From f53112de5931144ac74819f87c227f06e115ba58 Mon Sep 17 00:00:00 2001
From: Ash McKenzie <ash@the-rebellion.net>
Date: Thu, 18 Jul 2019 12:09:30 +1000
Subject: New GroupMember.of_ldap_type scope

---
 app/models/members/group_member.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb
index 4cba69069bb..341d2fe2149 100644
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -13,8 +13,8 @@ class GroupMember < Member
   default_scope { where(source_type: SOURCE_TYPE) }
 
   scope :of_groups, ->(groups) { where(source_id: groups.select(:id)) }
-
   scope :count_users_by_group_id, -> { joins(:user).group(:source_id).count }
+  scope :of_ldap_type, -> { where(ldap: true) }
 
   after_create :update_two_factor_requirement, unless: :invite?
   after_destroy :update_two_factor_requirement, unless: :invite?
-- 
cgit v1.2.1


From dfcf4cf5f1e87a29f0d9fcc5ff2bba47258893bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= <mksionek@gitlab.com>
Date: Thu, 18 Jul 2019 10:27:02 +0200
Subject: Add captcha if there are multiple failed login attempts

Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks
---
 app/controllers/sessions_controller.rb             | 44 ++++++++++++++++++++--
 app/helpers/application_settings_helper.rb         |  1 +
 app/models/application_setting.rb                  |  8 +++-
 app/models/application_setting_implementation.rb   |  1 +
 .../admin/application_settings/_spam.html.haml     | 13 +++++--
 .../admin/application_settings/reporting.html.haml |  4 +-
 app/views/devise/sessions/_new_base.html.haml      |  2 +-
 7 files changed, 62 insertions(+), 11 deletions(-)

(limited to 'app')

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 1880bead3ee..7b682cc0cc5 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -21,10 +21,13 @@ class SessionsController < Devise::SessionsController
   prepend_before_action :ensure_password_authentication_enabled!, if: -> { action_name == 'create' && password_based_login? }
 
   before_action :auto_sign_in_with_provider, only: [:new]
+  before_action :store_unauthenticated_sessions, only: [:new]
+  before_action :save_failed_login, if: :action_new_and_failed_login?
   before_action :load_recaptcha
 
-  after_action :log_failed_login, if: -> { action_name == 'new' && failed_login? }
-  helper_method :captcha_enabled?
+  after_action :log_failed_login, if: :action_new_and_failed_login?
+
+  helper_method :captcha_enabled?, :captcha_on_login_required?
 
   # protect_from_forgery is already prepended in ApplicationController but
   # authenticate_with_two_factor which signs in the user is prepended before
@@ -38,6 +41,7 @@ class SessionsController < Devise::SessionsController
   protect_from_forgery with: :exception, prepend: true
 
   CAPTCHA_HEADER = 'X-GitLab-Show-Login-Captcha'.freeze
+  MAX_FAILED_LOGIN_ATTEMPTS = 5
 
   def new
     set_minimum_password_length
@@ -81,10 +85,14 @@ class SessionsController < Devise::SessionsController
     request.headers[CAPTCHA_HEADER] && Gitlab::Recaptcha.enabled?
   end
 
+  def captcha_on_login_required?
+    Gitlab::Recaptcha.enabled_on_login? && unverified_anonymous_user?
+  end
+
   # From https://github.com/plataformatec/devise/wiki/How-To:-Use-Recaptcha-with-Devise#devisepasswordscontroller
   def check_captcha
     return unless user_params[:password].present?
-    return unless captcha_enabled?
+    return unless captcha_enabled? || captcha_on_login_required?
     return unless Gitlab::Recaptcha.load_configurations!
 
     if verify_recaptcha
@@ -126,10 +134,28 @@ class SessionsController < Devise::SessionsController
     Gitlab::AppLogger.info("Failed Login: username=#{user_params[:login]} ip=#{request.remote_ip}")
   end
 
+  def action_new_and_failed_login?
+    action_name == 'new' && failed_login?
+  end
+
+  def save_failed_login
+    session[:failed_login_attempts] ||= 0
+    session[:failed_login_attempts] += 1
+  end
+
   def failed_login?
     (options = request.env["warden.options"]) && options[:action] == "unauthenticated"
   end
 
+  # storing sessions per IP lets us check if there are associated multiple
+  # anonymous sessions with one IP and prevent situations when there are
+  # multiple attempts of logging in
+  def store_unauthenticated_sessions
+    return if current_user
+
+    Gitlab::AnonymousSession.new(request.remote_ip, session_id: request.session.id).store_session_id_per_ip
+  end
+
   # Handle an "initial setup" state, where there's only one user, it's an admin,
   # and they require a password change.
   # rubocop: disable CodeReuse/ActiveRecord
@@ -240,6 +266,18 @@ class SessionsController < Devise::SessionsController
     @ldap_servers ||= Gitlab::Auth::LDAP::Config.available_servers
   end
 
+  def unverified_anonymous_user?
+    exceeded_failed_login_attempts? || exceeded_anonymous_sessions?
+  end
+
+  def exceeded_failed_login_attempts?
+    session.fetch(:failed_login_attempts, 0) > MAX_FAILED_LOGIN_ATTEMPTS
+  end
+
+  def exceeded_anonymous_sessions?
+    Gitlab::AnonymousSession.new(request.remote_ip).stored_sessions >= MAX_FAILED_LOGIN_ATTEMPTS
+  end
+
   def authentication_method
     if user_params[:otp_attempt]
       "two-factor"
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 3847a35fbab..f13d69d1c37 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -229,6 +229,7 @@ module ApplicationSettingsHelper
       :recaptcha_enabled,
       :recaptcha_private_key,
       :recaptcha_site_key,
+      :login_recaptcha_protection_enabled,
       :receive_max_input_size,
       :repository_checks_enabled,
       :repository_storages,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index a769a8f07fd..16e35c1be67 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -73,11 +73,11 @@ class ApplicationSetting < ApplicationRecord
 
   validates :recaptcha_site_key,
             presence: true,
-            if: :recaptcha_enabled
+            if: :recaptcha_or_login_protection_enabled
 
   validates :recaptcha_private_key,
             presence: true,
-            if: :recaptcha_enabled
+            if: :recaptcha_or_login_protection_enabled
 
   validates :akismet_api_key,
             presence: true,
@@ -285,4 +285,8 @@ class ApplicationSetting < ApplicationRecord
   def self.cache_backend
     Gitlab::ThreadMemoryCache.cache_backend
   end
+
+  def recaptcha_or_login_protection_enabled
+    recaptcha_enabled || login_recaptcha_protection_enabled
+  end
 end
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 1e612bd0e78..b8e6156d231 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -63,6 +63,7 @@ module ApplicationSettingImplementation
         polling_interval_multiplier: 1,
         project_export_enabled: true,
         recaptcha_enabled: false,
+        login_recaptcha_protection_enabled: false,
         repository_checks_enabled: true,
         repository_storages: ['default'],
         require_two_factor_authentication: false,
diff --git a/app/views/admin/application_settings/_spam.html.haml b/app/views/admin/application_settings/_spam.html.haml
index d24e46b2815..f0a19075115 100644
--- a/app/views/admin/application_settings/_spam.html.haml
+++ b/app/views/admin/application_settings/_spam.html.haml
@@ -7,11 +7,15 @@
         = f.check_box :recaptcha_enabled, class: 'form-check-input'
         = f.label :recaptcha_enabled, class: 'form-check-label' do
           Enable reCAPTCHA
-        - recaptcha_v2_link_url = 'https://developers.google.com/recaptcha/docs/versions'
-        - recaptcha_v2_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: recaptcha_v2_link_url }
         %span.form-text.text-muted#recaptcha_help_block
-          = _('Helps prevent bots from creating accounts. We currently only support %{recaptcha_v2_link_start}reCAPTCHA v2%{recaptcha_v2_link_end}').html_safe % { recaptcha_v2_link_start: recaptcha_v2_link_start, recaptcha_v2_link_end: '</a>'.html_safe }
-
+          = _('Helps prevent bots from creating accounts.')
+    .form-group
+      .form-check
+        = f.check_box :login_recaptcha_protection_enabled, class: 'form-check-input'
+        = f.label :login_recaptcha_protection_enabled, class: 'form-check-label' do
+          Enable reCAPTCHA for login
+        %span.form-text.text-muted#recaptcha_help_block
+          = _('Helps prevent bots from brute-force attacks.')
     .form-group
       = f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'label-bold'
       = f.text_field :recaptcha_site_key, class: 'form-control'
@@ -21,6 +25,7 @@
 
     .form-group
       = f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'label-bold'
+    .form-group
       = f.text_field :recaptcha_private_key, class: 'form-control'
 
     .form-group
diff --git a/app/views/admin/application_settings/reporting.html.haml b/app/views/admin/application_settings/reporting.html.haml
index 46e3d1c4570..c60e44b3864 100644
--- a/app/views/admin/application_settings/reporting.html.haml
+++ b/app/views/admin/application_settings/reporting.html.haml
@@ -9,7 +9,9 @@
     %button.btn.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
-      = _('Enable reCAPTCHA or Akismet and set IP limits.')
+      - recaptcha_v2_link_url = 'https://developers.google.com/recaptcha/docs/versions'
+      - recaptcha_v2_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: recaptcha_v2_link_url }
+      = _('Enable reCAPTCHA or Akismet and set IP limits. For reCAPTCHA, we currently only support %{recaptcha_v2_link_start}v2%{recaptcha_v2_link_end}').html_safe % { recaptcha_v2_link_start: recaptcha_v2_link_start, recaptcha_v2_link_end: '</a>'.html_safe }
   .settings-content
     = render 'spam'
 
diff --git a/app/views/devise/sessions/_new_base.html.haml b/app/views/devise/sessions/_new_base.html.haml
index 2f10f08c839..6382849de9c 100644
--- a/app/views/devise/sessions/_new_base.html.haml
+++ b/app/views/devise/sessions/_new_base.html.haml
@@ -13,7 +13,7 @@
       .float-right.forgot-password
         = link_to "Forgot your password?", new_password_path(:user)
     %div
-    - if captcha_enabled?
+    - if captcha_enabled? || captcha_on_login_required?
       = recaptcha_tags
 
   .submit-container.move-submit-down
-- 
cgit v1.2.1


From 927f608f2c4905e430d2df1c455cec793ef41aa9 Mon Sep 17 00:00:00 2001
From: Patrick Derichs <pderichs@gitlab.com>
Date: Mon, 15 Jul 2019 13:29:56 +0200
Subject: Fix HTML injection for label description

Add changelog entry

Add spec
---
 app/helpers/labels_helper.rb | 2 +-
 app/models/label.rb          | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb
index 2ed016beea4..c5a3507637e 100644
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -71,7 +71,7 @@ module LabelsHelper
   end
 
   def label_tooltip_title(label)
-    label.description
+    Sanitize.clean(label.description)
   end
 
   def suggested_colors
diff --git a/app/models/label.rb b/app/models/label.rb
index 25de26b8384..19f684c32af 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -197,7 +197,11 @@ class Label < ApplicationRecord
   end
 
   def title=(value)
-    write_attribute(:title, sanitize_title(value)) if value.present?
+    write_attribute(:title, sanitize_value(value)) if value.present?
+  end
+
+  def description=(value)
+    write_attribute(:description, sanitize_value(value)) if value.present?
   end
 
   ##
@@ -258,7 +262,7 @@ class Label < ApplicationRecord
     end
   end
 
-  def sanitize_title(value)
+  def sanitize_value(value)
     CGI.unescapeHTML(Sanitize.clean(value.to_s))
   end
 
-- 
cgit v1.2.1


From 20e8c92410d93c39f4a800941d0c633f949e7790 Mon Sep 17 00:00:00 2001
From: Martin Hanzel <arthanzel@gmail.com>
Date: Wed, 24 Jul 2019 14:19:25 +0200
Subject: Enforce max chars and max render time in markdown math

KaTeX math will now render progressivly and asynchronously. There
are upper limits on the character count of each formula, and on
cumulative render time.
---
 .../javascripts/behaviors/markdown/render_math.js  | 146 ++++++++++++++++++---
 1 file changed, 128 insertions(+), 18 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/behaviors/markdown/render_math.js b/app/assets/javascripts/behaviors/markdown/render_math.js
index a68936d79e2..53867b3096b 100644
--- a/app/assets/javascripts/behaviors/markdown/render_math.js
+++ b/app/assets/javascripts/behaviors/markdown/render_math.js
@@ -1,6 +1,5 @@
-import $ from 'jquery';
-import { __ } from '~/locale';
 import flash from '~/flash';
+import { s__, sprintf } from '~/locale';
 
 // Renders math using KaTeX in any element with the
 // `js-render-math` class
@@ -10,21 +9,131 @@ import flash from '~/flash';
 //   <code class="js-render-math"></div>
 //
 
-// Loop over all math elements and render math
-function renderWithKaTeX(elements, katex) {
-  elements.each(function katexElementsLoop() {
-    const mathNode = $('<span></span>');
-    const $this = $(this);
-
-    const display = $this.attr('data-math-style') === 'display';
-    try {
-      katex.render($this.text(), mathNode.get(0), { displayMode: display, throwOnError: false });
-      mathNode.insertAfter($this);
-      $this.remove();
-    } catch (err) {
-      throw err;
+const MAX_MATH_CHARS = 1000;
+const MAX_RENDER_TIME_MS = 2000;
+
+// These messages might be used with inline errors in the future. Keep them around. For now, we will
+// display a single error message using flash().
+
+// const CHAR_LIMIT_EXCEEDED_MSG = sprintf(
+//   s__(
+//     'math|The following math is too long. For performance reasons, math blocks are limited to %{maxChars} characters. Try splitting up this block, or include an image instead.',
+//   ),
+//   { maxChars: MAX_MATH_CHARS },
+// );
+// const RENDER_TIME_EXCEEDED_MSG = s__(
+//   "math|The math in this entry is taking too long to render. Any math below this point won't be shown. Consider splitting it among multiple entries.",
+// );
+
+const RENDER_FLASH_MSG = sprintf(
+  s__(
+    'math|The math in this entry is taking too long to render and may not be displayed as expected. For performance reasons, math blocks are also limited to %{maxChars} characters. Consider splitting up large formulae, splitting math blocks among multiple entries, or using an image instead.',
+  ),
+  { maxChars: MAX_MATH_CHARS },
+);
+
+// Wait for the browser to reflow the layout. Reflowing SVG takes time.
+// This has to wrap the inner function, otherwise IE/Edge throw "invalid calling object".
+const waitForReflow = fn => {
+  window.requestAnimationFrame(fn);
+};
+
+/**
+ * Renders math blocks sequentially while protecting against DoS attacks. Math blocks have a maximum character limit of MAX_MATH_CHARS. If rendering math takes longer than MAX_RENDER_TIME_MS, all subsequent math blocks are skipped and an error message is shown.
+ */
+class SafeMathRenderer {
+  /*
+  How this works:
+
+  The performance bottleneck in rendering math is in the browser trying to reflow the generated SVG.
+  During this time, the JS is blocked and the page becomes unresponsive.
+  We want to render math blocks one by one until a certain time is exceeded, after which we stop
+  rendering subsequent math blocks, to protect against DoS. However, browsers do reflowing in an
+  asynchronous task, so we can't time it synchronously.
+
+  SafeMathRenderer essentially does the following:
+  1. Replaces all math blocks with placeholders so that they're not mistakenly rendered twice.
+  2. Places each placeholder element in a queue.
+  3. Renders the element at the head of the queue and waits for reflow.
+  4. After reflow, gets the elapsed time since step 3 and repeats step 3 until the queue is empty.
+   */
+  queue = [];
+  totalMS = 0;
+
+  constructor(elements, katex) {
+    this.elements = elements;
+    this.katex = katex;
+
+    this.renderElement = this.renderElement.bind(this);
+    this.render = this.render.bind(this);
+  }
+
+  renderElement() {
+    if (!this.queue.length) {
+      return;
     }
-  });
+
+    const el = this.queue.shift();
+    const text = el.textContent;
+
+    el.removeAttribute('style');
+
+    if (this.totalMS >= MAX_RENDER_TIME_MS || text.length > MAX_MATH_CHARS) {
+      if (!this.flashShown) {
+        flash(RENDER_FLASH_MSG);
+        this.flashShown = true;
+      }
+
+      // Show unrendered math code
+      const codeElement = document.createElement('pre');
+      codeElement.className = 'code';
+      codeElement.textContent = el.textContent;
+      el.parentNode.replaceChild(codeElement, el);
+
+      // Render the next math
+      this.renderElement();
+    } else {
+      this.startTime = Date.now();
+
+      try {
+        el.innerHTML = this.katex.renderToString(text, {
+          displayMode: el.getAttribute('data-math-style') === 'display',
+          throwOnError: true,
+          maxSize: 20,
+          maxExpand: 20,
+        });
+      } catch {
+        // Don't show a flash for now because it would override an existing flash message
+        el.textContent = s__('math|There was an error rendering this math block');
+        // el.style.color = '#d00';
+        el.className = 'katex-error';
+      }
+
+      // Give the browser time to reflow the svg
+      waitForReflow(() => {
+        const deltaTime = Date.now() - this.startTime;
+        this.totalMS += deltaTime;
+
+        this.renderElement();
+      });
+    }
+  }
+
+  render() {
+    // Replace math blocks with a placeholder so they aren't rendered twice
+    this.elements.forEach(el => {
+      const placeholder = document.createElement('span');
+      placeholder.style.display = 'none';
+      placeholder.setAttribute('data-math-style', el.getAttribute('data-math-style'));
+      placeholder.textContent = el.textContent;
+      el.parentNode.replaceChild(placeholder, el);
+      this.queue.push(placeholder);
+    });
+
+    // If we wait for the browser thread to settle down a bit, math rendering becomes 5-10x faster
+    // and less prone to timeouts.
+    setTimeout(this.renderElement, 400);
+  }
 }
 
 export default function renderMath($els) {
@@ -34,7 +143,8 @@ export default function renderMath($els) {
     import(/* webpackChunkName: 'katex' */ 'katex/dist/katex.min.css'),
   ])
     .then(([katex]) => {
-      renderWithKaTeX($els, katex);
+      const renderer = new SafeMathRenderer($els.get(), katex);
+      renderer.render();
     })
-    .catch(() => flash(__('An error occurred while rendering KaTeX')));
+    .catch(() => {});
 }
-- 
cgit v1.2.1


From d30a90a354f3dc015093d80f9de9dc15b38ff2a0 Mon Sep 17 00:00:00 2001
From: Alex Kalderimis <alex.kalderimis@gmail.com>
Date: Tue, 4 Jun 2019 23:30:54 -0400
Subject: Prevent unauthorised comments on merge requests

* Prevent creating notes on inaccessible MRs

This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.

* Prevent creating notes in inaccessible Issues

without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.

* Add CHANGELOG entry
---
 app/policies/issue_policy.rb         | 9 +++++----
 app/policies/merge_request_policy.rb | 6 ++++++
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb
index dd8c5d49cf4..fa252af55e4 100644
--- a/app/policies/issue_policy.rb
+++ b/app/policies/issue_policy.rb
@@ -5,6 +5,8 @@ class IssuePolicy < IssuablePolicy
   # Make sure to sync this class checks with issue.rb to avoid security problems.
   # Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.
 
+  extend ProjectPolicy::ClassMethods
+
   desc "User can read confidential issues"
   condition(:can_read_confidential) do
     @user && IssueCollection.new([@subject]).visible_to(@user).any?
@@ -14,13 +16,12 @@ class IssuePolicy < IssuablePolicy
   condition(:confidential, scope: :subject) { @subject.confidential? }
 
   rule { confidential & ~can_read_confidential }.policy do
-    prevent :read_issue
+    prevent(*create_read_update_admin_destroy(:issue))
     prevent :read_issue_iid
-    prevent :update_issue
-    prevent :admin_issue
-    prevent :create_note
   end
 
+  rule { ~can?(:read_issue) }.prevent :create_note
+
   rule { locked }.policy do
     prevent :reopen_issue
   end
diff --git a/app/policies/merge_request_policy.rb b/app/policies/merge_request_policy.rb
index a3692857ff4..5ad7bdabdff 100644
--- a/app/policies/merge_request_policy.rb
+++ b/app/policies/merge_request_policy.rb
@@ -4,4 +4,10 @@ class MergeRequestPolicy < IssuablePolicy
   rule { locked }.policy do
     prevent :reopen_merge_request
   end
+
+  # Only users who can read the merge request can comment.
+  # Although :read_merge_request is computed in the policy context,
+  # it would not be safe to prevent :create_note there, since
+  # note permissions are shared, and this would apply too broadly.
+  rule { ~can?(:read_merge_request) }.prevent :create_note
 end
-- 
cgit v1.2.1


From 492a7e753d0ef06458163aecc5ca43892a5acc73 Mon Sep 17 00:00:00 2001
From: Felipe Artur <felipefac@gmail.com>
Date: Tue, 16 Jul 2019 16:49:47 -0300
Subject: Fix DNS rebind vulnerability for JIRA integration

Uses Gitlab::HTTP for JIRA requests instead of Net::Http.
Gitlab::Http comes with some built in SSRF protections.
---
 app/models/project_services/jira_service.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb
index d08fcd8954d..0728c83005e 100644
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -64,7 +64,12 @@ class JiraService < IssueTrackerService
   end
 
   def client
-    @client ||= JIRA::Client.new(options)
+    @client ||= begin
+      JIRA::Client.new(options).tap do |client|
+        # Replaces JIRA default http client with our implementation
+        client.request_client = Gitlab::Jira::HttpClient.new(client.options)
+      end
+    end
   end
 
   def help
-- 
cgit v1.2.1


From 4882303760c9f22112985f78746f2416b701a47b Mon Sep 17 00:00:00 2001
From: Denys Mishunov <dmishunov@gitlab.com>
Date: Mon, 12 Aug 2019 18:13:12 +0200
Subject: Fixed deletion of directories in Web IDE

---
 app/assets/javascripts/ide/stores/utils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/ide/stores/utils.js b/app/assets/javascripts/ide/stores/utils.js
index 04e86afb268..52200ce7847 100644
--- a/app/assets/javascripts/ide/stores/utils.js
+++ b/app/assets/javascripts/ide/stores/utils.js
@@ -129,7 +129,7 @@ export const commitActionForFile = file => {
 
 export const getCommitFiles = stagedFiles =>
   stagedFiles.reduce((acc, file) => {
-    if (file.moved) return acc;
+    if (file.moved || file.type === 'tree') return acc;
 
     return acc.concat({
       ...file,
-- 
cgit v1.2.1


From 1c7c91806d4b9866f512f50f36c9c74b48cb8229 Mon Sep 17 00:00:00 2001
From: drew cimino <dcimino@gitlab.com>
Date: Mon, 22 Jul 2019 14:16:15 -0400
Subject: Permission fix for MergeRequestsController#pipeline_status

- Use set_pipeline_variables to filter for visible pipelines
- Mimic response of nonexistent pipeline if not found
- Provide set_pipeline_variables as a before_filter for other actions
---
 app/controllers/projects/merge_requests_controller.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index f4d381244d9..ee755d68cf1 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -188,7 +188,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   def pipeline_status
     render json: PipelineSerializer
       .new(project: @project, current_user: @current_user)
-      .represent_status(@merge_request.head_pipeline)
+      .represent_status(head_pipeline)
   end
 
   def ci_environments_status
@@ -238,6 +238,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
 
   private
 
+  def head_pipeline
+    strong_memoize(:head_pipeline) do
+      pipeline = @merge_request.head_pipeline
+      pipeline if can?(current_user, :read_pipeline, pipeline)
+    end
+  end
+
   def ci_environments_status_on_merge_result?
     params[:environment_target] == 'merge_commit'
   end
-- 
cgit v1.2.1


From 139df74253214fbab6aa703ed8ce381d0871aa46 Mon Sep 17 00:00:00 2001
From: Igor Drozdov <idrozdov@gitlab.com>
Date: Mon, 12 Aug 2019 15:07:15 +0300
Subject: Add merge note type as cross reference

---
 app/models/system_note_metadata.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/system_note_metadata.rb b/app/models/system_note_metadata.rb
index 9a2640db9ca..a19755d286a 100644
--- a/app/models/system_note_metadata.rb
+++ b/app/models/system_note_metadata.rb
@@ -9,7 +9,7 @@ class SystemNoteMetadata < ApplicationRecord
   TYPES_WITH_CROSS_REFERENCES = %w[
     commit cross_reference
     close duplicate
-    moved
+    moved merge
   ].freeze
 
   ICON_TYPES = %w[
-- 
cgit v1.2.1


From 06eddc3edfa739c0c685d461a58621b43c4ecd5d Mon Sep 17 00:00:00 2001
From: George Koltsov <gkoltsov@gitlab.com>
Date: Tue, 6 Aug 2019 14:05:18 +0100
Subject: Fix project import restricted visibility bypass

Add Gitlab::VisibilityLevelChecker that verifies
selected project visibility level (or overridden param)
is not restricted when creating or importing a project
---
 app/services/projects/create_service.rb | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'app')

diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 89dc4375c63..942a45286b2 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -5,9 +5,11 @@ module Projects
     include ValidatesClassificationLabel
 
     def initialize(user, params)
-      @current_user, @params = user, params.dup
-      @skip_wiki = @params.delete(:skip_wiki)
+      @current_user, @params  = user, params.dup
+      @skip_wiki              = @params.delete(:skip_wiki)
       @initialize_with_readme = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_readme))
+      @import_data            = @params.delete(:import_data)
+      @relations_block        = @params.delete(:relations_block)
     end
 
     def execute
@@ -15,14 +17,11 @@ module Projects
         return ::Projects::CreateFromTemplateService.new(current_user, params).execute
       end
 
-      import_data = params.delete(:import_data)
-      relations_block = params.delete(:relations_block)
-
       @project = Project.new(params)
 
       # Make sure that the user is allowed to use the specified visibility level
-      unless Gitlab::VisibilityLevel.allowed_for?(current_user, @project.visibility_level)
-        deny_visibility_level(@project)
+      if project_visibility.restricted?
+        deny_visibility_level(@project, project_visibility.visibility_level)
         return @project
       end
 
@@ -44,7 +43,7 @@ module Projects
         @project.namespace_id = current_user.namespace_id
       end
 
-      relations_block&.call(@project)
+      @relations_block&.call(@project)
       yield(@project) if block_given?
 
       validate_classification_label(@project, :external_authorization_classification_label)
@@ -54,7 +53,7 @@ module Projects
 
       @project.creator = current_user
 
-      save_project_and_import_data(import_data)
+      save_project_and_import_data
 
       after_create_actions if @project.persisted?
 
@@ -129,9 +128,9 @@ module Projects
       !@project.feature_available?(:wiki, current_user) || @skip_wiki
     end
 
-    def save_project_and_import_data(import_data)
+    def save_project_and_import_data
       Project.transaction do
-        @project.create_or_update_import_data(data: import_data[:data], credentials: import_data[:credentials]) if import_data
+        @project.create_or_update_import_data(data: @import_data[:data], credentials: @import_data[:credentials]) if @import_data
 
         if @project.save
           unless @project.gitlab_project_import?
@@ -192,5 +191,11 @@ module Projects
         fail(error: @project.errors.full_messages.join(', '))
       end
     end
+
+    def project_visibility
+      @project_visibility ||= Gitlab::VisibilityLevelChecker
+        .new(current_user, @project, project_params: { import_data: @import_data })
+        .level_restricted?
+    end
   end
 end
-- 
cgit v1.2.1


From b179b752e8024679e6ce6fbd2a5fe1da17fef3f6 Mon Sep 17 00:00:00 2001
From: Arun Kumar Mohan <arunmohandm@gmail.com>
Date: Tue, 13 Aug 2019 01:04:10 -0500
Subject: Refactor nextUnresolvedDiscussionId and
 previousUnresolvedDiscussionId getters

---
 app/assets/javascripts/notes/stores/getters.js | 39 +++++++++++++++-----------
 1 file changed, 23 insertions(+), 16 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/notes/stores/getters.js b/app/assets/javascripts/notes/stores/getters.js
index 52410f18d4a..3d0ec8cd3a7 100644
--- a/app/assets/javascripts/notes/stores/getters.js
+++ b/app/assets/javascripts/notes/stores/getters.js
@@ -171,26 +171,33 @@ export const isLastUnresolvedDiscussion = (state, getters) => (discussionId, dif
   return lastDiscussionId === discussionId;
 };
 
-// Gets the ID of the discussion following the one provided, respecting order (diff or date)
-// @param {Boolean} discussionId - id of the current discussion
-// @param {Boolean} diffOrder - is ordered by diff?
-export const nextUnresolvedDiscussionId = (state, getters) => (discussionId, diffOrder) => {
-  const idsOrdered = getters.unresolvedDiscussionsIdsOrdered(diffOrder);
-  const currentIndex = idsOrdered.indexOf(discussionId);
-  const slicedIds = idsOrdered.slice(currentIndex + 1, currentIndex + 2);
+export const findUnresolvedDiscussionIdNeighbor = (state, getters) => ({
+  discussionId,
+  diffOrder,
+  step,
+}) => {
+  const ids = getters.unresolvedDiscussionsIdsOrdered(diffOrder);
+  const index = ids.indexOf(discussionId) + step;
+
+  if (index < 0 && step < 0) {
+    return ids[ids.length - 1];
+  }
+
+  if (index === ids.length && step > 0) {
+    return ids[0];
+  }
 
-  // Get the first ID if there is none after the currentIndex
-  return slicedIds.length ? idsOrdered.slice(currentIndex + 1, currentIndex + 2)[0] : idsOrdered[0];
+  return ids[index];
 };
 
-export const previousUnresolvedDiscussionId = (state, getters) => (discussionId, diffOrder) => {
-  const idsOrdered = getters.unresolvedDiscussionsIdsOrdered(diffOrder);
-  const currentIndex = idsOrdered.indexOf(discussionId);
-  const slicedIds = idsOrdered.slice(currentIndex - 1, currentIndex);
+// Gets the ID of the discussion following the one provided, respecting order (diff or date)
+// @param {Boolean} discussionId - id of the current discussion
+// @param {Boolean} diffOrder - is ordered by diff?
+export const nextUnresolvedDiscussionId = (state, getters) => (discussionId, diffOrder) =>
+  getters.findUnresolvedDiscussionIdNeighbor({ discussionId, diffOrder, step: 1 });
 
-  // Get the last ID if there is none after the currentIndex
-  return slicedIds.length ? slicedIds[0] : idsOrdered[idsOrdered.length - 1];
-};
+export const previousUnresolvedDiscussionId = (state, getters) => (discussionId, diffOrder) =>
+  getters.findUnresolvedDiscussionIdNeighbor({ discussionId, diffOrder, step: -1 });
 
 // @param {Boolean} diffOrder - is ordered by diff?
 export const firstUnresolvedDiscussionId = (state, getters) => diffOrder => {
-- 
cgit v1.2.1


From 3488da59363a5edfbf431a37ba59247b836bc50a Mon Sep 17 00:00:00 2001
From: Jarek Ostrowski <jarek.j.ostrowski@gmail.com>
Date: Fri, 16 Aug 2019 10:27:11 -0400
Subject: Add expand up and expand down icons

Add changelog
Add MR to changelog
Remove stray file
---
 app/assets/javascripts/diffs/components/diff_expansion_cell.vue | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/diffs/components/diff_expansion_cell.vue b/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
index 925385fa98a..43edc116ed1 100644
--- a/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
+++ b/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
@@ -223,8 +223,7 @@ export default {
         :title="__('Expand up')"
         @click="handleExpandLines(EXPAND_UP)"
       >
-        <!-- TODO: remove style & replace with correct icon, waiting for MR https://gitlab.com/gitlab-org/gitlab-design/issues/499 -->
-        <icon :size="12" name="expand-left" aria-hidden="true" style="transform: rotate(270deg);" />
+        <icon :size="12" name="expand-up" aria-hidden="true" />
       </a>
       <a class="mx-2 cursor-pointer js-unfold-all" @click="handleExpandLines()">
         <span>{{ s__('Diffs|Show all lines') }}</span>
@@ -238,8 +237,7 @@ export default {
         :title="__('Expand down')"
         @click="handleExpandLines(EXPAND_DOWN)"
       >
-        <!-- TODO: remove style & replace with correct icon, waiting for MR https://gitlab.com/gitlab-org/gitlab-design/issues/499 -->
-        <icon :size="12" name="expand-left" aria-hidden="true" style="transform: rotate(90deg);" />
+        <icon :size="12" name="expand-down" aria-hidden="true" />
       </a>
     </div>
   </td>
-- 
cgit v1.2.1


From 0eff75fa2b6691b6fba31fcc2842f51debd249a9 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Mon, 8 Jul 2019 17:11:59 +0100
Subject: Cache branch and tag names as Redis sets

This allows us to check inclusion for the *_exists? methods without
downloading the full list of branch names, which is over 100KiB in size
for gitlab-ce at the moment.
---
 app/models/repository.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/models/repository.rb b/app/models/repository.rb
index 9d45a12fa6e..561c6579086 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -239,13 +239,13 @@ class Repository
   def branch_exists?(branch_name)
     return false unless raw_repository
 
-    branch_names.include?(branch_name)
+    branch_names_include?(branch_name)
   end
 
   def tag_exists?(tag_name)
     return false unless raw_repository
 
-    tag_names.include?(tag_name)
+    tag_names_include?(tag_name)
   end
 
   def ref_exists?(ref)
@@ -561,10 +561,10 @@ class Repository
   end
 
   delegate :branch_names, to: :raw_repository
-  cache_method :branch_names, fallback: []
+  cache_method_as_redis_set :branch_names, fallback: []
 
   delegate :tag_names, to: :raw_repository
-  cache_method :tag_names, fallback: []
+  cache_method_as_redis_set :tag_names, fallback: []
 
   delegate :branch_count, :tag_count, :has_visible_content?, to: :raw_repository
   cache_method :branch_count, fallback: 0
@@ -1126,6 +1126,10 @@ class Repository
     @cache ||= Gitlab::RepositoryCache.new(self)
   end
 
+  def redis_set_cache
+    @redis_set_cache ||= Gitlab::RepositorySetCache.new(self)
+  end
+
   def request_store_cache
     @request_store_cache ||= Gitlab::RepositoryCache.new(self, backend: Gitlab::SafeRequestStore)
   end
-- 
cgit v1.2.1


From c0769b308a9df0de6374c480310c41c990bc7cc1 Mon Sep 17 00:00:00 2001
From: Thomas Randolph <trandolph@gitlab.com>
Date: Mon, 12 Aug 2019 19:20:15 -0600
Subject: Make all of the discussion toggle clickable

---
 app/assets/javascripts/diffs/components/app.vue | 2 +-
 app/assets/stylesheets/pages/diff.scss          | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/diffs/components/app.vue b/app/assets/javascripts/diffs/components/app.vue
index 81da0754752..19b85710710 100644
--- a/app/assets/javascripts/diffs/components/app.vue
+++ b/app/assets/javascripts/diffs/components/app.vue
@@ -305,7 +305,7 @@ export default {
         <div
           v-show="showTreeList"
           :style="{ width: `${treeWidth}px` }"
-          class="diff-tree-list js-diff-tree-list"
+          class="diff-tree-list js-diff-tree-list mr-3"
         >
           <panel-resizer
             :size.sync="treeWidth"
diff --git a/app/assets/stylesheets/pages/diff.scss b/app/assets/stylesheets/pages/diff.scss
index ffb27e54f34..77a2fd6b876 100644
--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -1032,7 +1032,6 @@ table.code {
   $top-pos: $header-height + $mr-tabs-height + $mr-version-controls-height + 10px;
   top: $header-height + $mr-tabs-height + $mr-version-controls-height + 10px;
   max-height: calc(100vh - #{$top-pos});
-  padding-right: $gl-padding;
   z-index: 202;
 
   .with-performance-bar & {
@@ -1043,7 +1042,7 @@ table.code {
 
   .drag-handle {
     bottom: 16px;
-    transform: translateX(-6px);
+    transform: translateX(10px);
   }
 }
 
-- 
cgit v1.2.1


From 1d5624f0e30a1975e3b2c89f5666e5a939630012 Mon Sep 17 00:00:00 2001
From: Donald Cook <dcook@gitlab.com>
Date: Sat, 17 Aug 2019 08:22:43 -0500
Subject: Backport: Fixed sidebar assignees scrolling bug

---
 app/assets/stylesheets/pages/issuable.scss | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index 66b4f3bad2b..fa52ce6402d 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -522,6 +522,7 @@
     }
 
     .multiple-users {
+      position: relative;
       height: 24px;
       margin-bottom: 17px;
       margin-top: 4px;
-- 
cgit v1.2.1


From b46b9d5e89d54cf1e374a014f0d523735c82ab8c Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 17 Aug 2019 00:42:23 -0700
Subject: Fix pipelines not always being created after a push

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31741 introduced
a regression where not all the right parameters would be passed into
`Ci::CreatePipelineService`. We fix this by breaking out the pipeline
parameters and reusing a method from `Gitlab::DataBuilder::Push`.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66196
---
 app/services/git/base_hooks_service.rb | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'app')

diff --git a/app/services/git/base_hooks_service.rb b/app/services/git/base_hooks_service.rb
index 3fd38444196..47c308c8280 100644
--- a/app/services/git/base_hooks_service.rb
+++ b/app/services/git/base_hooks_service.rb
@@ -56,7 +56,7 @@ module Git
       return unless params.fetch(:create_pipelines, true)
 
       Ci::CreatePipelineService
-        .new(project, current_user, base_params)
+        .new(project, current_user, pipeline_params)
         .execute(:push, pipeline_options)
     end
 
@@ -75,24 +75,29 @@ module Git
       ProjectCacheWorker.perform_async(project.id, file_types, [], false)
     end
 
-    def base_params
+    def pipeline_params
       {
-        oldrev: params[:oldrev],
-        newrev: params[:newrev],
+        before: params[:oldrev],
+        after: params[:newrev],
         ref: params[:ref],
-        push_options: params[:push_options] || {}
+        push_options: params[:push_options] || {},
+        checkout_sha: Gitlab::DataBuilder::Push.checkout_sha(
+          project.repository, params[:newrev], params[:ref])
       }
     end
 
     def push_data_params(commits:, with_changed_files: true)
-      base_params.merge(
+      {
+        oldrev: params[:oldrev],
+        newrev: params[:newrev],
+        ref: params[:ref],
         project: project,
         user: current_user,
         commits: commits,
         message: event_message,
         commits_count: commits_count,
         with_changed_files: with_changed_files
-      )
+      }
     end
 
     def event_push_data
-- 
cgit v1.2.1


From 8463b21982e82ccb8903c8470bd5986d9804c335 Mon Sep 17 00:00:00 2001
From: Jacopo <beschi.jacopo@gmail.com>
Date: Fri, 2 Aug 2019 12:23:52 +0200
Subject: Improve system notes for Zoom links

changes: @user a Zoom call was added to this issue
into: @user added a Zoom call to this issue

Same concept appleis for "removed"
---
 app/services/system_note_service.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index e30debbbe75..ee7223d6349 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -598,11 +598,11 @@ module SystemNoteService
   end
 
   def zoom_link_added(issue, project, author)
-    create_note(NoteSummary.new(issue, project, author, _('a Zoom call was added to this issue'), action: 'pinned_embed'))
+    create_note(NoteSummary.new(issue, project, author, _('added a Zoom call to this issue'), action: 'pinned_embed'))
   end
 
   def zoom_link_removed(issue, project, author)
-    create_note(NoteSummary.new(issue, project, author, _('a Zoom call was removed from this issue'), action: 'pinned_embed'))
+    create_note(NoteSummary.new(issue, project, author, _('removed a Zoom call from this issue'), action: 'pinned_embed'))
   end
 
   private
-- 
cgit v1.2.1


From 5088e316d25fc2a7d61a253e467d551e4888628e Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Thu, 15 Aug 2019 14:27:55 +0800
Subject: Replace inline scripts in links to prevent default

Use buttons instead of links with javascript:void(0)
---
 app/assets/javascripts/members.js                    | 2 ++
 app/views/projects/commit/_ajax_signature.html.haml  | 2 +-
 app/views/projects/commit/_signature_badge.html.haml | 2 +-
 app/views/shared/members/_group.html.haml            | 2 +-
 app/views/shared/members/_member.html.haml           | 2 +-
 5 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/members.js b/app/assets/javascripts/members.js
index af2697444f2..d719fd8748d 100644
--- a/app/assets/javascripts/members.js
+++ b/app/assets/javascripts/members.js
@@ -17,6 +17,8 @@ export default class Members {
   }
 
   dropdownClicked(options) {
+    options.e.preventDefault();
+
     this.formSubmit(null, options.$el);
   }
 
diff --git a/app/views/projects/commit/_ajax_signature.html.haml b/app/views/projects/commit/_ajax_signature.html.haml
index ae9aef5a9b0..e1bf0940f59 100644
--- a/app/views/projects/commit/_ajax_signature.html.haml
+++ b/app/views/projects/commit/_ajax_signature.html.haml
@@ -1,2 +1,2 @@
 - if commit.has_signature?
-  %a{ href: 'javascript:void(0)', tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }
+  %button{ tabindex: 0, class: commit_signature_badge_classes('js-loading-gpg-badge'), data: { toggle: 'tooltip', placement: 'top', title: _('GPG signature (loading...)'), 'commit-sha' => commit.sha } }
diff --git a/app/views/projects/commit/_signature_badge.html.haml b/app/views/projects/commit/_signature_badge.html.haml
index 1331fa179fc..cbd998c60ef 100644
--- a/app/views/projects/commit/_signature_badge.html.haml
+++ b/app/views/projects/commit/_signature_badge.html.haml
@@ -24,5 +24,5 @@
 
   = link_to(_('Learn more about signing commits'), help_page_path('user/project/repository/gpg_signed_commits/index.md'), class: 'gpg-popover-help-link')
 
-%a{ href: 'javascript:void(0)', tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
+%button{ tabindex: 0, class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'top', title: title, content: content } }
   = label
diff --git a/app/views/shared/members/_group.html.haml b/app/views/shared/members/_group.html.haml
index e83ca5eaab8..42a823e3a8d 100644
--- a/app/views/shared/members/_group.html.haml
+++ b/app/views/shared/members/_group.html.haml
@@ -32,7 +32,7 @@
             %ul
               - Gitlab::Access.options.each do |role, role_id|
                 %li
-                  = link_to role, "javascript:void(0)",
+                  = link_to role, '#',
                     class: ("is-active" if group_link.group_access == role_id),
                     data: { id: role_id, el_id: dom_id }
       .clearable-input.member-form-control.d-sm-inline-block
diff --git a/app/views/shared/members/_member.html.haml b/app/views/shared/members/_member.html.haml
index 331283f7eec..6762f211a80 100644
--- a/app/views/shared/members/_member.html.haml
+++ b/app/views/shared/members/_member.html.haml
@@ -82,7 +82,7 @@
                   %ul
                     - member.valid_level_roles.each do |role, role_id|
                       %li
-                        = link_to role, "javascript:void(0)",
+                        = link_to role, '#',
                           class: ("is-active" if member.access_level == role_id),
                           data: { id: role_id, el_id: dom_id(member) }
                     = render_if_exists 'shared/members/ee/revert_ldap_group_sync_option',
-- 
cgit v1.2.1


From 5e8f16bd00e7ed67f92ee3ea86381758ecc23585 Mon Sep 17 00:00:00 2001
From: Ezekiel Kigbo <ekigbo@gitlab.com>
Date: Mon, 19 Aug 2019 06:51:06 +0000
Subject: Move cycle analytics stages templates to vue

The existing stage list items are rendered
in haml, migrating them to vuejs for future
work.

Fix alignment of median value

Test for stage_nav_item.vue
---
 .../components/stage_card_list_item.vue            | 41 ++++++++++
 .../cycle_analytics/components/stage_nav_item.vue  | 88 ++++++++++++++++++++++
 .../cycle_analytics/cycle_analytics_bundle.js      |  2 +
 app/assets/stylesheets/pages/cycle_analytics.scss  | 50 +++---------
 app/views/projects/cycle_analytics/show.html.haml  | 29 +++----
 5 files changed, 150 insertions(+), 60 deletions(-)
 create mode 100644 app/assets/javascripts/cycle_analytics/components/stage_card_list_item.vue
 create mode 100644 app/assets/javascripts/cycle_analytics/components/stage_nav_item.vue

(limited to 'app')

diff --git a/app/assets/javascripts/cycle_analytics/components/stage_card_list_item.vue b/app/assets/javascripts/cycle_analytics/components/stage_card_list_item.vue
new file mode 100644
index 00000000000..d946594a069
--- /dev/null
+++ b/app/assets/javascripts/cycle_analytics/components/stage_card_list_item.vue
@@ -0,0 +1,41 @@
+<script>
+import Icon from '~/vue_shared/components/icon.vue';
+import { GlButton } from '@gitlab/ui';
+
+export default {
+  name: 'StageCardListItem',
+  components: {
+    Icon,
+    GlButton,
+  },
+  props: {
+    isActive: {
+      type: Boolean,
+      required: true,
+    },
+    canEdit: {
+      type: Boolean,
+      default: false,
+      required: false,
+    },
+  },
+};
+</script>
+
+<template>
+  <div :class="{ active: isActive }" class="stage-nav-item d-flex pl-4 pr-4 m-0 mb-1 ml-2 rounded">
+    <slot></slot>
+    <div v-if="canEdit" class="dropdown">
+      <gl-button
+        :title="__('More actions')"
+        class="more-actions-toggle btn btn-transparent p-0"
+        data-toggle="dropdown"
+      >
+        <icon css-classes="icon" name="ellipsis_v" />
+      </gl-button>
+      <ul class="more-actions-dropdown dropdown-menu dropdown-open-left">
+        <slot name="dropdown-options"></slot>
+      </ul>
+    </div>
+  </div>
+</template>
diff --git a/app/assets/javascripts/cycle_analytics/components/stage_nav_item.vue b/app/assets/javascripts/cycle_analytics/components/stage_nav_item.vue
new file mode 100644
index 00000000000..004d335f572
--- /dev/null
+++ b/app/assets/javascripts/cycle_analytics/components/stage_nav_item.vue
@@ -0,0 +1,88 @@
+<script>
+import StageCardListItem from './stage_card_list_item.vue';
+
+export default {
+  name: 'StageNavItem',
+  components: {
+    StageCardListItem,
+  },
+  props: {
+    isDefaultStage: {
+      type: Boolean,
+      default: false,
+      required: false,
+    },
+    isActive: {
+      type: Boolean,
+      default: false,
+      required: false,
+    },
+    isUserAllowed: {
+      type: Boolean,
+      required: true,
+    },
+    title: {
+      type: String,
+      required: true,
+    },
+    value: {
+      type: String,
+      default: '',
+      required: false,
+    },
+    canEdit: {
+      type: Boolean,
+      default: false,
+      required: false,
+    },
+  },
+  computed: {
+    hasValue() {
+      return this.value && this.value.length > 0;
+    },
+    editable() {
+      return this.isUserAllowed && this.canEdit;
+    },
+  },
+};
+</script>
+
+<template>
+  <li @click="$emit('select')">
+    <stage-card-list-item :is-active="isActive" :can-edit="editable">
+      <div class="stage-nav-item-cell stage-name p-0" :class="{ 'font-weight-bold': isActive }">
+        {{ title }}
+      </div>
+      <div class="stage-nav-item-cell stage-median mr-4">
+        <template v-if="isUserAllowed">
+          <span v-if="hasValue">{{ value }}</span>
+          <span v-else class="stage-empty">{{ __('Not enough data') }}</span>
+        </template>
+        <template v-else>
+          <span class="not-available">{{ __('Not available') }}</span>
+        </template>
+      </div>
+      <template v-slot:dropdown-options>
+        <template v-if="isDefaultStage">
+          <li>
+            <button type="button" class="btn-default btn-transparent">
+              {{ __('Hide stage') }}
+            </button>
+          </li>
+        </template>
+        <template v-else>
+          <li>
+            <button type="button" class="btn-default btn-transparent">
+              {{ __('Edit stage') }}
+            </button>
+          </li>
+          <li>
+            <button type="button" class="btn-danger danger">
+              {{ __('Remove stage') }}
+            </button>
+          </li>
+        </template>
+      </template>
+    </stage-card-list-item>
+  </li>
+</template>
diff --git a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
index 671405602cc..b3ae47af750 100644
--- a/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
+++ b/app/assets/javascripts/cycle_analytics/cycle_analytics_bundle.js
@@ -12,6 +12,7 @@ import stageComponent from './components/stage_component.vue';
 import stageReviewComponent from './components/stage_review_component.vue';
 import stageStagingComponent from './components/stage_staging_component.vue';
 import stageTestComponent from './components/stage_test_component.vue';
+import stageNavItem from './components/stage_nav_item.vue';
 import CycleAnalyticsService from './cycle_analytics_service';
 import CycleAnalyticsStore from './cycle_analytics_store';
 
@@ -41,6 +42,7 @@ export default () => {
         import('ee_component/analytics/shared/components/projects_dropdown_filter.vue'),
       DateRangeDropdown: () =>
         import('ee_component/analytics/shared/components/date_range_dropdown.vue'),
+      'stage-nav-item': stageNavItem,
     },
     mixins: [filterMixins],
     data() {
diff --git a/app/assets/stylesheets/pages/cycle_analytics.scss b/app/assets/stylesheets/pages/cycle_analytics.scss
index 2b932d164a5..d80155a416d 100644
--- a/app/assets/stylesheets/pages/cycle_analytics.scss
+++ b/app/assets/stylesheets/pages/cycle_analytics.scss
@@ -51,27 +51,19 @@
     }
 
     .stage-header {
-      width: 26%;
-      padding-left: $gl-padding;
+      width: 18.5%;
     }
 
     .median-header {
-      width: 14%;
+      width: 21.5%;
     }
 
     .event-header {
       width: 45%;
-      padding-left: $gl-padding;
     }
 
     .total-time-header {
       width: 15%;
-      text-align: right;
-      padding-right: $gl-padding;
-    }
-
-    .stage-name {
-      font-weight: $gl-font-weight-bold;
     }
   }
 
@@ -153,23 +145,13 @@
     }
 
     .stage-nav-item {
-      display: flex;
       line-height: 65px;
-      border-top: 1px solid transparent;
-      border-bottom: 1px solid transparent;
-      border-right: 1px solid $border-color;
-      background-color: $gray-light;
+      border: 1px solid $border-color;
 
       &.active {
-        background-color: transparent;
-        border-right-color: transparent;
-        border-top-color: $border-color;
-        border-bottom-color: $border-color;
-        box-shadow: inset 2px 0 0 0 $blue-500;
-
-        .stage-name {
-          font-weight: $gl-font-weight-bold;
-        }
+        background: $blue-50;
+        border-color: $blue-300;
+        box-shadow: inset 4px 0 0 0 $blue-500;
       }
 
       &:hover:not(.active) {
@@ -178,24 +160,12 @@
         cursor: pointer;
       }
 
-      &:first-child {
-        border-top: 0;
-      }
-
-      &:last-child {
-        border-bottom: 0;
-      }
-
-      .stage-nav-item-cell {
-        &.stage-median {
-          margin-left: auto;
-          margin-right: $gl-padding;
-          min-width: calc(35% - #{$gl-padding});
-        }
+      .stage-nav-item-cell.stage-name {
+        width: 44.5%;
       }
 
-      .stage-name {
-        padding-left: 16px;
+      .stage-nav-item-cell.stage-median {
+        min-width: 43%;
       }
 
       .stage-empty,
diff --git a/app/views/projects/cycle_analytics/show.html.haml b/app/views/projects/cycle_analytics/show.html.haml
index 59f0afd59e6..2b594c125f4 100644
--- a/app/views/projects/cycle_analytics/show.html.haml
+++ b/app/views/projects/cycle_analytics/show.html.haml
@@ -34,40 +34,29 @@
                       {{ n__('Last %d day', 'Last %d days', 90) }}
     .stage-panel-container
       .card.stage-panel
-        .card-header
+        .card-header.border-bottom-0
           %nav.col-headers
             %ul
-              %li.stage-header
-                %span.stage-name
+              %li.stage-header.pl-5
+                %span.stage-name.font-weight-bold
                   {{ s__('ProjectLifecycle|Stage') }}
                 %i.has-tooltip.fa.fa-question-circle{ "data-placement" => "top", title: _("The phase of the development lifecycle."), "aria-hidden" => "true" }
               %li.median-header
-                %span.stage-name
+                %span.stage-name.font-weight-bold
                   {{ __('Median') }}
                 %i.has-tooltip.fa.fa-question-circle{ "data-placement" => "top", title: _("The value lying at the midpoint of a series of observed values. E.g., between 3, 5, 9, the median is 5. Between 3, 5, 7, 8, the median is (5+7)/2 = 6."), "aria-hidden" => "true" }
-              %li.event-header
-                %span.stage-name
+              %li.event-header.pl-3
+                %span.stage-name.font-weight-bold
                   {{ currentStage ? __(currentStage.legend) : __('Related Issues') }}
                 %i.has-tooltip.fa.fa-question-circle{ "data-placement" => "top", title: _("The collection of events added to the data gathered for that stage."), "aria-hidden" => "true" }
-              %li.total-time-header
-                %span.stage-name
+              %li.total-time-header.pr-5.text-right
+                %span.stage-name.font-weight-bold
                   {{ __('Total Time') }}
                 %i.has-tooltip.fa.fa-question-circle{ "data-placement" => "top", title: _("The time taken by each data entry gathered by that stage."), "aria-hidden" => "true" }
         .stage-panel-body
           %nav.stage-nav
             %ul
-              %li.stage-nav-item{ ':class' => '{ active: stage.active }', '@click' => 'selectStage(stage)', "v-for" => "stage in state.stages" }
-                .stage-nav-item-cell.stage-name
-                  {{ stage.title }}
-                .stage-nav-item-cell.stage-median
-                  %template{ "v-if" => "stage.isUserAllowed" }
-                    %span{ "v-if" => "stage.value" }
-                      {{ stage.value }}
-                    %span.stage-empty{ "v-else" => true }
-                      {{ __('Not enough data') }}
-                  %template{ "v-else" => true }
-                    %span.not-available
-                      {{ __('Not available') }}
+              %stage-nav-item{ "v-for" => "stage in state.stages", ":key" => '`ca-stage-title-${stage.title}`', '@select' => 'selectStage(stage)', ":title" => "stage.title", ":is-user-allowed" => "stage.isUserAllowed", ":value" => "stage.value", ":is-active" => "stage.active" }
           .section.stage-events
             %template{ "v-if" => "isLoadingStage" }
               = icon("spinner spin")
-- 
cgit v1.2.1


From cf88f9dda13d15ab7f773f57c6e844691fd1a496 Mon Sep 17 00:00:00 2001
From: Himanshu Kapoor <hkapoor@gitlab.com>
Date: Wed, 14 Aug 2019 15:25:40 +0530
Subject: Add new API method: projectUsers

The new API method projectUsers gets all the users
added to a particular project.
---
 app/assets/javascripts/api.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'app')

diff --git a/app/assets/javascripts/api.js b/app/assets/javascripts/api.js
index a649c521405..136ffdf8b9d 100644
--- a/app/assets/javascripts/api.js
+++ b/app/assets/javascripts/api.js
@@ -14,6 +14,7 @@ const Api = {
   projectPath: '/api/:version/projects/:id',
   forkedProjectsPath: '/api/:version/projects/:id/forks',
   projectLabelsPath: '/:namespace_path/:project_path/-/labels',
+  projectUsersPath: '/api/:version/projects/:id/users',
   projectMergeRequestsPath: '/api/:version/projects/:id/merge_requests',
   projectMergeRequestPath: '/api/:version/projects/:id/merge_requests/:mrid',
   projectMergeRequestChangesPath: '/api/:version/projects/:id/merge_requests/:mrid/changes',
@@ -108,6 +109,20 @@ const Api = {
       });
   },
 
+  projectUsers(projectPath, query = '', options = {}) {
+    const url = Api.buildUrl(this.projectUsersPath).replace(':id', encodeURIComponent(projectPath));
+
+    return axios
+      .get(url, {
+        params: {
+          search: query,
+          per_page: 20,
+          ...options,
+        },
+      })
+      .then(({ data }) => data);
+  },
+
   // Return single project
   project(projectPath) {
     const url = Api.buildUrl(Api.projectPath).replace(':id', encodeURIComponent(projectPath));
-- 
cgit v1.2.1


From 6f1985833eab65a90d885b53026af1d694aae628 Mon Sep 17 00:00:00 2001
From: Kushal Pandya <kushalspandya@gmail.com>
Date: Wed, 7 Aug 2019 20:05:46 +0530
Subject: Add `autofocus` directive for input elements

---
 .../vue_shared/directives/autofocusonshow.js       | 39 ++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 app/assets/javascripts/vue_shared/directives/autofocusonshow.js

(limited to 'app')

diff --git a/app/assets/javascripts/vue_shared/directives/autofocusonshow.js b/app/assets/javascripts/vue_shared/directives/autofocusonshow.js
new file mode 100644
index 00000000000..4659ec20ceb
--- /dev/null
+++ b/app/assets/javascripts/vue_shared/directives/autofocusonshow.js
@@ -0,0 +1,39 @@
+/**
+ * Input/Textarea Autofocus Directive for Vue
+ */
+export default {
+  /**
+   * Set focus when element is rendered, but
+   * is not visible, using IntersectionObserver
+   *
+   * @param {Element} el Target element
+   */
+  inserted(el) {
+    if ('IntersectionObserver' in window) {
+      // Element visibility is dynamic, so we attach observer
+      el.visibilityObserver = new IntersectionObserver(entries => {
+        entries.forEach(entry => {
+          // Combining `intersectionRatio > 0` and
+          // element's `offsetParent` presence will
+          // deteremine if element is truely visible
+          if (entry.intersectionRatio > 0 && entry.target.offsetParent) {
+            entry.target.focus();
+          }
+        });
+      });
+
+      // Bind the observer.
+      el.visibilityObserver.observe(el, { root: document.documentElement });
+    }
+  },
+  /**
+   * Detach observer on unbind hook.
+   *
+   * @param {Element} el Target element
+   */
+  unbind(el) {
+    if (el.visibilityObserver) {
+      el.visibilityObserver.disconnect();
+    }
+  },
+};
-- 
cgit v1.2.1


From bab522d48c76ab3ede544f4d628b42bb296bc06d Mon Sep 17 00:00:00 2001
From: Vladimir Shushlin <v.shushlin@gmail.com>
Date: Tue, 13 Aug 2019 20:14:13 +0300
Subject: Add warning when LE certificate can't be obtained

* Refactor some tests as well
---
 .../projects/pages_domains/_certificate.html.haml      | 18 ++++++++++++++++++
 app/views/projects/pages_domains/show.html.haml        |  7 +------
 2 files changed, 19 insertions(+), 6 deletions(-)
 create mode 100644 app/views/projects/pages_domains/_certificate.html.haml

(limited to 'app')

diff --git a/app/views/projects/pages_domains/_certificate.html.haml b/app/views/projects/pages_domains/_certificate.html.haml
new file mode 100644
index 00000000000..42631fca5e8
--- /dev/null
+++ b/app/views/projects/pages_domains/_certificate.html.haml
@@ -0,0 +1,18 @@
+- if @domain.auto_ssl_enabled?
+  - if @domain.enabled?
+    - if @domain.certificate_text
+      %pre
+        = @domain.certificate_text
+    - else
+      .bs-callout.bs-callout-info
+        = _("GitLab is obtaining a Let's Encrypt SSL certificate for this domain. This process can take some time. Please try again later.")
+  - else
+    .bs-callout.bs-callout-warning
+      = _("A Let's Encrypt SSL certificate can not be obtained until your domain is verified.")
+- else
+  - if @domain.certificate_text
+    %pre
+      = @domain.certificate_text
+  - else
+    .light
+      = _("missing")
diff --git a/app/views/projects/pages_domains/show.html.haml b/app/views/projects/pages_domains/show.html.haml
index e9019175219..d0b54946f7e 100644
--- a/app/views/projects/pages_domains/show.html.haml
+++ b/app/views/projects/pages_domains/show.html.haml
@@ -60,9 +60,4 @@
       %td
         = _("Certificate")
       %td
-        - if @domain.certificate_text
-          %pre
-            = @domain.certificate_text
-        - else
-          .light
-            = _("missing")
+        = render 'certificate'
-- 
cgit v1.2.1


From fb93142488cfb79bac45f184b7945018550bf326 Mon Sep 17 00:00:00 2001
From: Felipe Artur <felipefac@gmail.com>
Date: Thu, 8 Aug 2019 16:29:45 -0300
Subject: Prevent disclosure of merge request id via email

Do not disclosure merge request id via email for unauthorized users
when closing issues.
---
 app/helpers/emails_helper.rb | 4 ++++
 app/mailers/emails/issues.rb | 2 ++
 2 files changed, 6 insertions(+)

(limited to 'app')

diff --git a/app/helpers/emails_helper.rb b/app/helpers/emails_helper.rb
index 36122d3a22a..23596769738 100644
--- a/app/helpers/emails_helper.rb
+++ b/app/helpers/emails_helper.rb
@@ -90,6 +90,8 @@ module EmailsHelper
     when MergeRequest
       merge_request = MergeRequest.find(closed_via[:id]).present
 
+      return "" unless Ability.allowed?(@recipient, :read_merge_request, merge_request)
+
       case format
       when :html
         merge_request_link = link_to(merge_request.to_reference, merge_request.web_url)
@@ -102,6 +104,8 @@ module EmailsHelper
       # Technically speaking this should be Commit but per
       # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/15610#note_163812339
       # we can't deserialize Commit without custom serializer for ActiveJob
+      return "" unless Ability.allowed?(@recipient, :download_code, @project)
+
       _("via %{closed_via}") % { closed_via: closed_via }
     else
       ""
diff --git a/app/mailers/emails/issues.rb b/app/mailers/emails/issues.rb
index f3a3203f7ad..0bba2a8bf24 100644
--- a/app/mailers/emails/issues.rb
+++ b/app/mailers/emails/issues.rb
@@ -34,6 +34,8 @@ module Emails
       setup_issue_mail(issue_id, recipient_id, closed_via: closed_via)
 
       @updated_by = User.find(updated_by_user_id)
+      @recipient = User.find(recipient_id)
+
       mail_answer_thread(@issue, issue_thread_options(updated_by_user_id, recipient_id, reason))
     end
 
-- 
cgit v1.2.1


From 4fdc34c10950863ad04a68dc2117371c95db7478 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Mon, 19 Aug 2019 09:00:10 -0500
Subject: Fix mergeUrlParams handling of `+`

**What was the issue?**
If a param value had `+`, it would be encoded as a
literal `+` instead of a space.
---
 app/assets/javascripts/lib/utils/url_utility.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js
index 1336b6a5461..7ead9d46fbb 100644
--- a/app/assets/javascripts/lib/utils/url_utility.js
+++ b/app/assets/javascripts/lib/utils/url_utility.js
@@ -1,5 +1,11 @@
 import { join as joinPaths } from 'path';
 
+// Returns a decoded url parameter value
+// - Treats '+' as '%20'
+function decodeUrlParameter(val) {
+  return decodeURIComponent(val.replace(/\+/g, '%20'));
+}
+
 // Returns an array containing the value(s) of the
 // of the key passed as an argument
 export function getParameterValues(sParam, url = window.location) {
@@ -30,7 +36,7 @@ export function mergeUrlParams(params, url) {
       .forEach(part => {
         if (part.length) {
           const kv = part.split('=');
-          merged[decodeURIComponent(kv[0])] = decodeURIComponent(kv.slice(1).join('='));
+          merged[decodeUrlParameter(kv[0])] = decodeUrlParameter(kv.slice(1).join('='));
         }
       });
   }
-- 
cgit v1.2.1


From 250318cfee658ee42594fb594b997949fa9a3dbd Mon Sep 17 00:00:00 2001
From: jakeburden <jburden@gitlab.com>
Date: Fri, 16 Aug 2019 10:15:50 -0400
Subject: Update tooltip of "detached" label/state

---
 app/assets/javascripts/pipelines/components/pipeline_url.vue | 2 +-
 app/views/projects/pipelines/_info.html.haml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/pipelines/components/pipeline_url.vue b/app/assets/javascripts/pipelines/components/pipeline_url.vue
index e01080b04d6..4efc1d2408a 100644
--- a/app/assets/javascripts/pipelines/components/pipeline_url.vue
+++ b/app/assets/javascripts/pipelines/components/pipeline_url.vue
@@ -104,7 +104,7 @@ export default {
         v-gl-tooltip
         :title="
           __(
-            'The code of a detached pipeline is tested against the source branch instead of merged results',
+            'Pipelines for merge requests are configured. A detached pipeline runs in the context of the merge request, and not against the merged result. Learn more on the documentation for Pipelines for Merged Results.',
           )
         "
         class="js-pipeline-url-detached badge badge-info"
diff --git a/app/views/projects/pipelines/_info.html.haml b/app/views/projects/pipelines/_info.html.haml
index 2b56ada8b73..862dc394315 100644
--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -43,7 +43,7 @@
       } }
         Auto DevOps
     - if @pipeline.detached_merge_request_pipeline?
-      %span.js-pipeline-url-mergerequest.badge.badge-info.has-tooltip{ title: "The code of a detached pipeline is tested against the source branch instead of merged results" }
+      %span.js-pipeline-url-mergerequest.badge.badge-info.has-tooltip{ title: "Pipelines for merge requests are configured. A detached pipeline runs in the context of the merge request, and not against the merged result. Learn more on the documentation for Pipelines for Merged Results." }
         detached
     - if @pipeline.stuck?
       %span.js-pipeline-url-stuck.badge.badge-warning
-- 
cgit v1.2.1


From a59c9a137eb0a141bebdd0fffcb2e14fab54c4b5 Mon Sep 17 00:00:00 2001
From: jakeburden <jburden@gitlab.com>
Date: Mon, 19 Aug 2019 15:02:36 -0400
Subject: Mark detached tooltip for translation

---
 app/views/projects/pipelines/_info.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/projects/pipelines/_info.html.haml b/app/views/projects/pipelines/_info.html.haml
index 862dc394315..9614f33fe2f 100644
--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -43,7 +43,7 @@
       } }
         Auto DevOps
     - if @pipeline.detached_merge_request_pipeline?
-      %span.js-pipeline-url-mergerequest.badge.badge-info.has-tooltip{ title: "Pipelines for merge requests are configured. A detached pipeline runs in the context of the merge request, and not against the merged result. Learn more on the documentation for Pipelines for Merged Results." }
+      %span.js-pipeline-url-mergerequest.badge.badge-info.has-tooltip{ title: _('Pipelines for merge requests are configured. A detached pipeline runs in the context of the merge request, and not against the merged result. Learn more on the documentation for Pipelines for Merged Results.') }
         detached
     - if @pipeline.stuck?
       %span.js-pipeline-url-stuck.badge.badge-warning
-- 
cgit v1.2.1


From bf1f3e1d2ee62b8057407215adcc157069df609f Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Fri, 16 Aug 2019 13:42:27 +0300
Subject: Remove obsolete CSS and fix icon alignment

---
 app/assets/stylesheets/pages/reports.scss | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/pages/reports.scss b/app/assets/stylesheets/pages/reports.scss
index 85e9f303dde..0fbf7033aa5 100644
--- a/app/assets/stylesheets/pages/reports.scss
+++ b/app/assets/stylesheets/pages/reports.scss
@@ -48,11 +48,6 @@
     padding: $gl-padding-top $gl-padding;
     border-top: 1px solid $border-color;
   }
-
-  .report-block-list-icon .loading-container {
-    position: relative;
-    left: -2px;
-  }
 }
 
 .report-block-container {
-- 
cgit v1.2.1


From 2067f677df69200338d8d2b78f239759fc293fee Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Mon, 19 Aug 2019 17:33:07 -0300
Subject: Fix N+1s queries while loading users

---
 app/controllers/projects/starrers_controller.rb | 4 ++--
 app/models/users_star_project.rb                | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/projects/starrers_controller.rb b/app/controllers/projects/starrers_controller.rb
index e4093bed0ef..4efe956e973 100644
--- a/app/controllers/projects/starrers_controller.rb
+++ b/app/controllers/projects/starrers_controller.rb
@@ -5,11 +5,11 @@ class Projects::StarrersController < Projects::ApplicationController
 
   def index
     @starrers = UsersStarProjectsFinder.new(@project, params, current_user: @current_user).execute
+    @sort = params[:sort].presence || sort_value_name
+    @starrers = @starrers.preload_users.sort_by_attribute(@sort).page(params[:page])
     @public_count  = @project.starrers.with_public_profile.size
     @total_count   = @project.starrers.size
     @private_count = @total_count - @public_count
-    @sort = params[:sort].presence || sort_value_name
-    @starrers = @starrers.sort_by_attribute(@sort).page(params[:page])
   end
 
   private
diff --git a/app/models/users_star_project.rb b/app/models/users_star_project.rb
index 3c7a805cc5c..c633e2d8b3d 100644
--- a/app/models/users_star_project.rb
+++ b/app/models/users_star_project.rb
@@ -17,6 +17,7 @@ class UsersStarProject < ApplicationRecord
   scope :by_project, -> (project) { where(project_id: project.id) }
   scope :with_visible_profile, -> (user) { joins(:user).merge(User.with_visible_profile(user)) }
   scope :with_public_profile, -> { joins(:user).merge(User.with_public_profile) }
+  scope :preload_users, -> { preload(:user) }
 
   class << self
     def sort_by_attribute(method)
-- 
cgit v1.2.1


From 99897d41fc0ba99d5be46ab2787df3279b1ce81b Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Fri, 16 Aug 2019 05:52:15 +0300
Subject: Update file row styling

---
 app/assets/javascripts/vue_shared/components/file_row.vue | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_shared/components/file_row.vue b/app/assets/javascripts/vue_shared/components/file_row.vue
index fe5289ff371..f49e69c473b 100644
--- a/app/assets/javascripts/vue_shared/components/file_row.vue
+++ b/app/assets/javascripts/vue_shared/components/file_row.vue
@@ -146,6 +146,7 @@ export default {
         <span ref="textOutput" :style="levelIndentation" class="file-row-name str-truncated">
           <file-icon
             v-if="!showChangedIcon || file.type === 'tree'"
+            class="file-row-icon"
             :file-name="file.name"
             :loading="file.loading"
             :folder="isTree"
@@ -223,13 +224,8 @@ export default {
   white-space: nowrap;
 }
 
-.file-row-name svg {
+.file-row-name .file-row-icon {
   margin-right: 2px;
   vertical-align: middle;
 }
-
-.file-row-name .loading-container {
-  display: inline-block;
-  margin-right: 4px;
-}
 </style>
-- 
cgit v1.2.1


From 92ac94c26e408842c6dfa44aae93e147a0f3d8f8 Mon Sep 17 00:00:00 2001
From: Krasimir Angelov <kangelov@gitlab.com>
Date: Tue, 20 Aug 2019 12:28:55 +0300
Subject: Replace finished_at with deployed_at for Deployment entity

Instead of `finished_at` attribute use `deployed_at` methods which also
takes into account the deployment status.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/56130.
---
 app/serializers/deployment_entity.rb     | 2 +-
 app/serializers/deployment_serializer.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/serializers/deployment_entity.rb b/app/serializers/deployment_entity.rb
index 6e91317eb20..d6466ad1cdd 100644
--- a/app/serializers/deployment_entity.rb
+++ b/app/serializers/deployment_entity.rb
@@ -18,7 +18,7 @@ class DeploymentEntity < Grape::Entity
   end
 
   expose :created_at
-  expose :finished_at
+  expose :deployed_at
   expose :tag
   expose :last?
   expose :user, using: UserEntity
diff --git a/app/serializers/deployment_serializer.rb b/app/serializers/deployment_serializer.rb
index 3fd3e1b9cc8..b48037dd53f 100644
--- a/app/serializers/deployment_serializer.rb
+++ b/app/serializers/deployment_serializer.rb
@@ -4,7 +4,7 @@ class DeploymentSerializer < BaseSerializer
   entity DeploymentEntity
 
   def represent_concise(resource, opts = {})
-    opts[:only] = [:iid, :id, :sha, :created_at, :finished_at, :tag, :last?, :id, ref: [:name]]
+    opts[:only] = [:iid, :id, :sha, :created_at, :deployed_at, :tag, :last?, :id, ref: [:name]]
     represent(resource, opts)
   end
 end
-- 
cgit v1.2.1


From 6767326267a649a04a0f6c7634be87577a788a3d Mon Sep 17 00:00:00 2001
From: Peter Leitzen <pleitzen@gitlab.com>
Date: Tue, 20 Aug 2019 10:52:21 +0000
Subject: Use ActiveModel's type instead of virtus

The virtus project has been discontinued:

https://github.com/solnic/virtus/commit/a6f896984
---
 app/controllers/projects/blob_controller.rb |  6 +++-
 app/presenters/blobs/unfold_presenter.rb    | 43 +++++++++++++++--------------
 2 files changed, 27 insertions(+), 22 deletions(-)

(limited to 'app')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index b04ffe80db4..4125f44d00a 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -92,7 +92,7 @@ class Projects::BlobController < Projects::ApplicationController
   def diff
     apply_diff_view_cookie!
 
