Merge branch 'ce-to-ee-2018-08-21' into 'master'

CE upstream - 2018-08-21 07:49 UTC

Closes gitlab-org/quality/staging#2

See merge request gitlab-org/gitlab-ee!6957

.gitlab-ci.yml

@@ -918,7 +918,7 @@ karma:
       - chrome_debug.log
       - coverage-javascript/
 
-codequality:
+code_quality:
   <<: *dedicated-no-docs-no-db-pull-cache-job
   image: docker:stable
   allow_failure: true
@@ -936,9 +936,13 @@ codequality:
   script:
     # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable" for Security Products
     - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
+    - docker run
+        --env SOURCE_CODE="$PWD"
+        --volume "$PWD":/code
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
   artifacts:
-    paths: [codeclimate.json]
+    paths: [gl-code-quality-report.json]
     expire_in: 1 week
 
 sast:

CONTRIBUTING.md

@@ -64,11 +64,11 @@ As of July 2018, all the documentation for contributing to the GitLab project ha
 
 ## Contribute to GitLab
 
-For a first-time step-by-step guide to the contribution process, see
-["Contributing to GitLab"](https://about.gitlab.com/contributing/).
-
 Thank you for your interest in contributing to GitLab. This guide details how
-to contribute to GitLab in a way that is efficient for everyone.
+to contribute to GitLab in a way that is easy for everyone.
+
+For a first-time step-by-step guide to the contribution process, please see
+["Contributing to GitLab"](https://about.gitlab.com/contributing/).
 
 Looking for something to work on? Look for issues with the label [Accepting Merge Requests](#i-want-to-contribute).
 
@@ -77,10 +77,10 @@ source edition, and GitLab Enterprise Edition (EE) which is our commercial
 edition. Throughout this guide you will see references to CE and EE for
 abbreviation.
 
-If you have read this guide and want to know how the GitLab [core team]
+If you want to know how the GitLab [core team]
 operates please see [the GitLab contributing process](PROCESS.md).
 
-- [GitLab Inc engineers should refer to the engineering workflow document](https://about.gitlab.com/handbook/engineering/workflow/)
+[GitLab Inc engineers should refer to the engineering workflow document](https://about.gitlab.com/handbook/engineering/workflow/)
 
 ## Security vulnerability disclosure
 

GITALY_SERVER_VERSION

-0.117.1
+0.117.2

Gemfile

@@ -435,7 +435,7 @@ group :ed25519 do
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.112.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.113.0', require: 'gitaly'
 gem 'grpc', '~> 1.11.0'
 
 # Locked until https://github.com/google/protobuf/issues/4210 is closed

Gemfile.lock

@@ -306,7 +306,7 @@ GEM
       gettext_i18n_rails (>= 0.7.1)
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
-    gitaly-proto (0.112.0)
+    gitaly-proto (0.113.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.10)
     github-linguist (5.3.3)
@@ -1076,7 +1076,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly-proto (~> 0.112.0)
+  gitaly-proto (~> 0.113.0)
   github-linguist (~> 5.3.3)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-gollum-lib (~> 4.2)

Gemfile.rails5.lock

@@ -309,7 +309,7 @@ GEM
       gettext_i18n_rails (>= 0.7.1)
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
-    gitaly-proto (0.112.0)
+    gitaly-proto (0.113.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.10)
     github-linguist (5.3.3)
@@ -1088,7 +1088,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly-proto (~> 0.112.0)
+  gitaly-proto (~> 0.113.0)
   github-linguist (~> 5.3.3)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-gollum-lib (~> 4.2)
@@ -1250,4 +1250,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.16.2
+   1.16.3

README.md

@@ -88,7 +88,7 @@ You can access a new installation with the login **`root`** and password **`5ive
 
 ## Contributing
 
-GitLab is an open source project and we are very happy to accept community contributions. Please refer to [Contributing to GitLab page](https://about.gitlab.com/contributing/) for details.
+GitLab is an open source project and we are very happy to accept community contributions. Please refer to [Contributing to GitLab page](https://about.gitlab.com/contributing/) for more details.
 
 ## Licensing
 
@@ -96,7 +96,7 @@ GitLab Community Edition (CE) is available freely under the MIT Expat license.
 
 All third party components incorporated into the GitLab Software are licensed under the original license provided by the owner of the applicable component.
 
-All Documentation content that resides under the doc/ directory of this repository is licensed under Creative Commons: CC BY-SA 4.0.
+All Documentation content that resides under the `doc/` directory of this repository is licensed under Creative Commons: CC BY-SA 4.0.
 
 ## Install a development environment
 

app/assets/javascripts/monitoring/components/dashboard.vue

@@ -190,7 +190,7 @@ export default {
 <template>
   <div
     v-if="!showEmptyState"
-    class="prometheus-graphs prepend-top-10"
+    class="prometheus-graphs prepend-top-default"
   >
     <div
       v-if="showEnvironmentDropdown"

app/assets/stylesheets/framework/images.scss

@@ -25,7 +25,7 @@
     &.svg-#{$width} {
       img,
       svg {
-        width: #{$width + 'px'};
+        max-width: #{$width + 'px'};
       }
     }
   }

app/views/admin/runners/index.html.haml

@@ -49,7 +49,7 @@
         = submit_tag 'Search', class: 'btn'
 
     .float-right.light
-      Runners with last contact more than a minute ago: #{@active_runners_cnt}
+      Runners currently online: #{@active_runners_cnt}
 
