Add latest changes from gitlab-org/gitlab@master

b7dfe2ae · GitLab Bot · 25cb337c · b7dfe2ae · b7dfe2ae · 25cb337c
Commit b7dfe2ae authored 5 years ago by GitLab Bot
--- a/.gitattributes
+++ b/.gitattributes
+VERSION merge=ours
 Dangerfile gitlab-language=ruby
 db/schema.rb merge=merge_db_schema
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,4 +42,3 @@ include:
  - local: .gitlab/ci/setup.gitlab-ci.yml
  - local: .gitlab/ci/test-metadata.gitlab-ci.yml
  - local: .gitlab/ci/yaml.gitlab-ci.yml
-  - local: .gitlab/ci/ee-specific-checks.gitlab-ci.yml
--- a/.gitlab/ci/ee-specific-checks.gitlab-ci.yml
+++ b/.gitlab/ci/ee-specific-checks.gitlab-ci.yml
-.ee-specific-check:
-  extends: .default-tags
-  dependencies: []
-  only:
-    - branches@gitlab-org/gitlab-ee
-  except:
-    - master
-    - tags
-    - /[\d-]+-stable(-ee)?/
-    - /[\d-]+-auto-deploy-\d{7}/
-    - /^security-/
-    - /\bce\-to\-ee\b/
-
-ee-files-location-check:
-  extends: .ee-specific-check
-  script:
-    - scripts/ee-files-location-check
-
-ee-specific-lines-check:
-  extends: .ee-specific-check
-  script:
-    - scripts/ee-specific-lines-check
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -8,6 +8,11 @@
      - master@gitlab/gitlabhq
      - master@gitlab/gitlab-ee
  
+.only-gitlab-ee:
+  only:
+    - branches@gitlab-org/gitlab-ee
+    - tags@gitlab-org/gitlab-ee
+
 .rake-exec:
  extends:
    - .default-tags
@@ -231,7 +236,7 @@ db:migrate-from-v11.11.0:
  variables:
    SETUP_DB: "false"
  script:
-    - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v11.11.0
+    - git fetch https://gitlab.com/gitlab-org/gitlab-ee.git v11.11.0-ee
    - git checkout -f FETCH_HEAD
    - sed -i "s/gem 'oj', '~> 2.17.4'//" Gemfile
    - sed -i "s/gem 'bootsnap', '~> 1.0.0'/gem 'bootsnap'/" Gemfile
@@ -314,3 +319,135 @@ coverage:
      - coverage/index.html
      - coverage/assets/
      - tmp/memory_test/
+
+## EE-specific content
+.rspec-base-ee:
+  extends:
+    - .rspec-base
+    - .only-gitlab-ee
+  script:
+    - JOB_NAME=( $CI_JOB_NAME )
+    - TEST_TOOL=${JOB_NAME[0]}
+    - TEST_LEVEL=${JOB_NAME[1]}
+    - DATABASE=${JOB_NAME[2]}
+    - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${TEST_TOOL}_${TEST_LEVEL}_${DATABASE}_ee_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - export KNAPSACK_GENERATE_REPORT=true KNAPSACK_LOG_LEVEL=debug KNAPSACK_TEST_DIR=spec
+    - export CACHE_CLASSES=true
+    - cp ${EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH} ${KNAPSACK_REPORT_PATH}
+    - scripts/gitaly-test-spawn
+    - date
+    - 'export KNAPSACK_TEST_FILE_PATTERN=$(ruby -r./lib/quality/test_level.rb -e "puts Quality::TestLevel.new(%(ee/)).pattern(:${TEST_LEVEL})")'
+    - mkdir -p tmp/memory_test
+    - export MEMORY_TEST_PATH="tmp/memory_test/ee_${TEST_TOOL}_${TEST_LEVEL}_${DATABASE}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_memory.csv"
+    - knapsack rspec "--color --format documentation --format RspecJunitFormatter --out junit_rspec.xml --tag level:${TEST_LEVEL} --tag ~geo"
+    - date
+
+.rspec-base-pg-ee:
+  extends: .rspec-base-ee
+  services:
+    - name: postgres:9.6
+      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
+    - name: redis:alpine
+    - name: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
+
+rspec unit pg ee:
+  extends: .rspec-base-pg-ee
+  parallel: 7
+
+rspec integration pg ee:
+  extends: .rspec-base-pg-ee
+  parallel: 3
+
+rspec system pg ee:
+  extends: .rspec-base-pg-ee
+  parallel: 5
+
+.rspec-base-pg-geo:
+  extends:
+    - .rspec-base
+    - .only-gitlab-ee
+  script:
+    - JOB_NAME=( $CI_JOB_NAME )
+    - TEST_TOOL=${JOB_NAME[0]}
+    - TEST_LEVEL=${JOB_NAME[1]}
+    - DATABASE=${JOB_NAME[2]}
+    - export KNAPSACK_TEST_FILE_PATTERN="ee/spec/**{,/*/**}/*_spec.rb" KNAPSACK_GENERATE_REPORT=true CACHE_CLASSES=true
+    - export KNAPSACK_REPORT_PATH=knapsack/${CI_PROJECT_NAME}/${TEST_TOOL}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
+    - cp ${EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH} ${KNAPSACK_REPORT_PATH}
+    - source scripts/prepare_postgres_fdw.sh
+    - scripts/gitaly-test-spawn
+    - mkdir -p tmp/memory_test
+    - export MEMORY_TEST_PATH="tmp/memory_test/ee_${TEST_TOOL}_${TEST_LEVEL}_${DATABASE}_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_memory.csv"
+    - knapsack rspec "-Ispec --color --format documentation --format RspecJunitFormatter --out junit_rspec.xml --tag geo"
+
+rspec geo pg ee:
+  extends:
+    - .rspec-base-pg-geo
+    - .use-pg
+    - .except-docs-qa-geo
+  parallel: 3
+
+rspec geo pg-10 ee:
+  extends:
+    - .rspec-base-pg-geo
+    - .use-pg-10
+    - .except-docs-qa-geo
+  parallel: 3
+
+quick-rspec geo pg ee:
+  extends:
+    - .rspec-base-pg-geo
+    - .use-pg
+  stage: quick-test
+  only:
+    - /(^geo[\/-].*|.*-geo$)/
+
+quick-rspec geo pg-10 ee:
+  extends:
+    - .rspec-base-pg-geo
+    - .use-pg-10
+  stage: quick-test
+  only:
+    - /(^geo[\/-].*|.*-geo$)/
+
+rspec quarantine pg ee:
+  extends: rspec quarantine pg
+  script:
+    - export NO_KNAPSACK=1 CACHE_CLASSES=true
+    - scripts/gitaly-test-spawn
+    - bin/rspec --color --format documentation --format RspecJunitFormatter --out junit_rspec.xml --tag quarantine -- ee/spec/
+
+migration:upgrade-pg-ce-to-ee:
+  extends:
+    - .default-tags
+    - .default-retry
+    - .default-cache
+    - .default-before_script
+    - .use-pg
+    - .except-docs-qa
+  dependencies: ["setup-test-env"]
+  variables:
+    SETUP_DB: "false"
+  script:
+    - ruby -r./scripts/ee_specific_check/ee_specific_check -e'EESpecificCheck.fetch_remote_ce_branch'
+    - git checkout -f FETCH_HEAD
+    - . scripts/utils.sh
+    - . scripts/prepare_build.sh
+    - date
+    - setup_db
+    - date
+    - git checkout -f $CI_COMMIT_SHA
+    - date
+    - . scripts/prepare_build.sh
+    - date
+    - bundle exec rake db:migrate
+
+db:rollback geo:
+  extends:
+    - db:rollback
+    - .only-gitlab-ee
+  script:
+    - bundle exec rake geo:db:migrate VERSION=20170627195211
+    - bundle exec rake geo:db:migrate
+
+## END of EE-specific content
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@@ -26,6 +26,8 @@ retrieve-tests-metadata:
    - mkdir -p rspec_profiling/
    - wget -O $FLAKY_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$FLAKY_RSPEC_SUITE_REPORT_PATH || rm $FLAKY_RSPEC_SUITE_REPORT_PATH
    - '[[ -f $FLAKY_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${FLAKY_RSPEC_SUITE_REPORT_PATH}'
+    - wget -O $EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH http://${TESTS_METADATA_S3_BUCKET}.s3.amazonaws.com/$EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH || rm $EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH
+    - '[[ -f $EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH ]] || echo "{}" > ${EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH}'
  
