Merge remote-tracking branch 'origin/master' into feature/service-desk-be

.gitignore

@@ -31,6 +31,7 @@ eslint-report.html
 /config/unicorn.rb
 /config/secrets.yml
 /config/sidekiq.yml
+/config/registry.key
 /coverage/*
 /coverage-javascript/
 /db/*.sqlite3

GITLAB_WORKHORSE_VERSION

-1.4.2
+1.4.3

app/assets/javascripts/blob/3d_viewer/index.js

+import * as THREE from 'three/build/three.module';
+import STLLoaderClass from 'three-stl-loader';
+import OrbitControlsClass from 'three-orbit-controls';
+import MeshObject from './mesh_object';
+
+const STLLoader = STLLoaderClass(THREE);
+const OrbitControls = OrbitControlsClass(THREE);
+
+export default class Renderer {
+  constructor(container) {
+    this.renderWrapper = this.render.bind(this);
+    this.objects = [];
+
+    this.container = container;
+    this.width = this.container.offsetWidth;
+    this.height = 500;
+
+    this.loader = new STLLoader();
+
+    this.fov = 45;
+    this.camera = new THREE.PerspectiveCamera(
+      this.fov,
+      this.width / this.height,
+      1,
+      1000,
+    );
+
+    this.scene = new THREE.Scene();
+
+    this.scene.add(this.camera);
+
+    // Setup the viewer
+    this.setupRenderer();
+    this.setupGrid();
+    this.setupLight();
+
+    // Setup OrbitControls
+    this.controls = new OrbitControls(
+      this.camera,
+      this.renderer.domElement,
+    );
+    this.controls.minDistance = 5;
+    this.controls.maxDistance = 30;
+    this.controls.enableKeys = false;
+
+    this.loadFile();
+  }
+
+  setupRenderer() {
+    this.renderer = new THREE.WebGLRenderer({
+      antialias: true,
+    });
+
+    this.renderer.setClearColor(0xFFFFFF);
+    this.renderer.setPixelRatio(window.devicePixelRatio);
+    this.renderer.setSize(
+      this.width,
+      this.height,
+    );
+  }
+
+  setupLight() {
+    // Point light illuminates the object
+    const pointLight = new THREE.PointLight(
+      0xFFFFFF,
+      2,
+      0,
+    );
+
+    pointLight.castShadow = true;
+
+    this.camera.add(pointLight);
+
+    // Ambient light illuminates the scene
+    const ambientLight = new THREE.AmbientLight(
+      0xFFFFFF,
+      1,
+    );
+    this.scene.add(ambientLight);
+  }
+
+  setupGrid() {
+    this.grid = new THREE.GridHelper(
+      20,
+      20,
+      0x000000,
+      0x000000,
+    );
+
+    this.scene.add(this.grid);
+  }
+
+  loadFile() {
+    this.loader.load(this.container.dataset.endpoint, (geo) => {
+      const obj = new MeshObject(geo);
+
+      this.objects.push(obj);
+      this.scene.add(obj);
+
+      this.start();
+      this.setDefaultCameraPosition();
+    });
+  }
+
+  start() {
+    // Empty the container first
+    this.container.innerHTML = '';
+
+    // Add to DOM
+    this.container.appendChild(this.renderer.domElement);
+
+    // Make controls visible
+    this.container.parentNode.classList.remove('is-stl-loading');
+
+    this.render();
+  }
+
+  render() {
+    this.renderer.render(
+      this.scene,
+      this.camera,
+    );
+
+    requestAnimationFrame(this.renderWrapper);
+  }
+
+  changeObjectMaterials(type) {
+    this.objects.forEach((obj) => {
+      obj.changeMaterial(type);
+    });
+  }
+
+  setDefaultCameraPosition() {
+    const obj = this.objects[0];
+    const radius = (obj.geometry.boundingSphere.radius / 1.5);
+    const dist = radius / (Math.sin((this.fov * (Math.PI / 180)) / 2));
+
+    this.camera.position.set(
+      0,
+      dist + 1,
+      dist,
+    );
+
+    this.camera.lookAt(this.grid);
+    this.controls.update();
+  }
+}

app/assets/javascripts/blob/3d_viewer/mesh_object.js

+import {
+  Matrix4,
+  MeshLambertMaterial,
+  Mesh,
+} from 'three/build/three.module';
+
+const defaultColor = 0xE24329;
+const materials = {
+  default: new MeshLambertMaterial({
+    color: defaultColor,
+  }),
+  wireframe: new MeshLambertMaterial({
+    color: defaultColor,
+    wireframe: true,
+  }),
+};
+
+export default class MeshObject extends Mesh {
+  constructor(geo) {
+    super(
+      geo,
+      materials.default,
+    );
+
+    this.geometry.computeBoundingSphere();
+
+    this.rotation.set(-Math.PI / 2, 0, 0);
+
+    if (this.geometry.boundingSphere.radius > 4) {
+      const scale = 4 / this.geometry.boundingSphere.radius;
+
+      this.geometry.applyMatrix(
+        new Matrix4().makeScale(
+          scale,
+          scale,
+          scale,
+        ),
+      );
+      this.geometry.computeBoundingSphere();
+
+      this.position.x = -this.geometry.boundingSphere.center.x;
+      this.position.z = this.geometry.boundingSphere.center.y;
+    }
+  }
+
+  changeMaterial(type) {
+    this.material = materials[type];
+  }
+}

app/assets/javascripts/blob/pdf/index.js

@@ -10,7 +10,7 @@ Vue.use(PDFLab, {
 export default () => {
   const el = document.getElementById('js-pdf-viewer');
 
-  new Vue({
+  return new Vue({
     el,
     data() {
       return {

app/assets/javascripts/blob/stl_viewer.js

+import Renderer from './3d_viewer';
+
+document.addEventListener('DOMContentLoaded', () => {
+  const viewer = new Renderer(document.getElementById('js-stl-viewer'));
+
+  [].slice.call(document.querySelectorAll('.js-material-changer')).forEach((el) => {
+    el.addEventListener('click', (e) => {
+      const target = e.target;
+
+      e.preventDefault();
+
+      document.querySelector('.js-material-changer.active').classList.remove('active');
+      target.classList.add('active');
+      target.blur();
+
+      viewer.changeObjectMaterials(target.dataset.type);
+    });
+  });
+});

app/assets/javascripts/build.js

@@ -88,6 +88,7 @@ window.Build = (function() {
       dataType: 'json',
       success: function(buildData) {
         $('.js-build-output').html(buildData.trace_html);
+        gl.utils.setCiStatusFavicon(`${this.pageUrl}/status.json`);
         if (window.location.hash === DOWN_BUILD_TRACE) {
           $("html,body").scrollTop(this.$buildTrace.height());
         }

app/assets/javascripts/dispatcher.js

@@ -246,9 +246,11 @@ const ShortcutsBlob = require('./shortcuts_blob');
         case 'projects:pipelines:builds':
         case 'projects:pipelines:show':
           const { controllerAction } = document.querySelector('.js-pipeline-container').dataset;
+          const pipelineStatusUrl = `${document.querySelector('.js-pipeline-tab-link a').getAttribute('href')}/status.json`;
 
           new gl.Pipelines({
             initTabs: true,
+            pipelineStatusUrl,
             tabsOptions: {
               action: controllerAction,
               defaultAction: 'pipelines',

app/assets/javascripts/environments/components/deploy_board_component.js

-/* eslint-disable no-new */
+/* eslint-disable no-new, no-undef */
 /* global Flash */
 /**
  * Renders a deploy board.
@@ -67,6 +67,26 @@ export default {
   },
 
   created() {
+    this.getDeployBoard();
+  },
+
+  updated() {
+    // While board is not complete we need to request new data from the server.
+    // Let's make sure we are not making any request at the moment
+    // and that we only make this request if the latest response was not 204.
+    if (!this.isLoading &&
+      !this.hasError &&
+      this.deployBoardData.completion &&
+      this.deployBoardData.completion < 100) {
+      // let's wait 1s and make the request again
+      setTimeout(() => {
+        this.getDeployBoard();
+      }, 3000);
+    }
+  },
+
+  methods: {
+    getDeployBoard() {
       this.isLoading = true;
 
       const maxNumberOfRequests = 3;
@@ -109,6 +129,7 @@ export default {
         new Flash('An error occurred while fetching the deploy board.', 'alert');
       });
     },
+  },
 
   computed: {
     canRenderDeployBoard() {

app/assets/javascripts/environments/components/environment_actions.js

@@ -46,11 +46,20 @@ export default {
         new Flash('An error occured while making the request.');
       });
     },
+
+    isActionDisabled(action) {
+      if (action.playable === undefined) {
+        return false;
+      }
+
+      return !action.playable;
+    },
   },
 
   template: `
     <div class="btn-group" role="group">
       <button
+        type="button"
         class="dropdown btn btn-default dropdown-new js-dropdown-play-icon-container has-tooltip"
         data-container="body"
         data-toggle="dropdown"
@@ -59,15 +68,24 @@ export default {
         :disabled="isLoading">
         <span>
           <span v-html="playIconSvg"></span>
-          <i class="fa fa-caret-down" aria-hidden="true"></i>
-          <i v-if="isLoading" class="fa fa-spinner fa-spin" aria-hidden="true"></i>
+          <i
+            class="fa fa-caret-down"
+            aria-hidden="true"/>
+          <i
+            v-if="isLoading"
+            class="fa fa-spinner fa-spin"
+            aria-hidden="true"/>
         </span>
+      </button>
 
