Merge branch 'master' into 'dispatcher-project-mr-edit'dispatcher-project-mr-edit

# Conflicts:
#   app/assets/javascripts/dispatcher.js

450 files changed, 6039 insertions, 2797 deletions

diff --git a/.eslintrc b/.eslintrc
index 6dbe269e594..ad5eaebccae 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -10,7 +10,6 @@
   ],
   "globals": {
     "__webpack_public_path__": true,
-    "_": false,
     "gl": false,
     "gon": false,
     "localStorage": false
diff --git a/.gitignore b/.gitignore
index 4933575332b..2004c2a09b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 *.swp
 *.mo
 *.edit.po
+*.rej
 .DS_Store
 .bundle
 .chef
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f038ce72aeb..80ba8e5c1a1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,6 +61,9 @@ stages:
 
 .use-pg: &use-pg
   services:
+    # As of Jan 2018, we don't have a strong reason to upgrade to 9.6 for CI yet,
+    # so using the least common denominator ensures backwards compatibility
+    # (as many users are still using 9.2).
     - postgres:9.2
     - redis:alpine
 
diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md
index 9b541aadad1..102eb7e7953 100644
--- a/.gitlab/merge_request_templates/Documentation.md
+++ b/.gitlab/merge_request_templates/Documentation.md
@@ -11,4 +11,6 @@ See the guidelines: http://docs.gitlab.com/ce/development/doc_styleguide.html#ch
 - [ ] Make sure the old link is not removed and has its contents replaced with a link to the new location.
 - [ ] Make sure internal links pointing to the document in question are not broken.
 - [ ] Search and replace any links referring to old docs in GitLab Rails app, specifically under the `app/views/` directory.
+- [ ] Make sure to add [`redirect_from`](https://docs.gitlab.com/ee/development/doc_styleguide.html#redirections-for-pages-with-disqus-comments) to the new document if there are any Disqus comments on the old document thread.
 - [ ] If working on CE, submit an MR to EE with the changes as well.
+- [ ] Ping one of the technical writers for review.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26580e7183f..87260744190 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,19 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 10.3.4 (2018-01-10)
+
+### Security (7 changes, 1 of them is from the community)
+
+- Prevent a SQL injection in the MilestonesFinder.
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix writable shared deploy keys.
+
+
 ## 10.3.3 (2018-01-02)
 
 ### Fixed (3 changes)
@@ -180,6 +193,21 @@ entry.
 - Clean up schema of the "merge_requests" table.
 
 
+## 10.2.6 (2018-01-11)
+
+### Security (9 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Fixed IPython notebook output not being sanitized.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.2.5 (2017-12-15)
 
 ### Fixed (8 changes)
@@ -446,6 +474,20 @@ entry.
 - Add Gitaly metrics to the performance bar.
 
 
+## 10.1.6 (2018-01-11)
+
+### Security (8 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.1.5 (2017-12-07)
 
 ### Security (5 changes)
@@ -950,6 +992,11 @@ entry.
 - Added type to CHANGELOG entries. (Jacopo Beschi @jacopo-beschi)
 - [BUGIFX] Improves subgroup creation permissions. !13418
 
+## 9.5.10 (2017-11-08)
+
+- [SECURITY] Add SSRF protections for hostnames that will never resolve but will still connect to localhost
+- [SECURITY] Include X-Content-Type-Options (XCTO) header into API responses
+
 ## 9.5.9 (2017-10-16)
 
 - [SECURITY] Move project repositories between namespaces when renaming users.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 057e2d6e0dc..b366ae6f069 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -171,7 +171,7 @@ Assigning a team label makes sure issues get the attention of the appropriate
 people.
 
 The current team labels are ~Build, ~"CI/CD", ~Discussion, ~Documentation, ~Edge,
-~Geo, ~Gitaly, ~Platform, ~Prometheus, ~Release, and ~"UX".
+~Geo, ~Gitaly, ~Platform, ~Monitoring, ~Release, and ~"UX".
 
 The descriptions on the [labels page][labels-page] explain what falls under the
 responsibility of each team.
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 328185caaeb..106d4ac0005 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-0.67.0
+0.69.0
diff --git a/Gemfile b/Gemfile
index 5c455ab15e3..5f4911ff628 100644
--- a/Gemfile
+++ b/Gemfile
@@ -115,7 +115,7 @@ gem 'google-api-client', '~> 0.13.6'
 gem 'unf', '~> 0.1.4'
 
 # Seed data
-gem 'seed-fu', '2.3.6' # Upgrade to > 2.3.7 once https://github.com/mbleigh/seed-fu/issues/123 is solved
+gem 'seed-fu', '~> 2.3.7'
 
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 1.11.0'
@@ -233,6 +233,9 @@ gem 'charlock_holmes', '~> 0.7.5'
 # Faster JSON
 gem 'oj', '~> 2.17.4'
 
+# Faster blank
+gem 'fast_blank'
+
 # Parse time & duration
 gem 'chronic', '~> 0.10.2'
 gem 'chronic_duration', '~> 0.10.6'
@@ -403,7 +406,7 @@ group :ed25519 do
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.69.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.73.0', require: 'gitaly'
 
 gem 'toml-rb', '~> 0.3.15', require: false
 
diff --git a/Gemfile.lock b/Gemfile.lock
index cb6b0ebb3bc..b251b8c481a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -207,6 +207,7 @@ GEM
     faraday_middleware-multi_json (0.0.6)
       faraday_middleware
       multi_json
+    fast_blank (1.0.0)
     fast_gettext (1.4.0)
     ffaker (2.4.0)
     ffi (1.9.18)
@@ -284,7 +285,7 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     gherkin-ruby (0.3.2)
-    gitaly-proto (0.69.0)
+    gitaly-proto (0.73.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.0)
     github-linguist (4.7.6)
@@ -340,6 +341,8 @@ GEM
       representable (~> 3.0)
       retriable (>= 2.0, < 4.0)
     google-protobuf (3.4.1.1)
+    googleapis-common-protos-types (1.0.1)
+      google-protobuf (~> 3.0)
     googleauth (0.5.3)
       faraday (~> 0.12)
       jwt (~> 1.4)
@@ -366,9 +369,10 @@ GEM
       rake
     grape_logging (1.7.0)
       grape
-    grpc (1.4.5)
+    grpc (1.8.3)
       google-protobuf (~> 3.1)
-      googleauth (~> 0.5.1)
+      googleapis-common-protos-types (~> 1.0.0)
+      googleauth (>= 0.5.1, < 0.7)
     haml (4.0.7)
       tilt
     haml_lint (0.26.0)
@@ -828,7 +832,7 @@ GEM
       rake (>= 0.9, < 13)
       sass (~> 3.5.3)
     securecompare (1.0.0)
-    seed-fu (2.3.6)
+    seed-fu (2.3.7)
       activerecord (>= 3.1)
       activesupport (>= 3.1)
     select2-rails (3.5.9.3)
@@ -1031,6 +1035,7 @@ DEPENDENCIES
   email_spec (~> 1.6.0)
   factory_bot_rails (~> 4.8.2)
   faraday (~> 0.12)
+  fast_blank
   ffaker (~> 2.4)
   flay (~> 2.8.0)
   flipper (~> 0.11.0)
@@ -1051,7 +1056,7 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.2.0)
-  gitaly-proto (~> 0.69.0)
+  gitaly-proto (~> 0.73.0)
   github-linguist (~> 4.7.0)
   gitlab-flowdock-git-hook (~> 1.0.1)
   gitlab-markup (~> 1.6.2)
@@ -1167,7 +1172,7 @@ DEPENDENCIES
   sanitize (~> 2.0)
   sass-rails (~> 5.0.6)
   scss_lint (~> 0.56.0)
-  seed-fu (= 2.3.6)
+  seed-fu (~> 2.3.7)
   select2-rails (~> 3.5.9)
   selenium-webdriver (~> 3.5)
   sentry-raven (~> 2.5.3)
diff --git a/app/assets/javascripts/blob/blob_file_dropzone.js b/app/assets/javascripts/blob/blob_file_dropzone.js
index f7ae6f1cd12..83cac896f86 100644
--- a/app/assets/javascripts/blob/blob_file_dropzone.js
+++ b/app/assets/javascripts/blob/blob_file_dropzone.js
@@ -4,6 +4,8 @@ import { visitUrl } from '../lib/utils/url_utility';
 import { HIDDEN_CLASS } from '../lib/utils/constants';
 import csrf from '../lib/utils/csrf';
 
+Dropzone.autoDiscover = false;
+
 function toggleLoading($el, $icon, loading) {
   if (loading) {
     $el.disable();
diff --git a/app/assets/javascripts/boards/components/board.js b/app/assets/javascripts/boards/components/board.js
index adb7360327c..a8dafd31f12 100644
--- a/app/assets/javascripts/boards/components/board.js
+++ b/app/assets/javascripts/boards/components/board.js
@@ -1,5 +1,5 @@
 /* eslint-disable comma-dangle, space-before-function-paren, one-var */
-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 import Vue from 'vue';
 import AccessorUtilities from '../../lib/utils/accessor';
 import boardList from './board_list';
diff --git a/app/assets/javascripts/boards/components/board_list.js b/app/assets/javascripts/boards/components/board_list.js
index d8cf532fe78..591f1dc8313 100644
--- a/app/assets/javascripts/boards/components/board_list.js
+++ b/app/assets/javascripts/boards/components/board_list.js
@@ -1,4 +1,4 @@
-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 import boardNewIssue from './board_new_issue';
 import boardCard from './board_card.vue';
 import eventHub from '../eventhub';
diff --git a/app/assets/javascripts/clusters/components/applications.vue b/app/assets/javascripts/clusters/components/applications.vue
index 25cef44c1b8..ff2e0768a87 100644
--- a/app/assets/javascripts/clusters/components/applications.vue
+++ b/app/assets/javascripts/clusters/components/applications.vue
@@ -46,14 +46,15 @@
         ));
 
         const extraCostParagraph = sprintf(
-          _.escape(s__(`ClusterIntegration|%{boldNotice} This will add some
-extra resources like a load balancer,
-which incur additional costs. See %{pricingLink}`)),
-          {
+          _.escape(s__(
+            `ClusterIntegration|%{boldNotice} This will add some extra resources
+            like a load balancer, which may incur additional costs depending on
+            the hosting provider Kubernetes is installed on. If you are using GKE,
+            you can %{pricingLink}.`,
+          )), {
             boldNotice: `<strong>${_.escape(s__('ClusterIntegration|Note:'))}</strong>`,
             pricingLink: `<a href="https://cloud.google.com/compute/pricing#lb" target="_blank" rel="noopener noreferrer">
-              ${_.escape(s__('ClusterIntegration|GKE pricing'))}
-            </a>`,
+              ${_.escape(s__('ClusterIntegration|check the pricing here'))}</a>`,
           },
           false,
         );
@@ -80,8 +81,7 @@ which incur additional costs. See %{pricingLink}`)),
           {
             gitlabIntegrationLink: `<a href="https://docs.gitlab.com/ce/user/project/integrations/prometheus.html"
 target="_blank" rel="noopener noreferrer">
-              ${_.escape(s__('ClusterIntegration|Gitlab Integration'))}
-            </a>`,
+              ${_.escape(s__('ClusterIntegration|GitLab Integration'))}</a>`,
           },
           false,
         );
diff --git a/app/assets/javascripts/commit_merge_requests.js b/app/assets/javascripts/commit_merge_requests.js
new file mode 100644
index 00000000000..f76c9b7e690
--- /dev/null
+++ b/app/assets/javascripts/commit_merge_requests.js
@@ -0,0 +1,73 @@
+/* global Flash */
+
+import axios from './lib/utils/axios_utils';
+import { n__, s__ } from './locale';
+
+export function getHeaderText(childElementCount, mergeRequestCount) {
+  if (childElementCount === 0) {
+    return `${mergeRequestCount} ${n__('merge request', 'merge requests', mergeRequestCount)}`;
+  }
+  return ',';
+}
+
+export function createHeader(childElementCount, mergeRequestCount) {
+  const headerText = getHeaderText(childElementCount, mergeRequestCount);
+
+  return $('<span />', {
+    class: 'append-right-5',
+    text: headerText,
+  });
+}
+
+export function createLink(mergeRequest) {
+  return $('<a />', {
+    class: 'append-right-5',
+    href: mergeRequest.path,
+    text: `!${mergeRequest.iid}`,
+  });
+}
+
+export function createTitle(mergeRequest) {
+  return $('<span />', {
+    text: mergeRequest.title,
+  });
+}
+
+export function createItem(mergeRequest) {
+  const $item = $('<span />');
+  const $link = createLink(mergeRequest);
+  const $title = createTitle(mergeRequest);
+  $item.append($link);
+  $item.append($title);
+
+  return $item;
+}
+
+export function createContent(mergeRequests) {
+  const $content = $('<span />');
+
+  if (mergeRequests.length === 0) {
+    $content.text(s__('Commits|No related merge requests found'));
+  } else {
+    mergeRequests.forEach((mergeRequest) => {
+      const $header = createHeader($content.children().length, mergeRequests.length);
+      const $item = createItem(mergeRequest);
+      $content.append($header);
+      $content.append($item);
+    });
+  }
+
+  return $content;
+}
+
+export function fetchCommitMergeRequests() {
+  const $container = $('.merge-requests');
+
+  axios.get($container.data('projectCommitPath'))
+    .then((response) => {
+      const $content = createContent(response.data);
+
+      $container.html($content);
+    })
+    .catch(() => Flash(s__('Commits|An error occurred while fetching merge requests data.')));
+}
diff --git a/app/assets/javascripts/protected_tags/protected_tag_dropdown.js b/app/assets/javascripts/create_item_dropdown.js
index a0224213aa0..c3eceb285f5 100644
--- a/app/assets/javascripts/protected_tags/protected_tag_dropdown.js
+++ b/app/assets/javascripts/create_item_dropdown.js
@@ -1,6 +1,6 @@
 import _ from 'underscore';
 
-export default class ProtectedTagDropdown {
+export default class CreateItemDropdown {
   /**
    * @param {Object} options containing
    *                         `$dropdown` target element
@@ -8,11 +8,14 @@ export default class ProtectedTagDropdown {
    * $dropdown must be an element created using `dropdown_tag()` rails helper
    */
   constructor(options) {
-    this.onSelect = options.onSelect;
+    this.defaultToggleLabel = options.defaultToggleLabel;
+    this.fieldName = options.fieldName;
+    this.onSelect = options.onSelect || (() => {});
+    this.getDataOption = options.getData;
     this.$dropdown = options.$dropdown;
     this.$dropdownContainer = this.$dropdown.parent();
     this.$dropdownFooter = this.$dropdownContainer.find('.dropdown-footer');
-    this.$protectedTag = this.$dropdownContainer.find('.js-create-new-protected-tag');
+    this.$createButton = this.$dropdownContainer.find('.js-dropdown-create-new-item');
 
     this.buildDropdown();
     this.bindEvents();
@@ -23,7 +26,7 @@ export default class ProtectedTagDropdown {
 
   buildDropdown() {
     this.$dropdown.glDropdown({
-      data: this.getProtectedTags.bind(this),
+      data: this.getData.bind(this),
       filterable: true,
       remote: false,
       search: {
@@ -31,14 +34,14 @@ export default class ProtectedTagDropdown {
       },
       selectable: true,
       toggleLabel(selected) {
-        return (selected && 'id' in selected) ? selected.title : 'Protected Tag';
+        return (selected && 'id' in selected) ? selected.title : this.defaultToggleLabel;
       },
-      fieldName: 'protected_tag[name]',
-      text(protectedTag) {
-        return _.escape(protectedTag.title);
+      fieldName: this.fieldName,
+      text(item) {
+        return _.escape(item.title);
       },
-      id(protectedTag) {
-        return _.escape(protectedTag.id);
+      id(item) {
+        return _.escape(item.id);
       },
       onFilter: this.toggleCreateNewButton.bind(this),
       clicked: (options) => {
@@ -49,37 +52,37 @@ export default class ProtectedTagDropdown {
   }
 
   bindEvents() {
-    this.$protectedTag.on('click', this.onClickCreateWildcard.bind(this));
+    this.$createButton.on('click', this.onClickCreateWildcard.bind(this));
   }
 
   onClickCreateWildcard(e) {
+    e.preventDefault();
+
+    // Refresh the dropdown's data, which ends up calling `getData`
     this.$dropdown.data('glDropdown').remote.execute();
     this.$dropdown.data('glDropdown').selectRowAtIndex();
-    e.preventDefault();
   }
 
-  getProtectedTags(term, callback) {
-    if (this.selectedTag) {
-      callback(gon.open_tags.concat(this.selectedTag));
-    } else {
-      callback(gon.open_tags);
-    }
+  getData(term, callback) {
+    this.getDataOption(term, (data = []) => {
+      callback(data.concat(this.selectedItem || []));
+    });
   }
 
-  toggleCreateNewButton(tagName) {
-    if (tagName) {
-      this.selectedTag = {
-        title: tagName,
-        id: tagName,
-        text: tagName,
+  toggleCreateNewButton(item) {
+    if (item) {
+      this.selectedItem = {
+        title: item,
+        id: item,
+        text: item,
       };
 
       this.$dropdownContainer
-        .find('.js-create-new-protected-tag code')
-        .text(tagName);
+        .find('.js-dropdown-create-new-item code')
+        .text(item);
     }
 
-    this.toggleFooter(!tagName);
+    this.toggleFooter(!item);
   }
 
   toggleFooter(toggleState) {
diff --git a/app/assets/javascripts/create_merge_request_dropdown.js b/app/assets/javascripts/create_merge_request_dropdown.js
index eedbd3feeb5..bc23a72762f 100644
--- a/app/assets/javascripts/create_merge_request_dropdown.js
+++ b/app/assets/javascripts/create_merge_request_dropdown.js
@@ -1,4 +1,5 @@
 /* eslint-disable no-new */
+import _ from 'underscore';
 import Flash from './flash';
 import DropLab from './droplab/drop_lab';
 import ISetter from './droplab/plugins/input_setter';
diff --git a/app/assets/javascripts/deploy_keys/components/key.vue b/app/assets/javascripts/deploy_keys/components/key.vue
index a9e819b8a3c..843564ce016 100644
--- a/app/assets/javascripts/deploy_keys/components/key.vue
+++ b/app/assets/javascripts/deploy_keys/components/key.vue
@@ -1,11 +1,15 @@
 <script>
   import actionBtn from './action_btn.vue';
   import { getTimeago } from '../../lib/utils/datetime_utility';
+  import tooltip from '../../vue_shared/directives/tooltip';
 
   export default {
     components: {
       actionBtn,
     },
+    directives: {
+      tooltip,
+    },
     props: {
       deployKey: {
         type: Object,
@@ -32,6 +36,9 @@
       isEnabled(id) {
         return this.store.findEnabledKey(id) !== undefined;
       },
+      tooltipTitle(project) {
+        return project.can_push ? 'Write access allowed' : 'Read access only';
+      },
     },
   };
 </script>
@@ -52,21 +59,23 @@
       <div class="description">
         {{ deployKey.fingerprint }}
       </div>
-      <div
-        v-if="deployKey.can_push"
-        class="write-access-allowed"
-      >
-        Write access allowed
-      </div>
     </div>
     <div class="deploy-key-content prepend-left-default deploy-key-projects">
       <a
-        v-for="(project, i) in deployKey.projects"
-        class="label deploy-project-label"
-        :href="project.full_path"
+        v-for="(deployKeysProject, i) in deployKey.deploy_keys_projects"
         :key="i"
+        class="label deploy-project-label"
+        :href="deployKeysProject.project.full_path"
+        :title="tooltipTitle(deployKeysProject)"
+        v-tooltip
       >
-        {{ project.full_name }}
+        {{ deployKeysProject.project.full_name }}
+        <i
+          v-if="!deployKeysProject.can_push"
+          aria-hidden="true"
+          class="fa fa-lock"
+        >
+        </i>
       </a>
     </div>
     <div class="deploy-key-content">
diff --git a/app/assets/javascripts/dispatcher.js b/app/assets/javascripts/dispatcher.js
index efafa7a53e9..28f4fddad4b 100644
--- a/app/assets/javascripts/dispatcher.js
+++ b/app/assets/javascripts/dispatcher.js
@@ -1,49 +1,33 @@
 /* eslint-disable func-names, space-before-function-paren, no-var, prefer-arrow-callback, wrap-iife, no-shadow, consistent-return, one-var, one-var-declaration-per-line, camelcase, default-case, no-new, quotes, no-duplicate-case, no-case-declarations, no-fallthrough, max-len */
-import { s__ } from './locale';
 import projectSelect from './project_select';
-import IssuableIndex from './issuable_index';
 import Milestone from './milestone';
 import IssuableForm from './issuable_form';
 import LabelsSelect from './labels_select';
 import MilestoneSelect from './milestone_select';
-import NewBranchForm from './new_branch_form';
 import NotificationsForm from './notifications_form';
 import notificationsDropdown from './notifications_dropdown';
 import groupAvatar from './group_avatar';
 import GroupLabelSubscription from './group_label_subscription';
 import LineHighlighter from './line_highlighter';
-import NewCommitForm from './new_commit_form';
 import Project from './project';
 import projectAvatar from './project_avatar';
 import MergeRequest from './merge_request';
 import Compare from './compare';
-import initCompareAutocomplete from './compare_autocomplete';
-import ProjectFindFile from './project_find_file';
 import ProjectNew from './project_new';
-import projectImport from './project_import';
 import Labels from './labels';
 import LabelManager from './label_manager';
 import Sidebar from './right_sidebar';
 import IssuableTemplateSelectors from './templates/issuable_template_selectors';
 import Flash from './flash';
-import CommitsList from './commits';
-import Issue from './issue';
 import BindInOut from './behaviors/bind_in_out';
 import SecretValues from './behaviors/secret_values';
-import DeleteModal from './branches/branches_delete_modal';
 import Group from './group';
 import ProjectsList from './projects_list';
-import setupProjectEdit from './project_edit';
-import MiniPipelineGraph from './mini_pipeline_graph_dropdown';
-import BlobLinePermalinkUpdater from './blob/blob_line_permalink_updater';
-import BlobForkSuggestion from './blob/blob_fork_suggestion';
 import UserCallout from './user_callout';
 import ShortcutsWiki from './shortcuts_wiki';
 import BlobViewer from './blob/viewer/index';
 import UsersSelect from './users_select';
-import RefSelectDropdown from './ref_select_dropdown';
 import GfmAutoComplete from './gfm_auto_complete';
-import ShortcutsBlob from './shortcuts_blob';
 import Star from './star';
 import TreeView from './tree';
 import Wikis from './wikis';
@@ -51,24 +35,18 @@ import ZenMode from './zen_mode';
 import initSettingsPanels from './settings_panels';
 import PerformanceBar from './performance_bar';
 import initNotes from './init_notes';
-import initLegacyFilters from './init_legacy_filters';
 import initIssuableSidebar from './init_issuable_sidebar';
 import initProjectVisibilitySelector from './project_visibility';
-import GpgBadges from './gpg_badges';
-import initChangesDropdown from './init_changes_dropdown';
 import NewGroupChild from './groups/new_group_child';
 import { ajaxGet, convertPermissionToBoolean } from './lib/utils/common_utils';
-import AjaxLoadingSpinner from './ajax_loading_spinner';
 import GlFieldErrors from './gl_field_errors';
 import GLForm from './gl_form';
 import Shortcuts from './shortcuts';
 import ShortcutsNavigation from './shortcuts_navigation';
-import ShortcutsFindFile from './shortcuts_find_file';
 import ShortcutsIssuable from './shortcuts_issuable';
 import U2FAuthenticate from './u2f/authenticate';
 import Members from './members';
 import memberExpirationDate from './member_expiration_date';
-import DueDateSelectors from './due_date_select';
 import Diff from './diff';
 import ProjectLabelSubscription from './project_label_subscription';
 import SearchAutocomplete from './search_autocomplete';
@@ -85,7 +63,7 @@ import Activities from './activities';
     }
 
     Dispatcher.prototype.initPageScripts = function() {
-      var path, shortcut_handler, fileBlobPermalinkUrlElement, fileBlobPermalinkUrl;
+      var path, shortcut_handler;
       const page = $('body').attr('data-page');
       if (!page) {
         return false;
@@ -110,33 +88,6 @@ import Activities from './activities';
         });
       });
 
-      function initBlob() {
-        new LineHighlighter();
-
-        new BlobLinePermalinkUpdater(
-          document.querySelector('#blob-content-holder'),
-          '.diff-line-num[data-line-number]',
-          document.querySelectorAll('.js-data-file-blob-permalink-url, .js-blob-blame-link'),
-        );
-
-        shortcut_handler = new ShortcutsNavigation();
-        fileBlobPermalinkUrlElement = document.querySelector('.js-data-file-blob-permalink-url');
-        fileBlobPermalinkUrl = fileBlobPermalinkUrlElement && fileBlobPermalinkUrlElement.getAttribute('href');
-        new ShortcutsBlob({
-          skipResetBindings: true,
-          fileBlobPermalinkUrl,
-        });
-
-        new BlobForkSuggestion({
-          openButtons: document.querySelectorAll('.js-edit-blob-link-fork-toggler'),
-          forkButtons: document.querySelectorAll('.js-fork-suggestion-button'),
-          cancelButtons: document.querySelectorAll('.js-cancel-fork-suggestion-button'),
-          suggestionSections: document.querySelectorAll('.js-file-fork-suggestion-section'),
-          actionTextPieces: document.querySelectorAll('.js-file-fork-suggestion-section-action'),
-        })
-          .init();
-      }
-
       const filteredSearchEnabled = gl.FilteredSearchManager && document.querySelector('.filtered-search');
 
       switch (page) {
@@ -147,26 +98,28 @@ import Activities from './activities';
           break;
         case 'projects:boards:show':
         case 'projects:boards:index':
-          shortcut_handler = new ShortcutsNavigation();
-          new UsersSelect();
+          import('./pages/projects/boards/index')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:merge_requests:index':
+          import('./pages/projects/merge_requests/index')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
+          break;
         case 'projects:issues:index':
-          if (filteredSearchEnabled) {
-            const filteredSearchManager = new gl.FilteredSearchManager(page === 'projects:issues:index' ? 'issues' : 'merge_requests');
-            filteredSearchManager.setup();
-          }
-          const pagePrefix = page === 'projects:merge_requests:index' ? 'merge_request_' : 'issue_';
-          new IssuableIndex(pagePrefix);
-
-          shortcut_handler = new ShortcutsNavigation();
-          new UsersSelect();
+          import('./pages/projects/issues/index')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:issues:show':
-          new Issue();
-          shortcut_handler = new ShortcutsIssuable();
-          new ZenMode();
-          initIssuableSidebar();
+          import('./pages/projects/issues/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'dashboard:milestones:index':
           import('./pages/dashboard/milestones/index')
@@ -189,8 +142,9 @@ import Activities from './activities';
             .catch(fail);
           break;
         case 'dashboard:merge_requests':
-          projectSelect();
-          initLegacyFilters();
+          import('./pages/dashboard/merge_requests')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'groups:issues':
         case 'groups:merge_requests':
@@ -222,40 +176,60 @@ import Activities from './activities';
             .catch(fail);
           break;
         case 'projects:milestones:new':
+        case 'projects:milestones:create':
+          import('./pages/projects/milestones/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'projects:milestones:edit':
         case 'projects:milestones:update':
-          new ZenMode();
-          new DueDateSelectors();
-          new GLForm($('.milestone-form'), true);
+          import('./pages/projects/milestones/edit')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'groups:milestones:new':
+        case 'groups:milestones:create':
+          import('./pages/groups/milestones/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'groups:milestones:edit':
         case 'groups:milestones:update':
-          new ZenMode();
-          new DueDateSelectors();
-          new GLForm($('.milestone-form'), false);
+          import('./pages/groups/milestones/edit')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:compare:show':
-          new Diff();
-          const paddingTop = 16;
-          initChangesDropdown(document.querySelector('.navbar-gitlab').offsetHeight - paddingTop);
+          import('./pages/projects/compare/show')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:branches:new':
+          import('./pages/projects/branches/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'projects:branches:create':
-          new NewBranchForm($('.js-create-branch-form'), JSON.parse(document.getElementById('availableRefs').innerHTML));
+          import('./pages/projects/branches/new')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:branches:index':
-          AjaxLoadingSpinner.init();
-          new DeleteModal();
+          import('./pages/projects/branches/index')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:issues:new':
+          import('./pages/projects/issues/new')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
+          break;
         case 'projects:issues:edit':
-          shortcut_handler = new ShortcutsNavigation();
-          new GLForm($('.issue-form'), true);
-          new IssuableForm($('.issue-form'));
-          new LabelsSelect();
-          new MilestoneSelect();
-          new IssuableTemplateSelectors();
+          import('./pages/projects/issues/edit')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:merge_requests:creations:new':
           const mrNewCompareNode = document.querySelector('.js-merge-request-new-compare');
@@ -284,9 +258,9 @@ import Activities from './activities';
           shortcut_handler = true;
           break;
         case 'projects:tags:new':
-          new ZenMode();
-          new GLForm($('.tag-form'), true);
-          new RefSelectDropdown($('.js-branch-select'));
+          import('./pages/projects/tags/new')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:snippets:show':
           initNotes();
@@ -300,11 +274,24 @@ import Activities from './activities';
           new ZenMode();
           break;
         case 'snippets:new':
+          import('./pages/snippets/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'snippets:edit':
+          import('./pages/snippets/edit')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'snippets:create':
+          import('./pages/snippets/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'snippets:update':
-          new GLForm($('.snippet-form'), false);
-          new ZenMode();
+          import('./pages/snippets/edit')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:releases:edit':
           new ZenMode();
@@ -330,22 +317,15 @@ import Activities from './activities';
             .catch(fail);
           break;
         case 'projects:commit:show':
-          new Diff();
-          new ZenMode();
-          shortcut_handler = new ShortcutsNavigation();
-          new MiniPipelineGraph({
-            container: '.js-commit-pipeline-graph',
-          }).bindEvents();
-          initNotes();
-          const stickyBarPaddingTop = 16;
-          initChangesDropdown(document.querySelector('.navbar-gitlab').offsetHeight - stickyBarPaddingTop);
-          $('.commit-info.branches').load(document.querySelector('.js-commit-box').dataset.commitPath);
+          import('./pages/projects/commit/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:commit:pipelines':
-          new MiniPipelineGraph({
-            container: '.js-commit-pipeline-graph',
-          }).bindEvents();
-          $('.commit-info.branches').load(document.querySelector('.js-commit-box').dataset.commitPath);
+          import('./pages/projects/commit/pipelines')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:activity':
           import('./pages/projects/activity')
@@ -354,9 +334,10 @@ import Activities from './activities';
           shortcut_handler = true;
           break;
         case 'projects:commits:show':
-          CommitsList.init(document.querySelector('.js-project-commits-show').dataset.commitsLimit);
-          shortcut_handler = new ShortcutsNavigation();
-          GpgBadges.fetch();
+          import('./pages/projects/commits/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:show':
           shortcut_handler = new ShortcutsNavigation();
@@ -374,12 +355,14 @@ import Activities from './activities';
           });
           break;
         case 'projects:edit':
-          setupProjectEdit();
-          // Initialize expandable settings panels
-          initSettingsPanels();
+          import('./pages/projects/edit')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:imports:show':
-          projectImport();
+          import('./pages/projects/imports/show')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:pipelines:new':
         case 'projects:pipelines:create':
@@ -439,39 +422,49 @@ import Activities from './activities';
           groupAvatar();
           break;
         case 'projects:tree:show':
-          shortcut_handler = new ShortcutsNavigation();
-          new TreeView();
-          new BlobViewer();
-          new NewCommitForm($('.js-create-dir-form'));
-          $('#tree-slider').waitForImages(function() {
-            ajaxGet(document.querySelector('.js-tree-content').dataset.logsPath);
-          });
+          import('./pages/projects/tree/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:find_file:show':
-          const findElement = document.querySelector('.js-file-finder');
-          const projectFindFile = new ProjectFindFile($(".file-finder-holder"), {
-            url: findElement.dataset.fileFindUrl,
-            treeUrl: findElement.dataset.findTreeUrl,
-            blobUrlTemplate: findElement.dataset.blobUrlTemplate,
-          });
-          new ShortcutsFindFile(projectFindFile);
+          import('./pages/projects/find_file/show')
+            .then(callDefault)
+            .catch(fail);
           shortcut_handler = true;
           break;
         case 'projects:blob:show':
-          new BlobViewer();
-          initBlob();
+          import('./pages/projects/blob/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'projects:blame:show':
-          initBlob();
+          import('./pages/projects/blame/show')
+            .then(callDefault)
+            .catch(fail);
+          shortcut_handler = true;
           break;
         case 'groups:labels:new':
         case 'groups:labels:edit':
+          new Labels();
+          break;
         case 'projects:labels:new':
+          import('./pages/projects/labels/new')
+            .then(callDefault)
+            .catch(fail);
+          break;
         case 'projects:labels:edit':
-          new Labels();
+          import('./pages/projects/labels/edit')
+            .then(callDefault)
+            .catch(fail);
           break;
-        case 'groups:labels:index':
         case 'projects:labels:index':
+          import('./pages/projects/labels/index')
+            .then(callDefault)
+            .catch(fail);
+          break;
+        case 'groups:labels:index':
           if ($('.prioritized-labels').length) {
             new LabelManager();
           }
@@ -491,7 +484,7 @@ import Activities from './activities';
           shortcut_handler = true;
           break;
         case 'projects:forks:new':
-          import(/* webpackChunkName: 'project_fork' */ './project_fork')
+          import('./pages/projects/forks/new')
             .then(callDefault)
             .catch(fail);
           break;
@@ -548,7 +541,9 @@ import Activities from './activities';
           import('./pages/admin/conversational_development_index/show').then(m => m.default()).catch(fail);
           break;
         case 'snippets:show':
-          import('./pages/snippets/show').then(m => m.default()).catch(fail);
+          import('./pages/snippets/show')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'import:fogbugz:new_user_map':
           import('./pages/import/fogbugz/new_user_map').then(m => m.default()).catch(fail);
@@ -564,20 +559,16 @@ import Activities from './activities';
             .catch(fail);
           break;
         case 'projects:clusters:show':
-          import(/* webpackChunkName: "clusters" */ './clusters/clusters_bundle')
-            .then(cluster => new cluster.default()) // eslint-disable-line new-cap
-            .catch((err) => {
-              Flash(s__('ClusterIntegration|Problem setting up the cluster'));
-              throw err;
-            });
+        case 'projects:clusters:update':
+        case 'projects:clusters:destroy':
+          import('./pages/projects/clusters/show')
+            .then(callDefault)
+            .catch(fail);
           break;
         case 'projects:clusters:index':
-          import(/* webpackChunkName: "clusters_index" */ './clusters/clusters_index')
-            .then(clusterIndex => clusterIndex.default())
-            .catch((err) => {
-              Flash(s__('ClusterIntegration|Problem setting up the clusters list'));
-              throw err;
-            });
+          import('./pages/projects/clusters/index')
+            .then(callDefault)
+            .catch(fail);
           break;
       }
       switch (path[0]) {
@@ -657,7 +648,9 @@ import Activities from './activities';
           projectAvatar();
           switch (path[1]) {
             case 'compare':
-              initCompareAutocomplete();
+              import('./pages/projects/compare')
+                .then(callDefault)
+                .catch(fail);
               break;
             case 'edit':
               shortcut_handler = new ShortcutsNavigation();
diff --git a/app/assets/javascripts/dropzone_input.js b/app/assets/javascripts/dropzone_input.js
index c84be42649a..550dbdda922 100644
--- a/app/assets/javascripts/dropzone_input.js
+++ b/app/assets/javascripts/dropzone_input.js
@@ -3,6 +3,8 @@ import _ from 'underscore';
 import './preview_markdown';
 import csrf from './lib/utils/csrf';
 
+Dropzone.autoDiscover = false;
+
 export default function dropzoneInput(form) {
   const divHover = '<div class="div-dropzone-hover"></div>';
   const iconPaperclip = '<i class="fa fa-paperclip div-dropzone-icon"></i>';
diff --git a/app/assets/javascripts/environments/mixins/environments_mixin.js b/app/assets/javascripts/environments/mixins/environments_mixin.js
index 7219b076721..34d18d55120 100644
--- a/app/assets/javascripts/environments/mixins/environments_mixin.js
+++ b/app/assets/javascripts/environments/mixins/environments_mixin.js
@@ -1,7 +1,7 @@
 /**
  * Common code between environmets app and folder view
  */
-
+import _ from 'underscore';
 import Visibility from 'visibilityjs';
 import Poll from '../../lib/utils/poll';
 import {
diff --git a/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js b/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js
index 46c80dfd45e..ff046aa286a 100644
--- a/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js
+++ b/app/assets/javascripts/filtered_search/filtered_search_dropdown_manager.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import DropLab from '~/droplab/drop_lab';
 import FilteredSearchContainer from './container';
 
diff --git a/app/assets/javascripts/filtered_search/filtered_search_manager.js b/app/assets/javascripts/filtered_search/filtered_search_manager.js
index c05a83176f2..58ed0012f01 100644
--- a/app/assets/javascripts/filtered_search/filtered_search_manager.js
+++ b/app/assets/javascripts/filtered_search/filtered_search_manager.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import { visitUrl } from '../lib/utils/url_utility';
 import Flash from '../flash';
 import FilteredSearchContainer from './container';
diff --git a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
index 6139e81fe6d..2e859d2de3a 100644
--- a/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
+++ b/app/assets/javascripts/filtered_search/filtered_search_visual_tokens.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import AjaxCache from '../lib/utils/ajax_cache';
 import Flash from '../flash';
 import FilteredSearchContainer from './container';
diff --git a/app/assets/javascripts/ide/lib/editor.js b/app/assets/javascripts/ide/lib/editor.js
index 51e202b9348..668221c0296 100644
--- a/app/assets/javascripts/ide/lib/editor.js
+++ b/app/assets/javascripts/ide/lib/editor.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import DecorationsController from './decorations/controller';
 import DirtyDiffController from './diff/controller';
 import Disposable from './common/disposable';
diff --git a/app/assets/javascripts/ide/stores/utils.js b/app/assets/javascripts/ide/stores/utils.js
index 29e3ab5d040..d556404faa5 100644
--- a/app/assets/javascripts/ide/stores/utils.js
+++ b/app/assets/javascripts/ide/stores/utils.js
@@ -1,3 +1,5 @@
+import _ from 'underscore';
+
 export const dataStructure = () => ({
   id: '',
   key: '',
diff --git a/app/assets/javascripts/init_labels.js b/app/assets/javascripts/init_labels.js
new file mode 100644
index 00000000000..5f20055510f
--- /dev/null
+++ b/app/assets/javascripts/init_labels.js
@@ -0,0 +1,18 @@
+import LabelManager from './label_manager';
+import GroupLabelSubscription from './group_label_subscription';
+import ProjectLabelSubscription from './project_label_subscription';
+
+export default () => {
+  if ($('.prioritized-labels').length) {
+    new LabelManager(); // eslint-disable-line no-new
+  }
+  $('.label-subscription').each((i, el) => {
+    const $el = $(el);
+
+    if ($el.find('.dropdown-group-label').length) {
+      new GroupLabelSubscription($el); // eslint-disable-line no-new
+    } else {
+      new ProjectLabelSubscription($el); // eslint-disable-line no-new
+    }
+  });
+};
diff --git a/app/assets/javascripts/issuable/auto_width_dropdown_select.js b/app/assets/javascripts/issuable/auto_width_dropdown_select.js
index 2203a56315e..14a2bfbe4e0 100644
--- a/app/assets/javascripts/issuable/auto_width_dropdown_select.js
+++ b/app/assets/javascripts/issuable/auto_width_dropdown_select.js
@@ -11,6 +11,14 @@ class AutoWidthDropdownSelect {
     const dropdownClass = this.dropdownClass;
     this.$selectElement.select2({
       dropdownCssClass: dropdownClass,
+      ...AutoWidthDropdownSelect.selectOptions(this.dropdownClass),
+    });
+
+    return this;
+  }
+
+  static selectOptions(dropdownClass) {
+    return {
       dropdownCss() {
         let resultantWidth = 'auto';
         const $dropdown = $(`.${dropdownClass}`);
@@ -29,9 +37,7 @@ class AutoWidthDropdownSelect {
           maxWidth: offsetParentWidth,
         };
       },
-    });
-
-    return this;
+    };
   }
 }
 
diff --git a/app/assets/javascripts/issuable_form.js b/app/assets/javascripts/issuable_form.js
index 57dcaa0e1ac..fdfad0b6a4f 100644
--- a/app/assets/javascripts/issuable_form.js
+++ b/app/assets/javascripts/issuable_form.js
@@ -6,6 +6,7 @@ import Autosave from './autosave';
 import UsersSelect from './users_select';
 import GfmAutoComplete from './gfm_auto_complete';
 import ZenMode from './zen_mode';
+import AutoWidthDropdownSelect from './issuable/auto_width_dropdown_select';
 import { parsePikadayDate, pikadayToString } from './lib/utils/datefix';
 
 export default class IssuableForm {
@@ -46,6 +47,12 @@ export default class IssuableForm {
       });
       calendar.setDate(parsePikadayDate($issuableDueDate.val()));
     }
+
+    this.$targetBranchSelect = $('.js-target-branch-select', this.form);
+
+    if (this.$targetBranchSelect.length) {
+      this.initTargetBranchDropdown();
+    }
   }
 
   initAutosave() {
@@ -104,4 +111,37 @@ export default class IssuableForm {
   addWip() {
     this.titleField.val(`WIP: ${(this.titleField.val())}`);
   }
+
+  initTargetBranchDropdown() {
+    this.$targetBranchSelect.select2({
+      ...AutoWidthDropdownSelect.selectOptions('js-target-branch-select'),
+      ajax: {
+        url: this.$targetBranchSelect.data('endpoint'),
+        dataType: 'JSON',
+        quietMillis: 250,
+        data(search) {
+          return {
+            search,
+          };
+        },
+        results(data) {
+          return {
+            // `data` keys are translated so we can't just access them with a string based key
+            results: data[Object.keys(data)[0]].map(name => ({
+              id: name,
+              text: name,
+            })),
+          };
+        },
+      },
+      initSelection(el, callback) {
+        const val = el.val();
+
+        callback({
+          id: val,
+          text: val,
+        });
+      },
+    });
+  }
 }
diff --git a/app/assets/javascripts/job.js b/app/assets/javascripts/job.js
index 8f32dcc94e2..9b5092c5e3f 100644
--- a/app/assets/javascripts/job.js
+++ b/app/assets/javascripts/job.js
@@ -3,7 +3,6 @@ import { visitUrl } from './lib/utils/url_utility';
 import bp from './breakpoints';
 import { numberToHumanSize } from './lib/utils/number_utils';
 import { setCiStatusFavicon } from './lib/utils/common_utils';
-import { timeFor } from './lib/utils/datetime_utility';
 
 export default class Job {
   constructor(options) {
@@ -71,7 +70,6 @@ export default class Job {
       .off('resize.build')
       .on('resize.build', _.throttle(this.sidebarOnResize.bind(this), 100));
 