 update-tests-metadata:
  extends: .tests-metadata-state
@@ -41,6 +43,9 @@ update-tests-metadata:
    - echo "{}" > ${KNAPSACK_RSPEC_SUITE_REPORT_PATH}
    - scripts/merge-reports ${KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec_*_pg_node_*.json
    - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $KNAPSACK_RSPEC_SUITE_REPORT_PATH'
+    - echo "{}" > ${EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH}
+    - scripts/merge-reports ${EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH} knapsack/${CI_PROJECT_NAME}/rspec_*_pg_ee_*node_*.json
+    - '[[ -z ${TESTS_METADATA_S3_BUCKET} ]] || scripts/sync-reports put $TESTS_METADATA_S3_BUCKET $EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH'
    - rm -f knapsack/${CI_PROJECT_NAME}/*_node_*.json
    - scripts/merge-reports ${FLAKY_RSPEC_SUITE_REPORT_PATH} rspec_flaky/all_*_*.json
    - FLAKY_RSPEC_GENERATE_REPORT=1 scripts/prune-old-flaky-specs ${FLAKY_RSPEC_SUITE_REPORT_PATH}

--- a/.gitlab/issue_templates/Feature proposal.md
+++ b/.gitlab/issue_templates/Feature proposal.md
@@ -43,6 +43,10 @@ If this feature requires changing permissions, this document https://docs.gitlab
  
 <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. -->
  
+### What is the type of buyer? 
+
+<!-- Which leads to: in which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers -->
+
 ### Links / references
  
 /label ~feature
--- a/.license_encryption_key.pub
+++ b/.license_encryption_key.pub
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hxv3MkkZbMrKtIs6np9
+ccP4OwGBkNhIvhPjcQP48hbbascv5RqsOquQGrYSD2ZrE/kbkRdkIcoHEeTZLif+
+bDKFZFI7o5x0H92o9/GSvxHJhQ8mkmvwxD7lssGShwZEm8WG+U7BZqUV/gGmCDqe
+9W8H8Fq2B0ck8IXjbQ4Zz+JlyV/NHZTZcs69plFiLKh4N6GYVftOVwSomh0bbypP
+OB9WnLC7RC9a2LRrhtf8sqa2rRFmtyMMfgFFzLMzS+w+1K4+QLnWP1gKQVzaFnzk
+pnwKPrqbGFYbRztIVEWbs8jPYlLkGb8ME4C84YVtQgbQcbyisU/VW3wUGkhT+J0k
+xwIDAQAB
+-----END PUBLIC KEY-----
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -275,8 +275,15 @@ RSpec/BeSuccessMatcher:
    - 'ee/spec/support/shared_examples/controllers/**/*'
    - 'spec/support/controllers/**/*'
    - 'ee/spec/support/controllers/**/*'
+
 Scalability/FileUploads:
  Enabled: true
  Include:
    - 'lib/api/**/*.rb'
    - 'ee/lib/api/**/*.rb'
+
+Graphql/Descriptions:
+  Enabled: true
+  Include:
+    - 'app/graphql/**/*'
+    - 'ee/app/graphql/**/*'
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,10 @@ entry.
  
