Add latest changes from gitlab-org/gitlab@master

app/controllers/admin/broadcast_messages_controller.rb

@@ -60,6 +60,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
       font
       message
       starts_at
+      target_path
     ))
   end
 end

app/controllers/admin/identities_controller.rb

@@ -28,7 +28,8 @@ class Admin::IdentitiesController < Admin::ApplicationController
 
   def update
     if @identity.update(identity_params)
-      RepairLdapBlockedUserService.new(@user).execute
+      ::Users::RepairLdapBlockedService.new(@user).execute
+
       redirect_to admin_user_identities_path(@user), notice: _('User identity was successfully updated.')
     else
       render :edit
@@ -37,7 +38,8 @@ class Admin::IdentitiesController < Admin::ApplicationController
 
   def destroy
     if @identity.destroy
-      RepairLdapBlockedUserService.new(@user).execute
+      ::Users::RepairLdapBlockedService.new(@user).execute
+
       redirect_to admin_user_identities_path(@user), status: :found, notice: _('User identity was successfully removed.')
     else
       redirect_to admin_user_identities_path(@user), status: :found, alert: _('Failed to remove user identity.')

app/helpers/broadcast_messages_helper.rb

 # frozen_string_literal: true
 
 module BroadcastMessagesHelper
+  def current_broadcast_messages
+    BroadcastMessage.current(request.path)
+  end
+
   def broadcast_message(message)
     return unless message.present?
 

app/models/broadcast_message.rb

@@ -20,7 +20,7 @@ class BroadcastMessage < ApplicationRecord
 
   after_commit :flush_redis_cache
 
-  def self.current
+  def self.current(current_path = nil)
     messages = cache.fetch(CACHE_KEY, as: BroadcastMessage, expires_in: cache_expires_in) do
       current_and_future_messages
     end
@@ -33,7 +33,7 @@ class BroadcastMessage < ApplicationRecord
     # cache so we don't keep running this code all the time.
     cache.expire(CACHE_KEY) if now_or_future.empty?
 
-    now_or_future.select(&:now?)
+    now_or_future.select(&:now?).select { |message| message.matches_current_path(current_path) }
   end
 
   def self.current_and_future_messages
@@ -72,6 +72,12 @@ class BroadcastMessage < ApplicationRecord
     now? || future?
   end
 
+  def matches_current_path(current_path)
+    return true if current_path.blank? || target_path.blank?
+
+    current_path.match(Regexp.escape(target_path).gsub('\\*', '.*'))
+  end
+
   def flush_redis_cache
     self.class.cache.expire(CACHE_KEY)
   end

app/models/merge_request/pipelines.rb

@@ -12,15 +12,18 @@ class MergeRequest::Pipelines
 
   attr_reader :merge_request
 
-  delegate :all_commit_shas, :source_project, :source_branch, to: :merge_request
+  delegate :commit_shas, :source_project, :source_branch, to: :merge_request
 
   def all
-    return Ci::Pipeline.none unless source_project
-
     strong_memoize(:all_pipelines) do
-      pipelines = Ci::Pipeline.from_union(
-        [source_pipelines, detached_pipelines, triggered_for_branch],
-      remove_duplicates: false)
+      next Ci::Pipeline.none unless source_project
+
+      pipelines =
+        if merge_request.persisted?
+          pipelines_using_cte
+        else
+          triggered_for_branch.for_sha(commit_shas)
+        end
 
       sort(pipelines)
     end
@@ -28,38 +31,55 @@ class MergeRequest::Pipelines
 
   private
 
-  def triggered_by_merge_request
-    source_project.ci_pipelines
-      .where(source: :merge_request_event, merge_request: merge_request)
+  def pipelines_using_cte
+    cte = Gitlab::SQL::CTE.new(:shas, merge_request.all_commits.select(:sha))
+
+    source_pipelines_join = cte.table[:sha].eq(Ci::Pipeline.arel_table[:source_sha])
+    source_pipelines = filter_by(triggered_by_merge_request, cte, source_pipelines_join)
+    detached_pipelines = filter_by_sha(triggered_by_merge_request, cte)
+    pipelines_for_branch = filter_by_sha(triggered_for_branch, cte)
+
+    Ci::Pipeline.with(cte.to_arel)
+      .from_union([source_pipelines, detached_pipelines, pipelines_for_branch])
+  end
+
+  def filter_by_sha(pipelines, cte)
+    hex = Arel::Nodes::SqlLiteral.new("'hex'")
+    string_sha = Arel::Nodes::NamedFunction.new('encode', [cte.table[:sha], hex])
+    join_condition = string_sha.eq(Ci::Pipeline.arel_table[:sha])
+
+    filter_by(pipelines, cte, join_condition)
   end
 
