Merge 4009-external-users into issue_12658

44c12744 · Felipe Artur · ec20fdf3 · 59064aee · 44c12744 · 44c12744
Commit 44c12744 authored Mar 16, 2016 by Felipe Artur
342 changed files
--- a/.csscomb.json
+++ b/.csscomb.json
+{
+    "always-semicolon": true,
+    "color-case": "lower",
+    "block-indent": "  ",
+    "color-shorthand": true,
+    "element-case": "lower",
+    "space-before-colon": "",
+    "space-after-colon": " ",
+    "space-before-combinator": " ",
+    "space-after-combinator": " ",
+    "space-between-declarations": "\n",
+    "space-before-opening-brace": " ",
+    "space-after-opening-brace": "\n",
+    "space-before-closing-brace": "\n",
+    "unitless-zero": true
+}
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@
 .sass-cache/
 .secret
 .vagrant
+.byebug_history
 Vagrantfile
 backups/*
 config/aws.yml

--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -71,15 +71,6 @@ spec:services:
    - ruby
    - mysql

-spec:benchmark:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake spec:benchmark
-  tags:
-    - ruby
-    - mysql
-  allow_failure: true
-
 spec:other:
  stage: test
  script:
@@ -131,6 +122,14 @@ rubocop:
    - ruby
    - mysql

+scss-lint:
+  stage: test
+  script:
+    - bundle exec rake scss_lint
+  tags:
+    - ruby
+  allow_failure: true
+
 brakeman:
  stage: test
  script:
@@ -157,13 +156,14 @@ flay:

 bundler:audit:
  stage: test
+  only:
+    - master
  script:
    - "bundle exec bundle-audit update"
-    - "bundle exec bundle-audit check"
+    - "bundle exec bundle-audit check --ignore OSVDB-115941"
  tags:
    - ruby
    - mysql
-  allow_failure: true

 # Ruby 2.2 jobs

@@ -171,7 +171,7 @@ spec:feature:ruby22:
  stage: test
  image: ruby:2.2
  only:
-  - master
+    - master
  script:
    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:feature
@@ -243,22 +243,6 @@ spec:services:ruby22:
    - ruby
    - mysql

-spec:benchmark:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test bundle exec rake spec:benchmark
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-  tags:
-    - ruby
-    - mysql
-  allow_failure: true
-
 spec:other:ruby22:
  stage: test
  image: ruby:2.2
@@ -332,4 +316,4 @@ notify:slack:
    - master@gitlab-org/gitlab-ce
    - tags@gitlab-org/gitlab-ce
    - master@gitlab-org/gitlab-ee
-    - tags@gitlab-org/gitlab-ee
\ No newline at end of file
+    - tags@gitlab-org/gitlab-ee
--- a/.scss-lint.yml
+++ b/.scss-lint.yml
+# Linter Documentation:
+# https://github.com/brigade/scss-lint/blob/master/lib/scss_lint/linter/README.md
+
+scss_files: 'app/assets/stylesheets/**/*.scss'
+
+exclude:
+  - 'app/assets/stylesheets/pages/emojis.scss'
+
+linters:
+  BangFormat:
+    enabled: false
+  
+  BorderZero:
+    enabled: false
+  
+  ColorKeyword:
+    enabled: false
+  
+  ColorVariable:
+    enabled: false
+  
+  Comment:
+    enabled: false
+  
+  DeclarationOrder:
+    enabled: false
+
+  # `scss-lint:disable` control comments should be preceded by a comment
+  # explaining why these linters are being disabled for this file.
+  # See https://github.com/brigade/scss-lint#disabling-linters-via-source for
+  # more information.
+  DisableLinterReason:
+    enabled: true
+  
+  DuplicateProperty:
+    enabled: false
+  
+  EmptyLineBetweenBlocks:
+    enabled: false
+  
+  EmptyRule:
+    enabled: false
+  
+  FinalNewline:
+    enabled: false
+  
+  # HEX colors should use three-character values where possible.
+  HexLength:
+    enabled: true
+  
+  # HEX color values should use lower-case colors to differentiate between
+  # letters and numbers, e.g. `#E3E3E3` vs. `#e3e3e3`.
+  HexNotation:
+    enabled: true
+  
+  IdSelector:
+    enabled: false
+  
+  ImportPath:
+    enabled: false
+  
+  ImportantRule:
+    enabled: false
+  
+  # Indentation should always be done in increments of 2 spaces.
+  Indentation:
+    enabled: true
+    width: 2
+  
+  LeadingZero:
+    enabled: false
+  
+  MergeableSelector:
+    enabled: false
+  
+  NameFormat:
+    enabled: false
+  
+  NestingDepth:
+    enabled: false
+
+  PlaceholderInExtend:
+    enabled: false
+
+  PropertySortOrder:
+    enabled: false
+  
+  PropertySpelling:
+    enabled: false
+  
+  PseudoElement:
+    enabled: false
+  
+  QualifyingElement:
+    enabled: false
+  
+  SelectorDepth:
+    enabled: false
+  
+  # Selectors should always use hyphenated-lowercase, rather than camelCase or
+  # snake_case.
+  SelectorFormat:
+    enabled: true
+    convention: hyphenated_lowercase
+  
+  # Prefer the shortest shorthand form possible for properties that support it.
+  Shorthand:
+    enabled: true
+  
+  # Each property should have its own line, except in the special case of
+  # single line rulesets.
+  SingleLinePerProperty:
+    enabled: true
+    allow_single_line_rule_sets: true
+
+  SingleLinePerSelector:
+    enabled: false
+  
+  SpaceAfterComma:
+    enabled: false
+  
+  # Properties should be formatted with a single space separating the colon
+  # from the property's value.
+  SpaceAfterPropertyColon:
+    enabled: true
+
+  # Properties should be formatted with no space between the name and the
+  # colon.
+  SpaceAfterPropertyName:
+    enabled: true
+  
+  SpaceAroundOperator:
+    enabled: false
+  
+  SpaceBeforeBrace:
+    enabled: false
+  
+  StringQuotes:
+    enabled: false
+
+  TrailingSemicolon:
+    enabled: false
+
+  TrailingWhitespace:
+    enabled: false
+
+  UnnecessaryMantissa:
+    enabled: false
+
+  UnnecessaryParentReference:
+    enabled: false
+
+  VendorPrefix:
+    enabled: false
+
+  # Omit length units on zero values, e.g. `0px` vs. `0`.
+  ZeroUnit:
+    enabled: true
--- a/CHANGELOG
+++ b/CHANGELOG
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -427,6 +427,7 @@ merge request:
 1.  [Rails](https://github.com/bbatsov/rails-style-guide)
 1.  [Testing](https://github.com/thoughtbot/guides/tree/master/style/testing)
 1.  [CoffeeScript](https://github.com/thoughtbot/guides/tree/master/style/coffeescript)
+1.  [SCSS styleguide][scss-styleguide]
 1.  [Shell commands](doc/development/shell_commands.md) created by GitLab
    contributors to enhance security
 1.  [Database Migrations](doc/development/migration_style_guide.md)
@@ -494,6 +495,7 @@ available at [http://contributor-covenant.org/version/1/1/0/](http://contributor
 [rss-source]: https://github.com/bbatsov/ruby-style-guide/blob/master/README.md#source-code-layout
 [rss-naming]: https://github.com/bbatsov/ruby-style-guide/blob/master/README.md#naming
 [doc-styleguide]: doc/development/doc_styleguide.md "Documentation styleguide"
+[scss-styleguide]: doc/development/scss_styleguide.md "SCSS styleguide"
 [gitlab-design]: https://gitlab.com/gitlab-org/gitlab-design
 [free Antetype viewer (Mac OSX only)]: https://itunes.apple.com/us/app/antetype-viewer/id824152298?mt=12
 [`gitlab1.atype` file]: https://gitlab.com/gitlab-org/gitlab-design/tree/master/gitlab1.atype/

--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
-2.6.10
+2.6.11
--- a/Gemfile
+++ b/Gemfile
@@ -30,7 +30,7 @@ gem 'omniauth-github',        '~> 1.1.1'
 gem 'omniauth-gitlab',        '~> 1.0.0'
 gem 'omniauth-google-oauth2', '~> 0.2.0'
 gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
-gem 'omniauth-saml',          '~> 1.4.2'
+gem 'omniauth-saml',          '~> 1.5.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
@@ -77,9 +77,6 @@ gem "haml-rails", '~> 0.9.0'
 # Files attachments
 gem "carrierwave", '~> 0.10.0'

-# Image editing
-gem "mini_magick", '~> 4.4.0'
-
 # Drag and Drop UI
 gem 'dropzonejs-rails', '~> 0.7.1'

@@ -273,7 +270,7 @@ group :development, :test do
  # Generate Fake data
  gem 'ffaker', '~> 2.0.0'

-  gem 'capybara',            '~> 2.4.0'
+  gem 'capybara',            '~> 2.6.2'
  gem 'capybara-screenshot', '~> 1.0.0'
  gem 'poltergeist',         '~> 1.9.0'

@@ -286,6 +283,7 @@ group :development, :test do
  gem 'spring-commands-teaspoon', '~> 0.0.2'

  gem 'rubocop', '~> 0.35.0', require: false
+  gem 'scss_lint', '~> 0.47.0', require: false
  gem 'coveralls',  '~> 0.8.2', require: false
  gem 'simplecov', '~> 0.10.0', require: false
  gem 'flog', require: false

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -108,7 +108,8 @@ GEM
      thor (~> 0.18)
    byebug (8.2.1)
    cal-heatmap-rails (3.5.1)
-    capybara (2.4.4)
+    capybara (2.6.2)
+      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
@@ -358,7 +359,7 @@ GEM
      posix-spawn (~> 0.3)
    gitlab_emoji (0.3.1)
      gemojione (~> 2.2, >= 2.2.1)
-    gitlab_git (9.0.0)
+    gitlab_git (9.0.3)
      activesupport (~> 4.0)
      charlock_holmes (~> 0.7.3)
      github-linguist (~> 4.7.0)
@@ -468,7 +469,6 @@ GEM
    method_source (0.8.2)
    mime-types (1.25.1)
    mimemagic (0.3.0)
-    mini_magick (4.4.0)
    mini_portile2 (2.0.0)
    minitest (5.7.0)
    mousetrap-rails (1.4.6)
@@ -532,8 +532,8 @@ GEM
    omniauth-oauth2 (1.3.1)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)
-    omniauth-saml (1.4.2)
-      omniauth (~> 1.1)
+    omniauth-saml (1.5.0)
+      omniauth (~> 1.3)
      ruby-saml (~> 1.1, >= 1.1.1)
    omniauth-shibboleth (1.2.1)
      omniauth (>= 1.0.0)
@@ -692,7 +692,7 @@ GEM
    ruby-fogbugz (0.2.1)
      crack (~> 0.4)
    ruby-progressbar (1.7.5)
-    ruby-saml (1.1.1)
+    ruby-saml (1.1.2)
      nokogiri (>= 1.5.10)
      uuid (~> 2.3)
    ruby2ruby (2.2.0)
@@ -717,6 +717,9 @@ GEM
    sawyer (0.6.0)
      addressable (~> 2.3.5)
      faraday (~> 0.8, < 0.10)
+    scss_lint (0.47.1)
+      rake (>= 0.9, < 11)
+      sass (~> 3.4.15)
    sdoc (0.3.20)
      json (>= 1.1.3)
      rdoc (~> 3.10)
@@ -901,7 +904,7 @@ DEPENDENCIES
  bundler-audit
  byebug
  cal-heatmap-rails (~> 3.5.0)
-  capybara (~> 2.4.0)
+  capybara (~> 2.6.2)
  capybara-screenshot (~> 1.0.0)
  carrierwave (~> 0.10.0)
  charlock_holmes (~> 0.7.3)
@@ -956,7 +959,6 @@ DEPENDENCIES
  loofah (~> 2.0.3)
  mail_room (~> 0.6.1)
  method_source (~> 0.8)
-  mini_magick (~> 4.4.0)
  minitest (~> 5.7.0)
  mousetrap-rails (~> 1.4.6)
  mysql2 (~> 0.3.16)
@@ -975,7 +977,7 @@ DEPENDENCIES
  omniauth-gitlab (~> 1.0.0)
  omniauth-google-oauth2 (~> 0.2.0)
  omniauth-kerberos (~> 0.3.0)
-  omniauth-saml (~> 1.4.2)
+  omniauth-saml (~> 1.5.0)
  omniauth-shibboleth (~> 1.2.0)
  omniauth-twitter (~> 1.2.0)
  omniauth_crowd (~> 2.2.0)
@@ -1008,6 +1010,7 @@ DEPENDENCIES
  ruby-fogbugz (~> 0.2.1)
  sanitize (~> 2.0)
  sass-rails (~> 5.0.0)
+  scss_lint (~> 0.47.0)
  sdoc (~> 0.3.20)
  seed-fu (~> 2.3.5)
  select2-rails (~> 3.5.9)
@@ -1046,6 +1049,3 @@ DEPENDENCIES
  web-console (~> 2.0)
  webmock (~> 1.21.0)
  wikicloth (= 0.8.1)
-
-BUNDLED WITH
-   1.11.2
--- a/app/assets/javascripts/api.js.coffee
+++ b/app/assets/javascripts/api.js.coffee
@@ -4,6 +4,7 @@
  namespaces_path: "/api/:version/namespaces.json"
  group_projects_path: "/api/:version/groups/:id/projects.json"
  projects_path: "/api/:version/projects.json"
+  labels_path: "/api/:version/projects/:id/labels"

  group: (group_id, callback) ->
    url = Api.buildUrl(Api.group_path)
@@ -61,6 +62,19 @@
    ).done (projects) ->
      callback(projects)

+  newLabel: (project_id, data, callback) ->
+    url = Api.buildUrl(Api.labels_path)
+    url = url.replace(':id', project_id)
+
+    data.private_token = gon.api_token
+    $.ajax(
+      url: url
+      type: "POST"
+      data: data
+      dataType: "json"
+    ).done (label) ->
+      callback(label)
+
  # Return group projects list. Filtered by query
  groupProjects: (group_id, query, callback) ->
    url = Api.buildUrl(Api.group_projects_path)

--- a/app/assets/javascripts/application.js.coffee
+++ b/app/assets/javascripts/application.js.coffee
@@ -42,7 +42,6 @@
 #= require jquery.nicescroll
 #= require_tree .
 #= require fuzzaldrin-plus
-#= require cropper.js

 window.slugify = (text) ->
  text.replace(/[^-a-zA-Z0-9]+/g, '_').toLowerCase()
@@ -108,6 +107,8 @@ window.onload = ->
    setTimeout shiftWindow, 100

 $ ->
+  bootstrapBreakpoint = bp.getBreakpointSize()
+
  $(".nicescroll").niceScroll(cursoropacitymax: '0.4', cursorcolor: '#FFF', cursorborder: "1px solid #FFF")

  # Click a .js-select-on-focus field, select the contents
@@ -220,17 +221,17 @@ $ ->
    .off 'breakpoint:change'
    .on 'breakpoint:change', (e, breakpoint) ->
      if breakpoint is 'sm' or breakpoint is 'xs'
-        $gutterIcon = $('aside .gutter-toggle').find('i')
+        $gutterIcon = $('.js-sidebar-toggle').find('i')
        if $gutterIcon.hasClass('fa-angle-double-right')
          $gutterIcon.closest('a').trigger('click')

  $(document)
-    .off 'click', 'aside .gutter-toggle'
-    .on 'click', 'aside .gutter-toggle', (e, triggered) ->
+    .off 'click', '.js-sidebar-toggle'
+    .on 'click', '.js-sidebar-toggle', (e, triggered) ->
      e.preventDefault()
      $this = $(this)
      $thisIcon = $this.find 'i'
-      $allGutterToggleIcons = $('.gutter-toggle i')
+      $allGutterToggleIcons = $('.js-sidebar-toggle i')
      if $thisIcon.hasClass('fa-angle-double-right')
        $allGutterToggleIcons
          .removeClass('fa-angle-double-right')
@@ -256,35 +257,14 @@ $ ->
          $('.right-sidebar')
            .hasClass('right-sidebar-collapsed'), { path: '/' })

-  bootstrapBreakpoint = undefined;
-  checkBootstrapBreakpoints = ->
-    if $('.device-xs').is(':visible')
-      bootstrapBreakpoint = "xs"
-    else if $('.device-sm').is(':visible')
-      bootstrapBreakpoint = "sm"
-    else if $('.device-md').is(':visible')
-      bootstrapBreakpoint = "md"
-    else if $('.device-lg').is(':visible')
-      bootstrapBreakpoint = "lg"
-
-  setBootstrapBreakpoints = ->
-    if $('.device-xs').length
-      return
-
-    $("body")
-      .append('<div class="device-xs visible-xs"></div>'+
-        '<div class="device-sm visible-sm"></div>'+
-        '<div class="device-md visible-md"></div>'+
-        '<div class="device-lg visible-lg"></div>')
-    checkBootstrapBreakpoints()
-
  fitSidebarForSize = ->
    oldBootstrapBreakpoint = bootstrapBreakpoint
-    checkBootstrapBreakpoints()
+    bootstrapBreakpoint = bp.getBreakpointSize()
    if bootstrapBreakpoint != oldBootstrapBreakpoint
      $(document).trigger('breakpoint:change', [bootstrapBreakpoint])

  checkInitialSidebarSize = ->
+    bootstrapBreakpoint = bp.getBreakpointSize()
    if bootstrapBreakpoint is "xs" or "sm"
      $(document).trigger('breakpoint:change', [bootstrapBreakpoint])

@@ -293,6 +273,5 @@ $ ->
    .on "resize", (e) ->
      fitSidebarForSize()

-  setBootstrapBreakpoints()
  checkInitialSidebarSize()
  new Aside()
--- a/app/assets/javascripts/awards_handler.coffee
+++ b/app/assets/javascripts/awards_handler.coffee
 class @AwardsHandler
  constructor: (@post_emoji_url, @noteable_type, @noteable_id, @aliases) ->
-    $(".add-award").click (event) =>
+    $(".js-add-award").on "click", (event) =>
      event.stopPropagation()
      event.preventDefault()

@@ -9,27 +9,46 @@ class @AwardsHandler
    $("html").on 'click', (event) ->
      if !$(event.target).closest(".emoji-menu").length
        if $(".emoji-menu").is(":visible")
-          $(".emoji-menu").hide()
+          $(".emoji-menu").removeClass "is-visible"
+
+    $(".awards")
+      .off "click"
+      .on "click", ".js-emoji-btn", @handleClick

    @renderFrequentlyUsedBlock()
-    @setupSearch()
+
+  handleClick: (e) ->
+    e.preventDefault()
+    emoji = $(this)
+      .find(".icon")
+      .data "emoji"
+    awards_handler.addAward emoji

  showEmojiMenu: ->
    if $(".emoji-menu").length
-      $(".emoji-menu").show()
-      $("#emoji_search").focus()
-    else
-      $.get "/emojis", (response) ->
-        $(".add-award").after response
-        $(".emoji-menu").show()
+      if $(".emoji-menu").is ".is-visible"
+        $(".emoji-menu").removeClass "is-visible"
+        $("#emoji_search").blur()
+      else
+        $(".emoji-menu").addClass "is-visible"
        $("#emoji_search").focus()
+    else
+      $('.js-add-award').addClass "is-loading"
+      $.get "/emojis", (response) =>
+        $('.js-add-award').removeClass "is-loading"
+        $(".js-award-holder").append response
+        setTimeout =>
+          $(".emoji-menu").addClass "is-visible"
+          $("#emoji_search").focus()
+          @setupSearch()
+        , 200

  addAward: (emoji) ->
    emoji = @normilizeEmojiName(emoji)
    @postEmoji emoji, =>
      @addAwardToEmojiBar(emoji)

