Merge branch 'ce-to-ee-2018-10-22' into 'master'

CE upstream - 2018-10-22 13:22 UTC

Closes gitlab-ce#52690, #7996, gitlab-ce#52559, gitlab-ce#52728, and gitlab-qa#142

See merge request gitlab-org/gitlab-ee!8029

.gitlab/merge_request_templates/Documentation.md

@@ -19,6 +19,7 @@ Closes
 - [ ] [Apply the correct labels and milestone](https://docs.gitlab.com/ee/development/documentation/workflow.html#2-developer-s-role-in-the-documentation-process)
 - [ ] Crosslink the document from the higher-level index
 - [ ] Crosslink the document from other subject-related docs
+- [ ] Feature moving tiers? Make sure the change is also reflected in [`features.yml`](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/features.yml)
 - [ ] Correctly apply the product [badges](https://docs.gitlab.com/ee/development/documentation/styleguide.html#product-badges) and [tiers](https://docs.gitlab.com/ee/development/documentation/styleguide.html#gitlab-versions-and-tiers)
 - [ ] [Port the MR to EE (or backport from CE)](https://docs.gitlab.com/ee/development/documentation/index.html#cherry-picking-from-ce-to-ee): _always recommended, required when the `ee-compat-check` job fails_
 

CONTRIBUTING.md

@@ -72,7 +72,7 @@ This [documentation](doc/development/contributing/index.md#security-vulnerabilit
 
 ## Code of Conduct
 
-This [documentation](doc/development/contributing/index.md#code-of-conduct) has been moved.
+This [documentation](https://about.gitlab.com/contributing/code-of-conduct/) has been moved.
 
 ## Closing policy for issues and merge requests
 

app/assets/javascripts/compare_autocomplete.js

@@ -40,7 +40,7 @@ export default function initCompareAutocomplete(limitTo = null, clickHandler = (
       },
       selectable: true,
       filterable: true,
-      filterRemote: true,
+      filterRemote: !!$dropdown.data('refsUrl'),
       fieldName: $dropdown.data('fieldName'),
       filterInput: 'input[type="search"]',
       renderRow: function(ref) {

app/assets/javascripts/ide/components/new_dropdown/upload.vue

@@ -25,14 +25,32 @@ export default {
     },
   },
   methods: {
-    createFile(target, file, isText) {
+    isText(content, fileType) {
+      const knownBinaryFileTypes = ['image/'];
+      const knownTextFileTypes = ['text/'];
+      const isKnownBinaryFileType = knownBinaryFileTypes.find(type => fileType.includes(type));
+      const isKnownTextFileType = knownTextFileTypes.find(type => fileType.includes(type));
+      const asciiRegex = /^[ -~\t\n\r]+$/; // tests whether a string contains ascii characters only (ranges from space to tilde, tabs and new lines)
+
+      if (isKnownBinaryFileType) {
+        return false;
+      }
+
+      if (isKnownTextFileType) {
+        return true;
+      }
+
+      // if it's not a known file type, determine the type by evaluating the file contents
+      return asciiRegex.test(content);
+    },
+    createFile(target, file) {
       const { name } = file;
       let { result } = target;
+      const encodedContent = result.split('base64,')[1];
+      const rawContent = encodedContent ? atob(encodedContent) : '';
+      const isText = this.isText(rawContent, file.type);
 
-      if (!isText) {
-        // eslint-disable-next-line prefer-destructuring
-        result = result.split('base64,')[1];
-      }
+      result = isText ? rawContent : encodedContent;
 
       this.$emit('create', {
         name: `${this.path ? `${this.path}/` : ''}${name}`,
@@ -43,15 +61,9 @@ export default {
     },
     readFile(file) {
       const reader = new FileReader();
-      const isText = file.type.match(/text.*/) !== null;
 
-      reader.addEventListener('load', e => this.createFile(e.target, file, isText), { once: true });
-
-      if (isText) {
-        reader.readAsText(file);
-      } else {
-        reader.readAsDataURL(file);
-      }
+      reader.addEventListener('load', e => this.createFile(e.target, file), { once: true });
+      reader.readAsDataURL(file);
     },
     openFile() {
       Array.from(this.$refs.fileUpload.files).forEach(file => this.readFile(file));

app/controllers/admin/applications_controller.rb

@@ -6,11 +6,9 @@ class Admin::ApplicationsController < Admin::ApplicationController
   before_action :set_application, only: [:show, :edit, :update, :destroy]
   before_action :load_scopes, only: [:new, :create, :edit, :update]
 
-  # rubocop: disable CodeReuse/ActiveRecord
   def index
-    @applications = Doorkeeper::Application.where("owner_id IS NULL")
+    @applications = ApplicationsFinder.new.execute
   end
-  # rubocop: enable CodeReuse/ActiveRecord
 
   def show
   end
@@ -49,11 +47,9 @@ class Admin::ApplicationsController < Admin::ApplicationController
 
   private
 
-  # rubocop: disable CodeReuse/ActiveRecord
   def set_application
-    @application = Doorkeeper::Application.where("owner_id IS NULL").find(params[:id])
+    @application = ApplicationsFinder.new(id: params[:id]).execute
   end
-  # rubocop: enable CodeReuse/ActiveRecord
 