 ## 12.2.3
  
+- No changes.
+
+## 12.2.2
+
 ### Security (22 changes)
  
 - Ensure only authorised users can create notes on Merge Requests and Issues.
@@ -54,11 +58,16 @@ entry.
 - Fix SSRF via DNS rebinding in Kubernetes Integration.
  
  
-## 12.2.2
+## 12.2.1
  
- Unreleased due to QA failure.
+### Fixed (2 changes)
  
-## 12.2.1
+- Fix for embedded metrics undefined params. !31975
+- Fix "ERR value is not an integer or out of range" errors. !32126
+
+### Performance (1 change)
+
+- Fix Gitaly N+1 calls with listing issues/MRs via API. !31938
  
 ### Fixed (3 changes)
  
@@ -721,16 +730,16 @@ entry.
  
 ### Security (10 changes)
  
+- Prevent bypass of restriction disabling web password sign in.
 - Hide confidential issue title on unsubscribe for anonymous users.
+- Resolve: Milestones leaked via search API.
 - Fix url redaction for issue links.
+- Add extra fields for handling basic auth on import by url page.
 - Fix confidential issue label disclosure on milestone view.
 - Filter relative links in wiki for XSS.
+- Prevent invalid branch for merge request.
 - Prevent XSS injection in note imports.
- Resolve: Milestones leaked via search API.
- Prevent bypass of restriction disabling web password sign in.
- Add extra fields for handling basic auth on import by url page.
 - Protect Gitlab::HTTP against DNS rebinding attack.
- Prevent invalid branch for merge request.
  
 ### Removed (5 changes, 1 of them is from the community)
  
@@ -740,7 +749,7 @@ entry.
 - Make Kubernetes service templates readonly. !29044
 - Remove Content-Type override for Mattermost OAuth login. (Harrison Healey)
  
-### Fixed (116 changes, 28 of them are from the community)
+### Fixed (115 changes, 28 of them are from the community)
  
 - Fix col-sm-* in forms to keep layout. !24885 (Takuya Noguchi)
 - Avoid 500 when rendering users ATOM data. !25408
@@ -753,7 +762,6 @@ entry.
 - Bring secondary button styles up to design standard. !27920
 - Use FindOrCreateService to create labels and check for existing ones. !27987 (Matt Duren)
 - Fix "too many loops" error by handling gracefully cron schedules for non existent days. !28002
- Handle errors in successful notes reply. !28082
 - Fix 500 error when accessing charts with an anonymous user. !28091 (Diego Silva)
 - Allow user to set primary email first when 2FA is required. !28097 (Kartikey Tanna)
 - Auto-DevOps: allow to disable rollout status check. !28130 (Sergej Nikolaev <kinolaev@gmail.com>)
@@ -850,14 +858,14 @@ entry.
 - Move Dropdown to Stick to MR View App Button. !29767
 - Fix IDE commit using latest ref in branch and overriding contents. !29769
 - Revert concurrent pipeline creation for pipeline schedules. !29794
- Fix layout of group milestone header.
- Fix remote mirrors not updating after tag push.
+- Fix border radii on diff files and repo files.
 - Fix padding of unclickable pipeline dropdown items to match links.
+- Fix pipeline schedules when owner is nil.
+- Fix remote mirrors not updating after tag push.
+- Fix layout of group milestone header.
+- Fixed show whitespace button not refetching diff content.
 - Change resolve button text to mark comment as resolved.
 - Align system note within discussion with other notes.
- Fix border radii on diff files and repo files.
- Fixed show whitespace button not refetching diff content.
- Fix pipeline schedules when owner is nil.
  
 ### Changed (35 changes, 13 of them are from the community)
  
@@ -957,9 +965,9 @@ entry.
 - Link to an external dashboard from metrics dashboard. !29369
 - Add labels to note event payload. !29384 (Sujay Patel)
 - Add Join meeting button to issues with Zoom links. !29454
- Make task completion status available via GraphQL.
 - Add backtraces to Peek performance bar for SQL calls.
 - Added diff suggestion feature discovery popover.
+- Make task completion status available via GraphQL.
  
 ### Other (62 changes, 14 of them are from the community)
  
@@ -1014,17 +1022,17 @@ entry.
 - Changed the 'Created' label to 'Last Updated' on the container registry table to more accurately reflect what the date represents. !29464
 - Update GitLab Pages to v1.6.1. !29559
 - Indent collapsible sections. !29804
- Group download buttons into a .btn-group.
- Change default color of award emoji button.
- Use blue for activity stream links; use monospace font for commit sha.
+- Use grid and correct border radius for status badge.
 - Remove fixed height from MR diff headers.
- Moves the table pagination shared component.
- Add warning that gitlab-secrets isn't included in backup.
- Update merge request tabs so they no longer scroll.
+- Use blue for activity stream links; use monospace font for commit sha.
+- Moves snowplow to CE repo.
 - Reduce height of issue board input to align with buttons.
+- Change default color of award emoji button.
+- Group download buttons into a .btn-group.
+- Add warning that gitlab-secrets isn't included in backup.
 - Increase height of move issue dropdown.
- Use grid and correct border radius for status badge.
- Moves snowplow to CE repo.
+- Update merge request tabs so they no longer scroll.
+- Moves the table pagination shared component.
  