-    $(".emoji-menu").hide()
+    $(".emoji-menu").removeClass "is-visible"

  addAwardToEmojiBar: (emoji) ->
    @addEmojiToFrequentlyUsedList(emoji)
@@ -39,7 +58,7 @@ class @AwardsHandler
      if @isActive(emoji)
        @decrementCounter(emoji)
      else
-        counter = @findEmojiIcon(emoji).siblings(".counter")
+        counter = @findEmojiIcon(emoji).siblings(".js-counter")
        counter.text(parseInt(counter.text()) + 1)
        counter.parent().addClass("active")
        @addMeToAuthorList(emoji)
@@ -53,7 +72,7 @@ class @AwardsHandler
    @findEmojiIcon(emoji).parent().hasClass("active")

  decrementCounter: (emoji) ->
-    counter = @findEmojiIcon(emoji).siblings(".counter")
+    counter = @findEmojiIcon(emoji).siblings(".js-counter")
    emojiIcon = counter.parent()
    if parseInt(counter.text()) > 1
      counter.text(parseInt(counter.text()) - 1)
@@ -70,9 +89,13 @@ class @AwardsHandler

  removeMeFromAuthorList: (emoji) ->
    award_block = @findEmojiIcon(emoji).parent()
-    authors = award_block.attr("data-original-title").split(", ")
+    authors = award_block
+      .attr("data-original-title")
+      .split(", ")
    authors.splice(authors.indexOf("me"),1)
-    award_block.closest(".award").attr("data-original-title", authors.join(", "))
+    award_block
+      .closest(".js-emoji-btn")
+      .attr("data-original-title", authors.join(", "))
    @resetTooltip(award_block)

  addMeToAuthorList: (emoji) ->
@@ -98,14 +121,18 @@ class @AwardsHandler
    emojiCssClass = @resolveNameToCssClass(emoji)

    nodes = []
-    nodes.push("<div class='award active' title='me'>")
-    nodes.push("<div class='icon emoji-icon #{emojiCssClass}' data-emoji='#{emoji}'></div>")
-    nodes.push("<div class='counter'>1</div>")
-    nodes.push("</div>")
-
-    emoji_node = $(nodes.join("\n")).insertBefore(".awards-controls").find(".emoji-icon").data("emoji", emoji)
-
-    $(".award").tooltip()
+    nodes.push(
+      "<button class='btn award-control js-emoji-btn has_tooltip active' title='me'>",
+      "<div class='icon emoji-icon #{emojiCssClass}' data-emoji='#{emoji}'></div>",
+      "<span class='award-control-text js-counter'>1</span>",
+      "</button>"
+    )
+
+    emoji_node = $(nodes.join("\n"))
+      .insertBefore(".js-award-holder")
+      .find(".emoji-icon")
+      .data("emoji", emoji)
+    $('.award-control').tooltip()

  resolveNameToCssClass: (emoji) ->
    emoji_icon = $(".emoji-menu-content [data-emoji='#{emoji}']")
@@ -128,7 +155,7 @@ class @AwardsHandler
        callback.call()

  findEmojiIcon: (emoji) ->
-    $(".award [data-emoji='#{emoji}']")
+    $(".awards > .js-emoji-btn [data-emoji='#{emoji}']")

  scrollToAwards: ->
    $('body, html').animate({
@@ -164,13 +191,13 @@ class @AwardsHandler
      term = $(ev.target).val()

      # Clean previous search results
-      $("ul.emoji-search,h5.emoji-search").remove()
+      $("ul.emoji-menu-search, h5.emoji-search").remove()

      if term
        # Generate a search result block
        h5 = $("<h5>").text("Search results").addClass("emoji-search")
        found_emojis = @searchEmojis(term).show()
-        ul = $("<ul>").addClass("emoji-search").append(found_emojis)
+        ul = $("<ul>").addClass("emoji-menu-list emoji-menu-search").append(found_emojis)
        $(".emoji-menu-content ul, .emoji-menu-content h5").hide()
        $(".emoji-menu-content").append(h5).append(ul)
      else

--- a/app/assets/javascripts/breakpoints.coffee
+++ b/app/assets/javascripts/breakpoints.coffee
+class @Breakpoints
+  instance = null;
+
+  class BreakpointInstance
+    BREAKPOINTS = ["xs", "sm", "md", "lg"]
+
+    constructor: ->
+      @setup()
+
+    setup: ->
+      allDeviceSelector = BREAKPOINTS.map (breakpoint) ->
+        ".device-#{breakpoint}"
+      return if $(allDeviceSelector.join(",")).length
+
+      # Create all the elements
+      els = $.map BREAKPOINTS, (breakpoint) ->
+        "<div class='device-#{breakpoint} visible-#{breakpoint}'></div>"
+      $("body").append els.join('')
+
+    visibleDevice: ->
+      allDeviceSelector = BREAKPOINTS.map (breakpoint) ->
+        ".device-#{breakpoint}"
+      $(allDeviceSelector.join(",")).filter(":visible")
+
+    getBreakpointSize: ->
+      $visibleDevice = @visibleDevice
+      # the page refreshed via turbolinks
+      if not $visibleDevice().length
+        @setup()
+      $visibleDevice = @visibleDevice()
+      return $visibleDevice.attr("class").split("visible-")[1]
+
+  @get: ->
+    return instance ?= new BreakpointInstance
+
+$ =>
+  @bp = Breakpoints.get()
--- a/app/assets/javascripts/ci/build.coffee
+++ b/app/assets/javascripts/ci/build.coffee
@@ -4,6 +4,8 @@ class CiBuild
  constructor: (build_url, build_status) ->
    clearInterval(CiBuild.interval)

+    @initScrollButtonAffix()
+
    if build_status == "running" || build_status == "pending"
      #
      # Bind autoscroll button to follow build output
@@ -38,4 +40,15 @@ class CiBuild
  checkAutoscroll: ->
    $("html,body").scrollTop $("#build-trace").height()  if "enabled" is $("#autoscroll-button").data("state")

+  initScrollButtonAffix: ->
+    $buildScroll = $('#js-build-scroll')
+    $body = $('body')
+    $buildTrace = $('#build-trace')
+
+    $buildScroll.affix(
+      offset:
+        bottom: ->
+          $body.outerHeight() - ($buildTrace.outerHeight() + $buildTrace.offset().top)
+    )
+
 @CiBuild = CiBuild
--- a/app/assets/javascripts/dispatcher.js.coffee
+++ b/app/assets/javascripts/dispatcher.js.coffee
@@ -74,8 +74,9 @@ class Dispatcher
        shortcut_handler = new ShortcutsNavigation()

        new TreeView() if $('#tree-slider').length
-      when 'groups:show'
+      when 'groups:activity'
        new Activities()
+      when 'groups:show'
        shortcut_handler = new ShortcutsNavigation()
      when 'groups:group_members:index'
        new GroupMembers()
@@ -103,6 +104,8 @@ class Dispatcher
        new ProjectFork()
      when 'projects:artifacts:browse'
        new BuildArtifacts()
+      when 'projects:group_links:index'
+        new GroupsSelect()

    switch path.first()
      when 'admin'

--- a/app/assets/javascripts/gl_dropdown.js.coffee
+++ b/app/assets/javascripts/gl_dropdown.js.coffee
+class GitLabDropdownFilter
+  BLUR_KEYCODES = [27, 40]
+
+  constructor: (@dropdown, @options) ->
+    @input = @dropdown.find(".dropdown-input .dropdown-input-field")
+
+    # Key events
+    timeout = ""
+    @input.on "keyup", (e) =>
+      if e.keyCode is 13 && @input.val() isnt ""
+        if @options.enterCallback
+          @options.enterCallback()
+        return
+
+      clearTimeout timeout
+      timeout = setTimeout =>
+        blur_field = @shouldBlur e.keyCode
+        search_text = @input.val()
+
+        if blur_field
+          @input.blur()
+
+        if @options.remote
+          @options.query search_text, (data) =>
+            @options.callback(data)
+        else
+          @filter search_text
+      , 250
+
+  shouldBlur: (keyCode) ->
+    return BLUR_KEYCODES.indexOf(keyCode) >= 0
+
+  filter: (search_text) ->
+    data = @options.data()
+    results = data
+
+    if search_text isnt ""
+      results = fuzzaldrinPlus.filter(data, search_text,
+        key: @options.keys
+      )
+
+    @options.callback results
+
+class GitLabDropdownRemote
+  constructor: (@dataEndpoint, @options) ->
+
+  execute: ->
+    if typeof @dataEndpoint is "string"
+      @fetchData()
+    else if typeof @dataEndpoint is "function"
+      if @options.beforeSend
+        @options.beforeSend()
+
+      # Fetch the data by calling the data funcfion
+      @dataEndpoint "", (data) =>
+        if @options.success
+          @options.success(data)
+
+        if @options.beforeSend
+          @options.beforeSend()
+
+  # Fetch the data through ajax if the data is a string
+  fetchData: ->
+    $.ajax(
+      url: @dataEndpoint,
+      dataType: @options.dataType,
+      beforeSend: =>
+        if @options.beforeSend
+          @options.beforeSend()
+      success: (data) =>
+        if @options.success
+          @options.success(data)
+    )
+
+class GitLabDropdown
+  LOADING_CLASS = "is-loading"
+  PAGE_TWO_CLASS = "is-page-two"
+  ACTIVE_CLASS = "is-active"
+
+  constructor: (@el, @options) ->
+    self = @
+    @dropdown = $(@el).parent()
+    search_fields = if @options.search then @options.search.fields else [];
+
+    if @options.data
+      # Remote data
+      @remote = new GitLabDropdownRemote @options.data, {
+        dataType: @options.dataType,
+        beforeSend: @toggleLoading.bind(@)
+        success: (data) =>
+          @fullData = data
+
+          @parseData @fullData
+      }
+
+    # Init filiterable
+    if @options.filterable
+      @filter = new GitLabDropdownFilter @dropdown,
+        remote: @options.filterRemote
+        query: @options.data
+        keys: @options.search.fields
+        data: =>
+          return @fullData
+        callback: (data) =>
+          @parseData data
+        enterCallback: =>
+          @selectFirstRow()
+
+    # Event listeners
+    @dropdown.on "shown.bs.dropdown", @opened
+    @dropdown.on "hidden.bs.dropdown", @hidden
+
+    if @dropdown.find(".dropdown-toggle-page").length
+      @dropdown.find(".dropdown-toggle-page, .dropdown-menu-back").on "click", (e) =>
+        e.preventDefault()
+        e.stopPropagation()
+
+        @togglePage()
+
+    if @options.selectable
+      selector = ".dropdown-content a"
+
+      if @dropdown.find(".dropdown-toggle-page").length
+        selector = ".dropdown-page-one .dropdown-content a"
+
+      @dropdown.on "click", selector, (e) ->
+        self.rowClicked $(@)
+
+        if self.options.clicked
+          self.options.clicked()
+
+  toggleLoading: ->
+    $('.dropdown-menu', @dropdown).toggleClass LOADING_CLASS
+
+  togglePage: ->
+    menu = $('.dropdown-menu', @dropdown)
+
+    if menu.hasClass(PAGE_TWO_CLASS)
+      if @remote
+        @remote.execute()
+
+    menu.toggleClass PAGE_TWO_CLASS
+
+  parseData: (data) ->
+    @renderedData = data
+
+    # Render each row
+    html = $.map data, (obj) =>
+      return @renderItem(obj)
+
+    if @options.filterable and data.length is 0
+      # render no matching results
+      html = [@noResults()]
+
+    # Render the full menu
+    full_html = @renderMenu(html.join(""))
+
+    @appendMenu(full_html)
+
+  opened: =>
+    contentHtml = $('.dropdown-content', @dropdown).html()
+    if @remote && contentHtml is ""
+      @remote.execute()
+
+    if @options.filterable
+      @dropdown.find(".dropdown-input-field").focus()
+
+  hidden: =>
+    if @options.filterable
+      @dropdown.find(".dropdown-input-field").blur().val("")
+
+    if @dropdown.find(".dropdown-toggle-page").length
+      $('.dropdown-menu', @dropdown).removeClass PAGE_TWO_CLASS
+
+
+  # Render the full menu
+  renderMenu: (html) ->
+    menu_html = ""
+
+    if @options.renderMenu
+      menu_html = @options.renderMenu(html)
+    else
+      menu_html = "<ul>#{html}</ul>"
+
+    return menu_html
+
+  # Append the menu into the dropdown
+  appendMenu: (html) ->
+    selector = '.dropdown-content'
+    if @dropdown.find(".dropdown-toggle-page").length
+      selector = ".dropdown-page-one .dropdown-content"
+
+    $(selector, @dropdown).html html
+
+  # Render the row
+  renderItem: (data) ->
+    html = ""
+
+    return "<li class='divider'></li>" if data is "divider"
+
+    if @options.renderRow
+      # Call the render function
+      html = @options.renderRow(data)
+    else
+      selected = if @options.isSelected then @options.isSelected(data) else false
+      url = if @options.url then @options.url(data) else "#"
+      text = if @options.text then @options.text(data) else ""
+      cssClass = "";
+
+      if selected
+        cssClass = "is-active"
+
+      html = "<li>"
+      html += "<a href='#{url}' class='#{cssClass}'>"
+      html += text
+      html += "</a>"
+      html += "</li>"
+
+    return html
+
+  noResults: ->
+    html = "<li>"
+    html += "<a href='#' class='is-focused'>"
+    html += "No matching results."
+    html += "</a>"
+    html += "</li>"
+
+  rowClicked: (el) ->
+    fieldName = @options.fieldName
+    field = @dropdown.parent().find("input[name='#{fieldName}']")
+
+    if el.hasClass(ACTIVE_CLASS)
+      field.remove()
+    else
+      fieldName = @options.fieldName
+      selectedIndex = el.parent().index()
+      if @renderedData
+        selectedObject = @renderedData[selectedIndex]
+      value = if @options.id then @options.id(selectedObject, el) else selectedObject.id
+
+      if !value?
+        field.remove()
+
+      if @options.multiSelect
+        oldValue = field.val()
+        if oldValue
+          value = "#{oldValue},#{value}"
+      else
+        @dropdown.find(ACTIVE_CLASS).removeClass ACTIVE_CLASS
+
+      # Toggle active class for the tick mark
+      el.toggleClass "is-active"
+
+      if value?
+        if !field.length
+          # Create hidden input for form
+          input = "<input type='hidden' name='#{fieldName}' />"
+          @dropdown.before input
+
+        @dropdown.parent().find("input[name='#{fieldName}']").val value
+
+  selectFirstRow: ->
+    selector = '.dropdown-content li:first-child a'
+    if @dropdown.find(".dropdown-toggle-page").length
+      selector = ".dropdown-page-one .dropdown-content li:first-child a"
+
+    # similute a click on the first link
+    $(selector).trigger "click"
+
+$.fn.glDropdown = (opts) ->
+  return @.each ->
+    new GitLabDropdown @, opts
--- a/app/assets/javascripts/issue_status_select.js.coffee
+++ b/app/assets/javascripts/issue_status_select.js.coffee
+class @IssueStatusSelect
+  constructor: ->
+    $('.js-issue-status').each (i, el) ->
+      fieldName = $(el).data("field-name")
+
+      $(el).glDropdown(
+        selectable: true
+        fieldName: fieldName
+        id: (obj, el) ->
+          $(el).data("id")
+      )
--- a/app/assets/javascripts/labels_select.js.coffee
+++ b/app/assets/javascripts/labels_select.js.coffee
+class @LabelsSelect
+  constructor: ->
+    $('.js-label-select').each (i, dropdown) ->
+      projectId = $(dropdown).data('project-id')
+      labelUrl = $(dropdown).data("labels")
+      selectedLabel = $(dropdown).data('selected')
+      if selectedLabel
+        selectedLabel = selectedLabel.split(",")
+      newLabelField = $('#new_label_name')
+      newColorField = $('#new_label_color')
+      showNo = $(dropdown).data('show-no')
+      showAny = $(dropdown).data('show-any')
+
+      if newLabelField.length
+        $('.suggest-colors-dropdown a').on "click", (e) ->
+          e.preventDefault()
+          e.stopPropagation()
+          newColorField.val $(this).data("color")
+          $('.js-dropdown-label-color-preview')
+            .css 'background-color', $(this).data("color")
+            .addClass 'is-active'
+
+        $('.js-new-label-btn').on "click", (e) ->
+          e.preventDefault()
+          e.stopPropagation()
+
+          if newLabelField.val() isnt "" && newColorField.val() isnt ""
+            $('.js-new-label-btn').disable()
+
+            # Create new label with API
+            Api.newLabel projectId, {
+              name: newLabelField.val()
+              color: newColorField.val()
+            }, (label) ->
+              $('.js-new-label-btn').enable()
+              $('.dropdown-menu-back', $(dropdown).parent()).trigger "click"
+
+      $(dropdown).glDropdown(
+        data: (term, callback) ->
+          # We have to fetch the JS version of the labels list because there is no
+          # public facing JSON url for labels
+          $.ajax(
+            url: labelUrl
+          ).done (data) ->
+            html = $(data)
+            data = []
+            html.find('.label-row a').each ->
+              data.push(
+                title: $(@).text().trim()
+              )
+
+            if showNo
+              data.unshift(
+                id: "0"
+                title: 'No label'
+              )
+
+            if showAny
+              data.unshift(
+                title: 'Any label'
+              )
+
+            if data.length > 2
+              data.splice 2, 0, "divider"
+
+            callback data
+        renderRow: (label) ->
+          if $.isArray(selectedLabel)
+            selected = ""
+            $.each selectedLabel, (i, selectedLbl) ->
+              selectedLbl = selectedLbl.trim()
+              if selected is "" && label.title is selectedLbl
+                selected = "is-active"
+          else
+            selected = if label.title is selectedLabel then "is-active" else ""
+
+          "<li>
+            <a href='#' class='#{selected}'>
+              #{label.title}
+            </a>
+          </li>"
+        filterable: true
+        search:
+          fields: ['title']
+        selectable: true
+        fieldName: $(dropdown).data('field-name')
+        id: (label) ->
+          label.title
+        clicked: ->
+          if $(dropdown).hasClass "js-filter-submit"
+            $(dropdown).parents('form').submit()
+      )
--- a/app/assets/javascripts/merge_request_tabs.js.coffee
+++ b/app/assets/javascripts/merge_request_tabs.js.coffee
@@ -189,7 +189,7 @@ class @MergeRequestTabs
    $('.container-fluid').removeClass('container-limited')

  shrinkView: ->
-    $gutterIcon = $('.gutter-toggle i')
+    $gutterIcon = $('.js-sidebar-toggle i')

    # Wait until listeners are set
    setTimeout( ->
@@ -197,4 +197,3 @@ class @MergeRequestTabs
      if $gutterIcon.is('.fa-angle-double-right')
        $gutterIcon.closest('a').trigger('click',[true])
    , 0)
-
--- a/app/assets/javascripts/milestone_select.js.coffee
+++ b/app/assets/javascripts/milestone_select.js.coffee
+class @MilestoneSelect
+  constructor: ->
+    $('.js-milestone-select').each (i, dropdown) ->
+      projectId = $(dropdown).data('project-id')
+      milestonesUrl = $(dropdown).data('milestones')
+      selectedMilestone = $(dropdown).data('selected')
+      showNo = $(dropdown).data('show-no')
+      showAny = $(dropdown).data('show-any')
+      useId = $(dropdown).data('use-id')
+
+      $(dropdown).glDropdown(
+        data: (term, callback) ->
+          $.ajax(
+            url: milestonesUrl
+          ).done (data) ->
+            html = $(data)
+            data = []
+            html.find('.milestone strong a').each ->
+              link = $(@).attr("href").split("/")
+              data.push(
+                id: link[link.length - 1]
+                title: $(@).text().trim()
+              )
+
+            if showNo
+              data.unshift(
+                id: "0"
+                title: 'No Milestone'
+              )
+
+            if showAny
+              data.unshift(
+                title: 'Any Milestone'
+              )
+
+            if data.length > 2
+              data.splice 2, 0, "divider"
+
+            callback(data)
+        filterable: true
+        search:
+          fields: ['title']
+        selectable: true
+        fieldName: $(dropdown).data('field-name')
+        text: (milestone) ->
+          milestone.title
+        id: (milestone) ->
+          if !useId
+            if milestone.title isnt "Any milestone"
+              milestone.title
+            else
+              ""
+          else
+            milestone.id
+        isSelected: (milestone) ->
+          milestone.title is selectedMilestone
+        clicked: ->
+          if $(dropdown).hasClass "js-filter-submit"
+            $(dropdown).parents('form').submit()
+      )
--- a/app/assets/javascripts/notes.js.coffee
+++ b/app/assets/javascripts/notes.js.coffee
@@ -30,8 +30,11 @@ class @Notes
    $(document).on "ajax:success", ".js-main-target-form", @addNote
    $(document).on "ajax:success", ".js-discussion-note-form", @addDiscussionNote

+    # catch note ajax errors
+    $(document).on "ajax:error", ".js-main-target-form", @addNoteError
+
    # change note in UI after update
-    $(document).on "ajax:success", "form.edit_note", @updateNote
+    $(document).on "ajax:success", "form.edit-note", @updateNote

    # Edit note link
    $(document).on "click", ".js-note-edit", @showEditForm
@@ -51,6 +54,9 @@ class @Notes
    $(document).on "ajax:complete", ".js-main-target-form", @reenableTargetFormSubmitButton
    $(document).on "ajax:success", ".js-main-target-form", @resetMainTargetForm

+    # reset main target form when clicking discard
+    $(document).on "click", ".js-note-discard", @resetMainTargetForm
+
    # update the file name when an attachment is selected
    $(document).on "change", ".js-note-attachment-input", @updateFormAttachment

@@ -72,7 +78,7 @@ class @Notes
  cleanBinding: ->
    $(document).off "ajax:success", ".js-main-target-form"
    $(document).off "ajax:success", ".js-discussion-note-form"
-    $(document).off "ajax:success", "form.edit_note"
+    $(document).off "ajax:success", "form.edit-note"
    $(document).off "click", ".js-note-edit"
    $(document).off "click", ".note-edit-cancel"
    $(document).off "click", ".js-note-delete"
@@ -85,6 +91,7 @@ class @Notes
    $(document).off "keyup", ".js-note-text"
    $(document).off "click", ".js-note-target-reopen"
    $(document).off "click", ".js-note-target-close"
+    $(document).off "click", ".js-note-discard"

