Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-06-20

CONTRIBUTING.md

@@ -30,7 +30,7 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._
     - [Type labels](#type-labels)
     - [Subject labels](#subject-labels)
     - [Team labels](#team-labels)
-    - [Milestone labels](#milestone-labels)
+    - [Release Scoping labels](#release-scoping-labels)
     - [Bug Priority labels](#bug-priority-labels)
     - [Bug Severity labels](#bug-severity-labels)
         - [Severity impact guidance](#severity-impact-guidance)
@@ -134,7 +134,7 @@ Most issues will have labels for at least one of the following:
 - Type: ~"feature proposal", ~bug, ~customer, etc.
 - Subject: ~wiki, ~"container registry", ~ldap, ~api, ~frontend, etc.
 - Team: ~"CI/CD", ~Discussion, ~Quality, ~Platform, etc.
-- Milestone: ~Deliverable, ~Stretch, ~"Next Patch Release"
+- Release Scoping: ~Deliverable, ~Stretch, ~"Next Patch Release"
 - Priority: ~P1, ~P2, ~P3, ~P4
 - Severity: ~S1, ~S2, ~S3, ~S4
 
@@ -208,10 +208,10 @@ indicate if an issue needs backend work, frontend work, or both.
 Team labels are always capitalized so that they show up as the first label for
 any issue.
 
-### Milestone labels
+### Release Scoping labels
 
-Milestone labels help us clearly communicate expectations of the work for the
-release. There are three levels of Milestone labels:
+Release Scoping labels help us clearly communicate expectations of the work for the
+release. There are three levels of Release Scoping labels:
 
 - ~Deliverable: Issues that are expected to be delivered in the current
   milestone.

Gemfile.lock

@@ -832,7 +832,7 @@ GEM
     rubyzip (1.2.1)
     rufus-scheduler (3.4.0)
       et-orbi (~> 1.0)
-    rugged (0.27.1)
+    rugged (0.27.2)
     safe_yaml (1.0.4)
     sanitize (2.1.0)
       nokogiri (>= 1.4.4)

app/assets/stylesheets/bootstrap_migration.scss

@@ -89,11 +89,6 @@ a {
   color: $gl-link-color;
 }
 
-a:not(.btn):focus,
-a:not(.btn):active {
-  text-decoration: underline;
-}
-
 hr {
   overflow: hidden;
 }

app/assets/stylesheets/framework/contextual_sidebar.scss

@@ -193,7 +193,6 @@
       &:focus {
         background: $link-active-background;
         color: $gl-text-color;
-        text-decoration: none;
       }
     }
 

app/models/repository.rb

@@ -899,7 +899,7 @@ class Repository
     @root_ref_sha ||= commit(root_ref).sha
   end
 
-  delegate :merged_branch_names, :can_be_merged?, to: :raw_repository
+  delegate :merged_branch_names, to: :raw_repository
 
   def merge_base(first_commit_id, second_commit_id)
     first_commit_id = commit(first_commit_id).try(:id) || first_commit_id

app/policies/project_policy.rb

@@ -298,6 +298,7 @@ class ProjectPolicy < BasePolicy
     prevent(*create_read_update_admin_destroy(:build))
     prevent(*create_read_update_admin_destroy(:pipeline_schedule))
     prevent(*create_read_update_admin_destroy(:environment))
+    prevent(*create_read_update_admin_destroy(:cluster))
     prevent(*create_read_update_admin_destroy(:deployment))
   end
 

changelogs/unreleased/47631-operations-kubernetes-option-is-always-visible-when-repository-or-builds-are-disabled.yml

+---
+title: Omits operartions and kubernetes item from project sidebar when repository or builds are disabled
+merge_request: 19835
+author:
+type: fixed

changelogs/unreleased/blackst0ne-rails5-found-new-routes-that-could-cause-conflicts-with-existing-namespaced-routes.yml