       <ul class="dropdown-menu dropdown-menu-align-right">
         <li v-for="action in actions">
           <button
+            type="button"
+            class="js-manual-action-link no-btn btn"
             @click="onClickAction(action.play_path)"
-            class="js-manual-action-link no-btn">
+            :class="{ 'disabled': isActionDisabled(action) }"
+            :disabled="isActionDisabled(action)">
             ${playIconSvg}
             <span>
               {{action.name}}
@@ -75,7 +93,6 @@ export default {
           </button>
         </li>
       </ul>
-    </button>
   </div>
   `,
 };

app/assets/javascripts/environments/components/environment_item.js

@@ -149,6 +149,7 @@ export default {
           const parsedAction = {
             name: gl.text.humanize(action.name),
             play_path: action.play_path,
+            playable: action.playable,
           };
           return parsedAction;
         });

app/assets/javascripts/issue_show/index.js

+import Vue from 'vue';
+import IssueTitle from './issue_title';
+import '../vue_shared/vue_resource_interceptor';
+
+const vueOptions = () => ({
+  el: '.issue-title-entrypoint',
+  components: {
+    IssueTitle,
+  },
+  data() {
+    const issueTitleData = document.querySelector('.issue-title-data').dataset;
+
+    return {
+      initialTitle: issueTitleData.initialTitle,
+      endpoint: issueTitleData.endpoint,
+    };
+  },
+  template: `
+    <IssueTitle
+      :initialTitle="initialTitle"
+      :endpoint="endpoint"
+    />
+  `,
+});
+
+(() => new Vue(vueOptions()))();

app/assets/javascripts/issue_show/issue_title.js

+import Visibility from 'visibilityjs';
+import Poll from './../lib/utils/poll';
+import Service from './services/index';
+
+export default {
+  props: {
+    initialTitle: { required: true, type: String },
+    endpoint: { required: true, type: String },
+  },
+  data() {
+    const resource = new Service(this.$http, this.endpoint);
+
+    const poll = new Poll({
+      resource,
+      method: 'getTitle',
+      successCallback: (res) => {
+        this.renderResponse(res);
+      },
+      errorCallback: (err) => {
+        if (process.env.NODE_ENV !== 'production') {
+          // eslint-disable-next-line no-console
+          console.error('ISSUE SHOW TITLE REALTIME ERROR', err);
+        } else {
+          throw new Error(err);
+        }
+      },
+    });
+
+    return {
+      poll,
+      timeoutId: null,
+      title: this.initialTitle,
+    };
+  },
+  methods: {
+    fetch() {
+      this.poll.makeRequest();
+
+      Visibility.change(() => {
+        if (!Visibility.hidden()) {
+          this.poll.restart();
+        } else {
+          this.poll.stop();
+        }
+      });
+    },
+    renderResponse(res) {
+      const body = JSON.parse(res.body);
+      this.triggerAnimation(body);
+    },
+    triggerAnimation(body) {
+      const { title } = body;
+
+      /**
+      * since opacity is changed, even if there is no diff for Vue to update
+      * we must check the title even on a 304 to ensure no visual change
+      */
+      if (this.title === title) return;
+
+      this.$el.style.opacity = 0;
+
+      this.timeoutId = setTimeout(() => {
+        this.title = title;
+
+        this.$el.style.transition = 'opacity 0.2s ease';
+        this.$el.style.opacity = 1;
+
+        clearTimeout(this.timeoutId);
+      }, 100);
+    },
+  },
+  created() {
+    this.fetch();
+  },
+  template: `
+    <h2 class='title' v-html='title'></h2>
+  `,
+};

app/assets/javascripts/issue_show/services/index.js

+export default class Service {
+  constructor(resource, endpoint) {
+    this.resource = resource;
+    this.endpoint = endpoint;
+  }
+
+  getTitle() {
+    return this.resource.get(this.endpoint);
+  }
+}

app/assets/javascripts/lib/utils/common_utils.js

@@ -2,6 +2,8 @@
 (function() {
   (function(w) {
     var base;
+    const faviconEl = document.getElementById('favicon');
+    const originalFavicon = faviconEl ? faviconEl.getAttribute('href') : null;
     w.gl || (w.gl = {});
     (base = w.gl).utils || (base.utils = {});
     w.gl.utils.isInGroupsPage = function() {
@@ -361,5 +363,34 @@
         fn(next, stop);
       });
     };
+
+    w.gl.utils.setFavicon = (iconName) => {
+      if (faviconEl && iconName) {
+        faviconEl.setAttribute('href', `/assets/${iconName}.ico`);
+      }
+    };
+
+    w.gl.utils.resetFavicon = () => {
+      if (faviconEl) {
+        faviconEl.setAttribute('href', originalFavicon);
+      }
+    };
+
+    w.gl.utils.setCiStatusFavicon = (pageUrl) => {
+      $.ajax({
+        url: pageUrl,
+        dataType: 'json',
+        success: function(data) {
+          if (data && data.icon) {
+            gl.utils.setFavicon(`ci_favicons/${data.icon}`);
+          } else {
+            gl.utils.resetFavicon();
+          }
+        },
+        error: function() {
+          gl.utils.resetFavicon();
+        }
+      });
+    };
   })(window);
 }).call(window);

app/assets/javascripts/merge_request_widget.js

@@ -41,8 +41,11 @@ import MiniPipelineGraph from './mini_pipeline_graph_dropdown';
       //   check_enable         - Boolean, whether to check automerge status
       //   merge_check_url      - String, URL to use to check automerge status
       //   ci_status_url        - String, URL to use to check CI status
+      //   pipeline_status_url  - String, URL to use to get CI status for Favicon
       //
       this.opts = opts;
+      this.opts.pipeline_status_url = `${this.opts.pipeline_status_url}.json`;
+      this.$widgetBody = $('.mr-widget-body');
       $('#modal_merge_info').modal({
         show: false
       });
@@ -180,6 +183,7 @@ import MiniPipelineGraph from './mini_pipeline_graph_dropdown';
           _this.status = data.status;
           _this.hasCi = data.has_ci;
           _this.updateMergeButton(_this.status, _this.hasCi);
+          gl.utils.setCiStatusFavicon(_this.opts.pipeline_status_url);
           if (data.environments && data.environments.length) _this.renderEnvironments(data.environments);
           if (data.status !== _this.opts.ci_status ||
               data.sha !== _this.opts.ci_sha ||

app/assets/javascripts/pipelines.js

@@ -9,6 +9,10 @@ require('./lib/utils/bootstrap_linked_tabs');
         new global.LinkedTabs(options.tabsOptions);
       }
 
+      if (options.pipelineStatusUrl) {
+        gl.utils.setCiStatusFavicon(options.pipelineStatusUrl);
+      }
+
       this.addMarginToBuildColumns();
     }
 

app/assets/javascripts/vue_pipelines_index/components/pipelines_actions.js

@@ -38,6 +38,14 @@ export default {
         new Flash('An error occured while making the request.');
       });
     },
+
+    isActionDisabled(action) {
+      if (action.playable === undefined) {
+        return false;
+      }
+
+      return !action.playable;
+    },
   },
 
   template: `
@@ -51,16 +59,23 @@ export default {
         aria-label="Manual job"
         :disabled="isLoading">
         ${playIconSvg}
-        <i class="fa fa-caret-down" aria-hidden="true"></i>
-        <i v-if="isLoading" class="fa fa-spinner fa-spin" aria-hidden="true"></i>
+        <i
+          class="fa fa-caret-down"
+          aria-hidden="true" />
+        <i
+          v-if="isLoading"
+          class="fa fa-spinner fa-spin"
+          aria-hidden="true" />
       </button>
 
       <ul class="dropdown-menu dropdown-menu-align-right">
         <li v-for="action in actions">
           <button
             type="button"
-            class="js-pipeline-action-link no-btn"
-            @click="onClickAction(action.path)">
+            class="js-pipeline-action-link no-btn btn"
+            @click="onClickAction(action.path)"
+            :class="{ 'disabled': isActionDisabled(action) }"
+            :disabled="isActionDisabled(action)">
             ${playIconSvg}
             <span>{{action.name}}</span>
           </button>

app/assets/javascripts/vue_pipelines_index/stores/pipelines_store.js

 /* eslint-disable no-underscore-dangle*/
-import '../../vue_realtime_listener';
+import VueRealtimeListener from '../../vue_realtime_listener';
 
 export default class PipelinesStore {
   constructor() {
@@ -56,6 +56,6 @@ export default class PipelinesStore {
     const removeIntervals = () => clearInterval(this.timeLoopInterval);
     const startIntervals = () => startTimeLoops();
 
-    gl.VueRealtimeListener(removeIntervals, startIntervals);
+    VueRealtimeListener(removeIntervals, startIntervals);
   }
 }

app/assets/javascripts/vue_realtime_listener/index.js

-/* eslint-disable no-param-reassign */
-
-((gl) => {
-  gl.VueRealtimeListener = (removeIntervals, startIntervals) => {
-    const removeAll = () => {
-      removeIntervals();
-      window.removeEventListener('beforeunload', removeIntervals);
+export default (removeIntervals, startIntervals) => {
   window.removeEventListener('focus', startIntervals);
   window.removeEventListener('blur', removeIntervals);
-      document.removeEventListener('beforeunload', removeAll);
-    };
+  window.removeEventListener('onbeforeload', removeIntervals);
 
