Merge branch '11-7-stable-patch-5' into '11-7-stable'

Prepare 11.7.5 release

See merge request gitlab-org/gitlab-ce!24941

app/assets/javascripts/error_tracking/index.js

@@ -4,10 +4,6 @@ import store from './store';
 import ErrorTrackingList from './components/error_tracking_list.vue';
 
 export default () => {
-  if (!gon.features.errorTracking) {
-    return;
-  }
-
   // eslint-disable-next-line no-new
   new Vue({
     el: '#js-error_tracking',

app/assets/javascripts/notes/stores/actions.js

@@ -415,12 +415,13 @@ export const submitSuggestion = (
       commit(types.APPLY_SUGGESTION, { discussionId, noteId, suggestionId });
       callback();
     })
-    .catch(() => {
-      Flash(
-        __('Something went wrong while applying the suggestion. Please try again.'),
-        'alert',
-        flashContainer,
+    .catch(err => {
+      const defaultMessage = __(
+        'Something went wrong while applying the suggestion. Please try again.',
       );
+      const flashMessage = err.response.data ? `${err.response.data.message}.` : defaultMessage;
+
+      Flash(__(flashMessage), 'alert', flashContainer);
       callback();
     });
 };

app/assets/javascripts/pages/projects/tags/releases/index.js

+import $ from 'jquery';
+import ZenMode from '~/zen_mode';
+import GLForm from '~/gl_form';
+
+document.addEventListener('DOMContentLoaded', () => {
+  new ZenMode(); // eslint-disable-line no-new
+  new GLForm($('.release-form')); // eslint-disable-line no-new
+});

app/controllers/projects/error_tracking_controller.rb

 # frozen_string_literal: true
 
 class Projects::ErrorTrackingController < Projects::ApplicationController
-  before_action :check_feature_flag!
   before_action :authorize_read_sentry_issue!
-  before_action :push_feature_flag_to_frontend
 
   POLLING_INTERVAL = 10_000
 
@@ -43,12 +41,4 @@ class Projects::ErrorTrackingController < Projects::ApplicationController
       .new(project: project, user: current_user)
       .represent(errors)
   end
-
-  def check_feature_flag!
-    render_404 unless Feature.enabled?(:error_tracking, project)
-  end
-
-  def push_feature_flag_to_frontend
-    push_frontend_feature_flag(:error_tracking, current_user)
-  end
 end

app/helpers/projects_helper.rb

@@ -285,7 +285,7 @@ module ProjectsHelper
 
   # overridden in EE
   def settings_operations_available?
-    Feature.enabled?(:error_tracking, @project) && can?(current_user, :read_environment, @project)
+    can?(current_user, :read_environment, @project)
   end
 
   private
@@ -328,7 +328,7 @@ module ProjectsHelper
   def external_nav_tabs(project)
     [].tap do |tabs|
       tabs << :external_issue_tracker if project.external_issue_tracker
-      tabs << :external_wiki if project.has_external_wiki?
+      tabs << :external_wiki if project.external_wiki
     end
   end
 

app/models/appearance.rb

@@ -44,7 +44,11 @@ class Appearance < ActiveRecord::Base
   private
 
   def logo_system_path(logo, mount_type)
-    return unless logo&.upload
+    # Legacy attachments may not have have an associated Upload record,
+    # so fallback to the AttachmentUploader#url if this is the
+    # case. AttachmentUploader#path doesn't work because for a local
+    # file, this is an absolute path to the file.
+    return logo&.url unless logo&.upload
 
     # If we're using a CDN, we need to use the full URL
     asset_host = ActionController::Base.asset_host

app/models/repository.rb

@@ -525,6 +525,8 @@ class Repository
 
   # items is an Array like: [[oid, path], [oid1, path1]]
   def blobs_at(items)
+    return [] unless exists?
+
     raw_repository.batch_blobs(items).map { |blob| Blob.decorate(blob, project) }
   end
 

app/models/ssh_host_key.rb

@@ -54,7 +54,7 @@ class SshHostKey
 
   # Needed for reactive caching
   def self.primary_key
-    'id'
+    :id
   end
 
   def id

app/services/suggestions/apply_service.rb

@@ -11,7 +11,7 @@ module Suggestions
         return error('Suggestion is not appliable')
       end
 
-      unless latest_diff_refs?(suggestion)
+      unless latest_source_head?(suggestion)
         return error('The file has been changed')
       end
 
@@ -29,12 +29,13 @@ module Suggestions
 
     private
 
-    # Checks whether the latest diff refs for the branch matches with
-    # the position refs we're using to update the file content. Since
-    # the persisted refs are updated async (for MergeRequest),
-    # it's more consistent to fetch this data directly from the repository.
-    def latest_diff_refs?(suggestion)
-      suggestion.position.diff_refs == suggestion.noteable.repository_diff_refs
+    # Checks whether the latest source branch HEAD matches with
+    # the position HEAD we're using to update the file content. Since
+    # the persisted HEAD is updated async (for MergeRequest),
+    # it's more consistent to fetch this data directly from the
+    # repository.
+    def latest_source_head?(suggestion)
+      suggestion.position.head_sha == suggestion.noteable.source_branch_sha
     end
 
     def file_update_params(suggestion)

app/views/layouts/nav/sidebar/_project.html.haml

@@ -227,7 +227,7 @@
                   %span
                     = _('Environments')
 