-    @form = Blobs::UnfoldPresenter.new(blob, params.to_unsafe_h)
+    @form = Blobs::UnfoldPresenter.new(blob, diff_params)
 
     # keep only json rendering when
     # https://gitlab.com/gitlab-org/gitlab-ce/issues/44988 is done
@@ -239,4 +239,8 @@ class Projects::BlobController < Projects::ApplicationController
   def tree_path
     @path.rpartition('/').first
   end
+
+  def diff_params
+    params.permit(:full, :since, :to, :bottom, :unfold, :offset, :indent)
+  end
 end
diff --git a/app/presenters/blobs/unfold_presenter.rb b/app/presenters/blobs/unfold_presenter.rb
index 4c6dd6895cf..a256dd05a4d 100644
--- a/app/presenters/blobs/unfold_presenter.rb
+++ b/app/presenters/blobs/unfold_presenter.rb
@@ -1,30 +1,34 @@
 # frozen_string_literal: true
 
-require 'gt_one_coercion'
-
 module Blobs
   class UnfoldPresenter < BlobPresenter
-    include Virtus.model
+    include ActiveModel::Attributes
+    include ActiveModel::AttributeAssignment
     include Gitlab::Utils::StrongMemoize
 
-    attribute :full, Boolean, default: false
-    attribute :since, GtOneCoercion
-    attribute :to, Integer
-    attribute :bottom, Boolean
-    attribute :unfold, Boolean, default: true
-    attribute :offset, Integer
-    attribute :indent, Integer, default: 0
+    attribute :full, :boolean, default: false
+    attribute :since, :integer, default: 1
+    attribute :to, :integer, default: 1
+    attribute :bottom, :boolean, default: false
+    attribute :unfold, :boolean, default: true
+    attribute :offset, :integer, default: 0
+    attribute :indent, :integer, default: 0
+
+    alias_method :full?, :full
+    alias_method :bottom?, :bottom
+    alias_method :unfold?, :unfold
 
     def initialize(blob, params)
+      super(blob)
+      self.attributes = params
+
       # Load all blob data first as we need to ensure they're all loaded first
       # so we can accurately show the rest of the diff when unfolding.
       load_all_blob_data
 
-      @subject = blob
       @all_lines = blob.data.lines
-      super(params)
 
-      self.attributes = prepare_attributes
+      handle_full_or_end!
     end
 
     # Returns an array of Gitlab::Diff::Line with match line added
@@ -56,21 +60,18 @@ module Blobs
 
     private
 
-    def prepare_attributes
-      return attributes unless full? || to == -1
+    def handle_full_or_end!
+      return unless full? || to == -1
 
-      full_opts = {
-        since: 1,
+      self.since = 1 if full?
+
+      self.attributes = {
         to: all_lines_size,
         bottom: false,
         unfold: false,
         offset: 0,
         indent: 0
       }
-
-      return full_opts if full?
-
-      full_opts.merge(attributes.slice(:since))
     end
 
     def all_lines_size
-- 
cgit v1.2.1


From a6319d17263897a57ed6c12a386efe4ac0607959 Mon Sep 17 00:00:00 2001
From: Tristan Read <tread@gitlab.com>
Date: Tue, 20 Aug 2019 14:51:30 +0000
Subject: Embed metrics undefined param fix

---
 app/assets/javascripts/monitoring/components/dashboard.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/monitoring/components/dashboard.vue b/app/assets/javascripts/monitoring/components/dashboard.vue
index dfeeba238ca..c414c26ca61 100644
--- a/app/assets/javascripts/monitoring/components/dashboard.vue
+++ b/app/assets/javascripts/monitoring/components/dashboard.vue
@@ -264,12 +264,12 @@ export default {
     showToast() {
       this.$toast.show(__('Link copied to clipboard'));
     },
+    // TODO: END
     generateLink(group, title, yLabel) {
       const dashboard = this.currentDashboard || this.firstDashboard.path;
-      const params = { dashboard, group, title, y_label: yLabel };
+      const params = _.pick({ dashboard, group, title, y_label: yLabel }, value => value != null);
       return mergeUrlParams(params, window.location.href);
     },
-    // TODO: END
     hideAddMetricModal() {
       this.$refs.addMetricModal.hide();
     },
-- 
cgit v1.2.1


From 183262ffe7f6b780a0bc066dc541622ca4c0fd07 Mon Sep 17 00:00:00 2001
From: Filipa Lacerda <filipa@gitlab.com>
Date: Tue, 20 Aug 2019 15:51:56 +0100
Subject: Adds a height utility class

Backports EE changes
---
 app/assets/stylesheets/framework/common.scss | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/common.scss b/app/assets/stylesheets/framework/common.scss
index f384a49e0ae..e9218dcec67 100644
--- a/app/assets/stylesheets/framework/common.scss
+++ b/app/assets/stylesheets/framework/common.scss
@@ -438,6 +438,7 @@ img.emoji {
 .w-3rem { width: 3rem; }
 
 .h-12em { height: 12em; }
+.h-32-px { height: 32px;}
 
 .mw-460 { max-width: 460px; }
 .mw-6em { max-width: 6em; }
-- 
cgit v1.2.1


From 41896cbabe7bad958bd02b32281c76697ea4939e Mon Sep 17 00:00:00 2001
From: Jeremy Elder <jelder@gitlab.com>
Date: Tue, 20 Aug 2019 14:53:38 +0000
Subject: Resolve "Badge counter: Very low contrast between foreground and
 background colors"

---
 app/assets/stylesheets/framework/badges.scss | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/badges.scss b/app/assets/stylesheets/framework/badges.scss
index c6060161dec..c036267a7c8 100644
--- a/app/assets/stylesheets/framework/badges.scss
+++ b/app/assets/stylesheets/framework/badges.scss
@@ -1,6 +1,6 @@
 .badge.badge-pill {
   font-weight: $gl-font-weight-normal;
   background-color: $badge-bg;
-  color: $gl-text-color-secondary;
+  color: $gray-800;
   vertical-align: baseline;
 }
-- 
cgit v1.2.1


From bb15224286661aa27570364bd222ddfe3485263b Mon Sep 17 00:00:00 2001
From: Walmyr Lima <walmyr@gitlab.com>
Date: Thu, 15 Aug 2019 16:38:46 +0200
Subject: Add testability on views

---
 app/assets/javascripts/boards/components/board_card.vue      | 1 +
 app/assets/javascripts/boards/components/board_list.vue      | 1 +
 app/assets/javascripts/boards/components/boards_selector.vue | 1 +
 app/views/shared/boards/_show.html.haml                      | 2 +-
 app/views/shared/boards/components/_board.html.haml          | 4 ++--
 5 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/boards/components/board_card.vue b/app/assets/javascripts/boards/components/board_card.vue
index 179148b6887..faf722f61af 100644
--- a/app/assets/javascripts/boards/components/board_card.vue
+++ b/app/assets/javascripts/boards/components/board_card.vue
@@ -83,6 +83,7 @@ export default {
     }"
     :index="index"
     :data-issue-id="issue.id"
+    data-qa-selector="board_card"
     class="board-card p-3 rounded"
     @mousedown="mouseDown"
     @mousemove="mouseMove"
diff --git a/app/assets/javascripts/boards/components/board_list.vue b/app/assets/javascripts/boards/components/board_list.vue
index 03a8a92575e..de41698ca04 100644
--- a/app/assets/javascripts/boards/components/board_list.vue
+++ b/app/assets/javascripts/boards/components/board_list.vue
@@ -227,6 +227,7 @@ export default {
   <div
     :class="{ 'd-none': !list.isExpanded, 'd-flex flex-column': list.isExpanded }"
     class="board-list-component position-relative h-100"
+    data-qa-selector="board_list_cards_area"
   >
     <div v-if="loading" class="board-list-loading text-center" :aria-label="__('Loading issues')">
       <gl-loading-icon />
diff --git a/app/assets/javascripts/boards/components/boards_selector.vue b/app/assets/javascripts/boards/components/boards_selector.vue
index b05de4538f2..7296426549a 100644
--- a/app/assets/javascripts/boards/components/boards_selector.vue
+++ b/app/assets/javascripts/boards/components/boards_selector.vue
@@ -226,6 +226,7 @@ export default {
   <div class="boards-switcher js-boards-selector append-right-10">
     <span class="boards-selector-wrapper js-boards-selector-wrapper">
       <gl-dropdown
+        data-qa-selector="boards_dropdown"
         toggle-class="dropdown-menu-toggle js-dropdown-toggle"
         menu-class="flex-column dropdown-extended-height"
         :text="board.name"
diff --git a/app/views/shared/boards/_show.html.haml b/app/views/shared/boards/_show.html.haml
index 1be230eedb9..4f0be117035 100644
--- a/app/views/shared/boards/_show.html.haml
+++ b/app/views/shared/boards/_show.html.haml
@@ -16,7 +16,7 @@
 #board-app.boards-app.position-relative{ "v-cloak" => "true", data: board_data, ":class" => "{ 'is-compact': detailIssueVisible }" }
   = render 'shared/issuable/search_bar', type: :boards, board: board
 
-  .boards-list.w-100.py-3.px-2.text-nowrap
+  .boards-list.w-100.py-3.px-2.text-nowrap{ data: { qa_selector: "boards_list" } }
     .boards-app-loading.w-100.text-center{ "v-if" => "loading" }
       = icon("spinner spin 2x")
     %board{ "v-cloak" => "true",
diff --git a/app/views/shared/boards/components/_board.html.haml b/app/views/shared/boards/components/_board.html.haml
index 6c0613605eb..5abd4ce0fb9 100644
--- a/app/views/shared/boards/components/_board.html.haml
+++ b/app/views/shared/boards/components/_board.html.haml
@@ -1,7 +1,7 @@
 .board.d-inline-block.h-100.px-2.align-top.ws-normal{ ":class" => '{ "is-draggable": !list.preset, "is-expandable": list.isExpandable, "is-collapsed": !list.isExpanded, "board-type-assignee": list.type === "assignee" }',
-  ":data-id" => "list.id" }
+  ":data-id" => "list.id", data: { qa_selector: "board_list" } }
   .board-inner.d-flex.flex-column.position-relative.h-100.rounded
-    %header.board-header{ ":class" => '{ "has-border": list.label && list.label.color, "position-relative": list.isExpanded, "position-absolute position-top-0 position-left-0 w-100 h-100": !list.isExpanded }', ":style" => "{ borderTopColor: (list.label && list.label.color ? list.label.color : null) }" }
+    %header.board-header{ ":class" => '{ "has-border": list.label && list.label.color, "position-relative": list.isExpanded, "position-absolute position-top-0 position-left-0 w-100 h-100": !list.isExpanded }', ":style" => "{ borderTopColor: (list.label && list.label.color ? list.label.color : null) }", data: { qa_selector: "board_list_header" } }
       %h3.board-title.m-0.d-flex.js-board-handle{ ":class" => '{ "user-can-drag": (!disabled && !list.preset), "border-bottom-0": !list.isExpanded }' }
 
         .board-title-caret.no-drag{ "v-if": "list.isExpandable",
-- 
cgit v1.2.1


From e632ae80845f849f93e4d85ef9f836a4792844c9 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 20 Aug 2019 18:12:28 +0000
Subject: Standardize remote_ip and path keys for auth.log and api_json.log

Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167
---
 app/controllers/concerns/invisible_captcha.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/concerns/invisible_captcha.rb b/app/controllers/concerns/invisible_captcha.rb
index c9f66e5c194..45c0a5c58ef 100644
--- a/app/controllers/concerns/invisible_captcha.rb
+++ b/app/controllers/concerns/invisible_captcha.rb
@@ -41,9 +41,9 @@ module InvisibleCaptcha
     request_information = {
       message: message,
       env: :invisible_captcha_signup_bot_detected,
-      ip: request.ip,
+      remote_ip: request.ip,
       request_method: request.request_method,
-      fullpath: request.fullpath
+      path: request.fullpath
     }
 
     Gitlab::AuthLogger.error(request_information)
-- 
cgit v1.2.1


From f1f34baf6f4e0866feb3f4c7523e3dccf5784b0b Mon Sep 17 00:00:00 2001
From: Samantha Ming <sming@gitlab.com>
Date: Thu, 25 Jul 2019 19:30:50 -0700
Subject: Improve UX multi assigness in MR

Add merge warning on avatar in:
- open view assigness
- collapsed view assigness
- dropdown (search) view assigness

Add can_merge option to MR sidebar entity
---
 .../components/assignees/assignee_avatar.vue       |  48 +++++
 .../components/assignees/assignee_avatar_link.vue  |  74 ++++++++
 .../sidebar/components/assignees/assignees.vue     | 210 ++-------------------
 .../components/assignees/collapsed_assignee.vue    |  27 +++
 .../assignees/collapsed_assignee_list.vue          | 121 ++++++++++++
 .../assignees/uncollapsed_assignee_list.vue        |  96 ++++++++++
 app/assets/javascripts/users_select.js             |  66 +++++--
 app/assets/stylesheets/pages/issuable.scss         |  28 +--
 app/serializers/issuable_sidebar_basic_entity.rb   |   1 +
 app/serializers/merge_request_serializer.rb        |   2 +-
 .../merge_request_sidebar_basic_entity.rb          |   6 +
 .../shared/issuable/_sidebar_assignees.html.haml   |   2 +
 12 files changed, 461 insertions(+), 220 deletions(-)
 create mode 100644 app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
 create mode 100644 app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
 create mode 100644 app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
 create mode 100644 app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
 create mode 100644 app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
 create mode 100644 app/serializers/merge_request_sidebar_basic_entity.rb

(limited to 'app')

diff --git a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
new file mode 100644
index 00000000000..0bb4f757de8
--- /dev/null
+++ b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
@@ -0,0 +1,48 @@
+<script>
+import { __, sprintf } from '~/locale';
+
+export default {
+  props: {
+    user: {
+      type: Object,
+      required: true,
+    },
+    imgSize: {
+      type: Number,
+      required: true,
+    },
+    issuableType: {
+      type: String,
+      require: true,
+      default: 'issue',
+    },
+  },
+  computed: {
+    assigneeAlt() {
+      return sprintf(__("%{userName}'s avatar"), { userName: this.user.name });
+    },
+    avatarUrl() {
+      return this.user.avatar || this.user.avatar_url || gon.default_avatar_url;
+    },
+    isMergeRequest() {
+      return this.issuableType === 'merge_request';
+    },
+    hasMergeIcon() {
+      return this.isMergeRequest && !this.user.can_merge;
+    },
+  },
+};
+</script>
+
+<template>
+  <span class="position-relative">
+    <img
+      :alt="assigneeAlt"
+      :src="avatarUrl"
+      :width="imgSize"
+      :class="`s${imgSize}`"
+      class="avatar avatar-inline m-0"
+    />
+    <i v-if="hasMergeIcon" aria-hidden="true" class="fa fa-exclamation-triangle merge-icon"></i>
+  </span>
+</template>
diff --git a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
new file mode 100644
index 00000000000..6563d1d3410
--- /dev/null
+++ b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
@@ -0,0 +1,74 @@
+<script>
+import { __, sprintf } from '~/locale';
+import { GlTooltipDirective, GlLink } from '@gitlab/ui';
+import { joinPaths } from '~/lib/utils/url_utility';
+import AssigneeAvatar from './assignee_avatar.vue';
+
+export default {
+  components: {
+    AssigneeAvatar,
+    GlLink,
+  },
+  directives: {
+    GlTooltip: GlTooltipDirective,
+  },
+  props: {
+    user: {
+      type: Object,
+      required: true,
+    },
+    rootPath: {
+      type: String,
+      required: true,
+    },
+    tooltipPlacement: {
+      type: String,
+      default: 'bottom',
+      required: false,
+    },
+    tooltipHasName: {
+      type: Boolean,
+      default: true,
+      required: false,
+    },
+    issuableType: {
+      type: String,
+      default: 'issue',
+      required: false,
+    },
+  },
+  computed: {
+    cannotMerge() {
+      return this.issuableType === 'merge_request' && !this.user.can_merge;
+    },
+    tooltipTitle() {
+      if (this.cannotMerge && this.tooltipHasName) {
+        return sprintf(__('%{userName} (cannot merge)'), { userName: this.user.name });
+      } else if (this.cannotMerge) {
+        return __('Cannot merge');
+      } else if (this.tooltipHasName) {
+        return this.user.name;
+      }
+
+      return '';
+    },
+    tooltipOption() {
+      return {
+        container: 'body',
+        placement: this.tooltipPlacement,
+        boundary: 'viewport',
+      };
+    },
+    assigneeUrl() {
+      return joinPaths(`${this.rootPath}`, `${this.user.username}`);
+    },
+  },
+};
+</script>
+
+<template>
+  <gl-link v-gl-tooltip="tooltipOption" :href="assigneeUrl" :title="tooltipTitle" class="d-flex">
+    <assignee-avatar :user="user" :img-size="32" :issuable-type="issuableType" />
+    <slot :user="user"></slot>
+  </gl-link>
+</template>
diff --git a/app/assets/javascripts/sidebar/components/assignees/assignees.vue b/app/assets/javascripts/sidebar/components/assignees/assignees.vue
index 631e2e28d4d..ca4090eee96 100644
--- a/app/assets/javascripts/sidebar/components/assignees/assignees.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/assignees.vue
@@ -1,13 +1,14 @@
 <script>
-import { __, sprintf } from '~/locale';
-import tooltip from '~/vue_shared/directives/tooltip';
+import CollapsedAssigneeList from '../assignees/collapsed_assignee_list.vue';
+import UncollapsedAssigneeList from '../assignees/uncollapsed_assignee_list.vue';
 
 export default {
   // name: 'Assignees' is a false positive: https://gitlab.com/gitlab-org/frontend/eslint-plugin-i18n/issues/26#possible-false-positives
   // eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings
   name: 'Assignees',
-  directives: {
-    tooltip,
+  components: {
+    CollapsedAssigneeList,
+    UncollapsedAssigneeList,
   },
   props: {
     rootPath: {
@@ -28,167 +29,30 @@ export default {
       default: 'issue',
     },
   },
-  data() {
-    return {
-      defaultRenderCount: 5,
-      defaultMaxCounter: 99,
-      showLess: true,
-    };
-  },
   computed: {
-    firstUser() {
-      return this.users[0];
-    },
-    hasMoreThanTwoAssignees() {
-      return this.users.length > 2;
-    },
-    hasMoreThanOneAssignee() {
-      return this.users.length > 1;
-    },
-    hasAssignees() {
-      return this.users.length > 0;
-    },
     hasNoUsers() {
       return !this.users.length;
     },
-    hasOneUser() {
-      return this.users.length === 1;
-    },
-    renderShowMoreSection() {
-      return this.users.length > this.defaultRenderCount;
-    },
-    numberOfHiddenAssignees() {
-      return this.users.length - this.defaultRenderCount;
-    },
-    isHiddenAssignees() {
-      return this.numberOfHiddenAssignees > 0;
-    },
-    hiddenAssigneesLabel() {
-      const { numberOfHiddenAssignees } = this;
-      return sprintf(__('+ %{numberOfHiddenAssignees} more'), { numberOfHiddenAssignees });
-    },
-    collapsedTooltipTitle() {
-      const maxRender = Math.min(this.defaultRenderCount, this.users.length);
-      const renderUsers = this.users.slice(0, maxRender);
-      const names = renderUsers.map(u => u.name);
-
-      if (this.users.length > maxRender) {
-        names.push(`+ ${this.users.length - maxRender} more`);
-      }
-
-      if (!this.users.length) {
-        const emptyTooltipLabel = __('Assignee(s)');
-        names.push(emptyTooltipLabel);
-      }
-
-      return names.join(', ');
-    },
-    sidebarAvatarCounter() {
-      let counter = `+${this.users.length - 1}`;
-
-      if (this.users.length > this.defaultMaxCounter) {
-        counter = `${this.defaultMaxCounter}+`;
-      }
+    sortedAssigness() {
+      const canMergeUsers = this.users.filter(user => user.can_merge);
+      const canNotMergeUsers = this.users.filter(user => !user.can_merge);
 
-      return counter;
-    },
-    mergeNotAllowedTooltipMessage() {
-      const assigneesCount = this.users.length;
-
-      if (this.issuableType !== 'merge_request' || assigneesCount === 0) {
-        return null;
-      }
-
-      const cannotMergeCount = this.users.filter(u => u.can_merge === false).length;
-      const canMergeCount = assigneesCount - cannotMergeCount;
-
-      if (canMergeCount === assigneesCount) {
-        // Everyone can merge
-        return null;
-      } else if (cannotMergeCount === assigneesCount && assigneesCount > 1) {
-        return __('No one can merge');
-      } else if (assigneesCount === 1) {
-        return __('Cannot merge');
-      }
-
-      return sprintf(__('%{canMergeCount}/%{assigneesCount} can merge'), {
-        canMergeCount,
-        assigneesCount,
-      });
+      return [...canMergeUsers, ...canNotMergeUsers];
     },
   },
   methods: {
     assignSelf() {
       this.$emit('assign-self');
     },
-    toggleShowLess() {
-      this.showLess = !this.showLess;
-    },
-    renderAssignee(index) {
-      return !this.showLess || (index < this.defaultRenderCount && this.showLess);
-    },
-    avatarUrl(user) {
-      return user.avatar || user.avatar_url || gon.default_avatar_url;
-    },
-    assigneeUrl(user) {
-      return `${this.rootPath}${user.username}`;
-    },
-    assigneeAlt(user) {
-      return sprintf(__("%{userName}'s avatar"), { userName: user.name });
-    },
-    assigneeUsername(user) {
-      return `@${user.username}`;
-    },
-    shouldRenderCollapsedAssignee(index) {
-      const firstTwo = this.users.length <= 2 && index <= 2;
-
-      return index === 0 || firstTwo;
-    },
   },
 };
 </script>
 
 <template>
   <div>
-    <div
-      v-tooltip
-      :class="{ 'multiple-users': hasMoreThanOneAssignee }"
-      :title="collapsedTooltipTitle"
-      class="sidebar-collapsed-icon sidebar-collapsed-user"
-      data-container="body"
-      data-placement="left"
-      data-boundary="viewport"
-    >
-      <i v-if="hasNoUsers" :aria-label="__('None')" class="fa fa-user"> </i>
-      <button
-        v-for="(user, index) in users"
-        v-if="shouldRenderCollapsedAssignee(index)"
-        :key="user.id"
-        type="button"
-        class="btn-link"
-      >
-        <img
-          :alt="assigneeAlt(user)"
-          :src="avatarUrl(user)"
-          width="24"
-          class="avatar avatar-inline s24"
-        />
-        <span class="author"> {{ user.name }} </span>
-      </button>
-      <button v-if="hasMoreThanTwoAssignees" class="btn-link" type="button">
-        <span class="avatar-counter sidebar-avatar-counter"> {{ sidebarAvatarCounter }} </span>
-      </button>
-    </div>
+    <collapsed-assignee-list :users="sortedAssigness" :issuable-type="issuableType" />
+
     <div class="value hide-collapsed">
-      <span
-        v-if="mergeNotAllowedTooltipMessage"
-        v-tooltip
-        :title="mergeNotAllowedTooltipMessage"
-        data-placement="left"
-        class="float-right cannot-be-merged"
-      >
-        <i aria-hidden="true" data-hidden="true" class="fa fa-exclamation-triangle"></i>
-      </span>
       <template v-if="hasNoUsers">
         <span class="assign-yourself no-value qa-assign-yourself">
           {{ __('None') }}
@@ -200,51 +64,13 @@ export default {
           </template>
         </span>
       </template>
-      <template v-else-if="hasOneUser">
-        <a :href="assigneeUrl(firstUser)" class="author-link bold">
-          <img
-            :alt="assigneeAlt(firstUser)"
-            :src="avatarUrl(firstUser)"
-            width="32"
-            class="avatar avatar-inline s32"
-          />
-          <span class="author"> {{ firstUser.name }} </span>
-          <span class="username"> {{ assigneeUsername(firstUser) }} </span>
-        </a>
-      </template>
-      <template v-else>
-        <div class="user-list">
-          <div
-            v-for="(user, index) in users"
-            v-if="renderAssignee(index)"
-            :key="user.id"
-            class="user-item"
-          >
-            <a
-              :href="assigneeUrl(user)"
-              :data-title="user.name"
-              class="user-link has-tooltip"
-              data-container="body"
-              data-placement="bottom"
-            >
-              <img
-                :alt="assigneeAlt(user)"
-                :src="avatarUrl(user)"
-                width="32"
-                class="avatar avatar-inline s32"
-              />
-            </a>
-          </div>
-        </div>
-        <div v-if="renderShowMoreSection" class="user-list-more">
-          <button type="button" class="btn-link" @click="toggleShowLess">
-            <template v-if="showLess">
-              {{ hiddenAssigneesLabel }}
-            </template>
-            <template v-else>{{ __('- show less') }}</template>
-          </button>
-        </div>
-      </template>
+
+      <uncollapsed-assignee-list
+        v-else
+        :users="sortedAssigness"
+        :root-path="rootPath"
+        :issuable-type="issuableType"
+      />
     </div>
   </div>
 </template>
diff --git a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
new file mode 100644
index 00000000000..3f3626092a8
--- /dev/null
+++ b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
@@ -0,0 +1,27 @@
+<script>
+import AssigneeAvatar from './assignee_avatar.vue';
+
+export default {
+  components: {
+    AssigneeAvatar,
+  },
+  props: {
+    user: {
+      type: Object,
+      required: true,
+    },
+    issuableType: {
+      type: String,
+      require: true,
+      default: 'issue',
+    },
+  },
+};
+</script>
+
+<template>
+  <button type="button" class="btn-link">
+    <assignee-avatar :user="user" :img-size="24" :issuable-type="issuableType" />
+    <span class="author"> {{ user.name }} </span>
+  </button>
+</template>
diff --git a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
new file mode 100644
index 00000000000..6db198f1c1e
--- /dev/null
+++ b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
@@ -0,0 +1,121 @@
+<script>
+import { __, sprintf } from '~/locale';
+import { GlTooltipDirective } from '@gitlab/ui';
+import CollapsedAssignee from './collapsed_assignee.vue';
+
+const DEFAULT_MAX_COUNTER = 99;
+const DEFAULT_RENDER_COUNT = 5;
+
+export default {
+  directives: {
+    GlTooltip: GlTooltipDirective,
+  },
+  components: {
+    CollapsedAssignee,
+  },
+  props: {
+    users: {
+      type: Array,
+      required: true,
+    },
+    issuableType: {
+      type: String,
+      require: true,
+      default: 'issue',
+    },
+  },
+  computed: {
+    isMergeRequest() {
+      return this.issuableType === 'merge_request';
+    },
+    hasNoUsers() {
+      return !this.users.length;
+    },
+    hasMoreThanOneAssignee() {
+      return this.users.length > 1;
+    },
+    hasMoreThanTwoAssignees() {
+      return this.users.length > 2;
+    },
+    allAssigneesCanMerge() {
+      return this.users.every(user => user.can_merge);
+    },
+    sidebarAvatarCounter() {
+      if (this.users.length > DEFAULT_MAX_COUNTER) {
+        return `${DEFAULT_MAX_COUNTER}+`;
+      }
+
+      return `+${this.users.length - 1}`;
+    },
+    collapsedUsers() {
+      const collapsedLength = this.hasMoreThanTwoAssignees ? 1 : this.users.length;
+
+      return this.users.slice(0, collapsedLength);
+    },
+    tooltipTitleMergeStatus() {
+      if (!this.isMergeRequest) {
+        return '';
+      }
+
+      const mergeLength = this.users.filter(u => u.can_merge).length;
+
+      if (mergeLength === this.users.length) {
+        return '';
+      } else if (mergeLength > 0) {
+        return sprintf(__('%{mergeLength}/%{usersLength} can merge'), {
+          mergeLength,
+          usersLength: this.users.length,
+        });
+      }
+
+      return this.users.length === 1 ? __('cannot merge') : __('no one can merge');
+    },
+    tooltipTitle() {
+      const maxRender = Math.min(DEFAULT_RENDER_COUNT, this.users.length);
+      const renderUsers = this.users.slice(0, maxRender);
+      const names = renderUsers.map(u => u.name);
+
+      if (!this.users.length) {
+        return __('Assignee(s)');
+      }
+
+      if (this.users.length > names.length) {
+        names.push(sprintf(__('+ %{amount} more'), { amount: this.users.length - names.length }));
+      }
+
+      const text = names.join(', ');
+
+      return this.tooltipTitleMergeStatus ? `${text} (${this.tooltipTitleMergeStatus})` : text;
+    },
+
+    tooltipOptions() {
+      return { container: 'body', placement: 'left', boundary: 'viewport' };
+    },
+  },
+};
+</script>
+
+<template>
+  <div
+    v-gl-tooltip="tooltipOptions"
+    :class="{ 'multiple-users': hasMoreThanOneAssignee }"
+    :title="tooltipTitle"
+    class="sidebar-collapsed-icon sidebar-collapsed-user"
+  >
+    <i v-if="hasNoUsers" :aria-label="__('None')" class="fa fa-user"> </i>
+    <collapsed-assignee
+      v-for="user in collapsedUsers"
+      :key="user.id"
+      :user="user"
+      :issuable-type="issuableType"
+    />
+    <button v-if="hasMoreThanTwoAssignees" class="btn-link" type="button">
+      <span class="avatar-counter sidebar-avatar-counter"> {{ sidebarAvatarCounter }} </span>
+      <i
+        v-if="isMergeRequest && !allAssigneesCanMerge"
+        aria-hidden="true"
+        class="fa fa-exclamation-triangle merge-icon"
+      ></i>
+    </button>
+  </div>
+</template>
diff --git a/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue b/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
new file mode 100644
index 00000000000..e84b323c7bd
--- /dev/null
+++ b/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
@@ -0,0 +1,96 @@
+<script>
+import { __, sprintf } from '~/locale';
+import AssigneeAvatarLink from './assignee_avatar_link.vue';
+
+const DEFAULT_RENDER_COUNT = 5;
+
+export default {
+  components: {
+    AssigneeAvatarLink,
+  },
+  props: {
+    users: {
+      type: Array,
+      required: true,
+    },
+    rootPath: {
+      type: String,
+      required: true,
+    },
+    issuableType: {
+      type: String,
+      require: true,
+      default: 'issue',
+    },
+  },
+  data() {
+    return {
+      showLess: true,
+    };
+  },
+  computed: {
+    firstUser() {
+      return this.users[0];
+    },
+    hasOneUser() {
+      return this.users.length === 1;
+    },
+    hiddenAssigneesLabel() {
+      const { numberOfHiddenAssignees } = this;
+      return sprintf(__('+ %{numberOfHiddenAssignees} more'), { numberOfHiddenAssignees });
+    },
+    renderShowMoreSection() {
+      return this.users.length > DEFAULT_RENDER_COUNT;
+    },
+    numberOfHiddenAssignees() {
+      return this.users.length - DEFAULT_RENDER_COUNT;
+    },
+    uncollapsedUsers() {
+      const uncollapsedLength = this.showLess
+        ? Math.min(this.users.length, DEFAULT_RENDER_COUNT)
+        : this.users.length;
+      return this.showLess ? this.users.slice(0, uncollapsedLength) : this.users;
+    },
+    username() {
+      return `@${this.firstUser.username}`;
+    },
+  },
+  methods: {
+    toggleShowLess() {
+      this.showLess = !this.showLess;
+    },
+  },
+};
+</script>
+
+<template>
+  <assignee-avatar-link
+    v-if="hasOneUser"
+    v-slot="{ user }"
+    tooltip-placement="left"
+    :tooltip-has-name="false"
+    :user="firstUser"
+    :root-path="rootPath"
+    :issuable-type="issuableType"
+  >
+    <div class="ml-2">
+      <span class="author"> {{ user.name }} </span>
+      <span class="username"> {{ username }} </span>
+    </div>
+  </assignee-avatar-link>
+  <div v-else>
+    <div class="user-list">
+      <div v-for="user in uncollapsedUsers" :key="user.id" class="user-item">
+        <assignee-avatar-link :user="user" :root-path="rootPath" :issuable-type="issuableType" />
+      </div>
+    </div>
+    <div v-if="renderShowMoreSection" class="user-list-more">
+      <button type="button" class="btn-link" @click="toggleShowLess">
+        <template v-if="showLess">
+          {{ hiddenAssigneesLabel }}
+        </template>
+        <template v-else>{{ __('- show less') }}</template>
+      </button>
+    </div>
+  </div>
+</template>
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js
index 33cedf78331..12c939aa70f 100644
--- a/app/assets/javascripts/users_select.js
+++ b/app/assets/javascripts/users_select.js
@@ -62,6 +62,8 @@ function UsersSelect(currentUser, els, options = {}) {
         options.showCurrentUser = $dropdown.data('currentUser');
         options.todoFilter = $dropdown.data('todoFilter');
         options.todoStateFilter = $dropdown.data('todoStateFilter');
+        options.iid = $dropdown.data('iid');
+        options.issuableType = $dropdown.data('issuableType');
         showNullUser = $dropdown.data('nullUser');
         defaultNullUser = $dropdown.data('nullUserDefault');
         showMenuAbove = $dropdown.data('showMenuAbove');
@@ -239,7 +241,7 @@ function UsersSelect(currentUser, els, options = {}) {
           '<% if( avatar ) { %> <a class="author-link" href="/<%- username %>"> <img width="24" class="avatar avatar-inline s24" alt="" src="<%- avatar %>"> </a> <% } else { %> <i class="fa fa-user"></i> <% } %>',
         );
         assigneeTemplate = _.template(
-          `<% if (username) { %> <a class="author-link bold" href="/<%- username %>"> <% if( avatar ) { %> <img width="32" class="avatar avatar-inline s32" alt="" src="<%- avatar %>"> <% } %> <span class="author"><%- name %></span> <span class="username"> @<%- username %> </span> </a> <% } else { %> <span class="no-value assign-yourself"> 
+          `<% if (username) { %> <a class="author-link bold" href="/<%- username %>"> <% if( avatar ) { %> <img width="32" class="avatar avatar-inline s32" alt="" src="<%- avatar %>"> <% } %> <span class="author"><%- name %></span> <span class="username"> @<%- username %> </span> </a> <% } else { %> <span class="no-value assign-yourself">
           ${sprintf(s__('UsersSelect|No assignee - %{openingTag} assign yourself %{closingTag}'), {
             openingTag: '<a href="#" class="js-assign-yourself">',
             closingTag: '</a>',
@@ -423,6 +425,8 @@ function UsersSelect(currentUser, els, options = {}) {
             const { $el, e, isMarking } = options;
             const user = options.selectedObj;
 
+            $el.tooltip('dispose');
+
             if ($dropdown.hasClass('js-multiselect')) {
               const isActive = $el.hasClass('is-active');
               const previouslySelected = $dropdown
@@ -570,20 +574,11 @@ function UsersSelect(currentUser, els, options = {}) {
                 user.name,
               )}</a></li>`;
             } else {
-              img = "<img src='" + avatar + "' class='avatar avatar-inline' width='32' />";
+              // 0 margin, because it's now handled by a wrapper
+              img = "<img src='" + avatar + "' class='avatar avatar-inline m-0' width='32' />";
             }
 
-            return `
-            <li data-user-id=${user.id}>
-              <a href='#' class='dropdown-menu-user-link ${selected === true ? 'is-active' : ''}'>
-                ${img}
-                <strong class='dropdown-menu-user-full-name'>
-                  ${_.escape(user.name)}
-                </strong>
-                ${username ? `<span class='dropdown-menu-user-username'>${username}</span>` : ''}
-              </a>
-            </li>
-          `;
+            return _this.renderRow(options.issuableType, user, selected, username, img);
           },
         });
       };
@@ -764,6 +759,11 @@ UsersSelect.prototype.users = function(query, options, callback) {
     author_id: options.authorId || null,
     skip_users: options.skipUsers || null,
   };
+
+  if (options.issuableType === 'merge_request') {
+    params.merge_request_iid = options.iid || null;
+  }
+
   return axios.get(url, { params }).then(({ data }) => {
     callback(data);
   });
@@ -776,4 +776,44 @@ UsersSelect.prototype.buildUrl = function(url) {
   return url;
 };
 
+UsersSelect.prototype.renderRow = function(issuableType, user, selected, username, img) {
+  const tooltip = issuableType === 'merge_request' && !user.can_merge ? __('Cannot merge') : '';
+  const tooltipClass = tooltip ? `has-tooltip` : '';
+  const selectedClass = selected === true ? 'is-active' : '';
+  const linkClasses = `${selectedClass} ${tooltipClass}`;
+  const tooltipAttributes = tooltip
+    ? `data-container="body" data-placement="left" data-title="${tooltip}"`
+    : '';
+
+  return `
+    <li data-user-id=${user.id}>
+      <a href="#" class="dropdown-menu-user-link d-flex align-items-center ${linkClasses}" ${tooltipAttributes}>
+        ${this.renderRowAvatar(issuableType, user, img)}
+        <span class="d-flex flex-column overflow-hidden">
+          <strong class="dropdown-menu-user-full-name">
+            ${_.escape(user.name)}
+          </strong>
+          ${username ? `<span class="dropdown-menu-user-username">${username}</span>` : ''}
+        </span>
+      </a>
+    </li>
+  `;
+};
+
+UsersSelect.prototype.renderRowAvatar = function(issuableType, user, img) {
+  if (user.beforeDivider) {
+    return img;
+  }
+
+  const mergeIcon =
+    issuableType === 'merge_request' && !user.can_merge
+      ? '<i class="fa fa-exclamation-triangle merge-icon"></i>'
+      : '';
+
+  return `<span class="position-relative mr-2">
+    ${img}
+    ${mergeIcon}
+  </span>`;
+};
+
 export default UsersSelect;
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index fa52ce6402d..0e844b0e4a5 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -126,6 +126,16 @@
   }
 }
 
+.assignee {
+  .merge-icon {
+    color: $orange-500;
+    position: absolute;
+    bottom: 0;
+    right: 0;
+    text-shadow: -1px -1px 0 $white-light, 1px -1px 0 $white-light, -1px 1px 0 $white-light, 1px 1px 0 $white-light;
+  }
+}
+
 .right-sidebar {
   position: fixed;
   top: $header-height;
@@ -202,7 +212,6 @@
     &.assignee {
       .author-link {
         display: block;
-        padding-left: 42px;
         position: relative;
 
         &:hover {
@@ -210,12 +219,6 @@
             text-decoration: underline;
           }
         }
-
-        .avatar {
-          left: 0;
-          position: absolute;
-          top: 0;
-        }
       }
     }
   }
@@ -354,13 +357,6 @@
       margin-top: 0;
     }
 
-    .assignee .avatar {
-      float: left;
-      margin-right: 10px;
-      margin-bottom: 0;
-      margin-left: 0;
-    }
-
     .assignee .user-list .avatar {
       margin: 0;
     }
@@ -521,6 +517,10 @@
       display: none;
     }
 
+    .merge-icon {
+      font-size: 10px;
+    }
+
     .multiple-users {
       position: relative;
       height: 24px;
diff --git a/app/serializers/issuable_sidebar_basic_entity.rb b/app/serializers/issuable_sidebar_basic_entity.rb
index c02fd024345..058c707ef9d 100644
--- a/app/serializers/issuable_sidebar_basic_entity.rb
+++ b/app/serializers/issuable_sidebar_basic_entity.rb
@@ -4,6 +4,7 @@ class IssuableSidebarBasicEntity < Grape::Entity
   include RequestAwareEntity
 
   expose :id
+  expose :iid
   expose :type do |issuable|
     issuable.to_ability_name
   end
diff --git a/app/serializers/merge_request_serializer.rb b/app/serializers/merge_request_serializer.rb
index 8ad1df5dfe0..bd2e682a122 100644
--- a/app/serializers/merge_request_serializer.rb
+++ b/app/serializers/merge_request_serializer.rb
@@ -8,7 +8,7 @@ class MergeRequestSerializer < BaseSerializer
     entity ||=
       case opts[:serializer]
       when 'sidebar'
-        IssuableSidebarBasicEntity
+        MergeRequestSidebarBasicEntity
       when 'sidebar_extras'
         MergeRequestSidebarExtrasEntity
       when 'basic'
diff --git a/app/serializers/merge_request_sidebar_basic_entity.rb b/app/serializers/merge_request_sidebar_basic_entity.rb
new file mode 100644
index 00000000000..fdd0cdc50d2
--- /dev/null
+++ b/app/serializers/merge_request_sidebar_basic_entity.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+class MergeRequestSidebarBasicEntity < IssuableSidebarBasicEntity
+end
+
+MergeRequestSidebarBasicEntity.prepend_if_ee('EE::MergeRequestSidebarBasicEntity')
diff --git a/app/views/shared/issuable/_sidebar_assignees.html.haml b/app/views/shared/issuable/_sidebar_assignees.html.haml
index ab01094ed6e..1dc538826dc 100644
--- a/app/views/shared/issuable/_sidebar_assignees.html.haml
+++ b/app/views/shared/issuable/_sidebar_assignees.html.haml
@@ -20,6 +20,8 @@
     placeholder: _('Search users'),
     data: { first_user: issuable_sidebar.dig(:current_user, :username),
       current_user: true,
+      iid: issuable_sidebar[:iid],
+      issuable_type: issuable_type,
       project_id: issuable_sidebar[:project_id],
       author_id: issuable_sidebar[:author_id],
       field_name: "#{issuable_type}[assignee_ids][]",
-- 
cgit v1.2.1


From 4e3c7a0bab0dc42cb46dd06059820eea538adfc9 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Sat, 17 Aug 2019 00:50:04 -0500
Subject: Fix `require` typo to `required`

---
 app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue | 2 +-
 app/assets/javascripts/sidebar/components/assignees/assignees.vue       | 2 +-
 .../javascripts/sidebar/components/assignees/collapsed_assignee.vue     | 2 +-
 .../sidebar/components/assignees/collapsed_assignee_list.vue            | 2 +-
 .../javascripts/sidebar/components/assignees/sidebar_assignees.vue      | 2 +-
 .../sidebar/components/assignees/uncollapsed_assignee_list.vue          | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
index 0bb4f757de8..71a1fc31315 100644
--- a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar.vue
@@ -13,7 +13,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
diff --git a/app/assets/javascripts/sidebar/components/assignees/assignees.vue b/app/assets/javascripts/sidebar/components/assignees/assignees.vue
index ca4090eee96..d9739e8d197 100644
--- a/app/assets/javascripts/sidebar/components/assignees/assignees.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/assignees.vue
@@ -25,7 +25,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
diff --git a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
index 3f3626092a8..2f654409561 100644
--- a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee.vue
@@ -12,7 +12,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
diff --git a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
index 6db198f1c1e..5b4a43399ca 100644
--- a/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/collapsed_assignee_list.vue
@@ -20,7 +20,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
diff --git a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees.vue b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees.vue
index be1e4811856..c6cc04a139f 100644
--- a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees.vue
@@ -29,7 +29,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
diff --git a/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue b/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
index e84b323c7bd..3a4623121f4 100644
--- a/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/uncollapsed_assignee_list.vue
@@ -19,7 +19,7 @@ export default {
     },
     issuableType: {
       type: String,
-      require: true,
+      required: false,
       default: 'issue',
     },
   },
-- 
cgit v1.2.1


From 96b994bd05db072655bcd28204770013feeaa779 Mon Sep 17 00:00:00 2001
From: Igor Drozdov <idrozdov@gitlab.com>
Date: Mon, 19 Aug 2019 11:34:19 +0300
Subject: Fix comments related to BE part

- Edit commit messge body to fix "danger-review"
---
 app/serializers/merge_request_sidebar_basic_entity.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/serializers/merge_request_sidebar_basic_entity.rb b/app/serializers/merge_request_sidebar_basic_entity.rb
index fdd0cdc50d2..3c911bbe4c8 100644
--- a/app/serializers/merge_request_sidebar_basic_entity.rb
+++ b/app/serializers/merge_request_sidebar_basic_entity.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class MergeRequestSidebarBasicEntity < IssuableSidebarBasicEntity
+  expose :current_user, if: lambda { |_issuable| current_user } do
+    expose :can_merge do |merge_request|
+      merge_request.can_be_merged_by?(current_user)
+    end
+  end
 end
-
-MergeRequestSidebarBasicEntity.prepend_if_ee('EE::MergeRequestSidebarBasicEntity')
-- 
cgit v1.2.1


From e4c44b089b58d010fe8e05dbc76acbc68720ae43 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Tue, 20 Aug 2019 13:34:36 -0500
Subject: Fix tooltip alignment issue caused by flex-basis

**Context:**
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14851#note_205954645
---
 .../sidebar/components/assignees/assignee_avatar_link.vue | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
index 6563d1d3410..6633a63d046 100644
--- a/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/assignee_avatar_link.vue
@@ -67,8 +67,17 @@ export default {
 </script>
 
 <template>
-  <gl-link v-gl-tooltip="tooltipOption" :href="assigneeUrl" :title="tooltipTitle" class="d-flex">
-    <assignee-avatar :user="user" :img-size="32" :issuable-type="issuableType" />
-    <slot :user="user"></slot>
+  <!-- must be `d-inline-block` or parent flex-basis causes width issues -->
+  <gl-link
+    v-gl-tooltip="tooltipOption"
+    :href="assigneeUrl"
+    :title="tooltipTitle"
+    class="d-inline-block"
+  >
+    <!-- use d-flex so that slot can be appropriately styled -->
+    <span class="d-flex">
+      <assignee-avatar :user="user" :img-size="32" :issuable-type="issuableType" />
+      <slot :user="user"></slot>
+    </span>
   </gl-link>
 </template>
-- 
cgit v1.2.1


From 6f00586e4c366e7a7a4760a7e3e8bcdce5c17a94 Mon Sep 17 00:00:00 2001
From: Samantha Ming <sming@gitlab.com>
Date: Tue, 20 Aug 2019 20:18:06 +0000
Subject: Add syntax highlighting for line expansion

- dark
- white
- monokai
- none
- solarized-dark
- solarized-light
---
 .../diffs/components/diff_expansion_cell.vue           |  6 +++---
 app/assets/stylesheets/highlight/common.scss           | 13 +++++++++++++
 app/assets/stylesheets/highlight/themes/dark.scss      |  4 ++++
 app/assets/stylesheets/highlight/themes/monokai.scss   |  4 ++++
 app/assets/stylesheets/highlight/themes/none.scss      |  5 ++++-
 .../stylesheets/highlight/themes/solarized-dark.scss   |  4 ++++
 .../stylesheets/highlight/themes/solarized-light.scss  |  4 ++++
 app/assets/stylesheets/highlight/white_base.scss       | 18 +-----------------
 8 files changed, 37 insertions(+), 21 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/diffs/components/diff_expansion_cell.vue b/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
index 43edc116ed1..839ab542377 100644
--- a/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
+++ b/app/assets/javascripts/diffs/components/diff_expansion_cell.vue
@@ -212,12 +212,12 @@ export default {
 </script>
 
 <template>
-  <td :colspan="colspan">
+  <td :colspan="colspan" class="text-center">
     <div class="content js-line-expansion-content">
       <a
         v-if="canExpandUp"
         v-tooltip
-        class="cursor-pointer js-unfold unfold-icon"
+        class="cursor-pointer js-unfold unfold-icon d-inline-block pt-2 pb-2"
         data-placement="top"
         data-container="body"
         :title="__('Expand up')"
@@ -231,7 +231,7 @@ export default {
       <a
         v-if="canExpandDown"
         v-tooltip
-        class="cursor-pointer js-unfold-down has-tooltip unfold-icon"
+        class="cursor-pointer js-unfold-down has-tooltip unfold-icon d-inline-block pt-2 pb-2"
         data-placement="top"
         data-container="body"
         :title="__('Expand down')"
diff --git a/app/assets/stylesheets/highlight/common.scss b/app/assets/stylesheets/highlight/common.scss
index ac3214a07d9..bdeac7e97c0 100644
--- a/app/assets/stylesheets/highlight/common.scss
+++ b/app/assets/stylesheets/highlight/common.scss
@@ -16,3 +16,16 @@
   color: $dark-diff-match-bg;
   background: $dark-diff-match-color;
 }
+
+@mixin diff-expansion($background, $border, $link) {
+  background-color: $background;
+
+  td {
+    border-top: 1px solid $border;
+    border-bottom: 1px solid $border;
+  }
+
+  a {
+    color: $link;
+  }
+}
diff --git a/app/assets/stylesheets/highlight/themes/dark.scss b/app/assets/stylesheets/highlight/themes/dark.scss
index 16893dd047e..cbce0ba3f1e 100644
--- a/app/assets/stylesheets/highlight/themes/dark.scss
+++ b/app/assets/stylesheets/highlight/themes/dark.scss
@@ -111,6 +111,10 @@ $dark-il: #de935f;
     color: $dark-line-color;
   }
 
+  .line_expansion {
+    @include diff-expansion($dark-main-bg, $dark-border, $dark-na);
+  }
+
   // Diff line
   .line_holder {
     &.match .line_content,
diff --git a/app/assets/stylesheets/highlight/themes/monokai.scss b/app/assets/stylesheets/highlight/themes/monokai.scss
index 37fe61b925c..1b61ffa37e3 100644
--- a/app/assets/stylesheets/highlight/themes/monokai.scss
+++ b/app/assets/stylesheets/highlight/themes/monokai.scss
@@ -111,6 +111,10 @@ $monokai-gi: #a6e22e;
     color: $monokai-text-color;
   }
 
+  .line_expansion {
+    @include diff-expansion($monokai-bg, $monokai-border, $monokai-k);
+  }
+
   // Diff line
   .line_holder {
     &.match .line_content,
diff --git a/app/assets/stylesheets/highlight/themes/none.scss b/app/assets/stylesheets/highlight/themes/none.scss
index b4217aac37a..a7ede266fb5 100644
--- a/app/assets/stylesheets/highlight/themes/none.scss
+++ b/app/assets/stylesheets/highlight/themes/none.scss
@@ -34,8 +34,11 @@
     color: $gl-text-color;
   }
 
-// Diff line
+  .line_expansion {
+    @include diff-expansion($gray-light, $white-normal, $gl-text-color);
+  }
 
+  // Diff line
   $none-over-bg: #ded7fc;
   $none-expanded-border: #e0e0e0;
   $none-expanded-bg: #e0e0e0;
diff --git a/app/assets/stylesheets/highlight/themes/solarized-dark.scss b/app/assets/stylesheets/highlight/themes/solarized-dark.scss
index a4e9eda22c9..6569f3abc8b 100644
--- a/app/assets/stylesheets/highlight/themes/solarized-dark.scss
+++ b/app/assets/stylesheets/highlight/themes/solarized-dark.scss
@@ -115,6 +115,10 @@ $solarized-dark-il: #2aa198;
     color: $solarized-dark-pre-color;
   }
 
+  .line_expansion {
+    @include diff-expansion($solarized-dark-line-bg, $solarized-dark-border, $solarized-dark-kd);
+  }
+
   // Diff line
   .line_holder {
     &.match .line_content,
diff --git a/app/assets/stylesheets/highlight/themes/solarized-light.scss b/app/assets/stylesheets/highlight/themes/solarized-light.scss
index b604d1ccb6c..4e74a9ea50a 100644
--- a/app/assets/stylesheets/highlight/themes/solarized-light.scss
+++ b/app/assets/stylesheets/highlight/themes/solarized-light.scss
@@ -122,6 +122,10 @@ $solarized-light-il: #2aa198;
     color: $solarized-light-pre-color;
   }
 
+  .line_expansion {
+    @include diff-expansion($solarized-light-line-bg, $solarized-light-border, $solarized-light-kd);
+  }
+
   // Diff line
   .line_holder {
     &.match .line_content,
diff --git a/app/assets/stylesheets/highlight/white_base.scss b/app/assets/stylesheets/highlight/white_base.scss
index b3974df8639..973f94c63aa 100644
--- a/app/assets/stylesheets/highlight/white_base.scss
+++ b/app/assets/stylesheets/highlight/white_base.scss
@@ -101,24 +101,8 @@ pre.code,
   color: $white-code-color;
 }
 
-// Expansion line
 .line_expansion {
-  background-color: $gray-light;
-
-  td {
-    border-top: 1px solid $border-color;
-    border-bottom: 1px solid $border-color;
-    text-align: center;
-  }
-
-  a {
-    color: $blue-600;
-  }
-
-  .unfold-icon {
-    display: inline-block;
-    padding: 8px 0;
-  }
+  @include diff-expansion($gray-light, $border-color, $blue-600);
 }
 
 // Diff line
-- 
cgit v1.2.1


From 289576ccbad15a59cb12fe84afd54ff7b4e43dca Mon Sep 17 00:00:00 2001
From: Lucy Fox <lucy@afox.org>
Date: Tue, 20 Aug 2019 20:50:59 +0000
Subject: Remove margin from user header buttons

---
 app/assets/stylesheets/framework/header.scss | 2 --
 app/views/layouts/header/_default.html.haml  | 7 ++++---
 2 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss
index 1bc597bd4ae..ca737c53318 100644
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -131,7 +131,6 @@
       > li:not(.d-none) a {
         @include media-breakpoint-down(xs) {
           margin-left: 0;
-          min-width: 100%;
         }
       }
     }
@@ -233,7 +232,6 @@
       .impersonation-btn,
       .impersonation-btn:hover {
         background-color: $white-light;
-        margin-left: 0;
         border-top-left-radius: 0;
         border-bottom-left-radius: 0;
 
diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml
index 89f99472270..14c7b2428b2 100644
--- a/app/views/layouts/header/_default.html.haml
+++ b/app/views/layouts/header/_default.html.haml
@@ -4,6 +4,7 @@
   - search_path_url = search_path(group_id: group.id)
 - else
   - search_path_url = search_path
+- has_impersonation_link = header_link?(:admin_impersonation)
 
 %header.navbar.navbar-gitlab.navbar-expand-sm.js-navbar{ data: { qa_selector: 'navbar' } }
   %a.sr-only.gl-accessibility{ href: "#content-body", tabindex: "1" } Skip to content
@@ -64,14 +65,14 @@
             .dropdown-menu.dropdown-menu-right
               = render 'layouts/header/help_dropdown'
           - if header_link?(:user_dropdown)
-            %li.nav-item.header-user.dropdown{ data: { track_label: "profile_dropdown", track_event: "click_dropdown", track_value: "", qa_selector: 'user_menu' } }
+            %li.nav-item.header-user.dropdown{ data: { track_label: "profile_dropdown", track_event: "click_dropdown", track_value: "", qa_selector: 'user_menu' }, class: ('mr-0' if has_impersonation_link) }
               = link_to current_user, class: user_dropdown_class, data: { toggle: "dropdown" } do
                 = image_tag avatar_icon_for_user(current_user, 23), width: 23, height: 23, class: "header-user-avatar qa-user-avatar"
                 = sprite_icon('angle-down', css_class: 'caret-down')
               .dropdown-menu.dropdown-menu-right
                 = render 'layouts/header/current_user_dropdown'
-          - if header_link?(:admin_impersonation)
-            %li.nav-item.impersonation
+          - if has_impersonation_link
+            %li.nav-item.impersonation.ml-0
               = link_to admin_impersonation_path, class: 'nav-link impersonation-btn', method: :delete, title: _('Stop impersonation'), aria: { label: _('Stop impersonation') }, data: { toggle: 'tooltip', placement: 'bottom', container: 'body' } do
                 = icon('user-secret')
           - if header_link?(:sign_in)
-- 
cgit v1.2.1


From 2d1014713c23d5454bcc06110fd7e1bf6b39eb9c Mon Sep 17 00:00:00 2001
From: Enrique Alcantara <ealcantara@gitlab.com>
Date: Tue, 20 Aug 2019 17:07:29 -0400
Subject: Fix serverless entry page layout

---
 app/views/projects/serverless/functions/index.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/projects/serverless/functions/index.html.haml b/app/views/projects/serverless/functions/index.html.haml
index 9c69aedfbfc..bac6c76684b 100644
--- a/app/views/projects/serverless/functions/index.html.haml
+++ b/app/views/projects/serverless/functions/index.html.haml
@@ -14,5 +14,5 @@
   .js-serverless-functions-notice
     .flash-container
 
-  .top-area.adjust
+  .top-area.adjust.d-flex.justify-content-center
     .serverless-functions-table#js-serverless-functions
-- 
cgit v1.2.1


From 93a618f0e54b5ae28f7525b8861763130c692415 Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@eml.cc>
Date: Thu, 1 Aug 2019 17:54:52 +1200
Subject: New wiki page redirects user to random slug

Previously we asked a user to enter a new slug before taking them to
the Create Page page.

As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.

https://gitlab.com/gitlab-org/gitlab-ce/issues/46299
---
 .../javascripts/pages/projects/wikis/wikis.js      | 42 ++++++++++++----------
 app/controllers/projects/wikis_controller.rb       | 31 +++++++++++++---
 app/models/project_wiki.rb                         |  4 +++
 app/views/projects/wikis/_form.html.haml           | 18 +++++-----
 app/views/projects/wikis/_main_links.html.haml     |  6 ++--
 app/views/projects/wikis/_new.html.haml            | 18 ----------
 app/views/projects/wikis/_sidebar.html.haml        |  2 --
 app/views/projects/wikis/edit.html.haml            | 11 +++---
 8 files changed, 70 insertions(+), 62 deletions(-)
 delete mode 100644 app/views/projects/wikis/_new.html.haml

(limited to 'app')

diff --git a/app/assets/javascripts/pages/projects/wikis/wikis.js b/app/assets/javascripts/pages/projects/wikis/wikis.js
index 9b58d42b47d..d41199f6374 100644
--- a/app/assets/javascripts/pages/projects/wikis/wikis.js
+++ b/app/assets/javascripts/pages/projects/wikis/wikis.js
@@ -1,6 +1,5 @@
 import bp from '../../../breakpoints';
-import { parseQueryStringIntoObject } from '../../../lib/utils/common_utils';
-import { mergeUrlParams, redirectTo } from '../../../lib/utils/url_utility';
+import { s__, sprintf } from '~/locale';
 
 export default class Wikis {
   constructor() {
@@ -12,32 +11,37 @@ export default class Wikis {
       sidebarToggles[i].addEventListener('click', e => this.handleToggleSidebar(e));
     }
 
-    this.newWikiForm = document.querySelector('form.new-wiki-page');
-    if (this.newWikiForm) {
-      this.newWikiForm.addEventListener('submit', e => this.handleNewWikiSubmit(e));
+    this.isNewWikiPage = Boolean(document.querySelector('.js-new-wiki-page'));
+    this.editTitleInput = document.querySelector('form.wiki-form #wiki_title');
+    this.commitMessageInput = document.querySelector('form.wiki-form #wiki_message');
+    this.commitMessageI18n = this.isNewWikiPage
+      ? s__('WikiPageCreate|Create %{pageTitle}')
+      : s__('WikiPageEdit|Update %{pageTitle}');
+
+    if (this.editTitleInput) {
+      // Initialize the commit message on load
+      if (this.editTitleInput.value) this.setWikiCommitMessage(this.editTitleInput.value);
+
+      // Set the commit message as the page title is changed
+      this.editTitleInput.addEventListener('keyup', e => this.handleWikiTitleChange(e));
     }
 
     window.addEventListener('resize', () => this.renderSidebar());
     this.renderSidebar();
   }
 
-  handleNewWikiSubmit(e) {
-    if (!this.newWikiForm) return;
-
-    const slugInput = this.newWikiForm.querySelector('#new_wiki_path');
-
-    const slug = slugInput.value;
+  handleWikiTitleChange(e) {
+    this.setWikiCommitMessage(e.target.value);
+  }
 
-    if (slug.length > 0) {
-      const wikisPath = slugInput.getAttribute('data-wikis-path');
+  setWikiCommitMessage(rawTitle) {
+    let title = rawTitle;
 
-      // If the wiki is empty, we need to merge the current URL params to keep the "create" view.
-      const params = parseQueryStringIntoObject(window.location.search.substr(1));
-      const url = mergeUrlParams(params, `${wikisPath}/${slug}`);
-      redirectTo(url);
+    // Replace hyphens with spaces
+    if (title) title = title.replace(/-+/g, ' ');
 
-      e.preventDefault();
-    }
+    const newCommitMessage = sprintf(this.commitMessageI18n, { pageTitle: title });
+    this.commitMessageInput.value = newCommitMessage;
   }
 
   handleToggleSidebar(e) {
diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb
index d1914c35bd3..b187fdb2723 100644
--- a/app/controllers/projects/wikis_controller.rb
+++ b/app/controllers/projects/wikis_controller.rb
@@ -16,6 +16,10 @@ class Projects::WikisController < Projects::ApplicationController
     redirect_to(project_wiki_path(@project, @page))
   end
 
+  def new
+    redirect_to project_wiki_path(@project, SecureRandom.uuid, random_title: true)
+  end
+
   def pages
     @wiki_pages = Kaminari.paginate_array(
       @project_wiki.list_pages(sort: params[:sort], direction: params[:direction])
@@ -24,17 +28,25 @@ class Projects::WikisController < Projects::ApplicationController
     @wiki_entries = WikiPage.group_by_directory(@wiki_pages)
   end
 
+  # `#show` handles a number of scenarios:
+  #
+  # - If `id` matches a WikiPage, then show the wiki page.
+  # - If `id` is a file in the wiki repository, then send the file.
+  # - If we know the user wants to create a new page with the given `id`,
+  #   then display a create form.
+  # - Otherwise show the empty wiki page and invite the user to create a page.
   def show
-    view_param = @project_wiki.empty? ? params[:view] : 'create'
-
     if @page
       set_encoding_error unless valid_encoding?
 
       render 'show'
     elsif file_blob
       send_blob(@project_wiki.repository, file_blob)
-    elsif can?(current_user, :create_wiki, @project) && view_param == 'create'
-      @page = build_page(title: params[:id])
+    elsif show_create_form?
+      # Assign a title to the WikiPage unless `id` is a randomly generated slug from #new
+      title = params[:id] unless params[:random_title].present?
+
+      @page = build_page(title: title)
 
       render 'edit'
     else
@@ -110,6 +122,15 @@ class Projects::WikisController < Projects::ApplicationController
 
   private
 
+  def show_create_form?
+    can?(current_user, :create_wiki, @project) &&
+      @page.nil? &&
+      # Always show the create form when the wiki has had at least one page created.
+      # Otherwise, we only show the form when the user has navigated from
+      # the 'empty wiki' page
+      (@project_wiki.exists? || params[:view] == 'create')
+  end
+
   def load_project_wiki
     @project_wiki = load_wiki
 
@@ -135,7 +156,7 @@ class Projects::WikisController < Projects::ApplicationController
     params.require(:wiki).permit(:title, :content, :format, :message, :last_commit_sha)
   end
 
-  def build_page(args)
+  def build_page(args = {})
     WikiPage.new(@project_wiki).tap do |page|
       page.update_attributes(args) # rubocop:disable Rails/ActiveRecordAliases
     end
diff --git a/app/models/project_wiki.rb b/app/models/project_wiki.rb
index c91add6439f..4a19e05bf76 100644
--- a/app/models/project_wiki.rb
+++ b/app/models/project_wiki.rb
@@ -85,6 +85,10 @@ class ProjectWiki
     list_pages(limit: 1).empty?
   end
 
+  def exists?
+    !empty?
+  end
+
   # Lists wiki pages of the repository.
   #
   # limit - max number of pages returned by the method.
diff --git a/app/views/projects/wikis/_form.html.haml b/app/views/projects/wikis/_form.html.haml
index 858731b2dda..a153f527ee0 100644
--- a/app/views/projects/wikis/_form.html.haml
+++ b/app/views/projects/wikis/_form.html.haml
@@ -1,8 +1,8 @@
-- commit_message = @page.persisted? ? s_("WikiPageEdit|Update %{page_title}") : s_("WikiPageCreate|Create %{page_title}")
-- commit_message = commit_message % { page_title: @page.title }
+- form_classes = 'wiki-form common-note-form prepend-top-default js-quick-submit'
+- form_classes += ' js-new-wiki-page' unless @page.persisted?
 
 = form_for [@project.namespace.becomes(Namespace), @project, @page], method: @page.persisted? ? :put : :post,
-           html: { class: 'wiki-form common-note-form prepend-top-default js-quick-submit' },
+           html: { class: form_classes },
            data: { uploads_path: uploads_path } do |f|
   = form_errors(@page)
 
@@ -12,12 +12,14 @@
   .form-group.row
     .col-sm-12= f.label :title, class: 'control-label-full-width'
     .col-sm-12
-      = f.text_field :title, class: 'form-control qa-wiki-title-textbox', value: @page.title
-      - if @page.persisted?
-        %span.d-inline-block.mw-100.prepend-top-5
-          = icon('lightbulb-o')
+      = f.text_field :title, class: 'form-control qa-wiki-title-textbox', value: @page.title, required: true, autofocus: !@page.persisted?, placeholder: _('Wiki|Page title')
+      %span.d-inline-block.mw-100.prepend-top-5
+        = icon('lightbulb-o')
+        - if @page.persisted?
           = s_("WikiEditPageTip|Tip: You can move this page by adding the path to the beginning of the title.")
           = link_to icon('question-circle'), help_page_path('user/project/wiki/index', anchor: 'moving-a-wiki-page'), target: '_blank'
+        - else
+          = s_("WikiNewPageTip|Tip: You can specify the full path for the new file. We will automatically create any missing directories.")
   .form-group.row
     .col-sm-12= f.label :format, class: 'control-label-full-width'
     .col-sm-12
@@ -43,7 +45,7 @@
 
   .form-group.row
     .col-sm-12= f.label :commit_message, class: 'control-label-full-width'
-    .col-sm-12= f.text_field :message, class: 'form-control qa-wiki-message-textbox', rows: 18, value: commit_message
+    .col-sm-12= f.text_field :message, class: 'form-control qa-wiki-message-textbox', rows: 18, value: nil
 
   .form-actions
     - if @page && @page.persisted?
diff --git a/app/views/projects/wikis/_main_links.html.haml b/app/views/projects/wikis/_main_links.html.haml
index 643b51e01d1..2e1e176c42a 100644
--- a/app/views/projects/wikis/_main_links.html.haml
+++ b/app/views/projects/wikis/_main_links.html.haml
@@ -1,9 +1,9 @@
 - if (@page && @page.persisted?)
   - if can?(current_user, :create_wiki, @project)
-    = link_to '#modal-new-wiki', class: "add-new-wiki btn btn-success", "data-toggle" => "modal" do
+    = link_to project_wikis_new_path(@project), class: "add-new-wiki btn btn-success", role: "button" do
       = s_("Wiki|New page")
-  = link_to project_wiki_history_path(@project, @page), class: "btn" do
+  = link_to project_wiki_history_path(@project, @page), class: "btn", role: "button" do
     = s_("Wiki|Page history")
   - if can?(current_user, :create_wiki, @project) && @page.latest? && @valid_encoding
-    = link_to project_wiki_edit_path(@project, @page), class: "btn js-wiki-edit" do
+    = link_to project_wiki_edit_path(@project, @page), class: "btn js-wiki-edit", role: "button" do
       = _("Edit")
diff --git a/app/views/projects/wikis/_new.html.haml b/app/views/projects/wikis/_new.html.haml
deleted file mode 100644
index 2c675c0de9c..00000000000
--- a/app/views/projects/wikis/_new.html.haml
+++ /dev/null
@@ -1,18 +0,0 @@
-#modal-new-wiki.modal
-  .modal-dialog
-    .modal-content
-      .modal-header
-        %h3.page-title= s_("WikiNewPageTitle|New Wiki Page")
-        %button.close{ type: "button", "data-dismiss": "modal", "aria-label" => _('Close') }
-          %span{ "aria-hidden": true } &times;
-      .modal-body
-        %form.new-wiki-page
-          .form-group
-            = label_tag :new_wiki_path do
-              %span= s_("WikiPage|Page slug")
-            = text_field_tag :new_wiki_path, nil, placeholder: s_("WikiNewPagePlaceholder|how-to-setup"), class: 'form-control', required: true, :'data-wikis-path' => project_wikis_path(@project), autofocus: true
-            %span.d-inline-block.mw-100.prepend-top-5
-              = icon('lightbulb-o')
-              = s_("WikiNewPageTip|Tip: You can specify the full path for the new file. We will automatically create any missing directories.")
-          .form-actions
-            = button_tag s_("Wiki|Create page"), class: "build-new-wiki btn btn-success"
diff --git a/app/views/projects/wikis/_sidebar.html.haml b/app/views/projects/wikis/_sidebar.html.haml
index 28353927135..a9d21470944 100644
--- a/app/views/projects/wikis/_sidebar.html.haml
+++ b/app/views/projects/wikis/_sidebar.html.haml
@@ -19,5 +19,3 @@
       .block
         = link_to project_wikis_pages_path(@project), class: 'btn btn-block' do
           = s_("Wiki|More Pages")
-
-= render 'projects/wikis/new'
diff --git a/app/views/projects/wikis/edit.html.haml b/app/views/projects/wikis/edit.html.haml
index e8b59a3b8c4..815b4a51261 100644
--- a/app/views/projects/wikis/edit.html.haml
+++ b/app/views/projects/wikis/edit.html.haml
@@ -13,14 +13,11 @@
     %h2.wiki-page-title
       - if @page.persisted?
         = link_to @page.human_title, project_wiki_path(@project, @page)
-      - else
-        = @page.human_title
-      %span.light
-        &middot;
-        - if @page.persisted?
+        %span.light
+          &middot;
           = s_("Wiki|Edit Page")
-        - else
-          = s_("Wiki|Create Page")
+      - else
+        = s_("Wiki|Create New Page")
 
   .nav-controls
     - if @page.persisted?
-- 
cgit v1.2.1


From 0284917c701acfa5d88a98fef641ab35164ed9a8 Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Thu, 15 Aug 2019 15:29:29 +0800
Subject: Remove inline JS in links

Changes these to use unobtrusive JS
---
 app/assets/stylesheets/errors.scss                                  | 2 +-
 app/views/admin/applications/_delete_form.html.haml                 | 2 +-
 app/views/doorkeeper/authorized_applications/_delete_form.html.haml | 2 +-
 app/views/errors/access_denied.html.haml                            | 4 ++--
 app/views/layouts/errors.html.haml                                  | 6 +++++-
 app/views/profiles/personal_access_tokens/index.html.haml           | 4 ++--
 6 files changed, 12 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/errors.scss b/app/assets/stylesheets/errors.scss
index d287215096e..89029a58d1e 100644
--- a/app/assets/stylesheets/errors.scss
+++ b/app/assets/stylesheets/errors.scss
@@ -96,7 +96,7 @@ a {
 }
 
 .error-nav {
-  padding: 0;
+  padding: $gl-padding 0 0;
   text-align: center;
 
   li {
diff --git a/app/views/admin/applications/_delete_form.html.haml b/app/views/admin/applications/_delete_form.html.haml
index 82781f6716d..86f09bf1cb0 100644
--- a/app/views/admin/applications/_delete_form.html.haml
+++ b/app/views/admin/applications/_delete_form.html.haml
@@ -1,4 +1,4 @@
 - submit_btn_css ||= 'btn btn-link btn-remove btn-sm'
 = form_tag admin_application_path(application) do
   %input{ :name => "_method", :type => "hidden", :value => "delete" }/
-  = submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css
+  = submit_tag 'Destroy', class: submit_btn_css, data: { confirm: _('Are you sure?') }
diff --git a/app/views/doorkeeper/authorized_applications/_delete_form.html.haml b/app/views/doorkeeper/authorized_applications/_delete_form.html.haml
index 69cc510e9c1..9bc5e2ee42f 100644
--- a/app/views/doorkeeper/authorized_applications/_delete_form.html.haml
+++ b/app/views/doorkeeper/authorized_applications/_delete_form.html.haml
@@ -5,4 +5,4 @@
 
 = form_tag path do
   %input{ :name => "_method", :type => "hidden", :value => "delete" }/
-  = submit_tag _('Revoke'), onclick: "return confirm('#{_('Are you sure?')}')", class: 'btn btn-remove btn-sm'
+  = submit_tag _('Revoke'), class: 'btn btn-remove btn-sm', data: { confirm: _('Are you sure?') }
diff --git a/app/views/errors/access_denied.html.haml b/app/views/errors/access_denied.html.haml
index 46931b5932d..1ed7b56db1d 100644
--- a/app/views/errors/access_denied.html.haml
+++ b/app/views/errors/access_denied.html.haml
@@ -10,7 +10,7 @@
       = message
   %p
     = s_('403|Please contact your GitLab administrator to get permission.')
-  .action-container.js-go-back{ style: 'display: none' }
-    %a{ href: 'javascript:history.back()', class: 'btn btn-success' }
+  .action-container.js-go-back{ hidden: true }
+    %button{ type: 'button', class: 'btn btn-success' }
       = s_('Go Back')
 = render "errors/footer"
diff --git a/app/views/layouts/errors.html.haml b/app/views/layouts/errors.html.haml
index 74484005b48..dc924a0e25d 100644
--- a/app/views/layouts/errors.html.haml
+++ b/app/views/layouts/errors.html.haml
@@ -14,6 +14,10 @@
           var goBackElement = document.querySelector('.js-go-back');
 
           if (goBackElement && history.length > 1) {
-            goBackElement.style.display = 'block';
+            goBackElement.removeAttribute('hidden');
+
+            goBackElement.querySelector('button').addEventListener('click', function() {
+              history.back();
+            });
           }
         }());
diff --git a/app/views/profiles/personal_access_tokens/index.html.haml b/app/views/profiles/personal_access_tokens/index.html.haml
index 65ef9690062..08a39fc4f58 100644
--- a/app/views/profiles/personal_access_tokens/index.html.haml
+++ b/app/views/profiles/personal_access_tokens/index.html.haml
@@ -31,7 +31,7 @@
       = s_('AccessTokens|It cannot be used to access any other data.')
   .col-lg-8.feed-token-reset
     = label_tag :feed_token, s_('AccessTokens|Feed token'), class: "label-bold"
-    = text_field_tag :feed_token, current_user.feed_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+    = text_field_tag :feed_token, current_user.feed_token, class: 'form-control js-select-on-focus', readonly: true
     %p.form-text.text-muted
       - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :feed_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any RSS or calendar URLs currently in use will stop working.') }
       - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds or your calendar feed as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }
@@ -49,7 +49,7 @@
         = s_('AccessTokens|It cannot be used to access any other data.')
     .col-lg-8.incoming-email-token-reset
       = label_tag :incoming_email_token, s_('AccessTokens|Incoming email token'), class: "label-bold"
-      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control js-select-on-focus', readonly: true
       %p.form-text.text-muted
         - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :incoming_email_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any issue email addresses currently in use will stop working.') }
         - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can create issues as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }
-- 
cgit v1.2.1


From 330cbddec30840a72a52aade383286e58545ce98 Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@eml.cc>
Date: Tue, 18 Jun 2019 17:15:53 +1200
Subject: Renaming AwardedEmojiFinder to a Service

This finder class acts more as a service, as it only returns mapped
data.

Renaming this class allows us to create a new AwardEmojiFinder without
the ambiguity of there being two similarly-named finders.

https://gitlab.com/gitlab-org/gitlab-ce/issues/63372
---
 app/controllers/autocomplete_controller.rb         |  2 +-
 app/finders/awarded_emoji_finder.rb                | 21 --------------------
 .../award_emojis/collect_user_emoji_service.rb     | 23 ++++++++++++++++++++++
 3 files changed, 24 insertions(+), 22 deletions(-)
 delete mode 100644 app/finders/awarded_emoji_finder.rb
 create mode 100644 app/services/award_emojis/collect_user_emoji_service.rb

(limited to 'app')

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index f111c7ca8cc..30a567c3bef 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -36,7 +36,7 @@ class AutocompleteController < ApplicationController
   end
 
   def award_emojis
-    render json: AwardedEmojiFinder.new(current_user).execute
+    render json: AwardEmojis::CollectUserEmojiService.new(current_user).execute
   end
 
   def merge_request_target_branches
diff --git a/app/finders/awarded_emoji_finder.rb b/app/finders/awarded_emoji_finder.rb
deleted file mode 100644
index f0cc17f3b26..00000000000
--- a/app/finders/awarded_emoji_finder.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-# Class for retrieving information about emoji awarded _by_ a particular user.
-class AwardedEmojiFinder
-  attr_reader :current_user
-
-  # current_user - The User to generate the data for.
-  def initialize(current_user = nil)
-    @current_user = current_user
-  end
-
-  def execute
-    return [] unless current_user
-
-    # We want the resulting data set to be an Array containing the emoji names
-    # in descending order, based on how often they were awarded.
-    AwardEmoji
-      .award_counts_for_user(current_user)
-      .map { |name, _| { name: name } }
-  end
-end
diff --git a/app/services/award_emojis/collect_user_emoji_service.rb b/app/services/award_emojis/collect_user_emoji_service.rb
new file mode 100644
index 00000000000..6cab23f3edf
--- /dev/null
+++ b/app/services/award_emojis/collect_user_emoji_service.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# Class for retrieving information about emoji awarded _by_ a particular user.
+module AwardEmojis
+  class CollectUserEmojiService
+    attr_reader :current_user
+
+    # current_user - The User to generate the data for.
+    def initialize(current_user = nil)
+      @current_user = current_user
+    end
+
+    def execute
+      return [] unless current_user
+
+      # We want the resulting data set to be an Array containing the emoji names
+      # in descending order, based on how often they were awarded.
+      AwardEmoji
+        .award_counts_for_user(current_user)
+        .map { |name, _| { name: name } }
+    end
+  end
+end
-- 
cgit v1.2.1


From 37b17fa61a1fb5efe5942ab2cb27b15685bf905e Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@eml.cc>
Date: Tue, 18 Jun 2019 13:44:43 +1200
Subject: Add service classes for mutating AwardEmoji

Adding, destroying and toggling emoji previously lacked services and
instead were performed through methods called on Awardable models.

This led to inconsistencies where relevant todos would be marked as done
only when emoji were awarded through our controllers, but not through
the API. Todos could also be marked as done when an emoji was being
removed.

