Merge branch 'master' into 'rd-44364-deprecate-support-for-dsa-keys'

# Conflicts:
#   db/schema.rb

253 files changed, 3637 insertions, 1058 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d3daab78940..1679ae378c9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.3.7-golang-1.9-git-2.17-chrome-65.0-node-8.x-yarn-1.2-postgresql-9.6"
+image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.4.4-golang-1.9-git-2.17-chrome-65.0-node-8.x-yarn-1.2-postgresql-9.6"
 
 .dedicated-runner: &dedicated-runner
   retry: 1
@@ -6,7 +6,7 @@ image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.3.7-golang-1.9-git
     - gitlab-org
 
 .default-cache: &default-cache
-  key: "ruby-2.3.7-debian-stretch-with-yarn"
+  key: "ruby-2.4.4-debian-stretch-with-yarn"
   paths:
     - vendor/ruby
     - .yarn-cache/
@@ -550,7 +550,7 @@ static-analysis:
   script:
     - scripts/static-analysis
   cache:
-    key: "ruby-2.3.7-debian-stretch-with-yarn-and-rubocop"
+    key: "ruby-2.4.4-debian-stretch-with-yarn-and-rubocop"
     paths:
       - vendor/ruby
       - .yarn-cache/
diff --git a/.ruby-version b/.ruby-version
index 00355e29d11..79a614418f7 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.7
+2.4.4
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 64470a1f087..e78615e3c29 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -182,7 +182,7 @@ Assigning a team label makes sure issues get the attention of the appropriate
 people.
 
 The current team labels are ~Distribution, ~"CI/CD", ~Discussion, ~Documentation, ~Quality,
-~Geo, ~Gitaly, ~Monitoring, ~Platform, ~Release, ~"Security Products" and ~"UX".
+~Geo, ~Gitaly, ~Monitoring, ~Platform, ~Release, ~"Security Products", ~"Configuration", and ~"UX".
 
 The descriptions on the [labels page][labels-page] explain what falls under the
 responsibility of each team.
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION
index a8a18875682..b7f8ee41e69 100644
--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
@@ -1 +1 @@
-7.1.2
+7.1.4
diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION
index fae6e3d04b2..80895903a15 100644
--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
@@ -1 +1 @@
-4.2.1
+4.3.0
diff --git a/Gemfile b/Gemfile
index 68c7b3dcb08..90fa659fe78 100644
--- a/Gemfile
+++ b/Gemfile
@@ -342,7 +342,7 @@ group :development, :test do
 
   gem 'capybara', '~> 2.15'
   gem 'capybara-screenshot', '~> 1.0.0'
-  gem 'selenium-webdriver', '~> 3.5'
+  gem 'selenium-webdriver', '~> 3.12'
 
   gem 'spring', '~> 2.0.0'
   gem 'spring-commands-rspec', '~> 1.0.4'
@@ -374,7 +374,7 @@ end
 
 group :test do
   gem 'shoulda-matchers', '~> 3.1.2', require: false
-  gem 'email_spec', '~> 1.6.0'
+  gem 'email_spec', '~> 2.2.0'
   gem 'json-schema', '~> 2.8.0'
   gem 'webmock', '~> 2.3.2'
   gem 'rails-controller-testing' if rails5? # Rails5 only gem.
@@ -384,7 +384,7 @@ group :test do
   gem 'test-prof', '~> 0.2.5'
 end
 
-gem 'octokit', '~> 4.8'
+gem 'octokit', '~> 4.9'
 
 gem 'mail_room', '~> 0.9.1'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 2efd89bf40d..2daaa3b516e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -115,7 +115,7 @@ GEM
       mime-types (>= 1.16)
     cause (0.1)
     charlock_holmes (0.7.6)
-    childprocess (0.7.0)
+    childprocess (0.9.0)
       ffi (~> 1.0, >= 1.0.11)
     chronic (0.10.2)
     chronic_duration (0.10.6)
@@ -172,15 +172,16 @@ GEM
       unf (>= 0.0.5, < 1.0.0)
     doorkeeper (4.3.2)
       railties (>= 4.2)
-    doorkeeper-openid_connect (1.3.0)
+    doorkeeper-openid_connect (1.4.0)
       doorkeeper (~> 4.3)
       json-jwt (~> 1.6)
     dropzonejs-rails (0.7.2)
       rails (> 3.1)
     email_reply_trimmer (0.1.6)
-    email_spec (1.6.0)
+    email_spec (2.2.0)
+      htmlentities (~> 4.3.3)
       launchy (~> 2.1)
-      mail (~> 2.2)
+      mail (~> 2.7)
     encryptor (3.0.0)
     equalizer (0.0.11)
     erubis (2.7.0)
@@ -517,7 +518,7 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    octokit (4.8.0)
+    octokit (4.9.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
@@ -828,9 +829,9 @@ GEM
       activesupport (>= 3.1)
     select2-rails (3.5.9.3)
       thor (~> 0.14)
-    selenium-webdriver (3.5.0)
+    selenium-webdriver (3.12.0)
       childprocess (~> 0.5)
-      rubyzip (~> 1.0)
+      rubyzip (~> 1.2)
     sentry-raven (2.7.2)
       faraday (>= 0.7.6, < 1.0)
     settingslogic (2.0.9)
@@ -1012,7 +1013,7 @@ DEPENDENCIES
   doorkeeper-openid_connect (~> 1.3)
   dropzonejs-rails (~> 0.7.1)
   email_reply_trimmer (~> 0.1)
-  email_spec (~> 1.6.0)
+  email_spec (~> 2.2.0)
   factory_bot_rails (~> 4.8.2)
   faraday (~> 0.12)
   fast_blank
@@ -1084,7 +1085,7 @@ DEPENDENCIES
   net-ssh (~> 4.2.0)
   nokogiri (~> 1.8.2)
   oauth2 (~> 1.4)
-  octokit (~> 4.8)
+  octokit (~> 4.9)
   omniauth (~> 1.8)
   omniauth-auth0 (~> 2.0.0)
   omniauth-authentiq (~> 0.3.3)
@@ -1154,7 +1155,7 @@ DEPENDENCIES
   scss_lint (~> 0.56.0)
   seed-fu (~> 2.3.7)
   select2-rails (~> 3.5.9)
-  selenium-webdriver (~> 3.5)
+  selenium-webdriver (~> 3.12)
   sentry-raven (~> 2.7)
   settingslogic (~> 2.0.9)
   sham_rack (~> 1.3.6)
diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock
index af7305619eb..14ea3e4519c 100644
--- a/Gemfile.rails5.lock
+++ b/Gemfile.rails5.lock
@@ -72,8 +72,6 @@ GEM
     attr_encrypted (3.1.0)
       encryptor (~> 3.0.0)
     attr_required (1.0.1)
-    autoprefixer-rails (8.1.0.1)
-      execjs
     awesome_print (1.2.0)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
@@ -93,9 +91,6 @@ GEM
     binding_of_caller (0.7.3)
       debug_inspector (>= 0.0.1)
     blankslate (2.1.2.4)
-    bootstrap-sass (3.3.7)
-      autoprefixer-rails (>= 5.2.1)
-      sass (>= 3.3.4)
     bootstrap_form (2.7.0)
     brakeman (4.2.1)
     browser (2.5.3)
@@ -175,7 +170,7 @@ GEM
     diff-lcs (1.3)
     diffy (3.1.0)
     docile (1.1.5)
-    domain_name (0.5.20170404)
+    domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     doorkeeper (4.3.1)
       railties (>= 4.2)
@@ -185,9 +180,10 @@ GEM
     dropzonejs-rails (0.7.4)
       rails (> 3.1)
     email_reply_trimmer (0.1.10)
-    email_spec (1.6.0)
+    email_spec (2.2.0)
+      htmlentities (~> 4.3.3)
       launchy (~> 2.1)
-      mail (~> 2.2)
+      mail (~> 2.7)
     encryptor (3.0.0)
     equalizer (0.0.11)
     erubis (2.7.0)
@@ -288,7 +284,7 @@ GEM
       gettext_i18n_rails (>= 0.7.1)
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
-    gitaly-proto (0.99.0)
+    gitaly-proto (0.100.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.10)
     github-linguist (5.3.3)
@@ -365,9 +361,9 @@ GEM
     grape-entity (0.7.1)
       activesupport (>= 4.0)
       multi_json (>= 1.3.2)
-    grape-route-helpers (2.1.0)
+    grape-path-helpers (1.0.0)
       activesupport
-      grape (>= 0.16.0)
+      grape (~> 1.0)
       rake
     grape_logging (1.7.0)
       grape
@@ -417,6 +413,7 @@ GEM
     httpclient (2.8.3)
     i18n (1.0.1)
       concurrent-ruby (~> 1.0)
+    icalendar (2.4.1)
     ice_nine (0.11.2)
     influxdb (0.5.3)
     ipaddress (0.8.3)
@@ -450,9 +447,9 @@ GEM
     kgio (2.11.2)
     knapsack (1.16.0)
       rake
-    kubeclient (3.0.0)
+    kubeclient (3.1.1)
       http (~> 2.2.2)
-      recursive-open-struct (~> 1.0.4)
+      recursive-open-struct (~> 1.0, >= 1.0.4)
       rest-client (~> 2.0)
     launchy (2.4.3)
       addressable (~> 2.3)
@@ -521,15 +518,16 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    octokit (4.8.0)
+    octokit (4.9.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
     omniauth-auth0 (2.0.0)
       omniauth-oauth2 (~> 1.4)
-    omniauth-authentiq (0.3.1)
-      omniauth-oauth2 (~> 1.3, >= 1.3.1)
+    omniauth-authentiq (0.3.3)
+      jwt (>= 1.5)
+      omniauth-oauth2 (>= 1.5)
     omniauth-azure-oauth2 (0.0.9)
       jwt (~> 1.0)
       omniauth (~> 1.0)
@@ -628,7 +626,7 @@ GEM
       parser
       unparser
     procto (0.0.3)
-    prometheus-client-mmap (0.9.2)
+    prometheus-client-mmap (0.9.3)
     pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
@@ -702,11 +700,11 @@ GEM
       ffi
     rbnacl-libsodium (1.0.16)
       rbnacl (>= 3.0.1)
-    rdoc (4.3.0)
+    rdoc (6.0.4)
     re2 (1.1.1)
     recaptcha (3.4.0)
       json
-    recursive-open-struct (1.0.5)
+    recursive-open-struct (1.1.0)
     redcarpet (3.4.0)
     redis (3.3.5)
     redis-actionpack (5.0.2)
@@ -716,8 +714,8 @@ GEM
     redis-activesupport (5.0.4)
       activesupport (>= 3, < 6)
       redis-store (>= 1.3, < 2)
-    redis-namespace (1.5.3)
-      redis (~> 3.0, >= 3.0.4)
+    redis-namespace (1.6.0)
+      redis (>= 3.0.4)
     redis-rack (2.0.4)
       rack (>= 1.5, < 3)
       redis-store (>= 1.2, < 2)
@@ -836,7 +834,7 @@ GEM
       activesupport (>= 3.1)
     select2-rails (3.5.10)
       thor (~> 0.14)
-    selenium-webdriver (3.11.0)
+    selenium-webdriver (3.12.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2)
     sentry-raven (2.7.2)
@@ -986,7 +984,7 @@ DEPENDENCIES
   asciidoctor-plantuml (= 0.0.8)
   asset_sync (~> 2.4)
   attr_encrypted (~> 3.1.0)
-  awesome_print (~> 1.2.0)
+  awesome_print
   babosa (~> 1.0.2)
   base32 (~> 0.3.0)
   batch-loader (~> 1.2.1)
@@ -994,7 +992,6 @@ DEPENDENCIES
   benchmark-ips (~> 2.3.0)
   better_errors (~> 2.1.0)
   binding_of_caller (~> 0.7.2)
-  bootstrap-sass (~> 3.3.0)
   bootstrap_form (~> 2.7.0)
   brakeman (~> 4.2)
   browser (~> 2.2)
@@ -1021,7 +1018,7 @@ DEPENDENCIES
   doorkeeper-openid_connect (~> 1.3)
   dropzonejs-rails (~> 0.7.1)
   email_reply_trimmer (~> 0.1)
-  email_spec (~> 1.6.0)
+  email_spec (~> 2.2.0)
   factory_bot_rails (~> 4.8.2)
   faraday (~> 0.12)
   fast_blank
@@ -1045,7 +1042,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly-proto (~> 0.99.0)
+  gitaly-proto (~> 0.100.0)
   github-linguist (~> 5.3.3)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-gollum-lib (~> 4.2)
@@ -1059,7 +1056,7 @@ DEPENDENCIES
   gpgme
   grape (~> 1.0)
   grape-entity (~> 0.7.1)
-  grape-route-helpers (~> 2.1.0)
+  grape-path-helpers (~> 1.0)
   grape_logging (~> 1.7)
   grpc (~> 1.11.0)
   haml_lint (~> 0.26.0)
@@ -1070,6 +1067,7 @@ DEPENDENCIES
   html-pipeline (~> 2.7.1)
   html2text
   httparty (~> 0.13.3)
+  icalendar
   influxdb (~> 0.2)
   jira-ruby (~> 1.4)
   jquery-atwho-rails (~> 1.3.2)
@@ -1077,7 +1075,7 @@ DEPENDENCIES
   jwt (~> 1.5.6)
   kaminari (~> 1.0)
   knapsack (~> 1.16)
-  kubeclient (~> 3.0)
+  kubeclient (~> 3.1.0)
   letter_opener_web (~> 1.3.0)
   license_finder (~> 3.1)
   licensee (~> 8.9)
@@ -1092,10 +1090,10 @@ DEPENDENCIES
   net-ssh (~> 4.2.0)
   nokogiri (~> 1.8.2)
   oauth2 (~> 1.4)
-  octokit (~> 4.8)
+  octokit (~> 4.9)
   omniauth (~> 1.8)
   omniauth-auth0 (~> 2.0.0)
-  omniauth-authentiq (~> 0.3.1)
+  omniauth-authentiq (~> 0.3.3)
   omniauth-azure-oauth2 (~> 0.0.9)
   omniauth-cas3 (~> 1.1.4)
   omniauth-facebook (~> 4.0.0)
@@ -1118,7 +1116,7 @@ DEPENDENCIES
   peek-sidekiq (~> 1.0.3)
   pg (~> 0.18.2)
   premailer-rails (~> 1.9.7)
-  prometheus-client-mmap (~> 0.9.2)
+  prometheus-client-mmap (~> 0.9.3)
   pry-byebug (~> 3.4.1)
   pry-rails (~> 0.3.4)
   rack-attack (~> 4.4.1)
@@ -1134,12 +1132,12 @@ DEPENDENCIES
   rblineprof (~> 0.3.6)
   rbnacl (~> 4.0)
   rbnacl-libsodium
-  rdoc (~> 4.2)
+  rdoc (~> 6.0)
   re2 (~> 1.1.1)
   recaptcha (~> 3.0)
   redcarpet (~> 3.4)
   redis (~> 3.2)
-  redis-namespace (~> 1.5.2)
+  redis-namespace (~> 1.6.0)
   redis-rails (~> 5.0.2)
   request_store (~> 1.3)
   responders (~> 2.0)
@@ -1154,6 +1152,7 @@ DEPENDENCIES
   rubocop-rspec (~> 1.22.1)
   ruby-fogbugz (~> 0.2.1)
   ruby-prof (~> 0.17.0)
+  ruby-progressbar
   ruby_parser (~> 3.8)
   rufus-scheduler (~> 3.4)
   rugged (~> 0.27)
@@ -1162,12 +1161,12 @@ DEPENDENCIES
   scss_lint (~> 0.56.0)
   seed-fu (~> 2.3.7)
   select2-rails (~> 3.5.9)
-  selenium-webdriver (~> 3.5)
+  selenium-webdriver (~> 3.12)
   sentry-raven (~> 2.7)
   settingslogic (~> 2.0.9)
   sham_rack (~> 1.3.6)
   shoulda-matchers (~> 3.1.2)
-  sidekiq (~> 5.0)
+  sidekiq (~> 5.1)
   sidekiq-cron (~> 0.6.0)
   sidekiq-limit_fetch (~> 3.4)
   simple_po_parser (~> 1.1.2)
@@ -1199,4 +1198,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.16.1
+   1.16.2
diff --git a/README.md b/README.md
index 0266fe82c82..8bd667b3dac 100644
--- a/README.md
+++ b/README.md
@@ -126,5 +126,5 @@ Please see [Getting help for GitLab](https://about.gitlab.com/getting-help/) on
 
 ## Is it awesome?
 
-Thanks for [asking this question](https://twitter.com/supersloth/status/489462789384056832) Joshua.
 [These people](https://twitter.com/gitlab/likes) seem to like it.
+
diff --git a/app/assets/javascripts/clusters/components/application_row.vue b/app/assets/javascripts/clusters/components/application_row.vue
index 30567993322..98c0b9c22a8 100644
--- a/app/assets/javascripts/clusters/components/application_row.vue
+++ b/app/assets/javascripts/clusters/components/application_row.vue
@@ -187,7 +187,7 @@
       role="row"
     >
       <div
-        class="alert alert-danger alert-block append-bottom-0"
+        class="alert alert-danger alert-block append-bottom-0 clusters-error-alert"
         role="gridcell"
       >
         <div>
diff --git a/app/assets/javascripts/ide/components/activity_bar.vue b/app/assets/javascripts/ide/components/activity_bar.vue
index 05dbc1410de..6efcad6adea 100644
--- a/app/assets/javascripts/ide/components/activity_bar.vue
+++ b/app/assets/javascripts/ide/components/activity_bar.vue
@@ -1,4 +1,5 @@
 <script>
+import $ from 'jquery';
 import { mapActions, mapGetters, mapState } from 'vuex';
 import Icon from '~/vue_shared/components/icon.vue';
 import tooltip from '~/vue_shared/directives/tooltip';
@@ -20,6 +21,13 @@ export default {
   },
   methods: {
     ...mapActions(['updateActivityBarView']),
+    changedActivityView(e, view) {
+      e.currentTarget.blur();
+
+      this.updateActivityBarView(view);
+
+      $(e.currentTarget).tooltip('hide');
+    },
   },
   activityBarViews,
 };
@@ -54,7 +62,7 @@ export default {
           :class="{
             active: currentActivityView === $options.activityBarViews.edit
           }"
-          @click.prevent="updateActivityBarView($options.activityBarViews.edit)"
+          @click.prevent="changedActivityView($event, $options.activityBarViews.edit)"
           :title="s__('IDE|Edit')"
           :aria-label="s__('IDE|Edit')"
         >
@@ -73,7 +81,7 @@ export default {
           :class="{
             active: currentActivityView === $options.activityBarViews.review
           }"
-          @click.prevent="updateActivityBarView($options.activityBarViews.review)"
+          @click.prevent="changedActivityView($event, $options.activityBarViews.review)"
           :title="s__('IDE|Review')"
           :aria-label="s__('IDE|Review')"
         >
@@ -92,7 +100,7 @@ export default {
           :class="{
             active: currentActivityView === $options.activityBarViews.commit
           }"
-          @click.prevent="updateActivityBarView($options.activityBarViews.commit)"
+          @click.prevent="changedActivityView($event, $options.activityBarViews.commit)"
           :title="s__('IDE|Commit')"
           :aria-label="s__('IDE|Commit')"
         >
diff --git a/app/assets/javascripts/ide/components/commit_sidebar/message_field.vue b/app/assets/javascripts/ide/components/commit_sidebar/message_field.vue
index f14fcdc88ed..0ac0af2feaa 100644
--- a/app/assets/javascripts/ide/components/commit_sidebar/message_field.vue
+++ b/app/assets/javascripts/ide/components/commit_sidebar/message_field.vue
@@ -54,7 +54,7 @@ export default {
     placement: 'top',
     content: sprintf(
       __(`
-        The character highligher helps you keep the subject line to %{titleLength} characters
+        The character highlighter helps you keep the subject line to %{titleLength} characters
         and wrap the body at %{bodyLength} so they are readable in git.
       `),
       { titleLength: MAX_TITLE_LENGTH, bodyLength: MAX_BODY_LENGTH },
diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js
index eafdaf4a672..7d0ff53f366 100644
--- a/app/assets/javascripts/labels_select.js
+++ b/app/assets/javascripts/labels_select.js
@@ -426,7 +426,7 @@ export default class LabelsSelect {
     const tpl = _.template([
       '<% _.each(labels, function(label){ %>',
       '<a href="<%- issueUpdateURL.slice(0, issueUpdateURL.lastIndexOf("/")) %>?label_name[]=<%- encodeURIComponent(label.title) %>">',
-      '<span class="label has-tooltip color-label" title="<%- label.description %>" style="background-color: <%- label.color %>; color: <%- label.text_color %>;">',
+      '<span class="badge label has-tooltip color-label" title="<%- label.description %>" style="background-color: <%- label.color %>; color: <%- label.text_color %>;">',
       '<%- label.title %>',
       '</span>',
       '</a>',
diff --git a/app/assets/javascripts/notes/constants.js b/app/assets/javascripts/notes/constants.js
index c4de4826eda..5b5b1e89058 100644
--- a/app/assets/javascripts/notes/constants.js
+++ b/app/assets/javascripts/notes/constants.js
@@ -14,6 +14,7 @@ export const EPIC_NOTEABLE_TYPE = 'epic';
 export const MERGE_REQUEST_NOTEABLE_TYPE = 'merge_request';
 export const UNRESOLVE_NOTE_METHOD_NAME = 'delete';
 export const RESOLVE_NOTE_METHOD_NAME = 'post';
+export const DESCRIPTION_TYPE = 'changed the description';
 
 export const NOTEABLE_TYPE_MAPPING = {
   Issue: ISSUE_NOTEABLE_TYPE,
diff --git a/app/assets/javascripts/notes/stores/collapse_utils.js b/app/assets/javascripts/notes/stores/collapse_utils.js
new file mode 100644
index 00000000000..fa4a1c56b20
--- /dev/null
+++ b/app/assets/javascripts/notes/stores/collapse_utils.js
@@ -0,0 +1,108 @@
+import { n__, s__, sprintf } from '~/locale';
+import { DESCRIPTION_TYPE } from '../constants';
+
+/**
+ * Changes the description from a note, returns 'changed the description n number of times'
+ */
+export const changeDescriptionNote = (note, descriptionChangedTimes, timeDifferenceMinutes) => {
+  const descriptionNote = Object.assign({}, note);
+
+  descriptionNote.note_html = sprintf(
+    s__(`MergeRequest|
+  %{paragraphStart}changed the description %{descriptionChangedTimes} times %{timeDifferenceMinutes}%{paragraphEnd}`),
+    {
+      paragraphStart: '<p dir="auto">',
+      paragraphEnd: '</p>',
+      descriptionChangedTimes,
+      timeDifferenceMinutes: n__('within %d minute ', 'within %d minutes ', timeDifferenceMinutes),
+    },
+    false,
+  );
+
+  descriptionNote.times_updated = descriptionChangedTimes;
+
+  return descriptionNote;
+};
+
+/**
+ * Checks the time difference between two notes from their 'created_at' dates
+ * returns an integer
+ */
+
+export const getTimeDifferenceMinutes = (noteBeggining, noteEnd) => {
+  const descriptionNoteBegin = new Date(noteBeggining.created_at);
+  const descriptionNoteEnd = new Date(noteEnd.created_at);
+  const timeDifferenceMinutes = (descriptionNoteEnd - descriptionNoteBegin) / 1000 / 60;
+
+  return Math.ceil(timeDifferenceMinutes);
+};
+
+/**
+ * Checks if a note is a system note and if the content is description
+ *
+ * @param {Object} note
+ * @returns {Boolean}
+ */
+export const isDescriptionSystemNote = note => note.system && note.note === DESCRIPTION_TYPE;
+
+/**
+ * Collapses the system notes of a description type, e.g. Changed the description, n minutes ago
+ * the notes will collapse as long as they happen no more than 10 minutes away from each away
+ * in between the notes can be anything, another type of system note
+ * (such as 'changed the weight') or a comment.
+ *
+ * @param {Array} notes
+ * @returns {Array}
+ */
+export const collapseSystemNotes = notes => {
+  let lastDescriptionSystemNote = null;
+  let lastDescriptionSystemNoteIndex = -1;
+  let descriptionChangedTimes = 1;
+
+  return notes.slice(0).reduce((acc, currentNote) => {
+    const note = currentNote.notes[0];
+
+    if (isDescriptionSystemNote(note)) {
+      // is it the first one?
+      if (!lastDescriptionSystemNote) {
+        lastDescriptionSystemNote = note;
+        lastDescriptionSystemNoteIndex = acc.length;
+      } else if (lastDescriptionSystemNote) {
+        const timeDifferenceMinutes = getTimeDifferenceMinutes(
+          lastDescriptionSystemNote,
+          note,
+        );
+
+        // are they less than 10 minutes appart?
+        if (timeDifferenceMinutes > 10) {
+          // reset counter
+          descriptionChangedTimes = 1;
+          // update the previous system note
+          lastDescriptionSystemNote = note;
+          lastDescriptionSystemNoteIndex = acc.length;
+        } else {
+          // increase counter
+          descriptionChangedTimes += 1;
+
+          // delete the previous one
+          acc.splice(lastDescriptionSystemNoteIndex, 1);
+
+          // replace the text of the current system note with the collapsed note.
+          currentNote.notes.splice(
+            0,
+            1,
+            changeDescriptionNote(note, descriptionChangedTimes, timeDifferenceMinutes),
+          );
+
+          // update the previous system note index
+          lastDescriptionSystemNoteIndex = acc.length;
+        }
+      }
+    }
+    acc.push(currentNote);
+    return acc;
+  }, []);
+};
+
+// for babel-rewire
+export default {};
diff --git a/app/assets/javascripts/notes/stores/getters.js b/app/assets/javascripts/notes/stores/getters.js
index 787be6f4c99..bc373e0d0fc 100644
--- a/app/assets/javascripts/notes/stores/getters.js
+++ b/app/assets/javascripts/notes/stores/getters.js
@@ -1,6 +1,8 @@
 import _ from 'underscore';
+import { collapseSystemNotes } from './collapse_utils';
+
+export const notes = state => collapseSystemNotes(state.notes);
 
-export const notes = state => state.notes;
 export const targetNoteHash = state => state.targetNoteHash;
 
 export const getNotesData = state => state.notesData;
diff --git a/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue b/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue
index f69fe03fcb3..c20d07a169d 100644
--- a/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue
@@ -265,10 +265,10 @@ export default {
       />
 
       <section
-        v-if="mr.maintainerEditAllowed"
+        v-if="mr.allowCollaboration"
         class="mr-info-list mr-links"
       >
-        {{ s__("mrWidget|Allows edits from maintainers") }}
+        {{ s__("mrWidget|Allows commits from members who can merge to the target branch") }}
       </section>
 
       <mr-widget-related-links
diff --git a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
index e5b7e1f1c68..134aaacf9d2 100644
--- a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
+++ b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
@@ -83,7 +83,7 @@ export default class MergeRequestStore {
     this.canBeMerged = data.can_be_merged || false;
     this.isMergeAllowed = data.mergeable || false;
     this.mergeOngoing = data.merge_ongoing;
-    this.maintainerEditAllowed = data.allow_maintainer_to_push;
+    this.allowCollaboration = data.allow_collaboration;
 
     // Cherry-pick and Revert actions related
     this.canCherryPickInCurrentMR = currentUser.can_cherry_pick_on_current_merge_request || false;
diff --git a/app/assets/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value.vue b/app/assets/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value.vue
index 69d588eb25d..88360b46f24 100644
--- a/app/assets/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value.vue
+++ b/app/assets/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value.vue
@@ -35,7 +35,12 @@ export default {
 </script>
 
 <template>
-  <div class="hide-collapsed value issuable-show-labels js-value">
+  <div
+    class="hide-collapsed value issuable-show-labels js-value"
+    :class="{
+      'has-labels':!isEmpty,
+    }"
+  >
     <span
       v-if="isEmpty"
       class="text-secondary"
@@ -50,7 +55,7 @@ export default {
     >
       <span
         v-tooltip
-        class="label color-label"
+        class="badge color-label"
         data-placement="bottom"
         data-container="body"
         :style="labelStyle(label)"
diff --git a/app/assets/stylesheets/bootstrap_migration.scss b/app/assets/stylesheets/bootstrap_migration.scss
index d8e57834f9e..15c80a93707 100644
--- a/app/assets/stylesheets/bootstrap_migration.scss
+++ b/app/assets/stylesheets/bootstrap_migration.scss
@@ -36,6 +36,12 @@ html [type="button"],
   cursor: pointer;
 }
 
+input[type="file"] {
+  // Bootstrap 4 file input height is taller by default
+  // which makes them look ugly
+  line-height: 1;
+}
+
 b,
 strong {
   font-weight: bold;
@@ -55,8 +61,23 @@ a {
 
 code {
   padding: 2px 4px;
+  color: $red-600;
   background-color: $red-100;
   border-radius: 3px;
+
+  .code & {
+    background-color: inherit;
+    padding: unset;
+  }
+
+  .build-trace & {
+    background-color: inherit;
+    padding: inherit;
+  }
+}
+
+.code {
+  padding: 9.5px;
 }
 
 table {
@@ -162,7 +183,9 @@ table {
 
 .nav-tabs {
   .nav-link {
-    border: 0;
+    border-top: 0;
+    border-left: 0;
+    border-right: 0;
   }
 
   .nav-item {
diff --git a/app/assets/stylesheets/framework/dropdowns.scss b/app/assets/stylesheets/framework/dropdowns.scss
index b91d579cae6..74475daae14 100644
--- a/app/assets/stylesheets/framework/dropdowns.scss
+++ b/app/assets/stylesheets/framework/dropdowns.scss
@@ -35,6 +35,12 @@
     @include media-breakpoint-down(xs) {
       width: 100%;
     }
+
+    &.projects-dropdown-menu {
+      padding: 0;
+      overflow-y: initial;
+      max-height: initial;
+    }
   }
 
   .dropdown-toggle,
diff --git a/app/assets/stylesheets/framework/gitlab_theme.scss b/app/assets/stylesheets/framework/gitlab_theme.scss
index 11e21edfc1b..14dd3879bdc 100644
--- a/app/assets/stylesheets/framework/gitlab_theme.scss
+++ b/app/assets/stylesheets/framework/gitlab_theme.scss
@@ -35,7 +35,7 @@
         }
 
         &.active > a,
-        &.dropdown.open > a {
+        &.dropdown.show > a {
           color: $color-900;
           background-color: $color-alternate;
         }
@@ -74,7 +74,7 @@
         }
 
         &.active > a,
-        &.dropdown.open > a {
+        &.dropdown.show > a {
           color: $color-900;
           background-color: $color-alternate;
 
diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss
index 2085e5646ef..094134b63b0 100644
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -297,12 +297,6 @@
   display: flex;
   margin: 0 0 0 6px;
 
-  .projects-dropdown-menu {
-    padding: 0;
-    overflow-y: initial;
-    max-height: initial;
-  }
-
   .dropdown-chevron {
     position: relative;
     top: -1px;
diff --git a/app/assets/stylesheets/framework/layout.scss b/app/assets/stylesheets/framework/layout.scss
index 0536c39cee7..55c0bc76f23 100644
--- a/app/assets/stylesheets/framework/layout.scss
+++ b/app/assets/stylesheets/framework/layout.scss
@@ -115,9 +115,3 @@ body {
 .with-performance-bar .layout-page {
   margin-top: $header-height + $performance-bar-height;
 }
-
-.vertical-center {
-  min-height: 100vh;
-  display: flex;
-  align-items: center;
-}
diff --git a/app/assets/stylesheets/framework/terms.scss b/app/assets/stylesheets/framework/terms.scss
index 744fd0ff796..7cda674e5c8 100644
--- a/app/assets/stylesheets/framework/terms.scss
+++ b/app/assets/stylesheets/framework/terms.scss
@@ -11,15 +11,15 @@
     padding-top: $gl-padding;
   }
 
-  .panel {
-    .panel-heading {
+  .card {
+    .card-header {
       display: -webkit-flex;
       display: flex;
       align-items: center;
       justify-content: space-between;
       line-height: $line-height-base;
 
-      .title {
+      .card-title {
         display: flex;
         align-items: center;
 
@@ -34,6 +34,8 @@
 
       .navbar-collapse {
         padding-right: 0;
+        flex-grow: 0;
+        flex-basis: auto;
 
         .navbar-nav {
           margin: 0;
diff --git a/app/assets/stylesheets/framework/typography.scss b/app/assets/stylesheets/framework/typography.scss
index 97b821e0cb9..9e77ea03a24 100644
--- a/app/assets/stylesheets/framework/typography.scss
+++ b/app/assets/stylesheets/framework/typography.scss
@@ -114,26 +114,27 @@
     font-size: 0.95em;
   }
 
+  blockquote,
   .blockquote {
     color: $gl-grayish-blue;
     font-size: inherit;
     padding: 8px 24px;
     margin: 16px 0;
     border-left: 3px solid $white-dark;
-  }
 
-  .blockquote:dir(rtl) {
-    border-left: 0;
-    border-right: 3px solid $white-dark;
-  }
+    &:dir(rtl) {
+      border-left: 0;
+      border-right: 3px solid $white-dark;
+    }
 
-  .blockquote p {
-    color: $gl-grayish-blue !important;
-    font-size: inherit;
-    line-height: 1.5;
+    p {
+      color: $gl-grayish-blue !important;
+      font-size: inherit;
+      line-height: 1.5;
 
-    &:last-child {
-      margin: 0;
+      &:last-child {
+        margin: 0;
+      }
     }
   }
 
diff --git a/app/assets/stylesheets/mailers/highlighted_diff_email.scss b/app/assets/stylesheets/mailers/highlighted_diff_email.scss
index b5eda79e5ed..1835c4364d3 100644
--- a/app/assets/stylesheets/mailers/highlighted_diff_email.scss
+++ b/app/assets/stylesheets/mailers/highlighted_diff_email.scss
@@ -138,6 +138,7 @@ pre {
   margin: 0;
 }
 
+blockquote,
 .blockquote {
   color: $gl-grayish-blue;
   padding: 0 0 0 15px;
diff --git a/app/assets/stylesheets/pages/clusters.scss b/app/assets/stylesheets/pages/clusters.scss
index 3e4d123242c..56beb7718a4 100644
--- a/app/assets/stylesheets/pages/clusters.scss
+++ b/app/assets/stylesheets/pages/clusters.scss
@@ -13,6 +13,10 @@
   max-width: 100%;
 }
 
+.clusters-error-alert {
+  width: 100%;
+}
+
 .clusters-container {
   .nav-bar-right {
     padding: $gl-padding-top $gl-padding;
diff --git a/app/assets/stylesheets/pages/labels.scss b/app/assets/stylesheets/pages/labels.scss
index e178371d21f..25f011a534b 100644
--- a/app/assets/stylesheets/pages/labels.scss
+++ b/app/assets/stylesheets/pages/labels.scss
@@ -196,6 +196,10 @@
 .prioritized-labels {
   margin-bottom: 30px;
 
+  h5 {
+    font-size: $gl-font-size;
+  }
+
   .add-priority {
     display: none;
     color: $gray-light;
@@ -210,6 +214,10 @@
 }
 
 .other-labels {
+  h5 {
+    font-size: $gl-font-size;
+  }
+
   .remove-priority {
     display: none;
   }
diff --git a/app/assets/stylesheets/pages/repo.scss b/app/assets/stylesheets/pages/repo.scss
index 6bbcb15329c..2b3cc33c8ae 100644
--- a/app/assets/stylesheets/pages/repo.scss
+++ b/app/assets/stylesheets/pages/repo.scss
@@ -183,7 +183,7 @@
 
   svg {
     position: relative;
-    top: -1px;
+    top: -2px;
   }
 
   .ide-file-changed-icon {
@@ -458,6 +458,10 @@
     width: auto;
     margin-right: 0;
 
+    a {
+      height: 60px;
+    }
+
     a:hover,
     a:focus {
       text-decoration: none;
@@ -718,9 +722,17 @@
 }
 
 .ide-new-btn {
+  .btn {
+    padding-top: 3px;
+    padding-bottom: 3px;
+  }
+
+  .dropdown {
+    display: flex;
+  }
+
   .dropdown-toggle svg {
-    margin-top: -2px;
-    margin-bottom: 2px;
+    top: 0;
   }
 
   .dropdown-menu {
@@ -877,6 +889,7 @@
   border-top: 1px solid transparent;
   border-bottom: 1px solid transparent;
   outline: 0;
+  cursor: pointer;
 
   svg {
     margin: 0 auto;
diff --git a/app/assets/stylesheets/pages/settings.scss b/app/assets/stylesheets/pages/settings.scss
index 2b3773eebad..43c39c43bc1 100644
--- a/app/assets/stylesheets/pages/settings.scss
+++ b/app/assets/stylesheets/pages/settings.scss
@@ -174,7 +174,7 @@
 
     .option-description,
     .option-disabled-reason {
-      margin-left: 45px;
+      margin-left: 30px;
       color: $project-option-descr-color;
     }
 
diff --git a/app/assets/stylesheets/print.scss b/app/assets/stylesheets/print.scss
index 90ccd4abd90..bb10928a037 100644
--- a/app/assets/stylesheets/print.scss
+++ b/app/assets/stylesheets/print.scss
@@ -22,9 +22,9 @@
 
 header,
 nav,
-nav.main-nav,
 nav.navbar-collapse,
 nav.navbar-collapse.collapse,
+.nav-sidebar,
 .profiler-results,
 .tree-ref-holder,
 .tree-holder .breadcrumb,
@@ -38,7 +38,8 @@ ul.notes-form,
 .edit-link,
 .note-action-button,
 .right-sidebar,
-.flash-container {
+.flash-container,
+#js-peek {
   display: none !important;
 }
 
diff --git a/app/controllers/groups/shared_projects_controller.rb b/app/controllers/groups/shared_projects_controller.rb
index f2f835767e0..7dec1f5f402 100644
--- a/app/controllers/groups/shared_projects_controller.rb
+++ b/app/controllers/groups/shared_projects_controller.rb
@@ -24,7 +24,9 @@ module Groups
                            # Make the `search` param consistent for the frontend,
                            # which will be using `filter`.
                            params[:search] ||= params[:filter] if params[:filter]
-                           params.permit(:sort, :search)
+                           # Don't show archived projects
+                           params[:non_archived] = true
+                           params.permit(:sort, :search, :non_archived)
                          end
     end
   end
diff --git a/app/controllers/projects/lfs_storage_controller.rb b/app/controllers/projects/lfs_storage_controller.rb
index 43d8867a536..45c98d60822 100644
--- a/app/controllers/projects/lfs_storage_controller.rb
+++ b/app/controllers/projects/lfs_storage_controller.rb
@@ -18,7 +18,7 @@ class Projects::LfsStorageController < Projects::GitHttpClientController
   def upload_authorize
     set_workhorse_internal_api_content_type
 
-    authorized = LfsObjectUploader.workhorse_authorize
+    authorized = LfsObjectUploader.workhorse_authorize(has_length: true)
     authorized.merge!(LfsOid: oid, LfsSize: size)
 
     render json: authorized
diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb
index 29632bef7e5..8e4aeec16dc 100644
--- a/app/controllers/projects/merge_requests/application_controller.rb
+++ b/app/controllers/projects/merge_requests/application_controller.rb
@@ -15,7 +15,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont
 
   def merge_request_params_attributes
     [
-      :allow_maintainer_to_push,
+      :allow_collaboration,
       :assignee_id,
       :description,
       :force_remove_source_branch,
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index c5a044541f1..2494b56981d 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -1,4 +1,5 @@
 class Projects::MilestonesController < Projects::ApplicationController
+  include Gitlab::Utils::StrongMemoize
   include MilestoneActions
 
   before_action :check_issuables_available!
@@ -103,7 +104,7 @@ class Projects::MilestonesController < Projects::ApplicationController
   protected
 
   def milestones
-    @milestones ||= begin
+    strong_memoize(:milestones) do
       MilestonesFinder.new(search_params).execute
     end
   end
@@ -121,10 +122,10 @@ class Projects::MilestonesController < Projects::ApplicationController
   end
 
   def search_params
-    if @project.group && can?(current_user, :read_group, @project.group)
-      group = @project.group
+    if request.format.json? && @project.group && can?(current_user, :read_group, @project.group)
+      groups = @project.group.self_and_ancestors
     end
 
