Merge branch '3839-ci-cd-only-github-projects-fe' into 'master'

Create CI/CD-only projects from GitHub

Closes #3839

See merge request gitlab-org/gitlab-ee!4688

app/assets/javascripts/importer_status.js

-import { __ } from './locale';
+import _ from 'underscore';
+import { __, sprintf } from './locale';
 import axios from './lib/utils/axios_utils';
 import flash from './flash';
+import { convertPermissionToBoolean } from './lib/utils/common_utils';
 
 class ImporterStatus {
-  constructor(jobsUrl, importUrl) {
+  constructor({ jobsUrl, importUrl, ciCdOnly }) {
     this.jobsUrl = jobsUrl;
     this.importUrl = importUrl;
+    this.ciCdOnly = ciCdOnly;
     this.initStatusPage();
     this.setAutoUpdate();
   }
@@ -45,6 +48,7 @@ class ImporterStatus {
       repo_id: id,
       target_namespace: targetNamespace,
       new_name: newName,
+      ci_cd_only: this.ciCdOnly,
     })
     .then(({ data }) => {
       const job = $(`tr#repo_${id}`);
@@ -54,7 +58,13 @@ class ImporterStatus {
       $('table.import-jobs tbody').prepend(job);
 
       job.addClass('active');
-      job.find('.import-actions').html('<i class="fa fa-spinner fa-spin" aria-label="importing"></i> started');
+      const connectingVerb = this.ciCdOnly ? __('connecting') : __('importing');
+      job.find('.import-actions').html(sprintf(
+        _.escape(__('%{loadingIcon} Started')), {
+          loadingIcon: `<i class="fa fa-spinner fa-spin" aria-label="${_.escape(connectingVerb)}"></i>`,
+        },
+        false,
+      ));
     })
     .catch(() => flash(__('An error occurred while importing project')));
   }
@@ -71,13 +81,16 @@ class ImporterStatus {
           switch (job.import_status) {
             case 'finished':
               jobItem.removeClass('active').addClass('success');
-              statusField.html('<span><i class="fa fa-check"></i> done</span>');
+              statusField.html(`<span><i class="fa fa-check"></i> ${__('Done')}</span>`);
               break;
             case 'scheduled':
-              statusField.html(`${spinner} scheduled`);
+              statusField.html(`${spinner} ${__('Scheduled')}`);
               break;
             case 'started':
-              statusField.html(`${spinner} started`);
+              statusField.html(`${spinner} ${__('Started')}`);
+              break;
+            case 'failed':
+              statusField.html(__('Failed'));
               break;
             default:
               statusField.html(job.import_status);
@@ -98,7 +111,11 @@ function initImporterStatus() {
 
   if (importerStatus) {
     const data = importerStatus.dataset;
-    return new ImporterStatus(data.jobsImportPath, data.importPath);
+    return new ImporterStatus({
+      jobsUrl: data.jobsImportPath,
+      importUrl: data.importPath,
+      ciCdOnly: convertPermissionToBoolean(data.ciCdOnly),
+    });
   }
 }
 

app/controllers/import/github_controller.rb

 class Import::GithubController < Import::BaseController
+  prepend ::EE::Import::GithubController
+
   before_action :verify_import_enabled
   before_action :provider_auth, only: [:status, :jobs, :create]
 
@@ -42,7 +44,9 @@ class Import::GithubController < Import::BaseController
     target_namespace = find_or_create_namespace(namespace_path, current_user.namespace_path)
 
     if can?(current_user, :create_projects, target_namespace)
-      project = Gitlab::LegacyGithubImport::ProjectCreator.new(repo, project_name, target_namespace, current_user, access_params, type: provider).execute
+      project = Gitlab::LegacyGithubImport::ProjectCreator
+                  .new(repo, project_name, target_namespace, current_user, access_params, type: provider)
+                  .execute(extra_project_attrs)
 
       if project.persisted?
         render json: ProjectSerializer.new.represent(project)
@@ -73,15 +77,15 @@ class Import::GithubController < Import::BaseController
   end
 
   def new_import_url
-    public_send("new_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
+    public_send("new_import_#{provider}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
   end
 
   def status_import_url
-    public_send("status_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
+    public_send("status_import_#{provider}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
   end
 
   def callback_import_url
-    public_send("callback_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
+    public_send("callback_import_#{provider}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
   end
 
   def provider_unauthorized
@@ -116,4 +120,12 @@ class Import::GithubController < Import::BaseController
   def client_options
     {}
   end
+
+  def extra_project_attrs
+    {}
+  end
+
+  def extra_import_params
+    {}
+  end
 end

app/helpers/import_helper.rb

@@ -36,6 +36,42 @@ module ImportHelper
     _('Please wait while we import the repository for you. Refresh at will.')
   end
 
+  def import_github_title
+    _('Import repositories from GitHub')
+  end
+
+  def import_github_authorize_message
+    _('To import GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:')
+  end
+
+  def import_github_personal_access_token_message
+    personal_access_token_link = link_to _('Personal Access Token'), 'https://github.com/settings/tokens'
+
+    if github_import_configured?
+      _('Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
+    else
+      _('To import GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
+    end
+  end
+
+  def import_configure_github_admin_message
+    github_integration_link = link_to 'GitHub integration', help_page_path('integration/github')
+
+    if current_user.admin?
+      _('Note: As an administrator you may like to configure %{github_integration_link}, which will allow login via GitHub and allow importing repositories without generating a Personal Access Token.').html_safe % { github_integration_link: github_integration_link }
+    else
+      _('Note: Consider asking your GitLab administrator to configure %{github_integration_link}, which will allow login via GitHub and allow importing repositories without generating a Personal Access Token.').html_safe % { github_integration_link: github_integration_link }
+    end
+  end
+
+  def import_githubish_choose_repository_message
+    _('Choose which repositories you want to import.')
+  end
+
+  def import_all_githubish_repositories_button_label
+    _('Import all repositories')
+  end
+
   private
 
   def github_project_url(full_path)

app/views/import/_githubish_status.html.haml

@@ -2,11 +2,11 @@
 - provider_title = Gitlab::ImportSources.title(provider)
 
 %p.light
-  Select projects you want to import.
+  = import_githubish_choose_repository_message
 %hr
 %p
   = button_tag class: "btn btn-import btn-success js-import-all" do
-    Import all projects
+    = import_all_githubish_repositories_button_label
     = icon("spinner spin", class: "loading-icon")
 
 .table-responsive
@@ -16,9 +16,9 @@
     %colgroup.import-jobs-status-col
     %thead
       %tr
-        %th From #{provider_title}
-        %th To GitLab
-        %th Status
+        %th= _('From %{provider_title}') % { provider_title: provider_title }
+        %th= _('To GitLab')
+        %th= _('Status')
     %tbody
       - @already_added_projects.each do |project|
         %tr{ id: "project_#{project.id}", class: "#{project_status_css_class(project.import_status)}" }
@@ -30,10 +30,12 @@
             - if project.import_status == 'finished'
               %span
                 %i.fa.fa-check
-                done
+                = _('Done')
             - elsif project.import_status == 'started'
               %i.fa.fa-spinner.fa-spin
-              started
+              = _('Started')
+            - elsif project.import_status == 'failed'
+              = _('Failed')
             - else
               = project.human_import_status_name
 