   %br
 

app/views/projects/environments/metrics.html.haml

@@ -2,11 +2,4 @@
 - page_title "Metrics for environment", @environment.name
 
 .prometheus-container{ class: container_class }
-  .top-area
-    .row
-      .col-sm-6
-        %h3
-          Environment:
-          = link_to @environment.name, environment_path(@environment)
-
   #prometheus-graphs{ data: metrics_data(@project, @environment) }

app/views/projects/runners/_specific_runners.html.haml

@@ -13,4 +13,4 @@
   %h4.underlined-title Available specific runners
   %ul.bordered-list.available-specific-runners
     = render partial: 'projects/runners/runner', collection: @assignable_runners, as: :runner
-  = paginate @assignable_runners, theme: "gitlab"
+  = paginate @assignable_runners, theme: "gitlab", :params => { :anchor => '#js-runners-settings' }

changelogs/unreleased/42754-runners-pagination.yml

+---
+title: Does not collapse runners section when using pagination
+merge_request:
+author:
+type: fixed

changelogs/unreleased/47845-propagate_failure_reason-to-job-webhook.yml

+---
+title: "#47845 Add failure_reason to job webhook"
+merge_request: 21143
+author: matemaciek
+type: added

changelogs/unreleased/48145-illustration.yml

+---
+title: Fixes SVGs for empty states in job page overflowing on mobile
+merge_request:
+author:
+type: fixed

changelogs/unreleased/49907-commits-and-merge-requests-does-not-list-all-files-when-one-file-exceeds-size-limits.yml

+---
+title: Fix merge requests not showing any diff files for big patches
+merge_request: 21125
+author:
+type: fixed

changelogs/unreleased/50019-remove-redundant-header-from-metrics-page.yml

+---
+title: Remove redundant header from metrics page
+merge_request: 21282
+author:
+type: changed

changelogs/unreleased/6010_remove_gemnasium_service.yml

 ---
 title: Remove Gemnasium service
-merge_request:
+merge_request: 21185
 author:
 type: removed

changelogs/unreleased/fix_event_api_permissions.yml

+---
+title: 'Events API now requires the read_user or api scope.'
+merge_request: 20627
+author: Warren Parad
+type: fixed

changelogs/unreleased/runners-online.yml

+---
+title: Clarify current runners online text
+merge_request: 21151
+author: Ben Bodenmiller
+type: other

doc/administration/high_availability/gitlab.md

@@ -25,11 +25,11 @@ for each GitLab application server in your environment.
    options. Here is an example snippet to add to `/etc/fstab`:
 
     ```
-    10.1.0.1:/var/opt/gitlab/.ssh /var/opt/gitlab/.ssh nfs defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
-    10.1.0.1:/var/opt/gitlab/gitlab-rails/uploads /var/opt/gitlab/gitlab-rails/uploads nfs defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
-    10.1.0.1:/var/opt/gitlab/gitlab-rails/shared /var/opt/gitlab/gitlab-rails/shared nfs defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
-    10.1.0.1:/var/opt/gitlab/gitlab-ci/builds /var/opt/gitlab/gitlab-ci/builds nfs defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
-    10.1.0.1:/var/opt/gitlab/git-data /var/opt/gitlab/git-data nfs defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
+    10.1.0.1:/var/opt/gitlab/.ssh /var/opt/gitlab/.ssh nfs4 defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
+    10.1.0.1:/var/opt/gitlab/gitlab-rails/uploads /var/opt/gitlab/gitlab-rails/uploads nfs4 defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
+    10.1.0.1:/var/opt/gitlab/gitlab-rails/shared /var/opt/gitlab/gitlab-rails/shared nfs4 defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
+    10.1.0.1:/var/opt/gitlab/gitlab-ci/builds /var/opt/gitlab/gitlab-ci/builds nfs4 defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
+    10.1.0.1:/var/opt/gitlab/git-data /var/opt/gitlab/git-data nfs4 defaults,soft,rsize=1048576,wsize=1048576,noatime,nofail,lookupcache=positive 0 2
     ```
 
 1. Create the shared directories. These may be different depending on your NFS

doc/administration/repository_storage_types.md

@@ -42,7 +42,7 @@ Registry, etc.
 ## Hashed Storage
 
 > **Warning:** Hashed storage is in **Beta**. For the latest updates, check the
-> associated [issue](https://gitlab.com/gitlab-com/infrastructure/issues/2821)
+> associated [issue](https://gitlab.com/gitlab-com/infrastructure/issues/3542)
 > and please report any problems you encounter.
 
 Hashed Storage is the new storage behavior we are rolling out with 10.0. Instead

doc/api/events.md

@@ -48,9 +48,11 @@ GitLab removes events older than 1 year from the events table for performance re
 
 ## List currently authenticated user's events
 
->**Note:** This endpoint was introduced in GitLab 9.3.
+>**Notes:**
+> This endpoint was introduced in GitLab 9.3.
+> `read_user` access was introduced in GitLab 11.3.
 
-Get a list of events for the authenticated user.
+Get a list of events for the authenticated user. Scope `read_user` or `api` is required.
 
 ```
 GET /events
@@ -119,9 +121,11 @@ Example response:
 
 ### Get user contribution events
 
->**Note:** Documentation was formerly located in the [Users API pages][users-api].
+>**Notes:**
+> Documentation was formerly located in the [Users API pages][users-api].
+> `read_user` access was introduced in GitLab 11.3.
 
-Get the contribution events for the specified user, sorted from newest to oldest.
+Get the contribution events for the specified user, sorted from newest to oldest. Scope `read_user` or `api` is required.
 
