Merge branch 'master' into feature/gb/persist-pipeline-stages

* master: (524 commits)
  Improve user experience around slash commands in instant comments
  Fix LFS timeouts when trying to save large files
  retryable? is now available for CommitStatus
  Resolve "Documentation of `.gitlab-ci.yml` states incorrect example for variables"
  Fix test failures
  Add slugify project path to CI enviroment variables
  Fixed typo: craeted -> created
  32118 Make New environment empty state btn lowercase
  Expose import_status in Projects API
  32832 Remove overflow from comment form for confidential issues and vertically aligns confidential issue icon
  Fix test failures
  Allow manual bypass of auto_sign_in_with_provider
  Fix keys seed
  Allow users to be hard-deleted from the API
  fixup some classnames and media queries
  Enable the Style/PreferredHashMethods cop
  Lint our factories creation in addition to their build
  Don’t schedule workers from inside transactions
  Allow scheduling from after_commit hooks
  Forbid Sidekiq scheduling in transactions
  ...

Conflicts:
	app/serializers/pipeline_entity.rb
	db/schema.rb
	spec/factories/ci/stages.rb
	spec/lib/gitlab/import_export/safe_model_attributes.yml
	spec/services/ci/create_pipeline_service_spec.rb
	spec/spec_helper.rb

50 files changed, 2181 insertions, 520 deletions

diff --git a/spec/lib/banzai/filter/user_reference_filter_spec.rb b/spec/lib/banzai/filter/user_reference_filter_spec.rb
index 63b23dac7ed..edf3846b742 100644
--- a/spec/lib/banzai/filter/user_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/user_reference_filter_spec.rb
@@ -16,6 +16,11 @@ describe Banzai::Filter::UserReferenceFilter, lib: true do
     expect(reference_filter(act).to_html).to eq(exp)
   end
 
+  it 'ignores references with text before the @ sign' do
+    exp = act = "Hey foo#{reference}"
+    expect(reference_filter(act).to_html).to eq(exp)
+  end
+
   %w(pre code a style).each do |elem|
     it "ignores valid references contained inside '#{elem}' element" do
       exp = act = "<#{elem}>Hey #{reference}</#{elem}>"
diff --git a/spec/lib/banzai/reference_parser/user_parser_spec.rb b/spec/lib/banzai/reference_parser/user_parser_spec.rb
index 4ec998efe53..592ed0d2b98 100644
--- a/spec/lib/banzai/reference_parser/user_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/user_parser_spec.rb
@@ -42,6 +42,29 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
 
         expect(subject.referenced_by([link])).to eq([user])
       end
+
+      context 'when RequestStore is active' do
+        let(:other_user) { create(:user) }
+
+        before do
+          RequestStore.begin!
+        end
+
+        after do
+          RequestStore.end!
+          RequestStore.clear!
+        end
+
+        it 'does not return users from the first call in the second' do
+          link['data-user'] = user.id.to_s
+
+          expect(subject.referenced_by([link])).to eq([user])
+
+          link['data-user'] = other_user.id.to_s
+
+          expect(subject.referenced_by([link])).to eq([other_user])
+        end
+      end
     end
 
     context 'when the link has a data-project attribute' do
@@ -74,7 +97,7 @@ describe Banzai::ReferenceParser::UserParser, lib: true do
     end
   end
 
-  describe '#nodes_visible_to_use?' do
+  describe '#nodes_visible_to_user' do
     context 'when the link has a data-group attribute' do
       context 'using an existing group ID' do
         before do
diff --git a/spec/lib/feature_spec.rb b/spec/lib/feature_spec.rb
new file mode 100644
index 00000000000..1d92a5cb33f
--- /dev/null
+++ b/spec/lib/feature_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Feature, lib: true do
+  describe '.get' do
+    let(:feature) { double(:feature) }
+    let(:key) { 'my_feature' }
+
+    it 'returns the Flipper feature' do
+      expect_any_instance_of(Flipper::DSL).to receive(:feature).with(key).
+        and_return(feature)
+
+      expect(described_class.get(key)).to be(feature)
+    end
+  end
+
+  describe '.all' do
+    let(:features) { Set.new }
+
+    it 'returns the Flipper features as an array' do
+      expect_any_instance_of(Flipper::DSL).to receive(:features).
+        and_return(features)
+
+      expect(described_class.all).to eq(features.to_a)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb b/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
index b386852b196..cfb5cba054e 100644
--- a/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
+++ b/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::Cache::Ci::ProjectPipelineStatus, :redis do
-  let(:project) { create(:project) }
+  let!(:project) { create(:project) }
   let(:pipeline_status) { described_class.new(project) }
   let(:cache_key) { "projects/#{project.id}/pipeline_status" }
 
@@ -18,7 +18,7 @@ describe Gitlab::Cache::Ci::ProjectPipelineStatus, :redis do
     let(:sha) { '424d1b73bc0d3cb726eb7dc4ce17a4d48552f8c6' }
     let(:ref) { 'master' }
     let(:pipeline_info) { { sha: sha, status: status, ref: ref } }
-    let(:project_without_status) { create(:project) }
+    let!(:project_without_status) { create(:project) }
 
     describe '.load_in_batch_for_projects' do
       it 'preloads pipeline_status on projects' do
diff --git a/spec/lib/gitlab/chat_commands/command_spec.rb b/spec/lib/gitlab/chat_commands/command_spec.rb
index eb4f06b371c..13e6953147b 100644
--- a/spec/lib/gitlab/chat_commands/command_spec.rb
+++ b/spec/lib/gitlab/chat_commands/command_spec.rb
@@ -58,9 +58,12 @@ describe Gitlab::ChatCommands::Command, service: true do
         end
       end
 
-      context 'and user does have deployment permission' do
+      context 'and user has deployment permission' do
         before do
-          build.project.add_master(user)
+          build.project.add_developer(user)
+
+          create(:protected_branch, :developers_can_merge,
+                 name: build.ref, project: project)
         end
 
         it 'returns action' do
diff --git a/spec/lib/gitlab/chat_commands/deploy_spec.rb b/spec/lib/gitlab/chat_commands/deploy_spec.rb
index b33389d959e..46dbdeae37c 100644
--- a/spec/lib/gitlab/chat_commands/deploy_spec.rb
+++ b/spec/lib/gitlab/chat_commands/deploy_spec.rb
@@ -7,7 +7,12 @@ describe Gitlab::ChatCommands::Deploy, service: true do
     let(:regex_match) { described_class.match('deploy staging to production') }
 
     before do
-      project.add_master(user)
+      # Make it possible to trigger protected manual actions for developers.
+      #
+      project.add_developer(user)
+
+      create(:protected_branch, :developers_can_merge,
+             name: 'master', project: project)
     end
 
     subject do
diff --git a/spec/lib/gitlab/ci/status/build/common_spec.rb b/spec/lib/gitlab/ci/status/build/common_spec.rb
index 40b96b1807b..72bd7c4eb93 100644
--- a/spec/lib/gitlab/ci/status/build/common_spec.rb
+++ b/spec/lib/gitlab/ci/status/build/common_spec.rb
@@ -31,7 +31,7 @@ describe Gitlab::Ci::Status::Build::Common do
 
   describe '#details_path' do
     it 'links to the build details page' do
-      expect(subject.details_path).to include "builds/#{build.id}"
+      expect(subject.details_path).to include "jobs/#{build.id}"
     end
   end
 end
diff --git a/spec/lib/gitlab/ci/status/build/factory_spec.rb b/spec/lib/gitlab/ci/status/build/factory_spec.rb
index 185bb9098da..3f30b2c38f2 100644
--- a/spec/lib/gitlab/ci/status/build/factory_spec.rb
+++ b/spec/lib/gitlab/ci/status/build/factory_spec.rb
@@ -224,7 +224,10 @@ describe Gitlab::Ci::Status::Build::Factory do
 
       context 'when user has ability to play action' do
         before do
-          build.project.add_master(user)
+          project.add_developer(user)
+
+          create(:protected_branch, :developers_can_merge,
+                 name: build.ref, project: project)
         end
 
         it 'fabricates status that has action' do
diff --git a/spec/lib/gitlab/ci/status/build/play_spec.rb b/spec/lib/gitlab/ci/status/build/play_spec.rb
index f5d0f977768..0e15a5f3c6b 100644
--- a/spec/lib/gitlab/ci/status/build/play_spec.rb
+++ b/spec/lib/gitlab/ci/status/build/play_spec.rb
@@ -2,6 +2,7 @@ require 'spec_helper'
 
 describe Gitlab::Ci::Status::Build::Play do
   let(:user) { create(:user) }
+  let(:project) { build.project }
   let(:build) { create(:ci_build, :manual) }
   let(:status) { Gitlab::Ci::Status::Core.new(build, user) }
 
@@ -15,8 +16,13 @@ describe Gitlab::Ci::Status::Build::Play do
 
   describe '#has_action?' do
     context 'when user is allowed to update build' do
-      context 'when user can push to branch' do
-        before { build.project.add_master(user) }
+      context 'when user is allowed to trigger protected action' do
+        before do
+          project.add_developer(user)
+
+          create(:protected_branch, :developers_can_merge,
+                 name: build.ref, project: project)
+        end
 
         it { is_expected.to have_action }
       end
diff --git a/spec/lib/gitlab/ci/trace/stream_spec.rb b/spec/lib/gitlab/ci/trace/stream_spec.rb
index 40ac5a3ed37..bbb3f9912a3 100644
--- a/spec/lib/gitlab/ci/trace/stream_spec.rb
+++ b/spec/lib/gitlab/ci/trace/stream_spec.rb
@@ -240,9 +240,50 @@ describe Gitlab::Ci::Trace::Stream do
     end
 
     context 'multiple results in content & regex' do
-      let(:data) { ' (98.39%) covered. (98.29%) covered' }
+      let(:data) do
+        <<~HEREDOC
+          (98.39%) covered
+          (98.29%) covered
+        HEREDOC
+      end
+
+      let(:regex) { '\(\d+.\d+\%\) covered' }
+
+      it 'returns the last matched coverage' do
+        is_expected.to eq("98.29")
+      end
+    end
+
+    context 'when BUFFER_SIZE is smaller than stream.size' do
+      let(:data) { 'Coverage 1033 / 1051 LOC (98.29%) covered\n' }
+      let(:regex) { '\(\d+.\d+\%\) covered' }
+
+      before do
+        stub_const('Gitlab::Ci::Trace::Stream::BUFFER_SIZE', 5)
+      end
+
+      it { is_expected.to eq("98.29") }
+    end
+
+    context 'when regex is multi-byte char' do
+      let(:data) { '95.0 ゴッドファット\n' }
+      let(:regex) { '\d+\.\d+ ゴッドファット' }
+
+      before do
+        stub_const('Gitlab::Ci::Trace::Stream::BUFFER_SIZE', 5)
+      end
+
+      it { is_expected.to eq('95.0') }
+    end
+
+    context 'when BUFFER_SIZE is equal to stream.size' do
+      let(:data) { 'Coverage 1033 / 1051 LOC (98.29%) covered\n' }
       let(:regex) { '\(\d+.\d+\%\) covered' }
 
+      before do
+        stub_const('Gitlab::Ci::Trace::Stream::BUFFER_SIZE', data.length)
+      end
+
       it { is_expected.to eq("98.29") }
     end
 
diff --git a/spec/lib/gitlab/database/migration_helpers_spec.rb b/spec/lib/gitlab/database/migration_helpers_spec.rb
index bd5ac6142be..3fdafd867da 100644
--- a/spec/lib/gitlab/database/migration_helpers_spec.rb
+++ b/spec/lib/gitlab/database/migration_helpers_spec.rb
@@ -66,16 +66,23 @@ describe Gitlab::Database::MigrationHelpers, lib: true do
 
       context 'using PostgreSQL' do
         before do
-          allow(Gitlab::Database).to receive(:postgresql?).and_return(true)
+          allow(model).to receive(:supports_drop_index_concurrently?).and_return(true)
           allow(model).to receive(:disable_statement_timeout)
         end
 
-        it 'removes the index concurrently' do
+        it 'removes the index concurrently by column name' do
           expect(model).to receive(:remove_index).
             with(:users, { algorithm: :concurrently, column: :foo })
 
           model.remove_concurrent_index(:users, :foo)
         end
+
+        it 'removes the index concurrently by index name' do
+          expect(model).to receive(:remove_index).
+            with(:users, { algorithm: :concurrently, name: "index_x_by_y" })
+
+          model.remove_concurrent_index_by_name(:users, "index_x_by_y")
+        end
       end
 
       context 'using MySQL' do
diff --git a/spec/lib/gitlab/database/rename_reserved_paths_migration/v1/rename_namespaces_spec.rb b/spec/lib/gitlab/database/rename_reserved_paths_migration/v1/rename_namespaces_spec.rb
index c56fded7516..ce2b5d620fd 100644
--- a/spec/lib/gitlab/database/rename_reserved_paths_migration/v1/rename_namespaces_spec.rb
+++ b/spec/lib/gitlab/database/rename_reserved_paths_migration/v1/rename_namespaces_spec.rb
@@ -18,8 +18,8 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
       let(:subject) { described_class.new(['parent/the-Path'], migration) }
 
       it 'includes the namespace' do
-        parent = create(:namespace, path: 'parent')
-        child = create(:namespace, path: 'the-path', parent: parent)
+        parent = create(:group, path: 'parent')
+        child = create(:group, path: 'the-path', parent: parent)
 
         found_ids = subject.namespaces_for_paths(type: :child).
                       map(&:id)
@@ -30,13 +30,13 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
 
     context 'for child namespaces' do
       it 'only returns child namespaces with the correct path' do
-        _root_namespace = create(:namespace, path: 'THE-path')
-        _other_path = create(:namespace,
+        _root_namespace = create(:group, path: 'THE-path')
+        _other_path = create(:group,
                              path: 'other',
-                             parent: create(:namespace))
-        namespace = create(:namespace,
+                             parent: create(:group))
+        namespace = create(:group,
                            path: 'the-path',
-                           parent: create(:namespace))
+                           parent: create(:group))
 
         found_ids = subject.namespaces_for_paths(type: :child).
                       map(&:id)
@@ -45,13 +45,13 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
       end
 
       it 'has no namespaces that look the same' do
-        _root_namespace = create(:namespace, path: 'THE-path')
-        _similar_path = create(:namespace,
+        _root_namespace = create(:group, path: 'THE-path')
+        _similar_path = create(:group,
                              path: 'not-really-the-path',
-                             parent: create(:namespace))
-        namespace = create(:namespace,
+                             parent: create(:group))
+        namespace = create(:group,
                            path: 'the-path',
-                           parent: create(:namespace))
+                           parent: create(:group))
 
         found_ids = subject.namespaces_for_paths(type: :child).
                       map(&:id)
@@ -62,11 +62,11 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
 
