Merge remote-tracking branch 'origin/master' into dev-master

9 files changed, 135 insertions, 83 deletions

diff --git a/lib/gitlab/ci/build/artifacts/metadata.rb b/lib/gitlab/ci/build/artifacts/metadata.rb
index 375d8bc1ff5..551d4f4473e 100644
--- a/lib/gitlab/ci/build/artifacts/metadata.rb
+++ b/lib/gitlab/ci/build/artifacts/metadata.rb
@@ -59,9 +59,12 @@ module Gitlab
 
             until gz.eof?
               begin
-                path = read_string(gz).force_encoding('UTF-8')
-                meta = read_string(gz).force_encoding('UTF-8')
+                path = read_string(gz)&.force_encoding('UTF-8')
+                meta = read_string(gz)&.force_encoding('UTF-8')
 
+                # We might hit an EOF while reading either value, so we should
+                # abort if we don't get any data.
+                next unless path && meta
                 next unless path.valid_encoding? && meta.valid_encoding?
                 next unless path =~ match_pattern
                 next if path =~ INVALID_PATH_PATTERN
diff --git a/lib/gitlab/ci/config/entry/reports.rb b/lib/gitlab/ci/config/entry/reports.rb
index 98f12c226b3..3ac2a6fa777 100644
--- a/lib/gitlab/ci/config/entry/reports.rb
+++ b/lib/gitlab/ci/config/entry/reports.rb
@@ -11,7 +11,7 @@ module Gitlab
           include Validatable
           include Attributable
 
-          ALLOWED_KEYS = %i[junit codequality sast dependency_scanning container_scanning dast].freeze
+          ALLOWED_KEYS = %i[junit codequality sast dependency_scanning container_scanning dast performance license_management].freeze
 
           attributes ALLOWED_KEYS
 
@@ -26,6 +26,8 @@ module Gitlab
               validates :dependency_scanning, array_of_strings_or_string: true
               validates :container_scanning, array_of_strings_or_string: true
               validates :dast, array_of_strings_or_string: true
+              validates :performance, array_of_strings_or_string: true
+              validates :license_management, array_of_strings_or_string: true
             end
           end
 
diff --git a/lib/gitlab/ci/templates/Android.gitlab-ci.yml b/lib/gitlab/ci/templates/Android.gitlab-ci.yml
index bf7831b937c..6e138639b71 100644
--- a/lib/gitlab/ci/templates/Android.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Android.gitlab-ci.yml
@@ -1,51 +1,45 @@
-# Read more about this script on this blog post https://about.gitlab.com/2016/11/30/setting-up-gitlab-ci-for-android-projects/, by Greyson Parrelli
+# Read more about this script on this blog post https://about.gitlab.com/2018/10/24/setting-up-gitlab-ci-for-android-projects/, by Jason Lenny
 image: openjdk:8-jdk
 
 variables:
   ANDROID_COMPILE_SDK: "28"
-  ANDROID_BUILD_TOOLS: "28.0.3"
-  ANDROID_SDK_TOOLS: "26.1.1"
+  ANDROID_BUILD_TOOLS: "28.0.2"
+  ANDROID_SDK_TOOLS:   "4333796"
 
 before_script:
-- apt-get --quiet update --yes
-- apt-get --quiet install --yes wget tar unzip lib32stdc++6 lib32z1
-- wget --quiet --output-document=android-sdk.zip https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip
-- unzip android-sdk.zip -d android-sdk-linux
-- echo y | android-sdk-linux/tools/bin/sdkmanager "platforms;android-${ANDROID_COMPILE_SDK}" > /dev/null
-- echo y | android-sdk-linux/tools/bin/sdkmanager platform-tools > /dev/null
-- echo y | android-sdk-linux/tools/bin/sdkmanager "build-tools;${ANDROID_BUILD_TOOLS}" > /dev/null
-- echo y | android-sdk-linux/tools/bin/sdkmanager "extras;google;google_play_services" > /dev/null
-- echo y | android-sdk-linux/tools/bin/sdkmanager "extras;google;m2repository" > /dev/null
-- export ANDROID_HOME=$PWD/android-sdk-linux
-- export PATH=$PATH:$PWD/android-sdk-linux/platform-tools/
-- yes | android-sdk-linux/tools/bin/sdkmanager --licenses &
-- chmod +x ./gradlew
+  - apt-get --quiet update --yes
+  - apt-get --quiet install --yes wget tar unzip lib32stdc++6 lib32z1
+  - wget --quiet --output-document=android-sdk.zip https://dl.google.com/android/repository/sdk-tools-linux-${ANDROID_SDK_TOOLS}.zip
+  - unzip -d android-sdk-linux android-sdk.zip
+  - echo y | android-sdk-linux/tools/bin/sdkmanager "platforms;android-${ANDROID_COMPILE_SDK}" >/dev/null
+  - echo y | android-sdk-linux/tools/bin/sdkmanager "platform-tools" >/dev/null
+  - echo y | android-sdk-linux/tools/bin/sdkmanager "build-tools;${ANDROID_BUILD_TOOLS}" >/dev/null
+  - export ANDROID_HOME=$PWD/android-sdk-linux
+  - export PATH=$PATH:$PWD/android-sdk-linux/platform-tools/
+  - chmod +x ./gradlew
+  # temporarily disable checking for EPIPE error and use yes to accept all licenses
+  - set +o pipefail
+  - yes | android-sdk-linux/tools/bin/sdkmanager --licenses
+  - set -o pipefail
 