@@ -55,7 +57,9 @@
               = text_field_tag :path, repo.name, class: "input-mini form-control", tabindex: 2, autofocus: true, required: true
           %td.import-actions.job-status
             = button_tag class: "btn btn-import js-add-to-import" do
-              Import
+              = has_ci_cd_only_params? ? _('Connect') : _('Import')
               = icon("spinner spin", class: "loading-icon")
 
-.js-importer-status{ data: { jobs_import_path: "#{url_for([:jobs, :import, provider])}", import_path: "#{url_for([:import, provider])}" } }
+.js-importer-status{ data: { jobs_import_path: "#{url_for([:jobs, :import, provider])}",
+                             import_path: "#{url_for([:import, provider])}",
+                             ci_cd_only: "#{has_ci_cd_only_params?}" } }

app/views/import/github/new.html.haml

-- page_title "GitHub Import"
+- title = has_ci_cd_only_params? ? _('Connect repositories from GitHub') : _('GitHub import')
+- page_title title
+- breadcrumb_title title
 - header_title "Projects", root_path
 
 %h3.page-title
-  = icon 'github', text: 'Import Projects from GitHub'
+  = icon 'github', text: import_github_title
 
 - if github_import_configured?
   %p
-    To import a GitHub project, you first need to authorize GitLab to access
-    the list of your GitHub repositories:
+    = import_github_authorize_message
 
-  = link_to 'List your GitHub repositories', status_import_github_path, class: 'btn btn-success'
+  = link_to _('List your GitHub repositories'), status_import_github_path, class: 'btn btn-success'
 
   %hr
 
 %p
-  - if github_import_configured?
-    Alternatively,
-  - else
-    To import a GitHub project,
-  you can use a
-  = succeed '.' do
-    = link_to 'Personal Access Token', 'https://github.com/settings/tokens'
-  When you create your Personal Access Token,
-  you will need to select the <code>repo</code> scope, so we can display a
-  list of your public and private repositories which are available for import.
+  = import_github_personal_access_token_message
 
 = form_tag personal_access_token_import_github_path, method: :post, class: 'form-inline' do
   .form-group
-    = text_field_tag :personal_access_token, '', class: 'form-control', placeholder: "Personal Access Token", size: 40
-    = submit_tag 'List your GitHub repositories', class: 'btn btn-success'
+    = text_field_tag :personal_access_token, '', class: 'form-control', placeholder: _('Personal Access Token'), size: 40
+    = submit_tag _('List your GitHub repositories'), class: 'btn btn-success'
+
+  -# EE-specific start
+  = hidden_field_tag :ci_cd_only, params[:ci_cd_only]
+  -# EE-specific end
 
 - unless github_import_configured?
   %hr
   %p
-    Note:
-    - if current_user.admin?
-      As an administrator you may like to configure
-    - else
-      Consider asking your GitLab administrator to configure
-    = link_to 'GitHub integration', help_page_path("integration/github")
-    which will allow login via GitHub and allow importing projects without
-    generating a Personal Access Token.
+    = import_configure_github_admin_message

app/views/import/github/status.html.haml

-- page_title "GitHub Import"
+- title = has_ci_cd_only_params? ? _('Connect repositories from GitHub') : _('GitHub import')
+- page_title title
+- breadcrumb_title title
 - header_title "Projects", root_path
 %h3.page-title
-  = icon 'github', text: 'Import Projects from GitHub'
+  = icon 'github', text: import_github_title
 
 = render 'import/githubish_status', provider: 'github'

app/views/projects/new.html.haml

@@ -77,7 +77,7 @@
                             = icon('gitlab', text: 'GitLab export')
                       %div
                         - if github_import_enabled?
-                          = link_to new_import_github_path, class: 'btn import_github' do
+                          = link_to new_import_github_path, class: 'btn js-import-github' do
                             = icon('github', text: 'GitHub')
                       %div
                         - if bitbucket_import_enabled?

app/workers/all_queues.yml

@@ -134,6 +134,7 @@
 - object_storage:object_storage_migrate_uploads
 
 - admin_emails
+- create_github_webhook
 - elastic_batch_project_indexer
 - elastic_commit_indexer
 - elastic_indexer

config/sidekiq_queues.yml

@@ -73,6 +73,7 @@
 
   # EE-specific queues
   - [ldap_group_sync, 2]
+  - [create_github_webhook, 2]
   - [chat_notification, 2]
   - [geo, 1]
   - [repository_remove_remote, 1]

db/schema.rb

@@ -1963,6 +1963,7 @@ ActiveRecord::Schema.define(version: 20180307164427) do
     t.integer "jobs_cache_index"
     t.boolean "mirror_overwrites_diverged_branches"
     t.string "external_authorization_classification_label"
+    t.string "external_webhook_token"
   end
 
   add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree

doc/user/project/ci_cd_for_external_repo.md

+## CI/CD for external repositories
+
+>[Introduced][ee-4642] in [GitLab Premium][eep] 10.6.
+
+Instead of importing the repo directly to GitLab, you can connect your
+external repository to get GitLab CI/CD benefits.
+
+This will set up [repository mirroring](../../workflow/repository_mirroring.md)
+and create a stripped-down version of a project that has issues, merge requests,
+container registry, wiki, and snippets disabled but
+[can be re-enabled later on](settings/index.md#sharing-and-permissions).
+
+1. From your GitLab dashboard click **New project**
+1. Switch to the **CI/CD for external repo** tab
+1. Choose **GitHub** or **Repo by URL**
+1. The next steps are similar to the [import flow](import/index.md)
+
+![CI/CD for external repository project creation](img/ci_cd_for_external_repo.png)
+
+
+[ee-4642]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4642
+[eep]: https://about.gitlab.com/products/

doc/user/project/import/index.md

@@ -16,6 +16,8 @@ In addition to the specific migration documentation above, you can import any
 Git repository via HTTP from the New Project page. Be aware that if the
 repository is too large the import can timeout.
 