  
 ## 11.11.8
@@ -1093,7 +1101,7 @@ entry.
  
 - Destroy project remote mirrors instead of disabling. !27087
  
-### Fixed (74 changes, 19 of them are from the community)
+### Fixed (75 changes, 19 of them are from the community)
  
 - Don't create a temp reference for branch comparisons within project. !24038
 - Fix some label links not appearing on group labels page and label title being a link on project labels page. !24060 (Tanya Pazitny)
@@ -1154,6 +1162,7 @@ entry.
 - Fix uploading of LFS tracked file through UI. !28052
 - Render Next badge only for gitlab.com. !28056
 - Fix update head pipeline process of Pipelines for merge requests. !28057
+- Handle errors in successful notes reply. !28082
 - Fix visual issues in set status modal. !28147
 - Use a path for the related merge requests endpoint. !28171
 - disable SSH key validation in key details view. !28180 (Roger Meier)
@@ -1164,10 +1173,10 @@ entry.
 - Fix project visibility level validation. !28305 (Peter Marko)
 - Fix incorrect prefix used in new uploads for personal snippets. !28337
 - Fix Rugged get_tree_entries recursive flag not working. !28494
- Fixes next badge being always visible.
 - Next badge must visible when canary flag is true.
- Adds arrow icons to select option in CI/CD settings.
 - Vertically aligns the play button for stages.
+- Fixes next badge being always visible.
+- Adds arrow icons to select option in CI/CD settings.
 - Allow replying to individual notes from API.
  
 ### Changed (19 changes, 3 of them are from the community)
@@ -1234,10 +1243,10 @@ entry.
 - Leave project/group from access granted email. !27892
 - Allow Sentry client-side DSN to be passed on gitlab.yml. !27967
 - GraphQL: improve evaluation of query complexity based on arguments and query limits. !28017
- Adds badge for Canary environment and help link.
 - Support negative matches.
- Show category icons in user popover.
 - Added Omniauth UltraAuth strategy to GitLab. (Kartikey Tanna)
+- Adds badge for Canary environment and help link.
+- Show category icons in user popover.
  
 ### Other (29 changes, 8 of them are from the community)
  
@@ -1267,9 +1276,22 @@ entry.
 - Remove the note in the docs that multi-line suggestions are not yet available. !28119 (hardysim)
 - Update gitlab-shell to v9.1.0. !28184
 - Add EE fixtures to SeedFu list. !28241
+- Add some frozen string to spec/**/*.rb. (gfyoung)
 - Replaces CSS with BS4 utility class for pipeline schedules.
 - Creates a vendors folder for external CSS.
- Add some frozen string to spec/**/*.rb. (gfyoung)
+
+### Performance (1 change)
+
+- Add improvements to global search of issues and merge requests. !27817
+
+
+## 11.10.7 (2019-06-26)
+
+### Fixed (3 changes)
+
+- Remove a default git depth in Pipelines for merge requests. !28926
+- Fix label click scrolling to top. !29202
+- Fix scrolling to top on assignee change. !29500
  
  
 ## 11.10.8 (2019-06-27)
@@ -1309,7 +1331,6 @@ entry.
  
 - Fix input group height.
  
-
 ## 11.10.4 (2019-05-01)
  
 ### Fixed (12 changes)
@@ -1685,31 +1706,11 @@ entry.
  
 ## 11.9.3 (2019-03-27)
  
-### Security (8 changes)
-
- Disallow guest users from accessing Releases.
- Fix PDF.js vulnerability.
- Hide "related branches" when user does not have permission.
- Fix XSS in resolve conflicts form.
- Added rake task for removing EXIF data from existing uploads.
- Return cached languages if they've been detected before.
- Disallow updating namespace when updating a project.
- Use UntrustedRegexp for matching refs policy.
-
+- No changes.
  
 ## 11.9.2 (2019-03-26)
  
-### Security (8 changes)
-
- Disallow guest users from accessing Releases.
- Fix PDF.js vulnerability.
- Hide "related branches" when user does not have permission.
- Fix XSS in resolve conflicts form.
- Added rake task for removing EXIF data from existing uploads.
- Return cached languages if they've been detected before.
- Disallow updating namespace when updating a project.
- Use UntrustedRegexp for matching refs policy.
-
+- No changes.
  
 ## 11.9.1 (2019-03-25)
  
@@ -2324,16 +2325,7 @@ entry.
  
 ## 11.7.8 (2019-03-26)
  
-### Security (7 changes)
-
- Disallow guest users from accessing Releases.
- Fix PDF.js vulnerability.
- Hide "related branches" when user does not have permission.
- Fix XSS in resolve conflicts form.
- Added rake task for removing EXIF data from existing uploads.
- Disallow updating namespace when updating a project.
- Use UntrustedRegexp for matching refs policy.
-
+- No changes.
  
 ## 11.7.7 (2019-03-19)
  
@@ -2343,7 +2335,7 @@ entry.
 - Fixed ability to see private groups by users not belonging to given group.
  
  
-## 11.7.5 (2019-02-06)
+## 11.7.5 (2019-02-05)
  
 ### Fixed (8 changes)
  
@@ -2582,10 +2574,9 @@ entry.
  
 ## 11.6.11 (2019-04-23)
  
-### Security (2 changes)
+### Security (1 change)
  
 - Fixed ability to see private groups by users not belonging to given group.
- Fix XSS in resolve conflicts form.
  
 ### Fixed (2 changes)
  
@@ -2631,6 +2622,13 @@ entry.
 - Fix leaking private repository information in API.
  