-            - if project_nav_tab?(:error_tracking) && Feature.enabled?(:error_tracking, @project)
+            - if project_nav_tab?(:error_tracking)
               = nav_link(controller: :error_tracking) do
                 = link_to project_error_tracking_index_path(@project), title: _('Error Tracking'), class: 'shortcuts-tracking qa-operations-tracking-link' do
                   %span

app/views/projects/_activity.html.haml

 %div{ class: container_class }
-  .nav-block.d-none.d-sm-block.activities
+  .nav-block.d-none.d-sm-flex.activities
     = render 'shared/event_filter'
     .controls
       = link_to project_path(@project, rss_url_options), title: s_("ProjectActivityRSS|Subscribe"), class: 'btn d-none d-sm-inline-block has-tooltip' do

app/views/projects/settings/operations/_error_tracking.html.haml

-- return unless Feature.enabled?(:error_tracking, @project) && can?(current_user, :read_environment, @project)
+- return unless can?(current_user, :read_environment, @project)
 
 - setting = error_tracking_setting
 

app/views/projects/tags/_tag.html.haml

@@ -28,7 +28,7 @@
     = render 'projects/buttons/download', project: @project, ref: tag.name, pipeline: @tags_pipelines[tag.name]
 
     - if can?(current_user, :push_code, @project)
-      = link_to edit_project_tag_release_path(@project, tag.name), class: 'btn has-tooltip', title: s_('TagsPage|Edit release notes'), data: { container: "body" } do
+      = link_to edit_project_tag_release_path(@project, tag.name), class: 'btn btn-edit has-tooltip', title: s_('TagsPage|Edit release notes'), data: { container: "body" } do
         = icon("pencil")
 
       - if can?(current_user, :admin_project, @project)

app/views/projects/tags/show.html.haml

@@ -20,7 +20,7 @@
 
     .nav-controls.controls-flex
       - if can?(current_user, :push_code, @project)
-        = link_to edit_project_tag_release_path(@project, @tag.name), class: 'btn controls-item has-tooltip', title: s_('TagsPage|Edit release notes') do
+        = link_to edit_project_tag_release_path(@project, @tag.name), class: 'btn btn-edit controls-item has-tooltip', title: s_('TagsPage|Edit release notes') do
           = icon("pencil")
       = link_to project_tree_path(@project, @tag.name), class: 'btn controls-item has-tooltip', title: s_('TagsPage|Browse files') do
         = icon('files-o')

changelogs/unreleased/56424-fix-gl-form-init-tag-editing.yml

+---
+title: Fix form functionality for edit tag page
+merge_request: 24645
+author:
+type: fixed

changelogs/unreleased/fj-regression-external-wiki-url.yml

+---
+title: Changed external wiki query method to prevent attribute caching
+merge_request: 24907
+author:
+type: fixed

changelogs/unreleased/osw-adjusts-suggestions-unable-to-be-applied.yml

+---
+title: Adjusts suggestions unable to be applied
+merge_request: 24603
+author:
+type: fixed

changelogs/unreleased/sh-fix-detect-host-keys.yml

+---
+title: Fix Detect Host Keys not working
+merge_request: 24884
+author:
+type: fixed

changelogs/unreleased/sh-fix-issue-9357.yml

+---
+title: Fix 500 errors with legacy appearance logos
+merge_request: 24615
+author:
+type: fixed

changelogs/unreleased/sh-fix-oauth2-callback-caps.yml

+---
+title: Downcase aliased OAuth2 callback providers
+merge_request: 24877
+author:
+type: fixed

changelogs/unreleased/sh-remove-bitbucket-mirror-constant.yml

+---
+title: Fix import handling errors in Bitbucket Server importer
+merge_request: 24499
+author:
+type: fixed

config/routes/import.rb

 # Alias import callbacks under the /users/auth endpoint so that
 # the OAuth2 callback URL can be restricted under http://example.com/users/auth
 # instead of http://example.com.
-Devise.omniauth_providers.each do |provider|
+Devise.omniauth_providers.map(&:downcase).each do |provider|
   next if provider == 'ldapmain'
 
   get "/users/auth/-/import/#{provider}/callback", to: "import/#{provider}#callback", as: "users_import_#{provider}_callback"

doc/update/11.6-to-11.7.md

@@ -66,7 +66,7 @@ from source at the nodejs.org website.
 