+There is also the option of [connecting your external repository to get CI/CD benefits](../ci_cd_for_external_repo.md).
+
 ## Migrating from self-hosted GitLab to GitLab.com
 
 You can copy your repos by changing the remote and pushing to the new server,

doc/user/project/import/repo_by_url.md

@@ -10,21 +10,3 @@ You can import your existing repositories by providing the Git URL:
 1. Once complete, you will be redirected to your newly created project
 
 ![Import project by repo URL](img/import_projects_from_repo_url.png)
-
-## CI/CD for external repositories
-
->[Introduced][ee-4642] in [GitLab Premium][eep] 10.6.
-
-Instead of importing the repo directly to GitLab, you can connect your
-external repository to get GitLab CI/CD benefits.
-
-This will set up [repository mirroring](../../../workflow/repository_mirroring.md) and create a stripped-down version of a project
-that has issues, merge requests, container registry, wiki, and snippets disabled
-but [can be re-enabled later on](../settings/index.md#sharing-and-permissions).
-
-1. From your GitLab dashboard click **New project**
-1. Switch to the **CI/CD for external repo** tab
-1. Follow the same import project steps (see above)
-
-[ee-4642]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4642
-[eep]: https://about.gitlab.com/products/

doc/user/project/index.md

@@ -115,6 +115,13 @@ Read through the documentation on [project settings](settings/index.md).
 - [Export a project from GitLab](settings/import_export.md#exporting-a-project-and-its-data)
 - [Importing and exporting projects between GitLab instances](settings/import_export.md)
 
+## CI/CD for external repositories
+
+Instead of importing a repository directly to GitLab, you can connect your repository
+as a CI/CD project.
+
+Read through the documentation on [CI/CD for external repositories](ci_cd_for_external_repo.md).
+
 ## Project's members
 
 Learn how to [add members to your projects](members/index.md).

ee/app/controllers/ee/import/github_controller.rb

+module EE
+  module Import
+    module GithubController
+      extend ::Gitlab::Utils::Override
+
+      override :extra_project_attrs
+      def extra_project_attrs
+        super.merge(ci_cd_only: params[:ci_cd_only])
+      end
+
+      override :extra_import_params
+      def extra_import_params
+        extra_params = super
+        ci_cd_only = ::Gitlab::Utils.to_boolean(params[:ci_cd_only])
+
+        extra_params[:ci_cd_only] = true if ci_cd_only
+        extra_params
+      end
+    end
+  end
+end

ee/app/helpers/ee/import_helper.rb

@@ -44,5 +44,71 @@ module EE
         super
       end
     end
+
+    override :import_github_title
+    def import_github_title
+      if has_ci_cd_only_params?
+        _('Connect repositories from GitHub')
+      else
+        super
+      end
+    end
+
+    override :import_github_authorize_message
+    def import_github_authorize_message
+      if has_ci_cd_only_params?
+        _('To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:')
+      else
+        super
+      end
+    end
+
+    override :import_github_personal_access_token_message
+    def import_github_personal_access_token_message
+      if has_ci_cd_only_params?
+        personal_access_token_link = link_to _('Personal Access Token'), 'https://github.com/settings/tokens'
+
+        if github_import_configured?
+          _('Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect.').html_safe % { personal_access_token_link: personal_access_token_link }
+        else
+          _('To connect GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect.').html_safe % { personal_access_token_link: personal_access_token_link }
+        end
+      else
+        super
+      end
+    end
+
+    override :import_configure_github_admin_message
+    def import_configure_github_admin_message
+      if has_ci_cd_only_params?
+        github_integration_link = link_to 'GitHub integration', help_page_path('integration/github')
+
+        if current_user.admin?
+          _('Note: As an administrator you may like to configure %{github_integration_link}, which will allow login via GitHub and allow connecting repositories without generating a Personal Access Token.').html_safe % { github_integration_link: github_integration_link }
+        else
+          _('Note: Consider asking your GitLab administrator to configure %{github_integration_link}, which will allow login via GitHub and allow connecting repositories without generating a Personal Access Token.').html_safe % { github_integration_link: github_integration_link }
+        end
+      else
+        super
+      end
+    end
+
+    override :import_githubish_choose_repository_message
+    def import_githubish_choose_repository_message
+      if has_ci_cd_only_params?
+        _('Choose which repositories you want to connect and run CI/CD pipelines.')
+      else
+        super
+      end
+    end
+
+    override :import_all_githubish_repositories_button_label
+    def import_all_githubish_repositories_button_label
+      if has_ci_cd_only_params?
+        _('Connect all repositories')
+      else
+        super
+      end
+    end
   end
 end

ee/app/models/ee/project.rb

@@ -86,6 +86,12 @@ module EE
       end
     end
 
+    def ensure_external_webhook_token
+      return if external_webhook_token.present?
+
+      self.external_webhook_token = Devise.friendly_token
+    end
+
     def shared_runners_limit_namespace
       if Feature.enabled?(:shared_runner_minutes_on_root_namespace)
         root_namespace

ee/app/services/ci_cd/github_setup_service.rb

+module CiCd
+  class GithubSetupService
+    attr_reader :project
+
+    def initialize(project)
+      @project = project
+    end
+
+    def execute
+      create_webhook
+    end
+
+    private
+
+    def create_webhook
+      ::CreateGithubWebhookWorker.perform_async(project.id)
+    end
+  end
+end

ee/app/services/ci_cd/setup_project.rb

+module CiCd
+  class SetupProject < ::BaseService
+    def execute
+      return if project.import_url.blank?
+
+      update_project
+      disable_project_features
+      setup_external_service
+    end
+
+    private
+
+    def update_project
+      project.update_attributes(
+        container_registry_enabled:          false,
+        mirror:                              true,
+        mirror_trigger_builds:               true,
+        mirror_overwrites_diverged_branches: true,
+        only_mirror_protected_branches:      false,
+        mirror_user_id:                      current_user.id
+      )
+    end
+
+    def disable_project_features
+      project.project_feature.update_attributes(
+        issues_access_level:         ProjectFeature::DISABLED,
+        merge_requests_access_level: ProjectFeature::DISABLED,
+        wiki_access_level:           ProjectFeature::DISABLED,
+        snippets_access_level:       ProjectFeature::DISABLED
+      )
+    end
+
+    def setup_external_service
+      return unless requires_extra_setup?
+
+      service_class.new(@project).execute
+    end
+
+    def requires_extra_setup?
+      return false if project.import_type.blank?
+
+      Gitlab::ImportSources.importer(project.import_type).try(:requires_ci_cd_setup?)
+    end
+
+    def service_class
+      "CiCd::#{@project.import_type.classify}SetupService".constantize
+    end
+  end
+end

ee/app/services/ee/projects/create_service.rb

@@ -9,7 +9,7 @@ module EE
         mirror = params.delete(:mirror)
         mirror_user_id = params.delete(:mirror_user_id)
         mirror_trigger_builds = params.delete(:mirror_trigger_builds)
-        ci_cd_only = params.delete(:ci_cd_only)
+        ci_cd_only = ::Gitlab::Utils.to_boolean(params.delete(:ci_cd_only))
 
         project = super do |project|
           # Repository size limit comes as MB from the view
@@ -61,7 +61,7 @@ module EE
       def setup_ci_cd_project
         return unless ::License.feature_available?(:ci_cd_projects)
 