    $('.note .js-task-list-container').taskList('disable')
    $(document).off 'tasklist:changed', '.note .js-task-list-container'
@@ -219,7 +226,7 @@ class @Notes
  Resets text and preview.
  Resets buttons.
  ###
-  resetMainTargetForm: ->
+  resetMainTargetForm: (e) =>
    form = $(".js-main-target-form")

    # remove validation errors
@@ -231,6 +238,8 @@ class @Notes

    form.find(".js-note-text").data("autosave").reset()

+    @updateTargetButtons(e)
+
  reenableTargetFormSubmitButton: ->
    form = $(".js-main-target-form")

@@ -274,8 +283,10 @@ class @Notes
    form.removeClass "js-new-note-form"
    form.find('.div-dropzone').remove()

+    # hide discard button
+    form.find('.js-note-discard').hide()
+
    # setup preview buttons
-    form.find(".js-md-write-button, .js-md-preview-button").tooltip placement: "left"
    previewButton = form.find(".js-md-preview-button")

    textarea = form.find(".js-note-text")
@@ -309,6 +320,10 @@ class @Notes
  addNote: (xhr, note, status) =>
    @renderNote(note)

+  addNoteError: (xhr, note, status) =>
+    flash = new Flash('Your comment could not be submitted! Please check your network connection and try again.', 'alert')
+    flash.pinTo('.md-area')
+
  ###
  Called in response to the new note form being submitted

@@ -347,22 +362,26 @@ class @Notes
    note = $(this).closest(".note")
    note.find(".note-body > .note-text").hide()
    note.find(".note-header").hide()
-    base_form = note.find(".note-edit-form")
-    form = base_form.clone().insertAfter(base_form)
-    form.addClass('current-note-edit-form gfm-form')
-    form.find('.div-dropzone').remove()
+    form = note.find(".note-edit-form")
+    isNewForm = form.is(':not(.gfm-form)')
+    if isNewForm
+      form.addClass('gfm-form')
+    form.addClass('current-note-edit-form')
+    form.show()

    # Show the attachment delete link
    note.find(".js-note-attachment-delete").show()

    # Setup markdown form
-    GitLab.GfmAutoComplete.setup()
-    new DropzoneInput(form)
+    if isNewForm
+      GitLab.GfmAutoComplete.setup()
+      new DropzoneInput(form)

-    form.show()
    textarea = form.find("textarea")
    textarea.focus()
-    autosize(textarea)
+
+    if isNewForm
+      autosize(textarea)

    # HACK (rspeicher/DouweM): Work around a Chrome 43 bug(?).
    # The textarea has the correct value, Chrome just won't show it unless we
@@ -371,7 +390,8 @@ class @Notes
    textarea.val ""
    textarea.val value

-    disableButtonIfEmptyField textarea, form.find(".js-comment-button")
+    if isNewForm
+      disableButtonIfEmptyField textarea, form.find(".js-comment-button")

  ###
  Called in response to clicking the edit note link
@@ -383,7 +403,9 @@ class @Notes
    note = $(this).closest(".note")
    note.find(".note-body > .note-text").show()
    note.find(".note-header").show()
-    note.find(".current-note-edit-form").remove()
+    note.find(".current-note-edit-form")
+      .removeClass("current-note-edit-form")
+      .hide()

  ###
  Called in response to deleting a note of any kind.
@@ -462,6 +484,11 @@ class @Notes
    form.find("#note_line_code").val dataHolder.data("lineCode")
    form.find("#note_noteable_type").val dataHolder.data("noteableType")
    form.find("#note_noteable_id").val dataHolder.data("noteableId")
+    form.find('.js-note-discard')
+        .show()
+        .removeClass('js-note-discard')
+        .addClass('js-close-discussion-note-form')
+        .text(form.find('.js-close-discussion-note-form').data('cancel-text'))
    @setupNoteForm form
    form.find(".js-note-text").focus()
    form.addClass "js-discussion-note-form"
@@ -561,21 +588,52 @@ class @Notes
  updateCloseButton: (e) =>
    textarea = $(e.target)
    form = textarea.parents('form')
-    form.find('.js-note-target-close').text('Close')
+    closebtn = form.find('.js-note-target-close')
+    closebtn.text(closebtn.data('original-text'))

  updateTargetButtons: (e) =>
    textarea = $(e.target)
    form = textarea.parents('form')
+    reopenbtn = form.find('.js-note-target-reopen')
+    closebtn = form.find('.js-note-target-close')
+    discardbtn = form.find('.js-note-discard')
+
    if textarea.val().trim().length > 0
-      form.find('.js-note-target-reopen').text('Comment & reopen')
-      form.find('.js-note-target-close').text('Comment & close')
-      form.find('.js-note-target-reopen').addClass('btn-comment-and-reopen')
-      form.find('.js-note-target-close').addClass('btn-comment-and-close')
+      reopentext = reopenbtn.data('alternative-text')
+      closetext = closebtn.data('alternative-text')
+
+      if reopenbtn.text() isnt reopentext
+        reopenbtn.text(reopentext)
+
+      if closebtn.text() isnt closetext
+        closebtn.text(closetext)
+
+      if reopenbtn.is(':not(.btn-comment-and-reopen)')
+        reopenbtn.addClass('btn-comment-and-reopen')
+
+      if closebtn.is(':not(.btn-comment-and-close)')
+        closebtn.addClass('btn-comment-and-close')
+
+      if discardbtn.is(':hidden')
+        discardbtn.show()
    else
-      form.find('.js-note-target-reopen').text('Reopen')
-      form.find('.js-note-target-close').text('Close')
-      form.find('.js-note-target-reopen').removeClass('btn-comment-and-reopen')
-      form.find('.js-note-target-close').removeClass('btn-comment-and-close')
+      reopentext = reopenbtn.data('original-text')
+      closetext = closebtn.data('original-text')
+
+      if reopenbtn.text() isnt reopentext
+        reopenbtn.text(reopentext)
+
+      if closebtn.text() isnt closetext
+        closebtn.text(closetext)
+
+      if reopenbtn.is(':not(.btn-comment-and-reopen)')
+        reopenbtn.removeClass('btn-comment-and-reopen')
+
+      if closebtn.is(':not(.btn-comment-and-close)')
+        closebtn.removeClass('btn-comment-and-close')
+
+      if discardbtn.is(':visible')
+        discardbtn.hide()

  initTaskList: ->
    @enableTaskList()

--- a/app/assets/javascripts/profile.js.coffee
+++ b/app/assets/javascripts/profile.js.coffee
@@ -4,64 +4,27 @@ class @Profile
    $('.js-preferences-form').on 'change.preference', 'input[type=radio]', ->
      $(this).parents('form').submit()

-    $('.update-username form').on 'ajax:before', ->
-      $('.loading-gif').show()
+    $('.update-username').on 'ajax:before', ->
+      $('.loading-username').show()
      $(this).find('.update-success').hide()
      $(this).find('.update-failed').hide()

-    $('.update-username form').on 'ajax:complete', ->
+    $('.update-username').on 'ajax:complete', ->
+      $('.loading-username').hide()
      $(this).find('.btn-save').enable()
      $(this).find('.loading-gif').hide()

    $('.update-notifications').on 'ajax:complete', ->
      $(this).find('.btn-save').enable()

-    # Avatar management
-
-    $avatarInput = $('.js-user-avatar-input')
-    $filename = $('.js-avatar-filename')
-    $modalCrop = $('.modal-profile-crop')
-    $modalCropImg = $('.modal-profile-crop-image')
-
-    $('.js-choose-user-avatar-button').on "click", ->
-      $form = $(this).closest("form")
-      $form.find(".js-user-avatar-input").click()
-
-    $modalCrop.on 'shown.bs.modal', ->
-      setTimeout ( -> # The cropper must be asynchronously initialized
-        $modalCropImg.cropper
-          aspectRatio: 1
-          modal: false
-          scalable: false
-          rotatable: false
-          zoomable: false
-
-          crop: (event) ->
-            ['x', 'y'].forEach (key) ->
-              $("#user_avatar_crop_#{key}").val(Math.floor(event[key]))
-            $("#user_avatar_crop_size").val(Math.floor(event.width))
-      ), 0
-
-    $modalCrop.on 'hidden.bs.modal', ->
-      $modalCropImg.attr('src', '').cropper('destroy')
-      $avatarInput.val('')
-      $filename.text($filename.data('label'))
-
-    $('.js-upload-user-avatar').on 'click', ->
-      $('.edit-user').submit()
+    $('.js-choose-user-avatar-button').bind "click", ->
+      form = $(this).closest("form")
+      form.find(".js-user-avatar-input").click()

-    $avatarInput.on "change", ->
+    $('.js-user-avatar-input').bind "change", ->
      form = $(this).closest("form")
      filename = $(this).val().replace(/^.*[\\\/]/, '')
-      $filename.data('label', $filename.text()).text(filename)
-
-      reader = new FileReader
-
-      reader.onload = (event) ->
-        $modalCrop.modal('show')
-        $modalCropImg.attr('src', event.target.result)
-
-      fileData = reader.readAsDataURL(this.files[0])
+      form.find(".js-avatar-filename").text(filename)

 $ ->
  # Extract the SSH Key title from its comment

--- a/app/assets/javascripts/sidebar.js.coffee
+++ b/app/assets/javascripts/sidebar.js.coffee
-$(document).on("click", '.toggle-nav-collapse', (e) ->
-  e.preventDefault()
-  collapsed = 'page-sidebar-collapsed'
-  expanded = 'page-sidebar-expanded'
+collapsed = 'page-sidebar-collapsed'
+expanded = 'page-sidebar-expanded'

+toggleSidebar = ->
  $('.page-with-sidebar').toggleClass("#{collapsed} #{expanded}")
  $('header').toggleClass("header-collapsed header-expanded")
  $('.sidebar-wrapper').toggleClass("sidebar-collapsed sidebar-expanded")
@@ -14,4 +13,15 @@ $(document).on("click", '.toggle-nav-collapse', (e) ->
    niceScrollBars.updateScrollBar();
  ), 300

+$(document).on("click", '.toggle-nav-collapse', (e) ->
+  e.preventDefault()
+
+  toggleSidebar()
 )
+
+$ ->
+  size = bp.getBreakpointSize()
+
+  if size is "xs" or size is "sm"
+    if $('.page-with-sidebar').hasClass(expanded)
+      toggleSidebar()
--- a/app/assets/javascripts/subscription.js.coffee
+++ b/app/assets/javascripts/subscription.js.coffee
 class @Subscription
-  constructor: (url) ->
-    $(".subscribe-button").unbind("click").click (event)=>
-      btn = $(event.currentTarget)
-      action = btn.find("span").text()
-      current_status = $(".subscription-status").attr("data-status")
-      btn.prop("disabled", true)
-      
-      $.post url, =>
-        btn.prop("disabled", false)
-        status = if current_status == "subscribed" then "unsubscribed" else "subscribed"
-        $(".subscription-status").attr("data-status", status)
-        action = if status == "subscribed" then "Unsubscribe" else "Subscribe"
-        btn.find("span").text(action)
-        $(".subscription-status>div").toggleClass("hidden")
+  constructor: (container) ->
+    $container = $(container)
+    @url = $container.attr('data-url')
+    @subscribe_button = $container.find('.subscribe-button')
+    @subscription_status = $container.find('.subscription-status')
+    @subscribe_button.unbind('click').click(@toggleSubscription)

-    
+  toggleSubscription: (event) =>
+    btn = $(event.currentTarget)
+    action = btn.find('span').text()
+    current_status = @subscription_status.attr('data-status')
+    btn.prop('disabled', true)
+
+    $.post @url, =>
+      btn.prop('disabled', false)
+      status = if current_status == 'subscribed' then 'unsubscribed' else 'subscribed'
+      @subscription_status.attr('data-status', status)
+      action = if status == 'subscribed' then 'Unsubscribe' else 'Subscribe'
+      btn.find('span').text(action)
+      @subscription_status.find('>div').toggleClass('hidden')
--- a/app/assets/javascripts/users_select.js.coffee
+++ b/app/assets/javascripts/users_select.js.coffee
@@ -3,6 +3,81 @@ class @UsersSelect
    @usersPath = "/autocomplete/users.json"
    @userPath = "/autocomplete/users/:id.json"

+    $('.js-user-search').each (i, dropdown) =>
+      @projectId = $(dropdown).data('project-id')
+      @showCurrentUser = $(dropdown).data('current-user')
+      showNullUser = $(dropdown).data('null-user')
+      showAnyUser = $(dropdown).data('any-user')
+      firstUser = $(dropdown).data('first-user')
+      selectedId = $(dropdown).data('selected')
+
+      $(dropdown).glDropdown(
+        data: (term, callback) =>
+          @users term, (users) =>
+            if term.length is 0
+              showDivider = 0
+
+              if firstUser
+                # Move current user to the front of the list
+                for obj, index in users
+                  if obj.username == firstUser
+                    users.splice(index, 1)
+                    users.unshift(obj)
+                    break
+
+              if showNullUser
+                showDivider += 1
+                users.unshift(
+                  name: 'Unassigned',
+                  id: 0
+                )
+
+              if showAnyUser
+                showDivider += 1
+                name = showAnyUser
+                name = 'Any User' if name == true
+                anyUser = {
+                  name: name,
+                  id: null
+                }
+                users.unshift(anyUser)
+
+            if showDivider
+              users.splice(showDivider, 0, "divider")
+
+            # Send the data back
+            callback users
+        filterable: true
+        filterRemote: true
+        search:
+          fields: ['name', 'username']
+        selectable: true
+        fieldName: $(dropdown).data('field-name')
+        clicked: ->
+          if $(dropdown).hasClass "js-filter-submit"
+            $(dropdown).parents('form').submit()
+        renderRow: (user) ->
+          username = if user.username then "@#{user.username}" else ""
+          avatar = if user.avatar_url then user.avatar_url else false
+          selected = if user.id is selectedId then "is-active" else ""
+          img = ""
+
+          if avatar
+            img = "<img src='#{avatar}' class='avatar avatar-inline' width='30' />"
+
+          "<li>
+            <a href='#' class='dropdown-menu-user-link #{selected}'>
+              #{img}
+              <strong class='dropdown-menu-user-full-name'>
+                #{user.name}
+              </strong>
+              <span class='dropdown-menu-user-username'>
+                #{username}
+              </span>
+            </a>
+          </li>"
+      )
+
    $('.ajax-users-select').each (i, select) =>
      @projectId = $(select).data('project-id')
      @groupId = $(select).data('group-id')

--- a/app/assets/stylesheets/application.scss
+++ b/app/assets/stylesheets/application.scss
@@ -9,7 +9,6 @@
 *= require_self
 *= require dropzone/basic
 *= require cal-heatmap
- *= require cropper.css
 */

 /*

--- a/app/assets/stylesheets/framework/blocks.scss
+++ b/app/assets/stylesheets/framework/blocks.scss
@@ -28,6 +28,10 @@
  border-bottom: 1px solid $border-color;
  color: $gl-gray;

+  a {
+    color: $md-link-color;
+  }
+
  &.oneline-block {
    line-height: 42px;
  }
@@ -116,6 +120,10 @@
  .cover-desc {
    padding: 0 $gl-padding 3px;
    color: $gl-text-color;
+
+    &.username:last-child {
+      padding-bottom: $gl-padding;
+    }
  }

  .cover-controls {
@@ -153,3 +161,7 @@
    float: right;
  }
 }
+
+.content-block-small {
+  padding: 10px 0;
+}
--- a/app/assets/stylesheets/framework/common.scss
+++ b/app/assets/stylesheets/framework/common.scss
@@ -12,11 +12,13 @@
 .prepend-top-default { margin-top: $gl-padding !important; }
 .prepend-top-20 { margin-top:20px }
 .prepend-left-10 { margin-left:10px }
-.prepend-left-default { margin-left:$gl-padding }
+.prepend-left-default { margin-left: $gl-padding; }
 .prepend-left-20 { margin-left:20px }
 .append-right-5 { margin-right: 5px }
 .append-right-10 { margin-right:10px }
+.append-right-default { margin-right: $gl-padding; }
 .append-right-20 { margin-right:20px }
+.append-bottom-0 { margin-bottom:0 }
 .append-bottom-10 { margin-bottom:10px }
 .append-bottom-15 { margin-bottom:15px }
 .append-bottom-20 { margin-bottom:20px }

--- a/app/assets/stylesheets/framework/dropdowns.scss
+++ b/app/assets/stylesheets/framework/dropdowns.scss
@@ -17,6 +17,47 @@
  .dropdown-menu {
    display: block;
  }
+
+  .dropdown-menu-toggle {
+    border-color: $dropdown-toggle-hover-border-color;
+
+    .fa {
+      color: $dropdown-toggle-hover-icon-color;
+    }
+  }
+}
+
+.dropdown-menu-toggle {
+  position: relative;
+  width: 160px;
+  padding: 6px 20px 6px 10px;
+  background-color: $dropdown-toggle-bg;
+  color: $dropdown-toggle-color;
+  font-size: 15px;
+  text-align: left;
+  border: 1px solid $dropdown-toggle-border-color;
+  border-radius: 2px;
+  outline: 0;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  overflow: hidden;
+
+  .fa {
+    position: absolute;
+    top: 50%;
+    right: 6px;
+    margin-top: -4px;
+    color: $dropdown-toggle-icon-color;
+    font-size: 10px;
+  }
+
+  &:hover, {
+    border-color: $dropdown-toggle-hover-border-color;
+
+    .fa {
+      color: $dropdown-toggle-hover-icon-color;
+    }
+  }
 }

 .dropdown-menu {
@@ -24,7 +65,7 @@
  position: absolute;
  top: 100%;
  left: 0;
-  z-index: 9999;
+  z-index: 9;
  width: 240px;
  margin-top: 2px;
  margin-bottom: 0;
@@ -36,6 +77,21 @@
  border-radius: $border-radius-base;
  box-shadow: 0 2px 4px $dropdown-shadow-color;

+  &.is-loading {
+    .dropdown-content {
+      display: none;
+    }
+
+    .dropdown-loading {
+      display: block;
+    }
+  }
+
+  ul {
+    margin: 0;
+    padding: 0;
+  }
+
  li {
    text-align: left;
    list-style: none;
@@ -61,13 +117,70 @@
    white-space: nowrap;
    overflow: hidden;

-    &:hover {
+    &:hover,
+    &:focus,
+    &.is-focused {
      background-color: $dropdown-link-hover-bg;
      text-decoration: none;
+      outline: 0;
    }
  }
 }

+.dropdown-menu-paging {
+  .dropdown-page-two,
+  .dropdown-menu-back {
+    display: none;
+  }
+
+  &.is-page-two {
+    .dropdown-page-one {
+      display: none;
+    }
+
+    .dropdown-page-two,
+    .dropdown-menu-back {
+      display: block;
+    }
+  }
+}
+
+.dropdown-menu-user {
+  .avatar {
+    float: left;
+    width: 30px;
+    height: 30px;
+    margin: 0 10px 0 0;
+  }
+}
+
+.dropdown-menu-user-link {
+  padding-top: 7px;
+  padding-bottom: 7px;
+}
+
+.dropdown-menu-user-full-name {
+  display: block;
+  margin-bottom: 2px;
+  font-weight: 600;
+  line-height: 1;
+  text-overflow: ellipsis;
+  overflow: hidden;
+  white-space: nowrap;
+}
+
+.dropdown-menu-user-username {
+  display: block;
+  line-height: 1;
+  text-overflow: ellipsis;
+  overflow: hidden;
+  white-space: nowrap;
+}
+
+.dropdown-select {
+  width: 280px;
+}
+
 .dropdown-menu-align-right {
  left: auto;
  right: 0;
@@ -101,3 +214,130 @@
  font-size: 13px;
  line-height: 22px;
 }
+
+.dropdown-title {
+  position: relative;
+  margin-bottom: 10px;
+  padding-left: 30px;
+  padding-right: 30px;
+  padding-bottom: 10px;
+  font-weight: 600;
+  line-height: 1;
+  text-align: center;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  border-bottom: 1px solid $dropdown-divider-color;
+  overflow: hidden;
+}
+
+.dropdown-title-button {
+  position: absolute;
+  top: -1px;
+  padding: 0;
+  color: $dropdown-title-btn-color;
+  font-size: 14px;
+  border: 0;
+  background: none;
+  outline: 0;
+
+  &:hover {
+    color: darken($dropdown-title-btn-color, 15%);
+  }
+}
+
+.dropdown-menu-close {
+  right: 0;
+}
+
+.dropdown-menu-back {
+  left: 0;
+}
+
+.dropdown-input {
+  position: relative;
+  margin-bottom: 10px;
+
+  .fa {
+    position: absolute;
+    top: 10px;
+    right: 10px;
+    color: #C7C7C7;
+    font-size: 12px;
+    pointer-events: none;
+  }
+}
+
+.dropdown-input-field {
+  width: 100%;
+  padding: 0 7px;
+  color: $dropdown-input-color;
+  line-height: 30px;
+  border: 1px solid $dropdown-divider-color;
+  border-radius: 2px;
+  outline: 0;
+
+  &:focus {
+    color: $dropdown-link-color;
+    border-color: $dropdown-input-focus-border;
+    box-shadow: 0 0 4px $dropdown-input-focus-shadow;
+
+    + .fa {
+      color: $dropdown-link-color;
+    }
+  }
+
+  &:hover {
+    + .fa {
+      color: $dropdown-link-color;
+    }
+  }
+}
+
+.dropdown-content {
+  max-height: 215px;
+  overflow-y: scroll;
+}
+
+.dropdown-footer {
+  padding-top: 10px;
+  margin-top: 10px;
+  font-size: 13px;
+  border-top: 1px solid $dropdown-divider-color;
+}
+
+.dropdown-footer-list {
+  font-size: 14px;
+
+  a {
+    padding-left: 10px;
+  }
+}
+
+.dropdown-loading {
+  position: absolute;
+  top: 0;
+  right: 0;
+  bottom: 0;
+  left: 0;
+  display: none;
+  z-index: 9;
+  background-color: $dropdown-loading-bg;
+  font-size: 28px;
+
+  .fa {
+    position: absolute;
+    top: 50%;
+    left: 50%;
+    margin-top: -14px;
+    margin-left: -14px;
+  }
+}
+
+.dropdown-menu-labels {
+  .label {
+    position: relative;
+    width: 30px;
+    margin-right: 5px;
+    text-indent: -99999px;
+  }
+}
--- a/app/assets/stylesheets/framework/files.scss
+++ b/app/assets/stylesheets/framework/files.scss
@@ -169,6 +169,7 @@
     */
    &.code {
      padding: 0;
+      -webkit-overflow-scrolling: auto; // See https://gitlab.com/gitlab-org/gitlab-ce/issues/13987
    }
  }
 }

