Merge branches 'fix/import-url-validator' and 'master' of...

Merge branches 'fix/import-url-validator' and 'master' of gitlab.com:gitlab-org/gitlab-ce into fix/import-url-validator

.gitlab-ci.yml

@@ -129,56 +129,51 @@ spinach 7 10: *spinach-knapsack
 spinach 8 10: *spinach-knapsack
 spinach 9 10: *spinach-knapsack
 
-# Execute all testing suites against Ruby 2.2
-
-.ruby-22: &ruby-22
-  image: "ruby:2.2"
+# Execute all testing suites against Ruby 2.3
+.ruby-23: &ruby-23
+  image: "ruby:2.3"
   only:
     - master
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
 
-.rspec-knapsack-ruby22: &rspec-knapsack-ruby22
+.rspec-knapsack-ruby23: &rspec-knapsack-ruby23
   <<: *rspec-knapsack
-  <<: *ruby-22
+  <<: *ruby-23
 
-.spinach-knapsack-ruby22: &spinach-knapsack-ruby22
+.spinach-knapsack-ruby23: &spinach-knapsack-ruby23
   <<: *spinach-knapsack
-  <<: *ruby-22
-  
-rspec 0 20 ruby22: *rspec-knapsack-ruby22
-rspec 1 20 ruby22: *rspec-knapsack-ruby22
-rspec 2 20 ruby22: *rspec-knapsack-ruby22
-rspec 3 20 ruby22: *rspec-knapsack-ruby22
-rspec 4 20 ruby22: *rspec-knapsack-ruby22
-rspec 5 20 ruby22: *rspec-knapsack-ruby22
-rspec 6 20 ruby22: *rspec-knapsack-ruby22
-rspec 7 20 ruby22: *rspec-knapsack-ruby22
-rspec 8 20 ruby22: *rspec-knapsack-ruby22
-rspec 9 20 ruby22: *rspec-knapsack-ruby22
-rspec 10 20 ruby22: *rspec-knapsack-ruby22
-rspec 11 20 ruby22: *rspec-knapsack-ruby22
-rspec 12 20 ruby22: *rspec-knapsack-ruby22
-rspec 13 20 ruby22: *rspec-knapsack-ruby22
-rspec 14 20 ruby22: *rspec-knapsack-ruby22
-rspec 15 20 ruby22: *rspec-knapsack-ruby22
-rspec 16 20 ruby22: *rspec-knapsack-ruby22
-rspec 17 20 ruby22: *rspec-knapsack-ruby22
-rspec 18 20 ruby22: *rspec-knapsack-ruby22
-rspec 19 20 ruby22: *rspec-knapsack-ruby22
-
-spinach 0 10 ruby22: *spinach-knapsack-ruby22
-spinach 1 10 ruby22: *spinach-knapsack-ruby22
-spinach 2 10 ruby22: *spinach-knapsack-ruby22
-spinach 3 10 ruby22: *spinach-knapsack-ruby22
-spinach 4 10 ruby22: *spinach-knapsack-ruby22
-spinach 5 10 ruby22: *spinach-knapsack-ruby22
-spinach 6 10 ruby22: *spinach-knapsack-ruby22
-spinach 7 10 ruby22: *spinach-knapsack-ruby22
-spinach 8 10 ruby22: *spinach-knapsack-ruby22
-spinach 9 10 ruby22: *spinach-knapsack-ruby22
+  <<: *ruby-23
+  
+rspec 0 20 ruby23: *rspec-knapsack-ruby23
+rspec 1 20 ruby23: *rspec-knapsack-ruby23
+rspec 2 20 ruby23: *rspec-knapsack-ruby23
+rspec 3 20 ruby23: *rspec-knapsack-ruby23
+rspec 4 20 ruby23: *rspec-knapsack-ruby23
+rspec 5 20 ruby23: *rspec-knapsack-ruby23
+rspec 6 20 ruby23: *rspec-knapsack-ruby23
+rspec 7 20 ruby23: *rspec-knapsack-ruby23
+rspec 8 20 ruby23: *rspec-knapsack-ruby23
+rspec 9 20 ruby23: *rspec-knapsack-ruby23
+rspec 10 20 ruby23: *rspec-knapsack-ruby23
+rspec 11 20 ruby23: *rspec-knapsack-ruby23
+rspec 12 20 ruby23: *rspec-knapsack-ruby23
+rspec 13 20 ruby23: *rspec-knapsack-ruby23
+rspec 14 20 ruby23: *rspec-knapsack-ruby23
+rspec 15 20 ruby23: *rspec-knapsack-ruby23
+rspec 16 20 ruby23: *rspec-knapsack-ruby23
+rspec 17 20 ruby23: *rspec-knapsack-ruby23
+rspec 18 20 ruby23: *rspec-knapsack-ruby23
+rspec 19 20 ruby23: *rspec-knapsack-ruby23
+
+spinach 0 10 ruby23: *spinach-knapsack-ruby23
+spinach 1 10 ruby23: *spinach-knapsack-ruby23
+spinach 2 10 ruby23: *spinach-knapsack-ruby23
+spinach 3 10 ruby23: *spinach-knapsack-ruby23
+spinach 4 10 ruby23: *spinach-knapsack-ruby23
+spinach 5 10 ruby23: *spinach-knapsack-ruby23
+spinach 6 10 ruby23: *spinach-knapsack-ruby23
+spinach 7 10 ruby23: *spinach-knapsack-ruby23
+spinach 8 10 ruby23: *spinach-knapsack-ruby23
+spinach 9 10 ruby23: *spinach-knapsack-ruby23
 
 # Other generic tests
 

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.9.0 (unreleased)
+  - Fix error when CI job variables key specified but not defined
+  - Fix pipeline status when there are no builds in pipeline
   - Fix Error 500 when using closes_issues API with an external issue tracker
   - Add more information into RSS feed for issues (Alexander Matyushentsev)
   - Bulk assign/unassign labels to issues.
   - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
+  - Show Star and Fork buttons on mobile.
   - Fix endless redirections when accessing user OAuth applications when they are disabled
   - Allow enabling wiki page events from Webhook management UI
   - Bump rouge to 1.11.0
@@ -12,6 +15,8 @@ v 8.9.0 (unreleased)
   - Fix an issue where note polling stopped working if a window was in the
     background during a refresh.
   - Make EmailsOnPushWorker use Sidekiq mailers queue
+  - Redesign all Devise emails. !4297
+  - Don't show 'Leave Project' to group members
   - Fix wiki page events' webhook to point to the wiki repository
   - Don't show tags for revert and cherry-pick operations
   - Fix issue todo not remove when leave project !4150 (Long Nguyen)
@@ -22,15 +27,18 @@ v 8.9.0 (unreleased)
   - Added descriptions to notification settings dropdown
   - Improve note validation to prevent errors when creating invalid note via API
   - Reduce number of fog gem dependencies
+  - Add number of merge requests for a given milestone to the milestones view.
   - Implement a fair usage of shared runners
   - Remove project notification settings associated with deleted projects
   - Fix 404 page when viewing TODOs that contain milestones or labels in different projects
   - Add a metric for the number of new Redis connections created by a transaction
   - Fix Error 500 when viewing a blob with binary characters after the 1024-byte mark
   - Redesign navigation for project pages
+  - Fix images in sign-up confirmation email
   - Added shortcut 'y' for copying a files content hash URL #14470
   - Fix groups API to list only user's accessible projects
   - Fix horizontal scrollbar for long commit message.
+  - GitLab Performance Monitoring now tracks the total method execution time and call count per method
   - Add Environments and Deployments
   - Redesign account and email confirmation emails
   - Don't fail builds for projects that are deleted
@@ -38,7 +46,11 @@ v 8.9.0 (unreleased)
   - `git clone https://host/namespace/project` now works, in addition to using the `.git` suffix
   - Bump nokogiri to 1.6.8
   - Use gitlab-shell v3.0.0
+  - Fixed alignment of download dropdown in merge requests
   - Upgrade to jQuery 2
+  - Adds selected branch name to the dropdown toggle
+  - Add API endpoint for Sidekiq Metrics !4653
+  - Refactoring Award Emoji with API support for Issues and MergeRequests
   - Use Knapsack to evenly distribute tests across multiple nodes
   - Add `sha` parameter to MR merge API, to ensure only reviewed changes are merged
   - Don't allow MRs to be merged when commits were added since the last review / page load
@@ -50,20 +62,26 @@ v 8.9.0 (unreleased)
   - Add option to project to only allow merge requests to be merged if the build succeeds (Rui Santos)
   - Added navigation shortcuts to the project pipelines, milestones, builds and forks page. !4393
   - Fix issues filter when ordering by milestone
+  - Disable SAML account unlink feature
   - Added artifacts:when to .gitlab-ci.yml - this requires GitLab Runner 1.3
   - Bamboo Service: Fix missing credentials & URL handling when base URL contains a path (Benjamin Schmid)
   - TeamCity Service: Fix URL handling when base URL contains a path
   - Todos will display target state if issuable target is 'Closed' or 'Merged'
+  - Validate only and except regexp
   - Fix bug when sorting issues by milestone due date and filtering by two or more labels
   - Add support for using Yubikeys (U2F) for two-factor authentication
   - Link to blank group icon doesn't throw a 404 anymore
   - Remove 'main language' feature
   - Toggle whitespace button now available for compare branches diffs #17881
   - Pipelines can be canceled only when there are running builds
+  - Allow authentication using personal access tokens
   - Use downcased path to container repository as this is expected path by Docker
+  - Custom notification settings
   - Projects pending deletion will render a 404 page
   - Measure queue duration between gitlab-workhorse and Rails
+  - Added Gfm autocomplete for labels
   - Make Omniauth providers specs to not modify global configuration
+  - Remove unused JiraIssue class and replace references with ExternalIssue. !4659 (Ilan Shamir)
   - Make authentication service for Container Registry to be compatible with < Docker 1.11
   - Add Application Setting to configure Container Registry token expire delay (default 5min)
   - Cache assigned issue and merge request counts in sidebar nav
@@ -83,6 +101,7 @@ v 8.9.0 (unreleased)
   - Show categorised search queries in the search autocomplete
   - RepositoryCheck::SingleRepositoryWorker public and private methods are now instrumented
   - Improve issuables APIs performance when accessing notes !4471
+  - Add sorting dropdown to tags page !4423
   - External links now open in a new tab
   - Prevent default actions of disabled buttons and links
   - Markdown editor now correctly resets the input value on edit cancellation !4175
@@ -90,6 +109,7 @@ v 8.9.0 (unreleased)
   - Improved UX of date pickers on issue & milestone forms
   - Cache on the database if a project has an active external issue tracker.
   - Put project Labels and Milestones pages links under Issues and Merge Requests tabs as subnav
+  - GitLab project import and export functionality
   - All classes in the Banzai::ReferenceParser namespace are now instrumented
   - Remove deprecated issues_tracker and issues_tracker_id from project model
   - Allow users to create confidential issues in private projects
@@ -107,6 +127,11 @@ v 8.9.0 (unreleased)
   - Include user relationships when retrieving award_emoji
   - Various associations are now eager loaded when parsing issue references to reduce the number of queries executed
   - Set inverse_of for Project/Service association to reduce the number of queries
+  - Update tanuki logo highlight/loading colors
+  - Use Git cached counters for branches and tags on project page
+  - Filter parameters for request_uri value on instrumented transactions.
+  - Cache user todo counts from TodoService
+  - Ensure Todos counters doesn't count Todos for projects pending delete
 
 v 8.8.5
   - Import GitHub repositories respecting the API rate limit !4166
@@ -118,6 +143,8 @@ v 8.8.5
   - Prevent unauthorized access for projects build traces
   - Forbid scripting for wiki files
   - Only show notes through JSON on confidential issues that the user has access to
+  - Banzai::Filter::UploadLinkFilter use XPath instead CSS expressions
+  - Banzai::Filter::ExternalLinkFilter use XPath instead CSS expressions
 
 v 8.8.4
   - Fix LDAP-based login for users with 2FA enabled. !4493

Gemfile

@@ -52,7 +52,7 @@ gem "browser", '~> 2.0.3'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 10.0'
+gem "gitlab_git", '~> 10.2'
 
