[skip ci] Merge branch 'master' into bootstrap4

.gitlab/issue_templates/Security Developer Workflow.md

+<!--
+# Read me first!
+
+Create this issue under https://dev.gitlab.org/gitlab/gitlabhq
+
+Set the title to: `[Security] Description of the original issue`
+-->
+
+### Prior to the security release
+
+- [ ] Read the [security process for developers] if you are not familiar with it.
+- [ ] Link to the original issue adding it to the [links section](#links)
+- [ ] Run `scripts/security-harness` in the CE, EE, and/or Omnibus to prevent pushing to any remote besides `dev.gitlab.org`
+- [ ] Create an MR targetting `org` `master`, prefixing your branch with `security-`
+- [ ] Label your MR with the ~security label, prefix the title with `WIP: [master]`   
+- [ ] Add a link to the MR to the [links section](#links)
+- [ ] Add a link to an EE MR if required
+- [ ] Make sure the MR remains in-progress and gets approved after the review cycle, **but never merged**.
+- [ ] Assign the MR to a RM once is reviewed and ready to be merged. Check the [RM list] to see who to ping.
+
+#### Backports
+
+- [ ] Once the MR is ready to be merged, create MRs targetting the last 3 releases
+    - [ ] At this point, it might be easy to squash the commits from the MR into one
+    - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [seckpick documentation]
+    - [ ] Create the branch `security-X-Y` from `X-Y-stable` if it doesn't exist (and make sure it's up to date with stable)
+    - [ ] Create each MR targetting the security branch `security-X-Y`
+    - [ ] Add the ~security label and prefix with the version `WIP: [X.Y]` the title of the MR
+- [ ] Make sure all MRs have a link in the [links section](#links) and are assigned to a Release Manager.
+
+[seckpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/process.md#secpick-script
+
+#### Documentation and final details
+
+- [ ] Check the topic on #security to see when the next release is going ot happen and add a link to the [links section](#links)
+- [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details)
+- [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)
+- [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)
+
+### Summary
+#### Links
+
+| Description | Link |
+| -------- | -------- |
+| Original issue   | #TODO  |
+| Security release issue   | #TODO  |
+| `master` MR | !TODO   |
+| `master` MR (EE) | !TODO   |
+| `Backport X.Y` MR | !TODO   |
+| `Backport X.Y` MR | !TODO   |
+| `Backport X.Y` MR | !TODO   |
+| `Backport X.Y` MR (EE) | !TODO   |
+| `Backport X.Y` MR (EE) | !TODO   |
+| `Backport X.Y` MR (EE) | !TODO   |
+
+#### Details
+
+| Description | Details | Further details|
+| -------- | -------- | -------- |
+| Versions affected | X.Y  | |
+| Upgrade notes | | |
+| GitLab Settings updated | Yes/No| |
+| Migration required | Yes/No | |
+
+[security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/process.md
+[RM list]:  https://about.gitlab.com/release-managers/
+
+/label ~security 

Gemfile

@@ -62,7 +62,7 @@ gem 'akismet', '~> 2.0'
 # Two-factor authentication
 gem 'devise-two-factor', '~> 3.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 3.0.0'
+gem 'attr_encrypted', '~> 3.1.0'
 gem 'u2f', '~> 0.2.1'
 
 # GitLab Pages

Gemfile.lock

@@ -66,7 +66,7 @@ GEM
       unf
     ast (2.4.0)
     atomic (1.1.99)
-    attr_encrypted (3.0.3)
+    attr_encrypted (3.1.0)
       encryptor (~> 3.0.0)
     attr_required (1.0.0)
     autoprefixer-rails (6.2.3)
@@ -1004,7 +1004,7 @@ DEPENDENCIES
   asciidoctor (~> 1.5.6)
   asciidoctor-plantuml (= 0.0.8)
   asset_sync (~> 2.2.0)
-  attr_encrypted (~> 3.0.0)
+  attr_encrypted (~> 3.1.0)
   awesome_print (~> 1.2.0)
   babosa (~> 1.0.2)
   base32 (~> 0.3.0)

app/assets/javascripts/branches/branches_delete_modal.js

@@ -16,6 +16,7 @@ class DeleteModal {
   bindEvents() {
     this.$toggleBtns.on('click', this.setModalData.bind(this));
     this.$confirmInput.on('input', this.setDeleteDisabled.bind(this));
+    this.$deleteBtn.on('click', this.setDisableDeleteButton.bind(this));
   }
 
   setModalData(e) {
@@ -30,6 +31,16 @@ class DeleteModal {
     this.$deleteBtn.attr('disabled', e.currentTarget.value !== this.branchName);
   }
 
+  setDisableDeleteButton(e) {
+    if (this.$deleteBtn.is('[disabled]')) {
+      e.preventDefault();
+      e.stopPropagation();
+      return false;
+    }
+
+    return true;
+  }
+
   updateModal() {
     this.$branchName.text(this.branchName);
     this.$confirmInput.val('');

app/assets/javascripts/clusters/components/applications.vue

 <script>
-  import _ from 'underscore';
-  import { s__, sprintf } from '../../locale';
-  import applicationRow from './application_row.vue';
-  import clipboardButton from '../../vue_shared/components/clipboard_button.vue';
-  import {
-    APPLICATION_INSTALLED,
-    INGRESS,
-  } from '../constants';
+import _ from 'underscore';
+import { s__, sprintf } from '../../locale';
+import applicationRow from './application_row.vue';
+import clipboardButton from '../../vue_shared/components/clipboard_button.vue';
+import { APPLICATION_INSTALLED, INGRESS } from '../constants';
 
-  export default {
-    components: {
-      applicationRow,
-      clipboardButton,
+export default {
+  components: {
+    applicationRow,
+    clipboardButton,
+  },
+  props: {
+    applications: {
+      type: Object,
+      required: false,
+      default: () => ({}),
     },
-    props: {
-      applications: {
-        type: Object,
-        required: false,
-        default: () => ({}),
-      },
-      helpPath: {
-        type: String,
-        required: false,
-        default: '',
-      },
-      ingressHelpPath: {
-        type: String,
-        required: false,
-        default: '',
-      },
-      ingressDnsHelpPath: {
-        type: String,
-        required: false,
-        default: '',
-      },
-      managePrometheusPath: {
-        type: String,
-        required: false,
-        default: '',
-      },
+    helpPath: {
+      type: String,
+      required: false,
+      default: '',
     },
-    computed: {
-      generalApplicationDescription() {
-        return sprintf(
-          _.escape(s__(
+    ingressHelpPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    ingressDnsHelpPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    managePrometheusPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+  },
+  computed: {
+    generalApplicationDescription() {
+      return sprintf(
+        _.escape(
+          s__(
             `ClusterIntegration|Install applications on your Kubernetes cluster.
             Read more about %{helpLink}`,
-          )), {
-            helpLink: `<a href="${this.helpPath}">
+          ),
+        ),
+        {
+          helpLink: `<a href="${this.helpPath}">
               ${_.escape(s__('ClusterIntegration|installing applications'))}
             </a>`,
-          },
-          false,
-        );
-      },
-      ingressId() {
-        return INGRESS;
-      },
-      ingressInstalled() {
-        return this.applications.ingress.status === APPLICATION_INSTALLED;
-      },
-      ingressExternalIp() {
-        return this.applications.ingress.externalIp;
-      },
-      ingressDescription() {
-        const extraCostParagraph = sprintf(
-          _.escape(s__(
+        },
+        false,
+      );
+    },
+    ingressId() {
+      return INGRESS;
+    },
+    ingressInstalled() {
+      return this.applications.ingress.status === APPLICATION_INSTALLED;
+    },
+    ingressExternalIp() {
+      return this.applications.ingress.externalIp;
+    },
+    ingressDescription() {
+      const extraCostParagraph = sprintf(
+        _.escape(
+          s__(
             `ClusterIntegration|%{boldNotice} This will add some extra resources
             like a load balancer, which may incur additional costs depending on
-            the hosting provider your Kubernetes cluster is installed on. If you are using GKE,
-            you can %{pricingLink}.`,
-          )), {
-            boldNotice: `<strong>${_.escape(s__('ClusterIntegration|Note:'))}</strong>`,
-            pricingLink: `<a href="https://cloud.google.com/compute/pricing#lb" target="_blank" rel="noopener noreferrer">
+            the hosting provider your Kubernetes cluster is installed on. If you are using
+            Google Kubernetes Engine, you can %{pricingLink}.`,
+          ),
+        ),
+        {
+          boldNotice: `<strong>${_.escape(s__('ClusterIntegration|Note:'))}</strong>`,
+          pricingLink: `<a href="https://cloud.google.com/compute/pricing#lb" target="_blank" rel="noopener noreferrer">
               ${_.escape(s__('ClusterIntegration|check the pricing here'))}</a>`,
-          },
-          false,
-        );
+        },
+        false,
+      );
 
-        const externalIpParagraph = sprintf(
-          _.escape(s__(
+      const externalIpParagraph = sprintf(
+        _.escape(
+          s__(
             `ClusterIntegration|After installing Ingress, you will need to point your wildcard DNS
             at the generated external IP address in order to view your app after it is deployed. %{ingressHelpLink}`,
-          )), {
-            ingressHelpLink: `<a href="${this.ingressHelpPath}">
+          ),
+        ),
+        {
+          ingressHelpLink: `<a href="${this.ingressHelpPath}">
               ${_.escape(s__('ClusterIntegration|More information'))}
             </a>`,
-          },
-          false,
-        );
+        },
+        false,
+      );
 
-        return `
+      return `
           <p>
             ${extraCostParagraph}
           </p>
@@ -98,22 +104,25 @@
             ${externalIpParagraph}
           </p>
         `;
-      },
-      prometheusDescription() {
-        return sprintf(
-          _.escape(s__(
+    },
+    prometheusDescription() {
+      return sprintf(
+        _.escape(
+          s__(
             `ClusterIntegration|Prometheus is an open-source monitoring system
             with %{gitlabIntegrationLink} to monitor deployed applications.`,
-          )), {
-            gitlabIntegrationLink: `<a href="https://docs.gitlab.com/ce/user/project/integrations/prometheus.html"
+          ),
+        ),
+        {
+          gitlabIntegrationLink: `<a href="https://docs.gitlab.com/ce/user/project/integrations/prometheus.html"
               target="_blank" rel="noopener noreferrer">
               ${_.escape(s__('ClusterIntegration|GitLab Integration'))}</a>`,
-          },
-          false,
-        );
-      },
+        },
+        false,
+      );
     },
-  };
+  },
+};
 </script>
 
