Merge remote-tracking branch 'upstream/master' into qa-add-more-key-tests

* upstream/master: (166 commits)
  Flowdock uses Gitaly, not Grit
  Removes 'no job log' from trace action
  Fix missing namespace for some internal users
  Dedupe yarn dependencies
  Downgrade MySQL CI service from 8.0 to 5.7
  Atomic internal ids for all models
  Add documentation on how to configure Redis Sentinel by persistent class
  Update CHANGELOG.md for 10.7.0
  Update index.md
  Resolve "Text from the diff is showing within a table header inside the discussion after the discussion is resolved"
  Don't include lfs_file_locks data in export bundle
  Documentation: Frontend Building Checklist
  Fix a documentation typo for GitLab pages
  Refactored activity calendar
  Add an API endpoint to download git repository snapshots
  Fix issues without links when added from boards new issue  modal
  Respect visibility options and description when importing project from template
  Resolve "Improve tooltips of collapsed sidebars"
  Update Container Scanning documentation
  Fix typo in vue.md
  ...

20 files changed, 88 insertions, 43 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 073471b4c4d..5139e869c71 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -154,6 +154,7 @@ module API
     mount ::API::ProjectHooks
     mount ::API::Projects
     mount ::API::ProjectMilestones
+    mount ::API::ProjectSnapshots
     mount ::API::ProjectSnippets
     mount ::API::ProtectedBranches
     mount ::API::Repositories
diff --git a/lib/api/discussions.rb b/lib/api/discussions.rb
index 6abd575b6ad..7975f35ab1e 100644
--- a/lib/api/discussions.rb
+++ b/lib/api/discussions.rb
@@ -25,7 +25,7 @@ module API
         get ":id/#{noteables_str}/:noteable_id/discussions" do
           noteable = find_noteable(parent_type, noteables_str, params[:noteable_id])
 
-          return not_found!("Discussions") unless can?(current_user, noteable_read_ability_name(noteable), noteable)
+          break not_found!("Discussions") unless can?(current_user, noteable_read_ability_name(noteable), noteable)
 
           notes = noteable.notes
             .inc_relations_for_view
@@ -50,7 +50,7 @@ module API
           notes = readable_discussion_notes(noteable, params[:discussion_id])
 
           if notes.empty? || !can?(current_user, noteable_read_ability_name(noteable), noteable)
-            return not_found!("Discussion")
+            break not_found!("Discussion")
           end
 
           discussion = Discussion.build(notes, noteable)
@@ -98,7 +98,7 @@ module API
           notes = readable_discussion_notes(noteable, params[:discussion_id])
 
           if notes.empty? || !can?(current_user, noteable_read_ability_name(noteable), noteable)
-            return not_found!("Notes")
+            break not_found!("Notes")
           end
 
           present notes, with: Entities::Note
@@ -117,8 +117,8 @@ module API
           noteable = find_noteable(parent_type, noteables_str, params[:noteable_id])
           notes = readable_discussion_notes(noteable, params[:discussion_id])
 
-          return not_found!("Discussion") if notes.empty?
-          return bad_request!("Discussion is an individual note.") unless notes.first.part_of_discussion?
+          break not_found!("Discussion") if notes.empty?
+          break bad_request!("Discussion is an individual note.") unless notes.first.part_of_discussion?
 
           opts = {
             note: params[:body],
diff --git a/lib/api/group_variables.rb b/lib/api/group_variables.rb
index 92800ce6450..55d5c7f1606 100644
--- a/lib/api/group_variables.rb
+++ b/lib/api/group_variables.rb
@@ -31,7 +31,7 @@ module API
         key = params[:key]
         variable = user_group.variables.find_by(key: key)
 
-        return not_found!('GroupVariable') unless variable
+        break not_found!('GroupVariable') unless variable
 
         present variable, with: Entities::Variable
       end
@@ -67,7 +67,7 @@ module API
       put ':id/variables/:key' do
         variable = user_group.variables.find_by(key: params[:key])
 
