Merge branch 'master' into nick.thomas/gitlab-ee-4048-sidekiq-cron-geo-2

.codeclimate.yml

@@ -16,6 +16,7 @@ engines:
     enabled: true
   rubocop:
     enabled: true
+    channel: "gitlab-rubocop-0-52"
 ratings:
   paths:
   - Gemfile.lock

.gitlab-ci.yml

@@ -619,7 +619,7 @@ codequality:
   script:
     - cp .rubocop.yml .rubocop.yml.bak
     - grep -v "rubocop-gitlab-security" .rubocop.yml.bak > .rubocop.yml
-    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > raw_codeclimate.json
+    - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc dev.gitlab.org:5005/gitlab/gitlab-build-images:gitlab-codeclimate-v2 analyze -f json > raw_codeclimate.json
     - cat raw_codeclimate.json | docker run -i stedolan/jq -c 'map({check_name,fingerprint,location})' > codeclimate.json
     - mv .rubocop.yml.bak .rubocop.yml
   artifacts:

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
 
+## 10.3.2 (2017-12-28)
+
+- No changes.
+
+## 10.3.1 (2017-12-27)
+
+### Changed (1 change)
+
+- Geo: Show sync percent on bar graph and count within tooltips. !3794
+
+
 ## 10.3.0 (2017-12-22)
 
 ### Removed (2 changes)

CHANGELOG.md

@@ -2,6 +2,26 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 10.3.2 (2017-12-28)
+
+### Fixed (1 change)
+
+- Fix migration for removing orphaned issues.moved_to_id values in MySQL and PostgreSQL.
+
+
+## 10.3.1 (2017-12-27)
+
+### Fixed (3 changes)
+
+- Don't link LFS objects to a project when unlinking forks when they were already linked. !16006
+- Execute project hooks and services after commit when moving an issue.
+- Fix Error 500s with anonymous clones for a project that has moved.
+
+### Changed (1 change)
+
+- Reduce the number of buckets in gitlab_cache_operation_duration_seconds metric. !15881
+
+
 ## 10.3.0 (2017-12-22)
 
 ### Security (1 change, 1 of them is from the community)

Gemfile

@@ -346,9 +346,11 @@ group :development, :test do
   gem 'spring-commands-rspec', '~> 1.0.4'
   gem 'spring-commands-spinach', '~> 1.1.0'
 
-  gem 'rubocop', '~> 0.49.1', require: false
-  gem 'rubocop-rspec', '~> 1.15.1', require: false
-  gem 'rubocop-gitlab-security', '~> 0.1.0', require: false
+  gem 'gitlab-styles', '~> 2.2.0', require: false
+  # Pin these dependencies, otherwise a new rule could break the CI pipelines
+  gem 'rubocop', '~> 0.52.0'
+  gem 'rubocop-rspec', '~> 1.20.1'
+
   gem 'scss_lint', '~> 0.54.0', require: false
   gem 'haml_lint', '~> 0.26.0', require: false
   gem 'simplecov', '~> 0.14.0', require: false

Gemfile.lock

@@ -328,6 +328,10 @@ GEM
       posix-spawn (~> 0.3)
     gitlab-license (1.0.0)
     gitlab-markup (1.6.3)
+    gitlab-styles (2.2.0)
+      rubocop (~> 0.51)
+      rubocop-gitlab-security (~> 0.1.0)
+      rubocop-rspec (~> 1.19)
     gitlab_omniauth-ldap (2.0.4)
       net-ldap (~> 0.16)
       omniauth (~> 1.3)
@@ -806,21 +810,21 @@ GEM
       pg
       rails
       sqlite3
-    rubocop (0.49.1)
+    rubocop (0.52.0)
       parallel (~> 1.10)
-      parser (>= 2.3.3.1, < 3.0)
+      parser (>= 2.4.0.2, < 3.0)
       powerpack (~> 0.1)
-      rainbow (>= 1.99.1, < 3.0)
+      rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
-    rubocop-gitlab-security (0.1.0)
-      rubocop (>= 0.47.1)
-    rubocop-rspec (1.15.1)
-      rubocop (>= 0.42.0)
+    rubocop-gitlab-security (0.1.1)
+      rubocop (>= 0.51)
+    rubocop-rspec (1.20.1)
+      rubocop (>= 0.51.0)
     ruby-fogbugz (0.2.1)
       crack (~> 0.4)
     ruby-prof (0.16.2)
-    ruby-progressbar (1.8.1)
+    ruby-progressbar (1.9.0)
     ruby-saml (1.4.1)
       nokogiri (>= 1.5.10)
     ruby_parser (3.9.0)
@@ -1082,6 +1086,7 @@ DEPENDENCIES
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-license (~> 1.0)
   gitlab-markup (~> 1.6.2)
+  gitlab-styles (~> 2.2.0)
   gitlab_omniauth-ldap (~> 2.0.4)
   gollum-lib (~> 4.2)
   gollum-rugged_adapter (~> 0.4.4)
@@ -1186,9 +1191,8 @@ DEPENDENCIES
   rspec-retry (~> 0.4.5)
   rspec-set (~> 0.1.3)
   rspec_profiling (~> 0.0.5)
-  rubocop (~> 0.49.1)
-  rubocop-gitlab-security (~> 0.1.0)
-  rubocop-rspec (~> 1.15.1)
+  rubocop (~> 0.52.0)
+  rubocop-rspec (~> 1.20.1)
   ruby-fogbugz (~> 0.2.1)
   ruby-prof (~> 0.16.2)
   ruby_parser (~> 3.8)

app/assets/javascripts/add_gitlab_slack_application/components/add_gitlab_slack_application.vue

@@ -165,7 +165,7 @@
       <h3 class="center">How it works</h3>
 
       <div class="well gitlab-slack-well center-block">
-        <code class="code center-block append-bottom-10">/project-name issue show &lt;id&gt;</code>
+        <code class="code center-block append-bottom-10">/gitlab &lt;project-alias&gt; issue show &lt;id&gt;</code>
         <span>
           <div
             class="gitlab-slack-right-arrow inline append-right-5"

app/assets/javascripts/boards/components/board_sidebar.js

 /* eslint-disable comma-dangle, space-before-function-paren, no-new */
-/* global MilestoneSelect */
 
 import Vue from 'vue';
 import weight from 'ee/sidebar/components/weight/weight.vue';
@@ -13,6 +12,7 @@ import './sidebar/remove_issue';
 import IssuableContext from '../../issuable_context';
 import LabelsSelect from '../../labels_select';
 import subscriptions from '../../sidebar/components/subscriptions/subscriptions.vue';
+import MilestoneSelect from '../../milestone_select';
 
 const Store = gl.issueBoards.BoardsStore;
 

app/assets/javascripts/boards/components/milestone_select.vue

 <script>
-/* global BoardService, MilestoneSelect */
+/* global BoardService */
 
-import '~/milestone_select';
+import MilestoneSelect from '~/milestone_select';
 import loadingIcon from '~/vue_shared/components/loading_icon.vue';
 
 const ANY_MILESTONE = 'Any Milestone';

app/assets/javascripts/dispatcher.js

@@ -5,7 +5,7 @@ import IssuableIndex from './issuable_index';
 import Milestone from './milestone';
 import IssuableForm from './issuable_form';
 import LabelsSelect from './labels_select';
-/* global MilestoneSelect */
+import MilestoneSelect from './milestone_select';
 import NewBranchForm from './new_branch_form';
 import NotificationsForm from './notifications_form';
 import notificationsDropdown from './notifications_dropdown';