 <template>
@@ -205,7 +214,7 @@
               >
                 {{ s__(`ClusterIntegration|The IP address is in
                 the process of being assigned. Please check your Kubernetes
-                cluster or Quotas on GKE if it takes a long time.`) }}
+                cluster or Quotas on Google Kubernetes Engine if it takes a long time.`) }}
 
                 <a
                   :href="ingressHelpPath"

app/assets/javascripts/ide/ide_router.js

@@ -36,11 +36,11 @@ const router = new VueRouter({
   base: `${gon.relative_url_root}/-/ide/`,
   routes: [
     {
-      path: '/project/:namespace/:project',
+      path: '/project/:namespace/:project+',
       component: EmptyRouterComponent,
       children: [
         {
-          path: ':targetmode/:branch/*',
+          path: ':targetmode(edit|tree|blob)/:branch/*',
           component: EmptyRouterComponent,
         },
         {

app/assets/javascripts/ide/stores/mutations/tree.js

@@ -17,12 +17,8 @@ export default {
     });
   },
   [types.SET_DIRECTORY_DATA](state, { data, treePath }) {
-    Object.assign(state, {
-      trees: Object.assign(state.trees, {
-        [treePath]: {
-          tree: data,
-        },
-      }),
+    Object.assign(state.trees[treePath], {
+      tree: data,
     });
   },
   [types.SET_LAST_COMMIT_URL](state, { tree = state, url }) {

app/assets/javascripts/notes.js

@@ -19,7 +19,6 @@ import AjaxCache from '~/lib/utils/ajax_cache';
 import Vue from 'vue';
 import syntaxHighlight from '~/syntax_highlight';
 import SkeletonLoadingContainer from '~/vue_shared/components/skeleton_loading_container.vue';
-import { __ } from '~/locale';
 import axios from './lib/utils/axios_utils';
 import { getLocationHash } from './lib/utils/url_utility';
 import Flash from './flash';
@@ -198,6 +197,8 @@ export default class Notes {
     );
 
     this.$wrapperEl.on('click', '.js-toggle-lazy-diff', this.loadLazyDiff);
+    this.$wrapperEl.on('click', '.js-toggle-lazy-diff-retry-button', this.onClickRetryLazyLoad.bind(this));
+
     // fetch notes when tab becomes visible
     this.$wrapperEl.on('visibilitychange', this.visibilityChange);
     // when issue status changes, we need to refresh data
@@ -244,6 +245,7 @@ export default class Notes {
     this.$wrapperEl.off('click', '.js-comment-resolve-button');
     this.$wrapperEl.off('click', '.system-note-commit-list-toggler');
     this.$wrapperEl.off('click', '.js-toggle-lazy-diff');
+    this.$wrapperEl.off('click', '.js-toggle-lazy-diff-retry-button');
     this.$wrapperEl.off('ajax:success', '.js-main-target-form');
     this.$wrapperEl.off('ajax:success', '.js-discussion-note-form');
     this.$wrapperEl.off('ajax:complete', '.js-main-target-form');
@@ -1431,16 +1433,15 @@ export default class Notes {
     syntaxHighlight(fileHolder);
   }
 
-  static renderDiffError($container) {
-    $container.find('.line_content').html(
-      $(`
-        <div class="nothing-here-block">
-          ${__(
-            'Unable to load the diff.',
-          )} <a class="js-toggle-lazy-diff" href="javascript:void(0)">Try again</a>?
-        </div>
-      `),
-    );
+  onClickRetryLazyLoad(e) {
+    const $retryButton = $(e.currentTarget);
+
+    $retryButton.prop('disabled', true);
+
+    return this.loadLazyDiff(e)
+    .then(() => {
+      $retryButton.prop('disabled', false);
+    });
   }
 
   loadLazyDiff(e) {
@@ -1449,20 +1450,35 @@ export default class Notes {
 
     $container.find('.js-toggle-lazy-diff').removeClass('js-toggle-lazy-diff');
 
-    const tableEl = $container.find('tbody');
-    if (tableEl.length === 0) return;
+    const $tableEl = $container.find('tbody');
+    if ($tableEl.length === 0) return;
 
     const fileHolder = $container.find('.file-holder');
     const url = fileHolder.data('linesPath');
 
-    axios
+    const $errorContainer = $container.find('.js-error-lazy-load-diff');
+    const $successContainer = $container.find('.js-success-lazy-load');
+
+    /**
+     * We only fetch resolved discussions.
+     * Unresolved discussions don't have an endpoint being provided.
+     */
+    if (url) {
+      return axios
       .get(url)
       .then(({ data }) => {
+        // Reset state in case last request returned error
+        $successContainer.removeClass('hidden');
+        $errorContainer.addClass('hidden');
+
         Notes.renderDiffContent($container, data);
       })
       .catch(() => {
-        Notes.renderDiffError($container);
+        $successContainer.addClass('hidden');
+        $errorContainer.removeClass('hidden');
       });
+    }
+    return Promise.resolve();
   }
 
   toggleCommitList(e) {

app/assets/javascripts/performance_bar/services/performance_bar_service.js

@@ -10,29 +10,25 @@ export default class PerformanceBarService {
   }
 
   static registerInterceptor(peekUrl, callback) {
-    vueResourceInterceptor = (request, next) => {
-      next(response => {
-        const requestId = response.headers['x-request-id'];
-        const requestUrl = response.url;
-
-        if (requestUrl !== peekUrl && requestId) {
-          callback(requestId, requestUrl);
-        }
-      });
-    };
-
-    Vue.http.interceptors.push(vueResourceInterceptor);
-
-    return axios.interceptors.response.use(response => {
+    const interceptor = response => {
       const requestId = response.headers['x-request-id'];
-      const requestUrl = response.config.url;
+      // Get the request URL from response.config for Axios, and response for
+      // Vue Resource.
+      const requestUrl = (response.config || response).url;
+      const cachedResponse = response.headers['x-gitlab-from-cache'] === 'true';
 
-      if (requestUrl !== peekUrl && requestId) {
+      if (requestUrl !== peekUrl && requestId && !cachedResponse) {
         callback(requestId, requestUrl);
       }
 
       return response;
-    });
+    };
+
+    vueResourceInterceptor = (request, next) => next(interceptor);
+
+    Vue.http.interceptors.push(vueResourceInterceptor);
+
+    return axios.interceptors.response.use(interceptor);
   }
 
   static removeInterceptor(interceptor) {

app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_pipeline_failed.js

-import statusIcon from '../mr_widget_status_icon.vue';
-
-export default {
-  name: 'MRWidgetPipelineBlocked',
-  components: {
-    statusIcon,
-  },
-  template: `
-    <div class="mr-widget-body media">
-      <status-icon status="warning" :show-disabled-button="true" />
-      <div class="media-body space-children">
-        <span class="bold">
-          The pipeline for this merge request failed. Please retry the job or push a new commit to fix the failure
-        </span>
-      </div>
-    </div>
-  `,
-};

app/assets/javascripts/vue_merge_request_widget/components/states/pipeline_failed.vue

+<script>
+import statusIcon from '../mr_widget_status_icon.vue';
+
+export default {
+  name: 'PipelineFailed',
+  components: {
+    statusIcon,
+  },
+};
+</script>
+
+<template>
+  <div class="mr-widget-body media">
+    <status-icon
+      status="warning"
+      :show-disabled-button="true"
+    />
+    <div class="media-body space-children">
+      <span class="bold">
+        {{ s__(`mrWidget|The pipeline for this merge request failed.
+Please retry the job or push a new commit to fix the failure`) }}
+      </span>
+    </div>
+  </div>
+</template>

app/assets/javascripts/vue_merge_request_widget/dependencies.js

@@ -31,7 +31,7 @@ export { default as ReadyToMergeState } from './components/states/ready_to_merge
 export { default as ShaMismatchState } from './components/states/sha_mismatch.vue';
 export { default as UnresolvedDiscussionsState } from './components/states/unresolved_discussions.vue';
 export { default as PipelineBlockedState } from './components/states/mr_widget_pipeline_blocked.vue';
-export { default as PipelineFailedState } from './components/states/mr_widget_pipeline_failed';
+export { default as PipelineFailedState } from './components/states/pipeline_failed.vue';
 export { default as MergeWhenPipelineSucceedsState } from './components/states/mr_widget_merge_when_pipeline_succeeds.vue';
 export { default as RebaseState } from './components/states/mr_widget_rebase.vue';
 export { default as AutoMergeFailed } from './components/states/mr_widget_auto_merge_failed.vue';

app/assets/javascripts/vue_shared/components/commit.vue

@@ -175,7 +175,7 @@
         </a>
       </span>
       <span v-else>
-        Cant find HEAD commit for this branch
+        Can't find HEAD commit for this branch
       </span>
     </div>
   </div>

app/assets/stylesheets/framework/buttons.scss

@@ -504,3 +504,7 @@ fieldset[disabled] .btn,
     @extend %disabled;
   }
 }
+
+.btn-no-padding {
+  padding: 0;
+}

app/assets/stylesheets/pages/diff.scss

@@ -160,6 +160,11 @@
         }
       }
     }
+
+    .diff-loading-error-block {
+      padding: $gl-padding * 2 $gl-padding;
+      text-align: center;
+    }
   }
 
   .image {

app/assets/stylesheets/pages/merge_requests.scss

@@ -762,3 +762,20 @@
     max-width: 100%;
   }
 }
+
+// Hack alert: we've rewritten `btn` class in a way that
+// we've broken it and it is not possible to use with `btn-link`
+// which causes a blank button when it's disabled and hovering
+// The css in here is the boostrap one
+.btn-link-retry {
+  &[disabled] {
+    cursor: not-allowed;
+    box-shadow: none;
+    opacity: .65;
+
+    &:hover {
+      color: $file-mode-changed;
+      text-decoration: none;
+    }
+  }
+}

app/assets/stylesheets/pages/pipelines.scss

@@ -14,6 +14,11 @@
 
   .commit-title {
     margin: 0;
+    white-space: normal;
+
+    @media (max-width: $screen-sm-max) {
+      justify-content: flex-end;
+    }
   }
 