  
+## 11.6.9 (2019-02-04)
+
+### Security (1 change)
+
+- Use sanitized user status message for user popover.
+
+
 ## 11.6.8 (2019-01-30)
  
 - No changes.
@@ -3155,7 +3153,6 @@ entry.
 - Fix a race condition intermittently breaking GitLab startup. !23028
 - Adds margin after a deleted branch name in the activity feed. !23038
 - Ignore environment validation failure. !23100
- Fixes broken borders for reports section in MR widget.
 - Adds CI favicon back to jobs page.
 - Redirect to the pipeline builds page when a build is canceled. (Eva Kadlecova)
 - Fixed diff stats not showing when performance bar is enabled.
@@ -3164,12 +3161,13 @@ entry.
 - Fix bug causing not all emails to show up in commit email selectbox.
 - Remove duplicate escape in job sidebar.
 - Fixing styling issues on the scheduled pipelines page.
+- Fixes broken test in master.
 - Renders stuck block when runners are stuck.
 - Removes extra border from test reports in the merge request widget.
+- Fixes broken borders for reports section in MR widget.
 - Only render link to branch when branch still exists in pipeline page.
 - Fixed source project not filtering in merge request creation compare form.
 - Do not reload self on hooks when creating deployment.
- Fixes broken test in master.
  
 ### Changed (38 changes, 12 of them are from the community)
  
@@ -9627,4 +9625,3 @@ entry.
 ## 8.15.8 through 0.8.0
  
 - See [changelogs/archive.md](changelogs/archive.md)
-
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
-## Developer Certificate of Origin + License
+## Contributor license agreement
  
-By contributing to GitLab B.V., You accept and agree to the following terms and
-conditions for Your present and future Contributions submitted to GitLab B.V.
-Except for the license granted herein to GitLab B.V. and recipients of software
-distributed by GitLab B.V., You reserve all right, title, and interest in and to
-Your Contributions. All Contributions are subject to the following DCO + License
-terms.
-
-[DCO + License](https://gitlab.com/gitlab-org/dco/blob/master/README.md)
+By submitting code as an individual you agree to the
+[individual contributor license agreement](doc/legal/individual_contributor_license_agreement.md).
+By submitting code as an entity you agree to the
+[corporate contributor license agreement](doc/legal/corporate_contributor_license_agreement.md).
  
 All Documentation content that resides under the [doc/ directory](/doc) of this
 repository is licensed under Creative Commons:

--- a/Gemfile
+++ b/Gemfile
@@ -48,6 +48,9 @@ gem 'omniauth-salesforce', '~> 1.0.5'
 gem 'rack-oauth2', '~> 1.9.3'
 gem 'jwt', '~> 2.1.0'
  
+# Kerberos authentication. EE-only
+gem 'gssapi', group: :kerberos
+
 # Spam and anti-bot protection
 gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
 gem 'akismet', '~> 2.0'
@@ -124,6 +127,13 @@ gem 'unf', '~> 0.1.4'
 # Seed data
 gem 'seed-fu', '~> 2.3.7'
  
+# Search
+gem 'elasticsearch-model', '~> 0.1.9'
+gem 'elasticsearch-rails', '~> 0.1.9', require: 'elasticsearch/rails/instrumentation'
+gem 'elasticsearch-api',   '5.0.3'
+gem 'aws-sdk'
+gem 'faraday_middleware-aws-signers-v4'
+
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 2.8'
 gem 'deckar01-task_list', '2.2.0'
@@ -281,6 +291,8 @@ gem 'gon', '~> 6.2'
 gem 'request_store', '~> 1.3'
 gem 'base32', '~> 0.3.0'
  
+gem "gitlab-license", "~> 1.0"
+
 # Sentry integration
 gem 'sentry-raven', '~> 2.9'
  
@@ -420,6 +432,9 @@ gem 'health_check', '~> 2.6.0'
 gem 'vmstat', '~> 2.3.0'
 gem 'sys-filesystem', '~> 1.1.6'
  
+# NTP client
+gem 'net-ntp'
+
 # SSH host key support
 gem 'net-ssh', '~> 5.2'
 gem 'sshkey', '~> 2.0'
@@ -449,5 +464,8 @@ gem 'unleash', '~> 0.1.5'
 gem 'lograge', '~> 0.5'
 gem 'grape_logging', '~> 1.7'
  