-    window.addEventListener('beforeunload', removeIntervals);
   window.addEventListener('focus', startIntervals);
   window.addEventListener('blur', removeIntervals);
-    document.addEventListener('beforeunload', removeAll);
-
-    // add removeAll methods to stack
-    const stack = gl.VueRealtimeListener.reset;
-    gl.VueRealtimeListener.reset = () => {
-      gl.VueRealtimeListener.reset = stack;
-      removeAll();
-      stack();
-    };
-  };
-
-  // remove all event listeners and intervals
-  gl.VueRealtimeListener.reset = () => undefined; // noop
-})(window.gl || (window.gl = {}));
+  window.addEventListener('onbeforeload', removeIntervals);
+};

app/assets/stylesheets/framework/files.scss

@@ -276,6 +276,12 @@ span.idiff {
   }
 }
 
+.is-stl-loading {
+  .stl-controls {
+    display: none;
+  }
+}
+
 .file-fork-suggestion {
   display: flex;
   align-items: center;

app/assets/stylesheets/pages/container_registry.scss

+/**
+ * Container Registry
+ */
+
+.container-image {
+  border-bottom: 1px solid $white-normal;
+}
+
+.container-image-head {
+  padding: 0 16px;
+  line-height: 4em;
+}
+
+.table.tags {
+  margin-bottom: 0;
+}

app/controllers/admin/projects_controller.rb

@@ -3,6 +3,7 @@ class Admin::ProjectsController < Admin::ApplicationController
   before_action :group, only: [:show, :transfer]
 
   def index
+    params[:sort] ||= 'latest_activity_desc'
     @projects = Project.with_statistics
     @projects = @projects.in_namespace(params[:namespace_id]) if params[:namespace_id].present?
     @projects = @projects.where(visibility_level: params[:visibility_level]) if params[:visibility_level].present?

app/controllers/concerns/continue_params.rb

@@ -7,6 +7,7 @@ module ContinueParams
 
     continue_params = continue_params.permit(:to, :notice, :notice_now)
     return unless continue_params[:to] && continue_params[:to].start_with?('/')
+    return if continue_params[:to].start_with?('//')
 
     continue_params
   end

app/controllers/concerns/filter_projects.rb

-# == FilterProjects
-#
-# Controller concern to handle projects filtering
-# * by name
-# * by archived state
-#
-module FilterProjects
-  extend ActiveSupport::Concern
-
-  def filter_projects(projects)
-    projects = projects.search(params[:name]) if params[:name].present?
-    projects = projects.non_archived if params[:archived].blank?
-    projects = projects.personal(current_user) if params[:personal].present? && current_user
-
-    projects
-  end
-end

app/controllers/concerns/params_backward_compatibility.rb

+module ParamsBackwardCompatibility
+  private
+
+  def set_non_archived_param
+    params[:non_archived] = params[:archived].blank?
+  end
+end

app/controllers/dashboard/projects_controller.rb

 class Dashboard::ProjectsController < Dashboard::ApplicationController
-  include FilterProjects
+  include ParamsBackwardCompatibility
+
+  before_action :set_non_archived_param
+  before_action :default_sorting
 
   def index
-    @projects = load_projects(current_user.authorized_projects)
-    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page])
+    @projects = load_projects(params.merge(non_public: true)).page(params[:page])
 
     respond_to do |format|
       format.html { @last_push = current_user.recent_push }
@@ -21,10 +22,8 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
   end
 
   def starred
-    @projects = load_projects(current_user.viewable_starred_projects)
-    @projects = @projects.includes(:forked_from_project, :tags)
-    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page])
+    @projects = load_projects(params.merge(starred: true)).
+      includes(:forked_from_project, :tags).page(params[:page])
 
     @last_push = current_user.recent_push
     @groups = []
@@ -41,14 +40,18 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
 
   private
 
-  def load_projects(base_scope)
-    projects = base_scope.sorted_by_activity.includes(:route, namespace: :route)
+  def default_sorting
+    params[:sort] ||= 'latest_activity_desc'
+    @sort = params[:sort]
+  end
 
-    filter_projects(projects)
+  def load_projects(finder_params)
+    ProjectsFinder.new(params: finder_params, current_user: current_user).
+      execute.includes(:route, namespace: :route)
   end
 
   def load_events
-    @events = Event.in_projects(load_projects(current_user.authorized_projects))
+    @events = Event.in_projects(load_projects(params.merge(non_public: true)))
     @events = event_filter.apply_filter(@events).with_associations
     @events = @events.limit(20).offset(params[:offset] || 0)
   end

app/controllers/dashboard/todos_controller.rb

@@ -7,7 +7,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController
     @sort = params[:sort]
     @todos = @todos.page(params[:page])
     if @todos.out_of_range? && @todos.total_pages != 0
-      redirect_to url_for(params.merge(page: @todos.total_pages))
+      redirect_to url_for(params.merge(page: @todos.total_pages, only_path: true))
     end
   end
 

app/controllers/explore/projects_controller.rb

 class Explore::ProjectsController < Explore::ApplicationController
-  include FilterProjects
+  include ParamsBackwardCompatibility
+
+  before_action :set_non_archived_param
 
   def index
-    @projects = load_projects
-    @tags = @projects.tags_on(:tags)
-    @projects = @projects.tagged_with(params[:tag]) if params[:tag].present?
-    @projects = @projects.where(visibility_level: params[:visibility_level]) if params[:visibility_level].present?
-    @projects = filter_projects(@projects)
-    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.includes(:namespace).page(params[:page])
+    params[:sort] ||= 'latest_activity_desc'
+    @sort = params[:sort]
+    @projects = load_projects.page(params[:page])
 
     respond_to do |format|
       format.html
@@ -21,10 +19,9 @@ class Explore::ProjectsController < Explore::ApplicationController
   end
 
   def trending
-    @projects = load_projects(Project.trending)
-    @projects = filter_projects(@projects)
-    @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page])
+    params[:trending] = true
+    @sort = params[:sort]
+    @projects = load_projects.page(params[:page])
 
     respond_to do |format|
       format.html
@@ -37,10 +34,7 @@ class Explore::ProjectsController < Explore::ApplicationController
   end
 
   def starred
-    @projects = load_projects
-    @projects = filter_projects(@projects)
-    @projects = @projects.reorder('star_count DESC')
-    @projects = @projects.page(params[:page])
+    @projects = load_projects.reorder('star_count DESC').page(params[:page])
 
     respond_to do |format|
       format.html
@@ -52,10 +46,10 @@ class Explore::ProjectsController < Explore::ApplicationController
     end
   end
 
-  protected
+  private
 
-  def load_projects(base_scope = nil)
-    base_scope ||= ProjectsFinder.new.execute(current_user)
-    base_scope.includes(:route, namespace: :route)
+  def load_projects
+    ProjectsFinder.new(current_user: current_user, params: params).
+      execute.includes(:route, namespace: :route)
   end
 end

app/controllers/groups/application_controller.rb

@@ -27,7 +27,7 @@ class Groups::ApplicationController < ApplicationController
   end
 
   def group_projects
-    @projects ||= GroupProjectsFinder.new(group).execute(current_user)
+    @projects ||= GroupProjectsFinder.new(group: group, current_user: current_user).execute
   end
 
   def authorize_admin_group!

app/controllers/groups_controller.rb

 class GroupsController < Groups::ApplicationController
-  include FilterProjects
   include IssuesAction
   include MergeRequestsAction
+  include ParamsBackwardCompatibility
 
   respond_to :html
 
@@ -105,15 +105,16 @@ class GroupsController < Groups::ApplicationController
   protected
 
   def setup_projects
+    set_non_archived_param
+    params[:sort] ||= 'latest_activity_desc'
+    @sort = params[:sort]
+
     options = {}
     options[:only_owned] = true if params[:shared] == '0'
     options[:only_shared] = true if params[:shared] == '1'
 
-    @projects = GroupProjectsFinder.new(group, options).execute(current_user)
+    @projects = GroupProjectsFinder.new(params: params, group: group, options: options, current_user: current_user).execute
     @projects = @projects.includes(:namespace)
-    @projects = @projects.sorted_by_activity
-    @projects = filter_projects(@projects)
-    @projects = @projects.sort(@sort = params[:sort])
     @projects = @projects.page(params[:page]) if params[:name].blank?
   end
 

app/controllers/projects/container_registry_controller.rb

-class Projects::ContainerRegistryController < Projects::ApplicationController
-  before_action :verify_registry_enabled
-  before_action :authorize_read_container_image!
-  before_action :authorize_update_container_image!, only: [:destroy]
-  layout 'project'
-
-  def index
-    @tags = container_registry_repository.tags
-  end
-
-  def destroy
-    url = namespace_project_container_registry_index_path(project.namespace, project)
-
-    if tag.delete
-      redirect_to url
-    else
-      redirect_to url, alert: 'Failed to remove tag'
-    end
-  end
-
-  private
-
-  def verify_registry_enabled
-    render_404 unless Gitlab.config.registry.enabled
-  end
-
-  def container_registry_repository
-    @container_registry_repository ||= project.container_registry_repository
-  end
-
-  def tag
-    @tag ||= container_registry_repository.tag(params[:id])
-  end
-end

app/controllers/projects/environments_controller.rb

@@ -132,6 +132,8 @@ class Projects::EnvironmentsController < Projects::ApplicationController
 
     rollout_status = @environment.rollout_status
 
+    Gitlab::PollingInterval.set_header(response, interval: 3000) unless rollout_status.try(:complete?)
+
     if rollout_status.nil?
       render body: nil, status: 204 # no result yet
     else

app/controllers/projects/forks_controller.rb

@@ -9,7 +9,7 @@ class Projects::ForksController < Projects::ApplicationController
   def index
     base_query = project.forks.includes(:creator)
 
-    @forks               = base_query.merge(ProjectsFinder.new.execute(current_user))
+    @forks               = base_query.merge(ProjectsFinder.new(current_user: current_user).execute)
     @total_forks_count   = base_query.size
     @private_forks_count = @total_forks_count - @forks.size
     @public_forks_count  = @total_forks_count - @private_forks_count

app/controllers/projects/issues_controller.rb

@@ -11,10 +11,10 @@ class Projects::IssuesController < Projects::ApplicationController
   before_action :redirect_to_external_issue_tracker, only: [:index, :new]
   before_action :module_enabled
   before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests,
-                               :related_branches, :can_create_branch]
+                               :related_branches, :can_create_branch, :rendered_title]
 
