Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into remove-comment-toggle

.github/ISSUE_TEMPLATE.md

+We’re closing our issue tracker on GitHub so we can focus on the GitLab.com project and respond to issues more quickly.
+
+We encourage you to open an issue on the [GitLab.com issue tracker](https://gitlab.com/gitlab-org/gitlab-ce/issues). You can log into GitLab.com using your GitHub account.

.github/PULL_REQUEST_TEMPLATE.md

+Thank you for taking the time to contribute back to GitLab!
+
+Please open a merge request [on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests), we look forward to reviewing your contribution! You can log into GitLab.com using your GitHub account.

.gitignore

@@ -4,46 +4,46 @@
 .bundle
 .chef
 .directory
-.envrc
-.gitlab_shell_secret
+/.envrc
+/.gitlab_shell_secret
 .idea
-.rbenv-version
+/.rbenv-version
 .rbx/
-.ruby-gemset
-.ruby-version
-.rvmrc
+/.ruby-gemset
+/.ruby-version
+/.rvmrc
 .sass-cache/
-.secret
-.vagrant
-.byebug_history
-Vagrantfile
-backups/*
-config/aws.yml
-config/database.yml
-config/gitlab.yml
-config/gitlab_ci.yml
-config/initializers/rack_attack.rb
-config/initializers/smtp_settings.rb
-config/initializers/relative_url.rb
-config/resque.yml
-config/unicorn.rb
-config/secrets.yml
-config/sidekiq.yml
-coverage/*
-db/*.sqlite3
-db/*.sqlite3-journal
-db/data.yml
-doc/code/*
-dump.rdb
-log/*.log*
-nohup.out
-public/assets/
-public/uploads.*
-public/uploads/
-shared/artifacts/
-rails_best_practices_output.html
+/.secret
+/.vagrant
+/.byebug_history
+/Vagrantfile
+/backups/*
+/config/aws.yml
+/config/database.yml
+/config/gitlab.yml
+/config/gitlab_ci.yml
+/config/initializers/rack_attack.rb
+/config/initializers/smtp_settings.rb
+/config/initializers/relative_url.rb
+/config/resque.yml
+/config/unicorn.rb
+/config/secrets.yml
+/config/sidekiq.yml
+/coverage/*
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/db/data.yml
+/doc/code/*
+/dump.rdb
+/log/*.log*
+/nohup.out
+/public/assets/
+/public/uploads.*
+/public/uploads/
+/shared/artifacts/
+/rails_best_practices_output.html
 /tags
-tmp/
-vendor/bundle/*
-builds/*
-shared/*
+/tmp/*
+/vendor/bundle/*
+/builds/*
+/shared/*

.gitlab-ci.yml

@@ -2,240 +2,213 @@ image: "ruby:2.1"
 services:
   - mysql:latest
-  - redis:latest
+  - redis:alpine
 cache:
   key: "ruby21"
   paths:
-  - vendor
+  - vendor/apt
+  - vendor/ruby
 variables:
   MYSQL_ALLOW_EMPTY_PASSWORD: "1"
   # retry tests only in CI environment
   RSPEC_RETRY_RETRY_COUNT: "3"
+  RAILS_ENV: "test"
+  SIMPLECOV: "true"
+  USE_DB: "true"
+  USE_BUNDLE_INSTALL: "true"
 before_script:
   - source ./scripts/prepare_build.sh
-  - ruby -v
-  - which ruby
-  - retry gem install bundler --no-ri --no-rdoc
   - cp config/gitlab.yml.example config/gitlab.yml
-  - touch log/application.log
-  - touch log/test.log
-  - retry bundle install --without postgres production --jobs $(nproc) "${FLAGS[@]}"
-  - RAILS_ENV=test bundle exec rake db:drop db:create db:schema:load db:migrate
+  - bundle --version
+  - '[ "$USE_BUNDLE_INSTALL" != "true" ] || retry bundle install --without postgres production --jobs $(nproc) "${FLAGS[@]}"'
+  - retry gem install knapsack
+  - '[ "$USE_DB" != "true" ] || bundle exec rake db:drop db:create db:schema:load db:migrate'
 stages:
+- prepare
 - test
-- notifications
-spec:feature:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:feature
-
-spec:api:
-  stage: test
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:api
-
-spec:models:
-  stage: test
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:models
-
-spec:lib:
-  stage: test
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:lib
-
-spec:services:
-  stage: test
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:services
-
-spec:other:
-  stage: test
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:other
-
-spinach:project:half:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:project:half
-
-spinach:project:rest:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:project:rest
-
-spinach:other:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:other
-
-teaspoon:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec teaspoon
-
-rubocop:
-  stage: test
-  script:
-    - bundle exec rubocop
-
-scss-lint:
-  stage: test
-  script:
-    - bundle exec rake scss_lint
-brakeman:
-  stage: test
-  script:
-    - bundle exec rake brakeman
-flog:
-  stage: test
+- post-test
+# Prepare and merge knapsack tests
+.knapsack-state: &knapsack-state
+  services: []
+  variables:
+    USE_DB: "false"
+    USE_BUNDLE_INSTALL: "false"
+  cache:
+    key: "knapsack"
+    paths:
+    - knapsack/
+  artifacts:
+    paths:
+    - knapsack/
+knapsack:
+  <<: *knapsack-state
+  stage: prepare
   script:
-    - bundle exec rake flog
-flay:
-  stage: test
+    - mkdir -p knapsack/
+    - '[[ -f knapsack/rspec_report.json ]] || echo "{}" > knapsack/rspec_report.json'
+    - '[[ -f knapsack/spinach_report.json ]] || echo "{}" > knapsack/spinach_report.json'
+update-knapsack:
+  <<: *knapsack-state
+  stage: post-test
   script:
-    - bundle exec rake flay
-
-bundler:audit:
-  stage: test
+    - scripts/merge-reports knapsack/rspec_report.json knapsack/rspec_node_*.json
+    - scripts/merge-reports knapsack/spinach_report.json knapsack/spinach_node_*.json
+    - rm -f knapsack/*_node_*.json
   only:
     - master
-  script:
-    - "bundle exec bundle-audit check --update --ignore OSVDB-115941"
-
-db-migrate-reset:
-  stage: test
-  script:
-    - RAILS_ENV=test bundle exec rake db:migrate:reset
-# Ruby 2.2 jobs
-spec:feature:ruby22:
+# Execute all testing suites
+.rspec-knapsack: &rspec-knapsack
   stage: test
-  image: ruby:2.2
-  only:
-    - master
   script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:feature
-  cache:
-    key: "ruby22"
+    - bundle exec rake assets:precompile 2>/dev/null
+    - JOB_NAME=( $CI_BUILD_NAME )
+    - export CI_NODE_INDEX=${JOB_NAME[1]}
+    - export CI_NODE_TOTAL=${JOB_NAME[2]}
+    - export KNAPSACK_REPORT_PATH=knapsack/rspec_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export KNAPSACK_GENERATE_REPORT=true
+    - cp knapsack/rspec_report.json ${KNAPSACK_REPORT_PATH}
+    - knapsack rspec
+  artifacts:
     paths:
-    - vendor
-
-spec:api:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:api
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-
-spec:models:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:models
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-
-spec:lib:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:lib
-  cache:
-    key: "ruby22"
+    - knapsack/
+
+.spinach-knapsack: &spinach-knapsack
+  stage: test
+  script:
+    - bundle exec rake assets:precompile 2>/dev/null
+    - JOB_NAME=( $CI_BUILD_NAME )
+    - export CI_NODE_INDEX=${JOB_NAME[1]}
+    - export CI_NODE_TOTAL=${JOB_NAME[2]}
+    - export KNAPSACK_REPORT_PATH=knapsack/spinach_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export KNAPSACK_GENERATE_REPORT=true
+    - cp knapsack/spinach_report.json ${KNAPSACK_REPORT_PATH}
+    - knapsack spinach "-r rerun"
+    # retry failed tests 3 times
+    - retry '[ ! -e tmp/spinach-rerun.txt ] || bin/spinach -r rerun $(cat tmp/spinach-rerun.txt)'
+  artifacts:
     paths:
-    - vendor
-
-spec:services:ruby22:
-  stage: test
-  image: ruby:2.2
+    - knapsack/
+
+rspec 0 20: *rspec-knapsack
+rspec 1 20: *rspec-knapsack
+rspec 2 20: *rspec-knapsack
+rspec 3 20: *rspec-knapsack
+rspec 4 20: *rspec-knapsack
+rspec 5 20: *rspec-knapsack
+rspec 6 20: *rspec-knapsack
+rspec 7 20: *rspec-knapsack
+rspec 8 20: *rspec-knapsack
+rspec 9 20: *rspec-knapsack
+rspec 10 20: *rspec-knapsack
+rspec 11 20: *rspec-knapsack
+rspec 12 20: *rspec-knapsack
+rspec 13 20: *rspec-knapsack
+rspec 14 20: *rspec-knapsack
+rspec 15 20: *rspec-knapsack
+rspec 16 20: *rspec-knapsack
+rspec 17 20: *rspec-knapsack
+rspec 18 20: *rspec-knapsack
+rspec 19 20: *rspec-knapsack
+
+spinach 0 10: *spinach-knapsack
+spinach 1 10: *spinach-knapsack
+spinach 2 10: *spinach-knapsack
+spinach 3 10: *spinach-knapsack
+spinach 4 10: *spinach-knapsack
+spinach 5 10: *spinach-knapsack
+spinach 6 10: *spinach-knapsack
+spinach 7 10: *spinach-knapsack
+spinach 8 10: *spinach-knapsack
+spinach 9 10: *spinach-knapsack
+
+# Execute all testing suites against Ruby 2.2
+
+.ruby-22: &ruby-22
+  image: "ruby:2.2"
   only:
-  - master
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:services
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-
-spec:other:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spec:other
+    - master
   cache:
     key: "ruby22"
     paths:
     - vendor
-spinach:project:half:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:project:half
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-spinach:project:rest:ruby22:
+.rspec-knapsack-ruby22: &rspec-knapsack-ruby22
+  <<: *rspec-knapsack
+  <<: *ruby-22
+
+.spinach-knapsack-ruby22: &spinach-knapsack-ruby22
+  <<: *spinach-knapsack
+  <<: *ruby-22
+  
+rspec 0 20 ruby22: *rspec-knapsack-ruby22
+rspec 1 20 ruby22: *rspec-knapsack-ruby22
+rspec 2 20 ruby22: *rspec-knapsack-ruby22
+rspec 3 20 ruby22: *rspec-knapsack-ruby22
+rspec 4 20 ruby22: *rspec-knapsack-ruby22
+rspec 5 20 ruby22: *rspec-knapsack-ruby22
+rspec 6 20 ruby22: *rspec-knapsack-ruby22
+rspec 7 20 ruby22: *rspec-knapsack-ruby22
+rspec 8 20 ruby22: *rspec-knapsack-ruby22
+rspec 9 20 ruby22: *rspec-knapsack-ruby22
+rspec 10 20 ruby22: *rspec-knapsack-ruby22
+rspec 11 20 ruby22: *rspec-knapsack-ruby22
+rspec 12 20 ruby22: *rspec-knapsack-ruby22
+rspec 13 20 ruby22: *rspec-knapsack-ruby22
+rspec 14 20 ruby22: *rspec-knapsack-ruby22
+rspec 15 20 ruby22: *rspec-knapsack-ruby22
+rspec 16 20 ruby22: *rspec-knapsack-ruby22
+rspec 17 20 ruby22: *rspec-knapsack-ruby22
+rspec 18 20 ruby22: *rspec-knapsack-ruby22
+rspec 19 20 ruby22: *rspec-knapsack-ruby22
+
+spinach 0 10 ruby22: *spinach-knapsack-ruby22
+spinach 1 10 ruby22: *spinach-knapsack-ruby22
+spinach 2 10 ruby22: *spinach-knapsack-ruby22
+spinach 3 10 ruby22: *spinach-knapsack-ruby22
+spinach 4 10 ruby22: *spinach-knapsack-ruby22
+spinach 5 10 ruby22: *spinach-knapsack-ruby22
+spinach 6 10 ruby22: *spinach-knapsack-ruby22
+spinach 7 10 ruby22: *spinach-knapsack-ruby22
+spinach 8 10 ruby22: *spinach-knapsack-ruby22
+spinach 9 10 ruby22: *spinach-knapsack-ruby22
+
+# Other generic tests
+
+.exec: &exec
+  stage: test
+  script:
+    - bundle exec $CI_BUILD_NAME
+
+teaspoon: *exec
+rubocop: *exec
+rake scss_lint: *exec
+rake brakeman: *exec
+rake flog: *exec
+rake flay: *exec
+rake db:migrate:reset: *exec
+license_finder: *exec
+bundler:audit:
   stage: test
-  image: ruby:2.2
   only:
-  - master
+    - master
   script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:project:rest
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
-spinach:other:ruby22:
-  stage: test
-  image: ruby:2.2
-  only:
-  - master
-  script:
-    - RAILS_ENV=test bundle exec rake assets:precompile 2>/dev/null
-    - RAILS_ENV=test SIMPLECOV=true bundle exec rake spinach:other
-  cache:
-    key: "ruby22"
-    paths:
-    - vendor
+    - "bundle exec bundle-audit check --update --ignore OSVDB-115941"
+# Notify slack in the end
 notify:slack:
-  stage: notifications
+  stage: post-test
   script:
     - ./scripts/notify_slack.sh "#builds" "Build on \`$CI_BUILD_REF_NAME\` failed! Commit \`$(git log -1 --oneline)\` See <https://gitlab.com/gitlab-org/$(basename "$PWD")/commit/"$CI_BUILD_REF"/builds>"
   when: on_failure