--- a/app/assets/stylesheets/framework/filters.scss
+++ b/app/assets/stylesheets/framework/filters.scss
 .filter-item {
  margin-right: 6px;
+  vertical-align: top;
 }

 @media (min-width: 800px)  {

--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -141,22 +141,18 @@ header {
  margin-left: $sidebar_collapsed_width;
 }

-@media (max-width: $screen-md-max) {
-  .header-collapsed {
-    margin-left: $sidebar_collapsed_width;
-  }
-
- .header-expanded {
-    margin-left: $sidebar_width;
- }
-}
+.header-collapsed {
+  margin-left: $sidebar_collapsed_width;

-@media(min-width: $screen-md-max) {
-  .header-collapsed {
+  @media (min-width: $screen-md-min) {
    @include collapsed-header;
  }
+}
+
+.header-expanded {
+  margin-left: $sidebar_collapsed_width;

-  .header-expanded {
+  @media (min-width: $screen-md-min) {
    margin-left: $sidebar_width;
  }
 }

--- a/app/assets/stylesheets/framework/mixins.scss
+++ b/app/assets/stylesheets/framework/mixins.scss
@@ -41,12 +41,6 @@
  transition: $transition;
 }

-@mixin transform($transform) {
-  -webkit-transform: $transform;
-  -ms-transform: $transform;
-  transform: $transform;
-}
-
 /**
 * Prefilled mixins
 * Mixins with fixed values

--- a/app/assets/stylesheets/framework/nav.scss
+++ b/app/assets/stylesheets/framework/nav.scss
@@ -63,7 +63,7 @@
    border-bottom: none;

    /* Small devices (phones, tablets, 768px and lower) */
-    @media (max-width: $screen-sm-min) {
+    @media (max-width: $screen-sm-max) {
      width: 100%;
    }
  }

--- a/app/assets/stylesheets/framework/sidebar.scss
+++ b/app/assets/stylesheets/framework/sidebar.scss
@@ -34,12 +34,12 @@
    @media (min-width: $screen-sm-min) {
      padding-right: $gutter_width;
    }
-    
+
  }
 }

 .sidebar-wrapper {
-  z-index: 99;
+  z-index: 999;
  background: $background-color;
 }

@@ -203,7 +203,11 @@
 }

 @mixin expanded-sidebar {
-  padding-left: $sidebar_width;
+  padding-left: $sidebar_collapsed_width;
+
+  @media (min-width: $screen-md-min) {
+    padding-left: $sidebar_width;
+  }

  &.right-sidebar-collapsed {
    /* Extra small devices (phones, less than 768px) */

--- a/app/assets/stylesheets/framework/typography.scss
+++ b/app/assets/stylesheets/framework/typography.scss
@@ -149,13 +149,13 @@
    }

    &:hover > a.anchor {
-      $size: 16px;
+      $size: 14px;
      position: absolute;
      right: 100%;
      top: 50%;
-      margin-top: -$size/2;
-      margin-right: 0px;
-      padding-right: 20px;
+      margin-top: -11px;
+      margin-right: 0;
+      padding-right: 15px;
      display: inline-block;
      width: $size;
      height: $size;

--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -34,13 +34,15 @@ $error-exclamation-point: #E62958;
 $border-radius-default: 3px;
 $list-title-color: #333333;
 $list-text-color: #555555;
-$profile-settings-link-color: $md-link-color;

 $btn-transparent-color: #8F8F8F;

 $ssh-key-icon-color: #8F8F8F;
 $ssh-key-icon-size: 18px;

+$provider-btn-group-border: #E5E5E5;
+$provider-btn-not-active-color: #4688F1;
+
 /*
 * Color schema
 */
@@ -70,7 +72,7 @@ $orange-light: rgba(252, 109, 38, 0.80);
 $orange-normal: #E75E40;
 $orange-dark: #CE5237;

-$red-light: #F43263;
+$red-light: #F06559;
 $red-normal: #E52C5A;
 $red-dark: #D22852;

@@ -94,13 +96,17 @@ $border-orange-light: #fc6d26;
 $border-orange-normal: #CE5237;
 $border-orange-dark: #C14E35;

-$border-red-light: #E52C5A;
+$border-red-light: #F24F41;
 $border-red-normal: #D22852;
 $border-red-dark: #CA264F;

 $help-well-bg: #FAFAFA;
 $help-well-border: #E5E5E5;

+$warning-message-bg: #FBF2D9;
+$warning-message-color: #9E8E60;
+$warning-message-border: #F0E2BB;
+
 /* header */
 $light-grey-header: #faf9f9;

@@ -138,3 +144,22 @@ $dropdown-shadow-color: rgba(#000, .1);
 $dropdown-divider-color: rgba(#000, .1);
 $dropdown-header-color: #959494;
 $dropdown-caret-color: #54565B;
+$dropdown-title-btn-color: #BFBFBF;
+$dropdown-input-color: #C7C7C7;
+$dropdown-input-focus-border: rgb(58, 171, 240);
+$dropdown-input-focus-shadow: rgba(#000, .2);
+$dropdown-loading-bg: rgba(#fff, .6);
+
+$dropdown-toggle-bg: #fff;
+$dropdown-toggle-color: #626262;
+$dropdown-toggle-border-color: #EAEAEA;
+$dropdown-toggle-hover-border-color: darken($dropdown-toggle-border-color, 15%);
+$dropdown-toggle-icon-color: #C4C4C4;
+$dropdown-toggle-hover-icon-color: $dropdown-toggle-hover-border-color;
+
+/*
+ *  Award emoji
+ */
+$award-emoji-menu-bg: #FFF;
+$award-emoji-menu-border: #F1F2F4;
+$award-emoji-new-btn-icon-color: #DCDCDC;
--- a/app/assets/stylesheets/pages/awards.scss
+++ b/app/assets/stylesheets/pages/awards.scss
 .awards {
-  @include clearfix;
  line-height: 34px;

  .emoji-icon {
    width: 20px;
    height: 20px;
-    margin: 7px 0 0 5px;
  }
+}

-  .award {
-    @include border-radius(5px);
-
-    border: 1px solid;
-    padding: 0px 10px;
-    float: left;
-    margin-right: 5px;
-    border-color: $border-color;
-    cursor: pointer;
+.emoji-menu {
+  position: absolute;
+  top: 100%;
+  left: 0;
+  margin-top: 3px;
+  z-index: 1000;
+  min-width: 160px;
+  font-size: 14px;
+  background-color: $award-emoji-menu-bg;
+  border: 1px solid $award-emoji-menu-border;
+  border-radius: $border-radius-base;
+  box-shadow: 0 6px 12px rgba(0,0,0,.175);
+  pointer-events: none;
+  opacity: 0;
+  transform: scale(.2);
+  transform-origin: 0 -45px;
+  transition: all .3s cubic-bezier(.87,-.41,.19,1.44);
+
+  &.is-visible {
+    pointer-events: all;
+    opacity: 1;
+    transform: scale(1);
+  }

-    &:hover {
-      background-color: #dce0e5;
+  .emoji-menu-content {
+    padding: $gl-padding;
+    width: 300px;
+    height: 300px;
+    overflow-y: scroll;
+
+    input.emoji-search{
+      background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAcCAYAAAByDd+UAAAFu0lEQVRIia1WTahkVxH+quqce7vf6zdvJpHoIlkYJ2SiJiIokmQjgoGgIAaEIYuYXWICgojiwkmC4taFwhjcyIDusogEIwwiSSCKPwsdwzAg0SjJ9Izzk5n3+nXfe8+pqizOvd395scfsJqi6dPnnDr11Vc/NJ1OwUTosqJLCmYCHCAC2mSHs+ojZv6AO46Y+20AhIneJsafhPhXVZSXDk7qi+aOLhtQNuBmQtcarAKjTXpn2+l3u2yPunvZSABRucjcAV/eMZuM48/Go/g1d19kc4wq+e8MZjWkbI/P5t2P3RFFbv7SQdyBlBUx8N8OTuqjMcof+N94yMPrY2DMm/ytnb32J0QrY+6AqsHM4Q64O9SKDmerKDD3Oy/tNL9vk342CC8RuU6n0ymCMHb22scu7zQngtASOjUHE1BX4UUAv4b7Ow6qiXCXuz/UdvogAAweDY943/b4cAz0ZlYHXeMsnT07RVb7wMUr8ykI4H5HVkMd5Rcb4/jNURVOL5qErAaAUUdCCIJ5kx5q2nw8m39ImEAAsjpE6PStB0YfMcd1wqqG3Xn7A3PfZyyKnNjaqD4fmE/fCNKshirIyY1xvI+Av6g5QIAIIWX7cJPssboSiBBEeKmsZne0Sb8kzAUWNYyq8NvbDo0fZ6beqxuLmqOOMr/lwOh+YXpXtbjERGja9JyZ9+HxpXKb9Gj5oywRESbj+Cj1ENG1QViTGBl1FbC1We1tbVRfHWIoQkhqH9xbpE92XUbb6VJZ1R4crjRz1JWcDMJvLdoMcyAEhjuwHo8Bfndg3mbszhOY+adVlMtD3po51OwzIQiEaams7oeJhxRw1FFOVpFRRUYIhMBAFRnjOsC8IFHHUA4TQQhgAqpAiIFfGbxkIqj54ayGbL7UoOqHCniAEKHLNr26l+D9wQJzeUwMAnfHvEnLECzZRwRV++d60ptjW9VLZeolEJG6GwCCE0CFVNB+Ay0NEqoQYG4YYFu7B8IEVRt3uRzy/osIoLV9QZimWXGHUMFdmI6M64DUF2Je88R9VZqCSP+QlcF5k+4tCzSsXaqjINuK6UyE0+s/mk6/qFq8oAIL9pqMLhkGsNrOyoOIlszust3aJv0U9+kFdwjTGwWl1YdF+KWlQSZ0Se/psj8yGVdg5tJyfH96EBWmLtoEMwMzMFt031NzGWLLzKhC+KV7H5ZeeaMOPxemma2x68puc0LN3+/u6LJiePS6MKHvn4wu6cPzJj0hsioeMfDrEvjv5r6W9gBvjKJujuKzQ0URIZj75NylvT+mbHfXQa4rwAMaVRTMm/SFyzvNy0yF6+4AM+1ubcSnqkAIUjQKl1RKSbE5jt+vovx1MBqF0WW7/d1Z80ab9BtmuJ3Xk5cJKds9TZt/uLPXvtiTrQ+dIwqfAejUvM1os6FNikXKUHfQ+ekUsXT5u85enJ0CaBSkkGEo1syUQ+DfMdE/4GA1uzupf9zdbzhOmLsF4efHVXjaHHAzmDtGdQRd/Nc5wAEJjNki3XfhyvwVNz80xANrht3LsENY9cBBdN1L9GUyyvFRFZ42t75sBvCQRykbRlU4tT2pPxoCvzx09d4GmPs200M6wKdWSDGK8mppYSWdhAlt0qeaLv+IadXU9/Evq4FAZ8ej+LmtcTxaRX4NWI0Uag5Vg1p5MYg8BnlhXIdPHDow+vTWZvVMVttXDLqkTzZdPj6Qii6cP1cSvIdl3iQkNYyi9HH0I22y+93tY3DcQkTZgQtM+POoCr8x97eylkmtrgKuztrvXJ21x/aNKuqIkZ/fntRfCdcTfhUTAIhRzoDojJD0aSNLLwMzmpT7+JaLtyf1MwDo6qz9djFaUq3t9MlFmy/c1OCSceY9fMsVaL9mvH9ocXdkdWxv1scAePG0THAhMOaLdOw/Gvxfxb1w4eCapyIENUcV5M3/u8FitAxZ25P6GAHT3UX39Srw+QOb1ZffA98Dl2Wy1BYkAAAAAElFTkSuQmCC");
+      background-repeat: no-repeat;
+      background-position: right 5px center;
+      background-size: 16px;
    }
+  }
+}

-    &.active {
-      border-color: $border-gray-light;
-      background-color: $gray-light;
-
-      &:hover {
-        background-color: #dce0e5;
-      }
+.emoji-menu-list {
+  list-style: none;
+  padding-left: 0;
+  margin-bottom: 0;
+}

-      .counter {
-        font-weight: bold;
-      }
-    }
+.emoji-menu-list-item {
+  padding: 3px;
+  margin-left: 1px;
+  margin-right: 1px;
+}

-    .icon {
-      float: left;
-      margin-right: 10px;
-    }
+.emoji-menu-btn {
+  display: block;
+  cursor: pointer;
+  width: 30px;
+  height: 30px;
+  padding: 0;
+  background: none;
+  border: 0;
+  border-radius: $border-radius-base;
+  transition: transform .15s cubic-bezier(.3, 0, .2, 2);
+
+  &:hover {
+    background-color: transparent;
+    outline: 0;
+    transform: scale(1.3);
+  }

-    .counter {
-      float: left;
-    }
+  &:focus,
+  &:active {
+    outline: 0;
  }

-  .awards-controls {
+  .emoji-icon {
+    display: inline-block;
    position: relative;
-    margin-left: 10px;
-    float: left;
+    top: 3px;
+  }
+}

-    .add-award {
-      font-size: 24px;
-      color: $gl-gray;
-      position: relative;
-      top: 2px;
+.award-menu-holder {
+  display: inline-block;
+  position: relative;
+}

-      &:hover,
-      &:link {
-        text-decoration: none;
-      }
-    }
+.award-control {
+  margin-right: 5px;
+  padding-left: 5px;
+  padding-right: 5px;
+  line-height: 20px;
+  outline: 0;
+
+  &.active,
+  &:active {
+    background-color: $white-dark;
+    box-shadow: none;
+    outline: 0;
+  }

-    .emoji-menu{
-      position: absolute;
-      top: 100%;
-      left: 0;
-      z-index: 1000;
+  &.is-loading {
+    .award-control-icon {
      display: none;
-      float: left;
-      min-width: 160px;
-      padding: 5px 0;
-      margin: 2px 0 0;
-      font-size: 14px;
-      text-align: left;
-      list-style: none;
-      background-color: #fff;
-      -webkit-background-clip: padding-box;
-      background-clip: padding-box;
-      border: 1px solid #ccc;
-      border: 1px solid rgba(0,0,0,.15);
-      border-radius: 4px;
-      -webkit-box-shadow: 0 6px 12px rgba(0,0,0,.175);
-      box-shadow: 0 6px 12px rgba(0,0,0,.175);
-
-      .emoji-menu-content {
-        padding: $gl-padding;
-        width: 300px;
-        height: 300px;
-        overflow-y: scroll;
-
-        h5 {
-          clear: left;
-        }
-
-        ul {
-          list-style-type: none;
-          margin-left: -20px;
-          margin-bottom: 20px;
-          overflow: auto;
-        }
-
-        input.emoji-search{
-          background: image-url("icon-search.png") 240px no-repeat;
-        }
-
-        li {
-          cursor: pointer;
-          width: 30px;
-          height: 30px;
-          text-align: center;
-          float: left;
-          margin: 3px;
-          list-decorate: none;
-          @include border-radius(5px);
-
-          &:hover {
-            background-color: #ccc;
-          }
-        }
-      }
    }
+
+    .award-control-icon-loading {
+      display: block;
+    }
+  }
+
+  .icon,
+  .award-control-icon {
+    float: left;
+    margin-right: 5px;
+    font-size: 20px;
+  }
+
+  .award-control-icon-loading {
+    display: none;
+  }
+
+  .award-control-icon {
+    color: $award-emoji-new-btn-icon-color;
  }
 }
--- a/app/assets/stylesheets/pages/builds.scss
+++ b/app/assets/stylesheets/pages/builds.scss
@@ -27,10 +27,25 @@
  }

  .scroll-controls {
-    position: fixed;
-    bottom: 10px;
-    left: 250px;
-    z-index: 100;
+    &.affix-top {
+      position: absolute;
+      top: 10px;
+      right: 25px;
+    }
+
+    &.affix-bottom {
+      position: absolute;
+      right: 25px;
+    }
+
+    &.affix {
+      right: 30px;
+      bottom: 15px;
+
+      @media (min-width: $screen-md-min) {
+        right: 26%;
+      }
+    }

    a {
      display: block;

--- a/app/assets/stylesheets/pages/commit.scss
+++ b/app/assets/stylesheets/pages/commit.scss
@@ -90,6 +90,7 @@
  position: relative;
  font-family: $monospace_font;
  $left: 12px;
+  overflow: hidden; // See https://gitlab.com/gitlab-org/gitlab-ce/issues/13987
  .max-width-marker {
    width: 72ch;
    color: rgba(0, 0, 0, 0.0);

--- a/app/assets/stylesheets/pages/labels.scss
+++ b/app/assets/stylesheets/pages/labels.scss
@@ -7,6 +7,28 @@
    display: inline-block;
    margin-right: 10px;
  }
+
+  &.suggest-colors-dropdown {
+    margin-bottom: 5px;
+
+    a {
+      @include border-radius(0);
+      width: 36.7px;
+      margin-right: 0;
+      margin-bottom: -5px;
+    }
+  }
+}
+
+.dropdown-label-color-preview {
+  display: none;
+  margin-top: 5px;
+  width: 100%;
+  height: 25px;
+
+  &.is-active {
+    display: block;
+  }
 }

 .label-row {
@@ -19,3 +41,7 @@
 .color-label {
  padding: 3px 4px;
 }
+
+.label-subscription {
+  display: inline-block;
+}
--- a/app/assets/stylesheets/pages/profile.scss
+++ b/app/assets/stylesheets/pages/profile.scss
-.account-page {
-  fieldset {
-    margin-bottom: 15px;
-    padding-bottom: 15px;
+.profile-avatar-form-option {
+  hr {
+    margin: 10px 0;
  }
 }

@@ -20,7 +19,7 @@

 .account-btn-link,
 .profile-settings-sidebar a {
-  color: $profile-settings-link-color;
+  color: $md-link-color;
 }

 .oauth-buttons {
@@ -110,42 +109,6 @@
  }
 }

-.modal-profile-crop {
-  .modal-dialog {
-    width: 500px;
-  }
-
-  .modal-body {
-    p {
-      display: table;
-      margin: auto;
-      overflow: hidden;
-    }
-
-    img {
-      display: block;
-      max-width: 400px;
-      max-height: 400px;
-    }
-
-    .cropper-bg {
-      background: none;
-    }
-
-    .cropper-crop-box {
-      box-sizing: content-box;
-      border: 999px solid transparentize(#ccc, 0.5);
-      @include transform(translate(-999px, -999px));
-    }
-  }
-}
-
-@media (max-width: 520px) {
-  .modal-profile-crop .modal-dialog {
-    width: auto;
-  }
-}
-
 .key-list-item {
  .key-list-item-info {
    @media (min-width: $screen-sm-min) {
@@ -172,6 +135,65 @@

 .profile-settings-content {
  a {
-    color: $profile-settings-link-color;
+    color: $md-link-color;
+  }
+}
+
+.change-username-title {
+  color: $gl-warning;
+}
+
+.remove-account-title {
+  color: $gl-danger;
+}
+
+.provider-btn-group {
+  display: inline-block;
+  margin-right: 10px;
+  border: 1px solid $provider-btn-group-border;
+  border-radius: 3px;
+
+  &:last-child {
+    margin-right: 0;
+  }
+}
+
+.provider-btn-image {
+  display: inline-block;
+  padding: 5px 10px;
+  border-right: 1px solid $provider-btn-group-border;
+
+  > img {
+    width: 20px;
+  }
+}
+
+.provider-btn {
+  display: inline-block;
+  padding: 5px 10px;
+  margin-left: -3px;
+  line-height: 22px;
+  background-color: $gray-light;
+
+  &.not-active {
+    color: $provider-btn-not-active-color;
+  }
+}
+
+.profile-settings-message {
+  line-height: 32px;
+  color: $warning-message-color;
+  background-color: $warning-message-bg;
+  border: 1px solid $warning-message-border;
+  border-radius: $border-radius-base;
+}
+
+.oauth-applications {
+  form {
+    display: inline-block;
+  }
+
+  .last-heading {
+    width: 105px;
  }
 }
--- a/app/assets/stylesheets/pages/snippets.scss
+++ b/app/assets/stylesheets/pages/snippets.scss
@@ -28,3 +28,11 @@
  border: 1px solid;
  line-height: 32px;
 }
+
+.markdown-snippet-copy {
+  position: fixed;
+  top: -10px;
+  left: -10px;
+  max-height: 0;
+  max-width: 0;
+}
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -150,7 +150,7 @@ class Admin::UsersController < Admin::ApplicationController
      :email, :remember_me, :bio, :name, :username,
      :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
-      :projects_limit, :can_create_group, :admin, :key_id
+      :projects_limit, :can_create_group, :admin, :key_id, :external
    )
  end


--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -246,6 +246,8 @@ class ApplicationController < ActionController::Base

  def ldap_security_check
    if current_user && current_user.requires_ldap_check?
+      return unless current_user.try_obtain_ldap_lease
+
      unless Gitlab::LDAP::Access.allowed?(current_user)
        sign_out current_user
        flash[:alert] = "Access denied for your LDAP account."