   # Only allow a trusted parameter "white list" through.
   def application_params

app/controllers/projects/blob_controller.rb

@@ -9,7 +9,7 @@ class Projects::BlobController < Projects::ApplicationController
   include ActionView::Helpers::SanitizeHelper
   prepend_before_action :authenticate_user!, only: [:edit]
 
-  before_action :set_request_format, only: [:edit, :show, :update]
+  before_action :set_request_format, only: [:edit, :show, :update, :destroy]
   before_action :require_non_empty_project, except: [:new, :create]
   before_action :authorize_download_code!
 

app/finders/applications_finder.rb

+# frozen_string_literal: true
+
+class ApplicationsFinder
+  attr_reader :params
+
+  def initialize(params = {})
+    @params = params
+  end
+
+  def execute
+    applications = Doorkeeper::Application.where(owner_id: nil) # rubocop: disable CodeReuse/ActiveRecord
+    by_id(applications)
+  end
+
+  private
+
+  def by_id(applications)
+    return applications unless params[:id]
+
+    Doorkeeper::Application.find_by(id: params[:id]) # rubocop: disable CodeReuse/ActiveRecord
+  end
+end

app/helpers/time_helper.rb

@@ -21,17 +21,15 @@ module TimeHelper
     "#{from.to_s(:short)} - #{to.to_s(:short)}"
   end
 
-  def duration_in_numbers(duration_in_seconds, allow_overflow = false)
-    if allow_overflow
-      seconds = duration_in_seconds % 1.minute
-      minutes = (duration_in_seconds / 1.minute) % (1.hour / 1.minute)
-      hours = duration_in_seconds / 1.hour
+  def duration_in_numbers(duration_in_seconds)
+    seconds = duration_in_seconds % 1.minute
+    minutes = (duration_in_seconds / 1.minute) % (1.hour / 1.minute)
+    hours = duration_in_seconds / 1.hour
 
-      "%02d:%02d:%02d" % [hours, minutes, seconds]
+    if hours == 0
+      "%02d:%02d" % [minutes, seconds]
     else
-      time_format = duration_in_seconds < 1.hour ? "%M:%S" : "%H:%M:%S"
-
-      Time.at(duration_in_seconds).utc.strftime(time_format)
+      "%02d:%02d:%02d" % [hours, minutes, seconds]
     end
   end
 end

app/models/ci/job_artifact.rb

@@ -29,11 +29,15 @@ module Ci
       metadata: :gzip,
       trace: :raw,
       junit: :gzip,
-      codequality: :gzip,
-      sast: :gzip,
-      dependency_scanning: :gzip,
-      container_scanning: :gzip,
-      dast: :gzip
+
+      # All these file formats use `raw` as we need to store them uncompressed
+      # for Frontend to fetch the files and do analysis
+      # When they will be only used by backend, they can be `gzipped`.
+      codequality: :raw,
+      sast: :raw,
+      dependency_scanning: :raw,
+      container_scanning: :raw,
+      dast: :raw
     }.freeze
 
     belongs_to :project
@@ -103,7 +107,8 @@ module Ci
     }
 
     FILE_FORMAT_ADAPTERS = {
-      gzip: Gitlab::Ci::Build::Artifacts::GzipFileAdapter
+      gzip: Gitlab::Ci::Build::Artifacts::Adapters::GzipStream,
+      raw: Gitlab::Ci::Build::Artifacts::Adapters::RawStream
     }.freeze
 
     def valid_file_format?

app/models/project_services/microsoft_teams_service.rb

@@ -17,7 +17,7 @@ class MicrosoftTeamsService < ChatNotificationService
     'This service sends notifications about projects events to Microsoft Teams channels.<br />
     To set up this service:
     <ol>
-      <li><a href="https://msdn.microsoft.com/en-us/microsoft-teams/connectors">Getting started with 365 Office Connectors For Microsoft Teams</a>.</li>
+      <li><a href="https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/connectors/connectors-using#setting-up-a-custom-incoming-webhook">Setup a custom Incoming Webhook using Office 365 Connectors For Microsoft Teams</a>.</li>
       <li>Paste the <strong>Webhook URL</strong> into the field below.</li>
       <li>Select events below to enable notifications.</li>
     </ol>'

app/presenters/ci/build_runner_presenter.rb

@@ -30,12 +30,12 @@ module Ci
     def create_reports(reports, expire_in:)
       return unless reports&.any?
 