Behaviour changes

- Awarding emoji through the API will now mark a relevant Todo as done
- Toggling an emoji off (destroying it) through our controllers will no
  longer mark a relevant Todo as done

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/63372
---
 app/controllers/concerns/toggle_award_emoji.rb | 19 +--------
 app/finders/award_emojis_finder.rb             | 55 ++++++++++++++++++++++++++
 app/models/award_emoji.rb                      |  6 ++-
 app/models/concerns/awardable.rb               | 26 +-----------
 app/services/award_emojis/add_service.rb       | 42 ++++++++++++++++++++
 app/services/award_emojis/base_service.rb      | 32 +++++++++++++++
 app/services/award_emojis/destroy_service.rb   | 21 ++++++++++
 app/services/award_emojis/toggle_service.rb    | 13 ++++++
 app/services/issuable_base_service.rb          |  5 +--
 9 files changed, 171 insertions(+), 48 deletions(-)
 create mode 100644 app/finders/award_emojis_finder.rb
 create mode 100644 app/services/award_emojis/add_service.rb
 create mode 100644 app/services/award_emojis/base_service.rb
 create mode 100644 app/services/award_emojis/destroy_service.rb
 create mode 100644 app/services/award_emojis/toggle_service.rb

(limited to 'app')

diff --git a/app/controllers/concerns/toggle_award_emoji.rb b/app/controllers/concerns/toggle_award_emoji.rb
index 97b343f8b1a..24d178781d6 100644
--- a/app/controllers/concerns/toggle_award_emoji.rb
+++ b/app/controllers/concerns/toggle_award_emoji.rb
@@ -7,12 +7,9 @@ module ToggleAwardEmoji
     authenticate_user!
     name = params.require(:name)
 
-    if awardable.user_can_award?(current_user)
-      awardable.toggle_award_emoji(name, current_user)
-
-      todoable = to_todoable(awardable)
-      TodoService.new.new_award_emoji(todoable, current_user) if todoable
+    service = AwardEmojis::ToggleService.new(awardable, name, current_user).execute
 
+    if service[:status] == :success
       render json: { ok: true }
     else
       render json: { ok: false }
@@ -21,18 +18,6 @@ module ToggleAwardEmoji
 
   private
 
-  def to_todoable(awardable)
-    case awardable
-    when Note
-      # we don't create todos for personal snippet comments for now
-      awardable.for_personal_snippet? ? nil : awardable.noteable
-    when MergeRequest, Issue
-      awardable
-    when Snippet
-      nil
-    end
-  end
-
   def awardable
     raise NotImplementedError
   end
diff --git a/app/finders/award_emojis_finder.rb b/app/finders/award_emojis_finder.rb
new file mode 100644
index 00000000000..7320e035409
--- /dev/null
+++ b/app/finders/award_emojis_finder.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+class AwardEmojisFinder
+  attr_reader :awardable, :params
+
+  def initialize(awardable, params = {})
+    @awardable = awardable
+    @params = params
+
+    validate_params
+  end
+
+  def execute
+    awards = awardable.award_emoji
+    awards = by_name(awards)
+    awards = by_awarded_by(awards)
+    awards
+  end
+
+  private
+
+  def by_name(awards)
+    return awards unless params[:name]
+
+    awards.named(params[:name])
+  end
+
+  def by_awarded_by(awards)
+    return awards unless params[:awarded_by]
+
+    awards.awarded_by(params[:awarded_by])
+  end
+
+  def validate_params
+    return unless params.present?
+
+    validate_name_param
+    validate_awarded_by_param
+  end
+
+  def validate_name_param
+    return unless params[:name]
+
+    raise ArgumentError, 'Invalid name param' unless params[:name].in?(Gitlab::Emoji.emojis_names)
+  end
+
+  def validate_awarded_by_param
+    return unless params[:awarded_by]
+
+    # awarded_by can be a `User`, or an ID
+    unless params[:awarded_by].is_a?(User) || params[:awarded_by].to_s.match(/\A\d+\Z/)
+      raise ArgumentError, 'Invalid awarded_by param'
+    end
+  end
+end
diff --git a/app/models/award_emoji.rb b/app/models/award_emoji.rb
index e26162f6151..0ab302a0f3e 100644
--- a/app/models/award_emoji.rb
+++ b/app/models/award_emoji.rb
@@ -16,8 +16,10 @@ class AwardEmoji < ApplicationRecord
 
   participant :user
 
-  scope :downvotes, -> { where(name: DOWNVOTE_NAME) }
-  scope :upvotes,   -> { where(name: UPVOTE_NAME) }
+  scope :downvotes, -> { named(DOWNVOTE_NAME) }
+  scope :upvotes, -> { named(UPVOTE_NAME) }
+  scope :named, -> (names) { where(name: names) }
+  scope :awarded_by, -> (users) { where(user: users) }
 
   after_save :expire_etag_cache
   after_destroy :expire_etag_cache
diff --git a/app/models/concerns/awardable.rb b/app/models/concerns/awardable.rb
index 14bc56f0eee..f229b42ade6 100644
--- a/app/models/concerns/awardable.rb
+++ b/app/models/concerns/awardable.rb
@@ -106,30 +106,6 @@ module Awardable
   end
 
   def awarded_emoji?(emoji_name, current_user)
-    award_emoji.where(name: emoji_name, user: current_user).exists?
-  end
-
-  def create_award_emoji(name, current_user)
-    return unless emoji_awardable?
-
-    award_emoji.create(name: normalize_name(name), user: current_user)
-  end
-
-  def remove_award_emoji(name, current_user)
-    award_emoji.where(name: name, user: current_user).destroy_all # rubocop: disable DestroyAll
-  end
-
-  def toggle_award_emoji(emoji_name, current_user)
-    if awarded_emoji?(emoji_name, current_user)
-      remove_award_emoji(emoji_name, current_user)
-    else
-      create_award_emoji(emoji_name, current_user)
-    end
-  end
-
-  private
-
-  def normalize_name(name)
-    Gitlab::Emoji.normalize_emoji_name(name)
+    award_emoji.named(emoji_name).awarded_by(current_user).exists?
   end
 end
diff --git a/app/services/award_emojis/add_service.rb b/app/services/award_emojis/add_service.rb
new file mode 100644
index 00000000000..eac15dabbf0
--- /dev/null
+++ b/app/services/award_emojis/add_service.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module AwardEmojis
+  class AddService < AwardEmojis::BaseService
+    include Gitlab::Utils::StrongMemoize
+
+    def execute
+      unless awardable.user_can_award?(current_user)
+        return error('User cannot award emoji to awardable', status: :forbidden)
+      end
+
+      unless awardable.emoji_awardable?
+        return error('Awardable cannot be awarded emoji', status: :unprocessable_entity)
+      end
+
+      award = awardable.award_emoji.create(name: name, user: current_user)
+
+      if award.persisted?
+        TodoService.new.new_award_emoji(todoable, current_user) if todoable
+        success(award: award)
+      else
+        error(award.errors.full_messages, award: award)
+      end
+    end
+
+    private
+
+    def todoable
+      strong_memoize(:todoable) do
+        case awardable
+        when Note
+          # We don't create todos for personal snippet comments for now
+          awardable.noteable unless awardable.for_personal_snippet?
+        when MergeRequest, Issue
+          awardable
+        when Snippet
+          nil
+        end
+      end
+    end
+  end
+end
diff --git a/app/services/award_emojis/base_service.rb b/app/services/award_emojis/base_service.rb
new file mode 100644
index 00000000000..a677d03a221
--- /dev/null
+++ b/app/services/award_emojis/base_service.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module AwardEmojis
+  class BaseService < ::BaseService
+    attr_accessor :awardable, :name
+
+    def initialize(awardable, name, current_user)
+      @awardable = awardable
+      @name = normalize_name(name)
+
+      super(awardable.project, current_user)
+    end
+
+    private
+
+    def normalize_name(name)
+      Gitlab::Emoji.normalize_emoji_name(name)
+    end
+
+    # Provide more error state data than what BaseService allows.
+    # - An array of errors
+    # - The `AwardEmoji` if present
+    def error(errors, award: nil, status: nil)
+      errors = Array.wrap(errors)
+
+      super(errors.to_sentence.presence, status).merge({
+        award: award,
+        errors: errors
+      })
+    end
+  end
+end
diff --git a/app/services/award_emojis/destroy_service.rb b/app/services/award_emojis/destroy_service.rb
new file mode 100644
index 00000000000..3789a8403bc
--- /dev/null
+++ b/app/services/award_emojis/destroy_service.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module AwardEmojis
+  class DestroyService < AwardEmojis::BaseService
+    def execute
+      unless awardable.user_can_award?(current_user)
+        return error('User cannot destroy emoji on the awardable', status: :forbidden)
+      end
+
+      awards = AwardEmojisFinder.new(awardable, name: name, awarded_by: current_user).execute
+
+      if awards.empty?
+        return error("User has not awarded emoji of type #{name} on the awardable", status: :forbidden)
+      end
+
+      award = awards.destroy_all.first # rubocop: disable DestroyAll
+
+      success(award: award)
+    end
+  end
+end
diff --git a/app/services/award_emojis/toggle_service.rb b/app/services/award_emojis/toggle_service.rb
new file mode 100644
index 00000000000..812dd1c2889
--- /dev/null
+++ b/app/services/award_emojis/toggle_service.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module AwardEmojis
+  class ToggleService < AwardEmojis::BaseService
+    def execute
+      if awardable.awarded_emoji?(name, current_user)
+        DestroyService.new(awardable, name, current_user).execute
+      else
+        AddService.new(awardable, name, current_user).execute
+      end
+    end
+  end
+end
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index 77c2224ee3b..2ab6e88599f 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -344,10 +344,7 @@ class IssuableBaseService < BaseService
 
   def toggle_award(issuable)
     award = params.delete(:emoji_award)
-    if award
-      todo_service.new_award_emoji(issuable, current_user)
-      issuable.toggle_award_emoji(award, current_user)
-    end
+    AwardEmojis::ToggleService.new(issuable, award, current_user).execute if award
   end
 
   def associations_before_update(issuable)
-- 
cgit v1.2.1


From 15b02da69f1b3bfac859d076728a46586b53db6b Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@eml.cc>
Date: Tue, 9 Jul 2019 13:57:04 +1200
Subject: Use AwardEmojis services in GraphQL mutations

https://gitlab.com/gitlab-org/gitlab-ce/issues/63372
---
 app/graphql/mutations/award_emojis/add.rb    |  9 +++------
 app/graphql/mutations/award_emojis/remove.rb | 15 ++-------------
 app/graphql/mutations/award_emojis/toggle.rb | 14 +++-----------
 3 files changed, 8 insertions(+), 30 deletions(-)

(limited to 'app')

diff --git a/app/graphql/mutations/award_emojis/add.rb b/app/graphql/mutations/award_emojis/add.rb
index 8e050dd6d29..85f3eb065bb 100644
--- a/app/graphql/mutations/award_emojis/add.rb
+++ b/app/graphql/mutations/award_emojis/add.rb
@@ -10,14 +10,11 @@ module Mutations
 
         check_object_is_awardable!(awardable)
 
-        # TODO this will be handled by AwardEmoji::AddService
-        # See https://gitlab.com/gitlab-org/gitlab-ce/issues/63372 and
-        # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29782
-        award = awardable.create_award_emoji(args[:name], current_user)
+        service = ::AwardEmojis::AddService.new(awardable, args[:name], current_user).execute
 
         {
-          award_emoji: (award if award.persisted?),
-          errors: errors_on_object(award)
+          award_emoji: (service[:award] if service[:status] == :success),
+          errors: service[:errors] || []
         }
       end
     end
diff --git a/app/graphql/mutations/award_emojis/remove.rb b/app/graphql/mutations/award_emojis/remove.rb
index 3ba85e445b8..f8a3d0ce390 100644
--- a/app/graphql/mutations/award_emojis/remove.rb
+++ b/app/graphql/mutations/award_emojis/remove.rb
@@ -10,22 +10,11 @@ module Mutations
 
         check_object_is_awardable!(awardable)
 
-        # TODO this check can be removed once AwardEmoji services are available.
-        # See https://gitlab.com/gitlab-org/gitlab-ce/issues/63372 and
-        # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29782
-        unless awardable.awarded_emoji?(args[:name], current_user)
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable,
-                'You have not awarded emoji of type name to the awardable'
-        end
-
-        # TODO this will be handled by AwardEmoji::DestroyService
-        # See https://gitlab.com/gitlab-org/gitlab-ce/issues/63372 and
-        # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29782
-        awardable.remove_award_emoji(args[:name], current_user)
+        service = ::AwardEmojis::DestroyService.new(awardable, args[:name], current_user).execute
 
         {
           # Mutation response is always a `nil` award_emoji
-          errors: []
+          errors: service[:errors] || []
         }
       end
     end
diff --git a/app/graphql/mutations/award_emojis/toggle.rb b/app/graphql/mutations/award_emojis/toggle.rb
index c03902e8035..d822048f3a6 100644
--- a/app/graphql/mutations/award_emojis/toggle.rb
+++ b/app/graphql/mutations/award_emojis/toggle.rb
@@ -15,23 +15,15 @@ module Mutations
 
         check_object_is_awardable!(awardable)
 
-        # TODO this will be handled by AwardEmoji::ToggleService
-        # See https://gitlab.com/gitlab-org/gitlab-ce/issues/63372 and
-        # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/29782
-        award = awardable.toggle_award_emoji(args[:name], current_user)
-
-        # Destroy returns a collection :(
-        award = award.first if award.is_a?(Array)
-
-        errors = errors_on_object(award)
+        service = ::AwardEmojis::ToggleService.new(awardable, args[:name], current_user).execute
 
         toggled_on = awardable.awarded_emoji?(args[:name], current_user)
 
         {
           # For consistency with the AwardEmojis::Remove mutation, only return
           # the AwardEmoji if it was created and not destroyed
-          award_emoji: (award if toggled_on),
-          errors: errors,
+          award_emoji: (service[:award] if toggled_on),
+          errors: service[:errors] || [],
           toggled_on: toggled_on
         }
       end
-- 
cgit v1.2.1


From a07efbdfd0ccb332df124b6c40287bdccb26fd89 Mon Sep 17 00:00:00 2001
From: manojmj <mmj@gitlab.com>
Date: Wed, 21 Aug 2019 09:12:48 +0530
Subject: CE: Audit event for archiving and unarchiving projects

---
 app/controllers/projects_controller.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index e04cbf10470..5f335de4d6b 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -29,6 +29,7 @@ class ProjectsController < Projects::ApplicationController
 
   # Authorize
   before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export]
+  before_action :authorize_archive_project!, only: [:archive, :unarchive]
   before_action :event_filter, only: [:show, :activity]
 
   layout :determine_layout
@@ -164,8 +165,6 @@ class ProjectsController < Projects::ApplicationController
   end
 
   def archive
-    return access_denied! unless can?(current_user, :archive_project, @project)
-
     ::Projects::UpdateService.new(@project, current_user, archived: true).execute
 
     respond_to do |format|
@@ -174,8 +173,6 @@ class ProjectsController < Projects::ApplicationController
   end
 
   def unarchive
-    return access_denied! unless can?(current_user, :archive_project, @project)
-
     ::Projects::UpdateService.new(@project, current_user, archived: false).execute
 
     respond_to do |format|
-- 
cgit v1.2.1


From 45c5144e36e73c80e34282dda7b7c1c32a1fc0ea Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Mon, 19 Aug 2019 16:29:53 +0200
Subject: Add active_jobs_limit to plans table

This is a port from EE changes where
we introduce a new limit for Plan model.

https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/1182
---
 app/models/ci/pipeline.rb                  | 1 +
 app/services/ci/create_pipeline_service.rb | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb
index 0a943a33bbb..64e372878e6 100644
--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -203,6 +203,7 @@ module Ci
     scope :for_sha, -> (sha) { where(sha: sha) }
     scope :for_source_sha, -> (source_sha) { where(source_sha: source_sha) }
     scope :for_sha_or_source_sha, -> (sha) { for_sha(sha).or(for_source_sha(sha)) }
+    scope :created_after, -> (time) { where('ci_pipelines.created_at > ?', time) }
 
     scope :triggered_by_merge_request, -> (merge_request) do
       where(source: :merge_request_event, merge_request: merge_request)
diff --git a/app/services/ci/create_pipeline_service.rb b/app/services/ci/create_pipeline_service.rb
index cdcc4b15bea..29317f1176e 100644
--- a/app/services/ci/create_pipeline_service.rb
+++ b/app/services/ci/create_pipeline_service.rb
@@ -15,7 +15,8 @@ module Ci
                 Gitlab::Ci::Pipeline::Chain::Limit::Size,
                 Gitlab::Ci::Pipeline::Chain::Populate,
                 Gitlab::Ci::Pipeline::Chain::Create,
-                Gitlab::Ci::Pipeline::Chain::Limit::Activity].freeze
+                Gitlab::Ci::Pipeline::Chain::Limit::Activity,
+                Gitlab::Ci::Pipeline::Chain::Limit::JobActivity].freeze
 
     def execute(source, ignore_skip_ci: false, save_on_errors: true, trigger_request: nil, schedule: nil, merge_request: nil, **options, &block)
       @pipeline = Ci::Pipeline.new
-- 
cgit v1.2.1


From b6ea6d7f9b8dd5f27060a8f699542a6f7d86b2a9 Mon Sep 17 00:00:00 2001
From: Miguel Rincon <mrincon@gitlab.com>
Date: Wed, 21 Aug 2019 08:06:05 +0000
Subject: CE Port: Use EE panel type to display alert menu correctly in
 dashboards

---
 app/assets/javascripts/monitoring/components/dashboard.vue | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/monitoring/components/dashboard.vue b/app/assets/javascripts/monitoring/components/dashboard.vue
index c414c26ca61..ebd610af7b6 100644
--- a/app/assets/javascripts/monitoring/components/dashboard.vue
+++ b/app/assets/javascripts/monitoring/components/dashboard.vue
@@ -14,9 +14,9 @@ import { __, s__ } from '~/locale';
 import Icon from '~/vue_shared/components/icon.vue';
 import { getParameterValues, mergeUrlParams } from '~/lib/utils/url_utility';
 import invalidUrl from '~/lib/utils/invalid_url';
+import PanelType from 'ee_else_ce/monitoring/components/panel_type.vue';
 import MonitorAreaChart from './charts/area.vue';
 import MonitorSingleStatChart from './charts/single_stat.vue';
-import PanelType from './panel_type.vue';
 import GraphGroup from './graph_group.vue';
 import EmptyState from './empty_state.vue';
 import { sidebarAnimationDuration, timeWindows } from '../constants';
@@ -141,6 +141,16 @@ export default {
       required: false,
       default: false,
     },
+    alertsEndpoint: {
+      type: String,
+      required: false,
+      default: null,
+    },
+    prometheusAlertsAvailable: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
   },
   data() {
     return {
@@ -449,6 +459,8 @@ export default {
             :clipboard-text="generateLink(groupData.group, graphData.title, graphData.y_label)"
             :graph-data="graphData"
             :dashboard-width="elWidth"
+            :alerts-endpoint="alertsEndpoint"
+            :prometheus-alerts-available="prometheusAlertsAvailable"
             :index="`${index}-${graphIndex}`"
           />
         </template>
-- 
cgit v1.2.1


From a28c77f2adcb1a355a7497bd3a46d86a4c5d4d05 Mon Sep 17 00:00:00 2001
From: Winnie Hellmann <winnie@gitlab.com>
Date: Wed, 21 Aug 2019 08:06:50 +0000
Subject: Throw error for multiple RecaptchaModal instances

---
 app/assets/javascripts/vue_shared/components/recaptcha_modal.vue | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_shared/components/recaptcha_modal.vue b/app/assets/javascripts/vue_shared/components/recaptcha_modal.vue
index df19906309c..f0aae20477b 100644
--- a/app/assets/javascripts/vue_shared/components/recaptcha_modal.vue
+++ b/app/assets/javascripts/vue_shared/components/recaptcha_modal.vue
@@ -30,9 +30,16 @@ export default {
   },
 
   mounted() {
+    if (window.recaptchaDialogCallback) {
+      throw new Error('recaptchaDialogCallback is already defined!');
+    }
     window.recaptchaDialogCallback = this.submit.bind(this);
   },
 
+  beforeDestroy() {
+    window.recaptchaDialogCallback = null;
+  },
+
   methods: {
     appendRecaptchaScript() {
       this.removeRecaptchaScript();
-- 
cgit v1.2.1


From 261f4fe7accfb0cad82feed4f74a26e9ccebcbe3 Mon Sep 17 00:00:00 2001
From: Samantha Ming <sming@gitlab.com>
Date: Wed, 21 Aug 2019 08:23:22 +0000
Subject: Fix to show renamed file in mr

---
 app/assets/javascripts/diffs/components/diff_file_header.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/diffs/components/diff_file_header.vue b/app/assets/javascripts/diffs/components/diff_file_header.vue
index 32fbeaaa905..69ec6ab8600 100644
--- a/app/assets/javascripts/diffs/components/diff_file_header.vue
+++ b/app/assets/javascripts/diffs/components/diff_file_header.vue
@@ -130,7 +130,7 @@ export default {
       return `\`${this.diffFile.file_path}\``;
     },
     isFileRenamed() {
-      return this.diffFile.viewer.name === diffViewerModes.renamed;
+      return this.diffFile.renamed_file;
     },
     isModeChanged() {
       return this.diffFile.viewer.name === diffViewerModes.mode_changed;
-- 
cgit v1.2.1


From 8bcc47ac02e69eb4564238b454ca8286a4126765 Mon Sep 17 00:00:00 2001
From: George Koltsov <koltsov.george@gmail.com>
Date: Wed, 21 Aug 2019 10:13:45 +0000
Subject: Add SortingPreference concern

Sorting preference functionality has been extracted
from `IssuableCollections` to a new `SortingPreference`
concern in order to reuse this functionality in projects
(and groups in the future).
---
 app/controllers/concerns/issuable_collections.rb   | 56 +-------------
 .../concerns/issuable_collections_action.rb        |  2 +-
 app/controllers/concerns/sorting_preference.rb     | 85 ++++++++++++++++++++++
 app/controllers/dashboard/projects_controller.rb   | 22 ++++--
 app/controllers/explore/projects_controller.rb     | 19 ++++-
 app/controllers/projects/issues_controller.rb      |  2 +-
 .../projects/merge_requests_controller.rb          |  2 +-
 app/models/project.rb                              |  2 +
 8 files changed, 125 insertions(+), 65 deletions(-)
 create mode 100644 app/controllers/concerns/sorting_preference.rb

(limited to 'app')

diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb
index 3489ea78b77..8ea77b994de 100644
--- a/app/controllers/concerns/issuable_collections.rb
+++ b/app/controllers/concerns/issuable_collections.rb
@@ -2,8 +2,8 @@
 
 module IssuableCollections
   extend ActiveSupport::Concern
-  include CookiesHelper
   include SortingHelper
+  include SortingPreference
   include Gitlab::IssuableMetadata
   include Gitlab::Utils::StrongMemoize
 
@@ -127,47 +127,8 @@ module IssuableCollections
     'opened'
   end
 
-  def set_sort_order
-    set_sort_order_from_user_preference || set_sort_order_from_cookie || default_sort_order
-  end
-
-  def set_sort_order_from_user_preference
-    return unless current_user
-    return unless issuable_sorting_field
-
-    user_preference = current_user.user_preference
-
-    sort_param = params[:sort]
-    sort_param ||= user_preference[issuable_sorting_field]
-
-    return sort_param if Gitlab::Database.read_only?
-
-    if user_preference[issuable_sorting_field] != sort_param
-      user_preference.update(issuable_sorting_field => sort_param)
-    end
-
-    sort_param
-  end
-
-  # Implement issuable_sorting_field method on controllers
-  # to choose which column to store the sorting parameter.
-  def issuable_sorting_field
-    nil
-  end
-
-  def set_sort_order_from_cookie
-    sort_param = params[:sort] if params[:sort].present?
-    # fallback to legacy cookie value for backward compatibility
-    sort_param ||= cookies['issuable_sort']
-    sort_param ||= cookies[remember_sorting_key]
-
-    sort_value = update_cookie_value(sort_param)
-    set_secure_cookie(remember_sorting_key, sort_value)
-    sort_value
-  end
-
-  def remember_sorting_key
-    @remember_sorting_key ||= "#{collection_type.downcase}_sort"
+  def legacy_sort_cookie_name
+    'issuable_sort'
   end
 
   def default_sort_order
@@ -178,17 +139,6 @@ module IssuableCollections
     end
   end
 
-  # Update old values to the actual ones.
-  def update_cookie_value(value)
-    case value
-    when 'id_asc'             then sort_value_oldest_created
-    when 'id_desc'            then sort_value_recently_created
-    when 'downvotes_asc'      then sort_value_popularity
-    when 'downvotes_desc'     then sort_value_popularity
-    else value
-    end
-  end
-
   def finder
     @finder ||= issuable_finder_for(finder_type)
   end
diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb
index 4ad287c4a13..0a6f684a9fc 100644
--- a/app/controllers/concerns/issuable_collections_action.rb
+++ b/app/controllers/concerns/issuable_collections_action.rb
@@ -32,7 +32,7 @@ module IssuableCollectionsAction
 
   private
 
-  def issuable_sorting_field
+  def sorting_field
     case action_name
     when 'issues'
       Issue::SORTING_PREFERENCE_FIELD
diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb
new file mode 100644
index 00000000000..a51b68147d5
--- /dev/null
+++ b/app/controllers/concerns/sorting_preference.rb
@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module SortingPreference
+  include SortingHelper
+  include CookiesHelper
+
+  def set_sort_order
+    set_sort_order_from_user_preference || set_sort_order_from_cookie || params[:sort] || default_sort_order
+  end
+
+  # Implement sorting_field method on controllers
+  # to choose which column to store the sorting parameter.
+  def sorting_field
+    nil
+  end
+
+  # Implement default_sort_order method on controllers
+  # to choose which default sort should be applied if
+  # sort param is not provided.
+  def default_sort_order
+    nil
+  end
+
+  # Implement legacy_sort_cookie_name method on controllers
+  # to set sort from cookie for backwards compatibility.
+  def legacy_sort_cookie_name
+    nil
+  end
+
+  private
+
+  def set_sort_order_from_user_preference
+    return unless current_user
+    return unless sorting_field
+
+    user_preference = current_user.user_preference
+
+    sort_param = params[:sort]
+    sort_param ||= user_preference[sorting_field]
+
+    return sort_param if Gitlab::Database.read_only?
+
+    if user_preference[sorting_field] != sort_param
+      user_preference.update(sorting_field => sort_param)
+    end
+
+    sort_param
+  end
+
+  def set_sort_order_from_cookie
+    return unless legacy_sort_cookie_name
+
+    sort_param = params[:sort] if params[:sort].present?
+    # fallback to legacy cookie value for backward compatibility
+    sort_param ||= cookies[legacy_sort_cookie_name]
+    sort_param ||= cookies[remember_sorting_key]
+
+    sort_value = update_cookie_value(sort_param)
+    set_secure_cookie(remember_sorting_key, sort_value)
+    sort_value
+  end
+
+  # Convert sorting_field to legacy cookie name for backwards compatibility
+  # :merge_requests_sort => 'mergerequest_sort'
+  # :issues_sort => 'issue_sort'
+  def remember_sorting_key
+    @remember_sorting_key ||= sorting_field
+      .to_s
+      .split('_')[0..-2]
+      .map(&:singularize)
+      .join('')
+      .concat('_sort')
+  end
+
+  # Update old values to the actual ones.
+  def update_cookie_value(value)
+    case value
+    when 'id_asc'             then sort_value_oldest_created
+    when 'id_desc'            then sort_value_recently_created
+    when 'downvotes_asc'      then sort_value_popularity
+    when 'downvotes_desc'     then sort_value_popularity
+    else value
+    end
+  end
+end
diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb
index daeb8fda417..71f18694613 100644
--- a/app/controllers/dashboard/projects_controller.rb
+++ b/app/controllers/dashboard/projects_controller.rb
@@ -4,10 +4,12 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
   include ParamsBackwardCompatibility
   include RendersMemberAccess
   include OnboardingExperimentHelper
+  include SortingHelper
+  include SortingPreference
 
   prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) }
   before_action :set_non_archived_param
-  before_action :default_sorting
+  before_action :set_sorting
   before_action :projects, only: [:index]
   skip_cross_project_access_check :index, :starred
 
@@ -59,11 +61,6 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
     end
   end
 
-  def default_sorting
-    params[:sort] ||= 'latest_activity_desc'
-    @sort = params[:sort]
-  end
-
   # rubocop: disable CodeReuse/ActiveRecord
   def load_projects(finder_params)
     @total_user_projects_count = ProjectsFinder.new(params: { non_public: true }, current_user: current_user).execute
@@ -88,4 +85,17 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
 
     Events::RenderService.new(current_user).execute(@events, atom_request: request.format.atom?)
   end
+
+  def set_sorting
+    params[:sort] = set_sort_order
+    @sort = params[:sort]
+  end
+
+  def default_sort_order
+    sort_value_latest_activity
+  end
+
+  def sorting_field
+    Project::SORTING_PREFERENCE_FIELD
+  end
 end
diff --git a/app/controllers/explore/projects_controller.rb b/app/controllers/explore/projects_controller.rb
index ef86d5f981a..271f2b4b57d 100644
--- a/app/controllers/explore/projects_controller.rb
+++ b/app/controllers/explore/projects_controller.rb
@@ -3,12 +3,13 @@
 class Explore::ProjectsController < Explore::ApplicationController
   include ParamsBackwardCompatibility
   include RendersMemberAccess
+  include SortingHelper
+  include SortingPreference
 
   before_action :set_non_archived_param
+  before_action :set_sorting
 
   def index
-    params[:sort] ||= 'latest_activity_desc'
-    @sort = params[:sort]
     @projects = load_projects
 
     respond_to do |format|
@@ -23,7 +24,6 @@ class Explore::ProjectsController < Explore::ApplicationController
 
   def trending
     params[:trending] = true
-    @sort = params[:sort]
     @projects = load_projects
 
     respond_to do |format|
@@ -67,4 +67,17 @@ class Explore::ProjectsController < Explore::ApplicationController
     prepare_projects_for_rendering(projects)
   end
   # rubocop: enable CodeReuse/ActiveRecord
+
+  def set_sorting
+    params[:sort] = set_sort_order
+    @sort = params[:sort]
+  end
+
+  def default_sort_order
+    sort_value_latest_activity
+  end
+
+  def sorting_field
+    Project::SORTING_PREFERENCE_FIELD
+  end
 end
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index bc9166b9df3..b7fd286bfe0 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -190,7 +190,7 @@ class Projects::IssuesController < Projects::ApplicationController
 
   protected
 
-  def issuable_sorting_field
+  def sorting_field
     Issue::SORTING_PREFERENCE_FIELD
   end
 
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index f4d381244d9..f4cc0a5851b 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -219,7 +219,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   alias_method :issuable, :merge_request
   alias_method :awardable, :merge_request
 
-  def issuable_sorting_field
+  def sorting_field
     MergeRequest::SORTING_PREFERENCE_FIELD
   end
 
diff --git a/app/models/project.rb b/app/models/project.rb
index 8efe4b06f87..10679fb1f85 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -55,6 +55,8 @@ class Project < ApplicationRecord
   VALID_MIRROR_PORTS = [22, 80, 443].freeze
   VALID_MIRROR_PROTOCOLS = %w(http https ssh git).freeze
 
+  SORTING_PREFERENCE_FIELD = :projects_sort
+
   cache_markdown_field :description, pipeline: :description
 
   delegate :feature_available?, :builds_enabled?, :wiki_enabled?,
-- 
cgit v1.2.1


From 5012c622405e63655256735d266168450ad1d159 Mon Sep 17 00:00:00 2001
From: Sebastian Arcila Valenzuela <sarcila@gitlab.com>
Date: Mon, 12 Aug 2019 15:41:05 +0200
Subject: Add User#will_save_change_to_login? to clear reset_password_tokens

Devise checks before updating any of the authentication_keys if it
needs to clear the reset_password_tokens.

This should fix:
https://gitlab.com/gitlab-org/gitlab-ce/issues/42733 (Weak
authentication and session management)
---
 app/models/user.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'app')

diff --git a/app/models/user.rb b/app/models/user.rb
index 6131a8dc710..909f5f3873d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -643,6 +643,13 @@ class User < ApplicationRecord
     end
   end
 
+  # will_save_change_to_attribute? is used by Devise to check if it is necessary
+  # to clear any existing reset_password_tokens before updating an authentication_key
+  # and login in our case is a virtual attribute to allow login by username or email.
+  def will_save_change_to_login?
+    will_save_change_to_username? || will_save_change_to_email?
+  end
+
   def unique_email
     if !emails.exists?(email: email) && Email.exists?(email: email)
       errors.add(:email, _('has already been taken'))
-- 
cgit v1.2.1


From f2619e21bebe388182ec282bfec78da2b2625d49 Mon Sep 17 00:00:00 2001
From: Miguel Rincon <mrincon@gitlab.com>
Date: Wed, 21 Aug 2019 13:43:01 +0000
Subject: This commit adds a new time series component

Adds a time series component for line and area charts.
Displays new charts in the dashboard.

- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels
---
 .../monitoring/components/charts/area.vue          |   3 +
 .../monitoring/components/charts/time_series.vue   | 334 +++++++++++++++++++++
 .../monitoring/components/dashboard.vue            |  10 +-
 app/assets/javascripts/monitoring/constants.js     |   9 +
 4 files changed, 351 insertions(+), 5 deletions(-)
 create mode 100644 app/assets/javascripts/monitoring/components/charts/time_series.vue

(limited to 'app')

diff --git a/app/assets/javascripts/monitoring/components/charts/area.vue b/app/assets/javascripts/monitoring/components/charts/area.vue
index 90c764587a3..78d97a3c122 100644
--- a/app/assets/javascripts/monitoring/components/charts/area.vue
+++ b/app/assets/javascripts/monitoring/components/charts/area.vue
@@ -12,6 +12,9 @@ import { graphDataValidatorForValues } from '../../utils';
 
 let debouncedResize;
 
+// TODO: Remove this component in favor of the more general time_series.vue
+// Please port all changes here to time_series.vue as well.
+
 export default {
   components: {
     GlAreaChart,
diff --git a/app/assets/javascripts/monitoring/components/charts/time_series.vue b/app/assets/javascripts/monitoring/components/charts/time_series.vue
new file mode 100644
index 00000000000..2fdc75f63ca
--- /dev/null
+++ b/app/assets/javascripts/monitoring/components/charts/time_series.vue
@@ -0,0 +1,334 @@
+<script>
+import { __ } from '~/locale';
+import { mapState } from 'vuex';
+import { GlLink, GlButton } from '@gitlab/ui';
+import { GlAreaChart, GlLineChart, GlChartSeriesLabel } from '@gitlab/ui/dist/charts';
+import dateFormat from 'dateformat';
+import { debounceByAnimationFrame, roundOffFloat } from '~/lib/utils/common_utils';
+import { getSvgIconPathContent } from '~/lib/utils/icon_utils';
+import Icon from '~/vue_shared/components/icon.vue';
+import { chartHeight, graphTypes, lineTypes, symbolSizes, dateFormats } from '../../constants';
+import { makeDataSeries } from '~/helpers/monitor_helper';
+import { graphDataValidatorForValues } from '../../utils';
+
+let debouncedResize;
+
+export default {
+  components: {
+    GlAreaChart,
+    GlLineChart,
+    GlButton,
+    GlChartSeriesLabel,
+    GlLink,
+    Icon,
+  },
+  inheritAttrs: false,
+  props: {
+    graphData: {
+      type: Object,
+      required: true,
+      validator: graphDataValidatorForValues.bind(null, false),
+    },
+    containerWidth: {
+      type: Number,
+      required: true,
+    },
+    deploymentData: {
+      type: Array,
+      required: false,
+      default: () => [],
+    },
+    projectPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    showBorder: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
+    thresholds: {
+      type: Array,
+      required: false,
+      default: () => [],
+    },
+  },
+  data() {
+    return {
+      tooltip: {
+        title: '',
+        content: [],
+        commitUrl: '',
+        isDeployment: false,
+        sha: '',
+      },
+      width: 0,
+      height: chartHeight,
+      svgs: {},
+      primaryColor: null,
+    };
+  },
+  computed: {
+    ...mapState('monitoringDashboard', ['exportMetricsToCsvEnabled']),
+    chartData() {
+      // Transforms & supplements query data to render appropriate labels & styles
+      // Input: [{ queryAttributes1 }, { queryAttributes2 }]
+      // Output: [{ seriesAttributes1 }, { seriesAttributes2 }]
+      return this.graphData.queries.reduce((acc, query) => {
+        const { appearance } = query;
+        const lineType =
+          appearance && appearance.line && appearance.line.type
+            ? appearance.line.type
+            : lineTypes.default;
+        const lineWidth =
+          appearance && appearance.line && appearance.line.width
+            ? appearance.line.width
+            : undefined;
+        const areaStyle = {
+          opacity:
+            appearance && appearance.area && typeof appearance.area.opacity === 'number'
+              ? appearance.area.opacity
+              : undefined,
+        };
+
+        const series = makeDataSeries(query.result, {
+          name: this.formatLegendLabel(query),
+          lineStyle: {
+            type: lineType,
+            width: lineWidth,
+          },
+          showSymbol: false,
+          areaStyle: this.graphData.type === 'area-chart' ? areaStyle : undefined,
+        });
+
+        return acc.concat(series);
+      }, []);
+    },
+    chartOptions() {
+      return {
+        xAxis: {
+          name: __('Time'),
+          type: 'time',
+          axisLabel: {
+            formatter: date => dateFormat(date, dateFormats.timeOfDay),
+          },
+          axisPointer: {
+            snap: true,
+          },
+        },
+        yAxis: {
+          name: this.yAxisLabel,
+          axisLabel: {
+            formatter: num => roundOffFloat(num, 3).toString(),
+          },
+        },
+        series: this.scatterSeries,
+        dataZoom: this.dataZoomConfig,
+      };
+    },
+    dataZoomConfig() {
+      const handleIcon = this.svgs['scroll-handle'];
+
+      return handleIcon ? { handleIcon } : {};
+    },
+    earliestDatapoint() {
+      return this.chartData.reduce((acc, series) => {
+        const { data } = series;
+        const { length } = data;
+        if (!length) {
+          return acc;
+        }
+
+        const [first] = data[0];
+        const [last] = data[length - 1];
+        const seriesEarliest = first < last ? first : last;
+
+        return seriesEarliest < acc || acc === null ? seriesEarliest : acc;
+      }, null);
+    },
+    glChartComponent() {
+      const chartTypes = {
+        'area-chart': GlAreaChart,
+        'line-chart': GlLineChart,
+      };
+      return chartTypes[this.graphData.type] || GlAreaChart;
+    },
+    isMultiSeries() {
+      return this.tooltip.content.length > 1;
+    },
+    recentDeployments() {
+      return this.deploymentData.reduce((acc, deployment) => {
+        if (deployment.created_at >= this.earliestDatapoint) {
+          const { id, created_at, sha, ref, tag } = deployment;
+          acc.push({
+            id,
+            createdAt: created_at,
+            sha,
+            commitUrl: `${this.projectPath}/commit/${sha}`,
+            tag,
+            tagUrl: tag ? `${this.tagsPath}/${ref.name}` : null,
+            ref: ref.name,
+            showDeploymentFlag: false,
+          });
+        }
+
+        return acc;
+      }, []);
+    },
+    scatterSeries() {
+      return {
+        type: graphTypes.deploymentData,
+        data: this.recentDeployments.map(deployment => [deployment.createdAt, 0]),
+        symbol: this.svgs.rocket,
+        symbolSize: symbolSizes.default,
+        itemStyle: {
+          color: this.primaryColor,
+        },
+      };
+    },
+    yAxisLabel() {
+      return `${this.graphData.y_label}`;
+    },
+    csvText() {
+      const chartData = this.chartData[0].data;
+      const header = `timestamp,${this.graphData.y_label}\r\n`; // eslint-disable-line @gitlab/i18n/no-non-i18n-strings
+      return chartData.reduce((csv, data) => {
+        const row = data.join(',');
+        return `${csv}${row}\r\n`;
+      }, header);
+    },
+    downloadLink() {
+      const data = new Blob([this.csvText], { type: 'text/plain' });
+      return window.URL.createObjectURL(data);
+    },
+  },
+  watch: {
+    containerWidth: 'onResize',
+  },
+  beforeDestroy() {
+    window.removeEventListener('resize', debouncedResize);
+  },
+  created() {
+    debouncedResize = debounceByAnimationFrame(this.onResize);
+    window.addEventListener('resize', debouncedResize);
+    this.setSvg('rocket');
+    this.setSvg('scroll-handle');
+  },
+  methods: {
+    formatLegendLabel(query) {
+      return `${query.label}`;
+    },
+    formatTooltipText(params) {
+      this.tooltip.title = dateFormat(params.value, dateFormats.default);
+      this.tooltip.content = [];
+      params.seriesData.forEach(dataPoint => {
+        const [xVal, yVal] = dataPoint.value;
+        this.tooltip.isDeployment = dataPoint.componentSubType === graphTypes.deploymentData;
+        if (this.tooltip.isDeployment) {
+          const [deploy] = this.recentDeployments.filter(
+            deployment => deployment.createdAt === xVal,
+          );
+          this.tooltip.sha = deploy.sha.substring(0, 8);
+          this.tooltip.commitUrl = deploy.commitUrl;
+        } else {
+          const { seriesName, color } = dataPoint;
+          const value = yVal.toFixed(3);
+          this.tooltip.content.push({
+            name: seriesName,
+            value,
+            color,
+          });
+        }
+      });
+    },
+    setSvg(name) {
+      getSvgIconPathContent(name)
+        .then(path => {
+          if (path) {
+            this.$set(this.svgs, name, `path://${path}`);
+          }
+        })
+        .catch(e => {
+          // eslint-disable-next-line no-console, @gitlab/i18n/no-non-i18n-strings
+          console.error('SVG could not be rendered correctly: ', e);
+        });
+    },
+    onChartUpdated(chart) {
+      [this.primaryColor] = chart.getOption().color;
+    },
+    onResize() {
+      if (!this.$refs.chart) return;
+      const { width } = this.$refs.chart.$el.getBoundingClientRect();
+      this.width = width;
+    },
+  },
+};
+</script>
+
+<template>
+  <div class="prometheus-graph col-12 col-lg-6" :class="[showBorder ? 'p-2' : 'p-0']">
+    <div :class="{ 'prometheus-graph-embed w-100 p-3': showBorder }">
+      <div class="prometheus-graph-header">
+        <h5 class="prometheus-graph-title js-graph-title">{{ graphData.title }}</h5>
+        <gl-button
+          v-if="exportMetricsToCsvEnabled"
+          :href="downloadLink"
+          :title="__('Download CSV')"
+          :aria-label="__('Download CSV')"
+          style="margin-left: 200px;"
+          download="chart_metrics.csv"
+        >
+          {{ __('Download CSV') }}
+        </gl-button>
+        <div class="prometheus-graph-widgets js-graph-widgets">
+          <slot></slot>
+        </div>
+      </div>
+
+      <component
+        :is="glChartComponent"
+        ref="chart"
+        v-bind="$attrs"
+        :data="chartData"
+        :option="chartOptions"
+        :format-tooltip-text="formatTooltipText"
+        :thresholds="thresholds"
+        :width="width"
+        :height="height"
+        @updated="onChartUpdated"
+      >
+        <template v-if="tooltip.isDeployment">
+          <template slot="tooltipTitle">
+            {{ __('Deployed') }}
+          </template>
+          <div slot="tooltipContent" class="d-flex align-items-center">
+            <icon name="commit" class="mr-2" />
+            <gl-link :href="tooltip.commitUrl">{{ tooltip.sha }}</gl-link>
+          </div>
+        </template>
+        <template v-else>
+          <template slot="tooltipTitle">
+            <div class="text-nowrap">
+              {{ tooltip.title }}
+            </div>
+          </template>
+          <template slot="tooltipContent">
+            <div
+              v-for="(content, key) in tooltip.content"
+              :key="key"
+              class="d-flex justify-content-between"
+            >
+              <gl-chart-series-label :color="isMultiSeries ? content.color : ''">
+                {{ content.name }}
+              </gl-chart-series-label>
+              <div class="prepend-left-32">
+                {{ content.value }}
+              </div>
+            </div>
+          </template>
+        </template>
+      </component>
+    </div>
+  </div>
+</template>
diff --git a/app/assets/javascripts/monitoring/components/dashboard.vue b/app/assets/javascripts/monitoring/components/dashboard.vue
index ebd610af7b6..d330ceb836c 100644
--- a/app/assets/javascripts/monitoring/components/dashboard.vue
+++ b/app/assets/javascripts/monitoring/components/dashboard.vue
@@ -15,7 +15,7 @@ import Icon from '~/vue_shared/components/icon.vue';
 import { getParameterValues, mergeUrlParams } from '~/lib/utils/url_utility';
 import invalidUrl from '~/lib/utils/invalid_url';
 import PanelType from 'ee_else_ce/monitoring/components/panel_type.vue';
-import MonitorAreaChart from './charts/area.vue';
+import MonitorTimeSeriesChart from './charts/time_series.vue';
 import MonitorSingleStatChart from './charts/single_stat.vue';
 import GraphGroup from './graph_group.vue';
 import EmptyState from './empty_state.vue';
@@ -26,7 +26,7 @@ let sidebarMutationObserver;
 
 export default {
   components: {
-    MonitorAreaChart,
+    MonitorTimeSeriesChart,
     MonitorSingleStatChart,
     PanelType,
     GraphGroup,
@@ -465,7 +465,7 @@ export default {
           />
         </template>
         <template v-else>
-          <monitor-area-chart
+          <monitor-time-series-chart
             v-for="(graphData, graphIndex) in chartsWithData(groupData.metrics)"
             :key="graphIndex"
             :graph-data="graphData"
@@ -473,7 +473,7 @@ export default {
             :thresholds="getGraphAlertValues(graphData.queries)"
             :container-width="elWidth"
             :project-path="projectPath"
-            group-id="monitor-area-chart"
+            group-id="monitor-time-series-chart"
           >
             <div class="d-flex align-items-center">
               <alert-widget
@@ -515,7 +515,7 @@ export default {
                 </gl-dropdown-item>
               </gl-dropdown>
             </div>
-          </monitor-area-chart>
+          </monitor-time-series-chart>
         </template>
       </graph-group>
     </div>
diff --git a/app/assets/javascripts/monitoring/constants.js b/app/assets/javascripts/monitoring/constants.js
index d7d89522732..13aba3d9f44 100644
--- a/app/assets/javascripts/monitoring/constants.js
+++ b/app/assets/javascripts/monitoring/constants.js
@@ -8,6 +8,10 @@ export const graphTypes = {
   deploymentData: 'scatter',
 };
 
+export const symbolSizes = {
+  default: 14,
+};
+
 export const lineTypes = {
   default: 'solid',
 };
@@ -21,6 +25,11 @@ export const timeWindows = {
   oneWeek: __('1 week'),
 };
 
+export const dateFormats = {
+  timeOfDay: 'h:MM TT',
+  default: 'dd mmm yyyy, h:MMTT',
+};
+
 export const secondsIn = {
   thirtyMinutes: 60 * 30,
   threeHours: 60 * 60 * 3,
-- 
cgit v1.2.1


From 9cbb1b10935ce036316279ff056e817f215c9baa Mon Sep 17 00:00:00 2001
From: Miguel Rincon <mrincon@gitlab.com>
Date: Fri, 16 Aug 2019 17:30:05 -0500
Subject: Replace the area with time series where used

- Replace in panel_type.vue
- Replace in embed.vue
- Port changes to support embed in 2 cols in large screens
- Update specs
---
 .../javascripts/monitoring/components/charts/time_series.vue   | 10 +++++++++-
 app/assets/javascripts/monitoring/components/embed.vue         |  6 +++---
 app/assets/javascripts/monitoring/components/panel_type.vue    |  8 ++++----
 3 files changed, 16 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/monitoring/components/charts/time_series.vue b/app/assets/javascripts/monitoring/components/charts/time_series.vue
index 2fdc75f63ca..02e7a7ba0a6 100644
--- a/app/assets/javascripts/monitoring/components/charts/time_series.vue
+++ b/app/assets/javascripts/monitoring/components/charts/time_series.vue
@@ -48,6 +48,11 @@ export default {
       required: false,
       default: false,
     },
+    singleEmbed: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
     thresholds: {
       type: Array,
       required: false,
@@ -267,7 +272,10 @@ export default {
 </script>
 
 <template>
-  <div class="prometheus-graph col-12 col-lg-6" :class="[showBorder ? 'p-2' : 'p-0']">
+  <div
+    class="prometheus-graph col-12"
+    :class="[showBorder ? 'p-2' : 'p-0', { 'col-lg-6': !singleEmbed }]"
+  >
     <div :class="{ 'prometheus-graph-embed w-100 p-3': showBorder }">
       <div class="prometheus-graph-header">
         <h5 class="prometheus-graph-title js-graph-title">{{ graphData.title }}</h5>
diff --git a/app/assets/javascripts/monitoring/components/embed.vue b/app/assets/javascripts/monitoring/components/embed.vue
index e3256147618..b516a82c170 100644
--- a/app/assets/javascripts/monitoring/components/embed.vue
+++ b/app/assets/javascripts/monitoring/components/embed.vue
@@ -2,7 +2,7 @@
 import { mapActions, mapState } from 'vuex';
 import { getParameterValues, removeParams } from '~/lib/utils/url_utility';
 import GraphGroup from './graph_group.vue';
-import MonitorAreaChart from './charts/area.vue';
+import MonitorTimeSeriesChart from './charts/time_series.vue';
 import { sidebarAnimationDuration } from '../constants';
 import { getTimeDiff } from '../utils';
 
@@ -11,7 +11,7 @@ let sidebarMutationObserver;
 export default {
   components: {
     GraphGroup,
-    MonitorAreaChart,
+    MonitorTimeSeriesChart,
   },
   props: {
     dashboardUrl: {
@@ -92,7 +92,7 @@ export default {
 <template>
   <div class="metrics-embed" :class="{ 'd-inline-flex col-lg-6 p-0': isSingleChart }">
     <div v-if="charts.length" class="row w-100 m-n2 pb-4">
-      <monitor-area-chart
+      <monitor-time-series-chart
         v-for="graphData in charts"
         :key="graphData.title"
         :graph-data="graphData"
diff --git a/app/assets/javascripts/monitoring/components/panel_type.vue b/app/assets/javascripts/monitoring/components/panel_type.vue
index 96f62bc85ee..73ff651d510 100644
--- a/app/assets/javascripts/monitoring/components/panel_type.vue
+++ b/app/assets/javascripts/monitoring/components/panel_type.vue
@@ -10,14 +10,14 @@ import {
   GlTooltipDirective,
 } from '@gitlab/ui';
 import Icon from '~/vue_shared/components/icon.vue';
-import MonitorAreaChart from './charts/area.vue';
+import MonitorTimeSeriesChart from './charts/time_series.vue';
 import MonitorSingleStatChart from './charts/single_stat.vue';
 import MonitorEmptyChart from './charts/empty_chart.vue';
 
 export default {
   components: {
-    MonitorAreaChart,
     MonitorSingleStatChart,
+    MonitorTimeSeriesChart,
     MonitorEmptyChart,
     Icon,
     GlDropdown,
@@ -92,7 +92,7 @@ export default {
     v-if="isPanelType('single-stat') && graphDataHasMetrics"
     :graph-data="graphData"
   />
-  <monitor-area-chart
+  <monitor-time-series-chart
     v-else-if="graphDataHasMetrics"
     :graph-data="graphData"
     :deployment-data="deploymentData"
@@ -136,6 +136,6 @@ export default {
         </gl-dropdown-item>
       </gl-dropdown>
     </div>
-  </monitor-area-chart>
+  </monitor-time-series-chart>
   <monitor-empty-chart v-else :graph-title="graphData.title" />
 </template>
-- 
cgit v1.2.1


From b7e6c898c7449eb48744b7312dbfa6baa92a00d6 Mon Sep 17 00:00:00 2001
From: Ezekiel Kigbo <ekigbo@gitlab.com>
Date: Wed, 21 Aug 2019 14:47:04 +0000
Subject: Resolve "HTML code shown in merge request"

- Fixes double escaped text in `mr_widget_rebase.vue`
---
 .../vue_merge_request_widget/components/states/mr_widget_rebase.vue      | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue
index c7b064b8506..339e154affc 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue
@@ -50,6 +50,7 @@ export default {
           startTag: '<span class="label-branch">',
           endTag: '</span>',
         },
+        false,
       );
     },
   },
-- 
cgit v1.2.1


From 646913f4e2c141327bacaf8ee20279c120fdeedf Mon Sep 17 00:00:00 2001
From: Nick Kipling <nkipling@gitlab.com>
Date: Wed, 21 Aug 2019 18:55:42 +0000
Subject: Fixed tech debt of using custom component

Changed the container registry to use the empty state component
Removed the custom svg-component
---
 app/assets/javascripts/registry/components/app.vue | 101 +++++++++++----------
 .../registry/components/svg_message.vue            |  26 ------
 .../stylesheets/pages/container_registry.scss      |   4 -
 3 files changed, 52 insertions(+), 79 deletions(-)
 delete mode 100644 app/assets/javascripts/registry/components/svg_message.vue

(limited to 'app')

diff --git a/app/assets/javascripts/registry/components/app.vue b/app/assets/javascripts/registry/components/app.vue
index efbf0a4e3cf..346dc470a59 100644
--- a/app/assets/javascripts/registry/components/app.vue
+++ b/app/assets/javascripts/registry/components/app.vue
@@ -1,10 +1,9 @@
 <script>
 import { mapGetters, mapActions } from 'vuex';
-import { GlLoadingIcon } from '@gitlab/ui';
+import { GlLoadingIcon, GlEmptyState } from '@gitlab/ui';
 import store from '../stores';
 import clipboardButton from '../../vue_shared/components/clipboard_button.vue';
 import CollapsibleContainer from './collapsible_container.vue';
-import SvgMessage from './svg_message.vue';
 import { s__, sprintf } from '../../locale';
 
 export default {
@@ -12,8 +11,8 @@ export default {
   components: {
     clipboardButton,
     CollapsibleContainer,
+    GlEmptyState,
     GlLoadingIcon,
-    SvgMessage,
   },
   props: {
     endpoint: {
@@ -93,7 +92,9 @@ export default {
     this.setMainEndpoint(this.endpoint);
   },
   mounted() {
-    this.fetchRepos();
+    if (!this.characterError) {
+      this.fetchRepos();
+    }
   },
   methods: {
     ...mapActions(['setMainEndpoint', 'fetchRepos']),
@@ -102,61 +103,63 @@ export default {
 </script>
 <template>
   <div>
-    <svg-message v-if="characterError" id="invalid-characters" :svg-path="containersErrorImage">
-      <h4>
-        {{ s__('ContainerRegistry|Docker connection error') }}
-      </h4>
-      <p v-html="dockerConnectionErrorText"></p>
-    </svg-message>
+    <gl-empty-state
+      v-if="characterError"
+      :title="s__('ContainerRegistry|Docker connection error')"
+      :svg-path="containersErrorImage"
+    >
+      <template #description>
+        <p v-html="dockerConnectionErrorText"></p>
+      </template>
+    </gl-empty-state>
 
-    <gl-loading-icon v-else-if="isLoading && !characterError" size="md" class="prepend-top-16" />
+    <gl-loading-icon v-else-if="isLoading" size="md" class="prepend-top-16" />
 
-    <div v-else-if="!isLoading && !characterError && repos.length">
+    <div v-else-if="!isLoading && repos.length">
       <h4>{{ s__('ContainerRegistry|Container Registry') }}</h4>
       <p v-html="introText"></p>
       <collapsible-container v-for="item in repos" :key="item.id" :repo="item" />
     </div>
 
-    <svg-message
-      v-else-if="!isLoading && !characterError && !repos.length"
-      id="no-container-images"
+    <gl-empty-state
+      v-else
+      :title="s__('ContainerRegistry|There are no container images stored for this project')"
       :svg-path="noContainersImage"
+      class="container-message"
     >
-      <h4>
-        {{ s__('ContainerRegistry|There are no container images stored for this project') }}
-      </h4>
-      <p v-html="noContainerImagesText"></p>
-
-      <h5>{{ s__('ContainerRegistry|Quick Start') }}</h5>
-      <p>
-        {{
-          s__(
-            'ContainerRegistry|You can add an image to this registry with the following commands:',
-          )
-        }}
-      </p>
+      <template #description>
+        <p class="js-no-container-images-text" v-html="noContainerImagesText"></p>
+        <h5>{{ s__('ContainerRegistry|Quick Start') }}</h5>
+        <p>
+          {{
+            s__(
+              'ContainerRegistry|You can add an image to this registry with the following commands:',
+            )
+          }}
+        </p>
 
-      <div class="input-group append-bottom-10">
-        <input :value="dockerBuildCommand" type="text" class="form-control monospace" readonly />
-        <span class="input-group-append">
-          <clipboard-button
-            :text="dockerBuildCommand"
-            :title="s__('ContainerRegistry|Copy build command to clipboard')"
-            class="input-group-text"
-          />
-        </span>
-      </div>
+        <div class="input-group append-bottom-10">
+          <input :value="dockerBuildCommand" type="text" class="form-control monospace" readonly />
+          <span class="input-group-append">
+            <clipboard-button
+              :text="dockerBuildCommand"
+              :title="s__('ContainerRegistry|Copy build command to clipboard')"
+              class="input-group-text"
+            />
+          </span>
+        </div>
 
-      <div class="input-group">
-        <input :value="dockerPushCommand" type="text" class="form-control monospace" readonly />
-        <span class="input-group-append">
-          <clipboard-button
-            :text="dockerPushCommand"
-            :title="s__('ContainerRegistry|Copy push command to clipboard')"
-            class="input-group-text"
-          />
-        </span>
-      </div>
-    </svg-message>
+        <div class="input-group">
+          <input :value="dockerPushCommand" type="text" class="form-control monospace" readonly />
+          <span class="input-group-append">
+            <clipboard-button
+              :text="dockerPushCommand"
+              :title="s__('ContainerRegistry|Copy push command to clipboard')"
+              class="input-group-text"
+            />
+          </span>
+        </div>
+      </template>
+    </gl-empty-state>
   </div>
 </template>
diff --git a/app/assets/javascripts/registry/components/svg_message.vue b/app/assets/javascripts/registry/components/svg_message.vue
deleted file mode 100644
index 617093e054e..00000000000
--- a/app/assets/javascripts/registry/components/svg_message.vue
+++ /dev/null
@@ -1,26 +0,0 @@
-<script>
-export default {
-  name: 'RegistrySvgMessage',
-  props: {
-    id: {
-      type: String,
-      required: true,
-    },
-    svgPath: {
-      type: String,
-      required: true,
-    },
-  },
-};
-</script>
-
-<template>
-  <div :id="id" class="empty-state container-message">
-    <div class="svg-content">
-      <img :src="svgPath" class="flex-align-self-center" />
-    </div>
-    <div class="text-content">
-      <slot></slot>
-    </div>
-  </div>
-</template>
diff --git a/app/assets/stylesheets/pages/container_registry.scss b/app/assets/stylesheets/pages/container_registry.scss
index 0f4bdb219a3..b88bd78cf3d 100644
--- a/app/assets/stylesheets/pages/container_registry.scss
+++ b/app/assets/stylesheets/pages/container_registry.scss
@@ -3,10 +3,6 @@
  */
 
 .container-message {
-  pre {
-    white-space: pre-line;
-  }
-
   span .btn {
     margin: 0;
   }
-- 
cgit v1.2.1


From 293ef17e7352fa33ce70cae8233b5a415f326596 Mon Sep 17 00:00:00 2001
From: Donald Cook <dcook@gitlab.com>
Date: Wed, 21 Aug 2019 19:12:11 +0000
Subject: Backport: Issue sidebar tracking

Added snowplow event tracking to Edit buttons
---
 app/assets/javascripts/event_tracking/issue_sidebar.js      |  2 ++
 app/assets/javascripts/issue_show/index.js                  |  4 ++++
 .../sidebar/components/assignees/assignee_title.vue         | 13 ++++++++++++-
 .../components/confidential/confidential_issue_sidebar.vue  |  8 +++++++-
 .../sidebar/components/lock/lock_issue_sidebar.vue          |  7 ++++++-
 .../sidebar/components/subscriptions/subscriptions.vue      |  3 +++
 app/helpers/issuables_helper.rb                             |  6 +++++-
 app/views/shared/issuable/_sidebar.html.haml                |  8 ++++----
 8 files changed, 43 insertions(+), 8 deletions(-)
 create mode 100644 app/assets/javascripts/event_tracking/issue_sidebar.js

(limited to 'app')

diff --git a/app/assets/javascripts/event_tracking/issue_sidebar.js b/app/assets/javascripts/event_tracking/issue_sidebar.js
new file mode 100644
index 00000000000..6909f82c66f
--- /dev/null
+++ b/app/assets/javascripts/event_tracking/issue_sidebar.js
@@ -0,0 +1,2 @@
+export const initSidebarTracking = () => {};
+export const trackEvent = () => {};
diff --git a/app/assets/javascripts/issue_show/index.js b/app/assets/javascripts/issue_show/index.js
index 529b6386221..5a9dd91817e 100644
--- a/app/assets/javascripts/issue_show/index.js
+++ b/app/assets/javascripts/issue_show/index.js
@@ -1,4 +1,5 @@
 import Vue from 'vue';
+import { initSidebarTracking } from 'ee_else_ce/event_tracking/issue_sidebar';
 import issuableApp from './components/app.vue';
 import { parseIssuableData } from './utils/parse_data';
 import '../vue_shared/vue_resource_interceptor';
@@ -9,6 +10,9 @@ export default function initIssueableApp() {
     components: {
       issuableApp,
     },
+    mounted() {
+      initSidebarTracking();
+    },
     render(createElement) {
       return createElement('issuable-app', {
         props: parseIssuableData(),
diff --git a/app/assets/javascripts/sidebar/components/assignees/assignee_title.vue b/app/assets/javascripts/sidebar/components/assignees/assignee_title.vue
index fa6b6bfaef1..63b93a80ead 100644
--- a/app/assets/javascripts/sidebar/components/assignees/assignee_title.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/assignee_title.vue
@@ -1,5 +1,6 @@
 <script>
 import { n__ } from '~/locale';
+import { trackEvent } from 'ee_else_ce/event_tracking/issue_sidebar';
 
 export default {
   name: 'AssigneeTitle',
@@ -29,13 +30,23 @@ export default {
       return n__('Assignee', `%d Assignees`, assignees);
     },
   },
+  methods: {
+    trackEdit() {
+      trackEvent('click_edit_button', 'assignee');
+    },
+  },
 };
 </script>
 <template>
   <div class="title hide-collapsed">
     {{ assigneeTitle }}
     <i v-if="loading" aria-hidden="true" class="fa fa-spinner fa-spin block-loading"></i>
-    <a v-if="editable" class="js-sidebar-dropdown-toggle edit-link float-right" href="#">
+    <a
+      v-if="editable"
+      class="js-sidebar-dropdown-toggle edit-link float-right"
+      href="#"
+      @click.prevent="trackEdit"
+    >
       {{ __('Edit') }}
     </a>
     <a
diff --git a/app/assets/javascripts/sidebar/components/confidential/confidential_issue_sidebar.vue b/app/assets/javascripts/sidebar/components/confidential/confidential_issue_sidebar.vue
index 597b723a9d9..1c75b6148e8 100644
--- a/app/assets/javascripts/sidebar/components/confidential/confidential_issue_sidebar.vue
+++ b/app/assets/javascripts/sidebar/components/confidential/confidential_issue_sidebar.vue
@@ -5,6 +5,7 @@ import tooltip from '~/vue_shared/directives/tooltip';
 import Icon from '~/vue_shared/components/icon.vue';
 import eventHub from '~/sidebar/event_hub';
 import editForm from './edit_form.vue';
+import { trackEvent } from 'ee_else_ce/event_tracking/issue_sidebar';
 
 export default {
   components: {
@@ -51,6 +52,11 @@ export default {
     toggleForm() {
       this.edit = !this.edit;
     },
+    onEditClick() {
+      this.toggleForm();
+
+      trackEvent('click_edit_button', 'confidentiality');
+    },
     updateConfidentialAttribute(confidential) {
       this.service
         .update('issue', { confidential })
@@ -82,7 +88,7 @@ export default {
         v-if="isEditable"
         class="float-right confidential-edit"
         href="#"
-        @click.prevent="toggleForm"
+        @click.prevent="onEditClick"
       >
         {{ __('Edit') }}
       </a>
diff --git a/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue b/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue
index c5cfa92f3c8..ec2a7b93a98 100644
--- a/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue
+++ b/app/assets/javascripts/sidebar/components/lock/lock_issue_sidebar.vue
@@ -6,6 +6,7 @@ import issuableMixin from '~/vue_shared/mixins/issuable';
 import Icon from '~/vue_shared/components/icon.vue';
 import eventHub from '~/sidebar/event_hub';
 import editForm from './edit_form.vue';
+import { trackEvent } from 'ee_else_ce/event_tracking/issue_sidebar';
 
 export default {
   components: {
@@ -65,7 +66,11 @@ export default {
     toggleForm() {
       this.mediator.store.isLockDialogOpen = !this.mediator.store.isLockDialogOpen;
     },
+    onEditClick() {
+      this.toggleForm();
 
+      trackEvent('click_edit_button', 'lock_issue');
+    },
     updateLockedAttribute(locked) {
       this.mediator.service
         .update(this.issuableType, {
@@ -109,7 +114,7 @@ export default {
         v-if="isEditable"
         class="float-right lock-edit"
         type="button"
-        @click.prevent="toggleForm"
+        @click.prevent="onEditClick"
       >
         {{ __('Edit') }}
       </button>
diff --git a/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue b/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
index 0d1faceef11..1f5f19d1931 100644
--- a/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
+++ b/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
@@ -4,6 +4,7 @@ import icon from '~/vue_shared/components/icon.vue';
 import toggleButton from '~/vue_shared/components/toggle_button.vue';
 import tooltip from '~/vue_shared/directives/tooltip';
 import eventHub from '../../event_hub';
+import { trackEvent } from 'ee_else_ce/event_tracking/issue_sidebar';
 
 const ICON_ON = 'notifications';
 const ICON_OFF = 'notifications-off';
@@ -63,6 +64,8 @@ export default {
 
       // Component event emission.
       this.$emit('toggleSubscription', this.id);
+
+      trackEvent('toggle_button', 'notifications', this.subscribed ? 0 : 1);
     },
     onClickCollapsedIcon() {
       this.$emit('toggleSidebar');
diff --git a/app/helpers/issuables_helper.rb b/app/helpers/issuables_helper.rb
index e2e007eee50..b88b25eb845 100644
--- a/app/helpers/issuables_helper.rb
+++ b/app/helpers/issuables_helper.rb
@@ -405,7 +405,11 @@ module IssuablesHelper
       placement: is_collapsed ? 'left' : nil,
       container: is_collapsed ? 'body' : nil,
       boundary: 'viewport',
-      is_collapsed: is_collapsed
+      is_collapsed: is_collapsed,
+      track_label: "right_sidebar",
+      track_property: "update_todo",
+      track_event: "click_button",
+      track_value: ""
     }
   end
 
diff --git a/app/views/shared/issuable/_sidebar.html.haml b/app/views/shared/issuable/_sidebar.html.haml
index 825088a58e7..aea09bf8d4d 100644
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -38,7 +38,7 @@
           = _('Milestone')
           = icon('spinner spin', class: 'hidden block-loading', 'aria-hidden': 'true')
           - if can_edit_issuable
-            = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right'
+            = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right', data: { track_label: "right_sidebar", track_property: "milestone", track_event: "click_edit_button", track_value: "" }
         .value.hide-collapsed
           - if milestone.present?
             = link_to milestone[:title], milestone[:web_url], class: "bold has-tooltip", title: sidebar_milestone_remaining_days(milestone), data: { container: "body", html: 'true', boundary: 'viewport' }
@@ -66,7 +66,7 @@
             = _('Due date')
             = icon('spinner spin', class: 'hidden block-loading', 'aria-hidden': 'true')
             - if can_edit_issuable
-              = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right'
+              = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link float-right', data: { track_label: "right_sidebar", track_property: "due_date", track_event: "click_edit_button", track_value: "" }
           .value.hide-collapsed
             %span.value-content
               - if issuable_sidebar[:due_date]
@@ -102,7 +102,7 @@
           = _('Labels')
           = icon('spinner spin', class: 'hidden block-loading', 'aria-hidden': 'true')
           - if can_edit_issuable
-            = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link qa-edit-link-labels float-right'
+            = link_to _('Edit'), '#', class: 'js-sidebar-dropdown-toggle edit-link qa-edit-link-labels float-right', data: { track_label: "right_sidebar", track_property: "labels", track_event: "click_edit_button", track_value: "" }
         .value.issuable-show-labels.dont-hide.hide-collapsed.qa-labels-block{ class: ("has-labels" if selected_labels.any?) }
           - if selected_labels.any?
             - selected_labels.each do |label_hash|
@@ -160,7 +160,7 @@
             = custom_icon('icon_arrow_right')
           .dropdown.sidebar-move-issue-dropdown.hide-collapsed
             %button.btn.btn-default.btn-block.js-sidebar-dropdown-toggle.js-move-issue{ type: 'button',
-              data: { toggle: 'dropdown', display: 'static' } }
+              data: { toggle: 'dropdown', display: 'static', track_label: "right_sidebar", track_property: "move_issue", track_event: "click_button", track_value: "" } }
               = _('Move issue')
             .dropdown-menu.dropdown-menu-selectable.dropdown-extended-height
               = dropdown_title(_('Move issue'))
-- 
cgit v1.2.1


From ac94033b2db012f6d9e2dcca2bf48f7ac94f38a0 Mon Sep 17 00:00:00 2001
From: Alex Kalderimis <akalderimis@gitlab.com>
Date: Wed, 21 Aug 2019 19:23:27 +0000
Subject: Handle namespaced models

We encountered issues with setting module headers for namespaced models.
These changes address this. We retain the namespacing, but transform the
classnames to make them into safe email headers.
---
 app/mailers/notify.rb | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/mailers/notify.rb b/app/mailers/notify.rb
index 5d292094a05..3683f2ea9a9 100644
--- a/app/mailers/notify.rb
+++ b/app/mailers/notify.rb
@@ -125,9 +125,8 @@ class Notify < BaseMailer
   def mail_thread(model, headers = {})
     add_project_headers
     add_unsubscription_headers_and_links
+    add_model_headers(model)
 
-    headers["X-GitLab-#{model.class.name}-ID"] = model.id
-    headers["X-GitLab-#{model.class.name}-IID"] = model.iid if model.respond_to?(:iid)
     headers['X-GitLab-Reply-Key'] = reply_key
 
     @reason = headers['X-GitLab-NotificationReason']
@@ -196,6 +195,18 @@ class Notify < BaseMailer
     @reply_key ||= SentNotification.reply_key
   end
 
+  # This method applies threading headers to the email to identify
+  # the instance we are discussing.
+  #
+  # All model instances must have `#id`, and may implement `#iid`.
+  def add_model_headers(object)
+    # Use replacement so we don't strip the module.
+    prefix = "X-GitLab-#{object.class.name.gsub(/::/, '-')}"
+
+    headers["#{prefix}-ID"] = object.id
+    headers["#{prefix}-IID"] = object.iid if object.respond_to?(:iid)
+  end
+
   def add_project_headers
     return unless @project
 
-- 
cgit v1.2.1


From 29f1ab6b526f35308dc320ce342f6bdb2e331e55 Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Thu, 15 Aug 2019 14:42:01 +0800
Subject: Add CSP nonce when handling JS views

Prevents errors when we have CSP enabled
---
 app/assets/javascripts/main.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index ba33d72b1f3..39f2097c174 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -9,7 +9,11 @@ import './commons';
 import './behaviors';
 
 // lib/utils
-import { handleLocationHash, addSelectOnFocusBehaviour } from './lib/utils/common_utils';
+import {
+  handleLocationHash,
+  addSelectOnFocusBehaviour,
+  getCspNonceValue,
+} from './lib/utils/common_utils';
 import { localTimeAgo } from './lib/utils/datetime_utility';
 import { getLocationHash, visitUrl } from './lib/utils/url_utility';
 
@@ -39,6 +43,17 @@ import 'ee_else_ce/main_ee';
 window.jQuery = jQuery;
 window.$ = jQuery;
 
+// Add nonce to jQuery script handler
+jQuery.ajaxSetup({
+  converters: {
+    // eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings, func-names
+    'text script': function(text) {
+      jQuery.globalEval(text, { nonce: getCspNonceValue() });
+      return text;
+    },
+  },
+});
+
 // inject test utilities if necessary
 if (process.env.NODE_ENV !== 'production' && gon && gon.test_env) {
   $.fx.off = true;
-- 
cgit v1.2.1


From d78f0724d9cc3dd7c1f22cef54ad59f8d2b579c4 Mon Sep 17 00:00:00 2001
From: Shinya Maeda <shinya@gitlab.com>
Date: Thu, 1 Aug 2019 19:05:02 +0700
Subject: Avoid conflicts between ArchiveTraceWorkers

This commits avoiding conflicts between ArchiveTraceWorker
and ArchiveTracesCronWorker by changing the target of the
latter worker.
---
 app/models/ci/build.rb                       | 2 ++
 app/workers/ci/archive_traces_cron_worker.rb | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 3c0efca31db..7930bef5cf2 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -121,6 +121,8 @@ module Ci
     scope :scheduled_actions, ->() { where(when: :delayed, status: COMPLETED_STATUSES + %i[scheduled]) }
     scope :ref_protected, -> { where(protected: true) }
     scope :with_live_trace, -> { where('EXISTS (?)', Ci::BuildTraceChunk.where('ci_builds.id = ci_build_trace_chunks.build_id').select(1)) }
+    scope :with_stale_live_trace, -> { with_live_trace.finished_before(12.hours.ago) }
+    scope :finished_before, -> (date) { finished.where('finished_at < ?', date) }
 
     scope :matches_tag_ids, -> (tag_ids) do
       matcher = ::ActsAsTaggableOn::Tagging
diff --git a/app/workers/ci/archive_traces_cron_worker.rb b/app/workers/ci/archive_traces_cron_worker.rb
index 75e68d0233a..ef2da729705 100644
--- a/app/workers/ci/archive_traces_cron_worker.rb
+++ b/app/workers/ci/archive_traces_cron_worker.rb
@@ -10,7 +10,7 @@ module Ci
       # Archive stale live traces which still resides in redis or database
       # This could happen when ArchiveTraceWorker sidekiq jobs were lost by receiving SIGKILL
       # More details in https://gitlab.com/gitlab-org/gitlab-ce/issues/36791
-      Ci::Build.finished.with_live_trace.find_each(batch_size: 100) do |build|
+      Ci::Build.with_stale_live_trace.find_each(batch_size: 100) do |build|
         Ci::ArchiveTraceService.new.execute(build, worker_name: self.class.name)
       end
     end
-- 
cgit v1.2.1


From b0231f48676c84b26fab26a5c43b996c66c1924d Mon Sep 17 00:00:00 2001
From: Boris Krylov <krylovbv@mail.ru>
Date: Thu, 22 Aug 2019 03:39:03 +0000
Subject: Reduce dedup calls to gc only

---
 app/workers/git_garbage_collect_worker.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/workers/git_garbage_collect_worker.rb b/app/workers/git_garbage_collect_worker.rb
index 489d6215774..5499e12e49b 100644
--- a/app/workers/git_garbage_collect_worker.rb
+++ b/app/workers/git_garbage_collect_worker.rb
@@ -24,7 +24,7 @@ class GitGarbageCollectWorker
 
     task = task.to_sym
 
-    ::Projects::GitDeduplicationService.new(project).execute
+    ::Projects::GitDeduplicationService.new(project).execute if task == :gc
 
     gitaly_call(task, project.repository.raw_repository)
 
-- 
cgit v1.2.1


From 0e274dfca07ced0458db69b4dfc86a57c39620e5 Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Thu, 22 Aug 2019 14:14:51 +0800
Subject: Remove unneeded check for merge_request.project

---
 app/services/merge_requests/base_service.rb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/services/merge_requests/base_service.rb b/app/services/merge_requests/base_service.rb
index 067510a8a0a..c6aae4c28f2 100644
--- a/app/services/merge_requests/base_service.rb
+++ b/app/services/merge_requests/base_service.rb
@@ -17,11 +17,9 @@ module MergeRequests
     end
 
     def execute_hooks(merge_request, action = 'open', old_rev: nil, old_associations: {})
-      if merge_request.project
-        merge_data = hook_data(merge_request, action, old_rev: old_rev, old_associations: old_associations)
-        merge_request.project.execute_hooks(merge_data, :merge_request_hooks)
-        merge_request.project.execute_services(merge_data, :merge_request_hooks)
-      end
+      merge_data = hook_data(merge_request, action, old_rev: old_rev, old_associations: old_associations)
+      merge_request.project.execute_hooks(merge_data, :merge_request_hooks)
+      merge_request.project.execute_services(merge_data, :merge_request_hooks)
     end
 
     def cleanup_environments(merge_request)
-- 
cgit v1.2.1


From f7fbf49929e24e2f9bfec0a68fd450c3547f7a78 Mon Sep 17 00:00:00 2001
From: drew cimino <dcimino@gitlab.com>
Date: Wed, 21 Aug 2019 01:42:28 -0400
Subject: Restrict MergeRequests#test_reports to authenticated users with
 read-access on Builds

---
 app/controllers/projects/merge_requests_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'app')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index f4d381244d9..c9a1f28f87e 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -12,6 +12,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   skip_before_action :merge_request, only: [:index, :bulk_update]
   before_action :whitelist_query_limiting, only: [:assign_related_issues, :update]
   before_action :authorize_update_issuable!, only: [:close, :edit, :update, :remove_wip, :sort]
+  before_action :authorize_test_reports!, only: [:test_reports]
   before_action :set_issuables_index, only: [:index]
   before_action :authenticate_user!, only: [:assign_related_issues]
   before_action :check_user_can_push_to_source_branch!, only: [:rebase]
@@ -336,4 +337,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
       render json: { status_reason: 'Unknown error' }, status: :internal_server_error
     end
   end
+
+  def authorize_test_reports!
+    # MergeRequest#actual_head_pipeline is the pipeline accessed in MergeRequest#compare_reports.
+    return render_404 unless can?(current_user, :read_build, merge_request.actual_head_pipeline)
+  end
 end
-- 
cgit v1.2.1


From 5af535d919c50951513f5859730afd924a01c29b Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <acroitor@gitlab.com>
Date: Wed, 17 Jul 2019 12:54:40 +0300
Subject: Limit the size of issuable description and comments

Limiting the size of issuable description and comments to 1_000_000,
which is close to ~1MB of ASCII characters, which represents 99.9% of
all descriptions and comments we have in DB at the moment. This should
help prevent DoS attacks when comments contain refference strings.

Also this change updates regexp matching the namespaces paths by
limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED,
as we allow 20 levels deep groups.

see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234
---
 app/models/concerns/issuable.rb | 1 +
 app/models/note.rb              | 1 +
 2 files changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index e60b6497cb7..a9e2f2be980 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -73,6 +73,7 @@ module Issuable
 
     validates :author, presence: true
     validates :title, presence: true, length: { maximum: 255 }
+    validates :description, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }, allow_blank: true
     validate :milestone_is_valid
 
     scope :authored, ->(user) { where(author_id: user) }
diff --git a/app/models/note.rb b/app/models/note.rb
index a12d1eb7243..79aad5cbff9 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -89,6 +89,7 @@ class Note < ApplicationRecord
   delegate :title, to: :noteable, allow_nil: true
 
   validates :note, presence: true
+  validates :note, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }
   validates :project, presence: true, if: :for_project_noteable?
 