 <https://nodejs.org/en/download/>
 
-GitLab also requires the use of yarn `>= v1.2.0` to manage JavaScript
+GitLab also requires the use of yarn `>= v1.10.0` to manage JavaScript
 dependencies.
 
 ```bash

doc/user/project/clusters/index.md

@@ -178,8 +178,11 @@ When creating a cluster in GitLab, you will be asked if you would like to create
 [Attribute-based access control (ABAC)](https://kubernetes.io/docs/admin/authorization/abac/) cluster, or
 a [Role-based access control (RBAC)](https://kubernetes.io/docs/admin/authorization/rbac/) one.
 
-Whether ABAC or RBAC is enabled, GitLab will create the necessary
-service accounts and privileges in order to install and run
+NOTE: **Note:**
+[RBAC](#role-based-access-control-rbac) is recommended and the GitLab default.
+
+Whether [ABAC](#attribute-based-access-control-abac) or [RBAC](#role-based-access-control-rbac) is enabled,
+GitLab will create the necessary service accounts and privileges in order to install and run
 [GitLab managed applications](#installing-applications):
 
 - If GitLab is creating the cluster, a `gitlab` service account with

doc/user/project/index.md

@@ -149,3 +149,17 @@ When [renaming a user](../profile/index.md#changing-your-username),
   work after a rename, making any transition a lot smoother.
 - The redirects will be available as long as the original path is not claimed by
   another group, user or project.
+
+## Use your project as a Go package
+
+Any project can be used as a Go package including private projects in subgroups. To use packages
+hosted in private projects with the `go get` command, use a [`.netrc` file](https://ec.haxx.se/usingcurl-netrc.html)
+and a personal access token in the password field.
+
+For example:
+
+```text
+machine example.gitlab.com
+login <gitlab_user_name>
+password <personal_access_token>
+```

doc/user/project/integrations/prometheus_library/index.md

@@ -10,7 +10,8 @@ Currently supported exporters are:
 
 - [Kubernetes](kubernetes.md)
 - [NGINX](nginx.md)
-- [NGINX Ingress Controller](nginx_ingress.md)
+- [NGINX Ingress Controller 0.9.0-0.15.x](nginx_ingress_vts.md)
+- [NGINX Ingress Controller 0.16.0+](nginx_ingress.md)
 - [HAProxy](haproxy.md)
 - [Amazon Cloud Watch](cloudwatch.md)
 

doc/user/project/integrations/prometheus_library/nginx_ingress.md

 # Monitoring NGINX Ingress Controller
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13438) in GitLab 9.5.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22133) in GitLab 11.7.
 
-GitLab has support for automatically detecting and monitoring the Kubernetes NGINX ingress controller. This is provided by leveraging the built in Prometheus metrics included in [version 0.9.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#09-beta1) and above of the ingress.
+NOTE: **Note:** NGINX Ingress versions prior to 0.16.0 offer an included [VTS Prometheus metrics exporter](nginx_ingress_vts.md), which exports metrics different than the built-in metrics.
+
+GitLab has support for automatically detecting and monitoring the Kubernetes NGINX ingress controller. This is provided by leveraging the built-in Prometheus metrics included starting with [version 0.16.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0160).
 
 ## Requirements
 
@@ -12,27 +14,29 @@ GitLab has support for automatically detecting and monitoring the Kubernetes NGI
 
 | Name | Query |
 | ---- | ----- |
-| Throughput (req/sec) | sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) by (status_code) |
-| Latency (ms) | avg(nginx_upstream_response_msecs_avg{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}) |
-| HTTP Error Rate (%) | sum(rate(nginx_upstream_responses_total{status_code="5xx", upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) / sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) * 100 |
+| Throughput (req/sec) | sum(label_replace(rate(nginx_ingress_controller_requests{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m]), "status_code", "${1}xx", "status", "(.)..")) by (status_code) |
+| Latency (ms) | sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_sum{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) / sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_count{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) * 1000 |
+| HTTP Error Rate (%) | sum(rate(nginx_ingress_controller_requests{status=~"5.*",namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) / sum(rate(nginx_ingress_controller_requests{namespace="%{kube_namespace}",ingress=~".*%{ci_environment_slug}.*"}[2m])) * 100 |
 
 ## Configuring NGINX ingress monitoring
 
 If you have deployed NGINX Ingress using GitLab's [Kubernetes cluster integration](../../clusters/index.md#installing-applications), it will [automatically be monitored](#about-managed-nginx-ingress-deployments) by Prometheus.
 
 For other deployments, there is [some configuration](#manually-setting-up-nginx-ingress-for-prometheus-monitoring) required depending on your installation:
-* NGINX Ingress should be version 0.9.0 or above, with metrics enabled
-* NGINX Ingress should be annotated for Prometheus monitoring