 stages:
-- build
-- test
+  - build
+  - test
 
-build:
+lintDebug:
   stage: build
   script:
-  - ./gradlew assembleDebug
+    - ./gradlew -Pci --console=plain :app:lintDebug -PbuildDir=lint
+
+assembleDebug:
+  stage: build
+  script:
+    - ./gradlew assembleDebug
   artifacts:
     paths:
     - app/build/outputs/
 
-unitTests:
-  stage: test
-  script:
-  - ./gradlew test
-
-functionalTests:
+debugTests:
   stage: test
   script:
-    - wget --quiet --output-document=android-wait-for-emulator https://raw.githubusercontent.com/travis-ci/travis-cookbooks/0f497eb71291b52a703143c5cd63a217c8766dc9/community-cookbooks/android-sdk/files/default/android-wait-for-emulator
-    - chmod +x android-wait-for-emulator
-    - echo y | android-sdk-linux/tools/android --silent update sdk --no-ui --all --filter sys-img-x86-google_apis-${ANDROID_COMPILE_SDK}
-    - echo no | android-sdk-linux/tools/android create avd -n test -t android-${ANDROID_COMPILE_SDK} --abi google_apis/x86
-    - android-sdk-linux/tools/emulator64-x86 -avd test -no-window -no-audio &
-    - ./android-wait-for-emulator
-    - adb shell input keyevent 82
-    - ./gradlew cAT
+    - ./gradlew -Pci --console=plain :app:testDebug
diff --git a/lib/gitlab/database/migration_helpers.rb b/lib/gitlab/database/migration_helpers.rb
index 30541ee3553..a17f27a3147 100644
--- a/lib/gitlab/database/migration_helpers.rb
+++ b/lib/gitlab/database/migration_helpers.rb
@@ -937,7 +937,7 @@ database (#{dbname}) using a super user and running:
 
 For MySQL you instead need to run:
 
-    GRANT ALL PRIVILEGES ON *.* TO #{user}@'%'
+    GRANT ALL PRIVILEGES ON #{dbname}.* TO #{user}@'%'
 
 Both queries will grant the user super user permissions, ensuring you don't run
 into similar problems in the future (e.g. when new tables are created).
diff --git a/lib/gitlab/ee_compat_check.rb b/lib/gitlab/ee_compat_check.rb
index 6fc86925f81..5d9ecd651a0 100644
--- a/lib/gitlab/ee_compat_check.rb
+++ b/lib/gitlab/ee_compat_check.rb
@@ -286,7 +286,7 @@ module Gitlab
     end
 
     def patch_name_from_branch(branch_name)
-      branch_name.parameterize << '.patch'
+      "#{branch_name.parameterize}.patch"
     end
 
     def patch_url
@@ -434,9 +434,11 @@ module Gitlab
     end
 
     def conflicting_files_msg
-      failed_files.reduce("The conflicts detected were as follows:\n") do |memo, file|
-        memo << "\n        - #{file}"
-      end
+      header = "The conflicts detected were as follows:\n"
+      separator = "\n        - "
+      failed_items = failed_files.join(separator)
+
+      "#{header}#{separator}#{failed_items}"
     end
   end
 end
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb
index 588238de608..f266177bec1 100644
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -13,11 +13,21 @@ module Gitlab
     class KubeClient
       include Gitlab::Utils::StrongMemoize
 
-      SUPPORTED_API_GROUPS = [
-        'api',
-        'apis/rbac.authorization.k8s.io',
-        'apis/extensions'
-      ].freeze
+      SUPPORTED_API_GROUPS = {
+        core: { group: 'api', version: 'v1' },
+        rbac: { group: 'apis/rbac.authorization.k8s.io', version: 'v1' },
+        extensions: { group: 'apis/extensions', version: 'v1beta1' }
+      }.freeze
+
+      SUPPORTED_API_GROUPS.each do |name, params|
+        client_method_name = "#{name}_client".to_sym
+
+        define_method(client_method_name) do
+          strong_memoize(client_method_name) do
+            build_kubeclient(params[:group], params[:version])
+          end
+        end
+      end
 
       # Core API methods delegates to the core api group client
       delegate :get_pods,
@@ -45,6 +55,13 @@ module Gitlab
         :update_cluster_role_binding,
         to: :rbac_client
 