   # Attachments are deprecated and are handled by Markdown uploader
-- 
cgit v1.2.1


From b9e21ad86fd176b5388c7b37d250d5ec60bc9abe Mon Sep 17 00:00:00 2001
From: Dimitrie Hoekstra <dimitrie@gitlab.com>
Date: Thu, 22 Aug 2019 10:20:26 +0000
Subject: Updated latest pipeline tag tooltip to be more descriptive

---
 app/assets/javascripts/pipelines/components/pipeline_url.vue | 2 +-
 app/views/projects/pipelines/_info.html.haml                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/pipelines/components/pipeline_url.vue b/app/assets/javascripts/pipelines/components/pipeline_url.vue
index 4efc1d2408a..a08f732dda7 100644
--- a/app/assets/javascripts/pipelines/components/pipeline_url.vue
+++ b/app/assets/javascripts/pipelines/components/pipeline_url.vue
@@ -67,7 +67,7 @@ export default {
       <span
         v-if="pipeline.flags.latest"
         v-gl-tooltip
-        :title="__('Latest pipeline for this branch')"
+        :title="__('Latest pipeline for the most recent commit on this branch')"
         class="js-pipeline-url-latest badge badge-success"
       >
         {{ __('latest') }}
diff --git a/app/views/projects/pipelines/_info.html.haml b/app/views/projects/pipelines/_info.html.haml
index 9614f33fe2f..53bb3c7487d 100644
--- a/app/views/projects/pipelines/_info.html.haml
+++ b/app/views/projects/pipelines/_info.html.haml
@@ -21,7 +21,7 @@
     .icon-container
       = sprite_icon('flag')
     - if @pipeline.latest?
-      %span.js-pipeline-url-latest.badge.badge-success.has-tooltip{ title: _("Latest pipeline for this branch") }
+      %span.js-pipeline-url-latest.badge.badge-success.has-tooltip{ title: _("Latest pipeline for the most recent commit on this branch") }
         latest
     - if @pipeline.has_yaml_errors?
       %span.js-pipeline-url-yaml.badge.badge-danger.has-tooltip{ title: @pipeline.yaml_errors }
-- 
cgit v1.2.1


From a5f6182753502a5e74b06836c9bb70d287bf6fe6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kamil=20Trzci=C5=84ski?= <ayufan@ayufan.eu>
Date: Thu, 22 Aug 2019 13:08:46 +0200
Subject: Optimise build queue service

This makes BuildQueueService to force refresh runners
that are considered to have recent queue.

Such runners are the ones that connected within online
interval + time to expire runner cache.
---
 app/models/ci/runner.rb                       | 28 +++++++++++++++++++--------
 app/services/ci/update_build_queue_service.rb |  4 ++++
 2 files changed, 24 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb
index 43ff874ac23..1c1c7a5ae7a 100644
--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -23,13 +23,17 @@ module Ci
       project_type: 3
     }
 
-    RUNNER_QUEUE_EXPIRY_TIME = 60.minutes
     ONLINE_CONTACT_TIMEOUT = 1.hour
-    UPDATE_DB_RUNNER_INFO_EVERY = 40.minutes
+    RUNNER_QUEUE_EXPIRY_TIME = 1.hour
+
+    # This needs to be less than `ONLINE_CONTACT_TIMEOUT`
+    UPDATE_CONTACT_COLUMN_EVERY = (40.minutes..55.minutes).freeze
+
     AVAILABLE_TYPES_LEGACY = %w[specific shared].freeze
     AVAILABLE_TYPES = runner_types.keys.freeze
     AVAILABLE_STATUSES = %w[active paused online offline].freeze
     AVAILABLE_SCOPES = (AVAILABLE_TYPES_LEGACY + AVAILABLE_TYPES + AVAILABLE_STATUSES).freeze
+
     FORM_EDITABLE = %i[description tag_list active run_untagged locked access_level maximum_timeout_human_readable].freeze
 
     ignore_column :is_shared
@@ -46,7 +50,7 @@ module Ci
 
     scope :active, -> { where(active: true) }
     scope :paused, -> { where(active: false) }
-    scope :online, -> { where('contacted_at > ?', contact_time_deadline) }
+    scope :online, -> { where('contacted_at > ?', online_contact_time_deadline) }
     # The following query using negation is cheaper than using `contacted_at <= ?`
     # because there are less runners online than have been created. The
     # resulting query is quickly finding online ones and then uses the regular
@@ -56,6 +60,8 @@ module Ci
     scope :offline, -> { where.not(id: online) }
     scope :ordered, -> { order(id: :desc) }
 
+    scope :with_recent_runner_queue, -> { where('contacted_at > ?', recent_queue_deadline) }
+
     # BACKWARD COMPATIBILITY: There are needed to maintain compatibility with `AVAILABLE_SCOPES` used by `lib/api/runners.rb`
     scope :deprecated_shared, -> { instance_type }
     scope :deprecated_specific, -> { project_type.or(group_type) }
@@ -137,10 +143,18 @@ module Ci
       fuzzy_search(query, [:token, :description])
     end
 
-    def self.contact_time_deadline
+    def self.online_contact_time_deadline
       ONLINE_CONTACT_TIMEOUT.ago
     end
 
+    def self.recent_queue_deadline
+      # we add queue expiry + online
+      # - contacted_at can be updated at any time within this interval
+      #   we have always accurate `contacted_at` but it is stored in Redis
+      #   and not persisted in database
+      (ONLINE_CONTACT_TIMEOUT + RUNNER_QUEUE_EXPIRY_TIME).ago
+    end
+
     def self.order_by(order)
       if order == 'contacted_asc'
         order_contacted_at_asc
@@ -174,7 +188,7 @@ module Ci
     end
 
     def online?
-      contacted_at && contacted_at > self.class.contact_time_deadline
+      contacted_at && contacted_at > self.class.online_contact_time_deadline
     end
 
     def status
@@ -275,9 +289,7 @@ module Ci
 
     def persist_cached_data?
       # Use a random threshold to prevent beating DB updates.
-      # It generates a distribution between [40m, 80m].
-
-      contacted_at_max_age = UPDATE_DB_RUNNER_INFO_EVERY + Random.rand(UPDATE_DB_RUNNER_INFO_EVERY)
+      contacted_at_max_age = Random.rand(UPDATE_CONTACT_COLUMN_EVERY)
 
       real_contacted_at = read_attribute(:contacted_at)
       real_contacted_at.nil? ||
diff --git a/app/services/ci/update_build_queue_service.rb b/app/services/ci/update_build_queue_service.rb
index 9c589d910eb..31c7178c9e7 100644
--- a/app/services/ci/update_build_queue_service.rb
+++ b/app/services/ci/update_build_queue_service.rb
@@ -9,6 +9,10 @@ module Ci
     private
 
     def tick_for(build, runners)
+      if Feature.enabled?(:ci_update_queues_for_online_runners, build.project, default_enabled: true)
+        runners = runners.with_recent_runner_queue
+      end
+
       runners.each do |runner|
         runner.pick_build!(build)
       end
-- 
cgit v1.2.1


From 6044b3ed1eb81cb55d1b978e76f1c1f3ee4e3a70 Mon Sep 17 00:00:00 2001
From: Kushal Pandya <kushalspandya@gmail.com>
Date: Thu, 15 Aug 2019 21:49:25 +0530
Subject: Add `searchBy` helper & `SidebarItemEpicsSelect`

- Adds `searchBy` util in common utils
- Adds placeholder `SidebarItemEpicsSelect`
---
 .../javascripts/boards/components/board_sidebar.js |  2 +
 app/assets/javascripts/lib/utils/common_utils.js   | 60 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)

(limited to 'app')

diff --git a/app/assets/javascripts/boards/components/board_sidebar.js b/app/assets/javascripts/boards/components/board_sidebar.js
index 2ace0060c42..ba1fe9202fc 100644
--- a/app/assets/javascripts/boards/components/board_sidebar.js
+++ b/app/assets/javascripts/boards/components/board_sidebar.js
@@ -22,6 +22,8 @@ export default Vue.extend({
   components: {
     AssigneeTitle,
     Assignees,
+    SidebarEpicsSelect: () =>
+      import('ee_component/sidebar/components/sidebar_item_epics_select.vue'),
     RemoveBtn,
     Subscriptions,
     TimeTracker,
diff --git a/app/assets/javascripts/lib/utils/common_utils.js b/app/assets/javascripts/lib/utils/common_utils.js
index 31c4a920bbe..6e8f63a10a4 100644
--- a/app/assets/javascripts/lib/utils/common_utils.js
+++ b/app/assets/javascripts/lib/utils/common_utils.js
@@ -731,6 +731,66 @@ export const NavigationType = {
   TYPE_RESERVED: 255,
 };
 
+/**
+ * Method to perform case-insensitive search for a string
+ * within multiple properties and return object containing
+ * properties in case there are multiple matches or `null`
+ * if there's no match.
+ *
+ * Eg; Suppose we want to allow user to search using for a string
+ *     within `iid`, `title`, `url` or `reference` props of a target object;
+ *
+ *     const objectToSearch = {
+ *       "iid": 1,
+ *       "title": "Error omnis quos consequatur ullam a vitae sed omnis libero cupiditate. &3",
+ *       "url": "/groups/gitlab-org/-/epics/1",
+ *       "reference": "&1",
+ *     };
+ *
+ *    Following is how we call searchBy and the return values it will yield;
+ *
+ *    -  `searchBy('omnis', objectToSearch);`: This will return `{ title: ... }` as our
+ *        query was found within title prop we only return that.
+ *    -  `searchBy('1', objectToSearch);`: This will return `{ "iid": ..., "reference": ..., "url": ... }`.
+ *    -  `searchBy('https://gitlab.com/groups/gitlab-org/-/epics/1', objectToSearch);`:
+ *        This will return `{ "url": ... }`.
+ *    -  `searchBy('foo', objectToSearch);`: This will return `null` as no property value
+ *        matched with our query.
+ *
+ *    You can learn more about behaviour of this method by referring to tests
+ *    within `spec/javascripts/lib/utils/common_utils_spec.js`.
+ *
+ * @param {string} query String to search for
+ * @param {object} searchSpace Object containing properties to search in for `query`
+ */
+export const searchBy = (query = '', searchSpace = {}) => {
+  const targetKeys = searchSpace !== null ? Object.keys(searchSpace) : [];
+
+  if (!query || !targetKeys.length) {
+    return null;
+  }
+
+  const normalizedQuery = query.toLowerCase();
+  const matches = targetKeys
+    .filter(item => {
+      const searchItem = `${searchSpace[item]}`.toLowerCase();
+
+      return (
+        searchItem.indexOf(normalizedQuery) > -1 ||
+        normalizedQuery.indexOf(searchItem) > -1 ||
+        normalizedQuery === searchItem
+      );
+    })
+    .reduce((acc, prop) => {
+      const match = acc;
+      match[prop] = searchSpace[prop];
+
+      return acc;
+    }, {});
+
+  return Object.keys(matches).length ? matches : null;
+};
+
 /**
  * Checks if the given Label has a special syntax `::` in
  * it's title.
-- 
cgit v1.2.1


From d86b77bf20474702631d5fd89177c54a9f928760 Mon Sep 17 00:00:00 2001
From: Krasimir Angelov <kangelov@gitlab.com>
Date: Tue, 20 Aug 2019 13:29:16 +0300
Subject: Extract logic who created deployment into Deployment#deployed_by

Prefer the deployable user over the deployment user.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/66037.
---
 app/models/deployment.rb                             | 8 ++++++++
 app/serializers/deployment_entity.rb                 | 2 +-
 app/views/projects/deployments/_deployment.html.haml | 4 ++--
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index 68586e7a1fd..bff5d348ca0 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -162,6 +162,14 @@ class Deployment < ApplicationRecord
     deployed_at&.to_time&.in_time_zone&.to_s(:medium)
   end
 
+  def deployed_by
+    # We use deployable's user if available because Ci::PlayBuildService
+    # does not update the deployment's user, just the one for the deployable.
+    # TODO: use deployment's user once https://gitlab.com/gitlab-org/gitlab-ce/issues/66442
+    # is completed.
+    deployable&.user || user
+  end
+
   private
 
   def ref_path
diff --git a/app/serializers/deployment_entity.rb b/app/serializers/deployment_entity.rb
index 6e91317eb20..7e91bcf18bc 100644
--- a/app/serializers/deployment_entity.rb
+++ b/app/serializers/deployment_entity.rb
@@ -21,7 +21,7 @@ class DeploymentEntity < Grape::Entity
   expose :finished_at
   expose :tag
   expose :last?
-  expose :user, using: UserEntity
+  expose :deployed_by, as: :user, using: UserEntity
 
   expose :deployable do |deployment, opts|
     deployment.deployable.yield_self do |deployable|
diff --git a/app/views/projects/deployments/_deployment.html.haml b/app/views/projects/deployments/_deployment.html.haml
index a11e23b6daa..752be02443c 100644
--- a/app/views/projects/deployments/_deployment.html.haml
+++ b/app/views/projects/deployments/_deployment.html.haml
@@ -15,10 +15,10 @@
           .flex-truncate-child
             = link_to [@project.namespace.becomes(Namespace), @project, deployment.deployable], class: 'build-link' do
               #{deployment.deployable.name} (##{deployment.deployable.id})
-        - if deployment.user
+        - if deployment.deployed_by
           %div
             by
-            = user_avatar(user: deployment.user, size: 20, css_class: "mr-0 float-none")
+            = user_avatar(user: deployment.deployed_by, size: 20, css_class: "mr-0 float-none")
 
   .table-section.section-15{ role: 'gridcell' }
     .table-mobile-header{ role: 'rowheader' }= _("Created")
-- 
cgit v1.2.1


From 08d51490dd19147ebd9a998a221d3e7187c88a1e Mon Sep 17 00:00:00 2001
From: NeroBurner <pyro4hell@gmail.com>
Date: Thu, 22 Aug 2019 15:08:26 +0200
Subject: apps: remove the too big "Mirror a repository" header

fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/66445
---
 app/views/projects/mirrors/_mirror_repos.html.haml | 2 --
 1 file changed, 2 deletions(-)

(limited to 'app')

diff --git a/app/views/projects/mirrors/_mirror_repos.html.haml b/app/views/projects/mirrors/_mirror_repos.html.haml
index eb100e5cf47..6f8a93fbcf5 100644
--- a/app/views/projects/mirrors/_mirror_repos.html.haml
+++ b/app/views/projects/mirrors/_mirror_repos.html.haml
@@ -13,8 +13,6 @@
   .settings-content
     = form_for @project, url: project_mirror_path(@project), html: { class: 'gl-show-field-errors js-mirror-form', autocomplete: 'new-password', data: mirrors_form_data_attributes } do |f|
       .panel.panel-default
-        .panel-heading
-          %h3.panel-title= _('Mirror a repository')
         .panel-body
           %div= form_errors(@project)
 
-- 
cgit v1.2.1


From 3e2b45870ad7d6f356b58e0bdd8852b0ca39ff5a Mon Sep 17 00:00:00 2001
From: Alex Ives <alex@ives.mn>
Date: Thu, 26 Jul 2018 23:26:13 -0500
Subject: Issue #39099: Add links for latest pipelines

---
 app/controllers/projects/pipelines_controller.rb  | 33 +++++++++++++++++++----
 app/views/projects/pipelines/_with_tabs.html.haml |  2 +-
 2 files changed, 29 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index db3b7c8b177..e6e3a440925 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -3,6 +3,7 @@
 class Projects::PipelinesController < Projects::ApplicationController
   before_action :whitelist_query_limiting, only: [:create, :retry]
   before_action :pipeline, except: [:index, :new, :create, :charts]
+  before_action :set_pipeline_path, only: [:show]
   before_action :authorize_read_pipeline!
   before_action :authorize_read_build!, only: [:index]
   before_action :authorize_create_pipeline!, only: [:new, :create]
@@ -174,14 +175,36 @@ class Projects::PipelinesController < Projects::ApplicationController
 
   # rubocop: disable CodeReuse/ActiveRecord
   def pipeline
-    @pipeline ||= project
-                    .all_pipelines
-                    .includes(user: :status)
-                    .find_by!(id: params[:id])
-                    .present(current_user: current_user)
+    @pipeline ||= if params[:id].blank? && params[:latest]
+                    latest_pipeline
+                  else
+                    project
+                      .all_pipelines
+                      .includes(user: :status)
+                      .find_by!(id: params[:id])
+                      .present(current_user: current_user)
+                  end
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
+  def set_pipeline_path
+    @pipeline_path ||= if params[:id].blank? && params[:latest]
+                         latest_project_pipelines_path(@project, params['ref'])
+                       else
+                         project_pipeline_path(@project, @pipeline)
+                       end
+  end
+
+  def latest_pipeline
+    ref = params['ref'].presence || @project.default_branch
+    sha = @project.commit(ref)&.sha
+
+    @project.ci_pipelines
+            .newest_first(ref: ref, sha: sha)
+            .first
+            &.present(current_user: current_user)
+  end
+
   def whitelist_query_limiting
     # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42343
     Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42339')
diff --git a/app/views/projects/pipelines/_with_tabs.html.haml b/app/views/projects/pipelines/_with_tabs.html.haml
index c04f076a3ab..56995ffbcee 100644
--- a/app/views/projects/pipelines/_with_tabs.html.haml
+++ b/app/views/projects/pipelines/_with_tabs.html.haml
@@ -1,7 +1,7 @@
 .tabs-holder
   %ul.pipelines-tabs.nav-links.no-top.no-bottom.mobile-separator.nav.nav-tabs
     %li.js-pipeline-tab-link
-      = link_to project_pipeline_path(@project, @pipeline), data: { target: '#js-tab-pipeline', action: 'pipelines', toggle: 'tab' }, class: 'pipeline-tab' do
+      = link_to @pipeline_path, data: { target: '#js-tab-pipeline', action: 'pipelines', toggle: 'tab' }, class: 'pipeline-tab' do
         = _('Pipeline')
     %li.js-builds-tab-link
       = link_to builds_project_pipeline_path(@project, @pipeline), data: { target: '#js-tab-builds', action: 'builds', toggle: 'tab' }, class: 'builds-tab' do
-- 
cgit v1.2.1


From 6a385b60f849d0ce086947771fb34a4bc66abe11 Mon Sep 17 00:00:00 2001
From: Igor <idrozdov@gitlab.com>
Date: Thu, 22 Aug 2019 13:50:19 +0000
Subject: Remove mergeTrain from FE since it's used only in EE

---
 .../javascripts/vue_merge_request_widget/stores/mr_widget_store.js    | 3 ---
 app/serializers/merge_request_widget_entity.rb                        | 4 +++-
 2 files changed, 3 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
index 0f55bebd3fc..7843409f4a7 100644
--- a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
+++ b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
@@ -87,9 +87,6 @@ export default class MergeRequestStore {
     this.allowCollaboration = data.allow_collaboration;
     this.sourceProjectId = data.source_project_id;
     this.targetProjectId = data.target_project_id;
-    this.mergePipelinesEnabled = Boolean(data.merge_pipelines_enabled);
-    this.mergeTrainsCount = data.merge_trains_count || 0;
-    this.mergeTrainIndex = data.merge_train_index;
 
     // CI related
     this.hasCI = data.has_ci;
diff --git a/app/serializers/merge_request_widget_entity.rb b/app/serializers/merge_request_widget_entity.rb
index 554b307d4f8..c8088608cb0 100644
--- a/app/serializers/merge_request_widget_entity.rb
+++ b/app/serializers/merge_request_widget_entity.rb
@@ -84,8 +84,10 @@ class MergeRequestWidgetEntity < Grape::Entity
 
   private
 
+  delegate :current_user, to: :request
+
   def presenter(merge_request)
     @presenters ||= {}
-    @presenters[merge_request] ||= MergeRequestPresenter.new(merge_request, current_user: request.current_user) # rubocop: disable CodeReuse/Presenter
+    @presenters[merge_request] ||= MergeRequestPresenter.new(merge_request, current_user: current_user) # rubocop: disable CodeReuse/Presenter
   end
 end
-- 
cgit v1.2.1


From 30f302d2beb78af896213850c570792ce3d88b97 Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Thu, 22 Aug 2019 15:50:50 +0200
Subject: Don't check external authorization when disabling the service

---
 app/services/application_settings/update_service.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/services/application_settings/update_service.rb b/app/services/application_settings/update_service.rb
index 471df6e2d0c..13718734844 100644
--- a/app/services/application_settings/update_service.rb
+++ b/app/services/application_settings/update_service.rb
@@ -7,7 +7,8 @@ module ApplicationSettings
     attr_reader :params, :application_setting
 
     def execute
-      validate_classification_label(application_setting, :external_authorization_service_default_label)
+      disable_ext_auth = params[:external_authorization_service_enabled].present? && !Gitlab::Utils.to_boolean(params[:external_authorization_service_enabled])
+      validate_classification_label(application_setting, :external_authorization_service_default_label) unless disable_ext_auth
 
       if application_setting.errors.any?
         return false
-- 
cgit v1.2.1


From e00b07b978a9fb4f368f69aab99cfd105ab5b6b3 Mon Sep 17 00:00:00 2001
From: James Edwards-Jones <jedwardsjones@gitlab.com>
Date: Sat, 20 Jul 2019 14:30:26 +0100
Subject: JwtController avoids activating session checks

This used without a session and issues a sessionless token, so we
should avoid causing access checks based on the session.
---
 app/controllers/jwt_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index 5ecf4f114cf..da39d64c93d 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class JwtController < ApplicationController
+  skip_around_action :set_session_storage
   skip_before_action :authenticate_user!
   skip_before_action :verify_authenticity_token
   before_action :authenticate_project_or_user
-- 
cgit v1.2.1


From d29ea1fa13c730abfb9ee1f88ec703e29b234970 Mon Sep 17 00:00:00 2001
From: drew cimino <dcimino@gitlab.com>
Date: Tue, 13 Aug 2019 19:03:05 -0400
Subject: admin_group authorization for Groups::RunnersController

- Use authorize_admin_group! instead of authorize_admin_pipeline!
- Added role-based permission specs for Groups::RunnersController
---
 app/controllers/groups/runners_controller.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index f8e32451b02..af2b2cbd1fd 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -3,7 +3,7 @@
 class Groups::RunnersController < Groups::ApplicationController
   # Proper policies should be implemented per
   # https://gitlab.com/gitlab-org/gitlab-ce/issues/45894
-  before_action :authorize_admin_pipeline!
+  before_action :authorize_admin_group!
 
   before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
 
@@ -50,10 +50,6 @@ class Groups::RunnersController < Groups::ApplicationController
     @runner ||= @group.runners.find(params[:id])
   end
 
-  def authorize_admin_pipeline!
-    return render_404 unless can?(current_user, :admin_pipeline, group)
-  end
-
   def runner_params
     params.require(:runner).permit(Ci::Runner::FORM_EDITABLE)
   end
-- 
cgit v1.2.1


From cc18c332e0b99f7b674a56a5be59e8b118c81289 Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Thu, 22 Aug 2019 19:05:43 +0200
Subject: Add test, reduce complexity

---
 app/services/application_settings/update_service.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/services/application_settings/update_service.rb b/app/services/application_settings/update_service.rb
index 13718734844..8115585b7a8 100644
--- a/app/services/application_settings/update_service.rb
+++ b/app/services/application_settings/update_service.rb
@@ -7,8 +7,7 @@ module ApplicationSettings
     attr_reader :params, :application_setting
 
     def execute
-      disable_ext_auth = params[:external_authorization_service_enabled].present? && !Gitlab::Utils.to_boolean(params[:external_authorization_service_enabled])
-      validate_classification_label(application_setting, :external_authorization_service_default_label) unless disable_ext_auth
+      validate_classification_label(application_setting, :external_authorization_service_default_label) unless bypass_external_auth?
 
       if application_setting.errors.any?
         return false
@@ -60,5 +59,9 @@ module ApplicationSettings
 
       Group.find_by_full_path(group_full_path)&.id if group_full_path.present?
     end
+
+    def bypass_external_auth?
+      params.key?(:external_authorization_service_enabled) && !Gitlab::Utils.to_boolean(params[:external_authorization_service_enabled])
+    end
   end
 end
-- 
cgit v1.2.1


From 37e4f5140010d844164664a57b65c2b6c16e4d25 Mon Sep 17 00:00:00 2001
From: Nathan Friend <nathan@gitlab.com>
Date: Thu, 22 Aug 2019 14:53:14 -0300
Subject: Rename ATMTWPS to MTWPS (CE)

This commit does a find-and-replace from ATMTWPS -> MTWPS.
---
 app/assets/javascripts/vue_merge_request_widget/constants.js      | 8 ++------
 .../vue_merge_request_widget/stores/mr_widget_store.js            | 6 +++---
 2 files changed, 5 insertions(+), 9 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_merge_request_widget/constants.js b/app/assets/javascripts/vue_merge_request_widget/constants.js
index 3e65bdf0cb0..6f6d145815e 100644
--- a/app/assets/javascripts/vue_merge_request_widget/constants.js
+++ b/app/assets/javascripts/vue_merge_request_widget/constants.js
@@ -5,11 +5,7 @@ export const WARNING_MESSAGE_CLASS = 'warning_message';
 export const DANGER_MESSAGE_CLASS = 'danger_message';
 
 export const MWPS_MERGE_STRATEGY = 'merge_when_pipeline_succeeds';
-export const ATMTWPS_MERGE_STRATEGY = 'add_to_merge_train_when_pipeline_succeeds';
+export const MTWPS_MERGE_STRATEGY = 'add_to_merge_train_when_pipeline_succeeds';
 export const MT_MERGE_STRATEGY = 'merge_train';
 
-export const AUTO_MERGE_STRATEGIES = [
-  MWPS_MERGE_STRATEGY,
-  ATMTWPS_MERGE_STRATEGY,
-  MT_MERGE_STRATEGY,
-];
+export const AUTO_MERGE_STRATEGIES = [MWPS_MERGE_STRATEGY, MTWPS_MERGE_STRATEGY, MT_MERGE_STRATEGY];
diff --git a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
index 7843409f4a7..699d41494bf 100644
--- a/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
+++ b/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js
@@ -3,7 +3,7 @@ import _ from 'underscore';
 import getStateKey from 'ee_else_ce/vue_merge_request_widget/stores/get_state_key';
 import { stateKey } from './state_maps';
 import { formatDate } from '../../lib/utils/datetime_utility';
-import { ATMTWPS_MERGE_STRATEGY, MT_MERGE_STRATEGY, MWPS_MERGE_STRATEGY } from '../constants';
+import { MTWPS_MERGE_STRATEGY, MT_MERGE_STRATEGY, MWPS_MERGE_STRATEGY } from '../constants';
 
 export default class MergeRequestStore {
   constructor(data) {
@@ -217,8 +217,8 @@ export default class MergeRequestStore {
   }
 
   static getPreferredAutoMergeStrategy(availableAutoMergeStrategies) {
-    if (_.includes(availableAutoMergeStrategies, ATMTWPS_MERGE_STRATEGY)) {
-      return ATMTWPS_MERGE_STRATEGY;
+    if (_.includes(availableAutoMergeStrategies, MTWPS_MERGE_STRATEGY)) {
+      return MTWPS_MERGE_STRATEGY;
     } else if (_.includes(availableAutoMergeStrategies, MT_MERGE_STRATEGY)) {
       return MT_MERGE_STRATEGY;
     } else if (_.includes(availableAutoMergeStrategies, MWPS_MERGE_STRATEGY)) {
-- 
cgit v1.2.1


From 606a1d2d31aff69ddabe7e3794f61f3e778da3e8 Mon Sep 17 00:00:00 2001
From: Alessio Caiazza <acaiazza@gitlab.com>
Date: Thu, 22 Aug 2019 22:08:28 +0000
Subject: Expose namespace storage statistics with GraphQL

Root namespaces have storage statistics.
This commit allows namespace owners to get those stats via GraphQL
queries like the following one

{
  namespace(fullPath: "a_namespace_path") {
    rootStorageStatistics {
      storageSize
      repositorySize
      lfsObjectsSize
      buildArtifactsSize
      packagesSize
      wikiSize
    }
  }
}
---
 app/graphql/types/namespace_type.rb                      |  5 +++++
 app/graphql/types/root_storage_statistics_type.rb        | 16 ++++++++++++++++
 app/models/namespace/root_storage_statistics.rb          |  2 ++
 app/policies/group_policy.rb                             |  2 ++
 app/policies/namespace/root_storage_statistics_policy.rb |  5 +++++
 app/policies/namespace_policy.rb                         |  1 +
 6 files changed, 31 insertions(+)
 create mode 100644 app/graphql/types/root_storage_statistics_type.rb
 create mode 100644 app/policies/namespace/root_storage_statistics_policy.rb

(limited to 'app')

diff --git a/app/graphql/types/namespace_type.rb b/app/graphql/types/namespace_type.rb
index f105e9e6e28..35a97b5ace0 100644
--- a/app/graphql/types/namespace_type.rb
+++ b/app/graphql/types/namespace_type.rb
@@ -19,6 +19,11 @@ module Types
     field :lfs_enabled, GraphQL::BOOLEAN_TYPE, null: true, method: :lfs_enabled?
     field :request_access_enabled, GraphQL::BOOLEAN_TYPE, null: true
 
+    field :root_storage_statistics, Types::RootStorageStatisticsType,
+          null: true,
+          description: 'The aggregated storage statistics. Only available for root namespaces',
+          resolve: -> (obj, _args, _ctx) { Gitlab::Graphql::Loaders::BatchRootStorageStatisticsLoader.new(obj.id).find }
+
     field :projects,
           Types::ProjectType.connection_type,
           null: false,
diff --git a/app/graphql/types/root_storage_statistics_type.rb b/app/graphql/types/root_storage_statistics_type.rb
new file mode 100644
index 00000000000..a7498ee0a2e
--- /dev/null
+++ b/app/graphql/types/root_storage_statistics_type.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Types
+  class RootStorageStatisticsType < BaseObject
+    graphql_name 'RootStorageStatistics'
+
+    authorize :read_statistics
+
+    field :storage_size, GraphQL::INT_TYPE, null: false, description: 'The total storage in bytes'
+    field :repository_size, GraphQL::INT_TYPE, null: false, description: 'The git repository size in bytes'
+    field :lfs_objects_size, GraphQL::INT_TYPE, null: false, description: 'The LFS objects size in bytes'
+    field :build_artifacts_size, GraphQL::INT_TYPE, null: false, description: 'The CI artifacts size in bytes'
+    field :packages_size, GraphQL::INT_TYPE, null: false, description: 'The packages size in bytes'
+    field :wiki_size, GraphQL::INT_TYPE, null: false, description: 'The wiki size in bytes'
+  end
+end
diff --git a/app/models/namespace/root_storage_statistics.rb b/app/models/namespace/root_storage_statistics.rb
index 56c430013ee..ae9b2f14343 100644
--- a/app/models/namespace/root_storage_statistics.rb
+++ b/app/models/namespace/root_storage_statistics.rb
@@ -8,6 +8,8 @@ class Namespace::RootStorageStatistics < ApplicationRecord
   belongs_to :namespace
   has_one :route, through: :namespace
 
+  scope :for_namespace_ids, ->(namespace_ids) { where(namespace_id: namespace_ids) }
+
   delegate :all_projects, to: :namespace
 
   def recalculate!
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index c686e7763bb..5d2b74b17a2 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -124,6 +124,8 @@ class GroupPolicy < BasePolicy
   rule { developer & developer_maintainer_access }.enable :create_projects
   rule { create_projects_disabled }.prevent :create_projects
 
+  rule { owner | admin }.enable :read_statistics
+
   def access_level
     return GroupMember::NO_ACCESS if @user.nil?
 
diff --git a/app/policies/namespace/root_storage_statistics_policy.rb b/app/policies/namespace/root_storage_statistics_policy.rb
new file mode 100644
index 00000000000..63fcaf20dfe
--- /dev/null
+++ b/app/policies/namespace/root_storage_statistics_policy.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Namespace::RootStorageStatisticsPolicy < BasePolicy
+  delegate { @subject.namespace }
+end
diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb
index 2babcb0a2d9..937666c7e54 100644
--- a/app/policies/namespace_policy.rb
+++ b/app/policies/namespace_policy.rb
@@ -11,6 +11,7 @@ class NamespacePolicy < BasePolicy
     enable :create_projects
     enable :admin_namespace
     enable :read_namespace
+    enable :read_statistics
   end
 
   rule { personal_project & ~can_create_personal_project }.prevent :create_projects
-- 
cgit v1.2.1


From 56294b4ea9b0a2054423c895b9a7667118cda0ad Mon Sep 17 00:00:00 2001
From: Scott Hampton <shampton@gitlab.com>
Date: Thu, 22 Aug 2019 23:20:19 +0000
Subject: Update GitHub CI/CD import page to use PAT only

Oauth2 tokens are causing issues with mirroring
repos, because it effectively limits the number
of repos you can mirror. Personal Access
Tokens do not have this problem.

This change removes the OAuth2 option from
the import page for CI/CD only, and only
provides the personal access token form.
---
 app/helpers/import_helper.rb          | 11 ++++-------
 app/views/import/github/new.html.haml | 34 ++++++++++++++++++----------------
 2 files changed, 22 insertions(+), 23 deletions(-)

(limited to 'app')

diff --git a/app/helpers/import_helper.rb b/app/helpers/import_helper.rb
index 3d494c3de6a..9122ad5b35a 100644
--- a/app/helpers/import_helper.rb
+++ b/app/helpers/import_helper.rb
@@ -45,17 +45,14 @@ module ImportHelper
   end
 
   def import_github_authorize_message
-    _('To import GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:')
+    _('To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories.')
   end
 
   def import_github_personal_access_token_message
-    personal_access_token_link = link_to _('Personal Access Token'), 'https://github.com/settings/tokens'
+    link_url = 'https://github.com/settings/tokens'
+    link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: link_url }
 
-    if github_import_configured?
-      _('Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
-    else
-      _('To import GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
-    end
+    _('Create and provide your GitHub %{link_start}Personal Access Token%{link_end}. You will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
   end
 
   def import_configure_github_admin_message
diff --git a/app/views/import/github/new.html.haml b/app/views/import/github/new.html.haml
index 72e5934574a..518c44cc687 100644
--- a/app/views/import/github/new.html.haml
+++ b/app/views/import/github/new.html.haml
@@ -1,30 +1,32 @@
-- title = has_ci_cd_only_params? ? _('Connect repositories from GitHub') : _('GitHub import')
+- title = _('Authenticate with GitHub')
 - page_title title
 - breadcrumb_title title
 - header_title _("Projects"), root_path
 
-%h3.page-title
-  = icon 'github', text: _('Import repositories from GitHub')
+%h2.page-title
+  = title
 
-- if github_import_configured?
-  %p
-    = import_github_authorize_message
+%p
+  = import_github_authorize_message
 
-  = link_to _('List your GitHub repositories'), status_import_github_path(ci_cd_only: params[:ci_cd_only]), class: 'btn btn-success'
+- if github_import_configured? && !has_ci_cd_only_params?
+  = link_to icon('github', text: title), status_import_github_path, class: 'btn btn-success'
 
   %hr
 
-%p
-  = import_github_personal_access_token_message
+- unless github_import_configured? || has_ci_cd_only_params?
+  .bs-callout.bs-callout-info
+    = import_configure_github_admin_message
 
-= form_tag personal_access_token_import_github_path, method: :post, class: 'form-inline' do
+= form_tag personal_access_token_import_github_path, method: :post do
   .form-group
-    = text_field_tag :personal_access_token, '', class: 'form-control append-right-8', placeholder: _('Personal Access Token'), size: 40
-    = submit_tag _('List your GitHub repositories'), class: 'btn btn-success'
+    %label.label-bold= _('Personal Access Token')
+    = text_field_tag :personal_access_token, '', class: 'form-control', placeholder: _('e.g. %{token}') % { token: '8d3f016698e...' }
+    %span.form-text.text-muted
+      = import_github_personal_access_token_message
 
   = render_if_exists 'import/github/ci_cd_only'
 
-- unless github_import_configured?
-  %hr
-  %p
-    = import_configure_github_admin_message
+  .form-actions.d-flex.justify-content-end
+    = link_to _('Cancel'), new_project_path, class: 'btn'
+    = submit_tag _('Authenticate'), class: 'btn btn-success ml-2'
-- 
cgit v1.2.1


From 371e1ed3716d25f48c6458373e64ea81e0a45946 Mon Sep 17 00:00:00 2001
From: Denys Mishunov <dmishunov@gitlab.com>
Date: Thu, 22 Aug 2019 23:23:06 +0000
Subject: Always pre-select "Start a new merge request"

One exception: there is an existing MR for the current branch and the
branch is non-default and non-protected.

Extended mock_data for ide/stores to have different types of branches:
default, protected and regular

Cleaned new MR checkbox view
---
 .../ide/components/commit_sidebar/actions.vue      | 12 ++++++--
 .../commit_sidebar/new_merge_request_option.vue    | 33 +++++++++-------------
 app/assets/javascripts/ide/stores/getters.js       |  3 ++
 .../ide/stores/modules/commit/actions.js           | 23 ++-------------
 .../ide/stores/modules/commit/getters.js           | 12 ++++----
 .../ide/stores/modules/commit/mutation_types.js    |  1 -
 .../ide/stores/modules/commit/mutations.js         |  3 --
 .../javascripts/ide/stores/modules/commit/state.js |  3 +-
 8 files changed, 34 insertions(+), 56 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
index 685d8a6b245..8b356ee6e97 100644
--- a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
+++ b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
@@ -41,10 +41,16 @@ export default {
   methods: {
     ...mapCommitActions(['updateCommitAction']),
     updateSelectedCommitAction() {
-      if (this.currentBranch && !this.currentBranch.can_push) {
-        this.updateCommitAction(consts.COMMIT_TO_NEW_BRANCH);
-      } else if (this.containsStagedChanges) {
+      if (!this.currentBranch) {
+        return;
+      }
+
+      const { can_push: canPush = false, default: isDefault = false } = this.currentBranch;
+
+      if (canPush && !isDefault) {
         this.updateCommitAction(consts.COMMIT_TO_CURRENT_BRANCH);
+      } else {
+        this.updateCommitAction(consts.COMMIT_TO_NEW_BRANCH);
       }
     },
   },
diff --git a/app/assets/javascripts/ide/components/commit_sidebar/new_merge_request_option.vue b/app/assets/javascripts/ide/components/commit_sidebar/new_merge_request_option.vue
index b2e7b15089c..daa44a42765 100644
--- a/app/assets/javascripts/ide/components/commit_sidebar/new_merge_request_option.vue
+++ b/app/assets/javascripts/ide/components/commit_sidebar/new_merge_request_option.vue
@@ -1,43 +1,36 @@
 <script>
-import { mapGetters, createNamespacedHelpers } from 'vuex';
+import { createNamespacedHelpers } from 'vuex';
 
 const {
   mapState: mapCommitState,
-  mapGetters: mapCommitGetters,
   mapActions: mapCommitActions,
+  mapGetters: mapCommitGetters,
 } = createNamespacedHelpers('commit');
 
 export default {
   computed: {
     ...mapCommitState(['shouldCreateMR']),
-    ...mapCommitGetters(['isCommittingToCurrentBranch', 'isCommittingToDefaultBranch']),
-    ...mapGetters(['hasMergeRequest', 'isOnDefaultBranch']),
-    currentBranchHasMr() {
-      return this.hasMergeRequest && this.isCommittingToCurrentBranch;
-    },
-    showNewMrOption() {
-      return (
-        this.isCommittingToDefaultBranch || !this.currentBranchHasMr || this.isCommittingToNewBranch
-      );
-    },
-  },
-  mounted() {
-    this.setShouldCreateMR();
+    ...mapCommitGetters(['shouldHideNewMrOption']),
   },
   methods: {
-    ...mapCommitActions(['toggleShouldCreateMR', 'setShouldCreateMR']),
+    ...mapCommitActions(['toggleShouldCreateMR']),
   },
 };
 </script>
 
 <template>
-  <div v-if="showNewMrOption">
+  <fieldset v-if="!shouldHideNewMrOption">
     <hr class="my-2" />
-    <label class="mb-0">
-      <input :checked="shouldCreateMR" type="checkbox" @change="toggleShouldCreateMR" />
+    <label class="mb-0 js-ide-commit-new-mr">
+      <input
+        :checked="shouldCreateMR"
+        type="checkbox"
+        data-qa-selector="start_new_mr_checkbox"
+        @change="toggleShouldCreateMR"
+      />
       <span class="prepend-left-10">
         {{ __('Start a new merge request') }}
       </span>
     </label>
-  </div>
+  </fieldset>
 </template>
diff --git a/app/assets/javascripts/ide/stores/getters.js b/app/assets/javascripts/ide/stores/getters.js
index 406903129db..85fd45358be 100644
--- a/app/assets/javascripts/ide/stores/getters.js
+++ b/app/assets/javascripts/ide/stores/getters.js
@@ -104,5 +104,8 @@ export const packageJson = state => state.entries[packageJsonPath];
 export const isOnDefaultBranch = (_state, getters) =>
   getters.currentProject && getters.currentProject.default_branch === getters.branchName;
 
+export const canPushToBranch = (_state, getters) =>
+  getters.currentBranch && getters.currentBranch.can_push;
+
 // prevent babel-plugin-rewire from generating an invalid default during karma tests
 export default () => {};
diff --git a/app/assets/javascripts/ide/stores/modules/commit/actions.js b/app/assets/javascripts/ide/stores/modules/commit/actions.js
index ac34491c1ad..23caf2d48ed 100644
--- a/app/assets/javascripts/ide/stores/modules/commit/actions.js
+++ b/app/assets/javascripts/ide/stores/modules/commit/actions.js
@@ -18,34 +18,15 @@ export const discardDraft = ({ commit }) => {
   commit(types.UPDATE_COMMIT_MESSAGE, '');
 };
 
-export const updateCommitAction = ({ commit, dispatch }, commitAction) => {
+export const updateCommitAction = ({ commit, getters }, commitAction) => {
   commit(types.UPDATE_COMMIT_ACTION, {
     commitAction,
   });
-  dispatch('setShouldCreateMR');
+  commit(types.TOGGLE_SHOULD_CREATE_MR, !getters.shouldHideNewMrOption);
 };
 
 export const toggleShouldCreateMR = ({ commit }) => {
   commit(types.TOGGLE_SHOULD_CREATE_MR);
-  commit(types.INTERACT_WITH_NEW_MR);
-};
-
-export const setShouldCreateMR = ({
-  commit,
-  getters,
-  rootGetters,
-  state: { interactedWithNewMR },
-}) => {
-  const committingToExistingMR =
-    getters.isCommittingToCurrentBranch &&
-    rootGetters.hasMergeRequest &&
-    !rootGetters.isOnDefaultBranch;
-
-  if ((getters.isCommittingToDefaultBranch && !interactedWithNewMR) || committingToExistingMR) {
-    commit(types.TOGGLE_SHOULD_CREATE_MR, false);
-  } else if (!interactedWithNewMR) {
-    commit(types.TOGGLE_SHOULD_CREATE_MR, true);
-  }
 };
 
 export const updateBranchName = ({ commit }, branchName) => {
diff --git a/app/assets/javascripts/ide/stores/modules/commit/getters.js b/app/assets/javascripts/ide/stores/modules/commit/getters.js
index 64779e9e4df..de289e27199 100644
--- a/app/assets/javascripts/ide/stores/modules/commit/getters.js
+++ b/app/assets/javascripts/ide/stores/modules/commit/getters.js
@@ -20,7 +20,7 @@ export const placeholderBranchName = (state, _, rootState) =>
   )}`;
 
 export const branchName = (state, getters, rootState) => {
-  if (state.commitAction === consts.COMMIT_TO_NEW_BRANCH) {
+  if (getters.isCreatingNewBranch) {
     if (state.newBranchName === '') {
       return getters.placeholderBranchName;
     }
@@ -48,11 +48,11 @@ export const preBuiltCommitMessage = (state, _, rootState) => {
 
 export const isCreatingNewBranch = state => state.commitAction === consts.COMMIT_TO_NEW_BRANCH;
 
-export const isCommittingToCurrentBranch = state =>
-  state.commitAction === consts.COMMIT_TO_CURRENT_BRANCH;
-
-export const isCommittingToDefaultBranch = (_state, getters, _rootState, rootGetters) =>
-  getters.isCommittingToCurrentBranch && rootGetters.isOnDefaultBranch;
+export const shouldHideNewMrOption = (_state, getters, _rootState, rootGetters) =>
+  !getters.isCreatingNewBranch &&
+  (rootGetters.hasMergeRequest ||
+    (!rootGetters.hasMergeRequest && rootGetters.isOnDefaultBranch)) &&
+  rootGetters.canPushToBranch;
 
 // prevent babel-plugin-rewire from generating an invalid default during karma tests
 export default () => {};
diff --git a/app/assets/javascripts/ide/stores/modules/commit/mutation_types.js b/app/assets/javascripts/ide/stores/modules/commit/mutation_types.js
index b81918156b0..7ad8f3570b7 100644
--- a/app/assets/javascripts/ide/stores/modules/commit/mutation_types.js
+++ b/app/assets/javascripts/ide/stores/modules/commit/mutation_types.js
@@ -3,4 +3,3 @@ export const UPDATE_COMMIT_ACTION = 'UPDATE_COMMIT_ACTION';
 export const UPDATE_NEW_BRANCH_NAME = 'UPDATE_NEW_BRANCH_NAME';
 export const UPDATE_LOADING = 'UPDATE_LOADING';
 export const TOGGLE_SHOULD_CREATE_MR = 'TOGGLE_SHOULD_CREATE_MR';
-export const INTERACT_WITH_NEW_MR = 'INTERACT_WITH_NEW_MR';
diff --git a/app/assets/javascripts/ide/stores/modules/commit/mutations.js b/app/assets/javascripts/ide/stores/modules/commit/mutations.js
index 14957d283bb..73b618e250f 100644
--- a/app/assets/javascripts/ide/stores/modules/commit/mutations.js
+++ b/app/assets/javascripts/ide/stores/modules/commit/mutations.js
@@ -24,7 +24,4 @@ export default {
       shouldCreateMR: shouldCreateMR === undefined ? !state.shouldCreateMR : shouldCreateMR,
     });
   },
-  [types.INTERACT_WITH_NEW_MR](state) {
-    Object.assign(state, { interactedWithNewMR: true });
-  },
 };
diff --git a/app/assets/javascripts/ide/stores/modules/commit/state.js b/app/assets/javascripts/ide/stores/modules/commit/state.js
index 53647a7e3e3..259577e48e0 100644
--- a/app/assets/javascripts/ide/stores/modules/commit/state.js
+++ b/app/assets/javascripts/ide/stores/modules/commit/state.js
@@ -3,6 +3,5 @@ export default () => ({
   commitAction: '1',
   newBranchName: '',
   submitCommitLoading: false,
-  shouldCreateMR: false,
-  interactedWithNewMR: false,
+  shouldCreateMR: true,
 });
-- 
cgit v1.2.1


From ca9598c1fb9bc408a26793d419b19f39314efe3f Mon Sep 17 00:00:00 2001
From: Jeremy Jackson <jjackson@gitlab.com>
Date: Fri, 23 Aug 2019 07:11:26 +0000
Subject: Add logic for respecting browser DNT setting

---
 app/assets/javascripts/tracking.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/tracking.js b/app/assets/javascripts/tracking.js
index 2d0b099cf0b..a852f937eec 100644
--- a/app/assets/javascripts/tracking.js
+++ b/app/assets/javascripts/tracking.js
@@ -15,8 +15,14 @@ const extractData = (el, opts = {}) => {
 };
 
 export default class Tracking {
+  static trackable() {
+    return !['1', 'yes'].includes(
+      window.doNotTrack || navigator.doNotTrack || navigator.msDoNotTrack,
+    );
+  }
+
   static enabled() {
-    return typeof window.snowplow === 'function';
+    return typeof window.snowplow === 'function' && this.trackable();
   }
 
   static event(category = document.body.dataset.page, event = 'generic', data = {}) {
-- 
cgit v1.2.1


From f5b855546ed9b2c304b72e349af3f23c4eca549d Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <acroitor@gitlab.com>
Date: Thu, 15 Aug 2019 13:56:33 +0300
Subject: Update sort options for issues list

Increase sort options for issues list from updated_at and create_at,
to include more options close to what is required in actual issue list
UI.

This helps us to use REST API for issues list with sorting capabilities

https://gitlab.com/gitlab-org/gitlab-ce/issues/57402
---
 app/models/concerns/issuable.rb | 19 +++++++++----------
 app/models/concerns/sortable.rb |  6 +++++-
 app/models/issue.rb             |  9 ++++-----
 3 files changed, 18 insertions(+), 16 deletions(-)

(limited to 'app')

diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index e60b6497cb7..db46d7afbb9 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -186,16 +186,15 @@ module Issuable
     def sort_by_attribute(method, excluded_labels: [])
       sorted =
         case method.to_s
-        when 'downvotes_desc'                       then order_downvotes_desc
-        when 'label_priority'                       then order_labels_priority(excluded_labels: excluded_labels)
-        when 'label_priority_desc'                  then order_labels_priority('DESC', excluded_labels: excluded_labels)
-        when 'milestone', 'milestone_due_asc'       then order_milestone_due_asc
-        when 'milestone_due_desc'                   then order_milestone_due_desc
-        when 'popularity', 'popularity_desc'        then order_upvotes_desc
-        when 'popularity_asc'                       then order_upvotes_asc
-        when 'priority', 'priority_asc'             then order_due_date_and_labels_priority(excluded_labels: excluded_labels)
-        when 'priority_desc'                        then order_due_date_and_labels_priority('DESC', excluded_labels: excluded_labels)
-        when 'upvotes_desc'                         then order_upvotes_desc
+        when 'downvotes_desc'                                 then order_downvotes_desc
+        when 'label_priority', 'label_priority_asc'           then order_labels_priority(excluded_labels: excluded_labels)
+        when 'label_priority_desc'                            then order_labels_priority('DESC', excluded_labels: excluded_labels)
+        when 'milestone', 'milestone_due_asc'                 then order_milestone_due_asc
+        when 'milestone_due_desc'                             then order_milestone_due_desc
+        when 'popularity_asc'                                 then order_upvotes_asc
+        when 'popularity', 'popularity_desc', 'upvotes_desc'  then order_upvotes_desc
+        when 'priority', 'priority_asc'                       then order_due_date_and_labels_priority(excluded_labels: excluded_labels)
+        when 'priority_desc'                                  then order_due_date_and_labels_priority('DESC', excluded_labels: excluded_labels)
         else order_by(method)
         end
 
diff --git a/app/models/concerns/sortable.rb b/app/models/concerns/sortable.rb
index df1a9e3fe6e..c4af1b1fab2 100644
--- a/app/models/concerns/sortable.rb
+++ b/app/models/concerns/sortable.rb
@@ -27,14 +27,18 @@ module Sortable
     def simple_sorts
       {
         'created_asc' => -> { order_created_asc },
+        'created_at_asc' => -> { order_created_asc },
         'created_date' => -> { order_created_desc },
         'created_desc' => -> { order_created_desc },
+        'created_at_desc' => -> { order_created_desc },
         'id_asc' => -> { order_id_asc },
         'id_desc' => -> { order_id_desc },
         'name_asc' => -> { order_name_asc },
         'name_desc' => -> { order_name_desc },
         'updated_asc' => -> { order_updated_asc },
-        'updated_desc' => -> { order_updated_desc }
+        'updated_at_asc' => -> { order_updated_asc },
+        'updated_desc' => -> { order_updated_desc },
+        'updated_at_desc' => -> { order_updated_desc }
       }
     end
 
diff --git a/app/models/issue.rb b/app/models/issue.rb
index c5a18f0af0f..caea8eadd18 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -128,11 +128,10 @@ class Issue < ApplicationRecord
 
   def self.sort_by_attribute(method, excluded_labels: [])
     case method.to_s
-    when 'closest_future_date' then order_closest_future_date
-    when 'due_date'            then order_due_date_asc
-    when 'due_date_asc'        then order_due_date_asc
-    when 'due_date_desc'       then order_due_date_desc
-    when 'relative_position'   then order_relative_position_asc.with_order_id_desc
+    when 'closest_future_date', 'closest_future_date_asc' then order_closest_future_date
+    when 'due_date', 'due_date_asc'                       then order_due_date_asc
+    when 'due_date_desc'                                  then order_due_date_desc
+    when 'relative_position', 'relative_position_asc'     then order_relative_position_asc.with_order_id_desc
     else
       super
     end
-- 
cgit v1.2.1


From 41d52bbfe9725a93013ea6b072efcdc16e591b14 Mon Sep 17 00:00:00 2001
From: Jan Provaznik <jprovaznik@gitlab.com>
Date: Tue, 9 Jul 2019 20:51:42 +0200
Subject: Add direct upload support for personal snippets

---
 app/controllers/concerns/uploads_actions.rb | 4 ++++
 app/controllers/uploads_controller.rb       | 6 ++++--
 app/uploaders/personal_file_uploader.rb     | 4 ++++
 3 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb
index f5d35379e10..60a68cec3c3 100644
--- a/app/controllers/concerns/uploads_actions.rb
+++ b/app/controllers/concerns/uploads_actions.rb
@@ -127,4 +127,8 @@ module UploadsActions
   def model
     strong_memoize(:model) { find_model }
   end
+
+  def workhorse_authorize_request?
+    action_name == 'authorize'
+  end
 end
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 94bd18f70d4..2adfeab182e 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -2,6 +2,7 @@
 
 class UploadsController < ApplicationController
   include UploadsActions
+  include WorkhorseRequest
 
   UnknownUploadModelError = Class.new(StandardError)
 
@@ -21,7 +22,8 @@ class UploadsController < ApplicationController
   before_action :upload_mount_satisfied?
   before_action :find_model
   before_action :authorize_access!, only: [:show]
-  before_action :authorize_create_access!, only: [:create]
+  before_action :authorize_create_access!, only: [:create, :authorize]
+  before_action :verify_workhorse_api!, only: [:authorize]
 
   def uploader_class
     PersonalFileUploader
@@ -72,7 +74,7 @@ class UploadsController < ApplicationController
   end
 
   def render_unauthorized
-    if current_user
+    if current_user || workhorse_authorize_request?
       render_404
     else
       authenticate_user!
diff --git a/app/uploaders/personal_file_uploader.rb b/app/uploaders/personal_file_uploader.rb
index 1ac69601d18..3efdd0aa1d9 100644
--- a/app/uploaders/personal_file_uploader.rb
+++ b/app/uploaders/personal_file_uploader.rb
@@ -6,6 +6,10 @@ class PersonalFileUploader < FileUploader
     options.storage_path
   end
 
+  def self.workhorse_local_upload_path
+    File.join(options.storage_path, 'uploads', TMP_UPLOAD_PATH)
+  end
+
   def self.base_dir(model, _store = nil)
     # base_dir is the path seen by the user when rendering Markdown, so
     # it should be the same for both local and object storage. It is
-- 
cgit v1.2.1


From 3e5946335d430c50726a2bfddaf50e0fc43192e2 Mon Sep 17 00:00:00 2001
From: Laura Montemayor <lmontemayor@gitlab.com>
Date: Fri, 23 Aug 2019 10:12:18 +0000
Subject: fix charts scroll handle icon

---
 app/assets/javascripts/monitoring/components/charts/area.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/monitoring/components/charts/area.vue b/app/assets/javascripts/monitoring/components/charts/area.vue
index 78d97a3c122..cac10474d06 100644
--- a/app/assets/javascripts/monitoring/components/charts/area.vue
+++ b/app/assets/javascripts/monitoring/components/charts/area.vue
@@ -126,7 +126,7 @@ export default {
           },
         },
         series: this.scatterSeries,
-        dataZoom: this.dataZoomConfig,
+        dataZoom: [this.dataZoomConfig],
       };
     },
     dataZoomConfig() {
-- 
cgit v1.2.1


From 29955caeeb90b0805cf639337e29fbf50cbd4afe Mon Sep 17 00:00:00 2001
From: Himanshu Kapoor <info@fleon.org>
Date: Fri, 23 Aug 2019 10:21:05 +0000
Subject: Fix broken git clone box on wiki git access page

Some CSS fixes to fix the position of the git clone box on the
wiki git access page. This fix also includes fixes for various
responsive states.
---
 app/assets/stylesheets/framework/variables.scss |  1 +
 app/assets/stylesheets/pages/wiki.scss          | 29 +++++--------------------
 app/views/projects/wikis/_sidebar.html.haml     |  6 ++---
 app/views/projects/wikis/edit.html.haml         |  4 ++--
 app/views/projects/wikis/git_access.html.haml   | 12 +++++-----
 app/views/projects/wikis/history.html.haml      |  2 +-
 app/views/projects/wikis/pages.html.haml        |  4 ++--
 app/views/projects/wikis/show.html.haml         |  4 ++--
 8 files changed, 24 insertions(+), 38 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index 92190f8979e..9871771542d 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -469,6 +469,7 @@ $link-active-background: rgba(0, 0, 0, 0.04);
 $link-hover-background: rgba(0, 0, 0, 0.06);
 $inactive-badge-background: rgba(0, 0, 0, 0.08);
 $sidebar-toggle-height: 60px;
+$sidebar-toggle-width: 40px;
 $sidebar-milestone-toggle-bottom-margin: 10px;
 
 /*
diff --git a/app/assets/stylesheets/pages/wiki.scss b/app/assets/stylesheets/pages/wiki.scss
index 379df1c4db1..0b65b915abf 100644
--- a/app/assets/stylesheets/pages/wiki.scss
+++ b/app/assets/stylesheets/pages/wiki.scss
@@ -32,13 +32,11 @@
     color: $gl-text-color-secondary;
   }
 
-  .git-access-header {
-    padding: $gl-padding 0 $gl-padding-top;
-  }
-
   .git-clone-holder {
-    width: 100%;
-    padding-bottom: 40px;
+    .input-group-prepend,
+    .input-group-append {
+      background-color: transparent;
+    }
   }
 
   button.sidebar-toggle {
@@ -48,19 +46,8 @@
     display: block;
   }
 
-  @include media-breakpoint-up(sm) {
-    &.has-sidebar-toggle {
-      padding-right: 40px;
-    }
-
-    .git-clone-holder {
-      width: 480px;
-      padding-bottom: $gl-padding;
-    }
-
-    .nav-controls {
-      width: auto;
-    }
+  &.has-sidebar-toggle .git-access-header {
+    padding-right: $sidebar-toggle-width;
   }
 
   @include media-breakpoint-up(md) {
@@ -105,10 +92,6 @@
     padding: 0 $gl-padding;
   }
 
-  .block {
-    width: 100%;
-  }
-
   a {
     color: $layout-link-gray;
 
diff --git a/app/views/projects/wikis/_sidebar.html.haml b/app/views/projects/wikis/_sidebar.html.haml
index a9d21470944..83d145444d8 100644
--- a/app/views/projects/wikis/_sidebar.html.haml
+++ b/app/views/projects/wikis/_sidebar.html.haml
@@ -1,6 +1,6 @@
 %aside.right-sidebar.right-sidebar-expanded.wiki-sidebar.js-wiki-sidebar.js-right-sidebar{ data: { "offset-top" => "50", "spy" => "affix" } }
   .sidebar-container
-    .block.wiki-sidebar-header.append-bottom-default
+    .block.wiki-sidebar-header.append-bottom-default.w-100
       %a.gutter-toggle.float-right.d-block.d-sm-block.d-md-none.js-sidebar-wiki-toggle{ href: "#" }
         = icon('angle-double-right')
 
@@ -10,12 +10,12 @@
         %span= _("Clone repository")
 
     .blocks-container
-      .block.block-first
+      .block.block-first.w-100
         - if @sidebar_page
           = render_wiki_content(@sidebar_page)
         - else
           %ul.wiki-pages
             = render @sidebar_wiki_entries, context: 'sidebar'
-      .block
+      .block.w-100
         = link_to project_wikis_pages_path(@project), class: 'btn btn-block' do
           = s_("Wiki|More Pages")
diff --git a/app/views/projects/wikis/edit.html.haml b/app/views/projects/wikis/edit.html.haml
index 815b4a51261..9ccf5acfefc 100644
--- a/app/views/projects/wikis/edit.html.haml
+++ b/app/views/projects/wikis/edit.html.haml
@@ -5,7 +5,7 @@
 
 = wiki_page_errors(@error)
 
-.wiki-page-header.top-area.has-sidebar-toggle
+.wiki-page-header.top-area.has-sidebar-toggle.flex-column.flex-lg-row
   %button.btn.btn-default.sidebar-toggle.js-sidebar-wiki-toggle{ role: "button", type: "button" }
     = icon('angle-double-left')
 
@@ -19,7 +19,7 @@
       - else
         = s_("Wiki|Create New Page")
 
-  .nav-controls
+  .nav-controls.pb-md-3.pb-lg-0
     - if @page.persisted?
       = link_to project_wiki_history_path(@project, @page), class: "btn" do
         = s_("Wiki|Page history")
diff --git a/app/views/projects/wikis/git_access.html.haml b/app/views/projects/wikis/git_access.html.haml
index 009133be117..6972eda9bb7 100644
--- a/app/views/projects/wikis/git_access.html.haml
+++ b/app/views/projects/wikis/git_access.html.haml
@@ -1,15 +1,17 @@
 - @content_class = "limit-container-width" unless fluid_layout
 - page_title s_("WikiClone|Git Access"), _("Wiki")
 
-.wiki-page-header.top-area.has-sidebar-toggle
+.wiki-page-header.top-area.has-sidebar-toggle.py-3.flex-column.flex-lg-row
   %button.btn.btn-default.d-block.d-sm-block.d-md-none.float-right.sidebar-toggle.js-sidebar-wiki-toggle{ role: "button", type: "button" }
     = icon('angle-double-left')
 
-  .git-access-header
-    = _("Clone repository")
-    %strong= @project_wiki.full_path
+  .git-access-header.w-100.d-flex.flex-column.justify-content-center
+    %span
+      = _("Clone repository")
+      %strong= @project_wiki.full_path
 
-  = render "shared/clone_panel", project: @project_wiki
+  .pt-3.pt-lg-0.w-100
+    = render "shared/clone_panel", project: @project_wiki
 
 .wiki-git-access
   %h3= s_("WikiClone|Install Gollum")
diff --git a/app/views/projects/wikis/history.html.haml b/app/views/projects/wikis/history.html.haml
index f8468ef9a78..d3a55c53649 100644
--- a/app/views/projects/wikis/history.html.haml
+++ b/app/views/projects/wikis/history.html.haml
@@ -1,6 +1,6 @@
 - page_title _("History"), @page.human_title, _("Wiki")
 
-.wiki-page-header.top-area.has-sidebar-toggle
+.wiki-page-header.top-area.has-sidebar-toggle.flex-column.flex-lg-row
   %button.btn.btn-default.sidebar-toggle.js-sidebar-wiki-toggle{ role: "button", type: "button" }
     = icon('angle-double-left')
 
diff --git a/app/views/projects/wikis/pages.html.haml b/app/views/projects/wikis/pages.html.haml
index f7999c3f1bd..275dc5dbd23 100644
--- a/app/views/projects/wikis/pages.html.haml
+++ b/app/views/projects/wikis/pages.html.haml
@@ -5,13 +5,13 @@
 - sort_title = wiki_sort_title(params[:sort])
 
 %div{ class: container_class }
-  .wiki-page-header.top-area
+  .wiki-page-header.top-area.flex-column.flex-lg-row
 
     .nav-text.flex-fill
       %h2.wiki-page-title
         = s_("Wiki|Wiki Pages")
 
-    .nav-controls
+    .nav-controls.pb-md-3.pb-lg-0
       = link_to project_wikis_git_access_path(@project), class: 'btn' do
         = icon('cloud-download')
         = _("Clone repository")
diff --git a/app/views/projects/wikis/show.html.haml b/app/views/projects/wikis/show.html.haml
index 1d649886331..c6197fe576e 100644
--- a/app/views/projects/wikis/show.html.haml
+++ b/app/views/projects/wikis/show.html.haml
@@ -4,7 +4,7 @@
 - page_title @page.human_title, _("Wiki")
 - add_to_breadcrumbs _("Wiki"), project_wiki_path(@project, :home)
 
-.wiki-page-header.top-area.has-sidebar-toggle
+.wiki-page-header.top-area.has-sidebar-toggle.flex-column.flex-lg-row
   %button.btn.btn-default.sidebar-toggle.js-sidebar-wiki-toggle{ role: "button", type: "button" }
     = icon('angle-double-left')
 
@@ -15,7 +15,7 @@
         = (_("Last edited by %{name}") % { name: "<strong>#{@page.last_version.author_name}</strong>" }).html_safe
         #{time_ago_with_tooltip(@page.last_version.authored_date)}
 
-  .nav-controls
+  .nav-controls.pb-md-3.pb-lg-0
     = render 'main_links'
 
 - if @page.historical?
-- 
cgit v1.2.1


From 8d5fac4f56bb6c0d6625ea5f6364796a80196933 Mon Sep 17 00:00:00 2001
From: Winnie Hellmann <winnie@gitlab.com>
Date: Fri, 23 Aug 2019 11:40:56 +0000
Subject: Hide duplicate board list while dragging

---
 app/assets/javascripts/test_utils/simulate_drag.js  | 6 +++++-
 app/assets/stylesheets/pages/boards.scss            | 3 +++
 app/views/shared/boards/components/_board.html.haml | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/test_utils/simulate_drag.js b/app/assets/javascripts/test_utils/simulate_drag.js
index be9ebc81c6b..c9bf234fcce 100644
--- a/app/assets/javascripts/test_utils/simulate_drag.js
+++ b/app/assets/javascripts/test_utils/simulate_drag.js
@@ -153,7 +153,11 @@ export default function simulateDrag(options) {
 
     if (progress >= 1) {
       if (options.ondragend) options.ondragend();
-      simulateEvent(toEl, 'mouseup');
+
+      if (options.performDrop) {
+        simulateEvent(toEl, 'mouseup');
+      }
+
       clearInterval(dragInterval);
       window.SIMULATE_DRAG_ACTIVE = 0;
     }
diff --git a/app/assets/stylesheets/pages/boards.scss b/app/assets/stylesheets/pages/boards.scss
index 343cca96851..e77a2d1e333 100644
--- a/app/assets/stylesheets/pages/boards.scss
+++ b/app/assets/stylesheets/pages/boards.scss
@@ -86,6 +86,9 @@
 }
 
 .board {
+  // the next line cannot be replaced with .d-inline-block because it breaks display: none of SortableJS
+  // see https://gitlab.com/gitlab-org/gitlab-ce/issues/64828
+  display: inline-block;
   width: calc(85vw - 15px);
 
   @include media-breakpoint-up(sm) {
diff --git a/app/views/shared/boards/components/_board.html.haml b/app/views/shared/boards/components/_board.html.haml
index 5abd4ce0fb9..ffa24d1c041 100644
--- a/app/views/shared/boards/components/_board.html.haml
+++ b/app/views/shared/boards/components/_board.html.haml
@@ -1,4 +1,4 @@
-.board.d-inline-block.h-100.px-2.align-top.ws-normal{ ":class" => '{ "is-draggable": !list.preset, "is-expandable": list.isExpandable, "is-collapsed": !list.isExpanded, "board-type-assignee": list.type === "assignee" }',
+.board.h-100.px-2.align-top.ws-normal{ ":class" => '{ "is-draggable": !list.preset, "is-expandable": list.isExpandable, "is-collapsed": !list.isExpanded, "board-type-assignee": list.type === "assignee" }',
   ":data-id" => "list.id", data: { qa_selector: "board_list" } }
   .board-inner.d-flex.flex-column.position-relative.h-100.rounded
     %header.board-header{ ":class" => '{ "has-border": list.label && list.label.color, "position-relative": list.isExpanded, "position-absolute position-top-0 position-left-0 w-100 h-100": !list.isExpanded }', ":style" => "{ borderTopColor: (list.label && list.label.color ? list.label.color : null) }", data: { qa_selector: "board_list_header" } }
-- 
cgit v1.2.1


From 642f6b38169c5805676f061708d25137f4cc986e Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Thu, 22 Aug 2019 16:05:07 +0100
Subject: Send TODOs for comments on commits correctly

At present, the TodoService uses the `:read_project` ability to decide
whether a user can read a note on a commit. However, commits can have a
visibility level that is more restricted than the project, so this is a
security issue.