   # Allow read any issue
-  before_action :authorize_read_issue!, only: [:show]
+  before_action :authorize_read_issue!, only: [:show, :rendered_title]
 
   # Allow write(create) issue
   before_action :authorize_create_issue!, only: [:new, :create]
@@ -32,7 +32,7 @@ class Projects::IssuesController < Projects::ApplicationController
     @issuable_meta_data = issuable_meta_data(@issues, @collection_type)
 
     if @issues.out_of_range? && @issues.total_pages != 0
-      return redirect_to url_for(params.merge(page: @issues.total_pages))
+      return redirect_to url_for(params.merge(page: @issues.total_pages, only_path: true))
     end
 
     if params[:label_name].present?
@@ -208,6 +208,11 @@ class Projects::IssuesController < Projects::ApplicationController
     end
   end
 
+  def rendered_title
+    Gitlab::PollingInterval.set_header(response, interval: 3_000)
+    render json: { title: view_context.markdown_field(@issue, :title) }
+  end
+
   protected
 
   def issue

app/controllers/projects/merge_requests_controller.rb

@@ -46,7 +46,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     @issuable_meta_data = issuable_meta_data(@merge_requests, @collection_type)
 
     if @merge_requests.out_of_range? && @merge_requests.total_pages != 0
-      return redirect_to url_for(params.merge(page: @merge_requests.total_pages))
+      return redirect_to url_for(params.merge(page: @merge_requests.total_pages, only_path: true))
     end
 
     if params[:label_name].present?

app/controllers/projects/registry/application_controller.rb

+module Projects
+  module Registry
+    class ApplicationController < Projects::ApplicationController
+      layout 'project'
+
+      before_action :verify_registry_enabled!
+      before_action :authorize_read_container_image!
+
+      private
+
+      def verify_registry_enabled!
+        render_404 unless Gitlab.config.registry.enabled
+      end
+    end
+  end
+end

app/controllers/projects/registry/repositories_controller.rb

+module Projects
+  module Registry
+    class RepositoriesController < ::Projects::Registry::ApplicationController
+      before_action :authorize_update_container_image!, only: [:destroy]
+      before_action :ensure_root_container_repository!, only: [:index]
+
+      def index
+        @images = project.container_repositories
+      end
+
+      def destroy
+        if image.destroy
+          redirect_to project_container_registry_path(@project),
+                      notice: 'Image repository has been removed successfully!'
+        else
+          redirect_to project_container_registry_path(@project),
+                      alert: 'Failed to remove image repository!'
+        end
+      end
+
+      private
+
+      def image
+        @image ||= project.container_repositories.find(params[:id])
+      end
+
+      ##
+      # Container repository object for root project path.
+      #
+      # Needed to maintain a backwards compatibility.
+      #
+      def ensure_root_container_repository!
+        ContainerRegistry::Path.new(@project.full_path).tap do |path|
+          break if path.has_repository?
+
+          ContainerRepository.build_from_path(path).tap do |repository|
+            repository.save! if repository.has_tags?
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/projects/registry/tags_controller.rb

+module Projects
+  module Registry
+    class TagsController < ::Projects::Registry::ApplicationController
+      before_action :authorize_update_container_image!, only: [:destroy]
+
+      def destroy
+        if tag.delete
+          redirect_to project_container_registry_path(@project),
+                      notice: 'Registry tag has been removed successfully!'
+        else
+          redirect_to project_container_registry_path(@project),
+                      alert: 'Failed to remove registry tag!'
+        end
+      end
+
+      private
+
+      def image
+        @image ||= project.container_repositories
+          .find(params[:repository_id])
+      end
+
+      def tag
+        @tag ||= image.tag(params[:id])
+      end
+    end
+  end
+end

app/controllers/users_controller.rb

@@ -140,6 +140,6 @@ class UsersController < ApplicationController
   end
 
   def projects_for_current_user
-    ProjectsFinder.new.execute(current_user)
+    ProjectsFinder.new(current_user: current_user).execute
   end
 end

app/finders/group_projects_finder.rb

-class GroupProjectsFinder < UnionFinder
-  def initialize(group, options = {})
+# GroupProjectsFinder
+#
+# Used to filter Projects  by set of params
+#
+# Arguments:
+#   current_user - which user use
+#   project_ids_relation: int[] - project ids to use
+#   group
+#   options:
+#     only_owned: boolean
+#     only_shared: boolean
+#   params:
+#     sort: string
+#     visibility_level: int
+#     tags: string[]
+#     personal: boolean
+#     search: string
+#     non_archived: boolean
+#
+class GroupProjectsFinder < ProjectsFinder
+  attr_reader :group, :options
+
+  def initialize(group:, params: {}, options: {}, current_user: nil, project_ids_relation: nil)
+    super(params: params, current_user: current_user, project_ids_relation: project_ids_relation)
     @group   = group
     @options = options
   end
 
-  def execute(current_user = nil)
-    segments = group_projects(current_user)
-    find_union(segments, Project)
-  end
-
   private
 
-  def group_projects(current_user)
-    only_owned  = @options.fetch(:only_owned, false)
-    only_shared = @options.fetch(:only_shared, false)
+  def init_collection
+    only_owned  = options.fetch(:only_owned, false)
+    only_shared = options.fetch(:only_shared, false)
 
     projects = []
 
     if current_user
-      if @group.users.include?(current_user)
-        projects << @group.projects unless only_shared
-        projects << @group.shared_projects unless only_owned
+      if group.users.include?(current_user)
+        projects << group.projects unless only_shared
+        projects << group.shared_projects unless only_owned
       else
         unless only_shared
-          projects << @group.projects.visible_to_user(current_user)
-          projects << @group.projects.public_to_user(current_user)
+          projects << group.projects.visible_to_user(current_user)
+          projects << group.projects.public_to_user(current_user)
         end
 
         unless only_owned
-          projects << @group.shared_projects.visible_to_user(current_user)
-          projects << @group.shared_projects.public_to_user(current_user)
+          projects << group.shared_projects.visible_to_user(current_user)
+          projects << group.shared_projects.public_to_user(current_user)
         end
       end
     else
-      projects << @group.projects.public_only unless only_shared
-      projects << @group.shared_projects.public_only unless only_owned
+      projects << group.projects.public_only unless only_shared
+      projects << group.shared_projects.public_only unless only_owned
     end
 
     projects
   end
+
+  def union(items)
+    find_union(items, Project)
+  end
 end

app/finders/issuable_finder.rb

@@ -121,9 +121,9 @@ class IssuableFinder
       if current_user && params[:authorized_only].presence && !current_user_related?
         current_user.authorized_projects
       elsif group
-        GroupProjectsFinder.new(group).execute(current_user)
+        GroupProjectsFinder.new(group: group, current_user: current_user).execute
       else
-        projects_finder.execute(current_user, item_project_ids(items))
+        ProjectsFinder.new(current_user: current_user, project_ids_relation: item_project_ids(items)).execute
       end
 
     @projects = projects.with_feature_available_for_user(klass, current_user).reorder(nil)
@@ -435,8 +435,4 @@ class IssuableFinder
   def current_user_related?
     params[:scope] == 'created-by-me' || params[:scope] == 'authored' || params[:scope] == 'assigned-to-me'
   end
-
-  def projects_finder
-    @projects_finder ||= ProjectsFinder.new
-  end
 end

app/finders/labels_finder.rb

@@ -83,7 +83,7 @@ class LabelsFinder < UnionFinder
   def projects
     return @projects if defined?(@projects)
 
-    @projects = skip_authorization ? Project.all : ProjectsFinder.new.execute(current_user)
+    @projects = skip_authorization ? Project.all : ProjectsFinder.new(current_user: current_user).execute
     @projects = @projects.in_namespace(params[:group_id]) if group?
     @projects = @projects.where(id: params[:project_ids]) if projects?
     @projects = @projects.reorder(nil)

app/finders/projects_finder.rb

+# ProjectsFinder
+#
+# Used to filter Projects  by set of params
+#
+# Arguments:
+#   current_user - which user use
+#   project_ids_relation: int[] - project ids to use
+#   params:
+#     trending: boolean
+#     non_public: boolean
+#     starred: boolean
+#     sort: string
+#     visibility_level: int
+#     tags: string[]
+#     personal: boolean
+#     search: string
+#     non_archived: boolean
+#
 class ProjectsFinder < UnionFinder
-  def execute(current_user = nil, project_ids_relation = nil)
-    segments = all_projects(current_user)
-    segments.map! { |s| s.where(id: project_ids_relation) } if project_ids_relation
+  attr_accessor :params
+  attr_reader :current_user, :project_ids_relation
 
-    find_union(segments, Project).with_route
+  def initialize(params: {}, current_user: nil, project_ids_relation: nil)
+    @params = params
+    @current_user = current_user
+    @project_ids_relation = project_ids_relation
+  end
+
+  def execute
+    items = init_collection
+    items = by_ids(items)
+    items = union(items)
+    items = by_personal(items)
+    items = by_visibilty_level(items)
+    items = by_tags(items)
+    items = by_search(items)
+    items = by_archived(items)
+    sort(items)
   end
 
   private
 
-  def all_projects(current_user)
+  def init_collection
     projects = []
 