-        ::Projects::SetupCiCd.new(project, current_user).execute
+        ::CiCd::SetupProject.new(project, current_user).execute
       end
 
       def log_audit_event(project)

ee/app/views/projects/_new_ci_cd_only_project_pane.html.haml

@@ -13,6 +13,10 @@
           = f.label :visibility_level, class: 'label-light' do
             = s_('ImportButtons|Connect repositories from')
           .import-buttons
+            %div
+              - if github_import_enabled?
+                = link_to new_import_github_path(ci_cd_only: true), class: 'btn js-import-github' do
+                  = icon('github', text: 'GitHub')
             %div
               - if git_import_enabled?
                 %button.btn.js-toggle-button.js-import-git-toggle-button{ type: "button", data: { toggle_open_class: 'active' } }

ee/app/workers/create_github_webhook_worker.rb

+class CreateGithubWebhookWorker
+  include ApplicationWorker
+  include GrapeRouteHelpers::NamedRouteMatcher
+
+  attr_reader :project
+
+  def perform(project_id)
+    @project = Project.find(project_id)
+
+    create_webhook
+  end
+
+  def create_webhook
+    client.create_hook(
+      project.import_source,
+      'web',
+      {
+        url: webhook_url,
+        content_type: 'json',
+        secret: webhook_token,
+        insecure_ssl: 1
+      },
+      {
+        events: ['push'],
+        active: true
+      }
+    )
+  end
+
+  private
+
+  def client
+    @client ||= Gitlab::LegacyGithubImport::Client.new(access_token)
+  end
+
+  def access_token
+    @access_token ||= project.import_data.credentials[:user]
+  end
+
+  def webhook_url
+    "#{Settings.gitlab.url}#{api_v4_projects_mirror_pull_path(id: project.id)}"
+  end
+
+  def webhook_token
+    project.ensure_external_webhook_token
+    project.save if project.changed?
+
+    project.external_webhook_token
+  end
+end

ee/changelogs/unreleased/3839-ci-cd-only-github-projects-fe.yml

+---
+title: Add GitHub support to CI/CD for external repositories
+merge_request: 4688
+author:
+type: added

ee/db/migrate/20180302230551_add_external_webhook_token_to_projects.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddExternalWebhookTokenToProjects < ActiveRecord::Migration
+  DOWNTIME = false
+
+  def change
+    add_column :projects, :external_webhook_token, :string
+  end
+end

ee/lib/api/project_mirror.rb

+require_dependency 'declarative_policy'
+
+module API
+  class ProjectMirror < Grape::API
+    helpers do
+      def github_webhook_signature
+        @github_webhook_signature ||= headers['X-Hub-Signature']
+      end
+
+      def authenticate_from_github_webhook!
+        return unless github_webhook_signature
+
+        unless valid_github_signature?
+          Guest.can?(:read_project, project) ? unauthorized! : not_found!
+        end
+      end
+
+      def valid_github_signature?
+        request.body.rewind
+
+        token        = project.external_webhook_token
+        payload_body = request.body.read
+        signature    = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), token, payload_body)
+
+        Rack::Utils.secure_compare(signature, github_webhook_signature)
+      end
+
+      def authenticate_with_webhook_token!
+        if github_webhook_signature
+          not_found! unless project
+
+          authenticate_from_github_webhook!
+        else
+          authenticate!
+          authorize_admin_project
+        end
+      end
+
+      def project
+        @project ||= github_webhook_signature ? find_project(params[:id]) : user_project
+      end
+    end
+
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
+      desc 'Triggers a pull mirror operation'
+      post ":id/mirror/pull" do
+        authenticate_with_webhook_token!
+
+        return render_api_error!('The project is not mirrored', 400) unless project.mirror?
+
+        project.force_import_job!
+
+        status 200
+      end
+    end
+  end
+end

ee/lib/ee/gitlab/github_import/parallel_importer.rb

+module EE
+  module Gitlab
+    module GithubImport
+      module ParallelImporter
+        extend ActiveSupport::Concern
+
+        class_methods do
+          def requires_ci_cd_setup?
+            true
+          end
+        end
+      end
+    end
+  end
+end

ee/spec/features/projects/new_project_spec.rb

@@ -37,12 +37,23 @@ feature 'New project' do
   end
 
   context 'CI/CD for external repositories', :js do
+    let(:repo) do
+      OpenStruct.new(
+        id: 123,
+        login: 'some-github-repo',
+        owner: OpenStruct.new(login: 'some-github-repo'),
+        name: 'some-github-repo',
+        full_name: 'my-user/some-github-repo',
+        clone_url: 'https://github.com/my-user/some-github-repo.git'
+      )
+    end
+
     context 'when licensed' do
       before do
         stub_licensed_features(ci_cd_projects: true)
       end
 
-      it 'shows CI/CD tab' do
+      it 'shows CI/CD tab and pane' do
         visit new_project_path
 
         expect(page).to have_css('#ci-cd-project-tab')
@@ -52,6 +63,24 @@ feature 'New project' do
         expect(page).to have_css('#ci-cd-project-pane')
       end
 
+      it '"Import project" tab creates projects with features enabled' do
+        visit new_project_path
+        find('#import-project-tab').click
+
+        page.within '#import-project-pane' do
+          first('.js-import-git-toggle-button').click
+
+          fill_in 'project_import_url', with: 'http://foo.git'
+          fill_in 'project_path', with: 'import-project-with-features1'
+          choose 'project_visibility_level_20'
+          click_button 'Create project'
+
+          created_project = Project.last
+          expect(current_path).to eq(project_path(created_project))
+          expect(created_project.project_feature).to be_issues_enabled
+        end
+      end
+
       it 'creates CI/CD project from repo URL' do
         visit new_project_path
         find('#ci-cd-project-tab').click
@@ -70,6 +99,62 @@ feature 'New project' do
           expect(created_project.project_feature).not_to be_issues_enabled
         end
       end
+
+      it 'creates CI/CD project from GitHub' do
+        visit new_project_path
+        find('#ci-cd-project-tab').click
+
+        page.within '#ci-cd-project-pane' do
+          find('.js-import-github').click
+        end
+
+        expect(page).to have_text('Connect repositories from GitHub')
+
+        allow_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:repos).and_return([repo])
+
+        fill_in 'personal_access_token', with: 'fake-token'
+        click_button 'List your GitHub repositories'
+        wait_for_requests
+
+        # Mock the POST `/import/github`
+        allow_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:repo).and_return(repo)
+        project = create(:project, name: 'some-github-repo', creator: user, import_type: 'github', import_status: 'finished', import_url: repo.clone_url)
+        allow_any_instance_of(CiCd::SetupProject).to receive(:setup_external_service)
+        CiCd::SetupProject.new(project, user).execute
+        allow_any_instance_of(Gitlab::LegacyGithubImport::ProjectCreator)
+          .to receive(:execute).with(hash_including(ci_cd_only: true))
+          .and_return(project)
+
+        click_button 'Connect'
+        wait_for_requests
+
+        expect(page).to have_text('Started')
+        wait_for_requests
+
+        expect(page).to have_text('Done')
+
+        created_project = Project.last
+        expect(created_project.name).to eq('some-github-repo')
+        expect(created_project.mirror).to eq(true)
+        expect(created_project.project_feature).not_to be_issues_enabled
+      end
+
+      it 'stays on GitHub import page after access token failure' do
+        visit new_project_path
+        find('#ci-cd-project-tab').click
+
+        page.within '#ci-cd-project-pane' do
+          find('.js-import-github').click
+        end
+
+        allow_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:repos).and_raise(Octokit::Unauthorized)
+
+        fill_in 'personal_access_token', with: 'unauthorized-fake-token'
+        click_button 'List your GitHub repositories'
+
+        expect(page).to have_text('Access denied to your GitHub account.')
+        expect(page).to have_current_path(new_import_github_path(ci_cd_only: true))
+      end
     end
 