This commit changes the code to use the `:read_commit` ability in this
case instead, which ensures TODOs are only generated for commit notes
if the users can see the commit.
---
 app/services/todo_service.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb
index 0ea230a44a1..b1256df35d6 100644
--- a/app/services/todo_service.rb
+++ b/app/services/todo_service.rb
@@ -314,11 +314,9 @@ class TodoService
   end
 
   def reject_users_without_access(users, parent, target)
-    if target.is_a?(Note) && target.for_issuable?
-      target = target.noteable
-    end
+    target = target.noteable if target.is_a?(Note)
 
-    if target.is_a?(Issuable)
+    if target.respond_to?(:to_ability_name)
       select_users(users, :"read_#{target.to_ability_name}", target)
     else
       select_users(users, :read_project, parent)
-- 
cgit v1.2.1


From 21024065c586e64e802e838c1efe1cb21a3c3a37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= <matteeyah@gmail.com>
Date: Fri, 23 Aug 2019 14:49:52 +0200
Subject: Preload tags when loading Ci::Pipeline

---
 app/controllers/projects/pipelines_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index e6e3a440925..499d4918899 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -180,7 +180,7 @@ class Projects::PipelinesController < Projects::ApplicationController
                   else
                     project
                       .all_pipelines
-                      .includes(user: :status)
+                      .includes(builds: :tags, user: :status)
                       .find_by!(id: params[:id])
                       .present(current_user: current_user)
                   end
-- 
cgit v1.2.1


From 9ad0a8ad6259fb44876443d8bbf692e291165376 Mon Sep 17 00:00:00 2001
From: Paul Slaughter <pslaughter@gitlab.com>
Date: Thu, 22 Aug 2019 21:39:34 -0500
Subject: Fix issuable sidebar icon of notification disabled

by adding the proper notification icon
---
 app/helpers/notifications_helper.rb          | 4 ++--
 app/views/shared/issuable/_sidebar.html.haml | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/helpers/notifications_helper.rb b/app/helpers/notifications_helper.rb
index 5678304ffcf..8855e0cdd70 100644
--- a/app/helpers/notifications_helper.rb
+++ b/app/helpers/notifications_helper.rb
@@ -106,9 +106,9 @@ module NotificationsHelper
     end
   end
 
-  def notification_setting_icon(notification_setting)
+  def notification_setting_icon(notification_setting = nil)
     sprite_icon(
-      notification_setting.disabled? ? "notifications-off" : "notifications",
+      !notification_setting.present? || notification_setting.disabled? ? "notifications-off" : "notifications",
       css_class: "icon notifications-icon js-notifications-icon"
     )
   end
diff --git a/app/views/shared/issuable/_sidebar.html.haml b/app/views/shared/issuable/_sidebar.html.haml
index 825088a58e7..245886f495c 100644
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -139,7 +139,9 @@
       - if signed_in
         - if issuable_sidebar[:project_emails_disabled]
           .block.js-emails-disabled
-            = notification_description(:owner_disabled)
+            .sidebar-collapsed-icon.has-tooltip{ title: notification_description(:owner_disabled), data: { placement: "left", container: "body", boundary: 'viewport' } }
+              = notification_setting_icon
+            .hide-collapsed= notification_description(:owner_disabled)
         - else
           .js-sidebar-subscriptions-entry-point
 
-- 
cgit v1.2.1


From c96adfcd6c9d303f3f7f86e441e57cb3ce8a286e Mon Sep 17 00:00:00 2001
From: shampton <shampton@gitlab.com>
Date: Fri, 23 Aug 2019 12:57:21 -0700
Subject: Move visual review toolbar to NPM

Remove the visual review toolbar code
in favor of using the NPM package.
---
 .../visual_review_toolbar/components/comment.js    |  39 -----
 .../components/comment_mr_note.js                  |  31 ----
 .../components/comment_post.js                     | 145 ----------------
 .../components/comment_storage.js                  |  20 ---
 .../components/form_elements.js                    |  17 --
 .../visual_review_toolbar/components/index.js      |  23 ---
 .../visual_review_toolbar/components/login.js      |  47 ------
 .../visual_review_toolbar/components/mr_id.js      |  63 -------
 .../visual_review_toolbar/components/note.js       |  35 ----
 .../visual_review_toolbar/components/utils.js      |  51 ------
 .../visual_review_toolbar/components/wrapper.js    |  79 ---------
 .../components/wrapper_icons.js                    |  15 --
 .../javascripts/visual_review_toolbar/index.js     |  51 ------
 .../visual_review_toolbar/shared/constants.js      |  56 ------
 .../visual_review_toolbar/shared/index.js          |  55 ------
 .../visual_review_toolbar/shared/storage_utils.js  |  42 -----
 .../visual_review_toolbar/store/events.js          |  73 --------
 .../visual_review_toolbar/store/index.js           |  11 --
 .../visual_review_toolbar/store/state.js           |  95 -----------
 .../visual_review_toolbar/store/utils.js           |  15 --
 .../visual_review_toolbar/styles/toolbar.css       | 188 ---------------------
 21 files changed, 1151 deletions(-)
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/comment.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/comment_mr_note.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/comment_post.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/comment_storage.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/form_elements.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/index.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/login.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/mr_id.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/note.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/utils.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/wrapper.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/components/wrapper_icons.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/index.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/shared/constants.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/shared/index.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/shared/storage_utils.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/store/events.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/store/index.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/store/state.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/store/utils.js
 delete mode 100644 app/assets/javascripts/visual_review_toolbar/styles/toolbar.css

(limited to 'app')

diff --git a/app/assets/javascripts/visual_review_toolbar/components/comment.js b/app/assets/javascripts/visual_review_toolbar/components/comment.js
deleted file mode 100644
index a03dc14b319..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/comment.js
+++ /dev/null
@@ -1,39 +0,0 @@
-import { nextView } from '../store';
-import { localStorage, COMMENT_BOX, LOGOUT, STORAGE_MR_ID, STORAGE_TOKEN } from '../shared';
-import { clearNote } from './note';
-import { buttonClearStyles } from './utils';
-import { addForm } from './wrapper';
-import { changeSelectedMr, selectedMrNote } from './comment_mr_note';
-import postComment from './comment_post';
-import { saveComment, getSavedComment } from './comment_storage';
-
-const comment = state => {
-  const savedComment = getSavedComment();
-
-  return `
-    <div>
-      <textarea id="${COMMENT_BOX}" name="${COMMENT_BOX}" rows="3" placeholder="Enter your feedback or idea" class="gitlab-input" aria-required="true">${savedComment}</textarea>
-      ${selectedMrNote(state)}
-      <p class="gitlab-metadata-note">Additional metadata will be included: browser, OS, current page, user agent, and viewport dimensions.</p>
-    </div>
-    <div class="gitlab-button-wrapper">
-      <button class="gitlab-button gitlab-button-success" style="${buttonClearStyles}" type="button" id="gitlab-comment-button"> Send feedback </button>
-      <button class="gitlab-button gitlab-button-secondary" style="${buttonClearStyles}" type="button" id="${LOGOUT}"> Log out </button>
-    </div>
-  `;
-};
-
-// This function is here becaause it is called only from the comment view
-// If we reach a design where we can logout from multiple views, promote this
-// to it's own package
-const logoutUser = state => {
-  localStorage.removeItem(STORAGE_TOKEN);
-  localStorage.removeItem(STORAGE_MR_ID);
-  state.token = '';
-  state.mergeRequestId = '';
-
-  clearNote();
-  addForm(nextView(state, COMMENT_BOX));
-};
-
-export { changeSelectedMr, comment, logoutUser, postComment, saveComment };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/comment_mr_note.js b/app/assets/javascripts/visual_review_toolbar/components/comment_mr_note.js
deleted file mode 100644
index da67763261c..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/comment_mr_note.js
+++ /dev/null
@@ -1,31 +0,0 @@
-import { nextView } from '../store';
-import { localStorage, CHANGE_MR_ID_BUTTON, COMMENT_BOX, STORAGE_MR_ID } from '../shared';
-import { clearNote } from './note';
-import { buttonClearStyles } from './utils';
-import { addForm } from './wrapper';
-
-const selectedMrNote = state => {
-  const { mrUrl, projectPath, mergeRequestId } = state;
-
-  const mrLink = `${mrUrl}/${projectPath}/merge_requests/${mergeRequestId}`;
-
-  return `
-    <p class="gitlab-metadata-note">
-      This posts to merge request <a class="gitlab-link" href="${mrLink}">!${mergeRequestId}</a>.
-      <button style="${buttonClearStyles}" type="button" id="${CHANGE_MR_ID_BUTTON}" class="gitlab-link gitlab-link-button">Change</button>
-    </p>
-  `;
-};
-
-const clearMrId = state => {
-  localStorage.removeItem(STORAGE_MR_ID);
-  state.mergeRequestId = '';
-};
-
-const changeSelectedMr = state => {
-  clearMrId(state);
-  clearNote();
-  addForm(nextView(state, COMMENT_BOX));
-};
-
-export { changeSelectedMr, selectedMrNote };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/comment_post.js b/app/assets/javascripts/visual_review_toolbar/components/comment_post.js
deleted file mode 100644
index ee5f2b62425..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/comment_post.js
+++ /dev/null
@@ -1,145 +0,0 @@
-import { BLACK, COMMENT_BOX, MUTED } from '../shared';
-import { clearSavedComment } from './comment_storage';
-import { clearNote, postError } from './note';
-import { selectCommentBox, selectCommentButton, selectNote, selectNoteContainer } from './utils';
-
-const resetCommentButton = () => {
-  const commentButton = selectCommentButton();
-
-  /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  commentButton.innerText = 'Send feedback';
-  commentButton.classList.replace('gitlab-button-secondary', 'gitlab-button-success');
-  commentButton.style.opacity = 1;
-};
-
-const resetCommentBox = () => {
-  const commentBox = selectCommentBox();
-  commentBox.style.pointerEvents = 'auto';
-  commentBox.style.color = BLACK;
-};
-
-const resetCommentText = () => {
-  const commentBox = selectCommentBox();
-  commentBox.value = '';
-  clearSavedComment();
-};
-
-const resetComment = () => {
-  resetCommentButton();
-  resetCommentBox();
-  resetCommentText();
-};
-
-const confirmAndClear = feedbackInfo => {
-  const commentButton = selectCommentButton();
-  const currentNote = selectNote();
-  const noteContainer = selectNoteContainer();
-
-  /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  commentButton.innerText = 'Feedback sent';
-  noteContainer.style.visibility = 'visible';
-  currentNote.insertAdjacentHTML('beforeend', feedbackInfo);
-
-  setTimeout(resetComment, 1000);
-  setTimeout(clearNote, 6000);
-};
-
-const setInProgressState = () => {
-  const commentButton = selectCommentButton();
-  const commentBox = selectCommentBox();
-
-  /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  commentButton.innerText = 'Sending feedback';
-  commentButton.classList.replace('gitlab-button-success', 'gitlab-button-secondary');
-  commentButton.style.opacity = 0.5;
-  commentBox.style.color = MUTED;
-  commentBox.style.pointerEvents = 'none';
-};
-
-const commentErrors = error => {
-  switch (error.status) {
-    case 401:
-      /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-      return 'Unauthorized. You may have entered an incorrect authentication token.';
-    case 404:
-      /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-      return 'Not found. You may have entered an incorrect merge request ID.';
-    default:
-      /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-      return `Your comment could not be sent. Please try again. Error: ${error.message}`;
-  }
-};
-
-const postComment = ({
-  platform,
-  browser,
-  userAgent,
-  innerWidth,
-  innerHeight,
-  projectId,
-  projectPath,
-  mergeRequestId,
-  mrUrl,
-  token,
-}) => {
-  // Clear any old errors
-  clearNote(COMMENT_BOX);
-
-  setInProgressState();
-
-  const commentText = selectCommentBox().value.trim();
-  // Get the href at the last moment to support SPAs
-  const { href } = window.location;
-
-  if (!commentText) {
-    /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-    postError('Your comment appears to be empty.', COMMENT_BOX);
-    resetCommentBox();
-    resetCommentButton();
-    return;
-  }
-
-  const detailText = `
- \n
-<details>
-  <summary>Metadata</summary>
-  Posted from ${href} | ${platform} | ${browser} | ${innerWidth} x ${innerHeight}.
-  <br /><br />
-  <em>User agent: ${userAgent}</em>
-</details>
-  `;
-
-  const url = `
-    ${mrUrl}/api/v4/projects/${projectId}/merge_requests/${mergeRequestId}/discussions`;
-
-  const body = `${commentText} ${detailText}`;
-
-  fetch(url, {
-    method: 'POST',
-    headers: {
-      'PRIVATE-TOKEN': token,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({ body }),
-  })
-    .then(response => {
-      if (response.ok) {
-        return response.json();
-      }
-
-      throw response;
-    })
-    .then(data => {
-      const commentId = data.notes[0].id;
-      const feedbackLink = `${mrUrl}/${projectPath}/merge_requests/${mergeRequestId}#note_${commentId}`;
-      const feedbackInfo = `Feedback sent. View at <a class="gitlab-link" href="${feedbackLink}">${projectPath} !${mergeRequestId} (comment ${commentId})</a>`;
-      confirmAndClear(feedbackInfo);
-    })
-    .catch(err => {
-      postError(commentErrors(err), COMMENT_BOX);
-      resetCommentBox();
-      resetCommentButton();
-    });
-};
-
-export default postComment;
diff --git a/app/assets/javascripts/visual_review_toolbar/components/comment_storage.js b/app/assets/javascripts/visual_review_toolbar/components/comment_storage.js
deleted file mode 100644
index 49c9400437e..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/comment_storage.js
+++ /dev/null
@@ -1,20 +0,0 @@
-import { selectCommentBox } from './utils';
-import { sessionStorage, STORAGE_COMMENT } from '../shared';
-
-const getSavedComment = () => sessionStorage.getItem(STORAGE_COMMENT) || '';
-
-const saveComment = () => {
-  const currentComment = selectCommentBox();
-
-  // This may be added to any view via top-level beforeunload listener
-  // so let's skip if it does not apply
-  if (currentComment && currentComment.value) {
-    sessionStorage.setItem(STORAGE_COMMENT, currentComment.value);
-  }
-};
-
-const clearSavedComment = () => {
-  sessionStorage.removeItem(STORAGE_COMMENT);
-};
-
-export { getSavedComment, saveComment, clearSavedComment };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/form_elements.js b/app/assets/javascripts/visual_review_toolbar/components/form_elements.js
deleted file mode 100644
index 608488a6fea..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/form_elements.js
+++ /dev/null
@@ -1,17 +0,0 @@
-import { REMEMBER_ITEM } from '../shared';
-import { buttonClearStyles } from './utils';
-
-/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-const rememberBox = (rememberText = 'Remember me') => `
-  <div class="gitlab-checkbox-wrapper">
-    <input type="checkbox" id="${REMEMBER_ITEM}" name="${REMEMBER_ITEM}" value="remember">
-    <label for="${REMEMBER_ITEM}" class="gitlab-checkbox-label">${rememberText}</label>
-  </div>
-`;
-
-const submitButton = buttonId => `
-  <div class="gitlab-button-wrapper">
-    <button class="gitlab-button-wide gitlab-button gitlab-button-success" style="${buttonClearStyles}" type="button" id="${buttonId}"> Submit </button>
-  </div>
-`;
-export { rememberBox, submitButton };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/index.js b/app/assets/javascripts/visual_review_toolbar/components/index.js
deleted file mode 100644
index e88b3637ad8..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/index.js
+++ /dev/null
@@ -1,23 +0,0 @@
-import { changeSelectedMr, comment, logoutUser, postComment, saveComment } from './comment';
-import { authorizeUser, login } from './login';
-import { addMr, mrForm } from './mr_id';
-import { note } from './note';
-import { selectContainer, selectForm } from './utils';
-import { buttonAndForm, toggleForm } from './wrapper';
-
-export {
-  addMr,
-  authorizeUser,
-  buttonAndForm,
-  changeSelectedMr,
-  comment,
-  login,
-  logoutUser,
-  mrForm,
-  note,
-  postComment,
-  saveComment,
-  selectContainer,
-  selectForm,
-  toggleForm,
-};
diff --git a/app/assets/javascripts/visual_review_toolbar/components/login.js b/app/assets/javascripts/visual_review_toolbar/components/login.js
deleted file mode 100644
index 20ab01bc690..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/login.js
+++ /dev/null
@@ -1,47 +0,0 @@
-import { nextView } from '../store';
-import { localStorage, LOGIN, TOKEN_BOX, STORAGE_TOKEN } from '../shared';
-import { clearNote, postError } from './note';
-import { rememberBox, submitButton } from './form_elements';
-import { selectRemember, selectToken } from './utils';
-import { addForm } from './wrapper';
-
-const labelText = `
-  Enter your <a class="gitlab-link" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">personal access token</a>
-`;
-
-const login = `
-    <div>
-      <label for="${TOKEN_BOX}" class="gitlab-label">${labelText}</label>
-      <input class="gitlab-input" type="password" id="${TOKEN_BOX}" name="${TOKEN_BOX}" autocomplete="current-password" aria-required="true">
-    </div>
-    ${rememberBox()}
-    ${submitButton(LOGIN)}
-`;
-
-const storeToken = (token, state) => {
-  const rememberMe = selectRemember().checked;
-
-  if (rememberMe) {
-    localStorage.setItem(STORAGE_TOKEN, token);
-  }
-
-  state.token = token;
-};
-
-const authorizeUser = state => {
-  // Clear any old errors
-  clearNote(TOKEN_BOX);
-
-  const token = selectToken().value;
-
-  if (!token) {
-    /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-    postError('Please enter your token.', TOKEN_BOX);
-    return;
-  }
-
-  storeToken(token, state);
-  addForm(nextView(state, LOGIN));
-};
-
-export { authorizeUser, login, storeToken };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/mr_id.js b/app/assets/javascripts/visual_review_toolbar/components/mr_id.js
deleted file mode 100644
index 695b3af8aa0..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/mr_id.js
+++ /dev/null
@@ -1,63 +0,0 @@
-import { nextView } from '../store';
-import { MR_ID, MR_ID_BUTTON, STORAGE_MR_ID, localStorage } from '../shared';
-import { clearNote, postError } from './note';
-import { rememberBox, submitButton } from './form_elements';
-import { selectForm, selectMrBox, selectRemember } from './utils';
-import { addForm } from './wrapper';
-
-/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-const mrLabel = `Enter your merge request ID`;
-/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-const mrRememberText = `Remember this number`;
-
-const mrForm = `
-    <div>
-      <label for="${MR_ID}" class="gitlab-label">${mrLabel}</label>
-      <input class="gitlab-input" type="text" pattern="[1-9][0-9]*" id="${MR_ID}" name="${MR_ID}" placeholder="e.g., 321" aria-required="true">
-    </div>
-    ${rememberBox(mrRememberText)}
-    ${submitButton(MR_ID_BUTTON)}
-`;
-
-const storeMR = (id, state) => {
-  const rememberMe = selectRemember().checked;
-
-  if (rememberMe) {
-    localStorage.setItem(STORAGE_MR_ID, id);
-  }
-
-  state.mergeRequestId = id;
-};
-
-const getFormError = (mrNumber, form) => {
-  if (!mrNumber) {
-    /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-    return 'Please enter your merge request ID number.';
-  }
-
-  if (!form.checkValidity()) {
-    /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-    return 'Please remove any non-number values from the field.';
-  }
-
-  return null;
-};
-
-const addMr = state => {
-  // Clear any old errors
-  clearNote(MR_ID);
-
-  const mrNumber = selectMrBox().value;
-  const form = selectForm();
-  const formError = getFormError(mrNumber, form);
-
-  if (formError) {
-    postError(formError, MR_ID);
-    return;
-  }
-
-  storeMR(mrNumber, state);
-  addForm(nextView(state, MR_ID));
-};
-
-export { addMr, mrForm, storeMR };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/note.js b/app/assets/javascripts/visual_review_toolbar/components/note.js
deleted file mode 100644
index 9cddcb710f2..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/note.js
+++ /dev/null
@@ -1,35 +0,0 @@
-import { NOTE, NOTE_CONTAINER, RED } from '../shared';
-import { selectById, selectNote, selectNoteContainer } from './utils';
-
-const note = `
-  <div id="${NOTE_CONTAINER}" style="visibility: hidden;">
-    <p id="${NOTE}" class="gitlab-message"></p>
-  </div>
-`;
-
-const clearNote = inputId => {
-  const currentNote = selectNote();
-  const noteContainer = selectNoteContainer();
-
-  currentNote.innerText = '';
-  currentNote.style.color = '';
-  noteContainer.style.visibility = 'hidden';
-
-  if (inputId) {
-    const field = document.getElementById(inputId);
-    field.style.borderColor = '';
-  }
-};
-
-const postError = (message, inputId) => {
-  const currentNote = selectNote();
-  const noteContainer = selectNoteContainer();
-  const field = selectById(inputId);
-  field.style.borderColor = RED;
-  currentNote.style.color = RED;
-  currentNote.innerText = message;
-  noteContainer.style.visibility = 'visible';
-  setTimeout(clearNote.bind(null, inputId), 5000);
-};
-
-export { clearNote, note, postError };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/utils.js b/app/assets/javascripts/visual_review_toolbar/components/utils.js
deleted file mode 100644
index 4ec9bd4a32a..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/utils.js
+++ /dev/null
@@ -1,51 +0,0 @@
-/* global document */
-
-import {
-  COLLAPSE_BUTTON,
-  COMMENT_BOX,
-  COMMENT_BUTTON,
-  FORM,
-  FORM_CONTAINER,
-  MR_ID,
-  NOTE,
-  NOTE_CONTAINER,
-  REMEMBER_ITEM,
-  REVIEW_CONTAINER,
-  TOKEN_BOX,
-} from '../shared';
-
-// this style must be applied inline in a handful of components
-/* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-const buttonClearStyles = `
-  -webkit-appearance: none;
-`;
-
-// selector functions to abstract out a little
-const selectById = id => document.getElementById(id);
-const selectCollapseButton = () => document.getElementById(COLLAPSE_BUTTON);
-const selectCommentBox = () => document.getElementById(COMMENT_BOX);
-const selectCommentButton = () => document.getElementById(COMMENT_BUTTON);
-const selectContainer = () => document.getElementById(REVIEW_CONTAINER);
-const selectForm = () => document.getElementById(FORM);
-const selectFormContainer = () => document.getElementById(FORM_CONTAINER);
-const selectMrBox = () => document.getElementById(MR_ID);
-const selectNote = () => document.getElementById(NOTE);
-const selectNoteContainer = () => document.getElementById(NOTE_CONTAINER);
-const selectRemember = () => document.getElementById(REMEMBER_ITEM);
-const selectToken = () => document.getElementById(TOKEN_BOX);
-
-export {
-  buttonClearStyles,
-  selectById,
-  selectCollapseButton,
-  selectContainer,
-  selectCommentBox,
-  selectCommentButton,
-  selectForm,
-  selectFormContainer,
-  selectMrBox,
-  selectNote,
-  selectNoteContainer,
-  selectRemember,
-  selectToken,
-};
diff --git a/app/assets/javascripts/visual_review_toolbar/components/wrapper.js b/app/assets/javascripts/visual_review_toolbar/components/wrapper.js
deleted file mode 100644
index fdf8ad7c41f..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/wrapper.js
+++ /dev/null
@@ -1,79 +0,0 @@
-import { CLEAR, FORM, FORM_CONTAINER, WHITE } from '../shared';
-import {
-  selectCollapseButton,
-  selectForm,
-  selectFormContainer,
-  selectNoteContainer,
-} from './utils';
-import { collapseButton, commentIcon, compressIcon } from './wrapper_icons';
-
-const form = content => `
-  <form id="${FORM}" novalidate>
-    ${content}
-  </form>
-`;
-
-const buttonAndForm = content => `
-  <div id="${FORM_CONTAINER}" class="gitlab-form-open">
-    ${collapseButton}
-    ${form(content)}
-  </div>
-`;
-
-const addForm = nextForm => {
-  const formWrapper = selectForm();
-  formWrapper.innerHTML = nextForm;
-};
-
-function toggleForm() {
-  const toggleButton = selectCollapseButton();
-  const currentForm = selectForm();
-  const formContainer = selectFormContainer();
-  const noteContainer = selectNoteContainer();
-  const OPEN = 'open';
-  const CLOSED = 'closed';
-
-  /*
-    You may wonder why we spread the arrays before we reverse them.
-    In the immortal words of MDN,
-    Careful: reverse is destructive. It also changes the original array
-  */
-
-  const openButtonClasses = ['gitlab-collapse-closed', 'gitlab-collapse-open'];
-  const closedButtonClasses = [...openButtonClasses].reverse();
-  const openContainerClasses = ['gitlab-wrapper-closed', 'gitlab-wrapper-open'];
-  const closedContainerClasses = [...openContainerClasses].reverse();
-
-  const stateVals = {
-    [OPEN]: {
-      buttonClasses: openButtonClasses,
-      containerClasses: openContainerClasses,
-      icon: compressIcon,
-      display: 'flex',
-      backgroundColor: WHITE,
-    },
-    [CLOSED]: {
-      buttonClasses: closedButtonClasses,
-      containerClasses: closedContainerClasses,
-      icon: commentIcon,
-      display: 'none',
-      backgroundColor: CLEAR,
-    },
-  };
-
-  const nextState = toggleButton.classList.contains('gitlab-collapse-open') ? CLOSED : OPEN;
-  const currentVals = stateVals[nextState];
-
-  formContainer.classList.replace(...currentVals.containerClasses);
-  formContainer.style.backgroundColor = currentVals.backgroundColor;
-  formContainer.classList.toggle('gitlab-form-open');
-  currentForm.style.display = currentVals.display;
-  toggleButton.classList.replace(...currentVals.buttonClasses);
-  toggleButton.innerHTML = currentVals.icon;
-
-  if (noteContainer && noteContainer.innerText.length > 0) {
-    noteContainer.style.display = currentVals.display;
-  }
-}
-
-export { addForm, buttonAndForm, toggleForm };
diff --git a/app/assets/javascripts/visual_review_toolbar/components/wrapper_icons.js b/app/assets/javascripts/visual_review_toolbar/components/wrapper_icons.js
deleted file mode 100644
index b686fd4f5c2..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/components/wrapper_icons.js
+++ /dev/null
@@ -1,15 +0,0 @@
-import { buttonClearStyles } from './utils';
-
-const commentIcon = `
-  <svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><title>icn/comment</title><path d="M4 11.132l1.446-.964A1 1 0 0 1 6 10h5a1 1 0 0 0 1-1V5a1 1 0 0 0-1-1H5a1 1 0 0 0-1 1v6.132zM6.303 12l-2.748 1.832A1 1 0 0 1 2 13V5a3 3 0 0 1 3-3h6a3 3 0 0 1 3 3v4a3 3 0 0 1-3 3H6.303z" id="gitlab-comment-icon"/></svg>
-`;
-
-const compressIcon = `
-  <svg width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><title>icn/compress</title><path d="M5.27 12.182l-1.562 1.561a1 1 0 0 1-1.414 0h-.001a1 1 0 0 1 0-1.415l1.56-1.56L2.44 9.353a.5.5 0 0 1 .353-.854H7.09a.5.5 0 0 1 .5.5v4.294a.5.5 0 0 1-.853.353l-1.467-1.465zm6.911-6.914l1.464 1.464a.5.5 0 0 1-.353.854H8.999a.5.5 0 0 1-.5-.5V2.793a.5.5 0 0 1 .854-.354l1.414 1.415 1.56-1.561a1 1 0 1 1 1.415 1.414l-1.561 1.56z" id="gitlab-compress-icon"/></svg>
-`;
-
-const collapseButton = `
-  <button id='gitlab-collapse' style='${buttonClearStyles}' class='gitlab-button gitlab-button-secondary gitlab-collapse gitlab-collapse-open'>${compressIcon}</button>
-`;
-
-export { commentIcon, compressIcon, collapseButton };
diff --git a/app/assets/javascripts/visual_review_toolbar/index.js b/app/assets/javascripts/visual_review_toolbar/index.js
deleted file mode 100644
index 67b3fadd772..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/index.js
+++ /dev/null
@@ -1,51 +0,0 @@
-import './styles/toolbar.css';
-
-import { buttonAndForm, note, selectForm, selectContainer } from './components';
-import { REVIEW_CONTAINER } from './shared';
-import { eventLookup, getInitialView, initializeGlobalListeners, initializeState } from './store';
-
-/*
-
-  Welcome to the visual review toolbar files. A few useful notes:
-
-  - These files build a static script that is served from our webpack
-    assets folder. (https://gitlab.com/assets/webpack/visual_review_toolbar.js)
-
-  - To compile this file, run `yarn webpack-vrt`.
-
-  - Vue is not used in these files because we do not want to ask users to
-    install another library at this time. It's all pure vanilla javascript.
-
-*/
-
-window.addEventListener('load', () => {
-  initializeState(window, document);
-
-  const mainContent = buttonAndForm(getInitialView());
-  const container = document.createElement('div');
-  container.setAttribute('id', REVIEW_CONTAINER);
-  container.insertAdjacentHTML('beforeend', note);
-  container.insertAdjacentHTML('beforeend', mainContent);
-
-  document.body.insertBefore(container, document.body.firstChild);
-
-  selectContainer().addEventListener('click', event => {
-    eventLookup(event.target.id)();
-  });
-
-  selectForm().addEventListener('submit', event => {
-    // this is important to prevent the form from adding data
-    // as URL params and inadvertently revealing secrets
-    event.preventDefault();
-
-    const id =
-      event.target.querySelector('.gitlab-button-wrapper') &&
-      event.target.querySelector('.gitlab-button-wrapper').getElementsByTagName('button')[0] &&
-      event.target.querySelector('.gitlab-button-wrapper').getElementsByTagName('button')[0].id;
-
-    // even if this is called with false, it's ok; it will get the default no-op
-    eventLookup(id)();
-  });
-
-  initializeGlobalListeners();
-});
diff --git a/app/assets/javascripts/visual_review_toolbar/shared/constants.js b/app/assets/javascripts/visual_review_toolbar/shared/constants.js
deleted file mode 100644
index 0d5b666ab0a..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/shared/constants.js
+++ /dev/null
@@ -1,56 +0,0 @@
-// component selectors
-const CHANGE_MR_ID_BUTTON = 'gitlab-change-mr';
-const COLLAPSE_BUTTON = 'gitlab-collapse';
-const COMMENT_BOX = 'gitlab-comment';
-const COMMENT_BUTTON = 'gitlab-comment-button';
-const FORM = 'gitlab-form';
-const FORM_CONTAINER = 'gitlab-form-wrapper';
-const LOGIN = 'gitlab-login-button';
-const LOGOUT = 'gitlab-logout-button';
-const MR_ID = 'gitlab-submit-mr';
-const MR_ID_BUTTON = 'gitlab-submit-mr-button';
-const NOTE = 'gitlab-validation-note';
-const NOTE_CONTAINER = 'gitlab-note-wrapper';
-const REMEMBER_ITEM = 'gitlab-remember-item';
-const REVIEW_CONTAINER = 'gitlab-review-container';
-const TOKEN_BOX = 'gitlab-token';
-
-// Storage keys
-const STORAGE_PREFIX = '--gitlab'; // Using `--` to make the prefix more unique
-const STORAGE_MR_ID = `${STORAGE_PREFIX}-merge-request-id`;
-const STORAGE_TOKEN = `${STORAGE_PREFIX}-token`;
-const STORAGE_COMMENT = `${STORAGE_PREFIX}-comment`;
-
-// colors — these are applied programmatically
-// rest of styles belong in ./styles
-const BLACK = 'rgba(46, 46, 46, 1)';
-const CLEAR = 'rgba(255, 255, 255, 0)';
-const MUTED = 'rgba(223, 223, 223, 0.5)';
-const RED = 'rgba(219, 59, 33, 1)';
-const WHITE = 'rgba(250, 250, 250, 1)';
-
-export {
-  CHANGE_MR_ID_BUTTON,
-  COLLAPSE_BUTTON,
-  COMMENT_BOX,
-  COMMENT_BUTTON,
-  FORM,
-  FORM_CONTAINER,
-  LOGIN,
-  LOGOUT,
-  MR_ID,
-  MR_ID_BUTTON,
-  NOTE,
-  NOTE_CONTAINER,
-  REMEMBER_ITEM,
-  REVIEW_CONTAINER,
-  TOKEN_BOX,
-  STORAGE_MR_ID,
-  STORAGE_TOKEN,
-  STORAGE_COMMENT,
-  BLACK,
-  CLEAR,
-  MUTED,
-  RED,
-  WHITE,
-};
diff --git a/app/assets/javascripts/visual_review_toolbar/shared/index.js b/app/assets/javascripts/visual_review_toolbar/shared/index.js
deleted file mode 100644
index d8ccb170592..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/shared/index.js
+++ /dev/null
@@ -1,55 +0,0 @@
-import {
-  CHANGE_MR_ID_BUTTON,
-  COLLAPSE_BUTTON,
-  COMMENT_BOX,
-  COMMENT_BUTTON,
-  FORM,
-  FORM_CONTAINER,
-  LOGIN,
-  LOGOUT,
-  MR_ID,
-  MR_ID_BUTTON,
-  NOTE,
-  NOTE_CONTAINER,
-  REMEMBER_ITEM,
-  REVIEW_CONTAINER,
-  TOKEN_BOX,
-  STORAGE_MR_ID,
-  STORAGE_TOKEN,
-  STORAGE_COMMENT,
-  BLACK,
-  CLEAR,
-  MUTED,
-  RED,
-  WHITE,
-} from './constants';
-
-import { localStorage, sessionStorage } from './storage_utils';
-
-export {
-  localStorage,
-  sessionStorage,
-  CHANGE_MR_ID_BUTTON,
-  COLLAPSE_BUTTON,
-  COMMENT_BOX,
-  COMMENT_BUTTON,
-  FORM,
-  FORM_CONTAINER,
-  LOGIN,
-  LOGOUT,
-  MR_ID,
-  MR_ID_BUTTON,
-  NOTE,
-  NOTE_CONTAINER,
-  REMEMBER_ITEM,
-  REVIEW_CONTAINER,
-  TOKEN_BOX,
-  STORAGE_MR_ID,
-  STORAGE_TOKEN,
-  STORAGE_COMMENT,
-  BLACK,
-  CLEAR,
-  MUTED,
-  RED,
-  WHITE,
-};
diff --git a/app/assets/javascripts/visual_review_toolbar/shared/storage_utils.js b/app/assets/javascripts/visual_review_toolbar/shared/storage_utils.js
deleted file mode 100644
index 00456d3536e..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/shared/storage_utils.js
+++ /dev/null
@@ -1,42 +0,0 @@
-import { setUsingGracefulStorageFlag } from '../store/state';
-
-const TEST_KEY = 'gitlab-storage-test';
-
-const createStorageStub = () => {
-  const items = {};
-
-  return {
-    getItem(key) {
-      return items[key];
-    },
-    setItem(key, value) {
-      items[key] = value;
-    },
-    removeItem(key) {
-      delete items[key];
-    },
-  };
-};
-
-const hasStorageSupport = storage => {
-  // Support test taken from https://stackoverflow.com/a/11214467/1708147
-  try {
-    storage.setItem(TEST_KEY, TEST_KEY);
-    storage.removeItem(TEST_KEY);
-    setUsingGracefulStorageFlag(true);
-
-    return true;
-  } catch (err) {
-    setUsingGracefulStorageFlag(false);
-    return false;
-  }
-};
-
-const useGracefulStorage = storage =>
-  // If a browser does not support local storage, let's return a graceful implementation.
-  hasStorageSupport(storage) ? storage : createStorageStub();
-
-const localStorage = useGracefulStorage(window.localStorage);
-const sessionStorage = useGracefulStorage(window.sessionStorage);
-
-export { localStorage, sessionStorage };
diff --git a/app/assets/javascripts/visual_review_toolbar/store/events.js b/app/assets/javascripts/visual_review_toolbar/store/events.js
deleted file mode 100644
index c9095c77ef1..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/store/events.js
+++ /dev/null
@@ -1,73 +0,0 @@
-import {
-  addMr,
-  authorizeUser,
-  changeSelectedMr,
-  logoutUser,
-  postComment,
-  saveComment,
-  toggleForm,
-} from '../components';
-
-import {
-  CHANGE_MR_ID_BUTTON,
-  COLLAPSE_BUTTON,
-  COMMENT_BUTTON,
-  LOGIN,
-  LOGOUT,
-  MR_ID_BUTTON,
-} from '../shared';
-
-import { state } from './state';
-import debounce from './utils';
-
-const noop = () => {};
-
-// State needs to be bound here to be acted on
-// because these are called by click events and
-// as such are called with only the `event` object
-const eventLookup = id => {
-  switch (id) {
-    case CHANGE_MR_ID_BUTTON:
-      return () => {
-        saveComment();
-        changeSelectedMr(state);
-      };
-    case COLLAPSE_BUTTON:
-      return toggleForm;
-    case COMMENT_BUTTON:
-      return postComment.bind(null, state);
-    case LOGIN:
-      return authorizeUser.bind(null, state);
-    case LOGOUT:
-      return () => {
-        saveComment();
-        logoutUser(state);
-      };
-    case MR_ID_BUTTON:
-      return addMr.bind(null, state);
-    default:
-      return noop;
-  }
-};
-
-const updateWindowSize = wind => {
-  state.innerWidth = wind.innerWidth;
-  state.innerHeight = wind.innerHeight;
-};
-
-const initializeGlobalListeners = () => {
-  window.addEventListener('resize', debounce(updateWindowSize.bind(null, window), 200));
-  window.addEventListener('beforeunload', event => {
-    if (state.usingGracefulStorage) {
-      // if there is no browser storage support, reloading will lose the comment; this way, the user will be warned
-      // we assign the return value because it is required by Chrome see: https://developer.mozilla.org/en-US/docs/Web/API/WindowEventHandlers/onbeforeunload#Example,
-      event.preventDefault();
-      /* eslint-disable-next-line no-param-reassign */
-      event.returnValue = '';
-    }
-
-    saveComment();
-  });
-};
-
-export { eventLookup, initializeGlobalListeners };
diff --git a/app/assets/javascripts/visual_review_toolbar/store/index.js b/app/assets/javascripts/visual_review_toolbar/store/index.js
deleted file mode 100644
index 07c8dd6f1d2..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/store/index.js
+++ /dev/null
@@ -1,11 +0,0 @@
-import { eventLookup, initializeGlobalListeners } from './events';
-import { nextView, getInitialView, initializeState, setUsingGracefulStorageFlag } from './state';
-
-export {
-  eventLookup,
-  getInitialView,
-  initializeGlobalListeners,
-  initializeState,
-  nextView,
-  setUsingGracefulStorageFlag,
-};
diff --git a/app/assets/javascripts/visual_review_toolbar/store/state.js b/app/assets/javascripts/visual_review_toolbar/store/state.js
deleted file mode 100644
index b7853bb0723..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/store/state.js
+++ /dev/null
@@ -1,95 +0,0 @@
-import { comment, login, mrForm } from '../components';
-import { localStorage, COMMENT_BOX, LOGIN, MR_ID, STORAGE_MR_ID, STORAGE_TOKEN } from '../shared';
-
-const state = {
-  browser: '',
-  usingGracefulStorage: '',
-  innerWidth: '',
-  innerHeight: '',
-  mergeRequestId: '',
-  mrUrl: '',
-  platform: '',
-  projectId: '',
-  userAgent: '',
-  token: '',
-};
-
-// adapted from https://developer.mozilla.org/en-US/docs/Web/API/Window/navigator#Example_2_Browser_detect_and_return_an_index
-const getBrowserId = sUsrAg => {
-  /* eslint-disable-next-line @gitlab/i18n/no-non-i18n-strings */
-  const aKeys = ['MSIE', 'Edge', 'Firefox', 'Safari', 'Chrome', 'Opera'];
-  let nIdx = aKeys.length - 1;
-
-  for (nIdx; nIdx > -1 && sUsrAg.indexOf(aKeys[nIdx]) === -1; nIdx -= 1);
-  return aKeys[nIdx];
-};
-
-const nextView = (appState, form = 'none') => {
-  const formsList = {
-    [COMMENT_BOX]: currentState => (currentState.token ? mrForm : login),
-    [LOGIN]: currentState => (currentState.mergeRequestId ? comment(currentState) : mrForm),
-    [MR_ID]: currentState => (currentState.token ? comment(currentState) : login),
-    none: currentState => {
-      if (!currentState.token) {
-        return login;
-      }
-
-      if (currentState.token && !currentState.mergeRequestId) {
-        return mrForm;
-      }
-
-      return comment(currentState);
-    },
-  };
-
-  return formsList[form](appState);
-};
-
-const initializeState = (wind, doc) => {
-  const {
-    innerWidth,
-    innerHeight,
-    navigator: { platform, userAgent },
-  } = wind;
-
-  const browser = getBrowserId(userAgent);
-
-  const scriptEl = doc.getElementById('review-app-toolbar-script');
-  const { projectId, mergeRequestId, mrUrl, projectPath } = scriptEl.dataset;
-
-  // This mutates our default state object above. It's weird but it makes the linter happy.
-  Object.assign(state, {
-    browser,
-    innerWidth,
-    innerHeight,
-    mergeRequestId,
-    mrUrl,
-    platform,
-    projectId,
-    projectPath,
-    userAgent,
-  });
-
-  return state;
-};
-
-const getInitialView = () => {
-  const token = localStorage.getItem(STORAGE_TOKEN);
-  const mrId = localStorage.getItem(STORAGE_MR_ID);
-
-  if (token) {
-    state.token = token;
-  }
-
-  if (mrId) {
-    state.mergeRequestId = mrId;
-  }
-
-  return nextView(state);
-};
-
-const setUsingGracefulStorageFlag = flag => {
-  state.usingGracefulStorage = !flag;
-};
-
-export { initializeState, getInitialView, nextView, setUsingGracefulStorageFlag, state };
diff --git a/app/assets/javascripts/visual_review_toolbar/store/utils.js b/app/assets/javascripts/visual_review_toolbar/store/utils.js
deleted file mode 100644
index 5cf145351b3..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/store/utils.js
+++ /dev/null
@@ -1,15 +0,0 @@
-const debounce = (fn, time) => {
-  let current;
-
-  const debounced = () => {
-    if (current) {
-      clearTimeout(current);
-    }
-
-    current = setTimeout(fn, time);
-  };
-
-  return debounced;
-};
-
-export default debounce;
diff --git a/app/assets/javascripts/visual_review_toolbar/styles/toolbar.css b/app/assets/javascripts/visual_review_toolbar/styles/toolbar.css
deleted file mode 100644
index d1a8d66ef40..00000000000
--- a/app/assets/javascripts/visual_review_toolbar/styles/toolbar.css
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-  As a standalone script, the toolbar has its own css
- */
-
-#gitlab-collapse > * {
-  pointer-events: none;
-}
-
-#gitlab-comment {
-  background-color: #fafafa;
-}
-
-#gitlab-form {
-  display: flex;
-  flex-direction: column;
-  width: 100%;
-  margin-bottom: 0;
-}
-
-#gitlab-note-wrapper {
-  display: flex;
-  flex-direction: column;
-  background-color: #fafafa;
-  border-radius: 4px;
-  margin-bottom: .5rem;
-  padding: 1rem;
-}
-
-#gitlab-form-wrapper {
-  overflow: auto;
-  display: flex;
-  flex-direction: row-reverse;
-  border-radius: 4px;
-}
-
-#gitlab-review-container {
-  max-width: 22rem;
-  max-height: 22rem;
-  overflow: auto;
-  display: flex;
-  flex-direction: column;
-  position: fixed;
-  bottom: 1rem;
-  right: 1rem;
-  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, Cantarell,
-  'Helvetica Neue', sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol',
-  'Noto Color Emoji';
-  font-size: .8rem;
-  font-weight: 400;
-  color: #2e2e2e;
-  z-index: 9999; /* toolbar should always be on top */
-}
-
-.gitlab-wrapper-open {
-  max-width: 22rem;
-  max-height: 22rem;
-}
-
-.gitlab-wrapper-closed {
-  max-width: 3.4rem;
-  max-height: 3.4rem;
-}
-
-.gitlab-button {
-  cursor: pointer;
-  transition: background-color 100ms linear, border-color 100ms linear, color 100ms linear, box-shadow 100ms linear;
-}
-
-.gitlab-button-secondary {
-  background: none #fafafa;
-  margin: 0 .5rem;
-  border: 1px solid #e3e3e3;
-}
-
-.gitlab-button-secondary:hover {
-  background-color: #f0f0f0;
-  border-color: #e3e3e3;
-  color: #2e2e2e;
-}
-
-.gitlab-button-secondary:active {
-  color: #2e2e2e;
-  background-color: #e1e1e1;
-  border-color: #dadada;
-}
-
-.gitlab-button-success:hover {
-  color: #fff;
-  background-color: #137e3f;
-  border-color: #127339;
-}
-
-.gitlab-button-success:active {
-  background-color: #168f48;
-  border-color: #12753a;
-  color: #fff;
-}
-
-.gitlab-button-success {
-  background-color: #1aaa55;
-  border: 1px solid #168f48;
-  color: #fff;
-}
-
-.gitlab-button-wide {
-  width: 100%;
-}
-
-.gitlab-button-wrapper {
-  margin-top: 0.5rem;
-  display: flex;
-  align-items: baseline;
-  /*
-    this makes sure the hit enter to submit picks the correct button
-    on the comment view
-   */
-  flex-direction: row-reverse;
-}
-
-.gitlab-collapse {
-  width: 2.4rem;
-  height: 2.2rem;
-  margin-left: 1rem;
-  padding: .5rem;
-}
-
-.gitlab-collapse-closed {
-  align-self: center;
-}
-
-.gitlab-checkbox-label {
-  padding: 0 .2rem;
-}
-
-.gitlab-checkbox-wrapper {
-  display: flex;
-  align-items: baseline;
-}
-
-.gitlab-form-open {
-  padding: 1rem;
-  background-color: #fafafa;
-}
-
-.gitlab-label {
-  font-weight: 600;
-  display: inline-block;
-  width: 100%;
-}
-
-.gitlab-link {
-  color: #1b69b6;
-  text-decoration: none;
-  background-color: transparent;
-  background-image: none;
-}
-
-.gitlab-link:hover {
-  text-decoration: underline;
-}
-
-.gitlab-link-button {
-  border: none;
-  cursor: pointer;
-  padding: 0 .15rem;
-}
-
-.gitlab-message {
-  padding: .25rem 0;
-  margin: 0;
-  line-height: 1.2rem;
-}
-
-.gitlab-metadata-note {
-  font-size: .7rem;
-  line-height: 1rem;
-  color: #666;
-  margin-bottom: .5rem;
-}
-
-.gitlab-input {
-  width: 100%;
-  border: 1px solid #dfdfdf;
-  border-radius: 4px;
-  padding: .1rem .2rem;
-  min-height: 2rem;
-  max-width: 17rem;
-}
-- 
cgit v1.2.1


From 60e33885269bdae71e9710b17f199708b9b7c9e0 Mon Sep 17 00:00:00 2001
From: Adam Hegyi <ahegyi@gitlab.com>
Date: Fri, 23 Aug 2019 20:28:11 +0000
Subject: Implement validation logic to ProjectStage

- Introducting StageEvents to define the available events
- Define the event pairing rules, since some events are not compatible
- Express default Cycle Analytics stages with the event structure
---
 .../analytics/cycle_analytics/project_stage.rb     |  5 ++
 .../concerns/analytics/cycle_analytics/stage.rb    | 68 ++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 app/models/concerns/analytics/cycle_analytics/stage.rb

(limited to 'app')

diff --git a/app/models/analytics/cycle_analytics/project_stage.rb b/app/models/analytics/cycle_analytics/project_stage.rb
index 88c8cb40ccb..a312bd24e78 100644
--- a/app/models/analytics/cycle_analytics/project_stage.rb
+++ b/app/models/analytics/cycle_analytics/project_stage.rb
@@ -3,7 +3,12 @@
 module Analytics
   module CycleAnalytics
     class ProjectStage < ApplicationRecord
+      include Analytics::CycleAnalytics::Stage
+
+      validates :project, presence: true
       belongs_to :project
+
+      alias_attribute :parent, :project
     end
   end
 end
diff --git a/app/models/concerns/analytics/cycle_analytics/stage.rb b/app/models/concerns/analytics/cycle_analytics/stage.rb
new file mode 100644
index 00000000000..0c603c2d5e6
--- /dev/null
+++ b/app/models/concerns/analytics/cycle_analytics/stage.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Analytics
+  module CycleAnalytics
+    module Stage
+      extend ActiveSupport::Concern
+
+      included do
+        validates :name, presence: true
+        validates :start_event_identifier, presence: true
+        validates :end_event_identifier, presence: true
+        validate :validate_stage_event_pairs
+
+        enum start_event_identifier: Gitlab::Analytics::CycleAnalytics::StageEvents.to_enum, _prefix: :start_event_identifier
+        enum end_event_identifier: Gitlab::Analytics::CycleAnalytics::StageEvents.to_enum, _prefix: :end_event_identifier
+
+        alias_attribute :custom_stage?, :custom
+      end
+
+      def parent=(_)
+        raise NotImplementedError
+      end
+
+      def parent
+        raise NotImplementedError
+      end
+
+      def start_event
+        Gitlab::Analytics::CycleAnalytics::StageEvents[start_event_identifier].new(params_for_start_event)
+      end
+
+      def end_event
+        Gitlab::Analytics::CycleAnalytics::StageEvents[end_event_identifier].new(params_for_end_event)
+      end
+
+      def params_for_start_event
+        {}
+      end
+
+      def params_for_end_event
+        {}
+      end
+
+      def default_stage?
+        !custom
+      end
+
+      # The model that is going to be queried, Issue or MergeRequest
+      def subject_model
+        start_event.object_type
+      end
+
+      private
+
+      def validate_stage_event_pairs
+        return if start_event_identifier.nil? || end_event_identifier.nil?
+
+        unless pairing_rules.fetch(start_event.class, []).include?(end_event.class)
+          errors.add(:end_event, :not_allowed_for_the_given_start_event)
+        end
+      end
+
+      def pairing_rules
+        Gitlab::Analytics::CycleAnalytics::StageEvents.pairing_rules
+      end
+    end
+  end
+end
-- 
cgit v1.2.1


From 29e60b0643ca5451919df233a9aeb4825779e846 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 23 Aug 2019 13:53:02 -0700
Subject: Remove N+1 SQL query loading project feature in dashboard

Projects that have a pipeline may need to check whether the user has
permission to read the build (`can?(current_user, :read_build,
project)`), which requires checking the `project_features` table.
This would cause an N+1 SQL query for each project.

This change also has a beneficial side effect that may avoid a race
condition. When a user deletes a project, the project is queued for
deletion and the user is redirected back to the dashboard page. However,
the following may happen:

1. The dashboard page may load this deleted project in the list of
20 projects.
2. The view will load the project pipeline status from the cache and
attempt to show each project.
3. When the view encounters the deleted project, it calls
`can?(current_user, :read_build, project)` to determine whether to
display the pipeline status.
4. Sidekiq deletes the project from the database.
5. However, since the deleted project is still loaded in memory, it will
attempt to call `project.project_feature.access_level`.
6. Since `project_feature` was not eager loaded, a lazy `SELECT` call is
made to the database.
7. This `SELECT` call returns nothing, and the user sees a 500 error.

By eager loading `project_feature`, we can ensure that we have a
consistent view and avoid records from being deleted later.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
---
 app/controllers/dashboard/projects_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb
index 71f18694613..1dc89943f7f 100644
--- a/app/controllers/dashboard/projects_controller.rb
+++ b/app/controllers/dashboard/projects_controller.rb
@@ -70,6 +70,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
                 .new(params: finder_params, current_user: current_user)
                 .execute
                 .includes(:route, :creator, :group, namespace: [:route, :owner])
+                .preload(:project_feature)
                 .page(finder_params[:page])
 
     prepare_projects_for_rendering(projects)
-- 
cgit v1.2.1


From f093ceb4a0b15420cfe64fa9d97e73531b5fb35c Mon Sep 17 00:00:00 2001
From: Scott Hampton <shampton@gitlab.com>
Date: Fri, 23 Aug 2019 21:28:46 +0000
Subject: Change misleading pipeline status tooltip

Some pipeline status icon tooltips were showing
"Commit: ..." which customers found to be
misleading since it was not the commit that was
failing but the pipeline.

We are changing all status icon tooltips to say
"Pipeline: ..." instead of "Commit: ..." now.
---
 .../projects/tree/components/commit_pipeline_status_component.vue     | 4 +++-
 app/helpers/ci_status_helper.rb                                       | 3 +--
 app/views/ci/status/_icon.html.haml                                   | 3 ---
 app/views/shared/projects/_project.html.haml                          | 2 +-
 4 files changed, 5 insertions(+), 7 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/projects/tree/components/commit_pipeline_status_component.vue b/app/assets/javascripts/projects/tree/components/commit_pipeline_status_component.vue
index 03281aa1317..12ee1ce2f0c 100644
--- a/app/assets/javascripts/projects/tree/components/commit_pipeline_status_component.vue
+++ b/app/assets/javascripts/projects/tree/components/commit_pipeline_status_component.vue
@@ -38,7 +38,9 @@ export default {
   },
   computed: {
     statusTitle() {
-      return sprintf(s__('Commits|Commit: %{commitText}'), { commitText: this.ciStatus.text });
+      return sprintf(s__('PipelineStatusTooltip|Pipeline: %{ciStatus}'), {
+        ciStatus: this.ciStatus.text,
+      });
     },
   },
   mounted() {
diff --git a/app/helpers/ci_status_helper.rb b/app/helpers/ci_status_helper.rb
index f2b5b82b013..144df676304 100644
--- a/app/helpers/ci_status_helper.rb
+++ b/app/helpers/ci_status_helper.rb
@@ -105,14 +105,13 @@ module CiStatusHelper
     path = pipelines_project_commit_path(project, commit, ref: ref)
 
     render_status_with_link(
-      'commit',
       commit.status(ref),
       path,
       tooltip_placement: tooltip_placement,
       icon_size: 24)
   end
 
-  def render_status_with_link(type, status, path = nil, tooltip_placement: 'left', cssclass: '', container: 'body', icon_size: 16)
+  def render_status_with_link(status, path = nil, type: _('pipeline'), tooltip_placement: 'left', cssclass: '', container: 'body', icon_size: 16)
     klass = "ci-status-link ci-status-icon-#{status.dasherize} d-inline-flex #{cssclass}"
     title = "#{type.titleize}: #{ci_label_for_status(status)}"
     data = { toggle: 'tooltip', placement: tooltip_placement, container: container }
diff --git a/app/views/ci/status/_icon.html.haml b/app/views/ci/status/_icon.html.haml
index 1249b98221f..fdaacb732c7 100644
--- a/app/views/ci/status/_icon.html.haml
+++ b/app/views/ci/status/_icon.html.haml
@@ -1,13 +1,10 @@
 - status             = local_assigns.fetch(:status)
 - size               = local_assigns.fetch(:size, 16)
-- type               = local_assigns.fetch(:type, 'pipeline')
 - tooltip_placement  = local_assigns.fetch(:tooltip_placement, "left")
 - path               = local_assigns.fetch(:path, status.has_details? ? status.details_path : nil)
 - option_css_classes = local_assigns.fetch(:option_css_classes, '')
 - css_classes       = "ci-status-link ci-status-icon ci-status-icon-#{status.group} has-tooltip #{option_css_classes}"
 - title             = s_("PipelineStatusTooltip|Pipeline: %{ci_status}") % {ci_status: status.label}
-- if type == 'commit'
-  - title = s_("PipelineStatusTooltip|Commit: %{ci_status}") % {ci_status: status.label}
 
 - if path
   = link_to path, class: css_classes, title: title, data: { placement: tooltip_placement } do
diff --git a/app/views/shared/projects/_project.html.haml b/app/views/shared/projects/_project.html.haml
index b7474d891dc..573ed36d7f4 100644
--- a/app/views/shared/projects/_project.html.haml
+++ b/app/views/shared/projects/_project.html.haml
@@ -89,7 +89,7 @@
           - if pipeline_status && can?(current_user, :read_cross_project) && project.pipeline_status.has_status? && can?(current_user, :read_build, project)
             - pipeline_path = pipelines_project_commit_path(project.pipeline_status.project, project.pipeline_status.sha, ref: project.pipeline_status.ref)
             %span.icon-wrapper.pipeline-status
-              = render 'ci/status/icon', status: project.commit.last_pipeline.detailed_status(current_user), type: 'commit', tooltip_placement: 'top', path: pipeline_path
+              = render 'ci/status/icon', status: project.commit.last_pipeline.detailed_status(current_user), tooltip_placement: 'top', path: pipeline_path
         .updated-note
           %span
             = _('Updated')
-- 
cgit v1.2.1


From 2515c0cd44db9e14ebea9a9218b05853b9afcaad Mon Sep 17 00:00:00 2001
From: Reuben Pereira <rpereira@gitlab.com>
Date: Fri, 23 Aug 2019 22:27:41 +0000
Subject: Add a link to docs in project description

Add to the service and migration both.
---
 .../self_monitoring/project/create_service.rb      | 219 ---------------------
 1 file changed, 219 deletions(-)
 delete mode 100644 app/services/self_monitoring/project/create_service.rb

(limited to 'app')

diff --git a/app/services/self_monitoring/project/create_service.rb b/app/services/self_monitoring/project/create_service.rb
deleted file mode 100644
index c925c6a1610..00000000000
--- a/app/services/self_monitoring/project/create_service.rb
+++ /dev/null
@@ -1,219 +0,0 @@
-# frozen_string_literal: true
-
-module SelfMonitoring
-  module Project
-    class CreateService < ::BaseService
-      include Stepable
-      include Gitlab::Utils::StrongMemoize
-
-      VISIBILITY_LEVEL = Gitlab::VisibilityLevel::INTERNAL
-      PROJECT_NAME = 'GitLab Instance Administration'
-      PROJECT_DESCRIPTION = <<~HEREDOC
-        This project is automatically generated and will be used to help monitor this GitLab instance.
-      HEREDOC
-
-      GROUP_NAME = 'GitLab Instance Administrators'
-      GROUP_PATH = 'gitlab-instance-administrators'
-
-      steps :validate_admins,
-        :create_group,
-        :create_project,
-        :save_project_id,
-        :add_group_members,
-        :add_to_whitelist,
-        :add_prometheus_manual_configuration
-
-      def initialize
-        super(nil)
-      end
-
-      def execute
-        execute_steps
-      end
-
-      private
-
-      def validate_admins
-        unless instance_admins.any?
-          log_error('No active admin user found')
-          return error('No active admin user found')
-        end
-
-        success
-      end
-
-      def create_group
-        if project_created?
-          log_info(_('Instance administrators group already exists'))
-          @group = application_settings.instance_administration_project.owner
-          return success(group: @group)
-        end
-
-        admin_user = group_owner
-        @group = ::Groups::CreateService.new(admin_user, create_group_params).execute
-
-        if @group.persisted?
-          success(group: @group)
-        else
-          error('Could not create group')
-        end
-      end
-
-      def create_project
-        if project_created?
-          log_info(_('Instance administration project already exists'))
-          @project = application_settings.instance_administration_project
-          return success(project: project)
-        end
-
-        admin_user = group_owner
-        @project = ::Projects::CreateService.new(admin_user, create_project_params).execute
-
-        if project.persisted?
-          success(project: project)
-        else
-          log_error(_("Could not create instance administration project. Errors: %{errors}") % { errors: project.errors.full_messages })
-          error(_('Could not create project'))
-        end
-      end
-
-      def save_project_id
-        return success if project_created?
-
-        result = ApplicationSettings::UpdateService.new(
-          application_settings,
-          group_owner,
-          { instance_administration_project_id: @project.id }
-        ).execute
-
-        if result
-          success
-        else
-          log_error(_("Could not save instance administration project ID, errors: %{errors}") % { errors: application_settings.errors.full_messages })
-          error(_('Could not save project ID'))
-        end
-      end
-
-      def add_group_members
-        members = @group.add_users(group_maintainers, Gitlab::Access::MAINTAINER)
-        errors = members.flat_map { |member| member.errors.full_messages }
-
-        if errors.any?
-          log_error("Could not add admins as members to self-monitoring project. Errors: #{errors}")
-          error('Could not add admins as members')
-        else
-          success
-        end
-      end
-
-      def add_to_whitelist
-        return success unless prometheus_enabled?
-        return success unless prometheus_listen_address.present?
-
-        uri = parse_url(internal_prometheus_listen_address_uri)
-        return error(_('Prometheus listen_address is not a valid URI')) unless uri
-
-        result = ApplicationSettings::UpdateService.new(
-          application_settings,
-          group_owner,
-          add_to_outbound_local_requests_whitelist: [uri.normalized_host]
-        ).execute
-
-        if result
-          success
-        else
-          log_error(_("Could not add prometheus URL to whitelist, errors: %{errors}") % { errors: application_settings.errors.full_messages })
-          error(_('Could not add prometheus URL to whitelist'))
-        end
-      end
-
-      def add_prometheus_manual_configuration
-        return success unless prometheus_enabled?
-        return success unless prometheus_listen_address.present?
-
-        service = project.find_or_initialize_service('prometheus')
-
-        unless service.update(prometheus_service_attributes)
-          log_error("Could not save prometheus manual configuration for self-monitoring project. Errors: #{service.errors.full_messages}")
-          return error('Could not save prometheus manual configuration')
-        end
-
-        success
-      end
-
-      def application_settings
-        strong_memoize(:application_settings) do
-          Gitlab::CurrentSettings.expire_current_application_settings
-          Gitlab::CurrentSettings.current_application_settings
-        end
-      end
-
-      def project_created?
-        application_settings.instance_administration_project.present?
-      end
-
-      def parse_url(uri_string)
-        Addressable::URI.parse(uri_string)
-      rescue Addressable::URI::InvalidURIError, TypeError
-      end
-
-      def prometheus_enabled?
-        Gitlab.config.prometheus.enable
-      rescue Settingslogic::MissingSetting
-        false
-      end
-
-      def prometheus_listen_address
-        Gitlab.config.prometheus.listen_address
-      rescue Settingslogic::MissingSetting
-      end
-
-      def instance_admins
-        @instance_admins ||= User.admins.active
-      end
-
-      def group_owner
-        instance_admins.first
-      end
-
-      def group_maintainers
-        # Exclude the first so that the group_owner is not added again as a member.
-        instance_admins - [group_owner]
-      end
-
-      def create_group_params
-        {
-          name: GROUP_NAME,
-          path: "#{GROUP_PATH}-#{SecureRandom.hex(4)}",
-          visibility_level: VISIBILITY_LEVEL
-        }
-      end
-
-      def create_project_params
-        {
-          initialize_with_readme: true,
-          visibility_level: VISIBILITY_LEVEL,
-          name: PROJECT_NAME,
-          description: PROJECT_DESCRIPTION,
-          namespace_id: @group.id
-        }
-      end
-
-      def internal_prometheus_listen_address_uri
-        if prometheus_listen_address.starts_with?('http')
-          prometheus_listen_address
-        else
-          'http://' + prometheus_listen_address
-        end
-      end
-
-      def prometheus_service_attributes
-        {
-          api_url: internal_prometheus_listen_address_uri,
-          manual_configuration: true,
-          active: true
-        }
-      end
-    end
-  end
-end
-- 
cgit v1.2.1


From ad05e488636ebe05b4985dbf3c7d912fd8d56f49 Mon Sep 17 00:00:00 2001
From: Brett Walker <bwalker@gitlab.com>
Date: Wed, 20 Feb 2019 17:51:55 -0600
Subject: Add support for using a Camo proxy server

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.
---
 app/helpers/application_settings_helper.rb         |  4 ++++
 app/models/application_setting.rb                  | 18 +++++++++++++++
 app/models/application_setting_implementation.rb   | 27 +++++++++++++++-------
 .../application_settings/update_service.rb         | 15 +++++++++++-
 4 files changed, 55 insertions(+), 9 deletions(-)

(limited to 'app')

diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 0ab19f1d2d2..c2d7350ce12 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -164,6 +164,10 @@ module ApplicationSettingsHelper
       :allow_local_requests_from_system_hooks,
       :dns_rebinding_protection_enabled,
       :archive_builds_in_human_readable,
+      :asset_proxy_enabled,
+      :asset_proxy_secret_key,
+      :asset_proxy_url,
+      :asset_proxy_whitelist,
       :authorized_keys_enabled,
       :auto_devops_enabled,
       :auto_devops_domain,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 2a99c6e5c59..92004b92647 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -18,12 +18,19 @@ class ApplicationSetting < ApplicationRecord
   # fix a lot of tests using allow_any_instance_of
   include ApplicationSettingImplementation
 
+  attr_encrypted :asset_proxy_secret_key,
+                 mode: :per_attribute_iv,
+                 insecure_mode: true,
+                 key: Settings.attr_encrypted_db_key_base_truncated,
+                 algorithm: 'aes-256-cbc'
+
   serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
   serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
   serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
+  serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
 
   ignore_column :koding_url
   ignore_column :koding_enabled
@@ -192,6 +199,17 @@ class ApplicationSetting < ApplicationRecord
             allow_nil: true,
             numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 }
 
+  validates :asset_proxy_url,
+            presence: true,
+            allow_blank: false,
+            url: true,
+            if: :asset_proxy_enabled?
+
+  validates :asset_proxy_secret_key,
+            presence: true,
+            allow_blank: false,
+            if: :asset_proxy_enabled?
+
   SUPPORTED_KEY_TYPES.each do |type|
     validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
   end
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 55ac1e129cf..a6dd9986e23 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -23,8 +23,9 @@ module ApplicationSettingImplementation
         akismet_enabled: false,
         allow_local_requests_from_web_hooks_and_services: false,
         allow_local_requests_from_system_hooks: true,
-        dns_rebinding_protection_enabled: true,
+        asset_proxy_enabled: false,
         authorized_keys_enabled: true, # TODO default to false if the instance is configured to use AuthorizedKeysCommand
+        commit_email_hostname: default_commit_email_hostname,
         container_registry_token_expire_delay: 5,
         default_artifacts_expire_in: '30 days',
         default_branch_protection: Settings.gitlab['default_branch_protection'],
@@ -33,7 +34,9 @@ module ApplicationSettingImplementation
         default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
         default_projects_limit: Settings.gitlab['default_projects_limit'],
         default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
+        diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
         disabled_oauth_sign_in_sources: [],
+        dns_rebinding_protection_enabled: true,
         domain_whitelist: Settings.gitlab['domain_whitelist'],
         dsa_key_restriction: 0,
         ecdsa_key_restriction: 0,
@@ -52,9 +55,11 @@ module ApplicationSettingImplementation
         housekeeping_gc_period: 200,
         housekeeping_incremental_repack_period: 10,
         import_sources: Settings.gitlab['import_sources'],
+        local_markdown_version: 0,
         max_artifacts_size: Settings.artifacts['max_size'],
         max_attachment_size: Settings.gitlab['max_attachment_size'],
         mirror_available: true,
+        outbound_local_requests_whitelist: [],
         password_authentication_enabled_for_git: true,
         password_authentication_enabled_for_web: Settings.gitlab['signin_enabled'],
         performance_bar_allowed_group_id: nil,
@@ -63,6 +68,8 @@ module ApplicationSettingImplementation
         plantuml_url: nil,
         polling_interval_multiplier: 1,
         project_export_enabled: true,
+        protected_ci_variables: false,
+        raw_blob_request_limit: 300,
         recaptcha_enabled: false,
         repository_checks_enabled: true,
         repository_storages: ['default'],
@@ -95,16 +102,10 @@ module ApplicationSettingImplementation
         user_default_internal_regex: nil,
         user_show_add_ssh_key_message: true,
         usage_stats_set_by_user_id: nil,
-        diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
-        commit_email_hostname: default_commit_email_hostname,
         snowplow_collector_hostname: nil,
         snowplow_cookie_domain: nil,
         snowplow_enabled: false,
-        snowplow_site_id: nil,
-        protected_ci_variables: false,
-        local_markdown_version: 0,
-        outbound_local_requests_whitelist: [],
-        raw_blob_request_limit: 300
+        snowplow_site_id: nil
       }
     end
 
@@ -198,6 +199,15 @@ module ApplicationSettingImplementation
     end
   end
 
+  def asset_proxy_whitelist=(values)
+    values = domain_strings_to_array(values) if values.is_a?(String)
+
+    # make sure we always whitelist the running host
+    values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)
+
+    self[:asset_proxy_whitelist] = values
+  end
+
   def repository_storages
     Array(read_attribute(:repository_storages))
   end
@@ -306,6 +316,7 @@ module ApplicationSettingImplementation
 
     values
       .split(DOMAIN_LIST_SEPARATOR)
+      .map(&:strip)
       .reject(&:empty?)
       .uniq
   end
diff --git a/app/services/application_settings/update_service.rb b/app/services/application_settings/update_service.rb
index 471df6e2d0c..03ff282dec5 100644
--- a/app/services/application_settings/update_service.rb
+++ b/app/services/application_settings/update_service.rb
@@ -6,6 +6,8 @@ module ApplicationSettings
 
     attr_reader :params, :application_setting
 
+    MARKDOWN_CACHE_INVALIDATING_PARAMS = %w(asset_proxy_enabled asset_proxy_url asset_proxy_secret_key asset_proxy_whitelist).freeze
+
     def execute
       validate_classification_label(application_setting, :external_authorization_service_default_label)
 
@@ -25,7 +27,13 @@ module ApplicationSettings
         params[:usage_stats_set_by_user_id] = current_user.id
       end
 
-      @application_setting.update(@params)
+      @application_setting.assign_attributes(params)
+
+      if invalidate_markdown_cache?
+        @application_setting[:local_markdown_version] = @application_setting.local_markdown_version + 1
+      end
+
+      @application_setting.save
     end
 
     private
@@ -41,6 +49,11 @@ module ApplicationSettings
       @application_setting.add_to_outbound_local_requests_whitelist(values_array)
     end
 
+    def invalidate_markdown_cache?
+      !params.key?(:local_markdown_version) &&
+        (@application_setting.changes.keys & MARKDOWN_CACHE_INVALIDATING_PARAMS).any?
+    end
+
     def update_terms(terms)
       return unless terms.present?
 
-- 
cgit v1.2.1


From 22e2a601a03461d996673f2c8e974c65bcf74eda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=92=D0=BB=D0=B0=D0=B4=D0=B8=D1=81=D0=BB=D0=B0=D0=B2=20?=
 =?UTF-8?q?=D0=9F=D0=BE=D0=BB=D1=8F=D0=BA=D0=BE=D0=B2?=
 <polrkov.tm@gmail.com>
Date: Sat, 24 Aug 2019 08:32:22 +0000
Subject: fix: remove double % from layout width description

Update show.html.haml
---
 app/views/profiles/preferences/show.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/profiles/preferences/show.html.haml b/app/views/profiles/preferences/show.html.haml
index d99063e344f..0887e8e64da 100644
--- a/app/views/profiles/preferences/show.html.haml
+++ b/app/views/profiles/preferences/show.html.haml
@@ -47,7 +47,7 @@
         = s_('Preferences|Layout width')
       = f.select :layout, layout_choices, {}, class: 'select2'
       .form-text.text-muted
-        = s_('Preferences|Choose between fixed (max. 1280px) and fluid (100%%) application layout.')
+        = s_('Preferences|Choose between fixed (max. 1280px) and fluid (%{percentage}) application layout.').html_safe % { percentage: '100%' }
     .form-group
       = f.label :dashboard, class: 'label-bold' do
         = s_('Preferences|Default dashboard')
-- 
cgit v1.2.1


From b89df394684a0b98a5dc17f0c2e798c410dfb96f Mon Sep 17 00:00:00 2001
From: Lucy Fox <lucy@afox.org>
Date: Mon, 26 Aug 2019 08:48:06 +0000
Subject: Update gitlab_schema.rb to fix typo

---
 app/graphql/gitlab_schema.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb
index 7edd14e48f7..4c8612c8f2e 100644
--- a/app/graphql/gitlab_schema.rb
+++ b/app/graphql/gitlab_schema.rb
@@ -49,7 +49,7 @@ class GitlabSchema < GraphQL::Schema
     def id_from_object(object)
       unless object.respond_to?(:to_global_id)
         # This is an error in our schema and needs to be solved. So raise a
-        # more meaningfull error message
+        # more meaningful error message
         raise "#{object} does not implement `to_global_id`. "\
               "Include `GlobalID::Identification` into `#{object.class}"
       end
-- 
cgit v1.2.1


From a13abd6731ecc3dc24017729c019ad6af9a7b114 Mon Sep 17 00:00:00 2001
From: Patrick Derichs <pderichs@gitlab.com>
Date: Mon, 26 Aug 2019 09:20:00 +0000
Subject: Add edit_note and spec for editing quick actions

Call QuickActionsService on Note update

Add support for notes which just contain
commands after editing

Return http status gone (410) if note was deleted

Temporary frontend addition so it is not
failing when a note is deleted

Move specs to shared examples

Fix rubocop style issue

Deleting note on frontend when status is 410

Use guard clause for note which got deleted

Simplified condition for nil note

This method should no longer be called
with nil note

Refactoring of execute method to reduce
complexity

Move errors update to delete_note method

Note is now deleted visually when it only
contains commands after update

Add expectation

Fix style issues

Changing action to fix tests

Add tests for removeNote and update
deleteNote expectations
---
 app/assets/javascripts/lib/utils/http_status.js    |  1 +
 .../javascripts/notes/components/noteable_note.vue | 31 +++++++---
 app/assets/javascripts/notes/stores/actions.js     | 22 +++++---
 app/controllers/concerns/notes_actions.rb          |  5 ++
 app/controllers/projects/notes_controller.rb       |  2 +-
 app/services/notes/update_service.rb               | 66 ++++++++++++++++++----
 6 files changed, 98 insertions(+), 29 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/lib/utils/http_status.js b/app/assets/javascripts/lib/utils/http_status.js
index 37ad1676f7a..5e5d10883a3 100644
--- a/app/assets/javascripts/lib/utils/http_status.js
+++ b/app/assets/javascripts/lib/utils/http_status.js
@@ -19,6 +19,7 @@ const httpStatusCodes = {
   UNAUTHORIZED: 401,
   FORBIDDEN: 403,
   NOT_FOUND: 404,
+  GONE: 410,
   UNPROCESSABLE_ENTITY: 422,
 };
 
diff --git a/app/assets/javascripts/notes/components/noteable_note.vue b/app/assets/javascripts/notes/components/noteable_note.vue
index 2f201839d45..9019f0542b6 100644
--- a/app/assets/javascripts/notes/components/noteable_note.vue
+++ b/app/assets/javascripts/notes/components/noteable_note.vue
@@ -14,6 +14,7 @@ import NoteBody from './note_body.vue';
 import eventHub from '../event_hub';
 import noteable from '../mixins/noteable';
 import resolvable from '../mixins/resolvable';
+import httpStatusCodes from '~/lib/utils/http_status';
 
 export default {
   name: 'NoteableNote',
@@ -122,7 +123,13 @@ export default {
   },
 
   methods: {
-    ...mapActions(['deleteNote', 'updateNote', 'toggleResolveNote', 'scrollToNoteIfNeeded']),
+    ...mapActions([
+      'deleteNote',
+      'removeNote',
+      'updateNote',
+      'toggleResolveNote',
+      'scrollToNoteIfNeeded',
+    ]),
     editHandler() {
       this.isEditing = true;
       this.$emit('handleEdit');
@@ -185,15 +192,21 @@ export default {
           this.updateSuccess();
           callback();
         })
-        .catch(() => {
-          this.isRequesting = false;
-          this.isEditing = true;
-          this.$nextTick(() => {
-            const msg = __('Something went wrong while editing your comment. Please try again.');
-            Flash(msg, 'alert', this.$el);
-            this.recoverNoteContent(noteText);
+        .catch(response => {
+          if (response.status === httpStatusCodes.GONE) {
+            this.removeNote(this.note);
+            this.updateSuccess();
             callback();
-          });
+          } else {
+            this.isRequesting = false;
+            this.isEditing = true;
+            this.$nextTick(() => {
+              const msg = __('Something went wrong while editing your comment. Please try again.');
+              Flash(msg, 'alert', this.$el);
+              this.recoverNoteContent(noteText);
+              callback();
+            });
+          }
         });
     },
     formCancelHandler(shouldConfirm, isDirty) {
diff --git a/app/assets/javascripts/notes/stores/actions.js b/app/assets/javascripts/notes/stores/actions.js
index b7857997d42..411bd585672 100644
--- a/app/assets/javascripts/notes/stores/actions.js
+++ b/app/assets/javascripts/notes/stores/actions.js
@@ -61,18 +61,22 @@ export const updateDiscussion = ({ commit, state }, discussion) => {
   return utils.findNoteObjectById(state.discussions, discussion.id);
 };
 
-export const deleteNote = ({ commit, dispatch, state }, note) =>
-  axios.delete(note.path).then(() => {
-    const discussion = state.discussions.find(({ id }) => id === note.discussion_id);
+export const removeNote = ({ commit, dispatch, state }, note) => {
+  const discussion = state.discussions.find(({ id }) => id === note.discussion_id);
 
-    commit(types.DELETE_NOTE, note);
+  commit(types.DELETE_NOTE, note);
 
-    dispatch('updateMergeRequestWidget');
-    dispatch('updateResolvableDiscussionsCounts');
+  dispatch('updateMergeRequestWidget');
+  dispatch('updateResolvableDiscussionsCounts');
 
-    if (isInMRPage()) {
-      dispatch('diffs/removeDiscussionsFromDiff', discussion);
-    }
+  if (isInMRPage()) {
+    dispatch('diffs/removeDiscussionsFromDiff', discussion);
+  }
+};
+
+export const deleteNote = ({ dispatch }, note) =>
+  axios.delete(note.path).then(() => {
+    dispatch('removeNote', note);
   });
 
 export const updateNote = ({ commit, dispatch }, { endpoint, note }) =>
diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb
index d2a961efff7..4b7899d469b 100644
--- a/app/controllers/concerns/notes_actions.rb
+++ b/app/controllers/concerns/notes_actions.rb
@@ -73,6 +73,11 @@ module NotesActions
   # rubocop:disable Gitlab/ModuleWithInstanceVariables
   def update
     @note = Notes::UpdateService.new(project, current_user, update_note_params).execute(note)
+    unless @note
+      head :gone
+      return
+    end
+
     prepare_notes_for_rendering([@note])
 
     respond_to do |format|
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 65d9b074eee..13e8453ed00 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -6,7 +6,7 @@ class Projects::NotesController < Projects::ApplicationController
   include NotesHelper
   include ToggleAwardEmoji
 
-  before_action :whitelist_query_limiting, only: [:create]
+  before_action :whitelist_query_limiting, only: [:create, :update]
   before_action :authorize_read_note!
   before_action :authorize_create_note!, only: [:create]
   before_action :authorize_resolve_note!, only: [:resolve, :unresolve]
diff --git a/app/services/notes/update_service.rb b/app/services/notes/update_service.rb
index 384d1dd2e50..853faed9d85 100644
--- a/app/services/notes/update_service.rb
+++ b/app/services/notes/update_service.rb
@@ -8,24 +8,70 @@ module Notes
       old_mentioned_users = note.mentioned_users.to_a
 
       note.update(params.merge(updated_by: current_user))
-      note.create_new_cross_references!(current_user)
 
-      if note.previous_changes.include?('note')
-        TodoService.new.update_note(note, current_user, old_mentioned_users)
+      only_commands = false
+
+      quick_actions_service = QuickActionsService.new(project, current_user)
+      if quick_actions_service.supported?(note)
+        content, update_params, message = quick_actions_service.execute(note, {})
+
+        only_commands = content.empty?
+
+        note.note = content
+      end
+
+      unless only_commands
+        note.create_new_cross_references!(current_user)
+
+        update_todos(note, old_mentioned_users)
+
+        update_suggestions(note)
       end
 
-      if note.supports_suggestion?
-        Suggestion.transaction do
-          note.suggestions.delete_all
-          Suggestions::CreateService.new(note).execute
+      if quick_actions_service.commands_executed_count.to_i > 0
+        if update_params.present?
+          quick_actions_service.apply_updates(update_params, note)
+          note.commands_changes = update_params
         end
 
-        # We need to refresh the previous suggestions call cache
-        # in order to get the new records.
-        note.reset
+        if only_commands
+          delete_note(note, message)
+          note = nil
+        else
+          note.save
+        end
       end
 
       note
     end
+
+    private
+
+    def delete_note(note, message)
+      # We must add the error after we call #save because errors are reset
+      # when #save is called
+      note.errors.add(:commands_only, message.presence || _('Commands did not apply'))
+
+      Notes::DestroyService.new(project, current_user).execute(note)
+    end
+
+    def update_suggestions(note)
+      return unless note.supports_suggestion?
+
+      Suggestion.transaction do
+        note.suggestions.delete_all
+        Suggestions::CreateService.new(note).execute
+      end
+
+      # We need to refresh the previous suggestions call cache
+      # in order to get the new records.
+      note.reset
+    end
+
+    def update_todos(note, old_mentioned_users)
+      return unless note.previous_changes.include?('note')
+
+      TodoService.new.update_note(note, current_user, old_mentioned_users)
+    end
   end
 end
-- 
cgit v1.2.1


From a844a958ea875b548b572faaca8e2fd523464735 Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <git@zjvandeweg.nl>
Date: Mon, 26 Aug 2019 12:31:25 +0200
Subject: Remove the object pools feature flag

The flag defaulted to true, so there's no change unless users turned it
off. Given there's a lack of issues regarding object pools, this should
be OK.
---
 app/models/project.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/models/project.rb b/app/models/project.rb
index 10679fb1f85..66d5286196e 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2175,8 +2175,7 @@ class Project < ApplicationRecord
     hashed_storage?(:repository) &&
       public? &&
       repository_exists? &&
-      Gitlab::CurrentSettings.hashed_storage_enabled &&
-      Feature.enabled?(:object_pools, self, default_enabled: true)
+      Gitlab::CurrentSettings.hashed_storage_enabled
   end
 
   def leave_pool_repository
-- 
cgit v1.2.1


From a8040a61d8bb6edb325236f9748c30e39ecaa335 Mon Sep 17 00:00:00 2001
From: Igor <idrozdov@gitlab.com>
Date: Mon, 26 Aug 2019 14:30:45 +0000
Subject: Add usage pings for merge request creating

Code Review Usage Ping for Create SMAU
---
 app/services/merge_requests/create_service.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app')

diff --git a/app/services/merge_requests/create_service.rb b/app/services/merge_requests/create_service.rb
index 06e46595b95..a69678a4422 100644
--- a/app/services/merge_requests/create_service.rb
+++ b/app/services/merge_requests/create_service.rb
@@ -27,6 +27,7 @@ module MergeRequests
       issuable.cache_merge_request_closes_issues!(current_user)
       create_pipeline_for(issuable, current_user)
       issuable.update_head_pipeline
+      Gitlab::UsageDataCounters::MergeRequestCounter.count(:create)
 
       super
     end
-- 
cgit v1.2.1


From e9a128b5742efdf16116f5bc86a66322d9d20b89 Mon Sep 17 00:00:00 2001
From: Walmyr Lima <walmyr@gitlab.com>
Date: Mon, 26 Aug 2019 18:12:36 +0200
Subject: Update view to add testability

---
 app/views/layouts/nav/sidebar/_project.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/layouts/nav/sidebar/_project.html.haml b/app/views/layouts/nav/sidebar/_project.html.haml
index 02ecf816e90..48fea2bbecf 100644
--- a/app/views/layouts/nav/sidebar/_project.html.haml
+++ b/app/views/layouts/nav/sidebar/_project.html.haml
@@ -115,7 +115,7 @@
                   = _('List')
 
             = nav_link(controller: :boards) do
-              = link_to project_boards_path(@project), title: boards_link_text do
+              = link_to project_boards_path(@project), title: boards_link_text, data: { qa_selector: "issue_boards_link" } do
                 %span
                   = boards_link_text
 
-- 
cgit v1.2.1


From bdd5b5b69533b8035d0a03a1d4c9de38ba3da189 Mon Sep 17 00:00:00 2001
From: Brett Walker <bwalker@gitlab.com>
Date: Mon, 26 Aug 2019 17:43:38 +0000
Subject: Replace echo function with a resolver

The `GraphQL::Function` has been deprecated in
favor of resolvers.
---
 app/graphql/functions/base_function.rb |  6 ------
 app/graphql/functions/echo.rb          | 15 ---------------
 app/graphql/resolvers/echo_resolver.rb | 14 ++++++++++++++
 app/graphql/types/query_type.rb        |  2 +-
 4 files changed, 15 insertions(+), 22 deletions(-)
 delete mode 100644 app/graphql/functions/base_function.rb
 delete mode 100644 app/graphql/functions/echo.rb
 create mode 100644 app/graphql/resolvers/echo_resolver.rb

(limited to 'app')

diff --git a/app/graphql/functions/base_function.rb b/app/graphql/functions/base_function.rb
deleted file mode 100644
index 2512ecbd255..00000000000
--- a/app/graphql/functions/base_function.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-module Functions
-  class BaseFunction < GraphQL::Function
-  end
-end
diff --git a/app/graphql/functions/echo.rb b/app/graphql/functions/echo.rb
deleted file mode 100644
index 3104486faac..00000000000
--- a/app/graphql/functions/echo.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Functions
-  class Echo < BaseFunction
-    argument :text, GraphQL::STRING_TYPE
-
-    description "Testing endpoint to validate the API with"
-
-    def call(obj, args, ctx)
-      username = ctx[:current_user]&.username
-
-      "#{username.inspect} says: #{args[:text]}"
-    end
-  end
-end
diff --git a/app/graphql/resolvers/echo_resolver.rb b/app/graphql/resolvers/echo_resolver.rb
new file mode 100644
index 00000000000..8076e1784ce
--- /dev/null
+++ b/app/graphql/resolvers/echo_resolver.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Resolvers
+  class EchoResolver < BaseResolver
+    argument    :text, GraphQL::STRING_TYPE, required: true
+    description 'Testing endpoint to validate the API with'
+
+    def resolve(**args)
+      username = context[:current_user]&.username
+
+      "#{username.inspect} says: #{args[:text]}"
+    end
+  end
+end
diff --git a/app/graphql/types/query_type.rb b/app/graphql/types/query_type.rb
index 53d36b43576..c686300b25d 100644
--- a/app/graphql/types/query_type.rb
+++ b/app/graphql/types/query_type.rb
@@ -24,6 +24,6 @@ module Types
           resolver: Resolvers::MetadataResolver,
           description: 'Metadata about GitLab'
 
-    field :echo, GraphQL::STRING_TYPE, null: false, function: Functions::Echo.new
+    field :echo, GraphQL::STRING_TYPE, null: false, resolver: Resolvers::EchoResolver
   end
 end
-- 
cgit v1.2.1


From 6c82462df617b3ae4adf64582e08a7432c69fb9a Mon Sep 17 00:00:00 2001
From: Jeremy Jackson <jjackson@gitlab.com>
Date: Mon, 26 Aug 2019 18:14:48 +0000
Subject: Changes snowplow to use cookies for sessions

This also restructures how and where the configuration for
Snowplow lives.
---
 app/assets/javascripts/main.js        |  2 ++
 app/assets/javascripts/tracking.js    | 28 ++++++++++++++++++++++++++++
 app/views/layouts/_snowplow.html.haml | 21 +--------------------
 3 files changed, 31 insertions(+), 20 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index 39f2097c174..0ddf40b0405 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -35,6 +35,7 @@ import initPerformanceBar from './performance_bar';
 import initSearchAutocomplete from './search_autocomplete';
 import GlFieldErrors from './gl_field_errors';
 import initUserPopovers from './user_popovers';
+import { initUserTracking } from './tracking';
 import { __ } from './locale';
 
 import 'ee_else_ce/main_ee';
@@ -94,6 +95,7 @@ function deferredInitialisation() {
   initLogoAnimation();
   initUsagePingConsent();
   initUserPopovers();
+  initUserTracking();
 
   if (document.querySelector('.search')) initSearchAutocomplete();
 
diff --git a/app/assets/javascripts/tracking.js b/app/assets/javascripts/tracking.js
index a852f937eec..03281b5ef49 100644
--- a/app/assets/javascripts/tracking.js
+++ b/app/assets/javascripts/tracking.js
@@ -1,5 +1,23 @@
 import $ from 'jquery';
 
+const DEFAULT_SNOWPLOW_OPTIONS = {
+  namespace: 'gl',
+  hostname: window.location.hostname,
+  cookieDomain: window.location.hostname,
+  appId: '',
+  userFingerprint: false,
+  respectDoNotTrack: true,
+  forceSecureTracker: true,
+  eventMethod: 'post',
+  contexts: { webPage: true },
+  // Page tracking tracks a single event when the page loads.
+  pageTrackingEnabled: false,
+  // Activity tracking tracks when a user is still interacting with the page.
+  // Events like scrolling and mouse movements are used to determine if the
+  // user has the tab active and is still actively engaging.
+  activityTrackingEnabled: false,
+};
+
 const extractData = (el, opts = {}) => {
   const { trackEvent, trackLabel = '', trackProperty = '' } = el.dataset;
   let trackValue = el.dataset.trackValue || el.value || '';
@@ -71,3 +89,13 @@ export default class Tracking {
     };
   }
 }
+
+export function initUserTracking() {
+  if (!Tracking.enabled()) return;
+
+  const opts = Object.assign({}, DEFAULT_SNOWPLOW_OPTIONS, window.snowplowOptions);
+  window.snowplow('newTracker', opts.namespace, opts.hostname, opts);
+
+  if (opts.activityTrackingEnabled) window.snowplow('enableActivityTracking', 30, 30);
+  if (opts.pageTrackingEnabled) window.snowplow('trackPageView'); // must be after enableActivityTracking
+}
diff --git a/app/views/layouts/_snowplow.html.haml b/app/views/layouts/_snowplow.html.haml
index 5f5c5e984c5..d7ff5ad1094 100644
--- a/app/views/layouts/_snowplow.html.haml
+++ b/app/views/layouts/_snowplow.html.haml
@@ -7,23 +7,4 @@
     };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1;
     n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","#{asset_url('snowplow/sp.js')}","snowplow"));
 
-    window.snowplow('newTracker', '#{Gitlab::SnowplowTracker::NAMESPACE}', '#{Gitlab::CurrentSettings.snowplow_collector_hostname}', {
-      appId: '#{Gitlab::CurrentSettings.snowplow_site_id}',
-      cookieDomain: '#{Gitlab::CurrentSettings.snowplow_cookie_domain}',
-      userFingerprint: false,
-      respectDoNotTrack: true,
-      forceSecureTracker: true,
-      post: true,
-      contexts: { webPage: true },
-      stateStorageStrategy: "localStorage"
-    });
-
-    window.snowplow('enableActivityTracking', 30, 30);
-    window.snowplow('trackPageView');
-
-- return unless Feature.enabled?(:additional_snowplow_tracking, @group)
-
-= javascript_tag nonce: true do
-  :plain
-    window.snowplow('enableFormTracking');
-    window.snowplow('enableLinkClickTracking');
+    window.snowplowOptions = #{Gitlab::Tracking.snowplow_options(@group).to_json}
-- 
cgit v1.2.1


From a06410d995e1200c7734b2d50e68506320d13dd0 Mon Sep 17 00:00:00 2001
From: Aishwarya Subramanian <asubramanian@gitlab.com>
Date: Mon, 26 Aug 2019 18:20:18 +0000
Subject: Using before_save method instead of setter

Removed unused method for name setter method
---
 app/models/user.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/user.rb b/app/models/user.rb
index 6131a8dc710..6107aaa7fca 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -161,6 +161,8 @@ class User < ApplicationRecord
   #
   # Note: devise :validatable above adds validations for :email and :password
   validates :name, presence: true, length: { maximum: 128 }
+  validates :first_name, length: { maximum: 255 }
+  validates :last_name, length: { maximum: 255 }
   validates :email, confirmation: true
   validates :notification_email, presence: true
   validates :notification_email, devise_email: true, if: ->(user) { user.notification_email != user.email }
@@ -881,7 +883,15 @@ class User < ApplicationRecord
   end
 
   def first_name
-    name.split.first unless name.blank?
+    read_attribute(:first_name) || begin
+      name.split(' ').first unless name.blank?
+    end
+  end
+
+  def last_name
+    read_attribute(:last_name) || begin
+      name.split(' ').drop(1).join(' ') unless name.blank?
+    end
   end
 
   def projects_limit_left
-- 
cgit v1.2.1


From 6fa5f510e83a91e19a1601bf6c01a9cffe6fd5c9 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sun, 25 Aug 2019 07:20:17 -0700
Subject: Guard against deleted project feature entry

In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a
project's `project_feature` association may be lazily loaded and hence
return `nil` if the entry is deleted if the `Project` is already loaded
in memory. To ensure we don't fail hard when this happens, assume all
features are disabled.