     context 'for top levelnamespaces' do
       it 'only returns child namespaces with the correct path' do
-        root_namespace = create(:namespace, path: 'the-path')
-        _other_path = create(:namespace, path: 'other')
-        _child_namespace = create(:namespace,
+        root_namespace = create(:group, path: 'the-path')
+        _other_path = create(:group, path: 'other')
+        _child_namespace = create(:group,
                                   path: 'the-path',
-                                  parent: create(:namespace))
+                                  parent: create(:group))
 
         found_ids = subject.namespaces_for_paths(type: :top_level).
                       map(&:id)
@@ -75,11 +75,11 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
       end
 
       it 'has no namespaces that just look the same' do
-        root_namespace = create(:namespace, path: 'the-path')
-        _similar_path = create(:namespace, path: 'not-really-the-path')
-        _child_namespace = create(:namespace,
+        root_namespace = create(:group, path: 'the-path')
+        _similar_path = create(:group, path: 'not-really-the-path')
+        _child_namespace = create(:group,
                                   path: 'the-path',
-                                  parent: create(:namespace))
+                                  parent: create(:group))
 
         found_ids = subject.namespaces_for_paths(type: :top_level).
                       map(&:id)
@@ -124,10 +124,10 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
 
   describe "#child_ids_for_parent" do
     it "collects child ids for all levels" do
-      parent = create(:namespace)
-      first_child = create(:namespace, parent: parent)
-      second_child = create(:namespace, parent: parent)
-      third_child = create(:namespace, parent: second_child)
+      parent = create(:group)
+      first_child = create(:group, parent: parent)
+      second_child = create(:group, parent: parent)
+      third_child = create(:group, parent: second_child)
       all_ids = [parent.id, first_child.id, second_child.id, third_child.id]
 
       collected_ids = subject.child_ids_for_parent(parent, ids: [parent.id])
@@ -205,9 +205,9 @@ describe Gitlab::Database::RenameReservedPathsMigration::V1::RenameNamespaces do
   end
 
   describe '#rename_namespaces' do
-    let!(:top_level_namespace) { create(:namespace, path: 'the-path') }
+    let!(:top_level_namespace) { create(:group, path: 'the-path') }
     let!(:child_namespace) do
-      create(:namespace, path: 'the-path', parent: create(:namespace))
+      create(:group, path: 'the-path', parent: create(:group))
     end
 
     it 'renames top level namespaces the namespace' do
diff --git a/spec/lib/gitlab/dependency_linker/cartfile_linker_spec.rb b/spec/lib/gitlab/dependency_linker/cartfile_linker_spec.rb
new file mode 100644
index 00000000000..df77f4037af
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/cartfile_linker_spec.rb
@@ -0,0 +1,74 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::CartfileLinker, lib: true do
+  describe '.support?' do
+    it 'supports Cartfile' do
+      expect(described_class.support?('Cartfile')).to be_truthy
+    end
+
+    it 'supports Cartfile.private' do
+      expect(described_class.support?('Cartfile.private')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('test.Cartfile')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "Cartfile" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        # Require version 2.3.1 or later
+        github "ReactiveCocoa/ReactiveCocoa" >= 2.3.1
+
+        # Require version 1.x
+        github "Mantle/Mantle" ~> 1.0    # (1.0 or later, but less than 2.0)
+
+        # Require exactly version 0.4.1
+        github "jspahrsummers/libextobjc" == 0.4.1
+
+        # Use the latest version
+        github "jspahrsummers/xcconfigs"
+
+        # Use the branch
+        github "jspahrsummers/xcconfigs" "branch"
+
+        # Use a project from GitHub Enterprise
+        github "https://enterprise.local/ghe/desktop/git-error-translations"
+
+        # Use a project from any arbitrary server, on the "development" branch
+        git "https://enterprise.local/desktop/git-error-translations2.git" "development"
+
+        # Use a local project
+        git "file:///directory/to/project" "branch"
+
+        # A binary only framework
+        binary "https://my.domain.com/release/MyFramework.json" ~> 2.3
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('ReactiveCocoa/ReactiveCocoa', 'https://github.com/ReactiveCocoa/ReactiveCocoa'))
+      expect(subject).to include(link('Mantle/Mantle', 'https://github.com/Mantle/Mantle'))
+      expect(subject).to include(link('jspahrsummers/libextobjc', 'https://github.com/jspahrsummers/libextobjc'))
+      expect(subject).to include(link('jspahrsummers/xcconfigs', 'https://github.com/jspahrsummers/xcconfigs'))
+    end
+
+    it 'links Git repos' do
+      expect(subject).to include(link('https://enterprise.local/ghe/desktop/git-error-translations', 'https://enterprise.local/ghe/desktop/git-error-translations'))
+      expect(subject).to include(link('https://enterprise.local/desktop/git-error-translations2.git', 'https://enterprise.local/desktop/git-error-translations2.git'))
+    end
+
+    it 'links binary-only frameworks' do
+      expect(subject).to include(link('https://my.domain.com/release/MyFramework.json', 'https://my.domain.com/release/MyFramework.json'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb
new file mode 100644
index 00000000000..d7a926e800f
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/composer_json_linker_spec.rb
@@ -0,0 +1,82 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::ComposerJsonLinker, lib: true do
+  describe '.support?' do
+    it 'supports composer.json' do
+      expect(described_class.support?('composer.json')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('composer.json.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "composer.json" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        {
+          "name": "laravel/laravel",
+          "homepage": "https://laravel.com/",
+          "description": "The Laravel Framework.",
+          "keywords": ["framework", "laravel"],
+          "license": "MIT",
+          "type": "project",
+          "repositories": [
+            {
+              "type": "git",
+              "url": "https://github.com/laravel/laravel.git"
+            }
+          ],
+          "require": {
+            "php": ">=5.5.9",
+            "laravel/framework": "5.2.*"
+          },
+          "require-dev": {
+            "fzaninotto/faker": "~1.4",
+            "mockery/mockery": "0.9.*",
+            "phpunit/phpunit": "~4.0",
+            "symfony/css-selector": "2.8.*|3.0.*",
+            "symfony/dom-crawler": "2.8.*|3.0.*"
+          }
+        }
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the module name' do
+      expect(subject).to include(link('laravel/laravel', 'https://packagist.org/packages/laravel/laravel'))
+    end
+
+    it 'links the homepage' do
+      expect(subject).to include(link('https://laravel.com/', 'https://laravel.com/'))
+    end
+
+    it 'links the repository URL' do
+      expect(subject).to include(link('https://github.com/laravel/laravel.git', 'https://github.com/laravel/laravel.git'))
+    end
+
+    it 'links the license' do
+      expect(subject).to include(link('MIT', 'http://choosealicense.com/licenses/mit/'))
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('laravel/framework', 'https://packagist.org/packages/laravel/framework'))
+      expect(subject).to include(link('fzaninotto/faker', 'https://packagist.org/packages/fzaninotto/faker'))
+      expect(subject).to include(link('mockery/mockery', 'https://packagist.org/packages/mockery/mockery'))
+      expect(subject).to include(link('phpunit/phpunit', 'https://packagist.org/packages/phpunit/phpunit'))
+      expect(subject).to include(link('symfony/css-selector', 'https://packagist.org/packages/symfony/css-selector'))
+      expect(subject).to include(link('symfony/dom-crawler', 'https://packagist.org/packages/symfony/dom-crawler'))
+    end
+
+    it 'does not link core dependencies' do
+      expect(subject).not_to include(link('php', 'https://packagist.org/packages/php'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb b/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
index 2e52097a946..3f8335f03ea 100644
--- a/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker/gemfile_linker_spec.rb
@@ -33,7 +33,7 @@ describe Gitlab::DependencyLinker::GemfileLinker, lib: true do
     subject { Gitlab::Highlight.highlight(file_name, file_content) }
 
     def link(name, url)
-      %{<a href="#{url}" rel="noopener noreferrer" target="_blank">#{name}</a>}
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
     end
 