-    params.permit(:state).merge(project_ids: @project.id, group_ids: group&.id)
+    params.permit(:state).merge(project_ids: @project.id, group_ids: groups&.select(:id))
   end
 end
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index adc423af9e1..ef1bf283d0c 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -36,7 +36,7 @@ module ApplicationSettingsHelper
 
   # Return a group of checkboxes that use Bootstrap's button plugin for a
   # toggle button effect.
-  def restricted_level_checkboxes(help_block_id, checkbox_name)
+  def restricted_level_checkboxes(help_block_id, checkbox_name, options = {})
     Gitlab::VisibilityLevel.values.map do |level|
       checked = restricted_visibility_levels(true).include?(level)
       css_class = checked ? 'active' : ''
@@ -46,6 +46,7 @@ module ApplicationSettingsHelper
         check_box_tag(checkbox_name, level, checked,
                       autocomplete: 'off',
                       'aria-describedby' => help_block_id,
+                      'class' => options[:class],
                       id: tag_name) + visibility_level_icon(level) + visibility_level_label(level)
       end
     end
@@ -53,7 +54,7 @@ module ApplicationSettingsHelper
 
   # Return a group of checkboxes that use Bootstrap's button plugin for a
   # toggle button effect.
-  def import_sources_checkboxes(help_block_id)
+  def import_sources_checkboxes(help_block_id, options = {})
     Gitlab::ImportSources.options.map do |name, source|
       checked = Gitlab::CurrentSettings.import_sources.include?(source)
       css_class = checked ? 'active' : ''
@@ -63,6 +64,7 @@ module ApplicationSettingsHelper
         check_box_tag(checkbox_name, source, checked,
                       autocomplete: 'off',
                       'aria-describedby' => help_block_id,
+                      'class' => options[:class],
                       id: name.tr(' ', '_')) + name
       end
     end
diff --git a/app/helpers/merge_requests_helper.rb b/app/helpers/merge_requests_helper.rb
index 74251c260f0..5ff06b3e0fc 100644
--- a/app/helpers/merge_requests_helper.rb
+++ b/app/helpers/merge_requests_helper.rb
@@ -126,8 +126,8 @@ module MergeRequestsHelper
     link_to(url[merge_request.project, merge_request], data: data_attrs, &block)
   end
 
-  def allow_maintainer_push_unavailable_reason(merge_request)
-    return if merge_request.can_allow_maintainer_to_push?(current_user)
+  def allow_collaboration_unavailable_reason(merge_request)
+    return if merge_request.can_allow_collaboration?(current_user)
 
     minimum_visibility = [merge_request.target_project.visibility_level,
                           merge_request.source_project.visibility_level].min
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 55078e1a2d2..dfca799a53d 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -238,6 +238,14 @@ module ProjectsHelper
     "git push --set-upstream #{repository_url}/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD)"
   end
 
+  def show_xcode_link?(project = @project)
+    browser.platform.mac? && project.repository.xcode_project?
+  end
+
+  def xcode_uri_to_repo(project = @project)
+    "xcode://clone?repo=#{CGI.escape(default_url_to_repo(project))}"
+  end
+
   private
 
   def get_project_nav_tabs(project, current_user)
diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb
index 761c1252fc8..f7dafca7834 100644
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -25,14 +25,22 @@ module SearchHelper
     return unless collection.count > 0
 
     from = collection.offset_value + 1
-    to = collection.offset_value + collection.length
+    to = collection.offset_value + collection.count
     count = collection.total_count
 
     "Showing #{from} - #{to} of #{count} #{scope.humanize(capitalize: false)} for \"#{term}\""
   end
 
+  def find_project_for_result_blob(result)
+    @project
+  end
+
   def parse_search_result(result)
-    Gitlab::ProjectSearchResults.parse_search_result(result)
+    result
+  end
+
+  def search_blob_title(project, filename)
+    filename
   end
 
   private
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 75fd55a8f7b..d93e7cb896f 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -55,6 +55,11 @@ module Ci
       where('(artifacts_file IS NOT NULL AND artifacts_file <> ?) OR EXISTS (?)',
         '', Ci::JobArtifact.select(1).where('ci_builds.id = ci_job_artifacts.job_id').archive)
     end
+
+    scope :without_archived_trace, ->() do
+      where('NOT EXISTS (?)', Ci::JobArtifact.select(1).where('ci_builds.id = ci_job_artifacts.job_id').trace)
+    end
+
     scope :with_artifacts_stored_locally, -> { with_artifacts_archive.where(artifacts_file_store: [nil, LegacyArtifactUploader::Store::LOCAL]) }
     scope :with_artifacts_not_expired, ->() { with_artifacts_archive.where('artifacts_expire_at IS NULL OR artifacts_expire_at > ?', Time.now) }
     scope :with_expired_artifacts, ->() { with_artifacts_archive.where('artifacts_expire_at < ?', Time.now) }
@@ -144,6 +149,7 @@ module Ci
       after_transition any => [:success] do |build|
         build.run_after_commit do
           BuildSuccessWorker.perform_async(id)
+          PagesWorker.perform_async(:deploy, id) if build.pages_generator?
         end
       end
 
@@ -183,6 +189,11 @@ module Ci
       pipeline.manual_actions.where.not(name: name)
     end
 
+    def pages_generator?
+      Gitlab.config.pages.enabled &&
+        self.name == 'pages'
+    end
+
     def playable?
       action? && (manual? || retryable?)
     end
@@ -402,8 +413,6 @@ module Ci
       build_data = Gitlab::DataBuilder::Build.build(self)
       project.execute_hooks(build_data.dup, :job_hooks)
       project.execute_services(build_data.dup, :job_hooks)
-      PagesService.new(build_data).execute
-      project.running_or_pending_build_count(force: true)
     end
 
     def browsable_artifacts?
diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb
index 53af87a271a..5eb30f4aaa0 100644
--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -7,12 +7,17 @@ module Ci
     include Presentable
     include Gitlab::OptimisticLocking
     include Gitlab::Utils::StrongMemoize
+    include AtomicInternalId
 
     belongs_to :project, inverse_of: :pipelines
     belongs_to :user
     belongs_to :auto_canceled_by, class_name: 'Ci::Pipeline'
     belongs_to :pipeline_schedule, class_name: 'Ci::PipelineSchedule'
 
+    has_internal_id :iid, scope: :project, presence: false, init: ->(s) do
+      s&.project&.pipelines&.maximum(:iid) || s&.project&.pipelines&.count
+    end
+
     has_many :stages
     has_many :statuses, class_name: 'CommitStatus', foreign_key: :commit_id, inverse_of: :pipeline
     has_many :builds, foreign_key: :commit_id, inverse_of: :pipeline
@@ -531,6 +536,7 @@ module Ci
 
     def predefined_variables
       Gitlab::Ci::Variables::Collection.new
+        .append(key: 'CI_PIPELINE_IID', value: iid.to_s)
         .append(key: 'CI_CONFIG_PATH', value: ci_yaml_file_path)
         .append(key: 'CI_PIPELINE_SOURCE', value: source.to_s)
         .append(key: 'CI_COMMIT_MESSAGE', value: git_commit_message)
diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb
index 57edd6a4956..8c9aacca8de 100644
--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -219,10 +219,8 @@ module Ci
 
       cache_attributes(values)
 
-      if persist_cached_data?
-        self.assign_attributes(values)
-        self.save if self.changed?
-      end
+      # We save data without validation, it will always change due to `contacted_at`
+      self.update_columns(values) if persist_cached_data?
     end
 
     def pick_build!(build)
diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index ba6552f238f..36631d57ad1 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -11,12 +11,12 @@ module Clusters
 
       attr_encrypted :password,
         mode: :per_attribute_iv,
-        key: Gitlab::Application.secrets.db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       attr_encrypted :token,
         mode: :per_attribute_iv,
-        key: Gitlab::Application.secrets.db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       before_validation :enforce_namespace_to_lower_case
diff --git a/app/models/clusters/providers/gcp.rb b/app/models/clusters/providers/gcp.rb
index 7fac32466ab..4db1bb35c12 100644
--- a/app/models/clusters/providers/gcp.rb
+++ b/app/models/clusters/providers/gcp.rb
@@ -11,7 +11,7 @@ module Clusters
 
       attr_encrypted :access_token,
         mode: :per_attribute_iv,
-        key: Gitlab::Application.secrets.db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       validates :gcp_project_id,
diff --git a/app/models/concerns/atomic_internal_id.rb b/app/models/concerns/atomic_internal_id.rb
index 22f516a172f..164c704260e 100644
--- a/app/models/concerns/atomic_internal_id.rb
+++ b/app/models/concerns/atomic_internal_id.rb
@@ -25,9 +25,13 @@ module AtomicInternalId
   extend ActiveSupport::Concern
 
   module ClassMethods
-    def has_internal_id(column, scope:, init:) # rubocop:disable Naming/PredicateName
-      before_validation(on: :create) do
+    def has_internal_id(column, scope:, init:, presence: true) # rubocop:disable Naming/PredicateName
+      before_validation :"ensure_#{scope}_#{column}!", on: :create
+      validates column, presence: presence
+
+      define_method("ensure_#{scope}_#{column}!") do
         scope_value = association(scope).reader
+
         if read_attribute(column).blank? && scope_value
           scope_attrs = { scope_value.class.table_name.singularize.to_sym => scope_value }
           usage = self.class.table_name.to_sym
@@ -35,13 +39,9 @@ module AtomicInternalId
           new_iid = InternalId.generate_next(self, scope_attrs, usage, init)
           write_attribute(column, new_iid)
         end
-      end
 
-      validates column, presence: true, numericality: true
+        read_attribute(column)
+      end
     end
   end
-
-  def to_param
-    iid.to_s
-  end
 end
diff --git a/app/models/concerns/avatarable.rb b/app/models/concerns/avatarable.rb
index 13246a774e3..095897b08e3 100644
--- a/app/models/concerns/avatarable.rb
+++ b/app/models/concerns/avatarable.rb
@@ -4,11 +4,14 @@ module Avatarable
   included do
     prepend ShadowMethods
     include ObjectStorage::BackgroundMove
+    include Gitlab::Utils::StrongMemoize
 
     validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
     validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
 
     mount_uploader :avatar, AvatarUploader
+
+    after_initialize :add_avatar_to_batch
   end
 
   module ShadowMethods
@@ -18,6 +21,17 @@ module Avatarable
 
       avatar_path(only_path: args.fetch(:only_path, true)) || super
     end
+
+    def retrieve_upload(identifier, paths)
+      upload = retrieve_upload_from_batch(identifier)
+
+      # This fallback is needed when deleting an upload, because we may have
+      # already been removed from the DB. We have to check an explicit `#nil?`
+      # because it's a BatchLoader instance.
+      upload = super if upload.nil?
+
+      upload
+    end
   end
 
   def avatar_type
@@ -52,4 +66,37 @@ module Avatarable
 
     url_base + avatar.local_url
   end
+
+  # Path that is persisted in the tracking Upload model. Used to fetch the
+  # upload from the model.
+  def upload_paths(identifier)
+    avatar_mounter.blank_uploader.store_dirs.map { |store, path| File.join(path, identifier) }
+  end
+
+  private
+
+  def retrieve_upload_from_batch(identifier)
+    BatchLoader.for(identifier: identifier, model: self).batch(key: self.class) do |upload_params, loader, args|
+      model_class = args[:key]
+      paths = upload_params.flat_map do |params|
+        params[:model].upload_paths(params[:identifier])
+      end
+
+      Upload.where(uploader: AvatarUploader, path: paths).find_each do |upload|
+        model = model_class.instantiate('id' => upload.model_id)
+
+        loader.call({ model: model, identifier: File.basename(upload.path) }, upload)
+      end
+    end
+  end
+
+  def add_avatar_to_batch
+    return unless avatar_mounter
+
+    avatar_mounter.read_identifiers.each { |identifier| retrieve_upload_from_batch(identifier) }
+  end
+
+  def avatar_mounter
+    strong_memoize(:avatar_mounter) { _mounter(:avatar) }
+  end
 end
diff --git a/app/models/concerns/has_variable.rb b/app/models/concerns/has_variable.rb
index 8a241e4374a..c8e20c0ab81 100644
--- a/app/models/concerns/has_variable.rb
+++ b/app/models/concerns/has_variable.rb
@@ -13,7 +13,7 @@ module HasVariable
     attr_encrypted :value,
        mode: :per_attribute_iv_and_salt,
        insecure_mode: true,
-       key: Gitlab::Application.secrets.db_key_base,
+       key: Settings.attr_encrypted_db_key_base,
        algorithm: 'aes-256-cbc'
 
     def key=(new_key)
diff --git a/app/models/concerns/iid_routes.rb b/app/models/concerns/iid_routes.rb
new file mode 100644
index 00000000000..246748cf52c
--- /dev/null
+++ b/app/models/concerns/iid_routes.rb
@@ -0,0 +1,9 @@
+module IidRoutes
+  ##
+  # This automagically enforces all related routes to use `iid` instead of `id`
+  # If you want to use `iid` for some routes and `id` for other routes, this module should not to be included,
+  # instead you should define `iid` or `id` explictly at each route generators. e.g. pipeline_path(project.id, pipeline.iid)
+  def to_param
+    iid.to_s
+  end
+end
diff --git a/app/models/concerns/with_uploads.rb b/app/models/concerns/with_uploads.rb
index e7cfffb775b..4245d083a49 100644
--- a/app/models/concerns/with_uploads.rb
+++ b/app/models/concerns/with_uploads.rb
@@ -36,4 +36,8 @@ module WithUploads
       upload.destroy
     end
   end
+
+  def retrieve_upload(_identifier, paths)
+    uploads.find_by(path: paths)
+  end
 end
diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index 254764eefde..ac86e9e8de0 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -1,5 +1,6 @@
 class Deployment < ActiveRecord::Base
   include AtomicInternalId
+  include IidRoutes
 
   belongs_to :project, required: true
   belongs_to :environment, required: true
diff --git a/app/models/internal_id.rb b/app/models/internal_id.rb
index f7f930e86ed..f50f28deffe 100644
--- a/app/models/internal_id.rb
+++ b/app/models/internal_id.rb
@@ -14,7 +14,7 @@ class InternalId < ActiveRecord::Base
   belongs_to :project
   belongs_to :namespace
 
-  enum usage: { issues: 0, merge_requests: 1, deployments: 2, milestones: 3, epics: 4 }
+  enum usage: { issues: 0, merge_requests: 1, deployments: 2, milestones: 3, epics: 4, ci_pipelines: 5 }
 
   validates :usage, presence: true
 
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 41a290f34b4..d136700836d 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -2,6 +2,7 @@ require 'carrierwave/orm/activerecord'
 
 class Issue < ActiveRecord::Base
   include AtomicInternalId
+  include IidRoutes
   include Issuable
   include Noteable
   include Referable
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 79fc155fd3c..535a2c362f2 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -1,5 +1,6 @@
 class MergeRequest < ActiveRecord::Base
   include AtomicInternalId
+  include IidRoutes
   include Issuable
   include Noteable
   include Referable
@@ -1124,21 +1125,21 @@ class MergeRequest < ActiveRecord::Base
     project.merge_requests.merged.where(author_id: author_id).empty?
   end
 
-  def allow_maintainer_to_push
-    maintainer_push_possible? && super
+  def allow_collaboration
+    collaborative_push_possible? && super
   end
 
-  alias_method :allow_maintainer_to_push?, :allow_maintainer_to_push
+  alias_method :allow_collaboration?, :allow_collaboration
 
-  def maintainer_push_possible?
+  def collaborative_push_possible?
     source_project.present? && for_fork? &&
       target_project.visibility_level > Gitlab::VisibilityLevel::PRIVATE &&
       source_project.visibility_level > Gitlab::VisibilityLevel::PRIVATE &&
       !ProtectedBranch.protected?(source_project, source_branch)
   end
 
-  def can_allow_maintainer_to_push?(user)
-    maintainer_push_possible? &&
+  def can_allow_collaboration?(user)
+    collaborative_push_possible? &&
       Ability.allowed?(user, :push_code, source_project)
   end
 
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index d14e3a4ded5..d05dcfd083a 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -9,6 +9,7 @@ class Milestone < ActiveRecord::Base
 
   include CacheMarkdownField
   include AtomicInternalId
+  include IidRoutes
   include Sortable
   include Referable
   include StripAttribute
diff --git a/app/models/note.rb b/app/models/note.rb
index 02f7a9b1e4f..41c04ae0571 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -435,6 +435,10 @@ class Note < ActiveRecord::Base
     super.merge(noteable: noteable)
   end
 
+  def retrieve_upload(_identifier, paths)
+    Upload.find_by(model: self, path: paths)
+  end
+
   private
 
   def keep_around_commit
diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb
index 2e478a24778..bfea64c3759 100644
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -19,7 +19,7 @@ class PagesDomain < ActiveRecord::Base
   attr_encrypted :key,
     mode: :per_attribute_iv_and_salt,
     insecure_mode: true,
-    key: Gitlab::Application.secrets.db_key_base,
+    key: Settings.attr_encrypted_db_key_base,
     algorithm: 'aes-256-cbc'
 
   after_initialize :set_verification_code
diff --git a/app/models/personal_snippet.rb b/app/models/personal_snippet.rb
index 82c1c4de3a0..355624fd552 100644
--- a/app/models/personal_snippet.rb
+++ b/app/models/personal_snippet.rb
@@ -1,2 +1,3 @@
 class PersonalSnippet < Snippet
+  include WithUploads
 end
diff --git a/app/models/project.rb b/app/models/project.rb
index 32298fc7f5c..e17eabbb174 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1649,12 +1649,6 @@ class Project < ActiveRecord::Base
     import_state.update_column(:jid, nil)
   end
 
-  def running_or_pending_build_count(force: false)
-    Rails.cache.fetch(['projects', id, 'running_or_pending_build_count'], force: force) do
-      builds.running_or_pending.count(:all)
-    end
-  end
-
   # Lazy loading of the `pipeline_status` attribute
   def pipeline_status
     @pipeline_status ||= Gitlab::Cache::Ci::ProjectPipelineStatus.load_for_project(self)
@@ -1974,18 +1968,18 @@ class Project < ActiveRecord::Base
                                 .limit(1)
                                 .select(1)
     source_of_merge_requests.opened
-      .where(allow_maintainer_to_push: true)
+      .where(allow_collaboration: true)
       .where('EXISTS (?)', developer_access_exists)
   end
 
-  def branch_allows_maintainer_push?(user, branch_name)
+  def branch_allows_collaboration?(user, branch_name)
     return false unless user
 
     cache_key = "user:#{user.id}:#{branch_name}:branch_allows_push"
 
-    memoized_results = strong_memoize(:branch_allows_maintainer_push) do
+    memoized_results = strong_memoize(:branch_allows_collaboration) do
       Hash.new do |result, cache_key|
-        result[cache_key] = fetch_branch_allows_maintainer_push?(user, branch_name)
+        result[cache_key] = fetch_branch_allows_collaboration?(user, branch_name)
       end
     end
 
@@ -2127,18 +2121,18 @@ class Project < ActiveRecord::Base
     raise ex
   end
 
-  def fetch_branch_allows_maintainer_push?(user, branch_name)
+  def fetch_branch_allows_collaboration?(user, branch_name)
     check_access = -> do
       next false if empty_repo?
 
       merge_request = source_of_merge_requests.opened
-                        .where(allow_maintainer_to_push: true)
+                        .where(allow_collaboration: true)
                         .find_by(source_branch: branch_name)
       merge_request&.can_be_merged_by?(user)
     end
 
     if RequestStore.active?
-      RequestStore.fetch("project-#{id}:branch-#{branch_name}:user-#{user.id}:branch_allows_maintainer_push") do
+      RequestStore.fetch("project-#{id}:branch-#{branch_name}:user-#{user.id}:branch_allows_collaboration") do
         check_access.call
       end
     else
diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index 6da6632f4f2..1d7089ccfc7 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -3,7 +3,7 @@ require 'carrierwave/orm/activerecord'
 class ProjectImportData < ActiveRecord::Base
   belongs_to :project, inverse_of: :import_data
   attr_encrypted :credentials,
-                 key: Gitlab::Application.secrets.db_key_base,
+                 key: Settings.attr_encrypted_db_key_base,
                  marshal: true,
                  encode: true,
                  mode: :per_attribute_iv_and_salt,
diff --git a/app/models/project_wiki.rb b/app/models/project_wiki.rb
index f799a0b4227..a6f94b3e3b0 100644
--- a/app/models/project_wiki.rb
+++ b/app/models/project_wiki.rb
@@ -140,10 +140,6 @@ class ProjectWiki
     [title, title_array.join("/")]
   end
 
-  def search_files(query)
-    repository.search_files_by_content(query, default_branch)
-  end
-
   def repository
     @repository ||= Repository.new(full_path, @project, disk_path: disk_path, is_wiki: true)
   end
diff --git a/app/models/remote_mirror.rb b/app/models/remote_mirror.rb
index 9722cbb2b7c..5cd222e18a4 100644
--- a/app/models/remote_mirror.rb
+++ b/app/models/remote_mirror.rb
@@ -5,7 +5,7 @@ class RemoteMirror < ActiveRecord::Base
   UNPROTECTED_BACKOFF_DELAY = 5.minutes
 
   attr_encrypted :credentials,
-                 key: Gitlab::Application.secrets.db_key_base,
+                 key: Settings.attr_encrypted_db_key_base,
                  marshal: true,
                  encode: true,
                  mode: :per_attribute_iv_and_salt,
diff --git a/app/policies/ci/build_policy.rb b/app/policies/ci/build_policy.rb
index 8b65758f3e8..1c0cc7425ec 100644
--- a/app/policies/ci/build_policy.rb
+++ b/app/policies/ci/build_policy.rb
@@ -14,8 +14,8 @@ module Ci
       @subject.triggered_by?(@user)
     end
 
-    condition(:branch_allows_maintainer_push) do
-      @subject.project.branch_allows_maintainer_push?(@user, @subject.ref)
+    condition(:branch_allows_collaboration) do
+      @subject.project.branch_allows_collaboration?(@user, @subject.ref)
     end
 
     rule { protected_ref }.policy do
@@ -25,7 +25,7 @@ module Ci
 
     rule { can?(:admin_build) | (can?(:update_build) & owner_of_job) }.enable :erase_build
 
-    rule { can?(:public_access) & branch_allows_maintainer_push }.policy do
+    rule { can?(:public_access) & branch_allows_collaboration }.policy do
       enable :update_build
       enable :update_commit_status
     end
diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb
index 540e4235299..b81329d0625 100644
--- a/app/policies/ci/pipeline_policy.rb
+++ b/app/policies/ci/pipeline_policy.rb
@@ -4,13 +4,13 @@ module Ci
 
     condition(:protected_ref) { ref_protected?(@user, @subject.project, @subject.tag?, @subject.ref) }
 
-    condition(:branch_allows_maintainer_push) do
-      @subject.project.branch_allows_maintainer_push?(@user, @subject.ref)
+    condition(:branch_allows_collaboration) do
+      @subject.project.branch_allows_collaboration?(@user, @subject.ref)
     end
 
     rule { protected_ref }.prevent :update_pipeline
 
-    rule { can?(:public_access) & branch_allows_maintainer_push }.policy do
+    rule { can?(:public_access) & branch_allows_collaboration }.policy do
       enable :update_pipeline
     end
 
diff --git a/app/serializers/merge_request_widget_entity.rb b/app/serializers/merge_request_widget_entity.rb
index 141070aef45..8260c6c7b84 100644
--- a/app/serializers/merge_request_widget_entity.rb
+++ b/app/serializers/merge_request_widget_entity.rb
@@ -13,7 +13,7 @@ class MergeRequestWidgetEntity < IssuableEntity
   expose :squash
   expose :target_branch
   expose :target_project_id
-  expose :allow_maintainer_to_push
+  expose :allow_collaboration
 
   expose :should_be_rebased?, as: :should_be_rebased
   expose :ff_only_enabled do |merge_request|
diff --git a/app/services/ci/register_job_service.rb b/app/services/ci/register_job_service.rb
index 317d1defbba..925775aea0b 100644
--- a/app/services/ci/register_job_service.rb
+++ b/app/services/ci/register_job_service.rb
@@ -90,7 +90,7 @@ module Ci
 
     def builds_for_group_runner
       # Workaround for weird Rails bug, that makes `runner.groups.to_sql` to return `runner_id = NULL`
-      groups = Group.joins(:runner_namespaces).merge(runner.runner_namespaces)
+      groups = ::Group.joins(:runner_namespaces).merge(runner.runner_namespaces)
 
       hierarchy_groups = Gitlab::GroupHierarchy.new(groups).base_and_descendants
       projects = Project.where(namespace_id: hierarchy_groups)
diff --git a/app/services/merge_requests/base_service.rb b/app/services/merge_requests/base_service.rb
index 231ab76fde4..4c420b38258 100644
--- a/app/services/merge_requests/base_service.rb
+++ b/app/services/merge_requests/base_service.rb
@@ -38,8 +38,8 @@ module MergeRequests
     def filter_params(merge_request)
       super
 
-      unless merge_request.can_allow_maintainer_to_push?(current_user)
-        params.delete(:allow_maintainer_to_push)
+      unless merge_request.can_allow_collaboration?(current_user)
+        params.delete(:allow_collaboration)
       end
     end
 
diff --git a/app/services/pages_service.rb b/app/services/pages_service.rb
deleted file mode 100644
index 446eeb34d3b..00000000000
--- a/app/services/pages_service.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-class PagesService
-  attr_reader :data
-
-  def initialize(data)
-    @data = data
-  end
-
-  def execute
-    return unless Settings.pages.enabled
-    return unless data[:build_name] == 'pages'
-    return unless data[:build_status] == 'success'
-
-    PagesWorker.perform_async(:deploy, data[:build_id])
-  end
-end
diff --git a/app/services/projects/autocomplete_service.rb b/app/services/projects/autocomplete_service.rb
index 346971138b1..3e38a8a12d4 100644
--- a/app/services/projects/autocomplete_service.rb
+++ b/app/services/projects/autocomplete_service.rb
@@ -11,7 +11,7 @@ module Projects
         order: { due_date: :asc, title: :asc }
       }
 
-      finder_params[:group_ids] = [@project.group.id] if @project.group
+      finder_params[:group_ids] = @project.group.self_and_ancestors.select(:id) if @project.group
 
       MilestonesFinder.new(finder_params).execute.select([:iid, :title])
     end
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index 679f4a9cb62..0d1e2e758cd 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -17,6 +17,8 @@ module Projects
 
       ensure_wiki_exists if enabling_wiki?
 
+      yield if block_given?
+
       if project.update_attributes(params.except(:default_branch))
         if project.previous_changes.include?('path')
           project.rename_repo
@@ -36,7 +38,7 @@ module Projects
     end
 
     def run_auto_devops_pipeline?
-      return false if project.repository.gitlab_ci_yml || !project.auto_devops.previous_changes.include?('enabled')
+      return false if project.repository.gitlab_ci_yml || !project.auto_devops&.previous_changes&.include?('enabled')
 
       project.auto_devops.enabled? || (project.auto_devops.enabled.nil? && Gitlab::CurrentSettings.auto_devops_enabled?)
     end
@@ -53,8 +55,8 @@ module Projects
     def changing_default_branch?
       new_branch = params[:default_branch]
 
-      project.repository.exists? &&
-        new_branch && new_branch != project.default_branch
+      new_branch && project.repository.exists? &&
+        new_branch != project.default_branch
     end
 
     def enabling_wiki?
diff --git a/app/uploaders/object_storage.rb b/app/uploaders/object_storage.rb
index 5bdca26a584..5aa1bc7227c 100644
--- a/app/uploaders/object_storage.rb
+++ b/app/uploaders/object_storage.rb
@@ -10,8 +10,6 @@ module ObjectStorage
   UnknownStoreError = Class.new(StandardError)
   ObjectStorageUnavailable = Class.new(StandardError)
 
-  DIRECT_UPLOAD_TIMEOUT = 4.hours
-  DIRECT_UPLOAD_EXPIRE_OFFSET = 15.minutes
   TMP_UPLOAD_PATH = 'tmp/uploads'.freeze
 
   module Store
@@ -35,7 +33,7 @@ module ObjectStorage
 
         unless current_upload_satisfies?(paths, model)
           # the upload we already have isn't right, find the correct one
-          self.upload = uploads.find_by(model: model, path: paths)
+          self.upload = model&.retrieve_upload(identifier, paths)
         end
 
         super
@@ -48,7 +46,7 @@ module ObjectStorage
       end
 
       def upload=(upload)
-        return unless upload
+        return if upload.nil?
 
         self.object_store = upload.store
         super
@@ -157,9 +155,9 @@ module ObjectStorage
         model_class.uploader_options.dig(mount_point, :mount_on) || mount_point
       end
 
-      def workhorse_authorize
+      def workhorse_authorize(has_length:, maximum_size: nil)
         {
-          RemoteObject: workhorse_remote_upload_options,
+          RemoteObject: workhorse_remote_upload_options(has_length: has_length, maximum_size: maximum_size),
           TempPath: workhorse_local_upload_path
         }.compact
       end
@@ -168,23 +166,16 @@ module ObjectStorage
         File.join(self.root, TMP_UPLOAD_PATH)
       end
 
-      def workhorse_remote_upload_options
+      def workhorse_remote_upload_options(has_length:, maximum_size: nil)
         return unless self.object_store_enabled?
         return unless self.direct_upload_enabled?
 
         id = [CarrierWave.generate_cache_id, SecureRandom.hex].join('-')
         upload_path = File.join(TMP_UPLOAD_PATH, id)
-        connection = ::Fog::Storage.new(self.object_store_credentials)
-        expire_at = Time.now + DIRECT_UPLOAD_TIMEOUT + DIRECT_UPLOAD_EXPIRE_OFFSET
-        options = { 'Content-Type' => 'application/octet-stream' }
+        direct_upload = ObjectStorage::DirectUpload.new(self.object_store_credentials, remote_store_path, upload_path,
+          has_length: has_length, maximum_size: maximum_size)
 
-        {
-          ID: id,
-          Timeout: DIRECT_UPLOAD_TIMEOUT,
-          GetURL: connection.get_object_url(remote_store_path, upload_path, expire_at),
-          DeleteURL: connection.delete_object_url(remote_store_path, upload_path, expire_at),
-          StoreURL: connection.put_object_url(remote_store_path, upload_path, expire_at, options)
-        }
+        direct_upload.to_hash.merge(ID: id)
       end
     end
 
diff --git a/app/views/admin/application_settings/_visibility_and_access.html.haml b/app/views/admin/application_settings/_visibility_and_access.html.haml
index 2b4d3bab54d..05520bd8d2d 100644
--- a/app/views/admin/application_settings/_visibility_and_access.html.haml
+++ b/app/views/admin/application_settings/_visibility_and_access.html.haml
@@ -23,7 +23,7 @@
       .col-sm-10
         - checkbox_name = 'application_setting[restricted_visibility_levels][]'
         = hidden_field_tag(checkbox_name)
-        - restricted_level_checkboxes('restricted-visibility-help', checkbox_name).each do |level|
+        - restricted_level_checkboxes('restricted-visibility-help', checkbox_name, class: 'form-check-input').each do |level|
           .form-check
             = level
         %span.form-text.text-muted#restricted-visibility-help
@@ -33,7 +33,7 @@
       = f.label :import_sources, class: 'col-form-label col-sm-2'
       .col-sm-10
         = hidden_field_tag 'application_setting[import_sources][]'
-        - import_sources_checkboxes('import-sources-help').each do |source|
+        - import_sources_checkboxes('import-sources-help', class: 'form-check-input').each do |source|
           .form-check= source
         %span.form-text.text-muted#import-sources-help
           Enabled sources for code import during project creation. OmniAuth must be configured for GitHub
diff --git a/app/views/admin/users/_access_levels.html.haml b/app/views/admin/users/_access_levels.html.haml
index 35a331283ab..04acc5f8423 100644
--- a/app/views/admin/users/_access_levels.html.haml
+++ b/app/views/admin/users/_access_levels.html.haml
@@ -1,26 +1,26 @@
 %fieldset
   %legend Access
-  .form-group
-    = f.label :projects_limit, class: 'col-form-label'
+  .form-group.row
+    = f.label :projects_limit, class: 'col-form-label col-sm-2'
     .col-sm-10= f.number_field :projects_limit, min: 0, max: Gitlab::Database::MAX_INT_VALUE, class: 'form-control'
 
-  .form-group
-    = f.label :can_create_group, class: 'col-form-label'
+  .form-group.row
+    = f.label :can_create_group, class: 'col-form-label col-sm-2'
     .col-sm-10= f.check_box :can_create_group
 
-  .form-group
-    = f.label :access_level, class: 'col-form-label'
+  .form-group.row
+    = f.label :access_level, class: 'col-form-label col-sm-2'
     .col-sm-10
       - editing_current_user = (current_user == @user)
 
       = f.radio_button :access_level, :regular, disabled: editing_current_user
-      = label_tag :regular do
+      = label_tag :regular, class: 'font-weight-bold' do
         Regular
       %p.light
         Regular users have access to their groups and projects
 
       = f.radio_button :access_level, :admin, disabled: editing_current_user
-      = label_tag :admin do
+      = label_tag :admin, class: 'font-weight-bold' do
         Admin
       %p.light
         Administrators have access to all groups, projects and users and can manage all features in this installation
@@ -28,8 +28,8 @@
         %p.light
           You cannot remove your own admin rights.
 