-  def detached_pipelines
-    triggered_by_merge_request.for_sha(all_commit_shas)
+  def filter_by(pipelines, cte, join_condition)
+    shas_table =
+      Ci::Pipeline.arel_table
+        .join(cte.table, Arel::Nodes::InnerJoin)
+        .on(join_condition)
+        .join_sources
+
+    pipelines.joins(shas_table)
   end
 
-  def source_pipelines
-    triggered_by_merge_request.for_source_sha(all_commit_shas)
+  def triggered_by_merge_request
+    source_project.ci_pipelines
+      .where(source: :merge_request_event, merge_request: merge_request)
   end
 
   def triggered_for_branch
     source_project.ci_pipelines
       .where(source: branch_pipeline_sources, ref: source_branch, tag: false)
-      .for_sha(all_commit_shas)
-  end
-
-  def sources
-    ::Ci::Pipeline.sources
   end
 
   def branch_pipeline_sources
     strong_memoize(:branch_pipeline_sources) do
-      sources.reject { |source| source == EVENT }.values
+      Ci::Pipeline.sources.reject { |source| source == EVENT }.values
     end
   end
 
   def sort(pipelines)
     sql = 'CASE ci_pipelines.source WHEN (?) THEN 0 ELSE 1 END, ci_pipelines.id DESC'
-    query = ApplicationRecord.send(:sanitize_sql_array, [sql, sources[:merge_request_event]]) # rubocop:disable GitlabSecurity/PublicSend
+    query = ApplicationRecord.send(:sanitize_sql_array, [sql, Ci::Pipeline.sources[:merge_request_event]]) # rubocop:disable GitlabSecurity/PublicSend
 
     pipelines.order(Arel.sql(query))
   end

app/services/repair_ldap_blocked_user_service.rb

-# frozen_string_literal: true
-
-class RepairLdapBlockedUserService
-  attr_accessor :user
-
-  def initialize(user)
-    @user = user
-  end
-
-  def execute
-    user.block if ldap_hard_blocked?
-  end
-
-  private
-
-  def ldap_hard_blocked?
-    user.ldap_blocked? && !user.ldap_user?
-  end
-end

app/services/users/repair_ldap_blocked_service.rb

+# frozen_string_literal: true
+
+module Users
+  class RepairLdapBlockedService
+    attr_accessor :user
+
+    def initialize(user)
+      @user = user
+    end
+
+    def execute
+      user.block if ldap_hard_blocked?
+    end
+
+    private
+
+    def ldap_hard_blocked?
+      user.ldap_blocked? && !user.ldap_user?
+    end
+  end
+end

app/views/admin/broadcast_messages/_form.html.haml

@@ -38,6 +38,13 @@
       = f.label :font, "Font Color"
     .col-sm-10
       = f.color_field :font, class: "form-control text-font-color"
+  .form-group.row
+    .col-sm-2.col-form-label
+      = f.label :target_path, _('Target Path')
+    .col-sm-10
+      = f.text_field :target_path, class: "form-control"
+      .form-text.text-muted
+        = _('Paths can contain wildcards, like */welcome')
   .form-group.row
     .col-sm-2.col-form-label
       = f.label :starts_at, _("Starts at (UTC)")

app/views/admin/broadcast_messages/index.html.haml

@@ -19,6 +19,7 @@
         %th Preview
         %th Starts
         %th Ends
+        %th Target Path
         %th  
     %tbody
       - @broadcast_messages.each do |message|
@@ -31,6 +32,8 @@
             = message.starts_at
           %td
             = message.ends_at
+          %td
+            = message.target_path
           %td
             = link_to sprite_icon('pencil-square'), edit_admin_broadcast_message_path(message), title: 'Edit', class: 'btn'
             = link_to sprite_icon('remove'), admin_broadcast_message_path(message), method: :delete, remote: true, title: 'Remove', class: 'js-remove-tr btn btn-danger'

app/views/layouts/_broadcast.html.haml

-- BroadcastMessage.current&.each do |message|
+- current_broadcast_messages&.each do |message|
   = broadcast_message(message)

changelogs/unreleased/id-optimize-query-for-ci-pipelines.yml

+---
+title: Optimize query for CI pipelines of merge request
+merge_request: 19653
+author:
+type: performance

changelogs/unreleased/nicolasdular-add-target-path-to-broadcast-message.yml

+---
+title: Add path based targeting to broadcast messages
+merge_request:
+author:
+type: added

db/migrate/20180215181245_users_name_lower_index.rb

@@ -11,15 +11,11 @@ class UsersNameLowerIndex < ActiveRecord::Migration[4.2]
   disable_ddl_transaction!
 