app/assets/javascripts/docs/docs_bundle.js

+import Mousetrap from 'mousetrap';
+
+function addMousetrapClick(el, key) {
+  el.addEventListener('click', () => Mousetrap.trigger(key));
+}
+
+function domContentLoaded() {
+  addMousetrapClick(document.querySelector('.js-trigger-shortcut'), '?');
+  addMousetrapClick(document.querySelector('.js-trigger-search-bar'), 's');
+}
+
+document.addEventListener('DOMContentLoaded', domContentLoaded);
+

app/assets/javascripts/graphs/stat_graph_contributors.js

 /* eslint-disable func-names, space-before-function-paren, wrap-iife, no-var, one-var, camelcase, one-var-declaration-per-line, quotes, no-param-reassign, quote-props, comma-dangle, prefer-template, max-len, no-return-assign, no-shadow */
 
 import _ from 'underscore';
-import { timeFormat } from 'd3-time-format';
 import { ContributorsGraph, ContributorsAuthorGraph, ContributorsMasterGraph } from './stat_graph_contributors_graph';
 import ContributorsStatGraphUtil from './stat_graph_contributors_util';
-import { n__ } from '../locale';
-
-const d3 = { timeFormat };
+import { n__, s__, createDateTimeFormat, sprintf } from '../locale';
 
 export default (function() {
-  function ContributorsStatGraph() {}
+  function ContributorsStatGraph() {
+    this.dateFormat = createDateTimeFormat({ year: 'numeric', month: 'long', day: 'numeric' });
+  }
 
   ContributorsStatGraph.prototype.init = function(log) {
     var author_commits, total_commits;
@@ -100,11 +99,15 @@ export default (function() {
   };
 
   ContributorsStatGraph.prototype.change_date_header = function() {
-    var print, print_date_format, x_domain;
-    x_domain = ContributorsGraph.prototype.x_domain;
-    print_date_format = d3.timeFormat("%B %e %Y");
-    print = print_date_format(x_domain[0]) + " - " + print_date_format(x_domain[1]);
-    return $("#date_header").text(print);
+    const x_domain = ContributorsGraph.prototype.x_domain;
+    const formattedDateRange = sprintf(
+      s__('ContributorsPage|%{startDate} – %{endDate}'),
+      {
+        startDate: this.dateFormat.format(new Date(x_domain[0])),
+        endDate: this.dateFormat.format(new Date(x_domain[1])),
+      },
+    );
+    return $('#date_header').text(formattedDateRange);
   };
 
   ContributorsStatGraph.prototype.redraw_author_commit_info = function(author) {

app/assets/javascripts/graphs/stat_graph_contributors_graph.js

@@ -7,6 +7,7 @@ import { axisLeft, axisBottom } from 'd3-axis';
 import { area } from 'd3-shape';
 import { brushX } from 'd3-brush';
 import { timeParse } from 'd3-time-format';
+import { dateTickFormat } from '../lib/utils/tick_formats';
 
 const d3 = { extent, max, select, scaleTime, scaleLinear, axisLeft, axisBottom, area, brushX, timeParse };
 
@@ -101,9 +102,12 @@ export const ContributorsMasterGraph = (function(superClass) {
   extend(ContributorsMasterGraph, superClass);
 
   function ContributorsMasterGraph(data1) {
+    const $parentElement = $('#contributors-master');
+    const parentPadding = parseFloat($parentElement.css('padding-left')) + parseFloat($parentElement.css('padding-right'));
+
     this.data = data1;
     this.update_content = this.update_content.bind(this);
-    this.width = $('.content').width() - 70;
+    this.width = $('.content').width() - parentPadding - (this.MARGIN.left + this.MARGIN.right);
     this.height = 200;
     this.x = null;
     this.y = null;
@@ -139,7 +143,9 @@ export const ContributorsMasterGraph = (function(superClass) {
   };
 
   ContributorsMasterGraph.prototype.create_axes = function() {
-    this.x_axis = d3.axisBottom().scale(this.x);
+    this.x_axis = d3.axisBottom()
+      .scale(this.x)
+      .tickFormat(dateTickFormat);
     return this.y_axis = d3.axisLeft().scale(this.y).ticks(5);
   };
 
@@ -232,7 +238,10 @@ export const ContributorsAuthorGraph = (function(superClass) {
   };
 
   ContributorsAuthorGraph.prototype.create_axes = function() {
-    this.x_axis = d3.axisBottom().scale(this.x).ticks(8);
+    this.x_axis = d3.axisBottom()
+      .scale(this.x)
+      .ticks(8)
+      .tickFormat(dateTickFormat);
     return this.y_axis = d3.axisLeft().scale(this.y).ticks(5);
   };
 

app/assets/javascripts/init_issuable_sidebar.js

 /* eslint-disable no-new */
-/* global MilestoneSelect */
+
+import MilestoneSelect from './milestone_select';
 import LabelsSelect from './labels_select';
 import IssuableContext from './issuable_context';
 import Sidebar from './right_sidebar';

app/assets/javascripts/init_legacy_filters.js

 /* eslint-disable no-new */
 import LabelsSelect from './labels_select';
-/* global MilestoneSelect */
 import subscriptionSelect from './subscription_select';
 import UsersSelect from './users_select';
 import issueStatusSelect from './issue_status_select';
+import MilestoneSelect from './milestone_select';
 
 import WeightSelect from 'ee/weight_select'; // eslint-disable-line import/first
 

app/assets/javascripts/issuable_bulk_update_sidebar.js

 /* eslint-disable class-methods-use-this, no-new */
-/* global MilestoneSelect */
 
 import IssuableBulkUpdateActions from './issuable_bulk_update_actions';
-import './milestone_select';
+import MilestoneSelect from './milestone_select';
 import issueStatusSelect from './issue_status_select';
 import subscriptionSelect from './subscription_select';
 import LabelsSelect from './labels_select';

app/assets/javascripts/lib/utils/tick_formats.js

+import { createDateTimeFormat } from '../../locale';
+
+let dateTimeFormats;
+
+export const initDateFormats = () => {
+  const dayFormat = createDateTimeFormat({ month: 'short', day: 'numeric' });
+  const monthFormat = createDateTimeFormat({ month: 'long' });
+  const yearFormat = createDateTimeFormat({ year: 'numeric' });
+
+  dateTimeFormats = {
+    dayFormat,
+    monthFormat,
+    yearFormat,
+  };
+};
+
+initDateFormats();
+
+/**
+  Formats a localized date in way that it can be used for d3.js axis.tickFormat().
+
+  That is, it displays
+  - 4-digit for first of January
+  - full month name for first of every month
+  - day and abbreviated month otherwise
+
+  see also https://github.com/d3/d3-3.x-api-reference/blob/master/SVG-Axes.md#tickFormat
+  */
+export const dateTickFormat = (date) => {
+  if (date.getDate() !== 1) {
+    return dateTimeFormats.dayFormat.format(date);
+  }
+
+  if (date.getMonth() > 0) {
+    return dateTimeFormats.monthFormat.format(date);
+  }
+
+  return dateTimeFormats.yearFormat.format(date);
+};

app/assets/javascripts/locale/index.js

 import Jed from 'jed';
 import sprintf from './sprintf';
 
-const langAttribute = document.querySelector('html').getAttribute('lang');
-const lang = (langAttribute || 'en').replace(/-/g, '_');
+const languageCode = () => document.querySelector('html').getAttribute('lang') || 'en';
 const locale = new Jed(window.translations || {});
 delete window.translations;
 
@@ -47,9 +46,19 @@ const pgettext = (keyOrContext, key) => {
   return translated[translated.length - 1];
 };
 
