Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-10-24

# Conflicts:
#	.gitlab-ci.yml
#	app/helpers/groups_helper.rb
#	app/views/layouts/_page.html.haml
#	doc/ci/yaml/README.md
#	doc/topics/autodevops/index.md
#	locale/gitlab.pot

[ci skip]

.gitlab-ci.yml

@@ -80,6 +80,7 @@ stages:
     - mysql:5.7
     - redis:alpine
 
+<<<<<<< HEAD
 # BEGIN EE-only service helpers
 
 .use-pg-9-6: &use-pg-9-6
@@ -106,6 +107,8 @@ stages:
 
 # END EE-only service helpers
 
+=======
+>>>>>>> upstream/master
 .rails5: &rails5
   allow_failure: true
   only:
@@ -1192,5 +1195,9 @@ schedule:review_apps_cleanup:
       - schedules@gitlab-org/gitlab-ee
     kubernetes: active
   except:
+<<<<<<< HEAD
+=======
+    - master
+>>>>>>> upstream/master
     - tags
     - /(^docs[\/-].*|.*-docs$)/

.gitlab/issue_templates/Security developer workflow.md

@@ -16,7 +16,6 @@ Set the title to: `[Security] Description of the original issue`
 - [ ] Add a link to the MR to the [links section](#links)
 - [ ] Add a link to an EE MR if required
 - [ ] Make sure the MR remains in-progress and gets approved after the review cycle, **but never merged**.
-- [ ] Assign the MR to a RM once is reviewed and ready to be merged. Check the [RM list] to see who to ping.
 
 #### Backports
 
@@ -26,7 +25,8 @@ Set the title to: `[Security] Description of the original issue`
     - [ ] Create the branch `security-X-Y` from `X-Y-stable` if it doesn't exist (and make sure it's up to date with stable)
     - [ ] Create each MR targetting the security branch `security-X-Y`
     - [ ] Add the ~security label and prefix with the version `WIP: [X.Y]` the title of the MR
-- [ ] Make sure all MRs have a link in the [links section](#links) and are assigned to a Release Manager.
+- [ ] Add the ~"Merge into Security" label to all of the MRs.
+- [ ] Make sure all MRs have a link in the [links section](#links)
 
 [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script
 

Gemfile

@@ -432,8 +432,7 @@ end
 gem 'gitaly-proto', '~> 0.118.1', require: 'gitaly'
 gem 'grpc', '~> 1.15.0'
 
-# Locked until https://github.com/google/protobuf/issues/4210 is closed
-gem 'google-protobuf', '= 3.5.1'
+gem 'google-protobuf', '~> 3.6'
 
 gem 'toml-rb', '~> 1.0.0', require: false
 

Gemfile.lock

@@ -328,7 +328,7 @@ GEM
       mime-types (~> 3.0)
       representable (~> 3.0)
       retriable (>= 2.0, < 4.0)
-    google-protobuf (3.5.1)
+    google-protobuf (3.6.1)
     googleapis-common-protos-types (1.0.2)
       google-protobuf (~> 3.0)
     googleauth (0.6.6)
@@ -1040,7 +1040,7 @@ DEPENDENCIES
   gitlab_omniauth-ldap (~> 2.0.4)
   gon (~> 6.2)
   google-api-client (~> 0.23)
-  google-protobuf (= 3.5.1)
+  google-protobuf (~> 3.6)
   gpgme
   grape (~> 1.1)
   grape-entity (~> 0.7.1)

Gemfile.rails5.lock

@@ -331,7 +331,7 @@ GEM
       mime-types (~> 3.0)
       representable (~> 3.0)
       retriable (>= 2.0, < 4.0)
-    google-protobuf (3.5.1)
+    google-protobuf (3.6.1)
     googleapis-common-protos-types (1.0.2)
       google-protobuf (~> 3.0)
     googleauth (0.6.6)
@@ -1049,7 +1049,7 @@ DEPENDENCIES
   gitlab_omniauth-ldap (~> 2.0.4)
   gon (~> 6.2)
   google-api-client (~> 0.23)
-  google-protobuf (= 3.5.1)
+  google-protobuf (~> 3.6)
   gpgme
   grape (~> 1.1)
   grape-entity (~> 0.7.1)

app/assets/javascripts/activities.js

@@ -6,10 +6,12 @@ import Pager from './pager';
 import { localTimeAgo } from './lib/utils/datetime_utility';
 
 export default class Activities {
-  constructor() {
-    Pager.init(20, true, false, data => data, this.updateTooltips);
+  constructor(container = '') {
+    this.container = container;
 