 ```
 GET /users/:id/events

doc/development/testing_guide/smoke.md

+# Smoke Tests
+
+It is imperative in any testing suite that we have Smoke Tests.  In short, smoke tests are will run quick sanity
+end-to-end functional tests from GitLab QA and are designed to run against the specified environment to ensure that 
+basic functionality is working.
+
+Currently, our suite consists of this basic functionality coverage:
+
+- User Login (Standard Auth)
+- Project Creation
+- Issue Creation
+- Merge Request Creation
+
+---
+
+[Return to Testing documentation](index.md)

doc/development/testing_guide/testing_levels.md

@@ -120,6 +120,14 @@ running feature tests (i.e. using Capybara) against it.
 The actual test scenarios and steps are [part of GitLab Rails] so that they're
 always in-sync with the codebase.
 
+### Smoke tests
+
+Smoke tests are quick tests that may be run at any time (especially after the pre-deployment migrations).
+
+Much like feature tests - these tests run against the UI and ensure that basic functionality is working.
+
+> See [Smoke Tests](smoke.md) for more information.
+
 Read a separate document about [end-to-end tests](end_to_end_tests.md) to
 learn more.
 

doc/user/project/integrations/webhooks.md

@@ -1127,6 +1127,7 @@ X-Gitlab-Event: Build Hook
   "build_finished_at": null,
   "build_duration": null,
   "build_allow_failure": false,
+  "build_failure_reason": "script_failure",
   "project_id": 380,
   "project_name": "gitlab-org/gitlab-test",
   "user": {

lib/api/events.rb

 module API
   class Events < Grape::API
     include PaginationParams
+    include APIGuard
 
     helpers do
       params :event_filter_params do
@@ -24,6 +25,8 @@ module API
     end
 
     resource :events do
+      allow_access_with_scope :read_user, if: -> (request) { request.get? }
+
       desc "List currently authenticated user's events" do
         detail 'This feature was introduced in GitLab 9.3.'
         success Entities::Event
@@ -46,6 +49,8 @@ module API
       requires :id, type: String, desc: 'The ID or Username of the user'
     end
     resource :users do
+      allow_access_with_scope :read_user, if: -> (request) { request.get? }
+
       desc 'Get the contribution events of a specified user' do
         detail 'This feature was introduced in GitLab 8.13.'
         success Entities::Event

lib/gitlab/data_builder/build.rb

@@ -28,6 +28,7 @@ module Gitlab
           build_finished_at: build.finished_at,
           build_duration: build.duration,
           build_allow_failure: build.allow_failure,
+          build_failure_reason: build.failure_reason,
 
           # TODO: do we still need it?
           project_id: project.id,

lib/gitlab/git/diff.rb

@@ -226,6 +226,7 @@ module Gitlab
         @new_file = diff.from_id == BLANK_SHA
         @renamed_file = diff.from_path != diff.to_path
         @deleted_file = diff.to_id == BLANK_SHA
+        @too_large = diff.too_large if diff.respond_to?(:too_large)
 
         collapse! if diff.respond_to?(:collapsed) && diff.collapsed
       end

lib/gitlab/gitaly_client/diff.rb

 module Gitlab
   module GitalyClient
     class Diff
-      ATTRS = %i(from_path to_path old_mode new_mode from_id to_id patch overflow_marker collapsed).freeze
+      ATTRS = %i(from_path to_path old_mode new_mode from_id to_id patch overflow_marker collapsed too_large).freeze
 
       include AttributesBag
     end

qa/README.md

@@ -35,7 +35,7 @@ following call would login to a local [GDK] instance and run all specs in
 `qa/specs/features`:
 
 ```
-bin/qa Test::Instance http://localhost:3000
+bin/qa Test::Instance::All http://localhost:3000
 ```
 
 ### Writing tests
@@ -48,14 +48,14 @@ You can also supply specific tests to run as another parameter. For example, to
 run the repository-related specs, you can execute:
 
 ```
-bin/qa Test::Instance http://localhost qa/specs/features/repository/
+bin/qa Test::Instance::All http://localhost qa/specs/features/repository/
 ```
 
 Since the arguments would be passed to `rspec`, you could use all `rspec`
 options there. For example, passing `--backtrace` and also line number:
 
 ```
-bin/qa Test::Instance http://localhost qa/specs/features/project/create_spec.rb:3 --backtrace
+bin/qa Test::Instance::All http://localhost qa/specs/features/project/create_spec.rb:3 --backtrace
 ```
 
 ### Overriding the authenticated user
@@ -67,7 +67,7 @@ If you need to authenticate as a different user, you can provide the
 `GITLAB_USERNAME` and `GITLAB_PASSWORD` environment variables:
 
 ```
-GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password bin/qa Test::Instance https://gitlab.example.com
+GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password bin/qa Test::Instance::All https://gitlab.example.com
 ```
 
 If your user doesn't have permission to default sandbox group
@@ -75,13 +75,13 @@ If your user doesn't have permission to default sandbox group
 `GITLAB_SANDBOX_NAME`:
 
 ```
-GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password GITLAB_SANDBOX_NAME=jsmith-qa-sandbox bin/qa Test::Instance https://gitlab.example.com
+GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password GITLAB_SANDBOX_NAME=jsmith-qa-sandbox bin/qa Test::Instance::All https://gitlab.example.com
 ```
 
 In addition, the `GITLAB_USER_TYPE` can be set to "ldap" to sign in as an LDAP user:
 
 ```
-GITLAB_USER_TYPE=ldap GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password GITLAB_SANDBOX_NAME=jsmith-qa-sandbox bin/qa Test::Instance https://gitlab.example.com
+GITLAB_USER_TYPE=ldap GITLAB_USERNAME=jsmith GITLAB_PASSWORD=password GITLAB_SANDBOX_NAME=jsmith-qa-sandbox bin/qa Test::Instance::All https://gitlab.example.com
 ```
 