     context 'when unlicensed' do

ee/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb

+require 'spec_helper'
+
+describe Gitlab::LegacyGithubImport::ProjectCreator do
+  let(:user) { create(:user) }
+  let(:namespace) { create(:group, owner: user) }
+
+  let(:repo) do
+    OpenStruct.new(
+      login: 'vim',
+      name: 'vim',
+      full_name: 'asd/vim',
+      clone_url: 'https://gitlab.com/asd/vim.git'
+    )
+  end
+
+  subject(:service) do
+    described_class.new(repo, repo.name, namespace, user, github_access_token: 'asdffg')
+  end
+
+  before do
+    namespace.add_owner(user)
+    stub_licensed_features(ci_cd_projects: true)
+
+    allow_any_instance_of(EE::Project).to receive(:add_import_job)
+    allow_any_instance_of(CiCd::SetupProject).to receive(:setup_external_service)
+  end
+
+  describe '#execute' do
+    context 'creating a CI/CD only project' do
+      let(:params) { { ci_cd_only: true } }
+
+      it 'creates a project' do
+        expect { service.execute(params) }.to change(Project, :count).by(1)
+      end
+
+      it 'calls the service to setup the project' do
+        expect(CiCd::SetupProject).to receive_message_chain(:new, :execute)
+
+        service.execute(params)
+      end
+    end
+
+    context 'creating a regular project' do
+      let(:params) { {} }
+
+      it 'creates a project' do
+        expect { service.execute(params) }.to change(Project, :count).by(1)
+      end
+
+      it "doesn't apply any special setup" do
+        expect(CiCd::SetupProject).not_to receive(:new)
+
+        service.execute(params)
+      end
+    end
+  end
+end

ee/spec/models/project_spec.rb

@@ -102,6 +102,18 @@ describe Project do
     end
   end
 
+  describe '#ensure_external_webhook_token' do
+    let(:project) { create(:project, :repository) }
+
+    it "sets external_webhook_token when it's missing" do
+      project.update_attribute(:external_webhook_token, nil)
+      expect(project.external_webhook_token).to be_blank
+
+      project.ensure_external_webhook_token
+      expect(project.external_webhook_token).to be_present
+    end
+  end
+
   describe 'hard failing a mirror' do
     it 'sends a notification' do
       project = create(:project, :mirror, :import_started)

ee/spec/requests/api/project_mirror_spec.rb

+# -*- coding: utf-8 -*-
+require 'spec_helper'
+
+describe API::ProjectMirror do
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:project) { create(:project, namespace: user.namespace) }
+
+  describe 'POST /projects/:id/mirror/pull' do
+    context 'when the project is not mirrored' do
+      it 'returns error' do
+        allow(project).to receive(:mirror?).and_return(false)
+
+        post api("/projects/#{project.id}/mirror/pull", user)
+
+        expect(response).to have_gitlab_http_status(400)
+      end
+    end
+
+    context 'when the project is mirrored' do
+      before do
+        allow_any_instance_of(Projects::UpdateMirrorService).to receive(:execute).and_return(status: :success)
+      end
+
+      context 'when import state is' do
+        def project_in_state(state)
+          project = create(:project, :repository, :mirror, state, namespace: user.namespace)
+          project.mirror_data.update_attributes(next_execution_timestamp: 10.minutes.from_now)
+          project
+        end
+
+        it 'none it triggers the pull mirroring operation' do
+          project = project_in_state(:import_none)
+
+          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
+
+          post api("/projects/#{project.id}/mirror/pull", user)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'failed it triggers the pull mirroring operation' do
+          project = project_in_state(:import_failed)
+
+          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
+
+          post api("/projects/#{project.id}/mirror/pull", user)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'finished it triggers the pull mirroring operation' do
+          project = project_in_state(:import_finished)
+
+          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
+
+          post api("/projects/#{project.id}/mirror/pull", user)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'scheduled does not trigger the pull mirroring operation and returns 200' do
+          project = project_in_state(:import_scheduled)
+
+          expect(UpdateAllMirrorsWorker).not_to receive(:perform_async)
+
+          post api("/projects/#{project.id}/mirror/pull", user)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'started does not trigger the pull mirroring operation and returns 200' do
+          project = project_in_state(:import_started)
+
+          expect(UpdateAllMirrorsWorker).not_to receive(:perform_async)
+
+          post api("/projects/#{project.id}/mirror/pull", user)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
+
+      context 'when user' do
+        let(:project_mirrored) { create(:project, :repository, :mirror, :import_finished, namespace: user.namespace) }
+
+        def project_member(role, user)
+          create(:project_member, role, user: user, project: project_mirrored)
+        end
+
+        context 'is unauthenticated' do
+          it 'returns authentication error' do
+            post api("/projects/#{project_mirrored.id}/mirror/pull")
+
+            expect(response).to have_gitlab_http_status(401)
+          end
+        end
+
+        context 'is authenticated as developer' do
+          it 'returns forbidden error' do
+            project_member(:developer, user2)
+
+            post api("/projects/#{project_mirrored.id}/mirror/pull", user2)
+
+            expect(response).to have_gitlab_http_status(403)
+          end
+        end
+
+        context 'is authenticated as reporter' do
+          it 'returns forbidden error' do
+            project_member(:reporter, user2)
+
+            post api("/projects/#{project_mirrored.id}/mirror/pull", user2)
+
+            expect(response).to have_gitlab_http_status(403)
+          end
+        end
+
+        context 'is authenticated as guest' do
+          it 'returns forbidden error' do
+            project_member(:guest, user2)
+
+            post api("/projects/#{project_mirrored.id}/mirror/pull", user2)
+
+            expect(response).to have_gitlab_http_status(403)
+          end
+        end
+
+        context 'is authenticated as master' do
+          it 'triggers the pull mirroring operation' do
+            project_member(:master, user2)
+
+            post api("/projects/#{project_mirrored.id}/mirror/pull", user2)
+
+            expect(response).to have_gitlab_http_status(200)
+          end
+        end
+
+        context 'is authenticated as owner' do
+          it 'triggers the pull mirroring operation' do
+            post api("/projects/#{project_mirrored.id}/mirror/pull", user)
+
+            expect(response).to have_gitlab_http_status(200)
+          end
+        end
+      end
+
+      context 'authenticating from GitHub signature' do
+        let(:visibility) { Gitlab::VisibilityLevel::PUBLIC }
+        let(:project_mirrored) { create(:project, :repository, :mirror, :import_finished, visibility: visibility) }
+
+        def do_post
+          post api("/projects/#{project_mirrored.id}/mirror/pull"), {}, { 'X-Hub-Signature' => 'signature' }
+        end
+
+        context "when it's valid" do
+          before do
+            Grape::Endpoint.before_each do |endpoint|
+              allow(endpoint).to receive(:project).and_return(project_mirrored)
+              allow(endpoint).to receive(:valid_github_signature?).and_return(true)
+            end
+          end
+
+          it 'syncs the mirror' do
+            expect(project_mirrored).to receive(:force_import_job!)
+
+            do_post
+          end
+        end
+
+        context "when it's invalid" do
+          before do
+            Grape::Endpoint.before_each do |endpoint|
+              allow(endpoint).to receive(:project).and_return(project_mirrored)
+              allow(endpoint).to receive(:valid_github_signature?).and_return(false)
+            end
+          end
+
+          after do
+            Grape::Endpoint.before_each nil
+          end
+
+          it "doesn't sync the mirror" do
+            expect(project_mirrored).not_to receive(:force_import_job!)
+
+            post api("/projects/#{project_mirrored.id}/mirror/pull"), {}, { 'X-Hub-Signature' => 'signature' }
+          end
+
+          context 'with a public project' do
+            let(:visibility) { Gitlab::VisibilityLevel::PUBLIC }
+
+            it 'returns a 401 status' do
+              do_post
+
+              expect(response).to have_gitlab_http_status(401)
+            end
+          end
+
+          context 'with an internal project' do
+            let(:visibility) { Gitlab::VisibilityLevel::INTERNAL }
+
+            it 'returns a 404 status' do
+              do_post
+
+              expect(response).to have_gitlab_http_status(404)
+            end
+          end
+
+          context 'with a private project' do
+            let(:visibility) { Gitlab::VisibilityLevel::PRIVATE }
+
+            it 'returns a 404 status' do
+              do_post
+
+              expect(response).to have_gitlab_http_status(404)
+            end
+          end
+        end
+      end
+    end
+  end
+end

