Add latest changes from gitlab-org/gitlab@12-10-stable-ee

e20a1cde · GitLab Bot · 5fc725de · e20a1cde · e20a1cde · e20a1cde
Commit e20a1cde authored Apr 24, 2020 by GitLab Bot
64 changed files
--- a/app/assets/javascripts/diffs/store/getters_versions_dropdowns.js
+++ b/app/assets/javascripts/diffs/store/getters_versions_dropdowns.js
@@ -39,7 +39,11 @@ export const diffCompareDropdownTargetVersions = (state, getters) => {
      ...v,
    };
  };
-  return [...state.mergeRequestDiffs.slice(1).map(formatVersion), baseVersion, headVersion];
+  if (gon.features?.diffCompareWithHead) {
+    return [...state.mergeRequestDiffs.slice(1).map(formatVersion), baseVersion, headVersion];
+  }
+  return [...state.mergeRequestDiffs.slice(1).map(formatVersion), baseVersion];
 };
 export const diffCompareDropdownSourceVersions = (state, getters) => {

--- a/app/assets/javascripts/ide/stores/mutations.js
+++ b/app/assets/javascripts/ide/stores/mutations.js
@@ -216,7 +216,12 @@ export default {
    if (entry.type === 'blob') {
      if (tempFile) {
+        // Since we only support one list of file changes, it's safe to just remove from both
+        // changed and staged. Otherwise, we'd need to somehow evaluate the difference between
+        // changed and HEAD.
+        // https://gitlab.com/gitlab-org/create-stage/-/issues/12669
        state.changedFiles = state.changedFiles.filter(f => f.path !== path);
+        state.stagedFiles = state.stagedFiles.filter(f => f.path !== path);
      } else {
        state.changedFiles = state.changedFiles.concat(entry);
      }

--- a/app/assets/javascripts/pages/admin/services/edit/index.js
+++ b/app/assets/javascripts/pages/admin/services/edit/index.js
+import IntegrationSettingsForm from '~/integrations/integration_settings_form';
+import initAlertsSettings from '~/alerts_service_settings';
+document.addEventListener('DOMContentLoaded', () => {
+  const integrationSettingsForm = new IntegrationSettingsForm('.js-integration-settings-form');
+  integrationSettingsForm.init();
+  initAlertsSettings(document.querySelector('.js-alerts-service-settings'));
+});
--- a/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js
+++ b/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js
 import initSettingsPanels from '~/settings_panels';
 import AjaxVariableList from '~/ci_variable_list/ajax_variable_list';
 import initVariableList from '~/ci_variable_list';
-import DueDateSelectors from '~/due_date_select';
 document.addEventListener('DOMContentLoaded', () => {
  // Initialize expandable settings panels
  initSettingsPanels();
-  // eslint-disable-next-line no-new
-  new DueDateSelectors();
  if (gon.features.newVariablesUi) {
    initVariableList();

--- a/app/assets/javascripts/pages/groups/settings/repository/show/index.js
+++ b/app/assets/javascripts/pages/groups/settings/repository/show/index.js
+import initSettingsPanels from '~/settings_panels';
+import DueDateSelectors from '~/due_date_select';
+document.addEventListener('DOMContentLoaded', () => {
+  // Initialize expandable settings panels
+  initSettingsPanels();
+  new DueDateSelectors(); // eslint-disable-line no-new
+});
--- a/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js
+++ b/app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js
@@ -3,7 +3,6 @@ import SecretValues from '~/behaviors/secret_values';
 import AjaxVariableList from '~/ci_variable_list/ajax_variable_list';
 import registrySettingsApp from '~/registry/settings/registry_settings_bundle';
 import initVariableList from '~/ci_variable_list';
-import DueDateSelectors from '~/due_date_select';
 import initDeployKeys from '~/deploy_keys';
 document.addEventListener('DOMContentLoaded', () => {
@@ -41,9 +40,6 @@ document.addEventListener('DOMContentLoaded', () => {
    autoDevOpsExtraSettings.classList.toggle('hidden', !target.checked);
  });
-  // eslint-disable-next-line no-new
-  new DueDateSelectors();
  registrySettingsApp();
  initDeployKeys();
 });
--- a/app/controllers/groups/deploy_tokens_controller.rb
+++ b/app/controllers/groups/deploy_tokens_controller.rb
@@ -7,6 +7,6 @@ class Groups::DeployTokensController < Groups::ApplicationController
    @token = @group.deploy_tokens.find(params[:id])
    @token.revoke!
-    redirect_to group_settings_ci_cd_path(@group, anchor: 'js-deploy-tokens')
+    redirect_to group_settings_repository_path(@group, anchor: 'js-deploy-tokens')
  end
 end
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -8,9 +8,8 @@ module Groups
      before_action :authorize_update_max_artifacts_size!, only: [:update]
      before_action do
        push_frontend_feature_flag(:new_variables_ui, @group, default_enabled: true)
-        push_frontend_feature_flag(:ajax_new_deploy_token, @group)
      end
-      before_action :define_variables, only: [:show, :create_deploy_token]
+      before_action :define_variables, only: [:show]
      def show
      end
@@ -42,38 +41,10 @@ module Groups
        redirect_to group_settings_ci_cd_path
      end
-      def create_deploy_token
-        result = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
-        @new_deploy_token = result[:deploy_token]
-        if result[:status] == :success
-          respond_to do |format|
-            format.json do
-              # IMPORTANT: It's a security risk to expose the token value more than just once here!
-              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
-              render json: json, status: result[:http_status]
-            end
-            format.html do
-              flash.now[:notice] = s_('DeployTokens|Your new group deploy token has been created.')
-              render :show
-            end
-          end
-        else
-          respond_to do |format|
-            format.json { render json: { message: result[:message] }, status: result[:http_status] }
-            format.html do
-              flash.now[:alert] = result[:message]
-              render :show
-            end
-          end
-        end
-      end
      private
      def define_variables
        define_ci_variables
-        define_deploy_token_variables
      end
      def define_ci_variables
@@ -83,12 +54,6 @@ module Groups
          .map { |variable| variable.present(current_user: current_user) }
      end
-      def define_deploy_token_variables
-        @deploy_tokens = @group.deploy_tokens.active
-        @new_deploy_token = DeployToken.new
-      end
      def authorize_admin_group!
        return render_404 unless can?(current_user, :admin_group, group)
      end
@@ -112,10 +77,6 @@ module Groups
      def update_group_params
        params.require(:group).permit(:max_artifacts_size)
      end
-      def deploy_token_params
-        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
-      end
    end
  end
 end
--- a/app/controllers/groups/settings/repository_controller.rb
+++ b/app/controllers/groups/settings/repository_controller.rb
+# frozen_string_literal: true
+module Groups
+  module Settings
+    class RepositoryController < Groups::ApplicationController
+      skip_cross_project_access_check :show
+      before_action :authorize_admin_group!
+      before_action :define_deploy_token_variables
+      before_action do
+        push_frontend_feature_flag(:ajax_new_deploy_token, @group)
+      end
+      def create_deploy_token
+        result = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
+              flash.now[:notice] = s_('DeployTokens|Your new group deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
+        end
+      end
+      private
+      def define_deploy_token_variables
+        @deploy_tokens = @group.deploy_tokens.active
+        @new_deploy_token = DeployToken.new
+      end
+      def deploy_token_params
+        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
+      end
+    end
+  end
+end
--- a/app/controllers/projects/deploy_tokens_controller.rb
+++ b/app/controllers/projects/deploy_tokens_controller.rb
@@ -7,6 +7,6 @@ class Projects::DeployTokensController < Projects::ApplicationController
    @token = @project.deploy_tokens.find(params[:id])
    @token.revoke!
-    redirect_to project_settings_ci_cd_path(project, anchor: 'js-deploy-tokens')
+    redirect_to project_settings_repository_path(project, anchor: 'js-deploy-tokens')
  end
 end
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -26,6 +26,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
    push_frontend_feature_flag(:code_navigation, @project)
    push_frontend_feature_flag(:widget_visibility_polling, @project, default_enabled: true)
    push_frontend_feature_flag(:merge_ref_head_comments, @project)
+    push_frontend_feature_flag(:diff_compare_with_head, @project)
  end
  before_action do