-        return not_found!('GroupVariable') unless variable
+        break not_found!('GroupVariable') unless variable
 
         variable_params = declared_params(include_missing: false).except(:key)
 
diff --git a/lib/api/helpers/project_snapshots_helpers.rb b/lib/api/helpers/project_snapshots_helpers.rb
new file mode 100644
index 00000000000..94798a8cb51
--- /dev/null
+++ b/lib/api/helpers/project_snapshots_helpers.rb
@@ -0,0 +1,25 @@
+module API
+  module Helpers
+    module ProjectSnapshotsHelpers
+      def authorize_read_git_snapshot!
+        authenticated_with_full_private_access!
+      end
+
+      def send_git_snapshot(repository)
+        header(*Gitlab::Workhorse.send_git_snapshot(repository))
+      end
+
+      def snapshot_project
+        user_project
+      end
+
+      def snapshot_repository
+        if to_boolean(params[:wiki])
+          snapshot_project.wiki.repository
+        else
+          snapshot_project.repository
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index fcbc248fc3b..6b72caea8fd 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -50,7 +50,7 @@ module API
           access_checker.check(params[:action], params[:changes])
           @project ||= access_checker.project
         rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e
-          return { status: false, message: e.message }
+          break { status: false, message: e.message }
         end
 
         log_user_activity(actor)
@@ -142,21 +142,21 @@ module API
         if key
           key.update_last_used_at
         else
-          return { 'success' => false, 'message' => 'Could not find the given key' }
+          break { 'success' => false, 'message' => 'Could not find the given key' }
         end
 
         if key.is_a?(DeployKey)
-          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
+          break { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
         end
 
         user = key.user
 
         unless user
-          return { success: false, message: 'Could not find a user for the given key' }
+          break { success: false, message: 'Could not find a user for the given key' }
         end
 
         unless user.two_factor_enabled?
-          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
+          break { success: false, message: 'Two-factor authentication is not enabled for this user' }
         end
 
         codes = nil
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 88e7f46c92c..12ff2a1398b 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -310,7 +310,7 @@ module API
 
         issue = find_project_issue(params[:issue_iid])
 
-        return not_found!('UserAgentDetail') unless issue.user_agent_detail
+        break not_found!('UserAgentDetail') unless issue.user_agent_detail
 
         present issue.user_agent_detail, with: Entities::UserAgentDetail
       end
diff --git a/lib/api/job_artifacts.rb b/lib/api/job_artifacts.rb
index b1adef49d46..32379d7c8ab 100644
--- a/lib/api/job_artifacts.rb
+++ b/lib/api/job_artifacts.rb
@@ -77,7 +77,7 @@ module API
 
         build = find_build!(params[:job_id])
         authorize!(:update_build, build)
-        return not_found!(build) unless build.artifacts?
+        break not_found!(build) unless build.artifacts?
 
         build.keep_artifacts!
 
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index 60911c8d733..54d1acbd412 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -120,7 +120,7 @@ module API
 
         build = find_build!(params[:job_id])
         authorize!(:update_build, build)
-        return forbidden!('Job is not retryable') unless build.retryable?
+        break forbidden!('Job is not retryable') unless build.retryable?
 
         build = Ci::Build.retry(build, current_user)
 
@@ -138,7 +138,7 @@ module API
 
         build = find_build!(params[:job_id])
         authorize!(:erase_build, build)
-        return forbidden!('Job is not erasable!') unless build.erasable?
+        break forbidden!('Job is not erasable!') unless build.erasable?
 
         build.erase(erased_by: current_user)
         present build, with: Entities::Job
diff --git a/lib/api/project_snapshots.rb b/lib/api/project_snapshots.rb
new file mode 100644
index 00000000000..71005acc587
--- /dev/null
+++ b/lib/api/project_snapshots.rb
@@ -0,0 +1,19 @@
+module API
+  class ProjectSnapshots < Grape::API
+    helpers ::API::Helpers::ProjectSnapshotsHelpers
+
+    before { authorize_read_git_snapshot! }
+
+    resource :projects do
+      desc 'Download a (possibly inconsistent) snapshot of a repository' do
+        detail 'This feature was introduced in GitLab 10.7'
+      end
+      params do
+        optional :wiki, type: Boolean, desc: 'Set to true to receive the wiki repository'
+      end
+      get ':id/snapshot' do
+        send_git_snapshot(snapshot_repository)
+      end
+    end
+  end
+end
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 39c03c40bab..1de5551fee9 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -145,7 +145,7 @@ module API
 
         snippet = Snippet.find_by!(id: params[:snippet_id], project_id: params[:id])
 
