Add latest changes from gitlab-org/gitlab@master

app/assets/stylesheets/framework/files.scss

@@ -499,3 +499,15 @@ span.idiff {
   background-color: transparent;
   border: transparent;
 }
+
+.code-navigation {
+  border-bottom: 1px $gray-darkest dashed;
+
+  &:hover {
+    border-bottom-color: $almost-black;
+  }
+}
+
+.code-navigation-popover {
+  max-width: 450px;
+}

app/assets/stylesheets/utilities.scss

@@ -28,6 +28,13 @@
   }
 }
+@for $i from 1 through 12 {
+  #{'.tab-width-#{$i}'} {
+    -moz-tab-size: $i;
+    tab-size: $i;
+  }
+}
+
 .border-width-1px { border-width: 1px; }
 .border-bottom-width-1px { border-bottom-width: 1px; }
 .border-style-dashed { border-style: dashed; }

app/controllers/profiles/preferences_controller.rb

@@ -48,6 +48,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController
       :time_display_relative,
       :time_format_in_24h,
       :show_whitespace_in_diffs,
+      :tab_width,
       :sourcegraph_enabled,
       :render_whitespace_in_code
     ]

app/controllers/projects/blob_controller.rb

@@ -29,6 +29,10 @@ class Projects::BlobController < Projects::ApplicationController
   before_action :validate_diff_params, only: :diff
   before_action :set_last_commit_sha, only: [:edit, :update]
+  before_action only: :show do
+    push_frontend_feature_flag(:code_navigation, @project)
+  end
+
   def new
     commit unless @repository.empty?
   end

app/helpers/preferences_helper.rb

@@ -63,6 +63,10 @@ module PreferencesHelper
     Gitlab::ColorSchemes.for_user(current_user).css_class
   end
+  def user_tab_width
+    Gitlab::TabWidth.css_class_for_user(current_user)
+  end
+
   def language_choices
     Gitlab::I18n::AVAILABLE_LANGUAGES.map { |value, label| [label, value] }
   end

app/helpers/projects_helper.rb

@@ -706,6 +706,10 @@ module ProjectsHelper
     Feature.enabled?(:vue_file_list, @project)
   end
+  def native_code_navigation_enabled?(project)
+    Feature.enabled?(:code_navigation, project)
+  end
+
   def show_visibility_confirm_modal?(project)
     project.unlink_forks_upon_visibility_decrease_enabled? && project.visibility_level > Gitlab::VisibilityLevel::PRIVATE && project.forks_count > 0
   end

app/models/deploy_token.rb

@@ -15,6 +15,11 @@ class DeployToken < ApplicationRecord
   has_many :project_deploy_tokens, inverse_of: :deploy_token
   has_many :projects, through: :project_deploy_tokens
+  has_many :group_deploy_tokens, inverse_of: :deploy_token
+  has_many :groups, through: :group_deploy_tokens
+
+  validate :no_groups, unless: :group_type?
+  validate :no_projects, unless: :project_type?
   validate :ensure_at_least_one_scope
   validates :username,
     length: { maximum: 255 },
@@ -24,6 +29,7 @@ class DeployToken < ApplicationRecord
       message: "can contain only letters, digits, '_', '-', '+', and '.'"
     }
+  validates :deploy_token_type, presence: true
   enum deploy_token_type: {
     group_type: 1,
     project_type: 2
@@ -56,18 +62,31 @@ class DeployToken < ApplicationRecord
   end
   def has_access_to?(requested_project)
-    active? && project == requested_project
+    return false unless active?
+    return false unless holder
+
+    holder.has_access_to?(requested_project)
   end
   # This is temporal. Currently we limit DeployToken
-  # to a single project, later we're going to extend
-  # that to be for multiple projects and namespaces.
+  # to a single project or group, later we're going to
+  # extend that to be for multiple projects and namespaces.
   def project
     strong_memoize(:project) do
       projects.first
     end
   end
+  def holder
+    strong_memoize(:holder) do
+      if project_type?
+        project_deploy_tokens.first
+      elsif group_type?
+        group_deploy_tokens.first
+      end
+    end
+  end
+
   def expires_at
     expires_at = read_attribute(:expires_at)
     expires_at != Forever.date ? expires_at : nil
@@ -92,4 +111,12 @@ class DeployToken < ApplicationRecord
   def default_username
     "gitlab+deploy-token-#{id}" if persisted?
   end
+
+  def no_groups
+    errors.add(:deploy_token, 'cannot have groups assigned') if group_deploy_tokens.any?
+  end
+
+  def no_projects
+    errors.add(:deploy_token, 'cannot have projects assigned') if project_deploy_tokens.any?
+  end
 end