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
@@ -221,7 +221,7 @@ gem 'jquery-turbolinks', '~> 2.1.0'
 
 gem 'addressable',        '~> 2.3.8'
 gem 'bootstrap-sass',     '~> 3.3.0'
-gem 'font-awesome-rails', '~> 4.2'
+gem 'font-awesome-rails', '~> 4.6.1'
 gem 'gitlab_emoji',       '~> 0.3.0'
 gem 'gon',                '~> 6.0.1'
 gem 'jquery-atwho-rails', '~> 1.3.2'

Gemfile.lock

@@ -246,7 +246,7 @@ GEM
     fog-xml (0.1.2)
       fog-core
       nokogiri (~> 1.5, >= 1.5.11)
-    font-awesome-rails (4.5.0.1)
+    font-awesome-rails (4.6.1.0)
       railties (>= 3.2, < 5.1)
     foreman (0.78.0)
       thor (~> 0.19.1)
@@ -277,7 +277,7 @@ GEM
       posix-spawn (~> 0.3)
     gitlab_emoji (0.3.1)
       gemojione (~> 2.2, >= 2.2.1)
-    gitlab_git (10.1.3)
+    gitlab_git (10.2.0)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
       github-linguist (~> 4.7.0)
@@ -866,7 +866,7 @@ DEPENDENCIES
   fog-google (~> 0.3)
   fog-local (~> 0.3)
   fog-openstack (~> 0.1)
-  font-awesome-rails (~> 4.2)
+  font-awesome-rails (~> 4.6.1)
   foreman
   fuubar (~> 2.0.0)
   gemnasium-gitlab-service (~> 0.2)
@@ -874,7 +874,7 @@ DEPENDENCIES
   github-markup (~> 1.3.1)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab_emoji (~> 0.3.0)
-  gitlab_git (~> 10.0)
+  gitlab_git (~> 10.2)
   gitlab_meta (= 7.0)
   gitlab_omniauth-ldap (~> 1.2.1)
   gollum-lib (~> 4.1.0)

app/assets/javascripts/LabelManager.js.coffee

@@ -27,6 +27,11 @@ class @LabelManager
     $btn = $(e.currentTarget)
     $label = $("##{$btn.data('domId')}")
     action = if $btn.parents('.js-prioritized-labels').length then 'remove' else 'add'
+
+    # Make sure tooltip will hide
+    $tooltip = $ "##{$btn.find('.has-tooltip:visible').attr('aria-describedby')}"
+    $tooltip.tooltip 'destroy'
+
     _this.toggleLabelPriority($label, action)
 
   toggleLabelPriority: ($label, action, persistState = true) ->

app/assets/javascripts/blob/blob_gitignore_selector.js.coffee

-class @BlobGitignoreSelector
-  constructor: (opts) ->
-    {
-      @dropdown
-      @editor
-      @$wrapper        = @dropdown.closest('.gitignore-selector')
-      @$filenameInput  = $('#file_name')
-      @data           = @dropdown.data('filenames')
-    } = opts
+#= require blob/template_selector
 
-    @dropdown.glDropdown(
-      data: @data,
-      filterable: true,
-      selectable: true,
-      search:
-        fields: ['name']
-      clicked: @onClick
-      text: (gitignore) ->
-        gitignore.name
-    )
-
-    @toggleGitignoreSelector()
-    @bindEvents()
-
-  bindEvents: ->
-    @$filenameInput
-      .on 'keyup blur', (e) =>
-        @toggleGitignoreSelector()
-
-  toggleGitignoreSelector: ->
-    filename = @$filenameInput.val() or $('.editor-file-name').text().trim()
-    @$wrapper.toggleClass 'hidden', filename isnt '.gitignore'
-
-  onClick: (item, el, e) =>
-    e.preventDefault()
-    @requestIgnoreFile(item.name)
-
-  requestIgnoreFile: (name) ->
-    Api.gitignoreText name, @requestIgnoreFileSuccess.bind(@)
-
-  requestIgnoreFileSuccess: (gitignore) ->
-    @editor.setValue(gitignore.content, 1)
-    @editor.focus()
-
-class @BlobGitignoreSelectors
-  constructor: (opts) ->
-    {
-      @$dropdowns = $('.js-gitignore-selector')
-      @editor
-    } = opts
-
-    @$dropdowns.each (i, dropdown) =>
-      $dropdown = $(dropdown)
-
-      new BlobGitignoreSelector(
-        dropdown: $dropdown,
-        editor: @editor
-      )
+class @BlobGitignoreSelector extends TemplateSelector
+  requestFile: (query) ->
+    Api.gitignoreText query.name, @requestFileSuccess.bind(@)

app/assets/javascripts/blob/blob_gitignore_selectors.js.coffee

+class @BlobGitignoreSelectors
+  constructor: (opts) ->
+    {
+      @$dropdowns = $('.js-gitignore-selector')
+      @editor
+    } = opts
+
+    @$dropdowns.each (i, dropdown) =>
+      $dropdown = $(dropdown)
+
+      new BlobGitignoreSelector(
+        pattern: /(.gitignore)/,
+        data: $dropdown.data('data'),
+        wrapper: $dropdown.closest('.js-gitignore-selector-wrap'),
+        dropdown: $dropdown,
+        editor: @editor
+      )

app/assets/javascripts/blob/blob_license_selector.js.coffee

-class @BlobLicenseSelector
-  licenseRegex: /^(.+\/)?(licen[sc]e|copying)($|\.)/i
+#= require blob/template_selector
 
-  constructor: (editor) ->
-    @$licenseSelector = $('.js-license-selector')
-    $fileNameInput = $('#file_name')
-
-    initialFileNameValue = if $fileNameInput.length
-      $fileNameInput.val()
-    else if $('.editor-file-name').length
-      $('.editor-file-name').text().trim()
-
-    @toggleLicenseSelector(initialFileNameValue)
-
-    if $fileNameInput
-      $fileNameInput.on 'keyup blur', (e) =>
-        @toggleLicenseSelector($(e.target).val())
-
-    $('select.license-select').on 'change', (e) ->
+class @BlobLicenseSelector extends TemplateSelector
+  requestFile: (query) ->
     data =
-        project: $(this).data('project')
-        fullname: $(this).data('fullname')
-      Api.licenseText $(this).val(), data, (license) ->
-        editor.setValue(license.content, -1)
+      project: @dropdown.data('project')
+      fullname: @dropdown.data('fullname')
 
-  toggleLicenseSelector: (fileName) =>
-    if @licenseRegex.test(fileName)
-      @$licenseSelector.show()
-    else
-      @$licenseSelector.hide()
+    Api.licenseText query.id, data, @requestFileSuccess.bind(@)

app/assets/javascripts/blob/blob_license_selectors.js.coffee

+class @BlobLicenseSelectors
+  constructor: (opts) ->
+    {
+      @$dropdowns = $('.js-license-selector')
+      @editor
+    } = opts
+
+    @$dropdowns.each (i, dropdown) =>
+      $dropdown = $(dropdown)
+
+      new BlobLicenseSelector(
+        pattern: /^(.+\/)?(licen[sc]e|copying)($|\.)/i,
+        data: $dropdown.data('data'),
+        wrapper: $dropdown.closest('.js-license-selector-wrap'),
+        dropdown: $dropdown,
+        editor: @editor
+      )

app/assets/javascripts/blob/edit_blob.js.coffee

@@ -12,8 +12,9 @@ class @EditBlob
       $("#file-content").val(@editor.getValue())
 
     @initModePanesAndLinks()
-    new BlobLicenseSelector(@editor)
-    new BlobGitignoreSelectors(editor: @editor)
+
+    new BlobLicenseSelectors { @editor }
+    new BlobGitignoreSelectors { @editor }
 
   initModePanesAndLinks: ->
     @$editModePanes = $(".js-edit-mode-pane")

app/assets/javascripts/blob/template_selector.js.coffee

+class @TemplateSelector
+  constructor: (opts = {}) ->
+    {
+      @dropdown,
+      @data,
+      @pattern,
+      @wrapper,
+      @editor,
+      @fileEndpoint,
+      @$input = $('#file_name')
+    } = opts
+
+    @buildDropdown()
+    @bindEvents()
+    @onFilenameUpdate()
+
+  buildDropdown: ->
+    @dropdown.glDropdown(
+      data: @data,
+      filterable: true,
+      selectable: true,
+      search:
+        fields: ['name']
+      clicked: @onClick
+      text: (item) ->
+        item.name
+    )
+
+  bindEvents: ->
+    @$input.on('keyup blur', (e) =>
+      @onFilenameUpdate()
+    )
+
+  onFilenameUpdate: ->
+    return unless @$input.length
+
+    filenameMatches = @pattern.test(@$input.val().trim())
+
+    if not filenameMatches
+      @wrapper.addClass('hidden')
+      return
+
+    @wrapper.removeClass('hidden')
+
+  onClick: (item, el, e) =>
+    e.preventDefault()
+    @requestFile(item)
+
+  requestFile: (item) ->
+    # To be implemented on the extending class
+    # e.g.
+    # Api.gitignoreText item.name, @requestFileSuccess.bind(@)
+
+  requestFileSuccess: (file) ->
+    @editor.setValue(file.content, 1)
+    @editor.focus()

app/assets/javascripts/dispatcher.js.coffee

@@ -78,6 +78,7 @@ class Dispatcher
       when 'projects:show'
         shortcut_handler = new ShortcutsNavigation()
 
+        new NotificationsForm()
         new TreeView() if $('#tree-slider').length
       when 'groups:activity'
         new Activities()
@@ -129,6 +130,8 @@ class Dispatcher
         shortcut_handler = new ShortcutsDashboardNavigation()
       when 'profiles'
         new Profile()
+        new NotificationsForm()
+        new NotificationsDropdown()
       when 'projects'
         new Project()
         new ProjectAvatar()
@@ -136,8 +139,12 @@ class Dispatcher
           when 'edit'
             shortcut_handler = new ShortcutsNavigation()
             new ProjectNew()
-          when 'new', 'show'
+          when 'new'
             new ProjectNew()
+          when 'show'
+            new ProjectNew()
+            new ProjectShow()
+            new NotificationsDropdown()
           when 'wikis'
             new Wikis()
             shortcut_handler = new ShortcutsNavigation()

app/assets/javascripts/gfm_auto_complete.js.coffee

@@ -15,6 +15,9 @@ GitLab.GfmAutoComplete =
   Members:
     template: '<li>${username} <small>${title}</small></li>'
 
+  Labels:
+    template: '<li><span class="dropdown-label-box" style="background: ${color}"></span> ${title}</li>'
+
   # Issues and MergeRequests
   Issues:
     template: '<li><small>${id}</small> ${title}</li>'
@@ -176,6 +179,25 @@ GitLab.GfmAutoComplete =
             title:  sanitize(m.title)
             search: "#{m.iid} #{m.title}"
 
+    @input.atwho
+      at: '~'
+      alias: 'labels'
+      searchKey: 'search'
+      displayTpl: @Labels.template
+      insertTpl: '${atwho-at}${title}'
+      callbacks:
+        beforeSave: (merges) ->
+          sanitizeLabelTitle = (title)->
+            if /\w+\s+\w+/g.test(title)
+              "\"#{sanitize(title)}\""
+            else
+              sanitize(title)
+
+          $.map merges, (m) ->
+            title: sanitizeLabelTitle(m.title)
+            color: m.color
+            search: "#{m.title}"
+
   destroyAtWho: ->
     @input.atwho('destroy')
 
@@ -195,6 +217,8 @@ GitLab.GfmAutoComplete =
     @input.atwho 'load', 'mergerequests', data.mergerequests
     # load emojis
     @input.atwho 'load', ':', data.emojis
+    # load labels
+    @input.atwho 'load', '~', data.labels
 
     # This trigger at.js again
     # otherwise we would be stuck with loading until the user types

app/assets/javascripts/gl_dropdown.js.coffee

@@ -302,6 +302,9 @@ class GitLabDropdown
     if @options.setIndeterminateIds
       @options.setIndeterminateIds.call(@)
 