-  .form-group
-    = f.label :external, class: 'col-form-label'
+  .form-group.row
+    = f.label :external, class: 'col-form-label col-sm-2'
     .col-sm-10
       = f.check_box :external do
         External
diff --git a/app/views/admin/users/_form.html.haml b/app/views/admin/users/_form.html.haml
index 010cb2ac354..58be07fc83e 100644
--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
@@ -56,7 +56,7 @@
         = f.label :linkedin, class: 'col-form-label col-sm-2'
         .col-sm-10= f.text_field :linkedin, class: 'form-control'
       .form-group.row
-        = f.label :twitter, class: 'col-form-label'
+        = f.label :twitter, class: 'col-form-label col-sm-2'
         .col-sm-10= f.text_field :twitter, class: 'form-control'
       .form-group.row
         = f.label :website_url, 'Website', class: 'col-form-label col-sm-2'
diff --git a/app/views/import/gitea/new.html.haml b/app/views/import/gitea/new.html.haml
index eb9790c7903..581576a8a3d 100644
--- a/app/views/import/gitea/new.html.haml
+++ b/app/views/import/gitea/new.html.haml
@@ -12,11 +12,11 @@
 
 = form_tag personal_access_token_import_gitea_path do
   .form-group.row
-    = label_tag :gitea_host_url, 'Gitea Host URL', class: 'col-form-label col-sm-8'
+    = label_tag :gitea_host_url, 'Gitea Host URL', class: 'col-form-label col-sm-2'
     .col-sm-4
       = text_field_tag :gitea_host_url, nil, placeholder: 'https://try.gitea.io', class: 'form-control'
   .form-group.row
-    = label_tag :personal_access_token, 'Personal Access Token', class: 'col-form-label col-sm-8'
+    = label_tag :personal_access_token, 'Personal Access Token', class: 'col-form-label col-sm-2'
     .col-sm-4
       = text_field_tag :personal_access_token, nil, class: 'form-control'
   .form-actions
diff --git a/app/views/import/github/new.html.haml b/app/views/import/github/new.html.haml
index c63cf2b31cb..b9ebb1a39d9 100644
--- a/app/views/import/github/new.html.haml
+++ b/app/views/import/github/new.html.haml
@@ -19,7 +19,7 @@
 
 = form_tag personal_access_token_import_github_path, method: :post, class: 'form-inline' do
   .form-group
-    = text_field_tag :personal_access_token, '', class: 'form-control', placeholder: _('Personal Access Token'), size: 40
+    = text_field_tag :personal_access_token, '', class: 'form-control append-right-8', placeholder: _('Personal Access Token'), size: 40
     = submit_tag _('List your GitHub repositories'), class: 'btn btn-success'
 
 - unless github_import_configured?
diff --git a/app/views/layouts/terms.html.haml b/app/views/layouts/terms.html.haml
index a8964b19ba1..977eb350365 100644
--- a/app/views/layouts/terms.html.haml
+++ b/app/views/layouts/terms.html.haml
@@ -14,9 +14,9 @@
 
         %div{ class: "#{container_class} limit-container-width" }
           .content{ id: "content-body" }
-            .panel.panel-default
-              .panel-heading
-                .title
+            .card
+              .card-header
+                .card-title
                   = brand_header_logo
                   - logo_text = brand_header_logo_type
                   - if logo_text.present?
diff --git a/app/views/profiles/preferences/show.html.haml b/app/views/profiles/preferences/show.html.haml
index ce312943154..e63e7772ba3 100644
--- a/app/views/profiles/preferences/show.html.haml
+++ b/app/views/profiles/preferences/show.html.haml
@@ -4,7 +4,7 @@
 = form_for @user, url: profile_preferences_path, remote: true, method: :put, html: { class: 'row prepend-top-default js-preferences-form' } do |f|
   .col-lg-4.application-theme
     %h4.prepend-top-0
-      s_('Preferences|Navigation theme')
+      = s_('Preferences|Navigation theme')
     %p Customize the appearance of the application header and navigation sidebar.
   .col-lg-8.application-theme
     - Gitlab::Themes.each do |theme|
diff --git a/app/views/projects/_home_panel.html.haml b/app/views/projects/_home_panel.html.haml
index 075badb9e56..89940512bc6 100644
--- a/app/views/projects/_home_panel.html.haml
+++ b/app/views/projects/_home_panel.html.haml
@@ -42,6 +42,10 @@
           .project-clone-holder
             = render "shared/clone_panel"
 
+          - if show_xcode_link?(@project)
+            .project-action-button.project-xcode.inline
+              = render "projects/buttons/xcode_link"
+
         - if current_user
           - if can?(current_user, :download_code, @project)
             = render 'projects/buttons/download', project: @project, ref: @ref
diff --git a/app/views/projects/blob/viewers/_download.html.haml b/app/views/projects/blob/viewers/_download.html.haml
index f9b1da05a00..fda4b9c92cd 100644
--- a/app/views/projects/blob/viewers/_download.html.haml
+++ b/app/views/projects/blob/viewers/_download.html.haml
@@ -1,5 +1,5 @@
 .file-content.blob_file.blob-no-preview
-  .center.render-error.vertical-center
+  .center.render-error
     = link_to blob_raw_path do
       %h1.light
         = sprite_icon('download')
diff --git a/app/views/projects/buttons/_xcode_link.html.haml b/app/views/projects/buttons/_xcode_link.html.haml
new file mode 100644
index 00000000000..a8b32fb0ef5
--- /dev/null
+++ b/app/views/projects/buttons/_xcode_link.html.haml
@@ -0,0 +1,2 @@
+%a.btn.btn-default{ href: xcode_uri_to_repo(@project) }
+  = _("Open in Xcode")
diff --git a/app/views/projects/labels/index.html.haml b/app/views/projects/labels/index.html.haml
index 9c78bade254..1f183c274be 100644
--- a/app/views/projects/labels/index.html.haml
+++ b/app/views/projects/labels/index.html.haml
@@ -22,7 +22,7 @@
         -# Only show it in the first page
         - hide = @available_labels.empty? || (params[:page].present? && params[:page] != '1')
         .prioritized-labels{ class: ('hide' if hide) }
-          %h5 Prioritized Labels
+          %h5.prepend-top-10 Prioritized Labels
           %ul.content-list.manage-labels-list.js-prioritized-labels{ "data-url" => set_priorities_project_labels_path(@project) }
             #js-priority-labels-empty-state{ class: "#{'hidden' unless @prioritized_labels.empty?}" }
               = render 'shared/empty_states/priority_labels'
diff --git a/app/views/projects/new.html.haml b/app/views/projects/new.html.haml
index 35a09f06bfa..5bb1bfb7059 100644
--- a/app/views/projects/new.html.haml
+++ b/app/views/projects/new.html.haml
@@ -29,16 +29,16 @@
 
     .col-lg-9.js-toggle-container
       %ul.nav.nav-tabs.nav-links.gitlab-tabs{ role: 'tablist' }
-        %li{ class: active_when(active_tab == 'blank'), role: 'presentation' }
-          %a{ href: '#blank-project-pane', id: 'blank-project-tab', data: { toggle: 'tab' }, role: 'tab' }
+        %li.nav-item{ role: 'presentation' }
+          %a.nav-link.active{ href: '#blank-project-pane', id: 'blank-project-tab', data: { toggle: 'tab' }, role: 'tab' }
             %span.d-none.d-sm-block Blank project
             %span.d-block.d-sm-none Blank
-        %li{ class: active_when(active_tab == 'template'), role: 'presentation' }
-          %a{ href: '#create-from-template-pane', id: 'create-from-template-tab', data: { toggle: 'tab' }, role: 'tab' }
+        %li.nav-item{ role: 'presentation' }
+          %a.nav-link{ href: '#create-from-template-pane', id: 'create-from-template-tab', data: { toggle: 'tab' }, role: 'tab' }
             %span.d-none.d-sm-block Create from template
             %span.d-block.d-sm-none Template
-        %li{ class: active_when(active_tab == 'import'), role: 'presentation' }
-          %a{ href: '#import-project-pane', id: 'import-project-tab', data: { toggle: 'tab' }, role: 'tab' }
+        %li.nav-item{ role: 'presentation' }
+          %a.nav-link{ href: '#import-project-pane', id: 'import-project-tab', data: { toggle: 'tab' }, role: 'tab' }
             %span.d-none.d-sm-block Import project
             %span.d-block.d-sm-none Import
 
diff --git a/app/views/search/results/_blob.html.haml b/app/views/search/results/_blob.html.haml
index de473c23d66..fdcd126e7a3 100644
--- a/app/views/search/results/_blob.html.haml
+++ b/app/views/search/results/_blob.html.haml
@@ -1,13 +1,5 @@
-- file_name, blob = blob
-.blob-result
-  .file-holder
-    .js-file-title.file-title
-      - ref = @search_results.repository_ref
-      - blob_link = project_blob_path(@project, tree_join(ref, file_name))
-      = link_to blob_link do
-        %i.fa.fa-file
-        %strong
-          = file_name
-    - if blob
-      .file-content.code.term
-        = render 'shared/file_highlight', blob: blob, first_line_number: blob.startline, blob_link: blob_link
+- project = find_project_for_result_blob(blob)
+- file_name, blob = parse_search_result(blob)
+- blob_link = project_blob_path(project, tree_join(blob.ref, file_name))
+
+= render partial: 'search/results/blob_data', locals: { blob: blob, project: project, file_name: file_name, blob_link: blob_link }
diff --git a/app/views/search/results/_blob_data.html.haml b/app/views/search/results/_blob_data.html.haml
new file mode 100644
index 00000000000..0115be41ff1
--- /dev/null
+++ b/app/views/search/results/_blob_data.html.haml
@@ -0,0 +1,9 @@
+.blob-result
+  .file-holder
+    .js-file-title.file-title
+      = link_to blob_link do
+        %i.fa.fa-file
+        = search_blob_title(project, file_name)
+    - if blob.data
+      .file-content.code.term
+        = render 'shared/file_highlight', blob: blob, first_line_number: blob.startline
diff --git a/app/views/search/results/_wiki_blob.html.haml b/app/views/search/results/_wiki_blob.html.haml
index 16a0e432d62..4346217c230 100644
--- a/app/views/search/results/_wiki_blob.html.haml
+++ b/app/views/search/results/_wiki_blob.html.haml
@@ -1,10 +1,5 @@
-- wiki_blob = parse_search_result(wiki_blob)
-.blob-result
-  .file-holder
-    .js-file-title.file-title
-      = link_to project_wiki_path(@project, wiki_blob.basename) do
-        %i.fa.fa-file
-        %strong
-          = wiki_blob.basename
-    .file-content.code.term
-      = render 'shared/file_highlight', blob: wiki_blob, first_line_number: wiki_blob.startline
+- project = find_project_for_result_blob(wiki_blob)
+- file_name, wiki_blob = parse_search_result(wiki_blob)
+- wiki_blob_link = project_wiki_path(project, wiki_blob.basename)
+
+= render partial: 'search/results/blob_data', locals: { blob: wiki_blob, project: project, file_name: file_name, blob_link: wiki_blob_link }
diff --git a/app/views/shared/_visibility_level.html.haml b/app/views/shared/_visibility_level.html.haml
index d67409ffe14..01ce1225b8d 100644
--- a/app/views/shared/_visibility_level.html.haml
+++ b/app/views/shared/_visibility_level.html.haml
@@ -1,11 +1,11 @@
 - with_label = local_assigns.fetch(:with_label, true)
 
-.form-group.visibility-level-setting
+.form-group.row.visibility-level-setting
   - if with_label
     = f.label :visibility_level, class: 'col-form-label col-sm-2' do
       Visibility Level
       = link_to icon('question-circle'), help_page_path("public_access/public_access")
-  %div{ :class => ("col-sm-10" if with_label) }
+  %div{ :class => (with_label ? "col-sm-10" : "col-sm-12") }
     - if can_change_visibility_level
       = render('shared/visibility_radios', model_method: :visibility_level, form: f, selected_level: visibility_level, form_model: form_model)
     - else
diff --git a/app/views/shared/issuable/form/_contribution.html.haml b/app/views/shared/issuable/form/_contribution.html.haml
index b34549240e0..519b5fae846 100644
--- a/app/views/shared/issuable/form/_contribution.html.haml
+++ b/app/views/shared/issuable/form/_contribution.html.haml
@@ -12,9 +12,9 @@
     = _('Contribution')
   .col-sm-10
     .form-check
-      = form.check_box :allow_maintainer_to_push, disabled: !issuable.can_allow_maintainer_to_push?(current_user), class: 'form-check-input'
-      = form.label :allow_maintainer_to_push, class: 'form-check-label' do
-        = _('Allow edits from maintainers.')
-        = link_to 'About this feature', help_page_path('user/project/merge_requests/maintainer_access')
+      = form.check_box :allow_collaboration, disabled: !issuable.can_allow_collaboration?(current_user), class: 'form-check-input'
+      = form.label :allow_collaboration, class: 'form-check-label' do
+        = _('Allow commits from members who can merge to the target branch.')
+        = link_to 'About this feature', help_page_path('user/project/merge_requests/allow_collaboration')
         .form-text.text-muted
-          = allow_maintainer_push_unavailable_reason(issuable)
+          = allow_collaboration_unavailable_reason(issuable)
diff --git a/app/views/shared/issuable/form/_metadata.html.haml b/app/views/shared/issuable/form/_metadata.html.haml
index 1e27253aaeb..01fbc163a14 100644
--- a/app/views/shared/issuable/form/_metadata.html.haml
+++ b/app/views/shared/issuable/form/_metadata.html.haml
@@ -15,15 +15,15 @@
       - else
         = render "shared/issuable/form/metadata_merge_request_assignee", issuable: issuable, form: form, has_due_date: has_due_date
     .form-group.row.issue-milestone
-      = form.label :milestone_id, "Milestone", class: "col-form-label #{has_due_date ? "col-md-2 col-lg-4" : "col-2"}"
-      .col-10{ class: ("col-md-8" if has_due_date) }
+      = form.label :milestone_id, "Milestone", class: "col-form-label #{has_due_date ? "col-md-2 col-lg-4" : "col-sm-2"}"
+      .col-sm-10{ class: ("col-md-8" if has_due_date) }
         .issuable-form-select-holder
           = render "shared/issuable/milestone_dropdown", selected: issuable.milestone, name: "#{issuable.class.model_name.param_key}[milestone_id]", show_any: false, show_upcoming: false, show_started: false, extra_class: "js-issuable-form-dropdown js-dropdown-keep-input", dropdown_title: "Select milestone"
     .form-group.row
       - has_labels = @labels && @labels.any?
-      = form.label :label_ids, "Labels", class: "col-form-label #{has_due_date ? "col-md-2 col-lg-4" : "col-2"}"
+      = form.label :label_ids, "Labels", class: "col-form-label #{has_due_date ? "col-md-2 col-lg-4" : "col-sm-2"}"
       = form.hidden_field :label_ids, multiple: true, value: ''
-      .col-10{ class: "#{"col-md-8" if has_due_date} #{'issuable-form-padding-top' if !has_labels}" }
+      .col-sm-10{ class: "#{"col-md-8" if has_due_date} #{'issuable-form-padding-top' if !has_labels}" }
         .issuable-form-select-holder
           = render "shared/issuable/label_dropdown", classes: ["js-issuable-form-dropdown"], selected: issuable.labels, data_options: { field_name: "#{issuable.class.model_name.param_key}[label_ids][]", show_any: false}, dropdown_title: "Select label"
   - if has_due_date
diff --git a/app/views/shared/projects/_edit_information.html.haml b/app/views/shared/projects/_edit_information.html.haml
index ec9dc8f62c2..9230e045a81 100644
--- a/app/views/shared/projects/_edit_information.html.haml
+++ b/app/views/shared/projects/_edit_information.html.haml
@@ -1,6 +1,6 @@
 - unless can?(current_user, :push_code, @project)
   .inline.prepend-left-10
-    - if @project.branch_allows_maintainer_push?(current_user, selected_branch)
+    - if @project.branch_allows_collaboration?(current_user, selected_branch)
       = commit_in_single_accessible_branch
     - else
       = commit_in_fork_help
diff --git a/app/views/users/terms/index.html.haml b/app/views/users/terms/index.html.haml
index e0fe551cf36..b9f25a71170 100644
--- a/app/views/users/terms/index.html.haml
+++ b/app/views/users/terms/index.html.haml
@@ -1,8 +1,8 @@
 - redirect_params = { redirect: @redirect } if @redirect
 
-.panel-content.rendered-terms
+.card-body.rendered-terms
   = markdown_field(@term, :terms)
-.row-content-block.footer-block.clearfix
+.card-footer.footer-block.clearfix
   - if can?(current_user, :accept_terms, @term)
     .float-right
       = button_to accept_term_path(@term, redirect_params), class: 'btn btn-success prepend-left-8' do
diff --git a/changelogs/unreleased/36862-subgroup-milestones.yml b/changelogs/unreleased/36862-subgroup-milestones.yml
new file mode 100644
index 00000000000..98b9dc41cb1
--- /dev/null
+++ b/changelogs/unreleased/36862-subgroup-milestones.yml
@@ -0,0 +1,5 @@
+---
+title: Include milestones from parent groups when assigning a milestone to an issue or merge request
+merge_request:
+author:
+type: changed
diff --git a/changelogs/unreleased/42751-rename-mr-maintainer-push.yml b/changelogs/unreleased/42751-rename-mr-maintainer-push.yml
new file mode 100644
index 00000000000..aa29f6ed4b7
--- /dev/null
+++ b/changelogs/unreleased/42751-rename-mr-maintainer-push.yml
@@ -0,0 +1,5 @@
+---
+title: Rephrasing Merge Request's 'allow edits from maintainer' functionality
+merge_request: 19061
+author:
+type: deprecated
diff --git a/changelogs/unreleased/45820-add-xcode-link.yml b/changelogs/unreleased/45820-add-xcode-link.yml
new file mode 100644
index 00000000000..9e61703ee10
--- /dev/null
+++ b/changelogs/unreleased/45820-add-xcode-link.yml
@@ -0,0 +1,5 @@
+---
+title: Add Open in Xcode link for xcode repositories
+merge_request:
+author:
+type: added
diff --git a/changelogs/unreleased/46452-nomethoderror-undefined-method-previous_changes-for-nil-nilclass.yml b/changelogs/unreleased/46452-nomethoderror-undefined-method-previous_changes-for-nil-nilclass.yml
new file mode 100644
index 00000000000..89dee65f5a8
--- /dev/null
+++ b/changelogs/unreleased/46452-nomethoderror-undefined-method-previous_changes-for-nil-nilclass.yml
@@ -0,0 +1,5 @@
+---
+title: Check for nil AutoDevOps when saving project CI/CD settings.
+merge_request: 19190
+author:
+type: fixed
diff --git a/changelogs/unreleased/46845-update-email_spec-to-2-2-0.yml b/changelogs/unreleased/46845-update-email_spec-to-2-2-0.yml
new file mode 100644
index 00000000000..bf501340769
--- /dev/null
+++ b/changelogs/unreleased/46845-update-email_spec-to-2-2-0.yml
@@ -0,0 +1,5 @@
+---
+title: Update email_spec to 2.2.0
+merge_request: 19164
+author: Takuya Noguchi
+type: other
diff --git a/changelogs/unreleased/47183-update-selenium-webdriver-to-3-12-0.yml b/changelogs/unreleased/47183-update-selenium-webdriver-to-3-12-0.yml
new file mode 100644
index 00000000000..b0d51d810f2
--- /dev/null
+++ b/changelogs/unreleased/47183-update-selenium-webdriver-to-3-12-0.yml
@@ -0,0 +1,5 @@
+---
+title: Update selenium-webdriver to 3.12.0
+merge_request: 19351
+author: Takuya Noguchi
+type: other
diff --git a/changelogs/unreleased/add-background-migrations-for-not-archived-traces.yml b/changelogs/unreleased/add-background-migrations-for-not-archived-traces.yml
new file mode 100644
index 00000000000..b1b23c477df
--- /dev/null
+++ b/changelogs/unreleased/add-background-migrations-for-not-archived-traces.yml
@@ -0,0 +1,5 @@
+---
+title: Add background migrations for archiving legacy job traces
+merge_request: 19194
+author:
+type: performance
diff --git a/changelogs/unreleased/bvl-bump-gitlab-shell-7-1-3.yml b/changelogs/unreleased/bvl-bump-gitlab-shell-7-1-3.yml
new file mode 100644
index 00000000000..76bb25bc7d7
--- /dev/null
+++ b/changelogs/unreleased/bvl-bump-gitlab-shell-7-1-3.yml
@@ -0,0 +1,5 @@
+---
+title: Include username in output when testing SSH to GitLab
+merge_request: 19358
+author:
+type: other
diff --git a/changelogs/unreleased/fix-avatars-n-plus-one.yml b/changelogs/unreleased/fix-avatars-n-plus-one.yml
new file mode 100644
index 00000000000..c5b42071f2b
--- /dev/null
+++ b/changelogs/unreleased/fix-avatars-n-plus-one.yml
@@ -0,0 +1,5 @@
+---
+title: Fix an N+1 when loading user avatars
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/fj-34526-enabling-wiki-search-by-title.yml b/changelogs/unreleased/fj-34526-enabling-wiki-search-by-title.yml
new file mode 100644
index 00000000000..2ae2cf8a23e
--- /dev/null
+++ b/changelogs/unreleased/fj-34526-enabling-wiki-search-by-title.yml
@@ -0,0 +1,5 @@
+---
+title: Added ability to search by wiki titles
+merge_request: 19112
+author:
+type: added
diff --git a/changelogs/unreleased/gh-importer-transactions.yml b/changelogs/unreleased/gh-importer-transactions.yml
new file mode 100644
index 00000000000..1489d60a3fb
--- /dev/null
+++ b/changelogs/unreleased/gh-importer-transactions.yml
@@ -0,0 +1,5 @@
+---
+title: Move PR IO operations out of a transaction
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/jivl-smarter-system-notes.yml b/changelogs/unreleased/jivl-smarter-system-notes.yml
new file mode 100644
index 00000000000..e640981de9a
--- /dev/null
+++ b/changelogs/unreleased/jivl-smarter-system-notes.yml
@@ -0,0 +1,5 @@
+---
+title: Add support for smarter system notes
+merge_request: 17164
+author:
+type: changed
diff --git a/changelogs/unreleased/optimise-pages-service-calling.yml b/changelogs/unreleased/optimise-pages-service-calling.yml
new file mode 100644
index 00000000000..e017e6b01f1
--- /dev/null
+++ b/changelogs/unreleased/optimise-pages-service-calling.yml
@@ -0,0 +1,5 @@
+---
+title: Optimise PagesWorker usage
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/optimise-runner-update-cached-info.yml b/changelogs/unreleased/optimise-runner-update-cached-info.yml
new file mode 100644
index 00000000000..15fb9bcdf41
--- /dev/null
+++ b/changelogs/unreleased/optimise-runner-update-cached-info.yml
@@ -0,0 +1,5 @@
+---
+title: Update runner cached informations without performing validations
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/osw-ignore-diff-header-when-persisting-diff-hunk.yml b/changelogs/unreleased/osw-ignore-diff-header-when-persisting-diff-hunk.yml
new file mode 100644
index 00000000000..ef66deaa0ef
--- /dev/null
+++ b/changelogs/unreleased/osw-ignore-diff-header-when-persisting-diff-hunk.yml
@@ -0,0 +1,5 @@
+---
+title: Adjust insufficient diff hunks being persisted on NoteDiffFile
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/per-project-pipeline-iid.yml b/changelogs/unreleased/per-project-pipeline-iid.yml
new file mode 100644
index 00000000000..78a513a9986
--- /dev/null
+++ b/changelogs/unreleased/per-project-pipeline-iid.yml
@@ -0,0 +1,5 @@
+---
+title: Add per-project pipeline id
+merge_request: 18558
+author:
+type: added
diff --git a/changelogs/unreleased/presigned-multipart-uploads.yml b/changelogs/unreleased/presigned-multipart-uploads.yml
new file mode 100644
index 00000000000..52fae6534fd
--- /dev/null
+++ b/changelogs/unreleased/presigned-multipart-uploads.yml
@@ -0,0 +1,5 @@
+---
+title: Support direct_upload with S3 Multipart uploads
+merge_request:
+author:
+type: added
diff --git a/changelogs/unreleased/rails5-fix-46236.yml b/changelogs/unreleased/rails5-fix-46236.yml
new file mode 100644
index 00000000000..9203b448bed
--- /dev/null
+++ b/changelogs/unreleased/rails5-fix-46236.yml
@@ -0,0 +1,5 @@
+---
+title: Support rails5 in postgres indexes function and fix some migrations
+merge_request: 19400
+author: Jasper Maes
+type: fixed
diff --git a/changelogs/unreleased/rails5-fix-46281.yml b/changelogs/unreleased/rails5-fix-46281.yml
new file mode 100644
index 00000000000..ee0b8531988
--- /dev/null
+++ b/changelogs/unreleased/rails5-fix-46281.yml
@@ -0,0 +1,5 @@
+---
+title: Rails5 fix arel from
+merge_request: 19340
+author: Jasper Maes
+type: fixed
diff --git a/changelogs/unreleased/remove-unused-query-in-hooks.yml b/changelogs/unreleased/remove-unused-query-in-hooks.yml
new file mode 100644
index 00000000000..ef40b2db5a9
--- /dev/null
+++ b/changelogs/unreleased/remove-unused-query-in-hooks.yml
@@ -0,0 +1,5 @@
+---
+title: Remove unused running_or_pending_build_count
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/sh-add-uncached-query-limiter.yml b/changelogs/unreleased/sh-add-uncached-query-limiter.yml
new file mode 100644
index 00000000000..4318338c229
--- /dev/null
+++ b/changelogs/unreleased/sh-add-uncached-query-limiter.yml
@@ -0,0 +1,5 @@
+---
+title: Remove N+1 query for author in issues API
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/sh-fix-pipeline-jobs-nplus-one.yml b/changelogs/unreleased/sh-fix-pipeline-jobs-nplus-one.yml
new file mode 100644
index 00000000000..eac00f4fca6
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-pipeline-jobs-nplus-one.yml
@@ -0,0 +1,5 @@
+---
+title: Eliminate N+1 queries for CI job artifacts in /api/prjoects/:id/pipelines/:pipeline_id/jobs
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/sh-fix-secrets-not-working.yml b/changelogs/unreleased/sh-fix-secrets-not-working.yml
new file mode 100644
index 00000000000..044a873ecd9
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-secrets-not-working.yml
@@ -0,0 +1,5 @@
+---
+title: Fix attr_encryption key settings
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/sh-fix-source-project-nplus-one.yml b/changelogs/unreleased/sh-fix-source-project-nplus-one.yml
new file mode 100644
index 00000000000..9d78ad6408c
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-source-project-nplus-one.yml
@@ -0,0 +1,5 @@
+---
+title: Fix N+1 with source_projects in merge requests API
+merge_request:
+author:
+type: performance
diff --git a/config/initializers/secret_token.rb b/config/initializers/01_secret_token.rb
index 750a5b34f3b..02bded43083 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -1,3 +1,6 @@
+# This file needs to be loaded BEFORE any initializers that attempt to
+# prepend modules that require access to secrets (e.g. EE's 0_as_concern.rb).
+#
 # Be sure to restart your server when you modify this file.
 
 require 'securerandom'
diff --git a/config/initializers/artifacts_direct_upload_support.rb b/config/initializers/artifacts_direct_upload_support.rb
deleted file mode 100644
index d2bc35ea613..00000000000
--- a/config/initializers/artifacts_direct_upload_support.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-artifacts_object_store = Gitlab.config.artifacts.object_store
-
-if artifacts_object_store.enabled &&
-    artifacts_object_store.direct_upload &&
-    artifacts_object_store.connection&.provider.to_s != 'Google'
-  raise "Only 'Google' is supported as a object storage provider when 'direct_upload' of artifacts is used"
-end
diff --git a/config/initializers/direct_upload_support.rb b/config/initializers/direct_upload_support.rb
new file mode 100644
index 00000000000..32fc8c8bc69
--- /dev/null
+++ b/config/initializers/direct_upload_support.rb
@@ -0,0 +1,19 @@
+class DirectUploadsValidator
+  SUPPORTED_DIRECT_UPLOAD_PROVIDERS = %w(Google AWS).freeze
+
+  ValidationError = Class.new(StandardError)
+
+  def verify!(object_store)
+    return unless object_store.enabled
+    return unless object_store.direct_upload
+    return if SUPPORTED_DIRECT_UPLOAD_PROVIDERS.include?(object_store.connection&.provider.to_s)
+
+    raise ValidationError, "Only #{SUPPORTED_DIRECT_UPLOAD_PROVIDERS.join(',')} are supported as a object storage provider when 'direct_upload' is used"
+  end
+end
+
+DirectUploadsValidator.new.tap do |validator|
+  [Gitlab.config.artifacts, Gitlab.config.uploads, Gitlab.config.lfs].each do |uploader|
+    validator.verify!(uploader.object_store)
+  end
+end
diff --git a/config/initializers/postgresql_opclasses_support.rb b/config/initializers/postgresql_opclasses_support.rb
index c2f3023b330..03bda44a630 100644
--- a/config/initializers/postgresql_opclasses_support.rb
+++ b/config/initializers/postgresql_opclasses_support.rb
@@ -107,8 +107,15 @@ module ActiveRecord
 
           result.map do |row|
             index_name = row[0]
-            unique = row[1] == 't'
+            unique = if Gitlab.rails5?
+                       row[1]
+                     else
+                       row[1] == 't'
+                     end
             indkey = row[2].split(" ")
+            if Gitlab.rails5?
+              indkey = indkey.map(&:to_i)
+            end
             inddef = row[3]
             oid = row[4]
 
diff --git a/config/settings.rb b/config/settings.rb
index 69d637761ea..3f3481bb65d 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -85,6 +85,24 @@ class Settings < Settingslogic
       File.expand_path(path, Rails.root)
     end
 
+    # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys
+    # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1).
+    # Previous versions quietly truncated the input.
+    #
+    # Use this when using :per_attribute_iv mode for attr_encrypted.
+    # We have to truncate the string to 32 bytes for a 256-bit cipher.
+    def attr_encrypted_db_key_base_truncated
+      Gitlab::Application.secrets.db_key_base[0..31]
+    end
+
+    # This should be used for :per_attribute_salt_and_iv mode. There is no
+    # need to truncate the key because the encryptor will use the salt to
+    # generate a hash of the password:
+    # https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77
+    def attr_encrypted_db_key_base
+      Gitlab::Application.secrets.db_key_base
+    end
+
     private
 
     def base_url(config)
diff --git a/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb b/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb
index 375e389e07a..7aa79bf5e02 100644
--- a/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb
+++ b/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb
@@ -37,7 +37,12 @@ class AddTrigramIndexesForSearching < ActiveRecord::Migration
     res = execute("SELECT true AS enabled FROM pg_available_extensions WHERE name = 'pg_trgm' AND installed_version IS NOT NULL;")
     row = res.first
 
-    row && row['enabled'] == 't' ? true : false
+    check = if Gitlab.rails5?
+              true
+            else
+              't'
+            end
+    row && row['enabled'] == check ? true : false
   end
 
   def create_trigrams_extension
diff --git a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
index 611767ac7fe..95105118764 100644
--- a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
+++ b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
@@ -8,7 +8,7 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
     extend AttrEncrypted
     attr_accessor :credentials
     attr_encrypted :credentials,
-                   key: Gitlab::Application.secrets.db_key_base,
+                   key: Settings.attr_encrypted_db_key_base,
                    marshal: true,
                    encode: true,
                    :mode => :per_attribute_iv_and_salt,
diff --git a/db/migrate/20170622135728_add_unique_constraint_to_ci_variables.rb b/db/migrate/20170622135728_add_unique_constraint_to_ci_variables.rb
index 8b2cc40ee59..787022b7bfe 100644
--- a/db/migrate/20170622135728_add_unique_constraint_to_ci_variables.rb
+++ b/db/migrate/20170622135728_add_unique_constraint_to_ci_variables.rb
@@ -2,12 +2,13 @@ class AddUniqueConstraintToCiVariables < ActiveRecord::Migration
   include Gitlab::Database::MigrationHelpers
 
   DOWNTIME = false
+  INDEX_NAME = 'index_ci_variables_on_project_id_and_key_and_environment_scope'
 
   disable_ddl_transaction!
 
   def up
     unless this_index_exists?
-      add_concurrent_index(:ci_variables, columns, name: index_name, unique: true)
+      add_concurrent_index(:ci_variables, columns, name: INDEX_NAME, unique: true)
     end
   end
 
@@ -18,21 +19,17 @@ class AddUniqueConstraintToCiVariables < ActiveRecord::Migration
         add_concurrent_index(:ci_variables, :project_id)
       end
 
-      remove_concurrent_index(:ci_variables, columns, name: index_name)
+      remove_concurrent_index(:ci_variables, columns, name: INDEX_NAME)
     end
   end
 
   private
 
   def this_index_exists?
-    index_exists?(:ci_variables, columns, name: index_name)
+    index_exists?(:ci_variables, columns, name: INDEX_NAME)
   end
 
   def columns
     @columns ||= [:project_id, :key, :environment_scope]
   end
-
-  def index_name
-    'index_ci_variables_on_project_id_and_key_and_environment_scope'
-  end
 end
diff --git a/db/migrate/20171106155656_turn_issues_due_date_index_to_partial_index.rb b/db/migrate/20171106155656_turn_issues_due_date_index_to_partial_index.rb
index e4bed778695..08784de4043 100644
--- a/db/migrate/20171106155656_turn_issues_due_date_index_to_partial_index.rb
+++ b/db/migrate/20171106155656_turn_issues_due_date_index_to_partial_index.rb
@@ -20,9 +20,7 @@ class TurnIssuesDueDateIndexToPartialIndex < ActiveRecord::Migration
       name: NEW_INDEX_NAME
     )
 
-    # We set the column name to nil as otherwise Rails will ignore the custom
-    # index name and remove the wrong index.
-    remove_concurrent_index(:issues, nil, name: OLD_INDEX_NAME)
+    remove_concurrent_index_by_name(:issues, OLD_INDEX_NAME)
   end
 
   def down
@@ -32,6 +30,6 @@ class TurnIssuesDueDateIndexToPartialIndex < ActiveRecord::Migration
       name: OLD_INDEX_NAME
     )
 
-    remove_concurrent_index(:issues, nil, name: NEW_INDEX_NAME)
+    remove_concurrent_index_by_name(:issues, NEW_INDEX_NAME)
   end
 end
diff --git a/db/migrate/20180201110056_add_foreign_keys_to_todos.rb b/db/migrate/20180201110056_add_foreign_keys_to_todos.rb
index b7c40f8c01a..020b0550321 100644
--- a/db/migrate/20180201110056_add_foreign_keys_to_todos.rb
+++ b/db/migrate/20180201110056_add_foreign_keys_to_todos.rb
@@ -31,7 +31,7 @@ class AddForeignKeysToTodos < ActiveRecord::Migration
   end
 
   def down
-    remove_foreign_key :todos, :users
+    remove_foreign_key :todos, column: :user_id
     remove_foreign_key :todos, column: :author_id
     remove_foreign_key :todos, :notes
   end
diff --git a/db/migrate/20180424160449_add_pipeline_iid_to_ci_pipelines.rb b/db/migrate/20180424160449_add_pipeline_iid_to_ci_pipelines.rb
new file mode 100644
index 00000000000..e8f0c91d612
--- /dev/null
+++ b/db/migrate/20180424160449_add_pipeline_iid_to_ci_pipelines.rb
@@ -0,0 +1,13 @@
+class AddPipelineIidToCiPipelines < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    add_column :ci_pipelines, :iid, :integer
+  end
+
+  def down
+    remove_column :ci_pipelines, :iid, :integer
+  end
+end
diff --git a/db/migrate/20180425205249_add_index_constraints_to_pipeline_iid.rb b/db/migrate/20180425205249_add_index_constraints_to_pipeline_iid.rb
new file mode 100644
index 00000000000..3fa59b44d5d
--- /dev/null
+++ b/db/migrate/20180425205249_add_index_constraints_to_pipeline_iid.rb
@@ -0,0 +1,15 @@
+class AddIndexConstraintsToPipelineIid < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :ci_pipelines, [:project_id, :iid], unique: true, where: 'iid IS NOT NULL'
+  end
+
+  def down
+    remove_concurrent_index :ci_pipelines, [:project_id, :iid]
+  end
+end
diff --git a/db/migrate/20180523042841_rename_merge_requests_allow_maintainer_to_push.rb b/db/migrate/20180523042841_rename_merge_requests_allow_maintainer_to_push.rb
new file mode 100644
index 00000000000..975bdfe70f4
--- /dev/null
+++ b/db/migrate/20180523042841_rename_merge_requests_allow_maintainer_to_push.rb
@@ -0,0 +1,15 @@
+class RenameMergeRequestsAllowMaintainerToPush < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    rename_column_concurrently :merge_requests, :allow_maintainer_to_push, :allow_collaboration
+  end
+
+  def down
+    cleanup_concurrent_column_rename :merge_requests, :allow_collaboration, :allow_maintainer_to_push
+  end
+end
diff --git a/db/post_migrate/20171124104327_migrate_kubernetes_service_to_new_clusters_architectures.rb b/db/post_migrate/20171124104327_migrate_kubernetes_service_to_new_clusters_architectures.rb
index 11b581e4b57..a957f107405 100644
--- a/db/post_migrate/20171124104327_migrate_kubernetes_service_to_new_clusters_architectures.rb
+++ b/db/post_migrate/20171124104327_migrate_kubernetes_service_to_new_clusters_architectures.rb
@@ -48,7 +48,7 @@ class MigrateKubernetesServiceToNewClustersArchitectures < ActiveRecord::Migrati
 
     attr_encrypted :token,
       mode: :per_attribute_iv,
-      key: Gitlab::Application.secrets.db_key_base,
+      key: Settings.attr_encrypted_db_key_base_truncated,
       algorithm: 'aes-256-cbc'
   end
 
diff --git a/db/post_migrate/20180523125103_cleanup_merge_requests_allow_maintainer_to_push_rename.rb b/db/post_migrate/20180523125103_cleanup_merge_requests_allow_maintainer_to_push_rename.rb
new file mode 100644
index 00000000000..b9ce4600675
--- /dev/null
+++ b/db/post_migrate/20180523125103_cleanup_merge_requests_allow_maintainer_to_push_rename.rb
@@ -0,0 +1,15 @@
+class CleanupMergeRequestsAllowMaintainerToPushRename < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    cleanup_concurrent_column_rename :merge_requests, :allow_maintainer_to_push, :allow_collaboration
+  end
+
+  def down
+    rename_column_concurrently :merge_requests, :allow_collaboration, :allow_maintainer_to_push
+  end
+end
diff --git a/db/post_migrate/20180529152628_schedule_to_archive_legacy_traces.rb b/db/post_migrate/20180529152628_schedule_to_archive_legacy_traces.rb
new file mode 100644
index 00000000000..965cd3a8714
--- /dev/null
+++ b/db/post_migrate/20180529152628_schedule_to_archive_legacy_traces.rb
@@ -0,0 +1,35 @@
+class ScheduleToArchiveLegacyTraces < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+  BATCH_SIZE = 5000
+  BACKGROUND_MIGRATION_CLASS = 'ArchiveLegacyTraces'
+
+  disable_ddl_transaction!
+
+  class Build < ActiveRecord::Base
+    include EachBatch
+    self.table_name = 'ci_builds'
+    self.inheritance_column = :_type_disabled # Disable STI
+
+    scope :type_build, -> { where(type: 'Ci::Build') }
+
+    scope :finished, -> { where(status: [:success, :failed, :canceled]) }
+
+    scope :without_archived_trace, -> do
+      where('NOT EXISTS (SELECT 1 FROM ci_job_artifacts WHERE ci_builds.id = ci_job_artifacts.job_id AND ci_job_artifacts.file_type = 3)')
+    end
+  end
+
+  def up
+    queue_background_migration_jobs_by_range_at_intervals(
+      ::ScheduleToArchiveLegacyTraces::Build.type_build.finished.without_archived_trace,
+      BACKGROUND_MIGRATION_CLASS,
+      5.minutes,
+      batch_size: BATCH_SIZE)
+  end
+
+  def down
+    # noop
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index b14ea5640d4..dc34736c76b 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -451,10 +451,12 @@ ActiveRecord::Schema.define(version: 20180531220618) do
     t.integer "config_source"
     t.boolean "protected"
     t.integer "failure_reason"
+    t.integer "iid"
   end
 
   add_index "ci_pipelines", ["auto_canceled_by_id"], name: "index_ci_pipelines_on_auto_canceled_by_id", using: :btree
   add_index "ci_pipelines", ["pipeline_schedule_id"], name: "index_ci_pipelines_on_pipeline_schedule_id", using: :btree
+  add_index "ci_pipelines", ["project_id", "iid"], name: "index_ci_pipelines_on_project_id_and_iid", unique: true, where: "(iid IS NOT NULL)", using: :btree
   add_index "ci_pipelines", ["project_id", "ref", "status", "id"], name: "index_ci_pipelines_on_project_id_and_ref_and_status_and_id", using: :btree
   add_index "ci_pipelines", ["project_id", "sha"], name: "index_ci_pipelines_on_project_id_and_sha", using: :btree
   add_index "ci_pipelines", ["project_id"], name: "index_ci_pipelines_on_project_id", using: :btree
@@ -1227,7 +1229,7 @@ ActiveRecord::Schema.define(version: 20180531220618) do
     t.boolean "discussion_locked"
     t.integer "latest_merge_request_diff_id"
     t.string "rebase_commit_sha"
-    t.boolean "allow_maintainer_to_push"
+    t.boolean "allow_collaboration"
     t.boolean "squash", default: false, null: false
   end
 
diff --git a/doc/administration/job_artifacts.md b/doc/administration/job_artifacts.md
index 77fe4d561a1..e59ab5a72e1 100644
--- a/doc/administration/job_artifacts.md
+++ b/doc/administration/job_artifacts.md
@@ -94,6 +94,7 @@ _The artifacts are stored by default in
 > Available in [GitLab Premium](https://about.gitlab.com/products/) and
 [GitLab.com Silver](https://about.gitlab.com/gitlab-com/).
 > Since version 10.6, available in [GitLab CE](https://about.gitlab.com/products/)
+> Since version 11.0, we support direct_upload to S3.
 
 If you don't want to use the local disk where GitLab is installed to store the
 artifacts, you can use an object storage like AWS S3 instead.
@@ -108,7 +109,7 @@ For source installations the following settings are nested under `artifacts:` an
 |---------|-------------|---------|
 | `enabled` | Enable/disable object storage | `false` |
 | `remote_directory` | The bucket name where Artifacts will be stored| |
-| `direct_upload` | Set to true to enable direct upload of Artifacts without the need of local shared storage. Option may be removed once we decide to support only single storage for all files. Currently only `Google` provider is supported | `false` |
+| `direct_upload` | Set to true to enable direct upload of Artifacts without the need of local shared storage. Option may be removed once we decide to support only single storage for all files. | `false` |
 | `background_upload` | Set to false to disable automatic upload. Option may be removed once upload is direct to S3 | `true` |
 | `proxy_download` | Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data | `false` |
 | `connection` | Various connection options described below | |
diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md
index c0221533f13..9b1297ca4ba 100644
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -83,12 +83,12 @@ you need to add a [wildcard DNS A record][wiki-wildcard-dns] pointing to the
 host that GitLab runs. For example, an entry would look like this:
 
 ```
-*.example.io. 1800 IN A    1.1.1.1
+*.example.io. 1800 IN A    192.0.2.1
 *.example.io. 1800 IN AAAA 2001::1
 ```
 
 where `example.io` is the domain under which GitLab Pages will be served
-and `1.1.1.1` is the IPv4 address of your GitLab instance and `2001::1` is the
+and `192.0.2.1` is the IPv4 address of your GitLab instance and `2001::1` is the
 IPv6 address. If you don't have IPv6, you can omit the AAAA record.
 
 > **Note:**
@@ -193,13 +193,13 @@ world. Custom domains are supported, but no TLS.
 
     ```shell
     pages_external_url "http://example.io"
-    nginx['listen_addresses'] = ['1.1.1.1']
+    nginx['listen_addresses'] = ['192.0.2.1']
     pages_nginx['enable'] = false
-    gitlab_pages['external_http'] = ['1.1.1.2:80', '[2001::2]:80']
+    gitlab_pages['external_http'] = ['192.0.2.2:80', '[2001::2]:80']
     ```
 
-    where `1.1.1.1` is the primary IP address that GitLab is listening to and
-    `1.1.1.2` and `2001::2` are the secondary IPs the GitLab Pages daemon
+    where `192.0.2.1` is the primary IP address that GitLab is listening to and
+    `192.0.2.2` and `2001::2` are the secondary IPs the GitLab Pages daemon
     listens on. If you don't have IPv6, you can omit the IPv6 address.
 
 1. [Reconfigure GitLab][reconfigure]
@@ -228,16 +228,16 @@ world. Custom domains and TLS are supported.
 
     ```shell
     pages_external_url "https://example.io"
-    nginx['listen_addresses'] = ['1.1.1.1']
+    nginx['listen_addresses'] = ['192.0.2.1']
     pages_nginx['enable'] = false
     gitlab_pages['cert'] = "/etc/gitlab/ssl/example.io.crt"
     gitlab_pages['cert_key'] = "/etc/gitlab/ssl/example.io.key"
-    gitlab_pages['external_http'] = ['1.1.1.2:80', '[2001::2]:80']
-    gitlab_pages['external_https'] = ['1.1.1.2:443', '[2001::2]:443']
+    gitlab_pages['external_http'] = ['192.0.2.2:80', '[2001::2]:80']
+    gitlab_pages['external_https'] = ['192.0.2.2:443', '[2001::2]:443']
     ```
 
-    where `1.1.1.1` is the primary IP address that GitLab is listening to and
-    `1.1.1.2` and `2001::2` are the secondary IPs where the GitLab Pages daemon
+    where `192.0.2.1` is the primary IP address that GitLab is listening to and
+    `192.0.2.2` and `2001::2` are the secondary IPs where the GitLab Pages daemon
     listens on. If you don't have IPv6, you can omit the IPv6 address.
 
