Merge branch 'master' into api-new-attributes

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.14.0 (unreleased)
+  - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)
   - Fix URL used for refreshing notes if relative_url is present (Bartłomiej Święcki)
   - Fix commit data retrieval when branch name has single quotes (Stan Hu)
-  - Fix Error 500 when browsing projects with no HEAD (Stan Hu)
-  - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt)
   - Fix full screen mode for snippet comments (Daniel Gerhardt)
   - Fix 404 error in files view after deleting the last file in a repository (Stan Hu)
   - Fix the "Reload with full diff" URL button (Stan Hu)
@@ -17,6 +16,18 @@ v 7.14.0 (unreleased)
   - Add support for destroying project milestones (Stan Hu)
   - Add fetch command to the MR page
   - Add project star and fork count, group avatar URL and user/group web URL attributes to API
+  - Fix bug causing Bitbucket importer to crash when OAuth application had been removed.
+  - Add fetch command to the MR page.
+
+v 7.13.2
+  - Fix randomly failed spec
+  - Create project services on Project creation
+  - Add admin_merge_request ability to Developer level and up
+  - Fix Error 500 when browsing projects with no HEAD (Stan Hu)
+  - Fix labels / assignee / milestone for the merge requests when issues are disabled
+  - Show the first tab automatically on MergeRequests#new
+  - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt)
+  - Fix Gmail Actions
 
 v 7.13.1
   - Fix: Label modifications are not reflected in existing notes and in the issue list
@@ -27,10 +38,10 @@ v 7.13.1
   - Fix: ActionView::Template::Error
   - Fix: "Create Merge Request" isn't always shown in event for newly pushed branch
   - Fix bug causing "Remove source-branch" option not to work for merge requests from the same project.
+  - Render Note field hints consistently for "new" and "edit" forms
 
 v 7.13.0
   - Remove repository graph log to fix slow cache updates after push event (Stan Hu)
-v 7.13.0 (unreleased)
   - Return comments in created order in merge request API (Stan Hu)
   - Only enable HSTS header for HTTPS and port 443 (Stan Hu)
   - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu)

Gemfile

@@ -38,7 +38,7 @@ gem "browser", '~> 0.8.0'
 
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 7.2.5'
+gem "gitlab_git", '~> 7.2.6'
 
 # Ruby/Rack Git Smart-HTTP Server Handler
 # GitLab fork with a lot of changes (improved thread-safety, better memory usage etc)
@@ -272,4 +272,3 @@ end
 gem "newrelic_rpm"
 
 gem 'octokit', '3.7.0'
-gem "rugments", "~> 1.0.0.beta8"

Gemfile.lock

@@ -271,7 +271,7 @@ GEM
       mime-types (~> 1.19)
     gitlab_emoji (0.1.0)
       gemojione (~> 2.0)
-    gitlab_git (7.2.5)
+    gitlab_git (7.2.6)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.6)
       gitlab-linguist (~> 3.0)
@@ -288,7 +288,7 @@ GEM
       github-markup (~> 1.3.1)
       gollum-grit_adapter (~> 0.1, >= 0.1.1)
       nokogiri (~> 1.6.4)
-      rouge (~> 1.7.4)
+      rouge (~> 1.9)
       sanitize (~> 2.1.0)
       stringex (~> 2.5.1)
     gon (5.0.1)
@@ -536,7 +536,7 @@ GEM
       netrc (~> 0.7)
     rinku (1.7.3)
     rotp (1.6.1)
-    rouge (1.7.7)
+    rouge (1.9.1)
     rqrcode (0.4.2)
     rqrcode-rails3 (0.1.7)
       rqrcode (>= 0.4.2)
@@ -579,7 +579,6 @@ GEM
     rubyntlm (0.5.0)
     rubypants (0.2.0)
     rugged (0.22.2)
-    rugments (1.0.0.beta8)
     safe_yaml (1.0.4)
     sanitize (2.1.0)
       nokogiri (>= 1.4.4)
@@ -784,7 +783,7 @@ DEPENDENCIES
   gitlab-grack (~> 2.0.2)
   gitlab-linguist (~> 3.0.1)
   gitlab_emoji (~> 0.1)
-  gitlab_git (~> 7.2.5)
+  gitlab_git (~> 7.2.6)
   gitlab_meta (= 7.0)
   gitlab_omniauth-ldap (= 1.2.1)
   gollum-lib (~> 4.0.2)
@@ -836,7 +835,6 @@ DEPENDENCIES
   rqrcode-rails3
   rspec-rails (~> 3.3.0)
   rubocop (= 0.28.0)
-  rugments (~> 1.0.0.beta8)
   sanitize (~> 2.0)
   sass-rails (~> 4.0.5)
   sdoc