-    this.updateArtifactRemoveDate();
     this.initAffixTopArea();
 
     this.getBuildTrace();
@@ -261,16 +259,7 @@ export default class Job {
   sidebarOnClick() {
     if (this.shouldHideSidebarForViewport()) this.toggleSidebar();
   }
-  // eslint-disable-next-line class-methods-use-this, consistent-return
-  updateArtifactRemoveDate() {
-    const $date = $('.js-artifacts-remove');
-    if ($date.length) {
-      const date = $date.text();
-      return $date.text(
-        timeFor(new Date(date.replace(/([0-9]+)-([0-9]+)-([0-9]+)/g, '$1/$2/$3'))),
-      );
-    }
-  }
+
   // eslint-disable-next-line class-methods-use-this
   populateJobs(stage) {
     $('.build-job').hide();
diff --git a/app/assets/javascripts/jobs/components/header.vue b/app/assets/javascripts/jobs/components/header.vue
index 9e3f659db5f..357bc9aab17 100644
--- a/app/assets/javascripts/jobs/components/header.vue
+++ b/app/assets/javascripts/jobs/components/header.vue
@@ -30,8 +30,12 @@
       shouldRenderContent() {
         return !this.isLoading && Object.keys(this.job).length;
       },
+      /**
+       * When job has not started the key will be `false`
+       * When job started the key will be a string with a date.
+       */
       jobStarted() {
-        return this.job.started;
+        return !this.job.started === false;
       },
     },
     watch: {
@@ -72,6 +76,7 @@
     <loading-icon
       v-if="isLoading"
       size="2"
+      class="prepend-top-default append-bottom-default"
     />
   </div>
 </template>
diff --git a/app/assets/javascripts/label_manager.js b/app/assets/javascripts/label_manager.js
index c929dc98c10..ac2f636df0f 100644
--- a/app/assets/javascripts/label_manager.js
+++ b/app/assets/javascripts/label_manager.js
@@ -1,5 +1,5 @@
 /* eslint-disable comma-dangle, class-methods-use-this, no-underscore-dangle, no-param-reassign, no-unused-vars, consistent-return, func-names, space-before-function-paren, max-len */
-/* global Sortable */
+import Sortable from 'vendor/Sortable';
 
 import Flash from './flash';
 
diff --git a/app/assets/javascripts/labels_select.js b/app/assets/javascripts/labels_select.js
index f7a1c9f1e40..664e793fc8e 100644
--- a/app/assets/javascripts/labels_select.js
+++ b/app/assets/javascripts/labels_select.js
@@ -231,7 +231,7 @@ export default class LabelsSelect {
             selectedClass.push('label-item');
             $a.attr('data-label-id', label.id);
           }
-          $a.addClass(selectedClass.join(' ')).html(colorEl + " " + label.title);
+          $a.addClass(selectedClass.join(' ')).html(`${colorEl} ${_.escape(label.title)}`);
           // Return generated html
           return $li.html($a).prop('outerHTML');
         },
diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js
index ce6f91439b4..d8b881a8fac 100644
--- a/app/assets/javascripts/main.js
+++ b/app/assets/javascripts/main.js
@@ -1,33 +1,17 @@
-/* eslint-disable func-names, space-before-function-paren, no-var, quotes, consistent-return, prefer-arrow-callback, comma-dangle, object-shorthand, no-new, max-len, no-multi-spaces, import/newline-after-import, import/first */
+/* eslint-disable import/first */
 /* global ConfirmDangerModal */
 
 import jQuery from 'jquery';
-import _ from 'underscore';
 import Cookies from 'js-cookie';
-import Dropzone from 'dropzone';
-import Sortable from 'vendor/Sortable';
 import svg4everybody from 'svg4everybody';
 
-// libraries with import side-effects
-import 'mousetrap';
-import 'mousetrap/plugins/pause/mousetrap-pause';
-
 // expose common libraries as globals (TODO: remove these)
 window.jQuery = jQuery;
 window.$ = jQuery;
-window._ = _;
-window.Dropzone = Dropzone;
-window.Sortable = Sortable;
-
-// templates
-import './templates/issuable_template_selector';
-import './templates/issuable_template_selectors';
-
-import './commit/image_file';
 
 // lib/utils
 import { handleLocationHash } from './lib/utils/common_utils';
-import { localTimeAgo, renderTimeago } from './lib/utils/datetime_utility';
+import { localTimeAgo } from './lib/utils/datetime_utility';
 import { getLocationHash, visitUrl } from './lib/utils/url_utility';
 
 // behaviors
@@ -43,7 +27,6 @@ import initTodoToggle from './header';
 import initImporterStatus from './importer_status';
 import initLayoutNav from './layout_nav';
 import LazyLoader from './lazy_loader';
-import './line_highlighter';
 import initLogoAnimation from './logo';
 import './milestone_select';
 import './projects_dropdown';
@@ -55,11 +38,9 @@ import './dispatcher';
 // eslint-disable-next-line global-require, import/no-commonjs
 if (process.env.NODE_ENV !== 'production') require('./test_utils/');
 
-Dropzone.autoDiscover = false;
-
 svg4everybody();
 
-document.addEventListener('beforeunload', function () {
+document.addEventListener('beforeunload', () => {
   // Unbind scroll events
   $(document).off('scroll');
   // Close any open tooltips
@@ -76,16 +57,15 @@ window.addEventListener('load', function onLoad() {
 
 gl.lazyLoader = new LazyLoader({
   scrollContainer: window,
-  observerNode: '#content-body'
+  observerNode: '#content-body',
 });
 
-$(function () {
-  var $body = $('body');
-  var $document = $(document);
-  var $window = $(window);
-  var $sidebarGutterToggle = $('.js-sidebar-toggle');
-  var bootstrapBreakpoint = bp.getBreakpointSize();
-  var fitSidebarForSize;
+$(() => {
+  const $body = $('body');
+  const $document = $(document);
+  const $window = $(window);
+  const $sidebarGutterToggle = $('.js-sidebar-toggle');
+  let bootstrapBreakpoint = bp.getBreakpointSize();
 
   initBreadcrumbs();
   initLayoutNav();
@@ -97,8 +77,8 @@ $(function () {
   Cookies.defaults.path = gon.relative_url_root || '/';
 
   // `hashchange` is not triggered when link target is already in window.location
-  $body.on('click', 'a[href^="#"]', function() {
-    var href = this.getAttribute('href');
+  $body.on('click', 'a[href^="#"]', function clickHashLinkCallback() {
+    const href = this.getAttribute('href');
     if (href.substr(1) === getLocationHash()) {
       setTimeout(handleLocationHash, 1);
     }
@@ -113,155 +93,162 @@ $(function () {
   }
 
   // prevent default action for disabled buttons
-  $('.btn').click(function(e) {
+  $('.btn').click(function clickDisabledButtonCallback(e) {
     if ($(this).hasClass('disabled')) {
       e.preventDefault();
       e.stopImmediatePropagation();
       return false;
     }
+
+    return true;
   });
 
-  $('.js-select-on-focus').on('focusin', function () {
-    return $(this).select().one('mouseup', function (e) {
-      return e.preventDefault();
-    });
   // Click a .js-select-on-focus field, select the contents
   // Prevent a mouseup event from deselecting the input
+  $('.js-select-on-focus').on('focusin', function selectOnFocusCallback() {
+    $(this).select().one('mouseup', (e) => {
+      e.preventDefault();
+    });
   });
-  $('.remove-row').bind('ajax:success', function () {
+
+  $('.remove-row').on('ajax:success', function removeRowAjaxSuccessCallback() {
     $(this).tooltip('destroy')
       .closest('li')
       .fadeOut();
   });
-  $('.js-remove-tr').bind('ajax:before', function () {
-    return $(this).hide();
+
+  $('.js-remove-tr').on('ajax:before', function removeTRAjaxBeforeCallback() {
+    $(this).hide();
   });
-  $('.js-remove-tr').bind('ajax:success', function () {
-    return $(this).closest('tr').fadeOut();
+
+  $('.js-remove-tr').on('ajax:success', function removeTRAjaxSuccessCallback() {
+    $(this).closest('tr').fadeOut();
   });
+
+  // Initialize select2 selects
   $('select.select2').select2({
     width: 'resolve',
-    // Initialize select2 selects
-    dropdownAutoWidth: true
+    dropdownAutoWidth: true,
   });
-  $('.js-select2').bind('select2-close', function () {
-    return setTimeout((function () {
-      $('.select2-container-active').removeClass('select2-container-active');
-      return $(':focus').blur();
-    }), 1);
+
   // Close select2 on escape
+  $('.js-select2').on('select2-close', () => {
+    setTimeout(() => {
+      $('.select2-container-active').removeClass('select2-container-active');
+      $(':focus').blur();
+    }, 1);
   });
+
   // Initialize tooltips
   $.fn.tooltip.Constructor.DEFAULTS.trigger = 'hover';
   $body.tooltip({
     selector: '.has-tooltip, [data-toggle="tooltip"]',
-    placement: function (tip, el) {
+    placement(tip, el) {
       return $(el).data('placement') || 'bottom';
-    }
+    },
   });
+
   // Initialize popovers
   $body.popover({
     selector: '[data-toggle="popover"]',
     trigger: 'focus',
     // set the viewport to the main content, excluding the navigation bar, so
     // the navigation can't overlap the popover
-    viewport: '.layout-page'
+    viewport: '.layout-page',
   });
-  $('.trigger-submit').on('change', function () {
-    return $(this).parents('form').submit();
+
   // Form submitter
+  $('.trigger-submit').on('change', function triggerSubmitCallback() {
+    $(this).parents('form').submit();
   });
+
   localTimeAgo($('abbr.timeago, .js-timeago'), true);
+
   // Disable form buttons while a form is submitting
-  $body.on('ajax:complete, ajax:beforeSend, submit', 'form', function (e) {
-    var buttons;
-    buttons = $('[type="submit"], .js-disable-on-submit', this);
+  $body.on('ajax:complete, ajax:beforeSend, submit', 'form', function ajaxCompleteCallback(e) {
+    const $buttons = $('[type="submit"], .js-disable-on-submit', this);
     switch (e.type) {
       case 'ajax:beforeSend':
       case 'submit':
-        return buttons.disable();
+        return $buttons.disable();
       default:
-        return buttons.enable();
+        return $buttons.enable();
     }
   });
-  $(document).ajaxError(function (e, xhrObj) {
-    var ref = xhrObj.status;
-    if (xhrObj.status === 401) {
-      return new Flash('You need to be logged in.', 'alert');
+
+  $(document).ajaxError((e, xhrObj) => {
+    const ref = xhrObj.status;
+
+    if (ref === 401) {
+      Flash('You need to be logged in.');
     } else if (ref === 404 || ref === 500) {
-      return new Flash('Something went wrong on our end.', 'alert');
+      Flash('Something went wrong on our end.');
     }
   });
-  $('.account-box').hover(function () {
-    // Show/Hide the profile menu when hovering the account box
-    return $(this).toggleClass('hover');
-  });
-  $document.on('click', '.diff-content .js-show-suppressed-diff', function () {
-    var $container;
-    $container = $(this).parent();
-    $container.next('table').show();
-    return $container.remove();
+
   // Commit show suppressed diff
+  $document.on('click', '.diff-content .js-show-suppressed-diff', function showDiffCallback() {
+    const $container = $(this).parent();
+    $container.next('table').show();
+    $container.remove();
   });
+
   $('.navbar-toggle').on('click', () => {
     $('.header-content').toggleClass('menu-expanded');
     gl.lazyLoader.loadCheck();
   });
+
   // Show/hide comments on diff
-  $body.on('click', '.js-toggle-diff-comments', function (e) {
-    var $this = $(this);
-    var notesHolders = $this.closest('.diff-file').find('.notes_holder');
+  $body.on('click', '.js-toggle-diff-comments', function toggleDiffCommentsCallback(e) {
+    const $this = $(this);
+    const notesHolders = $this.closest('.diff-file').find('.notes_holder');
+
+    e.preventDefault();
+
     $this.toggleClass('active');
+
     if ($this.hasClass('active')) {
       notesHolders.show().find('.hide, .content').show();
     } else {
       notesHolders.hide().find('.content').hide();
     }
+
     $(document).trigger('toggle.comments');
-    return e.preventDefault();
   });
-  $document.off('click', '.js-confirm-danger');
-  $document.on('click', '.js-confirm-danger', function (e) {
-    var btn = $(e.target);
-    var form = btn.closest('form');
-    var text = btn.data('confirm-danger-message');
+
+  $document.on('click', '.js-confirm-danger', (e) => {
+    const btn = $(e.target);
+    const form = btn.closest('form');
+    const text = btn.data('confirm-danger-message');
     e.preventDefault();
-    return new ConfirmDangerModal(form, text);
-  });
-  $('input[type="search"]').each(function () {
-    var $this = $(this);
-    $this.attr('value', $this.val());
-  });
-  $document.off('keyup', 'input[type="search"]').on('keyup', 'input[type="search"]', function () {
-    var $this;
-    $this = $(this);
-    return $this.attr('value', $this.val());
+
+    // eslint-disable-next-line no-new
+    new ConfirmDangerModal(form, text);
   });
-  $document.off('breakpoint:change').on('breakpoint:change', function (e, breakpoint) {
-    var $gutterIcon;
+
+  $document.on('breakpoint:change', (e, breakpoint) => {
     if (breakpoint === 'sm' || breakpoint === 'xs') {
-      $gutterIcon = $sidebarGutterToggle.find('i');
+      const $gutterIcon = $sidebarGutterToggle.find('i');
       if ($gutterIcon.hasClass('fa-angle-double-right')) {
-        return $sidebarGutterToggle.trigger('click');
+        $sidebarGutterToggle.trigger('click');
       }
     }
   });
-  fitSidebarForSize = function () {
-    var oldBootstrapBreakpoint;
-    oldBootstrapBreakpoint = bootstrapBreakpoint;
+
+  function fitSidebarForSize() {
+    const oldBootstrapBreakpoint = bootstrapBreakpoint;
     bootstrapBreakpoint = bp.getBreakpointSize();
+
     if (bootstrapBreakpoint !== oldBootstrapBreakpoint) {
-      return $document.trigger('breakpoint:change', [bootstrapBreakpoint]);
+      $document.trigger('breakpoint:change', [bootstrapBreakpoint]);
     }
-  };
-  $window.off('resize.app').on('resize.app', function () {
-    return fitSidebarForSize();
-  });
-  loadAwardsHandler();
+  }
 
-  renderTimeago();
+  $window.on('resize.app', fitSidebarForSize);
+
+  loadAwardsHandler();
 
-  $('form.filter-form').on('submit', function (event) {
+  $('form.filter-form').on('submit', function filterFormSubmitCallback(event) {
     const link = document.createElement('a');
     link.href = this.action;
 
diff --git a/app/assets/javascripts/merge_request.js b/app/assets/javascripts/merge_request.js
index cb3cdea8111..bedd50de1bb 100644
--- a/app/assets/javascripts/merge_request.js
+++ b/app/assets/javascripts/merge_request.js
@@ -1,6 +1,7 @@
 /* eslint-disable func-names, space-before-function-paren, no-var, prefer-rest-params, wrap-iife, quotes, no-underscore-dangle, one-var, one-var-declaration-per-line, consistent-return, dot-notation, quote-props, comma-dangle, object-shorthand, max-len, prefer-arrow-callback */
 
 import 'vendor/jquery.waitforimages';
+import { __ } from '~/locale';
 import TaskList from './task_list';
 import MergeRequestTabs from './merge_request_tabs';
 import IssuablesHelper from './helpers/issuables_helper';
@@ -110,22 +111,22 @@ MergeRequest.prototype.initCommitMessageListeners = function() {
   });
 };
 
-MergeRequest.prototype.updateStatusText = function(classToRemove, classToAdd, newStatusText) {
+MergeRequest.setStatusBoxToMerged = function() {
   $('.detail-page-header .status-box')
-    .removeClass(classToRemove)
-    .addClass(classToAdd)
+    .removeClass('status-box-open')
+    .addClass('status-box-mr-merged')
     .find('span')
-    .text(newStatusText);
+    .text(__('Merged'));
 };
 
-MergeRequest.prototype.decreaseCounter = function(by = 1) {
-  const $el = $('.nav-links .js-merge-counter');
+MergeRequest.decreaseCounter = function(by = 1) {
+  const $el = $('.js-merge-counter');
   const count = Math.max((parseInt($el.text().replace(/[^\d]/, ''), 10) - by), 0);
 
   $el.text(addDelimiter(count));
 };
 
-MergeRequest.prototype.hideCloseButton = function() {
+MergeRequest.hideCloseButton = function() {
   const el = document.querySelector('.merge-request .js-issuable-actions');
   const closeDropdownItem = el.querySelector('li.close-item');
   if (closeDropdownItem) {
diff --git a/app/assets/javascripts/milestone.js b/app/assets/javascripts/milestone.js
index f76a998bf8c..dd6c6b854bc 100644
--- a/app/assets/javascripts/milestone.js
+++ b/app/assets/javascripts/milestone.js
@@ -1,5 +1,3 @@
-/* global Sortable */
-
 import Flash from './flash';
 
 export default class Milestone {
diff --git a/app/assets/javascripts/notebook/cells/markdown.vue b/app/assets/javascripts/notebook/cells/markdown.vue
index d0ec70f1fcf..3d09d24b6ab 100644
--- a/app/assets/javascripts/notebook/cells/markdown.vue
+++ b/app/assets/javascripts/notebook/cells/markdown.vue
@@ -1,6 +1,7 @@
 <script>
   /* global katex */
   import marked from 'marked';
+  import sanitize from 'sanitize-html';
   import Prompt from './prompt.vue';
 
   const renderer = new marked.Renderer();
@@ -82,7 +83,12 @@
     },
     computed: {
       markdown() {
-        return marked(this.cell.source.join('').replace(/\\/g, '\\\\'));
+        return sanitize(marked(this.cell.source.join('').replace(/\\/g, '\\\\')), {
+          allowedTags: false,
+          allowedAttributes: {
+            '*': ['class'],
+          },
+        });
       },
     },
   };
diff --git a/app/assets/javascripts/notebook/cells/output/html.vue b/app/assets/javascripts/notebook/cells/output/html.vue
index ebba5954de9..0535ee7afa8 100644
--- a/app/assets/javascripts/notebook/cells/output/html.vue
+++ b/app/assets/javascripts/notebook/cells/output/html.vue
@@ -1,4 +1,5 @@
 <script>
+  import sanitize from 'sanitize-html';
   import Prompt from '../prompt.vue';
 
   export default {
@@ -11,12 +12,24 @@
         required: true,
       },
     },
+    computed: {
+      sanitizedOutput() {
+        return sanitize(this.rawCode, {
+          allowedTags: sanitize.defaults.allowedTags.concat([
+            'img', 'svg',
+          ]),
+          allowedAttributes: {
+            img: ['src'],
+          },
+        });
+      },
+    },
   };
 </script>
 
 <template>
   <div class="output">
     <prompt />
-    <div v-html="rawCode"></div>
+    <div v-html="sanitizedOutput"></div>
   </div>
 </template>
diff --git a/app/assets/javascripts/notes/components/comment_form.vue b/app/assets/javascripts/notes/components/comment_form.vue
index 1f18c196137..3c8452ac808 100644
--- a/app/assets/javascripts/notes/components/comment_form.vue
+++ b/app/assets/javascripts/notes/components/comment_form.vue
@@ -271,7 +271,7 @@ Please check your network connection and try again.`;
           <div class="timeline-content timeline-content-form">
             <form
               ref="commentForm"
-              class="new-note js-quick-submit common-note-form gfm-form js-main-target-form"
+              class="new-note common-note-form gfm-form js-main-target-form"
             >
 
               <div class="error-alert"></div>
@@ -301,7 +301,8 @@ js-gfm-input js-autosize markdown-area js-vue-textarea"
                   :disabled="isSubmitting"
                   placeholder="Write a comment or drag your files here..."
                   @keydown.up="editCurrentUserLastNote()"
-                  @keydown.meta.enter="handleSave()">
+                  @keydown.meta.enter="handleSave()"
+                  @keydown.ctrl.enter="handleSave()">
                 </textarea>
               </markdown-field>
               <div class="note-form-actions">
diff --git a/app/assets/javascripts/notes/components/note_form.vue b/app/assets/javascripts/notes/components/note_form.vue
index aeda3497715..d382a9bb642 100644
--- a/app/assets/javascripts/notes/components/note_form.vue
+++ b/app/assets/javascripts/notes/components/note_form.vue
@@ -155,6 +155,7 @@ js-autosize markdown-area js-vue-issue-note-form js-vue-textarea"
           slot="textarea"
           placeholder="Write a comment or drag your files here..."
           @keydown.meta.enter="handleUpdate()"
+          @keydown.ctrl.enter="handleUpdate()"
           @keydown.up="editMyLastNote()"
           @keydown.esc="cancelHandler(true)">
         </textarea>
diff --git a/app/assets/javascripts/pages/admin/broadcast_messages/broadcast_message.js b/app/assets/javascripts/pages/admin/broadcast_messages/broadcast_message.js
index ff88083a4b4..857a6793fe3 100644
--- a/app/assets/javascripts/pages/admin/broadcast_messages/broadcast_message.js
+++ b/app/assets/javascripts/pages/admin/broadcast_messages/broadcast_message.js
@@ -1,3 +1,5 @@
+import _ from 'underscore';
+
 export default function initBroadcastMessagesForm() {
   $('input#broadcast_message_color').on('input', function onMessageColorInput() {
     const previewColor = $(this).val();
diff --git a/app/assets/javascripts/pages/dashboard/merge_requests/index.js b/app/assets/javascripts/pages/dashboard/merge_requests/index.js
new file mode 100644
index 00000000000..b7353669e65
--- /dev/null
+++ b/app/assets/javascripts/pages/dashboard/merge_requests/index.js
@@ -0,0 +1,7 @@
+import projectSelect from '~/project_select';
+import initLegacyFilters from '~/init_legacy_filters';
+
+export default () => {
+  projectSelect();
+  initLegacyFilters();
+};
diff --git a/app/assets/javascripts/pages/groups/milestones/edit/index.js b/app/assets/javascripts/pages/groups/milestones/edit/index.js
new file mode 100644
index 00000000000..5c99c90e24d
--- /dev/null
+++ b/app/assets/javascripts/pages/groups/milestones/edit/index.js
@@ -0,0 +1,3 @@
+import initForm from '../../../../shared/milestones/form';
+
+export default () => initForm(false);
diff --git a/app/assets/javascripts/pages/groups/milestones/new/index.js b/app/assets/javascripts/pages/groups/milestones/new/index.js
new file mode 100644
index 00000000000..5c99c90e24d
--- /dev/null
+++ b/app/assets/javascripts/pages/groups/milestones/new/index.js
@@ -0,0 +1,3 @@
+import initForm from '../../../../shared/milestones/form';
+
+export default () => initForm(false);
diff --git a/app/assets/javascripts/pages/projects/blame/show/index.js b/app/assets/javascripts/pages/projects/blame/show/index.js
new file mode 100644
index 00000000000..480357a309c
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/blame/show/index.js
@@ -0,0 +1,3 @@
+import initBlob from '~/pages/projects/init_blob';
+
+export default initBlob;
diff --git a/app/assets/javascripts/pages/projects/blob/show/index.js b/app/assets/javascripts/pages/projects/blob/show/index.js
new file mode 100644
index 00000000000..a3eeb1cefb6
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/blob/show/index.js
@@ -0,0 +1,7 @@
+import BlobViewer from '~/blob/viewer/index';
+import initBlob from '~/pages/projects/init_blob';
+
+export default () => {
+  new BlobViewer(); // eslint-disable-line no-new
+  initBlob();
+};
diff --git a/app/assets/javascripts/pages/projects/boards/index.js b/app/assets/javascripts/pages/projects/boards/index.js
new file mode 100644
index 00000000000..42c9bb5ec99
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/boards/index.js
@@ -0,0 +1,7 @@
+import UsersSelect from '~/users_select';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+
+export default () => {
+  new UsersSelect(); // eslint-disable-line no-new
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/branches/index/index.js b/app/assets/javascripts/pages/projects/branches/index/index.js
new file mode 100644
index 00000000000..cee0f19bf2a
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/branches/index/index.js
@@ -0,0 +1,7 @@
+import AjaxLoadingSpinner from '~/ajax_loading_spinner';
+import DeleteModal from '~/branches/branches_delete_modal';
+
+export default () => {
+  AjaxLoadingSpinner.init();
+  new DeleteModal(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/branches/new/index.js b/app/assets/javascripts/pages/projects/branches/new/index.js
new file mode 100644
index 00000000000..ae5e033e97e
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/branches/new/index.js
@@ -0,0 +1,3 @@
+import NewBranchForm from '~/new_branch_form';
+
+export default () => new NewBranchForm($('.js-create-branch-form'), JSON.parse(document.getElementById('availableRefs').innerHTML));
diff --git a/app/assets/javascripts/pages/projects/clusters/index/index.js b/app/assets/javascripts/pages/projects/clusters/index/index.js
new file mode 100644
index 00000000000..d531ab81dc7
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/clusters/index/index.js
@@ -0,0 +1,5 @@
+import ClustersIndex from '~/clusters/clusters_index';
+
+export default () => {
+  new ClustersIndex(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/clusters/show/index.js b/app/assets/javascripts/pages/projects/clusters/show/index.js
new file mode 100644
index 00000000000..0458c02a66f
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/clusters/show/index.js
@@ -0,0 +1,5 @@
+import ClustersBundle from '~/clusters/clusters_bundle';
+
+export default () => {
+  new ClustersBundle(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/commit/pipelines/index.js b/app/assets/javascripts/pages/projects/commit/pipelines/index.js
new file mode 100644
index 00000000000..523ad567021
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/commit/pipelines/index.js
@@ -0,0 +1,8 @@
+import MiniPipelineGraph from '~/mini_pipeline_graph_dropdown';
+
+export default () => {
+  new MiniPipelineGraph({
+    container: '.js-commit-pipeline-graph',
+  }).bindEvents();
+  $('.commit-info.branches').load(document.querySelector('.js-commit-box').dataset.commitPath);
+};
diff --git a/app/assets/javascripts/pages/projects/commit/show/index.js b/app/assets/javascripts/pages/projects/commit/show/index.js
new file mode 100644
index 00000000000..5ac38e6f278
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/commit/show/index.js
@@ -0,0 +1,22 @@
+/* eslint-disable no-new */
+import Diff from '~/diff';
+import ZenMode from '~/zen_mode';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+import MiniPipelineGraph from '~/mini_pipeline_graph_dropdown';
+import initNotes from '~/init_notes';
+import initChangesDropdown from '~/init_changes_dropdown';
+import { fetchCommitMergeRequests } from '~/commit_merge_requests';
+
+export default () => {
+  new Diff();
+  new ZenMode();
+  new ShortcutsNavigation();
+  new MiniPipelineGraph({
+    container: '.js-commit-pipeline-graph',
+  }).bindEvents();
+  initNotes();
+  const stickyBarPaddingTop = 16;
+  initChangesDropdown(document.querySelector('.navbar-gitlab').offsetHeight - stickyBarPaddingTop);
+  $('.commit-info.branches').load(document.querySelector('.js-commit-box').dataset.commitPath);
+  fetchCommitMergeRequests();
+};
diff --git a/app/assets/javascripts/pages/projects/commits/show/index.js b/app/assets/javascripts/pages/projects/commits/show/index.js
new file mode 100644
index 00000000000..90b5882a24f
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/commits/show/index.js
@@ -0,0 +1,9 @@
+import CommitsList from '~/commits';
+import GpgBadges from '~/gpg_badges';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+
+export default () => {
+  CommitsList.init(document.querySelector('.js-project-commits-show').dataset.commitsLimit);
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+  GpgBadges.fetch();
+};
diff --git a/app/assets/javascripts/pages/projects/compare/index.js b/app/assets/javascripts/pages/projects/compare/index.js
new file mode 100644
index 00000000000..890062eeee6
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/compare/index.js
@@ -0,0 +1,5 @@
+import initCompareAutocomplete from '~/compare_autocomplete';
+
+export default () => {
+  initCompareAutocomplete();
+};
diff --git a/app/assets/javascripts/pages/projects/compare/show/index.js b/app/assets/javascripts/pages/projects/compare/show/index.js
new file mode 100644
index 00000000000..6b8d4503568
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/compare/show/index.js
@@ -0,0 +1,8 @@
+import Diff from '~/diff';
+import initChangesDropdown from '~/init_changes_dropdown';
+
+export default () => {
+  new Diff(); // eslint-disable-line no-new
+  const paddingTop = 16;
+  initChangesDropdown(document.querySelector('.navbar-gitlab').offsetHeight - paddingTop);
+};
diff --git a/app/assets/javascripts/pages/projects/edit/index.js b/app/assets/javascripts/pages/projects/edit/index.js
new file mode 100644
index 00000000000..7f662ef6b6a
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/edit/index.js
@@ -0,0 +1,8 @@
+import initSettingsPanels from '~/settings_panels';
+import setupProjectEdit from '~/project_edit';
+
+export default () => {
+  setupProjectEdit();
+  // Initialize expandable settings panels
+  initSettingsPanels();
+};
diff --git a/app/assets/javascripts/pages/projects/find_file/show/index.js b/app/assets/javascripts/pages/projects/find_file/show/index.js
new file mode 100644
index 00000000000..42bde0ff779
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/find_file/show/index.js
@@ -0,0 +1,12 @@
+import ProjectFindFile from '~/project_find_file';
+import ShortcutsFindFile from '~/shortcuts_find_file';
+
+export default () => {
+  const findElement = document.querySelector('.js-file-finder');
+  const projectFindFile = new ProjectFindFile($('.file-finder-holder'), {
+    url: findElement.dataset.fileFindUrl,
+    treeUrl: findElement.dataset.findTreeUrl,
+    blobUrlTemplate: findElement.dataset.blobUrlTemplate,
+  });
+  new ShortcutsFindFile(projectFindFile); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/forks/new/index.js b/app/assets/javascripts/pages/projects/forks/new/index.js
new file mode 100644
index 00000000000..7825eb01949
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/forks/new/index.js
@@ -0,0 +1,5 @@
+import ProjectFork from '~/project_fork';
+
+export default () => {
+  new ProjectFork(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/imports/show/index.js b/app/assets/javascripts/pages/projects/imports/show/index.js
new file mode 100644
index 00000000000..378f7b3f38b
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/imports/show/index.js
@@ -0,0 +1,5 @@
+import ProjectImport from '~/project_import';
+
+export default () => {
+  new ProjectImport(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/init_blob.js b/app/assets/javascripts/pages/projects/init_blob.js
new file mode 100644
index 00000000000..26f0ad46114
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/init_blob.js
@@ -0,0 +1,33 @@
+import LineHighlighter from '~/line_highlighter';
+import BlobLinePermalinkUpdater from '~/blob/blob_line_permalink_updater';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+import ShortcutsBlob from '~/shortcuts_blob';
+import BlobForkSuggestion from '~/blob/blob_fork_suggestion';
+
+export default () => {
+  new LineHighlighter(); // eslint-disable-line no-new
+
+  new BlobLinePermalinkUpdater( // eslint-disable-line no-new
+    document.querySelector('#blob-content-holder'),
+    '.diff-line-num[data-line-number]',
+    document.querySelectorAll('.js-data-file-blob-permalink-url, .js-blob-blame-link'),
+  );
+
+  const fileBlobPermalinkUrlElement = document.querySelector('.js-data-file-blob-permalink-url');
+  const fileBlobPermalinkUrl = fileBlobPermalinkUrlElement && fileBlobPermalinkUrlElement.getAttribute('href');
+
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+
+  new ShortcutsBlob({ // eslint-disable-line no-new
+    skipResetBindings: true,
+    fileBlobPermalinkUrl,
+  });
+
+  new BlobForkSuggestion({ // eslint-disable-line no-new
+    openButtons: document.querySelectorAll('.js-edit-blob-link-fork-toggler'),
+    forkButtons: document.querySelectorAll('.js-fork-suggestion-button'),
+    cancelButtons: document.querySelectorAll('.js-cancel-fork-suggestion-button'),
+    suggestionSections: document.querySelectorAll('.js-file-fork-suggestion-section'),
+    actionTextPieces: document.querySelectorAll('.js-file-fork-suggestion-section-action'),
+  }).init();
+};
diff --git a/app/assets/javascripts/pages/projects/issues/edit/index.js b/app/assets/javascripts/pages/projects/issues/edit/index.js
new file mode 100644
index 00000000000..7f27f379d8c
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/issues/edit/index.js
@@ -0,0 +1,5 @@
+import initForm from '../form';
+
+export default () => {
+  initForm();
+};
diff --git a/app/assets/javascripts/pages/projects/issues/form.js b/app/assets/javascripts/pages/projects/issues/form.js
new file mode 100644
index 00000000000..5c7daf84738
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/issues/form.js
@@ -0,0 +1,16 @@
+/* eslint-disable no-new */
+import GLForm from '~/gl_form';
+import IssuableForm from '~/issuable_form';
+import LabelsSelect from '~/labels_select';
+import MilestoneSelect from '~/milestone_select';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+import IssuableTemplateSelectors from '~/templates/issuable_template_selectors';
+
+export default () => {
+  new ShortcutsNavigation();
+  new GLForm($('.issue-form'), true);
+  new IssuableForm($('.issue-form'));
+  new LabelsSelect();
+  new MilestoneSelect();
+  new IssuableTemplateSelectors();
+};
diff --git a/app/assets/javascripts/pages/projects/issues/index/index.js b/app/assets/javascripts/pages/projects/issues/index/index.js
new file mode 100644
index 00000000000..fd395a45f00
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/issues/index/index.js
@@ -0,0 +1,18 @@
+
+/* eslint-disable no-new */
+
+import IssuableIndex from '~/issuable_index';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+import UsersSelect from '~/users_select';
+
+export default () => {
+  const filteredSearchEnabled = gl.FilteredSearchManager && document.querySelector('.filtered-search');
+  if (filteredSearchEnabled) {
+    const filteredSearchManager = new gl.FilteredSearchManager('issues');
+    filteredSearchManager.setup();
+  }
+  new IssuableIndex('issue_');
+
+  new ShortcutsNavigation();
+  new UsersSelect();
+};
diff --git a/app/assets/javascripts/pages/projects/issues/new/index.js b/app/assets/javascripts/pages/projects/issues/new/index.js
new file mode 100644
index 00000000000..7f27f379d8c
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/issues/new/index.js
@@ -0,0 +1,5 @@
+import initForm from '../form';
+
+export default () => {
+  initForm();
+};
diff --git a/app/assets/javascripts/pages/projects/issues/show/index.js b/app/assets/javascripts/pages/projects/issues/show/index.js
new file mode 100644
index 00000000000..48ed8fb2243
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/issues/show/index.js
@@ -0,0 +1,13 @@
+
+/* eslint-disable no-new */
+import initIssuableSidebar from '~/init_issuable_sidebar';
+import Issue from '~/issue';
+import ShortcutsIssuable from '~/shortcuts_issuable';
+import ZenMode from '~/zen_mode';
+
+export default () => {
+  new Issue();
+  new ShortcutsIssuable();
+  new ZenMode();
+  initIssuableSidebar();
+};
diff --git a/app/assets/javascripts/pages/projects/labels/edit/index.js b/app/assets/javascripts/pages/projects/labels/edit/index.js
new file mode 100644
index 00000000000..72c5e4744ac
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/labels/edit/index.js
@@ -0,0 +1,3 @@
+import Labels from '~/labels';
+
+export default () => new Labels();
diff --git a/app/assets/javascripts/pages/projects/labels/index/index.js b/app/assets/javascripts/pages/projects/labels/index/index.js
new file mode 100644
index 00000000000..018345fa112
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/labels/index/index.js
@@ -0,0 +1,3 @@
+import initLabels from '~/init_labels';
+
+export default initLabels;
diff --git a/app/assets/javascripts/pages/projects/labels/new/index.js b/app/assets/javascripts/pages/projects/labels/new/index.js
new file mode 100644
index 00000000000..72c5e4744ac
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/labels/new/index.js
@@ -0,0 +1,3 @@
+import Labels from '~/labels';
+
+export default () => new Labels();
diff --git a/app/assets/javascripts/pages/projects/merge_requests/index/index.js b/app/assets/javascripts/pages/projects/merge_requests/index/index.js
new file mode 100644
index 00000000000..a52bea03aa2
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/merge_requests/index/index.js
@@ -0,0 +1,16 @@
+import IssuableIndex from '~/issuable_index';
+import ShortcutsNavigation from '~/shortcuts_navigation';
+import UsersSelect from '~/users_select';
+
+export default () => {
+  const filteredSearchEnabled = gl.FilteredSearchManager && document.querySelector('.filtered-search');
+
+  if (filteredSearchEnabled) {
+    const filteredSearchManager = new gl.FilteredSearchManager('merge_requests');
+    filteredSearchManager.setup();
+  }
+
+  new IssuableIndex('merge_request_'); // eslint-disable-line no-new
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+  new UsersSelect(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/milestones/edit/index.js b/app/assets/javascripts/pages/projects/milestones/edit/index.js
new file mode 100644
index 00000000000..10e3979a36e
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/milestones/edit/index.js
@@ -0,0 +1,3 @@
+import initForm from '../../../../shared/milestones/form';
+
+export default () => initForm();
diff --git a/app/assets/javascripts/pages/projects/milestones/new/index.js b/app/assets/javascripts/pages/projects/milestones/new/index.js
new file mode 100644
index 00000000000..10e3979a36e
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/milestones/new/index.js
@@ -0,0 +1,3 @@
+import initForm from '../../../../shared/milestones/form';
+
+export default () => initForm();
diff --git a/app/assets/javascripts/pages/projects/tags/new/index.js b/app/assets/javascripts/pages/projects/tags/new/index.js
new file mode 100644
index 00000000000..dacc2875c8c
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/tags/new/index.js
@@ -0,0 +1,9 @@
+import RefSelectDropdown from '../../../../ref_select_dropdown';
+import ZenMode from '../../../../zen_mode';
+import GLForm from '../../../../gl_form';
+
+export default () => {
+  new ZenMode(); // eslint-disable-line no-new
+  new GLForm($('.tag-form'), true); // eslint-disable-line no-new
+  new RefSelectDropdown($('.js-branch-select')); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/projects/tree/show/index.js b/app/assets/javascripts/pages/projects/tree/show/index.js
new file mode 100644
index 00000000000..28a0160f47d
--- /dev/null
+++ b/app/assets/javascripts/pages/projects/tree/show/index.js
@@ -0,0 +1,15 @@
+import TreeView from '../../../../tree';
+import ShortcutsNavigation from '../../../../shortcuts_navigation';
+import BlobViewer from '../../../../blob/viewer';
+import NewCommitForm from '../../../../new_commit_form';
+import { ajaxGet } from '../../../../lib/utils/common_utils';
+
+export default () => {
+  new ShortcutsNavigation(); // eslint-disable-line no-new
+  new TreeView(); // eslint-disable-line no-new
+  new BlobViewer(); // eslint-disable-line no-new
+  new NewCommitForm($('.js-create-dir-form')); // eslint-disable-line no-new
+  $('#tree-slider').waitForImages(() =>
+    ajaxGet(document.querySelector('.js-tree-content').dataset.logsPath));
+};
+
diff --git a/app/assets/javascripts/pages/snippets/edit/index.js b/app/assets/javascripts/pages/snippets/edit/index.js
new file mode 100644
index 00000000000..9c664b5f1ff
--- /dev/null
+++ b/app/assets/javascripts/pages/snippets/edit/index.js
@@ -0,0 +1,3 @@
+import form from '../form';
+
+export default form;
diff --git a/app/assets/javascripts/pages/snippets/form.js b/app/assets/javascripts/pages/snippets/form.js
new file mode 100644
index 00000000000..f996d3cd74e
--- /dev/null
+++ b/app/assets/javascripts/pages/snippets/form.js
@@ -0,0 +1,7 @@
+import GLForm from '~/gl_form';
+import ZenMode from '~/zen_mode';
+
+export default () => {
+  new GLForm($('.snippet-form'), false); // eslint-disable-line no-new
+  new ZenMode(); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/pages/snippets/new/index.js b/app/assets/javascripts/pages/snippets/new/index.js
new file mode 100644
index 00000000000..9c664b5f1ff
--- /dev/null
+++ b/app/assets/javascripts/pages/snippets/new/index.js
@@ -0,0 +1,3 @@
+import form from '../form';
+
+export default form;
diff --git a/app/assets/javascripts/pipelines/components/async_button.vue b/app/assets/javascripts/pipelines/components/async_button.vue
index 4ad3f66ee8c..77553ca67cc 100644
--- a/app/assets/javascripts/pipelines/components/async_button.vue
+++ b/app/assets/javascripts/pipelines/components/async_button.vue
@@ -3,6 +3,7 @@
 
   import eventHub from '../event_hub';
   import loadingIcon from '../../vue_shared/components/loading_icon.vue';
+  import icon from '../../vue_shared/components/icon.vue';
   import tooltip from '../../vue_shared/directives/tooltip';
 
   export default {
@@ -11,6 +12,7 @@
     },
     components: {
       loadingIcon,
+      icon,
     },
     props: {
       endpoint: {
@@ -41,9 +43,6 @@
       };
     },
     computed: {
-      iconClass() {
-        return `fa fa-${this.icon}`;
-      },
       buttonClass() {
         return `btn ${this.cssClass}`;
       },
@@ -76,10 +75,9 @@
     data-container="body"
     data-placement="top"
     :disabled="isLoading">
-    <i
-      :class="iconClass"
-      aria-hidden="true">
-    </i>
+    <icon
+      :name="icon"
+    />
     <loading-icon v-if="isLoading" />
   </button>
 </template>
diff --git a/app/assets/javascripts/pipelines/components/header_component.vue b/app/assets/javascripts/pipelines/components/header_component.vue
index 942acc8c412..e08c2092680 100644
--- a/app/assets/javascripts/pipelines/components/header_component.vue
+++ b/app/assets/javascripts/pipelines/components/header_component.vue
@@ -92,6 +92,7 @@
     <loading-icon
       v-if="isLoading"
       size="2"
+      class="prepend-top-default append-bottom-default"
     />
   </div>
 </template>
diff --git a/app/assets/javascripts/pipelines/components/pipelines_actions.vue b/app/assets/javascripts/pipelines/components/pipelines_actions.vue
index efda36c12d6..3297af7bde4 100644
--- a/app/assets/javascripts/pipelines/components/pipelines_actions.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_actions.vue
@@ -1,7 +1,7 @@
 <script>
-  import playIconSvg from 'icons/_icon_play.svg';
   import eventHub from '../event_hub';
   import loadingIcon from '../../vue_shared/components/loading_icon.vue';
+  import icon from '../../vue_shared/components/icon.vue';
   import tooltip from '../../vue_shared/directives/tooltip';
 
   export default {
@@ -10,6 +10,7 @@
     },
     components: {
       loadingIcon,
+      icon,
     },
     props: {
       actions: {
@@ -19,7 +20,6 @@
     },
     data() {
       return {
-        playIconSvg,
         isLoading: false,
       };
     },
@@ -52,7 +52,10 @@
       aria-label="Manual job"
       :disabled="isLoading"
     >
-      <span v-html="playIconSvg"></span>
+      <icon
+        name="play"
+        class="icon-play"
+      />
       <i
         class="fa fa-caret-down"
         aria-hidden="true">
diff --git a/app/assets/javascripts/pipelines/components/pipelines_table_row.vue b/app/assets/javascripts/pipelines/components/pipelines_table_row.vue
index 670b777199c..d87e24cc8a7 100644
--- a/app/assets/javascripts/pipelines/components/pipelines_table_row.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_table_row.vue
@@ -312,7 +312,7 @@
           :endpoint="pipeline.cancel_path"
           css-class="js-pipelines-cancel-button btn-remove"
           title="Cancel"
-          icon="remove"
+          icon="close"
           confirm-action-message="Are you sure you want to cancel this pipeline?"
         />
       </div>
diff --git a/app/assets/javascripts/projects_dropdown/index.js b/app/assets/javascripts/projects_dropdown/index.js
index 2660da3c558..e78ebce2923 100644
--- a/app/assets/javascripts/projects_dropdown/index.js
+++ b/app/assets/javascripts/projects_dropdown/index.js
@@ -19,11 +19,8 @@ document.addEventListener('DOMContentLoaded', () => {
     return;
   }
 