   def up
-    return unless Gitlab::Database.postgresql?
-
     # On GitLab.com this produces an index with a size of roughly 60 MB.
     execute "CREATE INDEX CONCURRENTLY #{INDEX_NAME} ON users (LOWER(name))"
   end
 
   def down
-    return unless Gitlab::Database.postgresql?
-
     execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME}"
   end
 end

db/migrate/20180309121820_reschedule_commits_count_for_merge_request_diff.rb

@@ -18,7 +18,7 @@ class RescheduleCommitsCountForMergeRequestDiff < ActiveRecord::Migration[4.2]
   def up
     say 'Populating the MergeRequestDiff `commits_count` (reschedule)'
 
-    execute("SET statement_timeout TO '60s'") if Gitlab::Database.postgresql?
+    execute("SET statement_timeout TO '60s'")
 
     MergeRequestDiff.where(commits_count: nil).each_batch(of: BATCH_SIZE) do |relation, index|
       start_id, end_id = relation.pluck('MIN(id), MAX(id)').first

db/migrate/20180504195842_project_name_lower_index.rb

@@ -11,16 +11,12 @@ class ProjectNameLowerIndex < ActiveRecord::Migration[4.2]
   disable_ddl_transaction!
 
   def up
-    return unless Gitlab::Database.postgresql?
-
     disable_statement_timeout do
       execute "CREATE INDEX CONCURRENTLY #{INDEX_NAME} ON projects (LOWER(name))"
     end
   end
 
   def down
-    return unless Gitlab::Database.postgresql?
-
     disable_statement_timeout do
       execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME}"
     end

db/migrate/20180517082340_add_not_null_constraints_to_project_authorizations.rb

@@ -5,34 +5,20 @@ class AddNotNullConstraintsToProjectAuthorizations < ActiveRecord::Migration[4.2
   DOWNTIME = false
 
   def up
-    if Gitlab::Database.postgresql?
-      # One-pass version for PostgreSQL
-      execute <<~SQL
+    execute <<~SQL
       ALTER TABLE project_authorizations
         ALTER COLUMN user_id SET NOT NULL,
         ALTER COLUMN project_id SET NOT NULL,
         ALTER COLUMN access_level SET NOT NULL
-      SQL
-    else
-      change_column_null :project_authorizations, :user_id, false
-      change_column_null :project_authorizations, :project_id, false
-      change_column_null :project_authorizations, :access_level, false
-    end
+    SQL
   end
 
   def down
-    if Gitlab::Database.postgresql?
-      # One-pass version for PostgreSQL
-      execute <<~SQL
+    execute <<~SQL
       ALTER TABLE project_authorizations
         ALTER COLUMN user_id DROP NOT NULL,
         ALTER COLUMN project_id DROP NOT NULL,
         ALTER COLUMN access_level DROP NOT NULL
-      SQL
-    else
-      change_column_null :project_authorizations, :user_id, true
-      change_column_null :project_authorizations, :project_id, true
-      change_column_null :project_authorizations, :access_level, true
-    end
+    SQL
   end
 end

db/migrate/20190402150158_backport_enterprise_schema.rb

@@ -464,15 +464,12 @@ class BackportEnterpriseSchema < ActiveRecord::Migration[5.0]
   end
 
   def update_environments
-    return unless Gitlab::Database.postgresql?
     return if index_exists?(:environments, :name, name: 'index_environments_on_name_varchar_pattern_ops')
 
     execute('CREATE INDEX CONCURRENTLY index_environments_on_name_varchar_pattern_ops ON environments (name varchar_pattern_ops);')
   end
 
   def revert_environments
-    return unless Gitlab::Database.postgresql?
-
     remove_concurrent_index_by_name(
       :environments,
       'index_environments_on_name_varchar_pattern_ops'

db/migrate/20191125133353_add_target_path_to_broadcast_message.rb

+# frozen_string_literal: true
+
+class AddTargetPathToBroadcastMessage < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    add_column :broadcast_messages, :target_path, :string, limit: 255
+  end
+end

db/optional_migrations/composite_primary_keys.rb

@@ -27,8 +27,6 @@ class CompositePrimaryKeysMigration < ActiveRecord::Migration[4.2]
   disable_ddl_transaction!
 