.rubocop.yml

+require: rubocop-rspec
+
 AllCops:
   TargetRubyVersion: 2.1
   # Cop names are not displayed in offense messages by default. Change behavior
@@ -11,7 +13,8 @@ AllCops:
   # Exclude some GitLab files
   Exclude:
     - 'vendor/**/*'
-    - 'db/**/*'
+    - 'db/*'
+    - 'db/fixtures/**/*'
     - 'tmp/**/*'
     - 'bin/**/*'
     - 'lib/backup/**/*'
@@ -21,6 +24,7 @@ AllCops:
     - 'lib/email_validator.rb'
     - 'lib/gitlab/upgrader.rb'
     - 'lib/gitlab/seeder.rb'
+    - 'generator_templates/**/*'
 ##################### Style ##################################
@@ -56,7 +60,7 @@ Style/AndOr:
 # Use `Array#join` instead of `Array#*`.
 Style/ArrayJoin:
-  Enabled: false
+  Enabled: true
 # Use only ascii symbols in comments.
 Style/AsciiComments:
@@ -68,7 +72,7 @@ Style/AsciiIdentifiers:
 # Checks for uses of Module#attr.
 Style/Attr:
-  Enabled: false
+  Enabled: true
 # Avoid the use of BEGIN blocks.
 Style/BeginBlock:
@@ -80,7 +84,7 @@ Style/BarePercentLiterals:
 # Do not use block comments.
 Style/BlockComments:
-  Enabled: false
+  Enabled: true
 # Put end statement of multiline block on its own line.
 Style/BlockEndNewline:
@@ -121,7 +125,7 @@ Style/ClassCheck:
 # Use self when defining module/class methods.
 Style/ClassMethods:
-  Enabled: false
+  Enabled: true
 # Avoid the use of class variables.
 Style/ClassVars:
@@ -151,7 +155,7 @@ Style/ConstantName:
 # Use def with parentheses when there are arguments.
 Style/DefWithParentheses:
-  Enabled: false
+  Enabled: true
 # Checks for use of deprecated Hash methods.
 Style/DeprecatedHashMethods:
@@ -191,7 +195,7 @@ Style/EmptyLines:
 # Keep blank lines around access modifiers.
 Style/EmptyLinesAroundAccessModifier:
-  Enabled: false
+  Enabled: true
 # Keeps track of empty lines around block bodies.
 Style/EmptyLinesAroundBlockBody:
@@ -215,15 +219,15 @@ Style/EmptyLiteral:
 # Avoid the use of END blocks.
 Style/EndBlock:
-  Enabled: false
+  Enabled: true
 # Use Unix-style line endings.
 Style/EndOfLine:
-  Enabled: false
+  Enabled: true
 # Favor the use of Fixnum#even? && Fixnum#odd?
 Style/EvenOdd:
-  Enabled: false
+  Enabled: true
 # Do not use unnecessary spacing.
 Style/ExtraSpacing:
@@ -231,15 +235,20 @@ Style/ExtraSpacing:
 # Use snake_case for source file names.
 Style/FileName:
-  Enabled: false
+  Enabled: true
+
+# Checks for a line break before the first parameter in a multi-line method
+# parameter definition.
+Style/FirstMethodParameterLineBreak:
+  Enabled: true
 # Checks for flip flops.
 Style/FlipFlop:
-  Enabled: false
+  Enabled: true
 # Checks use of for or each in multiline loops.
 Style/For:
-  Enabled: false
+  Enabled: true
 # Enforce the use of Kernel#sprintf, Kernel#format or String#%.
 Style/FormatString:
@@ -247,7 +256,7 @@ Style/FormatString:
 # Do not introduce global variables.
 Style/GlobalVars:
-  Enabled: false
+  Enabled: true
 # Check for conditionals that can be replaced with guard clauses.
 Style/GuardClause:
@@ -268,7 +277,7 @@ Style/IfUnlessModifier:
 # Do not use if x; .... Use the ternary operator instead.
 Style/IfWithSemicolon:
-  Enabled: false
+  Enabled: true
 # Checks that conditional statements do not have an identical line at the
 # end of each branch, which can validly be moved out of the conditional.
@@ -276,9 +285,9 @@ Style/IdenticalConditionalBranches:
   Enabled: false
 # Checks the indentation of the first line of the right-hand-side of a
-# multi-line assignment. 
+# multi-line assignment.
 Style/IndentAssignment:
-  Enabled: false
+  Enabled: true
 # Keep indentation straight.
 Style/IndentationConsistency:
@@ -298,7 +307,7 @@ Style/IndentHash:
 # Use Kernel#loop for infinite loops.
 Style/InfiniteLoop:
-  Enabled: false
+  Enabled: true
 # Use the new lambda literal syntax for single-line blocks.
 Style/Lambda:
@@ -306,11 +315,11 @@ Style/Lambda:
 # Use lambda.call(...) instead of lambda.(...).
 Style/LambdaCall:
-  Enabled: false
+  Enabled: true
 # Comments should start with a space.
 Style/LeadingCommentSpace:
-  Enabled: false
+  Enabled: true
 # Use \ instead of + or << to concatenate two string literals at line end.
 Style/LineEndConcatenation:
@@ -322,33 +331,56 @@ Style/MethodCallParentheses:
 # Checks if the method definitions have or don't have parentheses.
 Style/MethodDefParentheses:
-  Enabled: false
+  Enabled: true
 # Use the configured style when naming methods.
 Style/MethodName:
-  Enabled: false
+  Enabled: true
 # Checks for usage of `extend self` in modules.
 Style/ModuleFunction:
   Enabled: false
+# Checks that the closing brace in an array literal is either on the same line
+# as the last array element, or a new line.
+Style/MultilineArrayBraceLayout:
+  Enabled: false
+  EnforcedStyle: symmetrical
+
 # Avoid multi-line chains of blocks.
 Style/MultilineBlockChain:
-  Enabled: false
+  Enabled: true
 # Ensures newlines after multiline block do statements.
 Style/MultilineBlockLayout:
   Enabled: true
+# Checks that the closing brace in a hash literal is either on the same line as
+# the last hash element, or a new line.
+Style/MultilineHashBraceLayout:
+  Enabled: false
+  EnforcedStyle: symmetrical
+
 # Do not use then for multi-line if/unless.
 Style/MultilineIfThen:
+  Enabled: true
+
+# Checks that the closing brace in a method call is either on the same line as
+# the last method argument, or a new line.
+Style/MultilineMethodCallBraceLayout:
   Enabled: false
+  EnforcedStyle: symmetrical
 # Checks indentation of method calls with the dot operator that span more than
 # one line.
 Style/MultilineMethodCallIndentation:
   Enabled: false
+# Checks that the closing brace in a method definition is symmetrical with
+# respect to the opening brace and the method parameters.
+Style/MultilineMethodDefinitionBraceLayout:
+  Enabled: false
+
 # Checks indentation of binary operations that span more than one line.
 Style/MultilineOperationIndentation:
   Enabled: false
@@ -363,7 +395,7 @@ Style/MutableConstant:
 # Favor unless over if for negative conditions (or control flow or).
 Style/NegatedIf:
-  Enabled: false
+  Enabled: true
 # Favor until over while for negative conditions.
 Style/NegatedWhile:
@@ -371,7 +403,7 @@ Style/NegatedWhile:
 # Avoid using nested modifiers.
 Style/NestedModifier:
-  Enabled: false
+  Enabled: true
 # Parenthesize method calls which are nested inside the argument list of
 # another parenthesized method call.
@@ -408,7 +440,7 @@ Style/OneLineConditional:
 # When defining binary operators, name the argument other.
 Style/OpMethod:
-  Enabled: false
+  Enabled: true
 # Check for simple usages of parallel assignment. It will only warn when
 # the number of variables matches on both sides of the assignment.
@@ -455,10 +487,9 @@ Style/RedundantException:
 Style/RedundantFreeze:
   Enabled: false
-# TODO: Enable RedundantParentheses Cop.
 # Checks for parentheses that seem not to serve any purpose.
 Style/RedundantParentheses:
-  Enabled: false
+  Enabled: true
 # Don't use return where it's not required.
 Style/RedundantReturn:
@@ -484,11 +515,12 @@ Style/SelfAssignment:
 # Don't use semicolons to terminate expressions.
 Style/Semicolon:
-  Enabled: false
+  Enabled: true
 # Checks for proper usage of fail and raise.
 Style/SignalException:
-  Enabled: false
+  EnforcedStyle: only_raise
+  Enabled: true
 # Enforces the names of some block params.
 Style/SingleLineBlockParams:
@@ -509,29 +541,28 @@ Style/SpaceAfterComma:
 # Do not put a space between a method name and the opening parenthesis in a
 # method definition.
 Style/SpaceAfterMethodName:
-  Enabled: false
+  Enabled: true
 # Tracks redundant space after the ! operator.
 Style/SpaceAfterNot:
-  Enabled: false
+  Enabled: true
 # Use spaces after semicolons.
 Style/SpaceAfterSemicolon:
-  Enabled: false
+  Enabled: true
 # Checks that the equals signs in parameter default assignments have or don't
 # have surrounding space depending on configuration.
 Style/SpaceAroundEqualsInParameterDefault:
   Enabled: false
-# TODO: Enable SpaceAroundKeyword Cop.
 # Use a space around keywords if appropriate.
 Style/SpaceAroundKeyword:
-  Enabled: false
+  Enabled: true
 # Use a single space around operators.
 Style/SpaceAroundOperators:
-  Enabled: false
+  Enabled: true
 # Checks that the left block brace has or doesn't have space before it.
 Style/SpaceBeforeBlockBraces:
@@ -539,11 +570,11 @@ Style/SpaceBeforeBlockBraces:
 # No spaces before commas.
 Style/SpaceBeforeComma:
-  Enabled: false
+  Enabled: true
 # Checks for missing space between code and a comment on the same line.
 Style/SpaceBeforeComment:
-  Enabled: false
+  Enabled: true
 # Checks that exactly one space is used between a method name and the first
 # argument for method calls without parentheses.
@@ -552,7 +583,7 @@ Style/SpaceBeforeFirstArg:
 # No spaces before semicolons.
 Style/SpaceBeforeSemicolon:
-  Enabled: false
+  Enabled: true
 # Checks that block braces have or don't have surrounding space.
 # For blocks taking parameters, checks that the left brace has or doesn't
@@ -574,11 +605,12 @@ Style/SpaceInsideParens:
 # No spaces inside range literals.
 Style/SpaceInsideRangeLiteral:
-  Enabled: false
+  Enabled: true
 # Checks for padding/surrounding spaces inside string interpolation.
 Style/SpaceInsideStringInterpolation:
-  Enabled: false
+  EnforcedStyle: no_space
+  Enabled: true
 # Avoid Perl-style global variables.
 Style/SpecialGlobalVars:
@@ -586,7 +618,8 @@ Style/SpecialGlobalVars:
 # Check for the usage of parentheses around stabby lambda arguments.
 Style/StabbyLambdaParentheses:
-  Enabled: false
+  EnforcedStyle: require_parentheses
+  Enabled: true
 # Checks if uses of quotes match the configured preference.
 Style/StringLiterals:
@@ -599,7 +632,9 @@ Style/StringLiteralsInInterpolation:
 # Checks if configured preferred methods are used over non-preferred.
 Style/StringMethods:
-  Enabled: false
+  PreferredMethods:
+    intern: to_sym
+  Enabled: true
 # Use %i or %I for arrays of symbols.
 Style/SymbolArray:
@@ -657,23 +692,24 @@ Style/UnneededPercentQ:
 # Don't interpolate global, instance and class variables directly in strings.
 Style/VariableInterpolation:
-  Enabled: false
+  Enabled: true
 # Use the configured style when naming variables.
 Style/VariableName:
-  Enabled: false
+  EnforcedStyle: snake_case
+  Enabled: true
 # Use when x then ... for one-line cases.
 Style/WhenThen:
-  Enabled: false
+  Enabled: true
 # Checks for redundant do after while or until.
 Style/WhileUntilDo:
-  Enabled: false
+  Enabled: true
 # Favor modifier while/until usage when you have a single-line body.
 Style/WhileUntilModifier:
-  Enabled: false
+  Enabled: true
 # Use %w or %W for arrays of words.
 Style/WordArray:
@@ -736,7 +772,7 @@ Metrics/PerceivedComplexity:
 # Checks for ambiguous operators in the first argument of a method invocation
 # without parentheses.
 Lint/AmbiguousOperator:
-  Enabled: false
+  Enabled: true
 # Checks for ambiguous regexp literals in the first argument of a method
 # invocation without parentheses.
@@ -749,28 +785,28 @@ Lint/AssignmentInCondition:
 # Align block ends correctly.
 Lint/BlockAlignment:
-  Enabled: false
+  Enabled: true
 # Default values in optional keyword arguments and optional ordinal arguments
 # should not refer back to the name of the argument.
 Lint/CircularArgumentReference:
-  Enabled: false
+  Enabled: true
 # Checks for condition placed in a confusing position relative to the keyword.
 Lint/ConditionPosition:
-  Enabled: false
+  Enabled: true
 # Check for debugger calls.
 Lint/Debugger:
-  Enabled: false
+  Enabled: true
 # Align ends corresponding to defs correctly.
 Lint/DefEndAlignment:
-  Enabled: false
+  Enabled: true
 # Check for deprecated class method calls.
 Lint/DeprecatedClassMethods:
-  Enabled: false
+  Enabled: true
 # Check for duplicate method definitions.
 Lint/DuplicateMethods:
@@ -782,15 +818,15 @@ Lint/DuplicatedKey:
 # Check for immutable argument given to each_with_object.
 Lint/EachWithObjectArgument:
-  Enabled: false
+  Enabled: true
 # Check for odd code arrangement in an else block.
 Lint/ElseLayout:
-  Enabled: false
+  Enabled: true
 # Checks for empty ensure block.
 Lint/EmptyEnsure:
-  Enabled: false
+  Enabled: true
 # Checks for empty string interpolation.
 Lint/EmptyInterpolation:
@@ -798,37 +834,36 @@ Lint/EmptyInterpolation:
 # Align ends correctly.
 Lint/EndAlignment:
-  Enabled: false
+  Enabled: true
 # END blocks should not be placed inside method definitions.
 Lint/EndInMethod:
-  Enabled: false
+  Enabled: true
 # Do not use return in an ensure block.
 Lint/EnsureReturn:
-  Enabled: false
+  Enabled: true
 # The use of eval represents a serious security risk.
 Lint/Eval:
-  Enabled: false
+  Enabled: true
 # Catches floating-point literals too large or small for Ruby to represent.
 Lint/FloatOutOfRange:
-  Enabled: false
+  Enabled: true
 # The number of parameters to format/sprint must match the fields.
 Lint/FormatParameterMismatch:
-  Enabled: false
+  Enabled: true
 # Don't suppress exception.
 Lint/HandleExceptions:
   Enabled: false
-# TODO: Enable ImplicitStringConcatenation Cop.
 # Checks for adjacent string literals on the same line, which could better be
 # represented as a single string literal.
 Lint/ImplicitStringConcatenation:
-  Enabled: false
+  Enabled: true
 # TODO: Enable IneffectiveAccessModifier Cop.
 # Checks for attempts to use `private` or `protected` to set the visibility
@@ -839,15 +874,15 @@ Lint/IneffectiveAccessModifier:
 # Checks for invalid character literals with a non-escaped whitespace
 # character.
 Lint/InvalidCharacterLiteral:
-  Enabled: false
+  Enabled: true
 # Checks of literals used in conditions.
 Lint/LiteralInCondition:
-  Enabled: false
+  Enabled: true
 # Checks for literals used in interpolation.
 Lint/LiteralInInterpolation:
-  Enabled: false
+  Enabled: true
 # Use Kernel#loop with break rather than begin/end/until or begin/end/while
 # for post-loop tests.
@@ -856,11 +891,11 @@ Lint/Loop:
 # Do not use nested method definitions.
 Lint/NestedMethodDefinition:
-  Enabled: false
+  Enabled: true
 # Do not omit the accumulator when calling `next` in a `reduce`/`inject` block.
 Lint/NextWithoutAccumulator:
-  Enabled: false
+  Enabled: true
 # Checks for method calls with a space before the opening parenthesis.
 Lint/ParenthesesAsGroupedExpression:
@@ -869,11 +904,11 @@ Lint/ParenthesesAsGroupedExpression:
 # Checks for `rand(1)` calls. Such calls always return `0` and most likely
 # a mistake.
 Lint/RandOne:
-  Enabled: false
+  Enabled: true
 # Use parentheses in the method call to avoid confusion about precedence.
 Lint/RequireParentheses:
-  Enabled: false
+  Enabled: true
 # Avoid rescuing the Exception class.
 Lint/RescueException:
@@ -908,7 +943,7 @@ Lint/UnusedMethodArgument:
 # Unreachable code.
 Lint/UnreachableCode:
-  Enabled: false
+  Enabled: true
 # Checks for useless access modifiers.
 Lint/UselessAccessModifier:
@@ -920,33 +955,31 @@ Lint/UselessAssignment:
 # Checks for comparison of something with itself.
 Lint/UselessComparison:
-  Enabled: false
+  Enabled: true
 # Checks for useless `else` in `begin..end` without `rescue`.
 Lint/UselessElseWithoutRescue:
-  Enabled: false
+  Enabled: true
 # Checks for useless setter call to a local variable.
 Lint/UselessSetterCall:
-  Enabled: false
+  Enabled: true
 # Possible use of operator/literal/variable in void context.
 Lint/Void:
-  Enabled: false
+  Enabled: true
 ##################### Performance ############################
-# TODO: Enable Casecmp Cop.
 # Use `casecmp` rather than `downcase ==`.
 Performance/Casecmp:
-  Enabled: false
-# TODO: Enable DoubleStartEndWith Cop.
+  Enabled: true
 # Use `str.{start,end}_with?(x, ..., y, ...)` instead of
 # `str.{start,end}_with?(x, ...) || str.{start,end}_with?(y, ...)`.
 Performance/DoubleStartEndWith:
-  Enabled: false
+  Enabled: true
 # TODO: Enable EndWith Cop.
 # Use `end_with?` instead of a regex match anchored to the end of a string.
@@ -957,10 +990,9 @@ Performance/EndWith:
 Performance/LstripRstrip:
   Enabled: true
-# TODO: Enable RangeInclude Cop.
 # Use `Range#cover?` instead of `Range#include?`.
 Performance/RangeInclude:
-  Enabled: false
+  Enabled: true
 # TODO: Enable RedundantBlockCall Cop.
 # Use `yield` instead of `block.call`.
@@ -980,26 +1012,24 @@ Performance/RedundantMerge:
   MaxKeyValuePairs: 2
   Enabled: false
-# TODO: Enable RedundantSortBy Cop.
 # Use `sort` instead of `sort_by { |x| x }`.
 Performance/RedundantSortBy:
-  Enabled: false
-# TODO: Enable StartWith Cop.
+  Enabled: true
 # Use `start_with?` instead of a regex match anchored to the beginning of a
 # string.
 Performance/StartWith:
-  Enabled: false
+  Enabled: true
+
 # Use `tr` instead of `gsub` when you are replacing the same number of
 # characters. Use `delete` instead of `gsub` when you are deleting
 # characters.
 Performance/StringReplacement:
-  Enabled: false
-# TODO: Enable TimesMap Cop.
+  Enabled: true
 # Checks for `.times.map` calls.
 Performance/TimesMap:
-  Enabled: false
+  Enabled: true
 ##################### Rails ##################################
@@ -1024,11 +1054,11 @@ Rails/Delegate:
 # Prefer `find_by` over `where.first`.
 Rails/FindBy:
-  Enabled: false
+  Enabled: true
 # Prefer `all.find_each` over `all.find`.
 Rails/FindEach:
-  Enabled: false
+  Enabled: true
 # Prefer has_many :through to has_and_belongs_to_many.
 Rails/HasAndBelongsToMany:
@@ -1040,7 +1070,7 @@ Rails/Output:
 # Checks for incorrect grammar when using methods like `3.day.ago`.
 Rails/PluralizationGrammar:
-  Enabled: false
+  Enabled: true
 # Checks for `read_attribute(:attr)` and `write_attribute(:attr, val)`.
 Rails/ReadWriteAttribute:
@@ -1048,7 +1078,7 @@ Rails/ReadWriteAttribute:
 # Checks the arguments of ActiveRecord scopes.
 Rails/ScopeArgs:
-  Enabled: false
+  Enabled: true
 # Checks the correct usage of time zone aware methods.
 # http://danilenko.org/2012/7/6/rails_timezones
@@ -1058,3 +1088,68 @@ Rails/TimeZone:
 # Use validates :attribute, hash of validations.
 Rails/Validation:
   Enabled: false
+
+Rails/UniqBeforePluck:
+  Enabled: false
+
+##################### RSpec ##################################
+
+# Check that instances are not being stubbed globally.
+RSpec/AnyInstance:
+  Enabled: false
+
+# Check that the first argument to the top level describe is the tested class or
+# module.
+RSpec/DescribeClass:
+  Enabled: false
+
+# Use `described_class` for tested class / module.
+RSpec/DescribeMethod:
+  Enabled: false
+
+# Checks that the second argument to top level describe is the tested method
+# name.
+RSpec/DescribedClass:
+  Enabled: false
+
+# Checks for long example.
+RSpec/ExampleLength:
+  Enabled: false
+  Max: 5
+
+# Do not use should when describing your tests.
+RSpec/ExampleWording:
+  Enabled: false
+  CustomTransform:
+    be: is
+    have: has
+    not: does not
+  IgnoredWords: []
+
+# Checks the file and folder naming of the spec file.
+RSpec/FilePath:
+  Enabled: false
+  CustomTransform:
+    RuboCop: rubocop
+    RSpec: rspec
+
+# Checks if there are focused specs.
+RSpec/Focus:
+  Enabled: true
+
+# Checks for the usage of instance variables.
+RSpec/InstanceVariable:
+  Enabled: false
+
+# Checks for multiple top-level describes.
+RSpec/MultipleDescribes:
+  Enabled: false
+
+# Enforces the usage of the same method on all negative message expectations.
+RSpec/NotToNot:
+  EnforcedStyle: not_to
+  Enabled: true
+
+# Prefer using verifying doubles over normal doubles.
+RSpec/VerifiedDoubles:
+  Enabled: false