app/models/group_deploy_token.rb

+# frozen_string_literal: true
+
+class GroupDeployToken < ApplicationRecord
+  belongs_to :group, class_name: '::Group'
+  belongs_to :deploy_token, inverse_of: :group_deploy_tokens
+
+  validates :deploy_token, presence: true
+  validates :group, presence: true
+  validates :deploy_token_id, uniqueness: { scope: [:group_id] }
+
+  def has_access_to?(requested_project)
+    return false unless Feature.enabled?(:allow_group_deploy_token, default: true)
+
+    requested_project_group = requested_project&.group
+    return false unless requested_project_group
+    return true if requested_project_group.id == group_id
+
+    requested_project_group
+      .ancestors
+      .where(id: group_id)
+      .exists?
+  end
+end

app/models/project_deploy_token.rb

@@ -7,4 +7,8 @@ class ProjectDeployToken < ApplicationRecord
   validates :deploy_token, presence: true
   validates :project, presence: true
   validates :deploy_token_id, uniqueness: { scope: [:project_id] }
+
+  def has_access_to?(requested_project)
+    requested_project == project
+  end
 end

app/models/user.rb

@@ -59,6 +59,8 @@ class User < ApplicationRecord
   MINIMUM_INACTIVE_DAYS = 180
+  enum bot_type: ::UserBotTypeEnums.bots
+
   # Override Devise::Models::Trackable#update_tracked_fields!
   # to limit database writes to at most once every hour
   # rubocop: disable CodeReuse/ServiceClass
@@ -246,6 +248,7 @@ class User < ApplicationRecord
   delegate :time_display_relative, :time_display_relative=, to: :user_preference
   delegate :time_format_in_24h, :time_format_in_24h=, to: :user_preference
   delegate :show_whitespace_in_diffs, :show_whitespace_in_diffs=, to: :user_preference
+  delegate :tab_width, :tab_width=, to: :user_preference
   delegate :sourcegraph_enabled, :sourcegraph_enabled=, to: :user_preference
   delegate :setup_for_company, :setup_for_company=, to: :user_preference
   delegate :render_whitespace_in_code, :render_whitespace_in_code=, to: :user_preference
@@ -322,6 +325,8 @@ class User < ApplicationRecord
   scope :with_emails, -> { preload(:emails) }
   scope :with_dashboard, -> (dashboard) { where(dashboard: dashboard) }
   scope :with_public_profile, -> { where(private_profile: false) }
+  scope :bots, -> { where.not(bot_type: nil) }
+  scope :humans, -> { where(bot_type: nil) }
   scope :with_expiring_and_not_notified_personal_access_tokens, ->(at) do
     where('EXISTS (?)',
@@ -598,6 +603,15 @@ class User < ApplicationRecord
       end
     end
+    def alert_bot
+      email_pattern = "alert%s@#{Settings.gitlab.host}"
+
+      unique_internal(where(bot_type: :alert_bot), 'alert-bot', email_pattern) do |u|
+        u.bio = 'The GitLab alert bot'
+        u.name = 'GitLab Alert Bot'
+      end
+    end
+
     # Return true if there is only single non-internal user in the deployment,
     # ghost user is ignored.
     def single_user?
@@ -613,16 +627,20 @@ class User < ApplicationRecord
     username
   end
+  def bot?
+    bot_type.present?
+  end
+
   def internal?
-    ghost?
+    ghost? || bot?
   end
   def self.internal
-    where(ghost: true)
+    where(ghost: true).or(bots)
   end
   def self.non_internal
-    without_ghosts
+    without_ghosts.humans
   end
   #

app/models/user_bot_type_enums.rb

+# frozen_string_literal: true
+
+module UserBotTypeEnums
+  def self.bots
+    # When adding a new key, please ensure you are not conflicting with EE-only keys in app/models/user_bot_types_enums.rb
+    {
+      alert_bot: 2
+    }
+  end
+end
+
+UserBotTypeEnums.prepend_if_ee('EE::UserBotTypeEnums')