+---
+title: "[Rails5] Fix ActionCable '/cable' mountpoint conflict"
+merge_request: 20015
+author: "@blackst0ne"
+type: fixed

changelogs/unreleased/fix-favicon-cross-origin.yml

+---
+title: Serve favicon image always from the main GitLab domain to avoid issues with CORS
+merge_request: 19810
+author: Alexis Reigel
+type: fixed

changelogs/unreleased/sh-bump-rugged-0-27-2.yml

+---
+title: Bump rugged to 0.27.2
+merge_request:
+author:
+type: fixed

config/application.rb

@@ -71,6 +71,13 @@ module Gitlab
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
+    # ActionCable mount point.
+    # The default Rails' mount point is `/cable` which may conflict with existing
+    # namespaces/users.
+    # https://github.com/rails/rails/blob/5-0-stable/actioncable/lib/action_cable.rb#L38
+    # Please change this value when configuring ActionCable for real usage.
+    config.action_cable.mount_path = "-" if rails5?
+
     # Configure sensitive parameters which will be filtered from the log file.
     #
     # Parameters filtered:

doc/api/members.md

@@ -173,3 +173,7 @@ DELETE /projects/:id/members/:user_id
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/:id/members/:user_id
 curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/:id/members/:user_id
 ```
+
+## Give a group access to a project
+
+Look at [share project with group](projects.md#share-project-with-group)

doc/api/projects.md

@@ -1225,7 +1225,7 @@ POST /projects/:id/share
 | --------- | ---- | -------- | ----------- |
 | `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
 | `group_id` | integer | yes | The ID of the group to share with |
-| `group_access` | integer | yes | The permissions level to grant the group |
+| `group_access` | integer | yes | The [permissions level](members.md) to grant the group |
 | `expires_at` | string | no | Share expiration date in ISO 8601 format: 2016-09-26 |
 
 ## Delete a shared project link within a group

lib/gitlab/favicon.rb

@@ -2,10 +2,10 @@ module Gitlab
   class Favicon
     class << self
       def main
-        return appearance_favicon.url if appearance_favicon.exists?
-
         image_name =
-          if Gitlab::Utils.to_boolean(ENV['CANARY'])
+          if appearance_favicon.exists?
+            appearance_favicon.url
+          elsif Gitlab::Utils.to_boolean(ENV['CANARY'])
             'favicon-yellow.png'
           elsif Rails.env.development?
             'favicon-green.png'
@@ -13,7 +13,7 @@ module Gitlab
             'favicon.png'
           end
 
-        ActionController::Base.helpers.image_path(image_name)
+        ActionController::Base.helpers.image_path(image_name, host: host)
       end
 
       def status_overlay(status_name)
@@ -22,7 +22,7 @@ module Gitlab
           "#{status_name}.png"
         )
 
-        ActionController::Base.helpers.image_path(path)
+        ActionController::Base.helpers.image_path(path, host: host)
       end
 
       def available_status_names
@@ -35,6 +35,16 @@ module Gitlab
 
       private
 
+      # we only want to create full urls when there's a different asset_host
+      # configured.
+      def host
+        if Gitlab::Application.config.asset_host.nil? || Gitlab::Application.config.asset_host == Gitlab.config.gitlab.base_url
+          nil
+        else
+          Gitlab.config.gitlab.base_url
+        end
+      end
+
       def appearance
         RequestStore.store[:appearance] ||= (Appearance.current || Appearance.new)
       end

lib/gitlab/git/repository.rb

@@ -1417,13 +1417,8 @@ module Gitlab
       end
 
       def can_be_merged?(source_sha, target_branch)
-        gitaly_migrate(:can_be_merged) do |is_enabled|
-          if is_enabled
-            gitaly_can_be_merged?(source_sha, find_branch(target_branch, true).target)
-          else
-            rugged_can_be_merged?(source_sha, target_branch)
-          end
-        end
+        target_sha = find_branch(target_branch, true).target
+        !gitaly_conflicts_client(source_sha, target_sha).conflicts?
       end
 
       def search_files_by_name(query, ref)
