Add latest changes from gitlab-org/gitlab@master

db/schema.rb

@@ -325,6 +325,7 @@ ActiveRecord::Schema.define(version: 2019_12_02_031812) do
     t.string "encrypted_asset_proxy_secret_key_iv"
     t.string "static_objects_external_storage_url", limit: 255
     t.string "static_objects_external_storage_auth_token", limit: 255
+    t.integer "max_personal_access_token_lifetime"
     t.boolean "throttle_protected_paths_enabled", default: false, null: false
     t.integer "throttle_protected_paths_requests_per_period", default: 10, null: false
     t.integer "throttle_protected_paths_period_in_seconds", default: 60, null: false
@@ -2524,9 +2525,10 @@ ActiveRecord::Schema.define(version: 2019_12_02_031812) do
     t.datetime_with_timezone "updated_at", null: false
     t.integer "target_project_id", null: false
     t.text "target_branch", null: false
+    t.integer "status", limit: 2, default: 0, null: false
     t.index ["merge_request_id"], name: "index_merge_trains_on_merge_request_id", unique: true
     t.index ["pipeline_id"], name: "index_merge_trains_on_pipeline_id"
-    t.index ["target_project_id"], name: "index_merge_trains_on_target_project_id"
+    t.index ["target_project_id", "target_branch", "status"], name: "index_for_status_per_branch_per_project"
     t.index ["user_id"], name: "index_merge_trains_on_user_id"
   end
@@ -2925,6 +2927,7 @@ ActiveRecord::Schema.define(version: 2019_12_02_031812) do
     t.boolean "impersonation", default: false, null: false
     t.string "token_digest"
     t.index ["token_digest"], name: "index_personal_access_tokens_on_token_digest", unique: true
+    t.index ["user_id", "expires_at"], name: "index_pat_on_user_id_and_expires_at"
     t.index ["user_id"], name: "index_personal_access_tokens_on_user_id"
   end

doc/api/settings.md

@@ -269,6 +269,7 @@ are listed in the descriptions of the relevant settings.
 | `max_artifacts_size`                     | integer          | no                                   | Maximum artifacts size in MB |
 | `max_attachment_size`                    | integer          | no                                   | Limit attachment size in MB |
 | `max_pages_size`                         | integer          | no                                   | Maximum size of pages repositories in MB |
+| `max_personal_access_token_lifetime`     | integer          | no                                   | **(ULTIMATE ONLY)** Maximum allowable lifetime for personal access tokens in days |
 | `metrics_enabled`                        | boolean          | no                                   | (**If enabled, requires:** `metrics_host`, `metrics_method_call_threshold`, `metrics_packet_size`, `metrics_pool_size`, `metrics_port`, `metrics_sample_interval` and `metrics_timeout`) Enable influxDB metrics. |
 | `metrics_host`                           | string           | required by: `metrics_enabled`       | InfluxDB host. |
 | `metrics_method_call_threshold`          | integer          | required by: `metrics_enabled`       | A method call is only tracked when it takes longer than the given amount of milliseconds. |

doc/ci/environments.md

@@ -303,6 +303,41 @@ You are not required to use the same prefix or only slashes (`/`) in the dynamic
 names. However, using this format will enable the [grouping similar environments](#grouping-similar-environments)
 feature.
+### Configuring Kubernetes deployments
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/27630) in GitLab 12.6.
+
+If you are deploying to a [Kubernetes cluster](../user/project/clusters/index.md)
+associated with your project, you can configure these deployments from your
+`gitlab-ci.yml` file.
+
+The following configuration options are supported:
+
+- [`namespace`](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
+
+In the following example, the job will deploy your application to the
+`production` Kubernetes namespace.
+
+```yaml
+deploy:
+  stage: deploy
+  script:
+    - echo "Deploy to production server"
+  environment:
+    name: production
+    url: https://example.com
+    kubernetes:
+      namespace: production
+  only:
+  - master
+```
+
+NOTE: **Note:**
+Kubernetes configuration is not supported for Kubernetes clusters
+that are [managed by GitLab](../user/project/clusters/index.md#gitlab-managed-clusters).
+To follow progress on support for Gitlab-managed clusters, see the
+[relevant issue](https://gitlab.com/gitlab-org/gitlab/issues/38054).
+
 ### Complete example
 The configuration in this section provides a full development workflow where your app is:

doc/ci/yaml/README.md

@@ -1421,6 +1421,38 @@ The `stop_review_app` job is **required** to have the following keywords defined
 - `stage` should be the same as the `review_app` in order for the environment
   to stop automatically when the branch is deleted
+#### `environment:kubernetes`
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/27630) in GitLab 12.6.
+
+The `kubernetes` block is used to configure deployments to a
+[Kubernetes cluster](../../user/project/clusters/index.md) that is associated with your project.
+
+For example:
+
+```yaml
+deploy:
+  stage: deploy
+  script: make deploy-app
+  environment:
+    name: production
+    kubernetes:
+      namespace: production
+```
+
+This will set up the `deploy` job to deploy to the `production`
+environment, using the `production`
+[Kubernetes namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
+
+For more information, see
+[Available settings for `kubernetes`](../environments.md#configuring-kubernetes-deployments).
+
+NOTE: **Note:**
+Kubernetes configuration is not supported for Kubernetes clusters
+that are [managed by GitLab](../../user/project/clusters/index.md#gitlab-managed-clusters).
+To follow progress on support for Gitlab-managed clusters, see the
+[relevant issue](https://gitlab.com/gitlab-org/gitlab/issues/38054).
+
 #### Dynamic environments
 > - [Introduced][ce-6323] in GitLab 8.12 and GitLab Runner 1.6.

doc/user/admin_area/settings/account_and_limit_settings.md

@@ -84,3 +84,35 @@ add the line below to `/etc/gitlab/gitlab.rb` before increasing the max attachme
 ```
 nginx['client_max_body_size'] = "200m"
 ```
+
+## Limiting lifetime of personal access tokens **(ULTIMATE ONLY)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/3649) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
+
+Users can optionally specify an expiration date for
+[personal access tokens](../../profile/personal_access_tokens.md).
+This expiration date is not a requirement, and can be set to any arbitrary date.
+
+Since personal access tokens are the only token needed for programmatic access to GitLab,
+organizations with security requirements may want to enforce more protection to require
+regular rotation of these tokens.
+
+### Setting a limit
+
+Only a GitLab administrator can set a limit. Leaving it empty means
+there are no restrictions.
+
+To set a limit on how long personal access tokens are valid:
+
+1. Navigate to **Admin Area > Settings > General**.
+1. Expand the **Account and limit** section.
+1. Fill in the **Maximun allowable lifetime for personal access tokens (days)** field.
+1. Click **Save changes**.
+
+Once a lifetime for personal access tokens is set, GitLab will:
+
+- Apply the lifetime for new personal access tokens, and require users to set an expiration date
+  and a date no later than the allowed lifetime.
+- After three hours, revoke old tokens with no expiration date or with a lifetime longer than the
+  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
+  or remove it, before revocation takes place.

lib/gitlab/diff/file_collection/merge_request_diff.rb

@@ -4,45 +4,6 @@ module Gitlab
   module Diff
     module FileCollection
       class MergeRequestDiff < MergeRequestDiffBase
-        include Gitlab::Utils::StrongMemoize
-
-        def diff_files
-          strong_memoize(:diff_files) do
-            diff_files = super
-
-            diff_files.each { |diff_file| cache.decorate(diff_file) }
-
-            diff_files
-          end
-        end
-
-        override :write_cache
-        def write_cache
-          cache.write_if_empty
-        end
-
-        override :clear_cache
-        def clear_cache
-          cache.clear
-        end
-
-        def cache_key
-          cache.key
-        end
-
-        def real_size
-          @merge_request_diff.real_size
-        end
-
-        private
-
-        def cache
-          @cache ||= if Feature.enabled?(:hset_redis_diff_caching, project)
-                       Gitlab::Diff::HighlightCache.new(self)
-                     else
-                       Gitlab::Diff::DeprecatedHighlightCache.new(self)
-                     end
-        end
       end
     end
   end

lib/gitlab/diff/file_collection/merge_request_diff_base.rb

@@ -15,6 +15,44 @@ module Gitlab
             diff_refs: merge_request_diff.diff_refs,
             fallback_diff_refs: merge_request_diff.fallback_diff_refs)
         end
+
+        def diff_files
+          strong_memoize(:diff_files) do
+            diff_files = super
+
+            diff_files.each { |diff_file| cache.decorate(diff_file) }
+
+            diff_files
+          end
+        end
+
+        override :write_cache
+        def write_cache
+          cache.write_if_empty
+        end
+
+        override :clear_cache
+        def clear_cache
+          cache.clear
+        end
+
+        def cache_key
+          cache.key
+        end
+
+        def real_size
+          @merge_request_diff.real_size
+        end
+
+        private
+
+        def cache
+          @cache ||= if Feature.enabled?(:hset_redis_diff_caching, project)
+                       Gitlab::Diff::HighlightCache.new(self)
+                     else
+                       Gitlab::Diff::DeprecatedHighlightCache.new(self)
+                     end
+        end
       end
     end
   end