   .ci-table {

app/helpers/tree_helper.rb

@@ -90,7 +90,7 @@ module TreeHelper
   end
 
   def commit_in_single_accessible_branch
-    branch_name = html_escape(selected_branch)
+    branch_name = ERB::Util.html_escape(selected_branch)
 
     message = _("Your changes can be committed to %{branch_name} because a merge "\
                 "request is open.") % { branch_name: "<strong>#{branch_name}</strong>" }

app/models/ci/group_variable.rb

@@ -4,7 +4,7 @@ module Ci
     include HasVariable
     include Presentable
 
-    belongs_to :group
+    belongs_to :group, class_name: "::Group"
 
     alias_attribute :secret_value, :value
 

app/models/repository.rb

@@ -331,6 +331,7 @@ class Repository
     return unless empty?
 
     expire_method_caches(%i(has_visible_content?))
+    raw_repository.expire_has_local_branches_cache
   end
 
   def lookup_cache

app/services/clusters/gcp/finalize_creation_service.rb

@@ -13,7 +13,7 @@ module Clusters
       rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
         provider.make_errored!("Failed to request to CloudPlatform; #{e.message}")
       rescue ActiveRecord::RecordInvalid => e
-        provider.make_errored!("Failed to configure GKE Cluster: #{e.message}")
+        provider.make_errored!("Failed to configure Google Kubernetes Engine Cluster: #{e.message}")
       end
 
       private

app/views/discussions/_diff_with_notes.html.haml

@@ -7,7 +7,7 @@
 - unless expanded
   - diff_data = { lines_path: project_merge_request_discussion_path(discussion.project, discussion.noteable, discussion) }
 
-.diff-file.file-holder{ class: diff_file_class, data: diff_data }
+.diff-file.file-holder.js-lazy-load-discussion{ class: diff_file_class, data: diff_data }
   .js-file-title.file-title.file-title-flex-parent
     .file-header-content
       = render "projects/diffs/file_header", diff_file: diff_file, url: discussion_path(discussion), show_toggle: false
@@ -28,8 +28,11 @@
           %tr.line_holder.line-holder-placeholder
             %td.old_line.diff-line-num
             %td.new_line.diff-line-num
-            %td.line_content
+            %td.line_content.js-success-lazy-load
               .js-code-placeholder
+            %td.js-error-lazy-load-diff.hidden.diff-loading-error-block
+              - button = button_tag(_("Try again"), class: "btn-link btn-link-retry btn-no-padding js-toggle-lazy-diff-retry-button")
+              = _("Unable to load the diff. %{button_try_again}").html_safe % { button_try_again: button}
           = render "discussions/diff_discussion", discussions: [discussion], expanded: true
   - else
     - partial = (diff_file.new_file? || diff_file.deleted_file?) ? 'single_image_diff' : 'replaced_image_diff'

app/views/projects/clusters/new.html.haml

@@ -8,6 +8,6 @@
     %h4.prepend-top-0= s_('ClusterIntegration|Choose how to set up Kubernetes cluster integration')
 
     %p= s_('ClusterIntegration|Create a new Kubernetes cluster on Google Kubernetes Engine right from GitLab')
-    = link_to s_('ClusterIntegration|Create on GKE'), gcp_new_namespace_project_clusters_path(@project.namespace, @project), class: 'btn append-bottom-20'
+    = link_to s_('ClusterIntegration|Create on Google Kubernetes Engine'), gcp_new_namespace_project_clusters_path(@project.namespace, @project), class: 'btn append-bottom-20'
     %p= s_('ClusterIntegration|Enter the details for an existing Kubernetes cluster')
     = link_to s_('ClusterIntegration|Add an existing Kubernetes cluster'), user_new_namespace_project_clusters_path(@project.namespace, @project), class: 'btn append-bottom-20'

app/views/projects/commits/_commit.html.haml

@@ -22,7 +22,7 @@
       = author_avatar(commit, size: 36)
 
     .commit-detail.flex-list
-      .commit-content
+      .commit-content.qa-commit-content
         - if view_details && merge_request
           = link_to commit.title, project_commit_path(project, commit.id, merge_request_iid: merge_request.iid), class: "commit-row-message item-title"
         - else

app/views/projects/pipelines/new.html.haml

 - breadcrumb_title "Pipelines"
-- page_title "New Pipeline"
+- page_title = s_("Pipeline|Run Pipeline")
 
 %h3.page-title
-  New Pipeline
+  = s_("Pipeline|Run Pipeline")
 %hr
 
 = form_for @pipeline, as: :pipeline, url: project_pipelines_path(@project), html: { id: "new-pipeline-form", class: "js-new-pipeline-form js-requires-input" } do |f|
   = form_errors(@pipeline)
   .form-group.row
-    = f.label :ref, 'Create for', class: 'col-form-label col-sm-2'
+    = f.label :ref, s_('Pipeline|Run on'), class: 'col-form-label col-sm-2'
     .col-sm-10
       = hidden_field_tag 'pipeline[ref]', params[:ref] || @project.default_branch
       = dropdown_tag(params[:ref] || @project.default_branch,
                      options: { toggle_class: 'js-branch-select wide git-revision-dropdown-toggle',
-                                filter: true, dropdown_class: "dropdown-menu-selectable git-revision-dropdown", placeholder: "Search branches",
+                                filter: true, dropdown_class: "dropdown-menu-selectable git-revision-dropdown", placeholder: s_("Pipeline|Search branches"),
                                 data: { selected: params[:ref] || @project.default_branch, field_name: 'pipeline[ref]' } })
-      .form-text.text-muted Existing branch name, tag
+      .form-text.text-muted
+        = s_("Pipeline|Existing branch name, tag")
   .form-actions
-    = f.submit 'Create pipeline', class: 'btn btn-create', tabindex: 3
-    = link_to 'Cancel', project_pipelines_path(@project), class: 'btn btn-cancel'
+    = f.submit s_('Pipeline|Run pipeline'), class: 'btn btn-success', tabindex: 3
+    = link_to 'Cancel', project_pipelines_path(@project), class: 'btn btn-default pull-right'
 
 -# haml-lint:disable InlineJavaScript
 %script#availableRefs{ type: "application/json" }= @project.repository.ref_names.to_json.html_safe

app/views/projects/protected_branches/_create_protected_branch.html.haml

@@ -7,8 +7,8 @@
 - content_for :push_access_levels do
   .push_access_levels-container
     = dropdown_tag('Select',
-                    options: { toggle_class: 'js-allowed-to-push wide',
-                    dropdown_class: 'dropdown-menu-selectable capitalize-header',
+                    options: { toggle_class: 'js-allowed-to-push qa-allowed-to-push-select wide',
+                    dropdown_class: 'dropdown-menu-selectable qa-allowed-to-push-dropdown capitalize-header',
                     data: { field_name: 'protected_branch[push_access_levels_attributes][0][access_level]', input_id: 'push_access_levels_attributes' }})
 
 = render 'projects/protected_branches/shared/create_protected_branch'

app/views/projects/protected_branches/_update_protected_branch.html.haml

@@ -6,5 +6,5 @@
 %td
   = hidden_field_tag "allowed_to_push_#{protected_branch.id}", protected_branch.push_access_levels.first.access_level
   = dropdown_tag( (protected_branch.push_access_levels.first.humanize || 'Select') ,
-                 options: { toggle_class: 'js-allowed-to-push', dropdown_class: 'dropdown-menu-selectable js-allowed-to-push-container capitalize-header',
+                 options: { toggle_class: 'js-allowed-to-push qa-allowed-to-push', dropdown_class: 'dropdown-menu-selectable js-allowed-to-push-container capitalize-header',
                  data: { field_name: "allowed_to_push_#{protected_branch.id}", access_level_id: protected_branch.push_access_levels.first.id }})

app/views/projects/protected_branches/shared/_branches_list.html.haml

-.protected-branches-list.js-protected-branches-list
+.protected-branches-list.js-protected-branches-list.qa-protected-branches-list
   - if @protected_branches.empty?
     .card-header
       %h3.card-title

app/views/projects/protected_branches/shared/_dropdown.html.haml

 = f.hidden_field(:name)
 
 = dropdown_tag('Select branch or create wildcard',
-               options: { toggle_class: 'js-protected-branch-select js-filter-submit wide git-revision-dropdown-toggle',
-                          filter: true, dropdown_class: "dropdown-menu-selectable git-revision-dropdown", placeholder: "Search protected branches",
+               options: { toggle_class: 'js-protected-branch-select js-filter-submit wide git-revision-dropdown-toggle qa-protected-branch-select',
+                          filter: true, dropdown_class: "dropdown-menu-selectable git-revision-dropdown qa-protected-branch-dropdown", placeholder: "Search protected branches",
                           footer_content: true,
                           data: { show_no: true, show_any: true, show_upcoming: true,
                                   selected: params[:protected_branch_name],

app/views/projects/protected_branches/shared/_index.html.haml

@@ -4,7 +4,7 @@
   .settings-header
     %h4
       Protected Branches
-    %button.btn.js-settings-toggle{ type: 'button' }
+    %button.btn.js-settings-toggle.qa-expand-protected-branches{ type: 'button' }
       = expanded ? 'Collapse' : 'Expand'
     %p
       Keep stable branches secure and force developers to use merge requests.

app/views/projects/protected_branches/shared/_protected_branch.html.haml

@@ -2,7 +2,7 @@
 
 %tr.js-protected-branch-edit-form{ data: { url: namespace_project_protected_branch_path(@project.namespace, @project, protected_branch) } }
   %td
-    %span.ref-name= protected_branch.name
+    %span.ref-name.qa-protected-branch-name= protected_branch.name
 