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -48,33 +48,6 @@ module Projects
        redirect_to namespace_project_settings_ci_cd_path
      end
-      def create_deploy_token
-        result = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
-        @new_deploy_token = result[:deploy_token]
-        if result[:status] == :success
-          respond_to do |format|
-            format.json do
-              # IMPORTANT: It's a security risk to expose the token value more than just once here!
-              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
-              render json: json, status: result[:http_status]
-            end
-            format.html do
-              flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.')
-              render :show
-            end
-          end
-        else
-          respond_to do |format|
-            format.json { render json: { message: result[:message] }, status: result[:http_status] }
-            format.html do
-              flash.now[:alert] = result[:message]
-              render :show
-            end
-          end
-        end
-      end
      private
      def update_params
@@ -93,10 +66,6 @@ module Projects
        end
      end
-      def deploy_token_params
-        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
-      end
      def run_autodevops_pipeline(service)
        return unless service.run_auto_devops_pipeline?
@@ -116,7 +85,6 @@ module Projects
      def define_variables
        define_runners_variables
        define_ci_variables
-        define_deploy_token_variables
        define_triggers_variables
        define_badges_variables
        define_auto_devops_variables
@@ -168,12 +136,6 @@ module Projects
        @auto_devops = @project.auto_devops || ProjectAutoDevops.new
      end
-      def define_deploy_token_variables
-        @deploy_tokens = @project.deploy_tokens.active
-        @new_deploy_token = DeployToken.new
-      end
      def define_deploy_keys
        @deploy_keys = DeployKeysPresenter.new(@project, current_user: current_user)
      end

--- a/app/controllers/projects/settings/repository_controller.rb
+++ b/app/controllers/projects/settings/repository_controller.rb
@@ -4,7 +4,10 @@ module Projects
  module Settings
    class RepositoryController < Projects::ApplicationController
      before_action :authorize_admin_project!
-      before_action :remote_mirror, only: [:show]
+      before_action :define_variables, only: [:create_deploy_token]
+      before_action do
+        push_frontend_feature_flag(:ajax_new_deploy_token, @project)
+      end
      def show
        render_show
@@ -24,15 +27,47 @@ module Projects
        redirect_to project_settings_repository_path(project)
      end
+      def create_deploy_token
+        result = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
+              flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
+        end
+      end
      private
      def render_show
-        define_protected_refs
+        define_variables
-        remote_mirror
        render 'show'
      end
+      def define_variables
+        define_deploy_token_variables
+        define_protected_refs
+        remote_mirror
+      end
      # rubocop: disable CodeReuse/ActiveRecord
      def define_protected_refs
        @protected_branches = @project.protected_branches.order(:name).page(params[:page])
@@ -51,6 +86,10 @@ module Projects
        @remote_mirror = project.remote_mirrors.first_or_initialize
      end
+      def deploy_token_params
+        params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username)
+      end
      def access_levels_options
        {
          create_access_levels: levels_for_dropdown,
@@ -74,6 +113,12 @@ module Projects
        { open_branches: ProtectableDropdown.new(@project, :branches).hash }
      end
+      def define_deploy_token_variables
+        @deploy_tokens = @project.deploy_tokens.active
+        @new_deploy_token ||= DeployToken.new
+      end
      def load_gon_index
        gon.push(protectable_tags_for_dropdown)
        gon.push(protectable_branches_for_dropdown)