-    $('.event-filter-link').on('click', (e) => {
+    Pager.init(20, true, false, data => data, this.updateTooltips, this.container);
+
+    $('.event-filter-link').on('click', e => {
       e.preventDefault();
       this.toggleFilter(e.currentTarget);
       this.reloadActivities();
@@ -22,7 +24,7 @@ export default class Activities {
 
   reloadActivities() {
     $('.content_list').html('');
-    Pager.init(20, true, false, data => data, this.updateTooltips);
+    Pager.init(20, true, false, data => data, this.updateTooltips, this.container);
   }
 
   toggleFilter(sender) {

app/assets/javascripts/diffs/components/tree_list.vue

 <script>
 import { mapActions, mapGetters, mapState } from 'vuex';
+import { TooltipDirective as Tooltip } from '@gitlab-org/gitlab-ui';
+import { convertPermissionToBoolean } from '~/lib/utils/common_utils';
 import Icon from '~/vue_shared/components/icon.vue';
 import FileRow from '~/vue_shared/components/file_row.vue';
 import FileRowStats from './file_row_stats.vue';
 
+const treeListStorageKey = 'mr_diff_tree_list';
+
 export default {
+  directives: {
+    Tooltip,
+  },
   components: {
     Icon,
     FileRow,
   },
   data() {
+    const treeListStored = localStorage.getItem(treeListStorageKey);
+    const renderTreeList = treeListStored !== null ?
+      convertPermissionToBoolean(treeListStored) : true;
+
     return {
       search: '',
+      renderTreeList,
+      focusSearch: false,
     };
   },
   computed: {
@@ -20,15 +33,35 @@ export default {
     filteredTreeList() {
       const search = this.search.toLowerCase().trim();
 
-      if (search === '') return this.tree;
+      if (search === '') return this.renderTreeList ? this.tree : this.allBlobs;
 
       return this.allBlobs.filter(f => f.name.toLowerCase().indexOf(search) >= 0);
     },
+    rowDisplayTextKey() {
+      if (this.renderTreeList && this.search.trim() === '') {
+        return 'name';
+      }
+
+      return 'path';
+    },
   },
   methods: {
     ...mapActions('diffs', ['toggleTreeOpen', 'scrollToFile']),
     clearSearch() {
       this.search = '';
+      this.toggleFocusSearch(false);
+    },
+    toggleRenderTreeList(toggle) {
+      this.renderTreeList = toggle;
+      localStorage.setItem(treeListStorageKey, this.renderTreeList);
+    },
+    toggleFocusSearch(toggle) {
+      this.focusSearch = toggle;
+    },
+    blurSearch() {
+      if (this.search.trim() === '') {
+        this.toggleFocusSearch(false);
+      }
     },
   },
   FileRowStats,
@@ -37,28 +70,67 @@ export default {
 
 <template>
   <div class="tree-list-holder d-flex flex-column">
-    <div class="append-bottom-8 position-relative tree-list-search">
-      <icon
-        name="search"
-        class="position-absolute tree-list-icon"
-      />
-      <input
-        v-model="search"
-        :placeholder="s__('MergeRequest|Filter files')"
-        type="search"
-        class="form-control"
-      />
-      <button
-        v-show="search"
-        :aria-label="__('Clear search')"
-        type="button"
-        class="position-absolute tree-list-icon tree-list-clear-icon border-0 p-0"
-        @click="clearSearch"
-      >
+    <div class="append-bottom-8 position-relative tree-list-search d-flex">
+      <div class="flex-fill d-flex">
         <icon
-          name="close"
+          name="search"
+          class="position-absolute tree-list-icon"
+        />
+        <input
+          v-model="search"
+          :placeholder="s__('MergeRequest|Filter files')"
+          type="search"
+          class="form-control"
+          @focus="toggleFocusSearch(true)"
+          @blur="blurSearch"
         />
-      </button>
+        <button
+          v-show="search"
+          :aria-label="__('Clear search')"
+          type="button"
+          class="position-absolute bg-transparent tree-list-icon tree-list-clear-icon border-0 p-0"
+          @click="clearSearch"
+        >
+          <icon
+            name="close"
+          />
+        </button>
+      </div>
+      <div
+        v-show="!focusSearch"
+        class="btn-group prepend-left-8 tree-list-view-toggle"
+      >
+        <button
+          v-tooltip.hover
+          :aria-label="__('List view')"
+          :title="__('List view')"
+          :class="{
+            active: !renderTreeList
+          }"
+          class="btn btn-default pt-0 pb-0 d-flex align-items-center"
+          type="button"
+          @click="toggleRenderTreeList(false)"
+        >
+          <icon
+            name="hamburger"
+          />
+        </button>
+        <button
+          v-tooltip.hover
+          :aria-label="__('Tree view')"
+          :title="__('Tree view')"
+          :class="{
+            active: renderTreeList
+          }"
+          class="btn btn-default pt-0 pb-0 d-flex align-items-center"
+          type="button"
+          @click="toggleRenderTreeList(true)"
+        >
+          <icon
+            name="file-tree"
+          />
+        </button>
+      </div>
     </div>
     <div
       class="tree-list-scroll"
@@ -72,6 +144,8 @@ export default {
           :hide-extra-on-tree="true"
           :extra-component="$options.FileRowStats"
           :show-changed-icon="true"
+          :display-text-key="rowDisplayTextKey"
+          :should-truncate-start="true"
           @toggleTreeOpen="toggleTreeOpen"
           @clickFile="scrollToFile"
         />