-      reports.map do |k, v|
+      reports.map do |report_type, report_paths|
         {
-          artifact_type: k.to_sym,
-          artifact_format: :gzip,
-          name: ::Ci::JobArtifact::DEFAULT_FILE_NAMES[k.to_sym],
-          paths: v,
+          artifact_type: report_type.to_sym,
+          artifact_format: ::Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS.fetch(report_type.to_sym),
+          name: ::Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(report_type.to_sym),
+          paths: report_paths,
           when: 'always',
           expire_in: expire_in
         }

app/views/projects/ci/builds/_build.html.haml

@@ -108,7 +108,7 @@
             .btn.btn-default.has-tooltip{ disabled: true,
               title: job.scheduled_at }
               = sprite_icon('planning')
-              = duration_in_numbers(job.execute_in, true)
+              = duration_in_numbers(job.execute_in)
             - confirmation_message = s_("DelayedJobs|Are you sure you want to run %{job_name} immediately? This job will run automatically after it's timer finishes.") % { job_name: job.name }
             = link_to play_project_job_path(job.project, job, return_to: request.original_url),
               method: :post,

changelogs/unreleased/52559-applications-api-get-delete.yml

+---
+title: Add Applications API endpoints for listing and deleting entries.
+merge_request: 22296
+author: Jean-Baptiste Vasseur
+type: added

changelogs/unreleased/drop-allow_overflow-option-duration_in_numbers.yml

+---
+title: Drop `allow_overflow` option in `TimeHelper.duration_in_numbers`
+merge_request: 52284
+author:
+type: changed

changelogs/unreleased/fix-base64-encoded-file-uploads.yml

+---
+title: Remove base64 encoding from files that contain plain text
+merge_request: 22425
+author:
+type: fixed

changelogs/unreleased/frozen-string-enable-lib-gitlab.yml

+---
+title: Enable frozen string for lib/gitlab/*.rb
+merge_request:
+author: gfyoung
+type: performance

changelogs/unreleased/mr-creation-source-project-filtering.yml

+---
+title: Fixed source project not filtering in merge request creation compare form
+merge_request:
+author:
+type: fixed

changelogs/unreleased/rails5-fix-delete-blob.yml

+---
+title: 'Rails5: fix delete blob'
+merge_request: 22456
+author: Jasper Maes
+type: other

changelogs/unreleased/use-raw-file-format.yml

+---
+title: Make all legacy security reports to use raw format
+merge_request:
+author:
+type: changed

db/fixtures/development/04_project.rb

@@ -7,8 +7,8 @@ Sidekiq::Testing.inline! do
       'https://gitlab.com/gitlab-org/gitlab-shell.git',
       'https://gitlab.com/gnuwget/wget2.git',
       'https://gitlab.com/Commit451/LabCoat.git',
-      'https://github.com/documentcloud/underscore.git',
-      'https://github.com/twitter/flight.git',
+      'https://github.com/jashkenas/underscore.git',
+      'https://github.com/flightjs/flight.git',
       'https://github.com/twitter/typeahead.js.git',
       'https://github.com/h5bp/html5-boilerplate.git',
       'https://github.com/google/material-design-lite.git',
@@ -20,18 +20,18 @@ Sidekiq::Testing.inline! do
       'https://github.com/airbnb/javascript.git',
       'https://github.com/tessalt/echo-chamber-js.git',
       'https://github.com/atom/atom.git',
-      'https://github.com/mattermost/platform.git',
+      'https://github.com/mattermost/mattermost-server.git',
       'https://github.com/purifycss/purifycss.git',
       'https://github.com/facebook/nuclide.git',
       'https://github.com/wbkd/awesome-d3.git',
       'https://github.com/kilimchoi/engineering-blogs.git',
       'https://github.com/gilbarbara/logos.git',
-      'https://github.com/gaearon/redux.git',
+      'https://github.com/reduxjs/redux.git',
       'https://github.com/awslabs/s2n.git',
       'https://github.com/arkency/reactjs_koans.git',
       'https://github.com/twbs/bootstrap.git',
       'https://github.com/chjj/ttystudio.git',
-      'https://github.com/DrBoolean/mostly-adequate-guide.git',
+      'https://github.com/MostlyAdequate/mostly-adequate-guide.git',
       'https://github.com/octocat/Spoon-Knife.git',
       'https://github.com/opencontainers/runc.git',
       'https://github.com/googlesamples/android-topeka.git'

db/fixtures/development/14_pipelines.rb

 require './spec/support/sidekiq'
 
 class Gitlab::Seeder::Pipelines
-  STAGES = %w[build test deploy notify]
+  STAGES = %w[build test security deploy notify]
   BUILDS = [
     # build stage
     { name: 'build:linux', stage: 'build', status: :success,
@@ -31,6 +31,16 @@ class Gitlab::Seeder::Pipelines
     { name: 'spinach:osx', stage: 'test', status: :failed, allow_failure: true,
       queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
 