-  $(navEl).on('show.bs.dropdown', (e) => {
-    const dropdownEl = $(e.currentTarget).find('.projects-dropdown-menu');
-    dropdownEl.one('transitionend', () => {
-      eventHub.$emit('dropdownOpen');
-    });
+  $(navEl).on('shown.bs.dropdown', () => {
+    eventHub.$emit('dropdownOpen');
   });
 
   // eslint-disable-next-line no-new
diff --git a/app/assets/javascripts/projects_dropdown/service/projects_service.js b/app/assets/javascripts/projects_dropdown/service/projects_service.js
index 9cbd8f21f2a..7231f520933 100644
--- a/app/assets/javascripts/projects_dropdown/service/projects_service.js
+++ b/app/assets/javascripts/projects_dropdown/service/projects_service.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import VueResource from 'vue-resource';
 
diff --git a/app/assets/javascripts/protected_branches/protected_branch_create.js b/app/assets/javascripts/protected_branches/protected_branch_create.js
index 0a9fdb074e5..2948baeab11 100644
--- a/app/assets/javascripts/protected_branches/protected_branch_create.js
+++ b/app/assets/javascripts/protected_branches/protected_branch_create.js
@@ -1,6 +1,6 @@
 import _ from 'underscore';
 import ProtectedBranchAccessDropdown from './protected_branch_access_dropdown';
-import ProtectedBranchDropdown from './protected_branch_dropdown';
+import CreateItemDropdown from '../create_item_dropdown';
 import AccessorUtilities from '../lib/utils/accessor';
 
 const PB_LOCAL_STORAGE_KEY = 'protected-branches-defaults';
@@ -35,10 +35,12 @@ export default class ProtectedBranchCreate {
       onSelect: this.onSelectCallback,
     });
 
-    // Protected branch dropdown
-    this.protectedBranchDropdown = new ProtectedBranchDropdown({
+    this.createItemDropdown = new CreateItemDropdown({
       $dropdown: $protectedBranchDropdown,
+      defaultToggleLabel: 'Protected Branch',
+      fieldName: 'protected_branch[name]',
       onSelect: this.onSelectCallback,
+      getData: ProtectedBranchCreate.getProtectedBranches,
     });
 
     this.loadPreviousSelection($allowedToMergeDropdown.data('glDropdown'), $allowedToPushDropdown.data('glDropdown'));
@@ -60,6 +62,10 @@ export default class ProtectedBranchCreate {
     this.$form.find('input[type="submit"]').attr('disabled', completedForm);
   }
 
+  static getProtectedBranches(term, callback) {
+    callback(gon.open_branches);
+  }
+
   loadPreviousSelection(mergeDropdown, pushDropdown) {
     let mergeIndex = 0;
     let pushIndex = 0;
diff --git a/app/assets/javascripts/protected_branches/protected_branch_dropdown.js b/app/assets/javascripts/protected_branches/protected_branch_dropdown.js
deleted file mode 100644
index 678882a8d2c..00000000000
--- a/app/assets/javascripts/protected_branches/protected_branch_dropdown.js
+++ /dev/null
@@ -1,90 +0,0 @@
-import _ from 'underscore';
-
-export default class ProtectedBranchDropdown {
-  /**
-   * @param {Object} options containing
-   *                         `$dropdown` target element
-   *                          `onSelect` event callback
-   * $dropdown must be an element created using `dropdown_branch()` rails helper
-   */
-  constructor(options) {
-    this.onSelect = options.onSelect;
-    this.$dropdown = options.$dropdown;
-    this.$dropdownContainer = this.$dropdown.parent();
-    this.$dropdownFooter = this.$dropdownContainer.find('.dropdown-footer');
-    this.$protectedBranch = this.$dropdownContainer.find('.js-create-new-protected-branch');
-
-    this.buildDropdown();
-    this.bindEvents();
-
-    // Hide footer
-    this.toggleFooter(true);
-  }
-
-  buildDropdown() {
-    this.$dropdown.glDropdown({
-      data: this.getProtectedBranches.bind(this),
-      filterable: true,
-      remote: false,
-      search: {
-        fields: ['title'],
-      },
-      selectable: true,
-      toggleLabel(selected) {
-        return (selected && 'id' in selected) ? selected.title : 'Protected Branch';
-      },
-      fieldName: 'protected_branch[name]',
-      text(protectedBranch) {
-        return _.escape(protectedBranch.title);
-      },
-      id(protectedBranch) {
-        return _.escape(protectedBranch.id);
-      },
-      onFilter: this.toggleCreateNewButton.bind(this),
-      clicked: (options) => {
-        options.e.preventDefault();
-        this.onSelect();
-      },
-    });
-  }
-
-  bindEvents() {
-    this.$protectedBranch.on('click', this.onClickCreateWildcard.bind(this));
-  }
-
-  onClickCreateWildcard(e) {
-    e.preventDefault();
-
-    // Refresh the dropdown's data, which ends up calling `getProtectedBranches`
-    this.$dropdown.data('glDropdown').remote.execute();
-    this.$dropdown.data('glDropdown').selectRowAtIndex();
-  }
-
-  getProtectedBranches(term, callback) {
-    if (this.selectedBranch) {
-      callback(gon.open_branches.concat(this.selectedBranch));
-    } else {
-      callback(gon.open_branches);
-    }
-  }
-
-  toggleCreateNewButton(branchName) {
-    if (branchName) {
-      this.selectedBranch = {
-        title: branchName,
-        id: branchName,
-        text: branchName,
-      };
-
-      this.$dropdownContainer
-        .find('.js-create-new-protected-branch code')
-        .text(branchName);
-    }
-
-    this.toggleFooter(!branchName);
-  }
-
-  toggleFooter(toggleState) {
-    this.$dropdownFooter.toggleClass('hidden', toggleState);
-  }
-}
diff --git a/app/assets/javascripts/protected_tags/protected_tag_create.js b/app/assets/javascripts/protected_tags/protected_tag_create.js
index 91bd140bd12..d1e4a75c17b 100644
--- a/app/assets/javascripts/protected_tags/protected_tag_create.js
+++ b/app/assets/javascripts/protected_tags/protected_tag_create.js
@@ -1,5 +1,5 @@
 import ProtectedTagAccessDropdown from './protected_tag_access_dropdown';
-import ProtectedTagDropdown from './protected_tag_dropdown';
+import CreateItemDropdown from '../create_item_dropdown';
 
 export default class ProtectedTagCreate {
   constructor() {
@@ -24,9 +24,12 @@ export default class ProtectedTagCreate {
     $allowedToCreateDropdown.data('glDropdown').selectRowAtIndex(0);
 
     // Protected tag dropdown
-    this.protectedTagDropdown = new ProtectedTagDropdown({
+    this.createItemDropdown = new CreateItemDropdown({
       $dropdown: this.$form.find('.js-protected-tag-select'),
+      defaultToggleLabel: 'Protected Tag',
+      fieldName: 'protected_tag[name]',
       onSelect: this.onSelectCallback,
+      getData: ProtectedTagCreate.getProtectedTags,
     });
   }
 
@@ -38,4 +41,8 @@ export default class ProtectedTagCreate {
 
     this.$form.find('input[type="submit"]').attr('disabled', !($tagInput.val() && $allowedToCreateInput.length));
   }
+
+  static getProtectedTags(term, callback) {
+    callback(gon.open_tags);
+  }
 }
diff --git a/app/assets/javascripts/shared/milestones/form.js b/app/assets/javascripts/shared/milestones/form.js
new file mode 100644
index 00000000000..db466f722c4
--- /dev/null
+++ b/app/assets/javascripts/shared/milestones/form.js
@@ -0,0 +1,9 @@
+import ZenMode from '../../zen_mode';
+import DueDateSelectors from '../../due_date_select';
+import GLForm from '../../gl_form';
+
+export default (initGFM = true) => {
+  new ZenMode(); // eslint-disable-line no-new
+  new DueDateSelectors(); // eslint-disable-line no-new
+  new GLForm($('.milestone-form'), initGFM); // eslint-disable-line no-new
+};
diff --git a/app/assets/javascripts/shortcuts.js b/app/assets/javascripts/shortcuts.js
index d2f0d7410da..5351873e945 100644
--- a/app/assets/javascripts/shortcuts.js
+++ b/app/assets/javascripts/shortcuts.js
@@ -62,7 +62,7 @@ export default class Shortcuts {
     e.preventDefault();
     const performanceBarCookieName = 'perf_bar_enabled';
     if (Cookies.get(performanceBarCookieName) === 'true') {
-      Cookies.remove(performanceBarCookieName, { path: '/' });
+      Cookies.set(performanceBarCookieName, 'false', { path: '/' });
     } else {
       Cookies.set(performanceBarCookieName, 'true', { path: '/' });
     }
diff --git a/app/assets/javascripts/shortcuts_blob.js b/app/assets/javascripts/shortcuts_blob.js
index cf309be4f6f..908b9cab93d 100644
--- a/app/assets/javascripts/shortcuts_blob.js
+++ b/app/assets/javascripts/shortcuts_blob.js
@@ -1,4 +1,4 @@
-/* global Mousetrap */
+import Mousetrap from 'mousetrap';
 import { getLocationHash, visitUrl } from './lib/utils/url_utility';
 import Shortcuts from './shortcuts';
 
diff --git a/app/assets/javascripts/shortcuts_find_file.js b/app/assets/javascripts/shortcuts_find_file.js
index 81286c0010c..1e246a56b85 100644
--- a/app/assets/javascripts/shortcuts_find_file.js
+++ b/app/assets/javascripts/shortcuts_find_file.js
@@ -1,5 +1,4 @@
-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 
 export default class ShortcutsFindFile extends ShortcutsNavigation {
diff --git a/app/assets/javascripts/shortcuts_issuable.js b/app/assets/javascripts/shortcuts_issuable.js
index 292e3d6a657..6aeae84cdc5 100644
--- a/app/assets/javascripts/shortcuts_issuable.js
+++ b/app/assets/javascripts/shortcuts_issuable.js
@@ -1,7 +1,5 @@
-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import _ from 'underscore';
-import 'mousetrap';
 import Sidebar from './right_sidebar';
 import ShortcutsNavigation from './shortcuts_navigation';
 import { CopyAsGFM } from './behaviors/copy_as_gfm';
diff --git a/app/assets/javascripts/shortcuts_navigation.js b/app/assets/javascripts/shortcuts_navigation.js
index b4562701a3e..a4d10850471 100644
--- a/app/assets/javascripts/shortcuts_navigation.js
+++ b/app/assets/javascripts/shortcuts_navigation.js
@@ -1,5 +1,4 @@
-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import findAndFollowLink from './shortcuts_dashboard_navigation';
 import Shortcuts from './shortcuts';
 
diff --git a/app/assets/javascripts/shortcuts_network.js b/app/assets/javascripts/shortcuts_network.js
index 21823085ac4..a88c280fa3b 100644
--- a/app/assets/javascripts/shortcuts_network.js
+++ b/app/assets/javascripts/shortcuts_network.js
@@ -1,4 +1,4 @@
-/* global Mousetrap */
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 
 export default class ShortcutsNetwork extends ShortcutsNavigation {
diff --git a/app/assets/javascripts/shortcuts_wiki.js b/app/assets/javascripts/shortcuts_wiki.js
index 59b967dbe09..41865dcf4ba 100644
--- a/app/assets/javascripts/shortcuts_wiki.js
+++ b/app/assets/javascripts/shortcuts_wiki.js
@@ -1,16 +1,14 @@
-/* eslint-disable class-methods-use-this */
-/* global Mousetrap */
-
+import Mousetrap from 'mousetrap';
 import ShortcutsNavigation from './shortcuts_navigation';
 import findAndFollowLink from './shortcuts_dashboard_navigation';
 
 export default class ShortcutsWiki extends ShortcutsNavigation {
   constructor() {
     super();
-    Mousetrap.bind('e', this.editWiki);
+    Mousetrap.bind('e', ShortcutsWiki.editWiki);
   }
 
-  editWiki() {
+  static editWiki() {
     findAndFollowLink('.js-wiki-edit');
   }
 }
diff --git a/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue b/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
index 7226076a8fc..d69d100a26c 100644
--- a/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
+++ b/app/assets/javascripts/sidebar/components/subscriptions/subscriptions.vue
@@ -1,12 +1,22 @@
 <script>
-  /* eslint-disable vue/require-default-prop */
-  import { __ } from '../../../locale';
+  import { __ } from '~/locale';
+  import icon from '~/vue_shared/components/icon.vue';
+  import toggleButton from '~/vue_shared/components/toggle_button.vue';
+  import tooltip from '~/vue_shared/directives/tooltip';
   import eventHub from '../../event_hub';
-  import loadingButton from '../../../vue_shared/components/loading_button.vue';
+
+  const ICON_ON = 'notifications';
+  const ICON_OFF = 'notifications-off';
+  const LABEL_ON = __('Notifications on');
+  const LABEL_OFF = __('Notifications off');
 
   export default {
+    directives: {
+      tooltip,
+    },
     components: {
-      loadingButton,
+      icon,
+      toggleButton,
     },
     props: {
       loading: {
@@ -17,22 +27,23 @@
       subscribed: {
         type: Boolean,
         required: false,
+        default: null,
       },
       id: {
         type: Number,
         required: false,
+        default: null,
       },
     },
     computed: {
-      buttonLabel() {
-        let label;
-        if (this.subscribed === false) {
-          label = __('Subscribe');
-        } else if (this.subscribed === true) {
-          label = __('Unsubscribe');
-        }
-
-        return label;
+      showLoadingState() {
+        return this.subscribed === null;
+      },
+      notificationIcon() {
+        return this.subscribed ? ICON_ON : ICON_OFF;
+      },
+      notificationTooltip() {
+        return this.subscribed ? LABEL_ON : LABEL_OFF;
       },
     },
     methods: {
@@ -46,21 +57,29 @@
 <template>
   <div>
     <div class="sidebar-collapsed-icon">
-      <i
-        class="fa fa-rss"
-        aria-hidden="true"
+      <span
+        v-tooltip
+        :title="notificationTooltip"
+        data-container="body"
+        data-placement="left"
       >
-      </i>
+        <icon
+          :name="notificationIcon"
+          :size="16"
+          aria-hidden="true"
+          class="sidebar-item-icon is-active"
+        />
+      </span>
     </div>
     <span class="issuable-header-text hide-collapsed pull-left">
       {{ __('Notifications') }}
     </span>
-    <loading-button
-      ref="loadingButton"
-      class="btn btn-default pull-right hide-collapsed js-issuable-subscribe-button"
-      :loading="loading"
-      :label="buttonLabel"
-      @click="toggleSubscription"
+    <toggle-button
+      ref="toggleButton"
+      class="pull-right hide-collapsed js-issuable-subscribe-button"
+      :is-loading="showLoadingState"
+      :value="subscribed"
+      @change="toggleSubscription"
     />
   </div>
 </template>
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js
index e82fb979162..f16414ad5c0 100644
--- a/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_ready_to_merge.js
@@ -1,6 +1,7 @@
 import successSvg from 'icons/_icon_status_success.svg';
 import warningSvg from 'icons/_icon_status_warning.svg';
 import simplePoll from '~/lib/utils/simple_poll';
+import MergeRequest from '../../../merge_request';
 import Flash from '../../../flash';
 import statusIcon from '../mr_widget_status_icon';
 import eventHub from '../../event_hub';
@@ -165,11 +166,9 @@ export default {
             // If state is merged we should update the widget and stop the polling
             eventHub.$emit('MRWidgetUpdateRequested');
             eventHub.$emit('FetchActionsContent');
-            if (window.mergeRequest) {
-              window.mergeRequest.updateStatusText('status-box-open', 'status-box-merged', 'Merged');
-              window.mergeRequest.hideCloseButton();
-              window.mergeRequest.decreaseCounter();
-            }
+            MergeRequest.setStatusBoxToMerged();
+            MergeRequest.hideCloseButton();
+            MergeRequest.decreaseCounter();
             stopPolling();
 
             // If user checked remove source branch and we didn't remove the branch yet
diff --git a/app/assets/javascripts/vue_shared/components/modal.vue b/app/assets/javascripts/vue_shared/components/modal.vue
index c103c45c7dd..8227428d8ba 100644
--- a/app/assets/javascripts/vue_shared/components/modal.vue
+++ b/app/assets/javascripts/vue_shared/components/modal.vue
@@ -122,7 +122,7 @@
           >
             <button
               type="button"
-              class="btn pull-left"
+              class="btn"
               :class="btnCancelKindClass"
               @click="emitCancel($event)"
               data-dismiss="modal"
@@ -132,7 +132,7 @@
             <button
               v-if="primaryButtonLabel"
               type="button"
-              class="btn pull-right js-primary-button"
+              class="btn js-primary-button"
               :disabled="submitDisabled"
               :class="btnKindClass"
               @click="emitSubmit($event)"
diff --git a/app/assets/javascripts/vue_shared/components/stacked_progress_bar.vue b/app/assets/javascripts/vue_shared/components/stacked_progress_bar.vue
new file mode 100644
index 00000000000..86f06c8d266
--- /dev/null
+++ b/app/assets/javascripts/vue_shared/components/stacked_progress_bar.vue
@@ -0,0 +1,127 @@
+<script>
+import tooltip from '~/vue_shared/directives/tooltip';
+
+export default {
+  directives: {
+    tooltip,
+  },
+  props: {
+    cssClass: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    successLabel: {
+      type: String,
+      required: true,
+    },
+    failureLabel: {
+      type: String,
+      required: true,
+    },
+    neutralLabel: {
+      type: String,
+      required: true,
+    },
+    successCount: {
+      type: Number,
+      required: true,
+    },
+    failureCount: {
+      type: Number,
+      required: true,
+    },
+    totalCount: {
+      type: Number,
+      required: true,
+    },
+  },
+  computed: {
+    neutralCount() {
+      return this.totalCount - this.successCount - this.failureCount;
+    },
+    successPercent() {
+      return this.getPercent(this.successCount);
+    },
+    successBarStyle() {
+      return this.barStyle(this.successPercent);
+    },
+    successTooltip() {
+      return this.getTooltip(this.successLabel, this.successCount);
+    },
+    failurePercent() {
+      return this.getPercent(this.failureCount);
+    },
+    failureBarStyle() {
+      return this.barStyle(this.failurePercent);
+    },
+    failureTooltip() {
+      return this.getTooltip(this.failureLabel, this.failureCount);
+    },
+    neutralPercent() {
+      return this.getPercent(this.neutralCount);
+    },
+    neutralBarStyle() {
+      return this.barStyle(this.neutralPercent);
+    },
+    neutralTooltip() {
+      return this.getTooltip(this.neutralLabel, this.neutralCount);
+    },
+  },
+  methods: {
+    getPercent(count) {
+      return Math.ceil((count / this.totalCount) * 100);
+    },
+    barStyle(percent) {
+      return `width: ${percent}%;`;
+    },
+    getTooltip(label, count) {
+      return `${label}: ${count}`;
+    },
+  },
+};
+</script>
+
+<template>
+  <div
+    class="stacked-progress-bar"
+    :class="cssClass"
+  >
+    <span
+      v-if="!totalCount"
+      class="status-unavailable"
+    >
+      {{ __("Not available") }}
+    </span>
+    <span
+      v-tooltip
+      v-if="successPercent"
+      class="status-green"
+      data-placement="bottom"
+      :title="successTooltip"
+      :style="successBarStyle"
+    >
+      {{ successPercent }}%
+    </span>
+    <span
+      v-tooltip
+      v-if="neutralPercent"
+      class="status-neutral"
+      data-placement="bottom"
+      :title="neutralTooltip"
+      :style="neutralBarStyle"
+    >
+      {{ neutralPercent }}%
+    </span>
+    <span
+      v-tooltip
+      v-if="failurePercent"
+      class="status-red"
+      data-placement="bottom"
+      :title="failureTooltip"
+      :style="failureBarStyle"
+    >
+      {{ failurePercent }}%
+    </span>
+  </div>
+</template>
diff --git a/app/assets/javascripts/vue_shared/components/toggle_button.vue b/app/assets/javascripts/vue_shared/components/toggle_button.vue
index 2b12718ae96..09031d3ffa1 100644
--- a/app/assets/javascripts/vue_shared/components/toggle_button.vue
+++ b/app/assets/javascripts/vue_shared/components/toggle_button.vue
@@ -23,11 +23,12 @@
       name: {
         type: String,
         required: false,
-        default: '',
+        default: null,
       },
       value: {
         type: Boolean,
-        required: true,
+        required: false,
+        default: null,
       },
       disabledInput: {
         type: Boolean,
@@ -61,6 +62,7 @@
 <template>
   <label class="toggle-wrapper">
     <input
+      v-if="name"
       type="hidden"
       :name="name"
       :value="value"
diff --git a/app/assets/javascripts/zen_mode.js b/app/assets/javascripts/zen_mode.js
index 06a86f3b94a..4592003f57e 100644
--- a/app/assets/javascripts/zen_mode.js
+++ b/app/assets/javascripts/zen_mode.js
@@ -1,5 +1,4 @@
 /* eslint-disable func-names, space-before-function-paren, wrap-iife, prefer-arrow-callback, no-unused-vars, consistent-return, camelcase, comma-dangle, max-len, class-methods-use-this */
-/* global Mousetrap */
 
 // Zen Mode (full screen) textarea
 //
@@ -8,9 +7,11 @@
 
 import 'vendor/jquery.scrollTo';
 import Dropzone from 'dropzone';
-import 'mousetrap';
+import Mousetrap from 'mousetrap';
 import 'mousetrap/plugins/pause/mousetrap-pause';
 
+Dropzone.autoDiscover = false;
+
 //
 // ### Events
 //
diff --git a/app/assets/stylesheets/framework.scss b/app/assets/stylesheets/framework.scss
index 43b16d3cf7d..cff47ea76ec 100644
--- a/app/assets/stylesheets/framework.scss
+++ b/app/assets/stylesheets/framework.scss
@@ -59,3 +59,4 @@
 @import "framework/snippets";
 @import "framework/memory_graph";
 @import "framework/responsive_tables";
+@import "framework/stacked-progress-bar";
diff --git a/app/assets/stylesheets/framework/dropdowns.scss b/app/assets/stylesheets/framework/dropdowns.scss
index d1b3754d4ef..4c6b32630e1 100644
--- a/app/assets/stylesheets/framework/dropdowns.scss
+++ b/app/assets/stylesheets/framework/dropdowns.scss
@@ -30,7 +30,7 @@
     @include set-visible;
     min-height: $dropdown-min-height;
     max-height: $dropdown-max-height;
-    overflow: auto;
+    overflow-y: auto;
 
     @media (max-width: $screen-xs-max) {
       width: 100%;
@@ -666,6 +666,16 @@
   }
 }
 
+.dropdown-create-new-item-button {
+  @include dropdown-link;
+
+  width: 100%;
+  background-color: transparent;
+  border: 0;
+  text-align: left;
+  text-overflow: ellipsis;
+}
+
 .dropdown-loading {
   position: absolute;
   top: 0;
diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss
index ad160f37641..634593aefd0 100644
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -104,7 +104,10 @@
 
       img {
         height: 28px;
-        margin-right: 8px;
+
+        + .logo-text {
+          margin-left: 8px;
+        }
       }
 
       &.wrap {
@@ -300,6 +303,8 @@
 
   .projects-dropdown-menu {
     padding: 0;
+    overflow-y: initial;
+    max-height: initial;
   }
 
   .dropdown-chevron {
diff --git a/app/assets/stylesheets/framework/issue_box.scss b/app/assets/stylesheets/framework/issue_box.scss
index 1d8bd26cf1a..d8c57a0e2d9 100644
--- a/app/assets/stylesheets/framework/issue_box.scss
+++ b/app/assets/stylesheets/framework/issue_box.scss
@@ -24,15 +24,13 @@
   font-size: $gl-font-size;
   line-height: 25px;
 
+  &.status-box-closed,
   &.status-box-mr-closed {
     background-color: $gl-danger;
   }
 
-  &.status-box-issue-closed {
-    background-color: $gl-primary;
-  }
-
-  &.status-box-merged {
+  &.status-box-issue-closed,
+  &.status-box-mr-merged {
     background-color: $gl-primary;
   }
 
diff --git a/app/assets/stylesheets/framework/modal.scss b/app/assets/stylesheets/framework/modal.scss
index 1be66d0ab21..924472f2d7e 100644
--- a/app/assets/stylesheets/framework/modal.scss
+++ b/app/assets/stylesheets/framework/modal.scss
@@ -1,4 +1,5 @@
 .modal-header {
+  background-color: $modal-body-bg;
   padding: #{3 * $grid-size} #{2 * $grid-size};
 
   .page-title {
@@ -8,6 +9,7 @@
 
 .modal-body {
   background-color: $modal-body-bg;
+  min-height: $modal-body-height;
   position: relative;
   padding: #{3 * $grid-size} #{2 * $grid-size};
 
@@ -20,6 +22,30 @@
   }
 }
 
+.modal-footer {
+  display: flex;
+  flex-direction: row;
+
+  .btn + .btn {
+    margin-left: $grid-size;
+  }
+
+  @media (max-width: $screen-xs-max) {
+    flex-direction: column;
+
+    .btn + .btn {
+      margin-left: 0;
+      margin-top: $grid-size;
+    }
+  }
+
+  @media (min-width: $screen-sm-min) {
+    .btn:first-of-type {
+      margin-left: auto;
+    }
+  }
+}
+
 body.modal-open {
   overflow: hidden;
 }
@@ -32,12 +58,6 @@ body.modal-open {
   }
 }
 
-@media (min-width: $screen-md-min) {
-  .modal-dialog {
-    width: 860px;
-  }
-}
-
 @media (min-width: $screen-lg-min) {
   .modal-full {
     width: 98%;
diff --git a/app/assets/stylesheets/framework/stacked-progress-bar.scss b/app/assets/stylesheets/framework/stacked-progress-bar.scss
new file mode 100644
index 00000000000..4869cda73e5
--- /dev/null
+++ b/app/assets/stylesheets/framework/stacked-progress-bar.scss
@@ -0,0 +1,54 @@
+.stacked-progress-bar {
+  display: flex;
+  height: 16px;
+  border-radius: 10px;
+  overflow: hidden;
+  background-color: $theme-gray-100;
+
+  .status-unavailable,
+  .status-green,
+  .status-neutral,
+  .status-red, {
+    height: 100%;
+    min-width: 25px;
+    padding: 0 5px;
+    font-size: $tooltip-font-size;
+    font-weight: normal;
+    color: $white-light;
+    line-height: 16px;
+
+    &:hover {
+      cursor: pointer;
+    }
+  }
+
+  .status-unavailable {
+    padding: 0 10px;
+    color: $theme-gray-700;
+  }
+
+  .status-green {
+    background-color: $green-500;
+
+    &:hover {
+      background-color: $green-600;
+    }
+  }
+
+  .status-neutral {
+    background-color: $theme-gray-200;
+    color: $gl-gray-dark;
+
+    &:hover {
+      background-color: $theme-gray-300;
+    }
+  }
+
+  .status-red {
+    background-color: $red-500;
+
+    &:hover {
+      background-color: $red-600;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/framework/tw_bootstrap_variables.scss b/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
index a23131e0818..d04e555769b 100644
--- a/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
+++ b/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
@@ -194,6 +194,6 @@ $modal-body-bg: $white-light;
 //** Modal footer border color
 // $modal-footer-border-color:   $modal-header-border-color
 
-// $modal-lg:                    900px
-// $modal-md:                    600px
+$modal-lg: 860px;
+$modal-md: 540px;
 // $modal-sm:                    300px
diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index ef1520f1f63..da18ddf78d3 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -733,3 +733,8 @@ $popup-box-shadow-color: rgba(90, 90, 90, 0.05);
 Multi file editor
 */
 $border-color-settings: #e1e1e1;
+
+/*
+Modals
+*/
+$modal-body-height: 134px;
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index ae9a8b0182c..759719a72da 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -162,10 +162,6 @@
       border: 0;
     }
 
-    span {
-      display: inline-block;
-    }
-
     .select2-container span {
       margin-top: 0;
     }
diff --git a/app/assets/stylesheets/pages/pipelines.scss b/app/assets/stylesheets/pages/pipelines.scss
index a35ebd48887..766e02b12ea 100644
--- a/app/assets/stylesheets/pages/pipelines.scss
+++ b/app/assets/stylesheets/pages/pipelines.scss
@@ -69,13 +69,6 @@
             border-color: $border-white-normal;
           }
         }
-
-        .btn {
-          .icon-play {
-            height: 13px;
-            width: 12px;
-          }
-        }
       }
 
       .btn .text-center {
@@ -798,7 +791,6 @@ button.mini-pipeline-graph-dropdown-toggle {
 
     // link to the build
     .mini-pipeline-graph-dropdown-item {
-      padding: 3px 7px 4px;
       align-items: center;
       clear: both;
       display: flex;
diff --git a/app/assets/stylesheets/pages/projects.scss b/app/assets/stylesheets/pages/projects.scss
index 61a76d0387a..bf41005b6d5 100644
--- a/app/assets/stylesheets/pages/projects.scss
+++ b/app/assets/stylesheets/pages/projects.scss
@@ -895,17 +895,6 @@ pre.light-well {
   }
 }
 
-.create-new-protected-branch-button,
-.create-new-protected-tag-button {
-  @include dropdown-link;
-
-  width: 100%;
-  background-color: transparent;
-  border: 0;
-  text-align: left;
-  text-overflow: ellipsis;
-}
-
 .protected-branches-list,
 .protected-tags-list {
   margin-bottom: 30px;
diff --git a/app/assets/stylesheets/pages/xterm.scss b/app/assets/stylesheets/pages/xterm.scss
index c7297a34ad8..7d40c61da26 100644
--- a/app/assets/stylesheets/pages/xterm.scss
+++ b/app/assets/stylesheets/pages/xterm.scss
@@ -3,22 +3,21 @@
   // see also: https://gist.github.com/jasonm23/2868981
 
   $black: #000;
-  $red: #cd0000;
-  $green: #00cd00;
-  $yellow: #cdcd00;
-  $blue: #00e;   // according to wikipedia, this is the xterm standard
-  //$blue: #1e90ff; // this is used by all the terminals I tried (when configured with the xterm color profile)
-  $magenta: #cd00cd;
-  $cyan: #00cdcd;
-  $white: #e5e5e5;
+  $red: #ea1010;
+  $green: #009900;
+  $yellow: #999900;
+  $blue: #0073e6;
+  $magenta: #d411d4;
+  $cyan: #009999;
+  $white: #ccc;
   $l-black: #373b41;
-  $l-red: #c66;
-  $l-green: #b5bd68;
-  $l-yellow: #f0c674;
-  $l-blue: #81a2be;
-  $l-magenta: #b294bb;
-  $l-cyan: #8abeb7;
-  $l-white: $gray-darkest;
+  $l-red: #ff6161;
+  $l-green: #00d600;
+  $l-yellow: #bdbd00;
+  $l-blue: #5797ff;
+  $l-magenta: #d96dd9;
+  $l-cyan: #00bdbd;
+  $l-white: #fff;
 
   /*
   * xterm colors
diff --git a/app/controllers/admin/deploy_keys_controller.rb b/app/controllers/admin/deploy_keys_controller.rb
index a7ab481519d..b0c4c31cffc 100644
--- a/app/controllers/admin/deploy_keys_controller.rb
+++ b/app/controllers/admin/deploy_keys_controller.rb
@@ -50,10 +50,10 @@ class Admin::DeployKeysController < Admin::ApplicationController
   end
 
   def create_params
-    params.require(:deploy_key).permit(:key, :title, :can_push)
+    params.require(:deploy_key).permit(:key, :title)
   end
 
   def update_params
-    params.require(:deploy_key).permit(:title, :can_push)
+    params.require(:deploy_key).permit(:title)
   end
 end
diff --git a/app/controllers/concerns/with_performance_bar.rb b/app/controllers/concerns/with_performance_bar.rb
index 230bbe4b1aa..6a8b1a4de7b 100644
--- a/app/controllers/concerns/with_performance_bar.rb
+++ b/app/controllers/concerns/with_performance_bar.rb
@@ -6,13 +6,22 @@ module WithPerformanceBar
   end
 
   def peek_enabled?
-    return true if Rails.env.development?
     return false unless Gitlab::PerformanceBar.enabled?(current_user)
 
     if RequestStore.active?
-      RequestStore.fetch(:peek_enabled) { cookies[:perf_bar_enabled].present? }
+      RequestStore.fetch(:peek_enabled) { cookie_or_default_value }
     else
-      cookies[:perf_bar_enabled].present?
+      cookie_or_default_value
+    end
+  end
+
+  private
+
+  def cookie_or_default_value
+    if cookies[:perf_bar_enabled].present?
+      cookies[:perf_bar_enabled] == 'true'
+    else
+      cookies[:perf_bar_enabled] = 'true' if Rails.env.development?
     end
   end
 end
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index f013d21275e..acf6aaf57f4 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -75,8 +75,6 @@ class Groups::MilestonesController < Groups::ApplicationController
   end
 
   def milestones
-    search_params = params.merge(group_ids: group.id)
-
     milestones = MilestonesFinder.new(search_params).execute
     legacy_milestones = GroupMilestone.build_collection(group, group_projects, params)
 
@@ -94,4 +92,8 @@ class Groups::MilestonesController < Groups::ApplicationController
 
     render_404 unless @milestone
   end
+
+  def search_params
+    params.permit(:state).merge(group_ids: group.id)
+  end
 end
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 689d2e3db22..d631d09f1b8 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -112,6 +112,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
       continue_login_process
     end
+  rescue Gitlab::OAuth::SigninDisabledForProviderError
+    handle_disabled_provider
   rescue Gitlab::OAuth::SignupDisabledError
     handle_signup_error
   end
@@ -168,6 +170,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     redirect_to new_user_session_path
   end
 
+  def handle_disabled_provider
+    label = Gitlab::OAuth::Provider.label_for(oauth['provider'])
+    flash[:alert] = "Signing in using #{label} has been disabled"
+
+    redirect_to new_user_session_path
+  end
+
   def log_audit_event(user, options = {})
     AuditEventService.new(user, user, options)
       .for_authentication.security_event
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 2e7344b1cad..effb484ef0f 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -12,7 +12,7 @@ class Projects::CommitController < Projects::ApplicationController
   before_action :authorize_download_code!
   before_action :authorize_read_pipeline!, only: [:pipelines]
   before_action :commit
-  before_action :define_commit_vars, only: [:show, :diff_for_path, :pipelines]
+  before_action :define_commit_vars, only: [:show, :diff_for_path, :pipelines, :merge_requests]
   before_action :define_note_vars, only: [:show, :diff_for_path]
   before_action :authorize_edit_tree!, only: [:revert, :cherry_pick]
 
@@ -52,6 +52,18 @@ class Projects::CommitController < Projects::ApplicationController
     end
   end
 
+  def merge_requests
+    @merge_requests = @commit.merge_requests.map do |mr|
+      { iid: mr.iid, path: merge_request_path(mr), title: mr.title }
+    end
+
+    respond_to do |format|
+      format.json do
+        render json: @merge_requests.to_json
+      end
+    end
+  end
+
   def branches
     # branch_names_contains/tag_names_contains can take a long time when there are thousands of
     # branches/tags - each `git branch --contains xxx` request can consume a cpu core.
diff --git a/app/controllers/projects/deploy_keys_controller.rb b/app/controllers/projects/deploy_keys_controller.rb
index e06dda1baa4..f43ef2e5f2f 100644
--- a/app/controllers/projects/deploy_keys_controller.rb
+++ b/app/controllers/projects/deploy_keys_controller.rb
@@ -24,7 +24,7 @@ class Projects::DeployKeysController < Projects::ApplicationController
   def create
     @key = DeployKeys::CreateService.new(current_user, create_params).execute
 
-    unless @key.valid? && @project.deploy_keys << @key
+    unless @key.valid?
       flash[:alert] = @key.errors.full_messages.join(', ').html_safe
     end
 
@@ -71,11 +71,14 @@ class Projects::DeployKeysController < Projects::ApplicationController
   end
 
   def create_params
-    params.require(:deploy_key).permit(:key, :title, :can_push)
+    create_params = params.require(:deploy_key)
+                          .permit(:key, :title, deploy_keys_projects_attributes: [:can_push])
+    create_params.dig(:deploy_keys_projects_attributes, '0')&.merge!(project_id: @project.id)
+    create_params
   end
 
   def update_params
-    params.require(:deploy_key).permit(:title, :can_push)
+    params.require(:deploy_key).permit(:title, deploy_keys_projects_attributes: [:id, :can_push])
   end
 
   def authorize_update_deploy_key!
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index 4865ec3dfe5..8b54ba3ad7c 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -29,7 +29,7 @@ class Projects::JobsController < Projects::ApplicationController
       :project,
       :tags
     ])
-    @builds = @builds.page(params[:page]).per(30)
+    @builds = @builds.page(params[:page]).per(30).without_count
   end
 
   def cancel_all
diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb
index 3d2926d5d75..0df80fa700f 100644
--- a/app/controllers/projects/merge_requests/creations_controller.rb
+++ b/app/controllers/projects/merge_requests/creations_controller.rb
@@ -43,11 +43,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
   end
 
   def diffs
-    @diffs = if @merge_request.can_be_created
-               @merge_request.diffs(diff_options)
-             else
-               []
-             end
+    @diffs = @merge_request.diffs(diff_options) if @merge_request.can_be_created
 
     @diff_notes_disabled = true
 
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index 980bbf699b6..0f70efbce40 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -92,12 +92,6 @@ class Projects::MilestonesController < Projects::ApplicationController
 
   def milestones
     @milestones ||= begin
-      if @project.group && can?(current_user, :read_group, @project.group)
-        group = @project.group
-      end
-
-      search_params = params.merge(project_ids: @project.id, group_ids: group&.id)
-
       MilestonesFinder.new(search_params).execute
     end
   end
@@ -113,4 +107,12 @@ class Projects::MilestonesController < Projects::ApplicationController
   def milestone_params
     params.require(:milestone).permit(:title, :description, :start_date, :due_date, :state_event)
   end
+
+  def search_params
+    if @project.group && can?(current_user, :read_group, @project.group)
+      group = @project.group
+    end
+
+    params.permit(:state).merge(project_ids: @project.id, group_ids: group&.id)
+  end
 end
diff --git a/app/finders/milestones_finder.rb b/app/finders/milestones_finder.rb
index 0a5a0ea2f35..b4605fca193 100644
--- a/app/finders/milestones_finder.rb
+++ b/app/finders/milestones_finder.rb
@@ -46,11 +46,7 @@ class MilestonesFinder
   end
 
   def order(items)
-    if params.has_key?(:order)
-      items.reorder(params[:order])
-    else
-      order_statement = Gitlab::Database.nulls_last_order('due_date', 'ASC')
-      items.reorder(order_statement)
-    end
+    order_statement = Gitlab::Database.nulls_last_order('due_date', 'ASC')
+    items.reorder(order_statement).order('title ASC')
   end
 end
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index 5e3b2e5581c..a6e1de6ffdc 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -1,6 +1,8 @@
 module BlobHelper
   def highlight(blob_name, blob_content, repository: nil, plain: false)
+    plain ||= blob_content.length > Blob::MAXIMUM_TEXT_HIGHLIGHT_SIZE
     highlighted = Gitlab::Highlight.highlight(blob_name, blob_content, plain: plain, repository: repository)
+
     raw %(<pre class="code highlight"><code>#{highlighted}</code></pre>)
   end
 
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index 0f110bd25c5..64cd3032780 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -72,7 +72,7 @@ module IssuesHelper
     if item.try(:expired?)
       'status-box-expired'
     elsif item.try(:merged?)
-      'status-box-merged'
+      'status-box-mr-merged'
     elsif item.closed?
       'status-box-mr-closed'
     elsif item.try(:upcoming?)
diff --git a/app/helpers/todos_helper.rb b/app/helpers/todos_helper.rb
index e7c953e749e..ddb48371c79 100644
--- a/app/helpers/todos_helper.rb
+++ b/app/helpers/todos_helper.rb
@@ -54,8 +54,16 @@ module TodosHelper
   def todo_target_state_pill(todo)
     return unless show_todo_state?(todo)
 
+    type =
+      case todo.target
+      when MergeRequest
+        'mr'
+      when Issue
+        'issue'
+      end
+
     content_tag(:span, nil, class: 'target-status') do
-      content_tag(:span, nil, class: "status-box status-box-#{todo.target.state.dasherize}") do
+      content_tag(:span, nil, class: "status-box status-box-#{type}-#{todo.target.state.dasherize}") do
         todo.target.state.capitalize
       end
     end
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 6012dbba1b9..df67fb243ad 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -8,6 +8,7 @@ module Ci
 
     MissingDependenciesError = Class.new(StandardError)
 
+    belongs_to :project, inverse_of: :builds
     belongs_to :runner
     belongs_to :trigger_request
     belongs_to :erased_by, class_name: 'User'
diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb
index d4690da3be6..d7153d7b816 100644
--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -7,7 +7,7 @@ module Ci
     include Presentable
     include Gitlab::OptimisticLocking
 
-    belongs_to :project
+    belongs_to :project, inverse_of: :pipelines
     belongs_to :user
     belongs_to :auto_canceled_by, class_name: 'Ci::Pipeline'
     belongs_to :pipeline_schedule, class_name: 'Ci::PipelineSchedule'
diff --git a/app/models/commit.rb b/app/models/commit.rb
index 39d7f5b159d..2d2d89af030 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -238,6 +238,10 @@ class Commit
     notes.includes(:author)
   end
 
+  def merge_requests
+    @merge_requests ||= project.merge_requests.by_commit_sha(sha)
+  end
+
   def method_missing(method, *args, &block)
     @raw.__send__(method, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
   end
@@ -342,10 +346,11 @@ class Commit
     @merged_merge_request_hash[current_user]
   end
 
-  def has_been_reverted?(current_user, noteable = self)
+  def has_been_reverted?(current_user, notes_association = nil)
     ext = all_references(current_user)
+    notes_association ||= notes_with_associations
 
-    noteable.notes_with_associations.system.each do |note|
+    notes_association.system.each do |note|
       note.all_references(current_user, extractor: ext)
     end
 
@@ -367,19 +372,19 @@ class Commit
   #   uri_type('doc/README.md') # => :blob
   #   uri_type('doc/logo.png')  # => :raw
   #   uri_type('doc/api')       # => :tree
-  #   uri_type('not/found')     # => :nil
+  #   uri_type('not/found')     # => nil
   #
   # Returns a symbol
   def uri_type(path)
-    entry = @raw.rugged_tree_entry(path)
+    entry = @raw.tree_entry(path)
+    return unless entry
+
     if entry[:type] == :blob
       blob = ::Blob.decorate(Gitlab::Git::Blob.new(name: entry[:name]), @project)
       blob.image? || blob.video? ? :raw : :blob
     else
       entry[:type]
     end
-  rescue Rugged::TreeError
-    nil
   end
 
   def raw_diffs(*args)
diff --git a/app/models/concerns/resolvable_discussion.rb b/app/models/concerns/resolvable_discussion.rb
index b6c7b6735b9..7c236369793 100644
--- a/app/models/concerns/resolvable_discussion.rb
+++ b/app/models/concerns/resolvable_discussion.rb
@@ -1,5 +1,6 @@
 module ResolvableDiscussion
   extend ActiveSupport::Concern
+  include ::Gitlab::Utils::StrongMemoize
 
   included do
     # A number of properties of this `Discussion`, like `first_note` and `resolvable?`, are memoized.
@@ -31,27 +32,37 @@ module ResolvableDiscussion
   end
 
   def resolvable?
-    @resolvable ||= potentially_resolvable? && notes.any?(&:resolvable?)
+    strong_memoize(:resolvable) do
+      potentially_resolvable? && notes.any?(&:resolvable?)
+    end
   end
 
   def resolved?
-    @resolved ||= resolvable? && notes.none?(&:to_be_resolved?)
+    strong_memoize(:resolved) do
+      resolvable? && notes.none?(&:to_be_resolved?)
+    end
   end
 
   def first_note
-    @first_note ||= notes.first
+    strong_memoize(:first_note) do
+      notes.first
+    end
   end
 
   def first_note_to_resolve
     return unless resolvable?
 