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
-v 8.8.0 (unreleased)
+v 8.9.0 (unreleased)
+  - Fix Error 500 when using closes_issues API with an external issue tracker
+  - Bulk assign/unassign labels to issues.
+  - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
+  - Fix endless redirections when accessing user OAuth applications when they are disabled
+  - Allow enabling wiki page events from Webhook management UI
+  - Bump rouge to 1.11.0
+  - Fix issue with arrow keys not working in search autocomplete dropdown
+  - Make EmailsOnPushWorker use Sidekiq mailers queue
+  - Fix wiki page events' webhook to point to the wiki repository
+  - Don't show tags for revert and cherry-pick operations
+  - Fix issue todo not remove when leave project !4150 (Long Nguyen)
+  - Allow customisable text on the 'nearly there' page after a user signs up
+  - Bump recaptcha gem to 3.0.0 to remove deprecated stoken support
+  - Fix SVG sanitizer to allow more elements
+  - Allow forking projects with restricted visibility level
+  - Added descriptions to notification settings dropdown
+  - Improve note validation to prevent errors when creating invalid note via API
+  - Reduce number of fog gem dependencies
+  - Remove project notification settings associated with deleted projects
+  - Fix 404 page when viewing TODOs that contain milestones or labels in different projects
+  - Redesign navigation for project pages
+  - Fix groups API to list only user's accessible projects
+  - Redesign account and email confirmation emails
+  - `git clone https://host/namespace/project` now works, in addition to using the `.git` suffix
+  - Bump nokogiri to 1.6.8
+  - Use gitlab-shell v3.0.0
+  - Upgrade to jQuery 2
+  - Use Knapsack to evenly distribute tests across multiple nodes
+  - Add `sha` parameter to MR merge API, to ensure only reviewed changes are merged
+  - Don't allow MRs to be merged when commits were added since the last review / page load
+  - Add DB index on users.state
+  - Add rake task 'gitlab:db:configure' for conditionally seeding or migrating the database
+  - Changed the Slack build message to use the singular duration if necessary (Aran Koning)
+  - Links from a wiki page to other wiki pages should be rewritten as expected
+  - Add option to project to only allow merge requests to be merged if the build succeeds (Rui Santos)
+  - Fix issues filter when ordering by milestone
+  - Added artifacts:when to .gitlab-ci.yml - this requires GitLab Runner 1.3
+  - Todos will display target state if issuable target is 'Closed' or 'Merged'
+  - Fix bug when sorting issues by milestone due date and filtering by two or more labels
+  - Add support for using Yubikeys (U2F) for two-factor authentication
+  - Link to blank group icon doesn't throw a 404 anymore
+  - Remove 'main language' feature
+  - Pipelines can be canceled only when there are running builds
+  - Use downcased path to container repository as this is expected path by Docker
+  - Projects pending deletion will render a 404 page
+  - Measure queue duration between gitlab-workhorse and Rails
+  - Make Omniauth providers specs to not modify global configuration
+  - Make authentication service for Container Registry to be compatible with < Docker 1.11
+  - Add Application Setting to configure Container Registry token expire delay (default 5min)
+  - Cache assigned issue and merge request counts in sidebar nav
+  - Use Knapsack only in CI environment
+  - Cache project build count in sidebar nav
+  - Add milestone expire date to the right sidebar
+  - Fix markdown_spec to use before instead of before(:all) to properly cleanup database after testing
+  - Reduce number of queries needed to render issue labels in the sidebar
+  - Improve error handling importing projects
+  - Remove duplicated notification settings
+  - Put project Files and Commits tabs under Code tab
+  - Decouple global notification level from user model
+  - Replace Colorize with Rainbow for coloring console output in Rake tasks.
+  - Add workhorse controller and API helpers
+  - An indicator is now displayed at the top of the comment field for confidential issues.
+  - RepositoryCheck::SingleRepositoryWorker public and private methods are now instrumented
+  - Improve issuables APIs performance when accessing notes !4471
+  - External links now open in a new tab
+  - Markdown editor now correctly resets the input value on edit cancellation !4175
+  - Toggling a task list item in a issue/mr description does not creates a Todo for mentions
+  - Improved UX of date pickers on issue & milestone forms
+  - Cache on the database if a project has an active external issue tracker.
+  - Put project Labels and Milestones pages links under Issues and Merge Requests tabs as subnav
+  - All classes in the Banzai::ReferenceParser namespace are now instrumented
+
+v 8.8.5 (unreleased)
+  - Ensure branch cleanup regardless of whether the GitHub import process succeeds
+  - Fix todos page throwing errors when you have a project pending deletion
+  - Reduce number of SQL queries when rendering user references
+  - Import GitHub repositories respecting the API rate limit
+  - Fix importer for GitHub comments on diff
+  - Disable Webhooks before proceeding with the GitHub import
+  - Fix incremental trace upload API when using multi-byte UTF-8 chars in trace
+
+v 8.8.4
+  - Fix LDAP-based login for users with 2FA enabled. !4493
+
+v 8.8.3
+  - Fix 404 page when viewing TODOs that contain milestones or labels in different projects. !4312
+  - Fixed JS error when trying to remove discussion form. !4303
+  - Fixed issue with button color when no CI enabled. !4287
+  - Fixed potential issue with 2 CI status polling events happening. !3869
+  - Improve design of Pipeline view. !4230
+  - Fix gitlab importer failing to import new projects due to missing credentials. !4301
+  - Fix import URL migration not rescuing with the correct Error. !4321
+  - Fix health check access token changing due to old application settings being used. !4332
+  - Make authentication service for Container Registry to be compatible with Docker versions before 1.11. !4363
+  - Add Application Setting to configure Container Registry token expire delay (default 5 min). !4364
+  - Pass the "Remember me" value to the 2FA token form. !4369
+  - Fix incorrect links on pipeline page when merge request created from fork.  !4376
+  - Use downcased path to container repository as this is expected path by Docker. !4420
+  - Fix wiki project clone address error (chujinjin). !4429
+  - Fix serious performance bug with rendering Markdown with InlineDiffFilter.  !4392
+  - Fix missing number on generated ordered list element. !4437
+  - Prevent disclosure of notes on confidential issues in search results.
+
+v 8.8.2
+  - Added remove due date button. !4209
+  - Fix Error 500 when accessing application settings due to nil disabled OAuth sign-in sources. !4242
+  - Fix Error 500 in CI charts by gracefully handling commits with no durations. !4245
+  - Fix table UI on CI builds page. !4249
+  - Fix backups if registry is disabled. !4263
+  - Fixed issue with merge button color. !4211
+  - Fixed issue with enter key selecting wrong option in dropdown. !4210
+  - When creating a .gitignore file a dropdown with templates will be provided. !4075
+  - Fix concurrent request when updating build log in browser. !4183
+
+v 8.8.1
+  - Add documentation for the "Health Check" feature
+  - Allow anonymous users to access a public project's pipelines !4233
+  - Fix MySQL compatibility in zero downtime migrations helpers
+  - Fix the CI login to Container Registry (the gitlab-ci-token user)
+
+v 8.8.0
+  - Implement GFM references for milestones (Alejandro Rodríguez)
+  - Snippets tab under user profile. !4001 (Long Nguyen)
+  - Fix error when using link to uploads in global snippets
+  - Fix Error 500 when attempting to retrieve project license when HEAD points to non-existent ref
   - Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
+  - Use a case-insensitive comparison in sanitizing URI schemes
+  - Toggle sign-up confirmation emails in application settings
+  - Make it possible to prevent tagged runner from picking untagged jobs
+  - Added `InlineDiffFilter` to the markdown parser. (Adam Butler)
+  - Added inline diff styling for `change_title` system notes. (Adam Butler)
   - Project#open_branches has been cleaned up and no longer loads entire records into memory.
+  - Escape HTML in commit titles in system note messages
+  - Improve design of Pipeline View
+  - Fix scope used when accessing container registry
+  - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios
+  - Improve multiple branch push performance by memoizing permission checking
   - Log to application.log when an admin starts and stops impersonating a user
+  - Changing the confidentiality of an issue now creates a new system note (Alex Moore-Niemi)
   - Updated gitlab_git to 10.1.0
   - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
+  - Reduce delay in destroying a project from 1-minute to immediately
   - Make build status canceled if any of the jobs was canceled and none failed
   - Upgrade Sidekiq to 4.1.2
+  - Added /health_check endpoint for checking service status
+  - Make 'upcoming' filter for milestones work better across projects
   - Sanitize repo paths in new project error message
   - Bump mail_room to 0.7.0 to fix stuck IDLE connections
   - Remove future dates from contribution calendar graph.
   - Support e-mail notifications for comments on project snippets
+  - Fix API leak of notes of unauthorized issues, snippets and merge requests
   - Use ActionDispatch Remote IP for Akismet checking
   - Fix error when visiting commit builds page before build was updated
   - Add 'l' shortcut to open Label dropdown on issuables and 'i' to create new issue on a project
+  - Update SVG sanitizer to conform to SVG 1.1
+  - Speed up push emails with multiple recipients by only generating the email once
   - Updated search UI
+  - Added authentication service for Container Registry
   - Display informative message when new milestone is created
+  - Sanitize milestones and labels titles
+  - Support multi-line tag messages. !3833 (Calin Seciu)
+  - Force users to reset their password after an admin changes it
   - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
   - Added button to toggle whitespaces changes on diff view
   - Backport GitHub Enterprise import support from EE
   - Create tags using Rugged for performance reasons. !3745
+  - Allow guests to set notification level in projects
+  - API: Expose Issue#user_notes_count. !3126 (Anton Popov)
+  - Don't show forks button when user can't view forks
+  - Fix atom feed links and rendering
   - Files over 5MB can only be viewed in their raw form, files over 1MB without highlighting !3718
   - Add support for supressing text diffs using .gitattributes on the default branch (Matt Oakes)
+  - Add eager load paths to help prevent dependency load issues in Sidekiq workers. !3724
   - Added multiple colors for labels in dropdowns when dups happen.
+  - Show commits in the same order as `git log`
   - Improve description for the Two-factor Authentication sign-in screen. (Connor Shea)
   - API support for the 'since' and 'until' operators on commit requests (Paco Guzman)
   - Fix Gravatar hint in user profile when Gravatar is disabled. !3988 (Artem Sidorenko)
   - Expire repository exists? and has_visible_content? caches after a push if necessary
   - Fix unintentional filtering bug in issues sorted by milestone due (Takuya Noguchi)
   - Remove the toggle comments button. 
+  - Fix unintentional filtering bug in Issue/MR sorted by milestone due (Takuya Noguchi)
+  - Fix adding a todo for private group members (Ahmad Sherif)
+  - Bump ace-rails-ap gem version from 2.0.1 to 4.0.2 which upgrades Ace Editor from 1.1.2 to 1.2.3
+  - Total method execution timings are no longer tracked
+  - Allow Admins to remove the Login with buttons for OAuth services and still be able to import !4034. (Andrei Gliga)
+  - Add API endpoints for un/subscribing from/to a label. !4051 (Ahmad Sherif)
+  - Hide left sidebar on phone screens to give more space for content
+  - Redesign navigation for profile and group pages
+  - Add counter metrics for rails cache
+  - Import pull requests from GitHub where the source or target branches were removed
+  - All Grape API helpers are now instrumented
+  - Improve Issue formatting for the Slack Service (Jeroen van Baarsen)
+  - Fixed advice on invalid permissions on upload path !2948 (Ludovic Perrine)
+  - Allows MR authors to have the source branch removed when merging the MR. !2801 (Jeroen Jacobs)
+  - When creating a .gitignore file a dropdown with templates will be provided
+  - Shows the issue/MR list search/filter form and corrects the mobile styling for guest users. #17562
+
+v 8.7.7
+  - Fix import by `Any Git URL` broken if the URL contains a space
+
+v 8.7.6
+  - Fix links on wiki pages for relative url setups. !4131 (Artem Sidorenko)
+  - Fix import from GitLab.com to a private instance failure. !4181
+  - Fix external imports not finding the import data. !4106
+  - Fix notification delay when changing status of an issue
+  - Bump Workhorse to 0.7.5 so it can serve raw diffs
+
+v 8.7.5
+  - Fix relative links in wiki pages. !4050
+  - Fix always showing build notification message when switching between merge requests !4086
+  - Fix an issue when filtering merge requests with more than one label. !3886
+  - Fix short note for the default scope on build page (Takuya Noguchi)
+
+v 8.7.4
+  - Links for Redmine issue references are generated correctly again !4048 (Benedikt Huss)
+  - Fix setting trusted proxies !3970
+  - Fix BitBucket importer bug when throwing exceptions !3941
+  - Use sign out path only if not empty !3989
+  - Running rake gitlab:db:drop_tables now drops tables with cascade !4020
+  - Running rake gitlab:db:drop_tables uses "IF EXISTS" as a precaution !4100
+  - Use a case-insensitive comparison in sanitizing URI schemes
 v 8.7.3
   - Emails, Gitlab::Email::Message, Gitlab::Diff, and Premailer::Adapter::Nokogiri are now instrumented
   - Merge request widget displays TeamCity build state and code coverage correctly again.
   - Fix the line code when importing PR review comments from GitHub. !4010
   - Wikis are now initialized on legacy projects when checking repositories
+  - Remove animate.css in favor of a smaller subset of animations. !3937 (Connor Shea)
 v 8.7.2
   - The "New Branch" button is now loaded asynchronously
@@ -844,7 +1038,7 @@ v 8.1.3
   - Use issue editor as cross reference comment author when issue is edited with a new mention
   - Add Facebook authentication
-v 8.1.2
+v 8.1.1
   - Fix cloning Wiki repositories via HTTP (Stan Hu)
   - Add migration to remove satellites directory
   - Fix specific runners visibility
@@ -1469,20 +1663,17 @@ v 7.10.0
   - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller)
   - Fix merge request comments on files with multiple commits
   - Fix Resource Owner Password Authentication Flow
-
-v 7.9.4
-  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
-  - Fixed issue where only 25 commits would load in file listings
-  - Fix LDAP identities  after config update
-
-v 7.9.3
-  - Contains no changes
   - Add icons to Add dropdown items.
   - Allow admin to create public deploy keys that are accessible to any project.
   - Warn when gitlab-shell version doesn't match requirement.
   - Skip email confirmation when set by admin or via LDAP.
   - Only allow users to reference groups, projects, issues, MRs, commits they have access to.
+v 7.9.4
+  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
+  - Fixed issue where only 25 commits would load in file listings
+  - Fix LDAP identities  after config update
+
 v 7.9.3
   - Contains no changes