-* Prometheus should be configured to monitor annotated pods
+
+- NGINX Ingress should be version 0.16.0 or above, with metrics enabled.
+- NGINX Ingress should be annotated for Prometheus monitoring.
+- Prometheus should be configured to monitor annotated pods.
 
 ### About managed NGINX Ingress deployments
 
 NGINX Ingress is deployed into the `gitlab-managed-apps` namespace, using the [official Helm chart](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress). NGINX Ingress will be [externally reachable via the Load Balancer's IP](../../clusters/index.md#getting-the-external-ip-address).
 
 NGINX is configured for Prometheus monitoring, by setting:
-* `enable-vts-status: "true"`, to export Prometheus metrics
-* `prometheus.io/scrape: "true"`, to enable automatic discovery
-* `prometheus.io/port: "10254"`, to specify the metrics port
+
+- `enable-vts-status: "true"`, to export Prometheus metrics.
+- `prometheus.io/scrape: "true"`, to enable automatic discovery.
+- `prometheus.io/port: "10254"`, to specify the metrics port.
 
 When used in conjunction with the GitLab deployed Prometheus service, response metrics will be automatically collected.
 
@@ -49,6 +53,6 @@ Managing these settings depends on how NGINX ingress has been deployed. If you h
 
 ## Specifying the Environment label
 
-In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `upstream` label must be of the form `<KUBE_NAMESPACE>-<CI_ENVIRONMENT_SLUG>-*`.
+In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `ingress` label must `<CI_ENVIRONMENT_SLUG>`.
 
 If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.

doc/user/project/integrations/prometheus_library/nginx_ingress_vts.md

+# Monitoring NGINX Ingress Controller with VTS metrics
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13438) in GitLab 9.5.
+
+NOTE: **Note:** [NGINX Ingress version 0.16](nginx_ingress.md) and above have built-in Prometheus metrics, which are different than the VTS based metrics.
+
+GitLab has support for automatically detecting and monitoring the Kubernetes NGINX ingress controller. This is provided by leveraging the included VTS Prometheus metrics exporter in [version 0.9.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#09-beta1) through [0.15.x](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0150).
+
+## Requirements
+
+[Prometheus integration](../prometheus.md) must be active.
+
+## Metrics supported
+
+| Name | Query |
+| ---- | ----- |
+| Throughput (req/sec) | sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) by (status_code) |
+| Latency (ms) | avg(nginx_upstream_response_msecs_avg{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}) |
+| HTTP Error Rate (%) | sum(rate(nginx_upstream_responses_total{status_code="5xx", upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) / sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) * 100 |
+
+## Configuring NGINX ingress monitoring
+
+If you have deployed NGINX Ingress using GitLab's [Kubernetes cluster integration](../../clusters/index.md#installing-applications), it will [automatically be monitored](#about-managed-nginx-ingress-deployments) by Prometheus.
+
+For other deployments, there is [some configuration](#manually-setting-up-nginx-ingress-for-prometheus-monitoring) required depending on your installation:
+
+- NGINX Ingress should be version 0.9.0 or above, with metrics enabled.
+- NGINX Ingress should be annotated for Prometheus monitoring.
+- Prometheus should be configured to monitor annotated pods.
+
+### About managed NGINX Ingress deployments
+
+NGINX Ingress is deployed into the `gitlab-managed-apps` namespace, using the [official Helm chart](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress). NGINX Ingress will be [externally reachable via the Load Balancer's IP](../../clusters/index.md#getting-the-external-ip-address).
+
+NGINX is configured for Prometheus monitoring, by setting:
+
+- `enable-vts-status: "true"`, to export Prometheus metrics.
+- `prometheus.io/scrape: "true"`, to enable automatic discovery.
+- `prometheus.io/port: "10254"`, to specify the metrics port.
+
+When used in conjunction with the GitLab deployed Prometheus service, response metrics will be automatically collected.
+
+### Manually setting up NGINX Ingress for Prometheus monitoring
+
+Version 0.9.0 and above of [NGINX ingress](https://github.com/kubernetes/ingress-nginx) have built-in support for exporting Prometheus metrics. To enable, a ConfigMap setting must be passed: `enable-vts-status: "true"`. Once enabled, a Prometheus metrics endpoint will start running on port 10254.
+
+Next, the ingress needs to be annotated for Prometheus monitoring. Two new annotations need to be added:
+
+- `prometheus.io/scrape: "true"`
+- `prometheus.io/port: "10254"`
+
+Managing these settings depends on how NGINX ingress has been deployed. If you have deployed via the [official Helm chart](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress), metrics can be enabled with `controller.stats.enabled` along with the required annotations. Alternatively it is possible edit the NGINX ingress YML directly in the [Kubernetes dashboard](https://github.com/kubernetes/dashboard).