--- a/app/helpers/analytics/navbar_helper.rb
+++ b/app/helpers/analytics/navbar_helper.rb
+# frozen_string_literal: true
+module Analytics
+  module NavbarHelper
+    class NavbarSubItem
+      attr_reader :title, :path, :link, :link_to_options
+      def initialize(title:, path:, link:, link_to_options: {})
+        @title = title
+        @path = path
+        @link = link
+        @link_to_options = link_to_options.merge(title: title)
+      end
+    end
+    def project_analytics_navbar_links(project, current_user)
+      [
+        cycle_analytics_navbar_link(project, current_user),
+        repository_analytics_navbar_link(project, current_user),
+        ci_cd_analytics_navbar_link(project, current_user)
+      ].compact
+    end
+    def group_analytics_navbar_links(group, current_user)
+      []
+    end
+    private
+    def navbar_sub_item(args)
+      NavbarSubItem.new(args)
+    end
+    def cycle_analytics_navbar_link(project, current_user)
+      return unless project_nav_tab?(:cycle_analytics)
+      navbar_sub_item(
+        title: _('Value Stream'),
+        path: 'cycle_analytics#show',
+        link: project_cycle_analytics_path(project),
+        link_to_options: { class: 'shortcuts-project-cycle-analytics' }
+      )
+    end
+    def repository_analytics_navbar_link(project, current_user)
+      return if project.empty_repo?
+      navbar_sub_item(
+        title: _('Repository'),
+        path: 'graphs#charts',
+        link: charts_project_graph_path(project, current_ref),
+        link_to_options: { class: 'shortcuts-repository-charts' }
+      )
+    end
+    def ci_cd_analytics_navbar_link(project, current_user)
+      return unless project_nav_tab?(:pipelines)
+      return unless project.feature_available?(:builds, current_user) || !project.empty_repo?
+      navbar_sub_item(
+        title: _('CI / CD'),
+        path: 'pipelines#charts',
+        link: charts_project_pipelines_path(project)
+      )
+    end
+  end
+end
+Analytics::NavbarHelper.prepend_if_ee('EE::Analytics::NavbarHelper')
--- a/app/helpers/analytics_navbar_helper.rb
+++ b/app/helpers/analytics_navbar_helper.rb
-# frozen_string_literal: true
-module AnalyticsNavbarHelper
-  class NavbarSubItem
-    attr_reader :title, :path, :link, :link_to_options
-    def initialize(title:, path:, link:, link_to_options: {})
-      @title = title
-      @path = path
-      @link = link
-      @link_to_options = link_to_options.merge(title: title)
-    end
-  end
-  def project_analytics_navbar_links(project, current_user)
-    [
-      cycle_analytics_navbar_link(project, current_user),
-      repository_analytics_navbar_link(project, current_user),
-      ci_cd_analytics_navbar_link(project, current_user)
-    ].compact
-  end
-  def group_analytics_navbar_links(group, current_user)
-    []
-  end
-  private
-  def navbar_sub_item(args)
-    NavbarSubItem.new(args)
-  end
-  def cycle_analytics_navbar_link(project, current_user)
-    return unless project_nav_tab?(:cycle_analytics)
-    navbar_sub_item(
-      title: _('Value Stream'),
-      path: 'cycle_analytics#show',
-      link: project_cycle_analytics_path(project),
-      link_to_options: { class: 'shortcuts-project-cycle-analytics' }
-    )
-  end
-  def repository_analytics_navbar_link(project, current_user)
-    return if project.empty_repo?
-    navbar_sub_item(
-      title: _('Repository'),
-      path: 'graphs#charts',
-      link: charts_project_graph_path(project, current_ref),
-      link_to_options: { class: 'shortcuts-repository-charts' }
-    )
-  end
-  def ci_cd_analytics_navbar_link(project, current_user)
-    return unless project_nav_tab?(:pipelines)
-    return unless project.feature_available?(:builds, current_user) || !project.empty_repo?
-    navbar_sub_item(
-      title: _('CI / CD'),
-      path: 'pipelines#charts',
-      link: charts_project_pipelines_path(project)
-    )
-  end
-end
-AnalyticsNavbarHelper.prepend_if_ee('EE::AnalyticsNavbarHelper')
--- a/app/helpers/ci_variables_helper.rb
+++ b/app/helpers/ci_variables_helper.rb
@@ -7,7 +7,7 @@ module CiVariablesHelper
  def create_deploy_token_path(entity, opts = {})
    if entity.is_a?(Group)
-      create_deploy_token_group_settings_ci_cd_path(entity, opts)
+      create_deploy_token_group_settings_repository_path(entity, opts)
    else
      # TODO: change this path to 'create_deploy_token_project_settings_ci_cd_path'
      # See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356

--- a/app/helpers/explore_helper.rb
+++ b/app/helpers/explore_helper.rb
@@ -52,7 +52,7 @@ module ExploreHelper
  end
  def public_visibility_restricted?
-    Gitlab::CurrentSettings.restricted_visibility_levels.include? Gitlab::VisibilityLevel::PUBLIC
+    Gitlab::CurrentSettings.restricted_visibility_levels&.include? Gitlab::VisibilityLevel::PUBLIC
  end
  private

--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -15,6 +15,7 @@ module GroupsHelper
      groups#projects
      groups#edit
      badges#index
+      repository#show
      ci_cd#show
      integrations#index
      integrations#edit

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -163,7 +163,7 @@ class MergeRequest < ApplicationRecord
  state_machine :merge_status, initial: :unchecked do
    event :mark_as_unchecked do
      transition [:can_be_merged, :checking, :unchecked] => :unchecked
-      transition [:cannot_be_merged, :cannot_be_merged_recheck] => :cannot_be_merged_recheck
+      transition [:cannot_be_merged, :cannot_be_merged_rechecking, :cannot_be_merged_recheck] => :cannot_be_merged_recheck
    end
    event :mark_as_checking do
@@ -200,7 +200,7 @@ class MergeRequest < ApplicationRecord
    # rubocop: enable CodeReuse/ServiceClass
    def check_state?(merge_status)
-      [:unchecked, :cannot_be_merged_recheck, :checking].include?(merge_status.to_sym)
+      [:unchecked, :cannot_be_merged_recheck, :checking, :cannot_be_merged_rechecking].include?(merge_status.to_sym)
    end
  end

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2402,7 +2402,7 @@ class Project < ApplicationRecord
  end
  def deploy_token_create_url(opts = {})
-    Gitlab::Routing.url_helpers.create_deploy_token_project_settings_ci_cd_path(self, opts)
+    Gitlab::Routing.url_helpers.create_deploy_token_project_settings_repository_path(self, opts)
  end
  def deploy_token_revoke_url_for(token)

--- a/app/views/groups/settings/ci_cd/show.html.haml
+++ b/app/views/groups/settings/ci_cd/show.html.haml
@@ -3,7 +3,6 @@
 - expanded = expanded_by_default?
 - general_expanded = @group.errors.empty? ? expanded : true
- deploy_token_description = s_('DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group.')
 -# Given we only have one field in this form which is also admin-only,
 -# we don't want to show an empty section to non-admin users,
@@ -25,8 +24,6 @@
  .settings-content
    = render 'ci/variables/index', save_endpoint: group_variables_path
-= render "shared/deploy_tokens/index", group_or_project: @group, description: deploy_token_description
 %section.settings#runners-settings.no-animate{ class: ('expanded' if expanded) }
  .settings-header
    %h4

--- a/app/views/groups/settings/repository/show.html.haml
+++ b/app/views/groups/settings/repository/show.html.haml
+- breadcrumb_title _('Repository Settings')
+- page_title _('Repository')
+- deploy_token_description = s_('DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group.')
+= render "shared/deploy_tokens/index", group_or_project: @group, description: deploy_token_description
--- a/app/views/layouts/nav/sidebar/_group.html.haml
+++ b/app/views/layouts/nav/sidebar/_group.html.haml
@@ -155,6 +155,11 @@
                %span
                  = _('Projects')
+            = nav_link(controller: :repository) do
+              = link_to group_settings_repository_path(@group), title: _('Repository') do
+                %span
+                  = _('Repository')
            = nav_link(controller: :ci_cd) do
              = link_to group_settings_ci_cd_path(@group), title: _('CI / CD') do
                %span

--- a/app/views/projects/settings/ci_cd/show.html.haml
+++ b/app/views/projects/settings/ci_cd/show.html.haml
@@ -4,7 +4,6 @@
 - expanded = expanded_by_default?
 - general_expanded = @project.errors.empty? ? expanded : true
- deploy_token_description = s_('DeployTokens|Deploy tokens allow access to your repository and registry images.')
 %section.settings#js-general-pipeline-settings.no-animate{ class: ('expanded' if general_expanded) }
  .settings-header
@@ -52,8 +51,6 @@
  .settings-content
    = render 'ci/variables/index', save_endpoint: project_variables_path(@project)
-= render "shared/deploy_tokens/index", group_or_project: @project, description: deploy_token_description
 = render @deploy_keys
 %section.settings.no-animate#js-pipeline-triggers{ class: ('expanded' if expanded) }