   def up
-    return unless Gitlab::Database.postgresql?
-
     disable_statement_timeout do
       TABLES.each do |index|
         add_primary_key(index)
@@ -37,8 +35,6 @@ class CompositePrimaryKeysMigration < ActiveRecord::Migration[4.2]
   end
 
   def down
-    return unless Gitlab::Database.postgresql?
-
     disable_statement_timeout do
       TABLES.each do |index|
         remove_primary_key(index)

db/post_migrate/20180305100050_remove_permanent_from_redirect_routes.rb

@@ -14,11 +14,9 @@ class RemovePermanentFromRedirectRoutes < ActiveRecord::Migration[4.2]
     # These indexes were created on Postgres only in:
     # ReworkRedirectRoutesIndexes:
     # https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/16211
-    if Gitlab::Database.postgresql?
-      disable_statement_timeout do
-        execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME_PERM};"
-        execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME_TEMP};"
-      end
+    disable_statement_timeout do
+      execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME_PERM};"
+      execute "DROP INDEX CONCURRENTLY IF EXISTS #{INDEX_NAME_TEMP};"
     end
 
     remove_column(:redirect_routes, :permanent)
@@ -27,11 +25,9 @@ class RemovePermanentFromRedirectRoutes < ActiveRecord::Migration[4.2]
   def down
     add_column(:redirect_routes, :permanent, :boolean)
 
-    if Gitlab::Database.postgresql?
-      disable_statement_timeout do
-        execute("CREATE INDEX CONCURRENTLY #{INDEX_NAME_PERM} ON redirect_routes (lower(path) varchar_pattern_ops) where (permanent);")
-        execute("CREATE INDEX CONCURRENTLY #{INDEX_NAME_TEMP} ON redirect_routes (lower(path) varchar_pattern_ops) where (not permanent or permanent is null) ;")
-      end
+    disable_statement_timeout do
+      execute("CREATE INDEX CONCURRENTLY #{INDEX_NAME_PERM} ON redirect_routes (lower(path) varchar_pattern_ops) where (permanent);")
+      execute("CREATE INDEX CONCURRENTLY #{INDEX_NAME_TEMP} ON redirect_routes (lower(path) varchar_pattern_ops) where (not permanent or permanent is null) ;")
     end
   end
 end

db/post_migrate/20180306164012_add_path_index_to_redirect_routes.rb

@@ -16,8 +16,6 @@ class AddPathIndexToRedirectRoutes < ActiveRecord::Migration[4.2]
   # This same index is also added in the `ReworkRedirectRoutesIndexes` so this
   # is a no-op in most cases.
   def up
-    return unless Gitlab::Database.postgresql?
-
     disable_statement_timeout do
       unless index_exists_by_name?(:redirect_routes, INDEX_NAME)
         execute("CREATE UNIQUE INDEX CONCURRENTLY #{INDEX_NAME} ON redirect_routes (lower(path) varchar_pattern_ops);")

db/post_migrate/20180706223200_populate_site_statistics.rb

@@ -7,13 +7,13 @@ class PopulateSiteStatistics < ActiveRecord::Migration[4.2]
 
   def up
     transaction do
-      execute('SET LOCAL statement_timeout TO 0') if Gitlab::Database.postgresql? # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
+      execute('SET LOCAL statement_timeout TO 0') # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
 
       execute("UPDATE site_statistics SET repositories_count = (SELECT COUNT(*) FROM projects)")
     end
 
     transaction do
-      execute('SET LOCAL statement_timeout TO 0') if Gitlab::Database.postgresql? # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
+      execute('SET LOCAL statement_timeout TO 0') # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
 
       execute("UPDATE site_statistics SET wikis_count = (SELECT COUNT(*) FROM project_features WHERE wiki_access_level != 0)")
     end

db/post_migrate/20180809195358_migrate_null_wiki_access_levels.rb

@@ -20,7 +20,7 @@ class MigrateNullWikiAccessLevels < ActiveRecord::Migration[4.2]
 