@@ -2246,14 +2241,6 @@ module Gitlab
         run_git(['fetch', remote_name], env: env).last.zero?
       end
 
-      def gitaly_can_be_merged?(their_commit, our_commit)
-        !gitaly_conflicts_client(our_commit, their_commit).conflicts?
-      end
-
-      def rugged_can_be_merged?(their_commit, our_commit)
-        !rugged.merge_commits(our_commit, their_commit).conflicts?
-      end
-
       def gitlab_projects_error
         raise CommandError, @gitlab_projects.output
       end

lib/tasks/gettext.rake

@@ -53,25 +53,34 @@ namespace :gettext do
   task :updated_check do
     # Removing all pre-translated files speeds up `gettext:find` as the
     # files don't need to be merged.
-    `rm locale/*/gitlab.po`
+    # Having `LC_MESSAGES/gitlab.mo files present also confuses the output.
+    FileUtils.rm Dir['locale/**/gitlab.*']
+
+    # Make sure we start out with a clean pot.file
+    `git checkout -- locale/gitlab.pot`
 
     # `gettext:find` writes touches to temp files to `stderr` which would cause
-    # `static-analysis` to report failures. We can ignore these
-    silence_stream(STDERR) { Rake::Task['gettext:find'].invoke }
+    # `static-analysis` to report failures. We can ignore these.
+    silence_stream($stderr) do
+      Rake::Task['gettext:find'].invoke
+    end
 
-    changed_files = `git diff --name-only`.lines.map(&:strip)
+    pot_diff = `git diff -- locale/gitlab.pot`.strip
 
     # reset the locale folder for potential next tasks
     `git checkout -- locale`
 
-    if changed_files.include?('locale/gitlab.pot')
+    if pot_diff.present?
       raise <<~MSG
         Newly translated strings found, please add them to `gitlab.pot` by running:
 
-          bundle exec rake gettext:find; git checkout -- locale/*/gitlab.po;
+          rm locale/**/gitlab.*; bin/rake gettext:find; git checkout -- locale/*/gitlab.po
 
         Then commit and push the resulting changes to `locale/gitlab.pot`.
 
+        The diff was:
+
+        #{pot_diff}
       MSG
     end
   end

lib/tasks/lint.rake

@@ -17,13 +17,22 @@ unless Rails.env.production?
       Rake::Task['eslint'].invoke
     end
 
+    desc "GitLab | lint | Lint HAML files"
+    task :haml do
+      begin
+        Rake::Task['haml_lint'].invoke
+      rescue RuntimeError # The haml_lint tasks raise a RuntimeError
+        exit(1)
+      end
+    end
+
     desc "GitLab | lint | Run several lint checks"
     task :all do
       status = 0
 
       %w[
         config_lint
-        haml_lint
+        lint:haml
         scss_lint
         flay
         gettext:lint
@@ -39,13 +48,12 @@ unless Rails.env.production?
           $stderr.reopen(wr_err)
 
           begin
-            begin
-              Rake::Task[task].invoke
-            rescue RuntimeError # The haml_lint tasks raise a RuntimeError
-              exit(1)
-            end
+            Rake::Task[task].invoke
           rescue SystemExit => ex
-            msg = "*** Rake task #{task} failed with the following error(s):"
+            msg = "*** Rake task #{task} exited:"
+            raise ex
+          rescue => ex
+            msg = "*** Rake task #{task} raised #{ex.class}:"
             raise ex
           ensure
             $stdout.reopen(stdout)

spec/lib/gitlab/favicon_spec.rb

@@ -21,6 +21,21 @@ RSpec.describe Gitlab::Favicon, :request_store do
       create :appearance, favicon: fixture_file_upload('spec/fixtures/dk.png')
       expect(described_class.main).to match %r{/uploads/-/system/appearance/favicon/\d+/dk.png}
     end
+
+    context 'asset host' do
+      before do
+        allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production'))
+      end
+
+      it 'returns a relative url when the asset host is not configured' do
+        expect(described_class.main).to match %r{^/assets/favicon-(?:\h+).png$}
+      end
+
+      it 'returns a full url when the asset host is configured' do
+        allow(Gitlab::Application.config).to receive(:asset_host).and_return('http://assets.local')