--- a/app/views/projects/settings/repository/show.html.haml
+++ b/app/views/projects/settings/repository/show.html.haml
 - breadcrumb_title _("Repository Settings")
 - page_title _("Repository")
 - @content_class = "limit-container-width" unless fluid_layout
+- deploy_token_description = s_('DeployTokens|Deploy tokens allow access to your repository and registry images.')
 = render "projects/default_branch/show"
 = render_if_exists "projects/push_rules/index"
@@ -11,6 +12,7 @@
 -# Those are used throughout the actual views. These `shared` views are then
 -# reused in EE.
 = render "projects/settings/repository/protected_branches"
+= render "shared/deploy_tokens/index", group_or_project: @project, description: deploy_token_description
 = render "projects/cleanup/show"
 = render_if_exists 'shared/promotions/promote_repository_features'
--- a/changelogs/unreleased/212775-group-deploy-tokens-to-repository.yml
+++ b/changelogs/unreleased/212775-group-deploy-tokens-to-repository.yml
+---
+title: Move Group Deploy Tokens to new Group-scoped Repository settings
+merge_request: 29290
+author:
+type: changed
--- a/changelogs/unreleased/213239-fix-newly-added-deleted-files-in-ide.yml
+++ b/changelogs/unreleased/213239-fix-newly-added-deleted-files-in-ide.yml
+---
+title: Fix Web IDE handling of deleting newly added files
+merge_request: 29783
+author:
+type: fixed
--- a/changelogs/unreleased/214998-fix-null-deref.yml
+++ b/changelogs/unreleased/214998-fix-null-deref.yml
+---
+title: Fix null dereference in /import status REST endpoint
+merge_request: 29886
+author:
+type: fixed
--- a/changelogs/unreleased/215041-active-checkbox-not-showing-on-service-templates-form.yml
+++ b/changelogs/unreleased/215041-active-checkbox-not-showing-on-service-templates-form.yml
+---
+title: Fix Service Templates missing Active toggle
+merge_request: 29936
+author:
+type: fixed
--- a/changelogs/unreleased/fj-214714-fix-bug-ssh-git-create-project.yml
+++ b/changelogs/unreleased/fj-214714-fix-bug-ssh-git-create-project.yml
+---
+title: Fix bug creating project from git ssh
+merge_request: 29771
+author:
+type: fixed
--- a/changelogs/unreleased/migrate-vulnerability-dismissals.yml
+++ b/changelogs/unreleased/migrate-vulnerability-dismissals.yml
+---
+title: Migration of dismissals to vulnerabilities
+merge_request: 29711
+author:
+type: other
--- a/changelogs/unreleased/sh-fix-error-500-explore.yml
+++ b/changelogs/unreleased/sh-fix-error-500-explore.yml
+---
+title: Fix 500 error on accessing restricted levels
+merge_request: 30313
+author:
+type: fixed
--- a/config/routes/group.rb
+++ b/config/routes/group.rb
@@ -32,6 +32,10 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
      resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
        put :reset_registration_token
        patch :update_auto_devops
+        post :create_deploy_token, path: 'deploy_token/create', to: 'repository#create_deploy_token'
+      end
+      resource :repository, only: [:show], controller: 'repository' do
        post :create_deploy_token, path: 'deploy_token/create'
      end

--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -73,7 +73,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
            post :reset_cache
            put :reset_registration_token
-            post :create_deploy_token, path: 'deploy_token/create'
+            post :create_deploy_token, path: 'deploy_token/create', to: 'repository#create_deploy_token'
          end
          resource :operations, only: [:show, :update] do
@@ -87,7 +87,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :repository, only: [:show], controller: :repository do
            # TODO: Removed this "create_deploy_token" route after change was made in app/helpers/ci_variables_helper.rb:14
            # See MR comment for more detail: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27059#note_311585356
-            post :create_deploy_token, path: 'deploy_token/create', to: 'ci_cd#create_deploy_token'
+            post :create_deploy_token, path: 'deploy_token/create'
            post :cleanup
          end
        end

--- a/db/post_migrate/20200416111111_migrate_vulnerability_dismissals.rb
+++ b/db/post_migrate/20200416111111_migrate_vulnerability_dismissals.rb
+# frozen_string_literal: true
+class MigrateVulnerabilityDismissals < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  disable_ddl_transaction!
+  MIGRATION = 'UpdateVulnerabilitiesToDismissed'.freeze
+  BATCH_SIZE = 500
+  DELAY_INTERVAL = 2.minutes.to_i
+  class Vulnerability < ActiveRecord::Base
+    self.table_name = 'vulnerabilities'
+    self.inheritance_column = :_type_disabled
+    include ::EachBatch
+  end
+  def up
+    return unless Gitlab.ee?
+    Vulnerability.select('project_id').group(:project_id).each_batch(of: BATCH_SIZE, column: "project_id") do |project_batch, index|
+      batch_delay = (index - 1) * BATCH_SIZE * DELAY_INTERVAL
+      project_batch.each_with_index do |project, project_batch_index|
+        project_delay = project_batch_index * DELAY_INTERVAL
+        migrate_in(batch_delay + project_delay, MIGRATION, project[:project_id])
+      end
+    end
+  end
+  def down
+    # nothing to do
+  end
+end
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -13211,6 +13211,7 @@ COPY "schema_migrations" (version) FROM STDIN;
 20200415161021
 20200415161206
 20200415192656
+20200416111111
 20200416120128
 20200416120354
 \.

--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -70,6 +70,7 @@ The following table depicts the various user permission levels in a project.
 | Create confidential issue                         | ✓ (*1*) | ✓          | ✓           | ✓        | ✓      |
 | View confidential issues                          | (*2*)   | ✓          | ✓           | ✓        | ✓      |
 | View [Releases](project/releases/index.md)        | ✓ (*6*) | ✓          | ✓           | ✓        | ✓      |
+| View requirements **(ULTIMATE)**                  | ✓       | ✓          | ✓           | ✓        | ✓      |
 | Assign issues                                     |         | ✓          | ✓           | ✓        | ✓      |
 | Label issues                                      |         | ✓          | ✓           | ✓        | ✓      |
 | Set issue weight                                  |         | ✓          | ✓           | ✓        | ✓      |
@@ -85,8 +86,8 @@ The following table depicts the various user permission levels in a project.
 | View project statistics                           |         | ✓          | ✓           | ✓        | ✓      |
 | View Error Tracking list                          |         | ✓          | ✓           | ✓        | ✓      |
 | Create new merge request                          |         | ✓          | ✓           | ✓        | ✓      |
-| View requirements **(ULTIMATE)**                  |         | ✓          | ✓           | ✓        | ✓      |
 | View metrics dashboard annotations                |         | ✓          | ✓           | ✓        | ✓      |
+| Create/edit requirements **(ULTIMATE)**           |         | ✓          | ✓           | ✓        | ✓      |
 | Pull [packages](packages/index.md)                |         | ✓          | ✓           | ✓        | ✓      |
 | Publish [packages](packages/index.md)             |         |            | ✓           | ✓        | ✓      |
 | Pull from [Conan repository](packages/conan_repository/index.md), [Maven repository](packages/maven_repository/index.md), or [NPM registry](packages/npm_registry/index.md) **(PREMIUM)** |         | ✓          | ✓           | ✓        | ✓      |
@@ -122,7 +123,6 @@ The following table depicts the various user permission levels in a project.
 | Create and edit wiki pages                        |         |            | ✓           | ✓        | ✓      |
 | Rewrite/remove Git tags                           |         |            | ✓           | ✓        | ✓      |
 | Manage Feature Flags **(PREMIUM)**                |         |            | ✓           | ✓        | ✓      |
-| Manage requirements **(ULTIMATE)**                |         |            | ✓           | ✓        | ✓      |
 | Create/edit/delete metrics dashboard annotations  |         |            | ✓           | ✓        | ✓      |
 | Use environment terminals                         |         |            |             | ✓        | ✓      |
 | Run Web IDE's Interactive Web Terminals **(ULTIMATE ONLY)** |     |      |             | ✓        | ✓      |