 All [supported environment variables are here](https://gitlab.com/gitlab-org/gitlab-qa#supported-environment-variables).

qa/qa.rb

@@ -77,14 +77,16 @@ module QA
     #
     autoload :Bootable, 'qa/scenario/bootable'
     autoload :Actable, 'qa/scenario/actable'
-    autoload :Taggable, 'qa/scenario/taggable'
     autoload :Template, 'qa/scenario/template'
 
     ##
     # Test scenario entrypoints.
     #
     module Test
-      autoload :Instance, 'qa/scenario/test/instance'
+      module Instance
+        autoload :All, 'qa/scenario/test/instance/all'
+        autoload :Smoke, 'qa/scenario/test/instance/smoke'
+      end
 
       module Integration
         autoload :Github, 'qa/scenario/test/integration/github'

qa/qa/factory/resource/fork.rb

@@ -4,7 +4,12 @@ module QA
       class Fork < Factory::Base
         dependency Factory::Repository::ProjectPush, as: :push
 
-        dependency Factory::Resource::User, as: :user
+        dependency Factory::Resource::User, as: :user do |user|
+          if Runtime::Env.forker?
+            user.username = Runtime::Env.forker_username
+            user.password = Runtime::Env.forker_password
+          end
+        end
 
         product(:user) { |factory| factory.user }
 

qa/qa/factory/resource/user.rb

@@ -4,28 +4,52 @@ module QA
   module Factory
     module Resource
       class User < Factory::Base
-        attr_accessor :name, :username, :email, :password
+        attr_reader :unique_id
+        attr_writer :username, :password, :name, :email
 
         def initialize
-          @name = "name-#{SecureRandom.hex(8)}"
-          @username = "username-#{SecureRandom.hex(8)}"
-          @email = "mail#{SecureRandom.hex(8)}@mail.com"
-          @password = 'password'
+          @unique_id = SecureRandom.hex(8)
         end
 
-        product(:name) { |factory| factory.name }
+        def username
+          @username ||= "qa-user-#{unique_id}"
+        end
 
-        product(:username) { |factory| factory.username }
+        def password
+          @password ||= 'password'
+        end
 
-        product(:email) { |factory| factory.email }
+        def name
+          @name ||= username
+        end
+
+        def email
+          @email ||= "#{username}@example.com"
+        end
 
+        def credentials_given?
+          defined?(@username) && defined?(@password)
+        end
+
+        product(:name) { |factory| factory.name }
+        product(:username) { |factory| factory.username }
+        product(:email) { |factory| factory.email }
         product(:password) { |factory| factory.password }
 
         def fabricate!
-          Page::Menu::Main.act { sign_out }
-          Page::Main::Login.act { switch_to_register_tab }
-          Page::Main::SignUp.perform do |page|
-            page.sign_up!(name: name, username: username, email: email, password: password)
+          Page::Menu::Main.perform { |main| main.sign_out }
+
+          if credentials_given?
+            Page::Main::Login.perform do |login|
+              login.sign_in_using_credentials(self)
+            end
+          else
+            Page::Main::Login.perform do |login|
+              login.switch_to_register_tab
+            end
+            Page::Main::SignUp.perform do |signup|
+              signup.sign_up!(self)
+            end
           end
         end
       end

qa/qa/git/repository.rb

@@ -28,7 +28,7 @@ module QA
       end
 
       def use_default_credentials
-        self.username = Runtime::User.name
+        self.username = Runtime::User.username
         self.password = Runtime::User.password
       end
 

qa/qa/page/main/login.rb

@@ -40,17 +40,19 @@ module QA
           end
         end
 
-        def sign_in_using_credentials
+        def sign_in_using_credentials(user = nil)
           # Don't try to log-in if we're already logged-in
           return if Page::Menu::Main.act { has_personal_area?(wait: 0) }
 
           using_wait_time 0 do
             set_initial_password_if_present
 
+            raise NotImplementedError if Runtime::User.ldap_user? && user&.credentials_given?
+
             if Runtime::User.ldap_user?
               sign_in_using_ldap_credentials
             else
-              sign_in_using_gitlab_credentials
+              sign_in_using_gitlab_credentials(user || Runtime::User)
             end
           end
 
@@ -69,21 +71,30 @@ module QA
           click_on 'Register'
         end
 
+        def switch_to_ldap_tab
+          click_on 'LDAP'
+        end
+
+        def switch_to_standard_tab
+          click_on 'Standard'
+        end
+
         private
 
         def sign_in_using_ldap_credentials
-          click_link 'LDAP'
+          switch_to_ldap_tab
 
           fill_in :username, with: Runtime::User.ldap_username
           fill_in :password, with: Runtime::User.ldap_password
           click_button 'Sign in'
         end
 
-        def sign_in_using_gitlab_credentials
-          click_link 'Standard' if page.has_content?('LDAP')
+        def sign_in_using_gitlab_credentials(user)
+          switch_to_sign_in_tab unless page.has_button?('Sign in')
+          switch_to_standard_tab if page.has_content?('LDAP')
 
-          fill_in :user_login, with: Runtime::User.name
-          fill_in :user_password, with: Runtime::User.password
+          fill_in :user_login, with: user.username
+          fill_in :user_password, with: user.password
           click_button 'Sign in'
         end
 

qa/qa/page/main/sign_up.rb

@@ -11,12 +11,12 @@ module QA
           element :register_button, 'submit "Register"'
         end
 