app/assets/javascripts/jobs/components/job_container_item.vue

 <script>
-import _ from 'underscore';
 import CiIcon from '~/vue_shared/components/ci_icon.vue';
 import Icon from '~/vue_shared/components/icon.vue';
 import tooltip from '~/vue_shared/directives/tooltip';
@@ -9,11 +8,9 @@ export default {
     CiIcon,
     Icon,
   },
-
   directives: {
     tooltip,
   },
-
   props: {
     job: {
       type: Object,
@@ -24,10 +21,9 @@ export default {
       required: true,
     },
   },
-
   computed: {
     tooltipText() {
-      return `${_.escape(this.job.name)} - ${this.job.status.tooltip}`;
+      return `${this.job.name} - ${this.job.status.tooltip}`;
     },
   },
 };
@@ -36,7 +32,10 @@ export default {
 <template>
   <div
     class="build-job"
-    :class="{ retried: job.retried, active: isActive }"
+    :class="{
+      retried: job.retried,
+      active: isActive
+    }"
   >
     <a
       v-tooltip

app/assets/javascripts/pager.js

@@ -7,14 +7,21 @@ const ENDLESS_SCROLL_BOTTOM_PX = 400;
 const ENDLESS_SCROLL_FIRE_DELAY_MS = 1000;
 
 export default {
-  init(limit = 0, preload = false, disable = false, prepareData = $.noop, callback = $.noop) {
+  init(
+    limit = 0,
+    preload = false,
+    disable = false,
+    prepareData = $.noop,
+    callback = $.noop,
+    container = '',
+  ) {
     this.url = $('.content_list').data('href') || removeParams(['limit', 'offset']);
     this.limit = limit;
     this.offset = parseInt(getParameterByName('offset'), 10) || this.limit;
     this.disable = disable;
     this.prepareData = prepareData;
     this.callback = callback;
-    this.loading = $('.loading').first();
+    this.loading = $(`${container} .loading`).first();
     if (preload) {
       this.offset = 0;
       this.getOld();

app/assets/javascripts/pages/users/user_tabs.js

@@ -170,7 +170,7 @@ export default class UserTabs {
     this.loadActivityCalendar('activity');
 
     // eslint-disable-next-line no-new
-    new Activities();
+    new Activities('#activity');
 