lib/gitlab/gon_helper.rb

@@ -42,7 +42,6 @@ module Gitlab
       # Initialize gon.features with any flags that should be
       # made globally available to the frontend
       push_frontend_feature_flag(:suppress_ajax_navigation_errors, default_enabled: true)
-      push_frontend_feature_flag(:snippets_vue, default_enabled: false)
     end
     # Exposes the state of a feature flag to the frontend code.

locale/gitlab.pot

@@ -9128,6 +9128,9 @@ msgstr ""
 msgid "Helps reduce request volume for protected paths"
 msgstr ""
+msgid "Hi %{username}!"
+msgstr ""
+
 msgid "Hide archived projects"
 msgstr ""
@@ -10274,6 +10277,9 @@ msgstr ""
 msgid "Leave Admin Mode"
 msgstr ""
+msgid "Leave blank for no limit. Once set, existing personal access tokens may be revoked"
+msgstr ""
+
 msgid "Leave edit mode? All unsaved changes will be lost."
 msgstr ""
@@ -10764,6 +10770,9 @@ msgstr ""
 msgid "Max seats used"
 msgstr ""
+msgid "Maximum allowable lifetime for personal access token (days)"
+msgstr ""
+
 msgid "Maximum artifacts size (MB)"
 msgstr ""
@@ -10782,6 +10791,9 @@ msgstr ""
 msgid "Maximum job timeout has a value which could not be accepted"
 msgstr ""
+msgid "Maximum lifetime allowable for Personal Access Tokens is active, your expire date must be set before %{maximum_allowable_date}."
+msgstr ""
+
 msgid "Maximum number of comments exceeded"
 msgstr ""
@@ -11985,6 +11997,9 @@ msgstr[1] ""
 msgid "One or more groups that you don't have access to."
 msgstr ""
+msgid "One or more of you personal access tokens were revoked"
+msgstr ""
+
 msgid "One or more of your Bitbucket projects cannot be imported into GitLab directly because they use Subversion or Mercurial for version control, rather than Git."
 msgstr ""
@@ -17439,6 +17454,11 @@ msgstr ""
 msgid "The following items will be exported:"
 msgstr ""
+msgid "The following personal access token: %{token_names} was revoked, because a new policy to expire personal access tokens were set."
+msgid_plural "The following personal access tokens: %{token_names} were revoked, because a new policy to expire personal access tokens were set."
+msgstr[0] ""
+msgstr[1] ""
+
 msgid "The fork relationship has been removed."
 msgstr ""
@@ -20114,6 +20134,12 @@ msgstr ""
 msgid "You can create files directly in GitLab using one of the following options."
 msgstr ""
+msgid "You can create new ones at your %{pat_link_start}Personal Access Tokens%{pat_link_end} settings"
+msgstr ""
+
+msgid "You can create new ones at your Personal Access Tokens settings %{pat_link}"
+msgstr ""
+
 msgid "You can easily contribute to them by requesting to join these groups."
 msgstr ""

spec/controllers/projects/merge_requests/diffs_controller_spec.rb

@@ -25,6 +25,16 @@ describe Projects::MergeRequests::DiffsController do
     end
   end
+  shared_examples 'cached diff collection' do
+    it 'ensures diff highlighting cache writing' do
+      expect_next_instance_of(Gitlab::Diff::HighlightCache) do |cache|
+        expect(cache).to receive(:write_if_empty).once
+      end
+
+      go
+    end
+  end
+
   shared_examples 'persisted preferred diff view cookie' do
     context 'with view param' do
       before do
@@ -112,6 +122,7 @@ describe Projects::MergeRequests::DiffsController do
     end
     it_behaves_like 'persisted preferred diff view cookie'
+    it_behaves_like 'cached diff collection'
   end
   describe 'GET diffs_metadata' do
@@ -404,6 +415,7 @@ describe Projects::MergeRequests::DiffsController do
     it_behaves_like 'forked project with submodules'
     it_behaves_like 'persisted preferred diff view cookie'
+    it_behaves_like 'cached diff collection'
     context 'diff unfolding' do
       let!(:unfoldable_diff_note) do

