Add latest changes from gitlab-org/gitlab@master

5 files changed, 107 insertions, 40 deletions

diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb
index ab7e12cd43c..86dfa586862 100644
--- a/spec/models/deployment_spec.rb
+++ b/spec/models/deployment_spec.rb
@@ -520,6 +520,21 @@ describe Deployment do
     end
   end
 
+  describe '#create_ref' do
+    let(:deployment) { build(:deployment) }
+
+    subject { deployment.create_ref }
+
+    it 'creates a ref using the sha' do
+      expect(deployment.project.repository).to receive(:create_ref).with(
+        deployment.sha,
+        "refs/environments/#{deployment.environment.name}/deployments/#{deployment.iid}"
+      )
+
+      subject
+    end
+  end
+
   describe '#playable_build' do
     subject { deployment.playable_build }
 
diff --git a/spec/models/environment_spec.rb b/spec/models/environment_spec.rb
index 48cabd4301c..03aef7aea5c 100644
--- a/spec/models/environment_spec.rb
+++ b/spec/models/environment_spec.rb
@@ -325,26 +325,6 @@ describe Environment, :use_clean_rails_memory_store_caching do
     end
   end
 
-  describe '#first_deployment_for' do
-    let(:project)       { create(:project, :repository) }
-    let!(:deployment)   { create(:deployment, :succeed, environment: environment, ref: commit.parent.id) }
-    let!(:deployment1)  { create(:deployment, :succeed, environment: environment, ref: commit.id) }
-    let(:head_commit)   { project.commit }
-    let(:commit)        { project.commit.parent }
-
-    it 'returns deployment id for the environment', :sidekiq_might_not_need_inline do
-      expect(environment.first_deployment_for(commit.id)).to eq deployment1
-    end
-
-    it 'return nil when no deployment is found' do
-      expect(environment.first_deployment_for(head_commit.id)).to eq nil
-    end
-
-    it 'returns a UTF-8 ref', :sidekiq_might_not_need_inline do
-      expect(environment.first_deployment_for(commit.id).ref).to be_utf8
-    end
-  end
-
   describe '#environment_type' do
     subject { environment.environment_type }
 
diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index 54e54366c5a..276fbc2cb54 100644
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -531,6 +531,41 @@ describe Namespace do
     end
   end
 
+  describe "#default_branch_protection" do
+    let(:namespace) { create(:namespace) }
+    let(:default_branch_protection) { nil }
+    let(:group) { create(:group, default_branch_protection: default_branch_protection) }
+
+    before do
+      stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
+    end
+
+    context 'for a namespace' do
+      # Unlike a group, the settings of a namespace cannot be altered
+      # via the UI or the API.
+
+      it 'returns the instance level setting' do
+        expect(namespace.default_branch_protection).to eq(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
+      end
+    end
+
+    context 'for a group' do
+      context 'that has not altered the default value' do
+        it 'returns the instance level setting' do
+          expect(group.default_branch_protection).to eq(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
+        end
+      end
+
+      context 'that has altered the default value' do
+        let(:default_branch_protection) { Gitlab::Access::PROTECTION_FULL }
+
+        it 'returns the group level setting' do
+          expect(group.default_branch_protection).to eq(default_branch_protection)
+        end
+      end
+    end
+  end
+
   describe '#self_and_hierarchy' do
     let!(:group) { create(:group, path: 'git_lab') }
     let!(:nested_group) { create(:group, parent: group) }
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 2b4a832634f..4885d4b63ff 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1623,6 +1623,29 @@ describe Project do
     end
   end
 
+  describe '#default_branch_protected?' do
+    using RSpec::Parameterized::TableSyntax
+
+    let_it_be(:project) { create(:project) }
+
+    subject { project.default_branch_protected? }
+
+    where(:default_branch_protection_level, :result) do
+      Gitlab::Access::PROTECTION_NONE           | false
+      Gitlab::Access::PROTECTION_DEV_CAN_PUSH   | false
+      Gitlab::Access::PROTECTION_DEV_CAN_MERGE  | true
+      Gitlab::Access::PROTECTION_FULL           | true
+    end
+
+    with_them do
+      before do
+        expect(project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level)
+      end
+
+      it { is_expected.to eq(result) }
+    end
+  end
+
   describe '#pages_url' do
     let(:group) { create(:group, name: group_name) }
     let(:project) { create(:project, namespace: group, name: project_name) }
@@ -4576,7 +4599,7 @@ describe Project do
       end
 
       it 'does not protect when branch protection is disabled' do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)
+        expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_NONE)
 
         project.after_import
 
@@ -4584,7 +4607,7 @@ describe Project do
       end
 
       it "gives developer access to push when branch protection is set to 'developers can push'" do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
+        expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
 
         project.after_import
 
@@ -4594,7 +4617,7 @@ describe Project do
       end
 
       it "gives developer access to merge when branch protection is set to 'developers can merge'" do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
+        expect(project.namespace).to receive(:default_branch_protection).and_return(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
 
         project.after_import
 
diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb
index 7f8a60dafa8..30fce1cd5c4 100644
--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@@ -164,31 +164,45 @@ describe ProtectedBranch do
       end
     end
 
-    context "new project" do
-      let(:project) { create(:project) }
+    context 'new project' do
+      using RSpec::Parameterized::TableSyntax
 
-      it 'returns false when default_protected_branch is unprotected' do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_NONE)
+      let(:project) { create(:project) }
 
-        expect(described_class.protected?(project, 'master')).to be false
-      end
+      context 'when the group has set their own default_branch_protection level' do
+        where(:default_branch_protection_level, :result) do
+          Gitlab::Access::PROTECTION_NONE          | false
+          Gitlab::Access::PROTECTION_DEV_CAN_PUSH  | false
+          Gitlab::Access::PROTECTION_DEV_CAN_MERGE | true
+          Gitlab::Access::PROTECTION_FULL          | true
+        end
 
-      it 'returns false when default_protected_branch lets developers push' do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_PUSH)
+        with_them do
+          it 'protects the default branch based on the default branch protection setting of the group' do
+            expect(project.namespace).to receive(:default_branch_protection).and_return(default_branch_protection_level)
 
-        expect(described_class.protected?(project, 'master')).to be false
+            expect(described_class.protected?(project, 'master')).to eq(result)
+          end
+        end
       end
 
-      it 'returns true when default_branch_protection does not let developers push but let developer merge branches' do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
-
-        expect(described_class.protected?(project, 'master')).to be true
-      end
+      context 'when the group has not set their own default_branch_protection level' do
+        where(:default_branch_protection_level, :result) do
+          Gitlab::Access::PROTECTION_NONE          | false
+          Gitlab::Access::PROTECTION_DEV_CAN_PUSH  | false
+          Gitlab::Access::PROTECTION_DEV_CAN_MERGE | true
+          Gitlab::Access::PROTECTION_FULL          | true
+        end
 
-      it 'returns true when default_branch_protection is in full protection' do
-        stub_application_setting(default_branch_protection: Gitlab::Access::PROTECTION_FULL)
+        with_them do
+          before do
+            stub_application_setting(default_branch_protection: default_branch_protection_level)
+          end
 
-        expect(described_class.protected?(project, 'master')).to be true
+          it 'protects the default branch based on the instance level default branch protection setting' do
+            expect(described_class.protected?(project, 'master')).to eq(result)
+          end
+        end
       end
     end
   end