     this.loaded.activity = true;
   }

app/assets/javascripts/vue_shared/components/file_row.vue

@@ -34,10 +34,21 @@ export default {
       required: false,
       default: false,
     },
+    displayTextKey: {
+      type: String,
+      required: false,
+      default: 'name',
+    },
+    shouldTruncateStart: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
   },
   data() {
     return {
       mouseOver: false,
+      truncateStart: 0,
     };
   },
   computed: {
@@ -60,6 +71,15 @@ export default {
         'is-open': this.file.opened,
       };
     },
+    outputText() {
+      const text = this.file[this.displayTextKey];
+
+      if (this.truncateStart === 0) {
+        return text;
+      }
+
+      return `...${text.substring(this.truncateStart, text.length)}`;
+    },
   },
   watch: {
     'file.active': function fileActiveWatch(active) {
@@ -72,6 +92,15 @@ export default {
     if (this.hasPathAtCurrentRoute()) {
       this.scrollIntoView(true);
     }
+
+    if (this.shouldTruncateStart) {
+      const { scrollWidth, offsetWidth } = this.$refs.textOutput;
+      const textOverflow = scrollWidth - offsetWidth;
+
+      if (textOverflow > 0) {
+        this.truncateStart = Math.ceil(textOverflow / 5) + 3;
+      }
+    }
   },
   methods: {
     toggleTreeOpen(path) {
@@ -139,6 +168,7 @@ export default {
         class="file-row-name-container"
       >
         <span
+          ref="textOutput"
           :style="levelIndentation"
           class="file-row-name str-truncated"
         >
@@ -156,7 +186,7 @@ export default {
             :size="16"
             class="append-right-5"
           />
-          {{ file.name }}
+          {{ outputText }}
         </span>
         <component
           :is="extraComponent"
@@ -175,6 +205,8 @@ export default {
         :hide-extra-on-tree="hideExtraOnTree"
         :extra-component="extraComponent"
         :show-changed-icon="showChangedIcon"
+        :display-text-key="displayTextKey"
+        :should-truncate-start="shouldTruncateStart"
         @toggleTreeOpen="toggleTreeOpen"
         @clickFile="clickedFile"
       />

app/assets/stylesheets/framework/common.scss

@@ -334,6 +334,14 @@ img.emoji {
   }
 }
 
+.outline-0 {
+  outline: 0;
+
+  &:focus {
+    outline: 0;
+  }
+}
+
 /** COMMON CLASSES **/
 .prepend-top-0 { margin-top: 0; }
 .prepend-top-2 { margin-top: 2px; }
@@ -373,3 +381,5 @@ img.emoji {
 .flex-align-self-center { align-self: center; }
 .flex-grow { flex-grow: 1; }
 .flex-no-shrink { flex-shrink: 0; }
+.mw-460 { max-width: 460px; }
+.ws-initial { white-space: initial; }

app/assets/stylesheets/framework/secondary_navigation_elements.scss

@@ -37,6 +37,7 @@
 
     button {
       padding-top: 0;
+      background-color: transparent;
     }
 
     &.active a,

app/assets/stylesheets/pages/diff.scss

@@ -1027,8 +1027,12 @@
   overflow-x: auto;
 }
 
-.tree-list-search .form-control {
-  padding-left: 30px;
+.tree-list-search {
+  flex: 0 0 34px;
+
+  .form-control {
+    padding-left: 30px;
+  }
 }
 
 .tree-list-icon {
@@ -1063,3 +1067,9 @@
     }
   }
 }
+
+.tree-list-view-toggle {
+  svg {
+    top: 0;
+  }
+}

app/helpers/groups_helper.rb

 # frozen_string_literal: true
 
 module GroupsHelper
+<<<<<<< HEAD
   prepend EE::GroupsHelper
 
+=======
+>>>>>>> upstream/master
   def group_overview_nav_link_paths
     %w[
       groups#show

app/views/layouts/_page.html.haml

@@ -8,7 +8,10 @@
       = render "layouts/header/ee_license_banner"
       = render "layouts/broadcast"
       = render "layouts/header/read_only_banner"
+<<<<<<< HEAD
       = render "layouts/nav/ee/classification_level_banner"
+=======
+>>>>>>> upstream/master
       = yield :flash_message
       = render "shared/ping_consent"
       - unless @hide_breadcrumbs

changelogs/unreleased/53013-duplicate-escape.yml

+---
+title: Remove duplicate escape in job sidebar
+merge_request:
+author:
+type: fixed

changelogs/unreleased/53023-endless-scroll-loader-is-visible-on-user-profile-overview-page.yml

+title: Adds container to pager to enable scoping
+merge_request: 22529
+? author
+type: other

changelogs/unreleased/gt-add-transparent-background-to-markdown-header-tabs.yml

+---
+title: Add transparent background to markdown header tabs
+merge_request: 22565
+author: George Tsiolis
+type: fixed

changelogs/unreleased/mr-file-list.yml

+---
+title: Switch between tree list & file list in diffs file browser
+merge_request: 22191
+author:
+type: added

danger/specs/Dangerfile

+# frozen_string_literal: true
+
 NO_SPECS_LABELS = %w[backstage Documentation QA].freeze
 NO_NEW_SPEC_MESSAGE = <<~MSG.freeze
 You've made some app changes, but didn't add any tests.
@@ -9,8 +11,8 @@ def presented_no_changelog_labels
   NO_SPECS_LABELS.map { |label| "~#{label}" }.join(', ')
 end
 