     - if @project.root_ref?(protected_branch.name)
       %span.badge.badge-info.prepend-left-5 default

app/views/shared/_ref_switcher.html.haml

@@ -8,8 +8,13 @@
   - @options && @options.each do |key, value|
     = hidden_field_tag key, value, id: nil
   .dropdown
+<<<<<<< HEAD
     = dropdown_toggle dropdown_toggle_text, { toggle: "dropdown", selected: dropdown_toggle_text, ref: @ref, refs_url: refs_project_path(@project, sort: 'updated_desc'), field_name: 'ref', submit_form_on_click: true, visit: true }, { toggle_class: "js-project-refs-dropdown" }
     .dropdown-menu.dropdown-menu-selectable.git-revision-dropdown.dropdown-menu-paging{ class: ("dropdown-menu-right" if local_assigns[:align_right]) }
+=======
+    = dropdown_toggle dropdown_toggle_text, { toggle: "dropdown", selected: dropdown_toggle_text, ref: @ref, refs_url: refs_project_path(@project, sort: 'updated_desc'), field_name: 'ref', submit_form_on_click: true, visit: true }, { toggle_class: "js-project-refs-dropdown qa-branches-select" }
+    .dropdown-menu.dropdown-menu-selectable.git-revision-dropdown.dropdown-menu-paging.qa-branches-dropdown{ class: ("dropdown-menu-align-right" if local_assigns[:align_right]) }
+>>>>>>> master
       .dropdown-page-one
         = dropdown_title _("Switch branch/tag")
         = dropdown_filter _("Search branches and tags")

bin/secpick

+#!/usr/bin/env ruby
+require 'optparse'
+require 'open3'
+require 'rainbow/refinement'
+using Rainbow
+
+BRANCH_PREFIX = 'security'.freeze
+STABLE_BRANCH_SUFFIX = 'stable'.freeze
+REMOTE = 'dev'.freeze
+
+options = { version: nil, branch: nil, sha: nil }
+
+parser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{$0} [options]"
+  opts.on('-v', '--version 10.0', 'Version') do |version|
+    options[:version] = version&.tr('.', '-')
+  end
+
+  opts.on('-b', '--branch security-fix-branch', 'Original branch name') do |branch|
+    options[:branch] = branch
+  end
+
+  opts.on('-s', '--sha abcd', 'SHA to cherry pick') do |sha|
+    options[:sha] = sha
+  end
+
+  opts.on('-h', '--help', 'Displays Help') do
+    puts opts
+
+    exit
+  end
+end
+
+parser.parse!
+
+abort("Missing options. Use #{$0} --help to see the list of options available".red) if options.values.include?(nil)
+abort("Wrong version format #{options[:version].bold}".red) unless options[:version] =~ /\A\d*\-\d*\Z/
+
+branch = [BRANCH_PREFIX, options[:branch], options[:version]].join('-').freeze
+stable_branch = "#{options[:version]}-#{STABLE_BRANCH_SUFFIX}".freeze
+
+command = "git checkout #{stable_branch} && git pull #{REMOTE} #{stable_branch} && git checkout -B #{branch} && git cherry-pick #{options[:sha]} && git push #{REMOTE} #{branch}"
+
+_stdin, stdout, stderr = Open3.popen3(command)
+
+puts stdout.read&.green
+puts stderr.read&.red

changelogs/unreleased/21677-run-pipeline-word.yml

+---
+title: Improves wording in new pipeline page
+merge_request:
+author:
+type: other

changelogs/unreleased/43404-pipelines-commit.yml

+---
+title: Breaks commit not found message in pipelines table
+merge_request:
+author:
+type: fixed

changelogs/unreleased/43567-replace-gke.yml

+---
+title: Replace GKE acronym with Google Kubernetes Engine
+merge_request:
+author:
+type: other

changelogs/unreleased/44985-fix-protected-branch-delete-modal.yml

+---
+title: Fix confirmation modal for deleting a protected branch
+merge_request: 18176
+author: Paul Bonaud @PaulRbR
+type: fixed

changelogs/unreleased/45271-collpased-diff-loading.yml

+---
+title: Fixes unresolved discussions rendering the error state instead of the diff
+merge_request:
+author:
+type: fixed

changelogs/unreleased/45363-optional-params-on-api-endpoint-produce-invalid-pagination-header-links.yml

+---
+title: '[API] Fix URLs in the `Link` header for `GET /projects/:id/repository/contributors`
+  when no value is passed for `order_by` or `sort`'
+merge_request: 18393
+author:
+type: fixed

changelogs/unreleased/45436-markdown-is-not-rendering-error-loading-viewer-undefined-method-html_escape.yml

+---
+title: Fix undefined `html_escape` method during markdown rendering
+merge_request: 18418
+author:
+type: fixed

changelogs/unreleased/fix-gb-fix-empty-secret-variables.yml

+---
+title: Fix a case with secret variables being empty sometimes
+merge_request: 18400
+author:
+type: fixed

changelogs/unreleased/ide-subgroup-fix.yml

+---
+title: Fixed IDE not loading for sub groups
+merge_request:
+author:
+type: fixed

changelogs/unreleased/ide-tree-loading-fix.yml

+---
+title: Fixed IDE not showing loading state when tree is loading
+merge_request:
+author:
+type: fixed

changelogs/unreleased/move-pipeline-failed-vue-component.yml

+---
+title: Move PipelineFailed vue component
+merge_request: 18277
+author: George Tsiolis
+type: performance

changelogs/unreleased/sh-memoize-repository-empty.yml

+---
+title: Memoize Git::Repository#has_visible_content?
+merge_request:
+author:
+type: performance

config/initializers/forbid_sidekiq_in_transactions.rb

@@ -27,16 +27,8 @@ module Sidekiq
                 Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead.
                 MSG
               rescue Sidekiq::Worker::EnqueueFromTransactionError => e
-                if Rails.env.production?
-                  Rails.logger.error(e.message)
-
-                  if Gitlab::Sentry.enabled?
-                    Gitlab::Sentry.context
-                    Raven.capture_exception(e)
-                  end
-                else
-                  raise
-                end
+                Rails.logger.error(e.message) if Rails.env.production?
+                Gitlab::Sentry.track_exception(e)
               end
             end
 

doc/api/repositories.md

@@ -183,7 +183,7 @@ GET /projects/:id/repository/contributors
 Parameters:
 
 - `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
-- `order_by` (optional) - Return contributors ordered by `name`, `email`, or `commits` fields. If not given contributors are ordered by commit date.
+- `order_by` (optional) - Return contributors ordered by `name`, `email`, or `commits` (orders by commit date) fields. Default is `commits`
 - `sort` (optional) - Return contributors sorted in `asc` or `desc` order. Default is `asc`
 
 Response:

doc/development/fe_guide/vue.md

@@ -523,7 +523,7 @@ export default new Vuex.Store({
 ```
 _Note:_ If the state of the application is too complex, an individual file for the state may be better.
 
-#### `actions.js`
+##### `actions.js`
 An action commits a mutatation. In this file, we will write the actions that will call the respective mutation:
 
 ```javascript
@@ -550,7 +550,7 @@ import { mapActions } from 'vuex';
 };
 ```
 
-#### `getters.js`
+##### `getters.js`
 Sometimes we may need to get derived state based on store state, like filtering for a specific prop. This can be done through the `getters`:
 
 ```javascript
@@ -573,7 +573,7 @@ import { mapGetters } from 'vuex';
 };
 ```
 
-#### `mutations.js`
+##### `mutations.js`
 The only way to actually change state in a Vuex store is by committing a mutation.
 