-    @first_note_to_resolve ||= notes.find(&:to_be_resolved?) # rubocop:disable Gitlab/ModuleWithInstanceVariables
+    strong_memoize(:first_note_to_resolve) do
+      notes.find(&:to_be_resolved?)
+    end
   end
 
   def last_resolved_note
     return unless resolved?
 
-    @last_resolved_note ||= resolved_notes.sort_by(&:resolved_at).last # rubocop:disable Gitlab/ModuleWithInstanceVariables
+    strong_memoize(:last_resolved_note) do
+      resolved_notes.sort_by(&:resolved_at).last
+    end
   end
 
   def resolved_notes
@@ -93,8 +104,8 @@ module ResolvableDiscussion
     # Set the notes array to the updated notes
     @notes = notes_relation.fresh.to_a # rubocop:disable Gitlab/ModuleWithInstanceVariables
 
-    self.class.memoized_values.each do |var|
-      instance_variable_set(:"@#{var}", nil)
+    self.class.memoized_values.each do |name|
+      clear_memoization(name)
     end
   end
 end
diff --git a/app/models/concerns/sha_attribute.rb b/app/models/concerns/sha_attribute.rb
index 67ecf470f7e..703a72c355c 100644
--- a/app/models/concerns/sha_attribute.rb
+++ b/app/models/concerns/sha_attribute.rb
@@ -3,6 +3,7 @@ module ShaAttribute
 
   module ClassMethods
     def sha_attribute(name)
+      return if ENV['STATIC_VERIFICATION']
       return unless table_exists?
 
       column = columns.find { |c| c.name == name.to_s }
diff --git a/app/models/deploy_key.rb b/app/models/deploy_key.rb
index eae5eee4fee..c2e0a5fa126 100644
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -1,10 +1,16 @@
 class DeployKey < Key
-  has_many :deploy_keys_projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+  include IgnorableColumn
+
+  has_many :deploy_keys_projects, inverse_of: :deploy_key, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
   has_many :projects, through: :deploy_keys_projects
 
   scope :in_projects, ->(projects) { joins(:deploy_keys_projects).where('deploy_keys_projects.project_id in (?)', projects) }
   scope :are_public,  -> { where(public: true) }
 
+  ignore_column :can_push
+
+  accepts_nested_attributes_for :deploy_keys_projects
+
   def private?
     !public?
   end
@@ -22,10 +28,18 @@ class DeployKey < Key
   end
 
   def has_access_to?(project)
-    projects.include?(project)
+    deploy_keys_project_for(project).present?
   end
 
   def can_push_to?(project)
-    can_push? && has_access_to?(project)
+    !!deploy_keys_project_for(project)&.can_push?
+  end
+
+  def deploy_keys_project_for(project)
+    deploy_keys_projects.find_by(project: project)
+  end
+
+  def projects_with_write_access
+    Project.preload(:route).where(id: deploy_keys_projects.with_write_access.select(:project_id))
   end
 end
diff --git a/app/models/deploy_keys_project.rb b/app/models/deploy_keys_project.rb
index b37b9bfbdac..6eef12c4373 100644
--- a/app/models/deploy_keys_project.rb
+++ b/app/models/deploy_keys_project.rb
@@ -1,8 +1,14 @@
 class DeployKeysProject < ActiveRecord::Base
   belongs_to :project
-  belongs_to :deploy_key
+  belongs_to :deploy_key, inverse_of: :deploy_keys_projects
 
-  validates :deploy_key_id, presence: true
+  scope :without_project_deleted,  -> { joins(:project).where(projects: { pending_delete: false }) }
+  scope :in_project, ->(project) { where(project: project) }
+  scope :with_write_access, -> { where(can_push: true) }
+
+  accepts_nested_attributes_for :deploy_key
+
+  validates :deploy_key, presence: true
   validates :deploy_key_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
   validates :project_id, presence: true
 
diff --git a/app/models/global_milestone.rb b/app/models/global_milestone.rb
index c0864769314..dc2f6817190 100644
--- a/app/models/global_milestone.rb
+++ b/app/models/global_milestone.rb
@@ -44,10 +44,10 @@ class GlobalMilestone
   def self.group_milestones_states_count(group)
     return STATE_COUNT_HASH unless group
 
-    params = { group_ids: [group.id], state: 'all', order: nil }
+    params = { group_ids: [group.id], state: 'all' }
 
     relation = MilestonesFinder.new(params).execute
-    grouped_by_state = relation.group(:state).count
+    grouped_by_state = relation.reorder(nil).group(:state).count
 
     {
       opened: grouped_by_state['active'] || 0,
@@ -60,10 +60,10 @@ class GlobalMilestone
   def self.legacy_group_milestone_states_count(projects)
     return STATE_COUNT_HASH unless projects
 
-    params = { project_ids: projects.map(&:id), state: 'all', order: nil }
+    params = { project_ids: projects.map(&:id), state: 'all' }
 
     relation = MilestonesFinder.new(params).execute
-    project_milestones_by_state_and_title = relation.group(:state, :title).count
+    project_milestones_by_state_and_title = relation.reorder(nil).group(:state, :title).count
 
     opened = count_by_state(project_milestones_by_state_and_title, 'active')
     closed = count_by_state(project_milestones_by_state_and_title, 'closed')
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb
index 5a70e114f56..27729deeac9 100644
--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -4,6 +4,7 @@ class WebHook < ActiveRecord::Base
   has_many :web_hook_logs, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
 
   validates :url, presence: true, url: true
+  validates :token, format: { without: /\n/ }
 
   def execute(data, hook_name)
     WebHookService.new(self, data, hook_name).execute
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 2669d2a6ff3..8028ff3875b 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -140,7 +140,9 @@ class MergeRequest < ActiveRecord::Base
   scope :merged, -> { with_state(:merged) }
   scope :closed_and_merged, -> { with_states(:closed, :merged) }
   scope :from_source_branches, ->(branches) { where(source_branch: branches) }
-
+  scope :by_commit_sha, ->(sha) do
+    where('EXISTS (?)', MergeRequestDiff.select(1).where('merge_requests.latest_merge_request_diff_id = merge_request_diffs.id').by_commit_sha(sha)).reorder(nil)
+  end
   scope :join_project, -> { joins(:target_project) }
   scope :references_project, -> { references(:target_project) }
   scope :assigned, -> { where("assignee_id IS NOT NULL") }
@@ -982,7 +984,16 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def can_be_reverted?(current_user)
-    merge_commit && !merge_commit.has_been_reverted?(current_user, self)
+    return false unless merge_commit
+
+    merged_at = metrics&.merged_at
+    notes_association = notes_with_associations
+
+    if merged_at
+      notes_association = notes_association.where('created_at > ?', merged_at)
+    end
+
+    !merge_commit.has_been_reverted?(current_user, notes_association)
   end
 
   def can_be_cherry_picked?
diff --git a/app/models/merge_request_diff.rb b/app/models/merge_request_diff.rb
index afab72930c1..69a846da9be 100644
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -28,6 +28,9 @@ class MergeRequestDiff < ActiveRecord::Base
   end
 
   scope :viewable, -> { without_state(:empty) }
+  scope :by_commit_sha, ->(sha) do
+    joins(:merge_request_diff_commits).where(merge_request_diff_commits: { sha: sha }).reorder(nil)
+  end
 
   scope :recent, -> { order(id: :desc).limit(100) }
 
diff --git a/app/models/project.rb b/app/models/project.rb
index 029f2da2e4e..d011b614c69 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -20,6 +20,7 @@ class Project < ActiveRecord::Base
   include GroupDescendant
   include Gitlab::SQL::Pattern
   include DeploymentPlatform
+  include ::Gitlab::Utils::StrongMemoize
 
   extend Gitlab::ConfigHelper
   extend Gitlab::CurrentSettings
@@ -198,13 +199,13 @@ class Project < ActiveRecord::Base
   has_many :container_repositories, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
 
   has_many :commit_statuses
-  has_many :pipelines, class_name: 'Ci::Pipeline'
+  has_many :pipelines, class_name: 'Ci::Pipeline', inverse_of: :project
 
   # Ci::Build objects store data on the file system such as artifact files and
   # build traces. Currently there's no efficient way of removing this data in
   # bulk that doesn't involve loading the rows into memory. As a result we're
   # still using `dependent: :destroy` here.
-  has_many :builds, class_name: 'Ci::Build', dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+  has_many :builds, class_name: 'Ci::Build', inverse_of: :project, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
   has_many :build_trace_section_names, class_name: 'Ci::BuildTraceSectionName'
   has_many :runner_projects, class_name: 'Ci::RunnerProject'
   has_many :runners, through: :runner_projects, source: :runner, class_name: 'Ci::Runner'
@@ -993,9 +994,13 @@ class Project < ActiveRecord::Base
   end
 
   def repo_exists?
-    @repo_exists ||= repository.exists?
-  rescue
-    @repo_exists = false
+    strong_memoize(:repo_exists) do
+      begin
+        repository.exists?
+      rescue
+        false
+      end
+    end
   end
 
   def root_ref?(branch)
diff --git a/app/models/push_event.rb b/app/models/push_event.rb
index 83ce9014094..90c085c888e 100644
--- a/app/models/push_event.rb
+++ b/app/models/push_event.rb
@@ -46,10 +46,11 @@ class PushEvent < Event
 
   # Returns PushEvent instances for which no merge requests have been created.
   def self.without_existing_merge_requests
-    existing_mrs = MergeRequest.except(:order)
+    existing_mrs = MergeRequest.except(:order, :where)
       .select(1)
       .where('merge_requests.source_project_id = events.project_id')
       .where('merge_requests.source_branch = push_event_payloads.ref')
+      .where(state: :opened)
 
     # For reasons unknown the use of #eager_load will result in the
     # "push_event_payload" association not being set. Because of this we're
diff --git a/app/models/repository.rb b/app/models/repository.rb
index d27212b2058..b4bc0f87458 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -831,13 +831,12 @@ class Repository
   end
 
   def can_be_merged?(source_sha, target_branch)
-    our_commit = rugged.branches[target_branch].target
-    their_commit = rugged.lookup(source_sha)
-
-    if our_commit && their_commit
-      !rugged.merge_commits(our_commit, their_commit).conflicts?
-    else
-      false
+    raw_repository.gitaly_migrate(:can_be_merged) do |is_enabled|
+      if is_enabled
+        gitaly_can_be_merged?(source_sha, find_branch(target_branch).target)
+      else
+        rugged_can_be_merged?(source_sha, target_branch)
+      end
     end
   end
 
@@ -895,15 +894,18 @@ class Repository
     branch = Gitlab::Git::Branch.find(self, branch_or_name)
 
     if branch
-      @root_ref_sha ||= commit(root_ref).sha
-      same_head = branch.target == @root_ref_sha
-      merged = ancestor?(branch.target, @root_ref_sha)
+      same_head = branch.target == root_ref_sha
+      merged = ancestor?(branch.target, root_ref_sha)
       !same_head && merged
     else
       nil
     end
   end
 
+  def root_ref_sha
+    @root_ref_sha ||= commit(root_ref).sha
+  end
+
   delegate :merged_branch_names, to: :raw_repository
 
   def merge_base(first_commit_id, second_commit_id)
@@ -930,15 +932,17 @@ class Repository
     return [] if empty? || query.blank?
 
     offset = 2
-    args = %W(grep -i -I -n --before-context #{offset} --after-context #{offset} -E -e #{Regexp.escape(query)} #{ref || root_ref})
+    args = %W(grep -i -I -n -z --before-context #{offset} --after-context #{offset} -E -e #{Regexp.escape(query)} #{ref || root_ref})
 
     run_git(args).first.scrub.split(/^--$/)
   end
 
   def search_files_by_name(query, ref)
-    return [] if empty? || query.blank?
+    safe_query = Regexp.escape(query.sub(/^\/*/, ""))
 
-    args = %W(ls-tree --full-tree -r #{ref || root_ref} --name-status | #{Regexp.escape(query)})
+    return [] if empty? || safe_query.blank?
+
+    args = %W(ls-tree --full-tree -r #{ref || root_ref} --name-status | #{safe_query})
 
     run_git(args).first.lines.map(&:strip)
   end
@@ -1129,6 +1133,14 @@ class Repository
     Gitlab::Git::Repository.new(project.repository_storage, disk_path + '.git', Gitlab::GlRepository.gl_repository(project, is_wiki))
   end
 
+  def gitaly_can_be_merged?(their_commit, our_commit)
+    !raw_repository.gitaly_conflicts_client(our_commit, their_commit).conflicts?
+  end
+
+  def rugged_can_be_merged?(their_commit, our_commit)
+    !rugged.merge_commits(our_commit, their_commit).conflicts?
+  end
+
   def find_commits_by_message_by_shelling_out(query, ref, path, limit, offset)
     ref ||= root_ref
 
diff --git a/app/models/route.rb b/app/models/route.rb
index 7ba3ec06041..412f5fb45a5 100644
--- a/app/models/route.rb
+++ b/app/models/route.rb
@@ -8,7 +8,7 @@ class Route < ActiveRecord::Base
     presence: true,
     uniqueness: { case_sensitive: false }
 
-  validate :ensure_permanent_paths
+  validate :ensure_permanent_paths, if: :path_changed?
 
   after_create :delete_conflicting_redirects
   after_update :delete_conflicting_redirects, if: :path_changed?
diff --git a/app/models/service.rb b/app/models/service.rb
index 7f260f7a96b..96a064697f0 100644
--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -118,6 +118,11 @@ class Service < ActiveRecord::Base
     nil
   end
 
+  def api_field_names
+    fields.map { |field| field[:name] }
+      .reject { |field_name| field_name =~ /(password|token|key)/ }
+  end
+
   def global_fields
     fields
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 4484ee9ff4c..09aa5a7b318 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -53,7 +53,10 @@ class User < ActiveRecord::Base
   serialize :otp_backup_codes, JSON # rubocop:disable Cop/ActiveRecordSerialize
 
   devise :lockable, :recoverable, :rememberable, :trackable,
-    :validatable, :omniauthable, :confirmable, :registerable
+         :validatable, :omniauthable, :confirmable, :registerable
+
+  BLOCKED_MESSAGE = "Your account has been blocked. Please contact your GitLab " \
+                    "administrator if you think this is an error.".freeze
 
   # Override Devise::Models::Trackable#update_tracked_fields!
   # to limit database writes to at most once every hour
@@ -217,8 +220,7 @@ class User < ActiveRecord::Base
       end
 
       def inactive_message
-        "Your account has been blocked. Please contact your GitLab " \
-          "administrator if you think this is an error."
+        BLOCKED_MESSAGE
       end
     end
   end
diff --git a/app/presenters/projects/settings/deploy_keys_presenter.rb b/app/presenters/projects/settings/deploy_keys_presenter.rb
index 229311eb6ee..c226586fba5 100644
--- a/app/presenters/projects/settings/deploy_keys_presenter.rb
+++ b/app/presenters/projects/settings/deploy_keys_presenter.rb
@@ -7,7 +7,7 @@ module Projects
       delegate :size, to: :available_public_keys, prefix: true
 
       def new_key
-        @key ||= DeployKey.new
+        @key ||= DeployKey.new.tap { |dk| dk.deploy_keys_projects.build }
       end
 
       def enabled_keys
diff --git a/app/serializers/deploy_key_entity.rb b/app/serializers/deploy_key_entity.rb
index c75431a79ae..2678f99510c 100644
--- a/app/serializers/deploy_key_entity.rb
+++ b/app/serializers/deploy_key_entity.rb
@@ -3,19 +3,20 @@ class DeployKeyEntity < Grape::Entity
   expose :user_id
   expose :title
   expose :fingerprint
-  expose :can_push
   expose :destroyed_when_orphaned?, as: :destroyed_when_orphaned
   expose :almost_orphaned?, as: :almost_orphaned
   expose :created_at
   expose :updated_at
-  expose :projects, using: ProjectEntity do |deploy_key|
-    deploy_key.projects.without_deleted.select { |project| options[:user].can?(:read_project, project) }
+  expose :deploy_keys_projects, using: DeployKeysProjectEntity do |deploy_key|
+    deploy_key.deploy_keys_projects
+              .without_project_deleted
+              .select { |deploy_key_project| Ability.allowed?(options[:user], :read_project, deploy_key_project.project) }
   end
   expose :can_edit
 
   private
 
   def can_edit
-    options[:user].can?(:update_deploy_key, object)
+    Ability.allowed?(options[:user], :update_deploy_key, object)
   end
 end
diff --git a/app/serializers/deploy_keys_project_entity.rb b/app/serializers/deploy_keys_project_entity.rb
new file mode 100644
index 00000000000..568ef5ab75e
--- /dev/null
+++ b/app/serializers/deploy_keys_project_entity.rb
@@ -0,0 +1,4 @@
+class DeployKeysProjectEntity < Grape::Entity
+  expose :can_push
+  expose :project, using: ProjectEntity
+end
diff --git a/app/services/labels/promote_service.rb b/app/services/labels/promote_service.rb
index 997d247be46..74a85e5c9f0 100644
--- a/app/services/labels/promote_service.rb
+++ b/app/services/labels/promote_service.rb
@@ -13,6 +13,7 @@ module Labels
           update_issuables(new_label, batched_ids)
           update_issue_board_lists(new_label, batched_ids)
           update_priorities(new_label, batched_ids)
+          subscribe_users(new_label, batched_ids)
           # Order is important, project labels need to be last
           update_project_labels(batched_ids)
         end
@@ -26,6 +27,15 @@ module Labels
 
     private
 
+    def subscribe_users(new_label, label_ids)
+      # users can be subscribed to multiple labels that will be merged into the group one
+      # we want to keep only one subscription / user
+      ids_to_update = Subscription.where(subscribable_id: label_ids, subscribable_type: 'Label')
+        .group(:user_id)
+        .pluck('MAX(id)')
+      Subscription.where(id: ids_to_update).update_all(subscribable_id: new_label.id)
+    end
+
     def label_ids_for_merge(new_label)
       LabelsFinder
         .new(current_user, title: new_label.title, group_id: project.group.id)
@@ -53,7 +63,7 @@ module Labels
     end
 
     def update_project_labels(label_ids)
-      Label.where(id: label_ids).delete_all
+      Label.where(id: label_ids).destroy_all
     end
 
     def clone_label_to_group_label(label)
diff --git a/app/services/merge_requests/create_from_issue_service.rb b/app/services/merge_requests/create_from_issue_service.rb
index 89dab1dd028..cf687b71d16 100644
--- a/app/services/merge_requests/create_from_issue_service.rb
+++ b/app/services/merge_requests/create_from_issue_service.rb
@@ -54,6 +54,7 @@ module MergeRequests
         source_project_id: project.id,
         source_branch: branch_name,
         target_project_id: project.id,
+        target_branch: ref,
         milestone_id: issue.milestone_id
       }
     end
diff --git a/app/services/merge_requests/create_service.rb b/app/services/merge_requests/create_service.rb
index 49cf534dc0d..634bf3bd690 100644
--- a/app/services/merge_requests/create_service.rb
+++ b/app/services/merge_requests/create_service.rb
@@ -1,15 +1,11 @@
 module MergeRequests
   class CreateService < MergeRequests::BaseService
     def execute
-      # @project is used to determine whether the user can set the merge request's
-      # assignee, milestone and labels. Whether they can depends on their
-      # permissions on the target project.
-      source_project = @project
-      @project = Project.find(params[:target_project_id]) if params[:target_project_id]
+      set_projects!
 
       merge_request = MergeRequest.new
       merge_request.target_project = @project
-      merge_request.source_project = source_project
+      merge_request.source_project = @source_project
       merge_request.source_branch = params[:source_branch]
       merge_request.merge_params['force_remove_source_branch'] = params.delete(:force_remove_source_branch)
 
@@ -58,5 +54,25 @@ module MergeRequests
 
       pipelines.order(id: :desc).first
     end
+
+    def set_projects!
+      # @project is used to determine whether the user can set the merge request's
+      # assignee, milestone and labels. Whether they can depends on their
+      # permissions on the target project.
+      @source_project = @project
+      @project = Project.find(params[:target_project_id]) if params[:target_project_id]
+
+      # make sure that source/target project ids are not in
+      # params so it can't be overridden later when updating attributes
+      # from params when applying quick actions
+      params.delete(:source_project_id)
+      params.delete(:target_project_id)
+
+      unless can?(current_user, :read_project, @source_project) &&
+          can?(current_user, :read_project, @project)
+
+        raise Gitlab::Access::AccessDeniedError
+      end
+    end
   end
 end
diff --git a/app/services/projects/gitlab_projects_import_service.rb b/app/services/projects/gitlab_projects_import_service.rb
index 4ca6414b73b..a3d7f5cbed5 100644
--- a/app/services/projects/gitlab_projects_import_service.rb
+++ b/app/services/projects/gitlab_projects_import_service.rb
@@ -26,7 +26,7 @@ module Projects
     end
 
     def tmp_filename
-      "#{SecureRandom.hex}_#{params[:path]}"
+      SecureRandom.hex
     end
 
     def file
diff --git a/app/services/system_hooks_service.rb b/app/services/system_hooks_service.rb
index 690918b4a00..af6d77ef5e8 100644
--- a/app/services/system_hooks_service.rb
+++ b/app/services/system_hooks_service.rb
@@ -41,8 +41,11 @@ class SystemHooksService
     when User
       data.merge!(user_data(model))
 
-      if event == :rename
+      case event
+      when :rename
         data[:old_username] = model.username_was
+      when :failed_login
+        data[:state] = model.state
       end
     when ProjectMember
       data.merge!(project_member_data(model))
diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index 30a5aab13bf..06b23cd7076 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -68,21 +68,14 @@ module SystemNoteService
   #
   # Returns the created Note object
   def change_issue_assignees(issue, project, author, old_assignees)
-    body =
-      if issue.assignees.any? && old_assignees.any?
-        unassigned_users = old_assignees - issue.assignees
-        added_users = issue.assignees.to_a - old_assignees
-
-        text_parts = []
-        text_parts << "assigned to #{added_users.map(&:to_reference).to_sentence}" if added_users.any?
-        text_parts << "unassigned #{unassigned_users.map(&:to_reference).to_sentence}" if unassigned_users.any?
-
-        text_parts.join(' and ')
-      elsif old_assignees.any?
-        "removed assignee"
-      elsif issue.assignees.any?
-        "assigned to #{issue.assignees.map(&:to_reference).to_sentence}"
-      end
+    unassigned_users = old_assignees - issue.assignees
+    added_users = issue.assignees.to_a - old_assignees
+
+    text_parts = []
+    text_parts << "assigned to #{added_users.map(&:to_reference).to_sentence}" if added_users.any?
+    text_parts << "unassigned #{unassigned_users.map(&:to_reference).to_sentence}" if unassigned_users.any?
+
+    body = text_parts.join(' and ')
 
     create_note(NoteSummary.new(issue, project, author, body, action: 'assignee'))
   end
diff --git a/app/services/web_hook_service.rb b/app/services/web_hook_service.rb
index 6ebc7c89500..36e589d5aa8 100644
--- a/app/services/web_hook_service.rb
+++ b/app/services/web_hook_service.rb
@@ -113,7 +113,7 @@ class WebHookService
         'Content-Type' => 'application/json',
         'X-Gitlab-Event' => hook_name.singularize.titleize
       }.tap do |hash|
-        hash['X-Gitlab-Token'] = hook.token if hook.token.present?
+        hash['X-Gitlab-Token'] = Gitlab::Utils.remove_line_breaks(hook.token) if hook.token.present?
       end
     end
   end
diff --git a/app/views/admin/dashboard/index.html.haml b/app/views/admin/dashboard/index.html.haml
index a24516355bf..509f559c120 100644
--- a/app/views/admin/dashboard/index.html.haml
+++ b/app/views/admin/dashboard/index.html.haml
@@ -4,6 +4,34 @@
 %div{ class: container_class }
   .admin-dashboard.prepend-top-default
     .row
+      .col-sm-4
+        .info-well.dark-well
+          .well-segment.well-centered
+            = link_to admin_projects_path do
+              %h3.text-center
+                Projects:
+                = number_with_delimiter(Project.cached_count)
+            %hr
+            = link_to('New project', new_project_path, class: "btn btn-new")
+      .col-sm-4
+        .info-well.dark-well
+          .well-segment.well-centered
+            = link_to admin_users_path do
+              %h3.text-center
+                Users:
+                = number_with_delimiter(User.count)
+            %hr
+            = link_to 'New user', new_admin_user_path, class: "btn btn-new"
+      .col-sm-4
+        .info-well.dark-well
+          .well-segment.well-centered
+            = link_to admin_groups_path do
+              %h3.text-center
+                Groups:
+                = number_with_delimiter(Group.count)
+            %hr
+            = link_to 'New group', new_admin_group_path, class: "btn btn-new"
+    .row
       .col-md-4
         .info-well
           .well-segment.admin-well.admin-well-statistics
@@ -136,34 +164,6 @@
               %span.pull-right
                 = Gitlab::Database.version
     .row
-      .col-sm-4
-        .info-well.dark-well
-          .well-segment.well-centered
-            = link_to admin_projects_path do
-              %h3.text-center
-                Projects:
-                = number_with_delimiter(Project.cached_count)
-            %hr
-            = link_to('New project', new_project_path, class: "btn btn-new")
-      .col-sm-4
-        .info-well.dark-well
-          .well-segment.well-centered
-            = link_to admin_users_path do
-              %h3.text-center
-                Users:
-                = number_with_delimiter(User.count)
-            %hr
-            = link_to 'New user', new_admin_user_path, class: "btn btn-new"
-      .col-sm-4
-        .info-well.dark-well
-          .well-segment.well-centered
-            = link_to admin_groups_path do
-              %h3.text-center
-                Groups:
-                = number_with_delimiter(Group.count)
-            %hr
-            = link_to 'New group', new_admin_group_path, class: "btn btn-new"
-    .row
       .col-md-4
         .info-well
           .well-segment.admin-well
diff --git a/app/views/admin/deploy_keys/index.html.haml b/app/views/admin/deploy_keys/index.html.haml
index 92370034baa..1420163fd5a 100644
--- a/app/views/admin/deploy_keys/index.html.haml
+++ b/app/views/admin/deploy_keys/index.html.haml
@@ -12,7 +12,7 @@
         %tr
           %th.col-sm-2 Title
           %th.col-sm-4 Fingerprint
-          %th.col-sm-2 Write access allowed
+          %th.col-sm-2 Projects with write access
           %th.col-sm-2 Added at
           %th.col-sm-2
       %tbody
@@ -23,10 +23,8 @@
             %td
               %code.key-fingerprint= deploy_key.fingerprint
             %td
-              - if deploy_key.can_push?
-                Yes
-              - else
-                No
+              - deploy_key.projects_with_write_access.each do |project|
+                = link_to project.full_name, admin_project_path(project), class: 'label deploy-project-label'
             %td
               %span.cgray
                 added #{time_ago_with_tooltip(deploy_key.created_at)}
diff --git a/app/views/dashboard/_activity_head.html.haml b/app/views/dashboard/_activity_head.html.haml
index ecdf76ef5c5..7a3f3667ac1 100644
--- a/app/views/dashboard/_activity_head.html.haml
+++ b/app/views/dashboard/_activity_head.html.haml
@@ -2,7 +2,7 @@
   %ul.nav-links
     %li{ class: active_when(params[:filter].nil?) }>
       = link_to activity_dashboard_path, class: 'shortcuts-activity', data: {placement: 'right'} do
-        Your Projects
+        Your projects
     %li{ class: active_when(params[:filter] == 'starred') }>
       = link_to activity_dashboard_path(filter: 'starred'), data: {placement: 'right'} do
-        Starred Projects
+        Starred projects
diff --git a/app/views/dashboard/_snippets_head.html.haml b/app/views/dashboard/_snippets_head.html.haml
index 7330f4cb523..a9488df07bd 100644
--- a/app/views/dashboard/_snippets_head.html.haml
+++ b/app/views/dashboard/_snippets_head.html.haml
@@ -2,10 +2,10 @@
   %ul.nav-links
     = nav_link(page: dashboard_snippets_path, html_options: {class: 'home'}) do
       = link_to dashboard_snippets_path, title: 'Your snippets', data: {placement: 'right'} do
-        Your Snippets
+        Your snippets
     = nav_link(page: explore_snippets_path) do
       = link_to explore_snippets_path, title: 'Explore snippets', data: {placement: 'right'} do
-        Explore Snippets
+        Explore snippets
 
   - if current_user
     .nav-controls.hidden-xs
diff --git a/app/views/dashboard/issues.html.haml b/app/views/dashboard/issues.html.haml
index 42941acc508..3e85535dae0 100644
--- a/app/views/dashboard/issues.html.haml
+++ b/app/views/dashboard/issues.html.haml
@@ -7,7 +7,7 @@
 .top-area
   = render 'shared/issuable/nav', type: :issues
   .nav-controls
-    = link_to params.merge(rss_url_options), class: 'btn has-tooltip', title: 'Subscribe' do
+    = link_to params.merge(rss_url_options), class: 'btn has-tooltip', data: { container: 'body' }, title: 'Subscribe' do
       = icon('rss')
     = render 'shared/new_project_item_select', path: 'issues/new', label: "New issue", with_feature_enabled: 'issues', type: :issues
 
diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml
index 46727811be4..e7fc83a8d04 100644
--- a/app/views/layouts/header/_default.html.haml
+++ b/app/views/layouts/header/_default.html.haml
@@ -6,8 +6,10 @@
         %h1.title
           = link_to root_path, title: 'Dashboard', id: 'logo' do
             = brand_header_logo
-            %span.logo-text.hidden-xs
-              = brand_header_logo_type
+            - logo_text = brand_header_logo_type
+            - if logo_text.present?
+              %span.logo-text.hidden-xs
+                = logo_text
 
         - if current_user
           = render "layouts/nav/dashboard"
diff --git a/app/views/layouts/nav/sidebar/_group.html.haml b/app/views/layouts/nav/sidebar/_group.html.haml
index 0c27b09f7b1..96aae06a9df 100644
--- a/app/views/layouts/nav/sidebar/_group.html.haml
+++ b/app/views/layouts/nav/sidebar/_group.html.haml
@@ -1,5 +1,5 @@
-- issues = IssuesFinder.new(current_user, group_id: @group.id, state: 'opened').execute
-- merge_requests = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened', non_archived: true).execute
+- issues_count = IssuesFinder.new(current_user, group_id: @group.id, state: 'opened').execute.count
+- merge_requests_count = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened', non_archived: true).execute.count
 
 .nav-sidebar{ class: ("sidebar-collapsed-desktop" if collapsed_sidebar?) }
   .nav-sidebar-inner-scroll
@@ -39,14 +39,14 @@
             = sprite_icon('issues')
           %span.nav-item-name
             Issues
-          %span.badge.count= number_with_delimiter(issues.count)
+          %span.badge.count= number_with_delimiter(issues_count)
 
         %ul.sidebar-sub-level-items
           = nav_link(path: ['groups#issues', 'labels#index', 'milestones#index'], html_options: { class: "fly-out-top-item" } ) do
             = link_to issues_group_path(@group) do
               %strong.fly-out-top-item-name
                 #{ _('Issues') }
-              %span.badge.count.issue_counter.fly-out-badge= number_with_delimiter(issues.count)
+              %span.badge.count.issue_counter.fly-out-badge= number_with_delimiter(issues_count)
           %li.divider.fly-out-top-item
           = nav_link(path: 'groups#issues', html_options: { class: 'home' }) do
             = link_to issues_group_path(@group), title: 'List' do
@@ -69,13 +69,13 @@
             = sprite_icon('git-merge')
           %span.nav-item-name
             Merge Requests
-          %span.badge.count= number_with_delimiter(merge_requests.count)
+          %span.badge.count= number_with_delimiter(merge_requests_count)
         %ul.sidebar-sub-level-items.is-fly-out-only
           = nav_link(path: 'groups#merge_requests', html_options: { class: "fly-out-top-item" } ) do
             = link_to merge_requests_group_path(@group) do
               %strong.fly-out-top-item-name
                 #{ _('Merge Requests') }
-              %span.badge.count.merge_counter.js-merge-counter.fly-out-badge= number_with_delimiter(merge_requests.count)
+              %span.badge.count.merge_counter.js-merge-counter.fly-out-badge= number_with_delimiter(merge_requests_count)
       = nav_link(path: 'group_members#index') do
         = link_to group_group_members_path(@group) do
           .nav-icon-container
diff --git a/app/views/profiles/gpg_keys/index.html.haml b/app/views/profiles/gpg_keys/index.html.haml
index 86ebec0179c..e44506ec9c9 100644
--- a/app/views/profiles/gpg_keys/index.html.haml
+++ b/app/views/profiles/gpg_keys/index.html.haml
@@ -3,12 +3,12 @@
 = render 'profiles/head'
 
 .row.prepend-top-default
-  .col-lg-3.profile-settings-sidebar
+  .col-lg-4.profile-settings-sidebar
     %h4.prepend-top-0
       = page_title
     %p
       GPG keys allow you to verify signed commits.
-  .col-lg-9
+  .col-lg-8
     %h5.prepend-top-0
       Add a GPG key
     %p.profile-settings-content
diff --git a/app/views/projects/_export.html.haml b/app/views/projects/_export.html.haml
index c5b1897c492..e759c87bda7 100644
--- a/app/views/projects/_export.html.haml
+++ b/app/views/projects/_export.html.haml
@@ -30,7 +30,7 @@
           %li CI variables
           %li Any encrypted tokens
     %p
-      Once the exported file is ready, you will receive a notification email with a download link.
+      Once the exported file is ready, you will receive a notification email with a download link, or you can download it from this page.
     - if project.export_project_path
       = link_to 'Download export',  download_export_project_path(project),
               rel: 'nofollow', download: '', method: :get, class: "btn btn-default"
diff --git a/app/views/projects/_new_project_fields.html.haml b/app/views/projects/_new_project_fields.html.haml
index bd99eb93cc8..d367bd6be7b 100644
--- a/app/views/projects/_new_project_fields.html.haml
+++ b/app/views/projects/_new_project_fields.html.haml
@@ -34,7 +34,7 @@
 .form-group.visibility-level-setting
   = f.label :visibility_level, class: 'label-light' do
     Visibility Level
-    = link_to icon('question-circle'), help_page_path("public_access/public_access"), aria: { label: 'Documentation for Visibility Level' }
+    = link_to icon('question-circle'), help_page_path("public_access/public_access"), aria: { label: 'Documentation for Visibility Level' }, target: '_blank', rel: 'noopener noreferrer'
   = render 'shared/visibility_level', f: f, visibility_level: visibility_level.to_i, can_change_visibility_level: true, form_model: @project, with_label: false
 
 = f.submit 'Create project', class: "btn btn-create project-submit", tabindex: 4
diff --git a/app/views/projects/blob/_new_dir.html.haml b/app/views/projects/blob/_new_dir.html.haml
index 03ab1bb59e4..5d48a35dc4c 100644
--- a/app/views/projects/blob/_new_dir.html.haml
+++ b/app/views/projects/blob/_new_dir.html.haml
@@ -1,5 +1,5 @@
 #modal-create-new-dir.modal
-  .modal-dialog
+  .modal-dialog.modal-lg
     .modal-content
       .modal-header
         %a.close{ href: "#", "data-dismiss" => "modal" } ×
diff --git a/app/views/projects/blob/_upload.html.haml b/app/views/projects/blob/_upload.html.haml
index 05b7dfe2872..21b6aa4bad9 100644
--- a/app/views/projects/blob/_upload.html.haml
+++ b/app/views/projects/blob/_upload.html.haml
@@ -1,5 +1,5 @@
 #modal-upload-blob.modal
-  .modal-dialog
+  .modal-dialog.modal-lg
     .modal-content
       .modal-header
         %a.close{ href: "#", "data-dismiss" => "modal" } ×
diff --git a/app/views/projects/buttons/_dropdown.html.haml b/app/views/projects/buttons/_dropdown.html.haml
index 8e8c911185a..a94d9c14722 100644
--- a/app/views/projects/buttons/_dropdown.html.haml
+++ b/app/views/projects/buttons/_dropdown.html.haml
@@ -10,37 +10,28 @@
 
       - if can_create_issue
         %li
-          = link_to new_project_issue_path(@project) do
-            #{ _('New issue') }
-
+          = link_to _('New issue'), new_project_issue_path(@project)
       - if merge_project
         %li
-          = link_to project_new_merge_request_path(merge_project) do
-            #{ _('New merge request') }
-
+          = link_to _('New merge request'), project_new_merge_request_path(merge_project)
       - if can_create_snippet
         %li
-          = link_to new_project_snippet_path(@project) do
-            #{ _('New snippet') }
+          = link_to _('New snippet'), new_project_snippet_path(@project)
 
       - if can_create_issue || merge_project || can_create_snippet
         %li.divider
 
       - if can?(current_user, :push_code, @project)
         %li
-          = link_to project_new_blob_path(@project, @project.default_branch || 'master') do
-            #{ _('New file') }
+          = link_to _('New file'), project_new_blob_path(@project, @project.default_branch || 'master')
         - unless @project.empty_repo?
           %li
-            = link_to new_project_branch_path(@project) do
-              #{ _('New branch') }
+            = link_to _('New branch'), new_project_branch_path(@project)
           %li
-            = link_to new_project_tag_path(@project) do
-              #{ _('New tag') }
+            = link_to _('New tag'), new_project_tag_path(@project)
       - elsif current_user && current_user.already_forked?(@project)
         %li
-          = link_to project_new_blob_path(@project, @project.default_branch || 'master') do
-            #{ _('New file') }
+          = link_to _('New file'), project_new_blob_path(@project, @project.default_branch || 'master')
       - elsif can?(current_user, :fork_project, @project)
         %li
           - continue_params = { to:         project_new_blob_path(@project, @project.default_branch || 'master'),
@@ -48,5 +39,4 @@
                                 notice_now: edit_in_new_fork_notice_now }
           - fork_path = project_forks_path(@project, namespace_key:  current_user.namespace.id,
                                                                                   continue:       continue_params)
-          = link_to fork_path, method: :post do
-            #{ _('New file') }
+          = link_to _('New file'), fork_path, method: :post
diff --git a/app/views/projects/commit/_commit_box.html.haml b/app/views/projects/commit/_commit_box.html.haml
index 09934c09865..461129a3e0e 100644
--- a/app/views/projects/commit/_commit_box.html.haml
+++ b/app/views/projects/commit/_commit_box.html.haml
@@ -64,6 +64,12 @@
     .commit-info.branches
       %i.fa.fa-spinner.fa-spin
 
+  .well-segment.merge-request-info
+    .icon-container
+      = custom_icon('mr_bold')
+    %span.commit-info.merge-requests{ 'data-project-commit-path' => merge_requests_project_commit_path(@project, @commit.id, format: :json) }
+      = icon('spinner spin')
+
   - if @commit.last_pipeline
     - last_pipeline = @commit.last_pipeline
     .well-segment.pipeline-info
diff --git a/app/views/projects/deploy_keys/_form.html.haml b/app/views/projects/deploy_keys/_form.html.haml
index edaa3a1119e..c363180d0db 100644
--- a/app/views/projects/deploy_keys/_form.html.haml
+++ b/app/views/projects/deploy_keys/_form.html.haml
@@ -10,13 +10,15 @@
     %p.light.append-bottom-0
       Paste a machine public key here. Read more about how to generate it
       = link_to "here", help_page_path("ssh/README")
-  .form-group
-    .checkbox
-      = f.label :can_push do
-        = f.check_box :can_push
-        %strong Write access allowed
-  .form-group
-    %p.light.append-bottom-0
-      Allow this key to push to repository as well? (Default only allows pull access.)
+
+  = f.fields_for :deploy_keys_projects do |deploy_keys_project_form|
+    .form-group
+      .checkbox
+        = deploy_keys_project_form.label :can_push do
+          = deploy_keys_project_form.check_box :can_push
+          %strong Write access allowed
+    .form-group
+      %p.light.append-bottom-0
+        Allow this key to push to repository as well? (Default only allows pull access.)
 