--- a/doc/user/project/merge_requests/versions.md
+++ b/doc/user/project/merge_requests/versions.md
@@ -67,6 +67,26 @@ current default comparison.
 ![Merge request versions compare HEAD](img/versions_compare_head_v12_10.png)
+### Enable or disable `HEAD` comparison mode **(CORE ONLY)**
+`HEAD` comparison mode is under development and not ready for production use. It is
+deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/troubleshooting/navigating_gitlab_via_rails_console.md#starting-a-rails-console-session)
+can enable it for your instance. You're welcome to test it, but use it at your
+own risk.
+To enable it:
+```ruby
+Feature.enable(:diff_compare_with_head)
+```
+To disable it:
+```ruby
+Feature.disable(:diff_compare_with_head)
+```
 <!-- ## Troubleshooting
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

--- a/lib/api/entities/project_import_status.rb
+++ b/lib/api/entities/project_import_status.rb
@@ -9,7 +9,7 @@ module API
      end
      expose :failed_relations, using: Entities::ProjectImportFailedRelation do |project, _options|
-        project.import_state.relation_hard_failures(limit: 100)
+        project.import_state&.relation_hard_failures(limit: 100) || []
      end
      # TODO: Use `expose_nil` once we upgrade the grape-entity gem

--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -43,12 +43,9 @@ module API
          Gitlab::Git::HookEnv.set(gl_repository, env) if container
          actor.update_last_used_at!
-          access_checker = access_checker_for(actor, params[:protocol])
          check_result = begin
-                           result = access_checker.check(params[:action], params[:changes])
+                           access_check!(actor, params)
-                           @project ||= access_checker.project
-                           result
                         rescue Gitlab::GitAccess::ForbiddenError => e
                           # The return code needs to be 401. If we return 403
                           # the custom message we return won't be shown to the user
@@ -92,6 +89,17 @@ module API
            response_with_status(code: 500, success: false, message: UNKNOWN_CHECK_RESULT_ERROR)
          end
        end
+        def access_check!(actor, params)
+          access_checker = access_checker_for(actor, params[:protocol])
+          access_checker.check(params[:action], params[:changes]).tap do |result|
+            break result if @project || !repo_type.project?
+            # If we have created a project directly from a git push
+            # we have to assign its value to both @project and @container
+            @project = @container = access_checker.project
+          end
+        end
      end
      namespace 'internal' do

--- a/lib/gitlab/background_migration/update_vulnerabilities_to_dismissed.rb
+++ b/lib/gitlab/background_migration/update_vulnerabilities_to_dismissed.rb
+# frozen_string_literal: true
+module Gitlab
+  module BackgroundMigration
+    # rubocop: disable Style/Documentation
+    class UpdateVulnerabilitiesToDismissed
+      def perform(project_id)
+      end
+    end
+  end
+end
+Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed.prepend_if_ee('EE::Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed')
--- a/qa/qa/page/project/settings/ci_cd.rb
+++ b/qa/qa/page/project/settings/ci_cd.rb
@@ -13,20 +13,10 @@ module QA
            element :variables_settings_content
          end
-          view 'app/views/shared/deploy_tokens/_index.html.haml' do
-            element :deploy_tokens_settings
-          end
          view 'app/views/projects/deploy_keys/_index.html.haml' do
            element :deploy_keys_settings
          end
-          def expand_deploy_tokens(&block)
-            expand_section(:deploy_tokens_settings) do
-              Settings::DeployTokens.perform(&block)
-            end
-          end
          def expand_deploy_keys(&block)
            expand_section(:deploy_keys_settings) do
              Settings::DeployKeys.perform(&block)

--- a/qa/qa/page/project/settings/repository.rb
+++ b/qa/qa/page/project/settings/repository.rb
@@ -15,6 +15,16 @@ module QA
            element :mirroring_repositories_settings_section
          end
+          view 'app/views/shared/deploy_tokens/_index.html.haml' do
+            element :deploy_tokens_settings
+          end
+          def expand_deploy_tokens(&block)
+            expand_section(:deploy_tokens_settings) do
+              Settings::DeployTokens.perform(&block)
+            end
+          end
          def expand_protected_branches(&block)
            expand_section(:protected_branches_settings) do
              ProtectedBranches.perform(&block)

--- a/qa/qa/resource/deploy_token.rb
+++ b/qa/qa/resource/deploy_token.rb
@@ -6,16 +6,16 @@ module QA
      attr_accessor :name, :expires_at
      attribute :username do
-        Page::Project::Settings::CICD.perform do |cicd_page|
+        Page::Project::Settings::Repository.perform do |repository_page|
-          cicd_page.expand_deploy_tokens do |token|
+          repository_page.expand_deploy_tokens do |token|
            token.token_username
          end
        end
      end
      attribute :password do
-        Page::Project::Settings::CICD.perform do |cicd_page|
+        Page::Project::Settings::Repository.perform do |repository_page|
-          cicd_page.expand_deploy_tokens do |token|
+          repository_page.expand_deploy_tokens do |token|
            token.token_password
          end
        end
@@ -31,10 +31,10 @@ module QA
      def fabricate!
        project.visit!
-        Page::Project::Menu.perform(&:go_to_ci_cd_settings)
+        Page::Project::Menu.perform(&:go_to_repository_settings)
-        Page::Project::Settings::CICD.perform do |cicd|
+        Page::Project::Settings::Repository.perform do |setting|
-          cicd.expand_deploy_tokens do |page|
+          setting.expand_deploy_tokens do |page|
            page.fill_token_name(name)
            page.fill_token_expires_at(expires_at)
            page.fill_scopes(read_repository: true, read_registry: false)

--- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -216,88 +216,4 @@ describe Groups::Settings::CiCdController do
      end
    end
  end
-  describe 'POST create_deploy_token' do
-    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
-      before do
-        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: group })
-        entity.add_owner(user)
-      end
-      it_behaves_like 'a created deploy token' do
-        let(:entity) { group }
-        let(:create_entity_params) { { group_id: group } }
-        let(:deploy_token_type) { DeployToken.deploy_token_types[:group_type] }
-      end
-    end
-    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
-      let(:good_deploy_token_params) do
-        {
-          name: 'name',
-          expires_at: 1.day.from_now.to_s,
-          username: 'deployer',
-          read_repository: '1',
-          deploy_token_type: DeployToken.deploy_token_types[:group_type]
-        }
-      end
-      let(:request_params) do
-        {
-          group_id: group.to_param,
-          deploy_token: deploy_token_params
-        }
-      end
-      before do
-        group.add_owner(user)
-      end
-      subject { post :create_deploy_token, params: request_params, format: :json }
-      context('a good request') do
-        let(:deploy_token_params) { good_deploy_token_params }
-        let(:expected_response) do
-          {
-            'id' => be_a(Integer),
-            'name' => deploy_token_params[:name],
-            'username' => deploy_token_params[:username],
-            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
-            'token' => be_a(String),
-            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
-              key, value = kv
-              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
-            end
-          }
-        end
-        it 'creates the deploy token' do
-          subject
-          expect(response).to have_gitlab_http_status(:created)
-          expect(response).to match_response_schema('public_api/v4/deploy_token')
-          expect(json_response).to match(expected_response)
-        end
-      end
-      context('a bad request') do
-        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
-        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
-        it 'does not create the deploy token' do
-          subject
-          expect(response).to have_gitlab_http_status(:bad_request)
-          expect(json_response).to match(expected_response)
-        end
-      end
-      context('an invalid request') do
-        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
-        it 'raises a validation error' do
-          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
-        end
-      end
-    end
-  end
 end
--- a/spec/controllers/groups/settings/repository_controller_spec.rb
+++ b/spec/controllers/groups/settings/repository_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Groups::Settings::RepositoryController do
+  include ExternalAuthorizationServiceHelpers
+  let(:group) { create(:group) }
+  let(:user) { create(:user) }
+  before do
+    sign_in(user)
+  end
+  describe 'POST create_deploy_token' do
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
+      before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: group })
+        entity.add_owner(user)
+      end
+      it_behaves_like 'a created deploy token' do
+        let(:entity) { group }
+        let(:create_entity_params) { { group_id: group } }
+        let(:deploy_token_type) { DeployToken.deploy_token_types[:group_type] }
+      end
+    end
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:group_type]
+        }
+      end
+      let(:request_params) do
+        {
+          group_id: group.to_param,
+          deploy_token: deploy_token_params
+        }
+      end
+      before do
+        group.add_owner(user)
+      end
+      subject { post :create_deploy_token, params: request_params, format: :json }
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+        it 'creates the deploy token' do
+          subject
+          expect(response).to have_gitlab_http_status(:created)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+        it 'does not create the deploy token' do
+          subject
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
+      end
+    end
+  end
+end
--- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
@@ -266,84 +266,4 @@ describe Projects::Settings::CiCdController do
      end
    end
  end
-  describe 'POST create_deploy_token' do
-    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
-      before do
-        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
-      end
-      it_behaves_like 'a created deploy token' do
-        let(:entity) { project }
-        let(:create_entity_params) { { namespace_id: project.namespace, project_id: project } }
-        let(:deploy_token_type) { DeployToken.deploy_token_types[:project_type] }
-      end
-    end
-    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
-      let(:good_deploy_token_params) do
-        {
-          name: 'name',
-          expires_at: 1.day.from_now.to_s,
-          username: 'deployer',
-          read_repository: '1',
-          deploy_token_type: DeployToken.deploy_token_types[:project_type]
-        }
-      end
-      let(:request_params) do
-        {
-          namespace_id: project.namespace.to_param,
-          project_id: project.to_param,
-          deploy_token: deploy_token_params
-        }
-      end
-      subject { post :create_deploy_token, params: request_params, format: :json }
-      context('a good request') do
-        let(:deploy_token_params) { good_deploy_token_params }
-        let(:expected_response) do
-          {
-            'id' => be_a(Integer),
-            'name' => deploy_token_params[:name],
-            'username' => deploy_token_params[:username],
-            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
-            'token' => be_a(String),
-            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
-              key, value = kv
-              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
-            end
-          }
-        end
-        it 'creates the deploy token' do
-          subject
-          expect(response).to have_gitlab_http_status(:created)
-          expect(response).to match_response_schema('public_api/v4/deploy_token')
-          expect(json_response).to match(expected_response)
-        end
-      end
-      context('a bad request') do
-        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
-        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
-        it 'does not create the deploy token' do
-          subject
-          expect(response).to have_gitlab_http_status(:bad_request)
-          expect(json_response).to match(expected_response)
-        end
-      end
-      context('an invalid request') do
-        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
-        it 'raises a validation error' do
-          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
-        end
-      end
-    end
-  end
 end
--- a/spec/controllers/projects/settings/repository_controller_spec.rb
+++ b/spec/controllers/projects/settings/repository_controller_spec.rb
@@ -32,4 +32,84 @@ describe Projects::Settings::RepositoryController do
      expect(RepositoryCleanupWorker).to have_received(:perform_async).once
    end
  end
+  describe 'POST create_deploy_token' do
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
+      before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
+      end
+      it_behaves_like 'a created deploy token' do
+        let(:entity) { project }
+        let(:create_entity_params) { { namespace_id: project.namespace, project_id: project } }
+        let(:deploy_token_type) { DeployToken.deploy_token_types[:project_type] }
+      end
+    end
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:project_type]
+        }
+      end
+      let(:request_params) do
+        {
+          namespace_id: project.namespace.to_param,
+          project_id: project.to_param,
+          deploy_token: deploy_token_params
+        }
+      end
+      subject { post :create_deploy_token, params: request_params, format: :json }
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+        it 'creates the deploy token' do
+          subject
+          expect(response).to have_gitlab_http_status(:created)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+        it 'does not create the deploy token' do
+          subject
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
+      end
+    end
+  end
 end
--- a/spec/features/groups/settings/ci_cd_spec.rb
+++ b/spec/features/groups/settings/ci_cd_spec.rb
@@ -37,19 +37,6 @@ describe 'Group CI/CD settings' do
    end
  end
-  context 'Deploy tokens' do
-    let!(:deploy_token) { create(:deploy_token, :group, groups: [group]) }
-    before do
-      stub_container_registry_config(enabled: true)
-      visit group_settings_ci_cd_path(group)
-    end
-    it_behaves_like 'a deploy token in ci/cd settings' do
-      let(:entity_type) { 'group' }
-    end
-  end
  describe 'Auto DevOps form' do
    before do
      stub_application_setting(auto_devops_enabled: true)