-has_app_changes = !git.modified_files.grep(%r{\A(ee/)?(app|lib|db/(geo/)?(post_)?migrate)/}).empty?
-has_spec_changes = !git.modified_files.grep(%r{\A(ee/)?spec/}).empty?
+has_app_changes = !helper.all_changed_files.grep(%r{\A(ee/)?(app|lib|db/(geo/)?(post_)?migrate)/}).empty?
+has_spec_changes = !helper.all_changed_files.grep(%r{\A(ee/)?spec/}).empty?
 new_specs_needed = (gitlab.mr_labels & NO_SPECS_LABELS).empty?
 
 if has_app_changes && !has_spec_changes && new_specs_needed

doc/administration/pages/index.md

@@ -242,6 +242,33 @@ verification requirement. Navigate to `Admin area ➔ Settings` and uncheck
 **Require users to prove ownership of custom domains** in the Pages section.
 This setting is enabled by default.
 
+### Access control
+
+Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
+in GitLab 11.5. It can be configured per-project, and allows access to a Pages
+site to be controlled based on a user's membership to that project.
+
+Access control works by registering the Pages daemon as an OAuth application
+with GitLab. Whenever a request to access a private Pages site is made by an
+unauthenticated user, the Pages daemon redirects the user to GitLab. If
+authentication is successful, the user is redirected back to Pages with a token,
+which is persisted in a cookie. The cookies are signed with a secret key, so
+tampering can be detected.
+
+Each request to view a resource in a private site is authenticated by Pages
+using that token. For each request it receives, it makes a request to the GitLab
+API to check that the user is authorized to read that site.
+
+Pages access control is currently disabled by default. To enable it, you must:
+
+1. Enable it in `/etc/gitlab/gitlab.rb`
+
+    ```ruby
+    gitlab_pages['access_control'] = true
+    ```
+
+1. [Reconfigure GitLab][reconfigure]
+
 ## Activate verbose logging for daemon
 
