node)
+
+          name = node.children[1]
+
+          add_offense(node, :selector) if name == :add_foreign_key
+        end
+
+        def method_name(node)
+          node.children.first
+        end
+      end
+    end
+  end
+end

rubocop/rubocop.rb

 require_relative 'cop/gem_fetcher'
 require_relative 'cop/migration/add_column'
 require_relative 'cop/migration/add_column_with_default'
+require_relative 'cop/migration/add_concurrent_foreign_key'
 require_relative 'cop/migration/add_index'

spec/controllers/dashboard_controller_spec.rb

+require 'spec_helper'
+
+describe DashboardController do
+  let(:user) { create(:user) }
+  let(:project) { create(:project) }
+
+  before do
+    project.team << [user, :master]
+    sign_in(user)
+  end
+
+  describe 'GET issues' do
+    it_behaves_like 'issuables list meta-data', :issue, :issues
+  end
+
+  describe 'GET merge requests' do
+    it_behaves_like 'issuables list meta-data', :merge_request, :merge_requests
+  end
+end

spec/controllers/projects/issues_controller_spec.rb

@@ -24,6 +24,8 @@ describe Projects::IssuesController do
         project.team << [user, :developer]
       end
 
+      it_behaves_like "issuables list meta-data", :issue
+
       it "returns index" do
         get :index, namespace_id: project.namespace.path, project_id: project.path
 

spec/controllers/projects/merge_requests_controller_spec.rb

@@ -310,6 +310,8 @@ describe Projects::MergeRequestsController do
   end
 
   describe 'GET index' do
+    let!(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }
+
     def get_merge_requests(page = nil)
       get :index,
           namespace_id: project.namespace.to_param,
@@ -317,6 +319,8 @@ describe Projects::MergeRequestsController do
           state: 'opened', page: page.to_param
     end
 
+    it_behaves_like "issuables list meta-data", :merge_request
+
     context 'when page param' do
       let(:last_page) { project.merge_requests.page().total_pages }
       let!(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }

spec/features/boards/sidebar_spec.rb

@@ -54,7 +54,7 @@ describe 'Issue Boards', feature: true, js: true do
 
     expect(page).to have_selector('.issue-boards-sidebar')
 
-    find('.gutter-toggle').click
+    find('.gutter-toggle').trigger('click')
 
     expect(page).not_to have_selector('.issue-boards-sidebar')
   end

spec/features/environment_spec.rb

@@ -101,6 +101,22 @@ feature 'Environment', :feature do
               scenario 'it shows the terminal button' do
                 expect(page).to have_terminal_button
               end
+
+              context 'web terminal', :js do
+                before do
+                  # Stub #terminals as it causes js-enabled feature specs to render the page incorrectly
+                  allow_any_instance_of(Environment).to receive(:terminals) { nil }
+                  visit terminal_namespace_project_environment_path(project.namespace, project, environment)
+                end
+
+                it 'displays a web terminal' do
+                  expect(page).to have_selector('#terminal')
+                end
+
+                it 'displays a link to the environment external url' do
+                  expect(page).to have_link(nil, href: environment.external_url)
+                end
+              end
             end
 
             context 'for developer' do