+
+## Specifying the Environment label
+
+In order to isolate and only display relevant metrics for a given environment, GitLab needs a method to detect which labels are associated. To do this, GitLab will search for metrics with appropriate labels. In this case, the `upstream` label must be of the form `<KUBE_NAMESPACE>-<CI_ENVIRONMENT_SLUG>-*`.
+
+If you have used [Auto Deploy](../../../../topics/autodevops/index.md#auto-deploy) to deploy your app, this format will be used automatically and metrics will be detected with no action on your part.

doc/user/project/operations/error_tracking.md

 # Error Tracking
 
-> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/169) in GitLab 11.7.
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/169) in GitLab 11.8.
 
 Error tracking allows developers to easily discover and view the errors that their application may be generating. By surfacing error information where the code is being developed, efficiency and awareness can be increased.
 

lib/gitlab/bitbucket_server_import/importer.rb

@@ -132,7 +132,7 @@ module Gitlab
         project.repository.fetch_as_mirror(project.import_url, refmap: self.class.refmap, remote_name: REMOTE_NAME)
 
         log_info(stage: 'import_repository', message: 'finished import')
-      rescue Gitlab::Shell::Error, Gitlab::Git::RepositoryMirroring::RemoteError => e
+      rescue Gitlab::Shell::Error => e
         log_error(stage: 'import_repository', message: 'failed import', error: e.message)
 
         # Expire cache to prevent scenarios such as:
@@ -140,7 +140,7 @@ module Gitlab
         # 2. Retried import, repo is broken or not imported but +exists?+ still returns true
         project.repository.expire_content_cache if project.repository_exists?
 
-        raise e.message
+        raise
       end
 
       # Bitbucket Server keeps tracks of references for open pull requests in

qa/qa/resource/user.rb

@@ -17,11 +17,11 @@ module QA
       end
 
       def username
-        @username ||= "qa-user-#{unique_id}"
+        @username || "qa-user-#{unique_id}"
       end
 
       def password
-        @password ||= 'password'
+        @password || 'password'
       end
 
       def name
@@ -29,7 +29,15 @@ module QA
       end
 
       def email
-        @email ||= api_resource&.dig(:email) || "#{username}@example.com"
+        @email ||= "#{username}@example.com"
+      end
+
+      def public_email
+        @public_email ||= begin
+          api_public_email = api_resource&.dig(:public_email)
+
+          api_public_email && api_public_email != '' ? api_public_email : Runtime::User.default_email
+        end
       end
 
       def credentials_given?

qa/qa/runtime/user.rb

@@ -7,6 +7,10 @@ module QA
         'root'
       end
 
+      def default_email
+        'admin@example.com'
+      end
+
       def default_password
         '5iveL!fe'
       end

qa/qa/specs/features/browser_ui/3_create/repository/user_views_raw_diff_patch_requests_spec.rb

@@ -2,7 +2,10 @@
 
 module QA
   context 'Create' do
-    describe 'Commit data' do
+    # failure reported: https://gitlab.com/gitlab-org/quality/nightly/issues/42
+    # also failing in staging until the fix is picked into the next release:
+    #  https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24533
+    describe 'Commit data', :quarantine do
       before(:context) do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)
         Page::Main::Login.perform(&:sign_in_using_credentials)
@@ -47,7 +50,7 @@ module QA
 
         Page::Project::Commit::Show.perform(&:select_email_patches)
 
-        expect(page).to have_content("From: #{user.name} <#{user.email}>")
+        expect(page).to have_content("From: #{user.name} <#{user.public_email}>")
         expect(page).to have_content('Subject: [PATCH] Add second file')
         expect(page).to have_content('diff --git a/second b/second')
       end

qa/spec/resource/user_spec.rb

+# frozen_string_literal: true
+
+describe QA::Resource::User do
+  let(:api_resource) do
+    {
+      name: "GitLab QA",
+      username: "gitlab-qa",
+      web_url: "https://staging.gitlab.com/gitlab-qa",
+      public_email: "1614863-gitlab-qa@users.noreply.staging.gitlab.com"
+    }
+  end
+
+  describe '#username' do
+    it 'generates a default username' do
+      expect(subject.username).to match(/qa-user-\w+/)
+    end
+
+    it 'is possible to set the username' do
+      subject.username = 'johndoe'
+
+      expect(subject.username).to eq('johndoe')
+    end
+  end
+
+  describe '#password' do
+    it 'generates a default password' do
+      expect(subject.password).to eq('password')
+    end
+
+    it 'is possible to set the password' do
+      subject.password = 'secret'
+
+      expect(subject.password).to eq('secret')
+    end
+  end
+
+  describe '#name' do
+    it 'defaults to the username' do
+      expect(subject.name).to eq(subject.username)
+    end
+
+    it 'retrieves the name from the api_resource if present' do
+      subject.__send__(:api_resource=, api_resource)
+
+      expect(subject.name).to eq(api_resource[:name])