     it 'links sources' do
diff --git a/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb b/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb
new file mode 100644
index 00000000000..d4a71403939
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/gemspec_linker_spec.rb
@@ -0,0 +1,66 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::GemspecLinker, lib: true do
+  describe '.support?' do
+    it 'supports *.gemspec' do
+      expect(described_class.support?('gitlab_git.gemspec')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('.gemspec.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "gitlab_git.gemspec" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        Gem::Specification.new do |s|
+          s.name        = 'gitlab_git'
+          s.version     = `cat VERSION`
+          s.date        = Time.now.strftime('%Y-%m-%d')
+          s.summary     = "Gitlab::Git library"
+          s.description = "GitLab wrapper around git objects"
+          s.authors     = ["Dmitriy Zaporozhets"]
+          s.email       = 'dmitriy.zaporozhets@gmail.com'
+          s.license     = 'MIT'
+          s.files       = `git ls-files lib/`.split('\n') << 'VERSION'
+          s.homepage    = 'https://gitlab.com/gitlab-org/gitlab_git'
+
+          s.add_dependency('github-linguist', '~> 4.7.0')
+          s.add_dependency('activesupport', '~> 4.0')
+          s.add_dependency('rugged', '~> 0.24.0')
+          s.add_runtime_dependency('charlock_holmes', '~> 0.7.3')
+          s.add_development_dependency('listen', '~> 3.0.6')
+        end
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the gem name' do
+      expect(subject).to include(link('gitlab_git', 'https://rubygems.org/gems/gitlab_git'))
+    end
+
+    it 'links the license' do
+      expect(subject).to include(link('MIT', 'http://choosealicense.com/licenses/mit/'))
+    end
+
+    it 'links the homepage' do
+      expect(subject).to include(link('https://gitlab.com/gitlab-org/gitlab_git', 'https://gitlab.com/gitlab-org/gitlab_git'))
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('github-linguist', 'https://rubygems.org/gems/github-linguist'))
+      expect(subject).to include(link('activesupport', 'https://rubygems.org/gems/activesupport'))
+      expect(subject).to include(link('rugged', 'https://rubygems.org/gems/rugged'))
+      expect(subject).to include(link('charlock_holmes', 'https://rubygems.org/gems/charlock_holmes'))
+      expect(subject).to include(link('listen', 'https://rubygems.org/gems/listen'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/godeps_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/godeps_json_linker_spec.rb
new file mode 100644
index 00000000000..e279e0c9019
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/godeps_json_linker_spec.rb
@@ -0,0 +1,84 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::GodepsJsonLinker, lib: true do
+  describe '.support?' do
+    it 'supports Godeps.json' do
+      expect(described_class.support?('Godeps.json')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('Godeps.json.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "Godeps.json" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        {
+        	"ImportPath": "gitlab.com/gitlab-org/gitlab-pages",
+        	"GoVersion": "go1.5",
+        	"Packages": [
+        		"./..."
+        	],
+        	"Deps": [
+        		{
+        			"ImportPath": "github.com/kardianos/osext",
+        			"Rev": "efacde03154693404c65e7aa7d461ac9014acd0c"
+        		},
+        		{
+        			"ImportPath": "github.com/stretchr/testify/assert",
+        			"Rev": "1297dc01ed0a819ff634c89707081a4df43baf6b"
+        		},
+        		{
+        			"ImportPath": "github.com/stretchr/testify/require",
+        			"Rev": "1297dc01ed0a819ff634c89707081a4df43baf6b"
+        		},
+        		{
+        			"ImportPath": "gitlab.com/group/project/path",
+        			"Rev": "1297dc01ed0a819ff634c89707081a4df43baf6b"
+        		},
+        		{
+        			"ImportPath": "gitlab.com/group/subgroup/project.git/path",
+        			"Rev": "1297dc01ed0a819ff634c89707081a4df43baf6b"
+        		},
+        		{
+        			"ImportPath": "golang.org/x/crypto/ssh/terminal",
+        			"Rev": "1351f936d976c60a0a48d728281922cf63eafb8d"
+        		},
+        		{
+        			"ImportPath": "golang.org/x/net/http2",
+        			"Rev": "b4e17d61b15679caf2335da776c614169a1b4643"
+        		}
+        	]
+        }
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the package name' do
+      expect(subject).to include(link('gitlab.com/gitlab-org/gitlab-pages', 'https://gitlab.com/gitlab-org/gitlab-pages'))
+    end
+
+    it 'links GitHub repos' do
+      expect(subject).to include(link('github.com/kardianos/osext', 'https://github.com/kardianos/osext'))
+      expect(subject).to include(link('github.com/stretchr/testify/assert', 'https://github.com/stretchr/testify/tree/master/assert'))
+      expect(subject).to include(link('github.com/stretchr/testify/require', 'https://github.com/stretchr/testify/tree/master/require'))
+    end
+
+    it 'links GitLab projects' do
+      expect(subject).to include(link('gitlab.com/group/project/path', 'https://gitlab.com/group/project/tree/master/path'))
+      expect(subject).to include(link('gitlab.com/group/subgroup/project.git/path', 'https://gitlab.com/group/subgroup/project/tree/master/path'))
+    end
+
+    it 'links Golang packages' do
+      expect(subject).to include(link('golang.org/x/net/http2', 'https://godoc.org/golang.org/x/net/http2'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb
new file mode 100644
index 00000000000..8c979ae1869
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb
@@ -0,0 +1,94 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
+  describe '.support?' do
+    it 'supports package.json' do
+      expect(described_class.support?('package.json')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('package.json.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "package.json" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        {
+          "name": "module-name",
+          "version": "10.3.1",
+          "repository": {
+            "type": "git",
+            "url": "https://github.com/vuejs/vue.git"
+          },
+          "homepage": "https://github.com/vuejs/vue#readme",
+          "scripts": {
+            "karma": "karma start config/karma.config.js --single-run"
+          },
+          "dependencies": {
+            "primus": "*",
+            "async": "~0.8.0",
+            "express": "4.2.x",
+            "bigpipe": "bigpipe/pagelet",
+            "plates": "https://github.com/flatiron/plates/tarball/master",
+            "karma": "^1.4.1"
+          },
+          "devDependencies": {
+            "vows": "^0.7.0",
+            "assume": "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0",
+            "pre-commit": "*"
+          },
+          "license": "MIT"
+        }
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the module name' do
+      expect(subject).to include(link('module-name', 'https://npmjs.com/package/module-name'))
+    end
+
+    it 'links the homepage' do
+      expect(subject).to include(link('https://github.com/vuejs/vue#readme', 'https://github.com/vuejs/vue#readme'))
+    end
+
+    it 'links the repository URL' do
+      expect(subject).to include(link('https://github.com/vuejs/vue.git', 'https://github.com/vuejs/vue.git'))
+    end
+
+    it 'links the license' do
+      expect(subject).to include(link('MIT', 'http://choosealicense.com/licenses/mit/'))
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('primus', 'https://npmjs.com/package/primus'))
+      expect(subject).to include(link('async', 'https://npmjs.com/package/async'))
+      expect(subject).to include(link('express', 'https://npmjs.com/package/express'))
+      expect(subject).to include(link('bigpipe', 'https://npmjs.com/package/bigpipe'))
+      expect(subject).to include(link('plates', 'https://npmjs.com/package/plates'))
+      expect(subject).to include(link('karma', 'https://npmjs.com/package/karma'))
+      expect(subject).to include(link('vows', 'https://npmjs.com/package/vows'))
+      expect(subject).to include(link('assume', 'https://npmjs.com/package/assume'))
+      expect(subject).to include(link('pre-commit', 'https://npmjs.com/package/pre-commit'))
+    end
+
+    it 'links GitHub repos' do
+      expect(subject).to include(link('bigpipe/pagelet', 'https://github.com/bigpipe/pagelet'))
+    end
+
+    it 'links Git repos' do
+      expect(subject).to include(link('https://github.com/flatiron/plates/tarball/master', 'https://github.com/flatiron/plates/tarball/master'))
+    end
+
+    it 'does not link scripts with the same key as a package' do
+      expect(subject).not_to include(link('karma start config/karma.config.js --single-run', 'https://github.com/karma start config/karma.config.js --single-run'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb b/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb
new file mode 100644
index 00000000000..06007cf97f7
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/podfile_linker_spec.rb
@@ -0,0 +1,53 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::PodfileLinker, lib: true do
+  describe '.support?' do
+    it 'supports Podfile' do
+      expect(described_class.support?('Podfile')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('Podfile.lock')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "Podfile" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        source 'https://github.com/artsy/Specs.git'
+        source 'https://github.com/CocoaPods/Specs.git'
+
+        platform :ios, '8.0'
+        use_frameworks!
+        inhibit_all_warnings!
+
+        target 'Artsy' do
+          pod 'AFNetworking', "~> 2.5"
+          pod 'Interstellar/Core', git: 'https://github.com/ashfurrow/Interstellar.git', branch: 'observable-unsubscribe'
+        end
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links sources' do
+      expect(subject).to include(link('https://github.com/artsy/Specs.git', 'https://github.com/artsy/Specs.git'))
+      expect(subject).to include(link('https://github.com/CocoaPods/Specs.git', 'https://github.com/CocoaPods/Specs.git'))
+    end
+
+    it 'links packages' do
+      expect(subject).to include(link('AFNetworking', 'https://cocoapods.org/pods/AFNetworking'))
+      expect(subject).to include(link('Interstellar/Core', 'https://cocoapods.org/pods/Interstellar'))
+    end
+
+    it 'links Git repos' do
+      expect(subject).to include(link('https://github.com/ashfurrow/Interstellar.git', 'https://github.com/ashfurrow/Interstellar.git'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/podspec_json_linker_spec.rb b/spec/lib/gitlab/dependency_linker/podspec_json_linker_spec.rb
new file mode 100644
index 00000000000..d722865264b
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/podspec_json_linker_spec.rb
@@ -0,0 +1,96 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::PodspecJsonLinker, lib: true do
+  describe '.support?' do
+    it 'supports *.podspec.json' do
+      expect(described_class.support?('Reachability.podspec.json')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('.podspec.json.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "AFNetworking.podspec.json" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        {
+          "name": "AFNetworking",
+          "version": "2.0.0",
+          "license": "MIT",
+          "summary": "A delightful iOS and OS X networking framework.",
+          "homepage": "https://github.com/AFNetworking/AFNetworking",
+          "authors": {
+            "Mattt Thompson": "m@mattt.me"
+          },
+          "source": {
+            "git": "https://github.com/AFNetworking/AFNetworking.git",
+            "tag": "2.0.0",
+            "submodules": true
+          },
+          "requires_arc": true,
+          "platforms": {
+            "ios": "6.0",
+            "osx": "10.8"
+          },
+          "public_header_files": "AFNetworking/*.h",
+          "subspecs": [
+            {
+              "name": "NSURLConnection",
+              "dependencies": {
+                "AFNetworking/Serialization": [
+
+                ],
+                "AFNetworking/Reachability": [
+
+                ],
+                "AFNetworking/Security": [
+
+                ]
+              },
+              "source_files": [
+                "AFNetworking/AFURLConnectionOperation.{h,m}",
+                "AFNetworking/AFHTTPRequestOperation.{h,m}",
+                "AFNetworking/AFHTTPRequestOperationManager.{h,m}"
+              ]
+            }
+          ]
+        }
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the gem name' do
+      expect(subject).to include(link('AFNetworking', 'https://cocoapods.org/pods/AFNetworking'))
+    end
+
+    it 'links the license' do
+      expect(subject).to include(link('MIT', 'http://choosealicense.com/licenses/mit/'))
+    end
+
+    it 'links the homepage' do
+      expect(subject).to include(link('https://github.com/AFNetworking/AFNetworking', 'https://github.com/AFNetworking/AFNetworking'))
+    end
+
+    it 'links the source URL' do
+      expect(subject).to include(link('https://github.com/AFNetworking/AFNetworking.git', 'https://github.com/AFNetworking/AFNetworking.git'))
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('AFNetworking/Serialization', 'https://cocoapods.org/pods/AFNetworking'))
+      expect(subject).to include(link('AFNetworking/Reachability', 'https://cocoapods.org/pods/AFNetworking'))
+      expect(subject).to include(link('AFNetworking/Security', 'https://cocoapods.org/pods/AFNetworking'))
+    end
+
+    it 'does not link subspec names' do
+      expect(subject).not_to include(link('NSURLConnection', 'https://cocoapods.org/pods/NSURLConnection'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb b/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb
new file mode 100644
index 00000000000..dfc366b5817
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/podspec_linker_spec.rb
@@ -0,0 +1,69 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::PodspecLinker, lib: true do
+  describe '.support?' do
+    it 'supports *.podspec' do
+      expect(described_class.support?('Reachability.podspec')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('.podspec.example')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "Reachability.podspec" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        Pod::Spec.new do |spec|
+          spec.name         = 'Reachability'
+          spec.version      = '3.1.0'
+          spec.license      = { :type => 'GPL-3.0' }
+          spec.license      = "MIT"
+          spec.license      = { type: 'Apache-2.0' }
+          spec.homepage     = 'https://github.com/tonymillion/Reachability'
+          spec.authors      = { 'Tony Million' => 'tonymillion@gmail.com' }
+          spec.summary      = 'ARC and GCD Compatible Reachability Class for iOS and OS X.'
+          spec.source       = { :git => 'https://github.com/tonymillion/Reachability.git', :tag => 'v3.1.0' }
+          spec.source_files = 'Reachability.{h,m}'
+          spec.framework    = 'SystemConfiguration'
+
+          spec.dependency 'AFNetworking', '~> 1.0'
+          spec.dependency 'RestKit/CoreData', '~> 0.20.0'
+          spec.ios.dependency 'MBProgressHUD', '~> 0.5'
+        end
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links the gem name' do
+      expect(subject).to include(link('Reachability', 'https://cocoapods.org/pods/Reachability'))
+    end
+
+    it 'links the license' do
+      expect(subject).to include(link('GPL-3.0', 'http://choosealicense.com/licenses/gpl-3.0/'))
+      expect(subject).to include(link('MIT', 'http://choosealicense.com/licenses/mit/'))
+      expect(subject).to include(link('Apache-2.0', 'http://choosealicense.com/licenses/apache-2.0/'))
+    end
+
+    it 'links the homepage' do
+      expect(subject).to include(link('https://github.com/tonymillion/Reachability', 'https://github.com/tonymillion/Reachability'))
+    end
+
+    it 'links the source URL' do
+      expect(subject).to include(link('https://github.com/tonymillion/Reachability.git', 'https://github.com/tonymillion/Reachability.git'))
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('AFNetworking', 'https://cocoapods.org/pods/AFNetworking'))
+      expect(subject).to include(link('RestKit/CoreData', 'https://cocoapods.org/pods/RestKit'))
+      expect(subject).to include(link('MBProgressHUD', 'https://cocoapods.org/pods/MBProgressHUD'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker/requirements_txt_linker_spec.rb b/spec/lib/gitlab/dependency_linker/requirements_txt_linker_spec.rb
new file mode 100644
index 00000000000..4da8821726c
--- /dev/null
+++ b/spec/lib/gitlab/dependency_linker/requirements_txt_linker_spec.rb
@@ -0,0 +1,87 @@
+require 'rails_helper'
+
+describe Gitlab::DependencyLinker::RequirementsTxtLinker, lib: true do
+  describe '.support?' do
+    it 'supports requirements.txt' do
+      expect(described_class.support?('requirements.txt')).to be_truthy
+    end
+
+    it 'supports doc-requirements.txt' do
+      expect(described_class.support?('doc-requirements.txt')).to be_truthy
+    end
+
+    it 'does not support other files' do
+      expect(described_class.support?('requirements')).to be_falsey
+    end
+  end
+
+  describe '#link' do
+    let(:file_name) { "requirements.txt" }
+
+    let(:file_content) do
+      <<-CONTENT.strip_heredoc
+        #
+        ####### example-requirements.txt #######
+        #
+        ###### Requirements without Version Specifiers ######
+        nose
+        nose-cov
+        beautifulsoup4
+        #
+        ###### Requirements with Version Specifiers ######
+        #   See https://www.python.org/dev/peps/pep-0440/#version-specifiers
+        docopt == 0.6.1             # Version Matching. Must be version 0.6.1
+        keyring >= 4.1.1            # Minimum version 4.1.1
+        coverage != 3.5             # Version Exclusion. Anything except version 3.5
+        Mopidy-Dirble ~= 1.1        # Compatible release. Same as >= 1.1, == 1.*
+        #
+        ###### Refer to other requirements files ######
+        -r other-requirements.txt
+        #
+        #
+        ###### A particular file ######
+        ./downloads/numpy-1.9.2-cp34-none-win32.whl
+        http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl
+        #
+        ###### Additional Requirements without Version Specifiers ######
+        #   Same as 1st section, just here to show that you can put things in any order.
+        rejected
+        green
+        #
+
+        Jinja2>=2.3
+        Pygments>=1.2
+        Sphinx>=1.3
+        docutils>=0.7
+        markupsafe
+      CONTENT
+    end
+
+    subject { Gitlab::Highlight.highlight(file_name, file_content) }
+
+    def link(name, url)
+      %{<a href="#{url}" rel="nofollow noreferrer noopener" target="_blank">#{name}</a>}
+    end
+
+    it 'links dependencies' do
+      expect(subject).to include(link('nose', 'https://pypi.python.org/pypi/nose'))
+      expect(subject).to include(link('nose-cov', 'https://pypi.python.org/pypi/nose-cov'))
+      expect(subject).to include(link('beautifulsoup4', 'https://pypi.python.org/pypi/beautifulsoup4'))
+      expect(subject).to include(link('docopt', 'https://pypi.python.org/pypi/docopt'))
+      expect(subject).to include(link('keyring', 'https://pypi.python.org/pypi/keyring'))
+      expect(subject).to include(link('coverage', 'https://pypi.python.org/pypi/coverage'))
+      expect(subject).to include(link('Mopidy-Dirble', 'https://pypi.python.org/pypi/Mopidy-Dirble'))
+      expect(subject).to include(link('rejected', 'https://pypi.python.org/pypi/rejected'))
+      expect(subject).to include(link('green', 'https://pypi.python.org/pypi/green'))
+      expect(subject).to include(link('Jinja2', 'https://pypi.python.org/pypi/Jinja2'))
+      expect(subject).to include(link('Pygments', 'https://pypi.python.org/pypi/Pygments'))
+      expect(subject).to include(link('Sphinx', 'https://pypi.python.org/pypi/Sphinx'))
+      expect(subject).to include(link('docutils', 'https://pypi.python.org/pypi/docutils'))
+      expect(subject).to include(link('markupsafe', 'https://pypi.python.org/pypi/markupsafe'))
+    end
+
+    it 'links URLs' do
+      expect(subject).to include(link('http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl', 'http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl'))
+    end
+  end
+end
diff --git a/spec/lib/gitlab/dependency_linker_spec.rb b/spec/lib/gitlab/dependency_linker_spec.rb
index 03d5b61d70c..3d1cfbcfbf7 100644
--- a/spec/lib/gitlab/dependency_linker_spec.rb
+++ b/spec/lib/gitlab/dependency_linker_spec.rb
@@ -9,5 +9,77 @@ describe Gitlab::DependencyLinker, lib: true do
 
       described_class.link(blob_name, nil, nil)
     end
+
+    it 'links using GemspecLinker' do
+      blob_name = 'gitlab_git.gemspec'
+
+      expect(described_class::GemspecLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using PackageJsonLinker' do
+      blob_name = 'package.json'
+
+      expect(described_class::PackageJsonLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using ComposerJsonLinker' do
+      blob_name = 'composer.json'
+
+      expect(described_class::ComposerJsonLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using PodfileLinker' do
+      blob_name = 'Podfile'
+
+      expect(described_class::PodfileLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using PodspecLinker' do
+      blob_name = 'Reachability.podspec'
+
+      expect(described_class::PodspecLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using PodspecJsonLinker' do
+      blob_name = 'AFNetworking.podspec.json'
+
+      expect(described_class::PodspecJsonLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using CartfileLinker' do
+      blob_name = 'Cartfile'
+
+      expect(described_class::CartfileLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using GodepsJsonLinker' do
+      blob_name = 'Godeps.json'
+
+      expect(described_class::GodepsJsonLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
+
+    it 'links using RequirementsTxtLinker' do
+      blob_name = 'requirements.txt'
+
+      expect(described_class::RequirementsTxtLinker).to receive(:link)
+
+      described_class.link(blob_name, nil, nil)
+    end
   end
 end
diff --git a/spec/lib/gitlab/diff/position_spec.rb b/spec/lib/gitlab/diff/position_spec.rb
index cdf0af6d7ef..7095104d75c 100644
--- a/spec/lib/gitlab/diff/position_spec.rb
+++ b/spec/lib/gitlab/diff/position_spec.rb
@@ -22,7 +22,7 @@ describe Gitlab::Diff::Position, lib: true do
       it "returns the correct diff file" do
         diff_file = subject.diff_file(project.repository)
 
-        expect(diff_file.new_file).to be true
+        expect(diff_file.new_file?).to be true
         expect(diff_file.new_path).to eq(subject.new_path)
         expect(diff_file.diff_refs).to eq(subject.diff_refs)
       end
@@ -314,7 +314,7 @@ describe Gitlab::Diff::Position, lib: true do
       it "returns the correct diff file" do
         diff_file = subject.diff_file(project.repository)
 
-        expect(diff_file.deleted_file).to be true
+        expect(diff_file.deleted_file?).to be true
         expect(diff_file.old_path).to eq(subject.old_path)
         expect(diff_file.diff_refs).to eq(subject.diff_refs)
       end
@@ -356,7 +356,7 @@ describe Gitlab::Diff::Position, lib: true do
       it "returns the correct diff file" do
         diff_file = subject.diff_file(project.repository)
 