+    # security stage
+    { name: 'dast', stage: 'security', status: :success,
+      queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
+    { name: 'sast', stage: 'security', status: :success,
+      queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
+    { name: 'dependency_scanning', stage: 'security', status: :success,
+      queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
+    { name: 'container_scanning', stage: 'security', status: :success,
+      queued_at: 8.hour.ago, started_at: 8.hour.ago, finished_at: 7.hour.ago },
+
     # deploy stage
     { name: 'staging', stage: 'deploy', environment: 'staging', status_event: :success,
       options: { environment: { action: 'start', on_stop: 'stop staging' } },
@@ -115,6 +125,11 @@ class Gitlab::Seeder::Pipelines
 
       setup_artifacts(build)
       setup_test_reports(build)
+      if build.ref == build.project.default_branch
+        setup_security_reports_file(build)
+      else
+        setup_security_reports_legacy_archive(build)
+      end
       setup_build_log(build)
 
       build.project.environments.
@@ -150,6 +165,55 @@ class Gitlab::Seeder::Pipelines
     end
   end
 
+  def setup_security_reports_file(build)
+    return unless build.stage == "security"
+
+    # we have two sources: master and feature-branch
+    branch_name = build.ref == build.project.default_branch ?
+      'master' : 'feature-branch'
+
+    artifacts_cache_file(security_reports_path(branch_name, build.name)) do |file|
+      build.job_artifacts.build(
+        project: build.project,
+        file_type: build.name,
+        file_format: :raw,
+        file: file)
+    end
+  end
+
+  def setup_security_reports_legacy_archive(build)
+    return unless build.stage == "security"
+
+    # we have two sources: master and feature-branch
+    branch_name = build.ref == build.project.default_branch ?
+      'master' : 'feature-branch'
+
+    artifacts_cache_file(security_reports_archive_path(branch_name)) do |file|
+      build.job_artifacts.build(
+        project: build.project,
+        file_type: :archive,
+        file_format: :zip,
+        file: file)
+    end
+
+    # assign dummy metadata
+    artifacts_cache_file(artifacts_metadata_path) do |file|
+      build.job_artifacts.build(
+        project: build.project,
+        file_type: :metadata,
+        file_format: :gzip,
+        file: file)
+    end
+
+    build.options = {
+      artifacts: {
+        paths: [
+          Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(build.name.to_sym)
+        ]
+      }
+    }
+  end
+
   def setup_build_log(build)
     if %w(running success failed).include?(build.status)
       build.trace.set(FFaker::Lorem.paragraphs(6).join("\n\n"))
@@ -201,6 +265,15 @@ class Gitlab::Seeder::Pipelines
     Rails.root + 'spec/fixtures/junit/junit.xml.gz'
   end
 
+  def security_reports_archive_path(branch)
+    Rails.root.join('spec', 'fixtures', 'security-reports', branch + '.zip')
+  end
+
+  def security_reports_path(branch, name)
+    file_name = Ci::JobArtifact::DEFAULT_FILE_NAMES.fetch(name.to_sym)
+    Rails.root.join('spec', 'fixtures', 'security-reports', branch, file_name)
+  end
+
   def artifacts_cache_file(file_path)
     file = Tempfile.new("artifacts")
     file.close

doc/api/applications.md

@@ -4,12 +4,12 @@
 
 [ce-8160]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8160
 
+Only admin user can use the Applications API.
+
 ## Create a application
 
 Create a application by posting a JSON payload.
 
-User must be admin to do that.
-
 Returns `200` if the request succeeds.
 
 ```
@@ -30,8 +30,55 @@ Example response:
 