   = f.submit "Add key", class: "btn-create btn"
diff --git a/app/views/projects/forks/index.html.haml b/app/views/projects/forks/index.html.haml
index 111cbcda266..21a4702a2a9 100644
--- a/app/views/projects/forks/index.html.haml
+++ b/app/views/projects/forks/index.html.haml
@@ -31,11 +31,11 @@
     - if current_user && can?(current_user, :fork_project, @project)
       - if current_user.already_forked?(@project) && current_user.manageable_namespaces.size < 2
         = link_to namespace_project_path(current_user, current_user.fork_of(@project)), title: 'Go to your fork', class: 'btn btn-new' do
-          = custom_icon('icon_fork')
+          = sprite_icon('fork', size: 12)
           %span Fork
       - else
         = link_to new_project_fork_path(@project), title: "Fork project", class: 'btn btn-new' do
-          = custom_icon('icon_fork')
+          = sprite_icon('fork', size: 12)
           %span Fork
 
 
diff --git a/app/views/projects/jobs/_empty_state.html.haml b/app/views/projects/jobs/_empty_state.html.haml
index c66313bdbf3..311934d9c33 100644
--- a/app/views/projects/jobs/_empty_state.html.haml
+++ b/app/views/projects/jobs/_empty_state.html.haml
@@ -1,7 +1,7 @@
 - illustration = local_assigns.fetch(:illustration)
 - illustration_size = local_assigns.fetch(:illustration_size)
 - title = local_assigns.fetch(:title)
-- content = local_assigns.fetch(:content)
+- content = local_assigns.fetch(:content, nil)
 - action = local_assigns.fetch(:action, nil)
 
 .row.empty-state
@@ -11,7 +11,8 @@
   .col-xs-12
     .text-content
       %h4.text-center= title
-      %p= content
+      - if content
+        %p= content
       - if action
         .text-center
           = action
diff --git a/app/views/projects/jobs/_sidebar.html.haml b/app/views/projects/jobs/_sidebar.html.haml
index a71333497e6..e779473c239 100644
--- a/app/views/projects/jobs/_sidebar.html.haml
+++ b/app/views/projects/jobs/_sidebar.html.haml
@@ -24,7 +24,7 @@
           - elsif @build.has_expiring_artifacts?
             %p.build-detail-row
               The artifacts will be removed in
-              %span.js-artifacts-remove= @build.artifacts_expire_at
+              %span= time_ago_in_words @build.artifacts_expire_at
 
           - if @build.artifacts?
             .btn-group.btn-group-justified{ role: :group }
diff --git a/app/views/projects/jobs/_table.html.haml b/app/views/projects/jobs/_table.html.haml
index 82806f022ee..d124d3ebfc1 100644
--- a/app/views/projects/jobs/_table.html.haml
+++ b/app/views/projects/jobs/_table.html.haml
@@ -22,4 +22,4 @@
 
       = render partial: "projects/ci/builds/build", collection: builds, as: :build, locals: { commit_sha: true, ref: true, pipeline_link: true, stage: true, allow_retry: true, admin: admin }
 
-  = paginate builds, theme: 'gitlab'
+  = paginate_collection(builds)
diff --git a/app/views/projects/jobs/show.html.haml b/app/views/projects/jobs/show.html.haml
index 8b05440fc78..1e6d6f67e66 100644
--- a/app/views/projects/jobs/show.html.haml
+++ b/app/views/projects/jobs/show.html.haml
@@ -93,14 +93,13 @@
         illustration: 'illustrations/manual_action.svg',
         illustration_size: 'svg-394',
         title: _('This job requires a manual action'),
-        content: _('This job depends on a user to trigger its process. Often they are used to deploy code to production environments.'),
-        action: ( link_to _('Trigger this manual action'), play_project_job_path(@project, @build), class: 'btn btn-primary', title: _('Trigger this manual action') )
+        content: _('This job depends on a user to trigger its process. Often they are used to deploy code to production environments'),
+        action: ( link_to _('Trigger this manual action'), play_project_job_path(@project, @build), method: :post, class: 'btn btn-primary', title: _('Trigger this manual action') )
     - else
       = render 'empty_state',
         illustration: 'illustrations/job_not_triggered.svg',
         illustration_size: 'svg-306',
-        title: _('This job has not been triggered yet'),
-        content: _('This job depends on upstream jobs that need to succeed in order for this job to be triggered.')
+        title: _('This job has not been triggered yet')
 
   = render "sidebar"
 
diff --git a/app/views/projects/merge_requests/creations/_diffs.html.haml b/app/views/projects/merge_requests/creations/_diffs.html.haml
index 627fc4e9671..5b70e894b39 100644
--- a/app/views/projects/merge_requests/creations/_diffs.html.haml
+++ b/app/views/projects/merge_requests/creations/_diffs.html.haml
@@ -1 +1,5 @@
-= render "projects/diffs/diffs", diffs: @diffs, environment: @environment, show_whitespace_toggle: false
+- if @merge_request.can_be_created
+  = render "projects/diffs/diffs", diffs: @diffs, environment: @environment, show_whitespace_toggle: false
+- else
+  .nothing-here-block
+    This merge request cannot be created.
diff --git a/app/views/projects/merge_requests/creations/_new_submit.html.haml b/app/views/projects/merge_requests/creations/_new_submit.html.haml
index 4b5fa28078a..376ac377562 100644
--- a/app/views/projects/merge_requests/creations/_new_submit.html.haml
+++ b/app/views/projects/merge_requests/creations/_new_submit.html.haml
@@ -15,7 +15,7 @@
   = f.hidden_field :source_project_id
   = f.hidden_field :source_branch
   = f.hidden_field :target_project_id
-  = f.hidden_field :target_branch
+  = f.hidden_field :target_branch, id: ''
 
 .mr-compare.merge-request.js-merge-request-new-submit{ 'data-mr-submit-action': "#{j params[:tab].presence || 'new'}" }
   - if @commits.empty?
diff --git a/app/views/projects/protected_branches/shared/_dropdown.html.haml b/app/views/projects/protected_branches/shared/_dropdown.html.haml
index 6e9c473494e..74435236808 100644
--- a/app/views/projects/protected_branches/shared/_dropdown.html.haml
+++ b/app/views/projects/protected_branches/shared/_dropdown.html.haml
@@ -10,6 +10,6 @@
 
   %ul.dropdown-footer-list
     %li
-      %button{ class: "create-new-protected-branch-button js-create-new-protected-branch", title: "New Protected Branch" }
+      %button{ class: "dropdown-create-new-item-button js-dropdown-create-new-item", title: "New Protected Branch" }
         Create wildcard
         %code
diff --git a/app/views/projects/protected_tags/shared/_dropdown.html.haml b/app/views/projects/protected_tags/shared/_dropdown.html.haml
index 9b6923210f7..f0d7dcccd36 100644
--- a/app/views/projects/protected_tags/shared/_dropdown.html.haml
+++ b/app/views/projects/protected_tags/shared/_dropdown.html.haml
@@ -10,6 +10,6 @@
 
   %ul.dropdown-footer-list
     %li
-      %button{ class: "create-new-protected-tag-button js-create-new-protected-tag", title: "New Protected Tag" }
+      %button{ class: "dropdown-create-new-item-button js-dropdown-create-new-item", title: "New Protected Tag" }
         Create wildcard
         %code
diff --git a/app/views/projects/runners/_shared_runners.html.haml b/app/views/projects/runners/_shared_runners.html.haml
index a4e820628f3..67607e4e9c6 100644
--- a/app/views/projects/runners/_shared_runners.html.haml
+++ b/app/views/projects/runners/_shared_runners.html.haml
@@ -23,6 +23,3 @@
   %h4.underlined-title Available shared Runners : #{@shared_runners_count}
   %ul.bordered-list.available-shared-runners
     = render partial: 'projects/runners/runner', collection: @shared_runners, as: :runner
-  - if @shared_runners_count > 10
-    .light
-      and #{@shared_runners_count - 10} more...
diff --git a/app/views/shared/deploy_keys/_form.html.haml b/app/views/shared/deploy_keys/_form.html.haml
index e6075c3ae3a..87c2965bb21 100644
--- a/app/views/shared/deploy_keys/_form.html.haml
+++ b/app/views/shared/deploy_keys/_form.html.haml
@@ -1,5 +1,6 @@
 - form = local_assigns.fetch(:form)
 - deploy_key = local_assigns.fetch(:deploy_key)
+- deploy_keys_project = deploy_key.deploy_keys_project_for(@project)
 
 = form_errors(deploy_key)
 
@@ -20,11 +21,13 @@
     .col-sm-10
       = form.text_field :fingerprint, class: 'form-control', readonly: 'readonly'
 
-.form-group
-  .control-label
-  .col-sm-10
-    = form.label :can_push do
-      = form.check_box :can_push
-      %strong Write access allowed
-    %p.light.append-bottom-0
-      Allow this key to push to repository as well? (Default only allows pull access.)
+- if deploy_keys_project.present?
+  = form.fields_for :deploy_keys_projects, deploy_keys_project do |deploy_keys_project_form|
+    .form-group
+      .control-label
+      .col-sm-10
+        = deploy_keys_project_form.label :can_push do
+          = deploy_keys_project_form.check_box :can_push
+          %strong Write access allowed
+        %p.light.append-bottom-0
+          Allow this key to push to repository as well? (Default only allows pull access.)
diff --git a/app/views/shared/issuable/form/_branch_chooser.html.haml b/app/views/shared/issuable/form/_branch_chooser.html.haml
index 203d2adc8db..9a589387255 100644
--- a/app/views/shared/issuable/form/_branch_chooser.html.haml
+++ b/app/views/shared/issuable/form/_branch_chooser.html.haml
@@ -15,11 +15,10 @@
   = form.label :target_branch, class: 'control-label'
   .col-sm-10.target-branch-select-dropdown-container
     .issuable-form-select-holder
-      = form.select(:target_branch, issuable.target_branches,
-        { include_blank: true },
+      = form.hidden_field(:target_branch,
         { class: 'target_branch js-target-branch-select ref-name',
           disabled: issuable.new_record?,
-          data: { placeholder: "Select branch" }})
+          data: { placeholder: "Select branch", endpoint: refs_project_path(@project, sort: 'updated_desc', find: 'branches') }})
     - if issuable.new_record?
       &nbsp;
       = link_to 'Change branches', mr_change_branches_path(issuable)
diff --git a/app/views/shared/projects/_project.html.haml b/app/views/shared/projects/_project.html.haml
index 63aa4e29ec9..2a75b46d376 100644
--- a/app/views/shared/projects/_project.html.haml
+++ b/app/views/shared/projects/_project.html.haml
@@ -52,7 +52,7 @@
             = render_project_pipeline_status(project.pipeline_status)
         - if forks
           %span.prepend-left-10
-            = sprite_icon('fork')
+            = sprite_icon('fork', size: 12)
             = number_with_delimiter(project.forks_count)
         - if stars
           %span.prepend-left-10
diff --git a/app/workers/concerns/project_import_options.rb b/app/workers/concerns/project_import_options.rb
index 10b971344f7..ef23990ad97 100644
--- a/app/workers/concerns/project_import_options.rb
+++ b/app/workers/concerns/project_import_options.rb
@@ -1,9 +1,9 @@
 module ProjectImportOptions
   extend ActiveSupport::Concern
 
-  included do
-    IMPORT_RETRY_COUNT = 5
+  IMPORT_RETRY_COUNT = 5
 
+  included do
     sidekiq_options retry: IMPORT_RETRY_COUNT, status_expiration: StuckImportJobsWorker::IMPORT_JOBS_EXPIRATION
 
     # We only want to mark the project as failed once we exhausted all retries
diff --git a/app/workers/repository_fork_worker.rb b/app/workers/repository_fork_worker.rb
index d1c57b82681..07584fab7c8 100644
--- a/app/workers/repository_fork_worker.rb
+++ b/app/workers/repository_fork_worker.rb
@@ -17,10 +17,7 @@ class RepositoryForkWorker
                                           project.repository_storage_path, project.disk_path)
     raise "Unable to fork project #{project_id} for repository #{source_disk_path} -> #{project.disk_path}" unless result
 
-    project.repository.after_import
-    raise "Project #{project_id} had an invalid repository after fork" unless project.valid_repo?
-
-    project.import_finish
+    project.after_import
   end
 
   private
diff --git a/changelogs/unreleased-ee/4378-fix-cluster-js-not-running-on-update-page.yml b/changelogs/unreleased-ee/4378-fix-cluster-js-not-running-on-update-page.yml
new file mode 100644
index 00000000000..bbb6cbd05be
--- /dev/null
+++ b/changelogs/unreleased-ee/4378-fix-cluster-js-not-running-on-update-page.yml
@@ -0,0 +1,5 @@
+---
+title: Fix JavaScript bundle running on Cluster update/destroy pages
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/16301-update-removed-assignee-note-to-include-old-assignee-reference.yml b/changelogs/unreleased/16301-update-removed-assignee-note-to-include-old-assignee-reference.yml
new file mode 100644
index 00000000000..e94b4f8bb26
--- /dev/null
+++ b/changelogs/unreleased/16301-update-removed-assignee-note-to-include-old-assignee-reference.yml
@@ -0,0 +1,5 @@
+---
+title: "Update 'removed assignee' note to include old assignee reference"
+merge_request: 16301
+author: Maurizio De Santis
+type: changed
diff --git a/changelogs/unreleased/16468-add-fast-blank.yml b/changelogs/unreleased/16468-add-fast-blank.yml
new file mode 100644
index 00000000000..ef68888ae33
--- /dev/null
+++ b/changelogs/unreleased/16468-add-fast-blank.yml
@@ -0,0 +1,5 @@
+---
+title: "Add fast-blank"
+merge_request: 16468
+author:
+type: performance
diff --git a/changelogs/unreleased/19493-fork-does-not-protect-default-branch.yml b/changelogs/unreleased/19493-fork-does-not-protect-default-branch.yml
new file mode 100644
index 00000000000..962f918e9db
--- /dev/null
+++ b/changelogs/unreleased/19493-fork-does-not-protect-default-branch.yml
@@ -0,0 +1,5 @@
+---
+title: Makes forking protect default branch on completion
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/36571-ignore-root-in-repo.yml b/changelogs/unreleased/36571-ignore-root-in-repo.yml
new file mode 100644
index 00000000000..396e82be51b
--- /dev/null
+++ b/changelogs/unreleased/36571-ignore-root-in-repo.yml
@@ -0,0 +1,5 @@
+---
+title: Ignore leading slashes when searching for files within context of repository.
+merge_request:
+author: Andrew McCallum
+type: fixed
diff --git a/changelogs/unreleased/37199-labels-fix.yml b/changelogs/unreleased/37199-labels-fix.yml
new file mode 100644
index 00000000000..bd70babb73d
--- /dev/null
+++ b/changelogs/unreleased/37199-labels-fix.yml
@@ -0,0 +1,5 @@
+---
+title: Keep subscribers when promoting labels to group labels
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/37898-increase-readability-of-colored-text-in-job-output-log.yml b/changelogs/unreleased/37898-increase-readability-of-colored-text-in-job-output-log.yml
new file mode 100644
index 00000000000..813b9ab81fa
--- /dev/null
+++ b/changelogs/unreleased/37898-increase-readability-of-colored-text-in-job-output-log.yml
@@ -0,0 +1,5 @@
+---
+title: increase-readability-of-colored-text-in-job-output-log
+merge_request:
+author:
+type: other
diff --git a/changelogs/unreleased/38540-ssh-env-file.yml b/changelogs/unreleased/38540-ssh-env-file.yml
new file mode 100644
index 00000000000..5ada0ede76d
--- /dev/null
+++ b/changelogs/unreleased/38540-ssh-env-file.yml
@@ -0,0 +1,6 @@
+---
+title: 'Closes #38540 - Remove .ssh/environment file that now breaks the gitlab:check
+  rake task'
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/40492-update-admin-dashboard-content-order.yml b/changelogs/unreleased/40492-update-admin-dashboard-content-order.yml
new file mode 100644
index 00000000000..2416b15b6d5
--- /dev/null
+++ b/changelogs/unreleased/40492-update-admin-dashboard-content-order.yml
@@ -0,0 +1,5 @@
+---
+title: Move row containing Projects, Users and Groups count to the top in admin dashboard
+merge_request: 16421
+author:
+type: changed
diff --git a/changelogs/unreleased/40818-last-push-widget-does-not-appear-after-pushing-new-commit.yml b/changelogs/unreleased/40818-last-push-widget-does-not-appear-after-pushing-new-commit.yml
new file mode 100644
index 00000000000..c57caf31d10
--- /dev/null
+++ b/changelogs/unreleased/40818-last-push-widget-does-not-appear-after-pushing-new-commit.yml
@@ -0,0 +1,5 @@
+---
+title: Last push widget will show banner for new pushes to previously merged branch
+merge_request:
+author:
+type: changed
diff --git a/changelogs/unreleased/41118-add-sorting-to-deployments-api.yml b/changelogs/unreleased/41118-add-sorting-to-deployments-api.yml
new file mode 100644
index 00000000000..a08f75f9fb9
--- /dev/null
+++ b/changelogs/unreleased/41118-add-sorting-to-deployments-api.yml
@@ -0,0 +1,5 @@
+---
+title: Adds sorting to deployments API
+merge_request: !16396
+author: Jacopo Beschi @jacopo-beschi
+type: added
diff --git a/changelogs/unreleased/41163-improve-cluster-ingress-extra-cost-language.yml b/changelogs/unreleased/41163-improve-cluster-ingress-extra-cost-language.yml
new file mode 100644
index 00000000000..9c48831855c
--- /dev/null
+++ b/changelogs/unreleased/41163-improve-cluster-ingress-extra-cost-language.yml
@@ -0,0 +1,5 @@
+---
+title: Improve wording about additional costs for Ingress on custom clusters
+merge_request:
+author:
+type: changed
diff --git a/changelogs/unreleased/41476-enable-project-milestons-deletion-via-api.yml b/changelogs/unreleased/41476-enable-project-milestons-deletion-via-api.yml
new file mode 100644
index 00000000000..bb5c1fdf082
--- /dev/null
+++ b/changelogs/unreleased/41476-enable-project-milestons-deletion-via-api.yml
@@ -0,0 +1,5 @@
+---
+title: Enables Project Milestone Deletion via the API
+merge_request: 16478
+author: Jacopo Beschi @jacopo-beschi
+type: added
diff --git a/changelogs/unreleased/41546-count-query-for-issues-and-mrs-runs-twice-on-group-index.yml b/changelogs/unreleased/41546-count-query-for-issues-and-mrs-runs-twice-on-group-index.yml
new file mode 100644
index 00000000000..7e42dc20ae8
--- /dev/null
+++ b/changelogs/unreleased/41546-count-query-for-issues-and-mrs-runs-twice-on-group-index.yml
@@ -0,0 +1,5 @@
+---
+title: Fix double query execution on groups page
+merge_request: 16314
+author:
+type: performance
diff --git a/changelogs/unreleased/41666-cannot-search-with-keyword-merge-2.yml b/changelogs/unreleased/41666-cannot-search-with-keyword-merge-2.yml
new file mode 100644
index 00000000000..48893862071
--- /dev/null
+++ b/changelogs/unreleased/41666-cannot-search-with-keyword-merge-2.yml
@@ -0,0 +1,5 @@
+---
+title: Only highlight search results under the highlighting size limit
+merge_request: 16462
+author:
+type: performance
diff --git a/changelogs/unreleased/41666-cannot-search-with-keyword-merge.yml b/changelogs/unreleased/41666-cannot-search-with-keyword-merge.yml
new file mode 100644
index 00000000000..3a6fa425c9c
--- /dev/null
+++ b/changelogs/unreleased/41666-cannot-search-with-keyword-merge.yml
@@ -0,0 +1,6 @@
+---
+title: Fix file search results when they match file contents with a number between
+  two colons
+merge_request: 16462
+author:
+type: fixed
diff --git a/changelogs/unreleased/41727-target-branch-name.yml b/changelogs/unreleased/41727-target-branch-name.yml
new file mode 100644
index 00000000000..aaedf6f1d12
--- /dev/null
+++ b/changelogs/unreleased/41727-target-branch-name.yml
@@ -0,0 +1,5 @@
+---
+title: Set target_branch to the ref branch when creating MR from issue
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/41731-predicate-memoization.yml b/changelogs/unreleased/41731-predicate-memoization.yml
new file mode 100644
index 00000000000..110f78063f4
--- /dev/null
+++ b/changelogs/unreleased/41731-predicate-memoization.yml
@@ -0,0 +1,5 @@
+---
+title: Properly memoize some predicate methods
+merge_request: 16329
+author:
+type: performance
diff --git a/changelogs/unreleased/41749-postgres-9-6-for-ci-tests.yml b/changelogs/unreleased/41749-postgres-9-6-for-ci-tests.yml
new file mode 100644
index 00000000000..2a3d00f8e5f
--- /dev/null
+++ b/changelogs/unreleased/41749-postgres-9-6-for-ci-tests.yml
@@ -0,0 +1,5 @@
+---
+title: Add reason to keep postgresql 9.2 for CI
+merge_request: 16277
+author: Takuya Noguchi
+type: other
diff --git a/changelogs/unreleased/41807-15665-consistently-502s-because-it-fetches-every-commit.yml b/changelogs/unreleased/41807-15665-consistently-502s-because-it-fetches-every-commit.yml
new file mode 100644
index 00000000000..146ae12afbd
--- /dev/null
+++ b/changelogs/unreleased/41807-15665-consistently-502s-because-it-fetches-every-commit.yml
@@ -0,0 +1,6 @@
+---
+title: Speed up loading merged merge requests when they contained a lot of commits
+  before merging
+merge_request: 16320
+author:
+type: performance
diff --git a/changelogs/unreleased/41874-closed-todo.yml b/changelogs/unreleased/41874-closed-todo.yml
new file mode 100644
index 00000000000..615bd011579
--- /dev/null
+++ b/changelogs/unreleased/41874-closed-todo.yml
@@ -0,0 +1,5 @@
+---
+title: Fix closed text for issues on Todos page
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/41882-respect-only-path-in-relative-link-filter.yml b/changelogs/unreleased/41882-respect-only-path-in-relative-link-filter.yml
new file mode 100644
index 00000000000..d4b7ec6a3b5
--- /dev/null
+++ b/changelogs/unreleased/41882-respect-only-path-in-relative-link-filter.yml
@@ -0,0 +1,5 @@
+---
+title: Ensure that emails contain absolute, rather than relative, links to user uploads
+merge_request: 16364
+author:
+type: fixed
diff --git a/changelogs/unreleased/41956-fix-ctrl-enter-binding-to-save-comment.yml b/changelogs/unreleased/41956-fix-ctrl-enter-binding-to-save-comment.yml
new file mode 100644
index 00000000000..32a6f87d98e
--- /dev/null
+++ b/changelogs/unreleased/41956-fix-ctrl-enter-binding-to-save-comment.yml
@@ -0,0 +1,5 @@
+---
+title: Fix Ctrl+Enter keyboard shortcut saving comment/note edit
+merge_request: 16415
+author:
+type: fixed
diff --git a/changelogs/unreleased/42025-fix-issue-api.yml b/changelogs/unreleased/42025-fix-issue-api.yml
new file mode 100644
index 00000000000..abb83bb2fad
--- /dev/null
+++ b/changelogs/unreleased/42025-fix-issue-api.yml
@@ -0,0 +1,5 @@
+---
+title: "[API] Fix creating issue when assignee_id is empty"
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/42031-fix-links-to-uploads-in-wikis.yml b/changelogs/unreleased/42031-fix-links-to-uploads-in-wikis.yml
new file mode 100644
index 00000000000..027cb414f23
--- /dev/null
+++ b/changelogs/unreleased/42031-fix-links-to-uploads-in-wikis.yml
@@ -0,0 +1,5 @@
+---
+title: Fix links to uploaded files on wiki pages
+merge_request: 16499
+author:
+type: fixed
diff --git a/changelogs/unreleased/42046-fork-icon.yml b/changelogs/unreleased/42046-fork-icon.yml
new file mode 100644
index 00000000000..def89ff7b08
--- /dev/null
+++ b/changelogs/unreleased/42046-fork-icon.yml
@@ -0,0 +1,5 @@
+---
+title: Fix giant fork icons on forks page
+merge_request: 16474
+author:
+type: fixed
diff --git a/changelogs/unreleased/42047-pg-10-support.yml b/changelogs/unreleased/42047-pg-10-support.yml
new file mode 100644
index 00000000000..f98e59329c3
--- /dev/null
+++ b/changelogs/unreleased/42047-pg-10-support.yml
@@ -0,0 +1,5 @@
+---
+title: Support PostgreSQL 10
+merge_request: 16471
+author:
+type: added
diff --git a/changelogs/unreleased/42055-update-marked-from-0-3-6-to-0-3-12.yml b/changelogs/unreleased/42055-update-marked-from-0-3-6-to-0-3-12.yml
new file mode 100644
index 00000000000..2b043761856
--- /dev/null
+++ b/changelogs/unreleased/42055-update-marked-from-0-3-6-to-0-3-12.yml
@@ -0,0 +1,5 @@
+---
+title: Update marked from 0.3.6 to 0.3.12
+merge_request: 16480
+author: Takuya Noguchi
+type: security
diff --git a/changelogs/unreleased/disable-pages-on-jobs.yml b/changelogs/unreleased/disable-pages-on-jobs.yml
new file mode 100644
index 00000000000..629768efce1
--- /dev/null
+++ b/changelogs/unreleased/disable-pages-on-jobs.yml
@@ -0,0 +1,6 @@
+---
+title: Use simple Next/Prev paging for jobs to avoid large count queries on arbitrarily
+  large sets of historical jobs
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/display-mr-in-commit-page.yml b/changelogs/unreleased/display-mr-in-commit-page.yml
new file mode 100644
index 00000000000..a9224c00b66
--- /dev/null
+++ b/changelogs/unreleased/display-mr-in-commit-page.yml
@@ -0,0 +1,5 @@
+---
+title: Add link on commit page to merge request that introduced that commit
+merge_request: 13713
+author: Hiroyuki Sato
+type: added
diff --git a/changelogs/unreleased/feature-39591-visibility-level.yml b/changelogs/unreleased/feature-39591-visibility-level.yml
new file mode 100644
index 00000000000..4bbc9bdbb2e
--- /dev/null
+++ b/changelogs/unreleased/feature-39591-visibility-level.yml
@@ -0,0 +1,5 @@
+---
+title: Open visibility level help in a new tab
+merge_request:
+author: Jussi Räsänen
+type: fixed
diff --git a/changelogs/unreleased/fix-gb-improve-manual-action-tooltips.yml b/changelogs/unreleased/fix-gb-improve-manual-action-tooltips.yml
new file mode 100644
index 00000000000..31b4734bc79
--- /dev/null
+++ b/changelogs/unreleased/fix-gb-improve-manual-action-tooltips.yml
@@ -0,0 +1,5 @@
+---
+title: Fix tooltip displayed for running manual actions
+merge_request: 16489
+author:
+type: fixed
diff --git a/changelogs/unreleased/fix_gitlab-ce-41891.yml b/changelogs/unreleased/fix_gitlab-ce-41891.yml
new file mode 100644
index 00000000000..56bdc1a7c32
--- /dev/null
+++ b/changelogs/unreleased/fix_gitlab-ce-41891.yml
@@ -0,0 +1,5 @@
+---
+title: 'Fix custom header logo design nitpick: Remove unneeded margin on empty logo text'
+merge_request: 16383
+author: Markus Doits
+type: fixed
diff --git a/changelogs/unreleased/fj-41598-fixing-request-mime-type.yml b/changelogs/unreleased/fj-41598-fixing-request-mime-type.yml
new file mode 100644
index 00000000000..85e4d78b2df
--- /dev/null
+++ b/changelogs/unreleased/fj-41598-fixing-request-mime-type.yml
@@ -0,0 +1,5 @@
+---
+title: Fixing rack request mime type when using rack attack
+merge_request: 16427
+author:
+type: fixed
diff --git a/changelogs/unreleased/issue_41460.yml b/changelogs/unreleased/issue_41460.yml
new file mode 100644
index 00000000000..24d3eae6bf8
--- /dev/null
+++ b/changelogs/unreleased/issue_41460.yml
@@ -0,0 +1,5 @@
+---
+title: Fix error on changes tab when merge request cannot be created
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/jej-lfs-rev-list-handles-non-utf-paths-41627.yml b/changelogs/unreleased/jej-lfs-rev-list-handles-non-utf-paths-41627.yml
new file mode 100644
index 00000000000..24f18c07ac5
--- /dev/null
+++ b/changelogs/unreleased/jej-lfs-rev-list-handles-non-utf-paths-41627.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent RevList failing on non utf8 paths
+merge_request: 16440
+author:
+type: fixed
diff --git a/changelogs/unreleased/merge-request-target-branch-perf.yml b/changelogs/unreleased/merge-request-target-branch-perf.yml
new file mode 100644
index 00000000000..37e326bfde3
--- /dev/null
+++ b/changelogs/unreleased/merge-request-target-branch-perf.yml
@@ -0,0 +1,5 @@
+---
+title: Improve performance of target branch dropdown
+merge_request:
+author:
+type: performance
diff --git a/changelogs/unreleased/mk-fix-permanent-redirect-validation.yml b/changelogs/unreleased/mk-fix-permanent-redirect-validation.yml
new file mode 100644
index 00000000000..153b2ccc25c
--- /dev/null
+++ b/changelogs/unreleased/mk-fix-permanent-redirect-validation.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent invalid Route path if path is unchanged
+merge_request: 16397
+author:
+type: fixed
diff --git a/changelogs/unreleased/mr-status-box-update.yml b/changelogs/unreleased/mr-status-box-update.yml
new file mode 100644
index 00000000000..68265be16a1
--- /dev/null
+++ b/changelogs/unreleased/mr-status-box-update.yml
@@ -0,0 +1,5 @@
+---
+title: Fixed merge request status badge not updating after merging
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/sh-log-when-user-blocked.yml b/changelogs/unreleased/sh-log-when-user-blocked.yml
new file mode 100644
index 00000000000..9abf2017514
--- /dev/null
+++ b/changelogs/unreleased/sh-log-when-user-blocked.yml
@@ -0,0 +1,5 @@
+---
+title: Log and send a system hook if a blocked user attempts to login
+merge_request:
+author:
+type: added
diff --git a/changelogs/unreleased/sh-remove-shared-runners-and-more.yml b/changelogs/unreleased/sh-remove-shared-runners-and-more.yml
new file mode 100644
index 00000000000..cc079617883
--- /dev/null
+++ b/changelogs/unreleased/sh-remove-shared-runners-and-more.yml
@@ -0,0 +1,5 @@
+---
+title: Remove erroneous text in shared runners page that suggested more runners available
+merge_request:
+author:
+type: fixed
diff --git a/changelogs/unreleased/winh-style-modals.yml b/changelogs/unreleased/winh-style-modals.yml
new file mode 100644
index 00000000000..b7d0293960d
--- /dev/null
+++ b/changelogs/unreleased/winh-style-modals.yml
@@ -0,0 +1,5 @@
+---
+title: Adjust modal style to new design
+merge_request: 16310
+author:
+type: other
diff --git a/config/initializers/ar5_pg_10_support.rb b/config/initializers/ar5_pg_10_support.rb
new file mode 100644
index 00000000000..6fae770015c
--- /dev/null
+++ b/config/initializers/ar5_pg_10_support.rb
@@ -0,0 +1,57 @@
+raise "Vendored ActiveRecord 5 code! Delete #{__FILE__}!" if ActiveRecord::VERSION::MAJOR >= 5
+
+require 'active_record/connection_adapters/postgresql_adapter'
+require 'active_record/connection_adapters/postgresql/schema_statements'
+
+#
+# Monkey-patch the refused Rails 4.2 patch at https://github.com/rails/rails/pull/31330
+#
+# Updates sequence logic to support PostgreSQL 10.
+#
+# rubocop:disable all
+module ActiveRecord
+  module ConnectionAdapters
+
+    # We need #postgresql_version to be public as in ActiveRecord 5 for seed_fu
+    # to work. In ActiveRecord 4, it is protected.
+    # https://github.com/mbleigh/seed-fu/issues/123
+    class PostgreSQLAdapter
+      public :postgresql_version
+    end
+
+    module PostgreSQL
+      module SchemaStatements
+        # Resets the sequence of a table's primary key to the maximum value.
+        def reset_pk_sequence!(table, pk = nil, sequence = nil) #:nodoc:
+          unless pk and sequence
+            default_pk, default_sequence = pk_and_sequence_for(table)
+
+            pk ||= default_pk
+            sequence ||= default_sequence
+          end
+
+          if @logger && pk && !sequence
+            @logger.warn "#{table} has primary key #{pk} with no default sequence"
+          end
+
+          if pk && sequence
+            quoted_sequence = quote_table_name(sequence)
+            max_pk = select_value("SELECT MAX(#{quote_column_name pk}) FROM #{quote_table_name(table)}")
+            if max_pk.nil?
+              if postgresql_version >= 100000
+                minvalue = select_value("SELECT seqmin FROM pg_sequence WHERE seqrelid = #{quote(quoted_sequence)}::regclass")
+              else
+                minvalue = select_value("SELECT min_value FROM #{quoted_sequence}")
+              end
+            end
+
+            select_value <<-end_sql, 'SCHEMA'
+              SELECT setval(#{quote(quoted_sequence)}, #{max_pk ? max_pk : minvalue}, #{max_pk ? true : false})
+            end_sql
+          end
+        end
+      end
+    end
+  end
+end
+# rubocop:enable all
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 3d83fb92d56..ee034d21eae 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -2,4 +2,8 @@ Rails.application.configure do |config|
   Warden::Manager.after_set_user do |user, auth, opts|
     Gitlab::Auth::UniqueIpsLimiter.limit_user!(user)
   end
+
+  Warden::Manager.before_failure do |env, opts|
+    Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
+  end
 end
diff --git a/config/routes/project.rb b/config/routes/project.rb
index bdf4b199c0a..43ada9ba145 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -50,6 +50,7 @@ constraints(ProjectUrlConstrainer.new) do
           post :revert
           post :cherry_pick
           get :diff_for_path
+          get :merge_requests
         end
       end
 
diff --git a/db/migrate/20170827123848_add_index_on_merge_request_diff_commit_sha.rb b/db/migrate/20170827123848_add_index_on_merge_request_diff_commit_sha.rb
new file mode 100644
index 00000000000..1b360b231a8
--- /dev/null
+++ b/db/migrate/20170827123848_add_index_on_merge_request_diff_commit_sha.rb
@@ -0,0 +1,17 @@
+# rubocop:disable RemoveIndex
+
+class AddIndexOnMergeRequestDiffCommitSha < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :merge_request_diff_commits, :sha, length: Gitlab::Database.mysql? ? 20 : nil
+  end
+
+  def down
+    remove_index :merge_request_diff_commits, :sha if index_exists? :merge_request_diff_commits, :sha
+  end
+end
diff --git a/db/migrate/20171207185153_add_merge_request_state_index.rb b/db/migrate/20171207185153_add_merge_request_state_index.rb
new file mode 100644
index 00000000000..72f846c5c38
--- /dev/null
+++ b/db/migrate/20171207185153_add_merge_request_state_index.rb
@@ -0,0 +1,18 @@
+class AddMergeRequestStateIndex < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :merge_requests, [:source_project_id, :source_branch],
+                         where: "state = 'opened'",
+                         name: 'index_merge_requests_on_source_project_and_branch_state_opened'
+  end
+
+  def down
+    remove_concurrent_index_by_name :merge_requests,
+                                    'index_merge_requests_on_source_project_and_branch_state_opened'
+  end
+end
diff --git a/db/migrate/20171211145425_add_can_push_to_deploy_keys_projects.rb b/db/migrate/20171211145425_add_can_push_to_deploy_keys_projects.rb
new file mode 100644
index 00000000000..5dc723db9f9
--- /dev/null
+++ b/db/migrate/20171211145425_add_can_push_to_deploy_keys_projects.rb
@@ -0,0 +1,15 @@
+class AddCanPushToDeployKeysProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :deploy_keys_projects, :can_push, :boolean, default: false, allow_null: false
+  end
+
+  def down
+    remove_column :deploy_keys_projects, :can_push
+  end
+end
diff --git a/db/migrate/20171215113714_populate_can_push_from_deploy_keys_projects.rb b/db/migrate/20171215113714_populate_can_push_from_deploy_keys_projects.rb
new file mode 100644
index 00000000000..ec0427a8e5a
--- /dev/null
+++ b/db/migrate/20171215113714_populate_can_push_from_deploy_keys_projects.rb
@@ -0,0 +1,44 @@
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class PopulateCanPushFromDeployKeysProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+  disable_ddl_transaction!
+
+  class DeploysKeyProject < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'deploy_keys_projects'
+  end
+
+  def up
+    DeploysKeyProject.each_batch(of: 10_000) do |batch|
+      start_id, end_id = batch.pluck('MIN(id), MAX(id)').first
+
+      execute <<-EOF
+        UPDATE deploy_keys_projects
+        SET can_push = keys.can_push
+        FROM keys
+        WHERE deploy_key_id = keys.id
+        AND deploy_keys_projects.id BETWEEN #{start_id} AND #{end_id}
+      EOF
+    end
+  end
+
+  def down
+    DeploysKeyProject.each_batch(of: 10_000) do |batch|
+      start_id, end_id = batch.pluck('MIN(id), MAX(id)').first
+
+      execute <<-EOF
+        UPDATE keys
+        SET can_push = deploy_keys_projects.can_push
+        FROM deploy_keys_projects
+        WHERE deploy_keys_projects.deploy_key_id = keys.id
+        AND deploy_keys_projects.id BETWEEN #{start_id} AND #{end_id}
+      EOF
+    end
+  end
+end
diff --git a/db/post_migrate/20171215121205_post_populate_can_push_from_deploy_keys_projects.rb b/db/post_migrate/20171215121205_post_populate_can_push_from_deploy_keys_projects.rb
new file mode 100644
index 00000000000..05d236f8e96
--- /dev/null
+++ b/db/post_migrate/20171215121205_post_populate_can_push_from_deploy_keys_projects.rb
@@ -0,0 +1,43 @@
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class PostPopulateCanPushFromDeployKeysProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+  disable_ddl_transaction!
+
+  class DeploysKeyProject < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'deploy_keys_projects'
+  end
+
+  def up
+    DeploysKeyProject.each_batch(of: 10_000) do |batch|
+      start_id, end_id = batch.pluck('MIN(id), MAX(id)').first
+
+      execute <<-EOF
+        UPDATE deploy_keys_projects
+        SET can_push = keys.can_push
+        FROM keys
+        WHERE deploy_key_id = keys.id
+        AND deploy_keys_projects.id BETWEEN #{start_id} AND #{end_id}
+      EOF
+    end
+  end
+
+  def down
+    DeploysKeyProject.each_batch(of: 10_000) do |batch|
+      start_id, end_id = batch.pluck('MIN(id), MAX(id)').first
+
+      execute <<-EOF
+        UPDATE keys
+        SET can_push = deploy_keys_projects.can_push
+        FROM deploy_keys_projects
+        WHERE deploy_keys_projects.deploy_key_id = keys.id
+        AND deploy_keys_projects.id BETWEEN #{start_id} AND #{end_id}
+      EOF
+    end
+  end
+end
diff --git a/db/post_migrate/20171215121259_remove_can_push_from_keys.rb b/db/post_migrate/20171215121259_remove_can_push_from_keys.rb
new file mode 100644
index 00000000000..0599811d986
--- /dev/null
+++ b/db/post_migrate/20171215121259_remove_can_push_from_keys.rb
@@ -0,0 +1,17 @@
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class RemoveCanPushFromKeys < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+  disable_ddl_transaction!
+
+  def up
+    remove_column :keys, :can_push
+  end
+
+  def down
+    add_column_with_default :keys, :can_push, :boolean, default: false, allow_null: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 8a6db61250b..13913b49902 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -626,6 +626,7 @@ ActiveRecord::Schema.define(version: 20180105212544) do
     t.integer "project_id", null: false
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.boolean "can_push", default: false, null: false
   end
 
   add_index "deploy_keys_projects", ["project_id"], name: "index_deploy_keys_projects_on_project_id", using: :btree
@@ -896,7 +897,6 @@ ActiveRecord::Schema.define(version: 20180105212544) do
     t.string "type"
     t.string "fingerprint"
     t.boolean "public", default: false, null: false
-    t.boolean "can_push", default: false, null: false
     t.datetime "last_used_at"
   end
 
@@ -1013,6 +1013,7 @@ ActiveRecord::Schema.define(version: 20180105212544) do
   end
 
   add_index "merge_request_diff_commits", ["merge_request_diff_id", "relative_order"], name: "index_merge_request_diff_commits_on_mr_diff_id_and_order", unique: true, using: :btree
+  add_index "merge_request_diff_commits", ["sha"], name: "index_merge_request_diff_commits_on_sha", using: :btree
 
   create_table "merge_request_diff_files", id: false, force: :cascade do |t|
     t.integer "merge_request_diff_id", null: false
@@ -1108,6 +1109,7 @@ ActiveRecord::Schema.define(version: 20180105212544) do
   add_index "merge_requests", ["merge_user_id"], name: "index_merge_requests_on_merge_user_id", where: "(merge_user_id IS NOT NULL)", using: :btree
   add_index "merge_requests", ["milestone_id"], name: "index_merge_requests_on_milestone_id", using: :btree
   add_index "merge_requests", ["source_branch"], name: "index_merge_requests_on_source_branch", using: :btree
+  add_index "merge_requests", ["source_project_id", "source_branch"], name: "index_merge_requests_on_source_project_and_branch_state_opened", where: "((state)::text = 'opened'::text)", using: :btree
   add_index "merge_requests", ["source_project_id", "source_branch"], name: "index_merge_requests_on_source_project_id_and_source_branch", using: :btree
   add_index "merge_requests", ["target_branch"], name: "index_merge_requests_on_target_branch", using: :btree
   add_index "merge_requests", ["target_project_id", "iid"], name: "index_merge_requests_on_target_project_id_and_iid", unique: true, using: :btree
diff --git a/doc/api/deploy_keys.md b/doc/api/deploy_keys.md
index 273d5a56b6f..698fa22a438 100644
--- a/doc/api/deploy_keys.md
+++ b/doc/api/deploy_keys.md
@@ -19,15 +19,13 @@ Example response:
   {
     "id": 1,
     "title": "Public key",
-    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
-    "can_push": false,
+    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",    
     "created_at": "2013-10-02T10:12:29Z"
   },
   {
     "id": 3,
     "title": "Another Public key",
-    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
-    "can_push": true,
+    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",    
     "created_at": "2013-10-02T11:12:29Z"
   }
 ]
@@ -57,15 +55,15 @@ Example response:
     "id": 1,
     "title": "Public key",
     "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
-    "can_push": false,
-    "created_at": "2013-10-02T10:12:29Z"
+    "created_at": "2013-10-02T10:12:29Z",
+    "can_push": false
   },
   {
     "id": 3,
     "title": "Another Public key",
     "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
-    "can_push": false,
-    "created_at": "2013-10-02T11:12:29Z"
+    "created_at": "2013-10-02T11:12:29Z",
+    "can_push": false
   }
 ]
 ```
@@ -96,8 +94,8 @@ Example response:
   "id": 1,
   "title": "Public key",
   "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
-  "can_push": false,
-  "created_at": "2013-10-02T10:12:29Z"
+  "created_at": "2013-10-02T10:12:29Z",
+  "can_push": false
 }
 ```
 
@@ -135,6 +133,36 @@ Example response:
 }
 ```
 
+## Update deploy key
+
+Updates a deploy key for a project.
+
+```
+PUT /projects/:id/deploy_keys/:key_id
+```
+
+| Attribute  | Type | Required | Description |
+| ---------  | ---- | -------- | ----------- |
+| `id`       | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `title`    | string  | no | New deploy key's title |
+| `can_push` | boolean | no  | Can deploy key push to the project's repository |
+
+```bash
+curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" --header "Content-Type: application/json" --data '{"title": "New deploy key", "can_push": true}' "https://gitlab.example.com/api/v4/projects/5/deploy_keys/11"
+```
+
+Example response:
+
+```json
+{
+   "id": 11,
+   "title": "New deploy key",
+   "key": "ssh-rsa AAAA...",
+   "created_at": "2015-08-29T12:44:31.550Z",
+   "can_push": true
+}
+```
+
 ## Delete deploy key
 
 Removes a deploy key from the project. If the deploy key is used only for this project, it will be deleted from the system.
diff --git a/doc/api/deployments.md b/doc/api/deployments.md
index ab9e63e01d3..fd11894ea8f 100644
--- a/doc/api/deployments.md
+++ b/doc/api/deployments.md
@@ -11,6 +11,8 @@ GET /projects/:id/deployments
 | Attribute | Type    | Required | Description         |
 |-----------|---------|----------|---------------------|
 | `id`      | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
+| `order_by`| string  | no       | Return deployments ordered by `id` or `iid` or `created_at` or `ref` fields. Default is `id` |
+| `sort`    | string  | no       | Return deployments sorted in `asc` or `desc` order. Default is `asc` |
 