+    if params[:trending].present?
+      projects << Project.trending
+    elsif params[:starred].present? && current_user
+      projects << current_user.viewable_starred_projects
+    else
       projects << current_user.authorized_projects if current_user
-    projects << Project.unscoped.public_to_user(current_user)
+      projects << Project.unscoped.public_to_user(current_user) unless params[:non_public].present?
+    end
 
     projects
   end
+
+  def by_ids(items)
+    project_ids_relation ? items.map { |item| item.where(id: project_ids_relation) } : items
+  end
+
+  def union(items)
+    find_union(items, Project).with_route
+  end
+
+  def by_personal(items)
+    (params[:personal].present? && current_user) ? items.personal(current_user) : items
+  end
+
+  def by_visibilty_level(items)
+    params[:visibility_level].present? ? items.where(visibility_level: params[:visibility_level]) : items
+  end
+
+  def by_tags(items)
+    params[:tag].present? ? items.tagged_with(params[:tag]) : items
+  end
+
+  def by_search(items)
+    params[:search] ||= params[:name]
+    params[:search].present? ? items.search(params[:search]) : items
+  end
+
+  def sort(items)
+    params[:sort].present? ? items.sort(params[:sort]) : items
+  end
+
+  def by_archived(projects)
+    # Back-compatibility with the places where `params[:archived]` can be set explicitly to `false`
+    params[:non_archived] = !Gitlab::Utils.to_boolean(params[:archived]) if params.key?(:archived)
+
+    params[:non_archived] ? projects.non_archived : projects
+  end
 end

app/finders/todos_finder.rb

@@ -95,7 +95,7 @@ class TodosFinder
 
   def projects(items)
     item_project_ids = items.reorder(nil).select(:project_id)
-    ProjectsFinder.new.execute(current_user, item_project_ids)
+    ProjectsFinder.new(current_user: current_user, project_ids_relation: item_project_ids).execute
   end
 
   def type?

app/helpers/projects_helper.rb

@@ -434,7 +434,10 @@ module ProjectsHelper
   def sanitize_repo_path(project, message)
     return '' unless message.present?
 
-    message.strip.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
+    exports_path = File.join(Settings.shared['path'], 'tmp/project_exports')
+    filtered_message = message.strip.gsub(exports_path, "[REPO EXPORT PATH]")
+
+    filtered_message.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
   end
 
   def project_feature_options

app/helpers/sorting_helper.rb

@@ -27,8 +27,8 @@ module SortingHelper
   def projects_sort_options_hash
     options = {
       sort_value_name => sort_title_name,
-      sort_value_recently_updated => sort_title_recently_updated,
-      sort_value_oldest_updated => sort_title_oldest_updated,
+      sort_value_latest_activity => sort_title_latest_activity,
+      sort_value_oldest_activity => sort_title_oldest_activity,
       sort_value_recently_created => sort_title_recently_created,
       sort_value_oldest_created => sort_title_oldest_created
     }
@@ -80,6 +80,14 @@ module SortingHelper
     'Last updated'
   end
 
+  def sort_title_oldest_activity
+    'Oldest updated'
+  end
+
+  def sort_title_latest_activity
+    'Last updated'
+  end
+
   def sort_title_oldest_created
     'Oldest created'
   end
@@ -208,6 +216,14 @@ module SortingHelper
     'updated_desc'
   end
 
+  def sort_value_oldest_activity
+    'latest_activity_asc'
+  end
+
+  def sort_value_latest_activity
+    'latest_activity_desc'
+  end
+
   def sort_value_oldest_created
     'created_asc'
   end

app/models/blob.rb

@@ -58,6 +58,10 @@ class Blob < SimpleDelegator
     binary? && extname.downcase.delete('.') == 'sketch'
   end
 
+  def stl?
+    extname.downcase.delete('.') == 'stl'
+  end
+
   def size_within_svg_limits?
     size <= MAXIMUM_SVG_SIZE
   end
@@ -81,6 +85,8 @@ class Blob < SimpleDelegator
       'notebook'
     elsif sketch?
       'sketch'
+    elsif stl?
+      'stl'
     elsif text?
       'text'
     else

app/models/container_repository.rb

+class ContainerRepository < ActiveRecord::Base
+  belongs_to :project
+
+  validates :name, length: { minimum: 0, allow_nil: false }
+  validates :name, uniqueness: { scope: :project_id }
+
+  delegate :client, to: :registry
+
+  before_destroy :delete_tags!
+
+  def registry
+    @registry ||= begin
+      token = Auth::ContainerRegistryAuthenticationService.full_access_token(path)
+
+      url = Gitlab.config.registry.api_url
+      host_port = Gitlab.config.registry.host_port
+
+      ContainerRegistry::Registry.new(url, token: token, path: host_port)
+    end
+  end
+
+  def path
+    @path ||= [project.full_path, name].select(&:present?).join('/')
+  end
+
+  def tag(tag)
+    ContainerRegistry::Tag.new(self, tag)
+  end
+
+  def manifest
+    @manifest ||= client.repository_tags(path)
+  end
+
+  def tags
+    return @tags if defined?(@tags)
+    return [] unless manifest && manifest['tags']
+
+    @tags = manifest['tags'].map do |tag|
+      ContainerRegistry::Tag.new(self, tag)
+    end
+  end
+
+  def blob(config)
+    ContainerRegistry::Blob.new(self, config)
+  end
+
+  def has_tags?
+    tags.any?
+  end
+
+  def root_repository?
+    name.empty?
+  end
+
+  def delete_tags!
+    return unless has_tags?
+
+    digests = tags.map { |tag| tag.digest }.to_set
+
+    digests.all? do |digest|
+      client.delete_repository_tag(self.path, digest)
+    end
+  end
+
+  def self.build_from_path(path)
+    self.new(project: path.repository_project,
+             name: path.repository_name)
+  end
+
+  def self.create_from_path!(path)
+    build_from_path(path).tap(&:save!)
+  end
+
+  def self.build_root_repository(project)
+    self.new(project: project, name: '')
+  end
+end

app/models/issue.rb

@@ -50,6 +50,8 @@ class Issue < ActiveRecord::Base
 
   scope :include_associations, -> { includes(:assignee, :labels, project: :namespace) }
 
+  after_save :expire_etag_cache
+
   attr_spammable :title, spam_title: true
   attr_spammable :description, spam_description: true
 
@@ -272,4 +274,13 @@ class Issue < ActiveRecord::Base
   def publicly_visible?
     project.public? && !confidential?
   end
+
+  def expire_etag_cache
+    key = Gitlab::Routing.url_helpers.rendered_title_namespace_project_issue_path(
+      project.namespace,
+      project,
+      self
+    )
+    Gitlab::EtagCaching::Store.new.touch(key)
+  end
 end

app/models/namespace.rb

@@ -151,7 +151,7 @@ class Namespace < ActiveRecord::Base
   end
 
   def any_project_has_container_registry_tags?
-    projects.any?(&:has_container_registry_tags?)
+    all_projects.any?(&:has_container_registry_tags?)
   end
 
   def send_update_instructions
@@ -219,6 +219,12 @@ class Namespace < ActiveRecord::Base
     @old_repository_storage_paths ||= repository_storage_paths
   end
 
+  # Includes projects from this namespace and projects from all subgroups
+  # that belongs to this namespace
+  def all_projects
+    Project.inside_path(full_path)
+  end
+
   private
 
   def repository_storage_paths
@@ -226,7 +232,7 @@ class Namespace < ActiveRecord::Base
     # pending delete. Unscoping also get rids of the default order, which causes
     # problems with SELECT DISTINCT.
     Project.unscoped do
-      projects.select('distinct(repository_storage)').to_a.map(&:repository_storage_path)
+      all_projects.select('distinct(repository_storage)').to_a.map(&:repository_storage_path)
     end
   end
 

app/models/project.rb

@@ -164,6 +164,7 @@ class Project < ActiveRecord::Base
   has_one :import_data, dependent: :destroy, class_name: "ProjectImportData"
   has_one :project_feature, dependent: :destroy
   has_one :statistics, class_name: 'ProjectStatistics', dependent: :delete
+  has_many :container_repositories, dependent: :destroy
 
   has_many :commit_statuses, dependent: :destroy
   has_many :pipelines, dependent: :destroy, class_name: 'Ci::Pipeline'
@@ -391,10 +392,15 @@ class Project < ActiveRecord::Base
     end
 
     def sort(method)
-      if method == 'storage_size_desc'
+      case method.to_s
+      when 'storage_size_desc'
         # storage_size is a joined column so we need to
         # pass a string to avoid AR adding the table name
         reorder('project_statistics.storage_size DESC, projects.id DESC')
+      when 'latest_activity_desc'
+        reorder(last_activity_at: :desc)
+      when 'latest_activity_asc'
+        reorder(last_activity_at: :asc)
       else
         order_by(method)
       end
@@ -443,32 +449,15 @@ class Project < ActiveRecord::Base
     @repository ||= Repository.new(path_with_namespace, self)
   end
 
-  def container_registry_path_with_namespace
-    path_with_namespace.downcase
-  end
-
-  def container_registry_repository
-    return unless Gitlab.config.registry.enabled
-
-    @container_registry_repository ||= begin
-      token = Auth::ContainerRegistryAuthenticationService.full_access_token(container_registry_path_with_namespace)
-      url = Gitlab.config.registry.api_url
-      host_port = Gitlab.config.registry.host_port
-      registry = ContainerRegistry::Registry.new(url, token: token, path: host_port)
-      registry.repository(container_registry_path_with_namespace)
-    end
-  end
-
-  def container_registry_repository_url
+  def container_registry_url
     if Gitlab.config.registry.enabled
-      "#{Gitlab.config.registry.host_port}/#{container_registry_path_with_namespace}"
+      "#{Gitlab.config.registry.host_port}/#{path_with_namespace.downcase}"
     end
   end
 
   def has_container_registry_tags?
-    return unless container_registry_repository
-
-    container_registry_repository.tags.any?
+    container_repositories.to_a.any?(&:has_tags?) ||
+      has_root_container_repository_tags?
   end
 
   def commit(ref = 'HEAD')
@@ -1035,10 +1024,10 @@ class Project < ActiveRecord::Base
     expire_caches_before_rename(old_path_with_namespace)
 
     if has_container_registry_tags?
-      Rails.logger.error "Project #{old_path_with_namespace} cannot be renamed because container registry tags are present"
+      Rails.logger.error "Project #{old_path_with_namespace} cannot be renamed because container registry tags are present!"
 