We can fix this issue by eager loading the `project_feature` in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we
shouldn't have to depend on that.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
---
 app/policies/project_policy.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index b8dee1b0789..e2634692dc7 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -502,6 +502,8 @@ class ProjectPolicy < BasePolicy
   end
 
   def feature_available?(feature)
+    return false unless project.project_feature
+
     case project.project_feature.access_level(feature)
     when ProjectFeature::DISABLED
       false
-- 
cgit v1.2.1


From 92b723db956e2b75b4bdcfb4d94c3c3cff8bf639 Mon Sep 17 00:00:00 2001
From: Jeremy Jackson <jjackson@gitlab.com>
Date: Mon, 26 Aug 2019 22:16:23 +0000
Subject: Revert "Merge branch 'user-tracking-settings' into 'master'"

This reverts merge request !31826
---
 app/assets/javascripts/main.js        |  2 --
 app/assets/javascripts/tracking.js    | 28 ----------------------------
 app/views/layouts/_snowplow.html.haml | 21 ++++++++++++++++++++-
 3 files changed, 20 insertions(+), 31 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index 0ddf40b0405..39f2097c174 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -35,7 +35,6 @@ import initPerformanceBar from './performance_bar';
 import initSearchAutocomplete from './search_autocomplete';
 import GlFieldErrors from './gl_field_errors';
 import initUserPopovers from './user_popovers';
-import { initUserTracking } from './tracking';
 import { __ } from './locale';
 
 import 'ee_else_ce/main_ee';
@@ -95,7 +94,6 @@ function deferredInitialisation() {
   initLogoAnimation();
   initUsagePingConsent();
   initUserPopovers();
-  initUserTracking();
 
   if (document.querySelector('.search')) initSearchAutocomplete();
 
diff --git a/app/assets/javascripts/tracking.js b/app/assets/javascripts/tracking.js
index 03281b5ef49..a852f937eec 100644
--- a/app/assets/javascripts/tracking.js
+++ b/app/assets/javascripts/tracking.js
@@ -1,23 +1,5 @@
 import $ from 'jquery';
 
-const DEFAULT_SNOWPLOW_OPTIONS = {
-  namespace: 'gl',
-  hostname: window.location.hostname,
-  cookieDomain: window.location.hostname,
-  appId: '',
-  userFingerprint: false,
-  respectDoNotTrack: true,
-  forceSecureTracker: true,
-  eventMethod: 'post',
-  contexts: { webPage: true },
-  // Page tracking tracks a single event when the page loads.
-  pageTrackingEnabled: false,
-  // Activity tracking tracks when a user is still interacting with the page.
-  // Events like scrolling and mouse movements are used to determine if the
-  // user has the tab active and is still actively engaging.
-  activityTrackingEnabled: false,
-};
-
 const extractData = (el, opts = {}) => {
   const { trackEvent, trackLabel = '', trackProperty = '' } = el.dataset;
   let trackValue = el.dataset.trackValue || el.value || '';
@@ -89,13 +71,3 @@ export default class Tracking {
     };
   }
 }
-
-export function initUserTracking() {
-  if (!Tracking.enabled()) return;
-
-  const opts = Object.assign({}, DEFAULT_SNOWPLOW_OPTIONS, window.snowplowOptions);
-  window.snowplow('newTracker', opts.namespace, opts.hostname, opts);
-
-  if (opts.activityTrackingEnabled) window.snowplow('enableActivityTracking', 30, 30);
-  if (opts.pageTrackingEnabled) window.snowplow('trackPageView'); // must be after enableActivityTracking
-}
diff --git a/app/views/layouts/_snowplow.html.haml b/app/views/layouts/_snowplow.html.haml
index d7ff5ad1094..5f5c5e984c5 100644
--- a/app/views/layouts/_snowplow.html.haml
+++ b/app/views/layouts/_snowplow.html.haml
@@ -7,4 +7,23 @@
     };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1;
     n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","#{asset_url('snowplow/sp.js')}","snowplow"));
 
-    window.snowplowOptions = #{Gitlab::Tracking.snowplow_options(@group).to_json}
+    window.snowplow('newTracker', '#{Gitlab::SnowplowTracker::NAMESPACE}', '#{Gitlab::CurrentSettings.snowplow_collector_hostname}', {
+      appId: '#{Gitlab::CurrentSettings.snowplow_site_id}',
+      cookieDomain: '#{Gitlab::CurrentSettings.snowplow_cookie_domain}',
+      userFingerprint: false,
+      respectDoNotTrack: true,
+      forceSecureTracker: true,
+      post: true,
+      contexts: { webPage: true },
+      stateStorageStrategy: "localStorage"
+    });
+
+    window.snowplow('enableActivityTracking', 30, 30);
+    window.snowplow('trackPageView');
+
+- return unless Feature.enabled?(:additional_snowplow_tracking, @group)
+
+= javascript_tag nonce: true do
+  :plain
+    window.snowplow('enableFormTracking');
+    window.snowplow('enableLinkClickTracking');
-- 
cgit v1.2.1


From f6058981919ab431e7c1e053b5ae6119a9a24e30 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Mon, 26 Aug 2019 13:03:42 -0700
Subject: Fix Piwik not working

Due to indentation, the changes in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31402 broke the
templating of Piwik script header.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66627
---
 app/views/layouts/_piwik.html.haml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/views/layouts/_piwik.html.haml b/app/views/layouts/_piwik.html.haml
index 2cb2e23433d..361a7b03180 100644
--- a/app/views/layouts/_piwik.html.haml
+++ b/app/views/layouts/_piwik.html.haml
@@ -11,5 +11,5 @@
       var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
       g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
     })();
-  <noscript><p><img src="//#{extra_config.piwik_url}/piwik.php?idsite=#{extra_config.piwik_site_id}" style="border:0;" alt="" /></p></noscript>
-  <!-- End Piwik Code -->
+<noscript><p><img src="//#{extra_config.piwik_url}/piwik.php?idsite=#{extra_config.piwik_site_id}" style="border:0;" alt="" /></p></noscript>
+<!-- End Piwik Code -->
-- 
cgit v1.2.1


From 93cf4124737b20e3f810f0c0ad366271a9a0c251 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Etienne=20Baqu=C3=A9?= <ebaque@gitlab.com>
Date: Fri, 12 Jul 2019 16:49:47 -0400
Subject: Add encrypted optional option to DeployToken authentication field

---
 app/models/deploy_token.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb
index 33f0be91632..85f5a2040c0 100644
--- a/app/models/deploy_token.rb
+++ b/app/models/deploy_token.rb
@@ -5,7 +5,7 @@ class DeployToken < ApplicationRecord
   include TokenAuthenticatable
   include PolicyActor
   include Gitlab::Utils::StrongMemoize
-  add_authentication_token_field :token
+  add_authentication_token_field :token, encrypted: :optional
 
   AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
   GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze
-- 
cgit v1.2.1


From 9f219873a1677d17275e08b9ca7328f976c84fa9 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 23 Aug 2019 23:41:47 -0700
Subject: Add QA specs for using IP rate limits

This will help prevent issues such as
https://gitlab.com/gitlab-org/gitlab-ce/issues/66449.
---
 app/views/admin/application_settings/_ip_limits.html.haml | 8 ++++----
 app/views/admin/application_settings/network.html.haml    | 2 +-
 app/views/layouts/nav/sidebar/_admin.html.haml            | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/views/admin/application_settings/_ip_limits.html.haml b/app/views/admin/application_settings/_ip_limits.html.haml
index 67a04fcf698..9512c1837bf 100644
--- a/app/views/admin/application_settings/_ip_limits.html.haml
+++ b/app/views/admin/application_settings/_ip_limits.html.haml
@@ -4,7 +4,7 @@
   %fieldset
     .form-group
       .form-check
-        = f.check_box :throttle_unauthenticated_enabled, class: 'form-check-input'
+        = f.check_box :throttle_unauthenticated_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_unauthenticated_checkbox' }
         = f.label :throttle_unauthenticated_enabled, class: 'form-check-label' do
           Enable unauthenticated request rate limit
         %span.form-text.text-muted
@@ -17,7 +17,7 @@
       = f.number_field :throttle_unauthenticated_period_in_seconds, class: 'form-control'
     .form-group
       .form-check
-        = f.check_box :throttle_authenticated_api_enabled, class: 'form-check-input'
+        = f.check_box :throttle_authenticated_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_api_checkbox' }
         = f.label :throttle_authenticated_api_enabled, class: 'form-check-label' do
           Enable authenticated API request rate limit
         %span.form-text.text-muted
@@ -30,7 +30,7 @@
       = f.number_field :throttle_authenticated_api_period_in_seconds, class: 'form-control'
     .form-group
       .form-check
-        = f.check_box :throttle_authenticated_web_enabled, class: 'form-check-input'
+        = f.check_box :throttle_authenticated_web_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_web_checkbox' }
         = f.label :throttle_authenticated_web_enabled, class: 'form-check-label' do
           Enable authenticated web request rate limit
         %span.form-text.text-muted
@@ -42,4 +42,4 @@
       = f.label :throttle_authenticated_web_period_in_seconds, 'Rate limit period in seconds', class: 'label-bold'
       = f.number_field :throttle_authenticated_web_period_in_seconds, class: 'form-control'
 
-  = f.submit 'Save changes', class: "btn btn-success"
+  = f.submit 'Save changes', class: "btn btn-success", data: { qa_selector: 'save_changes_button' }
diff --git a/app/views/admin/application_settings/network.html.haml b/app/views/admin/application_settings/network.html.haml
index 26fd745f45f..3a4d901ca1d 100644
--- a/app/views/admin/application_settings/network.html.haml
+++ b/app/views/admin/application_settings/network.html.haml
@@ -13,7 +13,7 @@
   .settings-content
     = render 'performance'
 
-%section.settings.as-ip-limits.no-animate#js-ip-limits-settings{ class: ('expanded' if expanded_by_default?) }
+%section.settings.as-ip-limits.no-animate#js-ip-limits-settings{ class: ('expanded' if expanded_by_default?), data: { qa_selector: 'ip_limits_section' } }
   .settings-header
     %h4
       = _('User and IP Rate Limits')
diff --git a/app/views/layouts/nav/sidebar/_admin.html.haml b/app/views/layouts/nav/sidebar/_admin.html.haml
index cb39c830170..9e92ced9f89 100644
--- a/app/views/layouts/nav/sidebar/_admin.html.haml
+++ b/app/views/layouts/nav/sidebar/_admin.html.haml
@@ -261,7 +261,7 @@
                 %span
                   = _('Metrics and profiling')
             = nav_link(path: 'application_settings#network') do
-              = link_to network_admin_application_settings_path, title: _('Network') do
+              = link_to network_admin_application_settings_path, title: _('Network'), data: { qa_selector: 'admin_settings_network_item' } do
                 %span
                   = _('Network')
             - if template_exists?('admin/application_settings/geo')
-- 
cgit v1.2.1


From 7a162e1a8f1f1aeb45fee149c201115f7a7231c9 Mon Sep 17 00:00:00 2001
From: Sanad Liaquat <sliaquat@gitlab.com>
Date: Tue, 27 Aug 2019 10:48:04 +0500
Subject: CE Backport of EE changes

Add qa selector elements and files from the EE branch
---
 app/views/groups/edit.html.haml                  | 2 +-
 app/views/groups/settings/_permissions.html.haml | 2 +-
 app/views/layouts/nav/sidebar/_group.html.haml   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml
index 0c8f86c2822..6d06bb246cb 100644
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -14,7 +14,7 @@
   .settings-content
     = render 'groups/settings/general'
 
-%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded) }
+%section.settings.gs-permissions.no-animate#js-permissions-settings{ class: ('expanded' if expanded), data: { qa_selector: 'permission_lfs_2fa_section' } }
   .settings-header
     %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only{ role: 'button' }
       = _('Permissions, LFS, 2FA')
diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml
index 94a938021f9..c55730ccd31 100644
--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -31,4 +31,4 @@
     = render 'groups/settings/two_factor_auth', f: f
     = render_if_exists 'groups/member_lock_setting', f: f, group: @group
 
-  = f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit'
+  = f.submit _('Save changes'), class: 'btn btn-success prepend-top-default js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' }
diff --git a/app/views/layouts/nav/sidebar/_group.html.haml b/app/views/layouts/nav/sidebar/_group.html.haml
index 48c9f19f89f..c1f4b3adfec 100644
--- a/app/views/layouts/nav/sidebar/_group.html.haml
+++ b/app/views/layouts/nav/sidebar/_group.html.haml
@@ -147,7 +147,7 @@
                   = _('Settings')
             %li.divider.fly-out-top-item
             = nav_link(path: 'groups#edit') do
-              = link_to edit_group_path(@group), title: _('General') do
+              = link_to edit_group_path(@group), title: _('General'), data: { qa_selector: 'general_settings_link' } do
                 %span
                   = _('General')
 
-- 
cgit v1.2.1


From 7e0960f6e220c2ae54abb457508c9b20fa132a9f Mon Sep 17 00:00:00 2001
From: Toon Claes <toon@gitlab.com>
Date: Tue, 27 Aug 2019 09:48:16 +0200
Subject: Bring text mail for new issue & MR more in line

Make these templates for mail notifications for a new issue and a new
merge request more similar.

Also remove some leading whitespace in text mails.
---
 app/views/notify/new_issue_email.text.erb         | 10 +++-------
 app/views/notify/new_merge_request_email.text.erb |  4 ++--
 2 files changed, 5 insertions(+), 9 deletions(-)

(limited to 'app')

diff --git a/app/views/notify/new_issue_email.text.erb b/app/views/notify/new_issue_email.text.erb
index b93d95ef02f..bd61db3ee76 100644
--- a/app/views/notify/new_issue_email.text.erb
+++ b/app/views/notify/new_issue_email.text.erb
@@ -1,9 +1,5 @@
-<%= sanitize_name(@issue.author_name) %> <%= 'created an issue:' %>
+<%= sanitize_name(@issue.author_name) %> <%= 'created an issue:' %> <%= url_for(project_issue_url(@issue.project, @issue)) %>
 
-<% if @issue.assignees.any? -%>
-  <%= assignees_label(@issue) %>
-<% end %>
+<%= assignees_label(@issue) if @issue.assignees.any? %>
 
-<% if @issue.description -%>
-  <%= @issue.description %>
-<% end %>
+<%= @issue.description %>
diff --git a/app/views/notify/new_merge_request_email.text.erb b/app/views/notify/new_merge_request_email.text.erb
index 6c0d7b1e60b..f4b0ed0f886 100644
--- a/app/views/notify/new_merge_request_email.text.erb
+++ b/app/views/notify/new_merge_request_email.text.erb
@@ -1,8 +1,8 @@
-<%= @merge_request.author_name %> <%= 'created a merge request:' %> <%= url_for(project_merge_request_url(@merge_request.target_project, @merge_request)) %>
+<%= sanitize_name(@merge_request.author_name) %> <%= 'created a merge request:' %> <%= url_for(project_merge_request_url(@merge_request.target_project, @merge_request)) %>
 
 <%= merge_path_description(@merge_request, 'to') %>
 <%= 'Author:' %>    <%= @merge_request.author_name %>
-<%= assignees_label(@merge_request) %>
+<%= assignees_label(@merge_request) if @merge_request.assignees.any? %>
 <%= render_if_exists 'notify/merge_request_approvers', presenter: @mr_presenter %>
 
 <%= @merge_request.description %>
-- 
cgit v1.2.1


From b4cc539d3c2ea96fa0fe30e1ab9aa3063bd387ed Mon Sep 17 00:00:00 2001
From: Enrique Alcantara <ealcantara@gitlab.com>
Date: Mon, 26 Aug 2019 10:56:20 -0400
Subject: Move gke_cluster_dropdowns to create_cluster dir

This commit creates a create_cluster directory to collect
all Vue applications related to creating kubernetes applications
using gitlab.

It also moves the gke_cluster_dropdowns collection of apps to
the create_cluster directory. gke_cluster_dropdowns contains
dropdown components used to select configuration options to
create a Kubernetes cluster in Google Cloud.
---
 .../gke_cluster/components/gke_dropdown_mixin.js   |  71 ++++++++
 .../components/gke_machine_type_dropdown.vue       | 129 ++++++++++++++
 .../components/gke_project_id_dropdown.vue         | 188 +++++++++++++++++++++
 .../gke_cluster/components/gke_zone_dropdown.vue   | 103 +++++++++++
 .../create_cluster/gke_cluster/constants.js        |  11 ++
 .../create_cluster/gke_cluster/index.js            |  88 ++++++++++
 .../create_cluster/gke_cluster/store/actions.js    |  95 +++++++++++
 .../create_cluster/gke_cluster/store/getters.js    |   3 +
 .../create_cluster/gke_cluster/store/index.js      |  18 ++
 .../gke_cluster/store/mutation_types.js            |   8 +
 .../create_cluster/gke_cluster/store/mutations.js  |  28 +++
 .../create_cluster/gke_cluster/store/state.js      |  13 ++
 .../javascripts/pages/admin/clusters/index.js      |   2 +-
 app/assets/javascripts/pages/groups/index.js       |   2 +-
 app/assets/javascripts/pages/projects/index.js     |   2 +-
 .../components/gke_dropdown_mixin.js               |  71 --------
 .../components/gke_machine_type_dropdown.vue       | 129 --------------
 .../components/gke_project_id_dropdown.vue         | 188 ---------------------
 .../components/gke_zone_dropdown.vue               | 103 -----------
 .../projects/gke_cluster_dropdowns/constants.js    |  11 --
 .../projects/gke_cluster_dropdowns/index.js        |  88 ----------
 .../gke_cluster_dropdowns/store/actions.js         |  95 -----------
 .../gke_cluster_dropdowns/store/getters.js         |   3 -
 .../projects/gke_cluster_dropdowns/store/index.js  |  18 --
 .../gke_cluster_dropdowns/store/mutation_types.js  |   8 -
 .../gke_cluster_dropdowns/store/mutations.js       |  28 ---
 .../projects/gke_cluster_dropdowns/store/state.js  |  13 --
 27 files changed, 758 insertions(+), 758 deletions(-)
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/components/gke_dropdown_mixin.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/components/gke_machine_type_dropdown.vue
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/components/gke_project_id_dropdown.vue
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/components/gke_zone_dropdown.vue
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/constants.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/index.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/actions.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/getters.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/index.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/mutation_types.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/mutations.js
 create mode 100644 app/assets/javascripts/create_cluster/gke_cluster/store/state.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_dropdown_mixin.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_machine_type_dropdown.vue
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_project_id_dropdown.vue
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_zone_dropdown.vue
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/constants.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/index.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/actions.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/getters.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/index.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutation_types.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutations.js
 delete mode 100644 app/assets/javascripts/projects/gke_cluster_dropdowns/store/state.js

(limited to 'app')

diff --git a/app/assets/javascripts/create_cluster/gke_cluster/components/gke_dropdown_mixin.js b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_dropdown_mixin.js
new file mode 100644
index 00000000000..5a3407693e5
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_dropdown_mixin.js
@@ -0,0 +1,71 @@
+import _ from 'underscore';
+import DropdownSearchInput from '~/vue_shared/components/dropdown/dropdown_search_input.vue';
+import DropdownHiddenInput from '~/vue_shared/components/dropdown/dropdown_hidden_input.vue';
+import DropdownButton from '~/vue_shared/components/dropdown/dropdown_button.vue';
+import { GlLoadingIcon } from '@gitlab/ui';
+
+import store from '../store';
+
+export default {
+  store,
+  components: {
+    DropdownButton,
+    DropdownSearchInput,
+    DropdownHiddenInput,
+    GlLoadingIcon,
+  },
+  props: {
+    fieldId: {
+      type: String,
+      required: true,
+    },
+    fieldName: {
+      type: String,
+      required: true,
+    },
+    defaultValue: {
+      type: String,
+      required: false,
+      default: '',
+    },
+  },
+  data() {
+    return {
+      isLoading: false,
+      hasErrors: false,
+      searchQuery: '',
+      gapiError: '',
+    };
+  },
+  computed: {
+    results() {
+      if (!this.items) {
+        return [];
+      }
+
+      return this.items.filter(item => item.name.toLowerCase().indexOf(this.searchQuery) > -1);
+    },
+  },
+  methods: {
+    fetchSuccessHandler() {
+      if (this.defaultValue) {
+        const itemToSelect = _.find(this.items, item => item.name === this.defaultValue);
+
+        if (itemToSelect) {
+          this.setItem(itemToSelect.name);
+        }
+      }
+
+      this.isLoading = false;
+      this.hasErrors = false;
+    },
+    fetchFailureHandler(resp) {
+      this.isLoading = false;
+      this.hasErrors = true;
+
+      if (resp.result && resp.result.error) {
+        this.gapiError = resp.result.error.message;
+      }
+    },
+  },
+};
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/components/gke_machine_type_dropdown.vue b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_machine_type_dropdown.vue
new file mode 100644
index 00000000000..83811ab489a
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_machine_type_dropdown.vue
@@ -0,0 +1,129 @@
+<script>
+import { sprintf, s__ } from '~/locale';
+import { mapState, mapGetters, mapActions } from 'vuex';
+
+import gkeDropdownMixin from './gke_dropdown_mixin';
+
+export default {
+  name: 'GkeMachineTypeDropdown',
+  mixins: [gkeDropdownMixin],
+  computed: {
+    ...mapState([
+      'isValidatingProjectBilling',
+      'projectHasBillingEnabled',
+      'selectedZone',
+      'selectedMachineType',
+    ]),
+    ...mapState({ items: 'machineTypes' }),
+    ...mapGetters(['hasZone', 'hasMachineType']),
+    allDropdownsSelected() {
+      return this.projectHasBillingEnabled && this.hasZone && this.hasMachineType;
+    },
+    isDisabled() {
+      return (
+        this.isLoading ||
+        this.isValidatingProjectBilling ||
+        !this.projectHasBillingEnabled ||
+        !this.hasZone
+      );
+    },
+    toggleText() {
+      if (this.isLoading) {
+        return s__('ClusterIntegration|Fetching machine types');
+      }
+
+      if (this.selectedMachineType) {
+        return this.selectedMachineType;
+      }
+
+      if (!this.projectHasBillingEnabled && !this.hasZone) {
+        return s__('ClusterIntegration|Select project and zone to choose machine type');
+      }
+
+      return !this.hasZone
+        ? s__('ClusterIntegration|Select zone to choose machine type')
+        : s__('ClusterIntegration|Select machine type');
+    },
+    errorMessage() {
+      return sprintf(
+        s__(
+          'ClusterIntegration|An error occurred while trying to fetch zone machine types: %{error}',
+        ),
+        { error: this.gapiError },
+      );
+    },
+  },
+  watch: {
+    selectedZone() {
+      this.hasErrors = false;
+
+      if (this.hasZone) {
+        this.isLoading = true;
+
+        this.fetchMachineTypes()
+          .then(this.fetchSuccessHandler)
+          .catch(this.fetchFailureHandler);
+      }
+    },
+    selectedMachineType() {
+      this.enableSubmit();
+    },
+  },
+  methods: {
+    ...mapActions(['fetchMachineTypes']),
+    ...mapActions({ setItem: 'setMachineType' }),
+    enableSubmit() {
+      if (this.allDropdownsSelected) {
+        const submitButtonEl = document.querySelector('.js-gke-cluster-creation-submit');
+
+        if (submitButtonEl) {
+          submitButtonEl.removeAttribute('disabled');
+        }
+      }
+    },
+  },
+};
+</script>
+
+<template>
+  <div>
+    <div class="js-gcp-machine-type-dropdown dropdown">
+      <dropdown-hidden-input :name="fieldName" :value="selectedMachineType" />
+      <dropdown-button
+        :class="{ 'border-danger': hasErrors }"
+        :is-disabled="isDisabled"
+        :is-loading="isLoading"
+        :toggle-text="toggleText"
+      />
+      <div class="dropdown-menu dropdown-select">
+        <dropdown-search-input
+          v-model="searchQuery"
+          :placeholder-text="s__('ClusterIntegration|Search machine types')"
+        />
+        <div class="dropdown-content">
+          <ul>
+            <li v-show="!results.length">
+              <span class="menu-item">
+                {{ s__('ClusterIntegration|No machine types matched your search') }}
+              </span>
+            </li>
+            <li v-for="result in results" :key="result.id">
+              <button type="button" @click.prevent="setItem(result.name)">{{ result.name }}</button>
+            </li>
+          </ul>
+        </div>
+        <div class="dropdown-loading"><gl-loading-icon /></div>
+      </div>
+    </div>
+    <span
+      v-if="hasErrors"
+      :class="{
+        'text-danger': hasErrors,
+        'text-muted': !hasErrors,
+      }"
+      class="form-text"
+    >
+      {{ errorMessage }}
+    </span>
+  </div>
+</template>
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/components/gke_project_id_dropdown.vue b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_project_id_dropdown.vue
new file mode 100644
index 00000000000..a2eb79af4f9
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_project_id_dropdown.vue
@@ -0,0 +1,188 @@
+<script>
+import _ from 'underscore';
+import { s__, sprintf } from '~/locale';
+import { mapState, mapGetters, mapActions } from 'vuex';
+
+import gkeDropdownMixin from './gke_dropdown_mixin';
+
+export default {
+  name: 'GkeProjectIdDropdown',
+  mixins: [gkeDropdownMixin],
+  props: {
+    docsUrl: {
+      type: String,
+      required: true,
+    },
+  },
+  computed: {
+    ...mapState(['selectedProject', 'isValidatingProjectBilling', 'projectHasBillingEnabled']),
+    ...mapState({ items: 'projects' }),
+    ...mapGetters(['hasProject']),
+    hasOneProject() {
+      return this.items && this.items.length === 1;
+    },
+    isDisabled() {
+      return (
+        this.isLoading || this.isValidatingProjectBilling || (this.items && this.items.length < 2)
+      );
+    },
+    toggleText() {
+      if (this.isValidatingProjectBilling) {
+        return s__('ClusterIntegration|Validating project billing status');
+      }
+
+      if (this.isLoading) {
+        return s__('ClusterIntegration|Fetching projects');
+      }
+
+      if (this.hasProject) {
+        return this.selectedProject.name;
+      }
+
+      if (!this.items) {
+        return s__('ClusterIntegration|No projects found');
+      }
+
+      return s__('ClusterIntegration|Select project');
+    },
+    helpText() {
+      let message;
+      if (this.hasErrors) {
+        return this.errorMessage;
+      }
+
+      if (!this.items) {
+        message =
+          'ClusterIntegration|We were unable to fetch any projects. Ensure that you have a project on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.';
+      }
+
+      message =
+        this.items && this.items.length
+          ? 'ClusterIntegration|To use a new project, first create one on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.'
+          : 'ClusterIntegration|To create a cluster, first create a project on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.';
+
+      return sprintf(
+        s__(message),
+        {
+          docsLinkEnd: '&nbsp;<i class="fa fa-external-link" aria-hidden="true"></i></a>',
+          docsLinkStart: `<a href="${_.escape(
+            this.docsUrl,
+          )}" target="_blank" rel="noopener noreferrer">`,
+        },
+        false,
+      );
+    },
+    errorMessage() {
+      if (!this.projectHasBillingEnabled) {
+        if (this.gapiError) {
+          return s__(
+            'ClusterIntegration|We could not verify that one of your projects on GCP has billing enabled. Please try again.',
+          );
+        }
+
+        return sprintf(
+          s__(
+            'This project does not have billing enabled. To create a cluster, <a href=%{linkToBilling} target="_blank" rel="noopener noreferrer">enable billing <i class="fa fa-external-link" aria-hidden="true"></i></a> and try again.',
+          ),
+          {
+            linkToBilling:
+              'https://console.cloud.google.com/freetrial?utm_campaign=2018_cpanel&utm_source=gitlab&utm_medium=referral',
+          },
+          false,
+        );
+      }
+
+      return sprintf(
+        s__('ClusterIntegration|An error occurred while trying to fetch your projects: %{error}'),
+        { error: this.gapiError },
+      );
+    },
+  },
+  watch: {
+    selectedProject() {
+      this.setIsValidatingProjectBilling(true);
+
+      this.validateProjectBilling()
+        .then(this.validateProjectBillingSuccessHandler)
+        .catch(this.validateProjectBillingFailureHandler);
+    },
+  },
+  created() {
+    this.isLoading = true;
+
+    this.fetchProjects()
+      .then(this.fetchSuccessHandler)
+      .catch(this.fetchFailureHandler);
+  },
+  methods: {
+    ...mapActions(['fetchProjects', 'setIsValidatingProjectBilling', 'validateProjectBilling']),
+    ...mapActions({ setItem: 'setProject' }),
+    fetchSuccessHandler() {
+      if (this.defaultValue) {
+        const projectToSelect = _.find(this.items, item => item.projectId === this.defaultValue);
+
+        if (projectToSelect) {
+          this.setItem(projectToSelect);
+        }
+      } else if (this.items.length === 1) {
+        this.setItem(this.items[0]);
+      }
+
+      this.isLoading = false;
+      this.hasErrors = false;
+    },
+    validateProjectBillingSuccessHandler() {
+      this.hasErrors = !this.projectHasBillingEnabled;
+    },
+    validateProjectBillingFailureHandler(resp) {
+      this.hasErrors = true;
+
+      this.gapiError = resp.result ? resp.result.error.message : resp;
+    },
+  },
+};
+</script>
+
+<template>
+  <div>
+    <div class="js-gcp-project-id-dropdown dropdown">
+      <dropdown-hidden-input :name="fieldName" :value="selectedProject.projectId" />
+      <dropdown-button
+        :class="{
+          'border-danger': hasErrors,
+          'read-only': hasOneProject,
+        }"
+        :is-disabled="isDisabled"
+        :is-loading="isLoading"
+        :toggle-text="toggleText"
+      />
+      <div class="dropdown-menu dropdown-select">
+        <dropdown-search-input
+          v-model="searchQuery"
+          :placeholder-text="s__('ClusterIntegration|Search projects')"
+        />
+        <div class="dropdown-content">
+          <ul>
+            <li v-show="!results.length">
+              <span class="menu-item">
+                {{ s__('ClusterIntegration|No projects matched your search') }}
+              </span>
+            </li>
+            <li v-for="result in results" :key="result.project_number">
+              <button type="button" @click.prevent="setItem(result)">{{ result.name }}</button>
+            </li>
+          </ul>
+        </div>
+        <div class="dropdown-loading"><gl-loading-icon /></div>
+      </div>
+    </div>
+    <span
+      :class="{
+        'text-danger': hasErrors,
+        'text-muted': !hasErrors,
+      }"
+      class="form-text"
+      v-html="helpText"
+    ></span>
+  </div>
+</template>
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/components/gke_zone_dropdown.vue b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_zone_dropdown.vue
new file mode 100644
index 00000000000..fd5d5f86401
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/components/gke_zone_dropdown.vue
@@ -0,0 +1,103 @@
+<script>
+import { sprintf, s__ } from '~/locale';
+import { mapState, mapActions } from 'vuex';
+
+import gkeDropdownMixin from './gke_dropdown_mixin';
+
+export default {
+  name: 'GkeZoneDropdown',
+  mixins: [gkeDropdownMixin],
+  computed: {
+    ...mapState([
+      'selectedProject',
+      'selectedZone',
+      'projects',
+      'isValidatingProjectBilling',
+      'projectHasBillingEnabled',
+    ]),
+    ...mapState({ items: 'zones' }),
+    isDisabled() {
+      return this.isLoading || this.isValidatingProjectBilling || !this.projectHasBillingEnabled;
+    },
+    toggleText() {
+      if (this.isLoading) {
+        return s__('ClusterIntegration|Fetching zones');
+      }
+
+      if (this.selectedZone) {
+        return this.selectedZone;
+      }
+
+      return !this.projectHasBillingEnabled
+        ? s__('ClusterIntegration|Select project to choose zone')
+        : s__('ClusterIntegration|Select zone');
+    },
+    errorMessage() {
+      return sprintf(
+        s__('ClusterIntegration|An error occurred while trying to fetch project zones: %{error}'),
+        { error: this.gapiError },
+      );
+    },
+  },
+  watch: {
+    isValidatingProjectBilling(isValidating) {
+      this.hasErrors = false;
+
+      if (!isValidating && this.projectHasBillingEnabled) {
+        this.isLoading = true;
+
+        this.fetchZones()
+          .then(this.fetchSuccessHandler)
+          .catch(this.fetchFailureHandler);
+      }
+    },
+  },
+  methods: {
+    ...mapActions(['fetchZones']),
+    ...mapActions({ setItem: 'setZone' }),
+  },
+};
+</script>
+
+<template>
+  <div>
+    <div class="js-gcp-zone-dropdown dropdown">
+      <dropdown-hidden-input :name="fieldName" :value="selectedZone" />
+      <dropdown-button
+        :class="{ 'border-danger': hasErrors }"
+        :is-disabled="isDisabled"
+        :is-loading="isLoading"
+        :toggle-text="toggleText"
+      />
+      <div class="dropdown-menu dropdown-select">
+        <dropdown-search-input
+          v-model="searchQuery"
+          :placeholder-text="s__('ClusterIntegration|Search zones')"
+        />
+        <div class="dropdown-content">
+          <ul>
+            <li v-show="!results.length">
+              <span class="menu-item">
+                {{ s__('ClusterIntegration|No zones matched your search') }}
+              </span>
+            </li>
+            <li v-for="result in results" :key="result.id">
+              <button type="button" @click.prevent="setItem(result.name)">{{ result.name }}</button>
+            </li>
+          </ul>
+        </div>
+        <div class="dropdown-loading"><gl-loading-icon /></div>
+      </div>
+    </div>
+    <span
+      v-if="hasErrors"
+      :class="{
+        'text-danger': hasErrors,
+        'text-muted': !hasErrors,
+      }"
+      class="form-text"
+    >
+      {{ errorMessage }}
+    </span>
+  </div>
+</template>
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/constants.js b/app/assets/javascripts/create_cluster/gke_cluster/constants.js
new file mode 100644
index 00000000000..2a1c0819916
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/constants.js
@@ -0,0 +1,11 @@
+import { s__ } from '~/locale';
+
+export const GCP_API_ERROR = s__(
+  'ClusterIntegration|An error occurred when trying to contact the Google Cloud API. Please try again later.',
+);
+export const GCP_API_CLOUD_BILLING_ENDPOINT =
+  'https://www.googleapis.com/discovery/v1/apis/cloudbilling/v1/rest';
+export const GCP_API_CLOUD_RESOURCE_MANAGER_ENDPOINT =
+  'https://www.googleapis.com/discovery/v1/apis/cloudresourcemanager/v1/rest';
+export const GCP_API_COMPUTE_ENDPOINT =
+  'https://www.googleapis.com/discovery/v1/apis/compute/v1/rest';
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/index.js b/app/assets/javascripts/create_cluster/gke_cluster/index.js
new file mode 100644
index 00000000000..729b9404b64
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/index.js
@@ -0,0 +1,88 @@
+/* global gapi */
+import Vue from 'vue';
+import Flash from '~/flash';
+import GkeProjectIdDropdown from './components/gke_project_id_dropdown.vue';
+import GkeZoneDropdown from './components/gke_zone_dropdown.vue';
+import GkeMachineTypeDropdown from './components/gke_machine_type_dropdown.vue';
+import * as CONSTANTS from './constants';
+
+const mountComponent = (entryPoint, component, componentName, extraProps = {}) => {
+  const el = document.querySelector(entryPoint);
+  if (!el) return false;
+
+  const hiddenInput = el.querySelector('input');
+
+  return new Vue({
+    el,
+    components: {
+      [componentName]: component,
+    },
+    render: createElement =>
+      createElement(componentName, {
+        props: {
+          fieldName: hiddenInput.getAttribute('name'),
+          fieldId: hiddenInput.getAttribute('id'),
+          defaultValue: hiddenInput.value,
+          ...extraProps,
+        },
+      }),
+  });
+};
+
+const mountGkeProjectIdDropdown = () => {
+  const entryPoint = '.js-gcp-project-id-dropdown-entry-point';
+  const el = document.querySelector(entryPoint);
+
+  mountComponent(entryPoint, GkeProjectIdDropdown, 'gke-project-id-dropdown', {
+    docsUrl: el.dataset.docsurl,
+  });
+};
+
+const mountGkeZoneDropdown = () => {
+  mountComponent('.js-gcp-zone-dropdown-entry-point', GkeZoneDropdown, 'gke-zone-dropdown');
+};
+
+const mountGkeMachineTypeDropdown = () => {
+  mountComponent(
+    '.js-gcp-machine-type-dropdown-entry-point',
+    GkeMachineTypeDropdown,
+    'gke-machine-type-dropdown',
+  );
+};
+
+const gkeDropdownErrorHandler = () => {
+  Flash(CONSTANTS.GCP_API_ERROR);
+};
+
+const initializeGapiClient = () => {
+  const el = document.querySelector('.js-gke-cluster-creation');
+  if (!el) return false;
+
+  return gapi.client
+    .init({
+      discoveryDocs: [
+        CONSTANTS.GCP_API_CLOUD_BILLING_ENDPOINT,
+        CONSTANTS.GCP_API_CLOUD_RESOURCE_MANAGER_ENDPOINT,
+        CONSTANTS.GCP_API_COMPUTE_ENDPOINT,
+      ],
+    })
+    .then(() => {
+      gapi.client.setToken({ access_token: el.dataset.token });
+
+      mountGkeProjectIdDropdown();
+      mountGkeZoneDropdown();
+      mountGkeMachineTypeDropdown();
+    })
+    .catch(gkeDropdownErrorHandler);
+};
+
+const initGkeDropdowns = () => {
+  if (!gapi) {
+    gkeDropdownErrorHandler();
+    return false;
+  }
+
+  return gapi.load('client', initializeGapiClient);
+};
+
+export default initGkeDropdowns;
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/actions.js b/app/assets/javascripts/create_cluster/gke_cluster/store/actions.js
new file mode 100644
index 00000000000..f05ad7773a2
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/actions.js
@@ -0,0 +1,95 @@
+/* global gapi */
+import * as types from './mutation_types';
+
+const gapiResourceListRequest = ({ resource, params, commit, mutation, payloadKey }) =>
+  new Promise((resolve, reject) => {
+    const request = resource.list(params);
+
+    return request.then(
+      resp => {
+        const { result } = resp;
+
+        commit(mutation, result[payloadKey]);
+
+        resolve();
+      },
+      resp => {
+        reject(resp);
+      },
+    );
+  });
+
+export const setProject = ({ commit }, selectedProject) => {
+  commit(types.SET_PROJECT, selectedProject);
+};
+
+export const setZone = ({ commit }, selectedZone) => {
+  commit(types.SET_ZONE, selectedZone);
+};
+
+export const setMachineType = ({ commit }, selectedMachineType) => {
+  commit(types.SET_MACHINE_TYPE, selectedMachineType);
+};
+
+export const setIsValidatingProjectBilling = ({ commit }, isValidatingProjectBilling) => {
+  commit(types.SET_IS_VALIDATING_PROJECT_BILLING, isValidatingProjectBilling);
+};
+
+export const fetchProjects = ({ commit }) =>
+  gapiResourceListRequest({
+    resource: gapi.client.cloudresourcemanager.projects,
+    params: {},
+    commit,
+    mutation: types.SET_PROJECTS,
+    payloadKey: 'projects',
+  });
+
+export const validateProjectBilling = ({ dispatch, commit, state }) =>
+  new Promise((resolve, reject) => {
+    const request = gapi.client.cloudbilling.projects.getBillingInfo({
+      name: `projects/${state.selectedProject.projectId}`,
+    });
+
+    commit(types.SET_ZONE, '');
+    commit(types.SET_MACHINE_TYPE, '');
+
+    return request.then(
+      resp => {
+        const { billingEnabled } = resp.result;
+
+        commit(types.SET_PROJECT_BILLING_STATUS, Boolean(billingEnabled));
+        dispatch('setIsValidatingProjectBilling', false);
+        resolve();
+      },
+      resp => {
+        dispatch('setIsValidatingProjectBilling', false);
+        reject(resp);
+      },
+    );
+  });
+
+export const fetchZones = ({ commit, state }) =>
+  gapiResourceListRequest({
+    resource: gapi.client.compute.zones,
+    params: {
+      project: state.selectedProject.projectId,
+    },
+    commit,
+    mutation: types.SET_ZONES,
+    payloadKey: 'items',
+  });
+
+export const fetchMachineTypes = ({ commit, state }) =>
+  gapiResourceListRequest({
+    resource: gapi.client.compute.machineTypes,
+    params: {
+      project: state.selectedProject.projectId,
+      zone: state.selectedZone,
+    },
+    commit,
+    mutation: types.SET_MACHINE_TYPES,
+    payloadKey: 'items',
+  });
+
+// prevent babel-plugin-rewire from generating an invalid default during karma tests
+export default () => {};
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/getters.js b/app/assets/javascripts/create_cluster/gke_cluster/store/getters.js
new file mode 100644
index 00000000000..f9e2e2f74fb
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/getters.js
@@ -0,0 +1,3 @@
+export const hasProject = state => Boolean(state.selectedProject.projectId);
+export const hasZone = state => Boolean(state.selectedZone);
+export const hasMachineType = state => Boolean(state.selectedMachineType);
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/index.js b/app/assets/javascripts/create_cluster/gke_cluster/store/index.js
new file mode 100644
index 00000000000..5f72060633e
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/index.js
@@ -0,0 +1,18 @@
+import Vue from 'vue';
+import Vuex from 'vuex';
+import * as actions from './actions';
+import * as getters from './getters';
+import mutations from './mutations';
+import createState from './state';
+
+Vue.use(Vuex);
+
+export const createStore = () =>
+  new Vuex.Store({
+    actions,
+    getters,
+    mutations,
+    state: createState(),
+  });
+
+export default createStore();
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/mutation_types.js b/app/assets/javascripts/create_cluster/gke_cluster/store/mutation_types.js
new file mode 100644
index 00000000000..45a91efc2d9
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/mutation_types.js
@@ -0,0 +1,8 @@
+export const SET_PROJECT = 'SET_PROJECT';
+export const SET_PROJECT_BILLING_STATUS = 'SET_PROJECT_BILLING_STATUS';
+export const SET_IS_VALIDATING_PROJECT_BILLING = 'SET_IS_VALIDATING_PROJECT_BILLING';
+export const SET_ZONE = 'SET_ZONE';
+export const SET_MACHINE_TYPE = 'SET_MACHINE_TYPE';
+export const SET_PROJECTS = 'SET_PROJECTS';
+export const SET_ZONES = 'SET_ZONES';
+export const SET_MACHINE_TYPES = 'SET_MACHINE_TYPES';
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/mutations.js b/app/assets/javascripts/create_cluster/gke_cluster/store/mutations.js
new file mode 100644
index 00000000000..88a2c1b630d
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/mutations.js
@@ -0,0 +1,28 @@
+import * as types from './mutation_types';
+
+export default {
+  [types.SET_PROJECT](state, selectedProject) {
+    Object.assign(state, { selectedProject });
+  },
+  [types.SET_IS_VALIDATING_PROJECT_BILLING](state, isValidatingProjectBilling) {
+    Object.assign(state, { isValidatingProjectBilling });
+  },
+  [types.SET_PROJECT_BILLING_STATUS](state, projectHasBillingEnabled) {
+    Object.assign(state, { projectHasBillingEnabled });
+  },
+  [types.SET_ZONE](state, selectedZone) {
+    Object.assign(state, { selectedZone });
+  },
+  [types.SET_MACHINE_TYPE](state, selectedMachineType) {
+    Object.assign(state, { selectedMachineType });
+  },
+  [types.SET_PROJECTS](state, projects) {
+    Object.assign(state, { projects });
+  },
+  [types.SET_ZONES](state, zones) {
+    Object.assign(state, { zones });
+  },
+  [types.SET_MACHINE_TYPES](state, machineTypes) {
+    Object.assign(state, { machineTypes });
+  },
+};
diff --git a/app/assets/javascripts/create_cluster/gke_cluster/store/state.js b/app/assets/javascripts/create_cluster/gke_cluster/store/state.js
new file mode 100644
index 00000000000..9f3c473d4bc
--- /dev/null
+++ b/app/assets/javascripts/create_cluster/gke_cluster/store/state.js
@@ -0,0 +1,13 @@
+export default () => ({
+  selectedProject: {
+    projectId: '',
+    name: '',
+  },
+  selectedZone: '',
+  selectedMachineType: '',
+  isValidatingProjectBilling: null,
+  projectHasBillingEnabled: null,
+  projects: [],
+  zones: [],
+  machineTypes: [],
+});
diff --git a/app/assets/javascripts/pages/admin/clusters/index.js b/app/assets/javascripts/pages/admin/clusters/index.js
index d0c9ae66c6a..43992938d07 100644
--- a/app/assets/javascripts/pages/admin/clusters/index.js
+++ b/app/assets/javascripts/pages/admin/clusters/index.js
@@ -1,5 +1,5 @@
 import PersistentUserCallout from '~/persistent_user_callout';
-import initGkeDropdowns from '~/projects/gke_cluster_dropdowns';
+import initGkeDropdowns from '~/create_cluster/gke_cluster';
 
 function initGcpSignupCallout() {
   const callout = document.querySelector('.gcp-signup-offer');
diff --git a/app/assets/javascripts/pages/groups/index.js b/app/assets/javascripts/pages/groups/index.js
index 451be6497de..a33d242908b 100644
--- a/app/assets/javascripts/pages/groups/index.js
+++ b/app/assets/javascripts/pages/groups/index.js
@@ -1,5 +1,5 @@
 import PersistentUserCallout from '~/persistent_user_callout';
-import initGkeDropdowns from '~/projects/gke_cluster_dropdowns';
+import initGkeDropdowns from '~/create_cluster/gke_cluster';
 
 function initGcpSignupCallout() {
   const callout = document.querySelector('.gcp-signup-offer');
diff --git a/app/assets/javascripts/pages/projects/index.js b/app/assets/javascripts/pages/projects/index.js
index 55c377ebec0..196798a9076 100644
--- a/app/assets/javascripts/pages/projects/index.js
+++ b/app/assets/javascripts/pages/projects/index.js
@@ -1,4 +1,4 @@
-import initGkeDropdowns from '~/projects/gke_cluster_dropdowns';
+import initGkeDropdowns from '~/create_cluster/gke_cluster';
 import initGkeNamespace from '~/projects/gke_cluster_namespace';
 import PersistentUserCallout from '../../persistent_user_callout';
 import Project from './project';
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_dropdown_mixin.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_dropdown_mixin.js
deleted file mode 100644
index 5a3407693e5..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_dropdown_mixin.js
+++ /dev/null
@@ -1,71 +0,0 @@
-import _ from 'underscore';
-import DropdownSearchInput from '~/vue_shared/components/dropdown/dropdown_search_input.vue';
-import DropdownHiddenInput from '~/vue_shared/components/dropdown/dropdown_hidden_input.vue';
-import DropdownButton from '~/vue_shared/components/dropdown/dropdown_button.vue';
-import { GlLoadingIcon } from '@gitlab/ui';
-
-import store from '../store';
-
-export default {
-  store,
-  components: {
-    DropdownButton,
-    DropdownSearchInput,
-    DropdownHiddenInput,
-    GlLoadingIcon,
-  },
-  props: {
-    fieldId: {
-      type: String,
-      required: true,
-    },
-    fieldName: {
-      type: String,
-      required: true,
-    },
-    defaultValue: {
-      type: String,
-      required: false,
-      default: '',
-    },
-  },
-  data() {
-    return {
-      isLoading: false,
-      hasErrors: false,
-      searchQuery: '',
-      gapiError: '',
-    };
-  },
-  computed: {
-    results() {
-      if (!this.items) {
-        return [];
-      }
-
-      return this.items.filter(item => item.name.toLowerCase().indexOf(this.searchQuery) > -1);
-    },
-  },
-  methods: {
-    fetchSuccessHandler() {
-      if (this.defaultValue) {
-        const itemToSelect = _.find(this.items, item => item.name === this.defaultValue);
-
-        if (itemToSelect) {
-          this.setItem(itemToSelect.name);
-        }
-      }
-
-      this.isLoading = false;
-      this.hasErrors = false;
-    },
-    fetchFailureHandler(resp) {
-      this.isLoading = false;
-      this.hasErrors = true;
-
-      if (resp.result && resp.result.error) {
-        this.gapiError = resp.result.error.message;
-      }
-    },
-  },
-};
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_machine_type_dropdown.vue b/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_machine_type_dropdown.vue
deleted file mode 100644
index 83811ab489a..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_machine_type_dropdown.vue
+++ /dev/null
@@ -1,129 +0,0 @@
-<script>
-import { sprintf, s__ } from '~/locale';
-import { mapState, mapGetters, mapActions } from 'vuex';
-
-import gkeDropdownMixin from './gke_dropdown_mixin';
-
-export default {
-  name: 'GkeMachineTypeDropdown',
-  mixins: [gkeDropdownMixin],
-  computed: {
-    ...mapState([
-      'isValidatingProjectBilling',
-      'projectHasBillingEnabled',
-      'selectedZone',
-      'selectedMachineType',
-    ]),
-    ...mapState({ items: 'machineTypes' }),
-    ...mapGetters(['hasZone', 'hasMachineType']),
-    allDropdownsSelected() {
-      return this.projectHasBillingEnabled && this.hasZone && this.hasMachineType;
-    },
-    isDisabled() {
-      return (
-        this.isLoading ||
-        this.isValidatingProjectBilling ||
-        !this.projectHasBillingEnabled ||
-        !this.hasZone
-      );
-    },
-    toggleText() {
-      if (this.isLoading) {
-        return s__('ClusterIntegration|Fetching machine types');
-      }
-
-      if (this.selectedMachineType) {
-        return this.selectedMachineType;
-      }
-
-      if (!this.projectHasBillingEnabled && !this.hasZone) {
-        return s__('ClusterIntegration|Select project and zone to choose machine type');
-      }
-
-      return !this.hasZone
-        ? s__('ClusterIntegration|Select zone to choose machine type')
-        : s__('ClusterIntegration|Select machine type');
-    },
-    errorMessage() {
-      return sprintf(
-        s__(
-          'ClusterIntegration|An error occurred while trying to fetch zone machine types: %{error}',
-        ),
-        { error: this.gapiError },
-      );
-    },
-  },
-  watch: {
-    selectedZone() {
-      this.hasErrors = false;
-
-      if (this.hasZone) {
-        this.isLoading = true;
-
-        this.fetchMachineTypes()
-          .then(this.fetchSuccessHandler)
-          .catch(this.fetchFailureHandler);
-      }
-    },
-    selectedMachineType() {
-      this.enableSubmit();
-    },
-  },
-  methods: {
-    ...mapActions(['fetchMachineTypes']),
-    ...mapActions({ setItem: 'setMachineType' }),
-    enableSubmit() {
-      if (this.allDropdownsSelected) {
-        const submitButtonEl = document.querySelector('.js-gke-cluster-creation-submit');
-
-        if (submitButtonEl) {
-          submitButtonEl.removeAttribute('disabled');
-        }
-      }
-    },
-  },
-};
-</script>
-
-<template>
-  <div>
-    <div class="js-gcp-machine-type-dropdown dropdown">
-      <dropdown-hidden-input :name="fieldName" :value="selectedMachineType" />
-      <dropdown-button
-        :class="{ 'border-danger': hasErrors }"
-        :is-disabled="isDisabled"
-        :is-loading="isLoading"
-        :toggle-text="toggleText"
-      />
-      <div class="dropdown-menu dropdown-select">
-        <dropdown-search-input
-          v-model="searchQuery"
-          :placeholder-text="s__('ClusterIntegration|Search machine types')"
-        />
-        <div class="dropdown-content">
-          <ul>
-            <li v-show="!results.length">
-              <span class="menu-item">
-                {{ s__('ClusterIntegration|No machine types matched your search') }}
-              </span>
-            </li>
-            <li v-for="result in results" :key="result.id">
-              <button type="button" @click.prevent="setItem(result.name)">{{ result.name }}</button>
-            </li>
-          </ul>
-        </div>
-        <div class="dropdown-loading"><gl-loading-icon /></div>
-      </div>
-    </div>
-    <span
-      v-if="hasErrors"
-      :class="{
-        'text-danger': hasErrors,
-        'text-muted': !hasErrors,
-      }"
-      class="form-text"
-    >
-      {{ errorMessage }}
-    </span>
-  </div>
-</template>
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_project_id_dropdown.vue b/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_project_id_dropdown.vue
deleted file mode 100644
index a2eb79af4f9..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_project_id_dropdown.vue
+++ /dev/null
@@ -1,188 +0,0 @@
-<script>
-import _ from 'underscore';
-import { s__, sprintf } from '~/locale';
-import { mapState, mapGetters, mapActions } from 'vuex';
-
-import gkeDropdownMixin from './gke_dropdown_mixin';
-
-export default {
-  name: 'GkeProjectIdDropdown',
-  mixins: [gkeDropdownMixin],
-  props: {
-    docsUrl: {
-      type: String,
-      required: true,
-    },
-  },
-  computed: {
-    ...mapState(['selectedProject', 'isValidatingProjectBilling', 'projectHasBillingEnabled']),
-    ...mapState({ items: 'projects' }),
-    ...mapGetters(['hasProject']),
-    hasOneProject() {
-      return this.items && this.items.length === 1;
-    },
-    isDisabled() {
-      return (
-        this.isLoading || this.isValidatingProjectBilling || (this.items && this.items.length < 2)
-      );
-    },
-    toggleText() {
-      if (this.isValidatingProjectBilling) {
-        return s__('ClusterIntegration|Validating project billing status');
-      }
-
-      if (this.isLoading) {
-        return s__('ClusterIntegration|Fetching projects');
-      }
-
-      if (this.hasProject) {
-        return this.selectedProject.name;
-      }
-
-      if (!this.items) {
-        return s__('ClusterIntegration|No projects found');
-      }
-
-      return s__('ClusterIntegration|Select project');
-    },
-    helpText() {
-      let message;
-      if (this.hasErrors) {
-        return this.errorMessage;
-      }
-
-      if (!this.items) {
-        message =
-          'ClusterIntegration|We were unable to fetch any projects. Ensure that you have a project on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.';
-      }
-
-      message =
-        this.items && this.items.length
-          ? 'ClusterIntegration|To use a new project, first create one on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.'
-          : 'ClusterIntegration|To create a cluster, first create a project on %{docsLinkStart}Google Cloud Platform%{docsLinkEnd}.';
-
-      return sprintf(
-        s__(message),
-        {
-          docsLinkEnd: '&nbsp;<i class="fa fa-external-link" aria-hidden="true"></i></a>',
-          docsLinkStart: `<a href="${_.escape(
-            this.docsUrl,
-          )}" target="_blank" rel="noopener noreferrer">`,
-        },
-        false,
-      );
-    },
-    errorMessage() {
-      if (!this.projectHasBillingEnabled) {
-        if (this.gapiError) {
-          return s__(
-            'ClusterIntegration|We could not verify that one of your projects on GCP has billing enabled. Please try again.',
-          );
-        }
-
-        return sprintf(
-          s__(
-            'This project does not have billing enabled. To create a cluster, <a href=%{linkToBilling} target="_blank" rel="noopener noreferrer">enable billing <i class="fa fa-external-link" aria-hidden="true"></i></a> and try again.',
-          ),
-          {
-            linkToBilling:
-              'https://console.cloud.google.com/freetrial?utm_campaign=2018_cpanel&utm_source=gitlab&utm_medium=referral',
-          },
-          false,
-        );
-      }
-
-      return sprintf(
-        s__('ClusterIntegration|An error occurred while trying to fetch your projects: %{error}'),
-        { error: this.gapiError },
-      );
-    },
-  },
-  watch: {
-    selectedProject() {
-      this.setIsValidatingProjectBilling(true);
-
-      this.validateProjectBilling()
-        .then(this.validateProjectBillingSuccessHandler)
-        .catch(this.validateProjectBillingFailureHandler);
-    },
-  },
-  created() {
-    this.isLoading = true;
-
-    this.fetchProjects()
-      .then(this.fetchSuccessHandler)
-      .catch(this.fetchFailureHandler);
-  },
-  methods: {
-    ...mapActions(['fetchProjects', 'setIsValidatingProjectBilling', 'validateProjectBilling']),
-    ...mapActions({ setItem: 'setProject' }),
-    fetchSuccessHandler() {
-      if (this.defaultValue) {
-        const projectToSelect = _.find(this.items, item => item.projectId === this.defaultValue);
-
-        if (projectToSelect) {
-          this.setItem(projectToSelect);
-        }
-      } else if (this.items.length === 1) {
-        this.setItem(this.items[0]);
-      }
-
-      this.isLoading = false;
-      this.hasErrors = false;
-    },
-    validateProjectBillingSuccessHandler() {
-      this.hasErrors = !this.projectHasBillingEnabled;
-    },
-    validateProjectBillingFailureHandler(resp) {
-      this.hasErrors = true;
-
-      this.gapiError = resp.result ? resp.result.error.message : resp;
-    },
-  },
-};
-</script>
-
-<template>
-  <div>
-    <div class="js-gcp-project-id-dropdown dropdown">
-      <dropdown-hidden-input :name="fieldName" :value="selectedProject.projectId" />
-      <dropdown-button
-        :class="{
-          'border-danger': hasErrors,
-          'read-only': hasOneProject,
-        }"
-        :is-disabled="isDisabled"
-        :is-loading="isLoading"
-        :toggle-text="toggleText"
-      />
-      <div class="dropdown-menu dropdown-select">
-        <dropdown-search-input
-          v-model="searchQuery"
-          :placeholder-text="s__('ClusterIntegration|Search projects')"
-        />
-        <div class="dropdown-content">
-          <ul>
-            <li v-show="!results.length">
-              <span class="menu-item">
-                {{ s__('ClusterIntegration|No projects matched your search') }}
-              </span>
-            </li>
-            <li v-for="result in results" :key="result.project_number">
-              <button type="button" @click.prevent="setItem(result)">{{ result.name }}</button>
-            </li>
-          </ul>
-        </div>
-        <div class="dropdown-loading"><gl-loading-icon /></div>
-      </div>
-    </div>
-    <span
-      :class="{
-        'text-danger': hasErrors,
-        'text-muted': !hasErrors,
-      }"
-      class="form-text"
-      v-html="helpText"
-    ></span>
-  </div>
-</template>
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_zone_dropdown.vue b/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_zone_dropdown.vue
deleted file mode 100644
index fd5d5f86401..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/components/gke_zone_dropdown.vue
+++ /dev/null
@@ -1,103 +0,0 @@
-<script>
-import { sprintf, s__ } from '~/locale';
-import { mapState, mapActions } from 'vuex';
-
-import gkeDropdownMixin from './gke_dropdown_mixin';
-
-export default {
-  name: 'GkeZoneDropdown',
-  mixins: [gkeDropdownMixin],
-  computed: {
-    ...mapState([
-      'selectedProject',
-      'selectedZone',
-      'projects',
-      'isValidatingProjectBilling',
-      'projectHasBillingEnabled',
-    ]),
-    ...mapState({ items: 'zones' }),
-    isDisabled() {
-      return this.isLoading || this.isValidatingProjectBilling || !this.projectHasBillingEnabled;
-    },
-    toggleText() {
-      if (this.isLoading) {
-        return s__('ClusterIntegration|Fetching zones');
-      }
-
-      if (this.selectedZone) {
-        return this.selectedZone;
-      }
-
-      return !this.projectHasBillingEnabled
-        ? s__('ClusterIntegration|Select project to choose zone')
-        : s__('ClusterIntegration|Select zone');
-    },
-    errorMessage() {
-      return sprintf(
-        s__('ClusterIntegration|An error occurred while trying to fetch project zones: %{error}'),
-        { error: this.gapiError },
-      );
-    },
-  },
-  watch: {
-    isValidatingProjectBilling(isValidating) {
-      this.hasErrors = false;
-
-      if (!isValidating && this.projectHasBillingEnabled) {
-        this.isLoading = true;
-
-        this.fetchZones()
-          .then(this.fetchSuccessHandler)
-          .catch(this.fetchFailureHandler);
-      }
-    },
-  },
-  methods: {
-    ...mapActions(['fetchZones']),
-    ...mapActions({ setItem: 'setZone' }),
-  },
-};
-</script>
-
-<template>
-  <div>
-    <div class="js-gcp-zone-dropdown dropdown">
-      <dropdown-hidden-input :name="fieldName" :value="selectedZone" />
-      <dropdown-button
-        :class="{ 'border-danger': hasErrors }"
-        :is-disabled="isDisabled"
-        :is-loading="isLoading"
-        :toggle-text="toggleText"
-      />
-      <div class="dropdown-menu dropdown-select">
-        <dropdown-search-input
-          v-model="searchQuery"
-          :placeholder-text="s__('ClusterIntegration|Search zones')"
-        />
-        <div class="dropdown-content">
-          <ul>
-            <li v-show="!results.length">
-              <span class="menu-item">
-                {{ s__('ClusterIntegration|No zones matched your search') }}
-              </span>
-            </li>
-            <li v-for="result in results" :key="result.id">
-              <button type="button" @click.prevent="setItem(result.name)">{{ result.name }}</button>
-            </li>
-          </ul>
-        </div>
-        <div class="dropdown-loading"><gl-loading-icon /></div>
-      </div>
-    </div>
-    <span
-      v-if="hasErrors"
-      :class="{
-        'text-danger': hasErrors,
-        'text-muted': !hasErrors,
-      }"
-      class="form-text"
-    >
-      {{ errorMessage }}
-    </span>
-  </div>
-</template>
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/constants.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/constants.js
deleted file mode 100644
index 2a1c0819916..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/constants.js
+++ /dev/null
@@ -1,11 +0,0 @@
-import { s__ } from '~/locale';
-
-export const GCP_API_ERROR = s__(
-  'ClusterIntegration|An error occurred when trying to contact the Google Cloud API. Please try again later.',
-);
-export const GCP_API_CLOUD_BILLING_ENDPOINT =
-  'https://www.googleapis.com/discovery/v1/apis/cloudbilling/v1/rest';
-export const GCP_API_CLOUD_RESOURCE_MANAGER_ENDPOINT =
-  'https://www.googleapis.com/discovery/v1/apis/cloudresourcemanager/v1/rest';
-export const GCP_API_COMPUTE_ENDPOINT =
-  'https://www.googleapis.com/discovery/v1/apis/compute/v1/rest';
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/index.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/index.js
deleted file mode 100644
index 729b9404b64..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/index.js
+++ /dev/null
@@ -1,88 +0,0 @@
-/* global gapi */
-import Vue from 'vue';
-import Flash from '~/flash';
-import GkeProjectIdDropdown from './components/gke_project_id_dropdown.vue';
-import GkeZoneDropdown from './components/gke_zone_dropdown.vue';
-import GkeMachineTypeDropdown from './components/gke_machine_type_dropdown.vue';
-import * as CONSTANTS from './constants';
-
-const mountComponent = (entryPoint, component, componentName, extraProps = {}) => {
-  const el = document.querySelector(entryPoint);
-  if (!el) return false;
-
-  const hiddenInput = el.querySelector('input');
-
-  return new Vue({
-    el,
-    components: {
-      [componentName]: component,
-    },
-    render: createElement =>
-      createElement(componentName, {
-        props: {
-          fieldName: hiddenInput.getAttribute('name'),
-          fieldId: hiddenInput.getAttribute('id'),
-          defaultValue: hiddenInput.value,
-          ...extraProps,
-        },
-      }),
-  });
-};
-
-const mountGkeProjectIdDropdown = () => {
-  const entryPoint = '.js-gcp-project-id-dropdown-entry-point';
-  const el = document.querySelector(entryPoint);
-
-  mountComponent(entryPoint, GkeProjectIdDropdown, 'gke-project-id-dropdown', {
-    docsUrl: el.dataset.docsurl,
-  });
-};
-
-const mountGkeZoneDropdown = () => {
-  mountComponent('.js-gcp-zone-dropdown-entry-point', GkeZoneDropdown, 'gke-zone-dropdown');
-};
-
-const mountGkeMachineTypeDropdown = () => {
-  mountComponent(
-    '.js-gcp-machine-type-dropdown-entry-point',
-    GkeMachineTypeDropdown,
-    'gke-machine-type-dropdown',
-  );
-};
-
-const gkeDropdownErrorHandler = () => {
-  Flash(CONSTANTS.GCP_API_ERROR);
-};
-
-const initializeGapiClient = () => {
-  const el = document.querySelector('.js-gke-cluster-creation');
-  if (!el) return false;
-
-  return gapi.client
-    .init({
-      discoveryDocs: [
-        CONSTANTS.GCP_API_CLOUD_BILLING_ENDPOINT,
-        CONSTANTS.GCP_API_CLOUD_RESOURCE_MANAGER_ENDPOINT,
-        CONSTANTS.GCP_API_COMPUTE_ENDPOINT,
-      ],
-    })
-    .then(() => {
-      gapi.client.setToken({ access_token: el.dataset.token });
-
-      mountGkeProjectIdDropdown();
-      mountGkeZoneDropdown();
-      mountGkeMachineTypeDropdown();
-    })
-    .catch(gkeDropdownErrorHandler);
-};
-
-const initGkeDropdowns = () => {
-  if (!gapi) {
-    gkeDropdownErrorHandler();
-    return false;
-  }
-
-  return gapi.load('client', initializeGapiClient);
-};
-
-export default initGkeDropdowns;
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/actions.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/actions.js
deleted file mode 100644
index f05ad7773a2..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/actions.js
+++ /dev/null
@@ -1,95 +0,0 @@
-/* global gapi */
-import * as types from './mutation_types';
-
-const gapiResourceListRequest = ({ resource, params, commit, mutation, payloadKey }) =>
-  new Promise((resolve, reject) => {
-    const request = resource.list(params);
-
-    return request.then(
-      resp => {
-        const { result } = resp;
-
-        commit(mutation, result[payloadKey]);
-
-        resolve();
-      },
-      resp => {
-        reject(resp);
-      },
-    );
-  });
-
-export const setProject = ({ commit }, selectedProject) => {
-  commit(types.SET_PROJECT, selectedProject);
-};
-
-export const setZone = ({ commit }, selectedZone) => {
-  commit(types.SET_ZONE, selectedZone);
-};
-
-export const setMachineType = ({ commit }, selectedMachineType) => {
-  commit(types.SET_MACHINE_TYPE, selectedMachineType);
-};
-
-export const setIsValidatingProjectBilling = ({ commit }, isValidatingProjectBilling) => {
-  commit(types.SET_IS_VALIDATING_PROJECT_BILLING, isValidatingProjectBilling);
-};
-
-export const fetchProjects = ({ commit }) =>
-  gapiResourceListRequest({
-    resource: gapi.client.cloudresourcemanager.projects,
-    params: {},
-    commit,
-    mutation: types.SET_PROJECTS,
-    payloadKey: 'projects',
-  });
-
-export const validateProjectBilling = ({ dispatch, commit, state }) =>
-  new Promise((resolve, reject) => {
-    const request = gapi.client.cloudbilling.projects.getBillingInfo({
-      name: `projects/${state.selectedProject.projectId}`,
-    });
-
-    commit(types.SET_ZONE, '');
-    commit(types.SET_MACHINE_TYPE, '');
-
-    return request.then(
-      resp => {
-        const { billingEnabled } = resp.result;
-
-        commit(types.SET_PROJECT_BILLING_STATUS, Boolean(billingEnabled));
-        dispatch('setIsValidatingProjectBilling', false);
-        resolve();
-      },
-      resp => {
-        dispatch('setIsValidatingProjectBilling', false);
-        reject(resp);
-      },
-    );
-  });
-
-export const fetchZones = ({ commit, state }) =>
-  gapiResourceListRequest({
-    resource: gapi.client.compute.zones,
-    params: {
-      project: state.selectedProject.projectId,
-    },
-    commit,
-    mutation: types.SET_ZONES,
-    payloadKey: 'items',
-  });
-
-export const fetchMachineTypes = ({ commit, state }) =>
-  gapiResourceListRequest({
-    resource: gapi.client.compute.machineTypes,
-    params: {
-      project: state.selectedProject.projectId,
-      zone: state.selectedZone,
-    },
-    commit,
-    mutation: types.SET_MACHINE_TYPES,
-    payloadKey: 'items',
-  });
-
-// prevent babel-plugin-rewire from generating an invalid default during karma tests
-export default () => {};
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/getters.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/getters.js
deleted file mode 100644
index f9e2e2f74fb..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/getters.js
+++ /dev/null
@@ -1,3 +0,0 @@
-export const hasProject = state => Boolean(state.selectedProject.projectId);
-export const hasZone = state => Boolean(state.selectedZone);
-export const hasMachineType = state => Boolean(state.selectedMachineType);
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/index.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/index.js
deleted file mode 100644
index 5f72060633e..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/index.js
+++ /dev/null
@@ -1,18 +0,0 @@
-import Vue from 'vue';
-import Vuex from 'vuex';
-import * as actions from './actions';
-import * as getters from './getters';
-import mutations from './mutations';
-import createState from './state';
-
-Vue.use(Vuex);
-
-export const createStore = () =>
-  new Vuex.Store({
-    actions,
-    getters,
-    mutations,
-    state: createState(),
-  });
-
-export default createStore();
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutation_types.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutation_types.js
deleted file mode 100644
index 45a91efc2d9..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutation_types.js
+++ /dev/null
@@ -1,8 +0,0 @@
-export const SET_PROJECT = 'SET_PROJECT';
-export const SET_PROJECT_BILLING_STATUS = 'SET_PROJECT_BILLING_STATUS';
-export const SET_IS_VALIDATING_PROJECT_BILLING = 'SET_IS_VALIDATING_PROJECT_BILLING';
-export const SET_ZONE = 'SET_ZONE';
-export const SET_MACHINE_TYPE = 'SET_MACHINE_TYPE';
-export const SET_PROJECTS = 'SET_PROJECTS';
-export const SET_ZONES = 'SET_ZONES';
-export const SET_MACHINE_TYPES = 'SET_MACHINE_TYPES';
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutations.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutations.js
deleted file mode 100644
index 88a2c1b630d..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/mutations.js
+++ /dev/null
@@ -1,28 +0,0 @@
-import * as types from './mutation_types';
-
-export default {
-  [types.SET_PROJECT](state, selectedProject) {
-    Object.assign(state, { selectedProject });
-  },
-  [types.SET_IS_VALIDATING_PROJECT_BILLING](state, isValidatingProjectBilling) {
-    Object.assign(state, { isValidatingProjectBilling });
-  },
-  [types.SET_PROJECT_BILLING_STATUS](state, projectHasBillingEnabled) {
-    Object.assign(state, { projectHasBillingEnabled });
-  },
-  [types.SET_ZONE](state, selectedZone) {
-    Object.assign(state, { selectedZone });
-  },
-  [types.SET_MACHINE_TYPE](state, selectedMachineType) {
-    Object.assign(state, { selectedMachineType });
-  },
-  [types.SET_PROJECTS](state, projects) {
-    Object.assign(state, { projects });
-  },
-  [types.SET_ZONES](state, zones) {
-    Object.assign(state, { zones });
-  },
-  [types.SET_MACHINE_TYPES](state, machineTypes) {
-    Object.assign(state, { machineTypes });
-  },
-};
diff --git a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/state.js b/app/assets/javascripts/projects/gke_cluster_dropdowns/store/state.js
deleted file mode 100644
index 9f3c473d4bc..00000000000
--- a/app/assets/javascripts/projects/gke_cluster_dropdowns/store/state.js
+++ /dev/null
@@ -1,13 +0,0 @@
-export default () => ({
-  selectedProject: {
-    projectId: '',
-    name: '',
-  },
-  selectedZone: '',
-  selectedMachineType: '',
-  isValidatingProjectBilling: null,
-  projectHasBillingEnabled: null,
-  projects: [],
-  zones: [],
-  machineTypes: [],
-});
-- 
cgit v1.2.1


From 5270e7e5af9fdcc8853b541686b6dea48da9c4ac Mon Sep 17 00:00:00 2001
From: Tomasz Maczukin <tomasz@maczukin.pl>
Date: Tue, 27 Aug 2019 20:39:17 +0200
Subject: Update GitLab Runner Helm Chart to 0.8.0

---
 app/models/clusters/applications/runner.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb
index 6533b7a186e..329250255fd 100644
--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class Runner < ApplicationRecord
-      VERSION = '0.7.0'.freeze
+      VERSION = '0.8.0'.freeze
 
       self.table_name = 'clusters_applications_runners'
 
-- 
cgit v1.2.1


From 98949a13b03ca8602fa019e50eb48119e126ab23 Mon Sep 17 00:00:00 2001
From: Thomas Randolph <trandolph@gitlab.com>
Date: Tue, 27 Aug 2019 19:30:21 +0000
Subject: Round the file title; Add top border to conflict diffs

The file title sometimes overflows its container, which has the same
border-radius. By always rounding the file title, the overflow never
happens, so the corners always look correct.