+    end
+
+    it 'is possible to set the name' do
+      subject.name = 'John Doe'
+
+      expect(subject.name).to eq('John Doe')
+    end
+  end
+
+  describe '#email' do
+    it 'defaults to the <username>@example.com' do
+      expect(subject.email).to eq("#{subject.username}@example.com")
+    end
+
+    it 'is possible to set the email' do
+      subject.email = 'johndoe@example.org'
+
+      expect(subject.email).to eq('johndoe@example.org')
+    end
+  end
+
+  describe '#public_email' do
+    it 'defaults to QA::Runtime::User.default_email' do
+      expect(subject.public_email).to eq(QA::Runtime::User.default_email)
+    end
+
+    it 'retrieves the public_email from the api_resource if present' do
+      subject.__send__(:api_resource=, api_resource)
+
+      expect(subject.public_email).to eq(api_resource[:public_email])
+    end
+
+    it 'defaults to QA::Runtime::User.default_email if the public_email from the api_resource is blank' do
+      subject.__send__(:api_resource=, api_resource.merge(public_email: ''))
+
+      expect(subject.public_email).to eq(QA::Runtime::User.default_email)
+    end
+  end
+
+  describe '#credentials_given?' do
+    it 'returns false when username and email have not been overridden' do
+      expect(subject).not_to be_credentials_given
+    end
+
+    it 'returns false even after username and email have been called' do
+      # Call #username and #password to ensure this doesn't set their respective
+      # instance variable.
+      subject.username
+      subject.password
+
+      expect(subject).not_to be_credentials_given
+    end
+
+    it 'returns false if only the username has been overridden' do
+      subject.username = 'johndoe'
+
+      expect(subject).not_to be_credentials_given
+    end
+
+    it 'returns false if only the password has been overridden' do
+      subject.password = 'secret'
+
+      expect(subject).not_to be_credentials_given
+    end
+
+    it 'returns true if both the username and password have been overridden' do
+      subject.username = 'johndoe'
+      subject.password = 'secret'
+
+      expect(subject).to be_credentials_given
+    end
+  end
+end

scripts/review_apps/review-apps.sh

@@ -149,19 +149,19 @@ HELM_CMD=$(cat << EOF
     --set redis.resources.requests.cpu=100m \
     --set minio.resources.requests.cpu=100m \
     --set gitlab.migrations.image.repository="$gitlab_migrations_image_repository" \
-    --set gitlab.migrations.image.tag="$CI_COMMIT_REF_NAME" \
+    --set gitlab.migrations.image.tag="$CI_COMMIT_REF_SLUG" \
     --set gitlab.sidekiq.image.repository="$gitlab_sidekiq_image_repository" \
-    --set gitlab.sidekiq.image.tag="$CI_COMMIT_REF_NAME" \
+    --set gitlab.sidekiq.image.tag="$CI_COMMIT_REF_SLUG" \
     --set gitlab.unicorn.image.repository="$gitlab_unicorn_image_repository" \
-    --set gitlab.unicorn.image.tag="$CI_COMMIT_REF_NAME" \
+    --set gitlab.unicorn.image.tag="$CI_COMMIT_REF_SLUG" \
     --set gitlab.task-runner.image.repository="$gitlab_task_runner_image_repository" \
-    --set gitlab.task-runner.image.tag="$CI_COMMIT_REF_NAME" \
+    --set gitlab.task-runner.image.tag="$CI_COMMIT_REF_SLUG" \
     --set gitlab.gitaly.image.repository="registry.gitlab.com/gitlab-org/build/cng-mirror/gitaly" \
     --set gitlab.gitaly.image.tag="v$GITALY_VERSION" \
     --set gitlab.gitlab-shell.image.repository="registry.gitlab.com/gitlab-org/build/cng-mirror/gitlab-shell" \
     --set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
     --set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
-    --set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
+    --set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_SLUG" \
     --set nginx-ingress.controller.config.ssl-ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" \
     --namespace="$KUBE_NAMESPACE" \
     --version="$CI_PIPELINE_ID-$CI_JOB_ID" \

scripts/trigger-build

@@ -68,7 +68,7 @@ module Trigger
 
     def base_variables
       {
-        'GITLAB_REF_SLUG' => ENV['CI_COMMIT_REF_SLUG'],
+        'GITLAB_REF_SLUG' => ENV['CI_COMMIT_TAG'] ? ENV['CI_COMMIT_REF_NAME'] : ENV['CI_COMMIT_REF_SLUG'],
         'TRIGGERED_USER' => ENV['TRIGGERED_USER'] || ENV['GITLAB_USER_NAME'],
         'TRIGGER_SOURCE' => ENV['CI_JOB_URL'],
         'TOP_UPSTREAM_SOURCE_PROJECT' => ENV['CI_PROJECT_PATH'],
@@ -137,7 +137,11 @@ module Trigger
       edition = Trigger.ee? ? 'EE' : 'CE'
 
       {
+        # Back-compatibility until https://gitlab.com/gitlab-org/build/CNG/merge_requests/189 is merged
         "GITLAB_#{edition}_VERSION" => ENV['CI_COMMIT_REF_NAME'],
+        "GITLAB_VERSION" => ENV['CI_COMMIT_REF_NAME'],
+        "GITLAB_TAG" => ENV['CI_COMMIT_TAG'],
+        "GITLAB_ASSETS_TAG" => ENV['CI_COMMIT_REF_SLUG'],
         "#{edition}_PIPELINE" => 'true'
       }
     end

spec/controllers/projects/error_tracking_controller_spec.rb

@@ -20,18 +20,6 @@ describe Projects::ErrorTrackingController do
         expect(response).to render_template(:index)
       end
 
-      context 'with feature flag disabled' do
-        before do
-          stub_feature_flags(error_tracking: false)