-      # we currently doesn't support renaming repository if it contains tags in container registry
-      raise StandardError.new('Project cannot be renamed, because tags are present in its container registry')
+      # we currently doesn't support renaming repository if it contains images in container registry
+      raise StandardError.new('Project cannot be renamed, because images are present in its container registry')
     end
 
     if gitlab_shell.mv_repository(repository_storage_path, old_path_with_namespace, new_path_with_namespace)
@@ -1472,7 +1461,7 @@ class Project < ActiveRecord::Base
     ]
 
     if container_registry_enabled?
-      variables << { key: 'CI_REGISTRY_IMAGE', value: container_registry_repository_url, public: true }
+      variables << { key: 'CI_REGISTRY_IMAGE', value: container_registry_url, public: true }
     end
 
     variables
@@ -1645,4 +1634,15 @@ class Project < ActiveRecord::Base
 
     Project.unscoped.where(pending_delete: true).find_by_full_path(path_with_namespace)
   end
+
+  ##
+  # This method is here because of support for legacy container repository
+  # which has exactly the same path like project does, but which might not be
+  # persisted in `container_repositories` table.
+  #
+  def has_root_container_repository_tags?
+    return false unless Gitlab.config.registry.enabled
+
+    ContainerRepository.build_root_repository(self).has_tags?
+  end
 end

app/models/repository.rb

@@ -66,7 +66,7 @@ class Repository
   def raw_repository
     return nil unless path_with_namespace
 
-    @raw_repository ||= Gitlab::Git::Repository.new(path_to_repo)
+    @raw_repository ||= initialize_raw_repository
   end
 
   # Return absolute path to repository
@@ -153,12 +153,7 @@ class Repository
     # may cause the branch to "disappear" erroneously or have the wrong SHA.
     #
     # See: https://github.com/libgit2/libgit2/issues/1534 and https://gitlab.com/gitlab-org/gitlab-ce/issues/15392
-    raw_repo =
-      if fresh_repo
-        Gitlab::Git::Repository.new(path_to_repo)
-      else
-        raw_repository
-      end
+    raw_repo = fresh_repo ? initialize_raw_repository : raw_repository
 
     raw_repo.find_branch(name)
   end
@@ -512,9 +507,7 @@ class Repository
     end
   end
 
-  def branch_names
-    branches.map(&:name)
-  end
+  delegate :branch_names, to: :raw_repository
   cache_method :branch_names, fallback: []
 
   delegate :tag_names, to: :raw_repository
@@ -1257,4 +1250,8 @@ class Repository
   def repository_storage_path
     @project.repository_storage_path
   end
+
+  def initialize_raw_repository
+    Gitlab::Git::Repository.new(project.repository_storage, path_with_namespace + '.git')
+  end
 end

app/policies/group_policy.rb

@@ -15,7 +15,7 @@ class GroupPolicy < BasePolicy
     can_read ||= member
     can_read ||= @user.admin?
     can_read ||= @user.auditor?
-    can_read ||= GroupProjectsFinder.new(@subject).execute(@user).any?
+    can_read ||= GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any?
     can! :read_group if can_read
 
     # Only group masters and group owners can create new projects
@@ -45,6 +45,6 @@ class GroupPolicy < BasePolicy
     return true if @subject.internal? && !@user.external?
     return true if @subject.users.include?(@user)
 
-    GroupProjectsFinder.new(@subject).execute(@user).any?
+    GroupProjectsFinder.new(group: @subject, current_user: @user).execute.any?
   end
 end

app/serializers/build_action_entity.rb

@@ -11,4 +11,6 @@ class BuildActionEntity < Grape::Entity
       build.project,
       build)
   end
+
+  expose :playable?, as: :playable
 end

app/serializers/build_entity.rb

@@ -16,6 +16,7 @@ class BuildEntity < Grape::Entity
     path_to(:play_namespace_project_build, build)
   end
 
+  expose :playable?, as: :playable
   expose :created_at
   expose :updated_at
   expose :detailed_status, as: :status, with: StatusEntity

app/services/auth/container_registry_authentication_service.rb

@@ -17,6 +17,7 @@ module Auth
     end
 
     def self.full_access_token(*names)
+      names = names.flatten
       registry = Gitlab.config.registry
       token = JSONWebToken::RSAToken.new(registry.key)
       token.issuer = registry.issuer
@@ -37,13 +38,13 @@ module Auth
     private
 
     def authorized_token(*accesses)
-      token = JSONWebToken::RSAToken.new(registry.key)
+      JSONWebToken::RSAToken.new(registry.key).tap do |token|
         token.issuer = registry.issuer
         token.audience = params[:service]
         token.subject = current_user.try(:username)
         token.expire_time = self.class.token_expire_at
         token[:access] = accesses.compact
-      token
+      end
     end
 
     def scope
@@ -55,20 +56,43 @@ module Auth
     def process_scope(scope)
       type, name, actions = scope.split(':', 3)
       actions = actions.split(',')
+      path = ContainerRegistry::Path.new(name)
+
       return unless type == 'repository'
 
-      process_repository_access(type, name, actions)
+      process_repository_access(type, path, actions)
     end
 
-    def process_repository_access(type, name, actions)
-      requested_project = Project.find_by_full_path(name)
+    def process_repository_access(type, path, actions)
+      return unless path.valid?
+
+      requested_project = path.repository_project
+
       return unless requested_project
 
       actions = actions.select do |action|
         can_access?(requested_project, action)
       end
 
-      { type: type, name: name, actions: actions } if actions.present?
+      return unless actions.present?
+
+      # At this point user/build is already authenticated.
+      #
+      ensure_container_repository!(path, actions)
+
+      { type: type, name: path.to_s, actions: actions }
+    end
+
+    ##
+    # Because we do not have two way communication with registry yet,
+    # we create a container repository image resource when push to the
+    # registry is successfuly authorized.
+    #
+    def ensure_container_repository!(path, actions)
+      return if path.has_repository?
+      return unless actions.include?('push')
+
+      ContainerRepository.create_from_path!(path)
     end
 
     def can_access?(requested_project, requested_action)
@@ -101,6 +125,11 @@ module Auth
         can?(current_user, :read_container_image, requested_project)
     end
 
+    ##
+    # We still support legacy pipeline triggers which do not have associated
+    # actor. New permissions model and new triggers are always associated with
+    # an actor, so this should be improved in 10.0 version of GitLab.
+    #
     def build_can_push?(requested_project)
       # Build can push only to the project from which it originates
       has_authentication_ability?(:build_create_container_image) &&
@@ -113,14 +142,11 @@ module Auth
     end
 
     def error(code, status:, message: '')
-      {
-        errors: [{ code: code, message: message }],
-        http_status: status
-      }
+      { errors: [{ code: code, message: message }], http_status: status }
     end
 
     def has_authentication_ability?(capability)
-      (@authentication_abilities || []).include?(capability)
+      @authentication_abilities.to_a.include?(capability)
     end
   end
 end

app/services/merge_requests/base_service.rb

@@ -39,7 +39,7 @@ module MergeRequests
     private
 
     # Returns all origin and fork merge requests from `@project` satisfying passed arguments.
-    def merge_requests_for(source_branch, mr_states: [:opened])
+    def merge_requests_for(source_branch, mr_states: [:opened, :reopened])
       MergeRequest
         .with_state(mr_states)
         .where(source_branch: source_branch, source_project_id: @project.id)

app/services/merge_requests/build_service.rb

@@ -21,7 +21,9 @@ module MergeRequests
     delegate :target_branch, :source_branch, :source_project, :target_project, :compare_commits, :wip_title, :description, :errors, to: :merge_request
 
     def find_source_project
-      source_project || project
+      return source_project if source_project.present? && can?(current_user, :read_project, source_project)
+
+      project
     end
 
     def find_target_project

app/services/projects/destroy_service.rb

@@ -32,8 +32,8 @@ module Projects
         project.destroy!
         trash_repositories!
 