+    if @options.setActiveIds
+      @options.setActiveIds.call(@)
+
     # Makes indeterminate items effective
     if @fullData and @dropdown.find('.dropdown-menu-toggle').hasClass('js-filter-bulk-update')
       @parseData @fullData

app/assets/javascripts/labels_select.js.coffee

@@ -210,9 +210,21 @@ class @LabelsSelect
 
           if $dropdown.hasClass('js-filter-bulk-update')
             indeterminate = instance.indeterminateIds
+            active = instance.activeIds
+
             if indeterminate.indexOf(label.id) isnt -1
               selectedClass.push 'is-indeterminate'
 
+            if active.indexOf(label.id) isnt -1
+              # Remove is-indeterminate class if the item will be marked as active
+              i = selectedClass.indexOf 'is-indeterminate'
+              selectedClass.splice i, 1 unless i is -1
+
+              selectedClass.push 'is-active'
+
+              # Add input manually
+              instance.addInput @fieldName, label.id
+
           if $form.find("input[type='hidden']\
             [name='#{$dropdown.data('fieldName')}']\
             [value='#{this.id(label)}']").length
@@ -328,6 +340,10 @@ class @LabelsSelect
         setIndeterminateIds: ->
           if @dropdown.find('.dropdown-menu-toggle').hasClass('js-filter-bulk-update')
             @indeterminateIds = _this.getIndeterminateIds()
+
+        setActiveIds: ->
+          if @dropdown.find('.dropdown-menu-toggle').hasClass('js-filter-bulk-update')
+            @activeIds = _this.getActiveIds()
       )
 
     @bindEvents()
@@ -352,3 +368,12 @@ class @LabelsSelect
       label_ids.push $("#issue_#{issue_id}").data('labels')
 
     _.flatten(label_ids)
+
+  getActiveIds: ->
+    label_ids = []
+
+    $('.selected_issue:checked').each (i, el) ->
+      issue_id = $(el).data('id')
+      label_ids.push $("#issue_#{issue_id}").data('labels')
+
+    _.intersection.apply _, label_ids

app/assets/javascripts/merge_request.js.coffee

@@ -9,7 +9,7 @@ class @MergeRequest
   # Options:
   #   action - String, current controller action
   #
-  constructor: (@opts) ->
+  constructor: (@opts = {}) ->
     this.$el = $('.merge-request')
 
     this.$('.show-all-commits').on 'click', =>

app/assets/javascripts/merge_request_tabs.js.coffee

@@ -88,7 +88,7 @@ class @MergeRequestTabs
 
   scrollToElement: (container) ->
     if window.location.hash
-      navBarHeight = $('.navbar-gitlab').outerHeight()
+      navBarHeight = $('.navbar-gitlab').outerHeight() + $('.layout-nav').outerHeight()
 
       $el = $("#{container} #{window.location.hash}:not(.match)")
       $.scrollTo("#{container} #{window.location.hash}:not(.match)", offset: -navBarHeight) if $el.length

app/assets/javascripts/notifications_dropdown.js.coffee

+class @NotificationsDropdown
+  $ ->
+    $(document)
+      .off 'click', '.update-notification'
+      .on 'click', '.update-notification', (e) ->
+        e.preventDefault()
+
+        return if $(this).is('.is-active') and $(this).data('notification-level') is 'custom'
+
+        notificationLevel = $(@).data 'notification-level'
+        label = $(@).data 'notification-title'
+        form = $(this).parents('.notification-form:first')
+        form.find('.js-notification-loading').toggleClass 'fa-bell fa-spin fa-spinner'
+        form.find('#notification_setting_level').val(notificationLevel)
+        form.submit()
+
+    $(document)
+      .off 'ajax:success', '.notification-form'
+      .on 'ajax:success', '.notification-form', (e, data) ->
+        if data.saved
+          new Flash('Notification settings saved', 'notice')
+          $(e.currentTarget).closest('.notification-dropdown').replaceWith(data.html)
+        else
+          new Flash('Failed to save new settings', 'alert')

app/assets/javascripts/notifications_form.js.coffee

+class @NotificationsForm
+  constructor: ->
+    @removeEventListeners()
+    @initEventListeners()
+
+  removeEventListeners: ->
+    $(document).off 'change', '.js-custom-notification-event'
+
+  initEventListeners: ->
+    $(document).on 'change', '.js-custom-notification-event', @toggleCheckbox
+
+  toggleCheckbox: (e) =>
+    $checkbox = $(e.currentTarget)
+    $parent = $checkbox.closest('.checkbox')
+    @saveEvent($checkbox, $parent)
+
+  showCheckboxLoadingSpinner: ($parent) ->
+    $parent
+      .addClass 'is-loading'
+      .find '.custom-notification-event-loading'
+      .removeClass 'fa-check'
+      .addClass 'fa-spin fa-spinner'
+      .removeClass 'is-done'
+
+  saveEvent: ($checkbox, $parent) ->
+    form = $parent.parents('form:first')
+
+    $.ajax(
+      url: form.attr('action')
+      method: form.attr('method')
+      dataType: 'json'
+      data: form.serialize()
+
+      beforeSend: =>
+        @showCheckboxLoadingSpinner($parent)
+    ).done (data) ->
+      $checkbox.enable()
+
+      if data.saved
+        $parent
+          .find '.custom-notification-event-loading'
+          .toggleClass 'fa-spin fa-spinner fa-check is-done'
+
+        setTimeout(->
+          $parent
+            .removeClass 'is-loading'
+            .find '.custom-notification-event-loading'
+            .toggleClass 'fa-spin fa-spinner fa-check is-done'
+        , 2000)

app/assets/javascripts/profile.js.coffee

@@ -8,6 +8,10 @@ class @Profile
     $('.js-preferences-form').on 'change.preference', 'input[type=radio]', ->
       $(this).parents('form').submit()
 
+    # Automatically submit email form when it changes
+    $('#user_notification_email').on 'change', ->
+      $(this).parents('form').submit()
+
     $('.update-username').on 'ajax:before', ->
       $('.loading-username').show()
       $(this).find('.update-success').hide()

app/assets/javascripts/project.js.coffee

@@ -34,22 +34,6 @@ class @Project
       $(@).parents('.no-password-message').remove()
       e.preventDefault()
 
-    $('.update-notification').on 'click', (e) ->
-      e.preventDefault()
-      notification_level = $(@).data 'notification-level'
-      label = $(@).data 'notification-title'
-      $('#notification_setting_level').val(notification_level)
-      $('#notification-form').submit()
-      $('#notifications-button').empty().append("<i class='fa fa-bell'></i>" + label + "<i class='fa fa-angle-down'></i>")
-      $(@).parents('ul').find('li.active').removeClass 'active'
-      $(@).parent().addClass 'active'
-
-    $('#notification-form').on 'ajax:success', (e, data) ->
-      if data.saved
-        new Flash("Notification settings saved", "notice")
-      else
-        new Flash("Failed to save new settings", "alert")
-
 
     @projectSelectDropdown()
 

app/assets/javascripts/right_sidebar.js.coffee

@@ -51,15 +51,19 @@ class @Sidebar
     $this = $(e.currentTarget)
     $todoLoading = $('.js-issuable-todo-loading')
     $btnText = $('.js-issuable-todo-text', $this)
-    ajaxType = if $this.attr('data-id') then 'PATCH' else 'POST'
-    ajaxUrlExtra = if $this.attr('data-id') then "/#{$this.attr('data-id')}" else ''
+    ajaxType = if $this.attr('data-delete-path') then 'DELETE' else 'POST'
+
+    if $this.attr('data-delete-path')
+      url = "#{$this.attr('data-delete-path')}"
+    else
+      url = "#{$this.data('url')}"
 
     $.ajax(
-      url: "#{$this.data('url')}#{ajaxUrlExtra}"
+      url: url
       type: ajaxType
       dataType: 'json'
       data:
-        issuable_id: $this.data('issuable')
+        issuable_id: $this.data('issuable-id')
         issuable_type: $this.data('issuable-type')
       beforeSend: =>
         @beforeTodoSend($this, $todoLoading)
@@ -82,15 +86,15 @@ class @Sidebar
     else
       $todoPendingCount.removeClass 'hidden'
 
-    if data.todo?
+    if data.delete_path?
       $btn
         .attr 'aria-label', $btn.data('mark-text')
-        .attr 'data-id', data.todo.id
+        .attr 'data-delete-path', data.delete_path
       $btnText.text $btn.data('mark-text')
     else
       $btn
         .attr 'aria-label', $btn.data('todo-text')
-        .removeAttr 'data-id'
+        .removeAttr 'data-delete-path'
       $btnText.text $btn.data('todo-text')
 
   sidebarDropdownLoading: (e) ->

app/assets/javascripts/users/calendar.js.coffee

@@ -6,12 +6,6 @@ class @Calendar
     @daySizeWithSpace = @daySize + (@daySpace * 2)
     @monthNames = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
     @months = []
-    @highestValue = 0
-
-    # Get the highest value from the timestampes
-    _.each timestamps, (count) =>
-      if count > @highestValue
-        @highestValue = count
 
     # Loop through the timestamps to create a group of objects
     # The group of objects will be grouped based on the day of the week they are
@@ -39,8 +33,8 @@ class @Calendar
       i++
 
     # Init color functions
-    @color = @initColor()
     @colorKey = @initColorKey()
+    @color = @initColor()
 
     # Init the svg element
     @renderSvg(group)
@@ -104,7 +98,7 @@ class @Calendar
       .attr 'class', 'user-contrib-cell js-tooltip'
       .attr 'fill', (stamp) =>
         if stamp.count isnt 0
-          @color(stamp.count)
+          @color(Math.min(stamp.count, 40))
         else
           '#ededed'
       .attr 'data-container', 'body'
@@ -164,10 +158,11 @@ class @Calendar
         color
 
   initColor: ->
+    colorRange = ['#ededed', @colorKey(0), @colorKey(1), @colorKey(2), @colorKey(3)]
     d3.scale
-      .linear()
-      .range(['#acd5f2', '#254e77'])
-      .domain([0, @highestValue])
+      .threshold()
+      .domain([0, 10, 20, 30])
+      .range(colorRange)
 
   initColorKey: ->
     d3.scale

app/assets/stylesheets/framework/blocks.scss

@@ -91,6 +91,10 @@
     background-color: $white-light;
     border-top: none;
   }
+
+  &.top-block .container-fluid {
+    background-color: inherit;
+  }
 }
 
 .cover-block {

app/assets/stylesheets/framework/header.scss

@@ -2,6 +2,17 @@
  *  Application Header
  *
  */
+@mixin tanuki-logo-colors($path-color) {
+  fill: $path-color;
+  transition: all 0.8s;
+
+  &:hover,
+  &.highlight {
+    fill: lighten($path-color, 25%);
+    transition: all 0.1s;
+  }
+}
+
 header {
   transition: padding $sidebar-transition-duration;
 
@@ -191,13 +202,24 @@ header {
   }
 }
 
-.tanuki-shape {
-  transition: all 0.8s;
+#tanuki-logo {
 
-  &:hover, &.highlight {
-    fill: rgb(255, 255, 255);
-    transition: all 0.1s;
+  #tanuki-left-ear,
+  #tanuki-right-ear,
+  #tanuki-nose {
+    @include tanuki-logo-colors($tanuki-red);
+  }
+
+  #tanuki-left-eye,
+  #tanuki-right-eye {
+    @include tanuki-logo-colors($tanuki-orange);
   }
+
+  #tanuki-left-cheek,
+  #tanuki-right-cheek {
+    @include tanuki-logo-colors($tanuki-yellow);
+  }
+
 }
 
 @media (max-width: $screen-xs-max) {

app/assets/stylesheets/framework/mobile.scss

@@ -52,6 +52,19 @@
     .git-clone-holder {
       display: none;
     }
+
+    // Display Star and Fork buttons without counters on mobile.
+    .project-action-buttons {
+      display: block;
+
+      .count-buttons .btn {
+        margin: 0 10px;
+      }
+
+      .count-buttons .count-with-arrow {
+        display: none;
+      }
+    }
   }
 
   .project-stats {

app/assets/stylesheets/framework/sidebar.scss

@@ -55,17 +55,6 @@
   }
 }
 
-
-.tanuki-shape {
-  transition: all 0.8s;
-
-  &:hover, &.highlight {
-    fill: rgb(255, 255, 255);
-    transition: all 0.1s;
-  }
-}
-
-
 .nav-sidebar {
   position: absolute;
   top: 50px;

app/assets/stylesheets/framework/variables.scss

@@ -156,6 +156,11 @@ $warning-message-border: #f0e2bb;
 /* header */
 $light-grey-header: #faf9f9;
 