app/assets/stylesheets/pages/notes.scss

@@ -37,7 +37,7 @@ ul.notes {
       font-size: 13px;
 
       a {
-        @extend .cgray;        
+        @extend .cgray;
 
         &:hover {
           text-decoration: underline;
@@ -105,6 +105,8 @@ ul.notes {
         }
 
         hr {
+          // Darken 'whitesmoke' a bit to make it more visible in note bodies
+          border-color: darken(#F5F5F5, 8%);
           margin: 10px 0;
         }
       }

app/controllers/import/bitbucket_controller.rb

@@ -3,6 +3,7 @@ class Import::BitbucketController < Import::BaseController
   before_action :bitbucket_auth, except: :callback
 
   rescue_from OAuth::Error, with: :bitbucket_unauthorized
+  rescue_from Gitlab::BitbucketImport::Client::Unauthorized, with: :bitbucket_unauthorized
 
   def callback
     request_token = session.delete(:oauth_request_token)

app/helpers/blob_helper.rb

 module BlobHelper
   def highlight(blob_name, blob_content, nowrap: false, continue: false)
-    @formatter ||= Rugments::Formatters::HTML.new(
+    @formatter ||= Rouge::Formatters::HTMLGitlab.new(
       nowrap: nowrap,
       cssclass: 'code highlight',
       lineanchors: true,
@@ -8,11 +8,11 @@ module BlobHelper
     )
 
     begin
-      @lexer ||= Rugments::Lexer.guess(filename: blob_name, source: blob_content).new
+      @lexer ||= Rouge::Lexer.guess(filename: blob_name, source: blob_content).new
       result = @formatter.format(@lexer.lex(blob_content, continue: continue)).html_safe
     rescue
-      lexer = Rugments::Lexers::PlainText
-      result = @formatter.format(lexer.lex(blob_content)).html_safe
+      @lexer = Rouge::Lexers::PlainText
+      result = @formatter.format(@lexer.lex(blob_content)).html_safe
     end
 
     result

app/helpers/emails_helper.rb

@@ -31,8 +31,8 @@ module EmailsHelper
   end
 
   def color_email_diff(diffcontent)
-    formatter = Rugments::Formatters::HTML.new(cssclass: "highlight", inline_theme: :github)
-    lexer = Rugments::Lexers::Diff.new
+    formatter = Rouge::Formatters::HTML.new(css_class: 'highlight', inline_theme: 'github')
+    lexer = Rouge::Lexers::Diff
     raw formatter.format(lexer.lex(diffcontent))
   end
 

app/views/projects/wikis/show.html.haml

@@ -3,6 +3,10 @@
 %h3.page-title
   = @page.title
   = render 'main_links'
+
+.wiki-last-edit-by
+  Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)}
+
 - if @page.historical?
   .warning_message
     This is an old version of this page.
@@ -16,6 +20,6 @@
       = render_wiki_content(@page)
 
 %hr
-
 .wiki-last-edit-by
   Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)}
+

doc/gitlab-basics/README.md

@@ -2,7 +2,7 @@
 
 Step-by-step guides on the basics of working with Git and GitLab.
 