 ```json
 {
+    "id":1,
     "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
+    "application_name": "MyApplication",
     "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
     "callback_url": "http://redirect.uri"
 }
 ```
+
+## List all applications
+
+List all registered applications.
+
+```
+GET /applications
+```
+
+```bash
+curl --request GET --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/applications
+```
+
+Example response:
+
+```json
+[
+    {
+        "id":1,
+        "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
+        "application_name": "MyApplication",
+        "callback_url": "http://redirect.uri"
+    }
+]
+```
+
+> Note: the `secret` value will not be exposed by this API.
+
+## Delete an application
+
+Delete a specific application.
+
+Returns `204` if the request succeeds.
+
+```
+DELETE /applications/:id
+```
+
+Parameters:
+
+- `id` (required) - The id of the application (not the application_id)
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/applications/:id
+```

doc/api/repositories.md

@@ -14,7 +14,7 @@ GET /projects/:id/repository/tree
 Parameters:
 
 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
-- `path` (optional) - The path inside repository. Used to get contend of subdirectories
+- `path` (optional) - The path inside repository. Used to get content of subdirectories
 - `ref` (optional) - The name of a repository branch or tag or if not given the default branch
 - `recursive` (optional) - Boolean value used to get a recursive tree (false by default)
 

doc/ci/examples/test-scala-application.md

@@ -25,7 +25,7 @@ before_script:
   - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 642AC823
   - apt-get update -y
   - apt-get install sbt -y
-  - sbt sbt-version
+  - sbt sbtVersion
 
 test:
   stage: test

doc/development/contributing/index.md

@@ -3,6 +3,8 @@
 Thank you for your interest in contributing to GitLab. This guide details how
 to contribute to GitLab in a way that is easy for everyone.
 
+We want to create a welcoming environment for everyone who is interested in contributing. Please visit our [Code of Conduct page](https://about.gitlab.com/contributing/code-of-conduct) to learn more about our committment to an open and welcoming environment.
+
 For a first-time step-by-step guide to the contribution process, please see
 ["Contributing to GitLab"](https://about.gitlab.com/contributing/).
 
@@ -28,80 +30,6 @@ Please report suspected security vulnerabilities in private to
 Please do **NOT** create publicly viewable issues for suspected security
 vulnerabilities.
 
-## Code of conduct
-
-### Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-### Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-### Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-### Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-### Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at conduct@gitlab.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-### Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
 ## Closing policy for issues and merge requests
 
 GitLab is a popular open source project and the capacity to deal with issues

doc/development/testing_guide/best_practices.md

@@ -472,6 +472,37 @@ GitLab uses [factory_bot] as a test fixture replacement.
 
 All fixtures should be be placed under `spec/fixtures/`.
 
+### Repositories
+
+Testing some functionality, e.g., merging a merge request, requires a git
+repository with a certain state to be present in the test environment. GitLab
+maintains the [gitlab-test](https://gitlab.com/gitlab-org/gitlab-test)
+repository for certain common cases - you can ensure a copy of the repository is
+used with the `:repository` trait for project factories:
+
+```ruby
+let(:project) { create(:project, :repository) }
+```
+
+Where you can, consider using the `:custom_repo` trait instead of `:repository`.
+This allows you to specify exactly what files will appear in the `master` branch
+of the project's repository. For example:
+
+```ruby
+let(:project) do
+  create(
+    :project, :custom_repo,
+    files: {
+      'README.md'       => 'Content here',
+      'foo/bar/baz.txt' => 'More content here'
+    }
+  )
+end
+```
+
+This will create a repository containing two files, with default permissions and
+the specified content.
+
 ### Config
 
 RSpec config files are files that change the RSpec config (i.e.

lib/api/applications.rb

@@ -24,6 +24,22 @@ module API
           render_validation_error! application
         end
       end
+
+      desc 'Get applications' do
+        success Entities::Application
+      end
+      get do
+        applications = ApplicationsFinder.new.execute
+        present applications, with: Entities::Application
+      end
+
+      desc 'Delete an application'
+      delete ':id' do
+        application = ApplicationsFinder.new(params).execute
+        application.destroy
+
+        status 204
+      end
     end
   end
 end

lib/api/entities.rb

@@ -1440,7 +1440,9 @@ module API
     end
 
     class Application < Grape::Entity
+      expose :id
       expose :uid, as: :application_id
+      expose :name, as: :application_name
       expose :redirect_uri, as: :callback_url
     end
 

lib/backup/manager.rb

@@ -164,7 +164,7 @@ module Backup
 
     def tar_version
       tar_version, _ = Gitlab::Popen.popen(%w(tar --version))
-      tar_version.force_encoding('locale').split("\n").first
+      tar_version.dup.force_encoding('locale').split("\n").first