-        return not_found!('UserAgentDetail') unless snippet.user_agent_detail
+        break not_found!('UserAgentDetail') unless snippet.user_agent_detail
 
         present snippet.user_agent_detail, with: Entities::UserAgentDetail
       end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 3ae6fbd1fa9..51b3b0459f3 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -402,7 +402,7 @@ module API
         end
 
         unless user_project.allowed_to_share_with_group?
-          return render_api_error!("The project sharing with group is disabled", 400)
+          break render_api_error!("The project sharing with group is disabled", 400)
         end
 
         link = user_project.project_group_links.new(declared_params(include_missing: false))
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index 2396dc73f0e..bb3fa99af38 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -111,8 +111,8 @@ module API
       end
       params do
         use :pagination
-        optional :order_by, type: String, values: %w[email name commits], default: nil, desc: 'Return contributors ordered by `name` or `email` or `commits`'
-        optional :sort, type: String, values: %w[asc desc], default: nil, desc: 'Sort by asc (ascending) or desc (descending)'
+        optional :order_by, type: String, values: %w[email name commits], default: 'commits', desc: 'Return contributors ordered by `name` or `email` or `commits`'
+        optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)'
       end
       get ':id/repository/contributors' do
         begin
diff --git a/lib/api/runner.rb b/lib/api/runner.rb
index 60aeb69e10a..4d4fbe50f9f 100644
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -29,7 +29,7 @@ module API
             project.runners.create(attributes)
           end
 
-        return forbidden! unless runner
+        break forbidden! unless runner
 
         if runner.id
           present runner, with: Entities::RunnerRegistrationDetails
@@ -83,7 +83,7 @@ module API
         if current_runner.runner_queue_value_latest?(params[:last_update])
           header 'X-GitLab-Last-Update', params[:last_update]
           Gitlab::Metrics.add_event(:build_not_found_cached)
-          return no_content!
+          break no_content!
         end
 
         new_update = current_runner.ensure_runner_queue_value
@@ -152,7 +152,7 @@ module API
 
         stream_size = job.trace.append(request.body.read, content_range[0].to_i)
         if stream_size < 0
-          return error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{-stream_size}" })
+          break error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{-stream_size}" })
         end
 
         status 202
diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb
index c736cc32021..b30305b4bc9 100644
--- a/lib/api/snippets.rb
+++ b/lib/api/snippets.rb
@@ -94,7 +94,7 @@ module API
       end
       put ':id' do
         snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-        return not_found!('Snippet') unless snippet
+        break not_found!('Snippet') unless snippet
 
         authorize! :update_personal_snippet, snippet
 
@@ -120,7 +120,7 @@ module API
       end
       delete ':id' do
         snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-        return not_found!('Snippet') unless snippet
+        break not_found!('Snippet') unless snippet
 
         authorize! :destroy_personal_snippet, snippet
 
@@ -135,7 +135,7 @@ module API
       end
       get ":id/raw" do
         snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-        return not_found!('Snippet') unless snippet
+        break not_found!('Snippet') unless snippet
 
         env['api.format'] = :txt
         content_type 'text/plain'
@@ -153,7 +153,7 @@ module API
 
         snippet = Snippet.find_by!(id: params[:id])
 
-        return not_found!('UserAgentDetail') unless snippet.user_agent_detail
+        break not_found!('UserAgentDetail') unless snippet.user_agent_detail
 
         present snippet.user_agent_detail, with: Entities::UserAgentDetail
       end
diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb
index b3709455bc3..b29e660c6e0 100644
--- a/lib/api/triggers.rb
+++ b/lib/api/triggers.rb
@@ -62,7 +62,7 @@ module API
         authorize! :admin_build, user_project
 
         trigger = user_project.triggers.find(params.delete(:trigger_id))
-        return not_found!('Trigger') unless trigger
+        break not_found!('Trigger') unless trigger
 
         present trigger, with: Entities::Trigger
       end
@@ -99,7 +99,7 @@ module API
         authorize! :admin_build, user_project
 
         trigger = user_project.triggers.find(params.delete(:trigger_id))
-        return not_found!('Trigger') unless trigger
+        break not_found!('Trigger') unless trigger
 
         if trigger.update(declared_params(include_missing: false))
           present trigger, with: Entities::Trigger
@@ -119,7 +119,7 @@ module API
         authorize! :admin_build, user_project
 
         trigger = user_project.triggers.find(params.delete(:trigger_id))
-        return not_found!('Trigger') unless trigger
+        break not_found!('Trigger') unless trigger
 
         if trigger.update(owner: current_user)
           status :ok
@@ -140,7 +140,7 @@ module API
         authorize! :admin_build, user_project
 
         trigger = user_project.triggers.find(params.delete(:trigger_id))
-        return not_found!('Trigger') unless trigger
+        break not_found!('Trigger') unless trigger
 
         destroy_conditionally!(trigger)
       end
diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb
index 683b9c993cb..b49448e1e67 100644
--- a/lib/api/v3/builds.rb
+++ b/lib/api/v3/builds.rb
@@ -51,7 +51,7 @@ module API
         get ':id/repository/commits/:sha/builds' do
           authorize_read_builds!
 