 Verbose logging was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2533) in

doc/administration/pages/source.md

@@ -391,6 +391,44 @@ the first one with a backslash (\). For example `pages.example.io` would be:
 server_name ~^.*\.pages\.example\.io$;
 ```
 
+## Access control
+
+Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
+in GitLab 11.5. It can be configured per-project, and allows access to a Pages
+site to be controlled based on a user's membership to that project.
+
+Access control works by registering the Pages daemon as an OAuth application
+with GitLab. Whenever a request to access a private Pages site is made by an
+unauthenticated user, the Pages daemon redirects the user to GitLab. If
+authentication is successful, the user is redirected back to Pages with a token,
+which is persisted in a cookie. The cookies are signed with a secret key, so
+tampering can be detected.
+
+Each request to view a resource in a private site is authenticated by Pages
+using that token. For each request it receives, it makes a request to the GitLab
+API to check that the user is authorized to read that site.
+
+Pages access control is currently disabled by default. To enable it, you must:
+
+1. Modify your `config/gitlab.yml` file:
+    ```yaml
+    pages:
+      access_control: true
+    ```
+1. [Restart GitLab][restart]
+1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile)
+   This should be called `GitLab Pages` and have a `Redirect URL` of
+   `https://projects.example.io/auth`. It does not need to be a "trusted"
+   application, but it does need the "api" scope.
+1. Start the Pages daemon with the following additional arguments:
+
+    ```shell
+      -auth-client-secret <OAuth code generated by GitLab> \
+      -auth-redirect-uri http://projects.example.io/auth \
+      -auth-secret <40 random hex characters> \
+      -auth-server <URL of the GitLab instance>
+    ```
+
 ## Change storage path
 
 Follow the steps below to change the default path where GitLab Pages' contents

doc/ci/runners/README.md

@@ -312,7 +312,7 @@ We're always looking for contributions that can mitigate these
 
 If you think that registration token for a Project was revealed, you should
 reset them. It's recommended because such token can be used to register another
-Runner to thi Project. It may be next used to obtain the values of secret
+Runner to the Project. It may be next used to obtain the values of secret
 variables or clone the project code, that normally may be unavailable for the
 attacker.
 

doc/ci/yaml/README.md

@@ -2032,4 +2032,8 @@ CI with various languages.
 [schedules]: ../../user/project/pipelines/schedules.md
 [variables-expressions]: ../variables/README.md#variables-expressions
 [ee]: https://about.gitlab.com/gitlab-ee/
+<<<<<<< HEAD
 [gitlab-versions]: https://about.gitlab.com/products/
+=======
+[gitlab-versions]: https://about.gitlab.com/products/
+>>>>>>> upstream/master

doc/development/feature_flags.md

@@ -112,3 +112,8 @@ feature flag. You can stub a feature flag as follows:
 ```ruby
 stub_feature_flags(my_feature_flag: false)
 ```
+
+## Enabling a feature flag
+
+Check how to [roll out changes using feature flags](rolling_out_changes_using_feature_flags.md).
+

doc/development/i18n/proofreader.md

@@ -20,6 +20,7 @@ are very appreciative of the work done by translators and proofreaders!
 - French
   - Davy Defaud - [GitLab](https://gitlab.com/DevDef), [Crowdin](https://crowdin.com/profile/DevDef)
 - German
+  - Michael Hahnle - [GitLab](https://gitlab.com/mhah), [Crowdin](https://crowdin.com/profile/mhah)
 - Indonesian
   - Ahmad Naufal Mukhtar - [GitLab](https://gitlab.com/anaufalm), [Crowdin](https://crowdin.com/profile/anaufalm)
 - Italian

doc/topics/autodevops/index.md

@@ -320,7 +320,11 @@ created, and is uploaded as an artifact which you can later download and check
 out.
 
 Any differences between the source and target branches are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/code_quality.md).
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html).
+>>>>>>> upstream/master
 
 ### Auto SAST **[ULTIMATE]**
 
@@ -333,8 +337,15 @@ report is created, it's uploaded as an artifact which you can later download and
 check out.
 
 Any security warnings are also
+<<<<<<< HEAD
 [shown in the merge request widget](../../user/project/merge_requests/sast.md).
 
+NOTE: **Note:**
+The Auto SAST stage will be skipped on licenses other than Ultimate.
+=======
+[shown in the merge request widget](https://docs.gitlab.com/ee//user/project/merge_requests/sast.html).
+>>>>>>> upstream/master
+
 NOTE: **Note:**
 The Auto SAST stage will be skipped on licenses other than Ultimate.
 
@@ -354,6 +365,9 @@ Any security warnings are also
 NOTE: **Note:**
 The Auto Dependency Scanning stage will be skipped on licenses other than Ultimate.
 
+NOTE: **Note:**
+The Auto Dependency Scanning stage will be skipped on licenses other than Ultimate.
+