-        expect(diff_file.new_file).to be true
+        expect(diff_file.new_file?).to be true
         expect(diff_file.new_path).to eq(subject.new_path)
         expect(diff_file.diff_refs).to eq(subject.diff_refs)
       end
diff --git a/spec/lib/gitlab/git/encoding_helper_spec.rb b/spec/lib/gitlab/encoding_helper_spec.rb
index 1a3bf802a07..1482ef7132d 100644
--- a/spec/lib/gitlab/git/encoding_helper_spec.rb
+++ b/spec/lib/gitlab/encoding_helper_spec.rb
@@ -1,8 +1,8 @@
 require "spec_helper"
 
-describe Gitlab::Git::EncodingHelper do
-  let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
-  let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') }
+describe Gitlab::EncodingHelper do
+  let(:ext_class) { Class.new { extend Gitlab::EncodingHelper } }
+  let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
 
   describe '#encode!' do
     [
diff --git a/spec/lib/gitlab/etag_caching/router_spec.rb b/spec/lib/gitlab/etag_caching/router_spec.rb
index 46a238b17f4..269798c7c9e 100644
--- a/spec/lib/gitlab/etag_caching/router_spec.rb
+++ b/spec/lib/gitlab/etag_caching/router_spec.rb
@@ -67,6 +67,17 @@ describe Gitlab::EtagCaching::Router do
     expect(result.name).to eq 'merge_request_pipelines'
   end
 
+  it 'matches build endpoint' do
+    env = build_env(
+      '/my-group/my-project/builds/234.json'
+    )
+
+    result = described_class.match(env)
+
+    expect(result).to be_present
+    expect(result.name).to eq 'project_build'
+  end
+
   it 'does not match blob with confusing name' do
     env = build_env(
       '/my-group/my-project/blob/master/pipelines.json'
@@ -77,6 +88,17 @@ describe Gitlab::EtagCaching::Router do
     expect(result).to be_blank
   end
 
+  it 'matches the environments path' do
+    env = build_env(
+      '/my-group/my-project/environments.json'
+    )
+
+    result = described_class.match(env)
+    expect(result).to be_present
+
+    expect(result.name).to eq 'environments'
+  end
+
   it 'matches pipeline#show endpoint' do
     env = build_env(
       '/my-group/my-project/pipelines/2.json'
diff --git a/spec/lib/gitlab/git/diff_collection_spec.rb b/spec/lib/gitlab/git/diff_collection_spec.rb
index 122c93dcd69..3565e719ad3 100644
--- a/spec/lib/gitlab/git/diff_collection_spec.rb
+++ b/spec/lib/gitlab/git/diff_collection_spec.rb
@@ -6,18 +6,18 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
       iterator,
       max_files: max_files,
       max_lines: max_lines,
-      all_diffs: all_diffs,
-      no_collapse: no_collapse
+      limits: limits,
+      expanded: expanded
     )
   end
-  let(:iterator) { Array.new(file_count, fake_diff(line_length, line_count)) }
+  let(:iterator) { MutatingConstantIterator.new(file_count, fake_diff(line_length, line_count)) }
   let(:file_count) { 0 }
   let(:line_length) { 1 }
   let(:line_count) { 1 }
   let(:max_files) { 10 }
   let(:max_lines) { 100 }
-  let(:all_diffs) { false }
-  let(:no_collapse) { true }
+  let(:limits) { true }
+  let(:expanded) { true }
 
   describe '#to_a' do
     subject { super().to_a }
@@ -64,10 +64,18 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
           subject { super().real_size }
           it { is_expected.to eq('3') }
         end
-        it { expect(subject.size).to eq(3) }
+
+        describe '#size' do
+          it { expect(subject.size).to eq(3) }
+
+          it 'does not change after peeking' do
+            subject.any?
+            expect(subject.size).to eq(3)
+          end
+        end
 
         context 'when limiting is disabled' do
-          let(:all_diffs) { true }
+          let(:limits) { false }
 
           describe '#overflow?' do
             subject { super().overflow? }
@@ -83,7 +91,15 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
             subject { super().real_size }
             it { is_expected.to eq('3') }
           end
-          it { expect(subject.size).to eq(3) }
+
+          describe '#size' do
+            it { expect(subject.size).to eq(3) }
+
+            it 'does not change after peeking' do
+              subject.any?
+              expect(subject.size).to eq(3)
+            end
+          end
         end
       end
 
@@ -107,7 +123,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
         it { expect(subject.size).to eq(0) }
 
         context 'when limiting is disabled' do
-          let(:all_diffs) { true }
+          let(:limits) { false }
 
           describe '#overflow?' do
             subject { super().overflow? }
@@ -151,7 +167,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
         it { expect(subject.size).to eq(10) }
 
         context 'when limiting is disabled' do
-          let(:all_diffs) { true }
+          let(:limits) { false }
 
           describe '#overflow?' do
             subject { super().overflow? }
@@ -191,7 +207,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
         it { expect(subject.size).to eq(3) }
 
         context 'when limiting is disabled' do
-          let(:all_diffs) { true }
+          let(:limits) { false }
 
           describe '#overflow?' do
             subject { super().overflow? }
@@ -257,7 +273,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
       it { expect(subject.size).to eq(9) }
 
       context 'when limiting is disabled' do
-        let(:all_diffs) { true }
+        let(:limits) { false }
 
         describe '#overflow?' do
           subject { super().overflow? }
@@ -328,7 +344,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
       let(:iterator) { [{ diff: 'a' * 20480 }] }
 
       context 'when no collapse is set' do
-        let(:no_collapse) { true }
+        let(:expanded) { true }
 
         it 'yields Diff instances even when they are quite big' do
           expect { |b| subject.each(&b) }.
@@ -347,7 +363,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
       end
 
       context 'when no collapse is unset' do
-        let(:no_collapse) { false }
+        let(:expanded) { false }
 
         it 'yields Diff instances even when they are quite big' do
           expect { |b| subject.each(&b) }.
@@ -434,7 +450,7 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
       end
 
       context 'when limiting is disabled' do
-        let(:all_diffs) { true }
+        let(:limits) { false }
 
         it 'yields Diff instances even when they are quite big' do
           expect { |b| subject.each(&b) }.
@@ -457,4 +473,22 @@ describe Gitlab::Git::DiffCollection, seed_helper: true do
   def fake_diff(line_length, line_count)
     { 'diff' => "#{'a' * line_length}\n" * line_count }
   end
+
+  class MutatingConstantIterator
+    include Enumerable
+
+    def initialize(count, value)
+      @count = count
+      @value = value
+    end
+
+    def each
+      loop do
+        break if @count.zero?
+        # It is critical to decrement before yielding. We may never reach the lines after 'yield'.
+        @count -= 1
+        yield @value
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/git/diff_spec.rb b/spec/lib/gitlab/git/diff_spec.rb
index 4189aaef643..9c2e8a298c6 100644
--- a/spec/lib/gitlab/git/diff_spec.rb
+++ b/spec/lib/gitlab/git/diff_spec.rb
@@ -85,12 +85,12 @@ EOT
           # The patch total size is 200, with lines between 21 and 54.
           # This is a quick-and-dirty way to test this. Ideally, a new patch is
           # added to the test repo with a size that falls between the real limits.
-          stub_const("#{described_class}::DIFF_SIZE_LIMIT", 150)
-          stub_const("#{described_class}::DIFF_COLLAPSE_LIMIT", 100)
+          stub_const("#{described_class}::SIZE_LIMIT", 150)
+          stub_const("#{described_class}::COLLAPSE_LIMIT", 100)
         end
 
         it 'prunes the diff as a large diff instead of as a collapsed diff' do
-          diff = described_class.new(@rugged_diff, collapse: true)
+          diff = described_class.new(@rugged_diff, expanded: false)
 
           expect(diff.diff).to be_empty
           expect(diff).to be_too_large
@@ -110,23 +110,23 @@ EOT
       end
     end
 
-    context 'using a Gitaly::CommitDiffResponse' do
+    context 'using a GitalyClient::Diff' do
       let(:diff) do
         described_class.new(
-          Gitaly::CommitDiffResponse.new(
+          Gitlab::GitalyClient::Diff.new(
             to_path: ".gitmodules",
             from_path: ".gitmodules",
             old_mode: 0100644,
             new_mode: 0100644,
             from_id: '357406f3075a57708d0163752905cc1576fceacc',
             to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
-            raw_chunks: raw_chunks
+            patch: raw_patch
           )
         )
       end
 
       context 'with a small diff' do
-        let(:raw_chunks) { [@raw_diff_hash[:diff]] }
+        let(:raw_patch) { @raw_diff_hash[:diff] }
 
         it 'initializes the diff' do
           expect(diff.to_hash).to eq(@raw_diff_hash)
@@ -138,7 +138,7 @@ EOT
       end
 
       context 'using a diff that is too large' do
-        let(:raw_chunks) { ['a' * 204800] }
+        let(:raw_patch) { 'a' * 204800 }
 
         it 'prunes the diff' do
           expect(diff.diff).to be_empty
@@ -269,7 +269,7 @@ EOT
     it 'returns true for a diff that was explicitly marked as being too large' do
       diff = described_class.new(diff: 'a')
 
-      diff.prune_large_diff!
+      diff.too_large!
 
       expect(diff.too_large?).to eq(true)
     end
@@ -291,31 +291,31 @@ EOT
     it 'returns true for a diff that was explicitly marked as being collapsed' do
       diff = described_class.new(diff: 'a')
 
-      diff.prune_collapsed_diff!
+      diff.collapse!
 
       expect(diff).to be_collapsed
     end
   end
 
-  describe '#collapsible?' do
+  describe '#collapsed?' do
     it 'returns true for a diff that is quite large' do
-      diff = described_class.new(diff: 'a' * 20480)
+      diff = described_class.new({ diff: 'a' * 20480 }, expanded: false)
 
-      expect(diff).to be_collapsible
+      expect(diff).to be_collapsed
     end
 
     it 'returns false for a diff that is small enough' do
-      diff = described_class.new(diff: 'a')
+      diff = described_class.new({ diff: 'a' }, expanded: false)
 
-      expect(diff).not_to be_collapsible
+      expect(diff).not_to be_collapsed
     end
   end
 
-  describe '#prune_collapsed_diff!' do
+  describe '#collapse!' do
     it 'prunes the diff' do
       diff = described_class.new(diff: "foo\nbar")
 
-      diff.prune_collapsed_diff!
+      diff.collapse!
 
       expect(diff.diff).to eq('')
       expect(diff.line_count).to eq(0)
diff --git a/spec/lib/gitlab/git/repository_spec.rb b/spec/lib/gitlab/git/repository_spec.rb
index cb107c6d1f9..26215381cc4 100644
--- a/spec/lib/gitlab/git/repository_spec.rb
+++ b/spec/lib/gitlab/git/repository_spec.rb
@@ -1,7 +1,7 @@
 require "spec_helper"
 
 describe Gitlab::Git::Repository, seed_helper: true do
-  include Gitlab::Git::EncodingHelper
+  include Gitlab::EncodingHelper
 
   let(:repository) { Gitlab::Git::Repository.new('default', TEST_REPO_PATH) }
 
@@ -381,6 +381,19 @@ describe Gitlab::Git::Repository, seed_helper: true do
           }
         ])
       end
+
+      it 'should not break on invalid syntax' do
+        allow(repository).to receive(:blob_content).and_return(<<-GITMODULES.strip_heredoc)
+          [submodule "six"]
+          path = six
+          url = git://github.com/randx/six.git
+
+          [submodule]
+          foo = bar
+        GITMODULES
+
+        expect(submodules).to have_key('six')
+      end
     end
 
     context 'where repo doesn\'t have submodules' do
diff --git a/spec/lib/gitlab/gitaly_client/diff_spec.rb b/spec/lib/gitlab/gitaly_client/diff_spec.rb
new file mode 100644
index 00000000000..2960c9a79ad
--- /dev/null
+++ b/spec/lib/gitlab/gitaly_client/diff_spec.rb
@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe Gitlab::GitalyClient::Diff, lib: true do
+  let(:diff_fields) do
+    {
+      to_path: ".gitmodules",
+      from_path: ".gitmodules",
+      old_mode: 0100644,
+      new_mode: 0100644,
+      from_id: '357406f3075a57708d0163752905cc1576fceacc',
+      to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
+      patch: 'a' * 100
+    }
+  end
+
+  subject { described_class.new(diff_fields) }
+
+  it { is_expected.to respond_to(:from_path) }
+  it { is_expected.to respond_to(:to_path) }
+  it { is_expected.to respond_to(:old_mode) }
+  it { is_expected.to respond_to(:new_mode) }
+  it { is_expected.to respond_to(:from_id) }
+  it { is_expected.to respond_to(:to_id) }
+  it { is_expected.to respond_to(:patch) }
+
+  describe '#==' do
+    it { expect(subject).to eq(described_class.new(diff_fields)) }
+    it { expect(subject).not_to eq(described_class.new(diff_fields.merge(patch: 'a'))) }
+  end
+end
diff --git a/spec/lib/gitlab/gitaly_client/diff_stitcher_spec.rb b/spec/lib/gitlab/gitaly_client/diff_stitcher_spec.rb
new file mode 100644
index 00000000000..07650013052
--- /dev/null
+++ b/spec/lib/gitlab/gitaly_client/diff_stitcher_spec.rb
@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+describe Gitlab::GitalyClient::DiffStitcher, lib: true do
+  describe 'enumeration' do
+    it 'combines segregated diff messages together' do
+      diff_1 = OpenStruct.new(
+        to_path: ".gitmodules",
+        from_path: ".gitmodules",
+        old_mode: 0100644,
+        new_mode: 0100644,
+        from_id: '357406f3075a57708d0163752905cc1576fceacc',
+        to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
+        patch: 'a' * 100
+      )
+      diff_2 = OpenStruct.new(
+        to_path: ".gitignore",
+        from_path: ".gitignore",
+        old_mode: 0100644,
+        new_mode: 0100644,
+        from_id: '357406f3075a57708d0163752905cc1576fceacc',
+        to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
+        patch: 'a' * 200
+      )
+      diff_3 = OpenStruct.new(
+        to_path: "README",
+        from_path: "README",
+        old_mode: 0100644,
+        new_mode: 0100644,
+        from_id: '357406f3075a57708d0163752905cc1576fceacc',
+        to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
+        patch: 'a' * 100
+      )
+
+      msg_1 = OpenStruct.new(diff_1.to_h.except(:patch))
+      msg_1.raw_patch_data = diff_1.patch
+      msg_1.end_of_patch = true
+
+      msg_2 = OpenStruct.new(diff_2.to_h.except(:patch))
+      msg_2.raw_patch_data = diff_2.patch[0..100]
+      msg_2.end_of_patch = false
+
+      msg_3 = OpenStruct.new(raw_patch_data: diff_2.patch[101..-1], end_of_patch: true)
+
+      msg_4 = OpenStruct.new(diff_3.to_h.except(:patch))
+      msg_4.raw_patch_data = diff_3.patch
+      msg_4.end_of_patch = true
+
+      diff_msgs = [msg_1, msg_2, msg_3, msg_4]
+
+      expected_diffs = [
+        Gitlab::GitalyClient::Diff.new(diff_1.to_h),
+        Gitlab::GitalyClient::Diff.new(diff_2.to_h),
+        Gitlab::GitalyClient::Diff.new(diff_3.to_h)
+      ]
+
+      expect(described_class.new(diff_msgs).to_a).to eq(expected_diffs)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/gitaly_client_spec.rb b/spec/lib/gitlab/gitaly_client_spec.rb
index 08ee0dff6b2..95ecba67532 100644
--- a/spec/lib/gitlab/gitaly_client_spec.rb
+++ b/spec/lib/gitlab/gitaly_client_spec.rb
@@ -1,7 +1,10 @@
 require 'spec_helper'
 