CONTRIBUTING.md

@@ -96,7 +96,7 @@ The designs are made using Antetype (`.atype` files). You can use the
 [free Antetype viewer (Mac OSX only)] or grab an exported PNG from the design
 (the PNG is 1:1).
-The current designs can be found in the [`gitlab1.atype` file].
+The current designs can be found in the [`gitlab8.atype` file].
 ### UI development kit
@@ -308,16 +308,14 @@ tests are least likely to receive timely feedback. The workflow to make a merge
 request is as follows:
 1. Fork the project into your personal space on GitLab.com
-1. Create a feature branch
+1. Create a feature branch, branch away from `master`.
 1. Write [tests](https://gitlab.com/gitlab-org/gitlab-development-kit#running-the-tests) and code
 1. Add your changes to the [CHANGELOG](CHANGELOG)
-1. If you are changing the README, some documentation or other things which
-   have no effect on the tests, add `[ci skip]` somewhere in the commit message
-   and make sure to read the [documentation styleguide][doc-styleguide]
+1. If you are writing documentation, make sure to read the [documentation styleguide][doc-styleguide]
 1. If you have multiple commits please combine them into one commit by
    [squashing them][git-squash]
 1. Push the commit(s) to your fork
-1. Submit a merge request (MR) to the master branch
+1. Submit a merge request (MR) to the `master` branch
 1. The MR title should describe the change you want to make
 1. The MR description should give a motive for your change and the method you
    used to achieve it, see the [merge request description format]
@@ -407,6 +405,7 @@ description area. Copy-paste it to retain the markdown format.
       entire line to follow it. This prevents linting tools from generating warnings.
     - Don't touch neighbouring lines. As an exception, automatic mass
       refactoring modifications may leave style non-compliant.
+1. If the merge request adds any new libraries (gems, JavaScript libraries, etc.), they should conform to our [Licensing guidelines][license-finder-doc]. See the instructions in that document for help if your MR fails the "license-finder" test with a "Dependencies that need approval" error.
 ## Changes for Stable Releases
@@ -532,4 +531,5 @@ available at [http://contributor-covenant.org/version/1/1/0/](http://contributor
 [scss-styleguide]: doc/development/scss_styleguide.md "SCSS styleguide"
 [gitlab-design]: https://gitlab.com/gitlab-org/gitlab-design
 [free Antetype viewer (Mac OSX only)]: https://itunes.apple.com/us/app/antetype-viewer/id824152298?mt=12
-[`gitlab1.atype` file]: https://gitlab.com/gitlab-org/gitlab-design/tree/master/gitlab1.atype/
+[`gitlab8.atype` file]: https://gitlab.com/gitlab-org/gitlab-design/tree/master/current/
+[license-finder-doc]: doc/development/licensing.md