+/* tanuki logo colors */
+$tanuki-red: #e24329;
+$tanuki-orange: #fc6d26;
+$tanuki-yellow: #fca326;
+
 /*
  * State colors:
  */
@@ -263,5 +268,10 @@ $calendar-hover-bg: #ecf3fe;
 $calendar-border-color: rgba(#000, .1);
 $calendar-unselectable-bg: #faf9f9;
 
+/*
+ * Personal Access Tokens
+ */
+$personal-access-tokens-disabled-label-color: #bbb;
+
 $ci-output-bg: #1d1f21;
 $ci-text-color: #c5c8c6;

app/assets/stylesheets/mailers/devise.scss

@@ -38,6 +38,10 @@ table {
     margin: 0 auto;
     text-align: left;
     width: 600px;
+
+    & > td {
+      text-align: center;
+    }
   }
 
   &#body {

app/assets/stylesheets/pages/commit.scss

@@ -26,6 +26,8 @@
 
 .commit-info-row {
   margin-bottom: 10px;
+  line-height: 24px;
+  padding-top: 6px;
 
   &.commit-info-row-header {
     line-height: 34px;

app/assets/stylesheets/pages/editor.scss

@@ -66,8 +66,7 @@
     font-family: $regular_font;
   }
 
-  .gitignore-selector {
-
+  .gitignore-selector, .license-selector {
     .dropdown {
       line-height: 21px;
     }

app/assets/stylesheets/pages/events.scss

@@ -136,9 +136,10 @@
 .event-last-push {
   overflow: auto;
   width: 100%;
+  
   .event-last-push-text {
     @include str-truncated(100%);
-    padding: 5px 0;
+    padding: 4px 0;
     font-size: 13px;
     float: left;
     margin-right: -150px;

app/assets/stylesheets/pages/merge_requests.scss

@@ -244,6 +244,10 @@
 
   .panel-footer {
     padding: 5px 10px;
+
+    .btn {
+      min-width: auto;
+    }
   }
 
   .commit {
@@ -252,9 +256,7 @@
     }
 
     .avatar {
-      width: 20px;
-      height: 20px;
-      margin-right: 5px;
+      margin-left: 0;
     }
 
     .commit-row-info {

app/assets/stylesheets/pages/profile.scss

@@ -192,6 +192,25 @@
   }
 }
 
+.personal-access-tokens-never-expires-label {
+  color: $personal-access-tokens-disabled-label-color;
+}
+
+.datepicker.personal-access-tokens-expires-at .ui-state-disabled span {
+  text-align: center;
+}
+
+.created-personal-access-token-container {
+  #created-personal-access-token {
+    width: 90%;
+    display: inline;
+  }
+
+  .btn-clipboard {
+    margin-left: 5px;
+  }
+}
+
 .user-profile {
   @media (max-width: $screen-xs-max) {
     .cover-block {

app/assets/stylesheets/pages/projects.scss

@@ -28,7 +28,7 @@
   .container-fluid {
     position: relative;
 
-    @media (min-width: $screen-md-max) {
+    @media (min-width: $screen-lg-min) {
       .row {
         display: flex;
         -ms-flex-align: center;
@@ -128,11 +128,6 @@
       }
     }
 
-    .btn-group:not(:first-child):not(:last-child) > .btn {
-      border-top-right-radius: 3px;
-      border-bottom-right-radius: 3px;
-    }
-
     form {
       margin-left: 10px;
     }
@@ -224,7 +219,7 @@
     right: 16px;
     bottom: 0;
 
-    @media (max-width: $screen-lg-min) {
+    @media (max-width: $screen-md-max) {
       top: 0;
     }
 
@@ -233,7 +228,7 @@
       right: 0;
       bottom: 61px;
 
-      @media (max-width: $screen-lg-min) {
+      @media (max-width: $screen-md-max) {
         position: relative;
         bottom: 0;
         margin-right: 10px;
@@ -499,7 +494,8 @@ pre.light-well {
 
 .activity-filter-block {
   .controls {
-    padding-bottom: 10px;
+    padding-bottom: 7px;
+    margin-top: 8px;
     border-bottom: 1px solid $border-color;
   }
 }
@@ -603,3 +599,20 @@ pre.light-well {
     }
   }
 }
+
+.custom-notifications-form {
+  .is-loading {
+    .custom-notification-event-loading {
+      display: inline-block;
+    }
+  }
+}
+
+.custom-notification-event-loading {
+  display: none;
+  margin-left: 5px;
+
+  &.is-done {
+    color: $gl-text-green;
+  }
+}

app/controllers/application_controller.rb

@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
   include PageLayoutHelper
   include WorkhorseHelper
 
-  before_action :authenticate_user_from_token!
+  before_action :authenticate_user_from_private_token!
   before_action :authenticate_user!
   before_action :validate_user_service_ticket!
   before_action :reject_blocked!
@@ -24,7 +24,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
   helper_method :abilities, :can?, :current_application_settings
-  helper_method :import_sources_enabled?, :github_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :gitorious_import_enabled?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?
+  helper_method :import_sources_enabled?, :github_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :gitorious_import_enabled?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled?
 
   rescue_from Encoding::CompatibilityError do |exception|
     log_exception(exception)
@@ -64,17 +64,10 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  # From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
-  # https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
-  def authenticate_user_from_token!
-    user_token = if params[:authenticity_token].presence
-                   params[:authenticity_token].presence
-                 elsif params[:private_token].presence
-                   params[:private_token].presence
-                 elsif request.headers['PRIVATE-TOKEN'].present?
-                   request.headers['PRIVATE-TOKEN']
-                 end
-    user = user_token && User.find_by_authentication_token(user_token.to_s)
+  # This filter handles both private tokens and personal access tokens
+  def authenticate_user_from_private_token!
+    token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
+    user = User.find_by_authentication_token(token_string) || User.find_by_personal_access_token(token_string)
 
     if user
       # Notice we are passing store false, so the user is not
@@ -326,6 +319,10 @@ class ApplicationController < ActionController::Base
     current_application_settings.import_sources.include?('git')
   end
 
+  def gitlab_project_import_enabled?
+    current_application_settings.import_sources.include?('gitlab_project')
+  end
+
   def two_factor_authentication_required?
     current_application_settings.require_two_factor_authentication
   end

app/controllers/dashboard/todos_controller.rb

 class Dashboard::TodosController < Dashboard::ApplicationController
-  before_action :find_todos, only: [:index, :destroy, :destroy_all]
+  include TodosHelper
+
+  before_action :find_todos, only: [:index, :destroy_all]
 
   def index
     @todos = @todos.page(params[:page])
   end
 
   def destroy
-    todo.done
-
-    todo_notice = 'Todo was successfully marked as done.'
+    TodoService.new.mark_todos_as_done([todo], current_user)
 
     respond_to do |format|
-      format.html { redirect_to dashboard_todos_path, notice: todo_notice }
+      format.html { redirect_to dashboard_todos_path, notice: 'Todo was successfully marked as done.' }
       format.js { head :ok }
-      format.json do
-        render json: { count: @todos.size, done_count: current_user.todos.done.count }
-      end
+      format.json { render json: { count: todos_pending_count, done_count: todos_done_count } }
     end
   end
 
   def destroy_all
-    @todos.each(&:done)
+    TodoService.new.mark_todos_as_done(@todos, current_user)
 
     respond_to do |format|
       format.html { redirect_to dashboard_todos_path, notice: 'All todos were marked as done.' }
       format.js { head :ok }
-      format.json do
-        find_todos
-        render json: { count: @todos.size, done_count: current_user.todos.done.count }
-      end
+      format.json { render json: { count: todos_pending_count, done_count: todos_done_count } }
     end
   end
 
   private
 
   def todo
-    @todo ||= current_user.todos.find(params[:id])
+    @todo ||= find_todos.find(params[:id])
   end
 
   def find_todos
-    @todos = TodosFinder.new(current_user, params).execute
+    @todos ||= TodosFinder.new(current_user, params).execute
   end
 end

app/controllers/groups/notification_settings_controller.rb

-class Groups::NotificationSettingsController < Groups::ApplicationController
-  before_action :authenticate_user!
-
-  def update
-    notification_setting = current_user.notification_settings_for(group)
-    saved = notification_setting.update_attributes(notification_setting_params)
-
-    render json: { saved: saved }
-  end
-
-  private
-
-  def notification_setting_params
-    params.require(:notification_setting).permit(:level)
-  end
-end

app/controllers/import/gitlab_projects_controller.rb

+class Import::GitlabProjectsController < Import::BaseController
+  before_action :verify_gitlab_project_import_enabled
+
+  def new
+    @namespace_id = project_params[:namespace_id]
+    @namespace_name = Namespace.find(project_params[:namespace_id]).name
+    @path = project_params[:path]
+  end
+
+  def create
+    unless file_is_valid?
+      return redirect_back_or_default(options: { alert: "You need to upload a GitLab project export archive." })
+    end
+
+    @project = Gitlab::ImportExport::ProjectCreator.new(project_params[:namespace_id],
+                                                        current_user,
+                                                        File.expand_path(project_params[:file].path),
+                                                        project_params[:path]).execute
+
+    if @project.saved?
+      redirect_to(
+        project_path(@project),
+        notice: "Project '#{@project.name}' is being imported."
+      )
+    else
+      redirect_to(
+        new_import_gitlab_project_path,
+        alert: "Project could not be imported: #{@project.errors.full_messages.join(', ')}"
+      )
+    end
+  end
+
+  private
+
+  def file_is_valid?
+    project_params[:file] && project_params[:file].respond_to?(:read)
+  end
+
+  def verify_gitlab_project_import_enabled
+    render_404 unless gitlab_project_import_enabled?
+  end
+
+  def project_params
+    params.permit(
+      :path, :namespace_id, :file
+    )
+  end
+end

app/controllers/notification_settings_controller.rb

+class NotificationSettingsController < ApplicationController
+  before_action :authenticate_user!
+
+  def create
+    project = Project.find(params[:project][:id])
+
+    return render_404 unless can?(current_user, :read_project, project)
+
+    @notification_setting = current_user.notification_settings_for(project)
+    @saved = @notification_setting.update_attributes(notification_setting_params)
+
+    render_response
+  end
+
+  def update
+    @notification_setting = current_user.notification_settings.find(params[:id])
+    @saved = @notification_setting.update_attributes(notification_setting_params)
+
+    render_response
+  end
+
+  private
+
+  def render_response
+    render json: {
+      html: view_to_html_string("shared/notifications/_button", notification_setting: @notification_setting),
+      saved: @saved
+    }
+  end
+
+  def notification_setting_params
+    allowed_fields = NotificationSetting::EMAIL_EVENTS.dup
+    allowed_fields << :level
+    params.require(:notification_setting).permit(allowed_fields)
+  end
+end

app/controllers/profiles/accounts_controller.rb

@@ -5,7 +5,7 @@ class Profiles::AccountsController < Profiles::ApplicationController
 
   def unlink
     provider = params[:provider]
-    current_user.identities.find_by(provider: provider).destroy
+    current_user.identities.find_by(provider: provider).destroy unless provider.to_s == 'saml'
     redirect_to profile_account_path
   end
 end

app/controllers/profiles/notifications_controller.rb

 class Profiles::NotificationsController < Profiles::ApplicationController
   def show
     @user                        = current_user
-    @group_notifications         = current_user.notification_settings.for_groups
-    @project_notifications       = current_user.notification_settings.for_projects
+    @group_notifications         = current_user.notification_settings.for_groups.order(:id)
+    @project_notifications       = current_user.notification_settings.for_projects.order(:id)
     @global_notification_setting = current_user.global_notification_setting
   end
 