-export { lang };
+/**
+  Creates an instance of Intl.DateTimeFormat for the current locale.
+
+  @param formatOptions for available options, please see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat
+  @returns {Intl.DateTimeFormat}
+*/
+const createDateTimeFormat =
+  formatOptions => Intl.DateTimeFormat(languageCode(), formatOptions);
+
+export { languageCode };
 export { gettext as __ };
 export { ngettext as n__ };
 export { pgettext as s__ };
 export { sprintf };
+export { createDateTimeFormat };
 export default locale;

app/assets/javascripts/merge_request.js

 /* eslint-disable func-names, space-before-function-paren, no-var, prefer-rest-params, wrap-iife, quotes, no-underscore-dangle, one-var, one-var-declaration-per-line, consistent-return, dot-notation, quote-props, comma-dangle, object-shorthand, max-len, prefer-arrow-callback */
-/* global MergeRequestTabs */
 
 import 'vendor/jquery.waitforimages';
 import TaskList from './task_list';

app/assets/javascripts/shortcuts.js

@@ -51,7 +51,10 @@ export default class Shortcuts {
   }
 
   onToggleHelp(e) {
-    e.preventDefault();
+    if (e.preventDefault) {
+      e.preventDefault();
+    }
+
     Shortcuts.toggleHelp(this.enabledHelp);
   }
 
@@ -112,6 +115,9 @@ export default class Shortcuts {
 
   static focusSearch(e) {
     $('#search').focus();
-    e.preventDefault();
+
+    if (e.preventDefault) {
+      e.preventDefault();
+    }
   }
 }

app/assets/stylesheets/framework/contextual-sidebar.scss

@@ -319,13 +319,14 @@
   transition: width $sidebar-transition-duration;
   position: fixed;
   bottom: 0;
-  padding: 16px;
+  padding: $gl-padding;
   background-color: $gray-light;
   border: 0;
   border-top: 2px solid $border-color;
   color: $gl-text-color-secondary;
   display: flex;
   align-items: center;
+  line-height: 1;
 
   svg {
     margin-right: 8px;

app/controllers/concerns/issuable_actions.rb

@@ -55,7 +55,6 @@ module IssuableActions
 
   def destroy
     Issuable::DestroyService.new(issuable.project, current_user).execute(issuable)
-    TodoService.new.destroy_issuable(issuable, current_user)
 
     name = issuable.human_class_name
     flash[:notice] = "The #{name} was successfully deleted."

app/controllers/projects/deploy_keys_controller.rb

@@ -24,10 +24,10 @@ class Projects::DeployKeysController < Projects::ApplicationController
   def create
     @key = DeployKeys::CreateService.new(current_user, create_params).execute
 
-    unless @key.valid? && @project.deploy_keys << @key
-      flash[:alert] = @key.errors.full_messages.join(', ').html_safe
-    else
+    if @key.valid? && @project.deploy_keys << @key
       log_audit_event(@key.title, action: :create)
+    else
+      flash[:alert] = @key.errors.full_messages.join(', ').html_safe
     end
 
     redirect_to_repository_settings(@project)

app/controllers/projects/pipeline_schedules_controller.rb

 class Projects::PipelineSchedulesController < Projects::ApplicationController
   before_action :schedule, except: [:index, :new, :create]
 
+  before_action :play_rate_limit, only: [:play]
+  before_action :authorize_play_pipeline_schedule!, only: [:play]
   before_action :authorize_read_pipeline_schedule!
   before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
-  before_action :authorize_update_pipeline_schedule!, except: [:index, :new, :create]
+  before_action :authorize_update_pipeline_schedule!, except: [:index, :new, :create, :play]
   before_action :authorize_admin_pipeline_schedule!, only: [:destroy]
 
   def index
@@ -40,6 +42,18 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
     end
   end
 
+  def play
+    job_id = RunPipelineScheduleWorker.perform_async(schedule.id, current_user.id)
+
+    if job_id
+      flash[:notice] = "Successfully scheduled a pipeline to run. Go to the <a href=\"#{project_pipelines_path(@project)}\">Pipelines page</a> for details.".html_safe
+    else
+      flash[:alert] = 'Unable to schedule a pipeline to run immediately'
+    end
+
+    redirect_to pipeline_schedules_path(@project)
+  end
+
   def take_ownership
     if schedule.update(owner: current_user)
       redirect_to pipeline_schedules_path(@project)
@@ -60,6 +74,17 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
 
   private
 
+  def play_rate_limit
+    return unless current_user
+
+    limiter = ::Gitlab::ActionRateLimiter.new(action: :play_pipeline_schedule)
+
+    return unless limiter.throttled?([current_user, schedule], 1)
+
+    flash[:alert] = 'You cannot play this scheduled pipeline at the moment. Please wait a minute.'
+    redirect_to pipeline_schedules_path(@project)
+  end
+
   def schedule
     @schedule ||= project.pipeline_schedules.find(params[:id])
   end
@@ -70,6 +95,10 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
         variables_attributes: [:id, :key, :value, :_destroy] )
   end
 
+  def authorize_play_pipeline_schedule!
+    return access_denied! unless can?(current_user, :play_pipeline_schedule, schedule)
+  end
+
   def authorize_update_pipeline_schedule!
     return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule)
   end

app/helpers/branches_helper.rb

@@ -27,9 +27,8 @@ module BranchesHelper
   # Returns a hash were keys are types of access levels (user, role), and
   # values are the number of access levels of the particular type.
   def access_level_frequencies(access_levels)
-    access_levels.reduce(Hash.new(0)) do |frequencies, access_level|
+    access_levels.each_with_object(Hash.new(0)) do |access_level, frequencies|
       frequencies[access_level.type] += 1
-      frequencies
     end
   end
 

app/helpers/gitlab_routing_helper.rb

@@ -184,6 +184,11 @@ module GitlabRoutingHelper
     edit_project_pipeline_schedule_path(project, schedule)
   end
 
+  def play_pipeline_schedule_path(schedule, *args)
+    project = schedule.project
+    play_project_pipeline_schedule_path(project, schedule, *args)
+  end
+
   def take_ownership_pipeline_schedule_path(schedule, *args)
     project = schedule.project
     take_ownership_project_pipeline_schedule_path(project, schedule, *args)

app/models/blob_viewer/dependency_manager.rb

@@ -27,10 +27,17 @@ module BlobViewer
 
     private
 
-    def package_name_from_json(key)
-      prepare!
+    def json_data
+      @json_data ||= begin
+        prepare!
+        JSON.parse(blob.data)
+      rescue
+        {}
+      end
+    end
 
-      JSON.parse(blob.data)[key] rescue nil
+    def package_name_from_json(key)
+      json_data[key]
     end
 
     def package_name_from_method_call(name)

app/models/blob_viewer/package_json.rb

@@ -16,7 +16,25 @@ module BlobViewer
       @package_name ||= package_name_from_json('name')
     end
 
+    def package_type
+      private? ? 'private package' : super
+    end
+
     def package_url
+      private? ? homepage : npm_url
+    end
+
+    private
+
+    def private?
+      !!json_data['private']
+    end
+
+    def homepage
+      json_data['homepage']
+    end
+
+    def npm_url
       "https://www.npmjs.com/package/#{package_name}"
     end
   end

app/models/ci/pipeline.rb

@@ -241,6 +241,10 @@ module Ci
       statuses.select(:stage).distinct.count
     end
 
+    def total_size
+      statuses.count(:id)
+    end
+
     def stages_names
       statuses.order(:stage_idx).distinct
         .pluck(:stage, :stage_idx).map(&:first)

app/models/concerns/cache_markdown_field.rb

@@ -11,7 +11,7 @@ module CacheMarkdownField
   extend ActiveSupport::Concern
 
   # Increment this number every time the renderer changes its output
-  CACHE_VERSION = 2
+  CACHE_VERSION = 3
 
   # changes to these attributes cause the cache to be invalidates
   INVALIDATED_BY = %w[author project].freeze

app/models/concerns/project_features_compatibility.rb

@@ -2,6 +2,7 @@
 #
 # After migrating issues_enabled merge_requests_enabled builds_enabled snippets_enabled and wiki_enabled
 # fields to a new table "project_features", support for the old fields is still needed in the API.
+require 'gitlab/utils'
 
 module ProjectFeaturesCompatibility
   extend ActiveSupport::Concern

app/models/diff_discussion.rb

@@ -22,12 +22,9 @@ class DiffDiscussion < Discussion
 
   def merge_request_version_params
     return unless for_merge_request?
-    return {} if active?
 