 ```bash
 curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/projects/1/deployments"
diff --git a/doc/api/milestones.md b/doc/api/milestones.md
index 84930f0bdc9..d35e940d7b1 100644
--- a/doc/api/milestones.md
+++ b/doc/api/milestones.md
@@ -93,6 +93,19 @@ Parameters:
 - `start_date` (optional) - The start date of the milestone
 - `state_event` (optional) - The state event of the milestone (close|activate)
 
+## Delete project milestone
+
+Only for user with developer access to the project.
+
+```
+DELETE /projects/:id/milestones/:milestone_id
+```
+
+Parameters:
+
+- `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user
+- `milestone_id` (required) - The ID of the project's milestone
+
 ## Get all issues assigned to a single milestone
 
 Gets all issues assigned to a single project milestone.
diff --git a/doc/api/users.md b/doc/api/users.md
index 478d747a50d..1da6fcf297d 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -415,6 +415,10 @@ GET /user
 }
 ```
 
+## List user projects
+
+Please refer to the [List of user projects ](projects.md#list-user-projects).
+
 ## List SSH keys
 
 Get a list of currently authenticated user's SSH keys.
diff --git a/doc/articles/index.md b/doc/articles/index.md
index 8385ef936c6..c1c3ff67328 100644
--- a/doc/articles/index.md
+++ b/doc/articles/index.md
@@ -1,93 +1,13 @@
-# Technical Articles
+# Technical articles list (deprecated)
 
-[Technical Articles](../development/writing_documentation.md#technical-articles) are
+[Technical articles](../development/writing_documentation.md#technical-articles) are
 topic-related documentation, written with an user-friendly approach and language, aiming
 to provide the community with guidance on specific processes to achieve certain objectives.
 
-They are written by members of the GitLab Team and by
-[Community Writers](https://about.gitlab.com/handbook/product/technical-writing/community-writers/).
+The list of technical articles was [deprecated](https://gitlab.com/gitlab-org/gitlab-ce/issues/41138) in favor of having them linked from their topic-related documentation:
 
-Part of the articles listed below link to the [GitLab Blog](https://about.gitlab.com/blog/),
-where they were originally published.
-
-## Build, test, and deploy with GitLab CI/CD
-
-Build, test, and deploy the software you develop with [GitLab CI/CD](../ci/README.md):
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| [Autoscaling GitLab Runners on AWS](runner_autoscale_aws/index.md) | Admin guide | 2017-11-24 |
-| [Making CI Easier with GitLab](https://about.gitlab.com/2017/07/13/making-ci-easier-with-gitlab/) | Concepts | 2017-07-13 |
-| [Dockerizing GitLab Review Apps](https://about.gitlab.com/2017/07/11/dockerizing-review-apps/) | Concepts | 2017-07-11 |
-| [Continuous Integration: From Jenkins to GitLab Using Docker](https://about.gitlab.com/2017/07/27/docker-my-precious/) | Concepts | 2017-07-27 |
-| [Continuous Delivery of a Spring Boot application with GitLab CI and Kubernetes](https://about.gitlab.com/2016/12/14/continuous-delivery-of-a-spring-boot-application-with-gitlab-ci-and-kubernetes/) | Tutorial | 2016-12-14 |
-| [Setting up GitLab CI for Android projects](https://about.gitlab.com/2016/11/30/setting-up-gitlab-ci-for-android-projects/) | Tutorial | 2016-11-30 |
-| [Automated Debian Package Build with GitLab CI](https://about.gitlab.com/2016/10/12/automated-debian-package-build-with-gitlab-ci/) | Tutorial | 2016-10-12 |
-| [Building an Elixir Release into a Docker image using GitLab CI](https://about.gitlab.com/2016/08/11/building-an-elixir-release-into-docker-image-using-gitlab-ci-part-1/) | Tutorial | 2016-08-11 |
-| [Continuous Delivery with GitLab and Convox](https://about.gitlab.com/2016/06/09/continuous-delivery-with-gitlab-and-convox/) | Technical overview | 2016-06-09 |
-| [GitLab Container Registry](https://about.gitlab.com/2016/05/23/gitlab-container-registry/) | Technical overview | 2016-05-23 |
-| [How to use GitLab CI and MacStadium to build your macOS or iOS projects](https://about.gitlab.com/2017/05/15/how-to-use-macstadium-and-gitlab-ci-to-build-your-macos-or-ios-projects/) | Technical overview | 2017-05-15 |
-| [Setting up GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/) | Tutorial | 2016-03-10 |
-
-## GitLab Pages
-
-Learn how to deploy a static website with [GitLab Pages](../user/project/pages/index.md#getting-started):
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| **Series: GitLab Pages from A to Z:** |
-| [- Part 1: Static sites and GitLab Pages domains](../user/project/pages/getting_started_part_one.md)| User guide | 2017-02-22 |
-| [- Part 2: Quick start guide - Setting up GitLab Pages](../user/project/pages/getting_started_part_two.md)| User guide | 2017-02-22 |
-| [- Part 3: Setting Up Custom Domains - DNS Records and SSL/TLS Certificates](../user/project/pages/getting_started_part_three.md)| User guide | 2017-02-22 |
-| [- Part 4: Creating and tweaking `.gitlab-ci.yml` for GitLab Pages](../user/project/pages/getting_started_part_four.md)| User guide | 2017-02-22 |
-| [Setting up GitLab Pages with CloudFlare Certificates](https://about.gitlab.com/2017/02/07/setting-up-gitlab-pages-with-cloudflare-certificates/) | Tutorial | 2017-02-07 |
-| [Building a new GitLab Docs site with Nanoc, GitLab CI, and GitLab Pages](https://about.gitlab.com/2016/12/07/building-a-new-gitlab-docs-site-with-nanoc-gitlab-ci-and-gitlab-pages/) | Tutorial | 2016-12-07 |
-| [Publish Code Coverage Report with GitLab Pages](https://about.gitlab.com/2016/11/03/publish-code-coverage-report-with-gitlab-pages/) | Tutorial | 2016-11-03 |
-| [GitLab CI: Deployment & Environments](https://about.gitlab.com/2016/08/26/ci-deployment-and-environments/) | Tutorial | 2016-08-26 |
-| [Posting to your GitLab Pages blog from iOS](https://about.gitlab.com/2016/08/19/posting-to-your-gitlab-pages-blog-from-ios/) | Tutorial | 2016-08-19 |
-| **Series: Static Site Generator:** |
-| [- Part 1: Dynamic vs Static Websites](https://about.gitlab.com/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/) | Tutorial | 2016-06-03 |
-| [- Part 2: Modern Static Site Generators](https://about.gitlab.com/2016/06/10/ssg-overview-gitlab-pages-part-2/) | Tutorial | 2016-06-10 |
-| [- Part 3: Build any SSG site with GitLab Pages](https://about.gitlab.com/2016/06/17/ssg-overview-gitlab-pages-part-3-examples-ci/) | Tutorial | 2016-06-17 |
-| [Securing your GitLab Pages with TLS and Let's Encrypt](https://about.gitlab.com/2016/04/11/tutorial-securing-your-gitlab-pages-with-tls-and-letsencrypt/) | Tutorial | 2016-04-11 |
-| [Hosting on GitLab.com with GitLab Pages](https://about.gitlab.com/2016/04/07/gitlab-pages-setup/) | Tutorial | 2016-04-07 |
-
-## Install and maintain GitLab
-
-[Admin](../README.md#administrator-documentation), [install](../install/README.md),
-upgrade, integrate, migrate to GitLab:
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| [Video Tutorial: Idea to Production on Google Container Engine (GKE)](https://about.gitlab.com/2017/01/23/video-tutorial-idea-to-production-on-google-container-engine-gke/) | Tutorial | 2017-01-23 |
-| [How to Setup a GitLab Instance on Microsoft Azure](https://about.gitlab.com/2016/07/13/how-to-setup-a-gitlab-instance-on-microsoft-azure/) | Tutorial | 2016-07-13 |
-| [Getting started with GitLab and DigitalOcean](https://about.gitlab.com/2016/04/27/getting-started-with-gitlab-and-digitalocean/) | Tutorial | 2016-04-27 |
-
-## Software development
-
-Explore the best of GitLab's software development's capabilities:
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| [Making CI Easier with GitLab](https://about.gitlab.com/2017/07/13/making-ci-easier-with-gitlab/) | Concepts | 2017-07-13 |
-| [From 2/3 of the Self-Hosted Git Market, to the Next-Generation CI System, to Auto DevOps](https://about.gitlab.com/2017/06/29/whats-next-for-gitlab-ci/)| Concepts | 2017-06-29 |
-| [Fast and Natural Continuous Integration with GitLab CI](https://about.gitlab.com/2017/05/22/fast-and-natural-continuous-integration-with-gitlab-ci/) | Concepts | 2017-05-22 |
-| [Demo: Auto-Deploy from GitLab to an OpenShift Container Cluster](https://about.gitlab.com/2017/05/16/devops-containers-gitlab-openshift/) | Technical overview | 2017-05-16 |
-| [Demo: GitLab Service Desk](https://about.gitlab.com/2017/05/09/demo-service-desk/) | Feature highlight | 2017-05-09 |
-| [Demo: Mapping Work Versus Time, With Burndown Charts](https://about.gitlab.com/2017/04/25/mapping-work-to-do-versus-time-with-burndown-charts/) | Feature highlight | 2017-04-25 |
-| [Demo: Cloud Native Development with GitLab](https://about.gitlab.com/2017/04/18/cloud-native-demo/) | Feature highlight | 2017-04-18 |
-| [Demo:  Mastering Code Review With GitLab](https://about.gitlab.com/2017/03/17/demo-mastering-code-review-with-gitlab/) | Feature highlight | 2017-03-17 |
-| [In 13 minutes from Kubernetes to a complete application development tool](https://about.gitlab.com/2016/11/14/idea-to-production/) | Technical overview | 2016-11-14 |
-| [GitLab Workflow, an Overview](https://about.gitlab.com/2016/10/25/gitlab-workflow-an-overview/) | Technical overview | 2016-10-25 |
-| [Trends in Version Control Land: Microservices](https://about.gitlab.com/2016/08/16/trends-in-version-control-land-microservices/) | Concepts | 2016-08-16 |
-| [Continuous Integration, Delivery, and Deployment with GitLab](https://about.gitlab.com/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/) | Concepts | 2016-08-05 |
-| [Trends in Version Control Land: Innersourcing](https://about.gitlab.com/2016/07/07/trends-version-control-innersourcing/) | Concepts | 2016-07-07 |
-| [Tutorial: It's all connected in GitLab](https://about.gitlab.com/2016/03/08/gitlab-tutorial-its-all-connected/) | Technical overview | 2016-03-08 |
-
-## Technologies
-
-| Article title | Category | Publishing date |
-| :------------ | :------: | --------------: |
-| [Why we are not leaving the cloud](https://about.gitlab.com/2017/03/02/why-we-are-not-leaving-the-cloud/) | Concepts | 2017-03-02 |
-| [Why We Chose Vue.js](https://about.gitlab.com/2016/10/20/why-we-chose-vue/) | Concepts | 2016-10-20 |
-| [Markdown Kramdown Tips & Tricks](https://about.gitlab.com/2016/07/19/markdown-kramdown-tips-and-tricks/) | Technical overview | 2016-07-19 |
+- [Git](../topics/git/index.md)
+- [GitLab administrator](../administration/index.md)
+- [GitLab CI/CD](../ci/README.md)
+- [GitLab Pages](../user/project/pages/index.md)
+- [Install GitLab](../install/README.md)
diff --git a/doc/articles/numerous_undo_possibilities_in_git/index.md b/doc/articles/numerous_undo_possibilities_in_git/index.md
index 895bbccec08..3f46ee9a5e6 100644
--- a/doc/articles/numerous_undo_possibilities_in_git/index.md
+++ b/doc/articles/numerous_undo_possibilities_in_git/index.md
@@ -1,497 +1 @@
-# Numerous undo possibilities in Git
-
-> **Article [Type](../../development/writing_documentation.md#types-of-technical-articles):**  tutorial ||
-> **Level:** intermediary ||
-> **Author:** [Crt Mori](https://gitlab.com/Letme)  ||
-> **Publication date:** 2017-08-17
-
-## Introduction
-
-In this tutorial, we will show you different ways of undoing your work in Git, for which
-we will assume you have a basic working knowledge of. Check GitLab's
-[Git documentation](../../topics/git/index.md#git-documentation) for reference.
-Also, we will only provide some general info of the commands, which is enough
-to get you started for the easy cases/examples, but for anything more advanced please refer to the [Git book](https://git-scm.com/book/en/v2).
-
-We will explain a few different techniques to undo your changes based on the stage
-of the change in your current development. Also, keep in mind that [nothing in
-Git is really deleted.][git-autoclean-ref]
-This means that until Git automatically cleans detached commits (which cannot be
-accessed by branch or tag) it will be possible to view them with `git reflog` command
-and access them with direct commit-id. Read more about _[redoing the undo](#redoing-the-undo)_ on the section below.
-
-This guide is organized depending on the [stage of development][git-basics]
-where you want to undo your changes from and if they were shared with other developers
-or not. Because Git is tracking changes a created or edited file is in the unstaged state
-(if created it is untracked by Git). After you add it to a repository (`git add`) you put
-a file into the **staged** state, which is then committed (`git commit`) to your
-local repository. After that, file can be shared with other developers (`git push`).
-Here's what we'll cover in this tutorial:
-
- - [Undo local changes](#undo-local-changes) which were not pushed to remote repository
-
-    - Before you commit, in both unstaged and staged state
-    - After you committed
-
- - Undo changes after they are pushed to remote repository
-
-    - [Without history modification](#undo-remote-changes-without-changing-history) (preferred way)
-    - [With history modification](#undo-remote-changes-with-modifying-history) (requires
-      coordination with team and force pushes).
-
-      - [Usecases when modifying history is generally acceptable](#where-modifying-history-is-generally-acceptable)
-      - [How to modify history](#how-modifying-history-is-done)
-      - [How to remove sensitive information from repository](#deleting-sensitive-information-from-commits)
-
-
-### Branching strategy
-
-[Git][git-official] is a de-centralized version control system, which means that beside regular
-versioning of the whole repository, it has possibilities to exchange changes
-with other repositories. To avoid chaos with
-[multiple sources of truth][git-distributed], various
-development workflows have to be followed, and it depends on your internal
-workflow how certain changes or commits can be undone or changed.
-[GitLab Flow][gitlab-flow] provides a good
-balance between developers clashing with each other while
-developing the same feature and cooperating seamlessly, but it does not enable
-joined development of the same feature by multiple developers by default.
-When multiple developers develop the same feature on the same branch, clashing
-with every synchronization is unavoidable, but a proper or chosen Git Workflow will
-prevent that anything is lost or out of sync when feature is complete. You can also
-read through this blog post on [Git Tips & Tricks][gitlab-git-tips-n-tricks]
-to learn how to easily **do** things in Git.
-
-
-## Undo local changes
-
-Until you push your changes to any remote repository, they will only affect you.
-That broadens your options on how to handle undoing them. Still, local changes
-can be on various stages and each stage has a different approach on how to tackle them.
-
-
-### Unstaged local changes (before you commit)
-
-When a change is made, but it is not added to the staged tree, Git itself
-proposes a solution to discard changes to certain file.
-
-Suppose you edited a file to change the content using your favorite editor:
-
-```shell
-vim <file>
-```
-
-Since you did not `git add <file>` to staging, it should be under unstaged files (or
-untracked if file was created). You can confirm that with:
-
-```shell
-$ git status
-On branch master
-Your branch is up-to-date with 'origin/master'.
-Changes not staged for commit:
-  (use "git add <file>..." to update what will be committed)
-  (use "git checkout -- <file>..." to discard changes in working directory)
-
-    modified:   <file>
-no changes added to commit (use "git add" and/or "git commit -a")
-```
-
-At this point there are 3 options to undo the local changes you have:
-
- - Discard all local changes, but save them for possible re-use [later](#quickly-save-local-changes)
-
-     ```shell
-     git stash
-     ```
-
- - Discarding local changes (permanently) to a file
-
-     ```shell
-     git checkout -- <file>
-     ```
-
- - Discard all local changes to all files permanently
-
-     ```shell
-     git reset --hard
-     ```
-
-
-Before executing `git reset --hard`, keep in mind that there is also a way to
-just temporary store the changes without committing them using `git stash`.
-This command resets the changes to all files, but it also saves them in case
-you would like to apply them at some later time. You can read more about it in
-[section below](#quickly-save-local-changes).
-
-### Quickly save local changes
-
-You are working on a feature when a boss drops by with an urgent task. Since your
-feature is not complete, but you need to swap to another branch, you can use
-`git stash` to save what you had done, swap to another branch, commit, push,
-test, then get back to previous feature branch, do `git stash pop` and continue
-where you left.
-
-The example above shows that discarding all changes is not always a preferred option,
-but Git provides a way to save them for later, while resetting the repository to state without
-them. This is achieved by Git stashing command `git stash`, which in fact saves your
-current work and runs `git reset --hard`, but it also has various
-additional options like:
-
- - `git stash save`, which enables including temporary commit message, which will help you identify changes, among with other options
- - `git stash list`, which lists all previously stashed commits (yes, there can be more) that were not `pop`ed
- - `git stash pop`, which redoes previously stashed changes and removes them from stashed list
- - `git stash apply`, which redoes previously stashed changes, but keeps them on stashed list
-
-### Staged local changes (before you commit)
-
-Let's say you have added some files to staging, but you want to remove them from the
-current commit, yet you want to retain those changes - just move them outside
-of the staging tree. You also have an option to discard all changes with
-`git reset --hard` or think about `git stash` [as described earlier.](#quickly-save-local-changes)
-
-Lets start the example by editing a file, with your favorite editor, to change the
-content and add it to staging
-
-```
-vim <file>
-git add <file>
-```
-
-The file is now added to staging as confirmed by `git status` command:
-
-```shell
-$ git status
-On branch master
-Your branch is up-to-date with 'origin/master'.
-Changes to be committed:
-  (use "git reset HEAD <file>..." to unstage)
-
-	new file:   <file>
-```
-
-Now you have 4 options to undo your changes:
-
- - Unstage the file to current commit (HEAD)
-
-     ```shell
-     git reset HEAD <file>
-     ```
-
- - Unstage everything - retain changes
-
-     ```shell
-     git reset
-     ```
-
- - Discard all local changes, but save them for [later](#quickly-save-local-changes)
-
-     ```shell
-     git stash
-     ```
-
- - Discard everything permanently
-
-     ```shell
-     git reset --hard
-     ```
-
-## Committed local changes
-
-Once you commit, your changes are recorded by the version control system.
-Because you haven't pushed to your remote repository yet, your changes are
-still not public (or shared with other developers). At this point, undoing
-things is a lot easier, we have quite some workaround options. Once you push
-your code, you'll have less options to troubleshoot your work.
-
-### Without modifying history
-
-Through the development process some of the previously committed changes do not
-fit anymore in the end solution, or are source of the bugs. Once you find the
-commit which triggered bug, or once you have a faulty commit, you can simply
-revert it with `git revert commit-id`. This command inverts (swaps) the additions and
-deletions in that commit, so that it does not modify history. Retaining history
-can be helpful in future to notice that some changes have been tried
-unsuccessfully in the past.
-
-In our example we will assume there are commits `A`,`B`,`C`,`D`,`E` committed in this order: `A-B-C-D-E`,
-and `B` is the commit you want to undo. There are many different ways to identify commit
-`B` as bad, one of them is to pass a range to `git bisect` command. The provided range includes
-last known good commit (we assume `A`) and first known bad commit (where bug was detected - we will assume `E`).
-
-```shell
-git bisect A..E
-```
-
-Bisect will provide us with commit-id of the middle commit to test, and then guide us
-through simple bisection process. You can read more about it [in official Git Tools][git-debug]
-In our example we will end up with commit `B`, that introduced bug/error. We have
-4 options on how to remove it (or part of it) from our repository.
-
-- Undo (swap additions and deletions) changes introduced by commit `B`.
-
-   ```shell
-   git revert commit-B-id
-   ```
-
-- Undo changes on a single file or directory from commit `B`, but retain them in the staged state
-
-   ```shell
-   git checkout commit-B-id <file>
-   ```
-
-- Undo changes on a single file or directory from commit `B`, but retain them in the unstaged state
-
-   ```shell
-   git reset  commit-B-id <file>
-   ```
-
- - There is one command we also must not forget: **creating a new branch**
-   from the point where changes are not applicable or where the development has hit a
-   dead end. For example you have done commits `A-B-C-D` on your feature-branch
-   and then you figure `C` and `D` are wrong. At this point you either reset to `B`
-   and do commit `F` (which will cause problems with pushing and if forced pushed also with other developers)
-   since branch now looks `A-B-F`, which clashes with what other developers have locally (you will
-   [change history](#with-history-modification)), or you simply checkout commit `B` create
-   a new branch and do commit `F`. In the last case, everyone else can still do their work while you
-   have your new way to get it right and merge it back in later. Alternatively, with GitLab,
-   you can [cherry-pick](../../user/project/merge_requests/cherry_pick_changes.md#cherry-picking-a-commit)
-   that commit into a new merge request.
-
-      ![Create a new branch to avoid clashing](img/branching.png)
-
-      ```shell
-      git checkout commit-B-id
-      git checkout -b new-path-of-feature
-      # Create <commit F>
-      git commit -a
-      ```
-
-### With history modification
-
-There is one command for history modification and that is `git rebase`. Command
-provides interactive mode (`-i` flag) which enables you to:
-
- - **reword** commit messages (there is also `git commit --amend` for editing
-   last commit message)
- - **edit** the commit content (changes introduced by commit) and message
- - **squash** multiple commits into a single one, and have a custom or aggregated
-   commit message
- - **drop** commits - simply delete them
- - and few more options
-
-Let us check few examples. Again there are commits `A-B-C-D` where you want to
-delete commit `B`.
-
-- Rebase the range from current commit D to A:
-
-   ```shell
-   git rebase -i A
-   ```
-
-- Command opens your favorite editor where you write `drop` in front of commit
- `B`, but you leave default `pick` with all other commits. Save and exit the
- editor to perform a rebase. Remember: if you want to cancel delete whole
- file content before saving and exiting the editor
-
-In case you want to modify something introduced in commit `B`.
-
-- Rebase the range from current commit D to A:
-
-    ```shell
-    git rebase -i A
-    ```
-
-- Command opens your favorite text editor where you write `edit` in front of commit
- `B`, but leave default `pick` with all other commits. Save and exit the editor to
- perform a rebase
-
-- Now do your edits and commit changes:
-
-    ```shell
-    git commit -a
-    ```
-
-You can find some more examples in [below section where we explain how to modify
-history](#how-modifying-history-is-done)
-
-
-### Redoing the Undo
-
-Sometimes you realize that the changes you undid were useful and you want them
-back. Well because of first paragraph you are in luck. Command `git reflog`
-enables you to *recall* detached local commits by referencing or applying them
-via commit-id. Although, do not expect to see really old commits in reflog, because
-Git regularly [cleans the commits which are *unreachable* by branches or tags][git-autoclean-ref].
-
-To view repository history and to track older commits you can use below command:
-
-```shell
-$ git reflog show
-
-# Example output:
-b673187 HEAD@{4}: merge 6e43d5987921bde189640cc1e37661f7f75c9c0b: Merge made by the 'recursive' strategy.
-eb37e74 HEAD@{5}: rebase -i (finish): returning to refs/heads/master
-eb37e74 HEAD@{6}: rebase -i (pick): Commit C
-97436c6 HEAD@{7}: rebase -i (start): checkout 97436c6eec6396c63856c19b6a96372705b08b1b
-...
-88f1867 HEAD@{12}: commit: Commit D
-97436c6 HEAD@{13}: checkout: moving from 97436c6eec6396c63856c19b6a96372705b08b1b to test
-97436c6 HEAD@{14}: checkout: moving from master to 97436c6
-05cc326 HEAD@{15}: commit: Commit C
-6e43d59 HEAD@{16}: commit: Commit B
-```
-
-Output of command shows repository history. In first column there is commit-id,
-in following column, number next to `HEAD` indicates how many commits ago something
-was made, after that indicator of action that was made (commit, rebase, merge, ...)
-and then on end description of that action.
-
-## Undo remote changes without changing history
-
-This topic is roughly same as modifying committed local changes without modifying
-history. **It should be the preferred way of undoing changes on any remote repository
-or public branch.** Keep in mind that branching is the best solution when you want
-to retain the history of faulty development, yet start anew from certain point. Branching
-enables you to include the existing changes in new development (by merging) and
-it also provides a clear timeline and development structure.
-
-![Use revert to keep branch flowing](img/revert.png)
-
-If you want to revert changes introduced in certain `commit-id` you can simply
-revert that `commit-id` (swap additions and deletions) in newly created commit:
-You can do this with
-
-```shell
-git revert commit-id
-```
-
-or creating a new branch:
-
-```shell
-git checkout commit-id
-git checkout -b new-path-of-feature
-```
-
-## Undo remote changes with modifying history
-
-This is useful when you want to *hide* certain things - like secret keys,
-passwords, SSH keys, etc. It is and should not be used to hide mistakes, as
-it will make it harder to debug in case there are some other bugs. The main
-reason for this is that you loose the real development progress. **Also keep in
-mind that, even with modified history, commits are just detached and can still be
-accessed through commit-id** - at least until all repositories perform
-the cleanup of detached commits (happens automatically).
-
-![Modifying history causes problems on remote branch](img/rebase_reset.png)
-
-### Where modifying history is generally acceptable
-
-Modified history breaks the development chain of other developers, as changed
-history does not have matching commits'ids. For that reason it should not
-be used on any public branch or on branch that *might* be used by other
-developers. When contributing to big open source repositories (e.g. [GitLab CE][gitlab-ce]),
-it is acceptable to *squash* commits into a single one, to present
-a nicer history of your contribution.
-Keep in mind that this also removes the comments attached to certain commits
-in merge requests, so if you need to retain traceability in GitLab, then
-modifying history is not acceptable.
-A feature-branch of a merge request is a public branch and might be used by 
-other developers, but project process and rules might allow or require 
-you to use `git rebase` (command that changes history) to reduce number of
-displayed commits on target branch after reviews are done (for example
-GitLab). There is a `git merge --squash` command which does exactly that
-(squashes commits on feature-branch to a single commit on target branch
-at merge).
-
->**Note:**
-Never modify the commit history of `master` or shared branch
-
-### How modifying history is done
-
-After you know what you want to modify (how far in history or how which range of
-old commits), use `git rebase -i commit-id`. This command will then display all the commits from
-current version to chosen commit-id and allow modification, squashing, deletion
-of that commits.
-
-```shell
-$ git rebase -i commit1-id..commit3-id
-pick <commit1-id> <commit1-commit-message>
-pick <commit2-id> <commit2-commit-message>
-pick <commit3-id> <commit3-commit-message>
-
-# Rebase commit1-id..commit3-id onto <commit4-id> (3 command(s))
-#
-# Commands:
-# p, pick = use commit
-# r, reword = use commit, but edit the commit message
-# e, edit = use commit, but stop for amending
-# s, squash = use commit, but meld into previous commit
-# f, fixup = like "squash", but discard this commit's log message
-# x, exec = run command (the rest of the line) using shell
-# d, drop = remove commit
-#
-# These lines can be re-ordered; they are executed from top to bottom.
-#
-# If you remove a line here THAT COMMIT WILL BE LOST.
-#
-# However, if you remove everything, the rebase will be aborted.
-#
-# Note that empty commits are commented out
-```
-
->**Note:**
-It is important to notice that comment from the output clearly states that, if
-you decide to abort, then do not just close your editor (as that will in-fact
-modify history), but remove all uncommented lines and save.
-
-That is one of the reasons why `git rebase` should be used carefully on
-shared and remote branches. But don't worry, there will be nothing broken until
-you push back to the remote repository (so you can freely explore the
-different outcomes locally).
-
-```shell
-# Modify history from commit-id to HEAD (current commit)
-git rebase -i commit-id
-```
-
-### Deleting sensitive information from commits
-
-Git also enables you to delete sensitive information from your past commits and
-it does modify history in the progress. That is why we have included it in this
-section and not as a standalone topic. To do so, you should run the
-`git filter-branch`, which enables you to rewrite history with
-[certain filters][git-filters-manual].
-This command uses rebase to modify history and if you want to remove certain
-file from history altogether use:
-
-```shell
-git filter-branch --tree-filter 'rm filename' HEAD
-```
-
-Since `git filter-branch` command might be slow on big repositories, there are
-tools that can use some of Git specifics to enable faster execution of common
-tasks (which is exactly what removing sensitive information file is about).
-An alternative is [BFG Repo-cleaner][bfg-repo-cleaner]. Keep in mind that these
-tools are faster because they do not provide a same fully feature set as `git filter-branch`
-does, but focus on specific usecases.
-
-## Conclusion
-
-There are various options of undoing your work with any version control system, but
-because of de-centralized nature of Git, these options are multiplied (or limited)
-depending on the stage of your process. Git also enables rewriting history, but that
-should be avoided as it might cause problems when multiple developers are
-contributing to the same codebase.
-
-<!-- Identifiers, in alphabetical order -->
-
-[bfg-repo-cleaner]: https://rtyley.github.io/bfg-repo-cleaner/
-[git-autoclean-ref]: https://git-scm.com/book/en/v2/Git-Internals-Maintenance-and-Data-Recovery
-[git-basics]: https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository
-[git-debug]: https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Git
-[git-distributed]: https://git-scm.com/about/distributed
-[git-filters-manual]: https://git-scm.com/docs/git-filter-branch#_options
-[git-official]: https://git-scm.com/
-[gitlab-ce]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#contribution-acceptance-criteria
-[gitlab-flow]: https://about.gitlab.com/2014/09/29/gitlab-flow/
-[gitlab-git-tips-n-tricks]: https://about.gitlab.com/2016/12/08/git-tips-and-tricks/
+This document was moved to [another location](../../topics/git/numerous_undo_possibilities_in_git/index.md).
diff --git a/doc/articles/runner_autoscale_aws/index.md b/doc/articles/runner_autoscale_aws/index.md
index 9d4c4a57ce5..e2667aebc5f 100644
--- a/doc/articles/runner_autoscale_aws/index.md
+++ b/doc/articles/runner_autoscale_aws/index.md
@@ -1,410 +1 @@
----
-last_updated: 2017-11-24
----
-
-> **[Article Type](../../development/writing_documentation.html#types-of-technical-articles):** Admin guide ||
-> **Level:** intermediary ||
-> **Author:** [Achilleas Pipinellis](https://gitlab.com/axil) ||
-> **Publication date:** 2017/11/24
-
-# Autoscaling GitLab Runner on AWS
-
-One of the biggest advantages of GitLab Runner is its ability to automatically
-spin up and down VMs to make sure your builds get processed immediately. It's a
-great feature, and if used correctly, it can be extremely useful in situations
-where you don't use your Runners 24/7 and want to have a cost-effective and
-scalable solution.
-
-## Introduction
-
-In this tutorial, we'll explore how to properly configure a GitLab Runner in
-AWS that will serve as the bastion where it will spawn new Docker machines on
-demand.
-
-In addition, we'll make use of [Amazon's EC2 Spot instances][spot] which will
-greatly reduce the costs of the Runner instances while still using quite
-powerful autoscaling machines.
-
-## Prerequisites
-
-NOTE: **Note:**
-A familiarity with Amazon Web Services (AWS) is required as this is where most
-of the configuration will take place.
-
-Your GitLab instance is going to need to talk to the Runners over the network,
-and that is something you need think about when configuring any AWS security
-groups or when setting up your DNS configuration.
-
-For example, you can keep the EC2 resources segmented away from public traffic
-in a different VPC to better strengthen your network security. Your environment
-is likely different, so consider what works best for your situation.
-
-### AWS security groups
-
-Docker Machine will attempt to use a
-[default security group](https://docs.docker.com/machine/drivers/aws/#security-group)
-with rules for port `2376`, which is required for communication with the Docker
-daemon. Instead of relying on Docker, you can create a security group with the
-rules you need and provide that in the Runner options as we will
-[see below](#the-runners-machine-section). This way, you can customize it to your
-liking ahead of time based on your networking environment.
-
-### AWS credentials
-
-You'll need an [AWS Access Key](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
-tied to a user with permission to scale (EC2) and update the cache (via S3).
-Create a new user with [policies](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html)
-for EC2 (AmazonEC2FullAccess) and S3 (AmazonS3FullAccess). To be more secure,
-you can disable console login for that user. Keep the tab open or copy paste the
-security credentials in an editor as we'll use them later during the
-[Runner configuration](#the-runners-machine-section).
-
-## Prepare the bastion instance
-
-The first step is to install GitLab Runner in an EC2 instance that will serve
-as the bastion that spawns new machines. This doesn't have to be a powerful
-machine since it will not run any jobs itself, a `t2.micro` instance will do.
-This machine will be a dedicated host since we need it always up and running,
-thus it will be the only standard cost.
-
-NOTE: **Note:**
-For the bastion instance, choose a distribution that both Docker and GitLab
-Runner support, for example either Ubuntu, Debian, CentOS or RHEL will work fine.
-
-Install the prerequisites:
-
-1. Log in to your server
-1. [Install GitLab Runner from the official GitLab repository](https://docs.gitlab.com/runner/install/linux-repository.html)
-1. [Install Docker](https://docs.docker.com/engine/installation/#server)
-1. [Install Docker Machine](https://docs.docker.com/machine/install-machine/)
-
-Now that the Runner is installed, it's time to register it.
-
-## Registering the GitLab Runner
-
-Before configuring the GitLab Runner, you need to first register it, so that
-it connects with your GitLab instance:
-
-1. [Obtain a Runner token](../../ci/runners/README.md)
-1. [Register the Runner](https://docs.gitlab.com/runner/register/index.html#gnu-linux)
-1. When asked the executor type, enter `docker+machine`
-
-You can now move on to the most important part, configuring the GitLab Runner.
-
-TIP: **Tip:**
-If you want every user in your instance to be able to use the autoscaled Runners,
-register the Runner as a shared one.
-
-## Configuring the GitLab Runner
-
-Now that the Runner is registered, you need to edit its configuration file and
-add the required options for the AWS machine driver.
-
-Let's first break it down to pieces.
-
-### The global section
-
-In the global section, you can define the limit of the jobs that can be run
-concurrently across all Runners (`concurrent`). This heavily depends on your
-needs, like how many users your Runners will accommodate, how much time your
-builds take, etc. You can start with something low like `10`, and increase or
-decrease its value going forward.
-
-The `check_interval` option defines how often the Runner should check GitLab
-for new jobs, in seconds.
-
-Example:
-
-```toml
-concurrent = 10
-check_interval = 0
-```
-
-[Read more](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section)
-about all the options you can use.
-
-### The `runners` section
-
-From the `[[runners]]` section, the most important part is the `executor` which
-must be set to `docker+machine`. Most of those settings are taken care of when
-you register the Runner for the first time.
-
-`limit` sets the maximum number of machines (running and idle) that this Runner
-will spawn. For more info check the [relationship between `limit`, `concurrent`
-and `IdleCount`](https://docs.gitlab.com/runner/configuration/autoscale.html#how-concurrent-limit-and-idlecount-generate-the-upper-limit-of-running-machines).
-
-Example:
-
-```toml
-[[runners]]
-  name = "gitlab-aws-autoscaler"
-  url = "<URL of your GitLab instance>"
-  token = "<Runner's token>"
-  executor = "docker+machine"
-  limit = 20
-```
-
-[Read more](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section)
-about all the options you can use under `[[runners]]`.
-
-### The `runners.docker` section
-
-In the `[runners.docker]` section you can define the default Docker image to
-be used by the child Runners if it's not defined in [`.gitlab-ci.yml`](../../ci/yaml/README.md).
-By using `privileged = true`, all Runners will be able to run
-[Docker in Docker](../../ci/docker/using_docker_build.md#use-docker-in-docker-executor)
-which is useful if you plan to build your own Docker images via GitLab CI/CD.
-
-Next, we use `disable_cache = true` to disable the Docker executor's inner
-cache mechanism since we will use the distributed cache mode as described
-in the following section.
-
-Example:
-
-```toml
-  [runners.docker]
-    image = "alpine"
-    privileged = true
-    disable_cache = true
-```
-
-[Read more](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-docker-section)
-about all the options you can use under `[runners.docker]`.
-
-### The `runners.cache` section
-
-To speed up your jobs, GitLab Runner provides a cache mechanism where selected
-directories and/or files are saved and shared between subsequent jobs.
-While not required for this setup, it is recommended to use the distributed cache
-mechanism that GitLab Runner provides. Since new instances will be created on
-demand, it is essential to have a common place where the cache is stored.
-
-In the following example, we use Amazon S3:
-
-```toml
-  [runners.cache]
-    Type = "s3"
-    ServerAddress = "s3.amazonaws.com"
-    AccessKey = "<your AWS Access Key ID>"
-    SecretKey = "<your AWS Secret Access Key>"
-    BucketName = "<the bucket where your cache should be kept>"
-    BucketLocation = "us-east-1"
-    Shared = true
-```
-
-Here's some more info to further explore the cache mechanism:
-
-- [Reference for `runners.cache`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-cache-section)
-- [Deploying and using a cache server for GitLab Runner](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
-- [How cache works](../../ci/yaml/README.md#cache)
-
-### The `runners.machine` section
-
-This is the most important part of the configuration and it's the one that
-tells GitLab Runner how and when to spawn new or remove old Docker Machine
-instances.
-
-We will focus on the AWS machine options, for the rest of the settings read
-about the:
-
-- [Autoscaling algorithm and the parameters it's based on](https://docs.gitlab.com/runner/configuration/autoscale.html#autoscaling-algorithm-and-parameters) - depends on the needs of your organization
-- [Off peak time configuration](https://docs.gitlab.com/runner/configuration/autoscale.html#off-peak-time-mode-configuration) - useful when there are regular time periods in your organization when no work is done, for example weekends
-
-Here's an example of the `runners.machine` section:
-
-```toml
-  [runners.machine]
-    IdleCount = 1
-    IdleTime = 1800
-    MaxBuilds = 10
-    OffPeakPeriods = [
-      "* * 0-9,18-23 * * mon-fri *",
-      "* * * * * sat,sun *"
-    ]
-    OffPeakIdleCount = 0
-    OffPeakIdleTime = 1200
-    MachineDriver = "amazonec2"
-    MachineName = "gitlab-docker-machine-%s"
-    MachineOptions = [
-      "amazonec2-access-key=XXXX",
-      "amazonec2-secret-key=XXXX",
-      "amazonec2-region=us-central-1",
-      "amazonec2-vpc-id=vpc-xxxxx",
-      "amazonec2-subnet-id=subnet-xxxxx",
-      "amazonec2-use-private-address=true",
-      "amazonec2-tags=runner-manager-name,gitlab-aws-autoscaler,gitlab,true,gitlab-runner-autoscale,true",
-      "amazonec2-security-group=docker-machine-scaler",
-      "amazonec2-instance-type=m4.2xlarge",
-    ]
-```
-
-The Docker Machine driver is set to `amazonec2` and the machine name has a
-standard prefix followed by `%s` (required) that is replaced by the ID of the
-child Runner: `gitlab-docker-machine-%s`.
-
-Now, depending on your AWS infrastructure, there are many options you can set up
-under `MachineOptions`. Below you can see the most common ones.
-
-| Machine option | Description |
-| -------------- | ----------- |
-| `amazonec2-access-key=XXXX` | The AWS access key of the user that has permissions to create EC2 instances, see [AWS credentials](#aws-credentials). |
-| `amazonec2-secret-key=XXXX` | The AWS secret key of the user that has permissions to create EC2 instances, see [AWS credentials](#aws-credentials). |
-| `amazonec2-region=eu-central-1` | The region to use when launching the instance. You can omit this entirely and the default `us-east-1` will be used. |
-| `amazonec2-vpc-id=vpc-xxxxx` | Your [VPC ID](https://docs.docker.com/machine/drivers/aws/#vpc-id) to launch the instance in. |
-| `amazonec2-subnet-id=subnet-xxxx` | The AWS VPC subnet ID. |
-| `amazonec2-use-private-address=true` | Use the private IP address of Docker Machines, but still create a public IP address. Useful to keep the traffic internal and avoid extra costs.|
-| `amazonec2-tags=runner-manager-name,gitlab-aws-autoscaler,gitlab,true,gitlab-runner-autoscale,true` | AWS extra tag key-value pairs, useful to identify the instances on the AWS console. The "Name" tag is set to the machine name by default. We set the "runner-manager-name" to match the Runner name set in `[[runners]]`, so that we can filter all the EC2 instances created by a specific manager setup. Read more about [using tags in AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html). |
-| `amazonec2-security-group=docker-machine-scaler` | AWS VPC security group name, see [AWS security groups](#aws-security-groups). |
-| `amazonec2-instance-type=m4.2xlarge` | The instance type that the child Runners will run on. |
-
-TIP: **Tip:**
-Under `MachineOptions` you can add anything that the [AWS Docker Machine driver
-supports](https://docs.docker.com/machine/drivers/aws/#options). You are highly
-encouraged to read Docker's docs as your infrastructure setup may warrant
-different options to be applied.
-
-NOTE: **Note:**
-The child instances will use by default Ubuntu 16.04 unless you choose a
-different AMI ID by setting `amazonec2-ami`.
-
-NOTE: **Note:**
-If you specify `amazonec2-private-address-only=true` as one of the machine
-options, your EC2 instance won't get assigned a public IP. This is ok if your
-VPC is configured correctly with an Internet Gateway (IGW) and routing is fine,
-but it’s something to consider if you've got a more complex configuration. Read
-more in [Docker docs about VPC connectivity](https://docs.docker.com/machine/drivers/aws/#vpc-connectivity).
-
-[Read more](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-machine-section)
-about all the options you can use under `[runners.machine]`.
-
-### Getting it all together
-
-Here's the full example of `/etc/gitlab-runner/config.toml`:
-
-```toml
-concurrent = 10
-check_interval = 0
-
-[[runners]]
-  name = "gitlab-aws-autoscaler"
-  url = "<URL of your GitLab instance>"
-  token = "<Runner's token>"
-  executor = "docker+machine"
-  limit = 20
-  [runners.docker]
-    image = "alpine"
-    privileged = true
-    disable_cache = true
-  [runners.cache]
-    Type = "s3"
-    ServerAddress = "s3.amazonaws.com"
-    AccessKey = "<your AWS Access Key ID>"
-    SecretKey = "<your AWS Secret Access Key>"
-    BucketName = "<the bucket where your cache should be kept>"
-    BucketLocation = "us-east-1"
-    Shared = true
-  [runners.machine]
-    IdleCount = 1
-    IdleTime = 1800
-    MaxBuilds = 100
-    OffPeakPeriods = [
-      "* * 0-9,18-23 * * mon-fri *",
-      "* * * * * sat,sun *"
-    ]
-    OffPeakIdleCount = 0
-    OffPeakIdleTime = 1200
-    MachineDriver = "amazonec2"
-    MachineName = "gitlab-docker-machine-%s"
-    MachineOptions = [
-      "amazonec2-access-key=XXXX",
-      "amazonec2-secret-key=XXXX",
-      "amazonec2-region=us-central-1",
-      "amazonec2-vpc-id=vpc-xxxxx",
-      "amazonec2-subnet-id=subnet-xxxxx",
-      "amazonec2-use-private-address=true",
-      "amazonec2-tags=runner-manager-name,gitlab-aws-autoscaler,gitlab,true,gitlab-runner-autoscale,true",
-      "amazonec2-security-group=docker-machine-scaler",
-      "amazonec2-instance-type=m4.2xlarge",
-    ]
-```
-
-## Cutting down costs with Amazon EC2 Spot instances
-
-As [described by][spot] Amazon:
-
->
-Amazon EC2 Spot instances allow you to bid on spare Amazon EC2 computing capacity.
-Since Spot instances are often available at a discount compared to On-Demand
-pricing, you can significantly reduce the cost of running your applications,
-grow your application’s compute capacity and throughput for the same budget,
-and enable new types of cloud computing applications.
-
-In addition to the [`runners.machine`](#the-runners-machine-section) options
-you picked above, in `/etc/gitlab-runner/config.toml` under the `MachineOptions`
-section, add the following:
-
-```toml
-    MachineOptions = [
-      "amazonec2-request-spot-instance=true",
-      "amazonec2-spot-price=0.03",
-      "amazonec2-block-duration-minutes=60"
-    ]
-```
-
-With this configuration, Docker Machines are created on Spot instances with a
-maximum bid price of $0.03 per hour and the duration of the Spot instance is
-capped at 60 minutes. The `0.03` number mentioned above is just an example, so
-be sure to check on the current pricing based on the region you picked.
-
-To learn more about Amazon EC2 Spot instances, visit the following links:
-
-- https://aws.amazon.com/ec2/spot/
-- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html
-- https://aws.amazon.com/blogs/aws/focusing-on-spot-instances-lets-talk-about-best-practices/
-
-### Caveats of Spot instances
-
-While Spot instances is a great way to use unused resources and minimize the
-costs of your infrastructure, you must be aware of the implications.
-
-Running CI jobs on Spot instances may increase the failure rates because of the
-Spot instances pricing model. If the price exceeds your bid, the existing Spot
-instances will be immediately terminated and all your jobs on that host will fail.
-
-As a consequence, the auto-scale Runner would fail to create new machines while
-it will continue to request new instances. This eventually will make 60 requests
-and then AWS won't accept any more. Then once the Spot price is acceptable, you
-are locked out for a bit because the call amount limit is exceeded.
-
-If you encounter that case, you can use the following command in the bastion
-machine to see the Docker Machines state:
-
-```sh
-docker-machine ls -q --filter state=Error --format "{{.NAME}}"
-```
-
-NOTE: **Note:**
-There are some issues regarding making GitLab Runner gracefully handle Spot
-price changes, and there are reports of `docker-machine` attempting to
-continually remove a Docker Machine. GitLab has provided patches for both cases
-in the upstream project. For more information, see issues
-[#2771](https://gitlab.com/gitlab-org/gitlab-runner/issues/2771) and
-[#2772](https://gitlab.com/gitlab-org/gitlab-runner/issues/2772).
-
-## Conclusion
-
-In this guide we learned how to install and configure a GitLab Runner in
-autoscale mode on AWS.
-
-Using the autoscale feature of GitLab Runner can save you both time and money.
-Using the Spot instances that AWS provides can save you even more, but you must
-be aware of the implications. As long as your bid is high enough, there shouldn't
-be an issue.
-
-You can read the following use cases from which this tutorial was (heavily)
-influenced:
-
-- [HumanGeo - Scaling GitLab CI](http://blog.thehumangeo.com/gitlab-autoscale-runners.html)
-- [subtrakt Health - Autoscale GitLab CI Runners and save 90% on EC2 costs](https://substrakthealth.com/news/gitlab-ci-cost-savings/)
-
-[spot]: https://aws.amazon.com/ec2/spot/
+This document was moved to [another location](https://docs.gitlab.com/runner/configuration/runner_autoscale_aws/index.html).
diff --git a/doc/ci/README.md b/doc/ci/README.md
index 5829aaee9c9..eabeb4510db 100644
--- a/doc/ci/README.md
+++ b/doc/ci/README.md
@@ -2,151 +2,120 @@
 comments: false
 ---
 
-# GitLab Continuous Integration (GitLab CI)
+# GitLab Continuous Integration (GitLab CI/CD)
 
 ![Pipeline graph](img/cicd_pipeline_infograph.png)
 
 The benefits of Continuous Integration are huge when automation plays an
 integral part of your workflow. GitLab comes with built-in Continuous
-Integration, Continuous Deployment, and Continuous Delivery support to build,
-test, and deploy your application.
+Integration, Continuous Deployment, and Continuous Delivery support
+to build, test, and deploy your application.
 
 Here's some info we've gathered to get you started.
 
 ## Getting started
 
-The first steps towards your GitLab CI journey.
+The first steps towards your GitLab CI/CD journey.
 
-- [Getting started with GitLab CI](quick_start/README.md)
-- [Pipelines and jobs](pipelines.md)
-- [Configure a Runner, the application that runs your jobs](runners/README.md)
-- **Articles:**
-  - [Getting started with GitLab and GitLab CI - Intro to CI](https://about.gitlab.com/2015/12/14/getting-started-with-gitlab-and-gitlab-ci/)
-  - [Continuous Integration, Delivery, and Deployment with GitLab - Intro to CI/CD](https://about.gitlab.com/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/)
-  - [GitLab CI: Run jobs sequentially, in parallel, or build a custom pipeline](https://about.gitlab.com/2016/07/29/the-basics-of-gitlab-ci/)
-  - [Setting up GitLab Runner For Continuous Integration](https://about.gitlab.com/2016/03/01/gitlab-runner-with-docker/)
-  - [GitLab CI: Deployment & environments](https://about.gitlab.com/2016/08/26/ci-deployment-and-environments/)
+- [Getting started with GitLab CI/CD](quick_start/README.md): understand how GitLab CI/CD works.
+- GitLab CI/CD configuration file: [`.gitlab-ci.yml`](yaml/README.md) - Learn all about the ins and outs of `.gitlab-ci.yml`.
+- [Pipelines and jobs](pipelines.md): configure your GitLab CI/CD pipelines to build, test, and deploy your application.
+- Runners: The [GitLab Runner](https://docs.gitlab.com/runner/) is responsible by running the jobs in your CI/CD pipeline. On GitLab.com, Shared Runners are enabled by default, so
+you don't need to set up anything to start to use them with GitLab CI/CD.
+
+### Introduction to GitLab CI/CD
+
+- Article (2016-08-05): [Continuous Integration, Delivery, and Deployment with GitLab - Intro to CI/CD](https://about.gitlab.com/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/)
+- Article (2015-12-14): [Getting started with GitLab and GitLab CI - Intro to CI](https://about.gitlab.com/2015/12/14/getting-started-with-gitlab-and-gitlab-ci/)
+- Article (2017-07-13): [Making CI Easier with GitLab](https://about.gitlab.com/2017/07/13/making-ci-easier-with-gitlab/)
+- Article (2017-05-22): [Fast and Natural Continuous Integration with GitLab CI](https://about.gitlab.com/2017/05/22/fast-and-natural-continuous-integration-with-gitlab-ci/)
 - **Videos:**
-  - [Demo (Streamed live on Jul 17, 2017): GitLab CI/CD Deep Dive](https://youtu.be/pBe4t1CD8Fc?t=195)
-  - [Demo (March, 2017): how to get started using CI/CD with GitLab](https://about.gitlab.com/2017/03/13/ci-cd-demo/)
-  - [Webcast (April, 2016): getting started with CI in GitLab](https://about.gitlab.com/2016/04/20/webcast-recording-and-slides-introduction-to-ci-in-gitlab/)
+  - Demo (Streamed live on Jul 17, 2017): [GitLab CI/CD Deep Dive](https://youtu.be/pBe4t1CD8Fc?t=195)
+  - Demo (March, 2017): [How to get started using CI/CD with GitLab](https://about.gitlab.com/2017/03/13/ci-cd-demo/)
+  - Webcast (April, 2016): [Getting started with CI in GitLab](https://about.gitlab.com/2016/04/20/webcast-recording-and-slides-introduction-to-ci-in-gitlab/)
 - **Third-party videos:**
   - [Intégration continue avec GitLab (September, 2016)](https://www.youtube.com/watch?v=URcMBXjIr24&t=13s)
   - [GitLab CI for Minecraft Plugins (July, 2016)](https://www.youtube.com/watch?v=Z4pcI9F8yf8)
 
-## Reference guides
+### Why GitLab CI/CD?
 
-Once you get familiar with the getting started guides, you'll find yourself
-digging into specific reference guides.
+  - Article (2016-10-17): [Why We Chose GitLab CI for our CI/CD Solution](https://about.gitlab.com/2016/10/17/gitlab-ci-oohlala/)
+  - Article (2016-07-22): [Building our web-app on GitLab CI: 5 reasons why Captain Train migrated from Jenkins to GitLab CI](https://about.gitlab.com/2016/07/22/building-our-web-app-on-gitlab-ci/)
 
-- [`.gitlab-ci.yml` reference](yaml/README.md) - Learn all about the ins and
-  outs of `.gitlab-ci.yml` definitions
-- [CI Variables](variables/README.md) - Learn how to use variables defined in
+## Exploring GitLab CI/CD
+
+- [CI/CD Variables](variables/README.md) - Learn how to use variables defined in
   your `.gitlab-ci.yml` or secured ones defined in your project's settings
 - **The permissions model** - Learn about the access levels a user can have for
   performing certain CI actions
   - [User permissions](../user/permissions.md#gitlab-ci)
   - [Job permissions](../user/permissions.md#job-permissions)
-
-## Auto DevOps
-
-- [Auto DevOps](../topics/autodevops/index.md)
-
-## GitLab CI + Docker
-
-Leverage the power of Docker to run your CI pipelines.
-
-- [Use Docker images with GitLab Runner](docker/using_docker_images.md)
-- [Use CI to build Docker images](docker/using_docker_build.md)
-- [CI services (linked Docker containers)](services/README.md)
-- **Articles:**
-  - [Setting up GitLab Runner For Continuous Integration](https://about.gitlab.com/2016/03/01/gitlab-runner-with-docker/)
+- [Configure a Runner, the application that runs your jobs](runners/README.md)
+- Article (2016-03-01): [Setting up GitLab Runner For Continuous Integration](https://about.gitlab.com/2016/03/01/gitlab-runner-with-docker/)
+- Article (2016-07-29): [GitLab CI: Run jobs sequentially, in parallel, or build a custom pipeline](https://about.gitlab.com/2016/07/29/the-basics-of-gitlab-ci/)
+- Article (2016-08-26): [GitLab CI: Deployment & environments](https://about.gitlab.com/2016/08/26/ci-deployment-and-environments/)
+- Article (2016-05-23): [Introduction to GitLab Container Registry](https://about.gitlab.com/2016/05/23/gitlab-container-registry/)
 
 ## Advanced use
 
-Once you get familiar with the basics of GitLab CI, it's time to dive in and
+Once you get familiar with the basics of GitLab CI/CD, it's time to dive in and
 learn how to leverage its potential even more.
 
-- [Environments and deployments](environments.md) - Separate your jobs into
+- [Environments and deployments](environments.md): Separate your jobs into
   environments and use them for different purposes like testing, building and
   deploying
 - [Job artifacts](../user/project/pipelines/job_artifacts.md)
-- [Git submodules](git_submodules.md) - How to run your CI jobs when Git
+- [Git submodules](git_submodules.md): How to run your CI jobs when Git
   submodules are involved
-- [Auto deploy](autodeploy/index.md)
 - [Use SSH keys in your build environment](ssh_keys/README.md)
 - [Trigger pipelines through the GitLab API](triggers/README.md)
 - [Trigger pipelines on a schedule](../user/project/pipelines/schedules.md)
 
-## Review Apps
+## GitLab CI/CD for Docker
 
-- [Review Apps](review_apps/index.md)
-- **Articles:**
-  - [Introducing Review Apps](https://about.gitlab.com/2016/11/22/introducing-review-apps/)
-  - [Example project that shows how to use Review Apps](https://gitlab.com/gitlab-examples/review-apps-nginx/)
+Leverage the power of Docker to run your CI pipelines.
 
-## GitLab CI for GitLab Pages
+- [Use Docker images with GitLab Runner](docker/using_docker_images.md)
+- [Use CI to build Docker images](docker/using_docker_build.md)
+- [CI services (linked Docker containers)](services/README.md)
+- Article (2016-03-01): [Setting up GitLab Runner For Continuous Integration](https://about.gitlab.com/2016/03/01/gitlab-runner-with-docker/)
 
-See the topic on [GitLab Pages](../user/project/pages/index.md).
+## Review Apps
 
-## Special configuration
+- [Review Apps documentation](review_apps/index.md)
+- Article (2016-11-22): [Introducing Review Apps](https://about.gitlab.com/2016/11/22/introducing-review-apps/)
+- [Example project that shows how to use Review Apps](https://gitlab.com/gitlab-examples/review-apps-nginx/)
 
-You can change the default behavior of GitLab CI in your whole GitLab instance
-as well as in each project.
+## Auto DevOps
 
-- **Project specific**
-  - [Pipelines settings](../user/project/pipelines/settings.md)
-  - [Learn how to enable or disable GitLab CI](enable_or_disable_ci.md)
-- **Affecting the whole GitLab instance**
-  - [Continuous Integration admin settings](../user/admin_area/settings/continuous_integration.md)
+- [Auto DevOps](../topics/autodevops/index.md): Auto DevOps automatically detects, builds, tests, deploys, and monitors your applications.
+
+## GitLab CI for GitLab Pages
+
+See the documentation on [GitLab Pages](../user/project/pages/index.md).
 
 ## Examples
 
->**Note:**
-A collection of `.gitlab-ci.yml` files is maintained at the
-[GitLab CI Yml project][gitlab-ci-templates].
-If your favorite programming language or framework is missing we would love
-your help by sending a merge request with a `.gitlab-ci.yml`.
-
-Here is an collection of tutorials and guides on setting up your CI pipeline.
-
-- [GitLab CI examples](examples/README.md) for the following languages and frameworks:
-  - [PHP](examples/php.md)
-  - [Ruby](examples/test-and-deploy-ruby-application-to-heroku.md)
-  - [Python](examples/test-and-deploy-python-application-to-heroku.md)
-  - [Clojure](examples/test-clojure-application.md)
-  - [Scala](examples/test-scala-application.md)
-  - [Phoenix](examples/test-phoenix-application.md)
-  - [Run PHP Composer & NPM scripts then deploy them to a staging server](examples/deployment/composer-npm-deploy.md)
-  - [Analyze code quality with the Code Climate CLI](examples/code_climate.md)
-- **Articles**
-  - [How to test and deploy Laravel/PHP applications with GitLab CI/CD and Envoy](examples/laravel_with_gitlab_and_envoy/index.md)
-  - [How to deploy Maven projects to Artifactory with GitLab CI/CD](examples/artifactory_and_gitlab/index.md)
-  - [Automated Debian packaging](https://about.gitlab.com/2016/10/12/automated-debian-package-build-with-gitlab-ci/)
-  - [Spring boot application with GitLab CI and Kubernetes](https://about.gitlab.com/2016/12/14/continuous-delivery-of-a-spring-boot-application-with-gitlab-ci-and-kubernetes/)
-  - [Setting up GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/)
-  - [Setting up GitLab CI for Android projects](https://about.gitlab.com/2016/11/30/setting-up-gitlab-ci-for-android-projects/)
-  - [Building a new GitLab Docs site with Nanoc, GitLab CI, and GitLab Pages](https://about.gitlab.com/2016/12/07/building-a-new-gitlab-docs-site-with-nanoc-gitlab-ci-and-gitlab-pages/)
-  - [CI/CD with GitLab in action](https://about.gitlab.com/2017/03/13/ci-cd-demo/)
-  - [Building an Elixir Release into a Docker image using GitLab CI](https://about.gitlab.com/2016/08/11/building-an-elixir-release-into-docker-image-using-gitlab-ci-part-1/)
-- **Miscellaneous**
-  - [Using `dpl` as deployment tool](examples/deployment/README.md)
-  - [Repositories with examples for various languages](https://gitlab.com/groups/gitlab-examples)
-  - [The .gitlab-ci.yml file for GitLab itself](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab-ci.yml)
-  - [Example project that shows how to use Review Apps](https://gitlab.com/gitlab-examples/review-apps-nginx/)
+Check the [GitLab CI/CD examples](examples/README.md) for a collection of tutorials and guides on setting up your CI/CD pipeline for various programming languages, frameworks,
+and operating systems.
 
 ## Integrations
 
-- **Articles:**
-  - [Continuous Delivery with GitLab and Convox](https://about.gitlab.com/2016/06/09/continuous-delivery-with-gitlab-and-convox/)
-  - [Getting Started with GitLab and Shippable Continuous Integration](https://about.gitlab.com/2016/05/05/getting-started-gitlab-and-shippable/)
-  - [GitLab Partners with DigitalOcean to make Continuous Integration faster, safer, and more affordable](https://about.gitlab.com/2016/04/19/gitlab-partners-with-digitalocean-to-make-continuous-integration-faster-safer-and-more-affordable/)
+- Article (2016-06-09): [Continuous Delivery with GitLab and Convox](https://about.gitlab.com/2016/06/09/continuous-delivery-with-gitlab-and-convox/)
+- Article (2016-05-05): [Getting Started with GitLab and Shippable Continuous Integration](https://about.gitlab.com/2016/05/05/getting-started-gitlab-and-shippable/)
+- Article (2016-04-19): [GitLab Partners with DigitalOcean to make Continuous Integration faster, safer, and more affordable](https://about.gitlab.com/2016/04/19/gitlab-partners-with-digitalocean-to-make-continuous-integration-faster-safer-and-more-affordable/)
 
-## Why GitLab CI?
+## Special configuration (GitLab admin)
 
-- **Articles:**
-  - [Why We Chose GitLab CI for our CI/CD Solution](https://about.gitlab.com/2016/10/17/gitlab-ci-oohlala/)
-  - [Building our web-app on GitLab CI: 5 reasons why Captain Train migrated from Jenkins to GitLab CI](https://about.gitlab.com/2016/07/22/building-our-web-app-on-gitlab-ci/)
+As a GitLab administrator, you can change the default behavior of GitLab CI/CD in
+your whole GitLab instance as well as in each project.
+
+- [Continuous Integration admin settings](../administration/index.md#continuous-integration-settings)
+- **Project specific:**
+  - [Pipelines settings](../user/project/pipelines/settings.md)
+  - [Learn how to enable or disable GitLab CI](enable_or_disable_ci.md)
+- **Affecting the whole GitLab instance:**
+  - [Continuous Integration admin settings](../user/admin_area/settings/continuous_integration.md)
 
 ## Breaking changes
 
diff --git a/doc/ci/autodeploy/index.md b/doc/ci/autodeploy/index.md
index 474cb28b9e4..7102af5c529 100644
--- a/doc/ci/autodeploy/index.md
+++ b/doc/ci/autodeploy/index.md
@@ -37,6 +37,8 @@ during the deployment.
 
 We made a [simple guide](quick_start_guide.md) to using Auto Deploy with GitLab.com.
 
+For a demonstration of GitLab Auto Deploy, read the blog post [Auto Deploy from GitLab to an OpenShift Container Cluster](https://about.gitlab.com/2017/05/16/devops-containers-gitlab-openshift/)
+
 ## Supported templates
 
 The list of supported auto deploy templates is available in the
diff --git a/doc/ci/examples/README.md b/doc/ci/examples/README.md
index d4590d0f495..0109e77935a 100644
--- a/doc/ci/examples/README.md
+++ b/doc/ci/examples/README.md
@@ -2,81 +2,72 @@
 comments: false
 ---
 
-# GitLab CI Examples
+# GitLab CI/CD Examples
 
-A collection of `.gitlab-ci.yml` files is maintained at the [GitLab CI Yml project][gitlab-ci-templates].
-If your favorite programming language or framework are missing we would love your help by sending a merge request
-with a `.gitlab-ci.yml`.
+A collection of `.gitlab-ci.yml` template files is maintained at the [GitLab CI/CD YAML project][gitlab-ci-templates]. When you create a new file via the UI,
+GitLab will give you the option to choose one of the templates existent on this project.
+If your favorite programming language or framework are missing we would love your
+help by sending a merge request with a new `.gitlab-ci.yml` to this project.
 
-Apart from those, here is an collection of tutorials and guides on setting up your CI pipeline:
+There's also a collection of repositories with [example projects](https://gitlab.com/gitlab-examples) for various languages. You can fork an adjust them to your own needs.
 
 ## Languages, frameworks, OSs
 
-### PHP
+- **PHP**:
+  - [Testing a PHP application](php.md)
+  - [Run PHP Composer & NPM scripts then deploy them to a staging server](deployment/composer-npm-deploy.md)
+  - [How to test and deploy Laravel/PHP applications with GitLab CI/CD and Envoy](laravel_with_gitlab_and_envoy/index.md)
+- **Ruby**: [Test and deploy a Ruby application to Heroku](test-and-deploy-ruby-application-to-heroku.md)
+- **Python**: [Test and deploy a Python application to Heroku](test-and-deploy-python-application-to-heroku.md)
+- **Java**: [Continuous Delivery of a Spring Boot application with GitLab CI and Kubernetes](https://about.gitlab.com/2016/12/14/continuous-delivery-of-a-spring-boot-application-with-gitlab-ci-and-kubernetes/)
+- **Scala**: [Test a Scala application](test-scala-application.md)
+- **Clojure**: [Test a Clojure application](test-clojure-application.md)
+- **Elixir**:
+  - [Test a Phoenix application](test-phoenix-application.md)
+  - [Building an Elixir Release into a Docker image using GitLab CI](https://about.gitlab.com/2016/08/11/building-an-elixir-release-into-docker-image-using-gitlab-ci-part-1/)
+- **iOS and macOS**:
+  - [Setting up GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/)
+  - [How to use GitLab CI and MacStadium to build your macOS or iOS projects](https://about.gitlab.com/2017/05/15/how-to-use-macstadium-and-gitlab-ci-to-build-your-macos-or-ios-projects/)
+- **Android**: [Setting up GitLab CI for Android projects](https://about.gitlab.com/2016/11/30/setting-up-gitlab-ci-for-android-projects/)
+- **Debian**: [Continuous Deployment with GitLab: how to build and deploy a Debian Package with GitLab CI](https://about.gitlab.com/2016/10/12/automated-debian-package-build-with-gitlab-ci/)
+- **Maven**: [How to deploy Maven projects to Artifactory with GitLab CI/CD](artifactory_and_gitlab/index.md)
+
+### Miscellaneous
 
-- [Testing a PHP application](php.md)
-- [Run PHP Composer & NPM scripts then deploy them to a staging server](deployment/composer-npm-deploy.md)
-- [How to test and deploy Laravel/PHP applications with GitLab CI/CD and Envoy](laravel_with_gitlab_and_envoy/index.md)
-
-### Ruby
-
-- [Test and deploy a Ruby application to Heroku](test-and-deploy-ruby-application-to-heroku.md)
-
-### Python
-
-- [Test and deploy a Python application to Heroku](test-and-deploy-python-application-to-heroku.md)
-
-### Java
-
-- [Continuous Delivery of a Spring Boot application with GitLab CI and Kubernetes](https://about.gitlab.com/2016/12/14/continuous-delivery-of-a-spring-boot-application-with-gitlab-ci-and-kubernetes/)
-
-### Scala
-
-- [Test a Scala application](test-scala-application.md)
-
-### Clojure
-
-- [Test a Clojure application](test-clojure-application.md)
-
-### Elixir
+- [Using `dpl` as deployment tool](deployment/README.md)
+- [The `.gitlab-ci.yml` file for GitLab itself](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab-ci.yml)
 
-- [Test a Phoenix application](test-phoenix-application.md)
-- [Building an Elixir Release into a Docker image using GitLab CI](https://about.gitlab.com/2016/08/11/building-an-elixir-release-into-docker-image-using-gitlab-ci-part-1/)
+### Code quality analysis
 
-### iOS
+[Analyze code quality with the Code Climate CLI](code_climate.md).
 
-- [Setting up GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/)
+### Static Application Security Testing (SAST)
 
-### Android
+- **(EEU)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html)
+- [Scan your Docker images for vulnerabilities](sast_docker.md)
 
-- [Setting up GitLab CI for Android projects](https://about.gitlab.com/2016/11/30/setting-up-gitlab-ci-for-android-projects/)
+### Dynamic Application Security Testing (DAST)
 
-### Code quality analysis
+Scan your app for vulnerabilities with GitLab [Dynamic Application Security Testing (DAST)](dast.md).
 
-- [Analyze code quality with the Code Climate CLI](code_climate.md)
+### Browser Performance Testing with Sitespeed.io
 
-### Other
+Analyze your [browser performance with Sitespeed.io](browser_performance.md).
 
-- [Using `dpl` as deployment tool](deployment/README.md)
-- [Repositories with examples for various languages](https://gitlab.com/groups/gitlab-examples)
-- [The .gitlab-ci.yml file for GitLab itself](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab-ci.yml)
-- [Continuous Deployment with GitLab: how to build and deploy a Debian Package with GitLab CI](https://about.gitlab.com/2016/10/12/automated-debian-package-build-with-gitlab-ci/)
-- [How to deploy Maven projects to Artifactory with GitLab CI/CD](artifactory_and_gitlab/index.md)
+### GitLab CI/CD for Review Apps
 
-## GitLab CI/CD for GitLab Pages
+- [Example project](https://gitlab.com/gitlab-examples/review-apps-nginx/) that shows how to use GitLab CI/CD for [Review Apps](../review_apps/index.html).
+- [Dockerizing GitLab Review Apps](https://about.gitlab.com/2017/07/11/dockerizing-review-apps/)
 
-- [Example projects](https://gitlab.com/pages)
-- [Creating and Tweaking `.gitlab-ci.yml` for GitLab Pages](../../user/project/pages/getting_started_part_four.md)
-- [SSGs Part 3: Build any SSG site with GitLab Pages](https://about.gitlab.com/2016/06/17/ssg-overview-gitlab-pages-part-3-examples-ci/):
-examples for Ruby-, NodeJS-, Python-, and GoLang-based SSGs
-- [Building a new GitLab docs site with Nanoc, GitLab CI, and GitLab Pages](https://about.gitlab.com/2016/12/07/building-a-new-gitlab-docs-site-with-nanoc-gitlab-ci-and-gitlab-pages/)
-- [Publish code coverage reports with GitLab Pages](https://about.gitlab.com/2016/11/03/publish-code-coverage-report-with-gitlab-pages/)
+### GitLab CI/CD for GitLab Pages
 
 See the documentation on [GitLab Pages](../../user/project/pages/index.md) for a complete overview.
 
-## More
+## Contributing
 
-Contributions are very much welcomed! You can help your favorite programming
-language and GitLab by sending a merge request with a guide for that language.
+Contributions are very welcome! You can help your favorite programming
+language users and GitLab by sending a merge request with a guide for that language.
+You may want to apply for the [GitLab Community Writers Program](https://about.gitlab.com/community-writers/)
+to get paid for writing complete articles for GitLab.
 
 [gitlab-ci-templates]: https://gitlab.com/gitlab-org/gitlab-ci-yml
diff --git a/doc/ci/examples/dast.md b/doc/ci/examples/dast.md
new file mode 100644
index 00000000000..16ff8d5bb3e
--- /dev/null
+++ b/doc/ci/examples/dast.md
@@ -0,0 +1,35 @@
+# Dynamic Application Security Testing with GitLab CI/CD
+
+This example shows how to run
+[Dynamic Application Security Testing (DAST)](https://en.wikipedia.org/wiki/Dynamic_program_analysis)
+on your project's source code by using GitLab CI/CD.
+
+DAST is using the popular open source tool
+[OWASP ZAProxy](https://github.com/zaproxy/zaproxy) to perform an analysis.
+
+All you need is a GitLab Runner with the Docker executor (the shared Runners on
+GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`,
+called `dast`:
+
+```yaml
+dast:
+  image: owasp/zap2docker-stable
+  script:
+    - mkdir /zap/wrk/
+    - /zap/zap-baseline.py -J gl-dast-report.json -t https://example.com || true
+    - cp /zap/wrk/gl-dast-report.json .
+  artifacts:
+    paths: [gl-dast-report.json]
+```
+
+The above example will create a `dast` job in your CI pipeline and will allow
+you to download and analyze the report artifact in JSON format.
+
+TIP: **Tip:**
+Starting with [GitLab Enterprise Edition Ultimate][ee] 10.4, this information will
+be automatically extracted and shown right in the merge request widget. To do
+so, the CI job must be named `dast` and the artifact path must be
+`gl-dast-report.json`.
+[Learn more on dynamic application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/dast.html).
+
+[ee]: https://about.gitlab.com/gitlab-ee/
diff --git a/doc/ci/examples/sast_docker.md b/doc/ci/examples/sast_docker.md
new file mode 100644
index 00000000000..d99cfe93afa
--- /dev/null
+++ b/doc/ci/examples/sast_docker.md
@@ -0,0 +1,55 @@
+# Static Application Security Testing for Docker containers with GitLab CI/CD
+
+You can check your Docker images (or more precisely the containers) for known
+vulnerabilities by using [Clair](https://github.com/coreos/clair) and
+[clair-scanner](https://github.com/arminc/clair-scanner), two open source tools
+for Vulnerability Static Analysis for containers.
+
+All you need is a GitLab Runner with the Docker executor (the shared Runners on
+GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`,
+called `sast:container`:
+
+```yaml
+sast:container:
+  image: docker:latest
+  variables:
+    DOCKER_DRIVER: overlay2
+    ## Define two new variables based on GitLab's CI/CD predefined variables
+    ## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
+    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
+    CI_APPLICATION_TAG: $CI_COMMIT_SHA
+  allow_failure: true
+  services:
+    - docker:dind
+  script:
+    - docker run -d --name db arminc/clair-db:latest
+    - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
+    - apk add -U wget ca-certificates
+    - docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
+    - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
+    - mv clair-scanner_linux_amd64 clair-scanner
+    - chmod +x clair-scanner
+    - touch clair-whitelist.yml
+    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
+  artifacts:
+    paths: [gl-sast-container-report.json]
+```
+
+The above example will create a `sast:container` job in your CI/CD pipeline, pull
+the image from the [Container Registry](../../user/project/container_registry.md)
+(whose name is defined from the two `CI_APPLICATION_` variables) and scan it
+for possible vulnerabilities. The report will be saved as an artifact that you
+can later download and analyze.
+
+If you want to whitelist some specific vulnerabilities, you can do so by defining
+them in a [YAML file](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file),
+in our case its named `clair-whitelist.yml`.
+
+TIP: **Tip:**
+Starting with [GitLab Enterprise Edition Ultimate][ee] 10.4, this information will
+be automatically extracted and shown right in the merge request widget. To do
+so, the CI/CD job must be named `sast:container` and the artifact path must be
+`gl-sast-container-report.json`.
+[Learn more on application security testing results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html).
+
+[ee]: https://about.gitlab.com/gitlab-ee/
diff --git a/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md b/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
index 10fd2616fab..7f9ab1f3a5e 100644
--- a/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
+++ b/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
@@ -10,6 +10,7 @@ This is what the `.gitlab-ci.yml` file looks like for this project:
 