app/models/user_preference.rb

@@ -9,7 +9,13 @@ class UserPreference < ApplicationRecord
   belongs_to :user
   validates :issue_notes_filter, :merge_request_notes_filter, inclusion: { in: NOTES_FILTERS.values }, presence: true
+  validates :tab_width, numericality: {
+    only_integer: true,
+    greater_than_or_equal_to: Gitlab::TabWidth::MIN,
+    less_than_or_equal_to: Gitlab::TabWidth::MAX
+  }
+  default_value_for :tab_width, value: Gitlab::TabWidth::DEFAULT, allows_nil: false
   default_value_for :timezone, value: Time.zone.tzinfo.name, allows_nil: false
   default_value_for :time_display_relative, value: true, allows_nil: false
   default_value_for :time_format_in_24h, value: false, allows_nil: false

app/policies/base_policy.rb

@@ -44,6 +44,9 @@ class BasePolicy < DeclarativePolicy::Base
     ::Gitlab::ExternalAuthorization.perform_check?
   end
+  with_options scope: :user, score: 0
+  condition(:alert_bot) { @user&.alert_bot? }
+
   rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do
     prevent :read_cross_project
   end

app/policies/concerns/policy_actor.rb

@@ -33,6 +33,10 @@ module PolicyActor
   def can_create_group
     false
   end
+
+  def alert_bot?
+    false
+  end
 end
 PolicyActor.prepend_if_ee('EE::PolicyActor')

app/policies/project_policy.rb

@@ -515,6 +515,8 @@ class ProjectPolicy < BasePolicy
   end
   def lookup_access_level!
+    return ::Gitlab::Access::REPORTER if alert_bot?
+
     # NOTE: max_member_access has its own cache
     project.team.max_member_access(@user.id)
   end

app/views/layouts/application.html.haml

@@ -4,7 +4,7 @@
 !!! 5
 %html{ lang: I18n.locale, class: page_classes }
   = render "layouts/head"
-  %body{ class: "#{user_application_theme} #{@body_class} #{client_class_list}", data: body_data }
+  %body{ class: "#{user_application_theme} #{user_tab_width} #{@body_class} #{client_class_list}", data: body_data }
     = render "layouts/init_auto_complete" if @gfm_form
     = render "layouts/init_client_detection_flags"
     = render 'peek/bar'

app/views/layouts/fullscreen.html.haml

 !!! 5
 %html{ lang: I18n.locale, class: page_class }
   = render "layouts/head"
-  %body{ class: "#{user_application_theme} #{@body_class} fullscreen-layout", data: { page: body_data_page } }
+  %body{ class: "#{user_application_theme} #{user_tab_width} #{@body_class} fullscreen-layout", data: { page: body_data_page } }
     = render 'peek/bar'
     = header_message
     = render partial: "layouts/header/default", locals: { project: @project, group: @group }

app/views/profiles/preferences/show.html.haml

@@ -69,6 +69,15 @@
       = f.check_box :show_whitespace_in_diffs, class: 'form-check-input'
       = f.label :show_whitespace_in_diffs, class: 'form-check-label' do
         = s_('Preferences|Show whitespace changes in diffs')
+    .form-group
+      = f.label :tab_width, s_('Preferences|Tab width'), class: 'label-bold'
+      = f.number_field :tab_width,
+                       class: 'form-control',
+                       min: Gitlab::TabWidth::MIN,
+                       max: Gitlab::TabWidth::MAX,
+                       required: true
+      .form-text.text-muted
+        = s_('Preferences|Must be a number between %{min} and %{max}') % { min: Gitlab::TabWidth::MIN, max: Gitlab::TabWidth::MAX }
   .col-sm-12
     %hr

app/views/profiles/preferences/update.js.erb

@@ -12,5 +12,9 @@ if ('<%= current_user.layout %>' === 'fluid') {
 // Re-enable the "Save" button
 $('input[type=submit]').enable()
-// Show the notice flash message
-new Flash('<%= flash.discard(:notice) %>', 'notice')
+// Show flash messages
+<% if flash.notice %>
+  new Flash('<%= flash.discard(:notice) %>', 'notice')
+<% elsif flash.alert %>
+  new Flash('<%= flash.discard(:alert) %>', 'alert')
+<% end %>

app/views/projects/blob/_blob.html.haml

@@ -9,6 +9,8 @@
   = render "projects/blob/auxiliary_viewer", blob: blob
 #blob-content-holder.blob-content-holder
+  - if native_code_navigation_enabled?(@project)
+    #js-code-navigation{ data: { commit_id: blob.commit_id, path: blob.path, project_path: @project.full_path } }
   %article.file-holder
     = render 'projects/blob/header', blob: blob
     = render 'projects/blob/content', blob: blob