--- a/app/controllers/concerns/continue_params.rb
+++ b/app/controllers/concerns/continue_params.rb
+module ContinueParams
+  extend ActiveSupport::Concern
+
+  def continue_params
+    continue_params = params[:continue]
+    return nil unless continue_params
+
+    continue_params = continue_params.permit(:to, :notice, :notice_now)
+    return unless continue_params[:to] && continue_params[:to].start_with?('/')
+
+    continue_params
+  end
+end
--- a/app/controllers/concerns/toggle_subscription_action.rb
+++ b/app/controllers/concerns/toggle_subscription_action.rb
+module ToggleSubscriptionAction
+  extend ActiveSupport::Concern
+
+  def toggle_subscription
+    return unless current_user
+
+    subscribable_resource.toggle_subscription(current_user)
+
+    render nothing: true
+  end
+
+  private
+
+  def subscribable_resource
+    raise NotImplementedError
+  end
+end
--- a/app/controllers/dashboard/projects_controller.rb
+++ b/app/controllers/dashboard/projects_controller.rb
@@ -8,7 +8,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
    @projects = filter_projects(@projects)
    @projects = @projects.includes(:namespace)
    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)

    @last_push = current_user.recent_push

@@ -32,7 +32,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
    @projects = filter_projects(@projects)
    @projects = @projects.includes(:namespace, :forked_from_project, :tags)
    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)

    @last_push = current_user.recent_push
    @groups = []

--- a/app/controllers/explore/projects_controller.rb
+++ b/app/controllers/explore/projects_controller.rb
@@ -8,7 +8,7 @@ class Explore::ProjectsController < Explore::ApplicationController
    @projects = @projects.where(visibility_level: params[:visibility_level]) if params[:visibility_level].present?
    @projects = filter_projects(@projects)
    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.includes(:namespace).page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.includes(:namespace).page(params[:page]).per(PER_PAGE)

    respond_to do |format|
      format.html
@@ -23,7 +23,7 @@ class Explore::ProjectsController < Explore::ApplicationController
  def trending
    @projects = TrendingProjectsFinder.new.execute(current_user)
    @projects = filter_projects(@projects)
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)

    respond_to do |format|
      format.html
@@ -39,7 +39,7 @@ class Explore::ProjectsController < Explore::ApplicationController
    @projects = ProjectsFinder.new.execute(current_user)
    @projects = filter_projects(@projects)
    @projects = @projects.reorder('star_count DESC')
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)

    respond_to do |format|
      format.html

--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -15,7 +15,7 @@ class GroupsController < Groups::ApplicationController

  # Load group projects
  before_action :load_projects, except: [:index, :new, :create, :projects, :edit, :update, :autocomplete]
-  before_action :event_filter, only: [:show, :events]
+  before_action :event_filter, only: [:activity]

  layout :determine_layout

@@ -44,6 +44,8 @@ class GroupsController < Groups::ApplicationController
    @projects = @projects.sort(@sort = params[:sort])
    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?

+    @shared_projects = @group.shared_projects
+
    respond_to do |format|
      format.html

@@ -60,8 +62,10 @@ class GroupsController < Groups::ApplicationController
    end
  end

-  def events
+  def activity
    respond_to do |format|
+      format.html
+
      format.json do
        load_events
        pager_json("events/_events", @events.count)
@@ -129,7 +133,7 @@ class GroupsController < Groups::ApplicationController
  end

  def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level)
+    params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level, :share_with_group_lock)
  end

  def load_events

--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,7 +8,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  layout 'profile'

  def index
-    head :forbidden and return
+    set_index_vars
  end

  def create
@@ -20,18 +20,11 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
      redirect_to oauth_application_url(@application)
    else
-      render :new
+      set_index_vars
+      render :index
    end
  end

-  def destroy
-    if @application.destroy
-      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy])
-    end
-
-    redirect_to applications_profile_url
-  end
-
  private

  def verify_user_oauth_applications_enabled
@@ -40,6 +33,17 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
    redirect_to applications_profile_url
  end

+  def set_index_vars
+    @applications = current_user.oauth_applications
+    @authorized_tokens = current_user.oauth_authorized_tokens
+    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
+    @authorized_apps = @authorized_tokens.map(&:application).uniq.reject(&:nil?)
+
+    # Don't overwrite a value possibly set by `create`
+    @application ||= Doorkeeper::Application.new
+  end
+
+  # Override Doorkeeper to scope to the current user
  def set_application
    @application = current_user.oauth_applications.find(params[:id])
  end

--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -8,13 +8,6 @@ class ProfilesController < Profiles::ApplicationController
  def show
  end

-  def applications
-    @applications = current_user.oauth_applications
-    @authorized_tokens = current_user.oauth_authorized_tokens
-    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
-    @authorized_apps = @authorized_tokens.map(&:application).uniq - [nil]
-  end
-
  def update
    user_params.except!(:email) if @user.ldap_user?

@@ -65,9 +58,6 @@ class ProfilesController < Profiles::ApplicationController

  def user_params
    params.require(:user).permit(
-      :avatar_crop_x,
-      :avatar_crop_y,
-      :avatar_crop_size,
      :avatar,
      :bio,
      :email,

--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
 class Projects::ForksController < Projects::ApplicationController
+  include ContinueParams
+
  # Authorize
  before_action :require_non_empty_project
  before_action :authorize_download_code!
@@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController
      render :error
    end
  end
-
-  private
-
-  def continue_params
-    continue_params = params[:continue]
-    if continue_params
-      continue_params.permit(:to, :notice, :notice_now)
-    else
-      nil
-    end
-  end
 end
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
+class Projects::GroupLinksController < Projects::ApplicationController
+  layout 'project_settings'
+  before_action :authorize_admin_project!
+
+  def index
+    @group_links = project.project_group_links.all
+  end
+
+  def create
+    link = project.project_group_links.new
+    link.group_id = params[:link_group_id]
+    link.group_access = params[:link_group_access]
+    link.save
+
+    redirect_to namespace_project_group_links_path(project.namespace, project)
+  end
+
+  def destroy
+    project.project_group_links.find(params[:id]).destroy
+
+    redirect_to namespace_project_group_links_path(project.namespace, project)
+  end
+end
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
 class Projects::ImportsController < Projects::ApplicationController
+  include ContinueParams
+
  # Authorize
  before_action :authorize_admin_project!
  before_action :require_no_repo, only: [:new, :create]
@@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController

  private

-  def continue_params
-    continue_params = params[:continue]
-
-    if continue_params
-      continue_params.permit(:to, :notice, :notice_now)
-    else
-      nil
-    end
-  end
-
  def finished_notice
    if @project.forked?
      'The project was successfully forked.'

--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
 class Projects::IssuesController < Projects::ApplicationController
+  include ToggleSubscriptionAction
+
  before_action :module_enabled
-  before_action :issue, only: [:edit, :update, :show, :toggle_subscription]
+  before_action :issue, only: [:edit, :update, :show]

  # Allow read any issue
  before_action :authorize_read_issue!
@@ -110,12 +112,6 @@ class Projects::IssuesController < Projects::ApplicationController
    redirect_back_or_default(default: { action: 'index' }, options: { notice: "#{result[:count]} issues updated" })
  end

-  def toggle_subscription
-    @issue.toggle_subscription(current_user)
-
-    render nothing: true
-  end
-
  def closed_by_merge_requests
    @closed_by_merge_requests ||= @issue.closed_by_merge_requests(current_user)
  end
@@ -129,6 +125,7 @@ class Projects::IssuesController < Projects::ApplicationController
                 redirect_old
               end
  end
+  alias_method :subscribable_resource, :issue

  def authorize_update_issue!
    return render_404 unless can?(current_user, :update_issue, @issue)

--- a/app/controllers/projects/labels_controller.rb
+++ b/app/controllers/projects/labels_controller.rb
 class Projects::LabelsController < Projects::ApplicationController
+  include ToggleSubscriptionAction
+
  before_action :module_enabled
  before_action :label, only: [:edit, :update, :destroy]
  before_action :authorize_read_label!
-  before_action :authorize_admin_labels!, except: [:index]
+  before_action :authorize_admin_labels!, only: [
+    :new, :create, :edit, :update, :generate, :destroy
+  ]

  respond_to :js, :html

@@ -73,8 +77,9 @@ class Projects::LabelsController < Projects::ApplicationController
  end

  def label
-    @label = @project.labels.find(params[:id])
+    @label ||= @project.labels.find(params[:id])
  end
+  alias_method :subscribable_resource, :label

  def authorize_admin_labels!
    return render_404 unless can?(current_user, :admin_label, @project)

--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
 class Projects::MergeRequestsController < Projects::ApplicationController
+  include ToggleSubscriptionAction
  include DiffHelper

  before_action :module_enabled
  before_action :merge_request, only: [
    :edit, :update, :show, :diffs, :commits, :builds, :merge, :merge_check,
-    :ci_status, :toggle_subscription, :cancel_merge_when_build_succeeds
+    :ci_status, :cancel_merge_when_build_succeeds
  ]
  before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits, :builds]
  before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds]
@@ -233,12 +234,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
    render json: response
  end

-  def toggle_subscription
-    @merge_request.toggle_subscription(current_user)
-
-    render nothing: true
-  end
-
  protected

  def selected_target_project
@@ -252,6 +247,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
  def merge_request
    @merge_request ||= @project.merge_requests.find_by!(iid: params[:id])
  end
+  alias_method :subscribable_resource, :merge_request

  def closes_issues
    @closes_issues ||= @merge_request.closes_issues

--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -27,6 +27,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
    end

    @project_member = @project.project_members.new
+    @project_group_links = @project.project_group_links
  end

  def create

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
 class ProjectsController < ApplicationController
  include ExtractsPath

-  prepend_before_action :render_go_import, only: [:show]
  skip_before_action :authenticate_user!, only: [:show, :activity]
  before_action :project, except: [:new, :create]
  before_action :repository, except: [:new, :create]
@@ -173,10 +172,15 @@ class ProjectsController < ApplicationController
  def housekeeping
    ::Projects::HousekeepingService.new(@project).execute

-    respond_to do |format|
-      flash[:notice] = "Housekeeping successfully started."
-      format.html { redirect_to project_path(@project) }
-    end
+    redirect_to(
+      project_path(@project),
+      notice: "Housekeeping successfully started"
+    )
+  rescue ::Projects::HousekeepingService::LeaseTaken => ex
+    redirect_to(
+      edit_project_path(@project),
+      alert: ex.to_s
+    )
  end

  def toggle_star
@@ -242,16 +246,6 @@ class ProjectsController < ApplicationController
    end
  end

-  def render_go_import
-    return unless params["go-get"] == "1"
-
-    @namespace = params[:namespace_id]
-    @id = params[:project_id] || params[:id]
-    @id = @id.gsub(/\.git\Z/, "")
-
-    render "go_import", layout: false
-  end
-
  def repo_exists?
    project.repository_exists? && !project.empty_repo?
  end

--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -244,10 +244,17 @@ class IssuableFinder
    items
  end

+  def filter_by_upcoming_milestone?
+    params[:milestone_title] == '#upcoming'
+  end
+
  def by_milestone(items)
    if milestones?
      if filter_by_no_milestone?
        items = items.where(milestone_id: [-1, nil])
+      elsif filter_by_upcoming_milestone?
+        upcoming = Milestone.where(project_id: projects).upcoming
+        items = items.joins(:milestone).where(milestones: { title: upcoming.title })
      else
        items = items.joins(:milestone).where(milestones: { title: params[:milestone_title] })


--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -40,21 +40,26 @@ class ProjectsFinder
  private

  def group_projects(current_user, group)
-    if current_user
-      [
-        group_projects_for_user(current_user, group),
-        group.projects.public_and_internal_only
-      ]
+    return [group.projects.public_only] unless current_user
+
+    user_group_projects = [
+       group_projects_for_user(current_user, group),
+       group.shared_projects.visible_to_user(current_user)
+    ]
+    if current_user.external?
+      user_group_projects << group.projects.public_only
    else
-      [group.projects.public_only]
+      user_group_projects << group.projects.public_and_internal_only
    end
  end

  def all_projects(current_user)
-    if current_user
-      [current_user.authorized_projects, public_and_internal_projects]
+    return [public_projects] unless current_user
+
+    if current_user.external?
+      [current_user.authorized_projects, public_projects]
    else
-      [Project.public_only]
+      [current_user.authorized_projects, public_and_internal_projects]
    end
  end


--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -72,7 +72,7 @@ module ApplicationHelper
    if user_or_email.is_a?(User)
      user = user_or_email
    else
-      user = User.find_by(email: user_or_email.try(:downcase))
+      user = User.find_by_any_email(user_or_email.try(:downcase))
    end

    if user

--- a/app/helpers/ci_status_helper.rb
+++ b/app/helpers/ci_status_helper.rb
@@ -12,9 +12,13 @@ module CiStatusHelper
    ci_label_for_status(ci_commit.status)
  end

-  def ci_status_with_icon(status)
-    content_tag :span, class: "ci-status ci-#{status}" do
-      ci_icon_for_status(status) + '&nbsp;'.html_safe + ci_label_for_status(status)
+  def ci_status_with_icon(status, target = nil)
+    content = ci_icon_for_status(status) + '&nbsp;'.html_safe + ci_label_for_status(status)
+    klass = "ci-status ci-#{status}"
+    if target
+      link_to content, target, class: klass
+    else
+      content_tag :span, content, class: klass
    end
  end

@@ -42,12 +46,12 @@ module CiStatusHelper
    icon(icon_name + ' fw')
  end

-  def render_ci_status(ci_commit)
+  def render_ci_status(ci_commit, tooltip_placement: 'auto left')
    link_to ci_status_icon(ci_commit),
      ci_status_path(ci_commit),
      class: "ci-status-link ci-status-icon-#{ci_commit.status.dasherize}",
      title: "Build #{ci_status_label(ci_commit)}",
-      data: { toggle: 'tooltip', placement: 'left' }
+      data: { toggle: 'tooltip', placement: tooltip_placement }
  end

  def no_runners_for_project?(project)

--- a/app/helpers/dropdowns_helper.rb
+++ b/app/helpers/dropdowns_helper.rb
+module DropdownsHelper
+  def dropdown_tag(toggle_text, options: {}, &block)
+    content_tag :div, class: "dropdown" do
+      data_attr = { toggle: "dropdown" }
+
+      if options.has_key?(:data)
+        data_attr = options[:data].merge(data_attr)
+      end
+
+      dropdown_output = dropdown_toggle(toggle_text, data_attr, options)
+
+      dropdown_output << content_tag(:div, class: "dropdown-menu dropdown-select #{options[:dropdown_class] if options.has_key?(:dropdown_class)}") do
+        output = ""
+
+        if options.has_key?(:title)
+          output << dropdown_title(options[:title])
+        end
+
+        if options.has_key?(:filter)
+          output << dropdown_filter(options[:placeholder])
+        end
+
+        output << content_tag(:div, class: "dropdown-content") do
+          capture(&block) if block && !options.has_key?(:footer_content)
+        end
+
+        if block && options.has_key?(:footer_content)
+          output << content_tag(:div, class: "dropdown-footer") do
+            capture(&block)
+          end
+        end
+
+        output << dropdown_loading
+
+        output.html_safe
+      end
+
+      dropdown_output.html_safe
+    end
+  end
+
+  def dropdown_toggle(toggle_text, data_attr, options)
+    content_tag(:button, class: "dropdown-menu-toggle #{options[:toggle_class] if options.has_key?(:toggle_class)}", id: (options[:id] if options.has_key?(:id)), type: "button", data: data_attr) do
+      output = content_tag(:span, toggle_text, class: "dropdown-toggle-text")
+      output << icon('chevron-down')
+      output.html_safe
+    end
+  end
+
+  def dropdown_title(title, back: false)
+    content_tag :div, class: "dropdown-title" do
+      title_output = ""
+
+      if back
+        title_output << content_tag(:button, class: "dropdown-title-button dropdown-menu-back", aria: { label: "Go back" }, type: "button") do
+          icon('arrow-left')
+        end
+      end
+
+      title_output << content_tag(:span, title)
+
+      title_output << content_tag(:button, class: "dropdown-title-button dropdown-menu-close", aria: { label: "Close" }, type: "button") do
+        icon('times')
+      end
+
+      title_output.html_safe
+    end
+  end
+
+  def dropdown_filter(placeholder)
+    content_tag :div, class: "dropdown-input" do
+      filter_output = search_field_tag nil, nil, class: "dropdown-input-field", placeholder: placeholder
+      filter_output << icon('search')
+
+      filter_output.html_safe
+    end
+  end
+
+  def dropdown_content(&block)
+    content_tag(:div, class: "dropdown-content") do
+      if block
+        capture(&block)
+      end
+    end
+  end
+
+  def dropdown_footer(&block)
+    content_tag(:div, class: "dropdown-footer") do
+      if block
+        capture(&block)
+      end
+    end
+  end
+
+  def dropdown_loading
+    content_tag :div, class: "dropdown-loading" do
+      icon('spinner spin')
+    end
+  end
+end
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -3,7 +3,7 @@ module EventsHelper
    author = event.author

    if author
-      link_to author.name, user_path(author.username)
+      link_to author.name, user_path(author.username), title: h(author.name)
    else
      event.author_name
    end
@@ -159,7 +159,7 @@ module EventsHelper
        link_to(
          namespace_project_commit_path(event.project.namespace, event.project,
                                        event.note_commit_id,
-                                        anchor: dom_id(event.target)),
+                                        anchor: dom_id(event.target), title: h(event.target_title)),
          class: "commit_short_id"
        ) do
          "#{event.note_target_type} #{event.note_short_commit_id}"
@@ -167,7 +167,7 @@ module EventsHelper
      elsif event.note_project_snippet?
        link_to(namespace_project_snippet_path(event.project.namespace,
                                               event.project,
-                                               event.note_target)) do
+                                               event.note_target), title: h(event.project.name)) do
          "#{event.note_target_type} #{truncate event.note_target.to_reference}"
        end
      else

--- a/app/helpers/issuables_helper.rb
+++ b/app/helpers/issuables_helper.rb
@@ -31,7 +31,11 @@ module IssuablesHelper
  end

  def issuable_state_scope(issuable)
-    issuable.open? ? :opened : :closed
+    if issuable.respond_to?(:merged?) && issuable.merged?
+      :merged
+    else
+      issuable.open? ? :opened : :closed
+    end
  end

 end
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -124,6 +124,14 @@ module LabelsHelper
    options_from_collection_for_select(grouped_labels, 'name', 'title', params[:label_name])
  end

+  def label_subscription_status(label)
+    label.subscribed?(current_user) ? 'subscribed' : 'unsubscribed'
+  end
+
+  def label_subscription_toggle_button_text(label)
+    label.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe'
+  end
+
  # Required for Banzai::Filter::LabelReferenceFilter
  module_function :render_colored_label, :render_colored_cross_project_label,
                  :text_color_for_bg, :escape_once

--- a/app/helpers/milestones_helper.rb
+++ b/app/helpers/milestones_helper.rb
@@ -59,6 +59,7 @@ module MilestonesHelper
    grouped_milestones = grouped_milestones.sort_by { |x| x.due_date.nil? ? epoch : x.due_date }
    grouped_milestones.unshift(Milestone::None)
    grouped_milestones.unshift(Milestone::Any)
+    grouped_milestones.unshift(Milestone::Upcoming)

    options_from_collection_for_select(grouped_milestones, 'name', 'title', params[:milestone_title])
  end