 ```javascript
@@ -586,7 +586,7 @@ The only way to actually change state in a Vuex store is by committing a mutatio
   };
 ```
 
-#### `mutations_types.js`
+##### `mutations_types.js`
 From [vuex mutations docs][vuex-mutations]:
 > It is a commonly seen pattern to use constants for mutation types in various Flux implementations. This allows the code to take advantage of tooling like linters, and putting all constants in a single file allows your collaborators to get an at-a-glance view of what mutations are possible in the entire application.
 

doc/development/i18n/proofreader.md

@@ -23,6 +23,7 @@ are very appreciative of the work done by translators and proofreaders!
 - Italian
   - Paolo Falomo - [GitLab](https://gitlab.com/paolofalomo), [Crowdin](https://crowdin.com/profile/paolo.falomo)
 - Japanese
+  - Yamana Tokiuji - [GitLab](https://gitlab.com/tokiuji), [Crowdin](https://crowdin.com/profile/yamana)
 - Korean
   - Chang-Ho Cha - [GitLab](https://gitlab.com/changho-cha), [Crowdin](https://crowdin.com/profile/zzazang)
   - Huang Tao - [GitLab](https://gitlab.com/htve), [Crowdin](https://crowdin.com/profile/htve)

doc/install/README.md

@@ -31,8 +31,8 @@ the hardware requirements.
 - [Install GitLab on DC/OS](https://mesosphere.com/blog/gitlab-dcos/) via [GitLab-Mesosphere integration](https://about.gitlab.com/2016/09/16/announcing-gitlab-and-mesosphere/)
 - [Install GitLab on Azure](azure/index.md)
 - [Install GitLab on Google Cloud Platform](google_cloud_platform/index.md)
-- [Install GitLab on Google Container Engine (GKE)](https://about.gitlab.com/2017/01/23/video-tutorial-idea-to-production-on-google-container-engine-gke/): video tutorial on
-the full process of installing GitLab on Google Container Engine (GKE), pushing an application to GitLab, building the app with GitLab CI/CD, and deploying to production.
+- [Install GitLab on Google Kubernetes Engine (GKE)](https://about.gitlab.com/2017/01/23/video-tutorial-idea-to-production-on-google-container-engine-gke/): video tutorial on
+the full process of installing GitLab on Google Kubernetes Engine (GKE), pushing an application to GitLab, building the app with GitLab CI/CD, and deploying to production.
 - [Install on AWS](https://about.gitlab.com/aws/)
 - _Testing only!_ [DigitalOcean and Docker Machine](digitaloceandocker.md) -
   Quickly test any version of GitLab on DigitalOcean using Docker Machine.

doc/install/installation.md

@@ -93,9 +93,9 @@ Is the system packaged Git too old? Remove it and compile from source.
 
     # Download and compile from source
     cd /tmp
-    curl --remote-name --progress https://www.kernel.org/pub/software/scm/git/git-2.16.2.tar.gz
-    echo '9acc4339b7a2ab484eea69d705923271682b7058015219cf5a7e6ed8dee5b5fb  git-2.16.2.tar.gz' | shasum -a256 -c - && tar -xzf git-2.16.2.tar.gz
-    cd git-2.16.2/
+    curl --remote-name --progress https://www.kernel.org/pub/software/scm/git/git-2.16.3.tar.gz
+    echo 'dda229e9c73f4fbb7d4324e0d993e11311673df03f73b194c554c2e9451e17cd  git-2.16.3.tar.gz' | shasum -a256 -c - && tar -xzf git-2.16.3.tar.gz
+    cd git-2.16.3/
     ./configure
     make prefix=/usr/local all
 

features/project/builds/permissions.feature

-Feature: Project Builds Permissions
-  Background:
-    Given I sign in as a user
-    And project exists in some group namespace
-    And project has CI enabled
-    And project has a recent build
-
-  Scenario: I try to visit build details as guest
-    Given I am member of a project with a guest role
-    When I visit recent build details page
-    Then page status code should be 404
-
-  Scenario: I try to visit project builds page as guest
-    Given I am member of a project with a guest role
-    When I visit project builds page
-    Then page status code should be 404
-
-  Scenario: I try to visit build details of internal project without access to builds
-    Given The project is internal
-    And public access for builds is disabled
-    When I visit recent build details page
-    Then page status code should be 404
-
-  Scenario: I try to visit internal project builds page without access to builds
-    Given The project is internal
-    And public access for builds is disabled
-    When I visit project builds page
-    Then page status code should be 404
-
-  @javascript
-  Scenario: I try to visit build details of internal project with access to builds
-    Given The project is internal
-    And public access for builds is enabled
-    When I visit recent build details page
-    Then I see details of a build
-    And I see build trace
-
-  Scenario: I try to visit internal project builds page with access to builds
-    Given The project is internal
-    And public access for builds is enabled
-    When I visit project builds page
-    Then I see the build
-
-  Scenario: I try to download build artifacts as guest
-    Given I am member of a project with a guest role
-    And recent build has artifacts available
-    When I access artifacts download page
-    Then page status code should be 404
-
-  Scenario: I try to download build artifacts as reporter
-    Given I am member of a project with a reporter role
-    And recent build has artifacts available
-    When I access artifacts download page
-    Then download of build artifacts archive starts

features/steps/project/builds/permissions.rb

-class Spinach::Features::ProjectBuildsPermissions < Spinach::FeatureSteps
-  include SharedAuthentication
-  include SharedProject
-  include SharedBuilds
-  include SharedPaths
-  include RepoHelpers
-end

features/steps/shared/builds.rb

@@ -30,10 +30,6 @@ module SharedBuilds
     visit project_job_path(@project, @build)
   end
 
-  step 'I visit project builds page' do
-    visit project_jobs_path(@project)
-  end
-
   step 'recent build has artifacts available' do
     artifacts = Rails.root + 'spec/fixtures/ci_build_artifacts.zip'
     archive = fixture_file_upload(artifacts, 'application/zip')
@@ -54,25 +50,4 @@ module SharedBuilds
     expect(page.response_headers['Content-Type']).to eq 'application/zip'
     expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
   end
-
-  step 'I access artifacts download page' do
-    visit download_project_job_artifacts_path(@project, @build)
-  end
-
-  step 'I see details of a build' do
-    expect(page).to have_content "Job ##{@build.id}"
-  end
-
-  step 'I see build trace' do
-    expect(page).to have_css '#build-trace'
-  end
-
-  step 'I see the build' do
-    page.within('.build') do
-      expect(page).to have_content "##{@build.id}"
-      expect(page).to have_content @build.sha[0..7]
-      expect(page).to have_content @build.ref
-      expect(page).to have_content @build.name
-    end
-  end
 end

features/steps/shared/paths.rb

@@ -435,12 +435,4 @@ module SharedPaths
     mr = MergeRequest.find_by(title: title)
     project_merge_request_path(mr.target_project, mr)
   end
-
-  # ----------------------------------------
-  # Errors
-  # ----------------------------------------
-
-  step 'page status code should be 404' do
-    expect(status_code).to eq 404
-  end
 end

features/steps/shared/project.rb

@@ -13,11 +13,6 @@ module SharedProject
     @project.add_master(@user)
   end
 
-  step "project exists in some group namespace" do
-    @group = create(:group, name: 'some group')
-    @project = create(:project, :repository, namespace: @group, public_builds: false)
-  end
-
   # Create a specific project called "Shop"
   step 'I own project "Shop"' do
     @project = Project.find_by(name: "Shop")
@@ -29,18 +24,6 @@ module SharedProject
     @project ||= Project.first
   end
 
-  # ----------------------------------------
-  # Project permissions
-  # ----------------------------------------
-
-  step 'I am member of a project with a guest role' do
-    @project.add_guest(@user)
-  end
-
-  step 'I am member of a project with a reporter role' do
-    @project.add_reporter(@user)
-  end
-
   # ----------------------------------------
   # Visibility of archived project
   # ----------------------------------------
@@ -140,18 +123,6 @@ module SharedProject
     create(:label, project: project, title: 'enhancement')
   end
 
-  step 'The project is internal' do
-    @project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
-  end
-
-  step 'public access for builds is enabled' do
-    @project.update(public_builds: true)
-  end
-
-  step 'public access for builds is disabled' do
-    @project.update(public_builds: false)
-  end
-
   def user_owns_project(user_name:, project_name:, visibility: :private)
     user = user_exists(user_name, username: user_name.gsub(/\s/, '').underscore)
     project = Project.find_by(name: project_name)

lib/api/repositories.rb

@@ -111,8 +111,8 @@ module API
       end
       params do
         use :pagination
-        optional :order_by, type: String, values: %w[email name commits], default: nil, desc: 'Return contributors ordered by `name` or `email` or `commits`'
-        optional :sort, type: String, values: %w[asc desc], default: nil, desc: 'Sort by asc (ascending) or desc (descending)'
+        optional :order_by, type: String, values: %w[email name commits], default: 'commits', desc: 'Return contributors ordered by `name` or `email` or `commits`'
+        optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)'
       end
       get ':id/repository/contributors' do
         begin

lib/banzai/renderer/common_mark/html.rb

@@ -9,7 +9,7 @@ module Banzai
             lang_attr = lang.present? ? %Q{ lang="#{lang}"} : ''
             result    =
               "<pre>" \
-                "<code#{lang_attr}>#{html_escape(code)}</code>" \
+                "<code#{lang_attr}>#{ERB::Util.html_escape(code)}</code>" \
               "</pre>"
 
             out(result)

lib/banzai/renderer/redcarpet/html.rb

@@ -6,7 +6,7 @@ module Banzai
           lang_attr = lang ? %Q{ lang="#{lang}"} : ''
 
           "\n<pre>" \
-            "<code#{lang_attr}>#{html_escape(code)}</code>" \
+            "<code#{lang_attr}>#{ERB::Util.html_escape(code)}</code>" \
           "</pre>"
         end
       end

lib/gitlab.rb

@@ -10,11 +10,15 @@ module Gitlab
     Gitlab.config.gitlab.url == COM_URL || gl_subdomain?
   end
 
+  def self.org?
+    Gitlab.config.gitlab.url == 'https://dev.gitlab.org'
+  end
+
   def self.gl_subdomain?
     SUBDOMAIN_REGEX === Gitlab.config.gitlab.url
   end
 
   def self.dev_env_or_com?
-    Rails.env.test? || Rails.env.development? || com?
+    Rails.env.test? || Rails.env.development? || org? || com?
   end
 end

lib/gitlab/diff/highlight.rb

@@ -33,10 +33,7 @@ module Gitlab
             # match the blob, which is a bug. But we shouldn't fail to render
             # completely in that case, even though we want to report the error.
             rescue RangeError => e
-              if Gitlab::Sentry.enabled?
-                Gitlab::Sentry.context
-                Raven.capture_exception(e)
-              end
+              Gitlab::Sentry.track_exception(e, issue_url: 'https://gitlab.com/gitlab-org/gitlab-ce/issues/45441')
             end
           end
 

lib/gitlab/ee_compat_check.rb

@@ -5,7 +5,7 @@ module Gitlab
     CANONICAL_CE_PROJECT_URL = 'https://gitlab.com/gitlab-org/gitlab-ce'.freeze
     CANONICAL_EE_REPO_URL = 'https://gitlab.com/gitlab-org/gitlab-ee.git'.freeze
     CHECK_DIR = Rails.root.join('ee_compat_check')
-    IGNORED_FILES_REGEX = %r{VERSION|CHANGELOG\.md|db/schema\.rb}i.freeze
+    IGNORED_FILES_REGEX = %r{VERSION|CHANGELOG\.md|db/schema\.rb|locale/gitlab\.pot}i.freeze