   def update
-    if current_user.update_attributes(user_params) && update_notification_settings
+    if current_user.update_attributes(user_params)
       flash[:notice] = "Notification settings saved"
     else
       flash[:alert] = "Failed to save new settings"
@@ -19,16 +19,4 @@ class Profiles::NotificationsController < Profiles::ApplicationController
   def user_params
     params.require(:user).permit(:notification_email)
   end
-
-  def global_notification_setting_params
-    params.require(:global_notification_setting).permit(:level)
-  end
-
-  private
-
-  def update_notification_settings
-    return true unless global_notification_setting_params
-
-    current_user.global_notification_setting.update_attributes(global_notification_setting_params)
-  end
 end

app/controllers/profiles/personal_access_tokens_controller.rb

+class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
+  before_action :load_personal_access_tokens, only: :index
+
+  def index
+    @personal_access_token = current_user.personal_access_tokens.build
+  end
+
+  def create
+    @personal_access_token = current_user.personal_access_tokens.generate(personal_access_token_params)
+
+    if @personal_access_token.save
+      flash[:personal_access_token] = @personal_access_token.token
+      redirect_to profile_personal_access_tokens_path, notice: "Your new personal access token has been created."
+    else
+      load_personal_access_tokens
+      render :index
+    end
+  end
+
+  def revoke
+    @personal_access_token = current_user.personal_access_tokens.find(params[:id])
+
+    if @personal_access_token.revoke!
+      flash[:notice] = "Revoked personal access token #{@personal_access_token.name}!"
+    else
+      flash[:alert] = "Could not revoke personal access token #{@personal_access_token.name}."
+    end
+
+    redirect_to profile_personal_access_tokens_path
+  end
+
+  private
+
+  def personal_access_token_params
+    params.require(:personal_access_token).permit(:name, :expires_at)
+  end
+
+  def load_personal_access_tokens
+    @active_personal_access_tokens = current_user.personal_access_tokens.active.order(:expires_at)
+    @inactive_personal_access_tokens = current_user.personal_access_tokens.inactive
+  end
+end

app/controllers/projects/notification_settings_controller.rb

-class Projects::NotificationSettingsController < Projects::ApplicationController
-  before_action :authenticate_user!
-
-  def update
-    notification_setting = current_user.notification_settings_for(project)
-    saved = notification_setting.update_attributes(notification_setting_params)
-
-    render json: { saved: saved }
-  end
-
-  private
-
-  def notification_setting_params
-    params.require(:notification_setting).permit(:level)
-  end
-end

app/controllers/projects/tags_controller.rb

@@ -6,8 +6,10 @@ class Projects::TagsController < Projects::ApplicationController
   before_action :authorize_admin_project!, only: [:destroy]
 
   def index
-    sorted = VersionSorter.rsort(@repository.tag_names)
-    @tags = Kaminari.paginate_array(sorted).page(params[:page])
+    @sort = params[:sort] || 'name'
+    @tags = @repository.tags_sorted_by(@sort)
+    @tags = Kaminari.paginate_array(@tags).page(params[:page])
+
     @releases = project.releases.where(tag: @tags)
   end
 

app/controllers/projects/todos_controller.rb

 class Projects::TodosController < Projects::ApplicationController
-  def create
-    todos = TodoService.new.mark_todo(issuable, current_user)
-
-    render json: {
-      todo: todos,
-      count: current_user.todos.pending.count,
-    }
-  end
+  before_action :authenticate_user!, only: [:create]
 
-  def update
-    current_user.todos.find_by_id(params[:id]).update(state: :done)
+  def create
+    todo = TodoService.new.mark_todo(issuable, current_user)
 
     render json: {
-      count: current_user.todos.pending.count,
+      count: current_user.todos_pending_count,
+      delete_path: dashboard_todo_path(todo)
     }
   end
 
@@ -22,7 +16,13 @@ class Projects::TodosController < Projects::ApplicationController
     @issuable ||= begin
       case params[:issuable_type]
       when "issue"
-        @project.issues.find(params[:issuable_id])
+        issue = @project.issues.find(params[:issuable_id])
+
+        if can?(current_user, :read_issue, issue)
+          issue
+        else
+          render_404
+        end
       when "merge_request"
         @project.merge_requests.find(params[:issuable_id])
       end

app/controllers/projects_controller.rb

@@ -7,7 +7,7 @@ class ProjectsController < Projects::ApplicationController
   before_action :assign_ref_vars, :tree, only: [:show], if: :repo_exists?
 
   # Authorize
-  before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping]
+  before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export]
   before_action :event_filter, only: [:show, :activity]
 
   layout :determine_layout
@@ -143,6 +143,7 @@ class ProjectsController < Projects::ApplicationController
       issues: autocomplete.issues,
       milestones: autocomplete.milestones,
       mergerequests: autocomplete.merge_requests,
+      labels: autocomplete.labels,
       members: participants
     }
 
@@ -185,6 +186,48 @@ class ProjectsController < Projects::ApplicationController
     )
   end
 
+  def export
+    @project.add_export_job(current_user: current_user)
+
+    redirect_to(
+      edit_project_path(@project),
+      notice: "Project export started. A download link will be sent by email."
+    )
+  end
+
+  def download_export
+    export_project_path = @project.export_project_path
+
+    if export_project_path
+      send_file export_project_path, disposition: 'attachment'
+    else
+      redirect_to(
+        edit_project_path(@project),
+        alert: "Project export link has expired. Please generate a new export from your project settings."
+      )
+    end
+  end
+
+  def remove_export
+    if @project.remove_exports
+      flash[:notice] = "Project export has been deleted."
+    else
+      flash[:alert] = "Project export could not be deleted."
+    end
+    redirect_to(edit_project_path(@project))
+  end
+
+  def generate_new_export
+    if @project.remove_exports
+      export
+    else
+      redirect_to(
+        edit_project_path(@project),
+        alert: "Project export could not be deleted."
+      )
+    end
+  end
+
   def toggle_star
     current_user.toggle_star(@project)
     @project.reload

app/finders/todos_finder.rb

@@ -123,7 +123,7 @@ class TodosFinder
   end
 
   def by_state(items)
-    case params[:state]
+    case params[:state].to_s
     when 'done'
       items.done
     else

app/helpers/blob_helper.rb

@@ -180,8 +180,8 @@ module BlobHelper
     licenses = Licensee::License.all
 
     @licenses_for_select = {
-      Popular: licenses.select(&:featured).map { |license| [license.name, license.key] },
-      Other: licenses.reject(&:featured).map { |license| [license.name, license.key] }
+      Popular: licenses.select(&:featured).map { |license| { name: license.name, id: license.key } },
+      Other: licenses.reject(&:featured).map { |license| { name: license.name, id: license.key } }
     }
   end
 

app/helpers/button_helper.rb

@@ -17,11 +17,21 @@ module ButtonHelper
   def clipboard_button(data = {})
     content_tag :button,
       icon('clipboard'),
-      class: "btn",
+      class: "btn btn-clipboard",
       data: data,
       type: :button
   end
 
+  # Output a "Copy to Clipboard" button with a custom CSS class
+  #
+  # data - Data attributes passed to `content_tag`
+  # css_class - Class passed to the `content_tag`
+  #
+  # Examples:
+  # 
+  #   # Define the target element
+  #   clipboard_button_with_class({clipboard_target: "div#foo"}, css_class: "btn-clipboard")
+  #   # => "<button class='btn btn-clipboard' data-clipboard-target='div#foo'>...</button>"
   def clipboard_button_with_class(data = {}, css_class: 'btn-clipboard')
     content_tag :button,
       icon('clipboard'),

app/helpers/issuables_helper.rb

@@ -67,9 +67,9 @@ module IssuablesHelper
     end
   end
 
-  def has_todo(issuable)
-    unless current_user.nil?
-      current_user.todos.find_by(target_id: issuable.id, state: :pending)
+  def issuable_todo(issuable)
+    if current_user
+      current_user.todos.find_by(target: issuable, state: :pending)
     end
   end
 

app/helpers/members_helper.rb

@@ -6,6 +6,12 @@ module MembersHelper
     "#{action}_#{member.type.underscore}".to_sym
   end
 
+  def default_show_roles(member)
+    can?(current_user, action_member_permission(:update, member), member) ||
+      can?(current_user, action_member_permission(:destroy, member), member) ||
+      can?(current_user, action_member_permission(:admin, member), member.source)
+  end
+
   def remove_member_message(member, user: nil)
     user = current_user if defined?(current_user)
 

app/helpers/notifications_helper.rb

@@ -34,7 +34,7 @@ module NotificationsHelper
   def notification_description(level)
     case level.to_sym
     when :participating
-      'You will only receive notifications from related resources'
+      'You will only receive notifications for threads you have participated in'
     when :mention
       'You will receive notifications only for comments in which you were @mentioned'
     when :watch
@@ -43,6 +43,8 @@ module NotificationsHelper
       'You will not get any notifications via email'
     when :global
       'Use your global notification setting'
+    when :custom
+      'You will only receive notifications for the events you choose'
     end
   end
 
@@ -62,22 +64,14 @@ module NotificationsHelper
     end
   end
 
-  def notification_level_radio_buttons
-    html = ""
-
-    NotificationSetting.levels.each_key do |level|
-      level = level.to_sym
-      next if level == :global
-
-      html << content_tag(:div, class: "radio") do
-        content_tag(:label, { value: level }) do
-          radio_button_tag(:"global_notification_setting[level]", level, @global_notification_setting.level.to_sym == level) +
-          content_tag(:div, level.to_s.capitalize, class: "level-title") +
-          content_tag(:p, notification_description(level))
-        end
-      end
+  # Identifier to trigger individually dropdowns and custom settings modals in the same view
+  def notifications_menu_identifier(type, notification_setting)
+    "#{type}-#{notification_setting.user_id}-#{notification_setting.source_id}-#{notification_setting.source_type}"
   end
 
-    html.html_safe
+  # Create hidden field to send notification setting source to controller
+  def hidden_setting_source_input(notification_setting)
+    return unless notification_setting.source_type
+    hidden_field_tag "#{notification_setting.source_type.downcase}[id]", notification_setting.source_id
   end
 end

app/helpers/todos_helper.rb

 module TodosHelper
   def todos_pending_count
-    current_user.todos.pending.count
+    TodosFinder.new(current_user, state: :pending).execute.count
   end
 
   def todos_done_count
-    current_user.todos.done.count
+    TodosFinder.new(current_user, state: :done).execute.count
   end
 
   def todo_action_name(todo)
@@ -12,7 +12,7 @@ module TodosHelper
     when Todo::ASSIGNED then 'assigned you'
     when Todo::MENTIONED then 'mentioned you on'
     when Todo::BUILD_FAILED then 'The build failed for your'
-    when Todo::MARKED then 'marked this as a Todo for'
+    when Todo::MARKED then 'added a todo for'
     end
   end
 

app/mailers/emails/projects.rb

@@ -9,6 +9,19 @@ module Emails
            subject: subject("Project was moved"))
     end
 
+    def project_was_exported_email(current_user, project)
+      @project = project
+      mail(to: current_user.notification_email,
+           subject: subject("Project was exported"))
+    end
+
+    def project_was_not_exported_email(current_user, project, errors)
+      @project = project
+      @errors = errors
+      mail(to: current_user.notification_email,
+           subject: subject("Project export error"))
+    end
+
     def repository_push_email(project_id, opts = {})
       @message =
         Gitlab::Email::Message::RepositoryPush.new(self, project_id, opts)

app/models/application_setting.rb

@@ -123,7 +123,7 @@ class ApplicationSetting < ActiveRecord::Base
       default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
       default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
       restricted_signup_domains: Settings.gitlab['restricted_signup_domains'],
-      import_sources: ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git'],
+      import_sources: %w[github bitbucket gitlab gitorious google_code fogbugz git gitlab_project],
       shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
       max_artifacts_size: Settings.artifacts['max_size'],
       require_two_factor_authentication: false,

app/models/ci/build.rb

@@ -341,6 +341,7 @@ module Ci
     def erase_artifacts!
       remove_artifacts_file!
       remove_artifacts_metadata!
+      save
     end
 
     def erase(opts = {})

app/models/ci/pipeline.rb

@@ -94,10 +94,13 @@ module Ci
     end
 
     def create_builds(user, trigger_request = nil)
+      ##
+      # We persist pipeline only if there are builds available
+      #
       return unless config_processor
-      config_processor.stages.any? do |stage|
-        CreateBuildsService.new(self).execute(stage, user, 'success', trigger_request).present?
-      end
+
+      build_builds_for_stages(config_processor.stages, user,
+                              'success', trigger_request) && save
     end
 
     def create_next_builds(build)
@@ -115,10 +118,10 @@ module Ci
       prior_builds = latest_builds.where.not(stage: next_stages)
       prior_status = prior_builds.status
 