+        expect(described_class.main).to match %r{^http://localhost/assets/favicon-(?:\h+).png$}
+      end
+    end
   end
 
   describe '.status_overlay' do

spec/models/repository_spec.rb

@@ -434,44 +434,34 @@ describe Repository do
   end
 
   describe '#can_be_merged?' do
-    shared_examples 'can be merged' do
-      context 'mergeable branches' do
-        subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }
+    context 'mergeable branches' do
+      subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }
 
-        it { is_expected.to be_truthy }
-      end
-
-      context 'non-mergeable branches without conflict sides missing' do
-        subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }
-
-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_truthy }
+    end
 
-      context 'non-mergeable branches with conflict sides missing' do
-        subject { repository.can_be_merged?('conflict-missing-side', 'conflict-start') }
+    context 'non-mergeable branches without conflict sides missing' do
+      subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }
 
-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_falsey }
+    end
 
-      context 'non merged branch' do
-        subject { repository.merged_to_root_ref?('fix') }
+    context 'non-mergeable branches with conflict sides missing' do
+      subject { repository.can_be_merged?('conflict-missing-side', 'conflict-start') }
 
-        it { is_expected.to be_falsey }
-      end
+      it { is_expected.to be_falsey }
+    end
 
-      context 'non existent branch' do
-        subject { repository.merged_to_root_ref?('non_existent_branch') }
+    context 'non merged branch' do
+      subject { repository.merged_to_root_ref?('fix') }
 
-        it { is_expected.to be_nil }
-      end
+      it { is_expected.to be_falsey }
     end
 
-    context 'when Gitaly can_be_merged feature is enabled' do
-      it_behaves_like 'can be merged'
-    end
+    context 'non existent branch' do
+      subject { repository.merged_to_root_ref?('non_existent_branch') }
 
-    context 'when Gitaly can_be_merged feature is disabled', :disable_gitaly do
-      it_behaves_like 'can be merged'
+      it { is_expected.to be_nil }
     end
   end
 

spec/policies/project_policy_spec.rb

@@ -151,6 +151,44 @@ describe ProjectPolicy do
     end
   end
 
+  context 'builds feature' do
+    subject { described_class.new(owner, project) }
+
+    it 'disallows all permissions when the feature is disabled' do
+      project.project_feature.update(builds_access_level: ProjectFeature::DISABLED)
+
+      builds_permissions = [
+        :create_pipeline, :update_pipeline, :admin_pipeline, :destroy_pipeline,
+        :create_build, :read_build, :update_build, :admin_build, :destroy_build,
+        :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
+        :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
+        :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster,
+        :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment
+      ]
+
+      expect_disallowed(*builds_permissions)
+    end
+  end
+
+  context 'repository feature' do
+    subject { described_class.new(owner, project) }
+
+    it 'disallows all permissions when the feature is disabled' do
+      project.project_feature.update(repository_access_level: ProjectFeature::DISABLED)
+
+      repository_permissions = [
+        :create_pipeline, :update_pipeline, :admin_pipeline, :destroy_pipeline,
+        :create_build, :read_build, :update_build, :admin_build, :destroy_build,
+        :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
+        :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
+        :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster,
+        :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment
+      ]
+
+      expect_disallowed(*repository_permissions)
+    end
+  end
+
   shared_examples 'archived project policies' do
     let(:feature_write_abilities) do
       described_class::READONLY_FEATURES_WHEN_ARCHIVED.flat_map do |feature|