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -8,7 +8,7 @@ module ProjectsHelper
  end

  def link_to_project(project)
-    link_to [project.namespace.becomes(Namespace), project] do
+    link_to [project.namespace.becomes(Namespace), project], title: h(project.name) do
      title = content_tag(:span, project.name, class: 'project-name')

      if project.namespace

--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -40,7 +40,7 @@ module SearchHelper
      { label: "help: Rake Tasks Help",    url: help_page_path("raketasks", "README") },
      { label: "help: SSH Keys Help",      url: help_page_path("ssh", "README") },
      { label: "help: System Hooks Help",  url: help_page_path("system_hooks", "system_hooks") },
-      { label: "help: Web Hooks Help",     url: help_page_path("web_hooks", "web_hooks") },
+      { label: "help: Webhooks Help",      url: help_page_path("web_hooks", "web_hooks") },
      { label: "help: Workflow Help",      url: help_page_path("workflow", "README") },
    ]
  end

--- a/app/helpers/todos_helper.rb
+++ b/app/helpers/todos_helper.rb
@@ -16,7 +16,7 @@ module TodosHelper

  def todo_target_link(todo)
    target = todo.target_type.titleize.downcase
-    link_to "#{target} #{todo.target.to_reference}", todo_target_path(todo)
+    link_to "#{target} #{todo.target.to_reference}", todo_target_path(todo), { title: h(todo.target.title) }
  end

  def todo_target_path(todo)

--- a/app/mailers/emails/issues.rb
+++ b/app/mailers/emails/issues.rb
@@ -16,7 +16,15 @@ module Emails
    def closed_issue_email(recipient_id, issue_id, updated_by_user_id)
      setup_issue_mail(issue_id, recipient_id)

-      @updated_by = User.find updated_by_user_id
+      @updated_by = User.find(updated_by_user_id)
+      mail_answer_thread(@issue, issue_thread_options(updated_by_user_id, recipient_id))
+    end
+
+    def relabeled_issue_email(recipient_id, issue_id, label_names, updated_by_user_id)
+      setup_issue_mail(issue_id, recipient_id)
+
+      @label_names = label_names
+      @labels_url = namespace_project_labels_url(@project.namespace, @project)
      mail_answer_thread(@issue, issue_thread_options(updated_by_user_id, recipient_id))
    end

@@ -24,20 +32,12 @@ module Emails
      setup_issue_mail(issue_id, recipient_id)

      @issue_status = status
-      @updated_by = User.find updated_by_user_id
+      @updated_by = User.find(updated_by_user_id)
      mail_answer_thread(@issue, issue_thread_options(updated_by_user_id, recipient_id))
    end

    private

-    def issue_thread_options(sender_id, recipient_id)
-      {
-        from: sender(sender_id),
-        to: recipient(recipient_id),
-        subject: subject("#{@issue.title} (##{@issue.iid})")
-      }
-    end
-
    def setup_issue_mail(issue_id, recipient_id)
      @issue = Issue.find(issue_id)
      @project = @issue.project
@@ -45,5 +45,13 @@ module Emails

      @sent_notification = SentNotification.record(@issue, recipient_id, reply_key)
    end
+
+    def issue_thread_options(sender_id, recipient_id)
+      {
+        from: sender(sender_id),
+        to: recipient(recipient_id),
+        subject: subject("#{@issue.title} (##{@issue.iid})")
+      }
+    end
  end
 end
--- a/app/mailers/emails/merge_requests.rb
+++ b/app/mailers/emails/merge_requests.rb
@@ -3,50 +3,43 @@ module Emails
    def new_merge_request_email(recipient_id, merge_request_id)
      setup_merge_request_mail(merge_request_id, recipient_id)

-      mail_new_thread(@merge_request,
-                      from: sender(@merge_request.author_id),
-                      to: recipient(recipient_id),
-                      subject: subject("#{@merge_request.title} (##{@merge_request.iid})"))
+      mail_new_thread(@merge_request, merge_request_thread_options(@merge_request.author_id, recipient_id))
    end

    def reassigned_merge_request_email(recipient_id, merge_request_id, previous_assignee_id, updated_by_user_id)
      setup_merge_request_mail(merge_request_id, recipient_id)

      @previous_assignee = User.find_by(id: previous_assignee_id) if previous_assignee_id
-      mail_answer_thread(@merge_request,
-                         from: sender(updated_by_user_id),
-                         to: recipient(recipient_id),
-                         subject: subject("#{@merge_request.title} (##{@merge_request.iid})"))
+      mail_answer_thread(@merge_request, merge_request_thread_options(updated_by_user_id, recipient_id))
+    end
+
+    def relabeled_merge_request_email(recipient_id, merge_request_id, label_names, updated_by_user_id)
+      setup_merge_request_mail(merge_request_id, recipient_id)
+
+      @label_names = label_names
+      @labels_url = namespace_project_labels_url(@project.namespace, @project)
+      mail_answer_thread(@merge_request, merge_request_thread_options(updated_by_user_id, recipient_id))
    end

    def closed_merge_request_email(recipient_id, merge_request_id, updated_by_user_id)
      setup_merge_request_mail(merge_request_id, recipient_id)

-      @updated_by = User.find updated_by_user_id
-      mail_answer_thread(@merge_request,
-                         from: sender(updated_by_user_id),
-                         to: recipient(recipient_id),
-                         subject: subject("#{@merge_request.title} (##{@merge_request.iid})"))
+      @updated_by = User.find(updated_by_user_id)
+      mail_answer_thread(@merge_request, merge_request_thread_options(updated_by_user_id, recipient_id))
    end

    def merged_merge_request_email(recipient_id, merge_request_id, updated_by_user_id)
      setup_merge_request_mail(merge_request_id, recipient_id)

-      mail_answer_thread(@merge_request,
-                         from: sender(updated_by_user_id),
-                         to: recipient(recipient_id),
-                         subject: subject("#{@merge_request.title} (##{@merge_request.iid})"))
+      mail_answer_thread(@merge_request, merge_request_thread_options(updated_by_user_id, recipient_id))
    end

    def merge_request_status_email(recipient_id, merge_request_id, status, updated_by_user_id)
      setup_merge_request_mail(merge_request_id, recipient_id)

      @mr_status = status
-      @updated_by = User.find updated_by_user_id
-      mail_answer_thread(@merge_request,
-                         from: sender(updated_by_user_id),
-                         to: recipient(recipient_id),
-                         subject: subject("#{@merge_request.title} (##{@merge_request.iid})"))
+      @updated_by = User.find(updated_by_user_id)
+      mail_answer_thread(@merge_request, merge_request_thread_options(updated_by_user_id, recipient_id))
    end

    private
@@ -54,11 +47,17 @@ module Emails
    def setup_merge_request_mail(merge_request_id, recipient_id)
      @merge_request = MergeRequest.find(merge_request_id)
      @project = @merge_request.project
-      @target_url = namespace_project_merge_request_url(@project.namespace,
-                                                        @project,
-                                                        @merge_request)
+      @target_url = namespace_project_merge_request_url(@project.namespace, @project, @merge_request)

      @sent_notification = SentNotification.record(@merge_request, recipient_id, reply_key)
    end
+
+    def merge_request_thread_options(sender_id, recipient_id)
+      {
+        from: sender(sender_id),
+        to: recipient(recipient_id),
+        subject: subject("#{@merge_request.title} (##{@merge_request.iid})")
+      }
+    end
  end
 end
--- a/app/mailers/emails/profile.rb
+++ b/app/mailers/emails/profile.rb
@@ -14,7 +14,10 @@ module Emails
    end

    def new_ssh_key_email(key_id)
-      @key = Key.find(key_id)
+      @key = Key.find_by_id(key_id)
+
+      return unless @key
+
      @current_user = @user = @key.user
      @target_url = user_url(@user)
      mail(to: @user.notification_email, subject: subject("SSH key was added to your account"))

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -109,23 +109,10 @@ class Ability
      key = "/user/#{user.id}/project/#{project.id}"

      RequestStore.store[key] ||= begin
-        team = project.team
+        # Push abilities on the users team role
+        rules.push(*project_team_rules(project.team, user))

-        # Rules based on role in project
-        if team.master?(user)
-          rules.push(*project_master_rules)
-
-        elsif team.developer?(user)
-          rules.push(*project_dev_rules)
-
-        elsif team.reporter?(user)
-          rules.push(*project_report_rules)
-
-        elsif team.guest?(user)
-          rules.push(*project_guest_rules)
-        end
-
-        if project.public? || project.internal?
+        if project.public? || (project.internal? && !user.external?)
          rules.push(*public_project_rules)

          # Allow to read builds for internal projects
@@ -148,6 +135,19 @@ class Ability
      end
    end

+    def project_team_rules(team, user)
+      # Rules based on role in project
+      if team.master?(user)
+        project_master_rules
+      elsif team.developer?(user)
+        project_dev_rules
+      elsif team.reporter?(user)
+        project_report_rules
+      elsif team.guest?(user)
+        project_guest_rules
+      end
+    end
+
    def public_project_rules
      @public_project_rules ||= project_guest_rules + [
        :download_code,
@@ -360,7 +360,7 @@ class Ability
        ]
      end

-      if snippet.public? || snippet.internal?
+      if snippet.public? || (snippet.internal? && !user.external?)
        rules << :read_personal_snippet
      end


--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -37,8 +37,6 @@

 module Ci
  class Build < CommitStatus
-    include Gitlab::Application.routes.url_helpers
-
    LAZY_ATTRIBUTES = ['trace']

    belongs_to :runner, class_name: 'Ci::Runner'
@@ -128,7 +126,7 @@ module Ci
    end

    def retried?
-      !self.commit.latest_builds_for_ref(self.ref).include?(self)
+      !self.commit.latest_statuses_for_ref(self.ref).include?(self)
    end

    def depends_on_builds
@@ -309,22 +307,6 @@ module Ci
      project.valid_runners_token? token
    end

-    def target_url
-      namespace_project_build_url(project.namespace, project, self)
-    end
-
-    def cancel_url
-      if active?
-        cancel_namespace_project_build_path(project.namespace, project, self)
-      end
-    end
-
-    def retry_url
-      if retryable?
-        retry_namespace_project_build_path(project.namespace, project, self)
-      end
-    end
-
    def can_be_served?(runner)
      (tag_list - runner.tag_list).empty?
    end
@@ -333,7 +315,7 @@ module Ci
      project.any_runners? { |runner| runner.active? && runner.online? && can_be_served?(runner) }
    end

-    def show_warning?
+    def stuck?
      pending? && !any_runners_online?
    end

@@ -348,18 +330,6 @@ module Ci
      artifacts_file.exists?
    end

-    def artifacts_download_url
-      if artifacts?
-        download_namespace_project_build_artifacts_path(project.namespace, project, self)
-      end
-    end
-
-    def artifacts_browse_url
-      if artifacts_metadata?
-        browse_namespace_project_build_artifacts_path(project.namespace, project, self)
-      end
-    end
-
    def artifacts_metadata?
      artifacts? && artifacts_metadata.exists?
    end

--- a/app/models/ci/commit.rb
+++ b/app/models/ci/commit.rb
@@ -25,8 +25,6 @@ module Ci
    has_many :builds, class_name: 'Ci::Build'
    has_many :trigger_requests, dependent: :destroy, class_name: 'Ci::TriggerRequest'

-    scope :ordered, -> { order('CASE WHEN ci_commits.committed_at IS NULL THEN 0 ELSE 1 END', :committed_at, :id) }
-
    validates_presence_of :sha
    validate :valid_commit_sha

@@ -42,16 +40,6 @@ module Ci
      project.id
    end

-    def last_build
-      builds.order(:id).last
-    end
-
-    def retry
-      latest_builds.each do |build|
-        Ci::Build.retry(build)
-      end
-    end
-
    def valid_commit_sha
      if self.sha == Gitlab::Git::BLANK_SHA
        self.errors.add(:sha, " cant be 00000000 (branch removal)")
@@ -121,12 +109,14 @@ module Ci
      @latest_statuses ||= statuses.latest.to_a
    end

-    def latest_builds
-      @latest_builds ||= builds.latest.to_a
+    def latest_statuses_for_ref(ref)
+      latest_statuses.select { |status| status.ref == ref }
    end

-    def latest_builds_for_ref(ref)
-      latest_builds.select { |build| build.ref == ref }
+    def matrix_builds(build = nil)
+      matrix_builds = builds.latest.ordered
+      matrix_builds = matrix_builds.similar(build) if build
+      matrix_builds.to_a
    end

    def retried
@@ -170,7 +160,7 @@ module Ci
    end

    def duration
-      duration_array = latest_statuses.map(&:duration).compact
+      duration_array = statuses.map(&:duration).compact
      duration_array.reduce(:+).to_i
    end

@@ -183,16 +173,12 @@ module Ci
    end

    def coverage
-      coverage_array = latest_builds.map(&:coverage).compact
+      coverage_array = latest_statuses.map(&:coverage).compact
      if coverage_array.size >= 1
        '%.2f' % (coverage_array.reduce(:+) / coverage_array.size)
      end
    end

-    def matrix_for_ref?(ref)
-      latest_builds_for_ref(ref).size > 1
-    end
-
    def config_processor
      return nil unless ci_yaml_file
      @config_processor ||= Ci::GitlabCiYamlProcessor.new(ci_yaml_file, project.path_with_namespace)
@@ -218,10 +204,6 @@ module Ci
      git_commit_message =~ /(\[ci skip\])/ if git_commit_message
    end

-    def update_committed!
-      update!(committed_at: DateTime.now)
-    end
-
    private

    def save_yaml_error(error)

--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -23,7 +23,7 @@ module Ci

    LAST_CONTACT_TIME = 5.minutes.ago
    AVAILABLE_SCOPES = ['specific', 'shared', 'active', 'paused', 'online']
-    
+
    has_many :builds, class_name: 'Ci::Build'
    has_many :runner_projects, dependent: :destroy, class_name: 'Ci::RunnerProject'
    has_many :projects, through: :runner_projects, class_name: '::Project', foreign_key: :gl_project_id
@@ -46,9 +46,23 @@ module Ci

    acts_as_taggable

+    # Searches for runners matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # This method performs a *partial* match on tokens, thus a query for "a"
+    # will match any runner where the token contains the letter "a". As a result
+    # you should *not* use this method for non-admin purposes as otherwise users
+    # might be able to query a list of all runners.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def self.search(query)
-      where('LOWER(ci_runners.token) LIKE :query OR LOWER(ci_runners.description) like :query',
-            query: "%#{query.try(:downcase)}%")
+      t = arel_table
+      pattern = "%#{query}%"
+
+      where(t[:token].matches(pattern).or(t[:description].matches(pattern)))
    end

    def set_default_values

--- a/app/models/commit_status.rb
+++ b/app/models/commit_status.rb
@@ -125,23 +125,7 @@ class CommitStatus < ActiveRecord::Base
    end
  end

-  def cancel_url
-    nil
-  end
-
-  def retry_url
-    nil
-  end
-
-  def show_warning?
+  def stuck?
    false
  end
-
-  def artifacts_download_url
-    nil
-  end
-
-  def artifacts_browse_url
-    nil
-  end
 end
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -8,6 +8,7 @@ module Issuable
  extend ActiveSupport::Concern
  include Participable
  include Mentionable
+  include Subscribable
  include StripAttribute

  included do
@@ -18,7 +19,6 @@ module Issuable
    has_many :notes, as: :noteable, dependent: :destroy
    has_many :label_links, as: :target, dependent: :destroy
    has_many :labels, through: :label_links
-    has_many :subscriptions, dependent: :destroy, as: :subscribable

    validates :author, presence: true
    validates :title, presence: true, length: { within: 0..255 }
@@ -61,12 +61,29 @@ module Issuable
  end

  module ClassMethods
+    # Searches for records with a matching title.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      where("LOWER(title) like :query", query: "%#{query.downcase}%")
+      where(arel_table[:title].matches("%#{query}%"))
    end

+    # Searches for records with a matching title or description.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def full_search(query)
-      where("LOWER(title) like :query OR LOWER(description) like :query", query: "%#{query.downcase}%")
+      t = arel_table
+      pattern = "%#{query}%"
+
+      where(t[:title].matches(pattern).or(t[:description].matches(pattern)))
    end

    def sort(method)
@@ -132,28 +149,10 @@ module Issuable
    notes.awards.where(note: "thumbsup").count
  end

-  def subscribed?(user)
-    subscription = subscriptions.find_by_user_id(user.id)
-
-    if subscription
-      return subscription.subscribed
-    end
-
+  def subscribed_without_subscriptions?(user)
    participants(user).include?(user)
  end

-  def toggle_subscription(user)
-    subscriptions.
-      find_or_initialize_by(user_id: user.id).
-      update(subscribed: !subscribed?(user))
-  end
-
-  def unsubscribe(user)
-    subscriptions.
-      find_or_initialize_by(user_id: user.id).
-      update(subscribed: false)
-  end
-
  def to_hook_data(user)
    hook_data = {
      object_kind: self.class.name.underscore,

--- a/app/models/concerns/subscribable.rb
+++ b/app/models/concerns/subscribable.rb
+# == Subscribable concern
+#
+# Users can subscribe to these models.
+#
+# Used by Issue, MergeRequest, Label
+#
+
+module Subscribable
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :subscriptions, dependent: :destroy, as: :subscribable
+  end
+
+  def subscribed?(user)
+    if subscription = subscriptions.find_by_user_id(user.id)
+      subscription.subscribed
+    else
+      subscribed_without_subscriptions?(user)
+    end
+  end
+
+  # Override this method to define custom logic to consider a subscribable as
+  # subscribed without an explicit subscription record.
+  def subscribed_without_subscriptions?(user)
+    false
+  end
+
+  def subscribers
+    subscriptions.where(subscribed: true).map(&:user)
+  end
+
+  def toggle_subscription(user)
+    subscriptions.
+      find_or_initialize_by(user_id: user.id).
+      update(subscribed: !subscribed?(user))
+  end
+
+  def unsubscribe(user)
+    subscriptions.
+      find_or_initialize_by(user_id: user.id).
+      update(subscribed: false)
+  end
+end
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -25,6 +25,8 @@ class Group < Namespace
  has_many :group_members, dependent: :destroy, as: :source, class_name: 'GroupMember'
  alias_method :members, :group_members
  has_many :users, through: :group_members
+  has_many :project_group_links, dependent: :destroy
+  has_many :shared_projects, through: :project_group_links, source: :project

  validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
@@ -35,8 +37,18 @@ class Group < Namespace
  after_destroy :post_destroy_hook

  class << self
+    # Searches for groups matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      where("LOWER(namespaces.name) LIKE :query or LOWER(namespaces.path) LIKE :query", query: "%#{query.downcase}%")
+      table   = Namespace.arel_table
+      pattern = "%#{query}%"
+
+      where(table[:name].matches(pattern).or(table[:path].matches(pattern)))
    end

    def sort(method)

--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -16,6 +16,7 @@
 require 'digest/md5'

 class Key < ActiveRecord::Base
+  include AfterCommitQueue
  include Sortable

  belongs_to :user
@@ -62,7 +63,7 @@ class Key < ActiveRecord::Base
  end

  def notify_user
-    NotificationService.new.new_key(self)
+    run_after_commit { NotificationService.new.new_key(self) }
  end

  def post_create_hook

--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -14,6 +14,8 @@

 class Label < ActiveRecord::Base
  include Referable
+  include Subscribable
+
  # Represents a "No Label" state used for filtering Issues and Merge
  # Requests that have no label assigned.
  LabelStruct = Struct.new(:title, :name)

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -135,7 +135,6 @@ class MergeRequest < ActiveRecord::Base
  scope :by_branch, ->(branch_name) { where("(source_branch LIKE :branch) OR (target_branch LIKE :branch)", branch: branch_name) }
  scope :cared, ->(user) { where('assignee_id = :user OR author_id = :user', user: user.id) }
  scope :by_milestone, ->(milestone) { where(milestone_id: milestone) }
-  scope :in_projects, ->(project_ids) { where("source_project_id in (:project_ids) OR target_project_id in (:project_ids)", project_ids: project_ids) }
  scope :of_projects, ->(ids) { where(target_project_id: ids) }
  scope :merged, -> { with_state(:merged) }
  scope :closed_and_merged, -> { with_states(:closed, :merged) }
@@ -161,6 +160,24 @@ class MergeRequest < ActiveRecord::Base
    super("merge_requests", /(?<merge_request>\d+)/)
  end

+  # Returns all the merge requests from an ActiveRecord:Relation.
+  #
+  # This method uses a UNION as it usually operates on the result of
+  # ProjectsFinder#execute. PostgreSQL in particular doesn't always like queries
+  # using multiple sub-queries especially when combined with an OR statement.
+  # UNIONs on the other hand perform much better in these cases.
+  #
+  # relation - An ActiveRecord::Relation that returns a list of Projects.
+  #
+  # Returns an ActiveRecord::Relation.
+  def self.in_projects(relation)
+    source = where(source_project_id: relation).select(:id)
+    target = where(target_project_id: relation).select(:id)
+    union  = Gitlab::SQL::Union.new([source, target])
+
+    where("merge_requests.id IN (#{union.to_sql})")
+  end
+
  def to_reference(from_project = nil)
    reference = "#{self.class.reference_prefix}#{iid}"