 1. [Reconfigure GitLab][reconfigure]
diff --git a/doc/administration/pages/source.md b/doc/administration/pages/source.md
index a45c3306457..4e40a7cb18d 100644
--- a/doc/administration/pages/source.md
+++ b/doc/administration/pages/source.md
@@ -67,11 +67,11 @@ you need to add a [wildcard DNS A record][wiki-wildcard-dns] pointing to the
 host that GitLab runs. For example, an entry would look like this:
 
 ```
-*.example.io. 1800 IN A 1.1.1.1
+*.example.io. 1800 IN A 192.0.2.1
 ```
 
 where `example.io` is the domain under which GitLab Pages will be served
-and `1.1.1.1` is the IP address of your GitLab instance.
+and `192.0.2.1` is the IP address of your GitLab instance.
 
 > **Note:**
 You should not use the GitLab domain to serve user pages. For more information
@@ -253,7 +253,7 @@ world. Custom domains are supported, but no TLS.
        port: 80
        https: false
 
-       external_http: 1.1.1.2:80
+       external_http: 192.0.2.2:80
      ```
 
 1. Edit `/etc/default/gitlab` and set `gitlab_pages_enabled` to `true` in
@@ -263,7 +263,7 @@ world. Custom domains are supported, but no TLS.
 
     ```
     gitlab_pages_enabled=true
-    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 1.1.1.2:80"
+    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 192.0.2.2:80"
     ```
 
 1. Copy the `gitlab-pages-ssl` Nginx configuration file:
@@ -274,7 +274,7 @@ world. Custom domains are supported, but no TLS.
     ```
 
 1. Edit all GitLab related configs in `/etc/nginx/site-available/` and replace
-   `0.0.0.0` with `1.1.1.1`, where `1.1.1.1` the primary IP where GitLab
+   `0.0.0.0` with `192.0.2.1`, where `192.0.2.1` the primary IP where GitLab
    listens to.
 1. Restart NGINX
 1. [Restart GitLab][restart]
@@ -320,8 +320,8 @@ world. Custom domains and TLS are supported.
        port: 443
        https: true
 
-       external_http: 1.1.1.2:80
-       external_https: 1.1.1.2:443
+       external_http: 192.0.2.2:80
+       external_https: 192.0.2.2:443
      ```
 
 1. Edit `/etc/default/gitlab` and set `gitlab_pages_enabled` to `true` in
@@ -333,7 +333,7 @@ world. Custom domains and TLS are supported.
 
     ```
     gitlab_pages_enabled=true
-    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 1.1.1.2:80 -listen-https 1.1.1.2:443 -root-cert /path/to/example.io.crt -root-key /path/to/example.io.key
+    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 192.0.2.2:80 -listen-https 192.0.2.2:443 -root-cert /path/to/example.io.crt -root-key /path/to/example.io.key
     ```
 
 1. Copy the `gitlab-pages-ssl` Nginx configuration file:
@@ -344,7 +344,7 @@ world. Custom domains and TLS are supported.
     ```
 
 1. Edit all GitLab related configs in `/etc/nginx/site-available/` and replace
-   `0.0.0.0` with `1.1.1.1`, where `1.1.1.1` the primary IP where GitLab
+   `0.0.0.0` with `192.0.2.1`, where `192.0.2.1` the primary IP where GitLab
    listens to.
 1. Restart NGINX
 1. [Restart GitLab][restart]
diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md
index 051d2a10bc6..9f06e20f803 100644
--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -582,6 +582,7 @@ Parameters:
   "changes_count": "1",
   "should_remove_source_branch": true,
   "force_remove_source_branch": false,
+  "squash": false,
   "web_url": "http://example.com/example/example/merge_requests/1",
   "discussion_locked": false,
   "time_stats": {
@@ -650,7 +651,8 @@ POST /projects/:id/merge_requests
 | `labels`                   | string  | no       | Labels for MR as a comma-separated list                                         |
 | `milestone_id`             | integer | no       | The global ID of a milestone                                                           |
 | `remove_source_branch`     | boolean | no       | Flag indicating if a merge request should remove the source branch when merging |
-| `allow_maintainer_to_push` | boolean | no       | Whether or not a maintainer of the target project can push to the source branch |
+| `allow_collaboration`      | boolean | no       | Allow commits from members who can merge to the target branch                   |
+| `allow_maintainer_to_push` | boolean | no       | Deprecated, see allow_collaboration                                             |
 | `squash`                   | boolean | no       | Squash commits into a single commit when merging                                |
 
 ```json
@@ -708,6 +710,7 @@ POST /projects/:id/merge_requests
   "squash": false,
   "web_url": "http://example.com/example/example/merge_requests/1",
   "discussion_locked": false,
+  "allow_collaboration": false,
   "allow_maintainer_to_push": false,
   "time_stats": {
     "time_estimate": 0,
@@ -740,7 +743,8 @@ PUT /projects/:id/merge_requests/:merge_request_iid
 | `remove_source_branch`     | boolean | no       | Flag indicating if a merge request should remove the source branch when merging |
 | `squash`                   | boolean | no       | Squash commits into a single commit when merging |
 | `discussion_locked`        | boolean | no       | Flag indicating if the merge request's discussion is locked. If the discussion is locked only project members can add, edit or resolve comments. |
-| `allow_maintainer_to_push` | boolean | no       | Whether or not a maintainer of the target project can push to the source branch |
+| `allow_collaboration`      | boolean | no       | Allow commits from members who can merge to the target branch                   |
+| `allow_maintainer_to_push` | boolean | no       | Deprecated, see allow_collaboration                                             |
 
 Must include at least one non-required attribute from above.
 
@@ -798,6 +802,7 @@ Must include at least one non-required attribute from above.
   "squash": false,
   "web_url": "http://example.com/example/example/merge_requests/1",
   "discussion_locked": false,
+  "allow_collaboration": false,
   "allow_maintainer_to_push": false,
   "time_stats": {
     "time_estimate": 0,
diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index f10423b92cf..aa4395b01a9 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -72,6 +72,7 @@ future GitLab releases.**
 | **CI_RUNNER_REVISION**          | all    | 10.6   | GitLab Runner revision that is executing the current job |
 | **CI_RUNNER_EXECUTABLE_ARCH**   | all    | 10.6   | The OS/architecture of the GitLab Runner executable (note that this is not necessarily the same as the environment of the executor) |
 | **CI_PIPELINE_ID**              | 8.10   | 0.5    | The unique id of the current pipeline that GitLab CI uses internally |
+| **CI_PIPELINE_IID**             | 11.0   | all    | The unique id of the current pipeline scoped to project |
 | **CI_PIPELINE_TRIGGERED**       | all    | all    | The flag to indicate that job was [triggered] |
 | **CI_PIPELINE_SOURCE**          | 10.0   | all    | Indicates how the pipeline was triggered. Possible options are: `push`, `web`, `trigger`, `schedule`, `api`, and `pipeline`. For pipelines created before GitLab 9.5, this will show as `unknown` |
 | **CI_PROJECT_DIR**              | all    | all    | The full path where the repository is cloned and where the job is run |
@@ -352,6 +353,8 @@ Running on runner-8a2f473d-project-1796893-concurrent-0 via runner-8a2f473d-mach
 ++ CI_PROJECT_URL=https://example.com/gitlab-examples/ci-debug-trace
 ++ export CI_PIPELINE_ID=52666
 ++ CI_PIPELINE_ID=52666
+++ export CI_PIPELINE_IID=123
+++ CI_PIPELINE_IID=123
 ++ export CI_RUNNER_ID=1337
 ++ CI_RUNNER_ID=1337
 ++ export CI_RUNNER_DESCRIPTION=shared-runners-manager-1.example.com
@@ -439,6 +442,7 @@ export CI_JOB_MANUAL="true"
 export CI_JOB_TRIGGERED="true"
 export CI_JOB_TOKEN="abcde-1234ABCD5678ef"
 export CI_PIPELINE_ID="1000"
+export CI_PIPELINE_IID="10"
 export CI_PROJECT_ID="34"
 export CI_PROJECT_DIR="/builds/gitlab-org/gitlab-ce"
 export CI_PROJECT_NAME="gitlab-ce"
diff --git a/doc/development/i18n/proofreader.md b/doc/development/i18n/proofreader.md
index 5185d843ccb..9a677bf09b2 100644
--- a/doc/development/i18n/proofreader.md
+++ b/doc/development/i18n/proofreader.md
@@ -16,7 +16,7 @@ are very appreciative of the work done by translators and proofreaders!
 - Dutch
 - Esperanto
 - French
-  - Rémy Coutable - [GitLab](https://gitlab.com/rymai), [Crowdin](https://crowdin.com/profile/rymai)
+  - Davy Defaud - [GitLab](https://gitlab.com/DevDef), [Crowdin](https://crowdin.com/profile/DevDef)
 - German
 - Indonesian
   - Ahmad Naufal Mukhtar - [GitLab](https://gitlab.com/anaufalm), [Crowdin](https://crowdin.com/profile/anaufalm)
diff --git a/doc/development/query_recorder.md b/doc/development/query_recorder.md
index 26d3355e94d..61e5e1afede 100644
--- a/doc/development/query_recorder.md
+++ b/doc/development/query_recorder.md
@@ -22,6 +22,19 @@ As an example you might create 5 issues in between counts, which would cause the
 
 > **Note:** In some cases the query count might change slightly between runs for unrelated reasons. In this case you might need to test `exceed_query_limit(control_count + acceptable_change)`, but this should be avoided if possible.
 
+## Cached queries
+
+By default, QueryRecorder will ignore cached queries in the count. However, it may be better to count
+all queries to avoid introducing an N+1 query that may be masked by the statement cache. To do this,
+pass the `skip_cached` variable to `QueryRecorder` and use the `exceed_all_query_limit` matcher:
+
+it "avoids N+1 database queries" do
+  control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) { visit_some_page }.count
+  create_list(:issue, 5)
+  expect { visit_some_page }.not_to exceed_all_query_limit(control_count)
+end
+```
+
 ## Finding the source of the query
 
 It may be useful to identify the source of the queries by looking at the call backtrace.
diff --git a/doc/install/installation.md b/doc/install/installation.md
index a0ae9017f71..34268c67140 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -133,9 +133,9 @@ Remove the old Ruby 1.8 if present:
 Download Ruby and compile it:
 
     mkdir /tmp/ruby && cd /tmp/ruby
-    curl --remote-name --progress https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.7.tar.gz
-    echo '540996fec64984ab6099e34d2f5820b14904f15a  ruby-2.3.7.tar.gz' | shasum -c - && tar xzf ruby-2.3.7.tar.gz
-    cd ruby-2.3.7
+    curl --remote-name --progress https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.gz
+    echo 'ec82b0d53bd0adad9b19e6b45e44d54e9ec3f10c  ruby-2.4.4.tar.gz' | shasum -c - && tar xzf ruby-2.4.4.tar.gz
+    cd ruby-2.4.4
 
     ./configure --disable-install-rdoc
     make
diff --git a/doc/install/kubernetes/gitlab_omnibus.md b/doc/install/kubernetes/gitlab_omnibus.md
index 98af87455ec..e1d1969651e 100644
--- a/doc/install/kubernetes/gitlab_omnibus.md
+++ b/doc/install/kubernetes/gitlab_omnibus.md
@@ -144,7 +144,7 @@ helm install --name gitlab -f values.yaml gitlab/gitlab-omnibus
 or passing them on the command line:
 