 ### Auto License Management **[ULTIMATE]**
 
 > Introduced in [GitLab Ultimate][ee] 11.0.
@@ -370,6 +384,9 @@ Any licenses are also
 NOTE: **Note:**
 The Auto License Management stage will be skipped on licenses other than Ultimate.
 
+NOTE: **Note:**
+The Auto License Management stage will be skipped on licenses other than Ultimate.
+
 ### Auto Container Scanning
 
 > Introduced in GitLab 10.4.

doc/user/project/repository/branches/index.md

@@ -30,12 +30,12 @@ to learn more.
 
 ## Delete merged branches
 
-> [Introduced][ce-6449] in GitLab 8.14.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6449) in GitLab 8.14.
 
 ![Delete merged branches](img/delete_merged_branches.png)
 
 This feature allows merged branches to be deleted in bulk. Only branches that
-have been merged and [are not protected][protected] will be deleted as part of
+have been merged and [are not protected](../../protected_branches.md) will be deleted as part of
 this operation.
 
 It's particularly useful to clean up old branches that were not deleted
@@ -44,7 +44,7 @@ automatically when a merge request was merged.
 
 ## Branch filter search box
 
-> [Introduced][https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22166] in GitLab 11.5.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22166) in GitLab 11.5.
 
 ![Branch filter search box](img/branch_filter_search_box.png)
 
@@ -57,6 +57,3 @@ Sometimes when you have hundreds of branches you may want a more flexible matchi
 
 - `^feature` will only match branch names that begin with 'feature'.
 - `feature$` will only match branch names that end with 'feature'.
-
-[ce-6449]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6449 "Add button to delete all merged branches"
-[protected]: ../../protected_branches.md

lib/gitlab/ee_compat_check.rb

@@ -286,7 +286,7 @@ module Gitlab
     end
 
     def patch_name_from_branch(branch_name)
-      branch_name.parameterize << '.patch'
+      "#{branch_name.parameterize}.patch"
     end
 
     def patch_url
@@ -434,9 +434,11 @@ module Gitlab
     end
 
     def conflicting_files_msg
-      failed_files.reduce("The conflicts detected were as follows:\n") do |memo, file|
-        memo << "\n        - #{file}"
-      end
+      header = "The conflicts detected were as follows:\n"
+      separator = "\n        - "
+      failed_items = failed_files.join(separator)
+
+      "#{header}#{separator}#{failed_items}"
     end
   end
 end

locale/gitlab.pot

@@ -4679,6 +4679,9 @@ msgstr ""
 msgid "List available repositories"
 msgstr ""
 
+msgid "List view"
+msgstr ""
+
 msgid "List your Bitbucket Server repositories"
 msgstr ""
 
@@ -8280,6 +8283,7 @@ msgstr ""
 msgid "Track time with quick actions"
 msgstr ""
 
+<<<<<<< HEAD
 msgid "Trending"
 msgstr ""
 
@@ -8287,6 +8291,12 @@ msgid "Trigger"
 msgstr ""
 
 msgid "Trigger pipelines for mirror updates"
+=======
+msgid "Tree view"
+msgstr ""
+
+msgid "Trending"
+>>>>>>> upstream/master
 msgstr ""
 
 msgid "Trigger pipelines when branches or tags are updated from the upstream repository. Depending on the activity of the upstream repository, this may greatly increase the load on your CI runners. Only enable this if you know they can handle the load."

package.json

@@ -24,7 +24,7 @@
     "@babel/plugin-syntax-dynamic-import": "^7.0.0",
     "@babel/plugin-syntax-import-meta": "^7.0.0",
     "@babel/preset-env": "^7.1.0",
-    "@gitlab-org/gitlab-svgs": "^1.32.0",
+    "@gitlab-org/gitlab-svgs": "^1.33.0",
     "@gitlab-org/gitlab-ui": "^1.8.0",
     "autosize": "^4.0.0",
     "axios": "^0.17.1",

spec/features/projects/jobs_spec.rb

@@ -151,9 +151,8 @@ describe 'Jobs', :clean_gitlab_redis_shared_state do
       end
 
       it 'renders escaped tooltip name' do
-        page.within('aside.right-sidebar') do
-          expect(find('.active.build-job a')['data-original-title']).to eq('<img src=x onerror=alert(document.domain)> - passed')
-        end
+        page.find('.active.build-job a').hover
+        expect(page).to have_content('<img src=x onerror=alert(document.domain)> - passed')
       end
     end
 

spec/javascripts/diffs/components/tree_list_spec.js

@@ -53,7 +53,7 @@ describe('Diffs tree list component', () => {
           fileHash: 'test',
           key: 'index.js',
           name: 'index.js',
-          path: 'index.js',
+          path: 'app/index.js',
           removedLines: 0,
           tempFile: true,
           type: 'blob',
@@ -104,7 +104,55 @@ describe('Diffs tree list component', () => {
 
       vm.$el.querySelector('.file-row').click();
 
-      expect(vm.$store.dispatch).toHaveBeenCalledWith('diffs/scrollToFile', 'index.js');
+      expect(vm.$store.dispatch).toHaveBeenCalledWith('diffs/scrollToFile', 'app/index.js');
+    });
+
+    it('renders as file list when renderTreeList is false', done => {
+      vm.renderTreeList = false;
+
+      vm.$nextTick(() => {
+        expect(vm.$el.querySelectorAll('.file-row').length).toBe(1);
+
+        done();