-* [Start using Git on the commandline](start-using-git.md)
+* [Start using Git on the command line](start-using-git.md)
 
 * [Create and add your SSH Keys](create-your-ssh-keys.md)
 
@@ -17,3 +17,5 @@ Step-by-step guides on the basics of working with Git and GitLab.
 * [Create a branch](create-branch.md)
 
 * [Fork a project](fork-project.md)
+
+* [Add a file](add-file.md)

doc/gitlab-basics/add-file.md

+# How to add a file
+
+You can create a file in your [shell](command-line-commands.md) or in GitLab.
+
+To create a file in GitLab, sign in to [GitLab.com](https://gitlab.com).
+
+Select a project on the right side of your screen:
+
+![Select a project](basicsimages/select_project.png)
+
+It's a good idea to [create a branch](create-branch.md), but it's not necessary.
+
+Go to the directory where you'd like to add the file and click on the "+" sign next to the name of the project and directory:
+
+![Create a file](basicsimages/create_file.png)
+
+Name your file (you can't add spaces, so you can use hyphens or underscores). Don't forget to include the markup language you'd like to use :
+
+![File name](basicsimages/file_name.png)
+
+Add all the information that you'd like to include in your file:
+
+![Add information](basicsimages/white_space.png)
+
+Add a commit message based on what you just added and then click on "commit changes":
+
+![Commit changes](basicsimages/commit_changes.png)
+
+### Note
+Besides its regular files, every directory needs a README.md or README.html file which works like an index, telling
+what the directory is about. It's the first document you'll find when you open a directory.

doc/ssh/README.md

@@ -105,3 +105,6 @@ IdentityFile ~/my-ssh-key-directory/company-com-private-key-filename
 Note in the gitlab.com example above a username was specified to override the default chosen by OpenSSH (your local username). This is only required if your local and remote usernames differ.
 
 Due to the wide variety of SSH clients and their very large number of configuration options, further explanation of these topics is beyond the scope of this document.
+
+Public SSH keys need to be unique, as they will bind to your account. Your SSH key is the only identifier you'll
+have when pushing code via SSH. That's why it needs to uniquely map to a single user.

doc/workflow/importing/README.md

@@ -6,4 +6,7 @@
 4. [SVN](migrating_from_svn.md)
 
 ### Note
-* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
\ No newline at end of file
+* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
+
+* Repositories are imported to GitLab via HTTP. 
+If the repository is too large, it can timeout. We have a soft limit of 10GB.

doc/workflow/labels.md

 # Labels
 
-In GitLab, you can easily tag issues and merge requests. If you have permission level `Developer` or higher, you can manage labels. To create, edit or delete a label, go to a project and then to `Issues` and then `Labels`.
+In GitLab, you can easily tag issues and Merge Requests. If you have permission level `Developer` or higher, you can manage labels. To create, edit or delete a label, go to a project and then to `Issues` and then `Labels`.
 
 Here you can create a new label.
 
@@ -14,3 +14,5 @@ If you want to change an existing label, press edit next to the listed label.
 You will be presented with the same form as when creating a new label.
 
 ![edit label](labels/label3.png)
+
+You can add labels to Merge Requests when you create or edit them.

lib/gitlab/backend/grack_auth.rb

@@ -26,7 +26,12 @@ module Grack
       auth!
 
       if project && authorized_request?
-        @app.call(env)
+        if ENV['GITLAB_GRACK_AUTH_ONLY'] == '1'
+          # Tell gitlab-git-http-server the request is OK, and what the GL_ID is
+          render_grack_auth_ok
+        else
+          @app.call(env)
+        end
       elsif @user.nil? && !@gitlab_ci
         unauthorized
       else
@@ -174,6 +179,10 @@ module Grack
       end
     end
 
+    def render_grack_auth_ok
+      [200, { "Content-Type" => "application/json" }, [JSON.dump({ 'GL_ID' => Gitlab::ShellEnv.gl_id(@user) })]]
+    end
+
     def render_not_found
       [404, { "Content-Type" => "text/plain" }, ["Not Found"]]
     end

lib/gitlab/backend/shell_env.rb

@@ -7,7 +7,7 @@ module Gitlab
     def set_env(user)
       # Set GL_ID env variable
       if user
-        ENV['GL_ID'] = "user-#{user.id}"
+        ENV['GL_ID'] = gl_id(user)
       end
     end
 