GITLAB_SHELL_VERSION

-2.7.2
+3.0.0

GITLAB_WORKHORSE_VERSION

-0.7.1
+0.7.5

Gemfile

@@ -18,9 +18,8 @@ gem "mysql2", '~> 0.3.16', group: :mysql
 gem "pg", '~> 0.18.2', group: :postgres
 # Authentication libraries
-gem 'devise',                 '~> 3.5.4'
+gem 'devise',                 '~> 4.0'
 gem 'doorkeeper',             '~> 3.1'
-gem 'devise-async',           '~> 0.9.0'
 gem 'omniauth',               '~> 1.3.1'
 gem 'omniauth-auth0',         '~> 1.4.1'
 gem 'omniauth-azure-oauth2',  '~> 0.0.6'
@@ -36,18 +35,20 @@ gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
 gem 'rack-oauth2',            '~> 1.2.1'
+gem 'jwt'
 # Spam and anti-bot protection
-gem 'recaptcha', require: 'recaptcha/rails'
+gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
 gem 'akismet', '~> 2.0'
 # Two-factor authentication
-gem 'devise-two-factor', '~> 2.0.0'
+gem 'devise-two-factor', '~> 3.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 1.3.4'
+gem 'attr_encrypted', '~> 3.0.0'
+gem 'u2f', '~> 0.2.1'
 # Browser detection
-gem "browser", '~> 1.0.0'
+gem "browser", '~> 2.0.3'
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
@@ -72,7 +73,7 @@ gem 'grape-entity', '~> 0.4.2'
 gem 'rack-cors',    '~> 0.4.0', require: 'rack/cors'
 # Pagination
-gem "kaminari", "~> 0.16.3"
+gem "kaminari", "~> 0.17.0"
 # HAML
 gem "haml-rails", '~> 0.9.0'
@@ -83,8 +84,15 @@ gem "carrierwave", '~> 0.10.0'
 # Drag and Drop UI
 gem 'dropzonejs-rails', '~> 0.7.1'
+# for backups
+gem 'fog-aws', '~> 0.9'
+gem 'fog-azure', '~> 0.0'
+gem 'fog-core', '~> 1.40'
+gem 'fog-local', '~> 0.3'
+gem 'fog-google', '~> 0.3'
+gem 'fog-openstack', '~> 0.1'
+
 # for aws storage
-gem "fog", "~> 1.36.0"
 gem "unf", '~> 0.1.4'
 # Authorization
@@ -104,7 +112,7 @@ gem 'org-ruby',      '~> 0.9.12'
 gem 'creole',        '~> 0.5.0'
 gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
-gem 'rouge',         '~> 1.10.1'
+gem 'rouge',         '~> 1.11'
 # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
 # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
@@ -120,7 +128,7 @@ group :unicorn do
 end
 # State machine
-gem "state_machines-activerecord", '~> 0.3.0'
+gem "state_machines-activerecord", '~> 0.4.0'
 # Run events after state machine commits
 gem 'after_commit_queue'
@@ -137,7 +145,7 @@ gem 'redis-namespace'
 gem "httparty", '~> 0.13.3'
 # Colored output to console
-gem "colorize", '~> 0.7.0'
+gem "rainbow", '~> 2.1.0'
 # GitLab settings
 gem 'settingslogic', '~> 2.0.9'
@@ -177,9 +185,6 @@ gem 'ruby-fogbugz', '~> 0.2.1'
 # d3
 gem 'd3_rails', '~> 3.5.0'
-#cal-heatmap
-gem 'cal-heatmap-rails', '~> 3.6.0'
-
 # underscore-rails
 gem "underscore-rails", "~> 1.8.0"
@@ -197,7 +202,7 @@ gem 'licensee', '~> 8.0.0'
 gem "rack-attack", '~> 4.3.1'
 # Ace editor
-gem 'ace-rails-ap', '~> 2.0.1'
+gem 'ace-rails-ap', '~> 4.0.2'
 # Keyboard shortcuts
 gem 'mousetrap-rails', '~> 1.4.6'
@@ -218,13 +223,13 @@ gem 'gitlab_emoji',       '~> 0.3.0'
 gem 'gon',                '~> 6.0.1'
 gem 'jquery-atwho-rails', '~> 1.3.2'
 gem 'jquery-rails',       '~> 4.1.0'
-gem 'jquery-scrollto-rails', '~> 1.4.3'
 gem 'jquery-ui-rails',    '~> 5.0.0'
 gem 'raphael-rails',      '~> 2.1.2'
 gem 'request_store',      '~> 1.3.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
 gem 'net-ssh',            '~> 3.0.1'
+gem 'base32',             '~> 0.3.0'
 # Sentry integration
 gem 'sentry-raven', '~> 0.15'
@@ -240,9 +245,8 @@ end
 group :development do
   gem "foreman"
-  gem 'brakeman', '~> 3.2.0', require: false
-  gem "annotate", "~> 2.7.0"
+  gem 'brakeman', '~> 3.3.0', require: false
   gem 'letter_opener_web', '~> 1.3.0'
   gem 'quiet_assets', '~> 1.0.2'
   gem 'rerun', '~> 0.11.0'
@@ -293,15 +297,19 @@ group :development, :test do
   gem 'spring-commands-spinach',  '~> 1.1.0'
   gem 'spring-commands-teaspoon', '~> 0.0.2'
-  gem 'rubocop', '~> 0.38.0', require: false
+  gem 'rubocop', '~> 0.40.0', require: false
+  gem 'rubocop-rspec', '~> 1.5.0', require: false
   gem 'scss_lint', '~> 0.47.0', require: false
-  gem 'coveralls',  '~> 0.8.2', require: false
+  gem 'coveralls', '~> 0.8.2', require: false
   gem 'simplecov', '~> 0.11.0', require: false
   gem 'flog', require: false
   gem 'flay', require: false
   gem 'bundler-audit', require: false
   gem 'benchmark-ips', require: false
+
+  gem "license_finder", require: false
+  gem 'knapsack'
 end
 group :test do
@@ -325,8 +333,7 @@ gem "mail_room", "~> 0.7"
 gem 'email_reply_parser', '~> 0.5.8'
 ## CI
-gem 'activerecord-deprecated_finders', '~> 1.0.3'
-gem 'activerecord-session_store', '~> 0.1.0'
+gem 'activerecord-session_store', '~> 1.0.0'
 gem "nested_form", '~> 0.3.2'
 # OAuth
@@ -334,3 +341,6 @@ gem 'oauth2', '~> 1.0.0'
 # Soft deletion
 gem "paranoia", "~> 2.0"
+
+# Health check
+gem 'health_check', '~> 1.5.1'