ee/spec/services/ci_cd/github_setup_service_spec.rb

+require 'spec_helper'
+
+describe CiCd::GithubSetupService do
+  let(:project) { create(:project) }
+
+  subject do
+    described_class.new(project)
+  end
+
+  describe '#execute' do
+    it 'creates the webhook in the background' do
+      expect(CreateGithubWebhookWorker).to receive(:perform_async).with(project.id)
+
+      subject.execute
+    end
+  end
+end

ee/spec/services/ci_cd/setup_project_spec.rb

+require 'spec_helper'
+
+describe CiCd::SetupProject do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, creator: user, import_type: 'github', import_url: 'http://foo.com') }
+
+  subject do
+    described_class.new(project, project.creator)
+  end
+
+  before do
+    allow(CiCd::GithubSetupService).to receive_message_chain(:new, :execute)
+  end
+
+  it 'sets up pull mirroring on the project' do
+    subject.execute
+
+    expect(project.mirror).to be_truthy
+    expect(project.mirror_trigger_builds).to be_truthy
+    expect(project.mirror_user_id).to eq(user.id)
+  end
+
+  it 'disables some features' do
+    subject.execute
+
+    project_feature = project.project_feature
+
+    expect(project.container_registry_enabled).to be_falsey
+
+    expect(project_feature).not_to be_issues_enabled
+    expect(project_feature).not_to be_merge_requests_enabled
+    expect(project_feature).not_to be_wiki_enabled
+    expect(project_feature.snippets_access_level).to eq(ProjectFeature::DISABLED)
+  end
+
+  context 'when import_url is blank' do
+    before do
+      project.update_attribute(:import_url, nil)
+    end
+
+    it "doesn't update the project" do
+      expect(project).not_to receive(:update_project)
+      expect(project).not_to receive(:disable_project_features)
+
+      subject.execute
+    end
+  end
+
+  describe '#setup_external_service' do
+    context 'when import_type is missing' do
+      it "does not invoke the service class" do
+        project.update_attribute(:import_type, nil)
+
+        expect(CiCd::GithubSetupService).not_to receive(:new)
+
+        subject.execute
+      end
+    end
+
+    context "when importer doesn't require extra setup" do
+      it "does not invoke the service class" do
+        allow(Gitlab::GithubImport::ParallelImporter).to receive(:requires_ci_cd_setup?).and_return(false)
+
+        expect(CiCd::GithubSetupService).not_to receive(:new)
+
+        subject.execute
+      end
+    end
+
+    context 'whem importer requires extra setup' do
+      it 'invokes the custom service class' do
+        expect(CiCd::GithubSetupService).to receive_message_chain(:new, :execute)
+
+        subject.execute
+      end
+    end
+  end
+end

ee/spec/services/projects/create_service_spec.rb

@@ -23,7 +23,7 @@ describe Projects::CreateService, '#execute' do
       end
 
       it 'calls the service to setup CI/CD on the project' do
-        expect(Projects::SetupCiCd).to receive_message_chain(:new, :execute)
+        expect(CiCd::SetupProject).to receive_message_chain(:new, :execute)
 
         create_project(user, opts)
       end
@@ -35,7 +35,7 @@ describe Projects::CreateService, '#execute' do
       end
 
       it "doesn't call the service to setup CI/CD on the project" do
-        expect(Projects::SetupCiCd).not_to receive(:new)
+        expect(CiCd::SetupProject).not_to receive(:new)
 
         create_project(user, opts)
       end

ee/spec/workers/create_github_webhook_worker_spec.rb

+require 'spec_helper'
+
+describe CreateGithubWebhookWorker do
+  include GrapeRouteHelpers::NamedRouteMatcher
+
+  let(:project) do
+    create(:project,
+           import_source: 'foo/bar',
+           import_type: 'github',
+           import_data_attributes: { credentials: { user: 'gh_token' } })
+  end
+
+  subject do
+    described_class.new
+  end
+
+  describe '#perform' do
+    before do
+      project.ensure_external_webhook_token
+      project.save
+    end
+
+    it 'creates the webhook' do
+      expect_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:create_hook)
+        .with(
+          'foo/bar',
+          'web',
+          {
+            url: "http://localhost#{api_v4_projects_mirror_pull_path(id: project.id)}",
+            content_type: 'json',
+            secret: project.external_webhook_token,
+            insecure_ssl: 1
+          },
+          {
+            events: ['push'],
+            active: true
+          }
+        )
+
+      subject.perform(project.id)
+    end
+  end
+end

lib/api/api.rb

@@ -194,6 +194,7 @@ module API
     mount ::API::Ldap
     mount ::API::LdapGroupLinks
     mount ::API::License
+    mount ::API::ProjectMirror
     mount ::API::ProjectPushRule
     ## EE-specific API V4 endpoints END
 

lib/api/projects.rb

@@ -495,17 +495,6 @@ module API
           conflict!(error.message)
         end
       end
-
-      desc 'Triggers a pull mirror operation'
-      post ":id/mirror/pull" do
-        authorize_admin_project
-
-        return render_api_error!('The project is not mirrored', 400) unless user_project.mirror?
-
-        user_project.force_import_job!
-
-        status 200
-      end
     end
   end
 end

lib/gitlab/github_import/parallel_importer.rb

@@ -5,6 +5,8 @@ module Gitlab
     # The ParallelImporter schedules the importing of a GitHub project using
     # Sidekiq.
     class ParallelImporter
+      prepend ::EE::Gitlab::GithubImport::ParallelImporter
+
       attr_reader :project
 
       def self.async?