--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -19,6 +19,7 @@ class Milestone < ActiveRecord::Base
  MilestoneStruct = Struct.new(:title, :name, :id)
  None = MilestoneStruct.new('No Milestone', 'No Milestone', 0)
  Any = MilestoneStruct.new('Any Milestone', '', -1)
+  Upcoming = MilestoneStruct.new('Upcoming', '#upcoming', -2)

  include InternalId
  include Sortable
@@ -58,9 +59,18 @@ class Milestone < ActiveRecord::Base
  alias_attribute :name, :title

  class << self
+    # Searches for milestones matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      query = "%#{query}%"
-      where("title like ? or description like ?", query, query)
+      t = arel_table
+      pattern = "%#{query}%"
+
+      where(t[:title].matches(pattern).or(t[:description].matches(pattern)))
    end
  end

@@ -72,6 +82,10 @@ class Milestone < ActiveRecord::Base
    super("milestones", /(?<milestone>\d+)/)
  end

+  def self.upcoming
+    self.where('due_date > ?', Time.now).order(due_date: :asc).first
+  end
+
  def to_reference(from_project = nil)
    escaped_title = self.title.gsub("]", "\\]")


--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -52,8 +52,18 @@ class Namespace < ActiveRecord::Base
      find_by("lower(path) = :path OR lower(name) = :path", path: path.downcase)
    end

+    # Searches for namespaces matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation
    def search(query)
-      where("name LIKE :query OR path LIKE :query", query: "%#{query}%")
+      t = arel_table
+      pattern = "%#{query}%"
+
+      where(t[:name].matches(pattern).or(t[:path].matches(pattern)))
    end

    def clean_path(path)

--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -44,6 +44,7 @@ class Note < ActiveRecord::Base
  delegate :name, :email, to: :author, prefix: true

  before_validation :set_award!
+  before_validation :clear_blank_line_code!

  validates :note, :project, presence: true
  validates :note, uniqueness: { scope: [:author, :noteable_type, :noteable_id] }, if: ->(n) { n.is_award }
@@ -63,7 +64,7 @@ class Note < ActiveRecord::Base
  scope :nonawards, ->{ where(is_award: false) }
  scope :for_commit_id, ->(commit_id) { where(noteable_type: "Commit", commit_id: commit_id) }
  scope :inline, ->{ where("line_code IS NOT NULL") }
-  scope :not_inline, ->{ where(line_code: [nil, '']) }
+  scope :not_inline, ->{ where(line_code: nil) }
  scope :system, ->{ where(system: true) }
  scope :user, ->{ where(system: false) }
  scope :common, ->{ where(noteable_type: ["", nil]) }
@@ -105,8 +106,18 @@ class Note < ActiveRecord::Base
      [:discussion, type.try(:underscore), id, line_code].join("-").to_sym
    end

+    # Searches for notes matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String.
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      where("LOWER(note) like :query", query: "%#{query.downcase}%")
+      table   = arel_table
+      pattern = "%#{query}%"
+
+      where(table[:note].matches(pattern))
    end

    def grouped_awards
@@ -162,26 +173,29 @@ class Note < ActiveRecord::Base
    Note.where(noteable_id: noteable_id, noteable_type: noteable_type, line_code: line_code).last.try(:diff)
  end

-  # Check if such line of code exists in merge request diff
-  # If exists - its active discussion
-  # If not - its outdated diff
+  # Check if this note is part of an "active" discussion
+  #
+  # This will always return true for anything except MergeRequest noteables,
+  # which have special logic.
+  #
+  # If the note's current diff cannot be matched in the MergeRequest's current
+  # diff, it's considered inactive.
  def active?
    return true unless self.diff
    return false unless noteable
    return @active if defined?(@active)

-    diffs = noteable.diffs(Commit.max_diff_options)
-    notable_diff = diffs.find { |d| d.new_path == self.diff.new_path }
+    noteable_diff = find_noteable_diff

-    return @active = false if notable_diff.nil?
+    if noteable_diff
+      parsed_lines = Gitlab::Diff::Parser.new.parse(noteable_diff.diff.each_line)

-    parsed_lines = Gitlab::Diff::Parser.new.parse(notable_diff.diff.each_line)
-    # We cannot use ||= because @active may be false
-    @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line }
-  end
+      @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line }
+    else
+      @active = false
+    end

-  def outdated?
-    !active?
+    @active
  end

  def diff_file_index
@@ -365,6 +379,16 @@ class Note < ActiveRecord::Base

  private

+  def clear_blank_line_code!
+    self.line_code = nil if self.line_code.blank?
+  end
+
+  # Find the diff on noteable that matches our own
+  def find_noteable_diff
+    diffs = noteable.diffs(Commit.max_diff_options)
+    diffs.find { |d| d.new_path == self.diff.new_path }
+  end
+
  def awards_supported?
    (for_issue? || for_merge_request?) && !for_diff_line?
  end

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -151,6 +151,8 @@ class Project < ActiveRecord::Base
  has_many :releases, dependent: :destroy
  has_many :lfs_objects_projects, dependent: :destroy
  has_many :lfs_objects, through: :lfs_objects_projects
+  has_many :project_group_links, dependent: :destroy
+  has_many :invited_groups, through: :project_group_links, source: :group
  has_many :todos, dependent: :destroy

  has_one :import_data, dependent: :destroy, class_name: "ProjectImportData"
@@ -250,12 +252,6 @@ class Project < ActiveRecord::Base
      where('projects.last_activity_at < ?', 6.months.ago)
    end

-    def publicish(user)
-      visibility_levels = [Project::PUBLIC]
-      visibility_levels << Project::INTERNAL if user
-      where(visibility_level: visibility_levels)
-    end
-
    def with_push
      joins(:events).where('events.action = ?', Event::PUSHED)
    end
@@ -264,13 +260,38 @@ class Project < ActiveRecord::Base
      joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC')
    end

+    # Searches for a list of projects based on the query given in `query`.
+    #
+    # On PostgreSQL this method uses "ILIKE" to perform a case-insensitive
+    # search. On MySQL a regular "LIKE" is used as it's already
+    # case-insensitive.
+    #
+    # query - The search query as a String.
    def search(query)
-      joins(:namespace).
-        where('LOWER(projects.name) LIKE :query OR
-              LOWER(projects.path) LIKE :query OR
-              LOWER(namespaces.name) LIKE :query OR
-              LOWER(projects.description) LIKE :query',
-              query: "%#{query.try(:downcase)}%")
+      ptable  = arel_table
+      ntable  = Namespace.arel_table
+      pattern = "%#{query}%"
+
+      projects = select(:id).where(
+        ptable[:path].matches(pattern).
+          or(ptable[:name].matches(pattern)).
+          or(ptable[:description].matches(pattern))
+      )
+
+      # We explicitly remove any eager loading clauses as they're:
+      #
+      # 1. Not needed by this query
+      # 2. Combined with .joins(:namespace) lead to all columns from the
+      #    projects & namespaces tables being selected, leading to a SQL error
+      #    due to the columns of all UNION'd queries no longer being the same.
+      namespaces = select(:id).
+        except(:includes).
+        joins(:namespace).
+        where(ntable[:name].matches(pattern))
+
+      union = Gitlab::SQL::Union.new([projects, namespaces])
+
+      where("projects.id IN (#{union.to_sql})")
    end

    def search_by_visibility(level)
@@ -278,7 +299,10 @@ class Project < ActiveRecord::Base
    end

    def search_by_title(query)
-      non_archived.where('LOWER(projects.name) LIKE :query', query: "%#{query.downcase}%")
+      pattern = "%#{query}%"
+      table   = Project.arel_table
+
+      non_archived.where(table[:name].matches(pattern))
    end

    def find_with_namespace(id)
@@ -483,6 +507,7 @@ class Project < ActiveRecord::Base
  end

  def external_issue_tracker
+    return @external_issue_tracker if defined?(@external_issue_tracker)
    @external_issue_tracker ||=
      services.issue_trackers.active.without_defaults.first
  end
@@ -526,11 +551,11 @@ class Project < ActiveRecord::Base
  end

  def ci_services
-    services.select { |service| service.category == :ci }
+    services.where(category: :ci)
  end

  def ci_service
-    @ci_service ||= ci_services.find(&:activated?)
+    @ci_service ||= ci_services.reorder(nil).find_by(active: true)
  end

  def jira_tracker?
@@ -876,6 +901,10 @@ class Project < ActiveRecord::Base
    jira_tracker? && jira_service.active
  end

+  def allowed_to_share_with_group?
+    !namespace.share_with_group_lock
+  end
+
  def ci_commit(sha)
    ci_commits.find_by(sha: sha)
  end
@@ -907,13 +936,13 @@ class Project < ActiveRecord::Base
  end

  def valid_runners_token? token
-    self.runners_token && self.runners_token == token
+    self.runners_token && ActiveSupport::SecurityUtils.variable_size_secure_compare(token, self.runners_token)
  end

  # TODO (ayufan): For now we use runners_token (backward compatibility)
  # In 8.4 every build will have its own individual token valid for time of build
  def valid_build_token? token
-    self.builds_enabled? && self.runners_token && self.runners_token == token
+    self.builds_enabled? && self.runners_token && ActiveSupport::SecurityUtils.variable_size_secure_compare(token, self.runners_token)
  end

  def build_coverage_enabled?

--- a/app/models/project_group_link.rb
+++ b/app/models/project_group_link.rb
+class ProjectGroupLink < ActiveRecord::Base
+  GUEST     = 10
+  REPORTER  = 20
+  DEVELOPER = 30
+  MASTER    = 40
+
+  belongs_to :project
+  belongs_to :group
+
+  validates :project_id, presence: true
+  validates :group_id, presence: true
+  validates :group_id, uniqueness: { scope: [:project_id], message: "already shared with this group" }
+  validates :group_access, presence: true
+  validates :group_access, inclusion: { in: Gitlab::Access.values }, presence: true
+  validate :different_group
+
+  def self.access_options
+    Gitlab::Access.options
+  end
+
+  def self.default_access
+    DEVELOPER
+  end
+
+  def human_access
+    self.class.access_options.key(self.group_access)
+  end
+
+  private 
+
+  def different_group
+    if self.group && self.project && self.project.group == self.group
+      errors.add(:base, "Project cannot be shared with the project it is in.")
+    end
+  end
+end
--- a/app/models/project_services/ci_service.rb
+++ b/app/models/project_services/ci_service.rb
@@ -26,7 +26,7 @@ class CiService < Service
  default_value_for :category, 'ci'

  def valid_token?(token)
-    self.respond_to?(:token) && self.token.present? && self.token == token
+    self.respond_to?(:token) && self.token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare(token, self.token)
  end

  def supported_events

--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -160,7 +160,27 @@ class ProjectTeam
      end
    end

-    access.max
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
+      access << max_invited_level(user_id)
+    end
+
+    access.compact.max
+  end
+
+
+  def max_invited_level(user_id)
+    project.project_group_links.map do |group_link|
+      invited_group = group_link.group
+      access = invited_group.group_members.find_by(user_id: user_id).try(:access_field)
+
+      # If group member has higher access level we should restrict it
+      # to max allowed access level
+      if access && access > group_link.group_access
+        access = group_link.group_access
+      end
+
+      access
+    end.compact.max
  end

  private
@@ -168,6 +188,35 @@ class ProjectTeam
  def fetch_members(level = nil)
    project_members = project.project_members
    group_members = group ? group.group_members : []
+    invited_members = []
+
+    if project.invited_groups.any? && project.allowed_to_share_with_group?
+      project.project_group_links.each do |group_link|
+        invited_group = group_link.group
+        im = invited_group.group_members
+
+        if level
+          int_level = GroupMember.access_level_roles[level.to_s.singularize.titleize]
+
+          # Skip group members if we ask for masters
+          # but max group access is developers
+          next if int_level > group_link.group_access
+
+          # If we ask for developers and max
+          # group access is developers we need to provide
+          # both group master, developers as devs
+          if int_level == group_link.group_access
+            im.where("access_level >= ?)", group_link.group_access)
+          else
+            im.send(level)
+          end
+        end
+
+        invited_members << im
+      end
+
+      invited_members = invited_members.flatten.compact
+    end

    if level
      project_members = project_members.send(level)
@@ -175,6 +224,7 @@ class ProjectTeam
    end

    user_ids = project_members.pluck(:user_id)
+    user_ids.push(*invited_members.map(&:user_id)) if invited_members.any?
    user_ids.push(*group_members.pluck(:user_id)) if group

    User.where(id: user_ids)

--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -113,12 +113,32 @@ class Snippet < ActiveRecord::Base
  end

  class << self
+    # Searches for snippets with a matching title or file name.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String.
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      where('(title LIKE :query OR file_name LIKE :query)', query: "%#{query}%")
+      t = arel_table
+      pattern = "%#{query}%"
+
+      where(t[:title].matches(pattern).or(t[:file_name].matches(pattern)))
    end

+    # Searches for snippets with matching content.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String.
+    #
+    # Returns an ActiveRecord::Relation.
    def search_code(query)
-      where('(content LIKE :query)', query: "%#{query}%")
+      table   = Snippet.arel_table
+      pattern = "%#{query}%"
+
+      where(table[:content].matches(pattern))
    end

    def accessible_to(user)

--- a/app/models/subscription.rb
+++ b/app/models/subscription.rb
@@ -15,7 +15,7 @@ class Subscription < ActiveRecord::Base
  belongs_to :user
  belongs_to :subscribable, polymorphic: true

-  validates :user_id, 
+  validates :user_id,
            uniqueness: { scope: [:subscribable_id, :subscribable_type] },
            presence: true
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -59,6 +59,7 @@
 #  hide_project_limit          :boolean          default(FALSE)
 #  unlock_token                :string
 #  otp_grace_period_started_at :datetime
+#  external                    :boolean           default(FALSE)
 #

 require 'carrierwave/orm/activerecord'
@@ -77,6 +78,7 @@ class User < ActiveRecord::Base
  add_authentication_token_field :authentication_token

  default_value_for :admin, false
+  default_value_for :external, false
  default_value_for :can_create_group, gitlab_config.default_can_create_group
  default_value_for :can_create_team, false
  default_value_for :hide_no_ssh_key, false
@@ -98,9 +100,6 @@ class User < ActiveRecord::Base
  # Virtual attribute for authenticating by either username or email
  attr_accessor :login

-  # Virtual attributes to define avatar cropping
-  attr_accessor :avatar_crop_x, :avatar_crop_y, :avatar_crop_size
-
  #
  # Relations
  #
@@ -166,11 +165,6 @@ class User < ActiveRecord::Base
  validate :owns_public_email, if: ->(user) { user.public_email_changed? }
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }

-  validates :avatar_crop_x, :avatar_crop_y, :avatar_crop_size,
-    numericality: { only_integer: true },
-    presence: true,
-    if: ->(user) { user.avatar? && user.avatar_changed? }
-
  before_validation :generate_password, on: :create
  before_validation :restricted_signup_domains, on: :create
  before_validation :sanitize_attrs
@@ -179,6 +173,7 @@ class User < ActiveRecord::Base

  after_update :update_emails_with_primary_email, if: ->(user) { user.email_changed? }
  before_save :ensure_authentication_token
+  before_save :ensure_external_user_rights
  after_save :ensure_namespace_correct
  after_initialize :set_projects_limit
  after_create :post_create_hook
@@ -226,6 +221,7 @@ class User < ActiveRecord::Base
  # Scopes
  scope :admins, -> { where(admin: true) }
  scope :blocked, -> { with_states(:blocked, :ldap_blocked) }
+  scope :external, -> { where(external: true) }
  scope :active, -> { with_state(:active) }
  scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
  scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
@@ -281,13 +277,29 @@ class User < ActiveRecord::Base
        self.with_two_factor
      when 'wop'
        self.without_projects
+      when 'external'
+        self.external
      else
        self.active
      end
    end

+    # Searches users matching the given query.
+    #
+    # This method uses ILIKE on PostgreSQL and LIKE on MySQL.
+    #
+    # query - The search query as a String
+    #
+    # Returns an ActiveRecord::Relation.
    def search(query)
-      where("lower(name) LIKE :query OR lower(email) LIKE :query OR lower(username) LIKE :query", query: "%#{query.downcase}%")
+      table   = arel_table
+      pattern = "%#{query}%"
+
+      where(
+        table[:name].matches(pattern).
+          or(table[:email].matches(pattern)).
+          or(table[:username].matches(pattern))
+      )
    end

    def by_login(login)
@@ -612,6 +624,13 @@ class User < ActiveRecord::Base
    end
  end

+  def try_obtain_ldap_lease
+    # After obtaining this lease LDAP checks will be blocked for 600 seconds
+    # (10 minutes) for this user.
+    lease = Gitlab::ExclusiveLease.new("user_ldap_check:#{id}", timeout: 600)
+    lease.try_obtain
+  end
+
  def solo_owned_groups
    @solo_owned_groups ||= owned_groups.select do |group|
      group.owners == [self]
@@ -811,7 +830,8 @@ class User < ActiveRecord::Base
  def projects_union
    Gitlab::SQL::Union.new([personal_projects.select(:id),
                            groups_projects.select(:id),
-                            projects.select(:id)])
+                            projects.select(:id),
+                            groups.joins(:shared_projects).select(:project_id)])
  end

  def ci_projects_union
@@ -827,4 +847,11 @@ class User < ActiveRecord::Base
  def send_devise_notification(notification, *args)
    devise_mailer.send(notification, self, *args).deliver_later
  end
+
+  def ensure_external_user_rights
+    return unless self.external?
+
+    self.can_create_group   = false
+    self.projects_limit     = 0
+  end
 end
--- a/app/services/ci/image_for_build_service.rb
+++ b/app/services/ci/image_for_build_service.rb
@@ -3,7 +3,7 @@ module Ci
    def execute(project, opts)
      sha = opts[:sha] || ref_sha(project, opts[:ref])

-      commit = project.ci_commits.ordered.find_by(sha: sha)
+      commit = project.ci_commits.find_by(sha: sha)
      image_name = image_for_commit(commit)

      image_path = Rails.root.join('public/ci', image_name)

--- a/app/services/create_commit_builds_service.rb
+++ b/app/services/create_commit_builds_service.rb
@@ -33,7 +33,6 @@ class CreateCommitBuildsService
    unless commit.skip_ci?
      # Create builds for commit
      tag = Gitlab::Git.tag_ref?(origin_ref)
-      commit.update_committed!
      commit.create_builds(ref, tag, user)
    end


--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -12,7 +12,7 @@ class GitPushService < BaseService
  #  1. Creates the push event
  #  2. Updates merge requests
  #  3. Recognizes cross-references from commit messages
-  #  4. Executes the project's web hooks
+  #  4. Executes the project's webhooks
  #  5. Executes the project's services
  #  6. Checks if the project's main language has changed
  #
@@ -49,6 +49,8 @@ class GitPushService < BaseService
    # Update merge requests that may be affected by this push. A new branch
    # could cause the last commit of a merge request to change.
    update_merge_requests
+
+    perform_housekeeping
  end

  def update_main_language
@@ -73,6 +75,13 @@ class GitPushService < BaseService
    ProjectCacheWorker.perform_async(@project.id)
  end

+  def perform_housekeeping
+    housekeeping = Projects::HousekeepingService.new(@project)
+    housekeeping.increment!
+    housekeeping.execute if housekeeping.needed?
+  rescue Projects::HousekeepingService::LeaseTaken
+  end
+
  def process_default_branch
    @push_commits = project.repository.commits(params[:newrev])

@@ -80,7 +89,7 @@ class GitPushService < BaseService
    project.change_head(branch_name)

    # Set protection on the default branch if configured
-    if (current_application_settings.default_branch_protection != PROTECTION_NONE)
+    if current_application_settings.default_branch_protection != PROTECTION_NONE
      developers_can_push = current_application_settings.default_branch_protection == PROTECTION_DEV_CAN_PUSH ? true : false
      @project.protected_branches.create({ name: @project.default_branch, developers_can_push: developers_can_push })
    end

--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -11,7 +11,10 @@ class IssuableBaseService < BaseService
      issuable, issuable.project, current_user, issuable.milestone)
  end

-  def create_labels_note(issuable, added_labels, removed_labels)
+  def create_labels_note(issuable, old_labels)
+    added_labels = issuable.labels - old_labels
+    removed_labels = old_labels - issuable.labels
+
    SystemNoteService.change_label(
      issuable, issuable.project, current_user, added_labels, removed_labels)
  end
@@ -71,20 +74,19 @@ class IssuableBaseService < BaseService
    end
  end

-  def has_changes?(issuable, options = {})
+  def has_changes?(issuable, old_labels: [])
    valid_attrs = [:title, :description, :assignee_id, :milestone_id, :target_branch]

    attrs_changed = valid_attrs.any? do |attr|
      issuable.previous_changes.include?(attr.to_s)
    end

-    old_labels = options[:old_labels]
-    labels_changed = old_labels && issuable.labels != old_labels
+    labels_changed = issuable.labels != old_labels

    attrs_changed || labels_changed
  end

-  def handle_common_system_notes(issuable, options = {})
+  def handle_common_system_notes(issuable, old_labels: [])
    if issuable.previous_changes.include?('title')
      create_title_change_note(issuable, issuable.previous_changes['title'].first)
    end
@@ -93,9 +95,6 @@ class IssuableBaseService < BaseService
      create_task_status_note(issuable)
    end