-        def sign_up!(name:, username:, email:, password:)
-          fill_in :new_user_name, with: name
-          fill_in :new_user_username, with: username
-          fill_in :new_user_email, with: email
-          fill_in :new_user_email_confirmation, with: email
-          fill_in :new_user_password, with: password
+        def sign_up!(user)
+          fill_in :new_user_name, with: user.name
+          fill_in :new_user_username, with: user.username
+          fill_in :new_user_email, with: user.email
+          fill_in :new_user_email_confirmation, with: user.email
+          fill_in :new_user_password, with: user.password
           click_button 'Register'
 
           Page::Menu::Main.act { has_personal_area? }

qa/qa/runtime/env.rb

@@ -41,6 +41,18 @@ module QA
         ENV['GITLAB_PASSWORD']
       end
 
+      def forker?
+        forker_username && forker_password
+      end
+
+      def forker_username
+        ENV['GITLAB_FORKER_USERNAME']
+      end
+
+      def forker_password
+        ENV['GITLAB_FORKER_PASSWORD']
+      end
+
       def ldap_username
         ENV['GITLAB_LDAP_USERNAME']
       end

qa/qa/runtime/user.rb

@@ -3,12 +3,12 @@ module QA
     module User
       extend self
 
-      def default_name
+      def default_username
         'root'
       end
 
-      def name
-        Runtime::Env.user_username || default_name
+      def username
+        Runtime::Env.user_username || default_username
       end
 
       def password

qa/qa/scenario/taggable.rb

-module QA
-  module Scenario
-    module Taggable
-      # rubocop:disable Gitlab/ModuleWithInstanceVariables
-
-      def tags(*tags)
-        @tags = tags
-      end
-
-      def focus
-        @tags.to_a
-      end
-
-      # rubocop:enable Gitlab/ModuleWithInstanceVariables
-    end
-  end
-end

qa/qa/scenario/template.rb

 module QA
   module Scenario
     class Template
-      def self.perform(*args)
+      class << self
+        def perform(*args)
           new.tap do |scenario|
             yield scenario if block_given?
             break scenario.perform(*args)
           end
         end
 
-      def perform(*_args)
-        raise NotImplementedError
+        def tags(*tags)
+          @tags = tags
+        end
+
+        def focus
+          @tags.to_a
+        end
+      end
+
+      def perform(address, *rspec_options)
+        Runtime::Scenario.define(:gitlab_address, address)
+
+        Specs::Runner.perform do |specs|
+          specs.tty = true
+          specs.tags = self.class.focus
+          specs.options =
+            if rspec_options.any?
+              rspec_options
+            else
+              ::File.expand_path('../specs/features', __dir__)
+            end
+        end
       end
     end
   end

qa/qa/scenario/test/instance.rb

-module QA
-  module Scenario
-    module Test
-      ##
-      # Base class for running the suite against any GitLab instance,
-      # including staging and on-premises installation.
-      #
-      class Instance < Template
-        include Bootable
-        extend Taggable
-
-        tags :core
-
-        def perform(address, *rspec_options)
-          Runtime::Scenario.define(:gitlab_address, address)
-
-          ##
-          # Perform before hooks, which are different for CE and EE
-          #
-          Runtime::Release.perform_before_hooks
-
-          Specs::Runner.perform do |specs|
-            specs.tty = true
-            specs.tags = self.class.focus
-            specs.options =
-              if rspec_options.any?
-                rspec_options
-              else
-                ::File.expand_path('../../specs/features', __dir__)
-              end
-          end
-        end
-      end
-    end
-  end
-end

qa/qa/scenario/test/instance/all.rb

+module QA
+  module Scenario
+    module Test
+      ##
+      # Base class for running the suite against any GitLab instance,
+      # including staging and on-premises installation.
+      #
+      module Instance
+        class All < Template
+          include Bootable
+        end
+      end
+    end
+  end
+end

qa/qa/scenario/test/instance/smoke.rb

+module QA
+  module Scenario
+    module Test
+      module Instance
+        ##
+        # Base class for running the suite against any GitLab instance,
+        # including staging and on-premises installation.
+        #
+        class Smoke < Template
+          include Bootable
+
+          tags :smoke
+        end
+      end
+    end
+  end
+end

qa/qa/specs/features/api/basics_spec.rb

 require 'securerandom'
 
 module QA
-  describe 'API basics', :core do
+  describe 'API basics' do
     before(:context) do
       @api_client = Runtime::API::Client.new(:gitlab)
     end
 
     let(:project_name) { "api-basics-#{SecureRandom.hex(8)}" }
-    let(:sanitized_project_path) { CGI.escape("#{Runtime::User.name}/#{project_name}") }
+    let(:sanitized_project_path) { CGI.escape("#{Runtime::User.username}/#{project_name}") }
 
     it 'user creates a project with a file and deletes them afterwards' do
       create_project_request = Runtime::API::Request.new(@api_client, '/projects')

qa/qa/specs/features/api/users_spec.rb

 module QA
-  describe 'API users', :core do
+  describe 'API users' do
     before(:context) do
       @api_client = Runtime::API::Client.new(:gitlab)
     end
@@ -14,11 +14,11 @@ module QA
       end
 
       it 'submit request with a valid user name' do
-        get request.url, { params: { username: Runtime::User.name } }
+        get request.url, { params: { username: Runtime::User.username } }
 
         expect_status(200)
         expect(json_body).to contain_exactly(
-          a_hash_including(username: Runtime::User.name)
+          a_hash_including(username: Runtime::User.username)
         )
       end
 