-      # create builds for next stages based
-      next_stages.any? do |stage|
-        CreateBuildsService.new(self).execute(stage, build.user, prior_status, build.trigger_request).present?
-      end
+      # build builds for next stage that has builds available
+      # and save pipeline if we have builds
+      build_builds_for_stages(next_stages, build.user, prior_status,
+                              build.trigger_request) && save
     end
 
     def retried
@@ -139,10 +142,10 @@ module Ci
       @config_processor ||= begin
         Ci::GitlabCiYamlProcessor.new(ci_yaml_file, project.path_with_namespace)
       rescue Ci::GitlabCiYamlProcessor::ValidationError, Psych::SyntaxError => e
-        save_yaml_error(e.message)
+        self.yaml_errors = e.message
         nil
       rescue
-        save_yaml_error("Undefined error")
+        self.yaml_errors = 'Undefined error'
         nil
       end
     end
@@ -167,8 +170,23 @@ module Ci
       builds.where.not(environment: nil).success.pluck(:environment).uniq
     end
 
+    def notes
+      Note.for_commit_id(sha)
+    end
+
     private
 
+    def build_builds_for_stages(stages, user, status, trigger_request)
+      ##
+      # Note that `Array#any?` implements a short circuit evaluation, so we
+      # build builds only for the first stage that has builds available.
+      #
+      stages.any? do |stage|
+        CreateBuildsService.new(self)
+          .execute(stage, user, status, trigger_request).present?
+      end
+    end
+
     def update_state
       statuses.reload
       self.status = if yaml_errors.blank?
@@ -181,11 +199,5 @@ module Ci
       self.duration = statuses.latest.duration
       save
     end
-
-    def save_yaml_error(error)
-      return if self.yaml_errors?
-      self.yaml_errors = error
-      update_state
-    end
   end
 end

app/models/commit_status.rb

 class CommitStatus < ActiveRecord::Base
   include Statuseable
+  include Importable
 
   self.table_name = 'ci_builds'
 
@@ -7,7 +8,7 @@ class CommitStatus < ActiveRecord::Base
   belongs_to :pipeline, class_name: 'Ci::Pipeline', foreign_key: :commit_id, touch: true
   belongs_to :user
 
-  validates :pipeline, presence: true
+  validates :pipeline, presence: true, unless: :importing?
 
   validates_presence_of :name
 

app/models/concerns/importable.rb

+module Importable
+  extend ActiveSupport::Concern
+
+  attr_accessor :importing
+  alias_method :importing?, :importing
+end

app/models/concerns/referable.rb

@@ -49,6 +49,10 @@ module Referable
       raise NotImplementedError, "#{self} does not implement #{__method__}"
     end
 
+    def reference_valid?(reference)
+      true
+    end
+
     def link_reference_pattern(route, pattern)
       %r{
         (?<url>

app/models/issue.rb

@@ -83,6 +83,10 @@ class Issue < ActiveRecord::Base
     @link_reference_pattern ||= super("issues", /(?<issue>\d+)/)
   end
 
+  def self.reference_valid?(reference)
+    reference.to_i > 0 && reference.to_i <= Gitlab::Database::MAX_INT_VALUE
+  end
+
   def self.sort(method, excluded_labels: [])
     case method.to_s
     when 'due_date_asc' then order_due_date_asc

app/models/jira_issue.rb

-class JiraIssue < ExternalIssue
-end

app/models/member.rb

 class Member < ActiveRecord::Base
   include Sortable
+  include Importable
   include Gitlab::Access
 
   attr_accessor :raw_invite_token
@@ -41,11 +42,11 @@ class Member < ActiveRecord::Base
 
   before_validation :generate_invite_token, on: :create, if: -> (member) { member.invite_email.present? }
 
-  after_create :send_invite, if: :invite?
-  after_create :send_request, if: :request?
-  after_create :create_notification_setting, unless: :pending?
-  after_create :post_create_hook, unless: :pending?
-  after_update :post_update_hook, unless: :pending?
+  after_create :send_invite, if: :invite?, unless: :importing?
+  after_create :send_request, if: :request?, unless: :importing?
+  after_create :create_notification_setting, unless: [:pending?, :importing?]
+  after_create :post_create_hook, unless: [:pending?, :importing?]
+  after_update :post_update_hook, unless: [:pending?, :importing?]
   after_destroy :post_destroy_hook, unless: :pending?
   after_destroy :post_decline_request, if: :request?
 

app/models/merge_request.rb

@@ -4,6 +4,7 @@ class MergeRequest < ActiveRecord::Base
   include Referable
   include Sortable
   include Taskable
+  include Importable
 
   belongs_to :target_project, foreign_key: :target_project_id, class_name: "Project"
   belongs_to :source_project, foreign_key: :source_project_id, class_name: "Project"
@@ -13,7 +14,7 @@ class MergeRequest < ActiveRecord::Base
 
   serialize :merge_params, Hash
 
-  after_create :create_merge_request_diff
+  after_create :create_merge_request_diff, unless: :importing
   after_update :update_merge_request_diff
 
   delegate :commits, :diffs, :real_size, to: :merge_request_diff, prefix: nil
@@ -95,12 +96,12 @@ class MergeRequest < ActiveRecord::Base
     end
   end
 
-  validates :source_project, presence: true, unless: :allow_broken
+  validates :source_project, presence: true, unless: [:allow_broken, :importing?]
   validates :source_branch, presence: true
   validates :target_project, presence: true
   validates :target_branch, presence: true
   validates :merge_user, presence: true, if: :merge_when_build_succeeds?
-  validate :validate_branches, unless: :allow_broken
+  validate :validate_branches, unless: [:allow_broken, :importing?]
   validate :validate_fork
 
   scope :by_branch, ->(branch_name) { where("(source_branch LIKE :branch) OR (target_branch LIKE :branch)", branch: branch_name) }
@@ -132,6 +133,10 @@ class MergeRequest < ActiveRecord::Base
     @link_reference_pattern ||= super("merge_requests", /(?<merge_request>\d+)/)
   end
 
+  def self.reference_valid?(reference)
+    reference.to_i > 0 && reference.to_i <= Gitlab::Database::MAX_INT_VALUE
+  end
+
   # Returns all the merge requests from an ActiveRecord:Relation.
   #
   # This method uses a UNION as it usually operates on the result of

app/models/merge_request_diff.rb

 class MergeRequestDiff < ActiveRecord::Base
   include Sortable
+  include Importable
 
   # Prevent store of diff if commits amount more then 500
   COMMITS_SAFE_SIZE = 100
@@ -22,7 +23,7 @@ class MergeRequestDiff < ActiveRecord::Base
   serialize :st_commits
   serialize :st_diffs
 
-  after_create :reload_content
+  after_create :reload_content, unless: :importing?
 
   def reload_content
     reload_commits

app/models/note.rb

@@ -4,6 +4,7 @@ class Note < ActiveRecord::Base
   include Participable
   include Mentionable
   include Awardable
+  include Importable
 
   default_value_for :system, false
 
@@ -28,11 +29,11 @@ class Note < ActiveRecord::Base
   validates :attachment, file_size: { maximum: :max_attachment_size }
 
   validates :noteable_type, presence: true
-  validates :noteable_id, presence: true, unless: :for_commit?
+  validates :noteable_id, presence: true, unless: [:for_commit?, :importing?]
   validates :commit_id, presence: true, if: :for_commit?
   validates :author, presence: true
 
-  validate unless: :for_commit? do |note|
+  validate unless: [:for_commit?, :importing?] do |note|
     unless note.noteable.try(:project) == note.project
       errors.add(:invalid_project, 'Note and noteable project mismatch')
     end

app/models/notification_setting.rb

 class NotificationSetting < ActiveRecord::Base
-  enum level: { global: 3, watch: 2, mention: 4, participating: 1, disabled: 0 }
+  enum level: { global: 3, watch: 2, mention: 4, participating: 1, disabled: 0, custom: 5 }
 
   default_value_for :level, NotificationSetting.levels[:global]
 
@@ -15,6 +15,24 @@ class NotificationSetting < ActiveRecord::Base
   scope :for_groups, -> { where(source_type: 'Namespace') }
   scope :for_projects, -> { where(source_type: 'Project') }
 
+  EMAIL_EVENTS = [
+    :new_note,
+    :new_issue,
+    :reopen_issue,
+    :close_issue,
+    :reassign_issue,
+    :new_merge_request,
+    :reopen_merge_request,
+    :close_merge_request,
+    :reassign_merge_request,
+    :merge_merge_request
+  ]
+
+  store :events, accessors: EMAIL_EVENTS, coder: JSON
+
+  before_create :set_events
+  before_save :events_to_boolean
+
   def self.find_or_create_for(source)
     setting = find_or_initialize_by(source: source)
 
@@ -24,4 +42,21 @@ class NotificationSetting < ActiveRecord::Base
 
     setting
   end
+
+  # Set all event attributes to false when level is not custom or being initialized for UX reasons
+  def set_events
+    return if custom?
+
+    EMAIL_EVENTS.each do |event|
+      events[event] = false
+    end
+  end
+
+  # Validates store accessors values as boolean
+  # It is a text field so it does not cast correct boolean values in JSON
+  def events_to_boolean
+    EMAIL_EVENTS.each do |event|
+      events[event] = ActiveRecord::ConnectionAdapters::Column::TRUE_VALUES.include?(events[event])
+    end
+  end
 end

app/models/personal_access_token.rb

+class PersonalAccessToken < ActiveRecord::Base
+  include TokenAuthenticatable
+  add_authentication_token_field :token
+
+  belongs_to :user
+
+  scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
+  scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }
+
+  def self.generate(params)
+    personal_access_token = self.new(params)
+    personal_access_token.ensure_token
+    personal_access_token
+  end
+
+  def revoke!
+    self.revoked = true
+    self.save
+  end
+end

app/models/project.rb

@@ -260,7 +260,23 @@ class Project < ActiveRecord::Base
     #
     # Returns a Project, or nil if no project could be found.
     def find_with_namespace(path)
-      where_paths_in([path]).reorder(nil).take
+      namespace_path, project_path = path.split('/', 2)
+
+      return unless namespace_path && project_path
+
+      namespace_path = connection.quote(namespace_path)
+      project_path = connection.quote(project_path)
+
+      # On MySQL we want to ensure the ORDER BY uses a case-sensitive match so
+      # any literal matches come first, for this we have to use "BINARY".
+      # Without this there's still no guarantee in what order MySQL will return
+      # rows.
+      binary = Gitlab::Database.mysql? ? 'BINARY' : ''
+
+      order_sql = "(CASE WHEN #{binary} namespaces.path = #{namespace_path} " \
+        "AND #{binary} projects.path = #{project_path} THEN 0 ELSE 1 END)"
+
+      where_paths_in([path]).reorder(order_sql).take
     end
 
     # Builds a relation to find multiple projects by their full paths.
@@ -349,6 +365,11 @@ class Project < ActiveRecord::Base
 
       joins(join_body).reorder('join_note_counts.amount DESC')
     end
+
+    # Deletes gitlab project export files older than 24 hours
+    def remove_gitlab_exports!
+      Gitlab::Popen.popen(%W(find #{Gitlab::ImportExport.storage_path} -not -path #{Gitlab::ImportExport.storage_path} -mmin +1440 -delete))
+    end
   end
 
   def team
@@ -452,7 +473,7 @@ class Project < ActiveRecord::Base
   end
 
   def import?
-    external_import? || forked?
+    external_import? || forked? || gitlab_project_import?
   end
 
   def no_import?
@@ -483,6 +504,10 @@ class Project < ActiveRecord::Base
     Gitlab::UrlSanitizer.new(import_url).masked_url
   end
 