     # We need to re-count wikis as previous attempt was not considering the NULLs.
     transaction do
-      execute('SET LOCAL statement_timeout TO 0') if Gitlab::Database.postgresql? # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
+      execute('SET LOCAL statement_timeout TO 0') # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
 
       execute("UPDATE site_statistics SET wikis_count = (SELECT COUNT(*) FROM project_features WHERE wiki_access_level != 0)")
     end

db/post_migrate/20180826111825_recalculate_site_statistics.rb

@@ -9,13 +9,13 @@ class RecalculateSiteStatistics < ActiveRecord::Migration[4.2]
 
   def up
     transaction do
-      execute('SET LOCAL statement_timeout TO 0') if Gitlab::Database.postgresql? # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
+      execute('SET LOCAL statement_timeout TO 0') # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
 
       execute("UPDATE site_statistics SET repositories_count = (SELECT COUNT(*) FROM projects)")
     end
 
     transaction do
-      execute('SET LOCAL statement_timeout TO 0') if Gitlab::Database.postgresql? # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
+      execute('SET LOCAL statement_timeout TO 0') # see https://gitlab.com/gitlab-org/gitlab-foss/issues/48967
 
       execute("UPDATE site_statistics SET wikis_count = (SELECT COUNT(*) FROM project_features WHERE wiki_access_level != 0)")
     end

db/schema.rb

@@ -573,6 +573,7 @@ ActiveRecord::Schema.define(version: 2019_11_25_140458) do
     t.string "font"
     t.text "message_html", null: false
     t.integer "cached_markdown_version"
+    t.string "target_path", limit: 255
     t.index ["starts_at", "ends_at", "id"], name: "index_broadcast_messages_on_starts_at_and_ends_at_and_id"
   end
 

doc/administration/packages/container_registry.md

@@ -457,36 +457,40 @@ If Registry is enabled in your GitLab instance, but you don't need it for your
 project, you can disable it from your project's settings. Read the user guide
 on how to achieve that.
 
-## Disable Container Registry but use GitLab as an auth endpoint
+## Use an external container registry with GitLab as an auth endpoint
 
 **Omnibus GitLab**
 
-You can use GitLab as an auth endpoint and use a non-bundled Container Registry.
+You can use GitLab as an auth endpoint with an external container registry.
 
 1. Open `/etc/gitlab/gitlab.rb` and set necessary configurations:
 
    ```ruby
    gitlab_rails['registry_enabled'] = true
-   gitlab_rails['registry_host'] = "registry.gitlab.example.com"
-   gitlab_rails['registry_port'] = "5005"
    gitlab_rails['registry_api_url'] = "http://localhost:5000"
-   gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
    gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
    ```
 
-1. A certificate keypair is required for GitLab and the Container Registry to
-   communicate securely.  By default Omnibus GitLab will generate one keypair,
-   which is saved to `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key`.
-   When using a non-bundled Container Registry, you will need to supply a
-   custom certificate key. To do that, add the following to
-   `/etc/gitlab/gitlab.rb`
+   NOTE: **Note:**
+   `gitlab_rails['registry_enabled'] = true` is needed to enable GitLab's
+   Container Registry features and authentication endpoint. GitLab's bundled
+   Container Registry service will not be started even with this enabled.
+
+1. A certificate-key pair is required for GitLab and the external container
+   registry to communicate securely. You will need to create a certificate-key
+   pair, configuring the external container registry with the public
+   certificate and configuring GitLab with the private key. To do that, add
+   the following to `/etc/gitlab/gitlab.rb`:
 
    ```ruby
-   gitlab_rails['registry_key_path'] = "/custom/path/to/registry-key.key"
    # registry['internal_key'] should contain the contents of the custom key
    # file. Line breaks in the key file should be marked using `\n` character
    # Example:
    registry['internal_key'] = "---BEGIN RSA PRIVATE KEY---\nMIIEpQIBAA\n"
+
+   # Optionally define a custom file for Omnibus GitLab to write the contents
+   # of registry['internal_key'] to.
+   gitlab_rails['registry_key_path'] = "/custom/path/to/registry-key.key"
    ```
 
    NOTE: **Note:**
@@ -496,7 +500,16 @@ You can use GitLab as an auth endpoint and use a non-bundled Container Registry.
    `/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key` and will populate
    it.
 