@@ -15,5 +15,14 @@ module Gitlab
       # Reset GL_ID env variable
       ENV['GL_ID'] = nil
     end
+
+    def gl_id(user)
+      if user.present?
+        "user-#{user.id}"
+      else
+        # This empty string is used in the render_grack_auth_ok method
+        ""
+      end
+    end
   end
 end

lib/gitlab/bitbucket_import/client.rb

 module Gitlab
   module BitbucketImport
     class Client
+      class Unauthorized < StandardError; end
+
       attr_reader :consumer, :api
 
       def initialize(access_token = nil, access_token_secret = nil)
@@ -46,23 +48,23 @@ module Gitlab
       end
 
       def user
-        JSON.parse(api.get("/api/1.0/user").body)
+        JSON.parse(get("/api/1.0/user").body)
       end
 
       def issues(project_identifier)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues").body)
       end
 
       def issue_comments(project_identifier, issue_id)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body)
       end
 
       def project(project_identifier)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}").body)
       end
 
       def find_deploy_key(project_identifier, key)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key|
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key|
           deploy_key["key"].chomp == key.chomp
         end
       end
@@ -82,11 +84,18 @@ module Gitlab
       end
 
       def projects
-        JSON.parse(api.get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" }
+        JSON.parse(get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" }
       end
 
       private
 
+      def get(url)
+        response = api.get(url)
+        raise Unauthorized if (400..499).include?(response.code.to_i)
+
+        response
+      end
+
       def config
         Gitlab.config.omniauth.providers.find { |provider| provider.name == "bitbucket"}
       end

lib/redcarpet/render/gitlab_html.rb

@@ -22,10 +22,10 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
     ERB::Util.html_escape_once(text)
   end
 
-  # Stolen from Rugments::Plugins::Redcarpet as this module is not required
-  # from Rugments's gem root.
+  # Stolen from Rouge::Plugins::Redcarpet as this module is not required
+  # from Rouge's gem root.
   def block_code(code, language)
-    lexer = Rugments::Lexer.find_fancy(language, code) || Rugments::Lexers::PlainText
+    lexer = Rouge::Lexer.find_fancy(language, code) || Rouge::Lexers::PlainText
 
     # XXX HACK: Redcarpet strips hard tabs out of code blocks,
     # so we assume you're not using leading spaces that aren't tabs,
@@ -34,7 +34,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
       code.gsub!(/^    /, "\t")
     end
 
-    formatter = Rugments::Formatters::HTML.new(
+    formatter = Rouge::Formatters::HTMLGitlab.new(
       cssclass: "code highlight #{@color_scheme} #{lexer.tag}"
     )
     formatter.format(lexer.lex(code))