+# DNS Lookup
+gem 'net-dns', '~> 0.9.0'
+
 # Countries list
 gem 'countries', '~> 3.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -80,6 +80,14 @@ GEM
      encryptor (~> 3.0.0)
    attr_required (1.0.1)
    awesome_print (1.8.0)
+    aws-sdk (2.9.32)
+      aws-sdk-resources (= 2.9.32)
+    aws-sdk-core (2.9.32)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.9.32)
+      aws-sdk-core (= 2.9.32)
+    aws-sigv4 (1.0.0)
    axiom-types (0.1.1)
      descendants_tracker (~> 0.0.4)
      ice_nine (~> 0.11.0)
@@ -226,6 +234,19 @@ GEM
      doorkeeper (~> 4.3)
      json-jwt (~> 1.6)
    ed25519 (1.2.4)
+    elasticsearch (5.0.3)
+      elasticsearch-api (= 5.0.3)
+      elasticsearch-transport (= 5.0.3)
+    elasticsearch-api (5.0.3)
+      multi_json
+    elasticsearch-model (0.1.9)
+      activesupport (> 3)
+      elasticsearch (> 0.4)
+      hashie
+    elasticsearch-rails (0.1.9)
+    elasticsearch-transport (5.0.3)
+      faraday
+      multi_json
    email_reply_trimmer (0.1.6)
    email_spec (2.2.0)
      htmlentities (~> 4.3.3)
@@ -254,6 +275,9 @@ GEM
      faraday (~> 0.8)
    faraday_middleware (0.12.2)
      faraday (>= 0.7.4, < 1.0)
+    faraday_middleware-aws-signers-v4 (0.1.7)
+      aws-sdk-resources (~> 2)
+      faraday (~> 0.9)
    faraday_middleware-multi_json (0.0.6)
      faraday_middleware
      multi_json
@@ -344,6 +368,7 @@ GEM
      jaeger-client (~> 0.10)
      opentracing (~> 0.4)
      redis (> 3.0.0, < 5.0.0)
+    gitlab-license (1.0.0)
    gitlab-markup (1.7.0)
    gitlab-peek (0.0.1)
      railties (>= 4.0.0)
@@ -417,6 +442,8 @@ GEM
    grpc (1.19.0)
      google-protobuf (~> 3.1)
      googleapis-common-protos-types (~> 1.0.0)
+    gssapi (1.2.0)
+      ffi (>= 1.0.1)
    haml (5.0.4)
      temple (>= 0.8.0)
      tilt
@@ -480,6 +507,7 @@ GEM
      atlassian-jwt
      multipart-post
      oauth (~> 0.5, >= 0.5.0)
+    jmespath (1.3.1)
    js_regex (3.1.1)
      character_set (~> 1.1)
      regexp_parser (~> 1.1)
@@ -568,7 +596,9 @@ GEM
      mustermann (~> 1.0.0)
    nakayoshi_fork (0.0.4)
    nap (1.1.0)
+    net-dns (0.9.0)
    net-ldap (0.16.0)
+    net-ntp (2.1.3)
    net-ssh (5.2.0)
    netrc (0.11.0)
    nio4r (2.3.1)
@@ -961,7 +991,7 @@ GEM
    sys-filesystem (1.1.6)
      ffi
    sysexits (1.2.0)
-    temple (0.8.0)
+    temple (0.8.1)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    test-prof (0.2.5)
@@ -973,7 +1003,7 @@ GEM
    thor (0.19.4)
    thread_safe (0.3.6)
    thrift (0.11.0.0)
-    tilt (2.0.8)
+    tilt (2.0.9)
    timecop (0.8.1)
    timfel-krb5-auth (0.8.3)
    toml (0.2.0)
@@ -1070,6 +1100,7 @@ DEPENDENCIES
  atlassian-jwt (~> 0.2.0)
  attr_encrypted (~> 3.1.0)
  awesome_print
+  aws-sdk
  babosa (~> 1.0.2)
  base32 (~> 0.3.0)
  batch-loader (~> 1.4.0)
@@ -1107,11 +1138,15 @@ DEPENDENCIES
  doorkeeper (~> 4.3)
  doorkeeper-openid_connect (~> 1.5)
  ed25519 (~> 1.2)
+  elasticsearch-api (= 5.0.3)
+  elasticsearch-model (~> 0.1.9)
+  elasticsearch-rails (~> 0.1.9)
  email_reply_trimmer (~> 0.1)
  email_spec (~> 2.2.0)
  escape_utils (~> 1.1)
  factory_bot_rails (~> 4.8.2)
  faraday (~> 0.12)
+  faraday_middleware-aws-signers-v4
  fast_blank
  ffaker (~> 2.10)
  flipper (~> 0.13.0)
@@ -1136,6 +1171,7 @@ DEPENDENCIES
  gitaly (~> 1.58.0)
  github-markup (~> 1.7.0)
  gitlab-labkit (~> 0.5)
+  gitlab-license (~> 1.0)
  gitlab-markup (~> 1.7.0)
  gitlab-peek (~> 0.0.1)
  gitlab-sidekiq-fetcher (= 0.5.2)
@@ -1154,6 +1190,7 @@ DEPENDENCIES
  graphql (~> 1.9.11)
  graphql-docs (~> 1.6.0)
  grpc (~> 1.19.0)
+  gssapi
  haml_lint (~> 0.31.0)
  hamlit (~> 2.8.8)
  hangouts-chat (~> 0.0.5)
@@ -1185,7 +1222,9 @@ DEPENDENCIES
  mini_magick
  minitest (~> 5.11.0)
  nakayoshi_fork (~> 0.0.4)
+  net-dns (~> 0.9.0)
  net-ldap
+  net-ntp
  net-ssh (~> 5.2)
  nokogiri (~> 1.10.4)
  oauth2 (~> 1.4)

--- a/app/assets/javascripts/boards/models/list.js
+++ b/app/assets/javascripts/boards/models/list.js
@@ -3,7 +3,7 @@
 import { __ } from '~/locale';
 import ListLabel from './label';
 import ListAssignee from './assignee';
-import ListIssue from './issue';
+import ListIssue from 'ee_else_ce/boards/models/issue';
 import { urlParamsToObject } from '~/lib/utils/common_utils';
 import boardsStore from '../stores/boards_store';
 import ListMilestone from './milestone';

--- a/app/assets/javascripts/clusters/clusters_bundle.js
+++ b/app/assets/javascripts/clusters/clusters_bundle.js
@@ -39,6 +39,7 @@ export default class Clusters {
      updateKnativePath,
      installPrometheusPath,
      managePrometheusPath,
+      clusterEnvironmentsPath,
      hasRbac,
      clusterType,
      clusterStatus,
@@ -79,6 +80,7 @@ export default class Clusters {
      installJupyterEndpoint: installJupyterPath,
      installKnativeEndpoint: installKnativePath,
      updateKnativeEndpoint: updateKnativePath,
+      clusterEnvironmentsEndpoint: clusterEnvironmentsPath,
    });
  
    this.installApplication = this.installApplication.bind(this);
@@ -109,6 +111,10 @@ export default class Clusters {
    this.initApplications(clusterType);
    this.initEnvironments();
  
+    if (clusterEnvironmentsPath) {
+      this.fetchEnvironments();
+    }
+
    this.updateContainer(null, this.store.state.status, this.store.state.statusReason);
  
    this.addListeners();
@@ -162,6 +168,7 @@ export default class Clusters {
      render(createElement) {
        return createElement(Environments, {
          props: {
+            isFetching: this.state.fetchingEnvironments,
            environments: this.state.environments,
            environmentsHelpPath: this.state.environmentsHelpPath,
            clustersHelpPath: this.state.clustersHelpPath,
@@ -172,6 +179,18 @@ export default class Clusters {
    });
  }
  