-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
+1. To change the container registry URL displayed in the GitLab Container
+   Registry pages, set the following configurations:
+
+   ```ruby
+   gitlab_rails['registry_host'] = "registry.gitlab.example.com"
+   gitlab_rails['registry_port'] = "5005"
+   ```
+
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure)
+   for the changes to take effect.
 
 **Installations from source**
 

doc/development/sql.md

@@ -108,15 +108,11 @@ class AddUsersLowerUsernameEmailIndexes < ActiveRecord::Migration[4.2]
   disable_ddl_transaction!
 
   def up
-    return unless Gitlab::Database.postgresql?
-
     execute 'CREATE INDEX CONCURRENTLY index_on_users_lower_username ON users (LOWER(username));'
     execute 'CREATE INDEX CONCURRENTLY index_on_users_lower_email ON users (LOWER(email));'
   end
 
   def down
-    return unless Gitlab::Database.postgresql?
-
     remove_index :users, :index_on_users_lower_username
     remove_index :users, :index_on_users_lower_email
   end

doc/development/verifying_database_capabilities.md

@@ -6,22 +6,16 @@ necessary to add database (version) specific behaviour.
 
 To facilitate this we have the following methods that you can use:
 
-- `Gitlab::Database.postgresql?`: returns `true` if PostgreSQL is being used.
-  You can normally just assume this is the case.
 - `Gitlab::Database.version`: returns the PostgreSQL version number as a string
   in the format `X.Y.Z`.
 
 This allows you to write code such as:
 
 ```ruby
-if Gitlab::Database.postgresql?
-  if Gitlab::Database.version.to_f >= 9.6
-    run_really_fast_query
-  else
-    run_fast_query
-  end
+if Gitlab::Database.version.to_f >= 9.6
+  run_really_fast_query
 else
-  run_query
+  run_fast_query
 end
 ```
 

doc/integration/github.md

@@ -166,3 +166,36 @@ via Omnibus, or [restart GitLab] if you installed from source.
 
 [reconfigure GitLab]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
 [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
+
+## Troubleshooting
+
+### Error 500 when trying to sign in to GitLab via GitHub Enterprise
+
+Check the [`production.log`](../administration/logs.md#productionlog)
+on your GitLab server to obtain further details. If you are getting the error like
+`Faraday::ConnectionFailed (execution expired)` in the log, there may be a connectivity issue
+between your GitLab instance and GitHub Enterprise. To verify it, [start the rails console](https://docs.gitlab.com/omnibus/maintenance/#starting-a-rails-console-session)
+and run the commands below replacing <github_url> with the URL of your GitHub Enterprise instance:
+
+```ruby
+uri = URI.parse("https://<github_url>") # replace `GitHub-URL` with the real one here
+http = Net::HTTP.new(uri.host, uri.port)
+http.use_ssl = true
+http.verify_mode = 1
+response = http.request(Net::HTTP::Get.new(uri.request_uri))
+```
+
+If you are getting a similar `execution expired` error, it confirms the theory about the
+network connectivity. In that case, make sure that the GitLab server is able to reach your
+GitHub enterprise instance.
+
+### Signing in using your GitHub account without a pre-existing GitLab account is not allowed
+
+If you're getting the message `Signing in using your GitHub account without a pre-existing
+GitLab account is not allowed. Create a GitLab account first, and then connect it to your
+GitHub account` when signing in, in GitLab:
+
+1. Go to your **Profile > Account**.
+1. Under the "Social sign-in" section, click **Connect** near the GitHub icon.
+
+After that, you should be able to sign in via GitHub successfully.

doc/user/admin_area/broadcast_messages.md

@@ -22,6 +22,7 @@ To add a broadcast message:
 1. Navigate to the **Admin Area > Messages** page.
 1. Add the text for the message to the **Message** field. Markdown and emoji are supported.
 1. If required, click the **Customize colors** link to edit the background color and font color of the message.
+1. If required, add a **Target Path** to only show the broadcast message on URLs matching that path. You can use the wildcard character `*` to match multiple URLs, for example `/users/*/issues`.
 1. Select a date for the message to start and end.
 1. Click the **Add broadcast message** button.
 

lib/gitlab/background_migration/migrate_legacy_artifacts.rb

@@ -123,8 +123,6 @@ module Gitlab
       end
 
       def add_missing_db_timezone
-        return '' unless Gitlab::Database.postgresql?
-
         'at time zone \'UTC\''
       end
     end

locale/gitlab.pot

@@ -9650,6 +9650,9 @@ msgstr ""
 msgid "Issue"
 msgstr ""
 