-describe Gitlab::GitalyClient, lib: true do
+# We stub Gitaly in `spec/support/gitaly.rb` for other tests. We don't want
+# those stubs while testing the GitalyClient itself.
+describe Gitlab::GitalyClient, lib: true, skip_gitaly_mock: true do
   describe '.stub' do
+    # Notice that this is referring to gRPC "stubs", not rspec stubs
     before { described_class.clear_stubs! }
 
     context 'when passed a UNIX socket address' do
@@ -32,4 +35,81 @@ describe Gitlab::GitalyClient, lib: true do
       end
     end
   end
+
+  describe 'feature_enabled?' do
+    let(:feature_name) { 'my_feature' }
+    let(:real_feature_name) { "gitaly_#{feature_name}" }
+
+    context 'when Gitaly is disabled' do
+      before { allow(described_class).to receive(:enabled?).and_return(false) }
+
+      it 'returns false' do
+        expect(described_class.feature_enabled?(feature_name)).to be(false)
+      end
+    end
+
+    context 'when the feature status is DISABLED' do
+      let(:feature_status) { Gitlab::GitalyClient::MigrationStatus::DISABLED }
+
+      it 'returns false' do
+        expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(false)
+      end
+    end
+
+    context 'when the feature_status is OPT_IN' do
+      let(:feature_status) { Gitlab::GitalyClient::MigrationStatus::OPT_IN }
+
+      context "when the feature flag hasn't been set" do
+        it 'returns false' do
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(false)
+        end
+      end
+
+      context "when the feature flag is set to disable" do
+        before { Feature.get(real_feature_name).disable }
+
+        it 'returns false' do
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(false)
+        end
+      end
+
+      context "when the feature flag is set to enable" do
+        before { Feature.get(real_feature_name).enable }
+
+        it 'returns true' do
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(true)
+        end
+      end
+
+      context "when the feature flag is set to a percentage of time" do
+        before { Feature.get(real_feature_name).enable_percentage_of_time(70) }
+
+        it 'bases the result on pseudo-random numbers' do
+          expect(Random).to receive(:rand).and_return(0.3)
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(true)
+
+          expect(Random).to receive(:rand).and_return(0.8)
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(false)
+        end
+      end
+    end
+
+    context 'when the feature_status is OPT_OUT' do
+      let(:feature_status) { Gitlab::GitalyClient::MigrationStatus::OPT_OUT }
+
+      context "when the feature flag hasn't been set" do
+        it 'returns true' do
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(true)
+        end
+      end
+
+      context "when the feature flag is set to disable" do
+        before { Feature.get(real_feature_name).disable }
+
+        it 'returns false' do
+          expect(described_class.feature_enabled?(feature_name, status: feature_status)).to be(false)
+        end
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/group_hierarchy_spec.rb b/spec/lib/gitlab/group_hierarchy_spec.rb
new file mode 100644
index 00000000000..5d0ed1522b3
--- /dev/null
+++ b/spec/lib/gitlab/group_hierarchy_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Gitlab::GroupHierarchy, :postgresql do
+  let!(:parent) { create(:group) }
+  let!(:child1) { create(:group, parent: parent) }
+  let!(:child2) { create(:group, parent: child1) }
+
+  describe '#base_and_ancestors' do
+    let(:relation) do
+      described_class.new(Group.where(id: child2.id)).base_and_ancestors
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(child2)
+    end
+
+    it 'includes all of the ancestors' do
+      expect(relation).to include(parent, child1)
+    end
+  end
+
+  describe '#base_and_descendants' do
+    let(:relation) do
+      described_class.new(Group.where(id: parent.id)).base_and_descendants
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(parent)
+    end
+
+    it 'includes all the descendants' do
+      expect(relation).to include(child1, child2)
+    end
+  end
+
+  describe '#all_groups' do
+    let(:relation) do
+      described_class.new(Group.where(id: child1.id)).all_groups
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(child1)
+    end
+
+    it 'includes the ancestors' do
+      expect(relation).to include(parent)
+    end
+
+    it 'includes the descendants' do
+      expect(relation).to include(child2)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/health_checks/fs_shards_check_spec.rb b/spec/lib/gitlab/health_checks/fs_shards_check_spec.rb
index 45ccd3d6459..61c10d47434 100644
--- a/spec/lib/gitlab/health_checks/fs_shards_check_spec.rb
+++ b/spec/lib/gitlab/health_checks/fs_shards_check_spec.rb
@@ -1,6 +1,24 @@
 require 'spec_helper'
 
 describe Gitlab::HealthChecks::FsShardsCheck do
+  def command_exists?(command)
+    _, status = Gitlab::Popen.popen(%W{ #{command} 1 echo })
+    status == 0
+  rescue Errno::ENOENT
+    false
+  end
+
+  def timeout_command
+    @timeout_command ||=
+      if command_exists?('timeout')
+        'timeout'
+      elsif command_exists?('gtimeout')
+        'gtimeout'
+      else
+        ''
+      end
+  end
+
   let(:metric_class) { Gitlab::HealthChecks::Metric }
   let(:result_class) { Gitlab::HealthChecks::Result }
   let(:repository_storages) { [:default] }
@@ -15,6 +33,7 @@ describe Gitlab::HealthChecks::FsShardsCheck do
   before do
     allow(described_class).to receive(:repository_storages) { repository_storages }
     allow(described_class).to receive(:storages_paths) { storages_paths }
+    stub_const('Gitlab::HealthChecks::FsShardsCheck::TIMEOUT_EXECUTABLE', timeout_command)
   end
 
   after do
@@ -78,40 +97,76 @@ describe Gitlab::HealthChecks::FsShardsCheck do
           }.with_indifferent_access
         end
 
-        it { is_expected.to include(metric_class.new(:filesystem_accessible, 0, shard: :default)) }
-        it { is_expected.to include(metric_class.new(:filesystem_readable, 0, shard: :default)) }
-        it { is_expected.to include(metric_class.new(:filesystem_writable, 0, shard: :default)) }
+        it { is_expected.to all(have_attributes(labels: { shard: :default })) }
+
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_accessible, value: 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_readable, value: 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_writable, value: 0)) }
 
-        it { is_expected.to include(have_attributes(name: :filesystem_access_latency, value: be >= 0, labels: { shard: :default })) }
-        it { is_expected.to include(have_attributes(name: :filesystem_read_latency, value: be >= 0, labels: { shard: :default })) }
-        it { is_expected.to include(have_attributes(name: :filesystem_write_latency, value: be >= 0, labels: { shard: :default })) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_access_latency, value: be >= 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_read_latency, value: be >= 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_write_latency, value: be >= 0)) }
       end
 
       context 'storage points to directory that has both read and write rights' do
         before do
           FileUtils.chmod_R(0755, tmp_dir)
         end
+        it { is_expected.to all(have_attributes(labels: { shard: :default })) }
 
-        it { is_expected.to include(metric_class.new(:filesystem_accessible, 1, shard: :default)) }
-        it { is_expected.to include(metric_class.new(:filesystem_readable, 1, shard: :default)) }
-        it { is_expected.to include(metric_class.new(:filesystem_writable, 1, shard: :default)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_accessible, value: 1)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_readable, value: 1)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_writable, value: 1)) }
 
-        it { is_expected.to include(have_attributes(name: :filesystem_access_latency, value: be >= 0, labels: { shard: :default })) }
-        it { is_expected.to include(have_attributes(name: :filesystem_read_latency, value: be >= 0, labels: { shard: :default })) }
-        it { is_expected.to include(have_attributes(name: :filesystem_write_latency, value: be >= 0, labels: { shard: :default })) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_access_latency, value: be >= 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_read_latency, value: be >= 0)) }
+        it { is_expected.to include(an_object_having_attributes(name: :filesystem_write_latency, value: be >= 0)) }
+      end
+    end
+  end
+
+  context 'when timeout kills fs checks' do
+    before do
+      stub_const('Gitlab::HealthChecks::FsShardsCheck::COMMAND_TIMEOUT', '1')
+
+      allow(described_class).to receive(:exec_with_timeout).and_wrap_original { |m| m.call(%w(sleep 60)) }
+      FileUtils.chmod_R(0755, tmp_dir)
+    end
+
+    describe '#readiness' do
+      subject { described_class.readiness }
+
+      it { is_expected.to include(result_class.new(false, 'cannot stat storage', shard: :default)) }
+    end
+
+    describe '#metrics' do
+      subject { described_class.metrics }
+
+      it 'provides metrics' do
+        expect(subject).to all(have_attributes(labels: { shard: :default }))
+
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_accessible, value: 0))
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_readable, value: 0))
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_writable, value: 0))
+
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_access_latency, value: be >= 0))
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_read_latency, value: be >= 0))
+        expect(subject).to include(an_object_having_attributes(name: :filesystem_write_latency, value: be >= 0))
       end
     end
   end
 
   context 'when popen always finds required binaries' do
     before do
-      allow(Gitlab::Popen).to receive(:popen).and_wrap_original do |method, *args, &block|
+      allow(described_class).to receive(:exec_with_timeout).and_wrap_original do |method, *args, &block|
         begin
           method.call(*args, &block)
-        rescue RuntimeError
+        rescue RuntimeError, Errno::ENOENT
           raise 'expected not to happen'
         end
       end
+
+      stub_const('Gitlab::HealthChecks::FsShardsCheck::COMMAND_TIMEOUT', '10')
     end
 
     it_behaves_like 'filesystem checks'
diff --git a/spec/lib/gitlab/highlight_spec.rb b/spec/lib/gitlab/highlight_spec.rb
index e57b3053871..a20cef3b000 100644
--- a/spec/lib/gitlab/highlight_spec.rb
+++ b/spec/lib/gitlab/highlight_spec.rb
@@ -59,8 +59,6 @@ describe Gitlab::Highlight, lib: true do
   end
 
   describe '#highlight' do
-    subject { described_class.highlight(file_name, file_content, nowrap: false) }
-
     it 'links dependencies via DependencyLinker' do
       expect(Gitlab::DependencyLinker).to receive(:link).
         with('file.name', 'Contents', anything).and_call_original
diff --git a/spec/lib/gitlab/i18n_spec.rb b/spec/lib/gitlab/i18n_spec.rb
index 52f2614d5ca..a3dbeaa3753 100644
--- a/spec/lib/gitlab/i18n_spec.rb
+++ b/spec/lib/gitlab/i18n_spec.rb
@@ -1,27 +1,27 @@
 require 'spec_helper'
 
-module Gitlab
-  describe I18n, lib: true do
-    let(:user) { create(:user, preferred_language: 'es') }
+describe Gitlab::I18n, lib: true do
+  let(:user) { create(:user, preferred_language: 'es') }
 
-    describe '.set_locale' do
-      it 'sets the locale based on current user preferred language' do
-        Gitlab::I18n.set_locale(user)
+  describe '.locale=' do
+    after { described_class.use_default_locale }
 
-        expect(FastGettext.locale).to eq('es')
-        expect(::I18n.locale).to eq(:es)
-      end
+    it 'sets the locale based on current user preferred language' do
+      described_class.locale = user.preferred_language
+
+      expect(FastGettext.locale).to eq('es')
+      expect(::I18n.locale).to eq(:es)
     end
+  end
 
-    describe '.reset_locale' do
-      it 'resets the locale to the default language' do
-        Gitlab::I18n.set_locale(user)
+  describe '.use_default_locale' do
+    it 'resets the locale to the default language' do
+      described_class.locale = user.preferred_language
 
-        Gitlab::I18n.reset_locale
+      described_class.use_default_locale
 
-        expect(FastGettext.locale).to eq('en')
-        expect(::I18n.locale).to eq(:en)
-      end
+      expect(FastGettext.locale).to eq('en')
+      expect(::I18n.locale).to eq(:en)
     end
   end
 end
diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml
index 6e6e94d0bbb..b080bbd0e54 100644
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -138,6 +138,7 @@ services:
 - service_hook
 hooks:
 - project
+- web_hook_logs
 protected_branches:
 - project
 - merge_access_levels
diff --git a/spec/lib/gitlab/import_export/members_mapper_spec.rb b/spec/lib/gitlab/import_export/members_mapper_spec.rb
index b9d4e59e770..3e0291c9ae9 100644
--- a/spec/lib/gitlab/import_export/members_mapper_spec.rb
+++ b/spec/lib/gitlab/import_export/members_mapper_spec.rb
@@ -2,9 +2,9 @@ require 'spec_helper'
 
 describe Gitlab::ImportExport::MembersMapper, services: true do
   describe 'map members' do
-    let(:user) { create(:admin, authorized_projects_populated: true) }
+    let(:user) { create(:admin) }
     let(:project) { create(:empty_project, :public, name: 'searchable_project') }
-    let(:user2) { create(:user, authorized_projects_populated: true) }
+    let(:user2) { create(:user) }
     let(:exported_user_id) { 99 }
     let(:exported_members) do
       [{
@@ -74,7 +74,7 @@ describe Gitlab::ImportExport::MembersMapper, services: true do
     end
 
     context 'user is not an admin' do
-      let(:user) { create(:user, authorized_projects_populated: true) }
+      let(:user) { create(:user) }
 
       it 'does not map a project member' do
         expect(members_mapper.map[exported_user_id]).to eq(user.id)
@@ -94,7 +94,7 @@ describe Gitlab::ImportExport::MembersMapper, services: true do
     end
 