+  fetchEnvironments() {
+    this.store.toggleFetchEnvironments(true);
+
+    this.service
+      .fetchClusterEnvironments()
+      .then(data => {
+        this.store.toggleFetchEnvironments(false);
+        this.store.updateEnvironments(data.data);
+      })
+      .catch(() => Clusters.handleError());
+  }
+
  static initDismissableCallout() {
    const callout = document.querySelector('.js-cluster-security-warning');
    PersistentUserCallout.factory(callout);

--- a/app/assets/javascripts/clusters/services/clusters_service.js
+++ b/app/assets/javascripts/clusters/services/clusters_service.js
@@ -33,6 +33,10 @@ export default class ClusterService {
    return axios.delete(this.appInstallEndpointMap[appId], params);
  }
  
+  fetchClusterEnvironments() {
+    return axios.get(this.options.clusterEnvironmentsEndpoint);
+  }
+
  static updateCluster(endpoint, data) {
    return axios.put(endpoint, data);
  }

--- a/app/assets/javascripts/clusters/stores/clusters_store.js
+++ b/app/assets/javascripts/clusters/stores/clusters_store.js
@@ -84,6 +84,7 @@ export default class ClusterStore {
        },
      },
      environments: [],
+      fetchingEnvironments: false,
    };
  }
  
@@ -206,6 +207,10 @@ export default class ClusterStore {
    });
  }
  
+  toggleFetchEnvironments(isFetching) {
+    this.state.fetchingEnvironments = isFetching;
+  }
+
  updateEnvironments(environments = []) {
    this.state.environments = environments.map(environment => ({
      name: environment.name,
@@ -215,7 +220,7 @@ export default class ClusterStore {
      rolloutStatus: {
        instances: environment.rollout_status ? environment.rollout_status.instances : [],
      },
-      updatedAt: environment.updatedAt,
+      updatedAt: environment.updated_at,
    }));
  }
 }
--- a/app/assets/javascripts/gl_dropdown.js
+++ b/app/assets/javascripts/gl_dropdown.js
@@ -7,6 +7,7 @@ import fuzzaldrinPlus from 'fuzzaldrin-plus';
 import axios from './lib/utils/axios_utils';
 import { visitUrl } from './lib/utils/url_utility';
 import { isObject } from './lib/utils/type_utility';
+import renderItem from './gl_dropdown/render';
  
 var GitLabDropdown, GitLabDropdownFilter, GitLabDropdownRemote, GitLabDropdownInput;
  
@@ -521,8 +522,8 @@ GitLabDropdown = (function() {
          html.push(
            this.renderItem(
              {
-                header: name,
-                // Add header for each group
+                content: name,
+                type: 'header',
              },
              name,
            ),
@@ -542,16 +543,7 @@ GitLabDropdown = (function() {
  };
  
  GitLabDropdown.prototype.renderData = function(data, group) {
-    if (group == null) {
-      group = false;
-    }
-    return data.map(
-      (function(_this) {
-        return function(obj, index) {
-          return _this.renderItem(obj, group, index);
-        };
-      })(this),
-    );
+    return data.map((obj, index) => this.renderItem(obj, group || false, index));
  };
  
  GitLabDropdown.prototype.shouldPropagate = function(e) {
@@ -688,104 +680,25 @@ GitLabDropdown = (function() {
  };
  
  GitLabDropdown.prototype.renderItem = function(data, group, index) {
-    var field, html, selected, text, url, value, rowHidden;
-
-    if (!this.options.renderRow) {
-      value = this.options.id ? this.options.id(data) : data.id;
-
-      if (value) {
-        value = value.toString().replace(/'/g, "\\'");
-      }
-    }
-
-    // Hide element
-    if (this.options.hideRow && this.options.hideRow(value)) {
-      rowHidden = true;
-    }
-    if (group == null) {
-      group = false;
-    }
-    if (index == null) {
-      // Render the row
-      index = false;
-    }
-    html = document.createElement('li');
-
-    if (rowHidden) {
-      html.style.display = 'none';
-    }
-
-    if (data === 'divider' || data === 'separator') {
-      html.className = data;
-      return html;
-    }
-    // Header
-    if (data.header != null) {
-      html.className = 'dropdown-header';
-      html.innerHTML = data.header;
-      return html;
-    }
-    if (this.options.renderRow) {
-      // Call the render function
-      html = this.options.renderRow.call(this.options, data, this);
-    } else {
-      if (!selected) {
-        const { fieldName } = this.options;
-
-        if (value) {
-          field = this.dropdown.parent().find(`input[name='${fieldName}'][value='${value}']`);
-          if (field.length) {
-            selected = true;
-          }
-        } else {
-          field = this.dropdown.parent().find(`input[name='${fieldName}']`);
-          selected = !field.length;
-        }
-      }
-      // Set URL
-      if (this.options.url != null) {
-        url = this.options.url(data);
-      } else {
-        url = data.url != null ? data.url : '#';
-      }
-      // Set Text
-      if (this.options.text != null) {
-        text = this.options.text(data);
-      } else {
-        text = data.text != null ? data.text : '';
-      }
-      if (this.highlight) {
-        text = data.template
-          ? this.highlightTemplate(text, data.template)
-          : this.highlightTextMatches(text, this.filterInput.val());
-      }
-      // Create the list item & the link
-      var link = document.createElement('a');
-
-      link.href = url;
-
-      if (this.icon) {
-        text = `<span>${text}</span>`;
-        link.classList.add('d-flex', 'align-items-center');
-        link.innerHTML = data.icon ? data.icon + text : text;
-      } else if (this.highlight) {
-        link.innerHTML = text;
-      } else {
-        link.textContent = text;
-      }
-
-      if (selected) {
-        link.classList.add('is-active');
-      }
-
-      if (group) {
-        link.dataset.group = group;
-        link.dataset.index = index;
-      }
-
-      html.appendChild(link);
-    }
-    return html;
+    let parent;
+
+    if (this.dropdown && this.dropdown[0]) {
+      parent = this.dropdown[0].parentNode;
+    }
+
+    return renderItem({
+      instance: this,
+      options: Object.assign({}, this.options, {
+        icon: this.icon,
+        highlight: this.highlight,
+        highlightText: text => this.highlightTextMatches(text, this.filterInput.val()),
+        highlightTemplate: this.highlightTemplate.bind(this),
+        parent,
+      }),
+      data,
+      group,
+      index,
+    });
  };
  