-        end
-
-        it 'returns 404' do
-          get :index, params: project_params
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
-
       context 'with insufficient permissions' do
         before do
           project.add_guest(user)

spec/controllers/projects/settings/operations_controller_spec.rb

@@ -41,18 +41,6 @@ describe Projects::Settings::OperationsController do
         end
       end
 
-      context 'with feature flag disabled' do
-        before do
-          stub_feature_flags(error_tracking: false)
-        end
-
-        it 'renders 404' do
-          get :show, params: project_params(project)
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
-
       context 'with insufficient permissions' do
         before do
           project.add_reporter(user)
@@ -121,18 +109,6 @@ describe Projects::Settings::OperationsController do
         end
       end
 
-      context 'with feature flag disabled' do
-        before do
-          stub_feature_flags(error_tracking: false)
-        end
-
-        it 'renders 404' do
-          patch :update, params: project_params(project)
-
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
-
       context 'with insufficient permissions' do
         before do
           project.add_reporter(user)

spec/features/projects/settings/operations_settings_spec.rb

@@ -8,32 +8,16 @@ describe 'Projects > Settings > For a forked project', :js do
   let(:role) { :maintainer }
 
   before do
-    stub_feature_flags(error_tracking: true)
     sign_in(user)
     project.add_role(user, role)
   end
 
   describe 'Sidebar > Operations' do
-    context 'when sidebar feature flag enabled' do
-      it 'renders the settings link in the sidebar' do
-        visit project_path(project)
-        wait_for_requests
+    it 'renders the settings link in the sidebar' do
+      visit project_path(project)
+      wait_for_requests
 
-        expect(page).to have_selector('a[title="Operations"]', visible: false)
-      end
-    end
-
-    context 'when sidebar feature flag disabled' do
-      before do
-        stub_feature_flags(error_tracking: false)
-      end
-
-      it 'does not render the settings link in the sidebar' do
-        visit project_path(project)
-        wait_for_requests
-
-        expect(page).not_to have_selector('a[title="Operations"]', visible: false)
-      end
+      expect(page).to have_selector('a[title="Operations"]', visible: false)
     end
   end
 end

spec/features/projects/tags/user_edits_tags_spec.rb

+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Project > Tags', :js do
+  include DropzoneHelper
+
+  let(:user) { create(:user) }
+  let(:role) { :developer }
+  let(:project) { create(:project, :repository) }
+
+  before do
+    sign_in(user)
+    project.add_role(user, role)
+  end
+
+  describe 'when opening project tags' do
+    before do
+      visit project_tags_path(project)
+    end
+
+    context 'page with tags list' do
+      it 'shows tag name' do
+        page.within first('.tags > .content-list > li') do
+          expect(page.find('.row-main-content')).to have_content 'v1.1.0 Version 1.1.0'
+        end
+      end
+
+      it 'shows tag edit button' do
+        page.within first('.tags > .content-list > li') do
+          edit_btn = page.find('.row-fixed-content.controls a.btn-edit')
+
+          expect(edit_btn['href']).to have_content '/tags/v1.1.0/release/edit'
+        end
+      end
+    end
+
+    context 'edit tag release notes' do
+      before do
+        find('.tags > .content-list > li:first-child .row-fixed-content.controls a.btn-edit').click
+      end
+
+      it 'shows tag name header' do
+        page.within('.content') do
+          expect(page.find('.sub-header-block')).to have_content 'Release notes for tag v1.1.0'
+        end
+      end
+
+      it 'shows release notes form' do
+        page.within('.content') do
+          expect(page).to have_selector('form.release-form')
+        end
+      end
+
+      it 'toolbar buttons on release notes form are functional' do
+        page.within('.content form.release-form') do
+          note_textarea = page.find('.js-gfm-input')
+
+          # Click on Bold button
+          page.find('.md-header-toolbar button.toolbar-btn:first-child').click
+
+          expect(note_textarea.value).to eq('****')
+        end
+      end
+
+      it 'release notes form shows "Attach a file" button', :js do
+        page.within('.content form.release-form') do
+          expect(page).to have_button('Attach a file')
+          expect(page).not_to have_selector('.uploading-progress-container', visible: true)
+        end
+      end
+
+      it 'shows "Attaching a file" message on uploading 1 file', :js do
+        slow_requests do
+          dropzone_file([Rails.root.join('spec', 'fixtures', 'dk.png')], 0, false)
+
+          expect(page).to have_selector('.attaching-file-message', visible: true, text: 'Attaching a file -')
+        end
+      end
+    end
+  end
+end

spec/helpers/projects_helper_spec.rb

@@ -372,21 +372,16 @@ describe ProjectsHelper do
     end
 