 ```bash
-helm install --name gitlab --set baseDomain=gitlab.io,baseIP=1.1.1.1,gitlab=ee,gitlabEELicense=$LICENSE,legoEmail=email@gitlab.com gitlab/gitlab-omnibus
+helm install --name gitlab --set baseDomain=gitlab.io,baseIP=192.0.2.1,gitlab=ee,gitlabEELicense=$LICENSE,legoEmail=email@gitlab.com gitlab/gitlab-omnibus
 ```
 
 ## Updating GitLab using the Helm Chart
diff --git a/doc/integration/github.md b/doc/integration/github.md
index 23bb8ef9303..680712f9e01 100644
--- a/doc/integration/github.md
+++ b/doc/integration/github.md
@@ -110,7 +110,7 @@ On the sign in page there should now be a GitHub icon below the regular sign in
 Click the icon to begin the authentication process. GitHub will ask the user to sign in and authorize the GitLab application.
 If everything goes well the user will be returned to GitLab and will be signed in.
 
-### GitHub Enterprise with Self-Signed Certificate
+## GitHub Enterprise with self-signed Certificate
 
 If you are attempting to import projects from GitHub Enterprise with a self-signed
 certificate and the imports are failing, you will need to disable SSL verification.
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index efec365042a..1400b2e36fe 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -497,10 +497,10 @@ also be customized, and you can easily use a [custom buildpack](#custom-buildpac
 | `CANARY_ENABLED`             | From GitLab 11.0, this variable can be used to define a [deploy policy for canary environments](#deploy-policy-for-canary-environments). |
 | `INCREMENTAL_ROLLOUT_ENABLED`| From GitLab 10.8, this variable can be used to enable an [incremental rollout](#incremental-rollout-to-production) of your application for the production environment. |
 | `TEST_DISABLED`              | From GitLab 11.0, this variable can be used to disable the `test` job. If the variable is present, the job will not be created. |
-| `CODEQUALITY_DISABLED`       | From GitLab 11.0, this variable can be used to disable the `codequality` job. If the variable is present, the job will not be created. |
+| `CODE_QUALITY_DISABLED`      | From GitLab 11.0, this variable can be used to disable the `code_quality` job. If the variable is present, the job will not be created. |
 | `SAST_DISABLED`              | From GitLab 11.0, this variable can be used to disable the `sast` job. If the variable is present, the job will not be created. |
 | `DEPENDENCY_SCANNING_DISABLED` | From GitLab 11.0, this variable can be used to disable the `dependency_scanning` job. If the variable is present, the job will not be created. |
-| `CONTAINER_SCANNING_DISABLED` | From GitLab 11.0, this variable can be used to disable the `sast:container` job. If the variable is present, the job will not be created. |
+| `CONTAINER_SCANNING_DISABLED` | From GitLab 11.0, this variable can be used to disable the `container_scanning` job. If the variable is present, the job will not be created. |
 | `REVIEW_DISABLED`            | From GitLab 11.0, this variable can be used to disable the `review` and the manual `review:stop` job. If the variable is present, these jobs will not be created. |
 | `DAST_DISABLED`              | From GitLab 11.0, this variable can be used to disable the `dast` job. If the variable is present, the job will not be created. |
 | `PERFORMANCE_DISABLED`       | From GitLab 11.0, this variable can be used to disable the `performance` job. If the variable is present, the job will not be created. |
diff --git a/doc/user/project/import/github.md b/doc/user/project/import/github.md
index 8c639bd5343..cad85881c4d 100644
--- a/doc/user/project/import/github.md
+++ b/doc/user/project/import/github.md
@@ -1,154 +1,143 @@
 # Import your project from GitHub to GitLab
 
-Import your projects from GitHub to GitLab with minimal effort.
+Using the importer, you can import your GitHub repositories to GitLab.com or to
+your self-hosted GitLab instance.
 
 ## Overview
 
->**Note:**
-If you are an administrator you can enable the [GitHub integration][gh-import]
-in your GitLab instance sitewide. This configuration is optional, users will
-still be able to import their GitHub repositories with a
-[personal access token][gh-token].
-
->**Note:**
-Administrators of a GitLab instance (Community or Enterprise Edition) can also
-use the [GitHub rake task][gh-rake] to import projects from GitHub without the
-constrains of a Sidekiq worker.
-
-- At its current state, GitHub importer can import:
-  - the repository description (GitLab 7.7+)
-  - the Git repository data (GitLab 7.7+)
-  - the issues (GitLab 7.7+)
-  - the pull requests (GitLab 8.4+)
-  - the wiki pages (GitLab 8.4+)
-  - the milestones (GitLab 8.7+)
-  - the labels (GitLab 8.7+)
-  - the release note descriptions (GitLab 8.12+)
-  - the pull request review comments (GitLab 10.2+)
-  - the regular issue and pull request comments
-- References to pull requests and issues are preserved (GitLab 8.7+)
-- Repository public access is retained. If a repository is private in GitHub
-  it will be created as private in GitLab as well.
+NOTE: **Note:**
+While these instructions will always work for users on GitLab.com, if you are an
+administrator of a self-hosted GitLab instance, you will need to enable the
+[GitHub integration][gh-import] in order for users to follow the preferred
+import method described on this page. If this is not enabled, users can alternatively import their
+GitHub repositories using a [personal access token](#using-a-github-token) from GitHub,
+but this method will not be able to associate all user activity (such as issues and pull requests)
+with matching GitLab users. As an administrator of a self-hosted GitLab instance, you can also use
+the [GitHub rake task](../../../administration/raketasks/github_import.md) to import projects from
+GitHub without the constraints of a Sidekiq worker.
+
+The following aspects of a project are imported:
+  * Repository description (GitLab.com & 7.7+)
+  * Git repository data (GitLab.com & 7.7+)
+  * Issues (GitLab.com & 7.7+)
+  * Pull requests (GitLab.com & 8.4+)
+  * Wiki pages (GitLab.com & 8.4+)
+  * Milestones (GitLab.com & 8.7+)
+  * Labels (GitLab.com & 8.7+)
+  * Release note descriptions (GitLab.com & 8.12+)
+  * Pull request review comments (GitLab.com & 10.2+)
+  * Regular issue and pull request comments
+
+References to pull requests and issues are preserved (GitLab.com & 8.7+), and
+each imported repository defaults to `private` but [can be made public](../settings/index.md#sharing-and-permissions), as needed.
 
 ## How it works
 
-When issues/pull requests are being imported, the GitHub importer tries to find
-the GitHub author/assignee in GitLab's database using the GitHub ID. For this
-to work, the GitHub author/assignee should have signed in beforehand in GitLab
-and **associated their GitHub account**. If the user is not
-found in GitLab's database, the project creator (most of the times the current
-user that started the import process) is set as the author, but a reference on
-the issue about the original GitHub author is kept.
+When issues and pull requests are being imported, the importer attempts to find their GitHub authors and
+assignees in the database of the GitLab instance (note that pull requests are called "merge requests" in GitLab).
 
-The importer will create any new namespaces (groups) if they don't exist or in
-the case the namespace is taken, the repository will be imported under the user's
-namespace that started the import process.
+For this association to succeed, prior to the import, each GitHub author and assignee in the repository must
+have either previously logged in to a GitLab account using the GitHub icon **or** have a GitHub account with
+a [public email address](https://help.github.com/articles/setting-your-commit-email-address-on-github/) that
+matches their GitLab account's email address.
 
-The importer will also import branches on forks of projects related to open pull
-requests. These branches will be imported with a naming scheme similar to
-GH-SHA-Username/Pull-Request-number/fork-name/branch. This may lead to a discrepancy
-in branches compared to the GitHub Repository.
+If a user referenced in the project is not found in GitLab's database, the project creator (typically the user
+that initiated the import process) is set as the author/assignee, but a note on the issue mentioning the original
+GitHub author is added.
 
-For a more technical description and an overview of the architecture you can
-refer to [Working with the GitHub importer][gh-import-dev-docs].
+The importer creates any new namespaces (groups) if they do not exist, or, if the namespace is taken, the
+repository is imported under the namespace of the user who initiated the import process. The namespace/repository
+name can also be edited, with the proper permissions.
 
-## Importing your GitHub repositories
+The importer will also import branches on forks of projects related to open pull requests. These branches will be
+imported with a naming scheme similar to `GH-SHA-username/pull-request-number/fork-name/branch`. This may lead to
+a discrepancy in branches compared to those of the GitHub repository.
 
-The importer page is visible when you create a new project.
+For additional technical details, you can refer to the
+[GitHub Importer](../../../development/github_importer.md "Working with the GitHub importer")
+developer documentation.
 
-![New project page on GitLab](img/import_projects_from_new_project_page.png)
+## Import your GitHub repository into GitLab
 
-Click on the **GitHub** link and the import authorization process will start.
-There are two ways to authorize access to your GitHub repositories:
+### Using the GitHub integration
 
-1. [Using the GitHub integration][gh-integration] (if it's enabled by your
-   GitLab administrator). This is the preferred way as it's possible to
-   preserve the GitHub authors/assignees. Read more in the [How it works](#how-it-works)
-   section.
-1. [Using a personal access token][gh-token] provided by GitHub.
+Before you begin, ensure that any GitHub users who you want to map to GitLab users have either:
 
-![Select authentication method](img/import_projects_from_github_select_auth_method.png)
+1. A GitLab account that has logged in using the GitHub icon
+\- or -
+2. A GitLab account with an email address that matches the [public email address](https://help.github.com/articles/setting-your-commit-email-address-on-github/) of the GitHub user
 
-### Authorize access to your repositories using the GitHub integration
+User-matching attempts occur in that order, and if a user is not identified either way, the activity is associated with
+the user account that is performing the import.
 
-If the [GitHub integration][gh-import] is enabled by your GitLab administrator,
-you can use it instead of the personal access token.
+NOTE: **Note:**
+If you are using a self-hosted GitLab instance, this process requires that you have configured the
+[GitHub integration][gh-import].
 
-1. First you may want to connect your GitHub account to GitLab in order for
-   the username mapping to be correct.
-1. Once you connect GitHub, click the **List your GitHub repositories** button
-   and you will be redirected to GitHub for permission to access your projects.
-1. After accepting, you'll be automatically redirected to the importer.
+1. From the top navigation bar, click **+** and select **New project**.
+2. Select the **Import project** tab and then select **GitHub**.
+3. Select the first button to **List your GitHub repositories**. You are redirected to a page on github.com to authorize the GitLab application.
+4. Click **Authorize gitlabhq**. You are redirected back to GitLab's Import page and all of your GitHub repositories are listed.
+5. Continue on to [selecting which repositories to import](#selecting-which-repositories-to-import).
 
-You can now go on and [select which repositories to import](#select-which-repositories-to-import).
+### Using a GitHub token
 
-### Authorize access to your repositories using a personal access token
+NOTE: **Note:**
+For a proper author/assignee mapping for issues and pull requests, the [GitHub integration method (above)](#using-the-github-integration)
+should be used instead of the personal access token. If you are using GitLab.com or a self-hosted GitLab instance with the GitHub
+integration enabled, that should be the preferred method to import your repositories. Read more in the [How it works](#how-it-works) section.
 
->**Note:**
-For a proper author/assignee mapping for issues and pull requests, the
-[GitHub integration][gh-integration] should be used instead of the
-[personal access token][gh-token]. If the GitHub integration is enabled by your
-GitLab administrator, it should be the preferred method to import your repositories.
-Read more in the [How it works](#how-it-works) section.
+If you are not using the GitHub integration, you can still perform an authorization with GitHub to grant GitLab access your repositories:
 
-If you are not using the GitHub integration, you can still perform a one-off
-authorization with GitHub to grant GitLab access your repositories:
+1. Go to https://github.com/settings/tokens/new
+2. Enter a token description.
+3. Select the repo scope.
+4. Click **Generate token**.
+5. Copy the token hash.
+6. Go back to GitLab and provide the token to the GitHub importer.
+7. Hit the **List Your GitHub Repositories** button and wait while GitLab reads your repositories' information.
+   Once done, you'll be taken to the importer page to select the repositories to import.
 
-1. Go to <https://github.com/settings/tokens/new>.
-1. Enter a token description.
-1. Check the `repo` scope.
-1. Click **Generate token**.
-1. Copy the token hash.
-1. Go back to GitLab and provide the token to the GitHub importer.
-1. Hit the **List Your GitHub Repositories** button and wait while GitLab reads
-   your repositories' information. Once done, you'll be taken to the importer
-   page to select the repositories to import.
+### Selecting which repositories to import
 
-### Select which repositories to import
+After you have authorized access to your GitHub repositories, you are redirected to the GitHub importer page and
+your GitHub repositories are listed.
 
-After you've authorized access to your GitHub repositories, you will be
-redirected to the GitHub importer page.
+1. By default, the proposed repository namespaces match the names as they exist in GitHub, but based on your permissions,
+   you can choose to edit these names before you proceed to import any of them.
+2. Select the **Import** button next to any number of repositories, or select **Import all repositories**.
+3. The **Status** column shows the import status of each repository. You can choose to leave the page open and it will
+   update in realtime or you can return to it later.
+4. Once a repository has been imported, click its GitLab path to open its GitLab URL.
 
-From there, you can see the import statuses of your GitHub repositories.
+## Mirroring and pipeline status sharing
 
-- Those that are being imported will show a _started_ status,
-- those already successfully imported will be green with a _done_ status,
-- whereas those that are not yet imported will have an **Import** button on the
-  right side of the table.
+Depending your GitLab tier, [project mirroring](../../../workflow/repository_mirroring.md) can be set up to keep
+your imported project in sync with its GitHub copy.
 
-If you want, you can import all your GitHub projects in one go by hitting
-**Import all projects** in the upper left corner.
+Additionally, you can configure GitLab to send pipeline status updates back GitHub with the
+[GitHub Project Integration](https://docs.gitlab.com/ee/user/project/integrations/github.html). **[PREMIUM]**
 
-![GitHub importer page](img/import_projects_from_github_importer.png)
+If you import your project using [CI/CD for external repo](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/), then both
+of the above are automatically configured. **[PREMIUM]**
 
----
+## Improving the speed of imports on self-hosted instances
 
-You can also choose a different name for the project and a different namespace,
-if you have the privileges to do so.
+NOTE: **Note:**
+Admin access to the GitLab server is required.
 
-## Making the import process go faster
-
-For large projects it may take a while to import all data. To reduce the time
-necessary you can increase the number of Sidekiq workers that process the
-following queues:
+For large projects it may take a while to import all data. To reduce the time necessary, you can increase the number of
+Sidekiq workers that process the following queues:
 
 * `github_importer`
 * `github_importer_advance_stage`
 
-For an optimal experience we recommend having at least 4 Sidekiq processes (each
-running a number of threads equal to the number of CPU cores) that _only_
-process these queues. We also recommend that these processes run on separate
-servers. For 4 servers with 8 cores this means you can import up to 32 objects
-(e.g. issues) in parallel.
+For an optimal experience, it's recommended having at least 4 Sidekiq processes (each running a number of threads equal
+to the number of CPU cores) that *only* process these queues. It's also recommended that these processes run on separate
+servers. For 4 servers with 8 cores this means you can import up to 32 objects (e.g., issues) in parallel.
 
-Reducing the time spent in cloning a repository can be done by increasing
-network throughput, CPU capacity, and disk performance (e.g.  by using high
-performance SSDs) of the disks that store the Git repositories (for your GitLab
-instance). Increasing the number of Sidekiq workers will _not_ reduce the time
-spent cloning repositories.
+Reducing the time spent in cloning a repository can be done by increasing network throughput, CPU capacity, and disk
+performance (e.g., by using high performance SSDs) of the disks that store the Git repositories (for your GitLab instance).
+Increasing the number of Sidekiq workers will *not* reduce the time spent cloning repositories.
 
 [gh-import]: ../../../integration/github.md "GitHub integration"
-[gh-rake]: ../../../administration/raketasks/github_import.md "GitHub rake task"
-[gh-integration]: #authorize-access-to-your-repositories-using-the-github-integration
-[gh-token]: #authorize-access-to-your-repositories-using-a-personal-access-token
-[gh-import-dev-docs]: ../../../development/github_importer.md "Working with the GitHub importer"
diff --git a/doc/user/project/merge_requests/allow_collaboration.md b/doc/user/project/merge_requests/allow_collaboration.md
new file mode 100644
index 00000000000..859ac92ef89
--- /dev/null
+++ b/doc/user/project/merge_requests/allow_collaboration.md
@@ -0,0 +1,20 @@
+# Allow collaboration on merge requests across forks
+
+> [Introduced][ce-17395] in GitLab 10.6.
+
+This feature is available for merge requests across forked projects that are
+publicly accessible. It makes it easier for members of projects to
+collaborate on merge requests across forks.
+
+When enabled for a merge request, members with merge access to the target
+branch of the project will be granted write permissions to the source branch
+of the merge request.
+
+The feature can only be enabled by users who already have push access to the
+source project, and only lasts while the merge request is open.
+
+Enable this functionality while creating or editing a merge request:
+
+![Enable collaboration](./img/allow_collaboration.png)
+
+[ce-17395]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17395
diff --git a/doc/user/project/merge_requests/img/allow_collaboration.png b/doc/user/project/merge_requests/img/allow_collaboration.png
new file mode 100644
index 00000000000..75596e7d9ad
--- /dev/null
+++ b/doc/user/project/merge_requests/img/allow_collaboration.png
diff --git a/doc/user/project/merge_requests/img/allow_maintainer_push.png b/doc/user/project/merge_requests/img/allow_maintainer_push.png
deleted file mode 100644
index 91cc399f4ff..00000000000
--- a/doc/user/project/merge_requests/img/allow_maintainer_push.png
+++ /dev/null
diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md
index b75bcacc9d7..50979e82097 100644
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@@ -28,7 +28,7 @@ With GitLab merge requests, you can:
 - Enable [fast-forward merge requests](#fast-forward-merge-requests)
 - Enable [semi-linear history merge requests](#semi-linear-history-merge-requests) as another security layer to guarantee the pipeline is passing in the target branch
 - [Create new merge requests by email](#create-new-merge-requests-by-email)
-- Allow maintainers of the target project to push directly to the fork by [allowing edits from maintainers](maintainer_access.md)
+- [Allow collaboration](allow_collaboration.md) so members of the target project can push directly to the fork
 - [Squash and merge](squash_and_merge.md) for a cleaner commit history
 
 With **[GitLab Enterprise Edition][ee]**, you can also:
diff --git a/doc/user/project/merge_requests/maintainer_access.md b/doc/user/project/merge_requests/maintainer_access.md
index 89f71e16a50..d59afecd375 100644
--- a/doc/user/project/merge_requests/maintainer_access.md
+++ b/doc/user/project/merge_requests/maintainer_access.md
@@ -1,20 +1 @@
-# Allow maintainer pushes for merge requests across forks
-
-> [Introduced][ce-17395] in GitLab 10.6.
-
-This feature is available for merge requests across forked projects that are
-publicly accessible. It makes it easier for maintainers of projects to
-collaborate on merge requests across forks.
-
-When enabled for a merge request, members with merge access to the target
-branch of the project will be granted write permissions to the source branch
-of the merge request.
-
-The feature can only be enabled by users who already have push access to the
-source project, and only lasts while the merge request is open.
-
-Enable this functionality while creating a merge request:
-
-![Enable maintainer edits](./img/allow_maintainer_push.png)
-
-[ce-17395]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17395
+This document was moved to [another location](allow_collaboration.md).
diff --git a/doc/workflow/repository_mirroring.md b/doc/workflow/repository_mirroring.md
index dbe63144e38..aaddbe4fbf5 100644
--- a/doc/workflow/repository_mirroring.md
+++ b/doc/workflow/repository_mirroring.md
@@ -1,6 +1,6 @@
 # Repository mirroring
 
-Repository Mirroring is a way to mirror repositories from external sources.
+Repository mirroring is a way to mirror repositories from external sources.
 It can be used to mirror all branches, tags, and commits that you have
 in your repository.
 
@@ -34,13 +34,200 @@ A few things/limitations to consider:
 - The Git LFS objects will not be synced. You'll need to push/pull them
   manually.
 
-## Use-case
+## Use cases
 
+- You migrated to GitLab but still need to keep your project in another source.
+  In that case, you can simply set it up to mirror to GitLab (pull) and all the
+  essential history of commits, tags and branches will be available in your
+  GitLab instance.
 - You have old projects in another source that you don't use actively anymore,
   but don't want to remove for archiving purposes. In that case, you can create
   a push mirror so that your active GitLab repository can push its changes to the
   old location.
 
+## Pulling from a remote repository **[STARTER]**
+
+>[Introduced][ee-51] in GitLab Enterprise Edition 8.2.
+
+You can set up a repository to automatically have its branches, tags, and commits
+updated from an upstream repository. This is useful when a repository you're
+interested in is located on a different server, and you want to be able to
+browse its content and its activity using the familiar GitLab interface.
+
+When creating a new project, you can enable repository mirroring when you choose
+to import the repository from "Any repo by URL". Enter the full URL of the Git
+repository to pull from and click on the **Mirror repository** checkbox.
+
+![New project](repository_mirroring/repository_mirroring_new_project.png)
+
+For an existing project, you can set up mirror pulling by visiting your project's
+**Settings ➔ Repository** and searching for the "Pull from a remote repository"
+section. Check the "Mirror repository" box and hit **Save changes** at the bottom.
+You have a few options to choose from one being the user who will be the author
+of all events in the activity feed that are the result of an update. This user
+needs to have at least [master access][perms] to the project. Another option is
+whether you want to trigger builds for mirror updates.
+
+![Pull settings](repository_mirroring/repository_mirroring_pull_settings.png)
+
+Since the repository on GitLab functions as a mirror of the upstream repository,
+you are advised not to push commits directly to the repository on GitLab.
+Instead, any commits should be pushed to the upstream repository, and will end
+up in the GitLab repository automatically within a certain period of time
+or when a [forced update](#forcing-an-update) is initiated.
+
+If you do manually update a branch in the GitLab repository, the branch will
+become diverged from upstream, and GitLab will no longer automatically update
+this branch to prevent any changes from being lost.
+
+![Diverged branch](repository_mirroring/repository_mirroring_diverged_branch.png)
+
+### Trigger update using API **[STARTER]**
+
+>[Introduced][ee-3453] in GitLab Enterprise Edition 10.3.
+
+Pull mirroring uses polling to detect new branches and commits added upstream,
+often many minutes afterwards. If you notify GitLab by [API][pull-api], updates
+will be pulled immediately.
+
+Read the [Pull Mirror Trigger API docs][pull-api].
+
+### Pull only protected branches **[STARTER]**
+
+>[Introduced][ee-3326] in GitLab Enterprise Edition 10.3.
+
+You can choose to only pull the protected branches from your remote repository to GitLab.
+
+To use this option go to your project's repository settings page under pull mirror.
+
+### Overwrite diverged branches **[STARTER]**
+
+>[Introduced][ee-4559] in GitLab Enterprise Edition 10.6.
+
+You can choose to always update your local branch with the remote version even
+if your local version has diverged from the remote.
+
+To use this option go to your project's repository settings page under pull mirror.
+
+### Hard failure **[STARTER]**
+
+>[Introduced][ee-3117] in GitLab Enterprise Edition 10.2.
+
+Once a mirror gets retried 14 times in a row, it will get marked as hard failed,
+this will become visible in either the project main dashboard or in the
+pull mirror settings page.
+
+![Hard failed mirror main notice](repository_mirroring/repository_mirroring_hard_failed_main.png)
+
+![Hard failed mirror settings notice](repository_mirroring/repository_mirroring_hard_failed_settings.png)
+
+When a project is hard failed, it will no longer get picked up for mirroring.
+A user can resume the project mirroring again by either [forcing an update](#forcing-an-update)
+or by changing the import URL in repository settings.
+
+### SSH authentication **[STARTER]**
+
+> [Introduced][ee-2551] in GitLab Starter 9.5
+
+If you're mirroring over SSH (i.e., an `ssh://` URL), you can authenticate using
+password-based authentication, just as over HTTPS, but you can also use public
+key authentication. This is often more secure than password authentication,
+especially when the source repository supports [Deploy Keys][deploy-key].
+
+To get started, navigate to **Settings ➔ Repository ➔ Pull from a remote repository**,
+enable mirroring (if not already enabled) and enter an `ssh://` URL.
+
+> **NOTE**: SCP-style URLs, e.g., `git@example.com:group/project.git`, are not
+supported at this time.
+
+Entering the URL adds two features to the page - `Fingerprints` and
+`SSH public key authentication`:
+
+![Pull settings for SSH](repository_mirroring/repository_mirroring_pull_settings_for_ssh.png)
+
+SSH authentication is mutual. You have to prove to the server that you're
+allowed to access the repository, but the server also has to prove to *you* that
+it's who it claims to be. You provide your credentials as a password or public
+key. The server that the source repository resides on provides its credentials
+as a "host key", the fingerprint of which needs to be verified manually.
+
+Press the `Detect host keys` button. GitLab will fetch the host keys from the
+server, and display the fingerprints to you:
+
+![Detect SSH host keys](repository_mirroring/repository_mirroring_detect_host_keys.png)
+
+You now need to verify that the fingerprints are those you expect. GitLab.com
+and other code hosting sites publish their fingerprints in the open for you
+to check:
+
+* [AWS CodeCommit](http://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-fingerprints)
+* [Bitbucket](https://confluence.atlassian.com/bitbucket/use-the-ssh-protocol-with-bitbucket-cloud-221449711.html#UsetheSSHprotocolwithBitbucketCloud-KnownhostorBitbucket%27spublickeyfingerprints)
+* [GitHub](https://help.github.com/articles/github-s-ssh-key-fingerprints/)
+* [GitLab.com](https://about.gitlab.com/gitlab-com/settings/#ssh-host-keys-fingerprints)
+* [Launchpad](https://help.launchpad.net/SSHFingerprints)
+* [Savannah](http://savannah.gnu.org/maintenance/SshAccess/)
+* [SourceForge](https://sourceforge.net/p/forge/documentation/SSH%20Key%20Fingerprints/)
+
+Other providers will vary. If you're running on-premises GitLab, or otherwise
+have access to the source server, you can securely gather the key fingerprints:
+
+```
+$ cat /etc/ssh/ssh_host*pub | ssh-keygen -E md5 -l -f -
+256 MD5:f4:28:9f:23:99:15:21:1b:bf:ed:1f:8e:a0:76:b2:9d root@example.com (ECDSA)
+256 MD5:e6:eb:45:8a:3c:59:35:5f:e9:5b:80:12:be:7e:22:73 root@example.com (ED25519)
+2048 MD5:3f:72:be:3d:62:03:5c:62:83:e8:6e:14:34:3a:85:1d root@example.com (RSA)
+```
+
+(You may need to exclude `-E md5` for some older versions of SSH).
+
+If you're an SSH expert and already have a `known_hosts` file you'd like to use
+unaltered, then you can skip these steps. Just press the "Show advanced" button
+and paste in the file contents:
+
+![Advanced SSH host key management](repository_mirroring/repository_mirroring_pull_advanced_host_keys.png)
+
+Once you've **carefully verified** that all the fingerprints match your trusted
+source, you can press `Save changes`. This will record the host keys, along with
+the person who verified them (you!) and the date:
+
+![SSH host keys submitted](repository_mirroring/repository_mirroring_ssh_host_keys_verified.png)
+
+When pulling changes from the source repository, GitLab will now check that at
+least one of the stored host keys matches before connecting. This can prevent
+malicious code from being injected into your mirror, or your password being
+stolen!
+
+To use SSH public key authentication, you'll also need to choose that option
+from the authentication methods dropdown. GitLab will generate a 4096-bit RSA
+key and display the public component of that key to you:
+
+![SSH public key authentication](repository_mirroring/repository_mirroring_ssh_public_key_authentication.png)
+
+You then need to add the public SSH key to the source repository configuration.
+If the source is hosted on GitLab, you should add it as a [Deploy Key][deploy-key].
+Other sources may require you to add the key to your user's `authorized_keys`
+file - just paste the entire `ssh-rsa AAA.... user@host` block into the file on
+its own line and save it.
+
+Once the public key is set up on the source repository, press `Save changes` and your
+mirror will begin working.
+
+If you need to change the key at any time, you can press the `Regenerate key`
+button to do so. You'll have to update the source repository with the new key
+to keep the mirror running.
+
+### How it works
+
+Once you activate the pull mirroring feature, the mirror will be inserted into
+a queue. A scheduler will start every minute and schedule a fixed amount of
+mirrors for update, based on the configured maximum capacity.
+
+If the mirror successfully updates it will be enqueued once again with a small
+backoff period.
+
+If the mirror fails (eg: branch diverged from upstream), the project's backoff
+period will be penalized each time it fails up to a maximum amount of time.
+
 ## Pushing to a remote repository **[STARTER]**
 
 >[Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/249) in
@@ -83,7 +270,7 @@ To use this option go to your project's repository settings page under push mirr
 To set up a mirror from GitLab to GitHub, you need to follow these steps:
 
 1. Create a [GitHub personal access token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) with the "public_repo" box checked:
-    
+
     ![edit personal access token GitHub](repository_mirroring/repository_mirroring_github_edit_personal_access_token.png)
 
 1. Fill in the "Git repository URL" with the personal access token replacing the password `https://GitHubUsername:GitHubPersonalAccessToken@github.com/group/project.git`:
@@ -94,7 +281,7 @@ To set up a mirror from GitLab to GitHub, you need to follow these steps:
 1. And either wait or trigger the "Update Now" button:
 
     ![update now](repository_mirroring/repository_mirroring_gitlab_push_to_a_remote_repository_update_now.png)
-    
+
 ## Forcing an update
 
 While mirrors are scheduled to update automatically, you can always force an update
@@ -105,7 +292,60 @@ by using the **Update now** button which is exposed in various places:
 - in the tags page
 - in the **Mirror repository** settings page
 
+## Bidirectional mirroring
+
+CAUTION: **Warning:**
+There is no bidirectional support without conflicts. If you
+configure a repository to pull and push to a second remote, there is no
+guarantee that it will update correctly on both remotes. If you configure
+a repository for bidirectional mirroring, you should consider when conflicts
+occur who and how they will be resolved.
+
+Rewriting any mirrored commit on either remote will cause conflicts and
+mirroring to fail. This can be prevented by [only pulling protected branches](
+#pull-only-protected-branches) and [only pushing protected branches](
+#push-only-protected-branches). You should protect the branches you wish to
+mirror on both remotes to prevent conflicts caused by rewriting history.
+
+Bidirectional mirroring also creates a race condition where commits to the same
+branch in close proximity will cause conflicts. The race condition can be
+mitigated by reducing the mirroring delay by using a Push event webhook to
+trigger an immediate pull to GitLab. Push mirroring from GitLab is rate limited
+to once per minute when only push mirroring protected branches.
+
+It may be possible to implement a locking mechanism using the server-side
+`pre-receive` hook to prevent the race condition. Read about [configuring
+custom Git hooks][hooks] on the GitLab server.
+
+### Mirroring with Perforce via GitFusion
+
+CAUTION: **Warning:**
+Bidirectional mirroring should not be used as a permanent
+configuration. There is no bidirectional mirroring without conflicts.
+Refer to [Migrating from Perforce Helix][perforce] for alternative migration
+approaches.
+
+GitFusion provides a Git interface to Perforce which can be used by GitLab to
+bidirectionally mirror projects with GitLab. This may be useful in some
+situations when migrating from Perforce to GitLab where overlapping Perforce
+workspaces cannot be migrated simultaneously to GitLab.
+
+If using mirroring with Perforce you should only mirror protected branches.
+Perforce will reject any pushes that rewrite history. It is recommended that
+only the fewest number of branches are mirrored due to the performance
+limitations of GitFusion.
+
+[ee-51]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/51
+[ee-2551]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2551
+[ee-3117]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3117
+[ee-3326]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3326
 [ee-3350]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3350
+[ee-3453]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3453
+[ee-4559]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4559
 [ce-18715]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18715
 [perms]: ../user/permissions.md
-
+[hooks]: ../administration/custom_hooks.md
+[deploy-key]: ../ssh/README.md#deploy-keys
+[webhook]: ../user/project/integrations/webhooks.md#push-events
+[pull-api]: ../api/projects.md#start-the-pull-mirroring-process-for-a-project
+[perforce]: ../user/project/import/perforce.md
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_detect_host_keys.png b/doc/workflow/repository_mirroring/repository_mirroring_detect_host_keys.png
new file mode 100644
index 00000000000..333648942f8
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_detect_host_keys.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_diverged_branch.png b/doc/workflow/repository_mirroring/repository_mirroring_diverged_branch.png
new file mode 100644
index 00000000000..45c9bce0889
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_diverged_branch.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_main.png b/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_main.png
new file mode 100644
index 00000000000..99d429a1802
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_main.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_settings.png b/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_settings.png
new file mode 100644
index 00000000000..0ab07afa3cc
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_hard_failed_settings.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_new_project.png b/doc/workflow/repository_mirroring/repository_mirroring_new_project.png
new file mode 100644
index 00000000000..43bf304838f
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_new_project.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_pull_advanced_host_keys.png b/doc/workflow/repository_mirroring/repository_mirroring_pull_advanced_host_keys.png
new file mode 100644
index 00000000000..5da5a7436bb
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_pull_advanced_host_keys.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_pull_settings.png b/doc/workflow/repository_mirroring/repository_mirroring_pull_settings.png
new file mode 100644
index 00000000000..4b9085302a1
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_pull_settings.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_pull_settings_for_ssh.png b/doc/workflow/repository_mirroring/repository_mirroring_pull_settings_for_ssh.png
new file mode 100644
index 00000000000..8c2efdafa43
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_pull_settings_for_ssh.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_ssh_host_keys_verified.png b/doc/workflow/repository_mirroring/repository_mirroring_ssh_host_keys_verified.png
new file mode 100644
index 00000000000..93f3a532a0e
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_ssh_host_keys_verified.png
diff --git a/doc/workflow/repository_mirroring/repository_mirroring_ssh_public_key_authentication.png b/doc/workflow/repository_mirroring/repository_mirroring_ssh_public_key_authentication.png
new file mode 100644
index 00000000000..6997ad511d9
--- /dev/null
+++ b/doc/workflow/repository_mirroring/repository_mirroring_ssh_public_key_authentication.png
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index c4537036a3a..c76d3ff45d0 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -559,7 +559,9 @@ module API
       expose :discussion_locked
       expose :should_remove_source_branch?, as: :should_remove_source_branch
       expose :force_remove_source_branch?, as: :force_remove_source_branch
-      expose :allow_maintainer_to_push, if: -> (merge_request, _) { merge_request.for_fork? }
+      expose :allow_collaboration, if: -> (merge_request, _) { merge_request.for_fork? }
+      # Deprecated
+      expose :allow_collaboration, as: :allow_maintainer_to_push, if: -> (merge_request, _) { merge_request.for_fork? }
 
       expose :web_url do |merge_request, options|
         Gitlab::UrlBuilder.build(merge_request)
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index b64f465ce56..25185d6edc8 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -16,7 +16,7 @@ module API
         args[:scope] = args[:scope].underscore if args[:scope]
 
         issues = IssuesFinder.new(current_user, args).execute
-          .preload(:assignees, :labels, :notes, :timelogs, :project)
+          .preload(:assignees, :labels, :notes, :timelogs, :project, :author)
 
         issues.reorder(args[:order_by] => args[:sort])
       end
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index 54d1acbd412..e95b0dd5267 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -54,6 +54,7 @@ module API
         pipeline = user_project.pipelines.find(params[:pipeline_id])
         builds = pipeline.builds
         builds = filter_builds(builds, params[:scope])
+        builds = builds.preload(:job_artifacts_archive)
 
         present paginate(builds), with: Entities::Job
       end
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index b1e510d72de..af7d2471b34 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -38,7 +38,7 @@ module API
         merge_requests = MergeRequestsFinder.new(current_user, args).execute
                            .reorder(args[:order_by] => args[:sort])
         merge_requests = paginate(merge_requests)
-                           .preload(:target_project)
+                           .preload(:source_project, :target_project)
 
         return merge_requests if args[:view] == 'simple'
 
@@ -162,7 +162,8 @@ module API
           optional :milestone_id, type: Integer, desc: 'The ID of a milestone to assign the merge request'
           optional :labels, type: String, desc: 'Comma-separated list of label names'
           optional :remove_source_branch, type: Boolean, desc: 'Remove source branch when merging'
-          optional :allow_maintainer_to_push, type: Boolean, desc: 'Whether a maintainer of the target project can push to the source project'
+          optional :allow_collaboration, type: Boolean, desc: 'Allow commits from members who can merge to the target branch'
+          optional :allow_maintainer_to_push, type: Boolean, as: :allow_collaboration, desc: '[deprecated] See allow_collaboration'
           optional :squash, type: Grape::API::Boolean, desc: 'When true, the commits will be squashed into a single commit on merge'
 
           use :optional_params_ee
diff --git a/lib/api/runner.rb b/lib/api/runner.rb
index e9886c76870..db502697a19 100644
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -205,7 +205,7 @@ module API
 
         status 200
         content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE
-        JobArtifactUploader.workhorse_authorize
+        JobArtifactUploader.workhorse_authorize(has_length: false, maximum_size: max_artifacts_size)
       end
 
       desc 'Upload artifacts for job' do
diff --git a/lib/api/search.rb b/lib/api/search.rb
index 5d9ec617cb7..37fbabe419c 100644
--- a/lib/api/search.rb
+++ b/lib/api/search.rb
@@ -34,9 +34,7 @@ module API
 
       def process_results(results)
         case params[:scope]
-        when 'wiki_blobs'
-          paginate(results).map { |blob| Gitlab::ProjectSearchResults.parse_search_result(blob, user_project) }
-        when 'blobs'
+        when 'blobs', 'wiki_blobs'
           paginate(results).map { |blob| blob[1] }
         else
           paginate(results)
diff --git a/lib/feature.rb b/lib/feature.rb
index 6474de6e56d..314ae224d90 100644
--- a/lib/feature.rb
+++ b/lib/feature.rb
@@ -63,8 +63,15 @@ class Feature
     end
 
     def flipper
-      Thread.current[:flipper] ||=
-        Flipper.new(flipper_adapter).tap { |flip| flip.memoize = true }
+      if RequestStore.active?
+        RequestStore[:flipper] ||= build_flipper_instance
+      else
+        @flipper ||= build_flipper_instance
+      end
+    end
+
+    def build_flipper_instance
+      Flipper.new(flipper_adapter).tap { |flip| flip.memoize = true }
     end
 
     # This method is called from config/initializers/flipper.rb and can be used
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 0f7a7b0ce8d..7de66539848 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -240,7 +240,7 @@ module Gitlab
         return unless login == 'gitlab-ci-token'
         return unless password
 
-        build = ::Ci::Build.running.find_by_token(password)
+        build = find_build_by_token(password)
         return unless build
         return unless build.project.builds_enabled?
 
@@ -301,6 +301,12 @@ module Gitlab
 
         REGISTRY_SCOPES
       end
+
+      private
+
+      def find_build_by_token(token)
+        ::Ci::Build.running.find_by_token(token)
+      end
     end
   end
 end
diff --git a/lib/gitlab/background_migration/archive_legacy_traces.rb b/lib/gitlab/background_migration/archive_legacy_traces.rb
new file mode 100644
index 00000000000..5a4e5b2c471
--- /dev/null
+++ b/lib/gitlab/background_migration/archive_legacy_traces.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+# rubocop:disable Metrics/AbcSize
+# rubocop:disable Style/Documentation
+
+module Gitlab
+  module BackgroundMigration
+    class ArchiveLegacyTraces
+      def perform(start_id, stop_id)
+        # This background migration directly refers to ::Ci::Build model which is defined in application code.
+        # In general, migration code should be isolated as much as possible in order to be idempotent.
+        # However, `archive!` method is too complicated to be replicated by coping its subsequent code.
+        # So we chose a way to use ::Ci::Build directly and we don't change the `archive!` method until 11.1
+        ::Ci::Build.finished.without_archived_trace
+          .where(id: start_id..stop_id).find_each do |build|
+            begin
+              build.trace.archive!
+            rescue => e
+              Rails.logger.error "Failed to archive live trace. id: #{build.id} message: #{e.message}"
+            end
+          end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/pipeline/chain/populate.rb b/lib/gitlab/ci/pipeline/chain/populate.rb
index 69b8a8fc68f..f34c11ca3c2 100644
--- a/lib/gitlab/ci/pipeline/chain/populate.rb
+++ b/lib/gitlab/ci/pipeline/chain/populate.rb
@@ -8,6 +8,9 @@ module Gitlab
           PopulateError = Class.new(StandardError)
 
           def perform!
+            # Allocate next IID. This operation must be outside of transactions of pipeline creations.
+            pipeline.ensure_project_iid!
+
             ##
             # Populate pipeline with block argument of CreatePipelineService#execute.
             #
diff --git a/lib/gitlab/database/median.rb b/lib/gitlab/database/median.rb
index 74fed447289..3cac007a42c 100644
--- a/lib/gitlab/database/median.rb
+++ b/lib/gitlab/database/median.rb
@@ -143,8 +143,13 @@ module Gitlab
                 .order(arel_table[column_sym])
             ).as('row_id')
 
-          count = arel_table.from(arel_table.alias)
-                    .project('COUNT(*)')
+          arel_from = if Gitlab.rails5?
+                        arel_table.from.from(arel_table.alias)
+                      else
+                        arel_table.from(arel_table.alias)
+                      end
+
+          count = arel_from.project('COUNT(*)')
                     .where(arel_table[partition_column].eq(arel_table.alias[partition_column]))
                     .as('ct')
 
diff --git a/lib/gitlab/diff/file.rb b/lib/gitlab/diff/file.rb
index 765fb0289a8..2820293ad5c 100644
--- a/lib/gitlab/diff/file.rb
+++ b/lib/gitlab/diff/file.rb
@@ -78,9 +78,12 @@ module Gitlab
 
       # Returns the raw diff content up to the given line index
       def diff_hunk(diff_line)
-        # Adding 2 because of the @@ diff header and Enum#take should consider
-        # an extra line, because we're passing an index.
-        raw_diff.each_line.take(diff_line.index + 2).join
+        diff_line_index = diff_line.index
+        # @@ (match) header is not kept if it's found in the top of the file,
+        # therefore we should keep an extra line on this scenario.
+        diff_line_index += 1 unless diff_lines.first.match?
+
+        diff_lines.select { |line| line.index <= diff_line_index }.map(&:text).join("\n")
       end
 
       def old_sha
diff --git a/lib/gitlab/diff/line.rb b/lib/gitlab/diff/line.rb
index 0603141e441..a1e904cfef4 100644
--- a/lib/gitlab/diff/line.rb
+++ b/lib/gitlab/diff/line.rb
@@ -53,6 +53,10 @@ module Gitlab
         %w[match new-nonewline old-nonewline].include?(type)
       end
 
+      def match?
+        type == :match
+      end
+
       def discussable?
         !meta?
       end
diff --git a/lib/gitlab/file_finder.rb b/lib/gitlab/file_finder.rb
index 8c082c0c336..f42088f980e 100644
--- a/lib/gitlab/file_finder.rb
+++ b/lib/gitlab/file_finder.rb
@@ -32,17 +32,13 @@ module Gitlab
     end
 
     def find_by_filename(query, except: [])
-      filenames = repository.search_files_by_name(query, ref).first(BATCH_SIZE)
-      filenames.delete_if { |filename| except.include?(filename) } unless except.empty?
+      filenames = search_filenames(query, except)
 
-      blob_refs = filenames.map { |filename| [ref, filename] }
-      blobs = Gitlab::Git::Blob.batch(repository, blob_refs, blob_size_limit: 1024)
-
-      blobs.map do |blob|
+      blobs(filenames).map do |blob|
         Gitlab::SearchResults::FoundBlob.new(
           id: blob.id,
           filename: blob.path,
-          basename: File.basename(blob.path),
+          basename: File.basename(blob.path, File.extname(blob.path)),
           ref: ref,
           startline: 1,
           data: blob.data,
@@ -50,5 +46,21 @@ module Gitlab
         )
       end
     end
+
+    def search_filenames(query, except)
+      filenames = repository.search_files_by_name(query, ref).first(BATCH_SIZE)
+
+      filenames.delete_if { |filename| except.include?(filename) } unless except.empty?
+
+      filenames
+    end
+
+    def blob_refs(filenames)