     end
 
     def skipped?(item)

lib/gitlab/access.rb

+# frozen_string_literal: true
+
 # Gitlab::Access module
 #
 # Define allowed roles that can be used

lib/gitlab/action_rate_limiter.rb

+# frozen_string_literal: true
+
 module Gitlab
   # This class implements a simple rate limiter that can be used to throttle
   # certain actions. Unlike Rack Attack and Rack::Throttle, which operate at

lib/gitlab/allowable.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Allowable
     def can?(*args)

lib/gitlab/app_logger.rb

+# frozen_string_literal: true
+
 module Gitlab
   class AppLogger < Gitlab::Logger
     def self.file_name_noext

lib/gitlab/asciidoc.rb

+# frozen_string_literal: true
+
 require 'asciidoctor'
 require 'asciidoctor/converter/html5'
 require "asciidoctor-plantuml"

lib/gitlab/auth.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Auth
     MissingPersonalAccessTokenError = Class.new(StandardError)

lib/gitlab/background_migration.rb

+# frozen_string_literal: true
+
 module Gitlab
   module BackgroundMigration
     def self.queue

lib/gitlab/base_doorkeeper_controller.rb

+# frozen_string_literal: true
+
 # This is a base controller for doorkeeper.
 # It adds the `can?` helper used in the views.
 module Gitlab

lib/gitlab/blame.rb

+# frozen_string_literal: true
+
 module Gitlab
   class Blame
     attr_accessor :blob, :commit

lib/gitlab/blob_helper.rb

+# frozen_string_literal: true
+
 # This has been extracted from https://github.com/github/linguist/blob/master/lib/linguist/blob_helper.rb
 module Gitlab
   module BlobHelper

lib/gitlab/build_access.rb

+# frozen_string_literal: true
+
 module Gitlab
   class BuildAccess < UserAccess
     attr_accessor :user, :project

lib/gitlab/changes_list.rb

+# frozen_string_literal: true
+
 module Gitlab
   class ChangesList
     include Enumerable

lib/gitlab/chat_name_token.rb

+# frozen_string_literal: true
+
 require 'json'
 
 module Gitlab

lib/gitlab/ci/build/artifacts/adapters/gzip_stream.rb

+module Gitlab
+  module Ci
+    module Build
+      module Artifacts
+        module Adapters
+          class GzipStream
+            attr_reader :stream
+
+            InvalidStreamError = Class.new(StandardError)
+
+            def initialize(stream)
+              raise InvalidStreamError, "Stream is required" unless stream
+
+              @stream = stream
+            end
+
+            def each_blob
+              stream.seek(0)
+
+              until stream.eof?
+                gzip(stream) do |gz|
+                  yield gz.read, gz.orig_name
+                  unused = gz.unused&.length.to_i
+                  # pos has already reached to EOF at the moment
+                  # We rewind the pos to the top of unused files
+                  # to read next gzip stream, to support multistream archives
+                  # https://golang.org/src/compress/gzip/gunzip.go#L117
+                  stream.seek(-unused, IO::SEEK_CUR)
+                end
+              end
+            end
+
+            private
+
+            def gzip(stream, &block)
+              gz = Zlib::GzipReader.new(stream)
+              yield(gz)
+            rescue Zlib::Error => e
+              raise InvalidStreamError, e.message
+            ensure
+              gz&.finish
+            end
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/ci/build/artifacts/adapters/raw_stream.rb

+module Gitlab
+  module Ci
+    module Build
+      module Artifacts
+        module Adapters
+          class RawStream
+            attr_reader :stream
+
+            InvalidStreamError = Class.new(StandardError)
+
+            def initialize(stream)
+              raise InvalidStreamError, "Stream is required" unless stream
+
+              @stream = stream
+            end
+
+            def each_blob
+              stream.seek(0)
+
+              yield(stream.read, 'raw') unless stream.eof?
+            end
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/ci/build/artifacts/gzip_file_adapter.rb

-module Gitlab
-  module Ci
-    module Build
-      module Artifacts
-        class GzipFileAdapter
-          attr_reader :stream
-
-          InvalidStreamError = Class.new(StandardError)
-
-          def initialize(stream)
-            raise InvalidStreamError, "Stream is required" unless stream
-
-            @stream = stream
-          end
-
-          def each_blob
-            stream.seek(0)
-
-            until stream.eof?
-              gzip(stream) do |gz|
-                yield gz.read, gz.orig_name
-                unused = gz.unused&.length.to_i
-                # pos has already reached to EOF at the moment
-                # We rewind the pos to the top of unused files
-                # to read next gzip stream, to support multistream archives
-                # https://golang.org/src/compress/gzip/gunzip.go#L117
-                stream.seek(-unused, IO::SEEK_CUR)
-              end
-            end
-          end
-
-          private
-
-          def gzip(stream, &block)
-            gz = Zlib::GzipReader.new(stream)
-            yield(gz)
-          rescue Zlib::Error => e
-            raise InvalidStreamError, e.message
-          ensure
-            gz&.finish
-          end
-        end
-      end
-    end
-  end
-end

lib/gitlab/ci/status/build/scheduled.rb

@@ -29,7 +29,7 @@ module Gitlab
 
           def execute_in
             remaining_seconds = [0, subject.scheduled_at - Time.now].max
-            duration_in_numbers(remaining_seconds, true)