  GitLabDropdown.prototype.highlightTemplate = function(text, template) {
@@ -809,7 +722,6 @@ GitLabDropdown = (function() {
  };
  
  GitLabDropdown.prototype.noResults = function() {
-    var html;
    return '<li class="dropdown-menu-empty-item"><a>No matching results</a></li>';
  };
  

--- a/app/assets/javascripts/gl_dropdown/render.js
+++ b/app/assets/javascripts/gl_dropdown/render.js
+const renderersByType = {
+  divider(element) {
+    element.classList.add('divider');
+
+    return element;
+  },
+  separator(element) {
+    element.classList.add('separator');
+
+    return element;
+  },
+  header(element, data) {
+    element.classList.add('dropdown-header');
+    element.innerHTML = data.content;
+
+    return element;
+  },
+};
+
+function getPropertyWithDefault(data, options, property, defaultValue = '') {
+  let result;
+
+  if (options[property] != null) {
+    result = options[property](data);
+  } else {
+    result = data[property] != null ? data[property] : defaultValue;
+  }
+
+  return result;
+}
+
+function getHighlightTextBuilder(text, data, options) {
+  if (options.highlight) {
+    return data.template
+      ? options.highlightTemplate(text, data.template)
+      : options.highlightText(text);
+  }
+
+  return text;
+}
+
+function getIconTextBuilder(text, data, options) {
+  if (options.icon) {
+    const wrappedText = `<span>${text}</span>`;
+    return data.icon ? `${data.icon}${wrappedText}` : wrappedText;
+  }
+
+  return text;
+}
+
+function getLinkText(data, options) {
+  const text = getPropertyWithDefault(data, options, 'text');
+
+  return [getHighlightTextBuilder, getIconTextBuilder].reduce(
+    (acc, fn) => fn(acc, data, options),
+    text,
+  );
+}
+
+function escape(text) {
+  return text ? String(text).replace(/'/g, "\\'") : text;
+}
+
+function getOptionValue(data, options) {
+  if (options.renderRow) {
+    return undefined;
+  }
+
+  return escape(options.id ? options.id(data) : data.id);
+}
+
+function shouldHide(data, { options }) {
+  const value = getOptionValue(data, options);
+
+  return options.hideRow && options.hideRow(value);
+}
+
+function hideElement(element) {
+  element.style.display = 'none';
+
+  return element;
+}
+
+function checkSelected(data, options) {
+  const value = getOptionValue(data, options);
+
+  if (!options.parent) {
+    return !data.id;
+  } else if (value) {
+    return (
+      options.parent.querySelector(`input[name='${options.fieldName}'][value='${value}']`) != null
+    );
+  }
+
+  return options.parent.querySelector(`input[name='${options.fieldName}']`) == null;
+}
+
+function createLink(url, selected, options) {
+  const link = document.createElement('a');
+
+  link.href = url;
+
+  if (options.icon) {
+    link.classList.add('d-flex', 'align-items-center');
+  }
+
+  link.classList.toggle('is-active', selected);
+
+  return link;
+}
+
+function assignTextToLink(el, data, options) {
+  const text = getLinkText(data, options);
+
+  if (options.icon || options.highlight) {
+    el.innerHTML = text;
+  } else {
+    el.textContent = text;
+  }
+
+  return el;
+}
+
+function renderLink(row, data, { options, group, index }) {
+  const selected = checkSelected(data, options);
+  const url = getPropertyWithDefault(data, options, 'url', '#');
+  const link = createLink(url, selected, options);
+
+  assignTextToLink(link, data, options);
+
+  if (group) {
+    link.dataset.group = group;
+    link.dataset.index = index;
+  }
+
+  row.appendChild(link);
+
+  return row;
+}
+
+function getOptionRenderer({ options, instance }) {
+  return options.renderRow && ((li, data) => options.renderRow(data, instance));
+}
+
+function getRenderer(data, params) {
+  return renderersByType[data.type] || getOptionRenderer(params) || renderLink;
+}
+
+export default function item({ data, ...params }) {
+  const renderer = getRenderer(data, params);
+  const li = document.createElement('li');
+
+  if (shouldHide(data, params)) {
+    hideElement(li);
+  }
+
+  return renderer(li, data, params);
+}
--- a/app/assets/javascripts/groups/transfer_dropdown.js
+++ b/app/assets/javascripts/groups/transfer_dropdown.js
@@ -14,7 +14,7 @@ export default class TransferDropdown {
  }
  
  buildDropdown() {
-    const extraOptions = [{ id: '-1', text: __('No parent group') }, 'divider'];
+    const extraOptions = [{ id: '-1', text: __('No parent group') }, { type: 'divider' }];
  
    this.groupDropdown.glDropdown({
      selectable: true,