lib/rouge/formatters/html_gitlab.rb

+require 'cgi'
+
+module Rouge
+  module Formatters
+    class HTMLGitlab < Rouge::Formatter
+      tag 'html_gitlab'
+
+      # Creates a new <tt>Rouge::Formatter::HTMLGitlab</tt> instance.
+      #
+      # [+nowrap+]          If set to True, don't wrap the output at all, not
+      #                     even inside a <tt><pre></tt> tag (default: false).
+      # [+cssclass+]        CSS class for the wrapping <tt><div></tt> tag
+      #                     (default: 'highlight').
+      # [+linenos+]         If set to 'table', output line numbers as a table
+      #                     with two cells, one containing the line numbers,
+      #                     the other the whole code. This is copy paste friendly,
+      #                     but may cause alignment problems with some browsers
+      #                     or fonts. If set to 'inline', the line numbers will
+      #                     be integrated in the <tt><pre></tt> tag that contains
+      #                     the code (default: nil).
+      # [+linenostart+]     The line number for the first line (default: 1).
+      # [+lineanchors+]     If set to true the formatter will wrap each output
+      #                     line in an anchor tag with a name of L-linenumber.
+      #                     This allows easy linking to certain lines
+      #                     (default: false).
+      # [+lineanchorsid+]   If lineanchors is true the name of the anchors can
+      #                     be changed with lineanchorsid to e.g. foo-linenumber
+      #                     (default: 'L').
+      # [+anchorlinenos+]   If set to true, will wrap line numbers in <tt><a></tt>
+      #                     tags. Used in combination with linenos and lineanchors
+      #                     (default: false).
+      # [+inline_theme+]    Inline CSS styles for the <pre> tag (default: false).
+      def initialize(
+          nowrap: false,
+          cssclass: 'highlight',
+          linenos: nil,
+          linenostart: 1,
+          lineanchors: false,
+          lineanchorsid: 'L',
+          anchorlinenos: false,
+          inline_theme: nil
+        )
+        @nowrap = nowrap
+        @cssclass = cssclass
+        @linenos = linenos
+        @linenostart = linenostart
+        @lineanchors = lineanchors
+        @lineanchorsid = lineanchorsid
+        @anchorlinenos = anchorlinenos
+        @inline_theme = Theme.find(@inline_theme).new if @inline_theme.is_a?(String)
+      end
+
+      def render(tokens)
+        case @linenos
+        when 'table'
+          render_tableized(tokens)
+        when 'inline'
+          render_untableized(tokens)
+        else
+          render_untableized(tokens)
+        end
+      end
+
+      alias_method :format, :render
+
+      private
+
+      def render_untableized(tokens)
+        data = process_tokens(tokens)
+
+        html = ''
+        html << "<pre class=\"#{@cssclass}\"><code>" unless @nowrap
+        html << wrap_lines(data[:code])
+        html << "</code></pre>\n" unless @nowrap
+        html
+      end
+
+      def render_tableized(tokens)
+        data = process_tokens(tokens)
+
+        html = ''
+        html << "<div class=\"#{@cssclass}\">" unless @nowrap
+        html << '<table><tbody>'
+        html << "<td class=\"linenos\"><pre>"
+        html << wrap_linenos(data[:numbers])
+        html << '</pre></td>'
+        html << "<td class=\"lines\"><pre><code>"
+        html << wrap_lines(data[:code])
+        html << '</code></pre></td>'
+        html << '</tbody></table>'
+        html << '</div>' unless @nowrap
+        html
+      end
+
+      def process_tokens(tokens)
+        num_lines = 0
+        last_val = ''
+        rendered = ''
+
+        tokens.each do |tok, val|
+          last_val = val
+          num_lines += val.scan(/\n/).size
+          rendered << span(tok, val)
+        end
+
+        numbers = (@linenostart..num_lines + @linenostart - 1).to_a
+
+        { numbers: numbers, code: rendered }
+      end
+
+      def wrap_linenos(numbers)
+        if @anchorlinenos
+          numbers.map! do |number|
+            "<a href=\"##{@lineanchorsid}#{number}\">#{number}</a>"
+          end
+        end
+        numbers.join("\n")
+      end
+
+      def wrap_lines(rendered)
+        if @lineanchors
+          lines = rendered.split("\n")
+          lines = lines.each_with_index.map do |line, index|
+            number = index + @linenostart
+
+            if @linenos == 'inline'
+              "<a name=\"L#{number}\"></a>" \
+              "<span class=\"linenos\">#{number}</span>" \
+              "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \
+              '</span>'
+            else
+              "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \
+              '</span>'
+            end
+          end
+          lines.join("\n")
+        else
+          if @linenos == 'inline'
+            lines = rendered.split("\n")
+            lines = lines.each_with_index.map do |line, index|
+              number = index + @linenostart
+              "<span class=\"linenos\">#{number}</span>#{line}"
+            end
+            lines.join("\n")
+          else
+            rendered
+          end
+        end
+      end
+
+      def span(tok, val)
+        # http://stackoverflow.com/a/1600584/2587286
+        val = CGI.escapeHTML(val)
+
+        if tok.shortname.empty?
+          val
+        else
+          if @inline_theme
+            rules = @inline_theme.style_for(tok).rendered_rules
+            "<span style=\"#{rules.to_a.join(';')}\">#{val}</span>"
+          else
+            "<span class=\"#{tok.shortname}\">#{val}</span>"
+          end
+        end
+      end
+    end
+  end
+end

lib/support/nginx/gitlab

@@ -38,6 +38,11 @@ upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }
 
+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Normal HTTP host
 server {
   ## Either remove "default_server" from the listen line below, 
@@ -109,6 +114,26 @@ server {
     proxy_pass http://gitlab;
   }
 