+  def gitlab_project_import?
+    import_type == 'gitlab_project'
+  end
+
   def check_limit
     unless creator.can_create_project? or namespace.kind == 'group'
       projects_limit = creator.projects_limit
@@ -1078,4 +1103,27 @@ class Project < ActiveRecord::Base
   ensure
     @errors = original_errors
   end
+
+  def add_export_job(current_user:)
+    job_id = ProjectExportWorker.perform_async(current_user.id, self.id)
+
+    if job_id
+      Rails.logger.info "Export job started for project ID #{self.id} with job ID #{job_id}"
+    else
+      Rails.logger.error "Export job failed to start for project ID #{self.id}"
+    end
+  end
+
+  def export_path
+    File.join(Gitlab::ImportExport.storage_path, path_with_namespace)
+  end
+
+  def export_project_path
+    Dir.glob("#{export_path}/*export.tar.gz").max_by { |f| File.ctime(f) }
+  end
+
+  def remove_exports
+    _, status = Gitlab::Popen.popen(%W(find #{export_path} -not -path #{export_path} -delete))
+    status.zero?
+  end
 end

app/models/repository.rb

@@ -243,7 +243,7 @@ class Repository
   end
 
   def cache_keys
-    %i(size branch_names tag_names commit_count
+    %i(size branch_names tag_names branch_count tag_count commit_count
        readme version contribution_guide changelog
        license_blob license_key gitignore)
   end
@@ -598,6 +598,21 @@ class Repository
     end
   end
 
+  def tags_sorted_by(value)
+    case value
+    when 'name'
+      # Would be better to use `sort_by` but `version_sorter` only exposes
+      # `sort` and `rsort`
+      VersionSorter.rsort(tag_names).map { |tag_name| find_tag(tag_name) }
+    when 'updated_desc'
+      tags_sorted_by_committed_date.reverse
+    when 'updated_asc'
+      tags_sorted_by_committed_date
+    else
+      tags
+    end
+  end
+
   def contributors
     commits = self.commits(nil, limit: 2000, offset: 0, skip_merges: true)
 
@@ -995,4 +1010,8 @@ class Repository
   def file_on_head(regex)
     tree(:head).blobs.find { |file| file.name =~ regex }
   end
+
+  def tags_sorted_by_committed_date
+    tags.sort_by { |tag| commit(tag.target).committed_date }
+  end
 end

app/models/user.rb

@@ -51,6 +51,7 @@ class User < ActiveRecord::Base
   # Profile
   has_many :keys, dependent: :destroy
   has_many :emails, dependent: :destroy
+  has_many :personal_access_tokens, dependent: :destroy
   has_many :identities, dependent: :destroy, autosave: true
   has_many :u2f_registrations, dependent: :destroy
 
@@ -267,6 +268,11 @@ class User < ActiveRecord::Base
       find_by!('lower(username) = ?', username.downcase)
     end
 
+    def find_by_personal_access_token(token_string)
+      personal_access_token = PersonalAccessToken.active.find_by_token(token_string) if token_string
+      personal_access_token.user if personal_access_token
+    end
+
     def by_username_or_id(name_or_id)
       find_by('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i)
     end
@@ -821,6 +827,23 @@ class User < ActiveRecord::Base
     assigned_open_issues_count(force: true)
   end
 
+  def todos_done_count(force: false)
+    Rails.cache.fetch(['users', id, 'todos_done_count'], force: force) do
+      todos.done.count
+    end
+  end
+
+  def todos_pending_count(force: false)
+    Rails.cache.fetch(['users', id, 'todos_pending_count'], force: force) do
+      todos.pending.count
+    end
+  end
+
+  def update_todos_count_cache
+    todos_done_count(force: true)
+    todos_pending_count(force: true)
+  end
+
   private
 
   def projects_union(min_access_level = nil)

app/services/ci/create_builds_service.rb

@@ -2,10 +2,11 @@ module Ci
   class CreateBuildsService
     def initialize(pipeline)
       @pipeline = pipeline
+      @config = pipeline.config_processor
     end
 
     def execute(stage, user, status, trigger_request = nil)
-      builds_attrs = config_processor.builds_for_stage_and_ref(stage, @pipeline.ref, @pipeline.tag, trigger_request)
+      builds_attrs = @config.builds_for_stage_and_ref(stage, @pipeline.ref, @pipeline.tag, trigger_request)
 
       # check when to create next build
       builds_attrs = builds_attrs.select do |build_attrs|
@@ -19,10 +20,15 @@ module Ci
         end
       end
 
-      builds_attrs.map do |build_attrs|
       # don't create the same build twice
-        unless @pipeline.builds.find_by(ref: @pipeline.ref, tag: @pipeline.tag,
-                                        trigger_request: trigger_request, name: build_attrs[:name])
+      builds_attrs.reject! do |build_attrs|
+        @pipeline.builds.find_by(ref: @pipeline.ref,
+                                 tag: @pipeline.tag,
+                                 trigger_request: trigger_request,
+                                 name: build_attrs[:name])
+      end
+
+      builds_attrs.map do |build_attrs|
         build_attrs.slice!(:name,
                            :commands,
                            :tag_list,
@@ -32,21 +38,19 @@ module Ci
                            :stage_idx,
                            :environment)
 
-          build_attrs.merge!(ref: @pipeline.ref,
+        build_attrs.merge!(pipeline: @pipeline,
+                           ref: @pipeline.ref,
                            tag: @pipeline.tag,
                            trigger_request: trigger_request,
                            user: user,
                            project: @pipeline.project)
 
-          @pipeline.builds.create!(build_attrs)
-        end
-      end
+        ##
+        # We do not persist new builds here.
+        # Those will be persisted when @pipeline is saved.
+        #
+        @pipeline.builds.new(build_attrs)
       end
-
-    private
-
-    def config_processor
-      @config_processor ||= @pipeline.config_processor
     end
   end
 end

app/services/ci/create_pipeline_service.rb

@@ -8,7 +8,9 @@ module Ci
         return pipeline
       end
 
-      unless commit
+      if commit
+        pipeline.sha = commit.id
+      else
         pipeline.errors.add(:base, 'Commit not found')
         return pipeline
       end
@@ -18,22 +20,18 @@ module Ci
         return pipeline
       end
 
-      begin
-        Ci::Pipeline.transaction do
-          pipeline.sha = commit.id
-
       unless pipeline.config_processor
         pipeline.errors.add(:base, pipeline.yaml_errors || 'Missing .gitlab-ci.yml file')
-            raise ActiveRecord::Rollback
+        return pipeline
       end
 
       pipeline.save!
-          pipeline.create_builds(current_user)
-        end
-      rescue
-        pipeline.errors.add(:base, 'The pipeline could not be created. Please try again.')
+
+      unless pipeline.create_builds(current_user)
+        pipeline.errors.add(:base, 'No builds for this pipeline.')
       end
 
+      pipeline.save
       pipeline
     end
 

app/services/create_commit_builds_service.rb

 class CreateCommitBuildsService
   def execute(project, user, params)
-    return false unless project.builds_enabled?
+    return unless project.builds_enabled?
 
     before_sha = params[:checkout_sha] || params[:before]
     sha = params[:checkout_sha] || params[:after]
     origin_ref = params[:ref]
 
-    unless origin_ref && sha.present?
-      return false
-    end
-
     ref = Gitlab::Git.ref_name(origin_ref)
     tag = Gitlab::Git.tag_ref?(origin_ref)
 
@@ -18,23 +14,50 @@ class CreateCommitBuildsService
       return false
     end
 
-    pipeline = Ci::Pipeline.new(project: project, sha: sha, ref: ref, before_sha: before_sha, tag: tag)
+    @pipeline = Ci::Pipeline.new(project: project, sha: sha, ref: ref, before_sha: before_sha, tag: tag)
 
-    # Skip creating pipeline when no gitlab-ci.yml is found
-    unless pipeline.ci_yaml_file
+    ##
+    # Skip creating pipeline if no gitlab-ci.yml is found
+    #
+    unless @pipeline.ci_yaml_file
       return false
     end
 
-    # Create a new pipeline
-    pipeline.save!
-
+    ##
     # Skip creating builds for commits that have [ci skip]
-    unless pipeline.skip_ci?
-      # Create builds for commit
-      pipeline.create_builds(user)
+    # but save pipeline object
+    #
+    if @pipeline.skip_ci?
+      return save_pipeline!
+    end
+
+    ##
+    # Skip creating builds when CI config is invalid
+    # but save pipeline object
+    #
+    unless @pipeline.config_processor
+      return save_pipeline!
     end
 
-    pipeline.touch
-    pipeline
+    ##
+    # Skip creating pipeline object if there are no builds for it.
+    #
+    unless @pipeline.create_builds(user)
+      @pipeline.errors.add(:base, 'No builds created')
+      return false
+    end
+
+    save_pipeline!
+  end
+
+  private
+
+  ##
+  # Create a new pipeline and touch object to calculate status
+  #
+  def save_pipeline!
+    @pipeline.save!
+    @pipeline.touch
+    @pipeline
   end
 end

app/services/projects/autocomplete_service.rb

@@ -11,5 +11,9 @@ module Projects
     def merge_requests
       @project.merge_requests.opened.select([:iid, :title])
     end
+
+    def labels
+      @project.labels.select([:title, :color])
+    end
   end
 end

app/services/projects/create_service.rb

@@ -80,16 +80,18 @@ module Projects
     def after_create_actions
       log_info("#{@project.owner.name} created a new project \"#{@project.name_with_namespace}\"")
 
+      unless @project.gitlab_project_import?
         @project.create_wiki if @project.wiki_enabled?
 
         @project.build_missing_services
 
         @project.create_labels
+      end
 
       event_service.create_project(@project, current_user)
       system_hook_service.execute_hooks_for(@project, :create)
 
-      unless @project.group
+      unless @project.group || @project.gitlab_project_import?
         @project.team << [current_user, :master, current_user]
       end
     end

app/services/projects/import_export/export_service.rb

+module Projects
+  module ImportExport
+    class ExportService < BaseService
+
+      def execute(_options = {})
+        @shared = Gitlab::ImportExport::Shared.new(relative_path: File.join(project.path_with_namespace, 'work'))
+        save_all
+      end
+
+      private
+
+      def save_all
+        if [version_saver, project_tree_saver, uploads_saver, repo_saver, wiki_repo_saver].all?(&:save)
+          Gitlab::ImportExport::Saver.save(shared: @shared)
+          notify_success
+        else
+          cleanup_and_notify
+        end
+      end
+
+      def version_saver
+        Gitlab::ImportExport::VersionSaver.new(shared: @shared)
+      end
+
+      def project_tree_saver
+        Gitlab::ImportExport::ProjectTreeSaver.new(project: project, shared: @shared)
+      end
+
+      def uploads_saver
+        Gitlab::ImportExport::UploadsSaver.new(project: project, shared: @shared)
+      end
+
+      def repo_saver
+        Gitlab::ImportExport::RepoSaver.new(project: project, shared: @shared)
+      end
+
+      def wiki_repo_saver
+        Gitlab::ImportExport::WikiRepoSaver.new(project: project, shared: @shared)
+      end
+
+      def cleanup_and_notify
+        FileUtils.rm_rf(@shared.export_path)
+
+        notify_error
+        raise Gitlab::ImportExport::Error.new(@shared.errors.join(', '))
+      end
+
+      def notify_success
+        notification_service.project_exported(@project, @current_user)
+      end
+
+      def notify_error
+        notification_service.project_not_exported(@project, @current_user, @shared.errors)
+      end
+    end
+  end
+end

app/services/projects/import_service.rb

@@ -9,26 +9,31 @@ module Projects
       'fogbugz',
       'gitlab',
       'github',
-      'google_code'
+      'google_code',
+      'gitlab_project'
     ]
 
     def execute
-      if unknown_url?
-        # In this case, we only want to import issues, not a repository.
-        create_repository
-      else
-        import_repository
-      end
+      add_repository_to_project unless project.gitlab_project_import?
 
       import_data
 
       success
-    rescue Error => e
+    rescue => e
       error(e.message)
     end
 
     private
 
+    def add_repository_to_project
+      if unknown_url?
+        # In this case, we only want to import issues, not a repository.
+        create_repository
+      else
+        import_repository
+      end
+    end
+
     def create_repository
       unless project.create_repository
         raise Error, 'The repository could not be created.'
@@ -46,7 +51,7 @@ module Projects
     def import_data
       return unless has_importer?
 