+      filenames.map { |filename| [ref, filename] }
+    end
+
+    def blobs(filenames)
+      Gitlab::Git::Blob.batch(repository, blob_refs(filenames), blob_size_limit: 1024)
+    end
   end
 end
diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb
index 4cbf20bfe76..7acf11e3c91 100644
--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -1397,6 +1397,11 @@ module Gitlab
       def write_config(full_path:)
         return unless full_path.present?
 
+        # This guard avoids Gitaly log/error spam
+        unless exists?
+          raise NoRepository, 'repository does not exist'
+        end
+
         gitaly_migrate(:write_config) do |is_enabled|
           if is_enabled
             gitaly_repository_client.write_config(full_path: full_path)
diff --git a/lib/gitlab/github_import/importer/pull_request_importer.rb b/lib/gitlab/github_import/importer/pull_request_importer.rb
index 49d859f9624..b2f6cb7ad19 100644
--- a/lib/gitlab/github_import/importer/pull_request_importer.rb
+++ b/lib/gitlab/github_import/importer/pull_request_importer.rb
@@ -22,15 +22,22 @@ module Gitlab
         end
 
         def execute
-          if (mr_id = create_merge_request)
-            issuable_finder.cache_database_id(mr_id)
+          mr, already_exists = create_merge_request
+
+          if mr
+            insert_git_data(mr, already_exists)
+            issuable_finder.cache_database_id(mr.id)
           end
         end
 
         # Creates the merge request and returns its ID.
         #
         # This method will return `nil` if the merge request could not be
-        # created.
+        # created, otherwise it will return an Array containing the following
+        # values:
+        #
+        # 1. A MergeRequest instance.
+        # 2. A boolean indicating if the MR already exists.
         def create_merge_request
           author_id, author_found = user_finder.author_id_for(pull_request)
 
@@ -69,21 +76,42 @@ module Gitlab
             merge_request_id = GithubImport
               .insert_and_return_id(attributes, project.merge_requests)
 
-            merge_request = project.merge_requests.find(merge_request_id)
-
-            # These fields are set so we can create the correct merge request
-            # diffs.
-            merge_request.source_branch_sha = pull_request.source_branch_sha
-            merge_request.target_branch_sha = pull_request.target_branch_sha
-
-            merge_request.keep_around_commit
-            merge_request.merge_request_diffs.create
-
-            merge_request.id
+            [project.merge_requests.find(merge_request_id), false]
           end
         rescue ActiveRecord::InvalidForeignKey
           # It's possible the project has been deleted since scheduling this
           # job. In this case we'll just skip creating the merge request.
+          []
+        rescue ActiveRecord::RecordNotUnique
+          # It's possible we previously created the MR, but failed when updating
+          # the Git data. In this case we'll just continue working on the
+          # existing row.
+          [project.merge_requests.find_by(iid: pull_request.iid), true]
+        end
+
+        def insert_git_data(merge_request, already_exists = false)
+          # These fields are set so we can create the correct merge request
+          # diffs.
+          merge_request.source_branch_sha = pull_request.source_branch_sha
+          merge_request.target_branch_sha = pull_request.target_branch_sha
+
+          merge_request.keep_around_commit
+
+          # MR diffs normally use an "after_save" hook to pull data from Git.
+          # All of this happens in the transaction started by calling
+          # create/save/etc. This in turn can lead to these transactions being
+          # held open for much longer than necessary. To work around this we
+          # first save the diff, then populate it.
+          diff =
+            if already_exists
+              merge_request.merge_request_diffs.take
+            else
+              merge_request.merge_request_diffs.build
+            end
+
+          diff.importing = true
+          diff.save
+          diff.save_git_content
         end
       end
     end
diff --git a/lib/gitlab/project_search_results.rb b/lib/gitlab/project_search_results.rb
index 2e9b6e302f5..38bdc61d8ab 100644
--- a/lib/gitlab/project_search_results.rb
+++ b/lib/gitlab/project_search_results.rb
@@ -106,7 +106,8 @@ module Gitlab
           project_wiki = ProjectWiki.new(project)
 
           unless project_wiki.empty?
-            project_wiki.search_files(query)
+            ref = repository_ref || project.wiki.default_branch
+            Gitlab::WikiFileFinder.new(project, ref).find(query)
           else
             []
           end
diff --git a/lib/gitlab/slash_commands/command.rb b/lib/gitlab/slash_commands/command.rb
index bb778f37096..c82320a6036 100644
--- a/lib/gitlab/slash_commands/command.rb
+++ b/lib/gitlab/slash_commands/command.rb
@@ -1,13 +1,15 @@
 module Gitlab
   module SlashCommands
     class Command < BaseCommand
-      COMMANDS = [
-        Gitlab::SlashCommands::IssueShow,
-        Gitlab::SlashCommands::IssueNew,
-        Gitlab::SlashCommands::IssueSearch,
-        Gitlab::SlashCommands::IssueMove,
-        Gitlab::SlashCommands::Deploy
-      ].freeze
+      def self.commands
+        [
+          Gitlab::SlashCommands::IssueShow,
+          Gitlab::SlashCommands::IssueNew,
+          Gitlab::SlashCommands::IssueSearch,
+          Gitlab::SlashCommands::IssueMove,
+          Gitlab::SlashCommands::Deploy
+        ]
+      end
 
       def execute
         command, match = match_command
@@ -37,7 +39,7 @@ module Gitlab
       private
 
       def available_commands
-        COMMANDS.select do |klass|
+        self.class.commands.keep_if do |klass|
           klass.available?(project)
         end
       end
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index 8cf5d636743..27560abfb96 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -65,7 +65,7 @@ module Gitlab
       return false unless can_access_git?
       return false unless project
 
-      return false if !user.can?(:push_code, project) && !project.branch_allows_maintainer_push?(user, ref)
+      return false if !user.can?(:push_code, project) && !project.branch_allows_collaboration?(user, ref)
 
       if protected?(ProtectedBranch, project, ref)
         protected_branch_accessible_to?(ref, action: :push)
diff --git a/lib/gitlab/utils/override.rb b/lib/gitlab/utils/override.rb
index 8bf6bcb1fe2..7b2a62fed48 100644
--- a/lib/gitlab/utils/override.rb
+++ b/lib/gitlab/utils/override.rb
@@ -87,18 +87,28 @@ module Gitlab
       end
 
       def included(base = nil)
-        return super if base.nil? # Rails concern, ignoring it
+        super
+
+        queue_verification(base)
+      end
 
+      alias_method :prepended, :included
+
+      def extended(mod)
         super
 
+        queue_verification(mod.singleton_class)
+      end
+
+      def queue_verification(base)
+        return unless ENV['STATIC_VERIFICATION']
+
         if base.is_a?(Class) # We could check for Class in `override`
           # This could be `nil` if `override` was never called
           Override.extensions[self]&.add_class(base)
         end
       end
 
-      alias_method :prepended, :included
-
       def self.extensions
         @extensions ||= {}
       end
diff --git a/lib/gitlab/wiki_file_finder.rb b/lib/gitlab/wiki_file_finder.rb
new file mode 100644
index 00000000000..f97278f05cd
--- /dev/null
+++ b/lib/gitlab/wiki_file_finder.rb
@@ -0,0 +1,23 @@
+module Gitlab
+  class WikiFileFinder < FileFinder
+    attr_reader :repository
+
+    def initialize(project, ref)
+      @project = project
+      @ref = ref
+      @repository = project.wiki.repository
+    end
+
+    private
+
+    def search_filenames(query, except)
+      safe_query = Regexp.escape(query.tr(' ', '-'))
+      safe_query = Regexp.new(safe_query, Regexp::IGNORECASE)
+      filenames = repository.ls_files(ref)
+
+      filenames.delete_if { |filename| except.include?(filename) } unless except.empty?
+
+      filenames.grep(safe_query).first(BATCH_SIZE)
+    end
+  end
+end
diff --git a/lib/object_storage/direct_upload.rb b/lib/object_storage/direct_upload.rb
new file mode 100644
index 00000000000..61a69e7ffe4
--- /dev/null
+++ b/lib/object_storage/direct_upload.rb
@@ -0,0 +1,166 @@
+module ObjectStorage
+  #
+  # The DirectUpload c;ass generates a set of presigned URLs
+  # that can be used to upload data to object storage from untrusted component: Workhorse, Runner?
+  #
+  # For Google it assumes that the platform supports variable Content-Length.
+  #
+  # For AWS it initiates Multipart Upload and presignes a set of part uploads.
+  #   Class calculates the best part size to be able to upload up to asked maximum size.
+  #   The number of generated parts will never go above 100,
+  #   but we will always try to reduce amount of generated parts.
+  #   The part size is rounded-up to 5MB.
+  #
+  class DirectUpload
+    include Gitlab::Utils::StrongMemoize
+
+    TIMEOUT = 4.hours
+    EXPIRE_OFFSET = 15.minutes
+
+    MAXIMUM_MULTIPART_PARTS = 100
+    MINIMUM_MULTIPART_SIZE = 5.megabytes
+
+    attr_reader :credentials, :bucket_name, :object_name
+    attr_reader :has_length, :maximum_size
+
+    def initialize(credentials, bucket_name, object_name, has_length:, maximum_size: nil)
+      unless has_length
+        raise ArgumentError, 'maximum_size has to be specified if length is unknown' unless maximum_size
+      end
+
+      @credentials = credentials
+      @bucket_name = bucket_name
+      @object_name = object_name
+      @has_length = has_length
+      @maximum_size = maximum_size
+    end
+
+    def to_hash
+      {
+        Timeout: TIMEOUT,
+        GetURL: get_url,
+        StoreURL: store_url,
+        DeleteURL: delete_url,
+        MultipartUpload: multipart_upload_hash
+      }.compact
+    end
+
+    def multipart_upload_hash
+      return unless requires_multipart_upload?
+
+      {
+        PartSize: rounded_multipart_part_size,
+        PartURLs: multipart_part_urls,
+        CompleteURL: multipart_complete_url,
+        AbortURL: multipart_abort_url
+      }
+    end
+
+    def provider
+      credentials[:provider].to_s
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html
+    def get_url
+      connection.get_object_url(bucket_name, object_name, expire_at)
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html
+    def delete_url
+      connection.delete_object_url(bucket_name, object_name, expire_at)
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
+    def store_url
+      connection.put_object_url(bucket_name, object_name, expire_at, upload_options)
+    end
+
+    def multipart_part_urls
+      Array.new(number_of_multipart_parts) do |part_index|
+        multipart_part_upload_url(part_index + 1)
+      end
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/mpUploadUploadPart.html
+    def multipart_part_upload_url(part_number)
+      connection.signed_url({
+        method: 'PUT',
+        bucket_name: bucket_name,
+        object_name: object_name,
+        query: { uploadId: upload_id, partNumber: part_number },
+        headers: upload_options
+      }, expire_at)
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/mpUploadComplete.html
+    def multipart_complete_url
+      connection.signed_url({
+        method: 'POST',
+        bucket_name: bucket_name,
+        object_name: object_name,
+        query: { uploadId: upload_id },
+        headers: { 'Content-Type' => 'application/xml' }
+      }, expire_at)
+    end
+
+    # Implements https://docs.aws.amazon.com/AmazonS3/latest/API/mpUploadAbort.html
+    def multipart_abort_url
+      connection.signed_url({
+        method: 'DELETE',
+        bucket_name: bucket_name,
+        object_name: object_name,
+        query: { uploadId: upload_id }
+      }, expire_at)
+    end
+
+    private
+
+    def rounded_multipart_part_size
+      # round multipart_part_size up to minimum_mulitpart_size
+      (multipart_part_size + MINIMUM_MULTIPART_SIZE - 1) / MINIMUM_MULTIPART_SIZE * MINIMUM_MULTIPART_SIZE
+    end
+
+    def multipart_part_size
+      maximum_size / number_of_multipart_parts
+    end
+
+    def number_of_multipart_parts
+      [
+        # round maximum_size up to minimum_mulitpart_size
+        (maximum_size + MINIMUM_MULTIPART_SIZE - 1) / MINIMUM_MULTIPART_SIZE,
+        MAXIMUM_MULTIPART_PARTS
+      ].min
+    end
+
+    def aws?
+      provider == 'AWS'
+    end
+
+    def requires_multipart_upload?
+      aws? && !has_length
+    end
+
+    def upload_id
+      return unless requires_multipart_upload?
+
+      strong_memoize(:upload_id) do
+        new_upload = connection.initiate_multipart_upload(bucket_name, object_name)
+        new_upload.body["UploadId"]
+      end
+    end
+
+    def expire_at
+      strong_memoize(:expire_at) do
+        Time.now + TIMEOUT + EXPIRE_OFFSET
+      end
+    end
+
+    def upload_options
+      { 'Content-Type' => 'application/octet-stream' }
+    end
+
+    def connection
+      @connection ||= ::Fog::Storage.new(credentials)
+    end
+  end
+end
diff --git a/lib/tasks/gitlab/traces.rake b/lib/tasks/gitlab/traces.rake
index fd2a4f2d11a..ddcca69711f 100644
--- a/lib/tasks/gitlab/traces.rake
+++ b/lib/tasks/gitlab/traces.rake
@@ -8,9 +8,7 @@ namespace :gitlab do
       logger = Logger.new(STDOUT)
       logger.info('Archiving legacy traces')
 
-      Ci::Build.finished
-        .where('NOT EXISTS (?)',
-          Ci::JobArtifact.select(1).trace.where('ci_builds.id = ci_job_artifacts.job_id'))
+      Ci::Build.finished.without_archived_trace
         .order(id: :asc)
         .find_in_batches(batch_size: 1000) do |jobs|
         job_ids = jobs.map { |job| [job.id] }
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 035a2275d9f..8ae04cd2f88 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -331,7 +331,7 @@ msgstr ""
 msgid "All features are enabled for blank projects, from templates, or when importing, but you can disable them afterward in the project settings."
 msgstr ""
 
-msgid "Allow edits from maintainers."
+msgid "Allow commits from members who can merge to the target branch."
 msgstr ""
 
 msgid "Allow rendering of PlantUML diagrams in Asciidoc documents."
@@ -4894,7 +4894,7 @@ msgstr ""
 msgid "mrWidget|%{metricsLinkStart} Memory %{metricsLinkEnd} usage is %{emphasisStart} unchanged %{emphasisEnd} at %{memoryFrom}MB"
 msgstr ""
 
-msgid "mrWidget|Allows edits from maintainers"
+msgid "mrWidget|Allows commits from members who can merge to the target branch"
 msgstr ""
 
 msgid "mrWidget|Cancel automatic merge"
diff --git a/spec/controllers/groups/shared_projects_controller_spec.rb b/spec/controllers/groups/shared_projects_controller_spec.rb
index d8fa41abb18..003c8c262e7 100644
--- a/spec/controllers/groups/shared_projects_controller_spec.rb
+++ b/spec/controllers/groups/shared_projects_controller_spec.rb
@@ -38,7 +38,7 @@ describe Groups::SharedProjectsController do
     end
 
     it 'allows filtering shared projects' do
-      project = create(:project, :archived, namespace: user.namespace, name: "Searching for")
+      project = create(:project, namespace: user.namespace, name: "Searching for")
       share_project(project)
 
       get_shared_projects(filter: 'search')
@@ -55,5 +55,14 @@ describe Groups::SharedProjectsController do
 
       expect(json_project_ids).to eq([second_project.id, shared_project.id])
     end
+
+    it 'does not include archived projects' do
+      archived_project = create(:project, :archived, namespace: user.namespace)
+      share_project(archived_project)
+
+      get_shared_projects
+
+      expect(json_project_ids).to contain_exactly(shared_project.id)
+    end
   end
 end
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb
index 548c5ef36e7..02b30f9bc6d 100644
--- a/spec/controllers/projects/milestones_controller_spec.rb
+++ b/spec/controllers/projects/milestones_controller_spec.rb
@@ -57,19 +57,36 @@ describe Projects::MilestonesController do
     context "as json" do
       let!(:group) { create(:group, :public) }
       let!(:group_milestone) { create(:milestone, group: group) }
-      let!(:group_member) { create(:group_member, group: group, user: user) }
 
-      before do
-        project.update(namespace: group)
-        get :index, namespace_id: project.namespace.id, project_id: project.id, format: :json
+      context 'with a single group ancestor' do
+        before do
+          project.update(namespace: group)
+          get :index, namespace_id: project.namespace.id, project_id: project.id, format: :json
+        end
+
+        it "queries projects milestones and groups milestones" do
+          milestones = assigns(:milestones)
+
+          expect(milestones.count).to eq(2)
+          expect(milestones).to match_array([milestone, group_milestone])
+        end
       end
 
-      it "queries projects milestones and groups milestones" do
-        milestones = assigns(:milestones)
+      context 'with nested groups', :nested_groups do
+        let!(:subgroup) { create(:group, :public, parent: group) }
+        let!(:subgroup_milestone) { create(:milestone, group: subgroup) }
+
+        before do
+          project.update(namespace: subgroup)
+          get :index, namespace_id: project.namespace.id, project_id: project.id, format: :json
+        end
+
+        it "queries projects milestones and all ancestors milestones" do
+          milestones = assigns(:milestones)
 
-        expect(milestones.count).to eq(2)
-        expect(milestones.where(project_id: nil).first).to eq(group_milestone)
-        expect(milestones.where(group_id: nil).first).to eq(milestone)
+          expect(milestones.count).to eq(3)
+          expect(milestones).to match_array([milestone, group_milestone, subgroup_milestone])
+        end
       end
     end
   end
diff --git a/spec/features/merge_request/maintainer_edits_fork_spec.rb b/spec/features/merge_request/maintainer_edits_fork_spec.rb
index a3323da1b1f..1808d0c0a0c 100644
--- a/spec/features/merge_request/maintainer_edits_fork_spec.rb
+++ b/spec/features/merge_request/maintainer_edits_fork_spec.rb
@@ -14,7 +14,7 @@ describe 'a maintainer edits files on a source-branch of an MR from a fork', :js
            source_branch: 'fix',
            target_branch: 'master',
            author: author,
-           allow_maintainer_to_push: true)
+           allow_collaboration: true)
   end
 
   before do
diff --git a/spec/features/merge_request/user_allows_a_maintainer_to_push_spec.rb b/spec/features/merge_request/user_allows_commits_from_memebers_who_can_merge_spec.rb
index eb41d7de8ed..0af37d76539 100644
--- a/spec/features/merge_request/user_allows_a_maintainer_to_push_spec.rb
+++ b/spec/features/merge_request/user_allows_commits_from_memebers_who_can_merge_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe 'create a merge request that allows maintainers to push', :js do
+describe 'create a merge request, allowing commits from members who can merge to the target branch', :js do
   include ProjectForksHelper
   let(:user) { create(:user) }
   let(:target_project) { create(:project, :public, :repository) }
@@ -21,16 +21,16 @@ describe 'create a merge request that allows maintainers to push', :js do
     sign_in(user)
   end
 
-  it 'allows setting maintainer push possible' do
+  it 'allows setting possible' do
     visit_new_merge_request
 
-    check 'Allow edits from maintainers'
+    check 'Allow commits from members who can merge to the target branch'
 
     click_button 'Submit merge request'
 
     wait_for_requests
 
-    expect(page).to have_content('Allows edits from maintainers')
+    expect(page).to have_content('Allows commits from members who can merge to the target branch')
   end
 
   it 'shows a message when one of the projects is private' do
@@ -57,12 +57,12 @@ describe 'create a merge request that allows maintainers to push', :js do
 
       visit_new_merge_request
 
-      expect(page).not_to have_content('Allows edits from maintainers')
+      expect(page).not_to have_content('Allows commits from members who can merge to the target branch')
     end
   end
 
-  context 'when a maintainer tries to edit the option' do
-    let(:maintainer) { create(:user) }
+  context 'when a member who can merge tries to edit the option' do
+    let(:member) { create(:user) }
     let(:merge_request) do
       create(:merge_request,
              source_project: source_project,
@@ -71,15 +71,15 @@ describe 'create a merge request that allows maintainers to push', :js do
     end
 
     before do
-      target_project.add_master(maintainer)
+      target_project.add_master(member)
 
-      sign_in(maintainer)
+      sign_in(member)
     end
 
-    it 'it hides the option from maintainers' do
+    it 'it hides the option from members' do
       visit edit_project_merge_request_path(target_project, merge_request)
 
-      expect(page).not_to have_content('Allows edits from maintainers')
+      expect(page).not_to have_content('Allows commits from members who can merge to the target branch')
     end
   end
 end
diff --git a/spec/features/projects/jobs/user_browses_job_spec.rb b/spec/features/projects/jobs/user_browses_job_spec.rb
index bff5bbe99af..ce0b38b7239 100644
--- a/spec/features/projects/jobs/user_browses_job_spec.rb
+++ b/spec/features/projects/jobs/user_browses_job_spec.rb
@@ -32,8 +32,6 @@ describe 'User browses a job', :js do
     page.within('.erased') do
       expect(page).to have_content('Job has been erased')
     end
-
-    expect(build.project.running_or_pending_build_count).to eq(build.project.builds.running_or_pending.count(:all))
   end
 
   context 'with a failed job' do
diff --git a/spec/fixtures/api/schemas/entities/merge_request_basic.json b/spec/fixtures/api/schemas/entities/merge_request_basic.json
index 46031961cca..f7bc137c90c 100644
--- a/spec/fixtures/api/schemas/entities/merge_request_basic.json
+++ b/spec/fixtures/api/schemas/entities/merge_request_basic.json
@@ -13,6 +13,7 @@
     "assignee_id": { "type": ["integer", "null"] },
     "subscribed": { "type": ["boolean", "null"] },
     "participants": { "type": "array" },
+    "allow_collaboration": { "type": "boolean"},
     "allow_maintainer_to_push": { "type": "boolean"}
   },
   "additionalProperties": false
diff --git a/spec/fixtures/api/schemas/entities/merge_request_widget.json b/spec/fixtures/api/schemas/entities/merge_request_widget.json
index 7be8c9e3e67..ee5588fa6c6 100644
--- a/spec/fixtures/api/schemas/entities/merge_request_widget.json
+++ b/spec/fixtures/api/schemas/entities/merge_request_widget.json
@@ -31,7 +31,7 @@
     "source_project_id": { "type": "integer" },
     "target_branch": { "type": "string" },
     "target_project_id": { "type": "integer" },
-    "allow_maintainer_to_push": { "type": "boolean"},
+    "allow_collaboration": { "type": "boolean"},
     "metrics": {
       "oneOf": [
         { "type": "null" },
diff --git a/spec/fixtures/api/schemas/public_api/v4/merge_requests.json b/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
index f97461ce9cc..f7adc4e0b91 100644
--- a/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
+++ b/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
@@ -82,6 +82,7 @@
         "human_time_estimate": { "type": ["string", "null"] },
         "human_total_time_spent": { "type": ["string", "null"] }
       },
+      "allow_collaboration": { "type": ["boolean", "null"] },
       "allow_maintainer_to_push": { "type": ["boolean", "null"] }
     },
     "required": [
diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb
index f8877b6d1aa..4e5391295b6 100644
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -435,4 +435,46 @@ describe ProjectsHelper do
       expect(helper.send(:git_user_name)).to eq('John \"A\" Doe53')
     end
   end
+
+  describe 'show_xcode_link' do
+    let!(:project) { create(:project) }
+    let(:mac_ua) { 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36' }
+    let(:ios_ua) { 'Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3' }
+
+    context 'when the repository is xcode compatible' do
+      before do
+        allow(project.repository).to receive(:xcode_project?).and_return(true)
+      end
+
+      it 'returns false if the visitor is not using macos' do
+        allow(helper).to receive(:browser).and_return(Browser.new(ios_ua))
+
+        expect(helper.show_xcode_link?(project)).to eq(false)
+      end
+
+      it 'returns true if the visitor is using macos' do
+        allow(helper).to receive(:browser).and_return(Browser.new(mac_ua))
+
+        expect(helper.show_xcode_link?(project)).to eq(true)
+      end
+    end
+
+    context 'when the repository is not xcode compatible' do
+      before do
+        allow(project.repository).to receive(:xcode_project?).and_return(false)
+      end
+
+      it 'returns false if the visitor is not using macos' do
+        allow(helper).to receive(:browser).and_return(Browser.new(ios_ua))
+
+        expect(helper.show_xcode_link?(project)).to eq(false)
+      end
+
+      it 'returns false if the visitor is using macos' do
+        allow(helper).to receive(:browser).and_return(Browser.new(mac_ua))
+
+        expect(helper.show_xcode_link?(project)).to eq(false)
+      end
+    end
+  end
 end
diff --git a/spec/initializers/artifacts_direct_upload_support_spec.rb b/spec/initializers/artifacts_direct_upload_support_spec.rb
deleted file mode 100644
index bfb71da3388..00000000000
--- a/spec/initializers/artifacts_direct_upload_support_spec.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-require 'spec_helper'
-
-describe 'Artifacts direct upload support' do
-  subject do
-    load Rails.root.join('config/initializers/artifacts_direct_upload_support.rb')
-  end
-
-  let(:connection) do
-    { provider: provider }
-  end
-
-  before do
-    stub_artifacts_setting(
-      object_store: {
-        enabled: enabled,
-        direct_upload: direct_upload,
-        connection: connection
-      })
-  end
-
-  context 'when object storage is enabled' do
-    let(:enabled) { true }
-
-    context 'when direct upload is enabled' do
-      let(:direct_upload) { true }
-
-      context 'when provider is Google' do
-        let(:provider) { 'Google' }
-
-        it 'succeeds' do
-          expect { subject }.not_to raise_error
-        end
-      end
-
-      context 'when connection is empty' do
-        let(:connection) { nil }
-
-        it 'raises an error' do
-          expect { subject }.to raise_error /object storage provider when 'direct_upload' of artifacts is used/
-        end
-      end
-
-      context 'when other provider is used' do
-        let(:provider) { 'AWS' }
-
-        it 'raises an error' do
-          expect { subject }.to raise_error /object storage provider when 'direct_upload' of artifacts is used/
-        end
-      end
-    end
-
-    context 'when direct upload is disabled' do
-      let(:direct_upload) { false }
-      let(:provider) { 'AWS' }
-
-      it 'succeeds' do
-        expect { subject }.not_to raise_error
-      end
-    end
-  end
-
-  context 'when object storage is disabled' do
-    let(:enabled) { false }
-    let(:direct_upload) { false }
-    let(:provider) { 'AWS' }
-
-    it 'succeeds' do
-      expect { subject }.not_to raise_error
-    end
-  end
-end
diff --git a/spec/initializers/direct_upload_support_spec.rb b/spec/initializers/direct_upload_support_spec.rb
new file mode 100644
index 00000000000..e51d404e030
--- /dev/null
+++ b/spec/initializers/direct_upload_support_spec.rb
@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe 'Direct upload support' do
+  subject do
+    load Rails.root.join('config/initializers/direct_upload_support.rb')
+  end
+
+  where(:config_name) do
+    %w(lfs artifacts uploads)
+  end
+
+  with_them do
+    let(:connection) do
+      { provider: provider }
+    end
+
+    let(:object_store) do
+      {
+        enabled: enabled,
+        direct_upload: direct_upload,
+        connection: connection
+      }
+    end
+
+    before do
+      allow(Gitlab.config).to receive_messages(to_settings(config_name => {
+        object_store: object_store
+      }))
+    end
+
+    context 'when object storage is enabled' do
+      let(:enabled) { true }
+
+      context 'when direct upload is enabled' do
+        let(:direct_upload) { true }
+
+        context 'when provider is AWS' do
+          let(:provider) { 'AWS' }
+
+          it 'succeeds' do
+            expect { subject }.not_to raise_error
+          end
+        end
+
+        context 'when provider is Google' do
+          let(:provider) { 'Google' }
+
+          it 'succeeds' do
+            expect { subject }.not_to raise_error
+          end
+        end
+
+        context 'when connection is empty' do
+          let(:connection) { nil }
+
+          it 'raises an error' do
+            expect { subject }.to raise_error /are supported as a object storage provider when 'direct_upload' is used/
+          end
+        end
+
+        context 'when other provider is used' do
+          let(:provider) { 'Rackspace' }
+
+          it 'raises an error' do
+            expect { subject }.to raise_error /are supported as a object storage provider when 'direct_upload' is used/
+          end
+        end
+      end
+
+      context 'when direct upload is disabled' do
+        let(:direct_upload) { false }
+        let(:provider) { 'AWS' }
+
+        it 'succeeds' do
+          expect { subject }.not_to raise_error
+        end
+      end
+    end
+
+    context 'when object storage is disabled' do
+      let(:enabled) { false }
+      let(:direct_upload) { false }
+      let(:provider) { 'Rackspace' }
+
+      it 'succeeds' do
+        expect { subject }.not_to raise_error
+      end
+    end
+  end
+end
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index d56e14e0e0b..c3dfd7bedbe 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -1,5 +1,5 @@
 require 'spec_helper'
-require_relative '../../config/initializers/secret_token'
+require_relative '../../config/initializers/01_secret_token'
 
 describe 'create_tokens' do
   include StubENV
diff --git a/spec/javascripts/labels_select_spec.js b/spec/javascripts/labels_select_spec.js
index a2b89c0aef5..386e00bfd0c 100644
--- a/spec/javascripts/labels_select_spec.js
+++ b/spec/javascripts/labels_select_spec.js
@@ -40,5 +40,9 @@ describe('LabelsSelect', () => {
     it('generated label item template has correct label styles', () => {
       expect($labelEl.find('span.label').attr('style')).toBe(`background-color: ${label.color}; color: ${label.text_color};`);
     });
+
+    it('generated label item has a badge class', () => {
+      expect($labelEl.find('span').hasClass('badge')).toEqual(true);
+    });
   });
 });
diff --git a/spec/javascripts/notes/mock_data.js b/spec/javascripts/notes/mock_data.js
index bfe3a65feee..fa7adc32193 100644
--- a/spec/javascripts/notes/mock_data.js
+++ b/spec/javascripts/notes/mock_data.js
@@ -340,6 +340,79 @@ export const loggedOutnoteableData = {
     '/gitlab-org/gitlab-ce/preview_markdown?quick_actions_target_id=98&quick_actions_target_type=Issue',
 };
 
+export const collapseNotesMock = [
+  {
+    expanded: true,
+    id: '0fb4e0e3f9276e55ff32eb4195add694aece4edd',
+    individual_note: true,
+    notes: [
+      {
+        id: 1390,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Root',
+          username: 'root',
+          state: 'active',
+          avatar_url: 'test',
+          path: '/root',
+        },
+        created_at: '2018-02-26T18:07:41.071Z',
+        updated_at: '2018-02-26T18:07:41.071Z',
+        system: true,
+        system_note_icon_name: 'pencil',
+        noteable_id: 98,
+        noteable_type: 'Issue',
+        type: null,
+        human_access: 'Owner',
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false },
+        discussion_id: 'b97fb7bda470a65b3e009377a9032edec0a4dd05',
+        emoji_awardable: false,
+        path: '/h5bp/html5-boilerplate/notes/1057',
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fh5bp%2Fhtml5-boilerplate%2Fissues%2F10%23note_1057&user_id=1',
+      },
+    ],
+  },
+  {
+    expanded: true,
+    id: 'ffde43f25984ad7f2b4275135e0e2846875336c0',
+    individual_note: true,
+    notes: [
+      {
+        id: 1391,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Root',
+          username: 'root',
+          state: 'active',
+          avatar_url: 'test',
+          path: '/root',
+        },
+        created_at: '2018-02-26T18:13:24.071Z',
+        updated_at: '2018-02-26T18:13:24.071Z',
+        system: true,
+        system_note_icon_name: 'pencil',
+        noteable_id: 99,
+        noteable_type: 'Issue',
+        type: null,
+        human_access: 'Owner',
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false },
+        discussion_id: '3eb958b4d81dec207ec3537a2f3bd8b9f271bb34',
+        emoji_awardable: false,
+        path: '/h5bp/html5-boilerplate/notes/1057',
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fh5bp%2Fhtml5-boilerplate%2Fissues%2F10%23note_1057&user_id=1',
+      },
+    ],
+  },
+];
+
 export const INDIVIDUAL_NOTE_RESPONSE_MAP = {
   GET: {
     '/gitlab-org/gitlab-ce/issues/26/discussions.json': [
@@ -575,3 +648,508 @@ export function discussionNoteInterceptor(request, next) {
     }),
   );
 }
+
+export const notesWithDescriptionChanges = [
+  {
+    id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+    reply_id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+    expanded: true,
+    notes: [
+      {
+        id: 901,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:05:36.117Z',
+        updated_at: '2018-05-29T12:05:36.117Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note:
+          'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.',
+        note_html:
+          '<p dir="auto">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_901&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/901/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/901',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+    reply_id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+    expanded: true,
+    notes: [
+      {
+        id: 902,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:05:58.694Z',
+        updated_at: '2018-05-29T12:05:58.694Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note:
+          'Varius vel pharetra vel turpis nunc eget lorem. Ipsum dolor sit amet consectetur adipiscing.',
+        note_html:
+          '<p dir="auto">Varius vel pharetra vel turpis nunc eget lorem. Ipsum dolor sit amet consectetur adipiscing.</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_902&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/902/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/902',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '7f1feda384083eb31763366e6392399fde6f3f31',
+    reply_id: '7f1feda384083eb31763366e6392399fde6f3f31',
+    expanded: true,
+    notes: [
+      {
+        id: 903,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:06:05.772Z',
+        updated_at: '2018-05-29T12:06:05.772Z',
+        system: true,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        system_note_icon_name: 'pencil-square',
+        discussion_id: '7f1feda384083eb31763366e6392399fde6f3f31',
+        emoji_awardable: false,
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_903&user_id=1',
+        human_access: 'Owner',
+        path: '/gitlab-org/gitlab-shell/notes/903',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+    reply_id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+    expanded: true,
+    notes: [
+      {
+        id: 904,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:06:16.112Z',
+        updated_at: '2018-05-29T12:06:16.112Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'Ullamcorper eget nulla facilisi etiam',
+        note_html: '<p dir="auto">Ullamcorper eget nulla facilisi etiam</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_904&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/904/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/904',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+    reply_id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+    expanded: true,
+    notes: [
+      {
+        id: 905,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:06:28.851Z',
+        updated_at: '2018-05-29T12:06:28.851Z',
+        system: true,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        system_note_icon_name: 'pencil-square',
+        discussion_id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+        emoji_awardable: false,
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_905&user_id=1',
+        human_access: 'Owner',
+        path: '/gitlab-org/gitlab-shell/notes/905',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+    reply_id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+    expanded: true,
+    notes: [
+      {
+        id: 906,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:20:02.925Z',
+        updated_at: '2018-05-29T12:20:02.925Z',
+        system: true,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        system_note_icon_name: 'pencil-square',
+        discussion_id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+        emoji_awardable: false,
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_906&user_id=1',
+        human_access: 'Owner',
+        path: '/gitlab-org/gitlab-shell/notes/906',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+];
+
+export const collapsedSystemNotes = [
+  {
+    id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+    reply_id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+    expanded: true,
+    notes: [
+      {
+        id: 901,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:05:36.117Z',
+        updated_at: '2018-05-29T12:05:36.117Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note:
+          'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.',
+        note_html:
+          '<p dir="auto">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '39b271c2033e9ed43d8edb393702f65f7a830459',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_901&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/901/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/901',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+    reply_id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+    expanded: true,
+    notes: [
+      {
+        id: 902,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:05:58.694Z',
+        updated_at: '2018-05-29T12:05:58.694Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note:
+          'Varius vel pharetra vel turpis nunc eget lorem. Ipsum dolor sit amet consectetur adipiscing.',
+        note_html:
+          '<p dir="auto">Varius vel pharetra vel turpis nunc eget lorem. Ipsum dolor sit amet consectetur adipiscing.</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '4852335d7dc40b9ceb8fde1a2bb9c1b67e4c7795',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_902&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/902/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/902',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+    reply_id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+    expanded: true,
+    notes: [
+      {
+        id: 904,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:06:16.112Z',
+        updated_at: '2018-05-29T12:06:16.112Z',
+        system: false,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'Ullamcorper eget nulla facilisi etiam',
+        note_html: '<p dir="auto">Ullamcorper eget nulla facilisi etiam</p>',
+        current_user: { can_edit: true, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        discussion_id: '091865fe3ae20f0045234a3d103e3b15e73405b5',
+        emoji_awardable: true,
+        award_emoji: [],
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_904&user_id=1',
+        human_access: 'Owner',
+        toggle_award_path: '/gitlab-org/gitlab-shell/notes/904/toggle_award_emoji',
+        path: '/gitlab-org/gitlab-shell/notes/904',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+    reply_id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+    expanded: true,
+    notes: [
+      {
+        id: 905,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:06:28.851Z',
+        updated_at: '2018-05-29T12:06:28.851Z',
+        system: true,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'changed the description',
+        note_html: '\n  <p dir="auto">changed the description 2 times within 1 minute </p>',
+        current_user: { can_edit: false, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        system_note_icon_name: 'pencil-square',
+        discussion_id: 'a21cf2e804acc3c60d07e37d75e395f5a9a4d044',
+        emoji_awardable: false,
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_905&user_id=1',
+        human_access: 'Owner',
+        path: '/gitlab-org/gitlab-shell/notes/905',
+        times_updated: 2,
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+  {
+    id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+    reply_id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+    expanded: true,
+    notes: [
+      {
+        id: 906,
+        type: null,
+        attachment: null,
+        author: {
+          id: 1,
+          name: 'Administrator',
+          username: 'root',
+          state: 'active',
+          avatar_url:
+            'https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon',
+          path: '/root',
+        },
+        created_at: '2018-05-29T12:20:02.925Z',
+        updated_at: '2018-05-29T12:20:02.925Z',
+        system: true,
+        noteable_id: 182,
+        noteable_type: 'Issue',
+        resolvable: false,
+        noteable_iid: 12,
+        note: 'changed the description',
+        note_html: '<p dir="auto">changed the description</p>',
+        current_user: { can_edit: false, can_award_emoji: true },
+        resolved: false,
+        resolved_by: null,
+        system_note_icon_name: 'pencil-square',
+        discussion_id: '70411b08cdfc01f24187a06d77daa33464cb2620',
+        emoji_awardable: false,
+        report_abuse_path:
+          '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-shell%2Fissues%2F12%23note_906&user_id=1',
+        human_access: 'Owner',
+        path: '/gitlab-org/gitlab-shell/notes/906',
+      },
+    ],
+    individual_note: true,
+    resolvable: false,
+    resolved: false,
+    diff_discussion: false,
+  },
+];
diff --git a/spec/javascripts/notes/stores/collapse_utils_spec.js b/spec/javascripts/notes/stores/collapse_utils_spec.js
new file mode 100644
index 00000000000..06a6aab932a
--- /dev/null
+++ b/spec/javascripts/notes/stores/collapse_utils_spec.js
@@ -0,0 +1,46 @@
+import {
+  isDescriptionSystemNote,
+  changeDescriptionNote,
+  getTimeDifferenceMinutes,
+  collapseSystemNotes,
+} from '~/notes/stores/collapse_utils';
+import {
+  notesWithDescriptionChanges,
+  collapsedSystemNotes,
+} from '../mock_data';
+
+describe('Collapse utils', () => {
+  const mockSystemNote = {
+    note: 'changed the description',
+    note_html: '<p dir="auto">changed the description</p>',
+    system: true,
+    created_at: '2018-05-14T21:28:00.000Z',
+  };
+
+  it('checks if a system note is of a description type', () => {
+    expect(isDescriptionSystemNote(mockSystemNote)).toEqual(true);
+  });
+
+  it('returns false when a system note is not a description type', () => {
+    expect(isDescriptionSystemNote(Object.assign({}, mockSystemNote, { note: 'foo' }))).toEqual(false);
+  });
+
+  it('changes the description to contain the number of changed times', () => {
+    const changedNote = changeDescriptionNote(mockSystemNote, 3, 5);
+
+    expect(changedNote.times_updated).toEqual(3);
+    expect(changedNote.note_html.trim()).toContain('<p dir="auto">changed the description 3 times within 5 minutes </p>');
+  });
+
+  it('gets the time difference between two notes', () => {
+    const anotherSystemNote = {
+      created_at: '2018-05-14T21:33:00.000Z',
+    };
+
+    expect(getTimeDifferenceMinutes(mockSystemNote, anotherSystemNote)).toEqual(5);
+  });
+
+  it('collapses all description system notes made within 10 minutes or less from each other', () => {
+    expect(collapseSystemNotes(notesWithDescriptionChanges)).toEqual(collapsedSystemNotes);
+  });
+});
diff --git a/spec/javascripts/notes/stores/getters_spec.js b/spec/javascripts/notes/stores/getters_spec.js
index 8b2a8d2cd7a..e5550580bf8 100644
--- a/spec/javascripts/notes/stores/getters_spec.js
+++ b/spec/javascripts/notes/stores/getters_spec.js
@@ -1,8 +1,9 @@
 import * as getters from '~/notes/stores/getters';
-import { notesDataMock, userDataMock, noteableDataMock, individualNote } from '../mock_data';
+import { notesDataMock, userDataMock, noteableDataMock, individualNote, collapseNotesMock } from '../mock_data';
 
 describe('Getters Notes Store', () => {
   let state;
+
   beforeEach(() => {
     state = {
       notes: [individualNote],
@@ -20,6 +21,22 @@ describe('Getters Notes Store', () => {
     });
   });
 
+  describe('Collapsed notes', () => {
+    const stateCollapsedNotes = {
+      notes: collapseNotesMock,
+      targetNoteHash: 'hash',
+      lastFetchedAt: 'timestamp',
+
+      notesData: notesDataMock,
+      userData: userDataMock,
+      noteableData: noteableDataMock,
+    };
+
+    it('should return a single system note when a description was updated multiple times', () => {
+      expect(getters.notes(stateCollapsedNotes).length).toEqual(1);
+    });
+  });
+
   describe('targetNoteHash', () => {
     it('should return `targetNoteHash`', () => {
       expect(getters.targetNoteHash(state)).toEqual('hash');
diff --git a/spec/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value_spec.js b/spec/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value_spec.js
index 4397b00acfa..370a296bd8f 100644
--- a/spec/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value_spec.js
+++ b/spec/javascripts/vue_shared/components/sidebar/labels_select/dropdown_value_spec.js
@@ -82,7 +82,7 @@ describe('DropdownValueComponent', () => {
     });
 
     it('renders label element with tooltip and styles based on label details', () => {
-      const labelEl = vm.$el.querySelector('a span.label.color-label');
+      const labelEl = vm.$el.querySelector('a span.badge.color-label');
       expect(labelEl).not.toBeNull();
       expect(labelEl.dataset.placement).toBe('bottom');
       expect(labelEl.dataset.container).toBe('body');
diff --git a/spec/lib/feature_spec.rb b/spec/lib/feature_spec.rb
index 10020511bf8..6eb10497428 100644
--- a/spec/lib/feature_spec.rb
+++ b/spec/lib/feature_spec.rb
@@ -64,4 +64,28 @@ describe Feature do
       expect(described_class.all).to eq(features.to_a)
     end
   end
+
+  describe '.flipper' do
+    shared_examples 'a memoized Flipper instance' do
+      it 'memoizes the Flipper instance' do
+        expect(Flipper).to receive(:new).once.and_call_original
+
+        2.times do
+          described_class.flipper
+        end
+      end
+    end
+
+    context 'when request store is inactive' do
+      before do
+        described_class.instance_variable_set(:@flipper, nil)
+      end
+
+      it_behaves_like 'a memoized Flipper instance'
+    end
+
+    context 'when request store is inactive', :request_store do
+      it_behaves_like 'a memoized Flipper instance'
+    end
+  end
 end
diff --git a/spec/lib/gitlab/background_migration/archive_legacy_traces_spec.rb b/spec/lib/gitlab/background_migration/archive_legacy_traces_spec.rb
new file mode 100644
index 00000000000..877c061d11b
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/archive_legacy_traces_spec.rb
@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+describe Gitlab::BackgroundMigration::ArchiveLegacyTraces, :migration, schema: 20180529152628 do
+  include TraceHelpers
+
+  let(:namespaces) { table(:namespaces) }
+  let(:projects) { table(:projects) }
+  let(:builds) { table(:ci_builds) }
+  let(:job_artifacts) { table(:ci_job_artifacts) }
+
+  before do
+    namespaces.create!(id: 123, name: 'gitlab1', path: 'gitlab1')
+    projects.create!(id: 123, name: 'gitlab1', path: 'gitlab1', namespace_id: 123)
+    @build = builds.create!(id: 1, project_id: 123, status: 'success', type: 'Ci::Build')
+  end
+
+  context 'when trace file exsits at the right place' do
+    before do
+      create_legacy_trace(@build, 'trace in file')
+    end
+
+    it 'correctly archive legacy traces' do
+      expect(job_artifacts.count).to eq(0)
+      expect(File.exist?(legacy_trace_path(@build))).to be_truthy
+
+      described_class.new.perform(1, 1)
+
+      expect(job_artifacts.count).to eq(1)
+      expect(File.exist?(legacy_trace_path(@build))).to be_falsy
+      expect(File.read(archived_trace_path(job_artifacts.first))).to eq('trace in file')
+    end
+  end
+
+  context 'when trace file does not exsits at the right place' do
+    it 'does not raise errors nor create job artifact' do
+      expect { described_class.new.perform(1, 1) }.not_to raise_error
+
+      expect(job_artifacts.count).to eq(0)
+    end
+  end
+
+  context 'when trace data exsits in database' do
+    before do
+      create_legacy_trace_in_db(@build, 'trace in db')
+    end
+
+    it 'correctly archive legacy traces' do
+      expect(job_artifacts.count).to eq(0)
+      expect(@build.read_attribute(:trace)).not_to be_empty
+
+      described_class.new.perform(1, 1)
+
+      @build.reload
+      expect(job_artifacts.count).to eq(1)
+      expect(@build.read_attribute(:trace)).to be_nil
+      expect(File.read(archived_trace_path(job_artifacts.first))).to eq('trace in db')
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
index 4d7d6951a51..c5a4d9b4778 100644
--- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
@@ -42,6 +42,10 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
     it 'correctly assigns user' do
       expect(pipeline.builds).to all(have_attributes(user: user))
     end
+
+    it 'has pipeline iid' do
+      expect(pipeline.iid).to be > 0
+    end
   end
 
   context 'when pipeline is empty' do
