Add one more ES note to 8.8 update guide



See merge request !406

Merge Rubocop changes introduced in CE

This MR merges rubocop changes introduced in EE in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4261 and also fixes offenses detected after enabling these cops.

See merge request !414

Enable multiple Rubocop cops that can be enabled

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17406

This enabled following cops:

```text
Lint/CircularArgumentReference:
  Description: Default values in optional keyword arguments and optional ordinal arguments
----------------
Lint/ConditionPosition:
  Description: Checks for condition placed in a confusing position relative to the keyword.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#same-line-condition
----------------
Lint/Debugger:
  Description: Check for debugger calls.
----------------
Lint/DefEndAlignment:
  Description: Align ends corresponding to defs correctly.
----------------
Lint/DuplicateMethods:
  Description: Check for duplicate method definitions.
----------------
Lint/DuplicatedKey:
  Description: Check for duplicate keys in hash literals.
----------------
Lint/EachWithObjectArgument:
  Description: Check for immutable argument given to each_with_object.
----------------
Lint/ElseLayout:
  Description: Check for odd code arrangement in an else block.
----------------
Lint/EmptyEnsure:
  Description: Checks for empty ensure block.
----------------
Lint/EmptyInterpolation:
  Description: Checks for empty string interpolation.
----------------
Lint/EndAlignment:
  Description: Align ends correctly.
----------------
Lint/EndInMethod:
  Description: END blocks should not be placed inside method definitions.
----------------
Lint/EnsureReturn:
  Description: Do not use return in an ensure block.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-return-ensure
----------------
Lint/Eval:
  Description: The use of eval represents a serious security risk.
----------------
Lint/FloatOutOfRange:
  Description: Catches floating-point literals too large or small for Ruby to represent.
----------------
Lint/FormatParameterMismatch:
  Description: The number of parameters to format/sprint must match the fields.
----------------
Lint/ImplicitStringConcatenation:
  Description: Checks for adjacent string literals on the same line, which could better
    be represented as a single string literal.
----------------
Lint/InvalidCharacterLiteral:
  Description: Checks for invalid character literals with a non-escaped whitespace character.
----------------
Lint/LiteralInInterpolation:
  Description: Checks for literals used in interpolation.
----------------
Lint/NestedMethodDefinition:
  Description: Do not use nested method definitions.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-methods
----------------
Lint/NextWithoutAccumulator:
  Description: Do not omit the accumulator when calling `next` in a `reduce`/`inject`
    block.
----------------
Lint/RandOne:
  Description: Checks for `rand(1)` calls. Such calls always return `0` and most likely
    a mistake.
----------------
Lint/RequireParentheses:
  Description: Use parentheses in the method call to avoid confusion about precedence.
----------------
Lint/UnreachableCode:
  Description: Unreachable code.
----------------
Lint/UselessComparison:
  Description: Checks for comparison of something with itself.
----------------
Lint/UselessElseWithoutRescue:
  Description: Checks for useless `else` in `begin..end` without `rescue`.
----------------
Lint/UselessSetterCall:
  Description: Checks for useless setter call to a local variable.
----------------
Lint/Void:
  Description: Possible use of operator/literal/variable in void context.
----------------
Performance/DoubleStartEndWith:
  Description: Use `str.{start,end}_with?(x, ..., y, ...)` instead of `str.{start,end}_with?(x,
    ...) || str.{start,end}_with?(y, ...)`.
----------------
Performance/RedundantSortBy:
  Description: Use `sort` instead of `sort_by { |x| x }`.
----------------
Rails/FindBy:
  Description: Prefer find_by over where.first.
  Include:
  - app/models/**/*.rb
----------------
Rails/FindEach:
  Description: Prefer all.find_each over all.find.
  Include:
  - app/models/**/*.rb
----------------
Rails/PluralizationGrammar:
  Description: Checks for incorrect grammar when using methods like `3.day.ago`.
----------------
Rails/ScopeArgs:
  Description: Checks the arguments of ActiveRecord scopes.
  Include:
  - app/models/**/*.rb
```

See merge request !4261

[ci skip]

Geo: Single Sign Out

Implements Single Sign Out for Geo (#76).

Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.

This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).

As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 

The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.

Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.

Fixes #522 

See merge request !380

Updated mirror repo UI

![Screen_Shot_2016-04-27_at_17.12.28](/uploads/b8277ab88ec7c23b9e48d9a2f8bb5d9c/Screen_Shot_2016-04-27_at_17.12.28.png)

![Screen_Shot_2016-04-27_at_17.12.30](/uploads/90c7150d17343ce2056d7145d0e774be/Screen_Shot_2016-04-27_at_17.12.30.png)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14026

See merge request !362

SAML support for admin groups

SAML now supports admin groups, very similarly to how it does external groups.

/cc @dblessing 

See merge request !408

Updated EE changelog for 8.7.6

See merge request !411

Updated webhooks UI

The webhooks files are in different places for EE & CE so this was missed when merging CE into EE.

## Group UI

![Screen_Shot_2016-05-17_at_10.05.39](/uploads/6e2942e478b574545b45989365307c24/Screen_Shot_2016-05-17_at_10.05.39.png)

## Project UI

![Screen_Shot_2016-05-17_at_10.06.08](/uploads/61380b40568bbc260932895be83d6bae/Screen_Shot_2016-05-17_at_10.06.08.png)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17525

See merge request !404

Warn admin if current active count exceeds license

Screenshot:

![image](/uploads/68b9d95f63ccb936f80414ecd63c07b3/image.png)

Closes #393

See merge request !401

Allow adding a new license via the API

Fixes #313 

Add a new `post` license API endpoint. The endpoint is `/license` and the only/required attribute is `license`. The license should be sent in string format. 

I also renamed the `licenses.rb` api file because it deals with license templates and was pretty ambiguous. The endpoints didn't change, and are still equally ambiguous, unfortunately. We should really consider changing those in 9.0 to `/license_template` or something. 

cc/ @MrChrisW 

@rymai Will you review, please?

See merge request !400

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17525

Make it clearer that /licenses is the OS license templates endpoint

Following the discussion on https://gitlab.com/gitlab-org/gitlab-ce/commit/13804aba867d19009ca94d820aa7ec650a509f5a#note_4961954.

Corresponding CE MR: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4188

See merge request !407

Signed-off-by: Rémy Coutable <remy@rymai.me>

Closes #393

Merge CE 73ead4 to EE



See merge request !403

ES upgrade docs

See merge request !393

Instrument all Grape API helpers

This has been added to help us figure out what's making certain Grape API calls slow (e.g. the one used for authorized keys as described in gitlab-com/operations#99).

See merge request !4169

Bump gitlab-elastic-git

Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/378

See merge request !343

Fix left sidebar overlap when scroll on long menu

Fixes #17566. Caused by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4139. Smaller fix compared to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4164

cc @iamphill @jschatz1 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

See merge request !4165

CE upstream



See merge request !402

Toggle email signup confirmation in admin settings

Implements toggling verification email #14684

See merge request !3862

Add an Event's target's title to its reference link

Given an activity feed entry like:

> Douwe Maan commented on [issue #123] at [gitlab-org/gitlab-ce]

...the `issue #123` link will now have a `title` attribute.

Plus some minor refactorings, see individual commits for details.

See merge request !4090

Disallow search engines from indexing uploads from a GitLab project.

This can sometimes include sensitive information from private projects and confidential issues. It shouldn't be indexed. Resolves #15551.

cc: @DouweM 

See merge request !4167

Use the relative url prefix for links in Wiki

Retry of gitlab-org/gitlab-ce!4026

@rymai !4050 solved all other problems how it looks like. I [tested](https://gitlab.com/artem-forks/gitlab-ce/commit/ff01eca7b559efa7cacf3412aa01cd8ae8a6db7e/builds) this with ruby22

Fixes #17071 



See merge request !4131