qa/qa/specs/features/login/basic_spec.rb

+module QA
+  describe 'basic user login', :smoke do
+    it 'user logs in using basic credentials' do
+      Runtime::Browser.visit(:gitlab, Page::Main::Login)
+      Page::Main::Login.act { sign_in_using_credentials }
+
+      # TODO, since `Signed in successfully` message was removed
+      # this is the only way to tell if user is signed in correctly.
+      #
+      Page::Menu::Main.perform do |menu|
+        expect(menu).to have_personal_area
+      end
+    end
+  end
+end

qa/qa/specs/features/login/ldap_spec.rb

 module QA
-  describe 'LDAP user login', :ldap do
+  describe 'LDAP user login', :orchestrated, :ldap do
     before do
       Runtime::Env.user_type = 'ldap'
     end

qa/qa/specs/features/mattermost/group_create_spec.rb

 module QA
-  describe 'create a new group', :mattermost do
+  describe 'create a new group', :orchestrated, :mattermost do
     it 'creating a group with a mattermost team' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/mattermost/login_spec.rb

 module QA
-  describe 'logging in to Mattermost', :mattermost do
+  describe 'logging in to Mattermost', :orchestrated, :mattermost do
     it 'can use gitlab oauth' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login) do
         Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/merge_request/create_spec.rb

 module QA
-  describe 'creates a merge request', :core do
+  describe 'creates a merge request with milestone' do
     it 'user creates a new merge request'  do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }
@@ -29,4 +29,25 @@ module QA
       end
     end
   end
+
+  describe 'creates a merge request', :smoke do
+    it 'user creates a new merge request'  do
+      Runtime::Browser.visit(:gitlab, Page::Main::Login)
+      Page::Main::Login.act { sign_in_using_credentials }
+
+      current_project = Factory::Resource::Project.fabricate! do |project|
+        project.name = 'project-with-merge-request'
+      end
+
+      Factory::Resource::MergeRequest.fabricate! do |merge_request|
+        merge_request.title = 'This is a merge request'
+        merge_request.description = 'Great feature'
+        merge_request.project = current_project
+      end
+
+      expect(page).to have_content('This is a merge request')
+      expect(page).to have_content('Great feature')
+      expect(page).to have_content(/Opened [\w\s]+ ago/)
+    end
+  end
 end

qa/qa/specs/features/merge_request/rebase_spec.rb

 module QA
-  describe 'merge request rebase', :core do
+  describe 'merge request rebase' do
     it 'rebases source branch of merge request'  do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/merge_request/squash_spec.rb

 module QA
-  describe 'merge request squash commits', :core do
+  describe 'merge request squash commits' do
     it 'when squash commits is marked before merge'  do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/activity_spec.rb

 module QA
-  describe 'activity page', :core do
+  describe 'activity page' do
     it 'push creates an event in the activity page' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/add_deploy_key_spec.rb

 module QA
-  describe 'deploy keys support', :core do
+  describe 'deploy keys support' do
     it 'user adds a deploy key' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/add_secret_variable_spec.rb

 module QA
-  describe 'secret variables support', :core do
+  describe 'secret variables support' do
     it 'user adds a secret variable' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/auto_devops_spec.rb

 require 'pathname'
 
 module QA
-  describe 'Auto Devops', :kubernetes do
+  describe 'Auto Devops', :orchestrated, :kubernetes do
     after do
       @cluster&.remove!
     end
@@ -15,6 +15,13 @@ module QA
         p.description = 'Project with Auto Devops'
       end
 
+      # Disable code_quality check in Auto DevOps pipeline as it takes
+      # too long and times out the test
+      Factory::Resource::SecretVariable.fabricate! do |resource|
+        resource.key = 'CODE_QUALITY_DISABLED'
+        resource.value = '1'
+      end
+
       # Create Auto Devops compatible repo
       Factory::Repository::ProjectPush.fabricate! do |push|
         push.project = project

qa/qa/specs/features/project/create_issue_spec.rb

 module QA
-  describe 'creates issue', :core do
+  describe 'creates issue', :smoke do
     let(:issue_title) { 'issue title' }
 
     it 'user creates issue' do

qa/qa/specs/features/project/create_spec.rb

 module QA
-  describe 'create a new project', :core do
+  describe 'create a new project', :smoke do
     it 'user creates a new project' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/deploy_key_clone_spec.rb

 require 'digest/sha1'
 
 module QA
-  describe 'cloning code using a deploy key', :core, :docker do
+  describe 'cloning code using a deploy key', :docker do
     def login
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/project/fork_project_spec.rb

 module QA
-  describe 'Project fork', :core do
+  describe 'Project fork' do
     it 'can submit merge requests to upstream master' do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }
@@ -8,14 +8,12 @@ module QA
         merge_request.fork_branch = 'feature-branch'
       end
 