 ```yaml
 test:
+  stage: test
   script:
   - apt-get update -qy
   - apt-get install -y nodejs
@@ -18,7 +19,7 @@ test:
   - bundle exec rake test
 
 staging:
-  type: deploy
+  stage: deploy
   script:
   - gem install dpl
   - dpl --provider=heroku --app=gitlab-ci-ruby-test-staging --api-key=$HEROKU_STAGING_API_KEY
@@ -26,7 +27,7 @@ staging:
   - master
 
 production:
-  type: deploy
+  stage: deploy
   script:
   - gem install dpl
   - dpl --provider=heroku --app=gitlab-ci-ruby-test-prod --api-key=$HEROKU_PRODUCTION_API_KEY
diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md
index 32464cbb259..82052cc0376 100644
--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
@@ -93,7 +93,7 @@ be an array or a multi-line string.
 > Introduced in GitLab 8.7 and requires Gitlab Runner v1.2
 
 `after_script` is used to define the command that will be run after for all
-jobs. This has to be an array or a multi-line string.
+jobs, including failed ones. This has to be an array or a multi-line string.
 
 > **Note:**
 The `before_script` and the main `script` are concatenated and run in a single context/container.
@@ -258,7 +258,7 @@ The `cache:key` variable can use any of the [predefined variables](../variables/
 The default key is **default** across the project, therefore everything is
 shared between each pipelines and jobs by default, starting from GitLab 9.0.
 
->**Note:** The `cache:key` variable cannot contain the `/` character.
+>**Note:** The `cache:key` variable cannot contain the `/` character, or the equivalent URI encoded `%2F`; a value made only of dots (`.`, `%2E`) is also forbidden.
 
 ---
 
diff --git a/doc/development/doc_styleguide.md b/doc/development/doc_styleguide.md
index 9cb1f708a6a..f41d31797af 100644
--- a/doc/development/doc_styleguide.md
+++ b/doc/development/doc_styleguide.md
@@ -34,7 +34,6 @@ The table below shows what kind of documentation goes where.
 | `doc/install/`| Probably the most visited directory, since `installation.md` is there. Ideally this should go under `doc/administration/`, but it's best to leave it as-is in order to avoid confusion (still debated though). |
 | `doc/update/` | Same with `doc/install/`. Should be under `administration/`, but this is a well known location, better leave as-is, at least for now. |
 | `doc/topics/` | Indexes per Topic (`doc/topics/topic-name/index.md`): all resources for that topic (user and admin documentation, articles, and third-party docs) |
-| `doc/articles/` | [Technical Articles](writing_documentation.md#technical-articles): user guides, admin guides, technical overviews, tutorials (`doc/articles/article-title/index.md`). |
 
 ---
 
@@ -67,11 +66,10 @@ The table below shows what kind of documentation goes where.
 1. The `doc/topics/` directory holds topic-related technical content. Create
    `doc/topics/topic-name/subtopic-name/index.md` when subtopics become necessary.
    General user- and admin- related documentation, should be placed accordingly.
-1. For technical articles, place their images under `doc/articles/article-title/img/`.
 
 ---
 
-If you are unsure where a document should live, you can ping `@axil` in your
+If you are unsure where a document should live, you can ping `@axil` or `@marcia` in your
 merge request.
 
 ## Text
@@ -108,8 +106,8 @@ merge request.
 - Avoid adding things that show ephemeral statuses. For example, if a feature is
   considered beta or experimental, put this info in a note, not in the heading.
 - When introducing a new document, be careful for the headings to be
-  grammatically and syntactically correct. It is advised to mention one or all
-  of the following GitLab members for a review: `@axil`, `@rspeicher`, `@marcia`.
+  grammatically and syntactically correct. Mention one or all
+  of the following GitLab members for a review: `@axil` or `@marcia`.
   This is to ensure that no document with wrong heading is going
   live without an audit, thus preventing dead links and redirection issues when
   corrected
@@ -203,7 +201,7 @@ You can combine one or more of the following:
 - Keep all file names in lower case.
 - Consider using PNG images instead of JPEG.
 - Compress all images with <https://tinypng.com/> or similar tool.
-- Compress gifs with <https://ezgif.com/optimize> or similar toll.
+- Compress gifs with <https://ezgif.com/optimize> or similar tool.
 - Images should be used (only when necessary) to _illustrate_ the description
 of a process, not to _replace_ it.
 
@@ -330,6 +328,10 @@ For example, if you were to move `doc/workflow/lfs/lfs_administration.md` to
     git grep -n "lfs/lfs_administration"
     ```
 
+NOTE: **Note:**
+If the document being moved has any Disqus comments on it, there are extra steps
+to follow documented just [below](#redirections-for-pages-with-disqus-comments).
+
 Things to note:
 
 - Since we also use inline documentation, except for the documentation itself,
@@ -342,6 +344,32 @@ Things to note:
   documentation, sometimes it might be useful to search a path deeper.
 - The `*.md` extension is not used when a document is linked to GitLab's
   built-in help page, that's why we omit it in `git grep`.
+- Use the checklist on the documentation MR description template.
+
+### Redirections for pages with Disqus comments
+
+If the documentation page being relocated already has any Disqus comments,
+we need to preserve the Disqus thread.
+
+Disqus uses an identifier per page, and for docs.gitlab.com, the page identifier
+is configured to be the page URL. Therefore, when we change the document location,
+we need to preserve the old URL as the same Disqus identifier.
+
+To do that, add to the frontmatter the variable `redirect_from`,
+using the old URL as value. For example, let's say I moved the document
+available under `https://docs.gitlab.com/my-old-location/README.html` to a new location,
+`https://docs.gitlab.com/my-new-location/index.html`.
+
+Into the **new document** frontmatter add the following:
+
+```yaml
+---
+redirect_from: 'https://docs.gitlab.com/my-old-location/README.html'
+---
+```
+
+Note: it is necessary to include the file name in the `redirect_from` URL,
+even if it's `index.html` or `README.html`.
 
 ## Configuration documentation for source and Omnibus installations
 
diff --git a/doc/development/ee_features.md b/doc/development/ee_features.md
index 1af839a27e1..f8cee89e650 100644
--- a/doc/development/ee_features.md
+++ b/doc/development/ee_features.md
@@ -87,9 +87,9 @@ still having access the class's implementation with `super`.
 