+      });
+    });
+
+    it('renders file paths when renderTreeList is false', done => {
+      vm.renderTreeList = false;
+
+      vm.$nextTick(() => {
+        expect(vm.$el.querySelector('.file-row').textContent).toContain('app/index.js');
+
+        done();
+      });
+    });
+
+    it('hides render buttons when input is focused', done => {
+      const focusEvent = new Event('focus');
+
+      vm.$el.querySelector('.form-control').dispatchEvent(focusEvent);
+
+      vm.$nextTick(() => {
+        expect(vm.$el.querySelector('.tree-list-view-toggle').style.display).toBe('none');
+
+        done();
+      });
+    });
+
+    it('shows render buttons when input is blurred', done => {
+      const blurEvent = new Event('blur');
+      vm.focusSearch = true;
+
+      vm.$nextTick()
+        .then(() => {
+          vm.$el.querySelector('.form-control').dispatchEvent(blurEvent);
+        })
+        .then(vm.$nextTick)
+        .then(() => {
+          expect(vm.$el.querySelector('.tree-list-view-toggle').style.display).not.toBe('none');
+        })
+        .then(done)
+        .catch(done.fail);
     });
   });
 
@@ -117,4 +165,24 @@ describe('Diffs tree list component', () => {
       expect(vm.search).toBe('');
     });
   });
+
+  describe('toggleRenderTreeList', () => {
+    it('updates renderTreeList', () => {
+      expect(vm.renderTreeList).toBe(true);
+
+      vm.toggleRenderTreeList(false);
+
+      expect(vm.renderTreeList).toBe(false);
+    });
+  });
+
+  describe('toggleFocusSearch', () => {
+    it('updates focusSearch', () => {
+      expect(vm.focusSearch).toBe(false);
+
+      vm.toggleFocusSearch(true);
+
+      expect(vm.focusSearch).toBe(true);
+    });
+  });
 });

spec/javascripts/diffs/store/utils_spec.js

@@ -444,6 +444,14 @@ describe('DiffsStoreUtils', () => {
           addedLines: 0,
           fileHash: 'test',
         },
+        {
+          newPath: 'app/test/filepathneedstruncating.js',
+          deletedFile: false,
+          newFile: true,
+          removedLines: 0,
+          addedLines: 0,
+          fileHash: 'test',
+        },
         {
           newPath: 'package.json',
           deletedFile: true,
@@ -498,6 +506,19 @@ describe('DiffsStoreUtils', () => {
                   type: 'blob',
                   tree: [],
                 },
+                {
+                  addedLines: 0,
+                  changed: true,
+                  deleted: false,
+                  fileHash: 'test',
+                  key: 'app/test/filepathneedstruncating.js',
+                  name: 'filepathneedstruncating.js',
+                  path: 'app/test/filepathneedstruncating.js',
+                  removedLines: 0,
+                  tempFile: true,
+                  type: 'blob',
+                  tree: [],
+                },
               ],
             },
           ],
@@ -527,6 +548,7 @@ describe('DiffsStoreUtils', () => {
         'app/index.js',
         'app/test',
         'app/test/index.js',
+        'app/test/filepathneedstruncating.js',
         'package.json',
       ]);
     });

spec/javascripts/vue_shared/components/file_row_spec.js

@@ -71,4 +71,40 @@ describe('RepoFile', () => {
 
     expect(vm.$el.querySelector('.file-row-name').style.marginLeft).toBe('32px');
   });
+
+  describe('outputText', () => {
+    beforeEach(done => {
+      createComponent({
+        file: {
+          ...file(),
+          path: 'app/assets/index.js',
+        },
+        level: 0,
+      });
+
+      vm.displayTextKey = 'path';
+
+      vm.$nextTick(done);
+    });
+
+    it('returns text if truncateStart is 0', done => {
+      vm.truncateStart = 0;
+
+      vm.$nextTick(() => {
+        expect(vm.outputText).toBe('app/assets/index.js');
+
+        done();
+      });
+    });
+
+    it('returns text truncated at start', done => {
+      vm.truncateStart = 5;
+
+      vm.$nextTick(() => {
+        expect(vm.outputText).toBe('...ssets/index.js');
+
+        done();
+      });
+    });
+  });
 });

yarn.lock

@@ -616,11 +616,16 @@
     lodash "^4.17.10"
     to-fast-properties "^2.0.0"
 
-"@gitlab-org/gitlab-svgs@^1.23.0", "@gitlab-org/gitlab-svgs@^1.32.0":
+"@gitlab-org/gitlab-svgs@^1.23.0":
   version "1.32.0"
   resolved "https://registry.yarnpkg.com/@gitlab-org/gitlab-svgs/-/gitlab-svgs-1.32.0.tgz#a65ab7724fa7d55be8e5cc9b2dbe3f0757432fd3"
   integrity sha512-L3o8dFUd2nSkVZBwh2hCJWzNzADJ3dTBZxamND8NLosZK9/ohNhccmsQOZGyMCUHaOzm4vifaaXkAXh04UtMKA==
 
+"@gitlab-org/gitlab-svgs@^1.33.0":
+  version "1.33.0"
+  resolved "https://registry.yarnpkg.com/@gitlab-org/gitlab-svgs/-/gitlab-svgs-1.33.0.tgz#068566e8ee00795f6f09f58236f08e1716f9f04a"
+  integrity sha512-8ajtUHk6gQ1xosL/CO5IzHSFM/t18hx5pfzQ3cd0VuQXcyR6QKGuXTLwbYdmJDYOw1Etoo5DqDWxPEClHyZpiA==
+
 "@gitlab-org/gitlab-ui@^1.8.0":
   version "1.8.0"
   resolved "https://registry.yarnpkg.com/@gitlab-org/gitlab-ui/-/gitlab-ui-1.8.0.tgz#dee33d78f68c91644273dbd51734b796108263ee"