     context 'importer same as group member' do
-      let(:user2) { create(:admin, authorized_projects_populated: true) }
+      let(:user2) { create(:admin) }
       let(:group) { create(:group) }
       let(:project) { create(:empty_project, :public, name: 'searchable_project', namespace: group) }
       let(:members_mapper) do
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index 37783f63843..24665645277 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -174,6 +174,7 @@ MergeRequestDiff:
 Ci::Pipeline:
 - id
 - project_id
+- source
 - ref
 - sha
 - before_sha
@@ -198,7 +199,7 @@ Ci::Stage:
 - pipeline_id
 - created_at
 - updated_at
-CommitStatus:
+ommitStatus:
 - id
 - project_id
 - status
diff --git a/spec/lib/gitlab/o_auth/provider_spec.rb b/spec/lib/gitlab/o_auth/provider_spec.rb
new file mode 100644
index 00000000000..1e2a1f8c039
--- /dev/null
+++ b/spec/lib/gitlab/o_auth/provider_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe Gitlab::OAuth::Provider, lib: true do
+  describe '#config_for' do
+    context 'for an LDAP provider' do
+      context 'when the provider exists' do
+        it 'returns the config' do
+          expect(described_class.config_for('ldapmain')).to be_a(Hash)
+        end
+      end
+
+      context 'when the provider does not exist' do
+        it 'returns nil' do
+          expect(described_class.config_for('ldapfoo')).to be_nil
+        end
+      end
+    end
+
+    context 'for an OmniAuth provider' do
+      before do
+        provider = OpenStruct.new(
+          name: 'google',
+          app_id: 'asd123',
+          app_secret: 'asd123'
+        )
+        allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
+      end
+
+      context 'when the provider exists' do
+        it 'returns the config' do
+          expect(described_class.config_for('google')).to be_a(OpenStruct)
+        end
+      end
+
+      context 'when the provider does not exist' do
+        it 'returns nil' do
+          expect(described_class.config_for('foo')).to be_nil
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/path_regex_spec.rb b/spec/lib/gitlab/path_regex_spec.rb
new file mode 100644
index 00000000000..1eea710c80b
--- /dev/null
+++ b/spec/lib/gitlab/path_regex_spec.rb
@@ -0,0 +1,384 @@
+# coding: utf-8
+require 'spec_helper'
+
+describe Gitlab::PathRegex, lib: true do
+  # Pass in a full path to remove the format segment:
+  # `/ci/lint(.:format)` -> `/ci/lint`
+  def without_format(path)
+    path.split('(', 2)[0]
+  end
+
+  # Pass in a full path and get the last segment before a wildcard
+  # That's not a parameter
+  # `/*namespace_id/:project_id/builds/artifacts/*ref_name_and_path`
+  #    -> 'builds/artifacts'
+  def path_before_wildcard(path)
+    path = path.gsub(STARTING_WITH_NAMESPACE, "")
+    path_segments = path.split('/').reject(&:empty?)
+    wildcard_index = path_segments.index { |segment| parameter?(segment) }
+
+    segments_before_wildcard = path_segments[0..wildcard_index - 1]
+
+    segments_before_wildcard.join('/')
+  end
+
+  def parameter?(segment)
+    segment =~ /[*:]/
+  end
+
+  # If the path is reserved. Then no conflicting paths can# be created for any
+  # route using this reserved word.
+  #
+  # Both `builds/artifacts` & `build` are covered by reserving the word
+  # `build`
+  def wildcards_include?(path)
+    described_class::PROJECT_WILDCARD_ROUTES.include?(path) ||
+      described_class::PROJECT_WILDCARD_ROUTES.include?(path.split('/').first)
+  end
+
+  def failure_message(missing_words, constant_name, migration_helper)
+    missing_words = Array(missing_words)
+    <<-MSG
+      Found new routes that could cause conflicts with existing namespaced routes
+      for groups or projects.
+
+      Add <#{missing_words.join(', ')}> to `Gitlab::PathRegex::#{constant_name}
+      to make sure no projects or namespaces can be created with those paths.
+
+      To rename any existing records with those paths you can use the
+      `Gitlab::Database::RenameReservedpathsMigration::<VERSION>.#{migration_helper}`
+      migration helper.
+
+      Make sure to make a note of the renamed records in the release blog post.
+
+    MSG
+  end
+
+  let(:all_routes) do
+    route_set = Rails.application.routes
+    routes_collection = route_set.routes
+    routes_array = routes_collection.routes
+    routes_array.map { |route| route.path.spec.to_s }
+  end
+
+  let(:routes_without_format) { all_routes.map { |path| without_format(path) } }
+
+  # Routes not starting with `/:` or `/*`
+  # all routes not starting with a param
+  let(:routes_not_starting_in_wildcard) { routes_without_format.select { |p| p !~ %r{^/[:*]} } }
+
+  let(:top_level_words) do
+    routes_not_starting_in_wildcard.map do |route|
+      route.split('/')[1]
+    end.compact.uniq
+  end
+
+  # All routes that start with a namespaced path, that have 1 or more
+  # path-segments before having another wildcard parameter.
+  # - Starting with paths:
+  #   - `/*namespace_id/:project_id/`
+  #   - `/*namespace_id/:id/`
+  # - Followed by one or more path-parts not starting with `:` or `*`
+  # - Followed by a path-part that includes a wildcard parameter `*`
+  # At the time of writing these routes match: http://rubular.com/r/Rv2pDE5Dvw
+  STARTING_WITH_NAMESPACE = %r{^/\*namespace_id/:(project_)?id}
+  NON_PARAM_PARTS = %r{[^:*][a-z\-_/]*}
+  ANY_OTHER_PATH_PART = %r{[a-z\-_/:]*}
+  WILDCARD_SEGMENT = %r{\*}
+  let(:namespaced_wildcard_routes) do
+    routes_without_format.select do |p|
+      p =~ %r{#{STARTING_WITH_NAMESPACE}/#{NON_PARAM_PARTS}/#{ANY_OTHER_PATH_PART}#{WILDCARD_SEGMENT}}
+    end
+  end
+
+  # This will return all paths that are used in a namespaced route
+  # before another wildcard path:
+  #
+  # /*namespace_id/:project_id/builds/artifacts/*ref_name_and_path
+  # /*namespace_id/:project_id/info/lfs/objects/*oid
+  # /*namespace_id/:project_id/commits/*id
+  # /*namespace_id/:project_id/builds/:build_id/artifacts/file/*path
+  # -> ['builds/artifacts', 'info/lfs/objects', 'commits', 'artifacts/file']
+  let(:all_wildcard_paths) do
+    namespaced_wildcard_routes.map do |route|
+      path_before_wildcard(route)
+    end.uniq
+  end
+
+  STARTING_WITH_GROUP = %r{^/groups/\*(group_)?id/}
+  let(:group_routes) do
+    routes_without_format.select do |path|
+      path =~ STARTING_WITH_GROUP
+    end
+  end
+
+  let(:paths_after_group_id) do
+    group_routes.map do |route|
+      route.gsub(STARTING_WITH_GROUP, '').split('/').first
+    end.uniq
+  end
+
+  describe 'TOP_LEVEL_ROUTES' do
+    it 'includes all the top level namespaces' do
+      failure_block = lambda do
+        missing_words = top_level_words - described_class::TOP_LEVEL_ROUTES
+        failure_message(missing_words, 'TOP_LEVEL_ROUTES', 'rename_root_paths')
+      end
+
+      expect(described_class::TOP_LEVEL_ROUTES)
+        .to include(*top_level_words), failure_block
+    end
+  end
+
+  describe 'GROUP_ROUTES' do
+    it "don't contain a second wildcard" do
+      failure_block = lambda do
+        missing_words = paths_after_group_id - described_class::GROUP_ROUTES
+        failure_message(missing_words, 'GROUP_ROUTES', 'rename_child_paths')
+      end
+
+      expect(described_class::GROUP_ROUTES)
+        .to include(*paths_after_group_id), failure_block
+    end
+  end
+
+  describe 'PROJECT_WILDCARD_ROUTES' do
+    it 'includes all paths that can be used after a namespace/project path' do
+      aggregate_failures do
+        all_wildcard_paths.each do |path|
+          expect(wildcards_include?(path))
+            .to be(true), failure_message(path, 'PROJECT_WILDCARD_ROUTES', 'rename_wildcard_paths')
+        end
+      end
+    end
+  end
+
+  describe '.root_namespace_path_regex' do
+    subject { described_class.root_namespace_path_regex }
+
+    it 'rejects top level routes' do
+      expect(subject).not_to match('admin/')
+      expect(subject).not_to match('api/')
+      expect(subject).not_to match('.well-known/')
+    end
+
+    it 'accepts project wildcard routes' do
+      expect(subject).to match('blob/')
+      expect(subject).to match('edit/')
+      expect(subject).to match('wikis/')
+    end
+
+    it 'accepts group routes' do
+      expect(subject).to match('activity/')
+      expect(subject).to match('group_members/')
+      expect(subject).to match('subgroups/')
+    end
+
+    it 'is not case sensitive' do
+      expect(subject).not_to match('Users/')
+    end
+
+    it 'does not allow extra slashes' do
+      expect(subject).not_to match('/blob/')
+      expect(subject).not_to match('blob//')
+    end
+  end
+
+  describe '.full_namespace_path_regex' do
+    subject { described_class.full_namespace_path_regex }
+
+    context 'at the top level' do
+      context 'when the final level' do
+        it 'rejects top level routes' do
+          expect(subject).not_to match('admin/')
+          expect(subject).not_to match('api/')
+          expect(subject).not_to match('.well-known/')
+        end
+
+        it 'accepts project wildcard routes' do
+          expect(subject).to match('blob/')
+          expect(subject).to match('edit/')
+          expect(subject).to match('wikis/')
+        end
+
+        it 'accepts group routes' do
+          expect(subject).to match('activity/')
+          expect(subject).to match('group_members/')
+          expect(subject).to match('subgroups/')
+        end
+      end
+
+      context 'when more levels follow' do
+        it 'rejects top level routes' do
+          expect(subject).not_to match('admin/more/')
+          expect(subject).not_to match('api/more/')
+          expect(subject).not_to match('.well-known/more/')
+        end
+
+        it 'accepts project wildcard routes' do
+          expect(subject).to match('blob/more/')
+          expect(subject).to match('edit/more/')
+          expect(subject).to match('wikis/more/')
+          expect(subject).to match('environments/folders/')
+          expect(subject).to match('info/lfs/objects/')
+        end
+
+        it 'accepts group routes' do
+          expect(subject).to match('activity/more/')
+          expect(subject).to match('group_members/more/')
+          expect(subject).to match('subgroups/more/')
+        end
+      end
+    end
+
+    context 'at the second level' do
+      context 'when the final level' do
+        it 'accepts top level routes' do
+          expect(subject).to match('root/admin/')
+          expect(subject).to match('root/api/')
+          expect(subject).to match('root/.well-known/')
+        end
+
+        it 'rejects project wildcard routes' do
+          expect(subject).not_to match('root/blob/')
+          expect(subject).not_to match('root/edit/')
+          expect(subject).not_to match('root/wikis/')
+          expect(subject).not_to match('root/environments/folders/')
+          expect(subject).not_to match('root/info/lfs/objects/')
+        end
+
+        it 'rejects group routes' do
+          expect(subject).not_to match('root/activity/')
+          expect(subject).not_to match('root/group_members/')
+          expect(subject).not_to match('root/subgroups/')
+        end
+      end
+
+      context 'when more levels follow' do
+        it 'accepts top level routes' do
+          expect(subject).to match('root/admin/more/')
+          expect(subject).to match('root/api/more/')
+          expect(subject).to match('root/.well-known/more/')
+        end
+
+        it 'rejects project wildcard routes' do
+          expect(subject).not_to match('root/blob/more/')
+          expect(subject).not_to match('root/edit/more/')
+          expect(subject).not_to match('root/wikis/more/')
+          expect(subject).not_to match('root/environments/folders/more/')
+          expect(subject).not_to match('root/info/lfs/objects/more/')
+        end
+
+        it 'rejects group routes' do
+          expect(subject).not_to match('root/activity/more/')
+          expect(subject).not_to match('root/group_members/more/')
+          expect(subject).not_to match('root/subgroups/more/')
+        end
+      end
+    end
+
+    it 'is not case sensitive' do
+      expect(subject).not_to match('root/Blob/')
+    end
+
+    it 'does not allow extra slashes' do
+      expect(subject).not_to match('/root/admin/')
+      expect(subject).not_to match('root/admin//')
+    end
+  end
+
+  describe '.project_path_regex' do
+    subject { described_class.project_path_regex }
+
+    it 'accepts top level routes' do
+      expect(subject).to match('admin/')
+      expect(subject).to match('api/')
+      expect(subject).to match('.well-known/')
+    end
+
+    it 'rejects project wildcard routes' do
+      expect(subject).not_to match('blob/')
+      expect(subject).not_to match('edit/')
+      expect(subject).not_to match('wikis/')
+      expect(subject).not_to match('environments/folders/')
+      expect(subject).not_to match('info/lfs/objects/')
+    end
+
+    it 'accepts group routes' do
+      expect(subject).to match('activity/')
+      expect(subject).to match('group_members/')
+      expect(subject).to match('subgroups/')
+    end
+
+    it 'is not case sensitive' do
+      expect(subject).not_to match('Blob/')
+    end
+
+    it 'does not allow extra slashes' do
+      expect(subject).not_to match('/admin/')
+      expect(subject).not_to match('admin//')
+    end
+  end
+
+  describe '.full_project_path_regex' do
+    subject { described_class.full_project_path_regex }
+
+    it 'accepts top level routes' do
+      expect(subject).to match('root/admin/')
+      expect(subject).to match('root/api/')
+      expect(subject).to match('root/.well-known/')
+    end
+
+    it 'rejects project wildcard routes' do
+      expect(subject).not_to match('root/blob/')
+      expect(subject).not_to match('root/edit/')
+      expect(subject).not_to match('root/wikis/')
+      expect(subject).not_to match('root/environments/folders/')
+      expect(subject).not_to match('root/info/lfs/objects/')
+    end
+
+    it 'accepts group routes' do
+      expect(subject).to match('root/activity/')
+      expect(subject).to match('root/group_members/')
+      expect(subject).to match('root/subgroups/')
+    end
+
+    it 'is not case sensitive' do
+      expect(subject).not_to match('root/Blob/')
+    end
+
+    it 'does not allow extra slashes' do
+      expect(subject).not_to match('/root/admin/')
+      expect(subject).not_to match('root/admin//')
+    end
+  end
+
+  describe '.namespace_format_regex' do
+    subject { described_class.namespace_format_regex }
+
+    it { is_expected.to match('gitlab-ce') }
+    it { is_expected.to match('gitlab_git') }
+    it { is_expected.to match('_underscore.js') }
+    it { is_expected.to match('100px.com') }
+    it { is_expected.to match('gitlab.org') }
+    it { is_expected.not_to match('?gitlab') }
+    it { is_expected.not_to match('git lab') }
+    it { is_expected.not_to match('gitlab.git') }
+    it { is_expected.not_to match('gitlab.org.') }
+    it { is_expected.not_to match('gitlab.org/') }
+    it { is_expected.not_to match('/gitlab.org') }
+    it { is_expected.not_to match('gitlab git') }
+  end
+
+  describe '.project_path_format_regex' do
+    subject { described_class.project_path_format_regex }
+
+    it { is_expected.to match('gitlab-ce') }
+    it { is_expected.to match('gitlab_git') }
+    it { is_expected.to match('_underscore.js') }
+    it { is_expected.to match('100px.com') }
+    it { is_expected.not_to match('?gitlab') }
+    it { is_expected.not_to match('git lab') }
+    it { is_expected.not_to match('gitlab.git') }
+  end
+end
diff --git a/spec/lib/gitlab/project_authorizations_spec.rb b/spec/lib/gitlab/project_authorizations_spec.rb
new file mode 100644
index 00000000000..67321f43710
--- /dev/null
+++ b/spec/lib/gitlab/project_authorizations_spec.rb
@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+describe Gitlab::ProjectAuthorizations do
+  let(:group) { create(:group) }
+  let!(:owned_project) { create(:empty_project) }
+  let!(:other_project) { create(:empty_project) }
+  let!(:group_project) { create(:empty_project, namespace: group) }
+
+  let(:user) { owned_project.namespace.owner }
+
+  def map_access_levels(rows)
+    rows.each_with_object({}) do |row, hash|
+      hash[row.project_id] = row.access_level
+    end
+  end
+
+  before do
+    other_project.team << [user, :reporter]
+    group.add_developer(user)
+  end
+
+  let(:authorizations) do
+    klass = if Group.supports_nested_groups?
+              Gitlab::ProjectAuthorizations::WithNestedGroups
+            else
+              Gitlab::ProjectAuthorizations::WithoutNestedGroups
+            end
+
+    klass.new(user).calculate
+  end
+
+  it 'returns the correct number of authorizations' do
+    expect(authorizations.length).to eq(3)
+  end
+
+  it 'includes the correct projects' do
+    expect(authorizations.pluck(:project_id)).
+      to include(owned_project.id, other_project.id, group_project.id)
+  end
+
+  it 'includes the correct access levels' do
+    mapping = map_access_levels(authorizations)
+
+    expect(mapping[owned_project.id]).to eq(Gitlab::Access::MASTER)
+    expect(mapping[other_project.id]).to eq(Gitlab::Access::REPORTER)
+    expect(mapping[group_project.id]).to eq(Gitlab::Access::DEVELOPER)
+  end
+
+  if Group.supports_nested_groups?
+    context 'with nested groups' do
+      let!(:nested_group) { create(:group, parent: group) }
+      let!(:nested_project) { create(:empty_project, namespace: nested_group) }
+
+      it 'includes nested groups' do
+        expect(authorizations.pluck(:project_id)).to include(nested_project.id)
+      end
+
+      it 'inherits access levels when the user is not a member of a nested group' do
+        mapping = map_access_levels(authorizations)
+
+        expect(mapping[nested_project.id]).to eq(Gitlab::Access::DEVELOPER)
+      end
+
+      it 'uses the greatest access level when a user is a member of a nested group' do
+        nested_group.add_master(user)
+
+        mapping = map_access_levels(authorizations)
+
+        expect(mapping[nested_project.id]).to eq(Gitlab::Access::MASTER)
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index 1b8690ba613..3d22784909d 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -123,8 +123,8 @@ describe Gitlab::ProjectSearchResults, lib: true do
     context 'when wiki is internal' do
       let(:project) { create(:project, :public, :wiki_private) }
 