     PLEASE_READ_THIS_BANNER = %Q{
       ============================================================
       ===================== PLEASE READ THIS =====================

lib/gitlab/etag_caching/middleware.rb

@@ -50,7 +50,7 @@ module Gitlab
 
         status_code = Gitlab::PollingInterval.polling_enabled? ? 304 : 429
 
-        [status_code, { 'ETag' => etag }, []]
+        [status_code, { 'ETag' => etag, 'X-Gitlab-From-Cache' => 'true' }, []]
       end
 
       def track_cache_miss(if_none_match, cached_value_present, route)

lib/gitlab/git/repository.rb

@@ -9,6 +9,7 @@ module Gitlab
       include Gitlab::Git::RepositoryMirroring
       include Gitlab::Git::Popen
       include Gitlab::EncodingHelper
+      include Gitlab::Utils::StrongMemoize
 
       ALLOWED_OBJECT_DIRECTORIES_VARIABLES = %w[
         GIT_OBJECT_DIRECTORY
@@ -231,13 +232,13 @@ module Gitlab
         end
       end
 
+      def expire_has_local_branches_cache
+        clear_memoization(:has_local_branches)
+      end
+
       def has_local_branches?
-        gitaly_migrate(:has_local_branches, status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT) do |is_enabled|
-          if is_enabled
-            gitaly_repository_client.has_local_branches?
-          else
-            has_local_branches_rugged?
-          end
+        strong_memoize(:has_local_branches) do
+          uncached_has_local_branches?
         end
       end
 
@@ -1559,6 +1560,16 @@ module Gitlab
 
       private
 
+      def uncached_has_local_branches?
+        gitaly_migrate(:has_local_branches, status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT) do |is_enabled|
+          if is_enabled
+            gitaly_repository_client.has_local_branches?
+          else
+            has_local_branches_rugged?
+          end
+        end
+      end
+
       def local_write_ref(ref_path, ref, old_ref: nil, shell: true)
         if shell
           shell_write_ref(ref_path, ref, old_ref)

lib/gitlab/sentry.rb

@@ -18,6 +18,25 @@ module Gitlab
       end
     end
 
+    # This can be used for investigating exceptions that can be recovered from in
+    # code. The exception will still be raised in development and test
+    # environments.
+    #
+    # That way we can track down these exceptions with as much information as we
+    # need to resolve them.
+    #
+    # Provide an issue URL for follow up.
+    def self.track_exception(exception, issue_url: nil, extra: {})
+      if enabled?
+        extra[:issue_url] = issue_url if issue_url
+        context # Make sure we've set everything we know in the context
+
+        Raven.capture_exception(exception, extra: extra)
+      end
+
+      raise exception if should_raise?
+    end
+
     def self.program_context
       if Sidekiq.server?
         'sidekiq'
@@ -25,5 +44,9 @@ module Gitlab
         'rails'
       end
     end
+
+    def self.should_raise?
+      Rails.env.development? || Rails.env.test?
+    end
   end
 end

qa/qa.rb

@@ -31,6 +31,7 @@ module QA
       autoload :Project, 'qa/factory/resource/project'
       autoload :MergeRequest, 'qa/factory/resource/merge_request'
       autoload :DeployKey, 'qa/factory/resource/deploy_key'
+      autoload :Branch, 'qa/factory/resource/branch'
       autoload :SecretVariable, 'qa/factory/resource/secret_variable'
       autoload :Runner, 'qa/factory/resource/runner'
       autoload :PersonalAccessToken, 'qa/factory/resource/personal_access_token'
@@ -132,6 +133,7 @@ module QA
         autoload :Repository, 'qa/page/project/settings/repository'
         autoload :CICD, 'qa/page/project/settings/ci_cd'
         autoload :DeployKeys, 'qa/page/project/settings/deploy_keys'
+        autoload :ProtectedBranches, 'qa/page/project/settings/protected_branches'
         autoload :SecretVariables, 'qa/page/project/settings/secret_variables'
         autoload :Runners, 'qa/page/project/settings/runners'
         autoload :MergeRequest, 'qa/page/project/settings/merge_request'

qa/qa/factory/resource/branch.rb

+module QA
+  module Factory
+    module Resource
+      class Branch < Factory::Base
+        attr_accessor :project, :branch_name, :allow_to_push, :protected
+
+        dependency Factory::Resource::Project, as: :project do |project|
+          project.name = 'protected-branch-project'
+        end
+
+        product :name do
+          Page::Project::Settings::Repository.act do
+            expand_protected_branches(&:last_branch_name)
+          end
+        end
+
+        product :push_allowance do
+          Page::Project::Settings::Repository.act do
+            expand_protected_branches(&:last_push_allowance)
+          end
+        end
+
+        def initialize
+          @branch_name = 'test/branch'
+          @allow_to_push = true
+          @protected = false
+        end
+
+        def fabricate!
+          project.visit!
+
+          Factory::Repository::Push.fabricate! do |resource|
+            resource.project = project
+            resource.file_name = 'kick-off.txt'
+            resource.commit_message = 'First commit'
+          end
+
+          branch = Factory::Repository::Push.fabricate! do |resource|
+            resource.project = project
+            resource.file_name = 'README.md'
+            resource.commit_message = 'Add readme'
+            resource.branch_name = "master:#{@branch_name}"
+          end
+
+          Page::Project::Show.act { wait_for_push }
+
+          # The upcoming process will make it access the Protected Branches page,
+          # select the already created branch and protect it according
+          # to `allow_to_push` variable.
+          return branch unless @protected
+
+          Page::Menu::Side.act do
+            click_repository_settings
+          end
+
+          Page::Project::Settings::Repository.perform do |setting|
+            setting.expand_protected_branches do |page|
+              page.select_branch(branch_name)
+
+              if allow_to_push
+                page.allow_devs_and_masters_to_push
+              else
+                page.allow_no_one_to_push
+              end
+
+              page.protect_branch
+            end
+          end
+        end
+      end
+    end
+  end
+end

qa/qa/git/repository.rb

 require 'cgi'
 require 'uri'
+require 'open3'
 
 module QA
   module Git
     class Repository
       include Scenario::Actable
 
+      attr_reader :push_error
+
       def self.perform(*args)
         Dir.mktmpdir do |dir|
           Dir.chdir(dir) { super }
@@ -65,7 +68,8 @@ module QA
       end
 
       def push_changes(branch = 'master')
-        `git push #{@uri.to_s} #{branch} #{suppress_output}`
+        # capture3 returns stdout, stderr and status.
+        _, @push_error, _ = Open3.capture3("git push #{@uri} #{branch} #{suppress_output}")
       end
 
       def commits

qa/qa/page/project/settings/protected_branches.rb

+module QA
+  module Page
+    module Project
+      module Settings
+        class ProtectedBranches < Page::Base
+          view 'app/views/projects/protected_branches/shared/_dropdown.html.haml' do
+            element :protected_branch_select
+            element :protected_branch_dropdown
+          end
+
+          view 'app/views/projects/protected_branches/_create_protected_branch.html.haml' do
+            element :allowed_to_push_select
+            element :allowed_to_push_dropdown
+          end
+
+          view 'app/views/projects/protected_branches/shared/_branches_list.html.haml' do
+            element :protected_branches_list
+          end
+
+          view 'app/views/projects/protected_branches/shared/_protected_branch.html.haml' do
+            element :protected_branch_name
+          end
+
+          def select_branch(branch_name)
+            click_element :protected_branch_select
+
+            within_element(:protected_branch_dropdown) do
+              click_on branch_name
+            end
+          end
+
+          def allow_no_one_to_push
+            allow_to_push('No one')
+          end
+
+          def allow_devs_and_masters_to_push
+            allow_to_push('Developers + Masters')
+          end
+
+          def protect_branch
+            click_on 'Protect'
+          end
+
+          def last_branch_name
+            within_element(:protected_branches_list) do
+              all('.qa-protected-branch-name').last
+            end
+          end
+
+          def last_push_allowance
+            within_element(:protected_branches_list) do
+              all('.qa-allowed-to-push').last
+            end
+          end
+
+          private
+
+          def allow_to_push(text)
+            click_element :allowed_to_push_select
+
+            within_element(:allowed_to_push_dropdown) do
+              click_on text
+            end
+          end
+        end
+      end
+    end
+  end
+end

qa/qa/page/project/settings/repository.rb

@@ -14,6 +14,12 @@ module QA
               DeployKeys.perform(&block)
             end
           end
+
+          def expand_protected_branches(&block)
+            expand_section('Protected Branches') do
+              ProtectedBranches.perform(&block)
+            end
+          end
         end
       end
     end

qa/qa/page/project/show.rb

@@ -21,6 +21,11 @@ module QA
           element :new_issue_link, "link_to 'New issue', new_project_issue_path(@project)"
         end
 
+        view 'app/views/shared/_ref_switcher.html.haml' do
+          element :branches_select
+          element :branches_dropdown
+        end
+
         def choose_repository_clone_http
           choose_repository_clone('HTTP', 'http')
         end
@@ -44,6 +49,18 @@ module QA
           find('.qa-project-name').text
         end
 
+        def switch_to_branch(branch_name)
+          find_element(:branches_select).click
+
+          within_element(:branches_dropdown) do
+            click_on branch_name
+          end
+        end
+
+        def last_commit_content
+          find_element(:commit_content).text
+        end
+
         def new_merge_request
           wait(reload: true) do
             has_css?(element_selector_css(:create_merge_request))

qa/qa/specs/features/repository/protected_branches_spec.rb

+module QA
+  feature 'branch protection support', :core do
+    given(:branch_name) { 'protected-branch' }
+    given(:commit_message) { 'Protected push commit message' }
+    given(:project) do
+      Factory::Resource::Project.fabricate! do |resource|
+        resource.name = 'protected-branch-project'
+      end
+    end
+    given(:location) do
+      Page::Project::Show.act do
+        choose_repository_clone_http
+        repository_location
+      end
+    end
+
+    before do
+      Runtime::Browser.visit(:gitlab, Page::Main::Login)
+      Page::Main::Login.act { sign_in_using_credentials }
+    end
+
+    scenario 'user is able to protect a branch' do
+      protected_branch = Factory::Resource::Branch.fabricate! do |resource|
+        resource.branch_name = branch_name
+        resource.project = project
+        resource.allow_to_push = true
+        resource.protected = true
+      end
+
+      expect(protected_branch.name).to have_content(branch_name)
+      expect(protected_branch.push_allowance).to have_content('Developers + Masters')
+    end
+
+    scenario 'users without authorization cannot push to protected branch' do
+      Factory::Resource::Branch.fabricate! do |resource|
+        resource.branch_name = branch_name
+        resource.project = project
+        resource.allow_to_push = false
+        resource.protected = true
+      end