lib/gitlab/legacy_github_import/project_creator.rb

@@ -12,9 +12,8 @@ module Gitlab
         @type = type
       end
 
-      def execute
-        ::Projects::CreateService.new(
-          current_user,
+      def execute(extra_attrs = {})
+        attrs = {
           name: name,
           path: name,
           description: repo.description,
@@ -24,7 +23,9 @@ module Gitlab
           import_source: repo.full_name,
           import_url: import_url,
           skip_wiki: skip_wiki
-        ).execute
+        }.merge!(extra_attrs)
+
+        ::Projects::CreateService.new(current_user, attrs).execute
       end
 
       private

locale/gitlab.pot

@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gitlab 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-03-05 14:09-0600\n"
-"PO-Revision-Date: 2018-03-05 14:09-0600\n"
+"POT-Creation-Date: 2018-03-05 14:35-0600\n"
+"PO-Revision-Date: 2018-03-05 14:35-0600\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -228,6 +228,12 @@ msgstr ""
 msgid "Allows you to add and manage Kubernetes clusters."
 msgstr ""
 
+msgid "Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect."
+msgstr ""
+
+msgid "Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import."
+msgstr ""
+
 msgid "An error occurred previewing the blob"
 msgstr ""
 
@@ -683,6 +689,12 @@ msgstr ""
 msgid "Choose which groups you wish to synchronize to this secondary node."
 msgstr ""
 
+msgid "Choose which repositories you want to connect and run CI/CD pipelines."
+msgstr ""
+
+msgid "Choose which repositories you want to import."
+msgstr ""
+
 msgid "Choose which shards you wish to synchronize to this secondary node."
 msgstr ""
 
@@ -1173,6 +1185,15 @@ msgstr ""
 msgid "Confidentiality"
 msgstr ""
 
+msgid "Connect"
+msgstr ""
+
+msgid "Connect all repositories"
+msgstr ""
+
+msgid "Connect repositories from GitHub"
+msgstr ""
+
 msgid "Connect your external repositories, and CI/CD pipelines will run for new commits. A GitLab project will be created with only CI/CD features enabled."
 msgstr ""
 
@@ -1439,6 +1460,9 @@ msgstr ""
 msgid "Don't show again"
 msgstr ""
 
+msgid "Done"
+msgstr ""
+
 msgid "Download"
 msgstr ""
 
@@ -1634,6 +1658,9 @@ msgstr ""
 msgid "ExternalAuthorizationService|When no classification label is set the default label `%{default_label}` will be used."
 msgstr ""
 
+msgid "Failed"
+msgstr ""
+
 msgid "Failed Jobs"
 msgstr ""
 
@@ -1699,6 +1726,9 @@ msgstr ""
 msgid "Format"
 msgstr ""
 
+msgid "From %{provider_title}"
+msgstr ""
+
 msgid "From issue creation until deploy to production"
 msgstr ""
 
@@ -1840,6 +1870,9 @@ msgstr ""
 msgid "Git version"
 msgstr ""
 
+msgid "GitHub import"
+msgstr ""
+
 msgid "GitLab Runner section"
 msgstr ""
 
@@ -1983,9 +2016,18 @@ msgstr ""
 msgid "If your HTTP repository is not publicly accessible, add authentication information to the URL: <code>https://username:password@gitlab.company.com/group/project.git</code>."
 msgstr ""
 
+msgid "Import"
+msgstr ""
+
+msgid "Import all repositories"
+msgstr ""
+
 msgid "Import in progress"
 msgstr ""
 
+msgid "Import repositories from GitHub"
+msgstr ""
+
 msgid "Import repository"
 msgstr ""
 
@@ -2173,6 +2215,9 @@ msgstr ""
 msgid "List"
 msgstr ""
 
+msgid "List your GitHub repositories"
+msgstr ""
+
 msgid "Loading the GitLab IDE..."
 msgstr ""
 
@@ -2391,6 +2436,18 @@ msgstr ""
 msgid "Note that the master branch is automatically protected. %{link_to_protected_branches}"
 msgstr ""
 
+msgid "Note: As an administrator you may like to configure %{github_integration_link}, which will allow login via GitHub and allow connecting repositories without generating a Personal Access Token."
+msgstr ""
+
+msgid "Note: As an administrator you may like to configure %{github_integration_link}, which will allow login via GitHub and allow importing repositories without generating a Personal Access Token."
+msgstr ""
+
+msgid "Note: Consider asking your GitLab administrator to configure %{github_integration_link}, which will allow login via GitHub and allow connecting repositories without generating a Personal Access Token."
+msgstr ""
+
+msgid "Note: Consider asking your GitLab administrator to configure %{github_integration_link}, which will allow login via GitHub and allow importing repositories without generating a Personal Access Token."
+msgstr ""
+
 msgid "Notification events"
 msgstr ""
 
@@ -2520,6 +2577,9 @@ msgstr ""
 msgid "Password"
 msgstr ""
 
+msgid "Personal Access Token"
+msgstr ""
+
 msgid "Pipeline"
 msgstr ""
 
@@ -3023,6 +3083,9 @@ msgstr ""
 msgid "Schedule a new pipeline"
 msgstr ""
 
+msgid "Scheduled"
+msgstr ""
+
 msgid "Schedules"
 msgstr ""
 
@@ -3319,6 +3382,12 @@ msgstr ""
 msgid "Start the Runner!"
 msgstr ""
 
+msgid "Started"
+msgstr ""
+
+msgid "Status"
+msgstr ""
+
 msgid "Stopped"
 msgstr ""
 
@@ -3757,9 +3826,24 @@ msgstr ""
 msgid "Title"
 msgstr ""
 
+msgid "To GitLab"
+msgstr ""
+
+msgid "To connect GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect."
+msgstr ""
+
+msgid "To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:"
+msgstr ""
+
 msgid "To connect an SVN repository, check out %{svn_link}."
 msgstr ""
 
+msgid "To import GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import."
+msgstr ""
+
+msgid "To import GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:"
+msgstr ""
+
 msgid "To import an SVN repository, check out %{svn_link}."
 msgstr ""
 
@@ -4216,6 +4300,9 @@ msgstr ""
 msgid "confidentiality|You are going to turn on the confidentiality. This means that only team members with <strong>at least Reporter access</strong> are able to see and leave comments on the issue."
 msgstr ""
 
+msgid "connecting"
+msgstr ""
+
 msgid "day"
 msgid_plural "days"
 msgstr[0] ""
@@ -4227,6 +4314,9 @@ msgstr ""
 msgid "here"
 msgstr ""
 