-    if on_merge_request_commit?
-      { commit_id: commit_id }
-    else
-      noteable.version_params_for(position.diff_refs)
+    version_params.tap do |params|
+      params[:commit_id] = commit_id if on_merge_request_commit?
     end
   end
 
@@ -37,4 +34,12 @@ class DiffDiscussion < Discussion
       position: position.to_json
     )
   end
+
+  private
+
+  def version_params
+    return {} if active?
+
+    noteable.version_params_for(position.diff_refs)
+  end
 end

app/models/lfs_object.rb

@@ -7,7 +7,7 @@ class LfsObject < ActiveRecord::Base
 
   validates :oid, presence: true, uniqueness: true
 
-  scope :with_files_stored_locally, ->() { where(file_store: [nil, LfsObjectUploader::LOCAL_STORE]) }
+  scope :with_files_stored_locally, -> { where(file_store: [nil, LfsObjectUploader::LOCAL_STORE]) }
 
   mount_uploader :file, LfsObjectUploader
 

app/models/project.rb

@@ -231,7 +231,7 @@ class Project < ActiveRecord::Base
   delegate :name, to: :owner, allow_nil: true, prefix: true
   delegate :members, to: :team, prefix: true
   delegate :add_user, :add_users, to: :team
-  delegate :add_guest, :add_reporter, :add_developer, :add_master, to: :team
+  delegate :add_guest, :add_reporter, :add_developer, :add_master, :add_role, to: :team
 
   # Validations
   validates :creator, presence: true, on: :create

app/models/project_services/hipchat_service.rb

@@ -181,7 +181,7 @@ class HipchatService < Service
     description = obj_attr[:description]
     title = render_line(obj_attr[:title])
     action = obj_attr[:action]
-    state_or_action_text = (action == 'approved') ? action : state
+    state_or_action_text = action == 'approved' ? action : state
     merge_request_url = "#{project_url}/merge_requests/#{merge_request_iid}"
     merge_request_link = "<a href=\"#{merge_request_url}\">merge request !#{merge_request_iid}</a>"
     message = "#{user_name} #{state_or_action_text} #{merge_request_link} in " \

app/models/project_services/jira_service.rb

@@ -46,6 +46,8 @@ class JiraService < IssueTrackerService
       context_path: url.path,
       auth_type: :basic,
       read_timeout: 120,
+      use_cookies: true,
+      additional_cookies: ['OBBasicAuth=fromDialog'],
       use_ssl: url.scheme == 'https'
     }
   end

app/models/project_team.rb

@@ -7,36 +7,24 @@ class ProjectTeam
     @project = project
   end
 
-  # Shortcut to add users
-  #
-  # Use:
-  #   @team << [@user, :master]
-  #   @team << [@users, :master]
-  #
-  def <<(args)
-    users, access, current_user = *args
-
-    if users.respond_to?(:each)
-      add_users(users, access, current_user: current_user)
-    else
-      add_user(users, access, current_user: current_user)
-    end
-  end
-
   def add_guest(user, current_user: nil)
-    self << [user, :guest, current_user]
+    add_user(user, :guest, current_user: current_user)
   end
 
   def add_reporter(user, current_user: nil)
-    self << [user, :reporter, current_user]
+    add_user(user, :reporter, current_user: current_user)
   end
 
   def add_developer(user, current_user: nil)
-    self << [user, :developer, current_user]
+    add_user(user, :developer, current_user: current_user)
   end
 
   def add_master(user, current_user: nil)
-    self << [user, :master, current_user]
+    add_user(user, :master, current_user: current_user)
+  end
+
+  def add_role(user, role, current_user: nil)
+    public_send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend
   end
 
   def find_member(user_id)

app/models/repository.rb

@@ -240,6 +240,12 @@ class Repository
     branch_names.include?(branch_name)
   end
 
+  def tag_exists?(tag_name)
+    return false unless raw_repository
+
+    tag_names.include?(tag_name)
+  end
+
   def ref_exists?(ref)
     !!raw_repository&.ref_exists?(ref)
   rescue ArgumentError

app/policies/ci/pipeline_policy.rb

@@ -2,16 +2,18 @@ module Ci
   class PipelinePolicy < BasePolicy
     delegate { @subject.project }
 
-    condition(:protected_ref) do
-      access = ::Gitlab::UserAccess.new(@user, project: @subject.project)
+    condition(:protected_ref) { ref_protected?(@user, @subject.project, @subject.tag?, @subject.ref) }
 
-      if @subject.tag?
-        !access.can_create_tag?(@subject.ref)
+    rule { protected_ref }.prevent :update_pipeline
+
+    def ref_protected?(user, project, tag, ref)
+      access = ::Gitlab::UserAccess.new(user, project: project)
+
+      if tag
+        !access.can_create_tag?(ref)
       else
-        !access.can_update_branch?(@subject.ref)
+        !access.can_update_branch?(ref)
       end
     end
-
-    rule { protected_ref }.prevent :update_pipeline
   end
 end

app/policies/ci/pipeline_schedule_policy.rb

@@ -2,13 +2,23 @@ module Ci
   class PipelineSchedulePolicy < PipelinePolicy
     alias_method :pipeline_schedule, :subject
 
+    condition(:protected_ref) do
+      ref_protected?(@user, @subject.project, @subject.project.repository.tag_exists?(@subject.ref), @subject.ref)
+    end
+
     condition(:owner_of_schedule) do
       can?(:developer_access) && pipeline_schedule.owned_by?(@user)
     end
 
+    rule { can?(:developer_access) }.policy do
+      enable :play_pipeline_schedule
+    end
+
     rule { can?(:master_access) | owner_of_schedule }.policy do
       enable :update_pipeline_schedule
       enable :admin_pipeline_schedule
     end
+
+    rule { protected_ref }.prevent :play_pipeline_schedule
   end
 end

app/services/issuable/destroy_service.rb

 module Issuable
   class DestroyService < IssuableBaseService
     def execute(issuable)
-      if issuable.destroy
-        issuable.update_project_counter_caches
+      TodoService.new.destroy_target(issuable) do |issuable|
+        if issuable.destroy
+          issuable.update_project_counter_caches
+        end
       end
     end
   end

app/services/notes/destroy_service.rb

 module Notes
   class DestroyService < BaseService
     def execute(note)
-      note.destroy
+      TodoService.new.destroy_target(note) do |note|
+        note.destroy
+      end
     end
   end
 end

app/services/todo_service.rb

@@ -31,12 +31,20 @@ class TodoService
     mark_pending_todos_as_done(issue, current_user)
   end
 
-  # When we destroy an issuable we should:
+  # When we destroy a todo target we should:
   #
-  #  * refresh the todos count cache for the current user
+  #  * refresh the todos count cache for all users with todos on the target
   #
-  def destroy_issuable(issuable, user)
-    user.update_todos_count_cache
+  # This needs to yield back to the caller to destroy the target, because it
+  # collects the todo users before the todos themselves are deleted, then
+  # updates the todo counts for those users.
+  #
+  def destroy_target(target)
+    todo_users = User.where(id: target.todos.pending.select(:user_id)).to_a
+
+    yield target
+
+    todo_users.each(&:update_todos_count_cache)
   end
 