-          return not_found! unless user_project.commit(params[:sha])
+          break not_found! unless user_project.commit(params[:sha])
 
           pipelines = user_project.pipelines.where(sha: params[:sha])
           builds = user_project.builds.where(pipeline: pipelines).order('id DESC')
@@ -153,7 +153,7 @@ module API
 
           build = get_build!(params[:build_id])
           authorize!(:update_build, build)
-          return forbidden!('Build is not retryable') unless build.retryable?
+          break forbidden!('Build is not retryable') unless build.retryable?
 
           build = Ci::Build.retry(build, current_user)
 
@@ -171,7 +171,7 @@ module API
 
           build = get_build!(params[:build_id])
           authorize!(:erase_build, build)
-          return forbidden!('Build is not erasable!') unless build.erasable?
+          break forbidden!('Build is not erasable!') unless build.erasable?
 
           build.erase(erased_by: current_user)
           present build, with: ::API::V3::Entities::Build
@@ -188,7 +188,7 @@ module API
 
           build = get_build!(params[:build_id])
           authorize!(:update_build, build)
-          return not_found!(build) unless build.artifacts?
+          break not_found!(build) unless build.artifacts?
 
           build.keep_artifacts!
 
diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb
index a2df969d819..eb3dd113524 100644
--- a/lib/api/v3/projects.rb
+++ b/lib/api/v3/projects.rb
@@ -423,7 +423,7 @@ module API
           end
 
           unless user_project.allowed_to_share_with_group?
-            return render_api_error!("The project sharing with group is disabled", 400)
+            break render_api_error!("The project sharing with group is disabled", 400)
           end
 
           link = user_project.project_group_links.new(declared_params(include_missing: false))
diff --git a/lib/api/v3/snippets.rb b/lib/api/v3/snippets.rb
index 85613c8ed84..1df8a20e74a 100644
--- a/lib/api/v3/snippets.rb
+++ b/lib/api/v3/snippets.rb
@@ -90,7 +90,7 @@ module API
         end
         put ':id' do
           snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-          return not_found!('Snippet') unless snippet
+          break not_found!('Snippet') unless snippet
 
           authorize! :update_personal_snippet, snippet
 
@@ -114,7 +114,7 @@ module API
         end
         delete ':id' do
           snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-          return not_found!('Snippet') unless snippet
+          break not_found!('Snippet') unless snippet
 
           authorize! :destroy_personal_snippet, snippet
           snippet.destroy
@@ -129,7 +129,7 @@ module API
         end
         get ":id/raw" do
           snippet = snippets_for_current_user.find_by(id: params.delete(:id))
-          return not_found!('Snippet') unless snippet
+          break not_found!('Snippet') unless snippet
 
           env['api.format'] = :txt
           content_type 'text/plain'
diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb
index 34f07dfb486..969bb2a05de 100644
--- a/lib/api/v3/triggers.rb
+++ b/lib/api/v3/triggers.rb
@@ -72,7 +72,7 @@ module API
           authorize! :admin_build, user_project
 
           trigger = user_project.triggers.find_by(token: params[:token].to_s)
-          return not_found!('Trigger') unless trigger
+          break not_found!('Trigger') unless trigger
 
           present trigger, with: ::API::V3::Entities::Trigger
         end
@@ -100,7 +100,7 @@ module API
           authorize! :admin_build, user_project
 
           trigger = user_project.triggers.find_by(token: params[:token].to_s)
-          return not_found!('Trigger') unless trigger
+          break not_found!('Trigger') unless trigger
 
           trigger.destroy
 
diff --git a/lib/api/variables.rb b/lib/api/variables.rb
index d08876ae1b9..a34de9410e8 100644
--- a/lib/api/variables.rb
+++ b/lib/api/variables.rb
@@ -31,7 +31,7 @@ module API
         key = params[:key]
         variable = user_project.variables.find_by(key: key)
 
-        return not_found!('Variable') unless variable
+        break not_found!('Variable') unless variable
 
         present variable, with: Entities::Variable
       end
@@ -67,7 +67,7 @@ module API
       put ':id/variables/:key' do
         variable = user_project.variables.find_by(key: params[:key])
 
-        return not_found!('Variable') unless variable
+        break not_found!('Variable') unless variable
 
         variable_params = declared_params(include_missing: false).except(:key)