@@ -68,6 +72,10 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
       expect(pipeline.errors.to_a)
         .to include 'No stages / jobs for this pipeline.'
     end
+
+    it 'wastes pipeline iid' do
+      expect(InternalId.ci_pipelines.where(project_id: project.id).last.last_value).to be > 0
+    end
   end
 
   context 'when pipeline has validation errors' do
@@ -87,6 +95,10 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
       expect(pipeline.errors.to_a)
         .to include 'Failed to build the pipeline!'
     end
+
+    it 'wastes pipeline iid' do
+      expect(InternalId.ci_pipelines.where(project_id: project.id).last.last_value).to be > 0
+    end
   end
 
   context 'when there is a seed blocks present' do
@@ -111,6 +123,12 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
         expect(pipeline.variables.first.key).to eq 'VAR'
         expect(pipeline.variables.first.value).to eq '123'
       end
+
+      it 'has pipeline iid' do
+        step.perform!
+
+        expect(pipeline.iid).to be > 0
+      end
     end
 
     context 'when seeds block tries to persist some resources' do
@@ -121,6 +139,12 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
       it 'raises exception' do
         expect { step.perform! }.to raise_error(ActiveRecord::RecordNotSaved)
       end
+
+      it 'wastes pipeline iid' do
+        expect { step.perform! }.to raise_error
+
+        expect(InternalId.ci_pipelines.where(project_id: project.id).last.last_value).to be > 0
+      end
     end
   end
 
@@ -132,22 +156,39 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
     end
   end
 
-  context 'when using only/except build policies' do
-    let(:config) do
-      { rspec: { script: 'rspec', stage: 'test', only: ['master'] },
-        prod: { script: 'cap prod', stage: 'deploy', only: ['tags'] } }
-    end
+  context 'when variables policy is specified' do
+    shared_examples_for 'a correct pipeline' do
+      it 'populates pipeline according to used policies' do
+        step.perform!
 
-    let(:pipeline) do
-      build(:ci_pipeline, ref: 'master', config: config)
+        expect(pipeline.stages.size).to eq 1
+        expect(pipeline.stages.first.builds.size).to eq 1
+        expect(pipeline.stages.first.builds.first.name).to eq 'rspec'
+      end
     end
 
-    it 'populates pipeline according to used policies' do
-      step.perform!
+    context 'when using only/except build policies' do
+      let(:config) do
+        { rspec: { script: 'rspec', stage: 'test', only: ['master'] },
+          prod: { script: 'cap prod', stage: 'deploy', only: ['tags'] } }
+      end
+
+      let(:pipeline) do
+        build(:ci_pipeline, ref: 'master', config: config)
+      end
 
-      expect(pipeline.stages.size).to eq 1
-      expect(pipeline.stages.first.builds.size).to eq 1
-      expect(pipeline.stages.first.builds.first.name).to eq 'rspec'
+      it_behaves_like 'a correct pipeline'
+
+      context 'when variables expression is specified' do
+        context 'when pipeline iid is the subject' do
+          let(:config) do
+            { rspec: { script: 'rspec', only: { variables: ["$CI_PIPELINE_IID == '1'"] } },
+              prod: { script: 'cap prod', only: { variables: ["$CI_PIPELINE_IID == '1000'"] } } }
+          end
+
+          it_behaves_like 'a correct pipeline'
+        end
+      end
     end
   end
 end
diff --git a/spec/lib/gitlab/cycle_analytics/usage_data_spec.rb b/spec/lib/gitlab/cycle_analytics/usage_data_spec.rb
index 56a316318cb..a785b17f682 100644
--- a/spec/lib/gitlab/cycle_analytics/usage_data_spec.rb
+++ b/spec/lib/gitlab/cycle_analytics/usage_data_spec.rb
@@ -3,7 +3,12 @@ require 'spec_helper'
 describe Gitlab::CycleAnalytics::UsageData do
   describe '#to_json' do
     before do
-      Timecop.freeze do
+      # Since git commits only have second precision, round up to the
+      # nearest second to ensure we have accurate median and standard
+      # deviation calculations.
+      current_time = Time.at(Time.now.to_i)
+
+      Timecop.freeze(current_time) do
         user = create(:user, :admin)
         projects = create_list(:project, 2, :repository)
 
@@ -37,13 +42,7 @@ describe Gitlab::CycleAnalytics::UsageData do
 
           expected_values.each_pair do |op, value|
             expect(stage_values).to have_key(op)
-
-            if op == :missing
-              expect(stage_values[op]).to eq(value)
-            else
-              # delta is used because of git timings that Timecop does not stub
-              expect(stage_values[op].to_i).to be_within(5).of(value.to_i)
-            end
+            expect(stage_values[op]).to eq(value)
           end
         end
       end
@@ -58,8 +57,8 @@ describe Gitlab::CycleAnalytics::UsageData do
             missing: 0
           },
           plan: {
-            average: 2,
-            sd: 2,
+            average: 1,
+            sd: 0,
             missing: 0
           },
           code: {
diff --git a/spec/lib/gitlab/diff/file_spec.rb b/spec/lib/gitlab/diff/file_spec.rb
index 0588fe935c3..f0e83ccfc7a 100644
--- a/spec/lib/gitlab/diff/file_spec.rb
+++ b/spec/lib/gitlab/diff/file_spec.rb
@@ -470,56 +470,69 @@ describe Gitlab::Diff::File do
   end
 
   describe '#diff_hunk' do
-    let(:raw_diff) do
-      <<EOS
-@@ -6,12 +6,18 @@ module Popen
-
-   def popen(cmd, path=nil)
-     unless cmd.is_a?(Array)
--      raise "System commands must be given as an array of strings"
-+      raise RuntimeError, "System commands must be given as an array of strings"
-     end
-
-     path ||= Dir.pwd
--    vars = { "PWD" => path }
--    options = { chdir: path }
-+
-+    vars = {
-+      "PWD" => path
-+    }
-+
-+    options = {
-+      chdir: path
-+    }
-
-     unless File.directory?(path)
-       FileUtils.mkdir_p(path)
-@@ -19,6 +25,7 @@ module Popen
-
-     @cmd_output = ""
-     @cmd_status = 0
-+
-     Open3.popen3(vars, *cmd, options) do |stdin, stdout, stderr, wait_thr|
-       @cmd_output << stdout.read
-       @cmd_output << stderr.read
-EOS
-    end
-
-    it 'returns raw diff up to given line index' do
-      allow(diff_file).to receive(:raw_diff) { raw_diff }
-      diff_line = instance_double(Gitlab::Diff::Line, index: 5)
-
-      diff_hunk = <<EOS
-@@ -6,12 +6,18 @@ module Popen
-
-   def popen(cmd, path=nil)
-     unless cmd.is_a?(Array)
--      raise "System commands must be given as an array of strings"
-+      raise RuntimeError, "System commands must be given as an array of strings"
-     end
-EOS
-
-      expect(diff_file.diff_hunk(diff_line)).to eq(diff_hunk)
+    context 'when first line is a match' do
+      let(:raw_diff) do
+        <<~EOS
+          --- a/files/ruby/popen.rb
+          +++ b/files/ruby/popen.rb
+          @@ -6,12 +6,18 @@ module Popen
+
+             def popen(cmd, path=nil)
+               unless cmd.is_a?(Array)
+          -      raise "System commands must be given as an array of strings"
+          +      raise RuntimeError, "System commands must be given as an array of strings"
+               end
+        EOS
+      end
+
+      it 'returns raw diff up to given line index' do
+        allow(diff_file).to receive(:raw_diff) { raw_diff }
+        diff_line = instance_double(Gitlab::Diff::Line, index: 4)
+
+        diff_hunk = <<~EOS
+          @@ -6,12 +6,18 @@ module Popen
+
+             def popen(cmd, path=nil)
+               unless cmd.is_a?(Array)
+          -      raise "System commands must be given as an array of strings"
+          +      raise RuntimeError, "System commands must be given as an array of strings"
+        EOS
+
+        expect(diff_file.diff_hunk(diff_line)).to eq(diff_hunk.strip)
+      end
+    end
+
+    context 'when first line is not a match' do
+      let(:raw_diff) do
+        <<~EOS
+          @@ -1,4 +1,4 @@
+          -Copyright (c) 2011-2017 GitLab B.V.
+          +Copyright (c) 2011-2019 GitLab B.V.
+
+          With regard to the GitLab Software:
+
+          @@ -9,17 +9,21 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+          copies of the Software, and to permit persons to whom the Software is
+          furnished to do so, subject to the following conditions:
+        EOS
+      end
+
+      it 'returns raw diff up to given line index' do
+        allow(diff_file).to receive(:raw_diff) { raw_diff }
+        diff_line = instance_double(Gitlab::Diff::Line, index: 5)
+
+        diff_hunk = <<~EOS
+          -Copyright (c) 2011-2017 GitLab B.V.
+          +Copyright (c) 2011-2019 GitLab B.V.
+
+          With regard to the GitLab Software:
+
+          @@ -9,17 +9,21 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+          copies of the Software, and to permit persons to whom the Software is
+        EOS
+
+        expect(diff_file.diff_hunk(diff_line)).to eq(diff_hunk.strip)
+      end
     end
   end
 end
diff --git a/spec/lib/gitlab/file_finder_spec.rb b/spec/lib/gitlab/file_finder_spec.rb
index 07cb10e563e..d6d9e4001a3 100644
--- a/spec/lib/gitlab/file_finder_spec.rb
+++ b/spec/lib/gitlab/file_finder_spec.rb
@@ -3,27 +3,11 @@ require 'spec_helper'
 describe Gitlab::FileFinder do
   describe '#find' do
     let(:project) { create(:project, :public, :repository) }
-    let(:finder) { described_class.new(project, project.default_branch) }
 
-    it 'finds by name' do
-      results = finder.find('files')
-
-      filename,  blob = results.find { |_, blob| blob.filename == 'files/images/wm.svg' }
-      expect(filename).to eq('files/images/wm.svg')
-      expect(blob).to be_a(Gitlab::SearchResults::FoundBlob)
-      expect(blob.ref).to eq(finder.ref)
-      expect(blob.data).not_to be_empty
-    end
-
-    it 'finds by content' do
-      results = finder.find('files')
-
-      filename, blob = results.find { |_, blob| blob.filename == 'CHANGELOG' }
-
-      expect(filename).to eq('CHANGELOG')
-      expect(blob).to be_a(Gitlab::SearchResults::FoundBlob)
-      expect(blob.ref).to eq(finder.ref)
-      expect(blob.data).not_to be_empty
+    it_behaves_like 'file finder' do
+      subject { described_class.new(project, project.default_branch) }
+      let(:expected_file_by_name) { 'files/images/wm.svg' }
+      let(:expected_file_by_content) { 'CHANGELOG' }
     end
   end
 end
diff --git a/spec/lib/gitlab/git/repository_spec.rb b/spec/lib/gitlab/git/repository_spec.rb
index 7a9621d9c78..20b0b2c53a0 100644
--- a/spec/lib/gitlab/git/repository_spec.rb
+++ b/spec/lib/gitlab/git/repository_spec.rb
@@ -2002,6 +2002,18 @@ describe Gitlab::Git::Repository, seed_helper: true do
           expect(config).to include("fullpath = #{repository_path}")
         end
       end
+
+      context 'repository does not exist' do
+        it 'raises NoRepository and does not call Gitaly WriteConfig' do
+          repository = Gitlab::Git::Repository.new('default', 'does/not/exist.git', '')
+
+          expect(repository.gitaly_repository_client).not_to receive(:write_config)
+
+          expect do
+            repository.write_config(full_path: 'foo/bar.git')
+          end.to raise_error(Gitlab::Git::Repository::NoRepository)
+        end
+      end
     end
 
     context "when gitaly_write_config is enabled" do
diff --git a/spec/lib/gitlab/github_import/importer/issue_importer_spec.rb b/spec/lib/gitlab/github_import/importer/issue_importer_spec.rb
index d34ca0b76b8..81fe97c1e49 100644
--- a/spec/lib/gitlab/github_import/importer/issue_importer_spec.rb
+++ b/spec/lib/gitlab/github_import/importer/issue_importer_spec.rb
@@ -180,12 +180,12 @@ describe Gitlab::GithubImport::Importer::IssueImporter, :clean_gitlab_redis_cach
 
       allow(importer.user_finder)
         .to receive(:user_id_for)
-        .ordered.with(issue.assignees[0])
+        .with(issue.assignees[0])
         .and_return(4)
 
       allow(importer.user_finder)
         .to receive(:user_id_for)
-        .ordered.with(issue.assignees[1])
+        .with(issue.assignees[1])
         .and_return(5)
 
       expect(Gitlab::Database)
diff --git a/spec/lib/gitlab/github_import/importer/pull_request_importer_spec.rb b/spec/lib/gitlab/github_import/importer/pull_request_importer_spec.rb
index 35f3fdf8304..6686b7ce0b5 100644
--- a/spec/lib/gitlab/github_import/importer/pull_request_importer_spec.rb
+++ b/spec/lib/gitlab/github_import/importer/pull_request_importer_spec.rb
@@ -40,13 +40,19 @@ describe Gitlab::GithubImport::Importer::PullRequestImporter, :clean_gitlab_redi
 
   describe '#execute' do
     it 'imports the pull request' do
+      mr = double(:merge_request, id: 10)
+
       expect(importer)
         .to receive(:create_merge_request)
-        .and_return(10)
+        .and_return([mr, false])
+
+      expect(importer)
+        .to receive(:insert_git_data)
+        .with(mr, false)
 
       expect_any_instance_of(Gitlab::GithubImport::IssuableFinder)
         .to receive(:cache_database_id)
-        .with(10)
+        .with(mr.id)
 
       importer.execute
     end
@@ -99,18 +105,11 @@ describe Gitlab::GithubImport::Importer::PullRequestImporter, :clean_gitlab_redi
         importer.create_merge_request
       end
 
-      it 'returns the ID of the created merge request' do
-        id = importer.create_merge_request
-
-        expect(id).to be_a_kind_of(Numeric)
-      end
-
-      it 'creates the merge request diffs' do
-        importer.create_merge_request
-
-        mr = project.merge_requests.take
+      it 'returns the created merge request' do
+        mr, exists = importer.create_merge_request
 
-        expect(mr.merge_request_diffs.exists?).to eq(true)
+        expect(mr).to be_instance_of(MergeRequest)
+        expect(exists).to eq(false)
       end
     end
 
@@ -217,5 +216,65 @@ describe Gitlab::GithubImport::Importer::PullRequestImporter, :clean_gitlab_redi
         expect { importer.create_merge_request }.not_to raise_error
       end
     end
+
+    context 'when the merge request already exists' do
+      before do
+        allow(importer.user_finder)
+          .to receive(:author_id_for)
+          .with(pull_request)
+          .and_return([user.id, true])
+
+        allow(importer.user_finder)
+          .to receive(:assignee_id_for)
+          .with(pull_request)
+          .and_return(user.id)
+      end
+
+      it 'returns the existing merge request' do
+        mr1, exists1 = importer.create_merge_request
+        mr2, exists2 = importer.create_merge_request
+
+        expect(mr2).to eq(mr1)
+        expect(exists1).to eq(false)
+        expect(exists2).to eq(true)
+      end
+    end
+  end
+
+  describe '#insert_git_data' do
+    before do
+      allow(importer.milestone_finder)
+        .to receive(:id_for)
+        .with(pull_request)
+        .and_return(milestone.id)
+
+      allow(importer.user_finder)
+        .to receive(:author_id_for)
+        .with(pull_request)
+        .and_return([user.id, true])
+
+      allow(importer.user_finder)
+        .to receive(:assignee_id_for)
+        .with(pull_request)
+        .and_return(user.id)
+    end
+
+    it 'creates the merge request diffs' do
+      mr, exists = importer.create_merge_request
+
+      importer.insert_git_data(mr, exists)
+
+      expect(mr.merge_request_diffs.exists?).to eq(true)
+    end
+
+    it 'creates the merge request diff commits' do
+      mr, exists = importer.create_merge_request
+
+      importer.insert_git_data(mr, exists)
+
+      diff = mr.merge_request_diffs.take
+
+      expect(diff.merge_request_diff_commits.exists?).to eq(true)
+    end
   end
 end
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index 74e7a45fd6c..5b289ceb3b2 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -170,7 +170,7 @@ MergeRequest:
 - last_edited_by_id
 - head_pipeline_id
 - discussion_locked
-- allow_maintainer_to_push
+- allow_collaboration
 MergeRequestDiff:
 - id
 - state
@@ -242,6 +242,7 @@ Ci::Pipeline:
 - config_source
 - failure_reason
 - protected
+- iid
 Ci::Stage:
 - id
 - name
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index e3f705d2299..50224bde722 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -22,47 +22,57 @@ describe Gitlab::ProjectSearchResults do
     it { expect(results.query).to eq('hello world') }
   end
 
-  describe 'blob search' do
-    let(:project) { create(:project, :public, :repository) }
-
-    subject(:results) { described_class.new(user, project, 'files').objects('blobs') }
-
-    context 'when repository is disabled' do
-      let(:project) { create(:project, :public, :repository, :repository_disabled) }
+  shared_examples 'general blob search' do |entity_type, blob_kind|
+    let(:query) { 'files' }
+    subject(:results) { described_class.new(user, project, query).objects(blob_type) }
 
-      it 'hides blobs from members' do
+    context "when #{entity_type} is disabled" do
+      let(:project) { disabled_project }
+      it "hides #{blob_kind} from members" do
         project.add_reporter(user)
 
         is_expected.to be_empty
       end
 
-      it 'hides blobs from non-members' do
+      it "hides #{blob_kind} from non-members" do
         is_expected.to be_empty
       end
     end
 
-    context 'when repository is internal' do
-      let(:project) { create(:project, :public, :repository, :repository_private) }
+    context "when #{entity_type} is internal" do
+      let(:project) { private_project }
 
-      it 'finds blobs for members' do
+      it "finds #{blob_kind} for members" do
         project.add_reporter(user)
 
         is_expected.not_to be_empty
       end
 
-      it 'hides blobs from non-members' do
+      it "hides #{blob_kind} from non-members" do
         is_expected.to be_empty
       end
     end
 
     it 'finds by name' do
-      expect(results.map(&:first)).to include('files/images/wm.svg')
+      expect(results.map(&:first)).to include(expected_file_by_name)
     end
 
     it 'finds by content' do
-      blob = results.select { |result| result.first == "CHANGELOG" }.flatten.last
+      blob = results.select { |result| result.first == expected_file_by_content }.flatten.last
 
-      expect(blob.filename).to eq("CHANGELOG")
+      expect(blob.filename).to eq(expected_file_by_content)
+    end
+  end
+
+  describe 'blob search' do
+    let(:project) { create(:project, :public, :repository) }
+
+    it_behaves_like 'general blob search', 'repository', 'blobs' do
+      let(:blob_type) { 'blobs' }
+      let(:disabled_project) { create(:project, :public, :repository, :repository_disabled) }
+      let(:private_project) { create(:project, :public, :repository, :repository_private) }
+      let(:expected_file_by_name) { 'files/images/wm.svg' }
+      let(:expected_file_by_content) { 'CHANGELOG' }
     end
 
     describe 'parsing results' do
@@ -189,40 +199,18 @@ describe Gitlab::ProjectSearchResults do
   describe 'wiki search' do
     let(:project) { create(:project, :public, :wiki_repo) }
     let(:wiki) { build(:project_wiki, project: project) }
-    let!(:wiki_page) { wiki.create_page('Title', 'Content') }
-
-    subject(:results) { described_class.new(user, project, 'Content').objects('wiki_blobs') }
-
-    context 'when wiki is disabled' do
-      let(:project) { create(:project, :public, :wiki_repo, :wiki_disabled) }
 
-      it 'hides wiki blobs from members' do
-        project.add_reporter(user)
-
-        is_expected.to be_empty
-      end
-
-      it 'hides wiki blobs from non-members' do
-        is_expected.to be_empty
-      end
-    end
-
-    context 'when wiki is internal' do
-      let(:project) { create(:project, :public, :wiki_repo, :wiki_private) }
-
-      it 'finds wiki blobs for guest' do
-        project.add_guest(user)
-
-        is_expected.not_to be_empty
-      end
-
-      it 'hides wiki blobs from non-members' do
-        is_expected.to be_empty
-      end
+    before do
+      wiki.create_page('Files/Title', 'Content')
+      wiki.create_page('CHANGELOG', 'Files example')
     end
 
-    it 'finds by content' do
-      expect(results).to include("master:Title.md\x001\x00Content\n")
+    it_behaves_like 'general blob search', 'wiki', 'wiki blobs' do
+      let(:blob_type) { 'wiki_blobs' }
+      let(:disabled_project) { create(:project, :public, :wiki_repo, :wiki_disabled) }
+      let(:private_project) { create(:project, :public, :wiki_repo, :wiki_private) }
+      let(:expected_file_by_name) { 'Files/Title.md' }
+      let(:expected_file_by_content) { 'CHANGELOG.md' }
     end
   end
 
diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb
index 97b6069f64d..0469d984a40 100644
--- a/spec/lib/gitlab/user_access_spec.rb
+++ b/spec/lib/gitlab/user_access_spec.rb
@@ -142,7 +142,7 @@ describe Gitlab::UserAccess do
           target_project: canonical_project,
           source_project: project,
           source_branch: 'awesome-feature',
-          allow_maintainer_to_push: true
+          allow_collaboration: true
         )
       end
 
diff --git a/spec/lib/gitlab/utils/override_spec.rb b/spec/lib/gitlab/utils/override_spec.rb
index 7c97cee982a..fc08ebcfc6d 100644
--- a/spec/lib/gitlab/utils/override_spec.rb
+++ b/spec/lib/gitlab/utils/override_spec.rb
@@ -1,7 +1,13 @@
-require 'spec_helper'
+require 'fast_spec_helper'
 
 describe Gitlab::Utils::Override do
-  let(:base) { Struct.new(:good) }
+  let(:base) do
+    Struct.new(:good) do
+      def self.good
+        0
+      end
+    end
+  end
 
   let(:derived) { Class.new(base).tap { |m| m.extend described_class } }
   let(:extension) { Module.new.tap { |m| m.extend described_class } }
@@ -9,6 +15,14 @@ describe Gitlab::Utils::Override do
   let(:prepending_class) { base.tap { |m| m.prepend extension } }
   let(:including_class) { base.tap { |m| m.include extension } }
 
+  let(:prepending_class_methods) do
+    base.tap { |m| m.singleton_class.prepend extension }
+  end
+
+  let(:extending_class_methods) do
+    base.tap { |m| m.extend extension }
+  end
+
   let(:klass) { subject }
 
   def good(mod)
@@ -36,7 +50,7 @@ describe Gitlab::Utils::Override do
   shared_examples 'checking as intended' do
     it 'checks ok for overriding method' do
       good(subject)
-      result = klass.new(0).good
+      result = instance.good
 
       expect(result).to eq(1)
       described_class.verify!
@@ -45,7 +59,25 @@ describe Gitlab::Utils::Override do
     it 'raises NotImplementedError when it is not overriding anything' do
       expect do
         bad(subject)
-        klass.new(0).bad
+        instance.bad
+        described_class.verify!
+      end.to raise_error(NotImplementedError)
+    end
+  end
+
+  shared_examples 'checking as intended, nothing was overridden' do
+    it 'raises NotImplementedError because it is not overriding it' do
+      expect do
+        good(subject)
+        instance.good
+        described_class.verify!
+      end.to raise_error(NotImplementedError)
+    end
+
+    it 'raises NotImplementedError when it is not overriding anything' do
+      expect do
+        bad(subject)
+        instance.bad
         described_class.verify!
       end.to raise_error(NotImplementedError)
     end
@@ -54,7 +86,7 @@ describe Gitlab::Utils::Override do
   shared_examples 'nothing happened' do
     it 'does not complain when it is overriding something' do
       good(subject)
-      result = klass.new(0).good
+      result = instance.good
 
       expect(result).to eq(1)
       described_class.verify!
@@ -62,7 +94,7 @@ describe Gitlab::Utils::Override do
 
     it 'does not complain when it is not overriding anything' do
       bad(subject)
-      result = klass.new(0).bad
+      result = instance.bad
 
       expect(result).to eq(true)
       described_class.verify!
@@ -75,83 +107,97 @@ describe Gitlab::Utils::Override do
   end
 
   describe '#override' do
-    context 'when STATIC_VERIFICATION is set' do
-      before do
-        stub_env('STATIC_VERIFICATION', 'true')
-      end
+    context 'when instance is klass.new(0)' do
+      let(:instance) { klass.new(0) }
 
-      context 'when subject is a class' do
-        subject { derived }
+      context 'when STATIC_VERIFICATION is set' do
+        before do
+          stub_env('STATIC_VERIFICATION', 'true')
+        end
 
-        it_behaves_like 'checking as intended'
-      end
+        context 'when subject is a class' do
+          subject { derived }
+
+          it_behaves_like 'checking as intended'
+        end
+
+        context 'when subject is a module, and class is prepending it' do
+          subject { extension }
+          let(:klass) { prepending_class }
+
+          it_behaves_like 'checking as intended'
+        end
 
-      context 'when subject is a module, and class is prepending it' do
-        subject { extension }
-        let(:klass) { prepending_class }
+        context 'when subject is a module, and class is including it' do
+          subject { extension }
+          let(:klass) { including_class }
 
-        it_behaves_like 'checking as intended'
+          it_behaves_like 'checking as intended, nothing was overridden'
+        end
       end
 
-      context 'when subject is a module, and class is including it' do
-        subject { extension }
-        let(:klass) { including_class }
+      context 'when STATIC_VERIFICATION is not set' do
+        before do
+          stub_env('STATIC_VERIFICATION', nil)
+        end
 
-        it 'raises NotImplementedError because it is not overriding it' do
-          expect do
-            good(subject)
-            klass.new(0).good
-            described_class.verify!
-          end.to raise_error(NotImplementedError)
+        context 'when subject is a class' do
+          subject { derived }
+
+          it_behaves_like 'nothing happened'
         end
 
-        it 'raises NotImplementedError when it is not overriding anything' do
-          expect do
-            bad(subject)
-            klass.new(0).bad
-            described_class.verify!
-          end.to raise_error(NotImplementedError)
+        context 'when subject is a module, and class is prepending it' do
+          subject { extension }
+          let(:klass) { prepending_class }
+
+          it_behaves_like 'nothing happened'
         end
-      end
-    end
-  end
 
-  context 'when STATIC_VERIFICATION is not set' do
-    before do
-      stub_env('STATIC_VERIFICATION', nil)
-    end
+        context 'when subject is a module, and class is including it' do
+          subject { extension }
+          let(:klass) { including_class }
 
-    context 'when subject is a class' do
-      subject { derived }
+          it 'does not complain when it is overriding something' do
+            good(subject)
+            result = instance.good
 
-      it_behaves_like 'nothing happened'
-    end
+            expect(result).to eq(0)
+            described_class.verify!
+          end
 
-    context 'when subject is a module, and class is prepending it' do
-      subject { extension }
-      let(:klass) { prepending_class }
+          it 'does not complain when it is not overriding anything' do
+            bad(subject)
+            result = instance.bad
 
-      it_behaves_like 'nothing happened'
+            expect(result).to eq(true)
+            described_class.verify!
+          end
+        end
+      end
     end
 
-    context 'when subject is a module, and class is including it' do
-      subject { extension }
-      let(:klass) { including_class }
+    context 'when instance is klass' do
+      let(:instance) { klass }
 
-      it 'does not complain when it is overriding something' do
-        good(subject)
-        result = klass.new(0).good
+      context 'when STATIC_VERIFICATION is set' do
+        before do
+          stub_env('STATIC_VERIFICATION', 'true')
+        end
 
-        expect(result).to eq(0)
-        described_class.verify!
-      end
+        context 'when subject is a module, and class is prepending it' do
+          subject { extension }
+          let(:klass) { prepending_class_methods }
 
-      it 'does not complain when it is not overriding anything' do
-        bad(subject)
-        result = klass.new(0).bad
+          it_behaves_like 'checking as intended'
+        end
 
-        expect(result).to eq(true)
-        described_class.verify!
+        context 'when subject is a module, and class is extending it' do
+          subject { extension }
+          let(:klass) { extending_class_methods }
+
+          it_behaves_like 'checking as intended, nothing was overridden'
+        end
       end
     end
   end
diff --git a/spec/lib/gitlab/wiki_file_finder_spec.rb b/spec/lib/gitlab/wiki_file_finder_spec.rb
new file mode 100644
index 00000000000..025d1203dc5
--- /dev/null
+++ b/spec/lib/gitlab/wiki_file_finder_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe Gitlab::WikiFileFinder do
+  describe '#find' do
+    let(:project) { create(:project, :public, :wiki_repo) }
+    let(:wiki) { build(:project_wiki, project: project) }
+
+    before do
+      wiki.create_page('Files/Title', 'Content')
+      wiki.create_page('CHANGELOG', 'Files example')
+    end
+
+    it_behaves_like 'file finder' do
+      subject { described_class.new(project, project.wiki.default_branch) }
+
+      let(:expected_file_by_name) { 'Files/Title.md' }
+      let(:expected_file_by_content) { 'CHANGELOG.md' }
+    end
+  end
+end
diff --git a/spec/lib/object_storage/direct_upload_spec.rb b/spec/lib/object_storage/direct_upload_spec.rb
new file mode 100644
index 00000000000..5187821e8f4
--- /dev/null
+++ b/spec/lib/object_storage/direct_upload_spec.rb
@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+describe ObjectStorage::DirectUpload do
+  let(:credentials) do
+    {
+      provider: 'AWS',
+      aws_access_key_id: 'AWS_ACCESS_KEY_ID',
+      aws_secret_access_key: 'AWS_SECRET_ACCESS_KEY'
+    }
+  end
+
+  let(:storage_url) { 'https://uploads.s3.amazonaws.com/' }
+
+  let(:bucket_name) { 'uploads' }
+  let(:object_name) { 'tmp/uploads/my-file' }
+  let(:maximum_size) { 1.gigabyte }
+
+  let(:direct_upload) { described_class.new(credentials, bucket_name, object_name, has_length: has_length, maximum_size: maximum_size) }
+
+  describe '#has_length' do
+    context 'is known' do
+      let(:has_length) { true }
+      let(:maximum_size) { nil }
+
+      it "maximum size is not required" do
+        expect { direct_upload }.not_to raise_error
+      end
+    end
+
+    context 'is unknown' do
+      let(:has_length) { false }
+
+      context 'and maximum size is specified' do
+        let(:maximum_size) { 1.gigabyte }
+
+        it "does not raise an error" do
+          expect { direct_upload }.not_to raise_error
+        end
+      end
+
+      context 'and maximum size is not specified' do
+        let(:maximum_size) { nil }
+
+        it "raises an error" do
+          expect { direct_upload }.to raise_error /maximum_size has to be specified if length is unknown/
+        end
+      end
+    end
+  end
+
+  describe '#to_hash' do
+    subject { direct_upload.to_hash }
+
+    shared_examples 'a valid upload' do
+      it "returns valid structure" do
+        expect(subject).to have_key(:Timeout)
+        expect(subject[:GetURL]).to start_with(storage_url)
+        expect(subject[:StoreURL]).to start_with(storage_url)
+        expect(subject[:DeleteURL]).to start_with(storage_url)
+      end
+    end
+
+    shared_examples 'a valid upload with multipart data' do
+      before do
+        stub_object_storage_multipart_init(storage_url, "myUpload")
+      end
+
+      it_behaves_like 'a valid upload'
+
+      it "returns valid structure" do
+        expect(subject).to have_key(:MultipartUpload)
+        expect(subject[:MultipartUpload]).to have_key(:PartSize)
+        expect(subject[:MultipartUpload][:PartURLs]).to all(start_with(storage_url))
+        expect(subject[:MultipartUpload][:PartURLs]).to all(include('uploadId=myUpload'))
+        expect(subject[:MultipartUpload][:CompleteURL]).to start_with(storage_url)
+        expect(subject[:MultipartUpload][:CompleteURL]).to include('uploadId=myUpload')
+        expect(subject[:MultipartUpload][:AbortURL]).to start_with(storage_url)
+        expect(subject[:MultipartUpload][:AbortURL]).to include('uploadId=myUpload')
+      end
+    end
+
+    shared_examples 'a valid upload without multipart data' do
+      it_behaves_like 'a valid upload'
+
+      it "returns valid structure" do
+        expect(subject).not_to have_key(:MultipartUpload)
+      end
+    end
+
+    context 'when AWS is used' do
+      context 'when length is known' do
+        let(:has_length) { true }
+
+        it_behaves_like 'a valid upload without multipart data'
+      end
+
+      context 'when length is unknown' do
+        let(:has_length) { false }
+
+        it_behaves_like 'a valid upload with multipart data' do
+          context 'when maximum upload size is 10MB' do
+            let(:maximum_size) { 10.megabyte }
+
+            it 'returns only 2 parts' do
+              expect(subject[:MultipartUpload][:PartURLs].length).to eq(2)
+            end
+
+            it 'part size is mimimum, 5MB' do
+              expect(subject[:MultipartUpload][:PartSize]).to eq(5.megabyte)
+            end
+          end
+
+          context 'when maximum upload size is 12MB' do
+            let(:maximum_size) { 12.megabyte }
+
+            it 'returns only 3 parts' do
+              expect(subject[:MultipartUpload][:PartURLs].length).to eq(3)
+            end
+
+            it 'part size is rounded-up to 5MB' do
+              expect(subject[:MultipartUpload][:PartSize]).to eq(5.megabyte)
+            end
+          end
+
+          context 'when maximum upload size is 49GB' do
+            let(:maximum_size) { 49.gigabyte }
+
+            it 'returns maximum, 100 parts' do
+              expect(subject[:MultipartUpload][:PartURLs].length).to eq(100)
+            end
+
+            it 'part size is rounded-up to 5MB' do
+              expect(subject[:MultipartUpload][:PartSize]).to eq(505.megabyte)
+            end
+          end
+        end
+      end
+    end
+
+    context 'when Google is used' do
+      let(:credentials) do
+        {
+          provider: 'Google',
+          google_storage_access_key_id: 'GOOGLE_ACCESS_KEY_ID',
+          google_storage_secret_access_key: 'GOOGLE_SECRET_ACCESS_KEY'
+        }
+      end
+
+      let(:storage_url) { 'https://storage.googleapis.com/uploads/' }
+
+      context 'when length is known' do
+        let(:has_length) { true }
+
+        it_behaves_like 'a valid upload without multipart data'
+      end
+
+      context 'when length is unknown' do
+        let(:has_length) { false }
+
+        it_behaves_like 'a valid upload without multipart data'
+      end
+    end
+  end
+end
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index 69eafbe4bbe..775ca4ba0eb 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -68,7 +68,7 @@ describe Notify do
         end
 
         it 'contains the description' do
-          is_expected.to have_html_escaped_body_text issue.description
+          is_expected.to have_body_text issue.description
         end
 
         it 'does not add a reason header' do
@@ -89,7 +89,7 @@ describe Notify do
           end
 
           it 'contains a link to note author' do
-            is_expected.to have_html_escaped_body_text(issue.author_name)
+            is_expected.to have_body_text(issue.author_name)
             is_expected.to have_body_text 'created an issue:'
           end
         end
@@ -115,8 +115,8 @@ describe Notify do
         it 'has the correct subject and body' do
           aggregate_failures do
             is_expected.to have_referable_subject(issue, reply: true)
-            is_expected.to have_html_escaped_body_text(previous_assignee.name)
-            is_expected.to have_html_escaped_body_text(assignee.name)
+            is_expected.to have_body_text(previous_assignee.name)
+            is_expected.to have_body_text(assignee.name)
             is_expected.to have_body_text(project_issue_path(project, issue))
           end
         end
@@ -190,7 +190,7 @@ describe Notify do
           aggregate_failures do
             is_expected.to have_referable_subject(issue, reply: true)
             is_expected.to have_body_text(status)
-            is_expected.to have_html_escaped_body_text(current_user.name)
+            is_expected.to have_body_text(current_user.name)
             is_expected.to have_body_text(project_issue_path project, issue)
           end
         end
@@ -243,7 +243,7 @@ describe Notify do
         end
 
         it 'contains the description' do
-          is_expected.to have_html_escaped_body_text merge_request.description
+          is_expected.to have_body_text merge_request.description
         end
 
         context 'when sent with a reason' do
@@ -260,7 +260,7 @@ describe Notify do
           end
 
           it 'contains a link to note author' do
-            is_expected.to have_html_escaped_body_text merge_request.author_name
+            is_expected.to have_body_text merge_request.author_name
             is_expected.to have_body_text 'created a merge request:'
           end
         end
@@ -286,9 +286,9 @@ describe Notify do
         it 'has the correct subject and body' do
           aggregate_failures do
             is_expected.to have_referable_subject(merge_request, reply: true)
-            is_expected.to have_html_escaped_body_text(previous_assignee.name)
+            is_expected.to have_body_text(previous_assignee.name)
             is_expected.to have_body_text(project_merge_request_path(project, merge_request))
-            is_expected.to have_html_escaped_body_text(assignee.name)
+            is_expected.to have_body_text(assignee.name)
           end
         end
 
@@ -358,7 +358,7 @@ describe Notify do
           aggregate_failures do
             is_expected.to have_referable_subject(merge_request, reply: true)
             is_expected.to have_body_text(status)
-            is_expected.to have_html_escaped_body_text(current_user.name)
+            is_expected.to have_body_text(current_user.name)
             is_expected.to have_body_text(project_merge_request_path(project, merge_request))
           end
         end
@@ -526,7 +526,7 @@ describe Notify do
 
       it 'has the correct subject and body' do
         is_expected.to have_referable_subject(project_snippet, reply: true)
-        is_expected.to have_html_escaped_body_text project_snippet_note.note
+        is_expected.to have_body_text project_snippet_note.note
       end
     end
 
@@ -539,7 +539,7 @@ describe Notify do
 
       it 'has the correct subject and body' do
         is_expected.to have_subject("#{project.name} | Project was moved")
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text(project.ssh_url_to_repo)
       end
     end
@@ -566,7 +566,7 @@ describe Notify do
         expect(to_emails).to eq([recipient.notification_email])
 
         is_expected.to have_subject "Request to join the #{project.full_name} project"
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project_project_members_url(project)
         is_expected.to have_body_text project_member.human_access
       end
@@ -586,7 +586,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Access to the #{project.full_name} project was denied"
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.web_url
       end
     end
@@ -603,7 +603,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Access to the #{project.full_name} project was granted"
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.web_url
         is_expected.to have_body_text project_member.human_access
       end
@@ -633,7 +633,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Invitation to join the #{project.full_name} project"
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project_member.human_access
         is_expected.to have_body_text project_member.invite_token
@@ -657,10 +657,10 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject 'Invitation accepted'
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.web_url
         is_expected.to have_body_text project_member.invite_email
-        is_expected.to have_html_escaped_body_text invited_user.name
+        is_expected.to have_body_text invited_user.name
       end
     end
 
@@ -680,7 +680,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject 'Invitation declined'
-        is_expected.to have_html_escaped_body_text project.full_name
+        is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.web_url
         is_expected.to have_body_text project_member.invite_email
       end
@@ -932,7 +932,7 @@ describe Notify do
         end
 
         it 'contains the message from the note' do
-          is_expected.to have_html_escaped_body_text note.note
+          is_expected.to have_body_text note.note
         end
 
         it 'contains an introduction' do
@@ -991,7 +991,7 @@ describe Notify do
         expect(to_emails).to eq([recipient.notification_email])
 
         is_expected.to have_subject "Request to join the #{group.name} group"
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group_group_members_url(group)
         is_expected.to have_body_text group_member.human_access
       end
@@ -1010,7 +1010,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Access to the #{group.name} group was denied"
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
       end
     end
@@ -1026,7 +1026,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Access to the #{group.name} group was granted"
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
         is_expected.to have_body_text group_member.human_access
       end
@@ -1056,7 +1056,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject "Invitation to join the #{group.name} group"
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
         is_expected.to have_body_text group_member.human_access
         is_expected.to have_body_text group_member.invite_token
@@ -1080,10 +1080,10 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject 'Invitation accepted'
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
         is_expected.to have_body_text group_member.invite_email
-        is_expected.to have_html_escaped_body_text invited_user.name
+        is_expected.to have_body_text invited_user.name
       end
     end
 
@@ -1103,7 +1103,7 @@ describe Notify do
 
       it 'contains all the useful information' do
         is_expected.to have_subject 'Invitation declined'
-        is_expected.to have_html_escaped_body_text group.name
+        is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
         is_expected.to have_body_text group_member.invite_email
       end
@@ -1396,7 +1396,7 @@ describe Notify do
 
     it 'has the correct subject and body' do
       is_expected.to have_referable_subject(personal_snippet, reply: true)
-      is_expected.to have_html_escaped_body_text personal_snippet_note.note
+      is_expected.to have_body_text personal_snippet_note.note
     end
   end
 end
diff --git a/spec/migrations/schedule_to_archive_legacy_traces_spec.rb b/spec/migrations/schedule_to_archive_legacy_traces_spec.rb
new file mode 100644
index 00000000000..d3eac3c45ea
--- /dev/null
+++ b/spec/migrations/schedule_to_archive_legacy_traces_spec.rb
@@ -0,0 +1,45 @@
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20180529152628_schedule_to_archive_legacy_traces')
+
+describe ScheduleToArchiveLegacyTraces, :migration do
+  include TraceHelpers
+
+  let(:namespaces) { table(:namespaces) }
+  let(:projects) { table(:projects) }
+  let(:builds) { table(:ci_builds) }
+  let(:job_artifacts) { table(:ci_job_artifacts) }
+
+  before do
+    namespaces.create!(id: 123, name: 'gitlab1', path: 'gitlab1')
+    projects.create!(id: 123, name: 'gitlab1', path: 'gitlab1', namespace_id: 123)
+    @build_success = builds.create!(id: 1, project_id: 123, status: 'success', type: 'Ci::Build')
+    @build_failed = builds.create!(id: 2, project_id: 123, status: 'failed', type: 'Ci::Build')
+    @builds_canceled = builds.create!(id: 3, project_id: 123, status: 'canceled', type: 'Ci::Build')
+    @build_running = builds.create!(id: 4, project_id: 123, status: 'running', type: 'Ci::Build')
+
+    create_legacy_trace(@build_success, 'This job is done')
+    create_legacy_trace(@build_failed, 'This job is done')
+    create_legacy_trace(@builds_canceled, 'This job is done')
+    create_legacy_trace(@build_running, 'This job is not done yet')
+  end
+
+  it 'correctly archive legacy traces' do
+    expect(job_artifacts.count).to eq(0)
+    expect(File.exist?(legacy_trace_path(@build_success))).to be_truthy
+    expect(File.exist?(legacy_trace_path(@build_failed))).to be_truthy
+    expect(File.exist?(legacy_trace_path(@builds_canceled))).to be_truthy
+    expect(File.exist?(legacy_trace_path(@build_running))).to be_truthy
+
+    migrate!
+
+    expect(job_artifacts.count).to eq(3)
+    expect(File.exist?(legacy_trace_path(@build_success))).to be_falsy
+    expect(File.exist?(legacy_trace_path(@build_failed))).to be_falsy
+    expect(File.exist?(legacy_trace_path(@builds_canceled))).to be_falsy
+    expect(File.exist?(legacy_trace_path(@build_running))).to be_truthy
+    expect(File.exist?(archived_trace_path(job_artifacts.where(job_id: @build_success.id).first))).to be_truthy
+    expect(File.exist?(archived_trace_path(job_artifacts.where(job_id: @build_failed.id).first))).to be_truthy
+    expect(File.exist?(archived_trace_path(job_artifacts.where(job_id: @builds_canceled.id).first))).to be_truthy
+    expect(job_artifacts.where(job_id: @build_running.id)).not_to be_exist
+  end
+end
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 968267a6d24..3e6656e0f12 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -110,10 +110,9 @@ describe ApplicationSetting do
     # Upgraded databases will have this sort of content
     context 'repository_storages is a String, not an Array' do
       before do
-        setting.__send__(:raw_write_attribute, :repository_storages, 'default')
+        described_class.where(id: setting.id).update_all(repository_storages: 'default')
       end
 
-      it { expect(setting.repository_storages_before_type_cast).to eq('default') }
       it { expect(setting.repository_storages).to eq(['default']) }
     end
 
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index b5eac913639..5e27cca6771 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -1559,6 +1559,7 @@ describe Ci::Build do
         { key: 'CI_PROJECT_NAMESPACE', value: project.namespace.full_path, public: true },
         { key: 'CI_PROJECT_URL', value: project.web_url, public: true },
         { key: 'CI_PROJECT_VISIBILITY', value: 'private', public: true },
+        { key: 'CI_PIPELINE_IID', value: pipeline.iid.to_s, public: true },
         { key: 'CI_CONFIG_PATH', value: pipeline.ci_yaml_file_path, public: true },
         { key: 'CI_PIPELINE_SOURCE', value: pipeline.source, public: true },
         { key: 'CI_COMMIT_MESSAGE', value: pipeline.git_commit_message, public: true },
@@ -2505,4 +2506,76 @@ describe Ci::Build do
       end
     end
   end
+
+  describe 'pages deployments' do
+    set(:build) { create(:ci_build, project: project, user: user) }
+
+    context 'when job is "pages"' do
+      before do
+        build.name = 'pages'
+      end
+
+      context 'when pages are enabled' do
+        before do
+          allow(Gitlab.config.pages).to receive_messages(enabled: true)
+        end
+
+        it 'is marked as pages generator' do
+          expect(build).to be_pages_generator
+        end
+
+        context 'job succeeds' do
+          it "calls pages worker" do
+            expect(PagesWorker).to receive(:perform_async).with(:deploy, build.id)
+
+            build.success!
+          end
+        end
+
+        context 'job fails' do
+          it "does not call pages worker" do
+            expect(PagesWorker).not_to receive(:perform_async)
+
+            build.drop!
+          end
+        end
+      end
+
+      context 'when pages are disabled' do
+        before do
+          allow(Gitlab.config.pages).to receive_messages(enabled: false)
+        end
+
+        it 'is not marked as pages generator' do
+          expect(build).not_to be_pages_generator
+        end
+
+        context 'job succeeds' do
+          it "does not call pages worker" do
+            expect(PagesWorker).not_to receive(:perform_async)
+
+            build.success!
+          end
+        end
+      end
+    end
+
+    context 'when job is not "pages"' do
+      before do
+        build.name = 'other-job'
+      end
+
+      it 'is not marked as pages generator' do
+        expect(build).not_to be_pages_generator
+      end
+
+      context 'job succeeds' do
+        it "does not call pages worker" do
+          expect(PagesWorker).not_to receive(:perform_async)
+
+          build.success
+        end
+      end
+    end
+  end
 end
diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb
index f5295bec65b..24692ebb9a3 100644
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -35,6 +35,16 @@ describe Ci::Pipeline, :mailer do
     end
   end
 
+  describe 'modules' do
+    it_behaves_like 'AtomicInternalId', validate_presence: false do
+      let(:internal_id_attribute) { :iid }
+      let(:instance) { build(:ci_pipeline) }
+      let(:scope) { :project }
+      let(:scope_attrs) { { project: instance.project } }
+      let(:usage) { :ci_pipelines }
+    end
+  end
+
   describe '#source' do
     context 'when creating new pipeline' do
       let(:pipeline) do
@@ -195,7 +205,8 @@ describe Ci::Pipeline, :mailer do
     it 'includes all predefined variables in a valid order' do
       keys = subject.map { |variable| variable[:key] }
 
-      expect(keys).to eq %w[CI_CONFIG_PATH
+      expect(keys).to eq %w[CI_PIPELINE_IID
+                            CI_CONFIG_PATH
                             CI_PIPELINE_SOURCE
                             CI_COMMIT_MESSAGE
                             CI_COMMIT_TITLE
diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb
index 0f072aa1719..f6433234573 100644
--- a/spec/models/ci/runner_spec.rb
+++ b/spec/models/ci/runner_spec.rb
@@ -549,7 +549,7 @@ describe Ci::Runner do
   end
 
   describe '#update_cached_info' do
-    let(:runner) { create(:ci_runner) }
+    let(:runner) { create(:ci_runner, :project) }
 
     subject { runner.update_cached_info(architecture: '18-bit') }
 