   # When we reassign an issue we should:

app/views/events/event/_push.html.haml

@@ -7,7 +7,8 @@
   %span.pushed #{event.action_name} #{event.ref_type}
   %strong
     - commits_link = project_commits_path(project, event.ref_name)
-    = link_to_if project.repository.branch_exists?(event.ref_name), event.ref_name, commits_link, class: 'ref-name'
+    - should_link = event.tag? ? project.repository.tag_exists?(event.ref_name) : project.repository.branch_exists?(event.ref_name)
+    = link_to_if should_link, event.ref_name, commits_link, class: 'ref-name'
 
   = render "events/event_scope", event: event
 

app/views/help/index.html.haml

+= webpack_bundle_tag 'docs'
+
 %div
 - if current_application_settings.help_page_text.present?
   = markdown(current_application_settings.help_page_text)
@@ -38,8 +40,12 @@
         Quick help
       %ul.well-list
         %li= link_to 'See our website for getting help', support_url
-        %li= link_to 'Use the search bar on the top of this page', '#', onclick: 'Shortcuts.focusSearch(event)'
-        %li= link_to 'Use shortcuts', '#', onclick: 'Shortcuts.toggleHelp()'
+        %li
+          %button.btn-blank.btn-link.js-trigger-search-bar{ type: 'button' }
+            Use the search bar on the top of this page
+        %li
+          %button.btn-blank.btn-link.js-trigger-shortcut{ type: 'button' }
+            Use shortcuts
         - unless current_application_settings.help_page_hide_commercial_content?
           %li= link_to 'Get a support subscription', 'https://about.gitlab.com/pricing/'
           %li= link_to 'Compare GitLab editions', 'https://about.gitlab.com/features/#compare'

app/views/notify/pipeline_success_email.html.haml

@@ -109,7 +109,7 @@
               API
 %tr
   %td{ colspan: 2, style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;color:#333333;font-size:15px;font-weight:300;line-height:1.4;padding:15px 5px;text-align:center;" }
-    - job_count = @pipeline.statuses.latest.size
+    - job_count = @pipeline.total_size
     - stage_count = @pipeline.stages_count
     successfully completed
     #{job_count} #{'job'.pluralize(job_count)}

app/views/notify/pipeline_success_email.text.erb

@@ -22,11 +22,11 @@ Committed by: <%= commit.committer_name %>
 <% end -%>
 <% end -%>
 
-<% build_count = @pipeline.statuses.latest.size -%>
+<% job_count = @pipeline.total_size -%>
 <% stage_count = @pipeline.stages_count -%>
 <% if @pipeline.user -%>
 Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by <%= @pipeline.user.name %> ( <%= user_url(@pipeline.user) %> )
 <% else -%>
 Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by API
 <% end -%>
-successfully completed <%= build_count %> <%= 'build'.pluralize(build_count) %> in <%= stage_count %> <%= 'stage'.pluralize(stage_count) %>.
+successfully completed <%= job_count %> <%= 'job'.pluralize(job_count) %> in <%= stage_count %> <%= 'stage'.pluralize(stage_count) %>.

app/views/projects/blob/viewers/_dependency_manager.html.haml

@@ -6,6 +6,6 @@
   - if viewer.package_name
     and defines a #{viewer.package_type} named
     %strong<
-      = link_to viewer.package_name, viewer.package_url, target: '_blank', rel: 'noopener noreferrer'
+      = link_to_if viewer.package_url.present?, viewer.package_name, viewer.package_url, target: '_blank', rel: 'noopener noreferrer'
 
 = link_to 'Learn more', viewer.manager_url, target: '_blank', rel: 'noopener noreferrer'

app/views/projects/clusters/gcp/_form.html.haml

@@ -7,7 +7,6 @@
   .form-group
     = field.label :name, s_('ClusterIntegration|Cluster name')
     = field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Cluster name')
-
   .form-group
     = field.label :environment_scope, s_('ClusterIntegration|Environment scope')
     = field.text_field :environment_scope, class: 'form-control', readonly: !has_multiple_clusters?(@project), placeholder: s_('ClusterIntegration|Environment scope')

app/views/projects/clusters/user/_form.html.haml

@@ -3,7 +3,6 @@
   .form-group
     = field.label :name, s_('ClusterIntegration|Cluster name')
     = field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Cluster name')
-
   .form-group
     = field.label :environment_scope, s_('ClusterIntegration|Environment scope')
     = field.text_field :environment_scope, class: 'form-control', readonly: !has_multiple_clusters?(@project), placeholder: s_('ClusterIntegration|Environment scope')

app/views/projects/pipeline_schedules/_pipeline_schedule.html.haml

@@ -26,10 +26,12 @@
           = pipeline_schedule.owner&.name
     %td
       .pull-right.btn-group
+        - if can?(current_user, :play_pipeline_schedule, pipeline_schedule)
+          = link_to play_pipeline_schedule_path(pipeline_schedule), method: :post, title: s_('Play'), class: 'btn' do
+            = icon('play')
         - if can?(current_user, :update_pipeline_schedule, pipeline_schedule)
           = link_to take_ownership_pipeline_schedule_path(pipeline_schedule), method: :post, title: s_('PipelineSchedules|Take ownership'), class: 'btn' do
             = s_('PipelineSchedules|Take ownership')
-        - if can?(current_user, :update_pipeline_schedule, pipeline_schedule)
           = link_to edit_pipeline_schedule_path(pipeline_schedule), title: _('Edit'), class: 'btn' do
             = icon('pencil')
         - if can?(current_user, :admin_pipeline_schedule, pipeline_schedule)

app/views/projects/pipelines/_with_tabs.html.haml

@@ -8,7 +8,7 @@
     %li.js-builds-tab-link
       = link_to builds_project_pipeline_path(@project, @pipeline), data: {target: 'div#js-tab-builds', action: 'builds', toggle: 'tab' }, class: 'builds-tab' do
         Jobs
-        %span.badge.js-builds-counter= pipeline.statuses.count
+        %span.badge.js-builds-counter= pipeline.total_size
     - if failed_builds.present?
       %li.js-failures-tab-link
         = link_to failures_project_pipeline_path(@project, @pipeline), data: {target: 'div#js-tab-failures', action: 'failures', toggle: 'tab' }, class: 'failures-tab' do

app/views/shared/issuable/_assignees.html.haml

-- max_render = 3
-- max = [max_render, issue.assignees.length].min
+- max_render = 4
+- assignees_rendering_overflow = issue.assignees.size > max_render
+- render_count = assignees_rendering_overflow ? max_render - 1 : max_render
+- more_assignees_count = issue.assignees.size - render_count
 
-- issue.assignees.take(max).each do |assignee|
+- issue.assignees.take(render_count).each do |assignee|
   = link_to_member(@project, assignee, name: false, title: "Assigned to :name")
 