-      it 'finds wiki blobs for members' do
-        project.add_reporter(user)
+      it 'finds wiki blobs for guest' do
+        project.add_guest(user)
 
         is_expected.not_to be_empty
       end
diff --git a/spec/lib/gitlab/regex_spec.rb b/spec/lib/gitlab/regex_spec.rb
index a7d1283acb8..0bee892fe0c 100644
--- a/spec/lib/gitlab/regex_spec.rb
+++ b/spec/lib/gitlab/regex_spec.rb
@@ -2,386 +2,6 @@
 require 'spec_helper'
 
 describe Gitlab::Regex, lib: true do
-  # Pass in a full path to remove the format segment:
-  # `/ci/lint(.:format)` -> `/ci/lint`
-  def without_format(path)
-    path.split('(', 2)[0]
-  end
-
-  # Pass in a full path and get the last segment before a wildcard
-  # That's not a parameter
-  # `/*namespace_id/:project_id/builds/artifacts/*ref_name_and_path`
-  #    -> 'builds/artifacts'
-  def path_before_wildcard(path)
-    path = path.gsub(STARTING_WITH_NAMESPACE, "")
-    path_segments = path.split('/').reject(&:empty?)
-    wildcard_index = path_segments.index { |segment| parameter?(segment) }
-
-    segments_before_wildcard = path_segments[0..wildcard_index - 1]
-
-    segments_before_wildcard.join('/')
-  end
-
-  def parameter?(segment)
-    segment =~ /[*:]/
-  end
-
-  # If the path is reserved. Then no conflicting paths can# be created for any
-  # route using this reserved word.
-  #
-  # Both `builds/artifacts` & `build` are covered by reserving the word
-  # `build`
-  def wildcards_include?(path)
-    described_class::PROJECT_WILDCARD_ROUTES.include?(path) ||
-      described_class::PROJECT_WILDCARD_ROUTES.include?(path.split('/').first)
-  end
-
-  def failure_message(missing_words, constant_name, migration_helper)
-    missing_words = Array(missing_words)
-    <<-MSG
-      Found new routes that could cause conflicts with existing namespaced routes
-      for groups or projects.
-
-      Add <#{missing_words.join(', ')}> to `Gitlab::Regex::#{constant_name}
-      to make sure no projects or namespaces can be created with those paths.
-
-      To rename any existing records with those paths you can use the
-      `Gitlab::Database::RenameReservedpathsMigration::<VERSION>.#{migration_helper}`
-      migration helper.
-
-      Make sure to make a note of the renamed records in the release blog post.
-
-    MSG
-  end
-
-  let(:all_routes) do
-    route_set = Rails.application.routes
-    routes_collection = route_set.routes
-    routes_array = routes_collection.routes
-    routes_array.map { |route| route.path.spec.to_s }
-  end
-
-  let(:routes_without_format) { all_routes.map { |path| without_format(path) } }
-
-  # Routes not starting with `/:` or `/*`
-  # all routes not starting with a param
-  let(:routes_not_starting_in_wildcard) { routes_without_format.select { |p| p !~ %r{^/[:*]} } }
-
-  let(:top_level_words) do
-    routes_not_starting_in_wildcard.map do |route|
-      route.split('/')[1]
-    end.compact.uniq
-  end
-
-  # All routes that start with a namespaced path, that have 1 or more
-  # path-segments before having another wildcard parameter.
-  # - Starting with paths:
-  #   - `/*namespace_id/:project_id/`
-  #   - `/*namespace_id/:id/`
-  # - Followed by one or more path-parts not starting with `:` or `*`
-  # - Followed by a path-part that includes a wildcard parameter `*`
-  # At the time of writing these routes match: http://rubular.com/r/Rv2pDE5Dvw
-  STARTING_WITH_NAMESPACE = %r{^/\*namespace_id/:(project_)?id}
-  NON_PARAM_PARTS = %r{[^:*][a-z\-_/]*}
-  ANY_OTHER_PATH_PART = %r{[a-z\-_/:]*}
-  WILDCARD_SEGMENT = %r{\*}
-  let(:namespaced_wildcard_routes) do
-    routes_without_format.select do |p|
-      p =~ %r{#{STARTING_WITH_NAMESPACE}/#{NON_PARAM_PARTS}/#{ANY_OTHER_PATH_PART}#{WILDCARD_SEGMENT}}
-    end
-  end
-
-  # This will return all paths that are used in a namespaced route
-  # before another wildcard path:
-  #
-  # /*namespace_id/:project_id/builds/artifacts/*ref_name_and_path
-  # /*namespace_id/:project_id/info/lfs/objects/*oid
-  # /*namespace_id/:project_id/commits/*id
-  # /*namespace_id/:project_id/builds/:build_id/artifacts/file/*path
-  # -> ['builds/artifacts', 'info/lfs/objects', 'commits', 'artifacts/file']
-  let(:all_wildcard_paths) do
-    namespaced_wildcard_routes.map do |route|
-      path_before_wildcard(route)
-    end.uniq
-  end
-
-  STARTING_WITH_GROUP = %r{^/groups/\*(group_)?id/}
-  let(:group_routes) do
-    routes_without_format.select do |path|
-      path =~ STARTING_WITH_GROUP
-    end
-  end
-
-  let(:paths_after_group_id) do
-    group_routes.map do |route|
-      route.gsub(STARTING_WITH_GROUP, '').split('/').first
-    end.uniq
-  end
-
-  describe 'TOP_LEVEL_ROUTES' do
-    it 'includes all the top level namespaces' do
-      failure_block = lambda do
-        missing_words = top_level_words - described_class::TOP_LEVEL_ROUTES
-        failure_message(missing_words, 'TOP_LEVEL_ROUTES', 'rename_root_paths')
-      end
-
-      expect(described_class::TOP_LEVEL_ROUTES)
-        .to include(*top_level_words), failure_block
-    end
-  end
-
-  describe 'GROUP_ROUTES' do
-    it "don't contain a second wildcard" do
-      failure_block = lambda do
-        missing_words = paths_after_group_id - described_class::GROUP_ROUTES
-        failure_message(missing_words, 'GROUP_ROUTES', 'rename_child_paths')
-      end
-
-      expect(described_class::GROUP_ROUTES)
-        .to include(*paths_after_group_id), failure_block
-    end
-  end
-
-  describe 'PROJECT_WILDCARD_ROUTES' do
-    it 'includes all paths that can be used after a namespace/project path' do
-      aggregate_failures do
-        all_wildcard_paths.each do |path|
-          expect(wildcards_include?(path))
-            .to be(true), failure_message(path, 'PROJECT_WILDCARD_ROUTES', 'rename_wildcard_paths')
-        end
-      end
-    end
-  end
-
-  describe '.root_namespace_path_regex' do
-    subject { described_class.root_namespace_path_regex }
-
-    it 'rejects top level routes' do
-      expect(subject).not_to match('admin/')
-      expect(subject).not_to match('api/')
-      expect(subject).not_to match('.well-known/')
-    end
-
-    it 'accepts project wildcard routes' do
-      expect(subject).to match('blob/')
-      expect(subject).to match('edit/')
-      expect(subject).to match('wikis/')
-    end
-
-    it 'accepts group routes' do
-      expect(subject).to match('activity/')
-      expect(subject).to match('group_members/')
-      expect(subject).to match('subgroups/')
-    end
-
-    it 'is not case sensitive' do
-      expect(subject).not_to match('Users/')
-    end
-
-    it 'does not allow extra slashes' do
-      expect(subject).not_to match('/blob/')
-      expect(subject).not_to match('blob//')
-    end
-  end
-
-  describe '.full_namespace_path_regex' do
-    subject { described_class.full_namespace_path_regex }
-
-    context 'at the top level' do
-      context 'when the final level' do
-        it 'rejects top level routes' do
-          expect(subject).not_to match('admin/')
-          expect(subject).not_to match('api/')
-          expect(subject).not_to match('.well-known/')
-        end
-
-        it 'accepts project wildcard routes' do
-          expect(subject).to match('blob/')
-          expect(subject).to match('edit/')
-          expect(subject).to match('wikis/')
-        end
-
-        it 'accepts group routes' do
-          expect(subject).to match('activity/')
-          expect(subject).to match('group_members/')
-          expect(subject).to match('subgroups/')
-        end
-      end
-
-      context 'when more levels follow' do
-        it 'rejects top level routes' do
-          expect(subject).not_to match('admin/more/')
-          expect(subject).not_to match('api/more/')
-          expect(subject).not_to match('.well-known/more/')
-        end
-
-        it 'accepts project wildcard routes' do
-          expect(subject).to match('blob/more/')
-          expect(subject).to match('edit/more/')
-          expect(subject).to match('wikis/more/')
-          expect(subject).to match('environments/folders/')
-          expect(subject).to match('info/lfs/objects/')
-        end
-
-        it 'accepts group routes' do
-          expect(subject).to match('activity/more/')
-          expect(subject).to match('group_members/more/')
-          expect(subject).to match('subgroups/more/')
-        end
-      end
-    end
-
-    context 'at the second level' do
-      context 'when the final level' do
-        it 'accepts top level routes' do
-          expect(subject).to match('root/admin/')
-          expect(subject).to match('root/api/')
-          expect(subject).to match('root/.well-known/')
-        end
-
-        it 'rejects project wildcard routes' do
-          expect(subject).not_to match('root/blob/')
-          expect(subject).not_to match('root/edit/')
-          expect(subject).not_to match('root/wikis/')
-          expect(subject).not_to match('root/environments/folders/')
-          expect(subject).not_to match('root/info/lfs/objects/')
-        end
-
-        it 'rejects group routes' do
-          expect(subject).not_to match('root/activity/')
-          expect(subject).not_to match('root/group_members/')
-          expect(subject).not_to match('root/subgroups/')
-        end
-      end
-
-      context 'when more levels follow' do
-        it 'accepts top level routes' do
-          expect(subject).to match('root/admin/more/')
-          expect(subject).to match('root/api/more/')
-          expect(subject).to match('root/.well-known/more/')
-        end
-
-        it 'rejects project wildcard routes' do
-          expect(subject).not_to match('root/blob/more/')
-          expect(subject).not_to match('root/edit/more/')
-          expect(subject).not_to match('root/wikis/more/')
-          expect(subject).not_to match('root/environments/folders/more/')
-          expect(subject).not_to match('root/info/lfs/objects/more/')
-        end
-
-        it 'rejects group routes' do
-          expect(subject).not_to match('root/activity/more/')
-          expect(subject).not_to match('root/group_members/more/')
-          expect(subject).not_to match('root/subgroups/more/')
-        end
-      end
-    end
-
-    it 'is not case sensitive' do
-      expect(subject).not_to match('root/Blob/')
-    end
-
-    it 'does not allow extra slashes' do
-      expect(subject).not_to match('/root/admin/')
-      expect(subject).not_to match('root/admin//')
-    end
-  end
-
-  describe '.project_path_regex' do
-    subject { described_class.project_path_regex }
-
-    it 'accepts top level routes' do
-      expect(subject).to match('admin/')
-      expect(subject).to match('api/')
-      expect(subject).to match('.well-known/')
-    end
-
-    it 'rejects project wildcard routes' do
-      expect(subject).not_to match('blob/')
-      expect(subject).not_to match('edit/')
-      expect(subject).not_to match('wikis/')
-      expect(subject).not_to match('environments/folders/')
-      expect(subject).not_to match('info/lfs/objects/')
-    end
-
-    it 'accepts group routes' do
-      expect(subject).to match('activity/')
-      expect(subject).to match('group_members/')
-      expect(subject).to match('subgroups/')
-    end
-
-    it 'is not case sensitive' do
-      expect(subject).not_to match('Blob/')
-    end
-
-    it 'does not allow extra slashes' do
-      expect(subject).not_to match('/admin/')
-      expect(subject).not_to match('admin//')
-    end
-  end
-
-  describe '.full_project_path_regex' do
-    subject { described_class.full_project_path_regex }
-
-    it 'accepts top level routes' do
-      expect(subject).to match('root/admin/')
-      expect(subject).to match('root/api/')
-      expect(subject).to match('root/.well-known/')
-    end
-
-    it 'rejects project wildcard routes' do
-      expect(subject).not_to match('root/blob/')
-      expect(subject).not_to match('root/edit/')
-      expect(subject).not_to match('root/wikis/')
-      expect(subject).not_to match('root/environments/folders/')
-      expect(subject).not_to match('root/info/lfs/objects/')
-    end
-
-    it 'accepts group routes' do
-      expect(subject).to match('root/activity/')
-      expect(subject).to match('root/group_members/')
-      expect(subject).to match('root/subgroups/')
-    end
-
-    it 'is not case sensitive' do
-      expect(subject).not_to match('root/Blob/')
-    end
-
-    it 'does not allow extra slashes' do
-      expect(subject).not_to match('/root/admin/')
-      expect(subject).not_to match('root/admin//')
-    end
-  end
-
-  describe '.namespace_regex' do
-    subject { described_class.namespace_regex }
-
-    it { is_expected.to match('gitlab-ce') }
-    it { is_expected.to match('gitlab_git') }
-    it { is_expected.to match('_underscore.js') }
-    it { is_expected.to match('100px.com') }
-    it { is_expected.to match('gitlab.org') }
-    it { is_expected.not_to match('?gitlab') }
-    it { is_expected.not_to match('git lab') }
-    it { is_expected.not_to match('gitlab.git') }
-    it { is_expected.not_to match('gitlab.org.') }
-    it { is_expected.not_to match('gitlab.org/') }
-    it { is_expected.not_to match('/gitlab.org') }
-    it { is_expected.not_to match('gitlab git') }
-  end
-
-  describe '.project_path_format_regex' do
-    subject { described_class.project_path_format_regex }
-
-    it { is_expected.to match('gitlab-ce') }
-    it { is_expected.to match('gitlab_git') }
-    it { is_expected.to match('_underscore.js') }
-    it { is_expected.to match('100px.com') }
-    it { is_expected.not_to match('?gitlab') }
-    it { is_expected.not_to match('git lab') }
-    it { is_expected.not_to match('gitlab.git') }
-  end
-
   describe '.project_name_regex' do
     subject { described_class.project_name_regex }
 