-        unless remove_registry_tags
-          raise_error('Failed to remove project container registry. Please try again or contact administrator')
+        unless remove_legacy_registry_tags
+          raise_error('Failed to remove some tags in project container registry. Please try again or contact administrator.')
         end
       end
 
@@ -93,10 +93,16 @@ module Projects
       end
     end
 
-    def remove_registry_tags
+    ##
+    # This method makes sure that we correctly remove registry tags
+    # for legacy image repository (when repository path equals project path).
+    #
+    def remove_legacy_registry_tags
       return true unless Gitlab.config.registry.enabled
 
-      project.container_registry_repository.delete_tags
+      ContainerRepository.build_root_repository(project).tap do |repository|
+        return repository.has_tags? ? repository.delete_tags! : true
+      end
     end
 
     def remove_tracking_entries!

app/services/search/global_service.rb

@@ -10,7 +10,7 @@ module Search
 
     def execute
       group = Group.find_by(id: params[:group_id]) if params[:group_id].present?
-      projects = ProjectsFinder.new.execute(current_user)
+      projects = ProjectsFinder.new(current_user: current_user).execute
 
       if group
         projects = projects.inside_path(group.full_path)

app/views/dashboard/projects/_zero_authorized_projects.html.haml

-- publicish_project_count = ProjectsFinder.new.execute(current_user).count
+- publicish_project_count = ProjectsFinder.new(current_user: current_user).execute.count
 .blank-state.blank-state-welcome
   %h2.blank-state-welcome-title
     Welcome to GitLab

app/views/layouts/_head.html.haml

@@ -23,7 +23,7 @@
   %title= page_title(site_name)
   %meta{ name: "description", content: page_description }
 
-  = favicon_link_tag favicon
+  = favicon_link_tag favicon, id: 'favicon'
 
   = stylesheet_link_tag "application", media: "all"
   = stylesheet_link_tag "print",       media: "print"

app/views/notify/pipeline_failed_email.text.erb

@@ -14,9 +14,21 @@ Commit Author: <%= commit.author.name %> ( <%= user_url(commit.author) %> )
 <% else -%>
 Commit Author: <%= commit.author_name %>
 <% end -%>
+<% if commit.different_committer? -%>
+<% if commit.committer -%>
+Committed by: <%= commit.committer.name %> ( <%= user_url(commit.committer) %> )
+<% else -%>
+Committed by: <%= commit.committer_name %>
+<% end -%>
+<% end -%>
 
+<% if @pipeline.user -%>
+Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by <%= @pipeline.user.name %> ( <%= user_url(@pipeline.user) %> )
+<% else -%>
+Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by API
+<% end -%>
 <% failed = @pipeline.statuses.latest.failed -%>
-Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) had <%= failed.size %> failed <%= 'build'.pluralize(failed.size) %>.
+had <%= failed.size %> failed <%= 'build'.pluralize(failed.size) %>.
 
 <% failed.each do |build| -%>
 <%= render "notify/links/#{build.to_partial_path}", pipeline: @pipeline, build: build %>

app/views/notify/pipeline_success_email.html.haml

@@ -16,7 +16,7 @@
       %tbody
         %tr
           %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;" } Project
-          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;color:#333333;font-weight:400;width:75%;padding-left:5px;" }
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;" }
             - namespace_name = @project.group ? @project.group.name : @project.namespace.owner.name
             - namespace_url = @project.group ? group_url(@project.group) : user_url(@project.namespace.owner)
             %a.muted{ href: namespace_url, style: "color:#333333;text-decoration:none;" }
@@ -26,7 +26,7 @@
               = @project.name
         %tr
           %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Branch
-          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;color:#333333;font-weight:400;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
             %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
               %tbody
                 %tr
@@ -37,7 +37,7 @@
                       = @pipeline.ref
         %tr
           %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit
-          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;color:#333333;font-weight:400;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:400;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
             %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
               %tbody
                 %tr
@@ -52,13 +52,13 @@
                         = @merge_request.to_reference
             .commit{ style: "color:#5c5c5c;font-weight:300;" }
               = @pipeline.git_commit_message.truncate(50)
+        - commit = @pipeline.commit
         %tr
-          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Author
-          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;color:#333333;font-weight:400;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit Author
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
             %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
               %tbody
                 %tr
-                  - commit = @pipeline.commit
                   %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;vertical-align:middle;padding-right:5px;" }
                     %img.avatar{ height: "24", src: avatar_icon(commit.author || commit.author_email, 24), style: "display:block;border-radius:12px;margin:-2px 0;", width: "24", alt: "Avatar" }/
                   %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;vertical-align:middle;" }
@@ -68,17 +68,50 @@
                     - else
                       %span
                         = commit.author_name
+        - if commit.different_committer?
+          %tr
+            %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Committed by
+            %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
+              %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
+                %tbody
+                  %tr
+                    %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;vertical-align:middle;padding-right:5px;" }
+                      %img.avatar{ height: "24", src: avatar_icon(commit.committer || commit.committer_email, 24), style: "display:block;border-radius:12px;margin:-2px 0;", width: "24", alt: "Avatar" }/
+                    %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;vertical-align:middle;" }
+                      - if commit.committer
+                        %a.muted{ href: user_url(commit.committer), style: "color:#333333;text-decoration:none;" }
+                          = commit.committer.name
+                      - else
+                        %span
+                          = commit.committer_name
+
 %tr.spacer
   %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;height:18px;font-size:18px;line-height:18px;" }
      
 %tr.success-message
-  %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;color:#333333;font-size:15px;font-weight:400;line-height:1.4;padding:15px 5px;text-align:center;" }
-    - build_count = @pipeline.statuses.latest.size
-    - stage_count = @pipeline.stages_count
+  %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;color:#333333;font-size:15px;font-weight:400;line-height:1.4;padding:15px 5px 0 5px;text-align:center;" }
+    %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;margin:0 auto;" }
+      %tbody
+        %tr
+          %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;font-weight:500;line-height:1.4;vertical-align:baseline;" }
             Pipeline
             %a{ href: pipeline_url(@pipeline), style: "color:#3777b0;text-decoration:none;" }
               = "\##{@pipeline.id}"
+            triggered by
+          - if @pipeline.user
+            %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;vertical-align:middle;padding-right:5px;padding-left:5px", width: "24" }
+              %img.avatar{ height: "24", src: avatar_icon(@pipeline.user, 24), style: "display:block;border-radius:12px;margin:-2px 0;", width: "24", alt: "Avatar" }/
+            %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;font-weight:500;line-height:1.4;vertical-align:baseline;" }
+              %a.muted{ href: user_url(@pipeline.user), style: "color:#333333;text-decoration:none;" }
+                = @pipeline.user.name
+          - else
+            %td{ style: "font-family:'Menlo','Liberation Mono','Consolas','DejaVu Sans Mono','Ubuntu Mono','Courier New','andale mono','lucida console',monospace;font-size:14px;line-height:1.4;vertical-align:baseline;padding:0 5px;" }
+              API
+%tr
+  %td{ colspan: 2, style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;color:#333333;font-size:15px;font-weight:300;line-height:1.4;padding:15px 5px;text-align:center;" }
+    - job_count = @pipeline.statuses.latest.size
+    - stage_count = @pipeline.stages_count
     successfully completed
-    #{build_count} #{'build'.pluralize(build_count)}
+    #{job_count} #{'job'.pluralize(job_count)}
     in
     #{stage_count} #{'stage'.pluralize(stage_count)}.

app/views/notify/pipeline_success_email.text.erb

@@ -14,7 +14,19 @@ Commit Author: <%= commit.author.name %> ( <%= user_url(commit.author) %> )
 <% else -%>
 Commit Author: <%= commit.author_name %>
 <% end -%>
+<% if commit.different_committer? -%>
+<% if commit.committer -%>
+Committed by: <%= commit.committer.name %> ( <%= user_url(commit.committer) %> )
+<% else -%>
+Committed by: <%= commit.committer_name %>
+<% end -%>
+<% end -%>
 
 <% build_count = @pipeline.statuses.latest.size -%>
 <% stage_count = @pipeline.stages_count -%>
-Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) successfully completed <%= build_count %> <%= 'build'.pluralize(build_count) %> in <%= stage_count %> <%= 'stage'.pluralize(stage_count) %>.
+<% if @pipeline.user -%>
+Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by <%= @pipeline.user.name %> ( <%= user_url(@pipeline.user) %> )
+<% else -%>
+Pipeline #<%= @pipeline.id %> ( <%= pipeline_url(@pipeline) %> ) triggered by API
+<% end -%>
+successfully completed <%= build_count %> <%= 'build'.pluralize(build_count) %> in <%= stage_count %> <%= 'stage'.pluralize(stage_count) %>.

app/views/projects/blob/_stl.html.haml

+- content_for :page_specific_javascripts do
+  = page_specific_javascript_bundle_tag('stl_viewer')
+
+.file-content.is-stl-loading
+  .text-center#js-stl-viewer{ data: { endpoint: namespace_project_raw_path(@project.namespace, @project, @id) } }
+    = icon('spinner spin 2x', class: 'prepend-top-default append-bottom-default', 'aria-hidden' => 'true', 'aria-label' => 'Loading')
+  .text-center.prepend-top-default.append-bottom-default.stl-controls
+    .btn-group
+      %button.btn.btn-default.btn-sm.js-material-changer{ data: { type: 'wireframe' } }
+        Wireframe
+      %button.btn.btn-default.btn-sm.active.js-material-changer{ data: { type: 'default' } }
+        Solid

app/views/projects/issues/show.html.haml

@@ -49,11 +49,12 @@
         = link_to 'Submit as spam', mark_as_spam_namespace_project_issue_path(@project.namespace, @project, @issue), method: :post, class: 'hidden-xs hidden-sm btn btn-grouped btn-spam', title: 'Submit as spam'
       = link_to 'Edit', edit_namespace_project_issue_path(@project.namespace, @project, @issue), class: 'hidden-xs hidden-sm btn btn-grouped issuable-edit'
 
-
 .issue-details.issuable-details
   .detail-page-description.content-block{ class: ('hide-bottom-border' unless @issue.description.present? ) }
-    %h2.title
-      = markdown_field(@issue, :title)
+    .issue-title-data.hidden{ "data" => { "initial-title" => markdown_field(@issue, :title),
+      "endpoint" => rendered_title_namespace_project_issue_path(@project.namespace, @project, @issue),
+    } }
+    .issue-title-entrypoint
     - if @issue.description.present?
       .description{ class: can?(current_user, :update_issue, @issue) ? 'js-task-list-container' : '' }
         .wiki
@@ -77,3 +78,5 @@
     = render 'projects/issues/discussion'
 
