Add standard web hook headers to Jenkins CI post

Closes #534

The Jenkins web hook was not sending the standard web hook headers.
Specifically, the `gitlab-plugin` for Jenkins needs to use the
`X-GitLab-Event` header. This makes our EE service unable to work with
the newer GitLab Plugin for Jenkins.

See https://github.com/jenkinsci/gitlab-plugin/issues/272

See merge request !374

[ci skip]

Added back total weight on milestone view

![Screen_Shot_2016-05-25_at_13.31.56](/uploads/8530d92c05b97f719b6e42377ffe7b24/Screen_Shot_2016-05-25_at_13.31.56.png)

Should this go into a patch release?

Closes #501

See merge request !420

Closes #501

Fix repository mirror updates for new imports stuck in started

We were calling `RepositoryUpdateMirrorWorker` that sets the import status to `finished` and then add the import job. Then `update_mirror` didn't do anything but set the `import_status` to started. This should be now getting called in the right order... 

Closes https://gitlab.com/gitlab-com/operations/issues/287 and https://gitlab.com/gitlab-org/gitlab-ce/issues/17747

See merge request !416

CE upstream



See merge request !415

Search through the filenames



See merge request !409

Add one more ES note to 8.8 update guide



See merge request !406

Merge Rubocop changes introduced in CE

This MR merges rubocop changes introduced in EE in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4261 and also fixes offenses detected after enabling these cops.

See merge request !414

Enable multiple Rubocop cops that can be enabled

See https://gitlab.com/gitlab-org/gitlab-ce/issues/17406

This enabled following cops:

```text
Lint/CircularArgumentReference:
  Description: Default values in optional keyword arguments and optional ordinal arguments
----------------
Lint/ConditionPosition:
  Description: Checks for condition placed in a confusing position relative to the keyword.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#same-line-condition
----------------
Lint/Debugger:
  Description: Check for debugger calls.
----------------
Lint/DefEndAlignment:
  Description: Align ends corresponding to defs correctly.
----------------
Lint/DuplicateMethods:
  Description: Check for duplicate method definitions.
----------------
Lint/DuplicatedKey:
  Description: Check for duplicate keys in hash literals.
----------------
Lint/EachWithObjectArgument:
  Description: Check for immutable argument given to each_with_object.
----------------
Lint/ElseLayout:
  Description: Check for odd code arrangement in an else block.
----------------
Lint/EmptyEnsure:
  Description: Checks for empty ensure block.
----------------
Lint/EmptyInterpolation:
  Description: Checks for empty string interpolation.
----------------
Lint/EndAlignment:
  Description: Align ends correctly.
----------------
Lint/EndInMethod:
  Description: END blocks should not be placed inside method definitions.
----------------
Lint/EnsureReturn:
  Description: Do not use return in an ensure block.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-return-ensure
----------------
Lint/Eval:
  Description: The use of eval represents a serious security risk.
----------------
Lint/FloatOutOfRange:
  Description: Catches floating-point literals too large or small for Ruby to represent.
----------------
Lint/FormatParameterMismatch:
  Description: The number of parameters to format/sprint must match the fields.
----------------
Lint/ImplicitStringConcatenation:
  Description: Checks for adjacent string literals on the same line, which could better
    be represented as a single string literal.
----------------
Lint/InvalidCharacterLiteral:
  Description: Checks for invalid character literals with a non-escaped whitespace character.
----------------
Lint/LiteralInInterpolation:
  Description: Checks for literals used in interpolation.
----------------
Lint/NestedMethodDefinition:
  Description: Do not use nested method definitions.
  StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-methods
----------------
Lint/NextWithoutAccumulator:
  Description: Do not omit the accumulator when calling `next` in a `reduce`/`inject`
    block.
----------------
Lint/RandOne:
  Description: Checks for `rand(1)` calls. Such calls always return `0` and most likely
    a mistake.
----------------
Lint/RequireParentheses:
  Description: Use parentheses in the method call to avoid confusion about precedence.
----------------
Lint/UnreachableCode:
  Description: Unreachable code.
----------------
Lint/UselessComparison:
  Description: Checks for comparison of something with itself.
----------------
Lint/UselessElseWithoutRescue:
  Description: Checks for useless `else` in `begin..end` without `rescue`.
----------------
Lint/UselessSetterCall:
  Description: Checks for useless setter call to a local variable.
----------------
Lint/Void:
  Description: Possible use of operator/literal/variable in void context.
----------------
Performance/DoubleStartEndWith:
  Description: Use `str.{start,end}_with?(x, ..., y, ...)` instead of `str.{start,end}_with?(x,
    ...) || str.{start,end}_with?(y, ...)`.
----------------
Performance/RedundantSortBy:
  Description: Use `sort` instead of `sort_by { |x| x }`.
----------------
Rails/FindBy:
  Description: Prefer find_by over where.first.
  Include:
  - app/models/**/*.rb
----------------
Rails/FindEach:
  Description: Prefer all.find_each over all.find.
  Include:
  - app/models/**/*.rb
----------------
Rails/PluralizationGrammar:
  Description: Checks for incorrect grammar when using methods like `3.day.ago`.
----------------
Rails/ScopeArgs:
  Description: Checks the arguments of ActiveRecord scopes.
  Include:
  - app/models/**/*.rb
```

See merge request !4261

[ci skip]

Allow anonymous user to access pipelines

## What does this MR do?

It fixes an issue where the Pipelines is shown for the Anonymous users,
but they get 404 when clicked. Their session is then logged out.

Fixes #17717.

See merge request !4233

[ci skip]

[ci skip]

Fix MySQL compatibility in zero downtime migration helpers

## What does this MR do?

This MR fixes MySQL for zero downtime migration helpers introduced in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3860

Closes #17711

See merge request !4239

Fix the CI login to Container Registry (the gitlab-ci-token user)

## What does this MR do?

This fixes `docker login` not succeeding when trying to do CI login: `gitlab-ci-token with $CI_BUILD_TOKEN`.

cc @marin

See merge request !4236

Add health check feature documentation

for https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888

@virtuacreative @axil 

See merge request !4199

Fix docker registry integration

See merge request !4229

[ci skip]

Geo: Single Sign Out

Implements Single Sign Out for Geo (#76).

Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.

This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).

As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 

The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.

Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.

Fixes #522 

See merge request !380

Geo: Single Sign Out

Implements Single Sign Out for Geo (#76).

Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.

This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).

As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 

The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.

Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.

Fixes #522 

See merge request !380

# Conflicts:
#	app/services/system_note_service.rb

Fix Error 500 when attempting to retrieve project license when HEAD points to non-existent ref

Closes #17537

See merge request !4151