+            duration_in_numbers(remaining_seconds)
           end
         end
       end

lib/gitlab/ci_access.rb

+# frozen_string_literal: true
+
 module Gitlab
   # For backwards compatibility, generic CI (which is a build without a user) is
   # allowed to :build_download_code without any other checks.

lib/gitlab/closing_issue_extractor.rb

+# frozen_string_literal: true
+
 module Gitlab
   class ClosingIssueExtractor
     ISSUE_CLOSING_REGEX = begin

lib/gitlab/color_schemes.rb

+# frozen_string_literal: true
+
 module Gitlab
   # Module containing GitLab's syntax color scheme definitions and helper
   # methods for accessing them.

lib/gitlab/config_helper.rb

+# frozen_string_literal: true
+
 module Gitlab::ConfigHelper
   def gitlab_config_features
     Gitlab.config.gitlab.default_projects_features

lib/gitlab/contributions_calendar.rb

+# frozen_string_literal: true
+
 module Gitlab
   class ContributionsCalendar
     attr_reader :contributor

lib/gitlab/contributor.rb

+# frozen_string_literal: true
+
 module Gitlab
   class Contributor
     attr_accessor :email, :name, :commits, :additions, :deletions

lib/gitlab/cross_project_access.rb

+# frozen_string_literal: true
+
 module Gitlab
   class CrossProjectAccess
     class << self

lib/gitlab/current_settings.rb

+# frozen_string_literal: true
+
 module Gitlab
   module CurrentSettings
     class << self

lib/gitlab/daemon.rb

+# frozen_string_literal: true
+
 module Gitlab
   class Daemon
     def self.initialize_instance(*args)

lib/gitlab/database.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Database
     # The max value of INTEGER type is the same between MySQL and PostgreSQL:
@@ -109,11 +111,11 @@ module Gitlab
       order = "#{field} #{direction}"
 
       if postgresql?
-        order << ' NULLS LAST'
+        order = "#{order} NULLS LAST"
       else
         # `field IS NULL` will be `0` for non-NULL columns and `1` for NULL
         # columns. In the (default) ascending order, `0` comes first.
-        order.prepend("#{field} IS NULL, ") if direction == 'ASC'
+        order = "#{field} IS NULL, #{order}" if direction == 'ASC'
       end
 
       order
@@ -123,11 +125,11 @@ module Gitlab
       order = "#{field} #{direction}"
 
       if postgresql?
-        order << ' NULLS FIRST'
+        order = "#{order} NULLS FIRST"
       else
         # `field IS NULL` will be `0` for non-NULL columns and `1` for NULL
         # columns. In the (default) ascending order, `0` comes first.
-        order.prepend("#{field} IS NULL, ") if direction == 'DESC'
+        order = "#{field} IS NULL, #{order}" if direction == 'DESC'
       end
 
       order
@@ -198,7 +200,7 @@ module Gitlab
       EOF
 
       if return_ids
-        sql << 'RETURNING id'
+        sql = "#{sql}RETURNING id"
       end
 
       result = connection.execute(sql)

lib/gitlab/dependency_linker.rb

+# frozen_string_literal: true
+
 module Gitlab
   module DependencyLinker
     LINKERS = [

lib/gitlab/downtime_check.rb

+# frozen_string_literal: true
+
 module Gitlab
   # Checks if a set of migrations requires downtime or not.
   class DowntimeCheck

lib/gitlab/ee_compat_check.rb

+# frozen_string_literal: true
+
 # rubocop: disable Rails/Output
 module Gitlab
   # Checks if a set of migrations requires downtime or not.

lib/gitlab/emoji.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Emoji
     extend self

lib/gitlab/encoding_helper.rb

+# frozen_string_literal: true
+
 module Gitlab
   module EncodingHelper
     extend self

lib/gitlab/environment.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Environment
     def self.hostname

lib/gitlab/environment_logger.rb

+# frozen_string_literal: true
+
 module Gitlab
   class EnvironmentLogger < Gitlab::Logger
     def self.file_name_noext

lib/gitlab/exclusive_lease.rb

+# frozen_string_literal: true
+
 require 'securerandom'
 
 module Gitlab

lib/gitlab/exclusive_lease_helpers.rb

+# frozen_string_literal: true
+
 module Gitlab
   # This module provides helper methods which are intregrated with GitLab::ExclusiveLease
   module ExclusiveLeaseHelpers

lib/gitlab/fake_application_settings.rb

+# frozen_string_literal: true
+
 # This class extends an OpenStruct object by adding predicate methods to mimic
 # ActiveRecord access. We rely on the initial values being true or false to
 # determine whether to define a predicate method because for a newly-added

lib/gitlab/favicon.rb

+# frozen_string_literal: true
+
 module Gitlab
   class Favicon
     class << self

lib/gitlab/file_detector.rb

+# frozen_string_literal: true
+
 require 'set'
 
 module Gitlab

lib/gitlab/file_finder.rb

+# frozen_string_literal: true
+
 # This class finds files in a repository by name and content
 # the result is joined and sorted by file name
 module Gitlab

lib/gitlab/file_markdown_link_builder.rb

+# frozen_string_literal: true
+
 # Builds the markdown link of a file
 # It needs the methods filename and secure_url (final destination url) to be defined.
 module Gitlab
@@ -8,7 +10,7 @@ module Gitlab
       return unless name = markdown_name
 
       markdown = "[#{name.gsub(']', '\\]')}](#{secure_url})"
-      markdown.prepend("!") if image_or_video? || dangerous?
+      markdown = "!#{markdown}" if image_or_video? || dangerous?
       markdown
     end
 

lib/gitlab/git.rb

+# frozen_string_literal: true
+
 require_dependency 'gitlab/encoding_helper'
 
 module Gitlab

lib/gitlab/git_access.rb

+# frozen_string_literal: true