-- if issue.assignees.length > max_render
-  - counter = issue.assignees.length - max_render
-
-  %span{ class: 'avatar-counter has-tooltip', data: { container: 'body', placement: 'bottom', 'line-type' => 'old', 'original-title' => "+#{counter} more assignees" } }
-    - if counter < 99
-      = "+#{counter}"
-    - else
-      99+
+- if more_assignees_count.positive?
+  %span{ class: 'avatar-counter has-tooltip', data: { container: 'body', placement: 'bottom', 'line-type' => 'old', 'original-title' => "+#{more_assignees_count} more assignees" } } +#{more_assignees_count}

app/workers/all_queues.yml

@@ -39,6 +39,7 @@
 - pipeline_cache:expire_job_cache
 - pipeline_cache:expire_pipeline_cache
 - pipeline_creation:create_pipeline
+- pipeline_creation:run_pipeline_schedule
 - pipeline_default:build_coverage
 - pipeline_default:build_trace_sections
 - pipeline_default:pipeline_metrics

app/workers/run_pipeline_schedule_worker.rb

+class RunPipelineScheduleWorker
+  include ApplicationWorker
+  include PipelineQueue
+
+  queue_namespace :pipeline_creation
+
+  def perform(schedule_id, user_id)
+    schedule = Ci::PipelineSchedule.find_by(id: schedule_id)
+    user = User.find_by(id: user_id)
+
+    return unless schedule && user
+
+    run_pipeline_schedule(schedule, user)
+  end
+
+  def run_pipeline_schedule(schedule, user)
+    Ci::CreatePipelineService.new(schedule.project,
+                                  user,
+                                  ref: schedule.ref)
+      .execute(:schedule, ignore_skip_ci: true, save_on_errors: false, schedule: schedule)
+  end
+end

changelogs/unreleased-ee/4330-show-item-count-in-tooltip.yml

----
-title: 'Geo: Show sync percent on bar graph and count within tooltips'
-merge_request: 3794
-author:
-type: changed

changelogs/unreleased-ee/osw-more-reliable-scoped-issue-board-specs.yml

+---
+title: Make scoped issue board specs more reliable
+merge_request:
+author:
+type: other

changelogs/unreleased/33028-event-tag-links.yml

+---
+title: Fix tags in the Activity tab not being clickable
+merge_request: 15996
+author: Mario de la Ossa
+type: fixed

changelogs/unreleased/36020-private-npm-modules.yml

+---
+title: Do not generate NPM links for private NPM modules in blob view
+merge_request: 16002
+author: Mario de la Ossa
+type: added

changelogs/unreleased/36782-replace-team-user-role-with-add_role-user-in-specs.yml

+---
+title: Replace '.team << [user, role]' with 'add_role(user)' in specs
+merge_request: 16069
+author: "@blackst0ne"
+type: other

changelogs/unreleased/38893-banzai-upload-filter-relative-urls.yml

+---
+title: Use relative URLs when linking to uploaded files
+merge_request: 15751
+author:
+type: other

changelogs/unreleased/39298-list-of-avatars-2.yml

+---
+title: List of avatars should never show +1
+merge_request: 15972
+author: Jacopo Beschi @jacopo-beschi
+type: added

changelogs/unreleased/40871-todo-notification-count-shows-notification-without-having-a-todo.yml

+---
+title: Reset todo counters when the target is deleted
+merge_request: 15807
+author:
+type: fixed

changelogs/unreleased/feature-40842-provide-oracles-webgate-cookies-to-jira-requests.yml

+---
+title: Provide additional cookies to JIRA service requests to allow Oracle WebGates
+  Basic Auth
+merge_request:
+author: Stanislaw Wozniak
+type: changed

changelogs/unreleased/fix-docs-help-shortcut.yml

+---
+title: Fix shortcut links on help page
+merge_request:
+author:
+type: fixed

changelogs/unreleased/fix-onion-skin-reenter.yml

+---
+title: Fix onion-skin re-entering state
+merge_request:
+author:
+type: fixed

changelogs/unreleased/fix_build_count_in_pipeline_success_maild.yml

+---
+title: fix build count in pipeline success mail
+merge_request: 15827
+author: Christiaan Van den Poel
+type: fixed

changelogs/unreleased/remove-links-mr-empty-state.yml

+---
+title: Remove related links in MR widget when empty state
+merge_request:
+author:
+type: fixed

changelogs/unreleased/sh-add-schedule-pipeline-run-now.yml

+---
+title: Add button to run scheduled pipeline immediately
+merge_request:
+author:
+type: added

changelogs/unreleased/show-inline-edit-btn.yml

+---
+title: Move edit button to second row on issue page (and change it to a pencil icon)
+merge_request:
+author:
+type: changed

changelogs/unreleased/winh-translate-contributors-page-dates.yml

+---
+title: Translate date ranges on contributors page
+merge_request: 15846
+author:
+type: changed

changelogs/unreleased/zj-empty-repo-importer.yml

+---
+title: Fix GitHub importer using removed interface
+merge_request:
+author:
+type: fixed

config/initializers/0_as_concern.rb

@@ -4,7 +4,7 @@ module Prependable
   def prepend_features(base)
     if base.instance_variable_defined?(:@_dependencies)
       base.instance_variable_get(:@_dependencies) << self
-      return false
+      false
     else
       return false if base < self
 

config/initializers/peek.rb

@@ -18,7 +18,7 @@ Peek.into Peek::Views::Rblineprof
 Peek.into Peek::Views::GC
 Peek.into Peek::Views::Gitaly
 
-# rubocop:disable Style/ClassAndModuleCamelCase
+# rubocop:disable Naming/ClassAndModuleCamelCase
 class PEEK_DB_CLIENT
   class << self
     attr_accessor :query_details

config/routes/project.rb

@@ -214,6 +214,7 @@ constraints(ProjectUrlConstrainer.new) do
 
       resources :pipeline_schedules, except: [:show] do
         member do
+          post :play
           post :take_ownership
         end
       end

config/webpack.config.js

@@ -37,6 +37,7 @@ var config = {
     cycle_analytics:      './cycle_analytics/cycle_analytics_bundle.js',
     commit_pipelines:     './commit/pipelines/pipelines_bundle.js',
     deploy_keys:          './deploy_keys/index.js',
+    docs:                 './docs/docs_bundle.js',
     diff_notes:           './diff_notes/diff_notes_bundle.js',
     environments:         './environments/environments_bundle.js',
     environments_folder:  './environments/folder/environments_folder_bundle.js',

db/fixtures/development/06_teams.rb

@@ -14,7 +14,7 @@ Sidekiq::Testing.inline! do
 
     Project.all.each do |project|
       User.all.sample(4).each do |user|
-        if project.team << [user, Gitlab::Access.values.sample]
+        if project.add_role(user, Gitlab::Access.sym_options.keys.sample)
           print '.'
         else
           print 'F'

db/migrate/20151007110107_update_group_links.rb

+# rubocop:disable Rails/ReversibleMigration
 class UpdateGroupLinks < ActiveRecord::Migration
   def change
     provider = quote_string(Gitlab::LDAP::Config.providers.first)

db/migrate/20171106135924_issues_milestone_id_foreign_key.rb

@@ -16,6 +16,7 @@ class IssuesMilestoneIdForeignKey < ActiveRecord::Migration
 
     def self.with_orphaned_milestones
       where('NOT EXISTS (SELECT true FROM milestones WHERE milestones.id = issues.milestone_id)')
+        .where('milestone_id IS NOT NULL')
     end
   end
 

