Add structure to support EE feature of COAR

These are the structural changes for supporting the EE feature of moving
"code_owner_approval_required" state from existing on a project to being
on the protected branches individually, allowing for CODEOWNER
validation on push events.

7 files changed, 51 insertions, 4 deletions

diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 28e450f9b30..bc98ae0ce28 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -174,6 +174,7 @@ class MergeRequest < ApplicationRecord
   scope :from_project, ->(project) { where(source_project_id: project.id) }
   scope :merged, -> { with_state(:merged) }
   scope :closed_and_merged, -> { with_states(:closed, :merged) }
+  scope :open_and_closed, -> { with_states(:opened, :closed) }
   scope :from_source_branches, ->(branches) { where(source_branch: branches) }
   scope :by_commit_sha, ->(sha) do
     where('EXISTS (?)', MergeRequestDiff.select(1).where('merge_requests.latest_merge_request_diff_id = merge_request_diffs.id').by_commit_sha(sha)).reorder(nil)
@@ -187,6 +188,11 @@ class MergeRequest < ApplicationRecord
             target_project: [:route, { namespace: :route }],
             source_project: [:route, { namespace: :route }])
   }
+  scope :by_target_branch_wildcard, ->(wildcard_branch_name) do
+    where("target_branch LIKE ?", ApplicationRecord.sanitize_sql_like(wildcard_branch_name).tr('*', '%'))
+  end
+  scope :by_target_branch, ->(branch_name) { where(target_branch: branch_name) }
+  scope :preload_source_project, -> { preload(:source_project) }
 
   after_save :keep_around_commit
 
diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb
index ee0c94c20af..9fd929371f8 100644
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -3,6 +3,9 @@
 class ProtectedBranch < ApplicationRecord
   include ProtectedRef
 
+  scope :requiring_code_owner_approval,
+        -> { where(code_owner_approval_required: true) }
+
   protected_ref_access_levels :merge, :push
 
   def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
diff --git a/app/services/protected_branches/create_service.rb b/app/services/protected_branches/create_service.rb
index 87aaf4672a4..6b2836bba39 100644
--- a/app/services/protected_branches/create_service.rb
+++ b/app/services/protected_branches/create_service.rb
@@ -5,7 +5,8 @@ module ProtectedBranches
     def execute(skip_authorization: false)
       raise Gitlab::Access::AccessDeniedError unless skip_authorization || authorized?
 
-      protected_branch.save
+      save_protected_branch
+
       protected_branch
     end
 
@@ -15,6 +16,10 @@ module ProtectedBranches
 
     private
 
+    def save_protected_branch
+      protected_branch.save
+    end
+
     def protected_branch
       @protected_branch ||= project.protected_branches.new(params)
     end
diff --git a/db/migrate/20190729180447_add_merge_requests_require_code_owner_approval_to_protected_branches.rb b/db/migrate/20190729180447_add_merge_requests_require_code_owner_approval_to_protected_branches.rb
new file mode 100644
index 00000000000..098fcff9ace
--- /dev/null
+++ b/db/migrate/20190729180447_add_merge_requests_require_code_owner_approval_to_protected_branches.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class AddMergeRequestsRequireCodeOwnerApprovalToProtectedBranches < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default(
+      :protected_branches,
+      :code_owner_approval_required,
+      :boolean,
+      default: false
+    )
+
+    add_concurrent_index(
+      :protected_branches,
+      [:project_id, :code_owner_approval_required],
+      name: "code_owner_approval_required",
+      where: "code_owner_approval_required = #{Gitlab::Database.true_value}")
+  end
+
+  def down
+    remove_concurrent_index(:protected_branches, name: "code_owner_approval_required")
+
+    remove_column(:protected_branches, :code_owner_approval_required)
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 98c4403efe1..9d7cdaed70c 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -2932,6 +2932,8 @@ ActiveRecord::Schema.define(version: 2019_09_04_173203) do
     t.string "name", null: false
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.boolean "code_owner_approval_required", default: false, null: false
+    t.index ["project_id", "code_owner_approval_required"], name: "code_owner_approval_required", where: "(code_owner_approval_required = true)"
     t.index ["project_id"], name: "index_protected_branches_on_project_id"
   end
 
diff --git a/spec/lib/gitlab/checks/diff_check_spec.rb b/spec/lib/gitlab/checks/diff_check_spec.rb
index a341dfa5636..b9134b8d6ab 100644
--- a/spec/lib/gitlab/checks/diff_check_spec.rb
+++ b/spec/lib/gitlab/checks/diff_check_spec.rb
@@ -20,9 +20,8 @@ describe Gitlab::Checks::DiffCheck do
         allow(project).to receive(:lfs_enabled?).and_return(false)
       end
 
-      it 'skips the validation' do
-        expect(subject).not_to receive(:validate_diff)
-        expect(subject).not_to receive(:validate_file_paths)
+      it 'does not invoke :lfs_file_locks_validation' do
+        expect(subject).not_to receive(:lfs_file_locks_validation)
 
         subject.validate!
       end
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index 516e62c4728..1386f8822ce 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -467,6 +467,7 @@ ProtectedBranch:
 - name
 - created_at
 - updated_at
+- code_owner_approval_required
 ProtectedTag:
 - id
 - project_id