-      Page::Menu::Main.act { sign_out }
-      Page::Main::Login.act do
-        switch_to_sign_in_tab
-        sign_in_using_credentials
-      end
+      Page::Menu::Main.perform { |main| main.sign_out }
+      Page::Main::Login.perform { |login| login.sign_in_using_credentials }
 
       merge_request.visit!
-      Page::MergeRequest::Show.act { merge! }
+
+      Page::MergeRequest::Show.perform { |show| show.merge! }
 
       expect(page).to have_content('The changes were merged')
     end

qa/qa/specs/features/project/import_from_github_spec.rb

 module QA
-  describe 'user imports a GitHub repo', :core, :github do
+  describe 'user imports a GitHub repo', :orchestrated, :github do
     let(:imported_project) do
       Factory::Resource::ProjectImportedFromGithub.fabricate! do |project|
         project.name = 'imported-project'

qa/qa/specs/features/project/pipelines_spec.rb

 module QA
-  describe 'CI/CD Pipelines', :core, :docker do
+  describe 'CI/CD Pipelines', :orchestrated, :docker do
     let(:executor) { "qa-runner-#{Time.now.to_i}" }
 
     after do

qa/qa/specs/features/project/wikis_spec.rb

 module QA
-  describe 'Wiki Functionality', :core do
+  describe 'Wiki Functionality' do
     def login
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }

qa/qa/specs/features/repository/clone_spec.rb

 module QA
-  describe 'clone code from the repository', :core do
+  describe 'clone code from the repository' do
     context 'with regular account over http' do
       let(:location) do
         Page::Project::Show.act do

qa/qa/specs/features/repository/protected_branches_spec.rb

 module QA
-  describe 'branch protection support', :core do
+  describe 'branch protection support' do
     let(:branch_name) { 'protected-branch' }
     let(:commit_message) { 'Protected push commit message' }
     let(:project) do

qa/qa/specs/features/repository/push_spec.rb

 module QA
-  describe 'push code to repository', :core do
+  describe 'push code to repository' do
     context 'with regular account over http' do
       it 'user pushes code to the repository'  do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)

qa/qa/specs/runner.rb

@@ -14,7 +14,13 @@ module QA
       def perform
         args = []
         args.push('--tty') if tty
-        tags.to_a.each { |tag| args.push(['-t', tag.to_s]) }
+
+        if tags.any?
+          tags.each { |tag| args.push(['-t', tag.to_s]) }
+        else
+          args.push(%w[-t ~orchestrated])
+        end
+
         args.push(options)
 
         Runtime::Browser.configure!

qa/spec/runtime/env_spec.rb

@@ -77,6 +77,31 @@ describe QA::Runtime::Env do
     end
   end
 
+  describe '.forker?' do
+    it 'returns false if no forker credentials are defined' do
+      expect(described_class).not_to be_forker
+    end
+
+    it 'returns false if only forker username is defined' do
+      stub_env('GITLAB_FORKER_USERNAME', 'foo')
+
+      expect(described_class).not_to be_forker
+    end
+
+    it 'returns false if only forker password is defined' do
+      stub_env('GITLAB_FORKER_PASSWORD', 'bar')
+
+      expect(described_class).not_to be_forker
+    end
+
+    it 'returns true if forker username and password are defined' do
+      stub_env('GITLAB_FORKER_USERNAME', 'foo')
+      stub_env('GITLAB_FORKER_PASSWORD', 'bar')
+
+      expect(described_class).to be_forker
+    end
+  end
+
   describe '.github_access_token' do
     it 'returns "" if GITHUB_ACCESS_TOKEN is not defined' do
       expect(described_class.github_access_token).to eq('')

qa/spec/scenario/test/instance_spec.rb → qa/spec/scenario/test/instance/all_spec.rb

-describe QA::Scenario::Test::Instance do
-  subject do
-    Class.new(described_class) do
-      tags :rspec
-    end
-  end
-
+describe QA::Scenario::Test::Instance::All do
   context '#perform' do
     let(:arguments) { spy('Runtime::Scenario') }
     let(:release) { spy('Runtime::Release') }
@@ -26,16 +20,16 @@ describe QA::Scenario::Test::Instance do
     end
 
     context 'no paths' do
-      it 'should call runner with default arguments' do
+      it 'calls runner with default arguments' do
         subject.perform("test")
 
         expect(runner).to have_received(:options=)
-          .with(::File.expand_path('../../../qa/specs/features', __dir__))
+          .with(::File.expand_path('../../../../qa/specs/features', __dir__))
       end
     end
 
     context 'specifying paths' do
-      it 'should call runner with paths' do
+      it 'calls runner with paths' do
         subject.perform('test', 'path1', 'path2')
 
         expect(runner).to have_received(:options=).with(%w[path1 path2])

qa/spec/scenario/test/instance/smoke_spec.rb

+describe QA::Scenario::Test::Instance::Smoke do
+  subject { Class.new(described_class) { tags :smoke } }
+
+  context '#perform' do
+    let(:arguments) { spy('Runtime::Scenario') }
+    let(:release) { spy('Runtime::Release') }
+    let(:runner) { spy('Specs::Runner') }
+
+    before do
+      stub_const('QA::Runtime::Release', release)
+      stub_const('QA::Runtime::Scenario', arguments)
+      stub_const('QA::Specs::Runner', runner)
+
+      allow(runner).to receive(:perform).and_yield(runner)
+    end
+
+    it 'sets an address of the subject' do
+      subject.perform("hello")
+
+      expect(arguments).to have_received(:define)
+        .with(:gitlab_address, "hello")
+    end
+
+    it 'has a smoke tag' do
+      expect(subject.focus).to eq([:smoke]) # rubocop:disable Focus
+    end
+
+    context 'no paths' do
+      it 'calls runner with default arguments' do
+        subject.perform("test")
+
+        expect(runner).to have_received(:options=)
+          .with(::File.expand_path('../../../../qa/specs/features', __dir__))
+      end
+    end
+
+    context 'specifying paths' do
+      it 'calls runner with paths' do
+        subject.perform('test', 'path1', 'path2')
+
+        expect(runner).to have_received(:options=).with(%w[path1 path2])
+      end
+    end
+  end
+end