     context 'when project has external wiki' do
-      before do
-        allow(project).to receive(:has_external_wiki?).and_return(true)
-      end
-
       it 'includes external wiki tab' do
+        project.create_external_wiki_service(active: true, properties: { 'external_wiki_url' => 'https://gitlab.com' })
+
         is_expected.to include(:external_wiki)
       end
     end
 
     context 'when project does not have external wiki' do
-      before do
-        allow(project).to receive(:has_external_wiki?).and_return(false)
-      end
-
       it 'does not include external wiki tab' do
+        expect(project.external_wiki).to be_nil
         is_expected.not_to include(:external_wiki)
       end
     end

spec/lib/gitlab/bitbucket_server_import/importer_spec.rb

@@ -21,12 +21,9 @@ describe Gitlab::BitbucketServerImport::Importer do
   end
 
   describe '#import_repository' do
-    before do
+    it 'adds a remote' do
       expect(subject).to receive(:import_pull_requests)
       expect(subject).to receive(:delete_temp_branches)
-    end
-
-    it 'adds a remote' do
       expect(project.repository).to receive(:fetch_as_mirror)
                                      .with('http://bitbucket:test@my-bitbucket',
                                            refmap: [:heads, :tags, '+refs/pull-requests/*/to:refs/merge-requests/*/head'],
@@ -34,6 +31,18 @@ describe Gitlab::BitbucketServerImport::Importer do
 
       subject.execute
     end
+
+    it 'raises a Gitlab::Shell exception in the fetch' do
+      expect(project.repository).to receive(:fetch_as_mirror).and_raise(Gitlab::Shell::Error)
+
+      expect { subject.execute }.to raise_error(Gitlab::Shell::Error)
+    end
+
+    it 'raises an unhandled exception in the fetch' do
+      expect(project.repository).to receive(:fetch_as_mirror).and_raise(RuntimeError)
+
+      expect { subject.execute }.to raise_error(RuntimeError)
+    end
   end
 
   describe '#import_pull_requests' do

spec/models/appearance_spec.rb

@@ -36,6 +36,13 @@ describe Appearance do
       expect(subject.send("#{logo_type}_path")).to be_nil
     end
 
+    it 'returns the path when the upload has been orphaned' do
+      appearance.send(logo_type).upload.destroy
+      appearance.reload
+
+      expect(appearance.send("#{logo_type}_path")).to eq(expected_path)
+    end
+
     it 'returns a local path using the system route' do
       expect(appearance.send("#{logo_type}_path")).to eq(expected_path)
     end

spec/models/repository_spec.rb

@@ -1237,6 +1237,27 @@ describe Repository do
     end
   end
 
+  describe '#blobs_at' do
+    let(:empty_repository) { create(:project_empty_repo).repository }
+
+    it 'returns empty array for an empty repository' do
+      # rubocop:disable Style/WordArray
+      expect(empty_repository.blobs_at(['master', 'foobar'])).to eq([])
+      # rubocop:enable Style/WordArray
+    end
+
+    it 'returns blob array for a non-empty repository' do
+      repository.create_file(User.last, 'foobar', 'CONTENT', message: 'message', branch_name: 'master')
+
+      # rubocop:disable Style/WordArray
+      blobs = repository.blobs_at([['master', 'foobar']])
+      # rubocop:enable Style/WordArray
+
+      expect(blobs.first.name).to eq('foobar')
+      expect(blobs.size).to eq(1)
+    end
+  end
+
   describe '#root_ref' do
     it 'returns a branch name' do
       expect(repository.root_ref).to be_an_instance_of(String)

spec/models/ssh_host_key_spec.rb

@@ -50,6 +50,12 @@ describe SshHostKey do
 
   subject(:ssh_host_key) { described_class.new(project: project, url: 'ssh://example.com:2222', compare_host_keys: compare_host_keys) }
 
+  describe '.primary_key' do
+    it 'returns a symbol' do
+      expect(described_class.primary_key).to eq(:id)
+    end
+  end
+
   describe '#fingerprints', :use_clean_rails_memory_store_caching do
     it 'returns an array of indexed fingerprints when the cache is filled' do
       stub_reactive_cache(ssh_host_key, known_hosts: known_hosts)

spec/services/suggestions/apply_service_spec.rb

@@ -134,12 +134,11 @@ describe Suggestions::ApplyService do
         end
       end
 
-      context 'when diff ref from position is different from repo diff refs' do
+      context 'when HEAD from position is different from source branch HEAD on repo' do
         it 'returns error message' do
-          outdated_refs = Gitlab::Diff::DiffRefs.new(base_sha: 'foo', start_sha: 'bar', head_sha: 'outdated')
-
           allow(suggestion).to receive(:appliable?) { true }
-          allow(suggestion.position).to receive(:diff_refs) { outdated_refs }
+          allow(suggestion.position).to receive(:head_sha) { 'old-sha' }
+          allow(suggestion.noteable).to receive(:source_branch_sha) { 'new-sha' }
 
           result = subject.execute(suggestion)
 

spec/views/projects/settings/operations/show.html.haml_spec.rb

@@ -13,8 +13,6 @@ describe 'projects/settings/operations/show' do
 
   describe 'Operations > Error Tracking' do
     before do
-      stub_feature_flags(error_tracking: true)
-
       project.add_reporter(user)
 
       allow(view).to receive(:error_tracking_setting)