@@ -412,16 +32,4 @@ describe Gitlab::Regex, lib: true do
     it { is_expected.not_to match('9foo') }
     it { is_expected.not_to match('foo-') }
   end
-
-  describe '.full_namespace_regex' do
-    subject { described_class.full_namespace_regex }
-
-    it { is_expected.to match('gitlab.org') }
-    it { is_expected.to match('gitlab.org/gitlab-git') }
-    it { is_expected.not_to match('gitlab.org.') }
-    it { is_expected.not_to match('gitlab.org/') }
-    it { is_expected.not_to match('/gitlab.org') }
-    it { is_expected.not_to match('gitlab.git') }
-    it { is_expected.not_to match('gitlab git') }
-  end
 end
diff --git a/spec/lib/gitlab/sql/recursive_cte_spec.rb b/spec/lib/gitlab/sql/recursive_cte_spec.rb
new file mode 100644
index 00000000000..25146860615
--- /dev/null
+++ b/spec/lib/gitlab/sql/recursive_cte_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe Gitlab::SQL::RecursiveCTE, :postgresql do
+  let(:cte) { described_class.new(:cte_name) }
+
+  describe '#to_arel' do
+    it 'generates an Arel relation for the CTE body' do
+      rel1 = User.where(id: 1)
+      rel2 = User.where(id: 2)
+
+      cte << rel1
+      cte << rel2
+
+      sql = cte.to_arel.to_sql
+      name = ActiveRecord::Base.connection.quote_table_name(:cte_name)
+
+      sql1, sql2 = ActiveRecord::Base.connection.unprepared_statement do
+        [rel1.except(:order).to_sql, rel2.except(:order).to_sql]
+      end
+
+      expect(sql).to eq("#{name} AS (#{sql1}\nUNION\n#{sql2})")
+    end
+  end
+
+  describe '#alias_to' do
+    it 'returns an alias for the CTE' do
+      table = Arel::Table.new(:kittens)
+
+      source_name = ActiveRecord::Base.connection.quote_table_name(:cte_name)
+      alias_name = ActiveRecord::Base.connection.quote_table_name(:kittens)
+
+      expect(cte.alias_to(table).to_sql).to eq("#{source_name} AS #{alias_name}")
+    end
+  end
+
+  describe '#apply_to' do
+    it 'applies a CTE to an ActiveRecord::Relation' do
+      user = create(:user)
+      cte = described_class.new(:cte_name)
+
+      cte << User.where(id: user.id)
+
+      relation = cte.apply_to(User.all)
+
+      expect(relation.to_sql).to match(/WITH RECURSIVE.+cte_name/)
+      expect(relation.to_a).to eq(User.where(id: user.id).to_a)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/url_sanitizer_spec.rb b/spec/lib/gitlab/url_sanitizer_spec.rb
index fc144a2556a..6bce724a3f6 100644
--- a/spec/lib/gitlab/url_sanitizer_spec.rb
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -62,11 +62,6 @@ describe Gitlab::UrlSanitizer, lib: true do
     end
   end
 
-  describe '.http_credentials_for_user' do
-    it { expect(described_class.http_credentials_for_user(user)).to eq({ user: 'john.doe' }) }
-    it { expect(described_class.http_credentials_for_user('foo')).to eq({}) }
-  end
-
   describe '#sanitized_url' do
     it { expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git") }
   end
@@ -76,7 +71,7 @@ describe Gitlab::UrlSanitizer, lib: true do
 
     context 'when user is given to #initialize' do
       let(:url_sanitizer) do
-        described_class.new("https://github.com/me/project.git", credentials: described_class.http_credentials_for_user(user))
+        described_class.new("https://github.com/me/project.git", credentials: { user: user.username })
       end
 
       it { expect(url_sanitizer.credentials).to eq({ user: 'john.doe' }) }
@@ -94,7 +89,7 @@ describe Gitlab::UrlSanitizer, lib: true do
 
     context 'when user is given to #initialize' do
       let(:url_sanitizer) do
-        described_class.new("https://github.com/me/project.git", credentials: described_class.http_credentials_for_user(user))
+        described_class.new("https://github.com/me/project.git", credentials: { user: user.username })
       end
 
       it { expect(url_sanitizer.full_url).to eq("https://john.doe@github.com/me/project.git") }
diff --git a/spec/lib/gitlab/utils_spec.rb b/spec/lib/gitlab/utils_spec.rb
index 56772409989..00941aec380 100644
--- a/spec/lib/gitlab/utils_spec.rb
+++ b/spec/lib/gitlab/utils_spec.rb
@@ -1,5 +1,7 @@
+require 'spec_helper'
+
 describe Gitlab::Utils, lib: true do
-  delegate :to_boolean, to: :described_class
+  delegate :to_boolean, :boolean_to_yes_no, to: :described_class
 
   describe '.to_boolean' do
     it 'accepts booleans' do
@@ -30,4 +32,11 @@ describe Gitlab::Utils, lib: true do
       expect(to_boolean(nil)).to be_nil
     end
   end
+
+  describe '.boolean_to_yes_no' do
+    it 'converts booleans to Yes or No' do
+      expect(boolean_to_yes_no(true)).to eq('Yes')
+      expect(boolean_to_yes_no(false)).to eq('No')
+    end
+  end
 end
diff --git a/spec/lib/gitlab/workhorse_spec.rb b/spec/lib/gitlab/workhorse_spec.rb
index fdbb55fc874..b1999409170 100644
--- a/spec/lib/gitlab/workhorse_spec.rb
+++ b/spec/lib/gitlab/workhorse_spec.rb
@@ -244,7 +244,7 @@ describe Gitlab::Workhorse, lib: true do
       context "when git_receive_pack action is passed" do
         let(:action) { 'git_receive_pack' }
 
-        it { expect(subject).not_to include(gitaly_params) }
+        it { expect(subject).to include(gitaly_params) }
       end
 
       context "when info_refs action is passed" do
diff --git a/spec/lib/system_check/simple_executor_spec.rb b/spec/lib/system_check/simple_executor_spec.rb
new file mode 100644
index 00000000000..a5c6170cd7d
--- /dev/null
+++ b/spec/lib/system_check/simple_executor_spec.rb
@@ -0,0 +1,223 @@
+require 'spec_helper'
+require 'rake_helper'
+
+describe SystemCheck::SimpleExecutor, lib: true do
+  class SimpleCheck < SystemCheck::BaseCheck
+    set_name 'my simple check'
+
+    def check?
+      true
+    end
+  end
+
+  class OtherCheck < SystemCheck::BaseCheck
+    set_name 'other check'
+
+    def check?
+      false
+    end
+
+    def show_error
+      $stdout.puts 'this is an error text'
+    end
+  end
+
+  class SkipCheck < SystemCheck::BaseCheck
+    set_name 'skip check'
+    set_skip_reason 'this is a skip reason'
+
+    def skip?
+      true
+    end
+
+    def check?
+      raise 'should not execute this'
+    end
+  end
+
+  class MultiCheck < SystemCheck::BaseCheck
+    set_name 'multi check'
+
+    def multi_check
+      $stdout.puts 'this is a multi output check'
+    end
+
+    def check?
+      raise 'should not execute this'
+    end
+  end
+
+  class SkipMultiCheck < SystemCheck::BaseCheck
+    set_name 'skip multi check'
+
+    def skip?
+      true
+    end
+
+    def multi_check
+      raise 'should not execute this'
+    end
+  end
+
+  class RepairCheck < SystemCheck::BaseCheck
+    set_name 'repair check'
+
+    def check?
+      false
+    end
+
+    def repair!
+      true
+    end
+
+    def show_error
+      $stdout.puts 'this is an error message'
+    end
+  end
+
+  describe '#component' do
+    it 'returns stored component name' do
+      expect(subject.component).to eq('Test')
+    end
+  end
+
+  describe '#checks' do
+    before do
+      subject << SimpleCheck
+    end
+
+    it 'returns a set of classes' do
+      expect(subject.checks).to include(SimpleCheck)
+    end
+  end
+
+  describe '#<<' do
+    before do
+      subject << SimpleCheck
+    end
+
+    it 'appends a new check to the Set' do
+      subject << OtherCheck
+      stored_checks = subject.checks.to_a
+
+      expect(stored_checks.first).to eq(SimpleCheck)
+      expect(stored_checks.last).to eq(OtherCheck)
+    end
+
+    it 'inserts unique itens only' do
+      subject << SimpleCheck
+
+      expect(subject.checks.size).to eq(1)
+    end
+  end
+
+  subject { described_class.new('Test') }
+
+  describe '#execute' do
+    before do
+      silence_output
+
+      subject << SimpleCheck
+      subject << OtherCheck
+    end
+
+    it 'runs included checks' do
+      expect(subject).to receive(:run_check).with(SimpleCheck)
+      expect(subject).to receive(:run_check).with(OtherCheck)
+
+      subject.execute
+    end
+  end
+
+  describe '#run_check' do
+    it 'prints check name' do
+      expect(SimpleCheck).to receive(:display_name).and_call_original
+      expect { subject.run_check(SimpleCheck) }.to output(/my simple check/).to_stdout
+    end
+
+    context 'when check pass' do
+      it 'prints yes' do
+        expect_any_instance_of(SimpleCheck).to receive(:check?).and_call_original
+        expect { subject.run_check(SimpleCheck) }.to output(/ \.\.\. yes/).to_stdout
+      end
+    end
+
+    context 'when check fails' do
+      it 'prints no' do
+        expect_any_instance_of(OtherCheck).to receive(:check?).and_call_original
+        expect { subject.run_check(OtherCheck) }.to output(/ \.\.\. no/).to_stdout
+      end
+
+      it 'displays error message from #show_error' do
+        expect_any_instance_of(OtherCheck).to receive(:show_error).and_call_original
+        expect { subject.run_check(OtherCheck) }.to output(/this is an error text/).to_stdout
+      end
+
+      context 'when check implements #repair!' do
+        it 'executes #repair!' do
+          expect_any_instance_of(RepairCheck).to receive(:repair!)
+
+          subject.run_check(RepairCheck)
+        end
+
+        context 'when repair succeeds' do
+          it 'does not execute #show_error' do
+            expect_any_instance_of(RepairCheck).to receive(:repair!).and_call_original
+            expect_any_instance_of(RepairCheck).not_to receive(:show_error)
+
+            subject.run_check(RepairCheck)
+          end
+        end
+
+        context 'when repair fails' do
+          it 'does not execute #show_error' do
+            expect_any_instance_of(RepairCheck).to receive(:repair!) { false }
+            expect_any_instance_of(RepairCheck).to receive(:show_error)
+
+            subject.run_check(RepairCheck)
+          end
+        end
+      end
+    end
+
+    context 'when check implements skip?' do
+      it 'executes #skip? method' do
+        expect_any_instance_of(SkipCheck).to receive(:skip?).and_call_original
+
+        subject.run_check(SkipCheck)
+      end
+
+      it 'displays #skip_reason' do
+        expect { subject.run_check(SkipCheck) }.to output(/this is a skip reason/).to_stdout
+      end
+
+      it 'does not execute #check when #skip? is true' do
+        expect_any_instance_of(SkipCheck).not_to receive(:check?)
+
+        subject.run_check(SkipCheck)
+      end
+    end
+
+    context 'when implements a #multi_check' do
+      it 'executes #multi_check method' do
+        expect_any_instance_of(MultiCheck).to receive(:multi_check)
+
+        subject.run_check(MultiCheck)
+      end
+
+      it 'does not execute #check method' do
+        expect_any_instance_of(MultiCheck).not_to receive(:check)
+
+        subject.run_check(MultiCheck)
+      end
+
+      context 'when check implements #skip?' do
+        it 'executes #skip? method' do
+          expect_any_instance_of(SkipMultiCheck).to receive(:skip?).and_call_original
+
+          subject.run_check(SkipMultiCheck)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/system_check_spec.rb b/spec/lib/system_check_spec.rb
new file mode 100644
index 00000000000..23d9beddb08
--- /dev/null
+++ b/spec/lib/system_check_spec.rb
@@ -0,0 +1,36 @@
+require 'spec_helper'
+require 'rake_helper'
+
+describe SystemCheck, lib: true do
+  class SimpleCheck < SystemCheck::BaseCheck
+    def check?
+      true
+    end
+  end
+
+  class OtherCheck < SystemCheck::BaseCheck
+    def check?
+      false
+    end
+  end
+
+  before do
+    silence_output
+  end
+
+  describe '.run' do
+    subject { SystemCheck }
+
+    it 'detects execution of SimpleCheck' do
+      is_expected.to execute_check(SimpleCheck)
+
+      subject.run('Test', [SimpleCheck])
+    end
+
+    it 'detects exclusion of OtherCheck in execution' do
+      is_expected.not_to execute_check(OtherCheck)
+
+      subject.run('Test', [SimpleCheck])
+    end
+  end
+end