spec/features/admin/admin_runners_spec.rb

@@ -20,7 +20,7 @@ describe "Admin Runners" do
 
       it 'has all necessary texts' do
         expect(page).to have_text "Setup a shared Runner manually"
-        expect(page).to have_text "Runners with last contact more than a minute ago: 1"
+        expect(page).to have_text "Runners currently online: 1"
       end
 
       describe 'search' do
@@ -55,7 +55,7 @@ describe "Admin Runners" do
 
       it 'has all necessary texts including no runner message' do
         expect(page).to have_text "Setup a shared Runner manually"
-        expect(page).to have_text "Runners with last contact more than a minute ago: 0"
+        expect(page).to have_text "Runners currently online: 0"
         expect(page).to have_text 'No runners found'
       end
     end

spec/lib/gitlab/data_builder/build_spec.rb

@@ -15,6 +15,7 @@ describe Gitlab::DataBuilder::Build do
     it { expect(data[:build_id]).to eq(build.id) }
     it { expect(data[:build_status]).to eq(build.status) }
     it { expect(data[:build_allow_failure]).to eq(false) }
+    it { expect(data[:build_failure_reason]).to eq(build.failure_reason) }
     it { expect(data[:project_id]).to eq(build.project.id) }
     it { expect(data[:project_name]).to eq(build.project.full_name) }
 

spec/lib/gitlab/gitaly_client/diff_spec.rb

@@ -9,7 +9,9 @@ describe Gitlab::GitalyClient::Diff do
       new_mode: 0100644,
       from_id: '357406f3075a57708d0163752905cc1576fceacc',
       to_id: '8e5177d718c561d36efde08bad36b43687ee6bf0',
-      patch: 'a' * 100
+      patch: 'a' * 100,
+      collapsed: false,
+      too_large: false
     }
   end
 
@@ -22,6 +24,8 @@ describe Gitlab::GitalyClient::Diff do
   it { is_expected.to respond_to(:from_id) }
   it { is_expected.to respond_to(:to_id) }
   it { is_expected.to respond_to(:patch) }
+  it { is_expected.to respond_to(:collapsed) }
+  it { is_expected.to respond_to(:too_large) }
 
   describe '#==' do
     it { expect(subject).to eq(described_class.new(diff_fields)) }

spec/models/clusters/applications/prometheus_spec.rb

@@ -154,20 +154,17 @@ describe Clusters::Applications::Prometheus do
   end
 
   describe '#install_command' do
-    let(:kubeclient) { double('kubernetes client') }
     let(:prometheus) { create(:clusters_applications_prometheus) }
 
-    it 'returns an instance of Gitlab::Kubernetes::Helm::InstallCommand' do
-      expect(prometheus.install_command).to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand)
-    end
+    subject { prometheus.install_command }
 
-    it 'should be initialized with 3 arguments' do
-      command = prometheus.install_command
+    it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand) }
 
-      expect(command.name).to eq('prometheus')
-      expect(command.chart).to eq('stable/prometheus')
-      expect(command.version).to eq('6.7.3')
-      expect(command.files).to eq(prometheus.files)
+    it 'should be initialized with 3 arguments' do
+      expect(subject.name).to eq('prometheus')
+      expect(subject.chart).to eq('stable/prometheus')
+      expect(subject.version).to eq('6.7.3')
+      expect(subject.files).to eq(prometheus.files)
     end
 
     context 'application failed to install previously' do

spec/requests/api/events_spec.rb

@@ -2,9 +2,9 @@ require 'spec_helper'
 
 describe API::Events do
   include ApiHelpers
+
   let(:user) { create(:user) }
   let(:non_member) { create(:user) }
-  let(:other_user) { create(:user, username: 'otheruser') }
   let(:private_project) { create(:project, :private, creator_id: user.id, namespace: user.namespace) }
   let(:closed_issue) { create(:closed_issue, project: private_project, author: user) }
   let!(:closed_issue_event) { create(:event, project: private_project, author: user, target: closed_issue, action: Event::CLOSED, created_at: Date.new(2016, 12, 30)) }
@@ -28,12 +28,52 @@ describe API::Events do
         expect(json_response.size).to eq(1)
       end
     end
+
+    context 'when the requesting token has "read_user" scope' do
+      let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
+
+      it 'returns users events' do
+        get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', personal_access_token: token)
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to include_pagination_headers
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+      end
+    end
+
+    context 'when the requesting token does not have "read_user" or "api" scope' do
+      let(:token_without_scopes) { create(:personal_access_token, scopes: ['read_repository'], user: user) }
+
+      it 'returns a "403" response' do
+        get api('/events', personal_access_token: token_without_scopes)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
   end
 
   describe 'GET /users/:id/events' do
-    context "as a user that cannot see the event's project" do
-      it 'returns no events' do
-        get api("/users/#{user.id}/events", other_user)
+    context "as a user that cannot see another user" do
+      it 'returns a "404" response' do
+        allow(Ability).to receive(:allowed?).and_call_original
+        allow(Ability).to receive(:allowed?).with(non_member, :read_user, user).and_return(false)
+
+        get api("/users/#{user.id}/events", non_member)
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response).to be_empty
+      end
+    end
+
+    context "as a user token that cannot see another user" do
+      let(:non_member_token) { create(:personal_access_token, scopes: ['read_user'], user: non_member) }
+
+      it 'returns a "404" response' do
+        allow(Ability).to receive(:allowed?).and_call_original
+        allow(Ability).to receive(:allowed?).with(non_member, :read_user, user).and_return(false)
+
+        get api("/users/#{user.id}/events", personal_access_token: non_member_token)
 
         expect(response).to have_gitlab_http_status(200)
         expect(json_response).to be_empty