doc/administration/auth/how_to_configure_ldap_gitlab_ee/index.md

+# How to configure LDAP with GitLab EE
+
+> **[Article Type](../../../development/writing_documentation.html#types-of-technical-articles):** admin guide ||
+> **Level:** intermediary ||
+> **Author:** [Chris Wilson](https://gitlab.com/MrChrisW) ||
+> **Publication date:** 2017/05/03
+
+## Introduction
+
+The present article follows [How to Configure LDAP with GitLab CE](../how_to_configure_ldap_gitlab_ce/index.md). Make sure to read through it before moving forward.
+
+## GitLab Enterprise Edition - LDAP features
+
+[GitLab Enterprise Edition (EE)](https://about.gitlab.com/gitlab-ee/) has a number of advantages when it comes to integrating with Active Directory (LDAP):
+
+- [Administrator Sync](#administrator-sync): As an extension of group sync, you can automatically manage your global GitLab administrators. Specify a group CN for `admin_group` and all members of the LDAP group will be given administrator privileges.
+- [Group Sync](#group-sync): This allows GitLab group membership to be automatically updated based on LDAP group members.
+- [Multiple LDAP servers](#multiple-ldap-servers): The ability to configure multiple LDAP servers. This is useful if an organization has different LDAP servers within departments. This is not designed for failover. We're working on [supporting LDAP failover](https://gitlab.com/gitlab-org/gitlab-ee/issues/139) in GitLab.
+
+- Daily user synchronization: Once a day, GitLab will run a synchronization to check and update GitLab users against LDAP. This process updates all user details automatically.
+
+On the following section, you'll find a description for each of these features. Read through [LDAP GitLab EE docs](../ldap-ee.md) for complementary information.
+
+![GitLab OU Structure](img/admin_group.png)
+
+All members of the group `Global Admins` will be given **administrator** access to GitLab, allowing them to view the `/admin` dashboard.
+
+### Group Sync
+
+Group syncing allows AD (LDAP) groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base` **DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with [GitLab groups](../../../user/group/index.md).
+
+#### Creating group links - example
+
+As an example, let's suppose we have a "UKGov" GitLab group, which deals with confidential government information. Therefore, it is important that users of this group are given the correct permissions to projects contained within the group. Granular group permissions can be applied based on the AD group.
+
+**UK Developers** of our "UKGov" group are given **"developer"** permissions.
+
+_The developer permission allows the development staff to effectively manage all project code, issues, and merge requests._
+
+**UK Support** staff of our "UKGov" group are given **"reporter"** permissions.
+
+_The reporter permission allows support staff to manage issues, labels, and review project code._
+
+**US People Ops** of our "UKGov" group are given **"guest"** permissions.
+
+![Creating group links](img/group_linking.gif)
+
+> Guest permissions allows people ops staff to review and lodge new issues while allowing no read or write access to project code or [confidential issues](../../../user/project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues) created by other users.
+
+See the [permission list](../../user/permissions.md) for complementary info.
+
+#### Group permissions - example
+
+Considering the previous example, our staff will have
+access to our GitLab instance with the following structure:
+
+![GitLab OU Structure](img/group_link_final.png)
+
+Using this permission structure in our example allows only UK staff access to sensitive information stored in the projects code, while still allowing other teams to work effectively. As all permissions are controlled via AD groups new users can be quickly added to existing groups. New group members will then automatically inherit the required permissions.
+
+> [More information](../ldap-ee.md#group-sync) on group syncing.
+
+### Updating user permissions - new feature
+
+Since GitLab [v8.15](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/822) LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions visit the groups **Members** page and select **Edit permissions**.
+
+![Setting manual permissions](img/manual_permissions.gif)
+
+### Multiple LDAP servers
+
+GitLab EE can support multiple LDAP servers. Simply configure another server in the `gitlab.rb` file within the `ldap_servers` block. In the example below we configure a new secondary server with the label **GitLab Secondary AD**. This is shown on the GitLab login screen. Large enterprises often utilize multiple LDAP servers for segregating organizational departments.
+
+![Multiple LDAP Servers Login](img/multi_login.gif)
+
+Considering the example illustrated on the image above,
+our `gitlab.rb` configuration would look like:
+
+```ruby
+gitlab_rails['ldap_enabled'] = true
+gitlab_rails['ldap_servers'] = {
+'main' => {
+  'label' => 'GitLab AD',
+  'host' =>  'ad.example.org',
+  'port' => 636,
+  'uid' => 'sAMAccountName',
+  'method' => 'ssl',
+  'bind_dn' => 'CN=GitLabSRV,CN=Users,DC=GitLab,DC=org',
+  'password' => 'Password1',
+  'active_directory' => true,
+  'base' => 'OU=GitLab INT,DC=GitLab,DC=org',
+  'group_base' => 'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org',
+  'admin_group' => 'Global Admins'
+  },
+
+'secondary' => {
+  'label' => 'GitLab Secondary AD',
+  'host' =>  'ad-secondary.example.net',
+  'port' => 636,
+  'uid' => 'sAMAccountName',
+  'method' => 'ssl',
+  'bind_dn' => 'CN=GitLabSRV,CN=Users,DC=GitLab,DC=com',
+  'password' => 'Password1',
+  'active_directory' => true,
+  'base' => 'OU=GitLab Secondary,DC=GitLab,DC=com',
+  'group_base' => 'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=com',
+  'admin_group' => 'Global Admins'
+  }
+}
+```
+
+## Conclusion
+
+Integration of GitLab with Active Directory (LDAP) reduces the complexity of user management.
+It has the advantage of improving user permission controls, whilst easing the deployment of GitLab into an existing [IT environment](https://www.techopedia.com/definition/29199/it-infrastructure). GitLab EE offers advanced group management and multiple LDAP servers.
+
+With the assistance of the [GitLab Support](https://about.gitlab.com/support) team, setting up GitLab with an existing AD/LDAP solution will be a smooth and painless process.

doc/administration/auth/ldap.md

@@ -47,6 +47,10 @@ in the application settings.
 
 ## Configuration
 
+For a complete guide on configuring LDAP with GitLab Community Edition, please check
+the admin guide [How to configure LDAP with GitLab CE](how_to_configure_ldap_gitlab_ce/index.md).
+For GitLab Enterprise Editions, see also [How to configure LDAP with GitLab EE](how_to_configure_ldap_gitlab_ee/index.md).
+
 To enable LDAP integration you need to add your LDAP server settings in
 `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`.
 

doc/administration/high_availability/gitlab.md

 # Configuring GitLab for HA
 
-Assuming you have already configured a database, Redis, and NFS, you can
+Assuming you have already configured a [database](database.md), [Redis](redis.md), and [NFS](nfs.md), you can
 configure the GitLab application server(s) now. Complete the steps below
 for each GitLab application server in your environment.
 