Gemfile.lock

 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.3.2)
     RedCloth (4.2.9)
-    ace-rails-ap (2.0.1)
+    ace-rails-ap (4.0.2)
     actionmailer (4.2.6)
       actionpack (= 4.2.6)
       actionview (= 4.2.6)
@@ -33,11 +32,12 @@ GEM
       activemodel (= 4.2.6)
       activesupport (= 4.2.6)
       arel (~> 6.0)
-    activerecord-deprecated_finders (1.0.4)
-    activerecord-session_store (0.1.2)
-      actionpack (>= 4.0.0, < 5)
-      activerecord (>= 4.0.0, < 5)
-      railties (>= 4.0.0, < 5)
+    activerecord-session_store (1.0.0)
+      actionpack (>= 4.0, < 5.1)
+      activerecord (>= 4.0, < 5.1)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0, < 5.1)
     activesupport (4.2.6)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
@@ -51,9 +51,6 @@ GEM
       activerecord (>= 3.0)
     akismet (2.0.0)
     allocations (1.0.4)
-    annotate (2.7.0)
-      activerecord (>= 3.2, < 6.0)
-      rake (~> 10.4)
     arel (6.0.3)
     asana (0.4.0)
       faraday (~> 0.9)
@@ -62,8 +59,8 @@ GEM
       oauth2 (~> 1.0)
     asciidoctor (1.5.3)
     ast (2.2.0)
-    attr_encrypted (1.3.4)
-      encryptor (>= 1.3.0)
+    attr_encrypted (3.0.1)
+      encryptor (~> 3.0.0)
     attr_required (1.0.0)
     autoprefixer-rails (6.2.3)
       execjs
@@ -73,8 +70,24 @@ GEM
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
+    azure (0.7.5)
+      addressable (~> 2.3)
+      azure-core (~> 0.1)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.10)
+      json (~> 1.8)
+      mime-types (>= 1, < 3.0)
+      nokogiri (~> 1.6)
+      systemu (~> 2.6)
+      thor (~> 0.19)
+      uuid (~> 2.0)
+    azure-core (0.1.2)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.10)
+      nokogiri (~> 1.6)
     babosa (1.0.2)
-    bcrypt (3.1.10)
+    base32 (0.3.2)
+    bcrypt (3.1.11)
     benchmark-ips (2.3.0)
     better_errors (1.0.1)
       coderay (>= 1.0.0)
@@ -84,17 +97,8 @@ GEM
     bootstrap-sass (3.3.6)
       autoprefixer-rails (>= 5.2.1)
       sass (>= 3.3.4)
-    brakeman (3.2.1)
-      erubis (~> 2.6)
-      haml (>= 3.0, < 5.0)
-      highline (>= 1.6.20, < 2.0)
-      ruby2ruby (~> 2.3.0)
-      ruby_parser (~> 3.8.1)
-      safe_yaml (>= 1.0)
-      sass (~> 3.0)
-      slim (>= 1.3.6, < 4.0)
-      terminal-table (~> 1.4)
-    browser (1.0.1)
+    brakeman (3.3.2)
+    browser (2.0.3)
     builder (3.2.2)
     bullet (5.0.0)
       activesupport (>= 3.0.0)
@@ -103,7 +107,6 @@ GEM
       bundler (~> 1.2)
       thor (~> 0.18)
     byebug (8.2.1)
-    cal-heatmap-rails (3.6.0)
     capybara (2.6.2)
       addressable
       mime-types (>= 1.16)
@@ -157,21 +160,18 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (3.5.4)
+    devise (4.1.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0, < 5.1)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
-    devise-async (0.9.0)
-      devise (~> 3.2)
-    devise-two-factor (2.0.1)
+    devise-two-factor (3.0.0)
       activesupport
-      attr_encrypted (~> 1.3.2)
-      devise (~> 3.5.0)
+      attr_encrypted (>= 1.3, < 4, != 2)
+      devise (~> 4.0)
       railties
-      rotp (~> 2)
+      rotp (~> 2.0)
     diff-lcs (1.2.5)
     diffy (3.0.7)
     docile (1.1.5)
@@ -183,12 +183,12 @@ GEM
     email_spec (1.6.0)
       launchy (~> 2.1)
       mail (~> 2.2)
-    encryptor (1.3.0)
+    encryptor (3.0.0)
     equalizer (0.0.11)
     erubis (2.7.0)
     escape_utils (1.1.1)
     eventmachine (1.0.8)
-    excon (0.45.4)
+    excon (0.49.0)
     execjs (2.6.0)
     expression_parser (0.9.0)
     factory_girl (4.5.0)
@@ -205,8 +205,6 @@ GEM
       multi_json
     ffaker (2.0.0)
     ffi (1.9.10)
-    fission (0.5.0)
-      CFPropertyList (~> 2.2)
     flay (2.6.1)
       ruby_parser (~> 3.0)
       sexp_processor (~> 4.0)
@@ -216,109 +214,33 @@ GEM
     flowdock (0.7.1)
       httparty (~> 0.7)
       multi_json
-    fog (1.36.0)
-      fog-aliyun (>= 0.1.0)
-      fog-atmos
-      fog-aws (>= 0.6.0)
-      fog-brightbox (~> 0.4)
-      fog-core (~> 1.32)
-      fog-dynect (~> 0.0.2)
-      fog-ecloud (~> 0.1)
-      fog-google (<= 0.1.0)
-      fog-json
-      fog-local
-      fog-powerdns (>= 0.1.1)
-      fog-profitbricks
-      fog-radosgw (>= 0.0.2)
-      fog-riakcs
-      fog-sakuracloud (>= 0.0.4)
-      fog-serverlove
-      fog-softlayer
-      fog-storm_on_demand
-      fog-terremark
-      fog-vmfusion
-      fog-voxel
-      fog-xenserver
-      fog-xml (~> 0.1.1)
-      ipaddress (~> 0.5)
-      nokogiri (~> 1.5, >= 1.5.11)
-    fog-aliyun (0.1.0)
+    fog-aws (0.9.2)
       fog-core (~> 1.27)
       fog-json (~> 1.0)
+      fog-xml (~> 0.1)
       ipaddress (~> 0.8)
-      xml-simple (~> 1.1)
-    fog-atmos (0.1.0)
-      fog-core
-      fog-xml
-    fog-aws (0.8.1)
+    fog-azure (0.0.2)
+      azure (~> 0.6)
       fog-core (~> 1.27)
       fog-json (~> 1.0)
       fog-xml (~> 0.1)
-      ipaddress (~> 0.8)
-    fog-brightbox (0.10.1)
-      fog-core (~> 1.22)
-      fog-json
-      inflecto (~> 0.0.2)
-    fog-core (1.35.0)
+    fog-core (1.40.0)
       builder
-      excon (~> 0.45)
+      excon (~> 0.49)
       formatador (~> 0.2)
-    fog-dynect (0.0.2)
-      fog-core
-      fog-json
-      fog-xml
-    fog-ecloud (0.3.0)
-      fog-core
-      fog-xml
-    fog-google (0.1.0)
+    fog-google (0.3.2)
       fog-core
       fog-json
       fog-xml
     fog-json (1.0.2)
       fog-core (~> 1.0)
       multi_json (~> 1.10)
-    fog-local (0.2.1)
+    fog-local (0.3.0)
       fog-core (~> 1.27)
-    fog-powerdns (0.1.1)
-      fog-core (~> 1.27)
-      fog-json (~> 1.0)
-      fog-xml (~> 0.1)
-    fog-profitbricks (0.0.5)
-      fog-core
-      fog-xml
-      nokogiri
-    fog-radosgw (0.0.5)
-      fog-core (>= 1.21.0)
-      fog-json
-      fog-xml (>= 0.0.1)
-    fog-riakcs (0.1.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-sakuracloud (1.7.5)
-      fog-core
-      fog-json
-    fog-serverlove (0.1.2)
-      fog-core
-      fog-json
-    fog-softlayer (1.0.3)
-      fog-core
-      fog-json
-    fog-storm_on_demand (0.1.1)
-      fog-core
-      fog-json
-    fog-terremark (0.1.0)
-      fog-core
-      fog-xml
-    fog-vmfusion (0.1.0)
-      fission
-      fog-core
-    fog-voxel (0.1.0)
-      fog-core
-      fog-xml
-    fog-xenserver (0.2.2)
-      fog-core
-      fog-xml
+    fog-openstack (0.1.6)
+      fog-core (>= 1.39)
+      fog-json (>= 1.0)
+      ipaddress (>= 0.8)
     fog-xml (0.1.2)
       fog-core
       nokogiri (~> 1.5, >= 1.5.11)
@@ -405,7 +327,8 @@ GEM
       html2haml (>= 1.0.1)
       railties (>= 4.0.1)
     hashie (3.4.3)
-    highline (1.7.8)
+    health_check (1.5.1)
+      rails (>= 2.3.0)
     hipchat (1.5.2)
       httparty
       mimemagic
@@ -425,18 +348,15 @@ GEM
     httpclient (2.7.0.1)
     i18n (0.7.0)
     ice_nine (0.11.1)
-    inflecto (0.0.2)
     influxdb (0.2.3)
       cause
       json
-    ipaddress (0.8.2)
+    ipaddress (0.8.3)
     jquery-atwho-rails (1.3.2)
     jquery-rails (4.1.1)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-scrollto-rails (1.4.3)
-      railties (> 3.1, < 5.0)
     jquery-turbolinks (2.1.0)
       railties (>= 3.1.0)
       turbolinks
@@ -444,10 +364,13 @@ GEM
       railties (>= 3.2.16)
     json (1.8.3)
     jwt (1.5.2)
-    kaminari (0.16.3)
+    kaminari (0.17.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
     kgio (2.10.0)
+    knapsack (1.11.0)
+      rake
+      timecop (>= 0.1.0)
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.4.1)
@@ -456,6 +379,12 @@ GEM
       actionmailer (>= 3.2)
       letter_opener (~> 1.0)
       railties (>= 3.2)
+    license_finder (2.1.0)
+      bundler
+      httparty
+      rubyzip
+      thor
+      xml-simple
     licensee (8.0.0)
       rugged (>= 0.24b)
     listen (3.0.5)
@@ -471,7 +400,7 @@ GEM
     method_source (0.8.2)
     mime-types (2.99.1)
     mimemagic (0.3.0)
-    mini_portile2 (2.0.0)
+    mini_portile2 (2.1.0)
     minitest (5.7.0)
     mousetrap-rails (1.4.6)
     multi_json (1.11.2)
@@ -482,8 +411,9 @@ GEM
     net-ldap (0.12.1)
     net-ssh (3.0.1)
     newrelic_rpm (3.14.1.311)
-    nokogiri (1.6.7.2)
-      mini_portile2 (~> 2.0.0.rc2)
+    nokogiri (1.6.8)
+      mini_portile2 (~> 2.1.0)
+      pkg-config (~> 1.1.7)
     oauth (0.4.7)
     oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
@@ -552,9 +482,10 @@ GEM
     orm_adapter (0.5.0)
     paranoia (2.1.4)
       activerecord (~> 4.0)
-    parser (2.3.0.6)
+    parser (2.3.1.0)
       ast (~> 2.2)
     pg (0.18.4)
+    pkg-config (1.1.7)
     poltergeist (1.9.0)
       capybara (~> 2.1)
       cliver (~> 0.3.1)
@@ -630,7 +561,7 @@ GEM
       debugger-ruby_core_source (~> 1.3)
     rdoc (3.12.2)
       json (~> 1.4)
-    recaptcha (1.0.2)
+    recaptcha (3.0.0)
       json
     redcarpet (3.3.3)
     redis (3.3.0)
@@ -658,8 +589,8 @@ GEM
     responders (2.1.1)
       railties (>= 4.2.0, < 5.1)
     rinku (1.7.3)
-    rotp (2.1.1)
-    rouge (1.10.1)
+    rotp (2.1.2)
+    rouge (1.11.0)
     rqrcode (0.7.0)
       chunky_png
     rqrcode-rails3 (0.1.7)
@@ -687,31 +618,31 @@ GEM
     rspec-retry (0.4.5)
       rspec-core
     rspec-support (3.4.1)
-    rubocop (0.38.0)
-      parser (>= 2.3.0.6, < 3.0)
+    rubocop (0.40.0)
+      parser (>= 2.3.1.0, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
+    rubocop-rspec (1.5.0)
+      rubocop (>= 0.40.0)
     ruby-fogbugz (0.2.1)
       crack (~> 0.4)
-    ruby-progressbar (1.7.5)
+    ruby-progressbar (1.8.1)
     ruby-saml (1.1.2)
       nokogiri (>= 1.5.10)
       uuid (~> 2.3)
-    ruby2ruby (2.3.0)
-      ruby_parser (~> 3.1)
-      sexp_processor (~> 4.0)
-    ruby_parser (3.8.1)
+    ruby_parser (3.8.2)
       sexp_processor (~> 4.1)
     rubyntlm (0.5.2)
     rubypants (0.2.0)
+    rubyzip (1.2.0)
     rufus-scheduler (3.1.10)
     rugged (0.24.0)
     safe_yaml (1.0.4)
     sanitize (2.1.0)
       nokogiri (>= 1.4.4)
-    sass (3.4.21)
+    sass (3.4.22)
     sass-rails (5.0.4)
       railties (>= 4.0.0, < 5.0)
       sass (~> 3.1)
@@ -760,9 +691,6 @@ GEM
       tilt (>= 1.3, < 3)
     six (0.2.0)
     slack-notifier (1.2.1)
-    slim (3.0.6)
-      temple (~> 0.7.3)
-      tilt (>= 1.3.3, < 2.1)
     slop (3.6.0)
     spinach (0.8.10)
       colorize
@@ -789,11 +717,11 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     state_machines (0.4.0)
-    state_machines-activemodel (0.3.0)
-      activemodel (~> 4.1)
+    state_machines-activemodel (0.4.0)
+      activemodel (>= 4.1, < 5.1)
       state_machines (>= 0.4.0)
-    state_machines-activerecord (0.3.0)
-      activerecord (~> 4.1)
+    state_machines-activerecord (0.4.0)
+      activerecord (>= 4.1, < 5.1)
       state_machines-activemodel (>= 0.3.0)
     stringex (2.5.2)
     systemu (2.6.5)
@@ -803,10 +731,8 @@ GEM
       railties (>= 3.2.5, < 6)
     teaspoon-jasmine (2.2.0)
       teaspoon (>= 1.0.0)
-    temple (0.7.6)
     term-ansicolor (1.3.2)
       tins (~> 1.0)
-    terminal-table (1.5.2)
     test_after_commit (0.4.2)
       activerecord (>= 3.2)
     thin (1.6.4)
@@ -815,7 +741,8 @@ GEM
       rack (~> 1.0)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (2.0.2)
+    tilt (2.0.5)
+    timecop (0.8.1)
     timfel-krb5-auth (0.8.3)
     tinder (1.10.1)
       eventmachine (~> 1.0)
@@ -835,6 +762,7 @@ GEM
       simple_oauth (~> 0.1.4)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
+    u2f (0.2.1)
     uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
@@ -842,7 +770,7 @@ GEM
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.2)
-    unicode-display_width (1.0.2)
+    unicode-display_width (1.0.5)
     unicorn (4.9.0)
       kgio (~> 2.6)
       rack
@@ -859,7 +787,7 @@ GEM
       coercible (~> 1.0)
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
-    warden (1.2.4)
+    warden (1.2.6)
       rack (>= 1.0)
     web-console (2.3.0)
       activemodel (>= 4.0)
@@ -885,45 +813,41 @@ PLATFORMS
 DEPENDENCIES
   RedCloth (~> 4.2.9)
-  ace-rails-ap (~> 2.0.1)
-  activerecord-deprecated_finders (~> 1.0.3)
-  activerecord-session_store (~> 0.1.0)
+  ace-rails-ap (~> 4.0.2)
+  activerecord-session_store (~> 1.0.0)
   acts-as-taggable-on (~> 3.4)
   addressable (~> 2.3.8)
   after_commit_queue
   akismet (~> 2.0)
   allocations (~> 1.0)
-  annotate (~> 2.7.0)
   asana (~> 0.4.0)
   asciidoctor (~> 1.5.2)
-  attr_encrypted (~> 1.3.4)
+  attr_encrypted (~> 3.0.0)
   awesome_print (~> 1.2.0)
   babosa (~> 1.0.2)
+  base32 (~> 0.3.0)
   benchmark-ips
   better_errors (~> 1.0.1)
   binding_of_caller (~> 0.7.2)
   bootstrap-sass (~> 3.3.0)
-  brakeman (~> 3.2.0)
-  browser (~> 1.0.0)
+  brakeman (~> 3.3.0)
+  browser (~> 2.0.3)
   bullet
   bundler-audit
   byebug
-  cal-heatmap-rails (~> 3.6.0)
   capybara (~> 2.6.2)
   capybara-screenshot (~> 1.0.0)
   carrierwave (~> 0.10.0)
   charlock_holmes (~> 0.7.3)
   coffee-rails (~> 4.1.0)
-  colorize (~> 0.7.0)
   connection_pool (~> 2.0)
   coveralls (~> 0.8.2)
   creole (~> 0.5.0)
   d3_rails (~> 3.5.0)
   database_cleaner (~> 1.4.0)
   default_value_for (~> 3.0.0)
-  devise (~> 3.5.4)
-  devise-async (~> 0.9.0)
-  devise-two-factor (~> 2.0.0)
+  devise (~> 4.0)
+  devise-two-factor (~> 3.0.0)
   diffy (~> 3.0.3)
   doorkeeper (~> 3.1)
   dropzonejs-rails (~> 0.7.1)
@@ -933,7 +857,12 @@ DEPENDENCIES
   ffaker (~> 2.0.0)
   flay
   flog
-  fog (~> 1.36.0)
+  fog-aws (~> 0.9)
+  fog-azure (~> 0.0)
+  fog-core (~> 1.40)
+  fog-google (~> 0.3)
+  fog-local (~> 0.3)
+  fog-openstack (~> 0.1)
   font-awesome-rails (~> 4.2)
   foreman
   fuubar (~> 2.0.0)
@@ -951,17 +880,20 @@ DEPENDENCIES
   grape (~> 0.13.0)
   grape-entity (~> 0.4.2)
   haml-rails (~> 0.9.0)
+  health_check (~> 1.5.1)
   hipchat (~> 1.5.0)
   html-pipeline (~> 1.11.0)
   httparty (~> 0.13.3)
   influxdb (~> 0.2)
   jquery-atwho-rails (~> 1.3.2)
   jquery-rails (~> 4.1.0)
-  jquery-scrollto-rails (~> 1.4.3)
   jquery-turbolinks (~> 2.1.0)
   jquery-ui-rails (~> 5.0.0)
-  kaminari (~> 0.16.3)
+  jwt
+  kaminari (~> 0.17.0)
+  knapsack
   letter_opener_web (~> 1.3.0)
+  license_finder
   licensee (~> 8.0.0)
   loofah (~> 2.0.3)
   mail_room (~> 0.7)
@@ -1001,10 +933,11 @@ DEPENDENCIES
   rack-oauth2 (~> 1.2.1)
   rails (= 4.2.6)
   rails-deprecated_sanitizer (~> 1.0.3)
+  rainbow (~> 2.1.0)
   raphael-rails (~> 2.1.2)
   rblineprof
   rdoc (~> 3.6)
-  recaptcha
+  recaptcha (~> 3.0)
   redcarpet (~> 3.3.3)
   redis (~> 3.2)
   redis-namespace
@@ -1012,11 +945,12 @@ DEPENDENCIES
   request_store (~> 1.3.0)
   rerun (~> 0.11.0)
   responders (~> 2.0)
-  rouge (~> 1.10.1)
+  rouge (~> 1.11)
   rqrcode-rails3 (~> 0.1.7)
   rspec-rails (~> 3.4.0)
   rspec-retry
-  rubocop (~> 0.38.0)
+  rubocop (~> 0.40.0)
+  rubocop-rspec (~> 1.5.0)
   ruby-fogbugz (~> 0.2.1)
   sanitize (~> 2.0)
   sass-rails (~> 5.0.0)
@@ -1041,7 +975,7 @@ DEPENDENCIES
   spring-commands-spinach (~> 1.1.0)
   spring-commands-teaspoon (~> 0.0.2)
   sprockets (~> 3.6.0)
-  state_machines-activerecord (~> 0.3.0)
+  state_machines-activerecord (~> 0.4.0)
   task_list (~> 1.0.2)
   teaspoon (~> 1.1.0)
   teaspoon-jasmine (~> 2.2.0)
@@ -1049,6 +983,7 @@ DEPENDENCIES
   thin (~> 1.6.1)
   tinder (~> 1.10.0)
   turbolinks (~> 2.5.0)
+  u2f (~> 0.2.1)
   uglifier (~> 2.7.2)
   underscore-rails (~> 1.8.0)
   unf (~> 0.1.4)
@@ -1061,4 +996,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 BUNDLED WITH
-   1.12.1
+   1.12.5