 = render 'shared/issuable/sidebar', issuable: @issue
+
+= page_specific_javascript_bundle_tag('issue_show')

app/views/projects/merge_requests/widget/_show.html.haml

@@ -12,6 +12,7 @@
     merge_check_url: "#{merge_check_namespace_project_merge_request_path(@project.namespace, @project, @merge_request)}",
     check_enable: #{@merge_request.unchecked? ? "true" : "false"},
     ci_status_url: "#{ci_status_namespace_project_merge_request_path(@project.namespace, @project, @merge_request)}",
+    pipeline_status_url: "#{pipeline_status_namespace_project_merge_request_path(@project.namespace, @project, @merge_request)}",
     ci_environments_status_url: "#{ci_environments_status_namespace_project_merge_request_path(@project.namespace, @project, @merge_request)}",
     gitlab_icon: "#{asset_path 'gitlab_logo.png'}",
     ci_status: "#{@merge_request.head_pipeline ? @merge_request.head_pipeline.status : ''}",

app/views/projects/registry/repositories/_image.html.haml

+.container-image.js-toggle-container
+  .container-image-head
+    = link_to "#", class: "js-toggle-button" do
+      = icon('chevron-down', 'aria-hidden': 'true')
+      = escape_once(image.path)
+
+    = clipboard_button(clipboard_text: "docker pull #{image.path}")
+
+    .controls.hidden-xs.pull-right
+      = link_to namespace_project_container_registry_path(@project.namespace, @project, image),
+                class: 'btn btn-remove has-tooltip',
+                title: 'Remove repository',
+                data: { confirm: 'Are you sure?' },
+                method: :delete do
+        = icon('trash cred', 'aria-hidden': 'true')
+
+  .container-image-tags.js-toggle-content.hide
+    - if image.has_tags?
+      .table-holder
+        %table.table.tags
+          %thead
+            %tr
+              %th Tag
+              %th Tag ID
+              %th Size
+              %th Created
+              - if can?(current_user, :update_container_image, @project)
+                %th
+          = render partial: 'tag', collection: image.tags
+    - else
+      .nothing-here-block No tags in Container Registry for this container image.
+

app/views/projects/container_registry/_tag.html.haml → app/views/projects/registry/repositories/_tag.html.haml

@@ -25,5 +25,9 @@
   - if can?(current_user, :update_container_image, @project)
     %td.content
       .controls.hidden-xs.pull-right
-        = link_to namespace_project_container_registry_path(@project.namespace, @project, tag.name), class: 'btn btn-remove has-tooltip', title: "Remove", data: { confirm: "Are you sure?" }, method: :delete do
-          = icon("trash cred")
+        = link_to namespace_project_registry_repository_tag_path(@project.namespace, @project, tag.repository, tag.name),
+                  method: :delete,
+                  class: 'btn btn-remove has-tooltip',
+                  title: 'Remove tag',
+                  data: { confirm: 'Are you sure you want to delete this tag?' } do
+          = icon('trash cred')

app/views/projects/container_registry/index.html.haml → app/views/projects/registry/repositories/index.html.haml

@@ -15,25 +15,12 @@
       %br
       Then you are free to create and upload a container image with build and push commands:
       %pre
-        docker build -t #{escape_once(@project.container_registry_repository_url)} .
+        docker build -t #{escape_once(@project.container_registry_url)}/image .
         %br
-        docker push #{escape_once(@project.container_registry_repository_url)}
+        docker push #{escape_once(@project.container_registry_url)}/image
 
-  - if @tags.blank?
-    %li
-      .nothing-here-block No images in Container Registry for this project.
+  - if @images.blank?
+    .nothing-here-block No container image repositories in Container Registry for this project.
 
   - else
-    .table-holder
-      %table.table.tags
-        %thead
-          %tr
-            %th Name
-            %th Image ID
-            %th Size
-            %th Created
-            - if can?(current_user, :update_container_image, @project)
-              %th
-
-        - @tags.each do |tag|
-          = render 'tag', tag: tag
+    = render partial: 'image', collection: @images

app/views/shared/projects/_dropdown.html.haml

-- @sort ||= sort_value_recently_updated
+- @sort ||= sort_value_latest_activity
 .dropdown
   - toggle_text = projects_sort_options_hash[@sort]
   = dropdown_toggle(toggle_text, { toggle: 'dropdown' }, { id: 'sort-projects-dropdown' })

app/workers/elastic_commit_indexer_worker.rb

 class ElasticCommitIndexerWorker
   include Sidekiq::Worker
+  include DedicatedSidekiqQueue
   include Gitlab::CurrentSettings
 
-  sidekiq_options queue: :elasticsearch, retry: 2
+  sidekiq_options retry: 2
 
   def perform(project_id, oldrev = nil, newrev = nil)
     return true unless current_application_settings.elasticsearch_indexing?

app/workers/elastic_indexer_worker.rb

 class ElasticIndexerWorker
   include Sidekiq::Worker
+  include DedicatedSidekiqQueue
   include Elasticsearch::Model::Client::ClassMethods
   include Gitlab::CurrentSettings
 
-  sidekiq_options queue: :elasticsearch, retry: 2
+  sidekiq_options retry: 2
 
   ISSUE_TRACKED_FIELDS = %w(assignee_id author_id confidential).freeze
 

app/workers/geo_repository_fetch_worker.rb

 class GeoRepositoryFetchWorker
   include Sidekiq::Worker
+  include ::GeoDynamicBackoff
+  include GeoQueue
   include Gitlab::ShellAdapter
+
   sidekiq_options queue: 'geo_repository_update'
 
   def perform(project_id, clone_url)
@@ -12,5 +15,7 @@ class GeoRepositoryFetchWorker
     project.repository.expire_all_method_caches
     project.repository.expire_branch_cache
     project.repository.expire_content_cache
+  rescue Gitlab::Shell::Error => e
+    logger.error "Error fetching repository for project #{project.path_with_namespace}: #{e}"
   end
 end

app/workers/repository_import_worker.rb

@@ -2,6 +2,8 @@ class RepositoryImportWorker
   include Sidekiq::Worker
   include DedicatedSidekiqQueue
 
+  sidekiq_options status_expiration: StuckImportJobsWorker::IMPORT_EXPIRATION
+
   attr_accessor :project, :current_user
 
   def perform(project_id)
@@ -12,7 +14,7 @@ class RepositoryImportWorker
                               import_url: @project.import_url,
                               path: @project.path_with_namespace)
 
-    project.update_column(:import_error, nil)
+    project.update_columns(import_jid: self.jid, import_error: nil)
 
     result = Projects::ImportService.new(project, current_user).execute
 

app/workers/stuck_import_jobs_worker.rb

+class StuckImportJobsWorker
+  include Sidekiq::Worker
+  include CronjobQueue
+
+  IMPORT_EXPIRATION = 15.hours.to_i
+
+  def perform
+    stuck_projects.find_in_batches(batch_size: 500) do |group|
+      jids = group.map(&:import_jid)
+
+      # Find the jobs that aren't currently running or that exceeded the threshold.
+      completed_jids = Gitlab::SidekiqStatus.completed_jids(jids)
+
+      if completed_jids.any?
+        completed_ids = group.select { |project| completed_jids.include?(project.import_jid) }.map(&:id)
+
+        fail_batch!(completed_jids, completed_ids)
+      end
+    end
+  end
+
+  private
+
+  def stuck_projects
+    Project.select('id, import_jid').with_import_status(:started).where.not(import_jid: nil)
+  end
+
+  def fail_batch!(completed_jids, completed_ids)
+    Project.where(id: completed_ids).update_all(import_status: 'failed', import_error: error_message)
+
+    Rails.logger.info("Marked stuck import jobs as failed. JIDs: #{completed_jids.join(', ')}")
+  end
+
+  def error_message
+    "Import timed out. Import took longer than #{IMPORT_EXPIRATION} seconds"
+  end
+end

changelogs/unreleased-ee/1997-geo-better-handle-git-failures.yml

+---
+title: 'Geo: handle git failures on GeoRepositoryFetchWorker'
+merge_request:
+author:

changelogs/unreleased-ee/2108-split-elasticsearch-sidekiq-queue-in-two.yml

+---
+title: Give each elasticsearch worker its own sidekiq queue
+merge_request:
+author:

changelogs/unreleased/12818-ci-status-as-favicon.yml

+---
+title: Show CI status as Favicon on Pipelines, Job and MR pages
+merge_request: 10144
+author:

changelogs/unreleased/28810-projectfinder-should-handle-more-options.yml

+---
+title: ProjectsFinder should handle more options
+merge_request: 9682
+author: Jacopo Beschi @jacopo-beschi

changelogs/unreleased/29364-private-projects-mr-fix.yml

+---
+title: Don’t show source project name when user does not have access
+merge_request:
+author:

changelogs/unreleased/30021-api-deploy_keys-can_push-is-not-honoured.yml

+---
+title: Enable creation of deploy keys with write access via the API
+merge_request:
+author:

changelogs/unreleased/30125-markdown-security.yml

+---
+title: Remove the class attribute from the whitelist for HTML generated from Markdown.
+merge_request:
+author:

changelogs/unreleased/30195-document-search-param-on-api.yml

+---
+title: Add search optional param and docs for V4
+merge_request:
+author:

changelogs/unreleased/30291-reopen-mr.yml

+---
+title: Include reopened MRs when searching for opened ones
+merge_request: 10407
+author:

changelogs/unreleased/30493-env-deploy-tooltip.yml

+---
+title: Fixes HTML structure that was preventing the tooltip to disappear when hovering
+  out of the button.
+merge_request:
+author:

changelogs/unreleased/add_remove_concurrent_index_to_database_helper.yml

+---
+title: Add remove_concurrent_index to database helper
+merge_request: 10441
+author: blackst0ne