Everywhere else there are file diffs, there is a top border to complete
the full border around the file.
---
 app/assets/stylesheets/pages/diff.scss | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'app')

diff --git a/app/assets/stylesheets/pages/diff.scss b/app/assets/stylesheets/pages/diff.scss
index 77a2fd6b876..defa1a6c0d5 100644
--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -2,8 +2,14 @@
 .diff-file {
   margin-bottom: $gl-padding;
 
+  &.conflict {
+    border-top: 1px solid $border-color;
+  }
+
   .file-title,
   .file-title-flex-parent {
+    border-top-left-radius: $border-radius-default;
+    border-top-right-radius: $border-radius-default;
     cursor: pointer;
 
     @media (min-width: map-get($grid-breakpoints, md)) {
@@ -67,6 +73,28 @@
     }
   }
 
+  @media (min-width: map-get($grid-breakpoints, md)) {
+    &.conflict .file-title,
+    &.conflict .file-title-flex-parent {
+      top: $header-height;
+    }
+
+    .with-performance-bar &.conflict .file-title,
+    .with-performance-bar &.conflict .file-title-flex-parent {
+      top: $header-height + $performance-bar-height;
+    }
+
+    .with-system-header &.conflict .file-title,
+    .with-system-header &.conflict .file-title-flex-parent {
+      top: $header-height + $system-header-height;
+    }
+
+    .with-system-header.with-performance-bar &.conflict .file-title,
+    .with-system-header.with-performance-bar &.conflict .file-title-flex-parent {
+      top: $header-height + $performance-bar-height + $system-header-height;
+    }
+  }
+
   .diff-content {
     background: $white-light;
     color: $gl-text-color;
-- 
cgit v1.2.1


From a0b14c40dcb53ddaa247bdfa92fe91e225bcaba6 Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@gitlab.com>
Date: Tue, 27 Aug 2019 20:50:26 +0000
Subject: CE-specific changes for designs `user_notes_count`

Notes call `#after_note_created` and `#after_note_destroyed` on their
noteable in callbacks, so the noteable can perform tasks particular to
them, like cache expiry.

This is in preparation of the EE-specific class
`DesignManagement::Design` clearing its `user_notes_count` cache when
its note are created or destroyed.

Refactoring Rspec behaviour testing of a counter caching service into a
shared example.

https://gitlab.com/gitlab-org/gitlab-ee/issues/13353
---
 app/services/base_count_service.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/services/base_count_service.rb b/app/services/base_count_service.rb
index ad1647842b8..cfad2dd9265 100644
--- a/app/services/base_count_service.rb
+++ b/app/services/base_count_service.rb
@@ -35,7 +35,7 @@ class BaseCountService
   end
 
   def cache_key
-    raise NotImplementedError, 'cache_key must be implemented and return a String'
+    raise NotImplementedError, 'cache_key must be implemented and return a String, Array, or Hash'
   end
 
   # subclasses can override to add any specific options, such as
-- 
cgit v1.2.1


From 2022e6799bcbf119ea80145e4993ffdb7bb108e3 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 27 Aug 2019 06:07:38 -0700
Subject: Makes LFS object linker process OIDs in batches

During a project import, `LfsLinkService` attempts to link `LfsObjects`
that have not already been associated with a project.  It's possible for
a large repo to have thousands of OIDs, which can cause long database
query and parsing times.  By processing a batch of 1000 at a time, we
can reduce that time at the expense of a few more SQL queries.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66274
---
 app/models/lfs_object.rb                           |  1 +
 .../projects/lfs_pointers/lfs_link_service.rb      | 29 ++++++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/models/lfs_object.rb b/app/models/lfs_object.rb
index 79a376ff0fd..40695a97d97 100644
--- a/app/models/lfs_object.rb
+++ b/app/models/lfs_object.rb
@@ -2,6 +2,7 @@
 
 class LfsObject < ApplicationRecord
   include AfterCommitQueue
+  include EachBatch
   include ObjectStorage::BackgroundMove
 
   has_many :lfs_objects_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
diff --git a/app/services/projects/lfs_pointers/lfs_link_service.rb b/app/services/projects/lfs_pointers/lfs_link_service.rb
index e3c956250f0..38de2af9c1e 100644
--- a/app/services/projects/lfs_pointers/lfs_link_service.rb
+++ b/app/services/projects/lfs_pointers/lfs_link_service.rb
@@ -4,6 +4,8 @@
 module Projects
   module LfsPointers
     class LfsLinkService < BaseService
+      BATCH_SIZE = 1000
+
       # Accept an array of oids to link
       #
       # Returns an array with the oid of the existent lfs objects
@@ -18,16 +20,33 @@ module Projects
 
       # rubocop: disable CodeReuse/ActiveRecord
       def link_existing_lfs_objects(oids)
-        existent_lfs_objects = LfsObject.where(oid: oids)
+        all_existing_objects = []
+        iterations = 0
+
+        LfsObject.where(oid: oids).each_batch(of: BATCH_SIZE) do |existent_lfs_objects|
+          next unless existent_lfs_objects.any?
+
+          iterations += 1
+          not_linked_lfs_objects = existent_lfs_objects.where.not(id: project.all_lfs_objects)
+          project.all_lfs_objects << not_linked_lfs_objects
 
-        return [] unless existent_lfs_objects.any?
+          all_existing_objects += existent_lfs_objects.pluck(:oid)
+        end
 
-        not_linked_lfs_objects = existent_lfs_objects.where.not(id: project.all_lfs_objects)
-        project.all_lfs_objects << not_linked_lfs_objects
+        log_lfs_link_results(all_existing_objects.count, iterations)
 
-        existent_lfs_objects.pluck(:oid)
+        all_existing_objects
       end
       # rubocop: enable CodeReuse/ActiveRecord
+
+      def log_lfs_link_results(lfs_objects_linked_count, iterations)
+        Gitlab::Import::Logger.info(
+          class: self.class.name,
+          project_id: project.id,
+          project_path: project.full_path,
+          lfs_objects_linked_count: lfs_objects_linked_count,
+          iterations: iterations)
+      end
     end
   end
 end
-- 
cgit v1.2.1


From 4ca32c2b55519aa2b7852c879ad700e8fa290f80 Mon Sep 17 00:00:00 2001
From: Arun Kumar Mohan <arunmohandm@gmail.com>
Date: Thu, 27 Jun 2019 00:56:08 -0500
Subject: Add Issue and Merge Request titles to Todo items

Only displays the todo body if the todo has a note.
This is to avoid redundant Issue or Merge Request titles
displayed both in the Todo title and body.
---
 app/assets/stylesheets/pages/todos.scss   | 16 +++++++--------
 app/helpers/todos_helper.rb               | 18 +++++++++++++++-
 app/models/todo.rb                        |  4 ++--
 app/views/dashboard/todos/_todo.html.haml | 34 +++++++++++++++++++------------
 4 files changed, 47 insertions(+), 25 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/pages/todos.scss b/app/assets/stylesheets/pages/todos.scss
index 7b64c67ae34..ece0ac04baf 100644
--- a/app/assets/stylesheets/pages/todos.scss
+++ b/app/assets/stylesheets/pages/todos.scss
@@ -72,12 +72,7 @@
   @include transition(opacity);
 
   .todo-title {
-    display: flex;
-
     > .title-item {
-      flex: 0 0 auto;
-      margin: 0 2px;
-
       &:first-child {
         margin-left: 0;
       }
@@ -105,8 +100,12 @@
     font-size: 14px;
   }
 
-  .action-name {
-    font-weight: $gl-font-weight-normal;
+  .todo-label,
+  .todo-project {
+    a {
+      color: $blue-600;
+      font-weight: $gl-font-weight-normal;
+    }
   }
 
   .todo-body {
@@ -170,7 +169,7 @@
   }
 }
 
-@include media-breakpoint-down(xs) {
+@include media-breakpoint-down(sm) {
   .todo {
     .avatar {
       display: none;
@@ -179,7 +178,6 @@
 
   .todo-item {
     .todo-title {
-      flex-flow: row wrap;
       margin-bottom: 10px;
 
       .todo-label {
diff --git a/app/helpers/todos_helper.rb b/app/helpers/todos_helper.rb
index 38142bc68cb..f5333bb332e 100644
--- a/app/helpers/todos_helper.rb
+++ b/app/helpers/todos_helper.rb
@@ -33,7 +33,23 @@ module TodosHelper
         todo.target_reference
       end
 
-    link_to text, todo_target_path(todo), class: 'has-tooltip', title: todo.target.title
+    link_to text, todo_target_path(todo)
+  end
+
+  def todo_target_title(todo)
+    if todo.target
+      "\"#{todo.target.title}\""
+    else
+      ""
+    end
+  end
+
+  def todo_parent_path(todo)
+    if todo.parent.is_a?(Group)
+      link_to todo.parent.name, group_path(todo.parent)
+    else
+      link_to_project(todo.project)
+    end
   end
 
   def todo_target_type_name(todo)
diff --git a/app/models/todo.rb b/app/models/todo.rb
index 240c91da5b6..1ec04189482 100644
--- a/app/models/todo.rb
+++ b/app/models/todo.rb
@@ -186,9 +186,9 @@ class Todo < ApplicationRecord
 
   def target_reference
     if for_commit?
-      target.reference_link_text(full: true)
+      target.reference_link_text
     else
-      target.to_reference(full: true)
+      target.to_reference
     end
   end
 
diff --git a/app/views/dashboard/todos/_todo.html.haml b/app/views/dashboard/todos/_todo.html.haml
index 8cdfc7369a0..fdb71d3a221 100644
--- a/app/views/dashboard/todos/_todo.html.haml
+++ b/app/views/dashboard/todos/_todo.html.haml
@@ -2,41 +2,49 @@
   .todo-avatar
     = author_avatar(todo, size: 40)
 
-  .todo-item.todo-block
-    .todo-title.title
+  .todo-item.todo-block.align-self-center
+    .todo-title
       - unless todo.build_failed? || todo.unmergeable?
         = todo_target_state_pill(todo)
 
-        .title-item.author-name
+        %span.title-item.author-name.bold
           - if todo.author
             = link_to_author(todo, self_added: todo.self_added?)
           - else
             (removed)
 
-      .title-item.action-name
+      %span.title-item.action-name
         = todo_action_name(todo)
 
-      .title-item.todo-label
+      %span.title-item.todo-label.todo-target-link
         - if todo.target
           = todo_target_link(todo)
         - else
-          (removed)
+          = _("(removed)")
+
+      %span.title-item.todo-target-title
+        = todo_target_title(todo)
+
+      %span.title-item.todo-project.todo-label
+        at
+        = todo_parent_path(todo)
 
       - if todo.self_assigned?
-        .title-item.action-name
+        %span.title-item.action-name
           to yourself
 
-      .title-item
+      %span.title-item
         &middot;
 
-      .title-item
+      %span.title-item.todo-timestamp
         #{time_ago_with_tooltip(todo.created_at)}
         = todo_due_date(todo)
 
-    .todo-body
-      .todo-note.break-word
-        .md
-          = first_line_in_markdown(todo, :body, 150, project: todo.project)
+    - if todo.note.present?
+      .todo-body
+        .todo-note.break-word
+          .md
+            = first_line_in_markdown(todo, :body, 150, project: todo.project)
 
   - if todo.pending?
     .todo-actions
-- 
cgit v1.2.1


From e3569c70b9f65b6267a565f521daec5c2f8ee987 Mon Sep 17 00:00:00 2001
From: Mark Lapierre <mlapierre@gitlab.com>
Date: Tue, 27 Aug 2019 14:14:02 +1000
Subject: Commit to current branch by default

When using the Web IDE
---
 app/assets/javascripts/ide/components/commit_sidebar/actions.vue | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
index 8b356ee6e97..549324831e9 100644
--- a/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
+++ b/app/assets/javascripts/ide/components/commit_sidebar/actions.vue
@@ -69,7 +69,11 @@ export default {
       :disabled="currentBranch && !currentBranch.can_push"
       :title="$options.currentBranchPermissionsTooltip"
     >
-      <span class="ide-radio-label" v-html="commitToCurrentBranchText"> </span>
+      <span
+        class="ide-radio-label"
+        data-qa-selector="commit_to_current_branch_radio"
+        v-html="commitToCurrentBranchText"
+      ></span>
     </radio-group>
     <radio-group
       :value="$options.commitToNewBranch"
-- 
cgit v1.2.1


From 740cbc5acdfbf5a515cff709c425c1dccaa4f8ce Mon Sep 17 00:00:00 2001
From: Scott Stern <sstern@gitlab.com>
Date: Wed, 28 Aug 2019 02:39:39 +0000
Subject: Ss/add board name to page title

---
 app/views/shared/boards/_show.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/shared/boards/_show.html.haml b/app/views/shared/boards/_show.html.haml
index 4f0be117035..93fc839a371 100644
--- a/app/views/shared/boards/_show.html.haml
+++ b/app/views/shared/boards/_show.html.haml
@@ -4,7 +4,7 @@
 - @no_container = true
 - @content_class = "issue-boards-content js-focus-mode-board"
 - breadcrumb_title _("Issue Boards")
-- page_title _("Boards")
+- page_title("#{board.name}", _("Boards"))
 
 - content_for :page_specific_javascripts do
 
-- 
cgit v1.2.1


From 72544449cfb8e35b8c044f5bfd08a2fae2253408 Mon Sep 17 00:00:00 2001
From: Igor Drozdov <idrozdov@gitlab.com>
Date: Mon, 26 Aug 2019 02:55:00 +0300
Subject: Change the way totalNotes is calculated

totalNotes is only used to prerender a number of
skeleton containers until real notes are loaded

issuable.discussions makes multiple requests, so
too expensive for this

This commit uses mere notes for this and sends
actual totalNotes number if it's less than 10;
otherwise it sends 10 - it allows us to avoid
bunch of skeleton prerenderings, which are not
necessary since they doesn't fit into the whole
screen and disappear quite fast
---
 app/assets/javascripts/notes/components/notes_app.vue | 4 ++--
 app/helpers/notes_helper.rb                           | 4 +++-
 app/models/concerns/noteable.rb                       | 4 ++++
 3 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/notes/components/notes_app.vue b/app/assets/javascripts/notes/components/notes_app.vue
index a0695f9e191..16a0fb3f33a 100644
--- a/app/assets/javascripts/notes/components/notes_app.vue
+++ b/app/assets/javascripts/notes/components/notes_app.vue
@@ -75,9 +75,9 @@ export default {
     },
     allDiscussions() {
       if (this.isLoading) {
-        const totalNotes = parseInt(this.notesData.totalNotes, 10) || 0;
+        const prerenderedNotesCount = parseInt(this.notesData.prerenderedNotesCount, 10) || 0;
 
-        return new Array(totalNotes).fill({
+        return new Array(prerenderedNotesCount).fill({
           isSkeletonNote: true,
         });
       }
diff --git a/app/helpers/notes_helper.rb b/app/helpers/notes_helper.rb
index 2e31a5e2ed4..4e88b379e16 100644
--- a/app/helpers/notes_helper.rb
+++ b/app/helpers/notes_helper.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module NotesHelper
+  MAX_PRERENDERED_NOTES = 10
+
   def note_target_fields(note)
     if note.noteable
       hidden_field_tag(:target_type, note.noteable.class.name.underscore) +
@@ -169,7 +171,7 @@ module NotesHelper
       closePath: close_issuable_path(issuable),
       reopenPath: reopen_issuable_path(issuable),
       notesPath: notes_url,
-      totalNotes: issuable.discussions.length,
+      prerenderedNotesCount: issuable.capped_notes_count(MAX_PRERENDERED_NOTES),
       lastFetchedAt: Time.now.to_i
     }
   end
diff --git a/app/models/concerns/noteable.rb b/app/models/concerns/noteable.rb
index 4b428b0af83..6a44bc7c401 100644
--- a/app/models/concerns/noteable.rb
+++ b/app/models/concerns/noteable.rb
@@ -73,6 +73,10 @@ module Noteable
       .discussions(self)
   end
 
+  def capped_notes_count(max)
+    notes.limit(max).count
+  end
+
   def grouped_diff_discussions(*args)
     # Doesn't use `discussion_notes`, because this may include commit diff notes
     # besides MR diff notes, that we do not want to display on the MR Changes tab.
-- 
cgit v1.2.1


From 150976833548a98ddfc41178e16024aa6112f518 Mon Sep 17 00:00:00 2001
From: Jeremy Jackson <jjackson@gitlab.com>
Date: Wed, 28 Aug 2019 06:52:14 +0000
Subject: Changes snowplow to use cookies for sessions

This also restructures how and where the configuration for
Snowplow lives.
---
 app/assets/javascripts/main.js        |  2 ++
 app/assets/javascripts/tracking.js    | 28 ++++++++++++++++++++++++++++
 app/views/layouts/_snowplow.html.haml | 21 +--------------------
 3 files changed, 31 insertions(+), 20 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index 39f2097c174..0ddf40b0405 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -35,6 +35,7 @@ import initPerformanceBar from './performance_bar';
 import initSearchAutocomplete from './search_autocomplete';
 import GlFieldErrors from './gl_field_errors';
 import initUserPopovers from './user_popovers';
+import { initUserTracking } from './tracking';
 import { __ } from './locale';
 
 import 'ee_else_ce/main_ee';
@@ -94,6 +95,7 @@ function deferredInitialisation() {
   initLogoAnimation();
   initUsagePingConsent();
   initUserPopovers();
+  initUserTracking();
 
   if (document.querySelector('.search')) initSearchAutocomplete();
 
diff --git a/app/assets/javascripts/tracking.js b/app/assets/javascripts/tracking.js
index a852f937eec..03281b5ef49 100644
--- a/app/assets/javascripts/tracking.js
+++ b/app/assets/javascripts/tracking.js
@@ -1,5 +1,23 @@
 import $ from 'jquery';
 
+const DEFAULT_SNOWPLOW_OPTIONS = {
+  namespace: 'gl',
+  hostname: window.location.hostname,
+  cookieDomain: window.location.hostname,
+  appId: '',
+  userFingerprint: false,
+  respectDoNotTrack: true,
+  forceSecureTracker: true,
+  eventMethod: 'post',
+  contexts: { webPage: true },
+  // Page tracking tracks a single event when the page loads.
+  pageTrackingEnabled: false,
+  // Activity tracking tracks when a user is still interacting with the page.
+  // Events like scrolling and mouse movements are used to determine if the
+  // user has the tab active and is still actively engaging.
+  activityTrackingEnabled: false,
+};
+
 const extractData = (el, opts = {}) => {
   const { trackEvent, trackLabel = '', trackProperty = '' } = el.dataset;
   let trackValue = el.dataset.trackValue || el.value || '';
@@ -71,3 +89,13 @@ export default class Tracking {
     };
   }
 }
+
+export function initUserTracking() {
+  if (!Tracking.enabled()) return;
+
+  const opts = Object.assign({}, DEFAULT_SNOWPLOW_OPTIONS, window.snowplowOptions);
+  window.snowplow('newTracker', opts.namespace, opts.hostname, opts);
+
+  if (opts.activityTrackingEnabled) window.snowplow('enableActivityTracking', 30, 30);
+  if (opts.pageTrackingEnabled) window.snowplow('trackPageView'); // must be after enableActivityTracking
+}
diff --git a/app/views/layouts/_snowplow.html.haml b/app/views/layouts/_snowplow.html.haml
index 5f5c5e984c5..d7ff5ad1094 100644
--- a/app/views/layouts/_snowplow.html.haml
+++ b/app/views/layouts/_snowplow.html.haml
@@ -7,23 +7,4 @@
     };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1;
     n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","#{asset_url('snowplow/sp.js')}","snowplow"));
 
-    window.snowplow('newTracker', '#{Gitlab::SnowplowTracker::NAMESPACE}', '#{Gitlab::CurrentSettings.snowplow_collector_hostname}', {
-      appId: '#{Gitlab::CurrentSettings.snowplow_site_id}',
-      cookieDomain: '#{Gitlab::CurrentSettings.snowplow_cookie_domain}',
-      userFingerprint: false,
-      respectDoNotTrack: true,
-      forceSecureTracker: true,
-      post: true,
-      contexts: { webPage: true },
-      stateStorageStrategy: "localStorage"
-    });
-
-    window.snowplow('enableActivityTracking', 30, 30);
-    window.snowplow('trackPageView');
-
-- return unless Feature.enabled?(:additional_snowplow_tracking, @group)
-
-= javascript_tag nonce: true do
-  :plain
-    window.snowplow('enableFormTracking');
-    window.snowplow('enableLinkClickTracking');
+    window.snowplowOptions = #{Gitlab::Tracking.snowplow_options(@group).to_json}
-- 
cgit v1.2.1


From 29ce13e9992c296fbb2c4ad2706f53e491143d3e Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 27 Aug 2019 22:48:24 -0700
Subject: Fix moving issues API failing when text includes commit URLs

When a issue is moved from one project to another, all associated
Markdown text is rewritten in the context of the new project. If the
note contained a link to a commit URL, `CommitRewriter#rewrite` would
fail because `Commit#link_reference_pattern` would match `nil` `commit`
values in the HTML generated from the Markdown. These `nil` values were
passed along to `Project#commits_by` because `Commit#reference_valid?`
was always returning `true`.

To prevent this issue from happening, we tighten up the check for
`Commit#reference_valid?` to look for valid SHA values.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66666
---
 app/models/commit.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/commit.rb b/app/models/commit.rb
index 0889ce7e287..1470b50f396 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -35,6 +35,7 @@ class Commit
 
   MIN_SHA_LENGTH = Gitlab::Git::Commit::MIN_SHA_LENGTH
   COMMIT_SHA_PATTERN = /\h{#{MIN_SHA_LENGTH},40}/.freeze
+  EXACT_COMMIT_SHA_PATTERN = /\A#{COMMIT_SHA_PATTERN}\z/.freeze
   # Used by GFM to match and present link extensions on node texts and hrefs.
   LINK_EXTENSION_PATTERN = /(patch)/.freeze
 
@@ -90,7 +91,7 @@ class Commit
     end
 
     def valid_hash?(key)
-      !!(/\A#{COMMIT_SHA_PATTERN}\z/ =~ key)
+      !!(EXACT_COMMIT_SHA_PATTERN =~ key)
     end
 
     def lazy(project, oid)
@@ -139,6 +140,10 @@ class Commit
     '@'
   end
 
+  def self.reference_valid?(reference)
+    !!(reference =~ EXACT_COMMIT_SHA_PATTERN)
+  end
+
   # Pattern used to extract commit references from text
   #
   # This pattern supports cross-project references.
-- 
cgit v1.2.1


From 65272b9e546308b999156a48801acb4b577d4f98 Mon Sep 17 00:00:00 2001
From: Arun Kumar Mohan <arunmohandm@gmail.com>
Date: Wed, 28 Aug 2019 02:16:29 -0500
Subject: Remove unnecessary CSS class

---
 app/views/groups/_group_admin_settings.html.haml                  | 2 +-
 app/views/groups/settings/_permissions.html.haml                  | 2 +-
 app/views/projects/_merge_request_merge_checks_settings.html.haml | 2 +-
 app/views/projects/_merge_request_merge_method_settings.html.haml | 6 +++---
 app/views/projects/settings/ci_cd/_form.html.haml                 | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml
index 733cb36cc3d..c3c7d102b28 100644
--- a/app/views/groups/_group_admin_settings.html.haml
+++ b/app/views/groups/_group_admin_settings.html.haml
@@ -9,7 +9,7 @@
           Allow projects within this group to use Git LFS
           = link_to icon('question-circle'), help_page_path('workflow/lfs/manage_large_binaries_with_git_lfs')
         %br/
-        %span.descr This setting can be overridden in each project.
+        %span This setting can be overridden in each project.
 .form-group.row
   .col-sm-2.col-form-label
     = f.label s_('ProjectCreationLevel|Allowed to create projects')
diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml
index 94a938021f9..f5ba10c107c 100644
--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -14,7 +14,7 @@
           %span.d-block
             - group_link = link_to @group.name, group_path(@group)
             = s_('GroupSettings|Prevent sharing a project within %{group} with other groups').html_safe % { group: group_link }
-          %span.descr.text-muted= share_with_group_lock_help_text(@group)
+          %span.js-descr.text-muted= share_with_group_lock_help_text(@group)
 
     .form-group.append-bottom-default
       .form-check
diff --git a/app/views/projects/_merge_request_merge_checks_settings.html.haml b/app/views/projects/_merge_request_merge_checks_settings.html.haml
index c21d333f21a..d3fcb52422b 100644
--- a/app/views/projects/_merge_request_merge_checks_settings.html.haml
+++ b/app/views/projects/_merge_request_merge_checks_settings.html.haml
@@ -7,7 +7,7 @@
     = form.check_box :only_allow_merge_if_pipeline_succeeds, class: 'form-check-input'
     = form.label :only_allow_merge_if_pipeline_succeeds, class: 'form-check-label' do
       = s_('ProjectSettings|Pipelines must succeed')
-      .descr.text-secondary
+      .text-secondary
         = s_('ProjectSettings|Pipelines need to be configured to enable this feature.')
         = link_to icon('question-circle'),
           help_page_path('ci/merge_request_pipelines/index.md',
diff --git a/app/views/projects/_merge_request_merge_method_settings.html.haml b/app/views/projects/_merge_request_merge_method_settings.html.haml
index 47c311f42d0..1be7f7bb418 100644
--- a/app/views/projects/_merge_request_merge_method_settings.html.haml
+++ b/app/views/projects/_merge_request_merge_method_settings.html.haml
@@ -7,14 +7,14 @@
     = form.radio_button :merge_method, :merge, class: "js-merge-method-radio form-check-input"
     = label_tag :project_merge_method_merge, class: 'form-check-label' do
       = s_('ProjectSettings|Merge commit')
-      .descr.text-secondary
+      .text-secondary
         = s_('ProjectSettings|Every merge creates a merge commit')
 
   .form-check.mb-2
     = form.radio_button :merge_method, :rebase_merge, class: "js-merge-method-radio form-check-input"
     = label_tag :project_merge_method_rebase_merge, class: 'form-check-label' do
       = s_('ProjectSettings|Merge commit with semi-linear history')
-      .descr.text-secondary
+      .text-secondary
         = s_('ProjectSettings|Every merge creates a merge commit')
         %br
         = s_('ProjectSettings|Fast-forward merges only')
@@ -25,7 +25,7 @@
     = form.radio_button :merge_method, :ff, class: "js-merge-method-radio qa-radio-button-merge-ff form-check-input"
     = label_tag :project_merge_method_ff, class: 'form-check-label' do
       = s_('ProjectSettings|Fast-forward merge')
-      .descr.text-secondary
+      .text-secondary
         = s_('ProjectSettings|No merge commits are created')
         %br
         = s_('ProjectSettings|Fast-forward merges only')
diff --git a/app/views/projects/settings/ci_cd/_form.html.haml b/app/views/projects/settings/ci_cd/_form.html.haml
index 498a9744783..430d6071468 100644
--- a/app/views/projects/settings/ci_cd/_form.html.haml
+++ b/app/views/projects/settings/ci_cd/_form.html.haml
@@ -14,14 +14,14 @@
             = f.label :build_allow_git_fetch_false, class: 'form-check-label' do
               %strong git clone
               %br
-              %span.descr
+              %span
                 = _("Slower but makes sure the project workspace is pristine as it clones the repository from scratch for every job")
           .form-check
             = f.radio_button :build_allow_git_fetch, 'true', { class: 'form-check-input' }
             = f.label :build_allow_git_fetch_true, class: 'form-check-label' do
               %strong git fetch
               %br
-              %span.descr
+              %span
                 = _("Faster as it re-uses the project workspace (falling back to clone if it doesn't exist)")
 
         %hr
-- 
cgit v1.2.1


From 748b89ee948c9b2123e86da40c46b71ae27ede80 Mon Sep 17 00:00:00 2001
From: Payton Burdette <pburdette@gitlab.com>
Date: Wed, 28 Aug 2019 08:39:47 +0000
Subject: Remove token field from runners edit form

Add changelog entry

Remove unnecessary test checking for form value

Translations updated for gitlab.pot

Use proper format on changelog entry
---
 app/views/shared/runners/_form.html.haml | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'app')

diff --git a/app/views/shared/runners/_form.html.haml b/app/views/shared/runners/_form.html.haml
index 559b5aa9c1e..24b4eae0c58 100644
--- a/app/views/shared/runners/_form.html.haml
+++ b/app/views/shared/runners/_form.html.haml
@@ -25,11 +25,6 @@
         .form-check
           = f.check_box :locked, { class: 'form-check-input' }
           %label.light{ for: :runner_locked }= _('When a runner is locked, it cannot be assigned to other projects')
-  .form-group.row
-    = label_tag :token, class: 'col-form-label col-sm-2' do
-      = _('Token')
-    .col-sm-10
-      = f.text_field :token, class: 'form-control', readonly: true
   .form-group.row
     = label_tag :ip_address, class: 'col-form-label col-sm-2' do
       = _('IP Address')
-- 
cgit v1.2.1


From 7f15dacb5504b0ba7f9eb73e8a60e494e3473274 Mon Sep 17 00:00:00 2001
From: Arun Kumar Mohan <arunmohandm@gmail.com>
Date: Wed, 28 Aug 2019 04:05:37 -0500
Subject: Remove csslab

---
 app/assets/stylesheets/csslab.scss                | 1 -
 app/assets/stylesheets/framework/typography.scss  | 2 +-
 app/views/layouts/_head.html.haml                 | 1 -
 app/views/projects/blob/_blob.html.haml           | 2 +-
 app/views/projects/blob/preview.html.haml         | 2 +-
 app/views/projects/blob/viewers/_markup.html.haml | 2 +-
 app/views/projects/snippets/show.html.haml        | 2 +-
 app/views/projects/wikis/show.html.haml           | 2 +-
 8 files changed, 6 insertions(+), 8 deletions(-)
 delete mode 100644 app/assets/stylesheets/csslab.scss

(limited to 'app')

diff --git a/app/assets/stylesheets/csslab.scss b/app/assets/stylesheets/csslab.scss
deleted file mode 100644
index 87c59cd42c0..00000000000
--- a/app/assets/stylesheets/csslab.scss
+++ /dev/null
@@ -1 +0,0 @@
-@import "@gitlab/csslab/dist/css/csslab-slim";
diff --git a/app/assets/stylesheets/framework/typography.scss b/app/assets/stylesheets/framework/typography.scss
index c201605e83d..afcc7f8a1db 100644
--- a/app/assets/stylesheets/framework/typography.scss
+++ b/app/assets/stylesheets/framework/typography.scss
@@ -2,7 +2,7 @@
  * Apply Markup (Markdown/AsciiDoc) typography
  *
  */
-.md:not(.use-csslab) {
+.md {
   color: $gl-text-color;
   word-wrap: break-word;
 
diff --git a/app/views/layouts/_head.html.haml b/app/views/layouts/_head.html.haml
index 271b73326fa..68abfd3f61f 100644
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@@ -36,7 +36,6 @@
   = stylesheet_link_tag "print", media: "print"
   = stylesheet_link_tag "test", media: "all" if Rails.env.test?
   = stylesheet_link_tag 'performance_bar' if performance_bar_enabled?
-  = stylesheet_link_tag 'csslab' if Feature.enabled?(:csslab)
 
   = stylesheet_link_tag "highlight/themes/#{user_color_scheme}", media: "all"
 
diff --git a/app/views/projects/blob/_blob.html.haml b/app/views/projects/blob/_blob.html.haml
index 95c5eb32c7f..cf273aab108 100644
--- a/app/views/projects/blob/_blob.html.haml
+++ b/app/views/projects/blob/_blob.html.haml
@@ -9,6 +9,6 @@
   = render "projects/blob/auxiliary_viewer", blob: blob
 
 #blob-content-holder.blob-content-holder
-  %article.file-holder{ class: ('use-csslab' if Feature.enabled?(:csslab)) }
+  %article.file-holder
     = render 'projects/blob/header', blob: blob
     = render 'projects/blob/content', blob: blob
diff --git a/app/views/projects/blob/preview.html.haml b/app/views/projects/blob/preview.html.haml
index 3e893343165..46e76e4d175 100644
--- a/app/views/projects/blob/preview.html.haml
+++ b/app/views/projects/blob/preview.html.haml
@@ -1,5 +1,5 @@
 - if markup?(@blob.name)
-  .file-content.md.md-file{ class: ('use-csslab' if Feature.enabled?(:csslab)) }
+  .file-content.md.md-file
     = markup(@blob.name, @content)
 - else
   .diff-file
diff --git a/app/views/projects/blob/viewers/_markup.html.haml b/app/views/projects/blob/viewers/_markup.html.haml
index abc74b66e90..c71df29354b 100644
--- a/app/views/projects/blob/viewers/_markup.html.haml
+++ b/app/views/projects/blob/viewers/_markup.html.haml
@@ -1,4 +1,4 @@
 - blob = viewer.blob
 - context = blob.respond_to?(:rendered_markup) ? { rendered: blob.rendered_markup } : {}
-.file-content.md.md-file{ class: ('use-csslab' if Feature.enabled?(:csslab)) }
+.file-content.md.md-file
   = markup(blob.name, blob.data, context)
diff --git a/app/views/projects/snippets/show.html.haml b/app/views/projects/snippets/show.html.haml
index da48cb207a4..f495b4eaf30 100644
--- a/app/views/projects/snippets/show.html.haml
+++ b/app/views/projects/snippets/show.html.haml
@@ -6,7 +6,7 @@
 = render 'shared/snippets/header'
 
 .project-snippets
-  %article.file-holder.snippet-file-content{ class: ('use-csslab' if Feature.enabled?(:csslab)) }
+  %article.file-holder.snippet-file-content
     = render 'shared/snippets/blob'
 
   .row-content-block.top-block.content-component-block
diff --git a/app/views/projects/wikis/show.html.haml b/app/views/projects/wikis/show.html.haml
index c6197fe576e..51b7f2dd4b4 100644
--- a/app/views/projects/wikis/show.html.haml
+++ b/app/views/projects/wikis/show.html.haml
@@ -26,7 +26,7 @@
     = (s_("WikiHistoricalPage|You can view the %{most_recent_link} or browse the %{history_link}.") % { most_recent_link: most_recent_link, history_link: history_link }).html_safe
 
 .prepend-top-default.append-bottom-default
-  .md.md-file{ class: ('use-csslab' if Feature.enabled?(:csslab)) }
+  .md.md-file
     = render_wiki_content(@page)
 
 = render 'sidebar'
-- 
cgit v1.2.1


From a3edfab1a9fcfdab56d2f2d29fa9f72ce0455ee4 Mon Sep 17 00:00:00 2001
From: jakeburden <jburden@gitlab.com>
Date: Wed, 21 Aug 2019 14:58:04 -0400
Subject: Show correct deployment date for a manual job

Only display time if the job has deployed

Update JS tests for displaying job deployment time

Simplify boolean check in deployedDate
---
 .../environments/components/environment_item.vue     | 20 +++++---------------
 app/views/projects/deployments/_deployment.html.haml |  3 ++-
 2 files changed, 7 insertions(+), 16 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/environments/components/environment_item.vue b/app/assets/javascripts/environments/components/environment_item.vue
index 95e1e8af9b3..1d4a6e64f9d 100644
--- a/app/assets/javascripts/environments/components/environment_item.vue
+++ b/app/assets/javascripts/environments/components/environment_item.vue
@@ -111,12 +111,7 @@ export default {
      * @returns {Boolean|Undefined}
      */
     canShowDate() {
-      return (
-        this.model &&
-        this.model.last_deployment &&
-        this.model.last_deployment.deployable &&
-        this.model.last_deployment.deployable !== undefined
-      );
+      return this.model && this.model.last_deployment && this.model.last_deployment.deployed_at;
     },
 
     /**
@@ -124,14 +119,9 @@ export default {
      *
      * @returns {String}
      */
-    createdDate() {
-      if (
-        this.model &&
-        this.model.last_deployment &&
-        this.model.last_deployment.deployable &&
-        this.model.last_deployment.deployable.created_at
-      ) {
-        return timeagoInstance.format(this.model.last_deployment.deployable.created_at);
+    deployedDate() {
+      if (this.canShowDate) {
+        return timeagoInstance.format(this.model.last_deployment.deployed_at);
       }
       return '';
     },
@@ -547,7 +537,7 @@ export default {
     <div v-if="!model.isFolder" class="table-section section-10" role="gridcell">
       <div role="rowheader" class="table-mobile-header">{{ s__('Environments|Updated') }}</div>
       <span v-if="canShowDate" class="environment-created-date-timeago table-mobile-content">
-        {{ createdDate }}
+        {{ deployedDate }}
       </span>
     </div>
 
diff --git a/app/views/projects/deployments/_deployment.html.haml b/app/views/projects/deployments/_deployment.html.haml
index a11e23b6daa..1dd85c89fd0 100644
--- a/app/views/projects/deployments/_deployment.html.haml
+++ b/app/views/projects/deployments/_deployment.html.haml
@@ -22,7 +22,8 @@
 
   .table-section.section-15{ role: 'gridcell' }
     .table-mobile-header{ role: 'rowheader' }= _("Created")
-    %span.table-mobile-content= time_ago_with_tooltip(deployment.created_at)
+    - if deployment.deployed_at
+      %span.table-mobile-content= time_ago_with_tooltip(deployment.deployed_at)
 
   .table-section.section-20.table-button-footer{ role: 'gridcell' }
     .btn-group.table-action-buttons
-- 
cgit v1.2.1


From c9b4dc677abdebc02ecac4dca65a759d3f07b2a0 Mon Sep 17 00:00:00 2001
From: Patrick Derichs <pderichs@gitlab.com>
Date: Fri, 9 Aug 2019 14:54:57 +0200
Subject: Filter out old system notes for epics

---
 app/controllers/concerns/issuable_actions.rb | 2 +-
 app/controllers/concerns/notes_actions.rb    | 2 +-
 app/models/note.rb                           | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb
index b86e4451a7e..1d6a1be402c 100644
--- a/app/controllers/concerns/issuable_actions.rb
+++ b/app/controllers/concerns/issuable_actions.rb
@@ -110,7 +110,7 @@ module IssuableActions
     end
 
     notes = prepare_notes_for_rendering(notes)
-    notes = notes.reject { |n| n.cross_reference_not_visible_for?(current_user) }
+    notes = notes.select { |n| n.visible_for?(current_user) }
 
     discussions = Discussion.build_collection(notes, issuable)
 
diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb
index d2a961efff7..80be7095ed3 100644
--- a/app/controllers/concerns/notes_actions.rb
+++ b/app/controllers/concerns/notes_actions.rb
@@ -29,7 +29,7 @@ module NotesActions
     end
 
     notes = prepare_notes_for_rendering(notes)
-    notes = notes.reject { |n| n.cross_reference_not_visible_for?(current_user) }
+    notes = notes.select { |n| n.visible_for?(current_user) }
 
     notes_json[:notes] =
       if use_note_serializer?
diff --git a/app/models/note.rb b/app/models/note.rb
index a12d1eb7243..fae66ce7e4a 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -331,6 +331,10 @@ class Note < ApplicationRecord
     cross_reference? && !all_referenced_mentionables_allowed?(user)
   end
 
+  def visible_for?(user)
+    !cross_reference_not_visible_for?(user)
+  end
+
   def award_emoji?
     can_be_award_emoji? && contains_emoji_only?
   end
-- 
cgit v1.2.1


From 59995d15886b831f2483dfaa8e0c46372aa76eb0 Mon Sep 17 00:00:00 2001
From: Patrick Derichs <pderichs@gitlab.com>
Date: Wed, 28 Aug 2019 12:09:45 +0200
Subject: Return NO_ACCESS if user is nil

---
 app/models/group.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/models/group.rb b/app/models/group.rb
index 6c868b1d1f0..61a4802a6ee 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -365,6 +365,8 @@ class Group < Namespace
   end
 
   def max_member_access_for_user(user)
+    return GroupMember::NO_ACCESS unless user
+
     return GroupMember::OWNER if user.admin?
 
     members_with_parents
-- 
cgit v1.2.1


From e4fbd94cf5eba0b103bd97627d822f2014dfe474 Mon Sep 17 00:00:00 2001
From: Victor Zagorodny <vzagorodny@gitlab.com>
Date: Wed, 28 Aug 2019 14:26:42 +0000
Subject: Update CE files for GSD projects filter

A new param with_security_reports was added to
GET /groups/:id/projects API and the code to
support this logic in GroupProjectsFinder and
Project model. Also, a DB index was added to
ci_job_artifacts table to speed up the search
of security reports artifacts for projects
---
 app/finders/group_projects_finder.rb | 12 +++++++-----
 app/models/ci/job_artifact.rb        |  2 ++
 app/models/project.rb                |  1 +
 3 files changed, 10 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/finders/group_projects_finder.rb b/app/finders/group_projects_finder.rb
index 4155b6af8da..5e0dbbfca2e 100644
--- a/app/finders/group_projects_finder.rb
+++ b/app/finders/group_projects_finder.rb
@@ -23,8 +23,12 @@ class GroupProjectsFinder < ProjectsFinder
   attr_reader :group, :options
 
   def initialize(group:, params: {}, options: {}, current_user: nil, project_ids_relation: nil)
-    super(params: params, current_user: current_user, project_ids_relation: project_ids_relation)
-    @group   = group
+    super(
+      params: params,
+      current_user: current_user,
+      project_ids_relation: project_ids_relation
+    )
+    @group = group
     @options = options
   end
 
@@ -84,15 +88,13 @@ class GroupProjectsFinder < ProjectsFinder
     options.fetch(:include_subgroups, false)
   end
 
-  # rubocop: disable CodeReuse/ActiveRecord
   def owned_projects
     if include_subgroups?
-      Project.where(namespace_id: group.self_and_descendants.select(:id))
+      Project.for_group_and_its_subgroups(group)
     else
       group.projects
     end
   end
-  # rubocop: enable CodeReuse/ActiveRecord
 
   def shared_projects
     group.shared_projects
diff --git a/app/models/ci/job_artifact.rb b/app/models/ci/job_artifact.rb
index e132cb045e2..b4497d8af09 100644
--- a/app/models/ci/job_artifact.rb
+++ b/app/models/ci/job_artifact.rb
@@ -87,6 +87,8 @@ module Ci
 
     scope :expired, -> (limit) { where('expire_at < ?', Time.now).limit(limit) }
 
+    scope :scoped_project, -> { where('ci_job_artifacts.project_id = projects.id') }
+
     delegate :filename, :exists?, :open, to: :file
 
     enum file_type: {
diff --git a/app/models/project.rb b/app/models/project.rb
index 66d5286196e..c67c5c7bc8c 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -497,6 +497,7 @@ class Project < ApplicationRecord
   # We require an alias to the project_mirror_data_table in order to use import_state in our queries
   scope :joins_import_state, -> { joins("INNER JOIN project_mirror_data import_state ON import_state.project_id = projects.id") }
   scope :for_group, -> (group) { where(group: group) }
+  scope :for_group_and_its_subgroups, ->(group) { where(namespace_id: group.self_and_descendants.select(:id)) }
 
   class << self
     # Searches for a list of projects based on the query given in `query`.
-- 
cgit v1.2.1


From 864bd12be4a91aadaed9674c3f454015dfda4edd Mon Sep 17 00:00:00 2001
From: Jacopo <beschi.jacopo@gmail.com>
Date: Wed, 19 Jun 2019 11:51:15 +0200
Subject: Uses projects_authorizations.access_level in MembersFinder

---
 app/finders/members_finder.rb | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'app')

diff --git a/app/finders/members_finder.rb b/app/finders/members_finder.rb
index f730b015c0a..e8c7f9622a9 100644
--- a/app/finders/members_finder.rb
+++ b/app/finders/members_finder.rb
@@ -60,15 +60,32 @@ class MembersFinder
     # We're interested in a list of members without duplicates by user_id.
     # We prefer project members over group members, project members should go first.
     <<~SQL
-        SELECT DISTINCT ON (user_id, invite_email) member_union.*
-        FROM (#{union.to_sql}) AS member_union
-        ORDER BY user_id,
-          invite_email,
-          CASE
-            WHEN type = 'ProjectMember' THEN 1
-            WHEN type = 'GroupMember' THEN 2
-            ELSE 3
-          END
+          SELECT DISTINCT ON (user_id, invite_email) #{member_columns}
+          FROM (#{union.to_sql}) AS #{member_union_table}
+          LEFT JOIN users on users.id = member_union.user_id
+          LEFT JOIN project_authorizations on project_authorizations.user_id = users.id
+               AND
+               project_authorizations.project_id = #{project.id}
+          ORDER BY user_id,
+            invite_email,
+            CASE
+              WHEN type = 'ProjectMember' THEN 1
+              WHEN type = 'GroupMember' THEN 2
+              ELSE 3
+            END
     SQL
   end
+
+  def member_union_table
+    'member_union'
+  end
+
+  def member_columns
+    Member.column_names.map do |column_name|
+      # fallback to members.access_level when project_authorizations.access_level is missing
+      next "COALESCE(#{ProjectAuthorization.table_name}.access_level, #{member_union_table}.access_level) access_level" if column_name == 'access_level'
+
+      "#{member_union_table}.#{column_name}"
+    end.join(',')
+  end
 end
-- 
cgit v1.2.1


From b57839da46db1b2805de7b2efb957f3ed4b6b5b8 Mon Sep 17 00:00:00 2001
From: Kemais Ehlers <kemais_ehlers@byu.edu>
Date: Wed, 28 Aug 2019 16:53:20 +0000
Subject: Fix top-nav search bar dropdown on xl displays

---
 app/assets/stylesheets/framework/variables.scss |  2 +-
 app/assets/stylesheets/pages/search.scss        | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index 9871771542d..7a3fd2adfbb 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -529,7 +529,7 @@ $award-emoji-width-xs: 90%;
  */
 $search-input-border-color: rgba($blue-400, 0.8);
 $search-input-width: 200px;
-$search-input-active-width: 320px;
+$search-input-xl-width: 320px;
 $location-icon-color: #e7e9ed;
 
 /*
diff --git a/app/assets/stylesheets/pages/search.scss b/app/assets/stylesheets/pages/search.scss
index 58e46cfb70f..74380ec995a 100644
--- a/app/assets/stylesheets/pages/search.scss
+++ b/app/assets/stylesheets/pages/search.scss
@@ -48,6 +48,10 @@ input[type='checkbox']:hover {
       background-color ease-in-out $default-transition-duration,
       width ease-in-out $default-transition-duration;
 
+    @include media-breakpoint-up(xl) {
+      width: $search-input-xl-width;
+    }
+
     &:hover {
       box-shadow: none;
     }
@@ -116,7 +120,7 @@ input[type='checkbox']:hover {
       overflow: auto;
 
       @include media-breakpoint-up(xl) {
-        width: $search-input-active-width;
+        width: $search-input-xl-width;
       }
     }
 
@@ -131,10 +135,6 @@ input[type='checkbox']:hover {
       border-color: $blue-300;
       box-shadow: none;
 
-      @include media-breakpoint-up(xl) {
-        width: $search-input-active-width;
-      }
-
       .search-input-wrap {
         .search-icon,
         .clear-icon {
-- 
cgit v1.2.1


From ade2a5a6443461b98d90e34e53dc34142594667e Mon Sep 17 00:00:00 2001
From: Nathan Friend <nathan@gitlab.com>
Date: Wed, 28 Aug 2019 16:13:07 -0300
Subject: Add id to release block

This commit adds an id attribute to release blocks to allow them to be
targeted as anchor links.
---
 app/assets/javascripts/releases/components/release_block.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/releases/components/release_block.vue b/app/assets/javascripts/releases/components/release_block.vue
index 7580c2d0ad0..88b6b4732b1 100644
--- a/app/assets/javascripts/releases/components/release_block.vue
+++ b/app/assets/javascripts/releases/components/release_block.vue
@@ -53,7 +53,7 @@ export default {
 };
 </script>
 <template>
-  <div class="card">
+  <div :id="release.tag_name" class="card">
     <div class="card-body">
       <h2 class="card-title mt-0">
         {{ release.name }}
-- 
cgit v1.2.1


From 8f6a433c416f8fb052468f4ecf1141afd5e5ef6b Mon Sep 17 00:00:00 2001
From: Felipe Artur <fcardozo@gitlab.com>
Date: Wed, 28 Aug 2019 20:18:40 +0000
Subject: Save board lists collapsed setting

Persists if a board list is collapsed for each user.
---
 app/controllers/boards/lists_controller.rb  | 24 +++++++------
 app/models/list.rb                          | 54 ++++++++++++++++++++++++++--
 app/models/list_user_preference.rb          | 10 ++++++
 app/services/boards/lists/list_service.rb   |  2 +-
 app/services/boards/lists/update_service.rb | 56 +++++++++++++++++++++++++++++
 5 files changed, 133 insertions(+), 13 deletions(-)
 create mode 100644 app/models/list_user_preference.rb
 create mode 100644 app/services/boards/lists/update_service.rb

(limited to 'app')

diff --git a/app/controllers/boards/lists_controller.rb b/app/controllers/boards/lists_controller.rb
index ccd02144671..08b4748d7e1 100644
--- a/app/controllers/boards/lists_controller.rb
+++ b/app/controllers/boards/lists_controller.rb
@@ -4,7 +4,7 @@ module Boards
   class ListsController < Boards::ApplicationController
     include BoardsResponses
 
-    before_action :authorize_admin_list, only: [:create, :update, :destroy, :generate]
+    before_action :authorize_admin_list, only: [:create, :destroy, :generate]
     before_action :authorize_read_list, only: [:index]
     skip_before_action :authenticate_user!, only: [:index]
 
@@ -15,7 +15,7 @@ module Boards
     end
 
     def create
-      list = Boards::Lists::CreateService.new(board.parent, current_user, list_params).execute(board)
+      list = Boards::Lists::CreateService.new(board.parent, current_user, create_list_params).execute(board)
 
       if list.valid?
         render json: serialize_as_json(list)
@@ -26,12 +26,13 @@ module Boards
 
     def update
       list = board.lists.movable.find(params[:id])
-      service = Boards::Lists::MoveService.new(board_parent, current_user, move_params)
+      service = Boards::Lists::UpdateService.new(board_parent, current_user, update_list_params)
+      result = service.execute(list)
 
-      if service.execute(list)
+      if result[:status] == :success
         head :ok
       else
-        head :unprocessable_entity
+        head result[:http_status]
       end
     end
 
@@ -50,7 +51,8 @@ module Boards
       service = Boards::Lists::GenerateService.new(board_parent, current_user)
 
       if service.execute(board)
-        render json: serialize_as_json(board.lists.movable)
+        lists = board.lists.movable.preload_associations(current_user)
+        render json: serialize_as_json(lists)
       else
         head :unprocessable_entity
       end
@@ -62,12 +64,12 @@ module Boards
       %i[label_id]
     end
 
-    def list_params
+    def create_list_params
       params.require(:list).permit(list_creation_attrs)
     end
 
-    def move_params
-      params.require(:list).permit(:position)
+    def update_list_params
+      params.require(:list).permit(:collapsed, :position)
     end
 
     def serialize_as_json(resource)
@@ -78,7 +80,9 @@ module Boards
       {
         only: [:id, :list_type, :position],
         methods: [:title],
-        label: true
+        label: true,
+        collapsed: true,
+        current_user: current_user
       }
     end
   end
diff --git a/app/models/list.rb b/app/models/list.rb
index ccadd39bda2..ae7085f05a7 100644
--- a/app/models/list.rb
+++ b/app/models/list.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 class List < ApplicationRecord
+  include Importable
+
   belongs_to :board
   belongs_to :label
-  include Importable
+  has_many :list_user_preferences
 
   enum list_type: { backlog: 0, label: 1, closed: 2, assignee: 3, milestone: 4 }
 
@@ -16,9 +18,24 @@ class List < ApplicationRecord
 
   scope :destroyable, -> { where(list_type: list_types.slice(*destroyable_types).values) }
   scope :movable, -> { where(list_type: list_types.slice(*movable_types).values) }
-  scope :preload_associations, -> { preload(:board, :label) }
+
+  scope :preload_associations, -> (user) do
+    preload(:board, label: :priorities)
+      .with_preferences_for(user)
+  end
+
   scope :ordered, -> { order(:list_type, :position) }
 
+  # Loads list with preferences for given user
+  # if preferences exists for user or not
+  scope :with_preferences_for, -> (user) do
+    return unless user
+
+    includes(:list_user_preferences).where(list_user_preferences: { user_id: [user.id, nil] })
+  end
+
+  alias_method :preferences, :list_user_preferences
+
   class << self
     def destroyable_types
       [:label]
@@ -29,6 +46,31 @@ class List < ApplicationRecord
     end
   end
 
+  def preferences_for(user)
+    return preferences.build unless user
+
+    if preferences.loaded?
+      preloaded_preferences_for(user)
+    else
+      preferences.find_or_initialize_by(user: user)
+    end
+  end
+
+  def preloaded_preferences_for(user)
+    user_preferences =
+      preferences.find do |preference|
+        preference.user_id == user.id
+      end
+
+    user_preferences || preferences.build(user: user)
+  end
+
+  def update_preferences_for(user, preferences = {})
+    return unless user
+
+    preferences_for(user).update(preferences)
+  end
+
   def destroyable?
     self.class.destroyable_types.include?(list_type&.to_sym)
   end
@@ -43,6 +85,14 @@ class List < ApplicationRecord
 
   def as_json(options = {})
     super(options).tap do |json|
+      json[:collapsed] = false
+
+      if options.key?(:collapsed)
+        preferences = preferences_for(options[:current_user])
+
+        json[:collapsed] = preferences.collapsed?
+      end
+
       if options.key?(:label)
         json[:label] = label.as_json(
           project: board.project,
diff --git a/app/models/list_user_preference.rb b/app/models/list_user_preference.rb
new file mode 100644
index 00000000000..fe1cc7d5425
--- /dev/null
+++ b/app/models/list_user_preference.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class ListUserPreference < ApplicationRecord
+  belongs_to :user
+  belongs_to :list
+
+  validates :user, presence: true
+  validates :list, presence: true
+  validates :user_id, uniqueness: { scope: :list_id, message: "should have only one list preference per user" }
+end
diff --git a/app/services/boards/lists/list_service.rb b/app/services/boards/lists/list_service.rb
index 5cf5f14a55b..1f20ec8df9e 100644
--- a/app/services/boards/lists/list_service.rb
+++ b/app/services/boards/lists/list_service.rb
@@ -6,7 +6,7 @@ module Boards
       def execute(board)
         board.lists.create(list_type: :backlog) unless board.lists.backlog.exists?
 
-        board.lists.preload_associations
+        board.lists.preload_associations(current_user)
       end
     end
   end
diff --git a/app/services/boards/lists/update_service.rb b/app/services/boards/lists/update_service.rb
new file mode 100644
index 00000000000..2ddeb6f0bd8
--- /dev/null
+++ b/app/services/boards/lists/update_service.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Boards
+  module Lists
+    class UpdateService < Boards::BaseService
+      def execute(list)
+        return not_authorized if preferences? && !can_read?(list)
+        return not_authorized if position? && !can_admin?(list)
+
+        if update_preferences(list) || update_position(list)
+          success(list: list)
+        else
+          error(list.errors.messages, 422)
+        end
+      end
+
+      def update_preferences(list)
+        return unless preferences?
+
+        list.update_preferences_for(current_user, preferences)
+      end
+
+      def update_position(list)
+        return unless position?
+
+        move_service = Boards::Lists::MoveService.new(parent, current_user, params)
+
+        move_service.execute(list)
+      end
+
+      def preferences
+        { collapsed: Gitlab::Utils.to_boolean(params[:collapsed]) }
+      end
+
+      def not_authorized
+        error("Not authorized", 403)
+      end
+
+      def preferences?
+        params.has_key?(:collapsed)
+      end
+
+      def position?
+        params.has_key?(:position)
+      end
+
+      def can_read?(list)
+        Ability.allowed?(current_user, :read_list, parent)
+      end
+
+      def can_admin?(list)
+        Ability.allowed?(current_user, :admin_list, parent)
+      end
+    end
+  end
+end
-- 
cgit v1.2.1


From 8db6c4c6e770be30e3c49b842c501d66e427c4d9 Mon Sep 17 00:00:00 2001
From: Igor <idrozdov@gitlab.com>
Date: Wed, 28 Aug 2019 21:09:22 +0000
Subject: Reduce the number of SQL requests on MR-show

- Extract MR fields for notes into a separate serializer
- Check if pipelines are empty via count
---
 .../projects/merge_requests_controller.rb          |  1 +
 app/serializers/merge_request_noteable_entity.rb   | 53 ++++++++++++++++++++++
 .../merge_request_poll_widget_entity.rb            | 10 ----
 app/serializers/merge_request_serializer.rb        |  2 +
 app/serializers/merge_request_widget_entity.rb     | 12 -----
 app/views/projects/merge_requests/show.html.haml   | 13 +++---
 6 files changed, 63 insertions(+), 28 deletions(-)
 create mode 100644 app/serializers/merge_request_noteable_entity.rb

(limited to 'app')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index f4cc0a5851b..d492c5227cf 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -46,6 +46,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
         @noteable = @merge_request
         @commits_count = @merge_request.commits_count
         @issuable_sidebar = serializer.represent(@merge_request, serializer: 'sidebar')
+        @current_user_data = UserSerializer.new(project: @project).represent(current_user, {}, MergeRequestUserEntity).to_json
 
         set_pipeline_variables
 
diff --git a/app/serializers/merge_request_noteable_entity.rb b/app/serializers/merge_request_noteable_entity.rb
new file mode 100644
index 00000000000..e22be6880bb
--- /dev/null
+++ b/app/serializers/merge_request_noteable_entity.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class MergeRequestNoteableEntity < Grape::Entity
+  include RequestAwareEntity
+
+  # Currently this attr is exposed to be used in app/assets/javascripts/notes/stores/getters.js
+  # in order to determine whether a noteable is an issue or an MR
+  expose :merge_params
+
+  expose :state
+  expose :source_branch
+  expose :target_branch
+  expose :diff_head_sha
+
+  expose :create_note_path do |merge_request|
+    project_notes_path(merge_request.project, target_type: 'merge_request', target_id: merge_request.id)
+  end
+
+  expose :preview_note_path do |merge_request|
+    preview_markdown_path(merge_request.project, target_type: 'MergeRequest', target_id: merge_request.iid)
+  end
+
+  expose :supports_suggestion?, as: :can_receive_suggestion
+
+  expose :create_issue_to_resolve_discussions_path do |merge_request|
+    presenter(merge_request).create_issue_to_resolve_discussions_path
+  end
+
+  expose :new_blob_path do |merge_request|
+    if presenter(merge_request).can_push_to_source_branch?
+      project_new_blob_path(merge_request.source_project, merge_request.source_branch)
+    end
+  end
+
+  expose :current_user do
+    expose :can_create_note do |merge_request|
+      can?(current_user, :create_note, merge_request)
+    end
+
+    expose :can_update do |merge_request|
+      can?(current_user, :update_merge_request, merge_request)
+    end
+  end
+
+  private
+
+  delegate :current_user, to: :request
+
+  def presenter(merge_request)
+    @presenters ||= {}
+    @presenters[merge_request] ||= MergeRequestPresenter.new(merge_request, current_user: current_user) # rubocop: disable CodeReuse/Presenter
+  end
+end
diff --git a/app/serializers/merge_request_poll_widget_entity.rb b/app/serializers/merge_request_poll_widget_entity.rb
index 65132b4b215..cd33ffa702a 100644
--- a/app/serializers/merge_request_poll_widget_entity.rb
+++ b/app/serializers/merge_request_poll_widget_entity.rb
@@ -65,8 +65,6 @@ class MergeRequestPollWidgetEntity < IssuableEntity
     end
   end
 
-  expose :supports_suggestion?, as: :can_receive_suggestion
-
   expose :create_issue_to_resolve_discussions_path do |merge_request|
     presenter(merge_request).create_issue_to_resolve_discussions_path
   end
@@ -84,17 +82,9 @@ class MergeRequestPollWidgetEntity < IssuableEntity
       presenter(merge_request).can_cherry_pick_on_current_merge_request?
     end
 
-    expose :can_create_note do |merge_request|
-      can?(current_user, :create_note, merge_request)
-    end
-
     expose :can_create_issue do |merge_request|
       can?(current_user, :create_issue, merge_request.project)
     end
-
-    expose :can_update do |merge_request|
-      can?(current_user, :update_merge_request, merge_request)
-    end
   end
 
   expose :can_push_to_source_branch do |merge_request|
diff --git a/app/serializers/merge_request_serializer.rb b/app/serializers/merge_request_serializer.rb
index bd2e682a122..aa67cd1f39e 100644
--- a/app/serializers/merge_request_serializer.rb
+++ b/app/serializers/merge_request_serializer.rb
@@ -13,6 +13,8 @@ class MergeRequestSerializer < BaseSerializer
         MergeRequestSidebarExtrasEntity
       when 'basic'
         MergeRequestBasicEntity
+      when 'noteable'
+        MergeRequestNoteableEntity
       else
         # fallback to widget for old poll requests without `serializer` set
         MergeRequestWidgetEntity
diff --git a/app/serializers/merge_request_widget_entity.rb b/app/serializers/merge_request_widget_entity.rb
index c8088608cb0..2f2c42a7387 100644
--- a/app/serializers/merge_request_widget_entity.rb
+++ b/app/serializers/merge_request_widget_entity.rb
@@ -3,10 +3,6 @@
 class MergeRequestWidgetEntity < Grape::Entity
   include RequestAwareEntity
 
-  # Currently this attr is exposed to be used in app/assets/javascripts/notes/stores/getters.js
-  # in order to determine whether a noteable is an issue or an MR
-  expose :merge_params
-
   expose :source_project_full_path do |merge_request|
     merge_request.source_project&.full_path
   end
@@ -35,18 +31,10 @@ class MergeRequestWidgetEntity < Grape::Entity
     cached_widget_project_json_merge_request_path(merge_request.target_project, merge_request, format: :json)
   end
 
-  expose :create_note_path do |merge_request|
-    project_notes_path(merge_request.project, target_type: 'merge_request', target_id: merge_request.id)
-  end
-
   expose :commit_change_content_path do |merge_request|
     commit_change_content_project_merge_request_path(merge_request.project, merge_request)
   end
 
-  expose :preview_note_path do |merge_request|
-    preview_markdown_path(merge_request.project, target_type: 'MergeRequest', target_id: merge_request.iid)
-  end
-
   expose :conflicts_docs_path do |merge_request|
     help_page_path('user/project/merge_requests/resolve_conflicts.md')
   end
diff --git a/app/views/projects/merge_requests/show.html.haml b/app/views/projects/merge_requests/show.html.haml
index af3bd8dcd69..ea166d622eb 100644
--- a/app/views/projects/merge_requests/show.html.haml
+++ b/app/views/projects/merge_requests/show.html.haml
@@ -6,6 +6,7 @@
 - page_description @merge_request.description
 - page_card_attributes @merge_request.card_attributes
 - suggest_changes_help_path = help_page_path('user/discussions/index.md', anchor: 'suggest-changes')
+- number_of_pipelines = @pipelines.size
 
 .merge-request{ data: { mr_action: j(params[:tab].presence || 'show'), url: merge_request_path(@merge_request, format: :json), project_path: project_path(@merge_request.project), lock_version: @merge_request.lock_version } }
   = render "projects/merge_requests/mr_title"
@@ -41,11 +42,11 @@
               = tab_link_for @merge_request, :commits do
                 = _("Commits")
                 %span.badge.badge-pill= @commits_count
-          - if @pipelines.any?
+          - if number_of_pipelines.nonzero?
             %li.pipelines-tab
               = tab_link_for @merge_request, :pipelines do
                 = _("Pipelines")
-                %span.badge.badge-pill.js-pipelines-mr-count= @pipelines.size
+                %span.badge.badge-pill.js-pipelines-mr-count= number_of_pipelines
           %li.diffs-tab.qa-diffs-tab
             = tab_link_for @merge_request, :diffs do
               = _("Changes")
@@ -63,21 +64,21 @@
             %script.js-notes-data{ type: "application/json" }= initial_notes_data(true).to_json.html_safe
             .issuable-discussion.js-vue-notes-event
               #js-vue-mr-discussions{ data: { notes_data: notes_data(@merge_request).to_json,
-                noteable_data: serialize_issuable(@merge_request),
+                noteable_data: serialize_issuable(@merge_request, serializer: 'noteable'),
                 noteable_type: 'MergeRequest',
                 target_type: 'merge_request',
                 help_page_path: suggest_changes_help_path,
-                current_user_data: UserSerializer.new(project: @project).represent(current_user, {}, MergeRequestUserEntity).to_json} }
+                current_user_data: @current_user_data} }
 
       #commits.commits.tab-pane
         -# This tab is always loaded via AJAX
       #pipelines.pipelines.tab-pane
-        - if @pipelines.any?
+        - if number_of_pipelines.nonzero?
           = render 'projects/commit/pipelines_list', disable_initialization: true, endpoint: pipelines_project_merge_request_path(@project, @merge_request)
       #js-diffs-app.diffs.tab-pane{ data: { "is-locked" => @merge_request.discussion_locked?,
         endpoint: diffs_project_merge_request_path(@project, @merge_request, 'json', request.query_parameters),
         help_page_path: suggest_changes_help_path,
-        current_user_data: UserSerializer.new(project: @project).represent(current_user, {}, MergeRequestUserEntity).to_json,
+        current_user_data: @current_user_data,
         project_path: project_path(@merge_request.project),
         changes_empty_state_illustration: image_path('illustrations/merge_request_changes_empty.svg'),
         is_fluid_layout: fluid_layout.to_s,
-- 
cgit v1.2.1


From 057df5a3f4f828fab9c0c2de08b0e53e424b99f7 Mon Sep 17 00:00:00 2001
From: Sean McGivern <sean@gitlab.com>
Date: Tue, 27 Aug 2019 12:00:34 +0100
Subject: Do not persist translated system notes

---
 app/services/system_note_service.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index ee7223d6349..1b48b20e28b 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -67,7 +67,7 @@ module SystemNoteService
     create_note(NoteSummary.new(noteable, project, author, body, action: 'assignee'))
   end
 
-  # Called when the assignees of an Issue is changed or removed
+  # Called when the assignees of an issuable is changed or removed
   #
   # issuable - Issuable object (responds to assignees)
   # project  - Project owning noteable
@@ -88,10 +88,12 @@ module SystemNoteService
   def change_issuable_assignees(issuable, project, author, old_assignees)
     unassigned_users = old_assignees - issuable.assignees
     added_users = issuable.assignees.to_a - old_assignees
-
     text_parts = []
-    text_parts << "assigned to #{added_users.map(&:to_reference).to_sentence}" if added_users.any?
-    text_parts << "unassigned #{unassigned_users.map(&:to_reference).to_sentence}" if unassigned_users.any?
+
+    Gitlab::I18n.with_default_locale do
+      text_parts << "assigned to #{added_users.map(&:to_reference).to_sentence}" if added_users.any?
+      text_parts << "unassigned #{unassigned_users.map(&:to_reference).to_sentence}" if unassigned_users.any?
+    end
 
     body = text_parts.join(' and ')
 
-- 
cgit v1.2.1


From 88cf7591c7bc38b7dbd70085ea3b93813acc14f8 Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Thu, 22 Aug 2019 13:48:29 +0800
Subject: Fix dropdown closing when mouseup is outside

Changes the document event listener to listen to
mousedown instead of click
---
 app/assets/javascripts/droplab/drop_lab.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/droplab/drop_lab.js b/app/assets/javascripts/droplab/drop_lab.js
index 1339e28d8b8..33c05404493 100644
--- a/app/assets/javascripts/droplab/drop_lab.js
+++ b/app/assets/javascripts/droplab/drop_lab.js
@@ -60,7 +60,7 @@ class DropLab {
 
   addEvents() {
     this.eventWrapper.documentClicked = this.documentClicked.bind(this);
-    document.addEventListener('click', this.eventWrapper.documentClicked);
+    document.addEventListener('mousedown', this.eventWrapper.documentClicked);
   }
 
   documentClicked(e) {
@@ -74,7 +74,7 @@ class DropLab {
   }
 
   removeEvents() {
-    document.removeEventListener('click', this.eventWrapper.documentClicked);
+    document.removeEventListener('mousedown', this.eventWrapper.documentClicked);
   }
 
   changeHookList(trigger, list, plugins, config) {
-- 
cgit v1.2.1


From 55d0df7a9f106687a2a252cf70b403bfebb9942c Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Wed, 28 Aug 2019 16:17:41 +0800
Subject: Fix issue due notification emails threading

It should not be a start to a new thread but rather
a reply to an existing thread
---
 app/mailers/emails/issues.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/mailers/emails/issues.rb b/app/mailers/emails/issues.rb
index f3a3203f7ad..542085ea307 100644
--- a/app/mailers/emails/issues.rb
+++ b/app/mailers/emails/issues.rb
@@ -11,7 +11,7 @@ module Emails
     def issue_due_email(recipient_id, issue_id, reason = nil)
       setup_issue_mail(issue_id, recipient_id)
 
-      mail_new_thread(@issue, issue_thread_options(@issue.author_id, recipient_id, reason))
+      mail_answer_thread(@issue, issue_thread_options(@issue.author_id, recipient_id, reason))
     end
 
     def new_mention_in_issue_email(recipient_id, issue_id, updated_by_user_id, reason = nil)
-- 
cgit v1.2.1


From 7a2bc31e38892f2d064b75710e37d6b3a31a3a03 Mon Sep 17 00:00:00 2001
From: Mark Lapierre <mlapierre@gitlab.com>
Date: Mon, 12 Aug 2019 15:03:10 +1000
Subject: Backport changes from EE

https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8186
---
 app/assets/javascripts/ide/components/error_message.vue | 2 +-
 app/assets/javascripts/ide/components/panes/right.vue   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/ide/components/error_message.vue b/app/assets/javascripts/ide/components/error_message.vue
index 22113692968..500f6737839 100644
--- a/app/assets/javascripts/ide/components/error_message.vue
+++ b/app/assets/javascripts/ide/components/error_message.vue
@@ -44,7 +44,7 @@ export default {
 
 <template>
   <div class="flash-container flash-container-page" @click="clickFlash">
-    <div class="flash-alert">
+    <div class="flash-alert" data-qa-selector="flash_alert">
       <span v-html="message.text"> </span>
       <button
         v-if="message.action"
diff --git a/app/assets/javascripts/ide/components/panes/right.vue b/app/assets/javascripts/ide/components/panes/right.vue
index 2e6bd85feec..200391282e7 100644
--- a/app/assets/javascripts/ide/components/panes/right.vue
+++ b/app/assets/javascripts/ide/components/panes/right.vue
@@ -89,7 +89,7 @@ export default {
 </script>
 
 <template>
-  <div class="multi-file-commit-panel ide-right-sidebar">
+  <div class="multi-file-commit-panel ide-right-sidebar" data-qa-selector="ide_right_sidebar">
     <resizable-panel
       v-show="isOpen"
       :collapsible="false"
@@ -120,6 +120,7 @@ export default {
             }"
             data-container="body"
             data-placement="left"
+            :data-qa-selector="`${tab.title.toLowerCase()}_tab_button`"
             class="ide-sidebar-link is-right"
             type="button"
             @click="clickTab($event, tab)"
-- 
cgit v1.2.1


From 680f437715dcf7a8871aa997559cf57362b43217 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 27 Aug 2019 10:31:59 -0700
Subject: Fix snippets API not working with visibility level

When a restricted visibility level of `private` is set in the instance,
creating a snippet with the `visibility` level would always fail.
This happened because:

1. `params[:visibility]` was a string (e.g. "public")
2. `CreateSnippetService` and `UpdateSnippetService` only looked
   at `params[:visibility_level]`, which was `nil`.