--- a/spec/features/groups/settings/repository_spec.rb
+++ b/spec/features/groups/settings/repository_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'Group Repository settings' do
+  include WaitForRequests
+  let(:user) { create(:user) }
+  let(:group) { create(:group) }
+  before do
+    group.add_owner(user)
+    sign_in(user)
+  end
+  context 'Deploy tokens' do
+    let!(:deploy_token) { create(:deploy_token, :group, groups: [group]) }
+    before do
+      stub_container_registry_config(enabled: true)
+      visit group_settings_repository_path(group)
+    end
+    it_behaves_like 'a deploy token in settings' do
+      let(:entity_type) { 'group' }
+    end
+  end
+end
--- a/spec/features/ide/user_commits_changes_spec.rb
+++ b/spec/features/ide/user_commits_changes_spec.rb
@@ -30,4 +30,14 @@ describe 'IDE user commits changes', :js do
    expect(project.repository.blob_at('master', 'foo/bar/.gitkeep')).to be_nil
    expect(project.repository.blob_at('master', 'foo/bar/lorem_ipsum.md').data).to eql(content)
  end
+  it 'user adds then deletes new file' do
+    ide_create_new_file('foo/bar/lorem_ipsum.md')
+    expect(page).to have_selector(ide_commit_tab_selector)
+    ide_delete_file('foo/bar/lorem_ipsum.md')
+    expect(page).not_to have_selector(ide_commit_tab_selector)
+  end
 end
--- a/spec/features/projects/settings/ci_cd_settings_spec.rb
+++ b/spec/features/projects/settings/ci_cd_settings_spec.rb
@@ -7,22 +7,6 @@ describe 'Projects > Settings > CI / CD settings' do
  let_it_be(:user) { create(:user) }
  let_it_be(:role) { :maintainer }
-  context 'Deploy tokens' do
-    let!(:deploy_token) { create(:deploy_token, projects: [project]) }
-    before do
-      project.add_role(user, role)
-      sign_in(user)
-      stub_container_registry_config(enabled: true)
-      stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
-      visit project_settings_ci_cd_path(project)
-    end
-    it_behaves_like 'a deploy token in ci/cd settings' do
-      let(:entity_type) { 'project' }
-    end
-  end
  context 'Deploy Keys', :js do
    let_it_be(:private_deploy_key) { create(:deploy_key, title: 'private_deploy_key', public: false) }
    let_it_be(:public_deploy_key) { create(:another_deploy_key, title: 'public_deploy_key', public: true) }

--- a/spec/features/projects/settings/repository_settings_spec.rb
+++ b/spec/features/projects/settings/repository_settings_spec.rb
@@ -25,6 +25,20 @@ describe 'Projects > Settings > Repository settings' do
  context 'for maintainer' do
    let(:role) { :maintainer }
+    context 'Deploy tokens' do
+      let!(:deploy_token) { create(:deploy_token, projects: [project]) }
+      before do
+        stub_container_registry_config(enabled: true)
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
+        visit project_settings_repository_path(project)
+      end
+      it_behaves_like 'a deploy token in settings' do
+        let(:entity_type) { 'project' }
+      end
+    end
    context 'remote mirror settings' do
      before do
        visit project_settings_repository_path(project)

--- a/spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
+++ b/spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
@@ -12,7 +12,7 @@ describe 'Repository Settings > User sees revoke deploy token modal', :js do
    project.add_role(user, role)
    sign_in(user)
    stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
-    visit(project_settings_ci_cd_path(project))
+    visit(project_settings_repository_path(project))
    click_link('Revoke')
  end

--- a/spec/frontend/diffs/store/getters_versions_dropdowns_spec.js
+++ b/spec/frontend/diffs/store/getters_versions_dropdowns_spec.js
@@ -18,6 +18,7 @@ describe('Compare diff version dropdowns', () => {
    };
    localState.targetBranchName = 'baseVersion';
    localState.mergeRequestDiffs = diffsMockData;
+    gon.features = { diffCompareWithHead: true };
  });
  describe('selectedTargetIndex', () => {
@@ -128,6 +129,14 @@ describe('Compare diff version dropdowns', () => {
      });
      assertVersions(targetVersions);
    });
+    it('does not list head version if feature flag is not enabled', () => {
+      gon.features = { diffCompareWithHead: false };
+      setupTest();
+      const targetVersions = getters.diffCompareDropdownTargetVersions(localState, getters);
+      expect(targetVersions.find(version => version.isHead)).toBeUndefined();
+    });
  });
  it('diffCompareDropdownSourceVersions', () => {

--- a/spec/frontend/ide/stores/mutations_spec.js
+++ b/spec/frontend/ide/stores/mutations_spec.js
@@ -273,7 +273,7 @@ describe('Multi-file store mutations', () => {
      expect(localState.changedFiles).toEqual([]);
    });
-    it('removes tempFile from changedFiles when deleted', () => {
+    it('removes tempFile from changedFiles and stagedFiles when deleted', () => {
      localState.entries.filePath = {
        path: 'filePath',
        deleted: false,
@@ -282,10 +282,12 @@ describe('Multi-file store mutations', () => {
      };
      localState.changedFiles.push({ ...localState.entries.filePath });
+      localState.stagedFiles.push({ ...localState.entries.filePath });
      mutations.DELETE_ENTRY(localState, 'filePath');
      expect(localState.changedFiles).toEqual([]);
+      expect(localState.stagedFiles).toEqual([]);
    });
    it('bursts unused seal', () => {

--- a/spec/helpers/explore_helper_spec.rb
+++ b/spec/helpers/explore_helper_spec.rb
@@ -17,4 +17,25 @@ describe ExploreHelper do
      expect(helper.explore_nav_links).to contain_exactly(*menu_items)
    end
  end
+  describe '#public_visibility_restricted?' do
+    using RSpec::Parameterized::TableSyntax
+    where(:visibility_levels, :expected_status) do
+      nil | nil
+      [Gitlab::VisibilityLevel::PRIVATE] | false
+      [Gitlab::VisibilityLevel::PRIVATE, Gitlab::VisibilityLevel::INTERNAL] | false
+      [Gitlab::VisibilityLevel::PUBLIC] | true
+    end
+    with_them do
+      before do
+        stub_application_setting(restricted_visibility_levels: visibility_levels)
+      end
+      it 'returns the expected status' do
+        expect(helper.public_visibility_restricted?).to eq(expected_status)
+      end
+    end
+  end
 end
--- a/spec/lib/api/entities/project_import_status_spec.rb
+++ b/spec/lib/api/entities/project_import_status_spec.rb
@@ -8,6 +8,17 @@ describe API::Entities::ProjectImportStatus do
    let(:correlation_id) { 'cid' }
+    context 'when no import state exists' do
+      let(:entity) { described_class.new(build(:project)) }
+      it 'includes basic fields and no failures' do
+        expect(subject[:import_status]).to eq('none')
+        expect(subject[:correlation_id]).to be_nil
+        expect(subject[:import_error]).to be_nil
+        expect(subject[:failed_relations]).to eq([])
+      end
+    end
    context 'when import has not finished yet' do
      let(:project) { create(:project, :import_scheduled, import_correlation_id: correlation_id) }
      let(:entity) { described_class.new(project) }