-    old_labels = options[:old_labels]
-    if old_labels && (issuable.labels != old_labels)
-      create_labels_note(issuable, issuable.labels - old_labels, old_labels - issuable.labels)
-    end
+    create_labels_note(issuable, old_labels) if issuable.labels != old_labels
  end
 end
--- a/app/services/issues/update_service.rb
+++ b/app/services/issues/update_service.rb
--- a/app/services/merge_requests/update_service.rb
+++ b/app/services/merge_requests/update_service.rb
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
--- a/app/services/projects/housekeeping_service.rb
+++ b/app/services/projects/housekeeping_service.rb
--- a/app/services/search/global_service.rb
+++ b/app/services/search/global_service.rb
--- a/app/services/search/project_service.rb
+++ b/app/services/search/project_service.rb
--- a/app/services/search/snippet_service.rb
+++ b/app/services/search/snippet_service.rb
--- a/app/uploaders/avatar_uploader.rb
+++ b/app/uploaders/avatar_uploader.rb
--- a/app/views/admin/builds/_build.html.haml
+++ b/app/views/admin/builds/_build.html.haml
--- a/app/views/admin/groups/show.html.haml
+++ b/app/views/admin/groups/show.html.haml
--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
--- a/app/views/ci/commits/_commit.html.haml
+++ b/app/views/ci/commits/_commit.html.haml
--- a/app/views/dashboard/projects/_zero_authorized_projects.html.haml
+++ b/app/views/dashboard/projects/_zero_authorized_projects.html.haml
--- a/app/views/doorkeeper/applications/_delete_form.html.haml
+++ b/app/views/doorkeeper/applications/_delete_form.html.haml
--- a/app/views/doorkeeper/applications/_form.html.haml
+++ b/app/views/doorkeeper/applications/_form.html.haml
--- a/app/views/doorkeeper/applications/index.html.haml
+++ b/app/views/doorkeeper/applications/index.html.haml
--- a/app/views/emojis/index.html.haml
+++ b/app/views/emojis/index.html.haml
--- a/app/views/events/_commit.html.haml
+++ b/app/views/events/_commit.html.haml
--- a/app/views/events/_event_last_push.html.haml
+++ b/app/views/events/_event_last_push.html.haml
--- a/app/views/events/event/_push.html.haml
+++ b/app/views/events/event/_push.html.haml
--- a/app/views/groups/_activities.html.haml
+++ b/app/views/groups/_activities.html.haml
--- a/app/views/groups/_projects.html.haml
+++ b/app/views/groups/_projects.html.haml
--- a/app/views/groups/_shared_projects.html.haml
+++ b/app/views/groups/_shared_projects.html.haml
--- a/app/views/groups/activity.html.haml
+++ b/app/views/groups/activity.html.haml
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
--- a/app/views/groups/show.html.haml
+++ b/app/views/groups/show.html.haml
--- a/app/views/help/ui.html.haml
+++ b/app/views/help/ui.html.haml
--- a/app/views/layouts/nav/_group.html.haml
+++ b/app/views/layouts/nav/_group.html.haml
--- a/app/views/layouts/nav/_profile.html.haml
+++ b/app/views/layouts/nav/_profile.html.haml
--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
--- a/app/views/layouts/nav/_project_settings.html.haml
+++ b/app/views/layouts/nav/_project_settings.html.haml
--- a/app/views/layouts/notify.html.haml
+++ b/app/views/layouts/notify.html.haml
--- a/app/views/notify/_reassigned_issuable_email.text.erb
+++ b/app/views/notify/_reassigned_issuable_email.text.erb
--- a/app/views/notify/_relabeled_issuable_email.html.haml
+++ b/app/views/notify/_relabeled_issuable_email.html.haml
--- a/app/views/notify/_relabeled_issuable_email.text.erb
+++ b/app/views/notify/_relabeled_issuable_email.text.erb
--- a/app/views/notify/relabeled_issue_email.html.haml
+++ b/app/views/notify/relabeled_issue_email.html.haml
--- a/app/views/notify/relabeled_issue_email.text.erb
+++ b/app/views/notify/relabeled_issue_email.text.erb
--- a/app/views/notify/relabeled_merge_request_email.html.haml
+++ b/app/views/notify/relabeled_merge_request_email.html.haml
--- a/app/views/notify/relabeled_merge_request_email.text.erb
+++ b/app/views/notify/relabeled_merge_request_email.text.erb
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
--- a/app/views/profiles/applications.html.haml
+++ b/app/views/profiles/applications.html.haml
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
--- a/app/views/profiles/two_factor_auths/new.html.haml
+++ b/app/views/profiles/two_factor_auths/new.html.haml
--- a/app/views/projects/builds/index.html.haml
+++ b/app/views/projects/builds/index.html.haml
--- a/app/views/projects/builds/show.html.haml
+++ b/app/views/projects/builds/show.html.haml
--- a/app/views/projects/buttons/_download.html.haml
+++ b/app/views/projects/buttons/_download.html.haml
--- a/app/views/projects/ci/builds/_build.html.haml
+++ b/app/views/projects/ci/builds/_build.html.haml
--- a/app/views/projects/commit/_builds.html.haml
+++ b/app/views/projects/commit/_builds.html.haml
--- a/app/views/projects/commit_statuses/_commit_status.html.haml
+++ b/app/views/projects/commit_statuses/_commit_status.html.haml
--- a/app/views/projects/generic_commit_statuses/_generic_commit_status.html.haml
+++ b/app/views/projects/generic_commit_statuses/_generic_commit_status.html.haml
--- a/app/views/projects/go_import.html.haml
+++ b/app/views/projects/go_import.html.haml
--- a/app/views/projects/group_links/index.html.haml
+++ b/app/views/projects/group_links/index.html.haml
--- a/app/views/projects/hooks/index.html.haml
+++ b/app/views/projects/hooks/index.html.haml
--- a/app/views/projects/issues/_discussion.html.haml
+++ b/app/views/projects/issues/_discussion.html.haml
--- a/app/views/projects/issues/_merge_requests.html.haml
+++ b/app/views/projects/issues/_merge_requests.html.haml
--- a/app/views/projects/issues/show.html.haml
+++ b/app/views/projects/issues/show.html.haml
--- a/app/views/projects/labels/_label.html.haml
+++ b/app/views/projects/labels/_label.html.haml
--- a/app/views/projects/merge_requests/_discussion.html.haml
+++ b/app/views/projects/merge_requests/_discussion.html.haml
--- a/app/views/projects/merge_requests/_show.html.haml
+++ b/app/views/projects/merge_requests/_show.html.haml
--- a/app/views/projects/merge_requests/show/_mr_title.html.haml
+++ b/app/views/projects/merge_requests/show/_mr_title.html.haml
--- a/app/views/projects/notes/_edit_form.html.haml
+++ b/app/views/projects/notes/_edit_form.html.haml
--- a/app/views/projects/notes/_form.html.haml
+++ b/app/views/projects/notes/_form.html.haml
--- a/app/views/projects/project_members/_shared_group_members.html.haml
+++ b/app/views/projects/project_members/_shared_group_members.html.haml
--- a/app/views/projects/project_members/index.html.haml
+++ b/app/views/projects/project_members/index.html.haml
--- a/app/views/search/_filter.html.haml
+++ b/app/views/search/_filter.html.haml
--- a/app/views/shared/issuable/_filter.html.haml
+++ b/app/views/shared/issuable/_filter.html.haml
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
--- a/app/views/shared/snippets/_blob.html.haml
+++ b/app/views/shared/snippets/_blob.html.haml
--- a/app/views/votes/_votes_block.html.haml
+++ b/app/views/votes/_votes_block.html.haml
--- a/config/application.rb
+++ b/config/application.rb
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
--- a/config/initializers/go_get.rb
+++ b/config/initializers/go_get.rb
--- a/config/initializers/mysql_ignore_postgresql_options.rb
+++ b/config/initializers/mysql_ignore_postgresql_options.rb
--- a/config/initializers/postgresql_opclasses_support.rb
+++ b/config/initializers/postgresql_opclasses_support.rb
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
--- a/config/mail_room.yml
+++ b/config/mail_room.yml
--- a/config/routes.rb
+++ b/config/routes.rb
--- a/db/migrate/20130711063759_create_project_group_links.rb
+++ b/db/migrate/20130711063759_create_project_group_links.rb
--- a/db/migrate/20130820102832_add_access_to_project_group_link.rb
+++ b/db/migrate/20130820102832_add_access_to_project_group_link.rb
--- a/db/migrate/20150930110012_add_group_share_lock.rb
+++ b/db/migrate/20150930110012_add_group_share_lock.rb
--- a/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb
+++ b/db/migrate/20160226114608_add_trigram_indexes_for_searching.rb
--- a/db/migrate/20160307221555_disallow_blank_line_code_on_note.rb
+++ b/db/migrate/20160307221555_disallow_blank_line_code_on_note.rb
--- a/db/migrate/20160310185910_add_external_flag_to_users.rb
+++ b/db/migrate/20160310185910_add_external_flag_to_users.rb
--- a/db/migrate/20160314143402_projects_add_pushes_since_gc.rb
+++ b/db/migrate/20160314143402_projects_add_pushes_since_gc.rb
--- a/db/schema.rb
+++ b/db/schema.rb
--- a/doc/README.md
+++ b/doc/README.md
--- a/doc/api/builds.md
+++ b/doc/api/builds.md
--- a/doc/api/notes.md
+++ b/doc/api/notes.md
--- a/doc/api/project_snippets.md
+++ b/doc/api/project_snippets.md
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
--- a/doc/api/users.md
+++ b/doc/api/users.md
--- a/doc/ci/README.md
+++ b/doc/ci/README.md
--- a/doc/ci/enable_or_disable_ci.md
+++ b/doc/ci/enable_or_disable_ci.md
--- a/doc/ci/examples/README.md
+++ b/doc/ci/examples/README.md
--- a/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
+++ b/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
--- a/doc/ci/quick_start/README.md
+++ b/doc/ci/quick_start/README.md
--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
--- a/doc/development/README.md
+++ b/doc/development/README.md
--- a/doc/development/benchmarking.md
+++ b/doc/development/benchmarking.md
--- a/doc/development/scss_styleguide.md
+++ b/doc/development/scss_styleguide.md
--- a/doc/hooks/custom_hooks.md
+++ b/doc/hooks/custom_hooks.md
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
--- a/doc/markdown/markdown.md
+++ b/doc/markdown/markdown.md
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
--- a/doc/raketasks/README.md
+++ b/doc/raketasks/README.md
--- a/doc/raketasks/web_hooks.md
+++ b/doc/raketasks/web_hooks.md
--- a/doc/security/README.md
+++ b/doc/security/README.md
--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
--- a/doc/update/8.5-to-8.6.md
+++ b/doc/update/8.5-to-8.6.md
--- a/doc/web_hooks/web_hooks.md
+++ b/doc/web_hooks/web_hooks.md
--- a/doc/workflow/README.md
+++ b/doc/workflow/README.md
--- a/doc/workflow/groups/max_access_level.png
+++ b/doc/workflow/groups/max_access_level.png
--- a/doc/workflow/groups/other_group_sees_shared_project.png
+++ b/doc/workflow/groups/other_group_sees_shared_project.png
--- a/doc/workflow/groups/share_project_with_groups.png
+++ b/doc/workflow/groups/share_project_with_groups.png
--- a/doc/workflow/share_projects_with_other_groups.md
+++ b/doc/workflow/share_projects_with_other_groups.md
--- a/doc/workflow/share_with_group.md
+++ b/doc/workflow/share_with_group.md
--- a/doc/workflow/share_with_group.png
+++ b/doc/workflow/share_with_group.png
--- a/features/admin/groups.feature
+++ b/features/admin/groups.feature
--- a/features/groups.feature
+++ b/features/groups.feature
--- a/features/profile/profile.feature
+++ b/features/profile/profile.feature
--- a/features/project/group_links.feature
+++ b/features/project/group_links.feature
--- a/features/project/labels.feature
+++ b/features/project/labels.feature
--- a/features/project/merge_requests.feature
+++ b/features/project/merge_requests.feature
--- a/features/project/network_graph.feature
+++ b/features/project/network_graph.feature
--- a/features/project/team_management.feature
+++ b/features/project/team_management.feature
--- a/features/steps/admin/groups.rb
+++ b/features/steps/admin/groups.rb
--- a/features/steps/dashboard/issues.rb
+++ b/features/steps/dashboard/issues.rb
--- a/features/steps/dashboard/merge_requests.rb
+++ b/features/steps/dashboard/merge_requests.rb
--- a/features/steps/profile/profile.rb
+++ b/features/steps/profile/profile.rb
--- a/features/steps/project/active_tab.rb
+++ b/features/steps/project/active_tab.rb
--- a/features/steps/project/hooks.rb
+++ b/features/steps/project/hooks.rb
--- a/features/steps/project/issues/award_emoji.rb
+++ b/features/steps/project/issues/award_emoji.rb
--- a/features/steps/project/issues/filter_labels.rb
+++ b/features/steps/project/issues/filter_labels.rb
--- a/features/steps/project/issues/issues.rb
+++ b/features/steps/project/issues/issues.rb
--- a/features/steps/project/labels.rb
+++ b/features/steps/project/labels.rb
--- a/features/steps/project/merge_requests.rb
+++ b/features/steps/project/merge_requests.rb
--- a/features/steps/project/network_graph.rb
+++ b/features/steps/project/network_graph.rb
--- a/features/steps/project/project_group_links.rb
+++ b/features/steps/project/project_group_links.rb
--- a/features/steps/project/snippets.rb
+++ b/features/steps/project/snippets.rb
--- a/features/steps/project/source/browse_files.rb
+++ b/features/steps/project/source/browse_files.rb
--- a/features/steps/project/team_management.rb
+++ b/features/steps/project/team_management.rb
--- a/features/steps/shared/builds.rb
+++ b/features/steps/shared/builds.rb
--- a/features/steps/shared/diff_note.rb
+++ b/features/steps/shared/diff_note.rb
--- a/features/steps/shared/issuable.rb
+++ b/features/steps/shared/issuable.rb
--- a/features/steps/shared/note.rb
+++ b/features/steps/shared/note.rb
--- a/features/steps/shared/paths.rb
+++ b/features/steps/shared/paths.rb
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
--- a/lib/ci/gitlab_ci_yaml_processor.rb
+++ b/lib/ci/gitlab_ci_yaml_processor.rb
--- a/lib/gitlab/devise_failure.rb
+++ b/lib/gitlab/devise_failure.rb
--- a/lib/gitlab/exclusive_lease.rb
+++ b/lib/gitlab/exclusive_lease.rb
--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
--- a/lib/gitlab/github_import/pull_request_formatter.rb
+++ b/lib/gitlab/github_import/pull_request_formatter.rb
--- a/lib/gitlab/middleware/go.rb
+++ b/lib/gitlab/middleware/go.rb
--- a/lib/gitlab/project_search_results.rb
+++ b/lib/gitlab/project_search_results.rb
--- a/lib/gitlab/push_data_builder.rb
+++ b/lib/gitlab/push_data_builder.rb
--- a/lib/gitlab/redis_config.rb
+++ b/lib/gitlab/redis_config.rb
--- a/lib/gitlab/search_results.rb
+++ b/lib/gitlab/search_results.rb
--- a/lib/gitlab/snippet_search_results.rb
+++ b/lib/gitlab/snippet_search_results.rb
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
--- a/lib/tasks/cache.rake
+++ b/lib/tasks/cache.rake
--- a/lib/tasks/gitlab/web_hook.rake
+++ b/lib/tasks/gitlab/web_hook.rake
--- a/lib/tasks/scss-lint.rake
+++ b/lib/tasks/scss-lint.rake
--- a/lib/tasks/spec.rake
+++ b/lib/tasks/spec.rake
--- a/public/logo.svg
+++ b/public/logo.svg
--- a/spec/benchmarks/finders/issues_finder_spec.rb
+++ b/spec/benchmarks/finders/issues_finder_spec.rb
--- a/spec/benchmarks/finders/trending_projects_finder_spec.rb
+++ b/spec/benchmarks/finders/trending_projects_finder_spec.rb
--- a/spec/benchmarks/lib/gitlab/markdown/reference_filter_spec.rb
+++ b/spec/benchmarks/lib/gitlab/markdown/reference_filter_spec.rb
--- a/spec/benchmarks/models/milestone_spec.rb
+++ b/spec/benchmarks/models/milestone_spec.rb
--- a/spec/benchmarks/models/project_spec.rb
+++ b/spec/benchmarks/models/project_spec.rb
--- a/spec/benchmarks/models/project_team_spec.rb
+++ b/spec/benchmarks/models/project_team_spec.rb
--- a/spec/benchmarks/models/user_spec.rb
+++ b/spec/benchmarks/models/user_spec.rb
--- a/spec/benchmarks/services/projects/create_service_spec.rb
+++ b/spec/benchmarks/services/projects/create_service_spec.rb
--- a/spec/controllers/namespaces_controller_spec.rb
+++ b/spec/controllers/namespaces_controller_spec.rb
--- a/spec/controllers/profiles/avatars_controller_spec.rb
+++ b/spec/controllers/profiles/avatars_controller_spec.rb
--- a/spec/controllers/projects/imports_controller_spec.rb
+++ b/spec/controllers/projects/imports_controller_spec.rb
--- a/spec/controllers/projects/repositories_controller_spec.rb
+++ b/spec/controllers/projects/repositories_controller_spec.rb
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
--- a/spec/factories/labels.rb
+++ b/spec/factories/labels.rb
--- a/spec/factories/merge_requests.rb
+++ b/spec/factories/merge_requests.rb
--- a/spec/factories/project_group_links.rb
+++ b/spec/factories/project_group_links.rb
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
--- a/spec/features/issues/filter_by_milestone_spec.rb
+++ b/spec/features/issues/filter_by_milestone_spec.rb
--- a/spec/features/merge_requests/filter_by_milestone_spec.rb
+++ b/spec/features/merge_requests/filter_by_milestone_spec.rb
--- a/spec/features/notes_on_merge_requests_spec.rb
+++ b/spec/features/notes_on_merge_requests_spec.rb
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
--- a/spec/finders/projects_finder_spec.rb
+++ b/spec/finders/projects_finder_spec.rb
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
--- a/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
+++ b/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
--- a/spec/lib/gitlab/exclusive_lease_spec.rb
+++ b/spec/lib/gitlab/exclusive_lease_spec.rb
--- a/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
--- a/spec/lib/gitlab/search_results_spec.rb
+++ b/spec/lib/gitlab/search_results_spec.rb
--- a/spec/lib/gitlab/snippet_search_results_spec.rb
+++ b/spec/lib/gitlab/snippet_search_results_spec.rb
--- a/spec/mailers/emails/profile_spec.rb
+++ b/spec/mailers/emails/profile_spec.rb
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
--- a/spec/mailers/shared/notify.rb
+++ b/spec/mailers/shared/notify.rb
--- a/spec/models/build_spec.rb
+++ b/spec/models/build_spec.rb
--- a/spec/models/ci/commit_spec.rb
+++ b/spec/models/ci/commit_spec.rb
--- a/spec/models/ci/runner_spec.rb
+++ b/spec/models/ci/runner_spec.rb
--- a/spec/models/concerns/issuable_spec.rb
+++ b/spec/models/concerns/issuable_spec.rb
--- a/spec/models/concerns/subscribable_spec.rb
+++ b/spec/models/concerns/subscribable_spec.rb
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
--- a/spec/models/hooks/service_hook_spec.rb
+++ b/spec/models/hooks/service_hook_spec.rb
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
--- a/spec/models/milestone_spec.rb
+++ b/spec/models/milestone_spec.rb
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
--- a/spec/models/project_group_link_spec.rb
+++ b/spec/models/project_group_link_spec.rb
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
--- a/spec/models/project_team_spec.rb
+++ b/spec/models/project_team_spec.rb
--- a/spec/models/snippet_spec.rb
+++ b/spec/models/snippet_spec.rb
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
--- a/spec/services/git_push_service_spec.rb
+++ b/spec/services/git_push_service_spec.rb
--- a/spec/services/git_tag_push_service_spec.rb
+++ b/spec/services/git_tag_push_service_spec.rb
--- a/spec/services/issues/update_service_spec.rb
+++ b/spec/services/issues/update_service_spec.rb
--- a/spec/services/merge_requests/update_service_spec.rb
+++ b/spec/services/merge_requests/update_service_spec.rb
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
--- a/spec/services/projects/housekeeping_service_spec.rb
+++ b/spec/services/projects/housekeeping_service_spec.rb
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
--- a/spec/support/email_helpers.rb
+++ b/spec/support/email_helpers.rb
--- a/spec/support/matchers/access_matchers.rb
+++ b/spec/support/matchers/access_matchers.rb
--- a/spec/support/matchers/benchmark_matchers.rb
+++ b/spec/support/matchers/benchmark_matchers.rb
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
--- a/vendor/assets/javascripts/cropper.js
+++ b/vendor/assets/javascripts/cropper.js
--- a/vendor/assets/stylesheets/cropper.css
+++ b/vendor/assets/stylesheets/cropper.css