To fix this, we:

1. Make `CreateSnippetService` look at the newly-built
   `snippet.visibility_level`, since the right value is assigned by the
   `VisibilityLevel#visibility=` method.
2. Modify `UpdateSnippetService` to handle both `visibility_level` and
`visibility` parameters.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66050
---
 app/services/base_service.rb           | 4 ++++
 app/services/create_snippet_service.rb | 2 +-
 app/services/groups/create_service.rb  | 4 ----
 app/services/update_snippet_service.rb | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/services/base_service.rb b/app/services/base_service.rb
index 3e968c8f707..c39edd5c114 100644
--- a/app/services/base_service.rb
+++ b/app/services/base_service.rb
@@ -44,6 +44,10 @@ class BaseService
     model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator")
   end
 
+  def visibility_level
+    params[:visibility].is_a?(String) ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
+  end
+
   private
 
   def error(message, http_status = nil)
diff --git a/app/services/create_snippet_service.rb b/app/services/create_snippet_service.rb
index 6e5bf823cc7..0aa76df35ba 100644
--- a/app/services/create_snippet_service.rb
+++ b/app/services/create_snippet_service.rb
@@ -12,7 +12,7 @@ class CreateSnippetService < BaseService
                 PersonalSnippet.new(params)
               end
 
-    unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+    unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level)
       deny_visibility_level(snippet)
       return snippet
     end
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index e78e5d5fc2c..1dd22d7a3ae 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -68,9 +68,5 @@ module Groups
 
       true
     end
-
-    def visibility_level
-      params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
-    end
   end
 end
diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb
index 2969c360de5..a294812ef9e 100644
--- a/app/services/update_snippet_service.rb
+++ b/app/services/update_snippet_service.rb
@@ -12,7 +12,7 @@ class UpdateSnippetService < BaseService
 
   def execute
     # check that user is allowed to set specified visibility_level
-    new_visibility = params[:visibility_level]
+    new_visibility = visibility_level
 
     if new_visibility && new_visibility.to_i != snippet.visibility_level
       unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
-- 
cgit v1.2.1


From 20055fa68b09adf0dd8b2274efcbd861dcfcab2a Mon Sep 17 00:00:00 2001
From: Justin Boyson <jboyson@gitlab.com>
Date: Thu, 29 Aug 2019 06:53:08 +0000
Subject: Remove checkbox styling

---
 app/assets/stylesheets/framework/forms.scss | 24 ------------------------
 1 file changed, 24 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/forms.scss b/app/assets/stylesheets/framework/forms.scss
index 821e6691fe4..69ef116043a 100644
--- a/app/assets/stylesheets/framework/forms.scss
+++ b/app/assets/stylesheets/framework/forms.scss
@@ -245,27 +245,3 @@ label {
 .input-group-text {
   max-height: $input-height;
 }
-
-.gl-form-checkbox {
-  align-items: baseline;
-  margin-right: 1rem;
-  margin-bottom: 0.25rem;
-
-  .form-check-input {
-    margin-right: 0;
-  }
-
-  .form-check-label {
-    padding-left: $gl-padding-8;
-  }
-
-  &.form-check-inline .form-check-input {
-    align-self: flex-start;
-    height: 1.5 * $gl-font-size;
-  }
-
-  .form-check-input:disabled,
-  .form-check-input:disabled ~ .form-check-label {
-    cursor: not-allowed;
-  }
-}
-- 
cgit v1.2.1


From e301dfced6b91c4f81374fdd4d489f82b719ddc1 Mon Sep 17 00:00:00 2001
From: Lee Tickett <lee@tickett.net>
Date: Thu, 29 Aug 2019 07:01:24 +0000
Subject: Revert "DB change, migratoin and changelog"

This reverts commit af5242ecb682189c5d8276e1ab1ffe5ce844f2e5.
---
 app/views/projects/milestones/_form.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/projects/milestones/_form.html.haml b/app/views/projects/milestones/_form.html.haml
index 5cc6b5a173b..e1797e6db2a 100644
--- a/app/views/projects/milestones/_form.html.haml
+++ b/app/views/projects/milestones/_form.html.haml
@@ -21,7 +21,7 @@
 
   .form-actions
     - if @milestone.new_record?
-      = f.submit _('Create milestone'), class: 'btn-create btn qa-milestone-create-button'
+      = f.submit _('Create milestone'), class: 'btn-success btn qa-milestone-create-button'
       = link_to _('Cancel'), project_milestones_path(@project), class: 'btn btn-cancel'
     - else
       = f.submit _('Save changes'), class: 'btn-success btn'
-- 
cgit v1.2.1


From 8a5aa52813b8aa54ea3de2a860dc853038fac616 Mon Sep 17 00:00:00 2001
From: Nailia Iskhakova <niskhakova@gitlab.com>
Date: Thu, 29 Aug 2019 09:30:04 +0000
Subject: Add E2E spec to ensure that issue closes

Add E2E spec to test that issue closes with commit message
---
 app/views/projects/commit/_commit_box.html.haml          | 2 +-
 app/views/shared/issuable/_close_reopen_button.html.haml | 2 +-
 app/views/shared/issuable/_nav.html.haml                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/views/projects/commit/_commit_box.html.haml b/app/views/projects/commit/_commit_box.html.haml
index a766dd51463..6c77036a85b 100644
--- a/app/views/projects/commit/_commit_box.html.haml
+++ b/app/views/projects/commit/_commit_box.html.haml
@@ -5,7 +5,7 @@
     = render partial: 'signature', object: @commit.signature
     %strong
       #{ s_('CommitBoxTitle|Commit') }
-      %span.commit-sha= @commit.short_id
+      %span.commit-sha{ data: { qa_selector: 'commit_sha_content' } }= @commit.short_id
     = clipboard_button(text: @commit.id, title: _('Copy commit SHA to clipboard'))
     %span.d-none.d-sm-inline= _('authored')
     #{time_ago_with_tooltip(@commit.authored_date)}
diff --git a/app/views/shared/issuable/_close_reopen_button.html.haml b/app/views/shared/issuable/_close_reopen_button.html.haml
index 4f6a71b6071..875cacd1f4f 100644
--- a/app/views/shared/issuable/_close_reopen_button.html.haml
+++ b/app/views/shared/issuable/_close_reopen_button.html.haml
@@ -9,7 +9,7 @@
               class: "d-none d-sm-none d-md-block btn btn-grouped btn-close js-btn-issue-action #{issuable_button_visibility(issuable, true)}", title: "Close #{display_issuable_type}"
   - if can_reopen
     = link_to "Reopen #{display_issuable_type}", reopen_issuable_path(issuable), method: button_method,
-              class: "d-none d-sm-none d-md-block btn btn-grouped btn-reopen js-btn-issue-action #{issuable_button_visibility(issuable, false)}", title: "Reopen #{display_issuable_type}"
+              class: "d-none d-sm-none d-md-block btn btn-grouped btn-reopen js-btn-issue-action #{issuable_button_visibility(issuable, false)}", title: "Reopen #{display_issuable_type}", data: { qa_selector: 'reopen_issue_button' }
 - else
   - if can_update && !are_close_and_open_buttons_hidden
     = render 'shared/issuable/close_reopen_report_toggle', issuable: issuable
diff --git a/app/views/shared/issuable/_nav.html.haml b/app/views/shared/issuable/_nav.html.haml
index 71123740ee4..93408e0bfc0 100644
--- a/app/views/shared/issuable/_nav.html.haml
+++ b/app/views/shared/issuable/_nav.html.haml
@@ -17,7 +17,7 @@
         #{issuables_state_counter_text(type, :closed, display_count)}
   - else
     %li{ class: active_when(params[:state] == 'closed') }>
-      = link_to page_filter_path(state: 'closed'), id: 'state-closed', title: 'Filter by issues that are currently closed.', data: { state: 'closed' } do
+      = link_to page_filter_path(state: 'closed'), id: 'state-closed', title: 'Filter by issues that are currently closed.', data: { state: 'closed', qa_selector: 'closed_issues_link' } do
         #{issuables_state_counter_text(type, :closed, display_count)}
 
   = render 'shared/issuable/nav_links/all', page_context_word: page_context_word, counter: issuables_state_counter_text(type, :all, display_count)
-- 
cgit v1.2.1


From 7e145fd6e3c5fa9a27a75ca9f1f25c6226129fac Mon Sep 17 00:00:00 2001
From: "Balasankar \"Balu\" C" <balasankar@gitlab.com>
Date: Thu, 29 Aug 2019 16:27:09 +0530
Subject: Use new location for gitlab-runner helm charts

Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>
---
 app/assets/javascripts/clusters/stores/clusters_store.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/clusters/stores/clusters_store.js b/app/assets/javascripts/clusters/stores/clusters_store.js
index ada5a49e246..772f16cab4e 100644
--- a/app/assets/javascripts/clusters/stores/clusters_store.js
+++ b/app/assets/javascripts/clusters/stores/clusters_store.js
@@ -55,7 +55,7 @@ export default class ClusterStore {
           ...applicationInitialState,
           title: s__('ClusterIntegration|GitLab Runner'),
           version: null,
-          chartRepo: 'https://gitlab.com/charts/gitlab-runner',
+          chartRepo: 'https://gitlab.com/gitlab-org/charts/gitlab-runner',
           updateAvailable: null,
           updateSuccessful: false,
           updateFailed: false,
-- 
cgit v1.2.1


From ec2756974ed3e797a5ae7d9aa1fd7c982605c950 Mon Sep 17 00:00:00 2001
From: Olena Horal-Koretska <ohoralkoretska@gitlab.com>
Date: Thu, 29 Aug 2019 12:21:28 +0000
Subject: Fixed embedded metrics tooltip inconsistent styling

---
 app/assets/stylesheets/framework/typography.scss | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/framework/typography.scss b/app/assets/stylesheets/framework/typography.scss
index afcc7f8a1db..33caac4d725 100644
--- a/app/assets/stylesheets/framework/typography.scss
+++ b/app/assets/stylesheets/framework/typography.scss
@@ -384,8 +384,18 @@
       @extend .fa-exclamation-circle;
     }
   }
-}
 
+  .prometheus-graph-embed {
+    h3.popover-header {
+      /** Override <h3> .popover-header
+      * as embed metrics do not follow the same
+      * style as default md <h3> (which are deeply nested)
+      */
+      margin: 0;
+      font-size: $gl-font-size-small;
+    }
+  }
+}
 
 /**
  * Headers
-- 
cgit v1.2.1


From 5ac5108dbf7b84c48128e4a44a9d22c3b760a09e Mon Sep 17 00:00:00 2001
From: Tao Wang <twang2218@gmail.com>
Date: Thu, 14 Jun 2018 18:47:38 +1000
Subject: Externalize strings from 'app/views/projects/services'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tao Wang <twang2218@gmail.com>
Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 app/views/projects/services/_form.html.haml        |  2 +-
 app/views/projects/services/_index.html.haml       | 12 +++---
 app/views/projects/services/edit.html.haml         |  6 +--
 .../_detailed_help.html.haml                       | 28 +++++++-------
 .../mattermost_slash_commands/_help.html.haml      |  8 ++--
 .../_installation_info.html.haml                   |  2 +-
 .../services/slack_slash_commands/_help.html.haml  | 44 +++++++++-------------
 7 files changed, 46 insertions(+), 56 deletions(-)

(limited to 'app')

diff --git a/app/views/projects/services/_form.html.haml b/app/views/projects/services/_form.html.haml
index de1b95692d6..2f277e8147a 100644
--- a/app/views/projects/services/_form.html.haml
+++ b/app/views/projects/services/_form.html.haml
@@ -15,7 +15,7 @@
         .footer-block.row-content-block
           = service_save_button(@service)
           &nbsp;
-          = link_to 'Cancel', project_settings_integrations_path(@project), class: 'btn btn-cancel'
+          = link_to _('Cancel'), project_settings_integrations_path(@project), class: 'btn btn-cancel'
 
 - if lookup_context.template_exists?('show', "projects/services/#{@service.to_param}", true)
   %hr
diff --git a/app/views/projects/services/_index.html.haml b/app/views/projects/services/_index.html.haml
index 16e48814578..7748a7a6a8e 100644
--- a/app/views/projects/services/_index.html.haml
+++ b/app/views/projects/services/_index.html.haml
@@ -1,8 +1,8 @@
 .row.prepend-top-default.append-bottom-default
   .col-lg-4
     %h4.prepend-top-0
-      Project services
-    %p Project services allow you to integrate GitLab with other applications
+      = s_("ProjectService|Project services")
+    %p= s_("ProjectService|Project services allow you to integrate GitLab with other applications")
   .col-lg-8
     %table.table
       %colgroup
@@ -13,12 +13,12 @@
       %thead
         %tr
           %th
-          %th Service
-          %th.d-none.d-sm-block Description
-          %th Last edit
+          %th= s_("ProjectService|Service")
+          %th.d-none.d-sm-block= _("Description")
+          %th= s_("ProjectService|Last edit")
       - @services.sort_by(&:title).each do |service|
         %tr
-          %td{ "aria-label" => "#{service.title}: status " + (service.activated? ? "on" : "off") }
+          %td{ "aria-label" => (service.activated? ? s_("ProjectService|%{service_title}: status on") : s_("ProjectService|%{service_title}: status off")) % { service_title: service.title } }
             = boolean_to_icon service.activated?
           %td
             = link_to edit_project_service_path(@project, service.to_param) do
diff --git a/app/views/projects/services/edit.html.haml b/app/views/projects/services/edit.html.haml
index df1fd583670..fc20bc52d1c 100644
--- a/app/views/projects/services/edit.html.haml
+++ b/app/views/projects/services/edit.html.haml
@@ -1,6 +1,6 @@
-- breadcrumb_title "Integrations"
-- page_title @service.title, "Services"
-- add_to_breadcrumbs("Settings", edit_project_path(@project))
+- breadcrumb_title s_("ProjectService|Integrations")
+- page_title @service.title, s_("ProjectService|Services")
+- add_to_breadcrumbs(s_("ProjectService|Settings"), edit_project_path(@project))
 
 = render 'deprecated_message' if @service.deprecation_message
 
diff --git a/app/views/projects/services/mattermost_slash_commands/_detailed_help.html.haml b/app/views/projects/services/mattermost_slash_commands/_detailed_help.html.haml
index 82c1d57c97e..395df502ddb 100644
--- a/app/views/projects/services/mattermost_slash_commands/_detailed_help.html.haml
+++ b/app/views/projects/services/mattermost_slash_commands/_detailed_help.html.haml
@@ -1,6 +1,6 @@
-- run_actions_text = "Perform common operations on GitLab project: #{@project.full_name}"
+- run_actions_text = s_("ProjectService|Perform common operations on GitLab project: %{project_name}") % { project_name: @project.full_name }
 
-%p To set up this service:
+%p= s_("ProjectService|To set up this service:")
 %ul.list-unstyled.indent-list
   %li
     1.
@@ -18,67 +18,67 @@
 
 .help-form
   .form-group
-    = label_tag :display_name, 'Display name', class: 'col-12 col-form-label label-bold'
+    = label_tag :display_name, _('Display name'), class: 'col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :display_name, "GitLab / #{@project.full_name}", class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#display_name', class: 'input-group-text')
 
   .form-group
-    = label_tag :description, 'Description', class: 'col-12 col-form-label  label-bold'
+    = label_tag :description, _('Description'), class: 'col-12 col-form-label  label-bold'
     .col-12.input-group
       = text_field_tag :description, run_actions_text, class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#description', class: 'input-group-text')
 
   .form-group
-    = label_tag nil, 'Command trigger word', class: 'col-12 col-form-label label-bold'
+    = label_tag nil, s_('MattermostService|Command trigger word'), class: 'col-12 col-form-label label-bold'
     .col-12
-      %p Fill in the word that works best for your team.
+      %p= s_('MattermostService|Fill in the word that works best for your team.')
       %p
-        Suggestions:
+        = s_('MattermostService|Suggestions:')
         %code= 'gitlab'
         %code= @project.path # Path contains no spaces, but dashes
         %code= @project.full_path
 
   .form-group
-    = label_tag :request_url, 'Request URL', class: 'col-12 col-form-label label-bold'
+    = label_tag :request_url, s_('MattermostService|Request URL'), class: 'col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :request_url, service_trigger_url(subject), class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#request_url', class: 'input-group-text')
 
   .form-group
-    = label_tag nil, 'Request method', class: 'col-12 col-form-label label-bold'
+    = label_tag nil, s_('MattermostService|Request method'), class: 'col-12 col-form-label label-bold'
     .col-12 POST
 
   .form-group
-    = label_tag :response_username, 'Response username', class: 'col-12 col-form-label label-bold'
+    = label_tag :response_username, s_('MattermostService|Response username'), class: 'col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :response_username, 'GitLab', class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#response_username', class: 'input-group-text')
 
   .form-group
-    = label_tag :response_icon, 'Response icon', class: 'col-12 col-form-label label-bold'
+    = label_tag :response_icon, s_('MattermostService|Response icon'), class: 'col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :response_icon, asset_url('gitlab_logo.png'), class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#response_icon', class: 'input-group-text')
 
   .form-group
-    = label_tag nil, 'Autocomplete', class: 'col-12 col-form-label label-bold'
+    = label_tag nil, _('Autocomplete'), class: 'col-12 col-form-label label-bold'
     .col-12 Yes
 
   .form-group
-    = label_tag :autocomplete_hint, 'Autocomplete hint', class: 'col-12 col-12 col-form-label label-bold'
+    = label_tag :autocomplete_hint, _('Autocomplete hint'), class: 'col-12 col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :autocomplete_hint, '[help]', class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
         = clipboard_button(target: '#autocomplete_hint', class: 'input-group-text')
 
   .form-group
-    = label_tag :autocomplete_description, 'Autocomplete description', class: 'col-12 col-form-label label-bold'
+    = label_tag :autocomplete_description, _('Autocomplete description'), class: 'col-12 col-form-label label-bold'
     .col-12.input-group
       = text_field_tag :autocomplete_description, run_actions_text, class: 'form-control form-control-sm', readonly: 'readonly'
       .input-group-append
diff --git a/app/views/projects/services/mattermost_slash_commands/_help.html.haml b/app/views/projects/services/mattermost_slash_commands/_help.html.haml
index f51dd581d29..cc005dd69b7 100644
--- a/app/views/projects/services/mattermost_slash_commands/_help.html.haml
+++ b/app/views/projects/services/mattermost_slash_commands/_help.html.haml
@@ -3,14 +3,12 @@
 .info-well
   .well-segment
     %p
-      This service allows users to perform common operations on this
-      project by entering slash commands in Mattermost.
+      = s_("MattermostService|This service allows users to perform common operations on this project by entering slash commands in Mattermost.")
       = link_to help_page_path('user/project/integrations/mattermost_slash_commands.md'), target: '_blank' do
-        View documentation
+        = _("View documentation")
         = sprite_icon('external-link', size: 16)
     %p.inline
-      See list of available commands in Mattermost after setting up this service,
-      by entering
+      = s_("MattermostService|See list of available commands in Mattermost after setting up this service, by entering")
     %kbd.inline /&lt;trigger&gt; help
     - unless enabled || @service.template?
       = render 'projects/services/mattermost_slash_commands/detailed_help', subject: @service
diff --git a/app/views/projects/services/mattermost_slash_commands/_installation_info.html.haml b/app/views/projects/services/mattermost_slash_commands/_installation_info.html.haml
index 2da8e5428ec..aee81ea744a 100644
--- a/app/views/projects/services/mattermost_slash_commands/_installation_info.html.haml
+++ b/app/views/projects/services/mattermost_slash_commands/_installation_info.html.haml
@@ -4,4 +4,4 @@
       .col-sm-9.offset-sm-3
         = link_to new_project_mattermost_path(@project), class: 'btn btn-lg' do
           = custom_icon('mattermost_logo', size: 15)
-          Add to Mattermost
+          = s_("MattermostService|Add to Mattermost")
diff --git a/app/views/projects/services/slack_slash_commands/_help.html.haml b/app/views/projects/services/slack_slash_commands/_help.html.haml
index 9b7732abc62..7f6717e298c 100644
--- a/app/views/projects/services/slack_slash_commands/_help.html.haml
+++ b/app/views/projects/services/slack_slash_commands/_help.html.haml
@@ -4,17 +4,15 @@
 .info-well
   .well-segment
     %p
-      This service allows users to perform common operations on this
-      project by entering slash commands in Slack.
+      = s_("SlackService|This service allows users to perform common operations on this project by entering slash commands in Slack.")
       = link_to help_page_path('user/project/integrations/slack_slash_commands.md'), target: '_blank' do
-        View documentation
+        = _("View documentation")
         = sprite_icon('external-link', size: 16)
     %p.inline
-      See list of available commands in Slack after setting up this service,
-      by entering
+      = s_("SlackService|See list of available commands in Slack after setting up this service, by entering")
     %kbd.inline /&lt;command&gt; help
     - unless @service.template?
-      %p To set up this service:
+      %p= _("To set up this service:")
       %ul.list-unstyled.indent-list
         %li
           1.
@@ -27,11 +25,11 @@
 
       .help-form
         .form-group
-          = label_tag nil, 'Command', class: 'col-12 col-form-label label-bold'
+          = label_tag nil, _('Command'), class: 'col-12 col-form-label label-bold'
           .col-12
-            %p Fill in the word that works best for your team.
+            %p= s_('SlackService|Fill in the word that works best for your team.')
             %p
-              Suggestions:
+              = _("Suggestions:")
               %code= 'gitlab'
               %code= @project.path # Path contains no spaces, but dashes
               %code= @project.full_path
@@ -44,44 +42,44 @@
               = clipboard_button(target: '#url', class: 'input-group-text')
 
         .form-group
-          = label_tag nil, 'Method', class: 'col-12 col-form-label label-bold'
+          = label_tag nil, _('Method'), class: 'col-12 col-form-label label-bold'
           .col-12 POST
 
         .form-group
-          = label_tag :customize_name, 'Customize name', class: 'col-12 col-form-label label-bold'
+          = label_tag :customize_name, _('Customize name'), class: 'col-12 col-form-label label-bold'
           .col-12.input-group
             = text_field_tag :customize_name, 'GitLab', class: 'form-control form-control-sm', readonly: 'readonly'
             .input-group-append
               = clipboard_button(target: '#customize_name', class: 'input-group-text')
 
         .form-group
-          = label_tag nil, 'Customize icon', class: 'col-12 col-form-label label-bold'
+          = label_tag nil, _('Customize icon'), class: 'col-12 col-form-label label-bold'
           .col-12
             = image_tag(asset_url('slash-command-logo.png'), width: 36, height: 36, class: 'mr-3')
-            = link_to('Download image', asset_url('gitlab_logo.png'), class: 'btn btn-sm', target: '_blank', rel: 'noopener noreferrer')
+            = link_to(_('Download image'), asset_url('gitlab_logo.png'), class: 'btn btn-sm', target: '_blank', rel: 'noopener noreferrer')
 
         .form-group
-          = label_tag nil, 'Autocomplete', class: 'col-12 col-form-label label-bold'
+          = label_tag nil, _('Autocomplete'), class: 'col-12 col-form-label label-bold'
           .col-12 Show this command in the autocomplete list
 
         .form-group
-          = label_tag :autocomplete_description, 'Autocomplete description', class: 'col-12 col-form-label label-bold'
+          = label_tag :autocomplete_description, _('Autocomplete description'), class: 'col-12 col-form-label label-bold'
           .col-12.input-group
             = text_field_tag :autocomplete_description, run_actions_text, class: 'form-control form-control-sm', readonly: 'readonly'
             .input-group-append
               = clipboard_button(target: '#autocomplete_description', class: 'input-group-text')
 
         .form-group
-          = label_tag :autocomplete_usage_hint, 'Autocomplete usage hint', class: 'col-12 col-form-label label-bold'
+          = label_tag :autocomplete_usage_hint, _('Autocomplete usage hint'), class: 'col-12 col-form-label label-bold'
           .col-12.input-group
             = text_field_tag :autocomplete_usage_hint, '[help]', class: 'form-control form-control-sm', readonly: 'readonly'
             .input-group-append
               = clipboard_button(target: '#autocomplete_usage_hint', class: 'input-group-text')
 
         .form-group
-          = label_tag :descriptive_label, 'Descriptive label', class: 'col-12 col-form-label label-bold'
+          = label_tag :descriptive_label, _('Descriptive label'), class: 'col-12 col-form-label label-bold'
           .col-12.input-group
-            = text_field_tag :descriptive_label, 'Perform common operations on GitLab project', class: 'form-control form-control-sm', readonly: 'readonly'
+            = text_field_tag :descriptive_label, _('Perform common operations on GitLab project'), class: 'form-control form-control-sm', readonly: 'readonly'
             .input-group-append
               = clipboard_button(target: '#descriptive_label', class: 'input-group-text')
 
@@ -89,12 +87,6 @@
 
       %ul.list-unstyled.indent-list
         %li
-          2. Paste the
-          %strong Token
-          into the field below
+          = s_("SlackService|2. Paste the <strong>Token</strong> into the field below").html_safe
         %li
-          3. Select the
-          %strong Active
-          checkbox, press
-          %strong Save changes
-          and start using GitLab inside Slack!
+          = s_("SlackService|3. Select the <strong>Active</strong> checkbox, press <strong>Save changes</strong> and start using GitLab inside Slack!").html_safe
-- 
cgit v1.2.1


From e5be205a2384435a67ccff72f8b33df37efd54e7 Mon Sep 17 00:00:00 2001
From: Wolfgang Faust <wolfgangmcq@gmail.com>
Date: Thu, 29 Aug 2019 15:53:01 +0000
Subject: Make some buttons green again

Fix missing .btn-success class on the following buttons:
* 'Create milestone' button
* Secondary button on profile tabs

`btn-create` was an old class which was was removed in !23232
and replaced with `btn-success`,
but these two seem to have been missed in the process.
---
 app/views/shared/empty_states/_profile_tabs.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/views/shared/empty_states/_profile_tabs.html.haml b/app/views/shared/empty_states/_profile_tabs.html.haml
index 6da40e1b059..98a5a5953d0 100644
--- a/app/views/shared/empty_states/_profile_tabs.html.haml
+++ b/app/views/shared/empty_states/_profile_tabs.html.haml
@@ -12,7 +12,7 @@
           %p= current_user_empty_message_description
 
         - if secondary_button_link.present?
-          = link_to secondary_button_label, secondary_button_link, class: 'btn btn-create btn-inverted'
+          = link_to secondary_button_label, secondary_button_link, class: 'btn btn-success btn-inverted'
 
         = link_to primary_button_label, primary_button_link, class: 'btn btn-success'
       - else
-- 
cgit v1.2.1


From 72390953da802311180f53b6a646d80bc1da2849 Mon Sep 17 00:00:00 2001
From: Lee Tickett <lee@tickett.net>
Date: Thu, 29 Aug 2019 16:19:07 +0000
Subject: Handle invalid mirror url

---
 app/models/remote_mirror.rb                        | 1 +
 app/views/projects/mirrors/_mirror_repos.html.haml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/remote_mirror.rb b/app/models/remote_mirror.rb
index c9ee0653d86..41e63986286 100644
--- a/app/models/remote_mirror.rb
+++ b/app/models/remote_mirror.rb
@@ -200,6 +200,7 @@ class RemoteMirror < ApplicationRecord
     result.password = '*****' if result.password
     result.user = '*****' if result.user && result.user != 'git' # tokens or other data may be saved as user
     result.to_s
+  rescue URI::Error
   end
 
   def ensure_remote!
diff --git a/app/views/projects/mirrors/_mirror_repos.html.haml b/app/views/projects/mirrors/_mirror_repos.html.haml
index 6f8a93fbcf5..84f0900d9c1 100644
--- a/app/views/projects/mirrors/_mirror_repos.html.haml
+++ b/app/views/projects/mirrors/_mirror_repos.html.haml
@@ -50,7 +50,7 @@
             - @project.remote_mirrors.each_with_index do |mirror, index|
               - next if mirror.new_record?
               %tr.qa-mirrored-repository-row.rspec-mirrored-repository-row{ class: ('bg-secondary' if mirror.disabled?) }
-                %td.qa-mirror-repository-url= mirror.safe_url
+                %td.qa-mirror-repository-url= mirror.safe_url || _('Invalid URL')
                 %td= _('Push')
                 %td
                   = mirror.last_update_started_at.present? ? time_ago_with_tooltip(mirror.last_update_started_at) : _('Never')
-- 
cgit v1.2.1


From 34d142e593827df932651aaacebcd3914ba7d923 Mon Sep 17 00:00:00 2001
From: George Koltsov <koltsov.george@gmail.com>
Date: Thu, 29 Aug 2019 16:49:22 +0000
Subject: Allow project feature permissions to be overridden during import

---
 app/models/project.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/models/project.rb b/app/models/project.rb
index c67c5c7bc8c..8f568a5b840 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -61,6 +61,8 @@ class Project < ApplicationRecord
 
   delegate :feature_available?, :builds_enabled?, :wiki_enabled?,
            :merge_requests_enabled?, :issues_enabled?, :pages_enabled?, :public_pages?,
+           :merge_requests_access_level, :issues_access_level, :wiki_access_level,
+           :snippets_access_level, :builds_access_level, :repository_access_level,
            to: :project_feature, allow_nil: true
 
   delegate :base_dir, :disk_path, :ensure_storage_path_exists, to: :storage
-- 
cgit v1.2.1


From c6ccc07f48c7c1f9da43ecd82015500a4340544d Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Thu, 29 Aug 2019 18:04:52 +0100
Subject: Revert "Cache branch and tag names as Redis sets"

This reverts commit 0eff75fa2b6691b6fba31fcc2842f51debd249a9.
---
 app/models/repository.rb | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/models/repository.rb b/app/models/repository.rb
index b957b9b0bdd..6f63cd32da4 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -239,13 +239,13 @@ class Repository
   def branch_exists?(branch_name)
     return false unless raw_repository
 
-    branch_names_include?(branch_name)
+    branch_names.include?(branch_name)
   end
 
   def tag_exists?(tag_name)
     return false unless raw_repository
 
-    tag_names_include?(tag_name)
+    tag_names.include?(tag_name)
   end
 
   def ref_exists?(ref)
@@ -565,10 +565,10 @@ class Repository
   end
 
   delegate :branch_names, to: :raw_repository
-  cache_method_as_redis_set :branch_names, fallback: []
+  cache_method :branch_names, fallback: []
 
   delegate :tag_names, to: :raw_repository
-  cache_method_as_redis_set :tag_names, fallback: []
+  cache_method :tag_names, fallback: []
 
   delegate :branch_count, :tag_count, :has_visible_content?, to: :raw_repository
   cache_method :branch_count, fallback: 0
@@ -1130,10 +1130,6 @@ class Repository
     @cache ||= Gitlab::RepositoryCache.new(self)
   end
 
-  def redis_set_cache
-    @redis_set_cache ||= Gitlab::RepositorySetCache.new(self)
-  end
-
   def request_store_cache
     @request_store_cache ||= Gitlab::RepositoryCache.new(self, backend: Gitlab::SafeRequestStore)
   end
-- 
cgit v1.2.1


From 1cec47ec1a9ebba716a5396b560bf7efc3319020 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Cunha?= <j.a.cunha@gmail.com>
Date: Thu, 29 Aug 2019 17:21:35 +0000
Subject: DRY check progress services

Extract duplicated code from two similar classes into a parent one.
---
 .../check_installation_progress_service.rb         | 35 +--------------
 .../applications/check_progress_service.rb         | 50 ++++++++++++++++++++++
 .../check_uninstall_progress_service.rb            | 33 ++------------
 3 files changed, 55 insertions(+), 63 deletions(-)
 create mode 100644 app/services/clusters/applications/check_progress_service.rb

(limited to 'app')

diff --git a/app/services/clusters/applications/check_installation_progress_service.rb b/app/services/clusters/applications/check_installation_progress_service.rb
index 3c6803d24e6..65d08966802 100644
--- a/app/services/clusters/applications/check_installation_progress_service.rb
+++ b/app/services/clusters/applications/check_installation_progress_service.rb
@@ -2,24 +2,7 @@
 
 module Clusters
   module Applications
-    class CheckInstallationProgressService < BaseHelmService
-      def execute
-        return unless operation_in_progress?
-
-        case installation_phase
-        when Gitlab::Kubernetes::Pod::SUCCEEDED
-          on_success
-        when Gitlab::Kubernetes::Pod::FAILED
-          on_failed
-        else
-          check_timeout
-        end
-      rescue Kubeclient::HttpError => e
-        log_error(e)
-
-        app.make_errored!("Kubernetes error: #{e.error_code}")
-      end
-
+    class CheckInstallationProgressService < CheckProgressService
       private
 
       def operation_in_progress?
@@ -32,10 +15,6 @@ module Clusters
         remove_installation_pod
       end
 
-      def on_failed
-        app.make_errored!("Operation failed. Check pod logs for #{pod_name} for more details.")
-      end
-
       def check_timeout
         if timed_out?
           begin
@@ -54,18 +33,6 @@ module Clusters
       def timed_out?
         Time.now.utc - app.updated_at.utc > ClusterWaitForAppInstallationWorker::TIMEOUT
       end
-
-      def remove_installation_pod
-        helm_api.delete_pod!(pod_name)
-      end
-
-      def installation_phase
-        helm_api.status(pod_name)
-      end
-
-      def installation_errors
-        helm_api.log(pod_name)
-      end
     end
   end
 end
diff --git a/app/services/clusters/applications/check_progress_service.rb b/app/services/clusters/applications/check_progress_service.rb
new file mode 100644
index 00000000000..4a07b955f8e
--- /dev/null
+++ b/app/services/clusters/applications/check_progress_service.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Applications
+    class CheckProgressService < BaseHelmService
+      def execute
+        return unless operation_in_progress?
+
+        case pod_phase
+        when Gitlab::Kubernetes::Pod::SUCCEEDED
+          on_success
+        when Gitlab::Kubernetes::Pod::FAILED
+          on_failed
+        else
+          check_timeout
+        end
+      rescue Kubeclient::HttpError => e
+        log_error(e)
+
+        app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code })
+      end
+
+      private
+
+      def operation_in_progress?
+        raise NotImplementedError
+      end
+
+      def on_success
+        raise NotImplementedError
+      end
+
+      def pod_name
+        raise NotImplementedError
+      end
+
+      def on_failed
+        app.make_errored!(_('Operation failed. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name })
+      end
+
+      def timed_out?
+        raise NotImplementedError
+      end
+
+      def pod_phase
+        helm_api.status(pod_name)
+      end
+    end
+  end
+end
diff --git a/app/services/clusters/applications/check_uninstall_progress_service.rb b/app/services/clusters/applications/check_uninstall_progress_service.rb
index e51d84ef052..6a618d61c4f 100644
--- a/app/services/clusters/applications/check_uninstall_progress_service.rb
+++ b/app/services/clusters/applications/check_uninstall_progress_service.rb
@@ -2,26 +2,13 @@
 
 module Clusters
   module Applications
-    class CheckUninstallProgressService < BaseHelmService
-      def execute
-        return unless app.uninstalling?
-
-        case installation_phase
-        when Gitlab::Kubernetes::Pod::SUCCEEDED
-          on_success
-        when Gitlab::Kubernetes::Pod::FAILED
-          on_failed
-        else
-          check_timeout
-        end
-      rescue Kubeclient::HttpError => e
-        log_error(e)
+    class CheckUninstallProgressService < CheckProgressService
+      private
 
-        app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code })
+      def operation_in_progress?
+        app.uninstalling?
       end
 
-      private
-
       def on_success
         app.post_uninstall
         app.destroy!
@@ -31,10 +18,6 @@ module Clusters
         remove_installation_pod
       end
 
-      def on_failed
-        app.make_errored!(_('Operation failed. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name })
-      end
-
       def check_timeout
         if timed_out?
           app.make_errored!(_('Operation timed out. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name })
@@ -50,14 +33,6 @@ module Clusters
       def timed_out?
         Time.now.utc - app.updated_at.utc > WaitForUninstallAppWorker::TIMEOUT
       end
-
-      def remove_installation_pod
-        helm_api.delete_pod!(pod_name)
-      end
-
-      def installation_phase
-        helm_api.status(pod_name)
-      end
     end
   end
 end
-- 
cgit v1.2.1


From cc704112b39660ca12a0dc3faee81fdedb6f24cf Mon Sep 17 00:00:00 2001
From: Yuping Zuo <2669120-zypA13510@users.noreply.gitlab.com>
Date: Thu, 29 Aug 2019 18:56:22 +0000
Subject: fix: show preferred commit email in empty project page

---
 app/helpers/projects_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 33bf2d57fae..14f947a03a3 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -448,7 +448,7 @@ module ProjectsHelper
 
   def git_user_email
     if current_user
-      current_user.email
+      current_user.commit_email
     else
       "your@email.com"
     end
-- 
cgit v1.2.1


From f6c7e38040492db018943e537e30a7dd10e46120 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Wed, 28 Aug 2019 21:57:54 -0700
Subject: Make it harder to delete issuables accidentally

Previously submitting a DELETE request to an issuable URL would be
enough to destroy it, but this should require human confirmation.  We
now require that the `destroy_confirm` parameter is set to a truthy
value before this can complete.

In addition, we log a Sentry error if a deletion arrived without
confirmation.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62387
---
 .../javascripts/issue_show/components/app.vue      |  4 ++--
 .../issue_show/components/edit_actions.vue         |  2 +-
 .../javascripts/issue_show/services/index.js       |  4 ++--
 app/controllers/concerns/issuable_actions.rb       | 28 ++++++++++++++++++++++
 app/views/shared/issuable/_form.html.haml          |  2 +-
 5 files changed, 34 insertions(+), 6 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/issue_show/components/app.vue b/app/assets/javascripts/issue_show/components/app.vue
index 9ca38d6bbfa..88975c2cc73 100644
--- a/app/assets/javascripts/issue_show/components/app.vue
+++ b/app/assets/javascripts/issue_show/components/app.vue
@@ -300,9 +300,9 @@ export default {
       this.closeRecaptcha();
     },
 
-    deleteIssuable() {
+    deleteIssuable(payload) {
       this.service
-        .deleteIssuable()
+        .deleteIssuable(payload)
         .then(res => res.data)
         .then(data => {
           // Stop the poll so we don't get 404's with the issuable not existing
diff --git a/app/assets/javascripts/issue_show/components/edit_actions.vue b/app/assets/javascripts/issue_show/components/edit_actions.vue
index eb51a074f84..ce867f16acf 100644
--- a/app/assets/javascripts/issue_show/components/edit_actions.vue
+++ b/app/assets/javascripts/issue_show/components/edit_actions.vue
@@ -55,7 +55,7 @@ export default {
       if (window.confirm(confirmMessage)) {
         this.deleteLoading = true;
 
-        eventHub.$emit('delete.issuable');
+        eventHub.$emit('delete.issuable', { destroy_confirm: true });
       }
     },
   },
diff --git a/app/assets/javascripts/issue_show/services/index.js b/app/assets/javascripts/issue_show/services/index.js
index 9546eb22c27..3c8334bee50 100644
--- a/app/assets/javascripts/issue_show/services/index.js
+++ b/app/assets/javascripts/issue_show/services/index.js
@@ -10,8 +10,8 @@ export default class Service {
     return axios.get(this.realtimeEndpoint);
   }
 
-  deleteIssuable() {
-    return axios.delete(this.endpoint);
+  deleteIssuable(payload) {
+    return axios.delete(this.endpoint, { params: payload });
   }
 
   updateIssuable(data) {
diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb
index b86e4451a7e..05d865916af 100644
--- a/app/controllers/concerns/issuable_actions.rb
+++ b/app/controllers/concerns/issuable_actions.rb
@@ -6,6 +6,7 @@ module IssuableActions
 
   included do
     before_action :authorize_destroy_issuable!, only: :destroy
+    before_action :check_destroy_confirmation!, only: :destroy
     before_action :authorize_admin_issuable!, only: :bulk_update
     before_action only: :show do
       push_frontend_feature_flag(:scoped_labels, default_enabled: true)
@@ -91,6 +92,33 @@ module IssuableActions
     end
   end
 
+  def check_destroy_confirmation!
+    return true if params[:destroy_confirm]
+
+    error_message = "Destroy confirmation not provided for #{issuable.human_class_name}"
+    exception = RuntimeError.new(error_message)
+    Gitlab::Sentry.track_acceptable_exception(
+      exception,
+      extra: {
+        project_path: issuable.project.full_path,
+        issuable_type: issuable.class.name,
+        issuable_id: issuable.id
+      }
+    )
+
+    index_path = polymorphic_path([parent, issuable.class])
+
+    respond_to do |format|
+      format.html do
+        flash[:notice] = error_message
+        redirect_to index_path
+      end
+      format.json do
+        render json: { errors: error_message }, status: :unprocessable_entity
+      end
+    end
+  end
+
   def bulk_update
     result = Issuable::BulkUpdateService.new(current_user, bulk_update_params).execute(resource_name)
     quantity = result[:count]
diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml
index 214e87052da..04a70e406ca 100644
--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -66,7 +66,7 @@
       = link_to 'Cancel', polymorphic_path([@project.namespace.becomes(Namespace), @project, issuable.class]), class: 'btn btn-cancel'
     - else
       - if can?(current_user, :"destroy_#{issuable.to_ability_name}", @project)
-        = link_to 'Delete', polymorphic_path([@project.namespace.becomes(Namespace), @project, issuable]), data: { confirm: "#{issuable.human_class_name} will be removed! Are you sure?" }, method: :delete, class: 'btn btn-danger btn-grouped'
+        = link_to 'Delete', polymorphic_path([@project.namespace.becomes(Namespace), @project, issuable], params: { destroy_confirm: true }), data: { confirm: "#{issuable.human_class_name} will be removed! Are you sure?" }, method: :delete, class: 'btn btn-danger btn-grouped'
       = link_to 'Cancel', polymorphic_path([@project.namespace.becomes(Namespace), @project, issuable]), class: 'btn btn-grouped btn-cancel'
 
   %span.append-right-10
-- 
cgit v1.2.1


From fa6f19d1f83b68f2bb729be889ab7d66adbbedb8 Mon Sep 17 00:00:00 2001
From: dineshpanda <dineshpanda92@gmail.com>
Date: Fri, 30 Aug 2019 02:09:13 +0530
Subject: Remove dependency on IgnorableColumn concern

---
 app/models/application_setting.rb       | 15 ++++++++-------
 app/models/ci/build.rb                  | 15 ++++++++-------
 app/models/ci/runner.rb                 |  3 +--
 app/models/concerns/ignorable_column.rb | 30 ------------------------------
 app/models/deploy_key.rb                |  3 +--
 app/models/event.rb                     |  1 -
 app/models/merge_request_diff.rb        |  1 -
 app/models/note.rb                      |  3 +--
 app/models/notification_setting.rb      |  3 +--
 app/models/user.rb                      |  9 +++++----
 10 files changed, 25 insertions(+), 58 deletions(-)
 delete mode 100644 app/models/concerns/ignorable_column.rb

(limited to 'app')

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 2a99c6e5c59..8ff4cba2adb 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -4,7 +4,6 @@ class ApplicationSetting < ApplicationRecord
   include CacheableAttributes
   include CacheMarkdownField
   include TokenAuthenticatable
-  include IgnorableColumn
   include ChronicDurationAttribute
 
   add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
@@ -25,12 +24,14 @@ class ApplicationSetting < ApplicationRecord
   serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
 
-  ignore_column :koding_url
-  ignore_column :koding_enabled
-  ignore_column :sentry_enabled
-  ignore_column :sentry_dsn
-  ignore_column :clientside_sentry_enabled
-  ignore_column :clientside_sentry_dsn
+  self.ignored_columns = %i[
+                         clientside_sentry_dsn
+                         clientside_sentry_enabled
+                         koding_enabled
+                         koding_url
+                         sentry_dsn
+                         sentry_enabled
+                         ]
 
   cache_markdown_field :sign_in_text
   cache_markdown_field :help_page_text
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 7930bef5cf2..6ff89666e53 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -11,19 +11,20 @@ module Ci
     include ObjectStorage::BackgroundMove
     include Presentable
     include Importable
-    include IgnorableColumn
     include Gitlab::Utils::StrongMemoize
     include Deployable
     include HasRef
 
     BuildArchivedError = Class.new(StandardError)
 
-    ignore_column :commands
-    ignore_column :artifacts_file
-    ignore_column :artifacts_metadata
-    ignore_column :artifacts_file_store
-    ignore_column :artifacts_metadata_store
-    ignore_column :artifacts_size
+    self.ignored_columns = %i[
+                           artifacts_file
+                           artifacts_file_store
+                           artifacts_metadata
+                           artifacts_metadata_store
+                           artifacts_size
+                           commands
+                           ]
 
     belongs_to :project, inverse_of: :builds
     belongs_to :runner
diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb
index 1c1c7a5ae7a..e0e905ebfa8 100644
--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -4,7 +4,6 @@ module Ci
   class Runner < ApplicationRecord
     extend Gitlab::Ci::Model
     include Gitlab::SQL::Pattern
-    include IgnorableColumn
     include RedisCacheable
     include ChronicDurationAttribute
     include FromUnion
@@ -36,7 +35,7 @@ module Ci
 
     FORM_EDITABLE = %i[description tag_list active run_untagged locked access_level maximum_timeout_human_readable].freeze
 
-    ignore_column :is_shared
+    self.ignored_columns = %i[is_shared]
 
     has_many :builds
     has_many :runner_projects, inverse_of: :runner, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
diff --git a/app/models/concerns/ignorable_column.rb b/app/models/concerns/ignorable_column.rb
deleted file mode 100644
index 3bec44dc79b..00000000000
--- a/app/models/concerns/ignorable_column.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-# Module that can be included into a model to make it easier to ignore database
-# columns.
-#
-# Example:
-#
-#     class User < ApplicationRecord
-#       include IgnorableColumn
-#
-#       ignore_column :updated_at
-#     end
-#
-module IgnorableColumn
-  extend ActiveSupport::Concern
-
-  class_methods do
-    def columns
-      super.reject { |column| ignored_columns.include?(column.name) }
-    end
-
-    def ignored_columns
-      @ignored_columns ||= Set.new
-    end
-
-    def ignore_column(*names)
-      ignored_columns.merge(names.map(&:to_s))
-    end
-  end
-end
diff --git a/app/models/deploy_key.rb b/app/models/deploy_key.rb
index 0bd90bd28e3..06f8f31b8cc 100644
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 class DeployKey < Key
-  include IgnorableColumn
   include FromUnion
 
   has_many :deploy_keys_projects, inverse_of: :deploy_key, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
@@ -11,7 +10,7 @@ class DeployKey < Key
   scope :are_public,  -> { where(public: true) }
   scope :with_projects, -> { includes(deploy_keys_projects: { project: [:route, :namespace] }) }
 
-  ignore_column :can_push
+  self.ignored_columns = %i[can_push]
 
   accepts_nested_attributes_for :deploy_keys_projects
 
diff --git a/app/models/event.rb b/app/models/event.rb
index 738080eb584..392d7368033 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -2,7 +2,6 @@
 
 class Event < ApplicationRecord
   include Sortable
-  include IgnorableColumn
   include FromUnion
   default_scope { reorder(nil) }
 
diff --git a/app/models/merge_request_diff.rb b/app/models/merge_request_diff.rb
index 2c9dbf2585c..2402fa8e38f 100644
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -4,7 +4,6 @@ class MergeRequestDiff < ApplicationRecord
   include Sortable
   include Importable
   include ManualInverseAssociation
-  include IgnorableColumn
   include EachBatch
   include Gitlab::Utils::StrongMemoize
   include ObjectStorage::BackgroundMove
diff --git a/app/models/note.rb b/app/models/note.rb
index a12d1eb7243..c6ef91a27ad 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -14,7 +14,6 @@ class Note < ApplicationRecord
   include CacheMarkdownField
   include AfterCommitQueue
   include ResolvableNote
-  include IgnorableColumn
   include Editable
   include Gitlab::SQL::Pattern
   include ThrottledTouch
@@ -34,7 +33,7 @@ class Note < ApplicationRecord
     end
   end
 
-  ignore_column :original_discussion_id
+  self.ignored_columns = %i[original_discussion_id]
 
   cache_markdown_field :note, pipeline: :note, issuable_state_filter_enabled: true
 
diff --git a/app/models/notification_setting.rb b/app/models/notification_setting.rb
index 8306b11a7b6..9882f1dc8b3 100644
--- a/app/models/notification_setting.rb
+++ b/app/models/notification_setting.rb
@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
 class NotificationSetting < ApplicationRecord
-  include IgnorableColumn
 
-  ignore_column :events
+  self.ignored_columns = %i[events]
 
   enum level: { global: 3, watch: 2, participating: 1, mention: 4, disabled: 0, custom: 5 }
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 6107aaa7fca..79c89461806 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,7 +13,6 @@ class User < ApplicationRecord
   include Sortable
   include CaseSensitivity
   include TokenAuthenticatable
-  include IgnorableColumn
   include FeatureGate
   include CreatedAtFilterable
   include BulkMemberAccessLoad
@@ -24,9 +23,11 @@ class User < ApplicationRecord
 
   DEFAULT_NOTIFICATION_LEVEL = :participating
 
-  ignore_column :external_email
-  ignore_column :email_provider
-  ignore_column :authentication_token
+  self.ignored_columns = %i[
+                         authentication_token
+                         email_provider
+                         external_email
+                         ]
 
   add_authentication_token_field :incoming_email_token, token_generator: -> { SecureRandom.hex.to_i(16).to_s(36) }
   add_authentication_token_field :feed_token
-- 
cgit v1.2.1


From e3a91089b75cdadaa66288d0ff68f137893a3a45 Mon Sep 17 00:00:00 2001
From: Alex Kalderimis <akalderimis@gitlab.com>
Date: Fri, 30 Aug 2019 04:43:16 +0000
Subject: Allow be_url to specify the type

This allows the be_url matcher to be more specific. By default, it only
matches HTTP and HTTPS URIs.
---
 app/services/chat_names/authorize_user_service.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/services/chat_names/authorize_user_service.rb b/app/services/chat_names/authorize_user_service.rb
index 78b53cb3637..f7780488923 100644
--- a/app/services/chat_names/authorize_user_service.rb
+++ b/app/services/chat_names/authorize_user_service.rb
@@ -24,16 +24,16 @@ module ChatNames
     end
 
     def chat_name_token
-      Gitlab::ChatNameToken.new
+      @chat_name_token ||= Gitlab::ChatNameToken.new
     end
 
     def chat_name_params
       {
-        service_id: @service.id,
-        team_id: @params[:team_id],
+        service_id:  @service.id,
+        team_id:     @params[:team_id],
         team_domain: @params[:team_domain],
-        chat_id: @params[:user_id],
-        chat_name: @params[:user_name]
+        chat_id:     @params[:user_id],
+        chat_name:   @params[:user_name]
       }
     end
   end
-- 
cgit v1.2.1


From aa5329115dff3e7050423f03b25312ceaa45235e Mon Sep 17 00:00:00 2001
From: Jan Beckmann <king-jan1999@hotmail.de>
Date: Fri, 30 Aug 2019 05:34:00 +0000
Subject: URL-encode file links in find file

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/62055
---
 app/assets/javascripts/project_find_file.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/project_find_file.js b/app/assets/javascripts/project_find_file.js
index 60d3d83a4b2..765cb868f80 100644
--- a/app/assets/javascripts/project_find_file.js
+++ b/app/assets/javascripts/project_find_file.js
@@ -113,7 +113,7 @@ export default class ProjectFindFile {
       if (searchText) {
         matches = fuzzaldrinPlus.match(filePath, searchText);
       }
-      blobItemUrl = this.options.blobUrlTemplate + '/' + filePath;
+      blobItemUrl = this.options.blobUrlTemplate + '/' + encodeURIComponent(filePath);
       html = ProjectFindFile.makeHtml(filePath, matches, blobItemUrl);
       results.push(this.element.find('.tree-table > tbody').append(html));
     }
-- 
cgit v1.2.1


From 739d6a5ad3ac3756d89d6d07fec5fb876aa333d6 Mon Sep 17 00:00:00 2001
From: Andreas Brandl <abrandl@gitlab.com>
Date: Tue, 27 Aug 2019 15:29:53 +0200
Subject: Perform two-step Routable lookup by path

In order to lookup a Project or Namespace by path, we prefer an exact
match (case-sensitive) but in absence of that, we'd also take a
case-insensitive match.

The case-insensitive matching with preference for the exact match is a
bit more involved in SQL as the exact lookup. Yet, the majority of cases
will be an exact match. The thinking here is that we can optimize the
lookup by performing an exact match first and only if there is no
result, we perform the case-insensitive lookup.

Data for GitLab.com:
* We have about 15M records in routes table
* About 2,500 routes exist where there's more than one record
  with the same `lower(path)`

It is possible for a user to craft requests that would always trigger
the 2-step search (e.g. we have a route for `/foo/bar`, the request is
always for `/FOO/bar`). In this case, the change at hand is not
beneficial as it would run an additional query.

However, based on the data, it is highly likely that the vast majority
of requests can be satisfied with an exact match only.

The context for this change is
https://gitlab.com/gitlab-org/gitlab-ce/issues/64590#note_208156463.
---
 app/models/concerns/routable.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/models/concerns/routable.rb b/app/models/concerns/routable.rb
index 116e8967651..115c3ce2f91 100644
--- a/app/models/concerns/routable.rb
+++ b/app/models/concerns/routable.rb
@@ -33,8 +33,15 @@ module Routable
     #
     # Returns a single object, or nil.
     def find_by_full_path(path, follow_redirects: false)
-      order_sql = Arel.sql("(CASE WHEN routes.path = #{connection.quote(path)} THEN 0 ELSE 1 END)")
-      found = where_full_path_in([path]).reorder(order_sql).take
+      if Feature.enabled?(:routable_two_step_lookup)
+        # Case sensitive match first (it's cheaper and the usual case)
+        # If we didn't have an exact match, we perform a case insensitive search
+        found = joins(:route).find_by(routes: { path: path }) || where_full_path_in([path]).take
+      else
+        order_sql = Arel.sql("(CASE WHEN routes.path = #{connection.quote(path)} THEN 0 ELSE 1 END)")
+        found = where_full_path_in([path]).reorder(order_sql).take
+      end
+
       return found if found
 
       if follow_redirects
-- 
cgit v1.2.1


From 1003cd92cbaf9df12bf01b85c16c8dabdb1a8b72 Mon Sep 17 00:00:00 2001
From: Andreas Brandl <abrandl@gitlab.com>
Date: Thu, 29 Aug 2019 13:51:00 +0200
Subject: Add method call count instrumentation

---
 app/models/concerns/routable.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'app')

diff --git a/app/models/concerns/routable.rb b/app/models/concerns/routable.rb
index 115c3ce2f91..01b853d413c 100644
--- a/app/models/concerns/routable.rb
+++ b/app/models/concerns/routable.rb
@@ -59,12 +59,23 @@ module Routable
     def where_full_path_in(paths)
       return none if paths.empty?
 
+      increment_full_path_in_counter
+
       wheres = paths.map do |path|
         "(LOWER(routes.path) = LOWER(#{connection.quote(path)}))"
       end
 
       joins(:route).where(wheres.join(' OR '))
     end
+
+    # Temporary instrumentation of method calls for .where_full_path_in
+    def increment_full_path_in_counter
+      @counter ||= Gitlab::Metrics.counter(:routable_caseinsensitive_lookup_calls, 'Number of calls to Routable.where_full_path_in')
+
+      @counter.increment
+    rescue
+      # ignore the error
+    end
   end
 
   def full_name
-- 
cgit v1.2.1


From 8501e13bbc5f423b90c0ebbf20da90801a6fa410 Mon Sep 17 00:00:00 2001
From: Juliette de Rancourt <derancourt.juliette@gmail.com>
Date: Fri, 30 Aug 2019 06:16:01 +0000
Subject: Resolve "Use "moved" instead of "closed" in issue references"

---
 app/models/issue.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/models/issue.rb b/app/models/issue.rb
index caea8eadd18..75d4fc8c1c5 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -178,7 +178,7 @@ class Issue < ApplicationRecord
   end
 
   def moved?
-    !moved_to.nil?
+    !moved_to_id.nil?
   end
 
   def can_move?(user, to_project = nil)
-- 
cgit v1.2.1


From ceb6742e0121915b7ccba8cc1f1d72ec91441ed5 Mon Sep 17 00:00:00 2001
From: Lee Tickett <lee@tickett.net>
Date: Fri, 30 Aug 2019 08:25:51 +0000
Subject: Revert "DB change, migratoin and changelog"

This reverts commit af5242ecb682189c5d8276e1ab1ffe5ce844f2e5.
---
 app/assets/javascripts/boards/components/sidebar/remove_issue.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/boards/components/sidebar/remove_issue.vue b/app/assets/javascripts/boards/components/sidebar/remove_issue.vue
index b84722244d1..71e5d8058da 100644
--- a/app/assets/javascripts/boards/components/sidebar/remove_issue.vue
+++ b/app/assets/javascripts/boards/components/sidebar/remove_issue.vue
@@ -1,10 +1,10 @@
 <script>
-import Vue from 'vue';
+import axios from '~/lib/utils/axios_utils';
 import Flash from '../../../flash';
 import { __ } from '../../../locale';
 import boardsStore from '../../stores/boards_store';
 
-export default Vue.extend({
+export default {
   props: {
     issue: {
       type: Object,
@@ -35,7 +35,7 @@ export default Vue.extend({
       }
 
       // Post the remove data
-      Vue.http.patch(this.updateUrl, data).catch(() => {
+      axios.patch(this.updateUrl, data).catch(() => {
         Flash(__('Failed to remove issue from board, please try again.'));
 
         lists.forEach(list => {
@@ -71,7 +71,7 @@ export default Vue.extend({
       return req;
     },
   },
-});
+};
 </script>
 <template>
   <div class="block list">
-- 
cgit v1.2.1


From 224080f89cfd46c7ad3d3a5d331e6e1ebe55ec57 Mon Sep 17 00:00:00 2001
From: Maneschi Romain <rmaneschi@gmail.com>
Date: Fri, 30 Aug 2019 08:40:33 +0000
Subject: Delete animation width on global search input

---
 app/assets/stylesheets/pages/search.scss | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/assets/stylesheets/pages/search.scss b/app/assets/stylesheets/pages/search.scss
index 74380ec995a..2d2f0c531c7 100644
--- a/app/assets/stylesheets/pages/search.scss
+++ b/app/assets/stylesheets/pages/search.scss
@@ -45,8 +45,7 @@ input[type='checkbox']:hover {
     border: 0;
     border-radius: $border-radius-default;
     transition: border-color ease-in-out $default-transition-duration,
-      background-color ease-in-out $default-transition-duration,
-      width ease-in-out $default-transition-duration;
+      background-color ease-in-out $default-transition-duration;
 
     @include media-breakpoint-up(xl) {
       width: $search-input-xl-width;
-- 
cgit v1.2.1


From 1bccd36f04f1e1c4efe9155ea9037910c42a3749 Mon Sep 17 00:00:00 2001
From: Markus Koller <mkoller@gitlab.com>
Date: Fri, 30 Aug 2019 09:49:14 +0000
Subject: Improve search result labels

- Use "results" instead of "blobs", "wiki blobs", "snippet blobs"
- Use "comments" instead of "notes"
- Use correct pluralization
- Don't add "1 - 10 of" if there's only one page
---
 app/helpers/search_helper.rb        | 41 ++++++++++++++++++++++++++++++++++++-
 app/views/layouts/_search.html.haml |  5 +++--
 2 files changed, 43 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb
index 91c83380b62..2e2d324ab62 100644
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -30,7 +30,46 @@ module SearchHelper
     to = collection.offset_value + collection.to_a.size
     count = collection.total_count
 
-    s_("SearchResults|Showing %{from} - %{to} of %{count} %{scope} for \"%{term}\"") % { from: from, to: to, count: count, scope: scope.humanize(capitalize: false), term: term }
+    search_entries_info_template(collection) % {
+      from: from,
+      to: to,
+      count: count,
+      scope: search_entries_info_label(scope, count),
+      term: term
+    }
+  end
+
+  def search_entries_info_label(scope, count)
+    case scope
+    when 'blobs', 'snippet_blobs', 'wiki_blobs'
+      ns_('SearchResults|result', 'SearchResults|results', count)
+    when 'commits'
+      ns_('SearchResults|commit', 'SearchResults|commits', count)
+    when 'issues'
+      ns_('SearchResults|issue', 'SearchResults|issues', count)
+    when 'merge_requests'
+      ns_('SearchResults|merge request', 'SearchResults|merge requests', count)
+    when 'milestones'
+      ns_('SearchResults|milestone', 'SearchResults|milestones', count)
+    when 'notes'
+      ns_('SearchResults|comment', 'SearchResults|comments', count)
+    when 'projects'
+      ns_('SearchResults|project', 'SearchResults|projects', count)
+    when 'snippet_titles'
+      ns_('SearchResults|snippet', 'SearchResults|snippets', count)
+    when 'users'
+      ns_('SearchResults|user', 'SearchResults|users', count)
+    else
+      raise "Unrecognized search scope '#{scope}'"
+    end
+  end
+
+  def search_entries_info_template(collection)
+    if collection.total_pages > 1
+      s_("SearchResults|Showing %{from} - %{to} of %{count} %{scope} for \"%{term}\"")
+    else
+      s_("SearchResults|Showing %{count} %{scope} for \"%{term}\"")
+    end
   end
 
   def find_project_for_result_blob(projects, result)
diff --git a/app/views/layouts/_search.html.haml b/app/views/layouts/_search.html.haml
index e6a235e39da..ba5cd0fdd41 100644
--- a/app/views/layouts/_search.html.haml
+++ b/app/views/layouts/_search.html.haml
@@ -47,6 +47,7 @@
       = hidden_field_tag :snippets, true
     = hidden_field_tag :repository_ref, @ref
     = hidden_field_tag :nav_source, 'navbar'
-    -# workaround for non-JS feature specs, for JS you need to use find('#search').send_keys(:enter)
-    = button_tag 'Go' if ENV['RAILS_ENV'] == 'test'
+    -# workaround for non-JS feature specs, see spec/support/helpers/search_helpers.rb
+    - if ENV['RAILS_ENV'] == 'test'
+      %noscript= button_tag 'Search'
     .search-autocomplete-opts.hide{ :'data-autocomplete-path' => search_autocomplete_path, :'data-autocomplete-project-id' => @project.try(:id), :'data-autocomplete-project-ref' => @ref }
-- 
cgit v1.2.1


From edde1b708a6a605185a6dde73550b9f45e673371 Mon Sep 17 00:00:00 2001
From: Andreas Brandl <abrandl@gitlab.com>
Date: Fri, 30 Aug 2019 11:50:26 +0200
Subject: Add another counter to calculate method call ratio

We should see the ratio drop down when enabling the Feature.

Recommendation by @andrewn
---
 app/models/concerns/routable.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/models/concerns/routable.rb b/app/models/concerns/routable.rb
index 01b853d413c..3a486632800 100644
--- a/app/models/concerns/routable.rb
+++ b/app/models/concerns/routable.rb
@@ -33,6 +33,8 @@ module Routable
     #
     # Returns a single object, or nil.
     def find_by_full_path(path, follow_redirects: false)
+      increment_counter(:routable_find_by_full_path, 'Number of calls to Routable.find_by_full_path')
+
       if Feature.enabled?(:routable_two_step_lookup)
         # Case sensitive match first (it's cheaper and the usual case)
         # If we didn't have an exact match, we perform a case insensitive search
@@ -59,7 +61,7 @@ module Routable
     def where_full_path_in(paths)
       return none if paths.empty?
 
-      increment_full_path_in_counter
+      increment_counter(:routable_where_full_path_in, 'Number of calls to Routable.where_full_path_in')
 
       wheres = paths.map do |path|
         "(LOWER(routes.path) = LOWER(#{connection.quote(path)}))"
@@ -68,11 +70,11 @@ module Routable
       joins(:route).where(wheres.join(' OR '))
     end
 
-    # Temporary instrumentation of method calls for .where_full_path_in
-    def increment_full_path_in_counter
-      @counter ||= Gitlab::Metrics.counter(:routable_caseinsensitive_lookup_calls, 'Number of calls to Routable.where_full_path_in')
+    # Temporary instrumentation of method calls
+    def increment_counter(counter, description)
+      @counters[counter] ||= Gitlab::Metrics.counter(counter, description)
 
-      @counter.increment
+      @counters[counter].increment
     rescue
       # ignore the error
     end
-- 
cgit v1.2.1


From f246db4446466de58ba8618fb77bea63ca976551 Mon Sep 17 00:00:00 2001
From: Shinya Maeda <shinya@gitlab.com>
Date: Tue, 27 Aug 2019 10:51:28 +0700
Subject: Fix deployable nil exception on job controller

When deployable is nil, we gracefully take care of the case.
---
 app/serializers/deployment_entity.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/serializers/deployment_entity.rb b/app/serializers/deployment_entity.rb
index 8b967459173..94a827658f0 100644
--- a/app/serializers/deployment_entity.rb
+++ b/app/serializers/deployment_entity.rb
@@ -23,7 +23,7 @@ class DeploymentEntity < Grape::Entity
   expose :last?
   expose :deployed_by, as: :user, using: UserEntity
 
-  expose :deployable do |deployment, opts|
+  expose :deployable, if: -> (deployment) { deployment.deployable.present? } do |deployment, opts|
     deployment.deployable.yield_self do |deployable|
       if include_details?
         JobEntity.represent(deployable, opts)
-- 
cgit v1.2.1


From 5142bd738e7de37991ab8c43a3096ef232363110 Mon Sep 17 00:00:00 2001
From: James Fargher <proglottis@gmail.com>
Date: Fri, 30 Aug 2019 11:47:13 +0000
Subject: Install cert-manager v0.9.1

This does not support upgrading from earlier versions
---
 app/models/clusters/applications/cert_manager.rb | 33 +++++++++++++++++++++---
 1 file changed, 29 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/models/clusters/applications/cert_manager.rb b/app/models/clusters/applications/cert_manager.rb
index 6bd7473c8ff..27d4180e5b9 100644
--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -3,7 +3,8 @@
 module Clusters
   module Applications
     class CertManager < ApplicationRecord
-      VERSION = 'v0.5.2'.freeze
+      VERSION = 'v0.9.1'
+      CRD_VERSION = '0.9'
 
       self.table_name = 'clusters_applications_cert_managers'
 
@@ -21,16 +22,22 @@ module Clusters
       validates :email, presence: true
 
       def chart
-        'stable/cert-manager'
+        'certmanager/cert-manager'
+      end
+
+      def repository
+        'https://charts.jetstack.io'
       end
 
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: 'certmanager',
+          repository: repository,
           version: VERSION,
           rbac: cluster.platform_kubernetes_rbac?,
           chart: chart,
           files: files.merge(cluster_issuer_file),
+          preinstall: pre_install_script,
           postinstall: post_install_script
         )
       end
@@ -46,16 +53,30 @@ module Clusters
 
       private
 
+      def pre_install_script
+        [
+          apply_file("https://raw.githubusercontent.com/jetstack/cert-manager/release-#{CRD_VERSION}/deploy/manifests/00-crds.yaml"),
+          "kubectl label --overwrite namespace #{Gitlab::Kubernetes::Helm::NAMESPACE} certmanager.k8s.io/disable-validation=true"
+        ]
+      end
+
       def post_install_script
-        ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
+        [retry_command(apply_file('/data/helm/certmanager/config/cluster_issuer.yaml'))]
+      end
+
+      def retry_command(command)
+        "for i in $(seq 1 30); do #{command} && break; sleep 1s; echo \"Retrying ($i)...\"; done"
       end
 
       def post_delete_script
         [
           delete_private_key,
           delete_crd('certificates.certmanager.k8s.io'),
+          delete_crd('certificaterequests.certmanager.k8s.io'),
+          delete_crd('challenges.certmanager.k8s.io'),
           delete_crd('clusterissuers.certmanager.k8s.io'),
-          delete_crd('issuers.certmanager.k8s.io')
+          delete_crd('issuers.certmanager.k8s.io'),
+          delete_crd('orders.certmanager.k8s.io')
         ].compact
       end
 
@@ -75,6 +96,10 @@ module Clusters
         Gitlab::Kubernetes::KubectlCmd.delete("crd", definition, "--ignore-not-found")
       end
 
+      def apply_file(filename)
+        Gitlab::Kubernetes::KubectlCmd.apply_file(filename)
+      end
+
       def cluster_issuer_file
         {
           'cluster_issuer.yaml': cluster_issuer_yaml_content
-- 
cgit v1.2.1


From 05a37f69e13250abe291b39f5a5f8926a717b5e6 Mon Sep 17 00:00:00 2001
From: Jesse Hall <jessehall3@gmail.com>
Date: Fri, 30 Aug 2019 17:26:10 +0000
Subject: Fix for #56295, https://gitlab.com/gitlab-org/gitlab-ce/issues/56295.
 All avatars now visible in commit trailers.

---
 app/helpers/avatars_helper.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/helpers/avatars_helper.rb b/app/helpers/avatars_helper.rb
index 81ff359556d..b7f7e617825 100644
--- a/app/helpers/avatars_helper.rb
+++ b/app/helpers/avatars_helper.rb
@@ -56,13 +56,13 @@ module AvatarsHelper
     }))
   end
 
-  def user_avatar_url_for(options = {})
+  def user_avatar_url_for(only_path: true, **options)
     if options[:url]
       options[:url]
     elsif options[:user]
-      avatar_icon_for_user(options[:user], options[:size])
+      avatar_icon_for_user(options[:user], options[:size], only_path: only_path)
     else
-      avatar_icon_for_email(options[:user_email], options[:size])
+      avatar_icon_for_email(options[:user_email], options[:size], only_path: only_path)
     end
   end
 
@@ -75,6 +75,7 @@ module AvatarsHelper
     has_tooltip = options[:has_tooltip].nil? ? true : options[:has_tooltip]
     data_attributes = options[:data] || {}
     css_class = %W[avatar s#{avatar_size}].push(*options[:css_class])
+    alt_text = user_name ? "#{user_name}'s avatar" : "default avatar"
 
     if has_tooltip
       css_class.push('has-tooltip')
@@ -88,7 +89,7 @@ module AvatarsHelper
     end
 
     image_options = {
-      alt:   "#{user_name}'s avatar",
+      alt:   alt_text,
       src:   avatar_url,
       data:  data_attributes,
       class: css_class,
-- 
cgit v1.2.1


From d93b985df07ccf07541efef709edb8467e0f2955 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Thu, 29 Aug 2019 16:10:49 -0700
Subject: Use self.ignored_columns += instead of =

This is to accomodate prepended modules.
---
 app/models/application_setting.rb  | 16 ++++++++--------
 app/models/ci/build.rb             | 16 ++++++++--------
 app/models/deploy_key.rb           |  2 +-
 app/models/note.rb                 |  2 +-
 app/models/notification_setting.rb |  3 +--
 app/models/user.rb                 | 10 +++++-----
 6 files changed, 24 insertions(+), 25 deletions(-)

(limited to 'app')

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 8ff4cba2adb..46259abf1b6 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -24,14 +24,14 @@ class ApplicationSetting < ApplicationRecord
   serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
 
-  self.ignored_columns = %i[
-                         clientside_sentry_dsn
-                         clientside_sentry_enabled
-                         koding_enabled
-                         koding_url
-                         sentry_dsn
-                         sentry_enabled
-                         ]
+  self.ignored_columns += %i[
+    clientside_sentry_dsn
+    clientside_sentry_enabled
+    koding_enabled
+    koding_url
+    sentry_dsn
+    sentry_enabled
+  ]
 
   cache_markdown_field :sign_in_text
   cache_markdown_field :help_page_text
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 6ff89666e53..79a2d5e6e9d 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -17,14 +17,14 @@ module Ci
 
     BuildArchivedError = Class.new(StandardError)
 
-    self.ignored_columns = %i[
-                           artifacts_file
-                           artifacts_file_store
-                           artifacts_metadata
-                           artifacts_metadata_store
-                           artifacts_size
-                           commands
-                           ]
+    self.ignored_columns += %i[
+      artifacts_file
+      artifacts_file_store
+      artifacts_metadata
+      artifacts_metadata_store
+      artifacts_size
+      commands
+    ]
 
     belongs_to :project, inverse_of: :builds
     belongs_to :runner
diff --git a/app/models/deploy_key.rb b/app/models/deploy_key.rb
index 06f8f31b8cc..22ab326a0ab 100644
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -10,7 +10,7 @@ class DeployKey < Key
   scope :are_public,  -> { where(public: true) }
   scope :with_projects, -> { includes(deploy_keys_projects: { project: [:route, :namespace] }) }
 
-  self.ignored_columns = %i[can_push]
+  self.ignored_columns += %i[can_push]
 
   accepts_nested_attributes_for :deploy_keys_projects
 
diff --git a/app/models/note.rb b/app/models/note.rb
index c6ef91a27ad..2a0063c76b0 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -33,7 +33,7 @@ class Note < ApplicationRecord
     end
   end
 
-  self.ignored_columns = %i[original_discussion_id]
+  self.ignored_columns += %i[original_discussion_id]
 
   cache_markdown_field :note, pipeline: :note, issuable_state_filter_enabled: true
 
diff --git a/app/models/notification_setting.rb b/app/models/notification_setting.rb
index 9882f1dc8b3..637c017a342 100644
--- a/app/models/notification_setting.rb
+++ b/app/models/notification_setting.rb
@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
 class NotificationSetting < ApplicationRecord
-
-  self.ignored_columns = %i[events]
+  self.ignored_columns += %i[events]
 
   enum level: { global: 3, watch: 2, participating: 1, mention: 4, disabled: 0, custom: 5 }
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 79c89461806..cb222b87d88 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -23,11 +23,11 @@ class User < ApplicationRecord
 
   DEFAULT_NOTIFICATION_LEVEL = :participating
 
-  self.ignored_columns = %i[
-                         authentication_token
-                         email_provider
-                         external_email
-                         ]
+  self.ignored_columns += %i[
+    authentication_token
+    email_provider
+    external_email
+  ]
 
   add_authentication_token_field :incoming_email_token, token_generator: -> { SecureRandom.hex.to_i(16).to_s(36) }
   add_authentication_token_field :feed_token
-- 
cgit v1.2.1


From b943baa42a5365bd6377022223f66db9af58da33 Mon Sep 17 00:00:00 2001
From: Manoj MJ <mmj@gitlab.com>
Date: Fri, 30 Aug 2019 21:30:51 +0000
Subject: Limit access request email to 10 most recently active
 owners/maintainers

This change limits the number of emails
for new access requests notifications to
10 most recently active owners/maintainers
---
 app/models/group.rb                  |  6 ++++++
 app/models/project.rb                |  6 ++++++
 app/services/notification_service.rb | 15 ++++++++++-----
 3 files changed, 22 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/models/group.rb b/app/models/group.rb
index 61a4802a6ee..abe93cf3c84 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -15,6 +15,8 @@ class Group < Namespace
   include WithUploads
   include Gitlab::Utils::StrongMemoize
 
+  ACCESS_REQUEST_APPROVERS_TO_BE_NOTIFIED_LIMIT = 10
+
   has_many :group_members, -> { where(requested_at: nil) }, dependent: :destroy, as: :source # rubocop:disable Cop/ActiveRecordDependent
   alias_method :members, :group_members
   has_many :users, through: :group_members
@@ -429,6 +431,10 @@ class Group < Namespace
     super || ::Gitlab::Access::OWNER_SUBGROUP_ACCESS
   end
 
+  def access_request_approvers_to_be_notified
+    members.owners.order_recent_sign_in.limit(ACCESS_REQUEST_APPROVERS_TO_BE_NOTIFIED_LIMIT)
+  end
+
   private
 
   def update_two_factor_requirement
diff --git a/app/models/project.rb b/app/models/project.rb
index 8f568a5b840..a6d203f1e72 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -55,6 +55,8 @@ class Project < ApplicationRecord
   VALID_MIRROR_PORTS = [22, 80, 443].freeze
   VALID_MIRROR_PROTOCOLS = %w(http https ssh git).freeze
 
+  ACCESS_REQUEST_APPROVERS_TO_BE_NOTIFIED_LIMIT = 10
+
   SORTING_PREFERENCE_FIELD = :projects_sort
 
   cache_markdown_field :description, pipeline: :description
@@ -2193,6 +2195,10 @@ class Project < ApplicationRecord
     pool_repository.present?
   end
 
+  def access_request_approvers_to_be_notified
+    members.maintainers.order_recent_sign_in.limit(ACCESS_REQUEST_APPROVERS_TO_BE_NOTIFIED_LIMIT)
+  end
+
   private
 
   def merge_requests_allowing_collaboration(source_branch = nil)
diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb
index 83710ffce2f..5b8c1288854 100644
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -293,11 +293,16 @@ class NotificationService
   def new_access_request(member)
     return true unless member.notifiable?(:subscription)
 
-    recipients = member.source.members.active_without_invites_and_requests.owners_and_maintainers
-    if fallback_to_group_owners_maintainers?(recipients, member)
-      recipients = member.source.group.members.active_without_invites_and_requests.owners_and_maintainers
+    source = member.source
+
+    recipients = source.access_request_approvers_to_be_notified
+
+    if fallback_to_group_access_request_approvers?(recipients, source)
+      recipients = source.group.access_request_approvers_to_be_notified
     end
 
+    return true if recipients.empty?
+
     recipients.each { |recipient| deliver_access_request_email(recipient, member) }
   end
 
@@ -611,9 +616,9 @@ class NotificationService
     mailer.member_access_requested_email(member.real_source_type, member.id, recipient.user.id).deliver_later
   end
 
-  def fallback_to_group_owners_maintainers?(recipients, member)
+  def fallback_to_group_access_request_approvers?(recipients, source)
     return false if recipients.present?
 
-    member.source.respond_to?(:group) && member.source.group
+    source.respond_to?(:group) && source.group
   end
 end
-- 
cgit v1.2.1


From 288e709cb729124b81344912db0a0f8ce9735a7d Mon Sep 17 00:00:00 2001
From: Filipa Lacerda <filipa@gitlab.com>
Date: Fri, 30 Aug 2019 21:51:30 +0000
Subject: Creates Feature Flag for job log

Updates frontend code and specs to allow for the new
feature flag
---
 app/assets/javascripts/jobs/components/job_app.vue      |  6 ++++--
 app/assets/javascripts/jobs/components/job_log_json.vue | 10 ++++++++++
 app/controllers/projects/jobs_controller.rb             | 15 +++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 app/assets/javascripts/jobs/components/job_log_json.vue

(limited to 'app')

diff --git a/app/assets/javascripts/jobs/components/job_app.vue b/app/assets/javascripts/jobs/components/job_app.vue
index 8da87f424c4..ad1072366f3 100644
--- a/app/assets/javascripts/jobs/components/job_app.vue
+++ b/app/assets/javascripts/jobs/components/job_app.vue
@@ -12,7 +12,6 @@ import createStore from '../store';
 import EmptyState from './empty_state.vue';
 import EnvironmentsBlock from './environments_block.vue';
 import ErasedBlock from './erased_block.vue';
-import Log from './job_log.vue';
 import LogTopBar from './job_log_controllers.vue';
 import StuckBlock from './stuck_block.vue';
 import UnmetPrerequisitesBlock from './unmet_prerequisites_block.vue';
@@ -30,7 +29,10 @@ export default {
     EnvironmentsBlock,
     ErasedBlock,
     Icon,
-    Log,
+    Log: () =>
+      gon && gon.features && gon.features.jobLogJson
+        ? import('./job_log_json.vue')
+        : import('./job_log.vue'),
     LogTopBar,
     StuckBlock,
     UnmetPrerequisitesBlock,
diff --git a/app/assets/javascripts/jobs/components/job_log_json.vue b/app/assets/javascripts/jobs/components/job_log_json.vue
new file mode 100644
index 00000000000..2198b20eb8f
--- /dev/null
+++ b/app/assets/javascripts/jobs/components/job_log_json.vue
@@ -0,0 +1,10 @@
+<script>
+export default {
+  name: 'JobLogJSON',
+};
+</script>
+<template>
+  <pre>
+    {{ __('This feature is in development. Please disable the `job_log_json` feature flag') }}
+  </pre>
+</template>
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index adbc0159358..06d7579aff4 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -11,6 +11,9 @@ class Projects::JobsController < Projects::ApplicationController
   before_action :authorize_erase_build!, only: [:erase]
   before_action :authorize_use_build_terminal!, only: [:terminal, :terminal_websocket_authorize]
   before_action :verify_api_request!, only: :terminal_websocket_authorize
+  before_action only: [:trace] do
+    push_frontend_feature_flag(:job_log_json)
+  end
 
   layout 'project'
 
@@ -64,6 +67,14 @@ class Projects::JobsController < Projects::ApplicationController
   # rubocop: enable CodeReuse/ActiveRecord
 
   def trace
+    if Feature.enabled?(:job_log_json, @project)
+      json_trace
+    else
+      html_trace
+    end
+  end
+
+  def html_trace
     build.trace.read do |stream|
       respond_to do |format|
         format.json do
@@ -84,6 +95,10 @@ class Projects::JobsController < Projects::ApplicationController
     end
   end
 
+  def json_trace
+    # will be implemented with https://gitlab.com/gitlab-org/gitlab-ce/issues/66454
+  end
+
   def retry
     return respond_422 unless @build.retryable?
 
-- 
cgit v1.2.1