+
+      project.visit!
+
+      Git::Repository.perform do |repository|
+        repository.location = location
+        repository.use_default_credentials
+
+        repository.act do
+          clone
+          configure_identity('GitLab QA', 'root@gitlab.com')
+          checkout('protected-branch')
+          commit_file('README.md', 'readme content', 'Add a readme')
+          push_changes('protected-branch')
+        end
+
+        expect(repository.push_error)
+          .to match(/remote\: GitLab\: You are not allowed to push code to protected branches on this project/)
+        expect(repository.push_error)
+          .to match(/\[remote rejected\] #{branch_name} -> #{branch_name} \(pre-receive hook declined\)/)
+      end
+    end
+  end
+end

spec/features/ide_spec.rb

+require 'spec_helper'
+
+describe 'IDE', :js do
+  describe 'sub-groups' do
+    let(:user) { create(:user) }
+    let(:group) { create(:group) }
+    let(:subgroup) { create(:group, parent: group) }
+    let(:subgroup_project) { create(:project, :repository, namespace: subgroup) }
+
+    before do
+      subgroup_project.add_master(user)
+      sign_in(user)
+
+      visit project_path(subgroup_project)
+
+      click_link('Web IDE')
+
+      wait_for_requests
+    end
+
+    it 'loads project in web IDE' do
+      expect(page).to have_selector('.context-header', text: subgroup_project.name)
+    end
+  end
+end

spec/features/merge_request/user_scrolls_to_note_on_load_spec.rb

@@ -27,6 +27,23 @@ describe 'Merge request > User scrolls to note on load', :js do
     expect(fragment_position_top).to be < (page_scroll_y + page_height)
   end
 
+  it 'renders un-collapsed notes with diff' do
+    page.current_window.resize_to(1000, 1000)
+
+    visit "#{project_merge_request_path(project, merge_request)}#{fragment_id}"
+
+    page.execute_script "window.scrollTo(0,0)"
+
+    note_element = find(fragment_id)
+    note_container = note_element.ancestor('.js-toggle-container')
+
+    expect(note_element.visible?).to eq true
+
+    page.within note_container do
+      expect(page).not_to have_selector('.js-error-lazy-load-diff')
+    end
+  end
+
   it 'expands collapsed notes' do
     visit "#{project_merge_request_path(project, merge_request)}#{collapsed_fragment_id}"
     note_element = find(collapsed_fragment_id)

spec/features/projects/clusters/gcp_spec.rb

@@ -33,7 +33,7 @@ feature 'Gcp Cluster', :js do
           visit project_clusters_path(project)
 
           click_link 'Add Kubernetes cluster'
-          click_link 'Create on GKE'
+          click_link 'Create on Google Kubernetes Engine'
         end
 
         context 'when user filled form with valid parameters' do
@@ -139,7 +139,7 @@ feature 'Gcp Cluster', :js do
         visit project_clusters_path(project)
 
         click_link 'Add Kubernetes cluster'
-        click_link 'Create on GKE'
+        click_link 'Create on Google Kubernetes Engine'
 
         fill_in 'cluster_provider_gcp_attributes_gcp_project_id', with: 'gcp-project-123'
         fill_in 'cluster_name', with: 'dev-cluster'
@@ -159,7 +159,7 @@ feature 'Gcp Cluster', :js do
         visit project_clusters_path(project)
 
         click_link 'Add Kubernetes cluster'
-        click_link 'Create on GKE'
+        click_link 'Create on Google Kubernetes Engine'
 
         fill_in 'cluster_provider_gcp_attributes_gcp_project_id', with: 'gcp-project-123'
         fill_in 'cluster_name', with: 'dev-cluster'
@@ -177,7 +177,7 @@ feature 'Gcp Cluster', :js do
       visit project_clusters_path(project)
 
       click_link 'Add Kubernetes cluster'
-      click_link 'Create on GKE'
+      click_link 'Create on Google Kubernetes Engine'
     end
 
     it 'user sees a login page' do

spec/features/projects/clusters_spec.rb

@@ -83,7 +83,7 @@ feature 'Clusters', :js do
       visit project_clusters_path(project)
 
       click_link 'Add Kubernetes cluster'
-      click_link 'Create on GKE'
+      click_link 'Create on Google Kubernetes Engine'
     end
 
     it 'user sees a login page' do

spec/features/projects/files/user_uploads_files_spec.rb

@@ -7,11 +7,11 @@ describe 'Projects > Files > User uploads files' do
     "You're not allowed to make changes to this project directly. "\
     "A fork of this project has been created that you can make changes in, so you can submit a merge request."
   end
-  let(:project) { create(:project, :repository, name: 'Shop') }
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :repository, name: 'Shop', creator: user) }
   let(:project2) { create(:project, :repository, name: 'Another Project', path: 'another-project') }
   let(:project_tree_path_root_ref) { project_tree_path(project, project.repository.root_ref) }
   let(:project2_tree_path_root_ref) { project_tree_path(project2, project2.repository.root_ref) }
-  let(:user) { project.creator }
 
   before do
     project.add_master(user)

spec/features/projects/jobs/permissions_spec.rb

+require 'spec_helper'
+
+describe 'Project Jobs Permissions' do
+  let(:user) { create(:user) }
+  let(:group) { create(:group, name: 'some group') }
+  let(:project) { create(:project, :repository, namespace: group) }
+  let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.sha, ref: 'master') }
+  let!(:job) { create(:ci_build, :running, :coverage, :trace_artifact, pipeline: pipeline) }
+
+  before do
+    sign_in(user)
+
+    project.enable_ci
+  end
+
+  describe 'jobs pages' do
+    shared_examples 'recent job page details responds with status' do |status|
+      before do
+        visit project_job_path(project, job)
+      end
+
+      it { expect(status_code).to eq(status) }
+    end
+
+    shared_examples 'project jobs page responds with status' do |status|
+      before do
+        visit project_jobs_path(project)
+      end
+
+      it { expect(status_code).to eq(status) }
+    end
+
+    context 'when public access for jobs is disabled' do
+      before do
+        project.update(public_builds: false)
+      end
+
+      context 'when user is a guest' do
+        before do
+          project.add_guest(user)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 404
+        it_behaves_like 'project jobs page responds with status', 404
+      end
+
+      context 'when project is internal' do
+        before do
+          project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 404
+        it_behaves_like 'project jobs page responds with status', 404
+      end
+    end
+
+    context 'when public access for jobs is enabled' do
+      before do
+        project.update(public_builds: true)
+      end
+
+      context 'when project is internal' do
+        before do
+          project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+        end
+
+        it_behaves_like 'recent job page details responds with status', 200 do
+          it 'renders job details', :js do
+            expect(page).to have_content "Job ##{job.id}"
+            expect(page).to have_css '#build-trace'
+          end
+        end
+
+        it_behaves_like 'project jobs page responds with status', 200 do
+          it 'renders job' do
+            page.within('.build') do
+              expect(page).to have_content("##{job.id}")
+                .and have_content(job.sha[0..7])
+                .and have_content(job.ref)
+                .and have_content(job.name)
+            end
+          end
+        end
+      end
+    end
+  end
+
+  describe 'artifacts page' do
+    context 'when recent job has artifacts available' do
+      before do
+        artifacts = Rails.root.join('spec/fixtures/ci_build_artifacts.zip')
+        archive = fixture_file_upload(artifacts, 'application/zip')
+
+        job.update_attributes(legacy_artifacts_file: archive)
+      end
+
+      context 'when public access for jobs is disabled' do
+        before do
+          project.update(public_builds: false)
+        end
+
+        context 'when user with guest role' do
+          before do
+            project.add_guest(user)
+          end
+
+          it 'responds with 404 status' do
+            visit download_project_job_artifacts_path(project, job)
+
+            expect(status_code).to eq(404)
+          end
+        end
+
+        context 'when user with reporter role' do
+          before do
+            project.add_reporter(user)
+          end
+
+          it 'starts download artifact' do
+            visit download_project_job_artifacts_path(project, job)
+
+            expect(status_code).to eq(200)
+            expect(page.response_headers['Content-Type']).to eq 'application/zip'
+            expect(page.response_headers['Content-Transfer-Encoding']).to eq 'binary'
+          end
+        end
+      end
+    end
+  end
+end

spec/features/projects/pipelines/pipelines_spec.rb

@@ -517,7 +517,7 @@ describe 'Pipelines', :js do
           end
 
           it 'creates a new pipeline' do
-            expect { click_on 'Create pipeline' }
+            expect { click_on 'Run pipeline' }
               .to change { Ci::Pipeline.count }.by(1)
 
             expect(Ci::Pipeline.last).to be_web
@@ -526,7 +526,7 @@ describe 'Pipelines', :js do
 
         context 'without gitlab-ci.yml' do
           before do
-            click_on 'Create pipeline'
+            click_on 'Run pipeline'
           end
 
           it { expect(page).to have_content('Missing .gitlab-ci.yml file') }
@@ -539,7 +539,7 @@ describe 'Pipelines', :js do
               click_link 'master'
             end
 
-            expect { click_on 'Create pipeline' }
+            expect { click_on 'Run pipeline' }
               .to change { Ci::Pipeline.count }.by(1)
           end
         end
@@ -557,7 +557,7 @@ describe 'Pipelines', :js do
         it 'has field to add a new pipeline' do
           expect(page).to have_selector('.js-branch-select')
           expect(find('.js-branch-select')).to have_content project.default_branch
-          expect(page).to have_content('Create for')
+          expect(page).to have_content('Run on')
         end
       end
 

spec/javascripts/branches/branches_delete_modal_spec.js

+import $ from 'jquery';
+import DeleteModal from '~/branches/branches_delete_modal';
+
+describe('branches delete modal', () => {
+  describe('setDisableDeleteButton', () => {
+    let submitSpy;
+    let $deleteButton;
+
+    beforeEach(() => {
+      setFixtures(`
+        <div id="modal-delete-branch">
+          <form>
+            <button type="submit" class="js-delete-branch">Delete</button>
+          </form>
+        </div>
+      `);
+      $deleteButton = $('.js-delete-branch');
+      submitSpy = jasmine.createSpy('submit').and.callFake(event => event.preventDefault());
+      $('#modal-delete-branch form').on('submit', submitSpy);
+      // eslint-disable-next-line no-new
+      new DeleteModal();
+    });
+
+    it('does not submit if button is disabled', () => {
+      $deleteButton.attr('disabled', true);
+
+      $deleteButton.click();
+
+      expect(submitSpy).not.toHaveBeenCalled();
+    });
+
+    it('submits if button is not disabled', () => {
+      $deleteButton.attr('disabled', false);
+
+      $deleteButton.click();
+
+      expect(submitSpy).toHaveBeenCalled();
+    });
+  });
+});

spec/javascripts/ide/stores/mutations/tree_spec.js

@@ -55,6 +55,16 @@ describe('Multi-file store tree mutations', () => {
       expect(tree.tree[1].name).toBe('submodule');
       expect(tree.tree[2].name).toBe('blob');
     });
+
+    it('keeps loading state', () => {
+      mutations.CREATE_TREE(localState, { treePath: 'project/master' });