+
 # Check a user's access to perform a git action. All public methods in this
 # class return an instance of `GitlabAccessStatus`
 module Gitlab

lib/gitlab/git_access_wiki.rb

+# frozen_string_literal: true
+
 module Gitlab
   class GitAccessWiki < GitAccess
     prepend EE::Gitlab::GitAccessWiki

lib/gitlab/git_logger.rb

+# frozen_string_literal: true
+
 module Gitlab
   class GitLogger < Gitlab::Logger
     def self.file_name_noext

lib/gitlab/git_ref_validator.rb

+# frozen_string_literal: true
+
 # Gitaly note: JV: does not need to be migrated, works without a repo.
 
 module Gitlab

lib/gitlab/gitaly_client.rb

+# frozen_string_literal: true
+
 require 'base64'
 
 require 'gitaly'
@@ -23,7 +25,7 @@ module Gitlab
         stacks = most_invoked_stack.join('\n') if most_invoked_stack
 
         msg = "GitalyClient##{call_site} called #{invocation_count} times from single request. Potential n+1?"
-        msg << "\nThe following call site called into Gitaly #{max_call_stack} times:\n#{stacks}\n" if stacks
+        msg = "#{msg}\nThe following call site called into Gitaly #{max_call_stack} times:\n#{stacks}\n" if stacks
 
         super(msg)
       end

lib/gitlab/github_import.rb

+# frozen_string_literal: true
+
 module Gitlab
   module GithubImport
     def self.refmap

lib/gitlab/gl_id.rb

+# frozen_string_literal: true
+
 module Gitlab
   module GlId
     def self.gl_id(user)

lib/gitlab/gl_repository.rb

+# frozen_string_literal: true
+
 module Gitlab
   module GlRepository
     def self.gl_repository(project, is_wiki)

lib/gitlab/gon_helper.rb

+# frozen_string_literal: true
+
 # rubocop:disable Metrics/AbcSize
 
 module Gitlab

lib/gitlab/gpg.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Gpg
     extend self

lib/gitlab/graphql.rb

+# frozen_string_literal: true
+
 module Gitlab
   module Graphql
     StandardGraphqlError = Class.new(StandardError)

lib/gitlab/group_hierarchy.rb

+# frozen_string_literal: true
+
 module Gitlab
   # Retrieving of parent or child groups based on a base ActiveRecord relation.
   #

lib/gitlab/highlight.rb

+# frozen_string_literal: true
+
 module Gitlab
   class Highlight
     TIMEOUT_BACKGROUND = 30.seconds

lib/gitlab/http.rb

+# frozen_string_literal: true
+
 # This class is used as a proxy for all outbounding http connection
 # coming from callbacks, services and hooks. The direct use of the HTTParty
 # is discouraged because it can lead to several security problems, like SSRF

lib/gitlab/http_io.rb

+# frozen_string_literal: true
+
 ##
 # This class is compatible with IO class (https://ruby-doc.org/core-2.3.1/IO.html)
 # source: https://gitlab.com/snippets/1685610
@@ -73,8 +75,8 @@ module Gitlab
       end
     end
 
-    def read(length = nil, outbuf = "")
-      out = ""
+    def read(length = nil, outbuf = nil)
+      out = []
 
       length ||= size - tell
 
@@ -90,17 +92,18 @@ module Gitlab
         length -= chunk_data.bytesize
       end
 
+      out = out.join
+
       # If outbuf is passed, we put the output into the buffer. This supports IO.copy_stream functionality
       if outbuf
-        outbuf.slice!(0, outbuf.bytesize)
-        outbuf << out
+        outbuf.replace(out)
       end
 
       out
     end
 
     def readline
-      out = ""
+      out = []
 
       until eof?
         data = get_chunk
@@ -116,7 +119,7 @@ module Gitlab
         end
       end
 
-      out
+      out.join
     end
 
     def write(data)

lib/gitlab/i18n.rb

+# frozen_string_literal: true
+
 module Gitlab
   module I18n
     extend self

lib/gitlab/identifier.rb

+# frozen_string_literal: true
+
 # Detect user based on identifier like
 # key-13 or user-36 or last commit
 module Gitlab

lib/gitlab/import_export.rb

+# frozen_string_literal: true
+
 module Gitlab
   module ImportExport
     extend self

lib/gitlab/import_formatter.rb

+# frozen_string_literal: true
+
 module Gitlab
   class ImportFormatter
     def comment(author, date, body)

lib/gitlab/import_sources.rb

+# frozen_string_literal: true
+
 # Gitlab::ImportSources module
 #
 # Define import sources that can be used

lib/gitlab/incoming_email.rb

+# frozen_string_literal: true
+
 module Gitlab
   module IncomingEmail
     UNSUBSCRIBE_SUFFIX = '+unsubscribe'.freeze

lib/gitlab/insecure_key_fingerprint.rb

+# frozen_string_literal: true
+
 module Gitlab
   #
   # Calculates the fingerprint of a given key without using

lib/gitlab/issuable_metadata.rb

+# frozen_string_literal: true
+
 module Gitlab
   module IssuableMetadata
     def issuable_meta_data(issuable_collection, collection_type)

lib/gitlab/issuable_sorter.rb

+# frozen_string_literal: true
+
 module Gitlab
   module IssuableSorter
     class << self

lib/gitlab/issuables_count_for_state.rb

+# frozen_string_literal: true
+
 module Gitlab
   # Class for counting and caching the number of issuables per state.
   class IssuablesCountForState

lib/gitlab/issues_labels.rb

+# frozen_string_literal: true
+
 module Gitlab
   class IssuesLabels
     class << self

lib/gitlab/job_waiter.rb

+# frozen_string_literal: true
+
 module Gitlab
   # JobWaiter can be used to wait for a number of Sidekiq jobs to complete.
   #

lib/gitlab/json_logger.rb

+# frozen_string_literal: true
+
 module Gitlab
   class JsonLogger < ::Gitlab::Logger
     def self.file_name_noext

lib/gitlab/kubernetes.rb

+# frozen_string_literal: true
+
 module Gitlab
   # Helper methods to do with Kubernetes network services & resources
   module Kubernetes