@@ -48,34 +48,33 @@ for each GitLab application server in your environment.
    data locations. See [NFS documentation](nfs.md) for `/etc/gitlab/gitlab.rb`
    configuration values for various scenarios. The example below assumes you've
    added NFS mounts in the default data locations.
-    
+
     ```ruby
     external_url 'https://gitlab.example.com'
 
     # Prevent GitLab from starting if NFS data mounts are not available
     high_availability['mountpoint'] = '/var/opt/gitlab/git-data'
-    
+
     # Disable components that will not be on the GitLab application server
-    postgresql['enable'] = false
-    redis['enable'] = false
-    
+    roles ['application_role']
+
     # PostgreSQL connection details
     gitlab_rails['db_adapter'] = 'postgresql'
     gitlab_rails['db_encoding'] = 'unicode'
     gitlab_rails['db_host'] = '10.1.0.5' # IP/hostname of database server
     gitlab_rails['db_password'] = 'DB password'
-    
+
     # Redis connection details
     gitlab_rails['redis_port'] = '6379'
     gitlab_rails['redis_host'] = '10.1.0.6' # IP/hostname of Redis server
     gitlab_rails['redis_password'] = 'Redis Password'
     ```
-    
-    > **Note:** To maintain uniformity of links across HA clusters, the `external_url` 
-    on the first application server as well as the additional application 
-    servers should point to the external url that users will use to access GitLab. 
+
+    > **Note:** To maintain uniformity of links across HA clusters, the `external_url`
+    on the first application server as well as the additional application
+    servers should point to the external url that users will use to access GitLab.
     In a typical HA setup, this will be the url of the load balancer which will
-    route traffic to all GitLab application servers in the HA cluster. 
+    route traffic to all GitLab application servers in the HA cluster.
 
 1. Run `sudo gitlab-ctl reconfigure` to compile the configuration.
 

doc/articles/how_to_configure_ldap_gitlab_ee/index.md

-# How to configure LDAP with GitLab EE
-
-> **Type:** admin guide ||
-> **Level:** intermediary ||
-> **Author:** [Chris Wilson](https://gitlab.com/MrChrisW) ||
-> **Publication date:** 2017/05/03
-
-## Introduction
-
-The present article follows [How to Configure LDAP with GitLab CE](../how_to_configure_ldap_gitlab_ce/index.md). Make sure to read through it before moving forward.
-
-## GitLab Enterprise Edition - LDAP features
-
-[GitLab Enterprise Edition (EE)](https://about.gitlab.com/gitlab-ee/) has a number of advantages when it comes to integrating with Active Directory (LDAP):
-
-- [Administrator Sync](#administrator-sync): As an extension of group sync, you can automatically manage your global GitLab administrators. Specify a group CN for `admin_group` and all members of the LDAP group will be given administrator privileges.
-- [Group Sync](#group-sync): This allows GitLab group membership to be automatically updated based on LDAP group members.
-- [Multiple LDAP servers](#multiple-ldap-servers): The ability to configure multiple LDAP servers. This is useful if an organization has different LDAP servers within departments. This is not designed for failover. We're working on [supporting LDAP failover](https://gitlab.com/gitlab-org/gitlab-ee/issues/139) in GitLab.
-
-- Daily user synchronization: Once a day, GitLab will run a synchronization to check and update GitLab users against LDAP. This process updates all user details automatically.
-
-On the following section, you'll find a description for each of these features. Read through [LDAP GitLab EE docs](../../administration/auth/ldap-ee.md) for complementary information.
-
-![GitLab OU Structure](img/admin_group.png)
-
-All members of the group `Global Admins` will be given **administrator** access to GitLab, allowing them to view the `/admin` dashboard.
-
-### Group Sync
-
-Group syncing allows AD (LDAP) groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base` **DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with [GitLab groups](../../workflow/groups.md).
-
-#### Creating group links - example
-
-As an example, let's suppose we have a "UKGov" GitLab group, which deals with confidential government information. Therefore, it is important that users of this group are given the correct permissions to projects contained within the group. Granular group permissions can be applied based on the AD group.
-
-**UK Developers** of our "UKGov" group are given **"developer"** permissions.
-
-_The developer permission allows the development staff to effectively manage all project code, issues, and merge requests._
-
-**UK Support** staff of our "UKGov" group are given **"reporter"** permissions.
-
-_The reporter permission allows support staff to manage issues, labels, and review project code._
-
-**US People Ops** of our "UKGov" group are given **"guest"** permissions.
-
-![Creating group links](img/group_linking.gif)
-
-> Guest permissions allows people ops staff to review and lodge new issues while allowing no read or write access to project code or [confidential issues](../../user/project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues) created by other users.
-
-See the [permission list](../../user/permissions.md) for complementary info.
-
-#### Group permissions - example
-
-Considering the previous example, our staff will have
-access to our GitLab instance with the following structure:
-
-![GitLab OU Structure](img/group_link_final.png)
-
-Using this permission structure in our example allows only UK staff access to sensitive information stored in the projects code, while still allowing other teams to work effectively. As all permissions are controlled via AD groups new users can be quickly added to existing groups. New group members will then automatically inherit the required permissions.
-
-> [More information](../../administration/auth/ldap-ee.md#group-sync) on group syncing.
-
-### Updating user permissions - new feature
-
-Since GitLab [v8.15](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/822) LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions visit the groups **Members** page and select **Edit permissions**.
-
-![Setting manual permissions](img/manual_permissions.gif)
-
-### Multiple LDAP servers
-
-GitLab EE can support multiple LDAP servers. Simply configure another server in the `gitlab.rb` file within the `ldap_servers` block. In the example below we configure a new secondary server with the label **GitLab Secondary AD**. This is shown on the GitLab login screen. Large enterprises often utilize multiple LDAP servers for segregating organizational departments.
-
-![Multiple LDAP Servers Login](img/multi_login.gif)
-
-Considering the example illustrated on the image above,
-our `gitlab.rb` configuration would look like:
-
-```ruby
-gitlab_rails['ldap_enabled'] = true
-gitlab_rails['ldap_servers'] = {
-'main' => {
-  'label' => 'GitLab AD',
-  'host' =>  'ad.example.org',
-  'port' => 636,
-  'uid' => 'sAMAccountName',
-  'method' => 'ssl',
-  'bind_dn' => 'CN=GitLabSRV,CN=Users,DC=GitLab,DC=org',
-  'password' => 'Password1',
-  'active_directory' => true,
-  'base' => 'OU=GitLab INT,DC=GitLab,DC=org',
-  'group_base' => 'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org',
-  'admin_group' => 'Global Admins'
-  },
-
-'secondary' => {
-  'label' => 'GitLab Secondary AD',
-  'host' =>  'ad-secondary.example.net',
-  'port' => 636,
-  'uid' => 'sAMAccountName',
-  'method' => 'ssl',
-  'bind_dn' => 'CN=GitLabSRV,CN=Users,DC=GitLab,DC=com',
-  'password' => 'Password1',
-  'active_directory' => true,
-  'base' => 'OU=GitLab Secondary,DC=GitLab,DC=com',
-  'group_base' => 'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=com',
-  'admin_group' => 'Global Admins'
-  }
-}
-```
-
-## Conclusion
-
-Integration of GitLab with Active Directory (LDAP) reduces the complexity of user management.
-It has the advantage of improving user permission controls, whilst easing the deployment of GitLab into an existing [IT environment](https://www.techopedia.com/definition/29199/it-infrastructure). GitLab EE offers advanced group management and multiple LDAP servers.
-
-With the assistance of the [GitLab Support](https://about.gitlab.com/support) team, setting up GitLab with an existing AD/LDAP solution will be a smooth and painless process.
+This document was moved to [another location](../../administration/auth/how_to_configure_ldap_gitlab_ee/index.md).

doc/articles/index.md

@@ -10,16 +10,6 @@ They are written by members of the GitLab Team and by
 Part of the articles listed below link to the [GitLab Blog](https://about.gitlab.com/blog/),
 where they were originally published.
 
-## Authentication
-
-Explore GitLab's supported [authentications methods](../topics/authentication/index.md):
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| **LDAP** |
-| [How to configure LDAP with GitLab CE](how_to_configure_ldap_gitlab_ce/index.md)| Admin guide | 2017-05-03 |
-| [How to configure LDAP with GitLab EE](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/) | Admin guide | 2017-05-03 |
-
 ## Build, test, and deploy with GitLab CI/CD
 
 Build, test, and deploy the software you develop with [GitLab CI/CD](../ci/README.md):

doc/development/fe_guide/axios.md

@@ -11,7 +11,7 @@ This exported module should be used instead of directly using `axios` to ensure
 
 ## Usage
 ```javascript
-  import axios from '~/lib/utils/axios_utils';
+  import axios from './lib/utils/axios_utils';
 
   axios.get(url)
     .then((response) => {

doc/development/i18n/externalization.md

@@ -262,6 +262,21 @@ Sometimes you need to add some context to the text that you want to translate
     s__('OpenedNDaysAgo|Opened')
     ```
 
+### Dates / times
+
+- In JavaScript:
+
+```js
+import { createDateTimeFormat } from '.../locale';
+
+const dateFormat = createDateTimeFormat({ year: 'numeric', month: 'long', day: 'numeric' });
+console.log(dateFormat.format(new Date('2063-04-05'))) // April 5, 2063
+```
+
+This makes use of [`Intl.DateTimeFormat`].
+
+[`Intl.DateTimeFormat`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat
+
 ## Adding a new language
 
 Let's suppose you want to add translations for a new language, let's say French.

doc/development/i18n/index.md

@@ -59,6 +59,7 @@ Requests to become a proof reader will be considered on the merits of previous t
 - French
 - German
 - Italian
+  - [Paolo Falomo](https://crowdin.com/profile/paolo.falomo)
 - Japanese
 - Korean
   - [Huang Tao](https://crowdin.com/profile/htve)