README.md

 # GitLab
 [![build status](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-ce/commits/master)
-[![Build Status](https://semaphoreci.com/api/v1/projects/2f1a5809-418b-4cc2-a1f4-819607579fe7/400484/shields_badge.svg)](https://semaphoreci.com/gitlabhq/gitlabhq)
 [![Code Climate](https://codeclimate.com/github/gitlabhq/gitlabhq.svg)](https://codeclimate.com/github/gitlabhq/gitlabhq)
-[![Coverage Status](https://coveralls.io/repos/gitlabhq/gitlabhq/badge.svg?branch=master)](https://coveralls.io/r/gitlabhq/gitlabhq?branch=master)
 ## Canonical source
@@ -20,6 +18,10 @@ To see how GitLab looks please see the [features page on our website](https://ab
 - Completely free and open source (MIT Expat license)
 - Powered by [Ruby on Rails](https://github.com/rails/rails)
+## Hiring
+
+We're hiring developers, support people, and production engineers all the time, please see our [jobs page](https://about.gitlab.com/jobs/).
+
 ## Editions
 There are two editions of GitLab:
@@ -31,11 +33,11 @@ There are two editions of GitLab:
 On [about.gitlab.com](https://about.gitlab.com/) you can find more information about:
-- [Subscriptions](https://about.gitlab.com/subscription/)
+- [Subscriptions](https://about.gitlab.com/pricing/)
 - [Consultancy](https://about.gitlab.com/consultancy/)
 - [Community](https://about.gitlab.com/community/)
 - [Hosted GitLab.com](https://about.gitlab.com/gitlab-com/) use GitLab as a free service
-- [GitLab Enterprise Edition](https://about.gitlab.com/gitlab-ee/) with additional features aimed at larger organizations.
+- [GitLab Enterprise Edition](https://about.gitlab.com/features/#enterprise) with additional features aimed at larger organizations.
 - [GitLab CI](https://about.gitlab.com/gitlab-ci/) a continuous integration (CI) server that is easy to integrate with GitLab.
 ## Requirements

Rakefile

@@ -8,3 +8,5 @@ relative_url_conf = File.expand_path('../config/initializers/relative_url', __FI
 require relative_url_conf if File.exist?("#{relative_url_conf}.rb")
 Gitlab::Application.load_tasks
+
+Knapsack.load_tasks if defined?(Knapsack)

VERSION

-8.8.0-pre
+8.9.0-pre