+msgid "Issue %{issue_reference} has already been added to epic %{epic_reference}."
+msgstr ""
+
 msgid "Issue Boards"
 msgstr ""
 
@@ -12263,6 +12266,9 @@ msgstr ""
 msgid "Path:"
 msgstr ""
 
+msgid "Paths can contain wildcards, like */welcome"
+msgstr ""
+
 msgid "Pause"
 msgstr ""
 
@@ -16836,7 +16842,7 @@ msgstr ""
 msgid "Subscriptions"
 msgstr ""
 
-msgid "Subscriptions allow successfully completed pipelines on the %{default_branch_docs} of the subscribed project to trigger a new pipeline on thee default branch of this project."
+msgid "Subscriptions allow successfully completed pipelines on the %{default_branch_docs} of the subscribed project to trigger a new pipeline on the default branch of this project."
 msgstr ""
 
 msgid "Subtracted"
@@ -17109,6 +17115,9 @@ msgstr ""
 msgid "Target Branch"
 msgstr ""
 
+msgid "Target Path"
+msgstr ""
+
 msgid "Target branch"
 msgstr ""
 

spec/controllers/admin/identities_controller_spec.rb

@@ -13,7 +13,7 @@ describe Admin::IdentitiesController do
     let(:user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=myuser,ou=people,dc=example,dc=com') }
 
     it 'repairs ldap blocks' do
-      expect_next_instance_of(RepairLdapBlockedUserService) do |instance|
+      expect_next_instance_of(::Users::RepairLdapBlockedService) do |instance|
         expect(instance).to receive(:execute)
       end
 
@@ -25,7 +25,7 @@ describe Admin::IdentitiesController do
     let(:user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=myuser,ou=people,dc=example,dc=com') }
 
     it 'repairs ldap blocks' do
-      expect_next_instance_of(RepairLdapBlockedUserService) do |instance|
+      expect_next_instance_of(::Users::RepairLdapBlockedService) do |instance|
         expect(instance).to receive(:execute)
       end
 

spec/factories/merge_request_diff_commits.rb

+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :merge_request_diff_commit do
+    association :merge_request_diff
+
+    sha { Digest::SHA1.hexdigest(SecureRandom.hex) }
+    relative_order { 0 }
+  end
+end

spec/features/admin/admin_broadcast_messages_spec.rb

@@ -16,12 +16,14 @@ describe 'Admin Broadcast Messages' do
   it 'Create a customized broadcast message' do
     fill_in 'broadcast_message_message', with: 'Application update from **4:00 CST to 5:00 CST**'
     fill_in 'broadcast_message_color', with: '#f2dede'
+    fill_in 'broadcast_message_target_path', with: '*/user_onboarded'
     fill_in 'broadcast_message_font', with: '#b94a48'
     select Date.today.next_year.year, from: 'broadcast_message_ends_at_1i'
     click_button 'Add broadcast message'
 
     expect(current_path).to eq admin_broadcast_messages_path
     expect(page).to have_content 'Application update from 4:00 CST to 5:00 CST'
+    expect(page).to have_content '*/user_onboarded'
     expect(page).to have_selector 'strong', text: '4:00 CST to 5:00 CST'
     expect(page).to have_selector %(div[style="background-color: #f2dede; color: #b94a48"])
   end

spec/lib/gitlab/import_export/project_tree_restorer_spec.rb

@@ -635,43 +635,39 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
   end
 
   context 'JSON with invalid records' do
+    subject(:restored_project_json) { project_tree_restorer.restore }
+
     let(:user) { create(:user) }
     let!(:project) { create(:project, :builds_disabled, :issues_disabled, name: 'project', path: 'project') }
     let(:project_tree_restorer) { described_class.new(user: user, shared: shared, project: project) }
-    let(:restored_project_json) { project_tree_restorer.restore }
-
-    context 'when some failures occur' do
-      context 'because a relation fails to be processed' do
-        let(:correlation_id) { 'my-correlation-id' }
+    let(:correlation_id) { 'my-correlation-id' }
 
-        before do
-          setup_import_export_config('with_invalid_records')
+    before do
+      setup_import_export_config('with_invalid_records')
 
-          Labkit::Correlation::CorrelationId.use_id(correlation_id) do
-            expect(restored_project_json).to eq(true)
-          end
-        end
+      Labkit::Correlation::CorrelationId.use_id(correlation_id) { subject }
+    end
 