-      project.repository.before_import
+      project.repository.before_import unless project.gitlab_project_import?
 
       unless importer.execute
         raise Error, 'The remote data could not be imported.'
@@ -58,6 +63,8 @@ module Projects
     end
 
     def importer
+      return Gitlab::ImportExport::Importer.new(project) if @project.gitlab_project_import?
+
       class_name = "Gitlab::#{project.import_type.camelize}Import::Importer"
       class_name.constantize.new(project)
     end

app/services/todo_service.rb

 # TodoService class
 #
-# Used for creating todos after certain user actions
+# Used for creating/updating todos after certain user actions
 #
 # Ex.
 #   TodoService.new.new_issue(issue, current_user)
@@ -137,6 +137,15 @@ class TodoService
   def mark_pending_todos_as_done(target, user)
     attributes = attributes_for_target(target)
     pending_todos(user, attributes).update_all(state: :done)
+    user.update_todos_count_cache
+  end
+
+  # When user marks some todos as done
+  def mark_todos_as_done(todos, current_user)
+    todos = current_user.todos.where(id: todos.map(&:id)) unless todos.respond_to?(:update_all)
+
+    todos.update_all(state: :done)
+    current_user.update_todos_count_cache
   end
 
   # When user marks an issue as todo
@@ -151,6 +160,7 @@ class TodoService
     Array(users).map do |user|
       next if pending_todos(user, attributes).exists?
       Todo.create(attributes.merge(user_id: user.id))
+      user.update_todos_count_cache
     end
   end
 
@@ -161,11 +171,16 @@ class TodoService
 
   def update_issuable(issuable, author)
     # Skip toggling a task list item in a description
-    return if issuable.tasks? && issuable.updated_tasks.any?
+    return if toggling_tasks?(issuable)
 
     create_mention_todos(issuable.project, issuable, author)
   end
 
+  def toggling_tasks?(issuable)
+    issuable.previous_changes.include?('description') &&
+      issuable.tasks? && issuable.updated_tasks.any?
+  end
+
   def handle_note(note, author)
     # Skip system notes, and notes on project snippet
     return if note.system? || note.for_snippet?

app/views/admin/dashboard/_head.html.haml

@@ -20,3 +20,7 @@
       = link_to admin_builds_path, title: 'Builds' do
         %span
           Builds
+    = nav_link path: ['runners#index', 'runners#show'] do
+      = link_to admin_runners_path, title: 'Runners' do
+        %span
+          Runners

app/views/admin/runners/index.html.haml

-%p.lead.prepend-top-default
+- @no_container = true
+= render "admin/dashboard/head"
+
+%div{ class: (container_class) }
+
+  %p.prepend-top-default
     %span
       To register a new runner you should enter the following registration token.
       With this token the runner will request a unique runner token and use that for future communication.
+      %br
       Registration token is
       %code{ id: 'runners-token' } #{current_application_settings.runners_registration_token}
 
-.bs-callout.clearfix
+  .bs-callout.clearfix
     .pull-left
       %p
         You can reset runners registration token by pressing a button below.
@@ -16,7 +22,7 @@
           = icon('refresh')
           Reset runners registration token
 
-.bs-callout
+  .bs-callout
     %p
       A 'runner' is a process which runs a build.
       You can setup as many runners as you need.
@@ -37,7 +43,7 @@
           %span.label.label-danger paused
           \- runner will not receive any new builds
 
-.append-bottom-20.clearfix
+  .append-bottom-20.clearfix
     .pull-left
       = form_tag admin_runners_path, id: 'runners-search', class: 'form-inline', method: :get do
         .form-group
@@ -47,9 +53,9 @@
     .pull-right.light
       Runners with last contact less than a minute ago: #{@active_runners_cnt}
 
-%br
+  %br
 
-.table-holder
+  .table-holder
     %table.table
       %thead
         %tr
@@ -64,4 +70,4 @@
 
       - @runners.each do |runner|
         = render "admin/runners/runner", runner: runner
-= paginate @runners
+  = paginate @runners

app/views/devise/mailer/password_change.html.haml

+.center
+  #content
+    %h2 Hello, #{@resource.name}!
+    %p
+      The password for your GitLab account on
+      #{link_to(Gitlab.config.gitlab.url, Gitlab.config.gitlab.url)}
+      has successfully been changed.
+    %p
+      If you did not initiate this change, please contact your administrator
+      immediately.

app/views/devise/mailer/password_change.text.erb

+Hello, <%= @resource.name %>!
+
+The password for your GitLab account on <%= Gitlab.config.gitlab.url %>
+has successfully been changed.
+
+If you did not initiate this change, please contact your administrator
+immediately.

app/views/devise/mailer/reset_password_instructions.html.erb

-<p>Hello <%= @resource.email %>!</p>
-
-<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
-
-<p><%= link_to 'Change your password', edit_password_url(@resource, reset_password_token: @token) %></p>
-
-<p>If you didn't request this, please ignore this email.</p>
-<p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/reset_password_instructions.html.haml

+.center
+  #content
+    %h2 Hello, #{@resource.name}!
+    %p
+      Someone, hopefully you, has requested to reset the password for your
+      GitLab account on #{link_to(Gitlab.config.gitlab.url, Gitlab.config.gitlab.url)}.
+    %p
+      If you did not perform this request, you can safely ignore this email.
+    %p
+      Otherwise, click the link below to complete the process.
+    #cta
+      = link_to('Reset password', edit_password_url(@resource, reset_password_token: @token))

app/views/devise/mailer/reset_password_instructions.text.erb

+Hello, <%= @resource.name %>!
+
+Someone, hopefully you, has requested to reset the password for your GitLab
+account on <%= Gitlab.config.gitlab.url %>
+
+If you did not perform this request, you can safely ignore this email.
+
+Otherwise, click the link below to complete the process:
+
+<%= edit_password_url(@resource, reset_password_token: @token) %>

app/views/devise/mailer/unlock_instructions.html.haml

-%p
-Hello #{@resource.name}!
-
-%p
+.center
+  #content
+    %h2 Hello, #{@resource.name}!
+    %p
       Your GitLab account has been locked due to an excessive amount of unsuccessful
-  sign in attempts. Your account will automatically unlock in
-  = time_ago_in_words(Devise.unlock_in.from_now)
+      sign in attempts. Your account will automatically unlock in #{time_ago_in_words(Devise.unlock_in.from_now)}
       or you may click the link below to unlock now.
-
-%p= link_to 'Unlock your account', unlock_url(@resource, unlock_token: @token)
+    #cta
+      = link_to('Unlock account', unlock_url(@resource, unlock_token: @token))

app/views/devise/mailer/unlock_instructions.text.erb

+Hello, <%= @resource.name %>!
+
+Your GitLab account has been locked due to an excessive amount of unsuccessful
+sign in attempts. Your account will automatically unlock in <%= time_ago_in_words(Devise.unlock_in.from_now) %>
+or you may click the link below to unlock now.
+
+<%= unlock_url(@resource, unlock_token: @token) %>

app/views/import/github/status.html.haml

@@ -6,7 +6,7 @@
 
 %p
   %i.fa.fa-warning
-  To import GitHub pull requests, any pull request source branches that had been deleted are temporarily restored on GitHub. To prevent any connected CI services from being overloaded with dozens of irrelevant branches being created and deleted again, GitHub webhooks are temporarily disabled during the import process.
+  To import GitHub pull requests, any pull request source branches that had been deleted are temporarily restored on GitHub. To prevent any connected CI services from being overloaded with dozens of irrelevant branches being created and deleted again, GitHub webhooks are temporarily disabled during the import process, but only if you have admin access to the GitHub repository.
 
 %p.light
   Select projects you want to import.

app/views/import/gitlab_projects/new.html.haml

+- page_title "GitLab Import"
+- header_title "Projects", root_path
+%h3.page-title
+  = icon('gitlab')
+  Import an exported GitLab project
+%hr
+
+= form_tag import_gitlab_project_path, class: 'form-horizontal', multipart: true do
+  %p
+    Project will be imported as
+    %strong
+      #{@namespace_name}/#{@path}
+
+  %p
+    To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here.
+  .form-group
+    = hidden_field_tag :namespace_id, @namespace_id
+    = hidden_field_tag :path, @path
+    = label_tag :file, class: 'control-label' do
+      %span GitLab project export
+    .col-sm-10
+      = file_field_tag :file, class: ''
+
+  .form-actions
+    = submit_tag 'Import project', class: 'btn btn-create'

app/views/layouts/nav/_admin.html.haml

 %ul.nav-links.scrolling-tabs
   .fade-left
-  = nav_link(controller: %w(dashboard admin projects users groups builds), html_options: {class: 'home'}) do
+  = nav_link(controller: %w(dashboard admin projects users groups builds runners), html_options: {class: 'home'}) do
     = link_to admin_root_path, title: 'Overview', class: 'shortcuts-tree' do
       %span
         Overview
@@ -12,10 +12,6 @@
     = link_to admin_deploy_keys_path, title: 'Deploy Keys' do
       %span
         Deploy Keys
-  = nav_link path: ['runners#index', 'runners#show'] do
-    = link_to admin_runners_path, title: 'Runners' do
-      %span
-        Runners
   = nav_link(controller: :broadcast_messages) do
     = link_to admin_broadcast_messages_path, title: 'Messages' do
       %span

app/views/layouts/nav/_profile.html.haml

@@ -13,6 +13,10 @@
       = link_to applications_profile_path, title: 'Applications' do
         %span
           Applications
+  = nav_link(controller: :personal_access_tokens) do
+    = link_to profile_personal_access_tokens_path, title: 'Personal Access Tokens' do
+      %span
+        Personal Access Tokens
   = nav_link(controller: :emails) do
     = link_to profile_emails_path, title: 'Emails' do
       %span

app/views/layouts/nav/_project.html.haml

@@ -5,18 +5,19 @@
         = icon('cog')
         = icon('caret-down')
       %ul.dropdown-menu.dropdown-menu-align-right
+        - is_project_member = @project.users.exists?(current_user.id)
         - access = @project.team.max_member_access(current_user.id)
         - can_edit = can?(current_user, :admin_project, @project)
 
         = render 'layouts/nav/project_settings', access: access, can_edit: can_edit
 
-        - if can_edit || access
+        - if can_edit || is_project_member
           %li.divider
           - if can_edit
             %li
               = link_to edit_project_path(@project) do
                 Edit Project
-          - if access
+          - if is_project_member
             %li
               = link_to polymorphic_path([:leave, @project, :members]),
                 data: { confirm: leave_confirmation_message(@project) }, method: :delete, title: 'Leave project' do

app/views/notify/project_was_exported_email.html.haml

+%p
+  Project #{@project.name} was exported successfully.
+%p
+  The project export can be downloaded from:
+  = link_to download_export_namespace_project_url(@project.namespace, @project) do
+    = @project.name_with_namespace + " export"
+%p
+  The download link will expire in 24 hours.

app/views/notify/project_was_exported_email.text.erb

+Project <%= @project.name %> was exported successfully.
+
+The project export can be downloaded from:
+<%= download_export_namespace_project_url(@project.namespace, @project) %>
+
+The download link will expire in 24 hours.

app/views/notify/project_was_not_exported_email.html.haml

+%p
+  Project #{@project.name} couldn't be exported.
+%p
+  The errors we encountered were:
+
+  %ul
+  - @errors.each do |error|
+    %li
+      error

app/views/notify/project_was_not_exported_email.text.erb

+Project <%= @project.name %> couldn't be exported.
+
+The errors we encountered were:
+
+- @errors.each do |error|
+<%= error %>
\ No newline at end of file

app/views/profiles/accounts/show.html.haml

@@ -62,10 +62,14 @@
           .provider-btn-image
             = provider_image_tag(provider)
           - if auth_active?(provider)
+            - if provider.to_s == 'saml'
+              %a.provider-btn
+                Active
+            - else
               = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do
                 Disconnect
           - else
-            = link_to user_omniauth_authorize_path(provider), method: :post, class: "provider-btn #{'not-active' if !auth_active?(provider)}", "data-no-turbolink" => "true" do
+            = link_to user_omniauth_authorize_path(provider), method: :post, class: 'provider-btn not-active', "data-no-turbolink" => "true" do
               Connect
   %hr
 - if current_user.can_change_username?