spec/features/snippets/internal_snippet_spec.rb

@@ -5,10 +5,6 @@ require 'spec_helper'
 describe 'Internal Snippets', :js do
   let(:internal_snippet) { create(:personal_snippet, :internal) }
-  before do
-    stub_feature_flags(snippets_vue: false)
-  end
-
   describe 'normal user' do
     before do
       sign_in(create(:user))

spec/features/snippets/notes_on_personal_snippets_spec.rb

@@ -16,7 +16,6 @@ describe 'Comments on personal snippets', :js do
   let!(:other_note) { create(:note_on_personal_snippet) }
   before do
-    stub_feature_flags(snippets_vue: false)
     sign_in user
     visit snippet_path(snippet)

spec/features/snippets/private_snippets_spec.rb

@@ -6,7 +6,6 @@ describe 'Private Snippets', :js do
   let(:user) { create(:user) }
   before do
-    stub_feature_flags(snippets_vue: false)
     sign_in(user)
   end

spec/features/snippets/public_snippets_spec.rb

@@ -3,10 +3,6 @@
 require 'spec_helper'
 describe 'Public Snippets', :js do
-  before do
-    stub_feature_flags(snippets_vue: false)
-  end
-
   it 'Unauthenticated user should see public snippets' do
     public_snippet = create(:personal_snippet, :public)

spec/features/snippets/show_spec.rb

@@ -6,10 +6,6 @@ describe 'Snippet', :js do
   let(:project) { create(:project, :repository) }
   let(:snippet) { create(:personal_snippet, :public, file_name: file_name, content: content) }
-  before do
-    stub_feature_flags(snippets_vue: false)
-  end
-
   context 'Ruby file' do
     let(:file_name) { 'popen.rb' }
     let(:content) { project.repository.blob_at('master', 'files/ruby/popen.rb').data }

spec/features/snippets/spam_snippets_spec.rb

@@ -7,7 +7,6 @@ describe 'User creates snippet', :js do
   before do
     stub_feature_flags(allow_possible_spam: false)
-    stub_feature_flags(snippets_vue: false)
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
     Gitlab::CurrentSettings.update!(

spec/features/snippets/user_creates_snippet_spec.rb

@@ -8,7 +8,6 @@ describe 'User creates snippet', :js do
   let(:user) { create(:user) }
   before do
-    stub_feature_flags(snippets_vue: false)
     sign_in(user)
     visit new_snippet_path
   end

spec/features/snippets/user_deletes_snippet_spec.rb

@@ -10,8 +10,6 @@ describe 'User deletes snippet' do
   before do
     sign_in(user)
-    stub_feature_flags(snippets_vue: false)
-
     visit snippet_path(snippet)
   end

spec/features/snippets/user_edits_snippet_spec.rb

@@ -12,7 +12,6 @@ describe 'User edits snippet', :js do
   let(:snippet) { create(:personal_snippet, :public, file_name: file_name, content: content, author: user) }
   before do
-    stub_feature_flags(snippets_vue: false)
     sign_in(user)
     visit edit_snippet_path(snippet)

spec/features/snippets_spec.rb

@@ -6,38 +6,11 @@ describe 'Snippets' do
   context 'when the project has snippets' do
     let(:project) { create(:project, :public) }
     let!(:snippets) { create_list(:project_snippet, 2, :public, author: project.owner, project: project) }
-
     before do
       allow(Snippet).to receive(:default_per_page).and_return(1)
-
-      visit project_snippets_path(project)
+      visit snippets_path(username: project.owner.username)
     end
     it_behaves_like 'paginated snippets'
   end
-
-  describe 'rendering engine' do
-    let_it_be(:snippet) { create(:personal_snippet, :public) }
-    let(:snippets_vue_feature_flag_enabled) { true }
-
-    before do
-      stub_feature_flags(snippets_vue: snippets_vue_feature_flag_enabled)
-
-      visit snippet_path(snippet)
-    end
-
-    it 'renders Vue application' do
-      expect(page).to have_selector('#js-snippet-view')
-      expect(page).not_to have_selector('.personal-snippets')
-    end
-
-    context 'when feature flag is disabled' do
-      let(:snippets_vue_feature_flag_enabled) { false }
-
-      it 'renders HAML application and not Vue' do
-        expect(page).not_to have_selector('#js-snippet-view')
-        expect(page).to have_selector('.personal-snippets')
-      end
-    end
-  end
 end