@@ -570,17 +570,22 @@ describe Ci::Runner do
         runner.contacted_at = 2.hours.ago
       end
 
-      it 'updates database' do
-        expect_redis_update
+      context 'with invalid runner' do
+        before do
+          runner.projects = []
+        end
+
+        it 'still updates redis cache and database' do
+          expect(runner).to be_invalid
 
-        expect { subject }.to change { runner.reload.read_attribute(:contacted_at) }
-          .and change { runner.reload.read_attribute(:architecture) }
+          expect_redis_update
+          does_db_update
+        end
       end
 
-      it 'updates cache' do
+      it 'updates redis cache and database' do
         expect_redis_update
-
-        subject
+        does_db_update
       end
     end
 
@@ -590,6 +595,11 @@ describe Ci::Runner do
         expect(redis).to receive(:set).with(redis_key, anything, any_args)
       end
     end
+
+    def does_db_update
+      expect { subject }.to change { runner.reload.read_attribute(:contacted_at) }
+        .and change { runner.reload.read_attribute(:architecture) }
+    end
   end
 
   describe '#destroy' do
diff --git a/spec/models/concerns/has_variable_spec.rb b/spec/models/concerns/has_variable_spec.rb
index f87869a2fdc..3fbe86c5b56 100644
--- a/spec/models/concerns/has_variable_spec.rb
+++ b/spec/models/concerns/has_variable_spec.rb
@@ -45,8 +45,10 @@ describe HasVariable do
     end
 
     it 'fails to decrypt if iv is incorrect' do
-      subject.encrypted_value_iv = SecureRandom.hex
+      # attr_encrypted expects the IV to be 16 bytes and base64-encoded
+      subject.encrypted_value_iv = [SecureRandom.hex(8)].pack('m')
       subject.instance_variable_set(:@value, nil)
+
       expect { subject.value }
         .to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt')
     end
diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb
index aee70bcfb29..e01906f4b6c 100644
--- a/spec/models/deployment_spec.rb
+++ b/spec/models/deployment_spec.rb
@@ -20,6 +20,7 @@ describe Deployment do
     it_behaves_like 'AtomicInternalId' do
       let(:internal_id_attribute) { :iid }
       let(:instance) { build(:deployment) }
+      let(:scope) { :project }
       let(:scope_attrs) { { project: instance.project } }
       let(:usage) { :deployments }
     end
diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb
index 128acf83686..e818fbeb9cf 100644
--- a/spec/models/issue_spec.rb
+++ b/spec/models/issue_spec.rb
@@ -17,6 +17,7 @@ describe Issue do
     it_behaves_like 'AtomicInternalId' do
       let(:internal_id_attribute) { :iid }
       let(:instance) { build(:issue) }
+      let(:scope) { :project }
       let(:scope_attrs) { { project: instance.project } }
       let(:usage) { :issues }
     end
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 9ffa91fc265..7e85a99494a 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -84,6 +84,7 @@ describe MergeRequest do
     it_behaves_like 'AtomicInternalId' do
       let(:internal_id_attribute) { :iid }
       let(:instance) { build(:merge_request) }
+      let(:scope) { :target_project }
       let(:scope_attrs) { { project: instance.target_project } }
       let(:usage) { :merge_requests }
     end
@@ -2236,25 +2237,25 @@ describe MergeRequest do
     end
   end
 
-  describe '#allow_maintainer_to_push' do
+  describe '#allow_collaboration' do
     let(:merge_request) do
-      build(:merge_request, source_branch: 'fixes', allow_maintainer_to_push: true)
+      build(:merge_request, source_branch: 'fixes', allow_collaboration: true)
     end
 
     it 'is false when pushing by a maintainer is not possible' do
-      expect(merge_request).to receive(:maintainer_push_possible?) { false }
+      expect(merge_request).to receive(:collaborative_push_possible?) { false }
 
-      expect(merge_request.allow_maintainer_to_push).to be_falsy
+      expect(merge_request.allow_collaboration).to be_falsy
     end
 
     it 'is true when pushing by a maintainer is possible' do
-      expect(merge_request).to receive(:maintainer_push_possible?) { true }
+      expect(merge_request).to receive(:collaborative_push_possible?) { true }
 
-      expect(merge_request.allow_maintainer_to_push).to be_truthy
+      expect(merge_request.allow_collaboration).to be_truthy
     end
   end
 
-  describe '#maintainer_push_possible?' do
+  describe '#collaborative_push_possible?' do
     let(:merge_request) do
       build(:merge_request, source_branch: 'fixes')
     end
@@ -2266,14 +2267,14 @@ describe MergeRequest do
     it 'does not allow maintainer to push if the source project is the same as the target' do
       merge_request.target_project = merge_request.source_project = create(:project, :public)
 
-      expect(merge_request.maintainer_push_possible?).to be_falsy
+      expect(merge_request.collaborative_push_possible?).to be_falsy
     end
 
     it 'allows maintainer to push when both source and target are public' do
       merge_request.target_project = build(:project, :public)
       merge_request.source_project = build(:project, :public)
 
-      expect(merge_request.maintainer_push_possible?).to be_truthy
+      expect(merge_request.collaborative_push_possible?).to be_truthy
     end
 
     it 'is not available for protected branches' do
@@ -2284,11 +2285,11 @@ describe MergeRequest do
                                    .with(merge_request.source_project, 'fixes')
                                    .and_return(true)
 
-      expect(merge_request.maintainer_push_possible?).to be_falsy
+      expect(merge_request.collaborative_push_possible?).to be_falsy
     end
   end
 
-  describe '#can_allow_maintainer_to_push?' do
+  describe '#can_allow_collaboration?' do
     let(:target_project) { create(:project, :public) }
     let(:source_project) { fork_project(target_project) }
     let(:merge_request) do
@@ -2300,17 +2301,17 @@ describe MergeRequest do
     let(:user) { create(:user) }
 
     before do
-      allow(merge_request).to receive(:maintainer_push_possible?) { true }
+      allow(merge_request).to receive(:collaborative_push_possible?) { true }
     end
 
     it 'is false if the user does not have push access to the source project' do
-      expect(merge_request.can_allow_maintainer_to_push?(user)).to be_falsy
+      expect(merge_request.can_allow_collaboration?(user)).to be_falsy
     end
 
     it 'is true when the user has push access to the source project' do
       source_project.add_developer(user)
 
-      expect(merge_request.can_allow_maintainer_to_push?(user)).to be_truthy
+      expect(merge_request.can_allow_collaboration?(user)).to be_truthy
     end
   end
 
diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb
index 4bb9717d33e..204d6b47832 100644
--- a/spec/models/milestone_spec.rb
+++ b/spec/models/milestone_spec.rb
@@ -6,6 +6,7 @@ describe Milestone do
       it_behaves_like 'AtomicInternalId' do
         let(:internal_id_attribute) { :iid }
         let(:instance) { build(:milestone, project: build(:project), group: nil) }
+        let(:scope) { :project }
         let(:scope_attrs) { { project: instance.project } }
         let(:usage) { :milestones }
       end
@@ -15,6 +16,7 @@ describe Milestone do
       it_behaves_like 'AtomicInternalId' do
         let(:internal_id_attribute) { :iid }
         let(:instance) { build(:milestone, project: nil, group: build(:group)) }
+        let(:scope) { :group }
         let(:scope_attrs) { { namespace: instance.group } }
         let(:usage) { :milestones }
       end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 9a76452a808..fe9d64c0e3b 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -3583,7 +3583,7 @@ describe Project do
         target_branch: 'target-branch',
         source_project: project,
         source_branch: 'awesome-feature-1',
-        allow_maintainer_to_push: true
+        allow_collaboration: true
       )
     end
 
@@ -3620,9 +3620,9 @@ describe Project do
       end
     end
 
-    describe '#branch_allows_maintainer_push?' do
+    describe '#branch_allows_collaboration_push?' do
       it 'allows access if the user can merge the merge request' do
-        expect(project.branch_allows_maintainer_push?(user, 'awesome-feature-1'))
+        expect(project.branch_allows_collaboration?(user, 'awesome-feature-1'))
           .to be_truthy
       end
 
@@ -3630,7 +3630,7 @@ describe Project do
         guest = create(:user)
         target_project.add_guest(guest)
 
-        expect(project.branch_allows_maintainer_push?(guest, 'awesome-feature-1'))
+        expect(project.branch_allows_collaboration?(guest, 'awesome-feature-1'))
           .to be_falsy
       end
 
@@ -3640,31 +3640,31 @@ describe Project do
                target_branch: 'target-branch',
                source_project: project,
                source_branch: 'rejected-feature-1',
-               allow_maintainer_to_push: true)
+               allow_collaboration: true)
 
-        expect(project.branch_allows_maintainer_push?(user, 'rejected-feature-1'))
+        expect(project.branch_allows_collaboration?(user, 'rejected-feature-1'))
           .to be_falsy
       end
 
       it 'does not allow access if the user cannot merge the merge request' do
         create(:protected_branch, :masters_can_push, project: target_project, name: 'target-branch')
 
-        expect(project.branch_allows_maintainer_push?(user, 'awesome-feature-1'))
+        expect(project.branch_allows_collaboration?(user, 'awesome-feature-1'))
           .to be_falsy
       end
 
       it 'caches the result' do
-        control = ActiveRecord::QueryRecorder.new { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') }
+        control = ActiveRecord::QueryRecorder.new { project.branch_allows_collaboration?(user, 'awesome-feature-1') }
 
-        expect { 3.times { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') } }
+        expect { 3.times { project.branch_allows_collaboration?(user, 'awesome-feature-1') } }
           .not_to exceed_query_limit(control)
       end
 
       context 'when the requeststore is active', :request_store do
         it 'only queries per project across instances' do
-          control = ActiveRecord::QueryRecorder.new { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') }
+          control = ActiveRecord::QueryRecorder.new { project.branch_allows_collaboration?(user, 'awesome-feature-1') }
 
-          expect { 2.times { described_class.find(project.id).branch_allows_maintainer_push?(user, 'awesome-feature-1') } }
+          expect { 2.times { described_class.find(project.id).branch_allows_collaboration?(user, 'awesome-feature-1') } }
             .not_to exceed_query_limit(control).with_threshold(2)
         end
       end
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 9ca156deaa0..eead55d33ca 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -101,7 +101,7 @@ describe Ci::BuildPolicy do
 
         it 'enables update_build if user is maintainer' do
           allow_any_instance_of(Project).to receive(:empty_repo?).and_return(false)
-          allow_any_instance_of(Project).to receive(:branch_allows_maintainer_push?).and_return(true)
+          allow_any_instance_of(Project).to receive(:branch_allows_collaboration?).and_return(true)
 
           expect(policy).to be_allowed :update_build
           expect(policy).to be_allowed :update_commit_status
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb
index a5e509cfa0f..bd32faf06ef 100644
--- a/spec/policies/ci/pipeline_policy_spec.rb
+++ b/spec/policies/ci/pipeline_policy_spec.rb
@@ -69,7 +69,7 @@ describe Ci::PipelinePolicy, :models do
 
       it 'enables update_pipeline if user is maintainer' do
         allow_any_instance_of(Project).to receive(:empty_repo?).and_return(false)
-        allow_any_instance_of(Project).to receive(:branch_allows_maintainer_push?).and_return(true)
+        allow_any_instance_of(Project).to receive(:branch_allows_collaboration?).and_return(true)
 
         expect(policy).to be_allowed :update_pipeline
       end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 6609f5f7afd..6ac151f92f3 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -400,7 +400,7 @@ describe ProjectPolicy do
         :merge_request,
         target_project: target_project,
         source_project: project,
-        allow_maintainer_to_push: true
+        allow_collaboration: true
       )
     end
     let(:maintainer_abilities) do
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index 4181f4ebbbe..a15d60aafe0 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -630,15 +630,17 @@ describe API::Issues do
     end
 
     it 'avoids N+1 queries' do
-      control_count = ActiveRecord::QueryRecorder.new do
+      get api("/projects/#{project.id}/issues", user)
+
+      control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
         get api("/projects/#{project.id}/issues", user)
       end.count
 
-      create(:issue, author: user, project: project)
+      create_list(:issue, 3, project: project)
 
       expect do
         get api("/projects/#{project.id}/issues", user)
-      end.not_to exceed_query_limit(control_count)
+      end.not_to exceed_all_query_limit(control_count)
     end
 
     it 'returns 404 when project does not exist' do
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb
index 45082e644ca..50d6f4b4d99 100644
--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
@@ -177,6 +177,18 @@ describe API::Jobs do
           json_response.each { |job| expect(job['pipeline']['id']).to eq(pipeline.id) }
         end
       end
+
+      it 'avoids N+1 queries' do
+        control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
+          get api("/projects/#{project.id}/pipelines/#{pipeline.id}/jobs", api_user), query
+        end.count
+
+        3.times { create(:ci_build, :artifacts, pipeline: pipeline) }
+
+        expect do
+          get api("/projects/#{project.id}/pipelines/#{pipeline.id}/jobs", api_user), query
+        end.not_to exceed_all_query_limit(control_count)
+      end
     end
 
     context 'unauthorized user' do
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 605761867bf..d4ebfc3f782 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -386,12 +386,13 @@ describe API::MergeRequests do
                source_project: forked_project,
                target_project: project,
                source_branch: 'fixes',
-               allow_maintainer_to_push: true)
+               allow_collaboration: true)
       end
 
-      it 'includes the `allow_maintainer_to_push` field' do
+      it 'includes the `allow_collaboration` field' do
         get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user)
 
+        expect(json_response['allow_collaboration']).to be_truthy
         expect(json_response['allow_maintainer_to_push']).to be_truthy
       end
     end
@@ -654,11 +655,12 @@ describe API::MergeRequests do
         expect(response).to have_gitlab_http_status(400)
       end
 
-      it 'allows setting `allow_maintainer_to_push`' do
+      it 'allows setting `allow_collaboration`' do
         post api("/projects/#{forked_project.id}/merge_requests", user2),
-          title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master",
-          author: user2, target_project_id: project.id, allow_maintainer_to_push: true
+             title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master",
+             author: user2, target_project_id: project.id, allow_collaboration: true
         expect(response).to have_gitlab_http_status(201)
+        expect(json_response['allow_collaboration']).to be_truthy
         expect(json_response['allow_maintainer_to_push']).to be_truthy
       end
 
diff --git a/spec/requests/api/runner_spec.rb b/spec/requests/api/runner_spec.rb
index 319ac389083..c981a10ac38 100644
--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -1101,6 +1101,7 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
                   expect(json_response['RemoteObject']).to have_key('GetURL')
                   expect(json_response['RemoteObject']).to have_key('StoreURL')
                   expect(json_response['RemoteObject']).to have_key('DeleteURL')
+                  expect(json_response['RemoteObject']).to have_key('MultipartUpload')
                 end
               end
 
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index 79672fe1cc5..4d30b99262e 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -1021,6 +1021,7 @@ describe 'Git LFS API and storage' do
                     expect(json_response['RemoteObject']).to have_key('GetURL')
                     expect(json_response['RemoteObject']).to have_key('StoreURL')
                     expect(json_response['RemoteObject']).to have_key('DeleteURL')
+                    expect(json_response['RemoteObject']).not_to have_key('MultipartUpload')
                     expect(json_response['LfsOid']).to eq(sample_oid)
                     expect(json_response['LfsSize']).to eq(sample_size)
                   end
diff --git a/spec/services/ci/retry_pipeline_service_spec.rb b/spec/services/ci/retry_pipeline_service_spec.rb
index a73bd7a0268..688d3b8c038 100644
--- a/spec/services/ci/retry_pipeline_service_spec.rb
+++ b/spec/services/ci/retry_pipeline_service_spec.rb
@@ -280,12 +280,12 @@ describe Ci::RetryPipelineService, '#execute' do
         source_project: forked_project,
         target_project: project,
         source_branch: 'fixes',
-        allow_maintainer_to_push: true)
+        allow_collaboration: true)
       create_build('rspec 1', :failed, 1)
     end
 
     it 'allows to retry failed pipeline' do
-      allow_any_instance_of(Project).to receive(:fetch_branch_allows_maintainer_push?).and_return(true)
+      allow_any_instance_of(Project).to receive(:fetch_branch_allows_collaboration?).and_return(true)
       allow_any_instance_of(Project).to receive(:empty_repo?).and_return(false)
 
       service.execute(pipeline)
diff --git a/spec/services/merge_requests/update_service_spec.rb b/spec/services/merge_requests/update_service_spec.rb
index bd2e91f1f7a..443dcd92a8b 100644
--- a/spec/services/merge_requests/update_service_spec.rb
+++ b/spec/services/merge_requests/update_service_spec.rb
@@ -547,7 +547,7 @@ describe MergeRequests::UpdateService, :mailer do
       let(:closed_issuable) { create(:closed_merge_request, source_project: project) }
     end
 
-    context 'setting `allow_maintainer_to_push`' do
+    context 'setting `allow_collaboration`' do
       let(:target_project) { create(:project, :public) }
       let(:source_project) { fork_project(target_project) }
       let(:user) { create(:user) }
@@ -562,23 +562,23 @@ describe MergeRequests::UpdateService, :mailer do
         allow(ProtectedBranch).to receive(:protected?).with(source_project, 'fixes') { false }
       end
 
-      it 'does not allow a maintainer of the target project to set `allow_maintainer_to_push`' do
+      it 'does not allow a maintainer of the target project to set `allow_collaboration`' do
         target_project.add_developer(user)
 
-        update_merge_request(allow_maintainer_to_push: true, title: 'Updated title')
+        update_merge_request(allow_collaboration: true, title: 'Updated title')
 
         expect(merge_request.title).to eq('Updated title')
-        expect(merge_request.allow_maintainer_to_push).to be_falsy
+        expect(merge_request.allow_collaboration).to be_falsy
       end
 
       it 'is allowed by a user that can push to the source and can update the merge request' do
         merge_request.update!(assignee: user)
         source_project.add_developer(user)
 
-        update_merge_request(allow_maintainer_to_push: true, title: 'Updated title')
+        update_merge_request(allow_collaboration: true, title: 'Updated title')
 
         expect(merge_request.title).to eq('Updated title')
-        expect(merge_request.allow_maintainer_to_push).to be_truthy
+        expect(merge_request.allow_collaboration).to be_truthy
       end
     end
   end
diff --git a/spec/services/pages_service_spec.rb b/spec/services/pages_service_spec.rb
deleted file mode 100644
index f8db6900a0a..00000000000
--- a/spec/services/pages_service_spec.rb
+++ /dev/null
@@ -1,53 +0,0 @@
-require 'spec_helper'
-
-describe PagesService do
-  let(:build) { create(:ci_build) }
-  let(:data) { Gitlab::DataBuilder::Build.build(build) }
-  let(:service) { described_class.new(data) }
-
-  before do
-    allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
-  end
-
-  context 'execute asynchronously for pages job' do
-    before do
-      build.name = 'pages'
-    end
-
-    context 'on success' do
-      before do
-        build.success
-      end
-
-      it 'executes worker' do
-        expect(PagesWorker).to receive(:perform_async)
-        service.execute
-      end
-    end
-
-    %w(pending running failed canceled).each do |status|
-      context "on #{status}" do
-        before do
-          build.status = status
-        end
-
-        it 'does not execute worker' do
-          expect(PagesWorker).not_to receive(:perform_async)
-          service.execute
-        end
-      end
-    end
-  end
-
-  context 'for other jobs' do
-    before do
-      build.name = 'other job'
-      build.success
-    end
-
-    it 'does not execute worker' do
-      expect(PagesWorker).not_to receive(:perform_async)
-      service.execute
-    end
-  end
-end
diff --git a/spec/services/projects/autocomplete_service_spec.rb b/spec/services/projects/autocomplete_service_spec.rb
index f7ff8b80bd7..6fd73a50511 100644
--- a/spec/services/projects/autocomplete_service_spec.rb
+++ b/spec/services/projects/autocomplete_service_spec.rb
@@ -115,5 +115,20 @@ describe Projects::AutocompleteService do
 
       expect(milestone_titles).to eq([group_milestone2.title, group_milestone1.title])
     end
+
+    context 'with nested groups', :nested_groups do
+      let(:subgroup) { create(:group, :public, parent: group) }
+      let!(:subgroup_milestone) { create(:milestone, group: subgroup) }
+
+      before do
+        project.update(namespace: subgroup)
+      end
+
+      it 'includes project milestones and all acestors milestones' do
+        expect(milestone_titles).to match_array(
+          [project_milestone.title, group_milestone2.title, group_milestone1.title, subgroup_milestone.title]
+        )
+      end
+    end
   end
 end
diff --git a/spec/services/projects/update_service_spec.rb b/spec/services/projects/update_service_spec.rb
index 3e6073b9861..1f761bcbbad 100644
--- a/spec/services/projects/update_service_spec.rb
+++ b/spec/services/projects/update_service_spec.rb
@@ -275,6 +275,10 @@ describe Projects::UpdateService do
       it { is_expected.to eq(false) }
     end
 
+    context 'when auto devops is nil' do
+      it { is_expected.to eq(false) }
+    end
+
     context 'when auto devops is explicitly enabled' do
       before do
         project.create_auto_devops!(enabled: true)
diff --git a/spec/support/helpers/cycle_analytics_helpers.rb b/spec/support/helpers/cycle_analytics_helpers.rb
index 55359d36597..06a76d53354 100644
--- a/spec/support/helpers/cycle_analytics_helpers.rb
+++ b/spec/support/helpers/cycle_analytics_helpers.rb
@@ -4,12 +4,12 @@ module CycleAnalyticsHelpers
     create_commit("Commit for ##{issue.iid}", issue.project, user, branch_name)
   end
 
-  def create_commit(message, project, user, branch_name, count: 1)
+  def create_commit(message, project, user, branch_name, count: 1, commit_time: nil, skip_push_handler: false)
     repository = project.repository
-    oldrev = repository.commit(branch_name).sha
+    oldrev = repository.commit(branch_name)&.sha || Gitlab::Git::BLANK_SHA
 
     if Timecop.frozen? && Gitlab::GitalyClient.feature_enabled?(:operation_user_commit_files)
-      mock_gitaly_multi_action_dates(repository.raw)
+      mock_gitaly_multi_action_dates(repository.raw, commit_time)
     end
 
     commit_shas = Array.new(count) do |index|
@@ -19,6 +19,8 @@ module CycleAnalyticsHelpers
       commit_sha
     end
 
+    return if skip_push_handler
+
     GitPushService.new(project,
                        user,
                        oldrev: oldrev,
@@ -44,13 +46,11 @@ module CycleAnalyticsHelpers
       project.repository.add_branch(user, source_branch, 'master')
     end
 
-    sha = project.repository.create_file(
-      user,
-      generate(:branch),
-      'content',
-      message: commit_message,
-      branch_name: source_branch)
-    project.repository.commit(sha)
+    # Cycle analytic specs often test with frozen times, which causes metrics to be
+    # pinned to the current time. For example, in the plan stage, we assume that an issue
+    # milestone has been created before any code has been written. We add a second
+    # to ensure that the plan time is positive.
+    create_commit(commit_message, project, user, source_branch, commit_time: Time.now + 1.second, skip_push_handler: true)
 
     opts = {
       title: 'Awesome merge_request',
@@ -116,9 +116,9 @@ module CycleAnalyticsHelpers
       protected: false)
   end
 
-  def mock_gitaly_multi_action_dates(raw_repository)
+  def mock_gitaly_multi_action_dates(raw_repository, commit_time)
     allow(raw_repository).to receive(:multi_action).and_wrap_original do |m, *args|
-      new_date = Time.now
+      new_date = commit_time || Time.now
       branch_update = m.call(*args)
 
       if branch_update.newrev
diff --git a/spec/support/helpers/query_recorder.rb b/spec/support/helpers/query_recorder.rb
index 28536bbef5e..7ce63375d34 100644
--- a/spec/support/helpers/query_recorder.rb
+++ b/spec/support/helpers/query_recorder.rb
@@ -1,10 +1,11 @@
 module ActiveRecord
   class QueryRecorder
-    attr_reader :log, :cached
+    attr_reader :log, :skip_cached, :cached
 
-    def initialize(&block)
+    def initialize(skip_cached: true, &block)
       @log = []
       @cached = []
+      @skip_cached = skip_cached
       ActiveSupport::Notifications.subscribed(method(:callback), 'sql.active_record', &block)
     end
 
@@ -16,7 +17,7 @@ module ActiveRecord
     def callback(name, start, finish, message_id, values)
       show_backtrace(values) if ENV['QUERY_RECORDER_DEBUG']
 
-      if values[:name]&.include?("CACHE")
+      if values[:name]&.include?("CACHE") && skip_cached
         @cached << values[:sql]
       elsif !values[:name]&.include?("SCHEMA")
         @log << values[:sql]
diff --git a/spec/support/helpers/stub_object_storage.rb b/spec/support/helpers/stub_object_storage.rb
index 19d744b959a..bceaf8277ee 100644
--- a/spec/support/helpers/stub_object_storage.rb
+++ b/spec/support/helpers/stub_object_storage.rb
@@ -45,4 +45,16 @@ module StubObjectStorage
                                  remote_directory: 'uploads',
                                  **params)
   end
+
+  def stub_object_storage_multipart_init(endpoint, upload_id = "upload_id")
+    stub_request(:post, %r{\A#{endpoint}tmp/uploads/[a-z0-9-]*\?uploads\z})
+      .to_return status: 200, body: <<-EOS.strip_heredoc
+        <?xml version="1.0" encoding="UTF-8"?>
+        <InitiateMultipartUploadResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+          <Bucket>example-bucket</Bucket>
+          <Key>example-object</Key>
+          <UploadId>#{upload_id}</UploadId>
+        </InitiateMultipartUploadResult>
+      EOS
+  end
 end
diff --git a/spec/support/matchers/email_matchers.rb b/spec/support/matchers/email_matchers.rb
deleted file mode 100644
index d9d59ec12ec..00000000000
--- a/spec/support/matchers/email_matchers.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-RSpec::Matchers.define :have_html_escaped_body_text do |expected|
-  match do |actual|
-    expect(actual).to have_body_text(ERB::Util.html_escape(expected))
-  end
-end
diff --git a/spec/support/matchers/exceed_query_limit.rb b/spec/support/matchers/exceed_query_limit.rb
index 88d22a3ddd9..cd042401f3a 100644
--- a/spec/support/matchers/exceed_query_limit.rb
+++ b/spec/support/matchers/exceed_query_limit.rb
@@ -1,17 +1,4 @@
-RSpec::Matchers.define :exceed_query_limit do |expected|
-  supports_block_expectations
-
-  match do |block|
-    @subject_block = block
-    actual_count > expected_count + threshold
-  end
-
-  failure_message_when_negated do |actual|
-    threshold_message = threshold > 0 ? " (+#{@threshold})" : ''
-    counts = "#{expected_count}#{threshold_message}"
-    "Expected a maximum of #{counts} queries, got #{actual_count}:\n\n#{log_message}"
-  end
-
+module ExceedQueryLimitHelpers
   def with_threshold(threshold)
     @threshold = threshold
     self
@@ -43,7 +30,7 @@ RSpec::Matchers.define :exceed_query_limit do |expected|
   end
 
   def recorder
-    @recorder ||= ActiveRecord::QueryRecorder.new(&@subject_block)
+    @recorder ||= ActiveRecord::QueryRecorder.new(skip_cached: skip_cached, &@subject_block)
   end
 
   def count_queries(queries)
@@ -61,4 +48,52 @@ RSpec::Matchers.define :exceed_query_limit do |expected|
       @recorder.log_message
     end
   end
+
+  def skip_cached
+    true
+  end
+
+  def verify_count(&block)
+    @subject_block = block
+    actual_count > expected_count + threshold
+  end
+
+  def failure_message
+    threshold_message = threshold > 0 ? " (+#{@threshold})" : ''
+    counts = "#{expected_count}#{threshold_message}"
+    "Expected a maximum of #{counts} queries, got #{actual_count}:\n\n#{log_message}"
+  end
+end
+
+RSpec::Matchers.define :exceed_all_query_limit do |expected|
+  supports_block_expectations
+
+  include ExceedQueryLimitHelpers
+
+  match do |block|
+    verify_count(&block)
+  end
+
+  failure_message_when_negated do |actual|
+    failure_message
+  end
+
+  def skip_cached
+    false
+  end
+end
+
+# Excludes cached methods from the query count
+RSpec::Matchers.define :exceed_query_limit do |expected|
+  supports_block_expectations
+
+  include ExceedQueryLimitHelpers
+
+  match do |block|
+    verify_count(&block)
+  end
+
+  failure_message_when_negated do |actual|
+    failure_message
+  end
 end
diff --git a/spec/support/shared_examples/file_finder.rb b/spec/support/shared_examples/file_finder.rb
new file mode 100644
index 00000000000..ef144bdf61c
--- /dev/null
+++ b/spec/support/shared_examples/file_finder.rb
@@ -0,0 +1,21 @@
+shared_examples 'file finder' do
+  let(:query) { 'files' }
+  let(:search_results) { subject.find(query) }
+
+  it 'finds by name' do
+    filename,  blob = search_results.find { |_, blob| blob.filename == expected_file_by_name }
+    expect(filename).to eq(expected_file_by_name)
+    expect(blob).to be_a(Gitlab::SearchResults::FoundBlob)
+    expect(blob.ref).to eq(subject.ref)
+    expect(blob.data).not_to be_empty
+  end
+
+  it 'finds by content' do
+    filename, blob = search_results.find { |_, blob| blob.filename == expected_file_by_content }
+
+    expect(filename).to eq(expected_file_by_content)
+    expect(blob).to be_a(Gitlab::SearchResults::FoundBlob)
+    expect(blob.ref).to eq(subject.ref)
+    expect(blob.data).not_to be_empty
+  end
+end
diff --git a/spec/support/shared_examples/models/atomic_internal_id_spec.rb b/spec/support/shared_examples/models/atomic_internal_id_spec.rb
index 6a6e13418a9..7ab1041d17c 100644
--- a/spec/support/shared_examples/models/atomic_internal_id_spec.rb
+++ b/spec/support/shared_examples/models/atomic_internal_id_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-shared_examples_for 'AtomicInternalId' do
+shared_examples_for 'AtomicInternalId' do |validate_presence: true|
   describe '.has_internal_id' do
     describe 'Module inclusion' do
       subject { described_class }
@@ -9,14 +9,31 @@ shared_examples_for 'AtomicInternalId' do
     end
 
     describe 'Validation' do
-      subject { instance }
-
       before do
-        allow(InternalId).to receive(:generate_next).and_return(nil)
+        allow_any_instance_of(described_class).to receive(:"ensure_#{scope}_#{internal_id_attribute}!")
+
+        instance.valid?
       end
 
-      it { is_expected.to validate_presence_of(internal_id_attribute) }
-      it { is_expected.to validate_numericality_of(internal_id_attribute) }
+      context 'when presence validation is required' do
+        before do
+          skip unless validate_presence
+        end
+
+        it 'validates presence' do
+          expect(instance.errors[internal_id_attribute]).to include("can't be blank")
+        end
+      end
+
+      context 'when presence validation is not required' do
+        before do
+          skip if validate_presence
+        end
+
+        it 'does not validate presence' do
+          expect(instance.errors[internal_id_attribute]).to be_empty
+        end
+      end
     end
 
     describe 'Creating an instance' do
diff --git a/spec/support/shared_examples/notify_shared_examples.rb b/spec/support/shared_examples/notify_shared_examples.rb
index 43fdaddf545..d176d3fa425 100644
--- a/spec/support/shared_examples/notify_shared_examples.rb
+++ b/spec/support/shared_examples/notify_shared_examples.rb
@@ -212,7 +212,7 @@ shared_examples 'a note email' do
   end
 
   it 'contains the message from the note' do
-    is_expected.to have_html_escaped_body_text note.note
+    is_expected.to have_body_text note.note
   end
 
   it 'does not contain note author' do
@@ -225,7 +225,7 @@ shared_examples 'a note email' do
     end
 
     it 'contains a link to note author' do
-      is_expected.to have_html_escaped_body_text note.author_name
+      is_expected.to have_body_text note.author_name
     end
   end
 end
diff --git a/spec/support/trace/trace_helpers.rb b/spec/support/trace/trace_helpers.rb
new file mode 100644
index 00000000000..c7802bbcb94
--- /dev/null
+++ b/spec/support/trace/trace_helpers.rb
@@ -0,0 +1,27 @@
+module TraceHelpers
+  def create_legacy_trace(build, content)
+    File.open(legacy_trace_path(build), 'wb') { |stream| stream.write(content) }
+  end
+
+  def create_legacy_trace_in_db(build, content)
+    build.update_column(:trace, content)
+  end
+
+  def legacy_trace_path(build)
+    legacy_trace_dir = File.join(Settings.gitlab_ci.builds_path,
+      build.created_at.utc.strftime("%Y_%m"),
+      build.project_id.to_s)
+
+    FileUtils.mkdir_p(legacy_trace_dir)
+
+    File.join(legacy_trace_dir, "#{build.id}.log")
+  end
+
+  def archived_trace_path(job_artifact)
+    disk_hash = Digest::SHA2.hexdigest(job_artifact.project_id.to_s)
+    creation_date = job_artifact.created_at.utc.strftime('%Y_%m_%d')
+
+    File.join(Gitlab.config.artifacts.path, disk_hash[0..1], disk_hash[2..3], disk_hash,
+      creation_date, job_artifact.job_id.to_s, job_artifact.id.to_s, 'job.log')
+  end
+end
diff --git a/spec/uploaders/object_storage_spec.rb b/spec/uploaders/object_storage_spec.rb
index 2dd0925a8e6..cda911032b2 100644
--- a/spec/uploaders/object_storage_spec.rb
+++ b/spec/uploaders/object_storage_spec.rb
@@ -355,7 +355,10 @@ describe ObjectStorage do
   end
 
   describe '.workhorse_authorize' do
-    subject { uploader_class.workhorse_authorize }
+    let(:has_length) { true }
+    let(:maximum_size) { nil }
+
+    subject { uploader_class.workhorse_authorize(has_length: has_length, maximum_size: maximum_size) }
 
     before do
       # ensure that we use regular Fog libraries
@@ -371,10 +374,6 @@ describe ObjectStorage do
         expect(subject[:TempPath]).to start_with(uploader_class.root)
         expect(subject[:TempPath]).to include(described_class::TMP_UPLOAD_PATH)
       end
-
-      it "does not return remote store" do
-        is_expected.not_to have_key('RemoteObject')
-      end
     end
 
     shared_examples 'uses remote storage' do
@@ -383,7 +382,7 @@ describe ObjectStorage do
 
         expect(subject[:RemoteObject]).to have_key(:ID)
         expect(subject[:RemoteObject]).to include(Timeout: a_kind_of(Integer))
-        expect(subject[:RemoteObject][:Timeout]).to be(ObjectStorage::DIRECT_UPLOAD_TIMEOUT)
+        expect(subject[:RemoteObject][:Timeout]).to be(ObjectStorage::DirectUpload::TIMEOUT)
         expect(subject[:RemoteObject]).to have_key(:GetURL)
         expect(subject[:RemoteObject]).to have_key(:DeleteURL)
         expect(subject[:RemoteObject]).to have_key(:StoreURL)
@@ -391,9 +390,31 @@ describe ObjectStorage do
         expect(subject[:RemoteObject][:DeleteURL]).to include(described_class::TMP_UPLOAD_PATH)
         expect(subject[:RemoteObject][:StoreURL]).to include(described_class::TMP_UPLOAD_PATH)
       end
+    end
 
-      it "does not return local store" do
-        is_expected.not_to have_key('TempPath')
+    shared_examples 'uses remote storage with multipart uploads' do
+      it_behaves_like 'uses remote storage' do
+        it "returns multipart upload" do
+          is_expected.to have_key(:RemoteObject)
+
+          expect(subject[:RemoteObject]).to have_key(:MultipartUpload)
+          expect(subject[:RemoteObject][:MultipartUpload]).to have_key(:PartSize)
+          expect(subject[:RemoteObject][:MultipartUpload]).to have_key(:PartURLs)
+          expect(subject[:RemoteObject][:MultipartUpload]).to have_key(:CompleteURL)
+          expect(subject[:RemoteObject][:MultipartUpload]).to have_key(:AbortURL)
+          expect(subject[:RemoteObject][:MultipartUpload][:PartURLs]).to all(include(described_class::TMP_UPLOAD_PATH))
+          expect(subject[:RemoteObject][:MultipartUpload][:CompleteURL]).to include(described_class::TMP_UPLOAD_PATH)
+          expect(subject[:RemoteObject][:MultipartUpload][:AbortURL]).to include(described_class::TMP_UPLOAD_PATH)
+        end
+      end
+    end
+
+    shared_examples 'uses remote storage without multipart uploads' do
+      it_behaves_like 'uses remote storage' do
+        it "does not return multipart upload" do
+          is_expected.to have_key(:RemoteObject)
+          expect(subject[:RemoteObject]).not_to have_key(:MultipartUpload)
+        end
       end
     end
 
@@ -416,6 +437,8 @@ describe ObjectStorage do
         end
 
         context 'uses AWS' do
+          let(:storage_url) { "https://uploads.s3-eu-central-1.amazonaws.com/" }
+
           before do
             expect(uploader_class).to receive(:object_store_credentials) do
               { provider: "AWS",
@@ -425,18 +448,40 @@ describe ObjectStorage do
             end
           end
 
-          it_behaves_like 'uses remote storage' do
-            let(:storage_url) { "https://uploads.s3-eu-central-1.amazonaws.com/" }
+          context 'for known length' do
+            it_behaves_like 'uses remote storage without multipart uploads' do
+              it 'returns links for S3' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+              end
+            end
+          end
+
+          context 'for unknown length' do
+            let(:has_length) { false }
+            let(:maximum_size) { 1.gigabyte }
+
+            before do
+              stub_object_storage_multipart_init(storage_url)
+            end
 
-            it 'returns links for S3' do
-              expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+            it_behaves_like 'uses remote storage with multipart uploads' do
+              it 'returns links for S3' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:MultipartUpload][:PartURLs]).to all(start_with(storage_url))
+                expect(subject[:RemoteObject][:MultipartUpload][:CompleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:MultipartUpload][:AbortURL]).to start_with(storage_url)
+              end
             end
           end
         end
 
         context 'uses Google' do
+          let(:storage_url) { "https://storage.googleapis.com/uploads/" }
+
           before do
             expect(uploader_class).to receive(:object_store_credentials) do
               { provider: "Google",
@@ -445,36 +490,71 @@ describe ObjectStorage do
             end
           end
 
-          it_behaves_like 'uses remote storage' do
-            let(:storage_url) { "https://storage.googleapis.com/uploads/" }
+          context 'for known length' do
+            it_behaves_like 'uses remote storage without multipart uploads' do
+              it 'returns links for Google Cloud' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+              end
+            end
+          end
+
+          context 'for unknown length' do
+            let(:has_length) { false }
+            let(:maximum_size) { 1.gigabyte }
 
-            it 'returns links for Google Cloud' do
-              expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+            it_behaves_like 'uses remote storage without multipart uploads' do
+              it 'returns links for Google Cloud' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+              end
             end
           end
         end
 
         context 'uses GDK/minio' do
+          let(:storage_url) { "http://minio:9000/uploads/" }
+
           before do
             expect(uploader_class).to receive(:object_store_credentials) do
               { provider: "AWS",
                 aws_access_key_id: "AWS_ACCESS_KEY_ID",
                 aws_secret_access_key: "AWS_SECRET_ACCESS_KEY",
-                endpoint: 'http://127.0.0.1:9000',
+                endpoint: 'http://minio:9000',
                 path_style: true,
                 region: "gdk" }
             end
           end
 
-          it_behaves_like 'uses remote storage' do
-            let(:storage_url) { "http://127.0.0.1:9000/uploads/" }
+          context 'for known length' do
+            it_behaves_like 'uses remote storage without multipart uploads' do
+              it 'returns links for S3' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+              end
+            end
+          end
+
+          context 'for unknown length' do
+            let(:has_length) { false }
+            let(:maximum_size) { 1.gigabyte }
 
-            it 'returns links for S3' do
-              expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
-              expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+            before do
+              stub_object_storage_multipart_init(storage_url)
+            end
+
+            it_behaves_like 'uses remote storage with multipart uploads' do
+              it 'returns links for S3' do
+                expect(subject[:RemoteObject][:GetURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:DeleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:StoreURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:MultipartUpload][:PartURLs]).to all(start_with(storage_url))
+                expect(subject[:RemoteObject][:MultipartUpload][:CompleteURL]).to start_with(storage_url)
+                expect(subject[:RemoteObject][:MultipartUpload][:AbortURL]).to start_with(storage_url)
+              end
             end
           end
         end
@@ -659,4 +739,26 @@ describe ObjectStorage do
       end
     end
   end
+
+  describe '#retrieve_from_store!' do
+    [:group, :project, :user].each do |model|
+      context "for #{model}s" do
+        let(:models) { create_list(model, 3, :with_avatar).map(&:reload) }
+        let(:avatars) { models.map(&:avatar) }
+
+        it 'batches fetching uploads from the database' do
+          # Ensure that these are all created and fully loaded before we start
+          # running queries for avatars
+          models
+
+          expect { avatars }.not_to exceed_query_limit(1)
+        end
+
+        it 'fetches a unique upload for each model' do
+          expect(avatars.map(&:url).uniq).to eq(avatars.map(&:url))
+          expect(avatars.map(&:upload).uniq).to eq(avatars.map(&:upload))
+        end
+      end
+    end
+  end
 end
diff --git a/spec/uploaders/workers/object_storage/background_move_worker_spec.rb b/spec/uploaders/workers/object_storage/background_move_worker_spec.rb
index b34f427fd8a..95813d15e52 100644
--- a/spec/uploaders/workers/object_storage/background_move_worker_spec.rb
+++ b/spec/uploaders/workers/object_storage/background_move_worker_spec.rb
@@ -125,8 +125,10 @@ describe ObjectStorage::BackgroundMoveWorker do
 
           it "migrates file to remote storage" do
             perform
+            project.reload
+            BatchLoader::Executor.clear_current
 
-            expect(project.reload.avatar.file_storage?).to be_falsey
+            expect(project.avatar).not_to be_file_storage
           end
         end
 
@@ -137,7 +139,7 @@ describe ObjectStorage::BackgroundMoveWorker do
           it "migrates file to remote storage" do
             perform
 
-            expect(project.reload.avatar.file_storage?).to be_falsey
+            expect(project.reload.avatar).not_to be_file_storage
           end
         end
       end
diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
index 589ebcf1414..27e8245185e 100644
--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@@ -7,6 +7,17 @@
 # * creating a review app for each topic branch,
 # * and continuous deployment to production
 #
+# Test jobs may be disabled by setting environment variables:
+# * test: TEST_DISABLED
+# * code_quality: CODE_QUALITY_DISABLED
+# * performance: PERFORMANCE_DISABLED
+# * sast: SAST_DISABLED
+# * dependency_scanning: DEPENDENCY_SCANNING_DISABLED
+# * container_scanning: CONTAINER_SCANNING_DISABLED
+# * dast: DAST_DISABLED
+# * review: REVIEW_DISABLED
+# * stop_review: REVIEW_DISABLED
+#
 # In order to deploy, you must have a Kubernetes cluster configured either
 # via a project integration, or via group/project variables.
 # AUTO_DEVOPS_DOMAIN must also be set as a variable at the group or project
@@ -15,7 +26,7 @@
 # Continuous deployment to production is enabled by default.
 # If you want to deploy to staging first, or enable incremental rollouts,
 # set STAGING_ENABLED or INCREMENTAL_ROLLOUT_ENABLED environment variables.
-# If you want to use canary deployments, uncomment the canary job.
+# If you want to use canary deployments, set CANARY_ENABLED environment variable.
 #
 # If Auto DevOps fails to detect the proper buildpack, or if you want to
 # specify a custom buildpack, set a project variable `BUILDPACK_URL` to the
@@ -76,8 +87,12 @@ test:
     - /bin/herokuish buildpack test
   only:
     - branches
+  except:
+    variables:
+      - $TEST_DISABLED
 
 code_quality:
+  stage: test
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
@@ -89,6 +104,9 @@ code_quality:
     - code_quality
   artifacts:
     paths: [gl-code-quality-report.json]
+  except:
+    variables:
+      - $CODE_QUALITY_DISABLED
 
 performance:
   stage: performance
@@ -109,8 +127,12 @@ performance:
     refs:
       - branches
     kubernetes: active
+  except:
+    variables:
+      - $PERFORMANCE_DISABLED
 
 sast:
+  stage: test
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
@@ -122,8 +144,12 @@ sast:
     - sast
   artifacts:
     paths: [gl-sast-report.json]
+  except:
+    variables:
+      - $SAST_DISABLED
 
 dependency_scanning:
+  stage: test
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
@@ -135,8 +161,12 @@ dependency_scanning:
     - dependency_scanning
   artifacts:
     paths: [gl-dependency-scanning-report.json]
+  except:
+    variables:
+      - $DEPENDENCY_SCANNING_DISABLED
 
 container_scanning:
+  stage: test
   image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
@@ -148,6 +178,9 @@ container_scanning:
     - container_scanning
   artifacts:
     paths: [gl-container-scanning-report.json]
+  except:
+    variables:
+      - $CONTAINER_SCANNING_DISABLED
 
 dast:
   stage: dast
@@ -164,7 +197,10 @@ dast:
       - branches
     kubernetes: active
   except:
-    - master
+    refs:
+      - master
+    variables:
+      - $DAST_DISABLED
 
 review:
   stage: review
@@ -188,7 +224,10 @@ review:
       - branches
     kubernetes: active
   except:
-    - master
+    refs:
+      - master
+    variables:
+      - $REVIEW_DISABLED
 
 stop_review:
   stage: cleanup
@@ -207,7 +246,10 @@ stop_review:
       - branches
     kubernetes: active
   except:
-    - master
+    refs:
+      - master
+    variables:
+      - $REVIEW_DISABLED
 
 # Keys that start with a dot (.) will not be processed by GitLab CI.
 # Staging and canary jobs are disabled by default, to enable them
@@ -240,10 +282,11 @@ staging:
     variables:
       - $STAGING_ENABLED
 
-# Canaries are disabled by default, but if you want them,
-# and know what the downsides are, enable this job by removing the dot (.).
+# Canaries are also disabled by default, but if you want them,
+# and know what the downsides are, you can enable this by setting
+# CANARY_ENABLED.
 
-.canary:
+canary:
   stage: canary
   script:
     - check_kube_domain
@@ -261,6 +304,8 @@ staging:
     refs:
       - master
     kubernetes: active
+    variables:
+      - $CANARY_ENABLED
 
 .production: &production_template
   stage: production
@@ -290,6 +335,7 @@ production:
   except:
     variables:
       - $STAGING_ENABLED
+      - $CANARY_ENABLED
       - $INCREMENTAL_ROLLOUT_ENABLED
 
 production_manual:
@@ -615,7 +661,7 @@ rollout 100%:
   function check_kube_domain() {
     if [ -z ${AUTO_DEVOPS_DOMAIN+x} ]; then
       echo "In order to deploy or use Review Apps, AUTO_DEVOPS_DOMAIN variable must be set"
-      echo "You can do it in Auto DevOps project settings or defining a secret variable at group or project level"
+      echo "You can do it in Auto DevOps project settings or defining a variable at group or project level"
       echo "You can also manually add it in .gitlab-ci.yml"
       false
     else
@@ -624,7 +670,6 @@ rollout 100%:
   }
 
   function build() {
-
     if [[ -n "$CI_REGISTRY_USER" ]]; then
       echo "Logging to GitLab Container Registry with CI credentials..."
       docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
@@ -636,7 +681,7 @@ rollout 100%:
       docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" .
     else
       echo "Building Heroku-based application using gliderlabs/herokuish docker image..."
-      docker run -i --name="$CI_CONTAINER_NAME" -v "$(pwd):/tmp/app:ro" gliderlabs/herokuish /bin/herokuish buildpack build
+      docker run -i -e BUILDPACK_URL --name="$CI_CONTAINER_NAME" -v "$(pwd):/tmp/app:ro" gliderlabs/herokuish /bin/herokuish buildpack build
       docker commit "$CI_CONTAINER_NAME" "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
       docker rm "$CI_CONTAINER_NAME" >/dev/null
       echo ""