+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   # gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
   ## Enable gzip compression as per rails guide:
   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
   ## WARNING: If you are using relative urls remove the block below

lib/support/nginx/gitlab-ssl

@@ -42,6 +42,11 @@ upstream gitlab {
   server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }
 
+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Redirects all HTTP traffic to the HTTPS host
 server {
   ## Either remove "default_server" from the listen line below, 
@@ -156,6 +161,26 @@ server {
     proxy_pass http://gitlab;
   }
 
+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-Ssl     on;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
   ## Enable gzip compression as per rails guide:
   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
   ## WARNING: If you are using relative urls remove the block below

spec/features/security/group_access_spec.rb

@@ -36,7 +36,7 @@ describe 'Group access', feature: true do
     subject { group_path(group) }
 
     context 'with public projects' do
-      before(:all) { create_project(:public) }
+      let!(:project) { create_project(:public) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -48,7 +48,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with mixed projects' do
-      before(:all) { create_project(:mixed) }
+      let!(:project) { create_project(:mixed) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -60,7 +60,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with internal projects' do
-      before(:all) { create_project(:internal) }
+      let!(:project) { create_project(:internal) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -86,7 +86,7 @@ describe 'Group access', feature: true do
     subject { issues_group_path(group) }
 
     context 'with public projects' do
-      before(:all) { create_project(:public) }
+      let!(:project) { create_project(:public) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -98,7 +98,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with mixed projects' do
-      before(:all) { create_project(:mixed) }
+      let!(:project) { create_project(:mixed) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -110,7 +110,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with internal projects' do
-      before(:all) { create_project(:internal) }
+      let!(:project) { create_project(:internal) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -136,7 +136,7 @@ describe 'Group access', feature: true do
     subject { merge_requests_group_path(group) }
 
     context 'with public projects' do
-      before(:all) { create_project(:public) }
+      let!(:project) { create_project(:public) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -148,7 +148,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with mixed projects' do
-      before(:all) { create_project(:mixed) }
+      let!(:project) { create_project(:mixed) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -160,7 +160,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with internal projects' do
-      before(:all) { create_project(:internal) }
+      let!(:project) { create_project(:internal) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -186,7 +186,7 @@ describe 'Group access', feature: true do
     subject { group_group_members_path(group) }
 
     context 'with public projects' do
-      before(:all) { create_project(:public) }
+      let!(:project) { create_project(:public) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -198,7 +198,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with mixed projects' do
-      before(:all) { create_project(:mixed) }
+      let!(:project) { create_project(:mixed) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -210,7 +210,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with internal projects' do
-      before(:all) { create_project(:internal) }
+      let!(:project) { create_project(:internal) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_allowed_for group_member(:master) }
@@ -236,7 +236,7 @@ describe 'Group access', feature: true do
     subject { edit_group_path(group) }
 
     context 'with public projects' do
-      before(:all) { create_project(:public) }
+      let!(:project) { create_project(:public) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_denied_for group_member(:master) }
@@ -248,7 +248,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with mixed projects' do
-      before(:all) { create_project(:mixed) }
+      let!(:project) { create_project(:mixed) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_denied_for group_member(:master) }
@@ -260,7 +260,7 @@ describe 'Group access', feature: true do
     end
 
     context 'with internal projects' do
-      before(:all) { create_project(:internal) }
+      let!(:project) { create_project(:internal) }
 
       it { is_expected.to be_allowed_for group_member(:owner) }
       it { is_expected.to be_denied_for group_member(:master) }