+msgid "importing"
+msgstr ""
+
 msgid "is invalid because there is downstream lock"
 msgstr ""
 

spec/features/projects/new_project_spec.rb

@@ -173,11 +173,11 @@ feature 'New project' do
 
     context 'from GitHub' do
       before do
-        first('.import_github').click
+        first('.js-import-github').click
       end
 
       it 'shows import instructions' do
-        expect(page).to have_content('Import Projects from GitHub')
+        expect(page).to have_content('Import repositories from GitHub')
         expect(current_path).to eq new_import_github_path
       end
     end

spec/javascripts/importer_status_spec.js

@@ -29,7 +29,10 @@ describe('Importer Status', () => {
       `);
       spyOn(ImporterStatus.prototype, 'initStatusPage').and.callFake(() => {});
       spyOn(ImporterStatus.prototype, 'setAutoUpdate').and.callFake(() => {});
-      instance = new ImporterStatus('', importUrl);
+      instance = new ImporterStatus({
+        jobsUrl: '',
+        importUrl,
+      });
     });
 
     it('sets table row to active after post request', (done) => {
@@ -65,7 +68,9 @@ describe('Importer Status', () => {
 
       spyOn(ImporterStatus.prototype, 'initStatusPage').and.callFake(() => {});
       spyOn(ImporterStatus.prototype, 'setAutoUpdate').and.callFake(() => {});
-      instance = new ImporterStatus(jobsUrl);
+      instance = new ImporterStatus({
+        jobsUrl,
+      });
     });
 
     function setupMock(importStatus) {
@@ -86,17 +91,17 @@ describe('Importer Status', () => {
 
     it('sets the job status to done', (done) => {
       setupMock('finished');
-      expectJobStatus(done, 'done');
+      expectJobStatus(done, 'Done');
     });
 
     it('sets the job status to scheduled', (done) => {
       setupMock('scheduled');
-      expectJobStatus(done, 'scheduled');
+      expectJobStatus(done, 'Scheduled');
     });
 
     it('sets the job status to started', (done) => {
       setupMock('started');
-      expectJobStatus(done, 'started');
+      expectJobStatus(done, 'Started');
     });
 
     it('sets the job status to custom status', (done) => {

spec/lib/gitlab/import_export/safe_model_attributes.yml

@@ -474,6 +474,7 @@ Project:
 - merge_requests_rebase_enabled
 - jobs_cache_index
 - external_authorization_classification_label
+- external_webhook_token
 Author:
 - name
 ProjectFeature:

spec/requests/api/projects_spec.rb

@@ -1952,146 +1952,6 @@ describe API::Projects do
     end
   end
 
-  describe 'POST /projects/:id/mirror/pull' do
-    context 'when the project is not mirrored' do
-      it 'returns error' do
-        allow(project).to receive(:mirror?).and_return(false)
-
-        post api("/projects/#{project.id}/mirror/pull", user)
-
-        expect(response).to have_gitlab_http_status(400)
-      end
-    end
-
-    context 'when the project is mirrored' do
-      before do
-        allow_any_instance_of(Projects::UpdateMirrorService).to receive(:execute).and_return(status: :success)
-      end
-
-      context 'when import state is' do
-        def project_in_state(state)
-          project = create(:project, :repository, :mirror, state, namespace: user.namespace)
-          project.mirror_data.update_attributes(next_execution_timestamp: 10.minutes.from_now)
-          project
-        end
-
-        it 'none it triggers the pull mirroring operation' do
-          project = project_in_state(:import_none)
-
-          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
-
-          post api("/projects/#{project.id}/mirror/pull", user)
-
-          expect(response).to have_gitlab_http_status(200)
-        end
-
-        it 'failed it triggers the pull mirroring operation' do
-          project = project_in_state(:import_failed)
-
-          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
-
-          post api("/projects/#{project.id}/mirror/pull", user)
-
-          expect(response).to have_gitlab_http_status(200)
-        end
-
-        it 'finished it triggers the pull mirroring operation' do
-          project = project_in_state(:import_finished)
-
-          expect(UpdateAllMirrorsWorker).to receive(:perform_async).once
-
-          post api("/projects/#{project.id}/mirror/pull", user)
-
-          expect(response).to have_gitlab_http_status(200)
-        end
-
-        it 'scheduled does not trigger the pull mirroring operation and returns 200' do
-          project = project_in_state(:import_scheduled)
-
-          expect(UpdateAllMirrorsWorker).not_to receive(:perform_async)
-
-          post api("/projects/#{project.id}/mirror/pull", user)
-
-          expect(response).to have_gitlab_http_status(200)
-        end
-
-        it 'started does not trigger the pull mirroring operation and returns 200' do
-          project = project_in_state(:import_started)
-
-          expect(UpdateAllMirrorsWorker).not_to receive(:perform_async)
-
-          post api("/projects/#{project.id}/mirror/pull", user)
-
-          expect(response).to have_gitlab_http_status(200)
-        end
-      end
-
-      context 'when user' do
-        let(:project_mirrored) { create(:project, :repository, :mirror, :import_finished, namespace: user.namespace) }
-
-        def project_member(role, user)
-          create(:project_member, role, user: user, project: project_mirrored)
-        end
-
-        context 'is unauthenticated' do
-          it 'returns authentication error' do
-            post api("/projects/#{project_mirrored.id}/mirror/pull")
-
-            expect(response).to have_gitlab_http_status(401)
-          end
-        end
-
-        context 'is authenticated as developer' do
-          it 'returns forbidden error' do
-            project_member(:developer, user3)
-
-            post api("/projects/#{project_mirrored.id}/mirror/pull", user3)
-
-            expect(response).to have_gitlab_http_status(403)
-          end
-        end
-
-        context 'is authenticated as reporter' do
-          it 'returns forbidden error' do
-            project_member(:reporter, user3)
-
-            post api("/projects/#{project_mirrored.id}/mirror/pull", user3)
-
-            expect(response).to have_gitlab_http_status(403)
-          end
-        end
-
-        context 'is authenticated as guest' do
-          it 'returns forbidden error' do
-            project_member(:guest, user3)
-
-            post api("/projects/#{project_mirrored.id}/mirror/pull", user3)
-
-            expect(response).to have_gitlab_http_status(403)
-          end
-        end
-
-        context 'is authenticated as master' do
-          it 'triggers the pull mirroring operation' do
-            project_member(:master, user3)
-
-            post api("/projects/#{project_mirrored.id}/mirror/pull", user3)
-
-            expect(response).to have_gitlab_http_status(200)
-          end
-        end
-
-        context 'is authenticated as owner' do
-          it 'triggers the pull mirroring operation' do
-            post api("/projects/#{project_mirrored.id}/mirror/pull", user)
-
-            expect(response).to have_gitlab_http_status(200)
-          end
-        end
-      end
-    end
-  end
-
   it_behaves_like 'custom attributes endpoints', 'projects' do
     let(:attributable) { project }
     let(:other_attributable) { project2 }