More actively use css variabled to prevent colors duplication

See merge request !1715

Fix public issue

See merge request !1717

Update installation and upgrade documentation

See merge request !1714

Fix service UI

There was a small bug in the service UI that caused an empty 'Trigger' label to be shown. After this change the 'Trigger' field is not shown when only one event type of supported.

Before:
![Screen Shot 2015-03-16 at 7.40.31 PM](https://gitlab.com/uploads/dblessing/gitlab-ce/0457a0b918/Screen_Shot_2015-03-16_at_7.40.31_PM.png)

I think in the future there are other things we can do to enforce at least one selected event type and also show the user what the singular event type is if only one is supported. That will take time to work out and this is definitely acceptable for the time.

See merge request !395

Delete deploy key when last connection to a project is destroyed.

Addresses #1959.

See merge request !1710

Subscription to issue/mr

Fixes #1911 and #1909

![joxi_screenshot_1426601822159](https://dev.gitlab.org/gitlab/gitlabhq/uploads/53021bc5783271322ab2dfba7598eaa3/joxi_screenshot_1426601822159.png)

![joxi_screenshot_1426601836423](https://dev.gitlab.org/gitlab/gitlabhq/uploads/244ff360fbd6f30980f8dad699400814/joxi_screenshot_1426601836423.png)

See merge request !1702

Fix invalid Atom feeds when using emoji, horizontal rules, or images

This is a fix for issues #880, #723, #1113.

Markdown must be rendered to XHTML, not HTML, when generating summary content for Atom feeds. Otherwise, content-less tags like *img* and *hr* are not terminated and make the Atom XML invalid. Such tags are generated when issue descriptions, merge request descriptions, comments, or commit messages use emoji, horizontal rules, or images.

To pass this option through from the relevant Haml templates to the proper place in the `gfm()` method, a new method `gfm_with_options()` is introduced. It reuses the options dictionary passed to `markdown()` and interprets options `xhtml` and `parse_tasks` from it (the latter was a convenient replacement for `gfm_with_tasks()`). `xhtml` is already interpreted by Redcarpet::Render::HTML, but that alone was not sufficient, because the post-processing in `gfm()` would convert its XHTML tags back to HTML.

I found no way of passing additional optional options to the existing `gfm()` method without requiring updates to existing callers and without getting in the way of the existing optional arguments, but maybe someone who knows more about Ruby than I can think of one.

Thorough review appreciated since this is the first time I have used Ruby.

See merge request !344

This reverts commit c42262b4, reversing
changes made to c6586b12.

Change permissions on backup files

Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files.  See #1894.  Now the backup task recursively `chmod`s the `db/`, `uploads/`, and `repositories/` folders with 0700 permissions, and the tar file is created as 0600.

cc @sytse

See merge request !1703

Documentation about unicorn settings.

Helps with https://news.ycombinator.com/item?id=9213180

See merge request !1704

Relative sematic versioning

Note to indicate that semantic versioning is not absolute or allows you to fly blind.

See merge request !286

Handle null restricted_visibility_levels setting

Fix a 500 error when the `restricted_visibility_levels` setting is null in the database - see #2134.

See merge request !1705

Fixes issues #880, #723, #1113: Markdown must be rendered to XHTML, not HTML, when generating summary content for Atom feeds. Otherwise, content-less tags like <img> and <hr>, generated when issue descriptions, merge request descriptions, comments, or commit messages use emoji, horizontal rules, or images, are not terminated and make the Atom XML invalid.

Dependency to documentation

See merge request !1707

Remove rubyracer gem

See merge request !1706

Check for nil values in the restricted_visibility_level validation
method, and set the restricted visibility request parameter to `[]` when
it's missing from the request.

Fix a 500 error when the `restricted_visibility_levels` setting is null
in the database.

Prevent gitlab-shell character encoding issues by receiving its changes as raw data.

Depends on gitlab/gitlab-shell!65.

Fixes:

- https://github.com/gitlabhq/gitlabhq/issues/7486
- https://gitlab.com/gitlab-org/gitlab-ce/issues/858
- https://gitlab.com/gitlab-org/gitlab-ce/issues/877
- https://gitlab.com/gitlab-org/gitlab-ce/issues/965

See merge request !1701

Update monthly doc to mention wip blogpost for next release.

See merge request !1697

Restricted visibility levels - bug fix and new feature

This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI.  See #1903.

## Move configuration location

I added a new section to the application settings page for restricted visibility levels.  Each level has a checkbox, styled with Bootstrap to look like a toggle button.  A checked box means that the level is restricted.  I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked.  This image shows the new section with the "Public" box checked:

![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png)

## Allow admins to override

To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class.  The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden.  We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level.

The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes.  Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update).  I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected.

Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers.  The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent.  I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do.  And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level.

## TODO

* [x] Add more tests for restricted visibility functionality

cc @sytse @dzaporozhets

See merge request !1655