+      mutations.SET_DIRECTORY_DATA(localState, {
+        data,
+        treePath: 'project/master',
+      });
+
+      expect(localState.trees['project/master'].loading).toBe(true);
+    });
   });
 
   describe('REMOVE_ALL_CHANGES_FILES', () => {

spec/javascripts/vue_mr_widget/components/states/mr_widget_pipeline_failed_spec.js

 import Vue from 'vue';
-import pipelineFailedComponent from '~/vue_merge_request_widget/components/states/mr_widget_pipeline_failed';
+import PipelineFailed from '~/vue_merge_request_widget/components/states/pipeline_failed.vue';
+import { removeBreakLine } from 'spec/helpers/vue_component_helper';
 
-describe('MRWidgetPipelineFailed', () => {
+describe('PipelineFailed', () => {
   describe('template', () => {
-    const Component = Vue.extend(pipelineFailedComponent);
+    const Component = Vue.extend(PipelineFailed);
     const vm = new Component({
       el: document.createElement('div'),
     });
     it('should have correct elements', () => {
       expect(vm.$el.classList.contains('mr-widget-body')).toBeTruthy();
       expect(vm.$el.querySelector('button').getAttribute('disabled')).toBeTruthy();
-      expect(vm.$el.innerText).toContain('The pipeline for this merge request failed. Please retry the job or push a new commit to fix the failure');
+      expect(
+        removeBreakLine(vm.$el.innerText).trim(),
+      ).toContain('The pipeline for this merge request failed. Please retry the job or push a new commit to fix the failure');
     });
   });
 });

spec/javascripts/vue_shared/components/commit_spec.js

 import Vue from 'vue';
 import commitComp from '~/vue_shared/components/commit.vue';
+import mountComponent from '../../helpers/vue_mount_component_helper';
 
 describe('Commit component', () => {
   let props;
@@ -10,25 +11,28 @@ describe('Commit component', () => {
     CommitComponent = Vue.extend(commitComp);
   });
 
+  afterEach(() => {
+    component.$destroy();
+  });
+
   it('should render a fork icon if it does not represent a tag', () => {
-    component = new CommitComponent({
-      propsData: {
-        tag: false,
-        commitRef: {
-          name: 'master',
-          ref_url: 'http://localhost/namespace2/gitlabhq/tree/master',
-        },
-        commitUrl: 'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
-        shortSha: 'b7836edd',
-        title: 'Commit message',
-        author: {
-          avatar_url: 'https://gitlab.com/uploads/-/system/user/avatar/300478/avatar.png',
-          web_url: 'https://gitlab.com/jschatz1',
-          path: '/jschatz1',
-          username: 'jschatz1',
-        },
+    component = mountComponent(CommitComponent, {
+      tag: false,
+      commitRef: {
+        name: 'master',
+        ref_url: 'http://localhost/namespace2/gitlabhq/tree/master',
       },
-    }).$mount();
+      commitUrl:
+        'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
+      shortSha: 'b7836edd',
+      title: 'Commit message',
+      author: {
+        avatar_url: 'https://gitlab.com/uploads/-/system/user/avatar/300478/avatar.png',
+        web_url: 'https://gitlab.com/jschatz1',
+        path: '/jschatz1',
+        username: 'jschatz1',
+      },
+    });
 
     expect(component.$el.querySelector('.icon-container').children).toContain('svg');
   });
@@ -41,7 +45,8 @@ describe('Commit component', () => {
           name: 'master',
           ref_url: 'http://localhost/namespace2/gitlabhq/tree/master',
         },
-        commitUrl: 'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
+        commitUrl:
+          'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
         shortSha: 'b7836edd',
         title: 'Commit message',
         author: {
@@ -53,9 +58,7 @@ describe('Commit component', () => {
         commitIconSvg: '<svg></svg>',
       };
 
-      component = new CommitComponent({
-        propsData: props,
-      }).$mount();
+      component = mountComponent(CommitComponent, props);
     });
 
     it('should render a tag icon if it represents a tag', () => {
@@ -63,7 +66,9 @@ describe('Commit component', () => {
     });
 
     it('should render a link to the ref url', () => {
-      expect(component.$el.querySelector('.ref-name').getAttribute('href')).toEqual(props.commitRef.ref_url);
+      expect(component.$el.querySelector('.ref-name').getAttribute('href')).toEqual(
+        props.commitRef.ref_url,
+      );
     });
 
     it('should render the ref name', () => {
@@ -71,7 +76,9 @@ describe('Commit component', () => {
     });
 
     it('should render the commit short sha with a link to the commit url', () => {
-      expect(component.$el.querySelector('.commit-sha').getAttribute('href')).toEqual(props.commitUrl);
+      expect(component.$el.querySelector('.commit-sha').getAttribute('href')).toEqual(
+        props.commitUrl,
+      );
       expect(component.$el.querySelector('.commit-sha').textContent).toContain(props.shortSha);
     });
 
@@ -88,21 +95,25 @@ describe('Commit component', () => {
 
       it('Should render the author avatar with title and alt attributes', () => {
         expect(
-          component.$el.querySelector('.commit-title .avatar-image-container img').getAttribute('data-original-title'),
+          component.$el
+            .querySelector('.commit-title .avatar-image-container img')
+            .getAttribute('data-original-title'),
         ).toContain(props.author.username);
         expect(
-          component.$el.querySelector('.commit-title .avatar-image-container img').getAttribute('alt'),
+          component.$el
+            .querySelector('.commit-title .avatar-image-container img')
+            .getAttribute('alt'),
         ).toContain(`${props.author.username}'s avatar`);
       });
     });
 
     it('should render the commit title', () => {
-      expect(
-        component.$el.querySelector('a.commit-row-message').getAttribute('href'),
-      ).toEqual(props.commitUrl);
-      expect(
-        component.$el.querySelector('a.commit-row-message').textContent,
-      ).toContain(props.title);
+      expect(component.$el.querySelector('a.commit-row-message').getAttribute('href')).toEqual(
+        props.commitUrl,
+      );
+      expect(component.$el.querySelector('a.commit-row-message').textContent).toContain(
+        props.title,
+      );
     });
   });
 
@@ -114,19 +125,18 @@ describe('Commit component', () => {
           name: 'master',
           ref_url: 'http://localhost/namespace2/gitlabhq/tree/master',
         },
-        commitUrl: 'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
+        commitUrl:
+          'https://gitlab.com/gitlab-org/gitlab-ce/commit/b7836eddf62d663c665769e1b0960197fd215067',
         shortSha: 'b7836edd',
         title: null,
         author: {},
       };
 
-      component = new CommitComponent({
-        propsData: props,
-      }).$mount();
+      component = mountComponent(CommitComponent, props);
 
-      expect(
-        component.$el.querySelector('.commit-title span').textContent,
-      ).toContain('Cant find HEAD commit for this branch');
+      expect(component.$el.querySelector('.commit-title span').textContent).toContain(
+        "Can't find HEAD commit for this branch",
+      );
     });
   });
 });

spec/lib/gitlab/diff/highlight_spec.rb

@@ -79,6 +79,8 @@ describe Gitlab::Diff::Highlight do
         end
 
         it 'keeps the original rich line' do
+          allow(Gitlab::Sentry).to receive(:track_exception)
+
           code = %q{+      raise RuntimeError, "System commands must be given as an array of strings"}
 
           expect(subject[5].text).to eq(code)
@@ -86,12 +88,9 @@ describe Gitlab::Diff::Highlight do
         end
 
         it 'reports to Sentry if configured' do
-          allow(Gitlab::Sentry).to receive(:enabled?).and_return(true)
-
-          expect(Gitlab::Sentry).to receive(:context)
-          expect(Raven).to receive(:capture_exception)
+          expect(Gitlab::Sentry).to receive(:track_exception).and_call_original
 
-          subject
+          expect { subject }. to raise_exception(RangeError)
         end
       end
     end

spec/lib/gitlab/git/repository_spec.rb

@@ -470,9 +470,20 @@ describe Gitlab::Git::Repository, seed_helper: true do
           FileUtils.rm_rf(heads_dir)
           FileUtils.mkdir_p(heads_dir)
 
+          repository.expire_has_local_branches_cache
           expect(repository.has_local_branches?).to eq(false)
         end
       end
+
+      context 'memoizes the value' do
+        it 'returns true' do
+          expect(repository).to receive(:uncached_has_local_branches?).once.and_call_original
+
+          2.times do
+            expect(repository.has_local_branches?).to eq(true)
+          end
+        end
+      end
     end
 
     context 'with gitaly' do

spec/lib/gitlab/sentry_spec.rb

@@ -7,7 +7,49 @@ describe Gitlab::Sentry do
 
       described_class.context(nil)
 
-      expect(Raven.tags_context[:locale]).to eq(I18n.locale.to_s)
+      expect(Raven.tags_context[:locale].to_s).to eq(I18n.locale.to_s)
+    end
+  end
+
+  describe '.track_exception' do
+    let(:exception) { RuntimeError.new('boom') }
+
+    before do
+      allow(described_class).to receive(:enabled?).and_return(true)
+    end
+
+    it 'raises the exception if it should' do
+      expect(described_class).to receive(:should_raise?).and_return(true)
+      expect { described_class.track_exception(exception) }
+        .to raise_error(RuntimeError)
+    end
+
+    context 'when exceptions should not be raised' do
+      before do
+        allow(described_class).to receive(:should_raise?).and_return(false)
+      end
+
+      it 'logs the exception with all attributes passed' do
+        expected_extras = {
+          some_other_info: 'info',
+          issue_url: 'http://gitlab.com/gitlab-org/gitlab-ce/issues/1'
+        }
+
+        expect(Raven).to receive(:capture_exception)
+                           .with(exception, extra: a_hash_including(expected_extras))
+
+        described_class.track_exception(
+          exception,
+          issue_url: 'http://gitlab.com/gitlab-org/gitlab-ce/issues/1',
+          extra: { some_other_info: 'info' }
+        )
+      end
+
+      it 'sets the context' do
+        expect(described_class).to receive(:context)
+
+        described_class.track_exception(exception)
+      end
     end
   end
 end

spec/models/repository_spec.rb

@@ -1437,6 +1437,12 @@ describe Repository do
 
       repository.expire_emptiness_caches
     end
+
+    it 'expires the memoized repository cache' do
+      allow(repository.raw_repository).to receive(:expire_has_local_branches_cache).and_call_original
+
+      repository.expire_emptiness_caches
+    end
   end
 
   describe 'skip_merges option' do

spec/requests/api/repositories_spec.rb

@@ -427,5 +427,20 @@ describe API::Repositories do
         let(:request) { get api(route, guest) }
       end
     end
+
+    # Regression: https://gitlab.com/gitlab-org/gitlab-ce/issues/45363
+    describe 'Links header contains working URLs when no `order_by` nor `sort` is given' do
+      let(:project) { create(:project, :public, :repository) }
+      let(:current_user) { nil }
+
+      it 'returns `Link` header that includes URLs with default value for `order_by` & `sort`' do
+        get api(route, current_user)
+
+        first_link_url = response.headers['Link'].split(';').first
+
+        expect(first_link_url).to include('order_by=commits')
+        expect(first_link_url).to include('sort=asc')
+      end
+    end
   end
 end