--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -3332,7 +3332,7 @@ describe MergeRequest do
    describe 'check_state?' do
      it 'indicates whether MR is still checking for mergeability' do
        state_machine = described_class.state_machines[:merge_status]
-        check_states = [:unchecked, :cannot_be_merged_recheck, :checking]
+        check_states = [:unchecked, :cannot_be_merged_recheck, :cannot_be_merged_rechecking, :checking]
        check_states.each do |merge_status|
          expect(state_machine.check_state?(merge_status)).to be true

--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -766,29 +766,98 @@ describe API::Internal::Base do
    end
    context 'project does not exist' do
-      it 'returns a 200 response with status: false' do
+      context 'git pull' do
-        project.destroy
+        it 'returns a 200 response with status: false' do
+          project.destroy
-        pull(key, project)
+          pull(key, project)
-        expect(response).to have_gitlab_http_status(:not_found)
+          expect(response).to have_gitlab_http_status(:not_found)
-        expect(json_response["status"]).to be_falsey
+          expect(json_response["status"]).to be_falsey
+        end
+        it 'returns a 200 response when using a project path that does not exist' do
+          post(
+            api("/internal/allowed"),
+            params: {
+              key_id: key.id,
+              project: 'project/does-not-exist.git',
+              action: 'git-upload-pack',
+              secret_token: secret_token,
+              protocol: 'ssh'
+            }
+          )
+          expect(response).to have_gitlab_http_status(:not_found)
+          expect(json_response["status"]).to be_falsey
+        end
      end
-      it 'returns a 200 response when using a project path that does not exist' do
+      context 'git push' do
-        post(
+        before do
-          api("/internal/allowed"),
+          stub_const('Gitlab::QueryLimiting::Transaction::THRESHOLD', 120)
-          params: {
+        end
-            key_id: key.id,
-            project: 'project/does-not-exist.git',
-            action: 'git-upload-pack',
-            secret_token: secret_token,
-            protocol: 'ssh'
-          }
-        )
-        expect(response).to have_gitlab_http_status(:not_found)
+        subject { push_with_path(key, full_path: path, changes: '_any') }
-        expect(json_response["status"]).to be_falsey
+        context 'from a user/group namespace' do
+          let!(:path) { "#{user.namespace.path}/notexist.git" }
+          it 'creates the project' do
+            expect do
+              subject
+            end.to change { Project.count }.by(1)
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response['status']).to be_truthy
+          end
+        end
+        context 'from the personal snippet path' do
+          let!(:path) { 'snippets/notexist.git' }
+          it 'does not create snippet' do
+            expect do
+              subject
+            end.not_to change { Snippet.count }
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+        context 'from a project path' do
+          context 'from an non existent project path' do
+            let!(:path) { "#{user.namespace.path}/notexist/snippets/notexist.git" }
+            it 'does not create project' do
+              expect do
+                subject
+              end.not_to change { Project.count }
+              expect(response).to have_gitlab_http_status(:not_found)
+            end
+            it 'does not create snippet' do
+              expect do
+                subject
+              end.not_to change { Snippet.count }
+              expect(response).to have_gitlab_http_status(:not_found)
+            end
+          end
+          context 'from an existent project path' do
+            let!(:path) { "#{project.full_path}/notexist/snippets/notexist.git" }
+            it 'does not create snippet' do
+              expect do
+                subject
+              end.not_to change { Snippet.count }
+              expect(response).to have_gitlab_http_status(:not_found)
+            end
+          end
+        end
      end
    end
@@ -1062,18 +1131,27 @@ describe API::Internal::Base do
  end
  def push(key, container, protocol = 'ssh', env: nil, changes: nil)
+    push_with_path(key,
+                   full_path: full_path_for(container),
+                   gl_repository: gl_repository_for(container),
+                   protocol: protocol,
+                   env: env,
+                   changes: changes)
+  end
+  def push_with_path(key, full_path:, gl_repository: nil, protocol: 'ssh', env: nil, changes: nil)
    changes ||= 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
    params = {
      changes: changes,
      key_id: key.id,
-      project: full_path_for(container),
+      project: full_path,
-      gl_repository: gl_repository_for(container),
      action: 'git-receive-pack',
      secret_token: secret_token,
      protocol: protocol,
      env: env
    }
+    params[:gl_repository] = gl_repository if gl_repository
    post(
      api("/internal/allowed"),

--- a/spec/routing/project_routing_spec.rb
+++ b/spec/routing/project_routing_spec.rb
@@ -800,9 +800,8 @@ describe 'project routing' do
    it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/settings/repository", "/gitlab/gitlabhq/-/settings/repository"
-    # TODO: remove this test as part of https://gitlab.com/gitlab-org/gitlab/issues/207079 (12.9)
+    it 'to repository#create_deploy_token' do
-    it 'to ci_cd#create_deploy_token' do
+      expect(post('gitlab/gitlabhq/-/settings/ci_cd/deploy_token/create')).to route_to('projects/settings/repository#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
-      expect(post('gitlab/gitlabhq/-/settings/ci_cd/deploy_token/create')).to route_to('projects/settings/ci_cd#create_deploy_token', namespace_id: 'gitlab', project_id: 'gitlabhq')
    end
  end

--- a/spec/support/helpers/features/web_ide_spec_helpers.rb
+++ b/spec/support/helpers/features/web_ide_spec_helpers.rb
@@ -32,6 +32,10 @@ module WebIdeSpecHelpers
    page.find('.ide-tree-actions')
  end
+  def ide_tab_selector(mode)
+    ".js-ide-#{mode}-mode"
+  end
  def ide_file_row_open?(row)
    row.matches_css?('.is-open')
  end
@@ -106,16 +110,16 @@ module WebIdeSpecHelpers
    evaluate_script("monaco.editor.getModel('#{uri}').getValue()")
  end
+  def ide_commit_tab_selector
+    ide_tab_selector('commit')
+  end
  def ide_commit
-    ide_switch_mode('commit')
+    find(ide_commit_tab_selector).click
    commit_to_current_branch
  end
-  def ide_switch_mode(mode)
-    find(".js-ide-#{mode}-mode").click
-  end
  private
  def file_row_container(row)

--- a/spec/support/shared_contexts/navbar_structure_context.rb
+++ b/spec/support/shared_contexts/navbar_structure_context.rb
@@ -111,6 +111,7 @@ RSpec.shared_context 'group navbar structure' do
      nav_sub_items: [
        _('General'),
        _('Projects'),
+        _('Repository'),
        _('CI / CD'),
        _('Integrations'),
        _('Webhooks'),

--- a/spec/support/shared_examples/features/deploy_token_shared_examples.rb
+++ b/spec/support/shared_examples/features/deploy_token_shared_examples.rb
 # frozen_string_literal: true
-RSpec.shared_examples 'a deploy token in ci/cd settings' do
+RSpec.shared_examples 'a deploy token in settings' do
  it 'view deploy tokens' do
    within('.deploy-tokens') do
      expect(page).to have_content(deploy_token.name)