-        it_behaves_like 'restores project successfully',
-          issues: 0,
-          labels: 0,
-          label_with_priorities: nil,
-          milestones: 1,
-          first_issue_labels: 0,
-          services: 0,
-          import_failures: 1
-
-        it 'records the failures in the database' do
-          import_failure = ImportFailure.last
-
-          expect(import_failure.project_id).to eq(project.id)
-          expect(import_failure.relation_key).to eq('milestones')
-          expect(import_failure.relation_index).to be_present
-          expect(import_failure.exception_class).to eq('ActiveRecord::RecordInvalid')
-          expect(import_failure.exception_message).to be_present
-          expect(import_failure.correlation_id_value).to eq('my-correlation-id')
-          expect(import_failure.created_at).to be_present
-        end
+    context 'when failures occur because a relation fails to be processed' do
+      it_behaves_like 'restores project successfully',
+        issues: 0,
+        labels: 0,
+        label_with_priorities: nil,
+        milestones: 1,
+        first_issue_labels: 0,
+        services: 0,
+        import_failures: 1
+
+      it 'records the failures in the database' do
+        import_failure = ImportFailure.last
+
+        expect(import_failure.project_id).to eq(project.id)
+        expect(import_failure.relation_key).to eq('milestones')
+        expect(import_failure.relation_index).to be_present
+        expect(import_failure.exception_class).to eq('ActiveRecord::RecordInvalid')
+        expect(import_failure.exception_message).to be_present
+        expect(import_failure.correlation_id_value).to eq('my-correlation-id')
+        expect(import_failure.created_at).to be_present
       end
     end
   end

spec/models/broadcast_message_spec.rb

@@ -88,6 +88,42 @@ describe BroadcastMessage do
       expect(Rails.cache).not_to receive(:delete).with(described_class::CACHE_KEY)
       expect(described_class.current.length).to eq(0)
     end
+
+    it 'returns message if it matches the target path' do
+      message = create(:broadcast_message, target_path: "*/onboarding_completed")
+
+      expect(described_class.current('/users/onboarding_completed')).to include(message)
+    end
+
+    it 'returns message if part of the target path matches' do
+      create(:broadcast_message, target_path: "/users/*/issues")
+
+      expect(described_class.current('/users/name/issues').length).to eq(1)
+    end
+
+    it 'returns the message for empty target path' do
+      create(:broadcast_message, target_path: "")
+
+      expect(described_class.current('/users/name/issues').length).to eq(1)
+    end
+
+    it 'returns the message if target path is nil' do
+      create(:broadcast_message, target_path: nil)
+
+      expect(described_class.current('/users/name/issues').length).to eq(1)
+    end
+
+    it 'does not return message if target path does not match' do
+      create(:broadcast_message, target_path: "/onboarding_completed")
+
+      expect(described_class.current('/welcome').length).to eq(0)
+    end
+
+    it 'does not return message if target path does not match when using wildcard' do
+      create(:broadcast_message, target_path: "/users/*/issues")
+
+      expect(described_class.current('/group/groupname/issues').length).to eq(0)
+    end
   end
 
   describe '#attributes' do

spec/models/merge_request/pipelines_spec.rb

@@ -75,7 +75,9 @@ describe MergeRequest::Pipelines do
       let(:shas) { project.repository.commits(source_ref, limit: 2).map(&:id) }
 
       before do
-        allow(merge_request).to receive(:all_commit_shas) { shas }
+        create(:merge_request_diff_commit,
+          merge_request_diff: merge_request.merge_request_diff,
+          sha: shas.second, relative_order: 1)
       end
 
       it 'returns merge request pipeline first' do
@@ -119,7 +121,11 @@ describe MergeRequest::Pipelines do
         end
 
         before do
-          allow(merge_request_2).to receive(:all_commit_shas) { shas }
+          shas.each.with_index do |sha, index|
+            create(:merge_request_diff_commit,
+              merge_request_diff: merge_request_2.merge_request_diff,
+              sha: sha, relative_order: index)
+          end
         end
 
         it 'returns only related merge request pipelines' do

spec/services/repair_ldap_blocked_user_service_spec.rb → spec/services/users/repair_ldap_blocked_service_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe RepairLdapBlockedUserService do
+describe Users::RepairLdapBlockedService do
   let(:user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
   let(:identity) { user.ldap_identity }
   subject(:service) { described_class.new(user) }