+      # RBAC methods delegates to the apis/rbac.authorization.k8s.io api
+      # group client
+      delegate :create_role_binding,
+        :get_role_binding,
+        :update_role_binding,
+        to: :rbac_client
+
       # Deployments resource is currently on the apis/extensions api group
       delegate :get_deployments,
         to: :extensions_client
@@ -55,48 +72,21 @@ module Gitlab
         :watch_pod_log,
         to: :core_client
 
-      def initialize(api_prefix, api_groups = ['api'], api_version = 'v1', **kubeclient_options)
-        raise ArgumentError unless check_api_groups_supported?(api_groups)
+      attr_reader :api_prefix, :kubeclient_options
 
+      def initialize(api_prefix, **kubeclient_options)
         @api_prefix = api_prefix
-        @api_groups = api_groups
-        @api_version = api_version
         @kubeclient_options = kubeclient_options
       end
 
-      def discover!
-        clients.each(&:discover)
-      end
-
-      def clients
-        hashed_clients.values
-      end
-
-      def core_client
-        hashed_clients['api']
-      end
-
-      def rbac_client
-        hashed_clients['apis/rbac.authorization.k8s.io']
-      end
-
-      def extensions_client
-        hashed_clients['apis/extensions']
-      end
-
-      def hashed_clients
-        strong_memoize(:hashed_clients) do
-          @api_groups.map do |api_group|
-            api_url = join_api_url(@api_prefix, api_group)
-            [api_group, ::Kubeclient::Client.new(api_url, @api_version, **@kubeclient_options)]
-          end.to_h
-        end
-      end
-
       private
 
-      def check_api_groups_supported?(api_groups)
-        api_groups.all? {|api_group| SUPPORTED_API_GROUPS.include?(api_group) }
+      def build_kubeclient(api_group, api_version)
+        ::Kubeclient::Client.new(
+          join_api_url(api_prefix, api_group),
+          api_version,
+          **kubeclient_options
+        )
       end
 
       def join_api_url(api_prefix, api_path)
diff --git a/lib/gitlab/kubernetes/role_binding.rb b/lib/gitlab/kubernetes/role_binding.rb
new file mode 100644
index 00000000000..4f3ee040bf2
--- /dev/null
+++ b/lib/gitlab/kubernetes/role_binding.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Kubernetes
+    class RoleBinding
+      attr_reader :role_name, :namespace, :service_account_name
+
+      def initialize(role_name:, namespace:, service_account_name:)
+        @role_name = role_name
+        @namespace = namespace
+        @service_account_name = service_account_name
+      end
+
+      def generate
+        ::Kubeclient::Resource.new.tap do |resource|
+          resource.metadata = metadata
+          resource.roleRef  = role_ref
+          resource.subjects = subjects
+        end
+      end
+
+      private
+
+      def metadata
+        { name: "gitlab-#{namespace}", namespace: namespace }
+      end
+
+      def role_ref
+        {
+          apiGroup: 'rbac.authorization.k8s.io',
+          kind: 'Role',
+          name: role_name
+        }
+      end
+
+      def subjects
+        [
+          {
+            kind: 'ServiceAccount',
+            name: service_account_name,
+            namespace: namespace
+          }
+        ]
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/setup_helper.rb b/lib/gitlab/setup_helper.rb
index 4a745147858..2b7e12639be 100644
--- a/lib/gitlab/setup_helper.rb
+++ b/lib/gitlab/setup_helper.rb
@@ -32,7 +32,10 @@ module Gitlab
         end
 
         if Rails.env.test?
-          storages << { name: 'test_second_storage', path: Rails.root.join('tmp', 'tests', 'second_storage').to_s }
+          storage_path = Rails.root.join('tmp', 'tests', 'second_storage').to_s
+
+          FileUtils.mkdir(storage_path) unless File.exist?(storage_path)
+          storages << { name: 'test_second_storage', path: storage_path }
         end
 
         config = { socket_path: address.sub(/\Aunix:/, ''), storage: storages }
diff --git a/lib/tasks/haml-lint.rake b/lib/tasks/haml-lint.rake
index ad2d034b0b4..786efd14b1a 100644
--- a/lib/tasks/haml-lint.rake
+++ b/lib/tasks/haml-lint.rake
@@ -2,5 +2,16 @@ unless Rails.env.production?
   require 'haml_lint/rake_task'
   require 'haml_lint/inline_javascript'
 
+  # Workaround for warnings from parser/current
+  # Keep it even if it no longer emits any warnings,
+  # because we'll still see warnings in console/server anyway,
+  # and we don't need to break static-analysis for this.
+  task :haml_lint do
+    require 'parser'
+    def Parser.warn(*args)
+      puts(*args) # static-analysis ignores stdout if status is 0
+    end
+  end
+
   HamlLint::RakeTask.new
 end