 There are a few gotchas with it:
 
-- you should always add a `raise NotImplementedError unless defined?(super)`
-  guard clause in the "overrider" method to ensure that if the method gets
-  renamed in CE, the EE override won't be silently forgotten.
+- you should always [`extend ::Gitlab::Utils::Override`] and use `override` to
+  guard the "overrider" method to ensure that if the method gets renamed in
+  CE, the EE override won't be silently forgotten.
 - when the "overrider" would add a line in the middle of the CE
   implementation, you should refactor the CE method and split it in
   smaller methods. Or create a "hook" method that is empty in CE,
@@ -134,6 +134,9 @@ There are a few gotchas with it:
   guards:
   ``` ruby
     module EE::Base
+      extend ::Gitlab::Utils::Override
+
+      override :do_something
       def do_something
         # Follow the above pattern to call super and extend it
       end
@@ -174,10 +177,11 @@ implementation:
 
 ```ruby
 module EE
-  class ApplicationController
-    def after_sign_out_path_for(resource)
-      raise NotImplementedError unless defined?(super)
+  module ApplicationController
+    extend ::Gitlab::Utils::Override
 
+    override :after_sign_out_path_for
+    def after_sign_out_path_for(resource)
       if Gitlab::Geo.secondary?
         Gitlab::Geo.primary_node.oauth_logout_url(@geo_logout_state)
       else
@@ -188,6 +192,8 @@ module EE
 end
 ```
 
+[`extend ::Gitlab::Utils::Override`]: utilities.md#override
+
 #### Use self-descriptive wrapper methods
 
 When it's not possible/logical to modify the implementation of a
@@ -208,8 +214,8 @@ end
 In EE, the implementation `ee/app/models/ee/users.rb` would be:
 
 ```ruby
+override :full_private_access?
 def full_private_access?
-  raise NotImplementedError unless defined?(super)
   super || auditor?
 end
 ```
diff --git a/doc/development/utilities.md b/doc/development/utilities.md
index 951c3ef85ce..8f9aff1a35f 100644
--- a/doc/development/utilities.md
+++ b/doc/development/utilities.md
@@ -45,6 +45,51 @@ We developed a number of utilities to ease development.
     [:hello, "world", :this, :crushes, "an entire", "hash"]
     ```
 
+## [`Override`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/utils/override.rb)
+
+* This utility could help us check if a particular method would override
+  another method or not. It has the same idea of Java's `@Override` annotation
+  or Scala's `override` keyword. However we only do this check when
+  `ENV['STATIC_VERIFICATION']` is set to avoid production runtime overhead.
+  This is useful to check:
+
+    * If we have typos in overriding methods.
+    * If we renamed the overridden methods, making original overriding methods
+      overrides nothing.
+
+    Here's a simple example:
+
+    ``` ruby
+    class Base
+      def execute
+      end
+    end
+
+    class Derived < Base
+      extend ::Gitlab::Utils::Override
+
+      override :execute # Override check happens here
+      def execute
+      end
+    end
+    ```
+
+    This also works on modules:
+
+    ``` ruby
+    module Extension
+      extend ::Gitlab::Utils::Override
+
+      override :execute # Modules do not check this immediately
+      def execute
+      end
+    end
+
+    class Derived < Base
+      prepend Extension # Override check happens here, not in the module
+    end
+    ```
+
 ## [`StrongMemoize`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/utils/strong_memoize.rb)
 
 * Memoize the value even if it is `nil` or `false`.
diff --git a/doc/development/writing_documentation.md b/doc/development/writing_documentation.md
index 133ac0234cf..2a1d744668b 100644
--- a/doc/development/writing_documentation.md
+++ b/doc/development/writing_documentation.md
@@ -25,6 +25,26 @@ them to review it for you.
 We use the [monthly release blog post](https://about.gitlab.com/handbook/marketing/blog/release-posts/#monthly-releases) as a changelog checklist to ensure everything
 is documented.
 
+Whenever you submit a merge request for the documentation, use the documentation MR description template.
+
+### Documentation directory structure
+
+The documentation is structured based on the GitLab UI structure itself,
+separated by [`user`](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/user),
+[`administrator`](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/administration), and [`contributor`](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/development).
+
+To learn where to place a new document, check the [documentation style guide](doc_styleguide.md#location-and-naming-of-documents).
+
+In order to have a [solid site structure](https://searchengineland.com/seo-benefits-developing-solid-site-structure-277456) for our documentation,
+all docs should be linked. Every new document should be cross-linked to its related documentation, and linked from its topic-related index, when existent.
+
+The directories `/workflow/`, `/gitlab-basics/`, `/university/`, and `/articles/` have
+been deprecated and the majority their docs have been moved to their correct location
+in small iterations. Please don't create new docs in these folders.
+
+To move a document from its location to another directory, read the section
+[changing document location](doc_styleguide.md#changing-document-location) of the doc style guide.
+
 ### Feature overview and use cases
 
 Every major feature (regardless if present in GitLab Community or Enterprise editions)
diff --git a/doc/install/README.md b/doc/install/README.md
index 43197351db3..87f6969b415 100644
--- a/doc/install/README.md
+++ b/doc/install/README.md
@@ -25,15 +25,19 @@ the hardware requirements.
 
 ## Install GitLab on cloud providers
 
-- [Installing in Kubernetes](kubernetes/index.md) - Install GitLab into a Kubernetes
+- [Installing in Kubernetes](kubernetes/index.md): Install GitLab into a Kubernetes
   Cluster using our official Helm Chart Repository.
 - [Install GitLab on OpenShift](openshift_and_gitlab/index.md)
 - [Install GitLab on DC/OS](https://mesosphere.com/blog/gitlab-dcos/) via [GitLab-Mesosphere integration](https://about.gitlab.com/2016/09/16/announcing-gitlab-and-mesosphere/)
 - [Install GitLab on Azure](azure/index.md)
 - [Install GitLab on Google Cloud Platform](google_cloud_platform/index.md)
+- [Install GitLab on Google Container Engine (GKE)](https://about.gitlab.com/2017/01/23/video-tutorial-idea-to-production-on-google-container-engine-gke/): video tutorial on
+the full process of installing GitLab on Google Container Engine (GKE), pushing an application to GitLab, building the app with GitLab CI/CD, and deploying to production.
 - [Install on AWS](https://about.gitlab.com/aws/)
 - _Testing only!_ [DigitalOcean and Docker Machine](digitaloceandocker.md) -
   Quickly test any version of GitLab on DigitalOcean using Docker Machine.
+- [Getting started with GitLab and DigitalOcean](ttps://about.gitlab.com/2016/04/27/getting-started-with-gitlab-and-digitalocean/): requirements, installation process, updates.
+- [Demo: Cloud Native Development with GitLab](https://about.gitlab.com/2017/04/18/cloud-native-demo/): video demonstration on how to install GitLab on Kubernetes, build a project, create Review Apps, store Docker images in Container Registry, deploy to production on Kubernetes, and monitor with Prometheus.
 
 ## Database
 
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 2b7352d3561..b2acd5e78b5 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -64,7 +64,7 @@ up-to-date and install it.
 
 Install the required packages (needed to compile Ruby and native extensions to Ruby gems):
 
-    sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libre2-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate python-docutils pkg-config cmake
+    sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libre2-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate rsync python-docutils pkg-config cmake
 
 Ubuntu 14.04 (Trusty Tahr) doesn't have the `libre2-dev` package available, but
 you can [install re2 manually](https://github.com/google/re2/wiki/Install).
diff --git a/doc/install/openshift_and_gitlab/index.md b/doc/install/openshift_and_gitlab/index.md
index 8fba44aea02..448cbe1077d 100644
--- a/doc/install/openshift_and_gitlab/index.md
+++ b/doc/install/openshift_and_gitlab/index.md
@@ -15,6 +15,8 @@ In this tutorial, we will see how to deploy GitLab in OpenShift using GitLab's
 official Docker image while getting familiar with the web interface and CLI
 tools that will help us achieve our goal.
 
+For a video demonstration on installing GitLab on Openshift, check the article [In 13 minutes from Kubernetes to a complete application development tool](https://about.gitlab.com/2016/11/14/idea-to-production/).
+
 ---
 
 ## Prerequisites
diff --git a/doc/install/requirements.md b/doc/install/requirements.md
index baecf9455b0..272148033b5 100644
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@@ -121,7 +121,7 @@ Existing users using GitLab with MySQL/MariaDB are advised to
 
 ### PostgreSQL Requirements
 
-As of GitLab 10.0, PostgreSQL 9.6 or newer (but less than 10) is required, and earlier versions are
+As of GitLab 10.0, PostgreSQL 9.6 or newer is required, and earlier versions are
 not supported. We highly recommend users to use PostgreSQL 9.6 as this
 is the PostgreSQL version used for development and testing.
 
diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md
index 54c3e20d61d..50bb665216e 100644
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -5,8 +5,8 @@
 An application data backup creates an archive file that contains the database,
 all repositories and all attachments.
 
-You can only restore a backup to **exactly the same version and type (CE/EE)** 
-of GitLab on which it was created. The best way to migrate your repositories 
+You can only restore a backup to **exactly the same version and type (CE/EE)**
+of GitLab on which it was created. The best way to migrate your repositories
 from one server to another is through backup restore.
 
 ## Backup
@@ -14,6 +14,19 @@ from one server to another is through backup restore.
 GitLab provides a simple command line interface to backup your whole installation,
 and is flexible enough to fit your needs.
 
+### Requirements
+
+If you're using GitLab with the Omnibus package, you're all set. If you
+installed GitLab from source, make sure the following packages are installed:
+
+* rsync
+
+If you're using Ubuntu, you could run:
+
+```
+sudo apt-get install -y rsync
+```
+
 ### Backup timestamp
 
 >**Note:**
@@ -431,7 +444,7 @@ The [restore prerequisites section](#restore-prerequisites) includes crucial
 information. Make sure to read and test the whole restore process at least once
 before attempting to perform it in a production environment.
 
-You can only restore a backup to **exactly the same version and type (CE/EE)** of 
+You can only restore a backup to **exactly the same version and type (CE/EE)** of
 GitLab that you created it on, for example CE 9.1.0.
 
 ### Restore prerequisites
@@ -511,7 +524,7 @@ sudo service gitlab restart
 
 This procedure assumes that:
 
-- You have installed the **exact same version and type (CE/EE)** of GitLab 
+- You have installed the **exact same version and type (CE/EE)** of GitLab
   Omnibus with which the backup was created.
 - You have run `sudo gitlab-ctl reconfigure` at least once.
 - GitLab is running.  If not, start it using `sudo gitlab-ctl start`.
diff --git a/doc/system_hooks/system_hooks.md b/doc/system_hooks/system_hooks.md
index f2a9b1d769b..8c8501bcc23 100644
--- a/doc/system_hooks/system_hooks.md
+++ b/doc/system_hooks/system_hooks.md
@@ -11,6 +11,7 @@ Your GitLab instance can perform HTTP POST requests on the following events:
 - `user_remove_from_team`
 - `user_create`
 - `user_destroy`
+- `user_failed_login`
 - `user_rename`
 - `key_create`
 - `key_destroy`
@@ -22,6 +23,8 @@ Your GitLab instance can perform HTTP POST requests on the following events:
 
 The triggers for most of these are self-explanatory, but `project_update` and `project_rename` deserve some clarification: `project_update` is fired any time an attribute of a project is changed (name, description, tags, etc.) *unless* the `path` attribute is also changed. In that case, a `project_rename` is triggered instead (so that, for instance, if all you care about is the repo URL, you can just listen for `project_rename`).
 
+`user_failed_login` is sent whenever a **blocked** user attempts to login and denied access.
+
 System hooks can be used, e.g. for logging or changing information in a LDAP server.
 
 > **Note:**
@@ -196,6 +199,23 @@ Please refer to `group_rename` and `user_rename` for that case.
 }
 ```
 
+**User failed login:**
+
+```json
+{
+  "event_name": "user_failed_login",
+  "created_at": "2017-10-03T06:08:48Z",
+  "updated_at": "2018-01-15T04:52:06Z",
+        "name": "John Smith",
+       "email": "user4@example.com",
+     "user_id": 26,
+    "username": "user4",
+       "state": "blocked"
+}
+```
+
+If the user is blocked via LDAP, `state` will be `ldap_blocked`.
+
 **User renamed:**
 
 ```json
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index e23c73f46fb..6ad314647ee 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -20,6 +20,8 @@ project in an easy and automatic way:
 1. [Auto Test](#auto-test)
 1. [Auto Code Quality](#auto-code-quality)
 1. [Auto SAST (Static Application Security Testing)](#auto-sast)
+1. [Auto SAST for Docker images](#auto-sast-for-docker-images)
+1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
 1. [Auto Browser Performance Testing](#auto-browser-performance-testing)
 1. [Auto Review Apps](#auto-review-apps)
 1. [Auto Deploy](#auto-deploy)
@@ -37,6 +39,8 @@ knowledge of the following:
 Auto DevOps provides great defaults for all the stages; you can, however,
 [customize](#customizing) almost everything to your needs.
 
+For an overview on the creation of Auto DevOps, read the blog post [From 2/3 of the Self-Hosted Git Market, to the Next-Generation CI System, to Auto DevOps](https://about.gitlab.com/2017/06/29/whats-next-for-gitlab-ci/).
+
 ## Prerequisites
 
 TIP: **Tip:**
@@ -193,8 +197,10 @@ Auto Code Quality uses the open source
 [`codeclimate` image](https://hub.docker.com/r/codeclimate/codeclimate/) to run
 static analysis and other code checks on the current code. The report is
 created, and is uploaded as an artifact which you can later download and check
-out. In GitLab Enterprise Edition Starter, differences between the source and
-target branches are
+out.
+
+In GitLab Enterprise Edition Starter, differences between the source and
+target branches are also
 [shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality_diff.html).
 
 ### Auto SAST
@@ -207,7 +213,34 @@ analysis on the current code and checks for potential security issues. Once the
 report is created, it's uploaded as an artifact which you can later download and
 check out.
 
-Any security warnings are also [shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html).
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html).
+
+### Auto SAST for Docker images
+
+> Introduced in GitLab 10.4.
+
+Vulnerability Static Analysis for containers uses
+[Clair](https://github.com/coreos/clair) to run static analysis on a
+Docker image and checks for potential security issues. Once the report is
+created, it's uploaded as an artifact which you can later download and
+check out.
+
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast_docker.html).
+
+### Auto DAST
+
+> Introduced in [GitLab Enterprise Edition Ultimate][ee] 10.4.
+
+Dynamic Application Security Testing (DAST) uses the
+popular open source tool [OWASP ZAProxy](https://github.com/zaproxy/zaproxy)
+to perform an analysis on the current code and checks for potential security
+issues. Once the report is created, it's uploaded as an artifact which you can
+later download and check out.
+
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/dast.html).
 
 ### Auto Browser Performance Testing
 
diff --git a/doc/topics/git/index.md b/doc/topics/git/index.md
index f69e2e49f0c..2ca2bf743fb 100644
--- a/doc/topics/git/index.md
+++ b/doc/topics/git/index.md
@@ -44,7 +44,7 @@ We've gathered some resources to help you to get the best from Git with GitLab.
 
 ## Troubleshooting Git
 
-- [Numerous _undo_ possibilities in Git](../../articles/numerous_undo_possibilities_in_git/index.md)
+- [Numerous _undo_ possibilities in Git](numerous_undo_possibilities_in_git/index.md)
 - Learn a few [Git troubleshooting](troubleshooting_git.md) techniques to help you out.
 
 ## Branching strategies
diff --git a/doc/articles/numerous_undo_possibilities_in_git/img/branching.png b/doc/topics/git/numerous_undo_possibilities_in_git/img/branching.png
index 9a80c211c99..9a80c211c99 100644
--- a/doc/articles/numerous_undo_possibilities_in_git/img/branching.png
+++ b/doc/topics/git/numerous_undo_possibilities_in_git/img/branching.png
diff --git a/doc/articles/numerous_undo_possibilities_in_git/img/rebase_reset.png b/doc/topics/git/numerous_undo_possibilities_in_git/img/rebase_reset.png
index ac7ea9ecddc..ac7ea9ecddc 100644
--- a/doc/articles/numerous_undo_possibilities_in_git/img/rebase_reset.png
+++ b/doc/topics/git/numerous_undo_possibilities_in_git/img/rebase_reset.png
diff --git a/doc/articles/numerous_undo_possibilities_in_git/img/revert.png b/doc/topics/git/numerous_undo_possibilities_in_git/img/revert.png
index 13b3a35ca45..13b3a35ca45 100644
--- a/doc/articles/numerous_undo_possibilities_in_git/img/revert.png
+++ b/doc/topics/git/numerous_undo_possibilities_in_git/img/revert.png
diff --git a/doc/topics/git/numerous_undo_possibilities_in_git/index.md b/doc/topics/git/numerous_undo_possibilities_in_git/index.md
new file mode 100644
index 00000000000..6a2f7b30dd3
--- /dev/null
+++ b/doc/topics/git/numerous_undo_possibilities_in_git/index.md
@@ -0,0 +1,497 @@
+# Numerous undo possibilities in Git
+
+> **[Article Type](../../../development/writing_documentation.md#types-of-technical-articles):**  tutorial ||
+> **Level:** intermediary ||
+> **Author:** [Crt Mori](https://gitlab.com/Letme)  ||
+> **Publication date:** 2017-08-17
+
+## Introduction
+
+In this tutorial, we will show you different ways of undoing your work in Git, for which
+we will assume you have a basic working knowledge of. Check GitLab's
+[Git documentation](../index.md#git-documentation) for reference.
+Also, we will only provide some general info of the commands, which is enough
+to get you started for the easy cases/examples, but for anything more advanced please refer to the [Git book](https://git-scm.com/book/en/v2).
+
+We will explain a few different techniques to undo your changes based on the stage
+of the change in your current development. Also, keep in mind that [nothing in
+Git is really deleted.][git-autoclean-ref]
+This means that until Git automatically cleans detached commits (which cannot be
+accessed by branch or tag) it will be possible to view them with `git reflog` command
+and access them with direct commit-id. Read more about _[redoing the undo](#redoing-the-undo)_ on the section below.
+
+This guide is organized depending on the [stage of development][git-basics]
+where you want to undo your changes from and if they were shared with other developers
+or not. Because Git is tracking changes a created or edited file is in the unstaged state
+(if created it is untracked by Git). After you add it to a repository (`git add`) you put
+a file into the **staged** state, which is then committed (`git commit`) to your
+local repository. After that, file can be shared with other developers (`git push`).
+Here's what we'll cover in this tutorial:
+
+ - [Undo local changes](#undo-local-changes) which were not pushed to remote repository
+
+    - Before you commit, in both unstaged and staged state
+    - After you committed
+
+ - Undo changes after they are pushed to remote repository
+
+    - [Without history modification](#undo-remote-changes-without-changing-history) (preferred way)
+    - [With history modification](#undo-remote-changes-with-modifying-history) (requires
+      coordination with team and force pushes).
+
+      - [Usecases when modifying history is generally acceptable](#where-modifying-history-is-generally-acceptable)
+      - [How to modify history](#how-modifying-history-is-done)
+      - [How to remove sensitive information from repository](#deleting-sensitive-information-from-commits)
+
+
+### Branching strategy
+
+[Git][git-official] is a de-centralized version control system, which means that beside regular
+versioning of the whole repository, it has possibilities to exchange changes
+with other repositories. To avoid chaos with
+[multiple sources of truth][git-distributed], various
+development workflows have to be followed, and it depends on your internal
+workflow how certain changes or commits can be undone or changed.
+[GitLab Flow][gitlab-flow] provides a good
+balance between developers clashing with each other while
+developing the same feature and cooperating seamlessly, but it does not enable
+joined development of the same feature by multiple developers by default.
+When multiple developers develop the same feature on the same branch, clashing
+with every synchronization is unavoidable, but a proper or chosen Git Workflow will
+prevent that anything is lost or out of sync when feature is complete. You can also
+read through this blog post on [Git Tips & Tricks][gitlab-git-tips-n-tricks]
+to learn how to easily **do** things in Git.
+
+
+## Undo local changes
+
+Until you push your changes to any remote repository, they will only affect you.
+That broadens your options on how to handle undoing them. Still, local changes
+can be on various stages and each stage has a different approach on how to tackle them.
+
+
+### Unstaged local changes (before you commit)
+
+When a change is made, but it is not added to the staged tree, Git itself
+proposes a solution to discard changes to certain file.
+
+Suppose you edited a file to change the content using your favorite editor:
+
+```shell
+vim <file>
+```
+
+Since you did not `git add <file>` to staging, it should be under unstaged files (or
+untracked if file was created). You can confirm that with:
+
+```shell
+$ git status
+On branch master
+Your branch is up-to-date with 'origin/master'.
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git checkout -- <file>..." to discard changes in working directory)
+
+    modified:   <file>
+no changes added to commit (use "git add" and/or "git commit -a")
+```
+
+At this point there are 3 options to undo the local changes you have:
+
+ - Discard all local changes, but save them for possible re-use [later](#quickly-save-local-changes)
+
+     ```shell
+     git stash
+     ```
+
+ - Discarding local changes (permanently) to a file
+
+     ```shell
+     git checkout -- <file>
+     ```
+
+ - Discard all local changes to all files permanently
+
+     ```shell
+     git reset --hard
+     ```
+
+
+Before executing `git reset --hard`, keep in mind that there is also a way to
+just temporary store the changes without committing them using `git stash`.
+This command resets the changes to all files, but it also saves them in case
+you would like to apply them at some later time. You can read more about it in
+[section below](#quickly-save-local-changes).
+
+### Quickly save local changes
+
+You are working on a feature when a boss drops by with an urgent task. Since your
+feature is not complete, but you need to swap to another branch, you can use
+`git stash` to save what you had done, swap to another branch, commit, push,
+test, then get back to previous feature branch, do `git stash pop` and continue
+where you left.
+
+The example above shows that discarding all changes is not always a preferred option,
+but Git provides a way to save them for later, while resetting the repository to state without
+them. This is achieved by Git stashing command `git stash`, which in fact saves your
+current work and runs `git reset --hard`, but it also has various
+additional options like:
+
+ - `git stash save`, which enables including temporary commit message, which will help you identify changes, among with other options
+ - `git stash list`, which lists all previously stashed commits (yes, there can be more) that were not `pop`ed
+ - `git stash pop`, which redoes previously stashed changes and removes them from stashed list
+ - `git stash apply`, which redoes previously stashed changes, but keeps them on stashed list
+
+### Staged local changes (before you commit)
+
+Let's say you have added some files to staging, but you want to remove them from the
+current commit, yet you want to retain those changes - just move them outside
+of the staging tree. You also have an option to discard all changes with
+`git reset --hard` or think about `git stash` [as described earlier.](#quickly-save-local-changes)
+
+Lets start the example by editing a file, with your favorite editor, to change the
+content and add it to staging
+
+```
+vim <file>
+git add <file>
+```
+
+The file is now added to staging as confirmed by `git status` command:
+
+```shell
+$ git status
+On branch master
+Your branch is up-to-date with 'origin/master'.
+Changes to be committed:
+  (use "git reset HEAD <file>..." to unstage)
+
+	new file:   <file>
+```
+
+Now you have 4 options to undo your changes:
+
+ - Unstage the file to current commit (HEAD)
+
+     ```shell
+     git reset HEAD <file>
+     ```
+
+ - Unstage everything - retain changes
+
+     ```shell
+     git reset
+     ```
+
+ - Discard all local changes, but save them for [later](#quickly-save-local-changes)
+
+     ```shell
+     git stash
+     ```
+
+ - Discard everything permanently
+
+     ```shell
+     git reset --hard
+     ```
+
+## Committed local changes
+
+Once you commit, your changes are recorded by the version control system.
+Because you haven't pushed to your remote repository yet, your changes are
+still not public (or shared with other developers). At this point, undoing
+things is a lot easier, we have quite some workaround options. Once you push
+your code, you'll have less options to troubleshoot your work.
+
+### Without modifying history
+
+Through the development process some of the previously committed changes do not
+fit anymore in the end solution, or are source of the bugs. Once you find the
+commit which triggered bug, or once you have a faulty commit, you can simply
+revert it with `git revert commit-id`. This command inverts (swaps) the additions and
+deletions in that commit, so that it does not modify history. Retaining history
+can be helpful in future to notice that some changes have been tried
+unsuccessfully in the past.
+
+In our example we will assume there are commits `A`,`B`,`C`,`D`,`E` committed in this order: `A-B-C-D-E`,
+and `B` is the commit you want to undo. There are many different ways to identify commit
+`B` as bad, one of them is to pass a range to `git bisect` command. The provided range includes
+last known good commit (we assume `A`) and first known bad commit (where bug was detected - we will assume `E`).
+
+```shell
+git bisect A..E
+```
+
+Bisect will provide us with commit-id of the middle commit to test, and then guide us
+through simple bisection process. You can read more about it [in official Git Tools][git-debug]
+In our example we will end up with commit `B`, that introduced bug/error. We have
+4 options on how to remove it (or part of it) from our repository.
+
+- Undo (swap additions and deletions) changes introduced by commit `B`.
+
+   ```shell
+   git revert commit-B-id
+   ```
+
+- Undo changes on a single file or directory from commit `B`, but retain them in the staged state
+
+   ```shell
+   git checkout commit-B-id <file>
+   ```
+
+- Undo changes on a single file or directory from commit `B`, but retain them in the unstaged state
+
+   ```shell
+   git reset  commit-B-id <file>
+   ```
+
+ - There is one command we also must not forget: **creating a new branch**
+   from the point where changes are not applicable or where the development has hit a
+   dead end. For example you have done commits `A-B-C-D` on your feature-branch
+   and then you figure `C` and `D` are wrong. At this point you either reset to `B`
+   and do commit `F` (which will cause problems with pushing and if forced pushed also with other developers)
+   since branch now looks `A-B-F`, which clashes with what other developers have locally (you will
+   [change history](#with-history-modification)), or you simply checkout commit `B` create
+   a new branch and do commit `F`. In the last case, everyone else can still do their work while you
+   have your new way to get it right and merge it back in later. Alternatively, with GitLab,
+   you can [cherry-pick](../../../user/project/merge_requests/cherry_pick_changes.md#cherry-picking-a-commit)
+   that commit into a new merge request.
+
+      ![Create a new branch to avoid clashing](img/branching.png)
+
+      ```shell
+      git checkout commit-B-id
+      git checkout -b new-path-of-feature
+      # Create <commit F>
+      git commit -a
+      ```
+
+### With history modification
+
+There is one command for history modification and that is `git rebase`. Command
+provides interactive mode (`-i` flag) which enables you to:
+
+ - **reword** commit messages (there is also `git commit --amend` for editing
+   last commit message)
+ - **edit** the commit content (changes introduced by commit) and message
+ - **squash** multiple commits into a single one, and have a custom or aggregated
+   commit message
+ - **drop** commits - simply delete them
+ - and few more options
+
+Let us check few examples. Again there are commits `A-B-C-D` where you want to
+delete commit `B`.
+
+- Rebase the range from current commit D to A:
+
+   ```shell
+   git rebase -i A
+   ```
+
+- Command opens your favorite editor where you write `drop` in front of commit
+ `B`, but you leave default `pick` with all other commits. Save and exit the
+ editor to perform a rebase. Remember: if you want to cancel delete whole
+ file content before saving and exiting the editor
+
+In case you want to modify something introduced in commit `B`.
+
+- Rebase the range from current commit D to A:
+
+    ```shell
+    git rebase -i A
+    ```
+
+- Command opens your favorite text editor where you write `edit` in front of commit
+ `B`, but leave default `pick` with all other commits. Save and exit the editor to
+ perform a rebase
+
+- Now do your edits and commit changes:
+
+    ```shell
+    git commit -a
+    ```
+
+You can find some more examples in [below section where we explain how to modify
+history](#how-modifying-history-is-done)
+
+
+### Redoing the Undo
+
+Sometimes you realize that the changes you undid were useful and you want them
+back. Well because of first paragraph you are in luck. Command `git reflog`
+enables you to *recall* detached local commits by referencing or applying them
+via commit-id. Although, do not expect to see really old commits in reflog, because
+Git regularly [cleans the commits which are *unreachable* by branches or tags][git-autoclean-ref].
+
+To view repository history and to track older commits you can use below command:
+
+```shell
+$ git reflog show
+
+# Example output:
+b673187 HEAD@{4}: merge 6e43d5987921bde189640cc1e37661f7f75c9c0b: Merge made by the 'recursive' strategy.
+eb37e74 HEAD@{5}: rebase -i (finish): returning to refs/heads/master
+eb37e74 HEAD@{6}: rebase -i (pick): Commit C
+97436c6 HEAD@{7}: rebase -i (start): checkout 97436c6eec6396c63856c19b6a96372705b08b1b
+...
+88f1867 HEAD@{12}: commit: Commit D
+97436c6 HEAD@{13}: checkout: moving from 97436c6eec6396c63856c19b6a96372705b08b1b to test
+97436c6 HEAD@{14}: checkout: moving from master to 97436c6
+05cc326 HEAD@{15}: commit: Commit C
+6e43d59 HEAD@{16}: commit: Commit B
+```
+
+Output of command shows repository history. In first column there is commit-id,
+in following column, number next to `HEAD` indicates how many commits ago something
+was made, after that indicator of action that was made (commit, rebase, merge, ...)
+and then on end description of that action.
+
+## Undo remote changes without changing history
+
+This topic is roughly same as modifying committed local changes without modifying
+history. **It should be the preferred way of undoing changes on any remote repository
+or public branch.** Keep in mind that branching is the best solution when you want
+to retain the history of faulty development, yet start anew from certain point. Branching
+enables you to include the existing changes in new development (by merging) and
+it also provides a clear timeline and development structure.
+
+![Use revert to keep branch flowing](img/revert.png)
+
+If you want to revert changes introduced in certain `commit-id` you can simply
+revert that `commit-id` (swap additions and deletions) in newly created commit:
+You can do this with
+
+```shell
+git revert commit-id
+```
+
+or creating a new branch:
+
+```shell
+git checkout commit-id
+git checkout -b new-path-of-feature
+```
+
+## Undo remote changes with modifying history
+
+This is useful when you want to *hide* certain things - like secret keys,
+passwords, SSH keys, etc. It is and should not be used to hide mistakes, as
+it will make it harder to debug in case there are some other bugs. The main
+reason for this is that you loose the real development progress. **Also keep in
+mind that, even with modified history, commits are just detached and can still be
+accessed through commit-id** - at least until all repositories perform
+the cleanup of detached commits (happens automatically).
+
+![Modifying history causes problems on remote branch](img/rebase_reset.png)
+
+### Where modifying history is generally acceptable
+
+Modified history breaks the development chain of other developers, as changed
+history does not have matching commits'ids. For that reason it should not
+be used on any public branch or on branch that *might* be used by other
+developers. When contributing to big open source repositories (e.g. [GitLab CE][gitlab-ce]),
+it is acceptable to *squash* commits into a single one, to present
+a nicer history of your contribution.
+Keep in mind that this also removes the comments attached to certain commits
+in merge requests, so if you need to retain traceability in GitLab, then
+modifying history is not acceptable.
+A feature-branch of a merge request is a public branch and might be used by 
+other developers, but project process and rules might allow or require 
+you to use `git rebase` (command that changes history) to reduce number of
+displayed commits on target branch after reviews are done (for example
+GitLab). There is a `git merge --squash` command which does exactly that
+(squashes commits on feature-branch to a single commit on target branch
+at merge).
+
+>**Note:**
+Never modify the commit history of `master` or shared branch
+
+### How modifying history is done
+
+After you know what you want to modify (how far in history or how which range of
+old commits), use `git rebase -i commit-id`. This command will then display all the commits from
+current version to chosen commit-id and allow modification, squashing, deletion
+of that commits.
+
+```shell
+$ git rebase -i commit1-id..commit3-id
+pick <commit1-id> <commit1-commit-message>
+pick <commit2-id> <commit2-commit-message>
+pick <commit3-id> <commit3-commit-message>
+
+# Rebase commit1-id..commit3-id onto <commit4-id> (3 command(s))
+#
+# Commands:
+# p, pick = use commit
+# r, reword = use commit, but edit the commit message
+# e, edit = use commit, but stop for amending
+# s, squash = use commit, but meld into previous commit
+# f, fixup = like "squash", but discard this commit's log message
+# x, exec = run command (the rest of the line) using shell
+# d, drop = remove commit
+#
+# These lines can be re-ordered; they are executed from top to bottom.
+#
+# If you remove a line here THAT COMMIT WILL BE LOST.
+#
+# However, if you remove everything, the rebase will be aborted.
+#
+# Note that empty commits are commented out
+```
+
+>**Note:**
+It is important to notice that comment from the output clearly states that, if
+you decide to abort, then do not just close your editor (as that will in-fact
+modify history), but remove all uncommented lines and save.
+
+That is one of the reasons why `git rebase` should be used carefully on
+shared and remote branches. But don't worry, there will be nothing broken until
+you push back to the remote repository (so you can freely explore the
+different outcomes locally).
+
+```shell
+# Modify history from commit-id to HEAD (current commit)
+git rebase -i commit-id
+```
+
+### Deleting sensitive information from commits
+
+Git also enables you to delete sensitive information from your past commits and
+it does modify history in the progress. That is why we have included it in this
+section and not as a standalone topic. To do so, you should run the
+`git filter-branch`, which enables you to rewrite history with
+[certain filters][git-filters-manual].
+This command uses rebase to modify history and if you want to remove certain
+file from history altogether use:
+
+```shell
+git filter-branch --tree-filter 'rm filename' HEAD
+```
+
+Since `git filter-branch` command might be slow on big repositories, there are
+tools that can use some of Git specifics to enable faster execution of common
+tasks (which is exactly what removing sensitive information file is about).
+An alternative is [BFG Repo-cleaner][bfg-repo-cleaner]. Keep in mind that these
+tools are faster because they do not provide a same fully feature set as `git filter-branch`
+does, but focus on specific usecases.
+
+## Conclusion
+
+There are various options of undoing your work with any version control system, but
+because of de-centralized nature of Git, these options are multiplied (or limited)
+depending on the stage of your process. Git also enables rewriting history, but that
+should be avoided as it might cause problems when multiple developers are
+contributing to the same codebase.
+
+<!-- Identifiers, in alphabetical order -->
+
+[bfg-repo-cleaner]: https://rtyley.github.io/bfg-repo-cleaner/
+[git-autoclean-ref]: https://git-scm.com/book/en/v2/Git-Internals-Maintenance-and-Data-Recovery
+[git-basics]: https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository
+[git-debug]: https://git-scm.com/book/en/v2/Git-Tools-Debugging-with-Git
+[git-distributed]: https://git-scm.com/about/distributed
+[git-filters-manual]: https://git-scm.com/docs/git-filter-branch#_options
+[git-official]: https://git-scm.com/
+[gitlab-ce]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#contribution-acceptance-criteria
+[gitlab-flow]: https://about.gitlab.com/2014/09/29/gitlab-flow/
+[gitlab-git-tips-n-tricks]: https://about.gitlab.com/2016/12/08/git-tips-and-tricks/
diff --git a/doc/update/10.3-to-10.4.md b/doc/update/10.3-to-10.4.md
index 850cb3103f4..67b7e634c94 100644
--- a/doc/update/10.3-to-10.4.md
+++ b/doc/update/10.3-to-10.4.md
@@ -21,6 +21,8 @@ sudo service gitlab stop
 
 ### 2. Backup
 
+NOTE: If you installed GitLab from source, make sure `rsync` is installed.
+
 ```bash
 cd /home/git/gitlab
 
diff --git a/doc/user/index.md b/doc/user/index.md
index f239a15d441..01db8becc43 100644
--- a/doc/user/index.md
+++ b/doc/user/index.md
@@ -23,9 +23,20 @@ all the way through, from within the same platform.
 
 Please check this page for an overview on [GitLab's features](https://about.gitlab.com/features/).
 
+### Concepts
+
+For an overview on concepts involved when developing code on GitLab,
+read the articles on:
+
+- [Mastering Code Review With GitLab](https://about.gitlab.com/2017/03/17/demo-mastering-code-review-with-gitlab/).
+- [GitLab Workflow, an Overview](https://about.gitlab.com/2016/10/25/gitlab-workflow-an-overview/#gitlab-workflow-use-case-scenario).
+- [Tutorial: It's all connected in GitLab](https://about.gitlab.com/2016/03/08/gitlab-tutorial-its-all-connected/): an overview on code collaboration with GitLab.
+- [Trends in Version Control Land: Microservices](https://about.gitlab.com/2016/08/16/trends-in-version-control-land-microservices/).
+- [Trends in Version Control Land: Innersourcing](https://about.gitlab.com/2016/07/07/trends-version-control-innersourcing/).
+
 ## Use cases
 
-GitLab is a git-based platforms that integrates a great number of essential tools for software development and deployment, and project management:
+GitLab is a Git-based platform that integrates a great number of essential tools for software development and deployment, and project management:
 
 - Code hosting in repositories with version control
 - Track proposals for new implementations, bug reports, and feedback with a
@@ -58,12 +69,6 @@ and [Multiple Issue Boards](https://docs.gitlab.com/ee/user/project/issue_board.
 
 You can also [integrate](project/integrations/project_services.md) GitLab with numerous third-party applications, such as Mattermost, Microsoft Teams, HipChat, Trello, Slack, Bamboo CI, JIRA, and a lot more.
 
-### Articles
-
-For a complete workflow use case please check [GitLab Workflow, an Overview](https://about.gitlab.com/2016/10/25/gitlab-workflow-an-overview/#gitlab-workflow-use-case-scenario).
-
-For more use cases please check our [Technical Articles](../articles/index.md).
-
 ## Projects
 
 In GitLab, you can create [projects](project/index.md) for numerous reasons, such as, host
diff --git a/features/project/issues/issues.feature b/features/project/issues/issues.feature
index d6cfa524a3a..819354bb780 100644
--- a/features/project/issues/issues.feature
+++ b/features/project/issues/issues.feature
@@ -164,7 +164,7 @@ Feature: Project Issues
     Given project "Shop" have "Release 0.4" open issue
     When I visit issue page "Release 0.4"
     Then I should see that I am subscribed
-    When I click button "Unsubscribe"
+    When I click the subscription toggle
     Then I should see that I am unsubscribed
 
   @javascript
diff --git a/features/steps/project/issues/issues.rb b/features/steps/project/issues/issues.rb
index 3843374678c..3cd26bb429b 100644
--- a/features/steps/project/issues/issues.rb
+++ b/features/steps/project/issues/issues.rb
@@ -21,20 +21,20 @@ class Spinach::Features::ProjectIssues < Spinach::FeatureSteps
 
   step 'I should see that I am subscribed' do
     wait_for_requests
-    expect(find('.js-issuable-subscribe-button span')).to have_content 'Unsubscribe'
+    expect(find('.js-issuable-subscribe-button')).to have_css 'button.is-checked'
   end
 
   step 'I should see that I am unsubscribed' do
     wait_for_requests
-    expect(find('.js-issuable-subscribe-button span')).to have_content 'Subscribe'
+    expect(find('.js-issuable-subscribe-button')).to have_css 'button:not(.is-checked)'
   end
 
   step 'I click link "Closed"' do
     find('.issues-state-filters [data-state="closed"] span', text: 'Closed').click
   end
 
-  step 'I click button "Unsubscribe"' do
-    click_on "Unsubscribe"
+  step 'I click the subscription toggle' do
+    find('.js-issuable-subscribe-button button').click
   end
 
   step 'I should see "Release 0.3" in issues' do
diff --git a/lib/api/circuit_breakers.rb b/lib/api/circuit_breakers.rb
index 598c76f6168..c13154dc0ec 100644
--- a/lib/api/circuit_breakers.rb
+++ b/lib/api/circuit_breakers.rb
@@ -17,11 +17,11 @@ module API
             end
 
             def storage_health
-              @failing_storage_health ||= Gitlab::Git::Storage::Health.for_all_storages
+              @storage_health ||= Gitlab::Git::Storage::Health.for_all_storages
             end
           end
 
-          desc 'Get all failing git storages' do
+          desc 'Get all git storages' do
             detail 'This feature was introduced in GitLab 9.5'
             success Entities::RepositoryStorageHealth
           end
diff --git a/lib/api/deploy_keys.rb b/lib/api/deploy_keys.rb
index 281269b1190..b0b7b50998f 100644
--- a/lib/api/deploy_keys.rb
+++ b/lib/api/deploy_keys.rb
@@ -4,6 +4,16 @@ module API
 
     before { authenticate! }
 
+    helpers do
+      def add_deploy_keys_project(project, attrs = {})
+        project.deploy_keys_projects.create(attrs)
+      end
+
+      def find_by_deploy_key(project, key_id)
+        project.deploy_keys_projects.find_by!(deploy_key: key_id)
+      end
+    end
+
     desc 'Return all deploy keys'
     params do
       use :pagination
@@ -21,28 +31,31 @@ module API
       before { authorize_admin_project }
 
       desc "Get a specific project's deploy keys" do
-        success Entities::SSHKey
+        success Entities::DeployKeysProject
       end
       params do
         use :pagination
       end
       get ":id/deploy_keys" do
-        present paginate(user_project.deploy_keys), with: Entities::SSHKey
+        keys = user_project.deploy_keys_projects.preload(:deploy_key)
+
+        present paginate(keys), with: Entities::DeployKeysProject
       end
 
       desc 'Get single deploy key' do
-        success Entities::SSHKey
+        success Entities::DeployKeysProject
       end
       params do
         requires :key_id, type: Integer, desc: 'The ID of the deploy key'
       end
       get ":id/deploy_keys/:key_id" do
-        key = user_project.deploy_keys.find params[:key_id]
-        present key, with: Entities::SSHKey
+        key = find_by_deploy_key(user_project, params[:key_id])
+
+        present key, with: Entities::DeployKeysProject
       end
 
       desc 'Add new deploy key to currently authenticated user' do
-        success Entities::SSHKey
+        success Entities::DeployKeysProject
       end
       params do
         requires :key, type: String, desc: 'The new deploy key'
@@ -53,24 +66,31 @@ module API
         params[:key].strip!
 
         # Check for an existing key joined to this project
-        key = user_project.deploy_keys.find_by(key: params[:key])
+        key = user_project.deploy_keys_projects
+                          .joins(:deploy_key)
+                          .find_by(keys: { key: params[:key] })
+
         if key
-          present key, with: Entities::SSHKey
+          present key, with: Entities::DeployKeysProject
           break
         end
 
         # Check for available deploy keys in other projects
         key = current_user.accessible_deploy_keys.find_by(key: params[:key])
         if key
-          user_project.deploy_keys << key
-          present key, with: Entities::SSHKey
+          added_key = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push])
+
+          present added_key, with: Entities::DeployKeysProject
           break
         end
 
         # Create a new deploy key
-        key = DeployKey.new(declared_params(include_missing: false))
-        if key.valid? && user_project.deploy_keys << key
-          present key, with: Entities::SSHKey
+        key_attributes = { can_push: !!params[:can_push],
+                           deploy_key_attributes: declared_params.except(:can_push) }
+        key = add_deploy_keys_project(user_project, key_attributes)
+
+        if key.valid?
+          present key, with: Entities::DeployKeysProject
         else
           render_validation_error!(key)
         end
@@ -86,14 +106,21 @@ module API
         at_least_one_of :title, :can_push
       end
       put ":id/deploy_keys/:key_id" do
-        key = DeployKey.find(params.delete(:key_id))
+        deploy_keys_project = find_by_deploy_key(user_project, params[:key_id])
 
-        authorize!(:update_deploy_key, key)
+        authorize!(:update_deploy_key, deploy_keys_project.deploy_key)
 
-        if key.update_attributes(declared_params(include_missing: false))
-          present key, with: Entities::SSHKey
+        can_push = params[:can_push].nil? ? deploy_keys_project.can_push : params[:can_push]
+        title = params[:title] || deploy_keys_project.deploy_key.title
+
+        result = deploy_keys_project.update_attributes(can_push: can_push,
+                                                       deploy_key_attributes: { id: params[:key_id],
+                                                                                title: title })
+
+        if result
+          present deploy_keys_project, with: Entities::DeployKeysProject
         else
-          render_validation_error!(key)
+          render_validation_error!(deploy_keys_project)
         end
       end
 
@@ -122,7 +149,7 @@ module API
         requires :key_id, type: Integer, desc: 'The ID of the deploy key'
       end
       delete ":id/deploy_keys/:key_id" do
-        key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id])
+        key = user_project.deploy_keys.find(params[:key_id])
         not_found!('Deploy Key') unless key
 
         destroy_conditionally!(key)
diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb
index 1efee9a1324..184fae0eb76 100644
--- a/lib/api/deployments.rb
+++ b/lib/api/deployments.rb
@@ -15,11 +15,13 @@ module API
       end
       params do
         use :pagination
+        optional :order_by, type: String, values: %w[id iid created_at ref], default: 'id', desc: 'Return deployments ordered by `id` or `iid` or `created_at` or `ref`'
+        optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)'
       end
       get ':id/deployments' do
         authorize! :read_deployment, user_project
 
-        present paginate(user_project.deployments), with: Entities::Deployment
+        present paginate(user_project.deployments.order(params[:order_by] => params[:sort])), with: Entities::Deployment
       end
 
       desc 'Gets a specific deployment' do
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index c4ef2c74658..971cb83a2d9 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -554,13 +554,18 @@ module API
     end
 
     class SSHKey < Grape::Entity
-      expose :id, :title, :key, :created_at, :can_push
+      expose :id, :title, :key, :created_at
     end
 
     class SSHKeyWithUser < SSHKey
       expose :user, using: Entities::UserPublic
     end
 
+    class DeployKeysProject < Grape::Entity
+      expose :deploy_key, merge: true, using: Entities::SSHKey
+      expose :can_push
+    end
+
     class GPGKey < Grape::Entity
       expose :id, :key, :created_at
     end
@@ -714,10 +719,7 @@ module API
       expose :job_events
       # Expose serialized properties
       expose :properties do |service, options|
-        field_names = service.fields
-          .select { |field| options[:include_passwords] || field[:type] != 'password' }
-          .map { |field| field[:name] }
-        service.properties.slice(*field_names)
+        service.properties.slice(*service.api_field_names)
       end
     end
 
diff --git a/lib/api/helpers/common_helpers.rb b/lib/api/helpers/common_helpers.rb
index 322624c6092..9993caa5249 100644
--- a/lib/api/helpers/common_helpers.rb
+++ b/lib/api/helpers/common_helpers.rb
@@ -3,8 +3,10 @@ module API
     module CommonHelpers
       def convert_parameters_from_legacy_format(params)
         params.tap do |params|
-          if params[:assignee_id].present?
-            params[:assignee_ids] = [params.delete(:assignee_id)]
+          assignee_id = params.delete(:assignee_id)
+
+          if assignee_id.present?
+            params[:assignee_ids] = [assignee_id]
           end
         end
       end
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index a116ab3c9bd..9c205514b3a 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -38,6 +38,7 @@ module API
         builds = user_project.builds.order('id DESC')
         builds = filter_builds(builds, params[:scope])
 
+        builds = builds.preload(:user, :job_artifacts_archive, :runner, pipeline: :project)
         present paginate(builds), with: Entities::Job
       end
 
diff --git a/lib/api/project_milestones.rb b/lib/api/project_milestones.rb
index 0cb209a02d0..306dc0e63d7 100644
--- a/lib/api/project_milestones.rb
+++ b/lib/api/project_milestones.rb
@@ -60,6 +60,15 @@ module API
         update_milestone_for(user_project)
       end
 
+      desc 'Remove a project milestone'
+      delete ":id/milestones/:milestone_id" do
+        authorize! :admin_milestone, user_project
+
+        user_project.milestones.find(params[:milestone_id]).destroy
+
+        status(204)
+      end
+
       desc 'Get all issues for a single project milestone' do
         success Entities::IssueBasic
       end
diff --git a/lib/api/services.rb b/lib/api/services.rb
index a7f44e2869c..51e33e2c686 100644
--- a/lib/api/services.rb
+++ b/lib/api/services.rb
@@ -785,7 +785,7 @@ module API
           service_params = declared_params(include_missing: false).merge(active: true)
 
           if service.update_attributes(service_params)
-            present service, with: Entities::ProjectService, include_passwords: current_user.admin?
+            present service, with: Entities::ProjectService
           else
             render_api_error!('400 Bad Request', 400)
           end
diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb
index fa0bef39602..ac76fece931 100644
--- a/lib/api/v3/builds.rb
+++ b/lib/api/v3/builds.rb
@@ -36,6 +36,7 @@ module API
           builds = user_project.builds.order('id DESC')
           builds = filter_builds(builds, params[:scope])
 
+          builds = builds.preload(:user, :job_artifacts_archive, :runner, pipeline: :project)
           present paginate(builds), with: ::API::V3::Entities::Build
         end
 
diff --git a/lib/api/v3/deploy_keys.rb b/lib/api/v3/deploy_keys.rb
index b90e2061da3..47e54ca85a5 100644
--- a/lib/api/v3/deploy_keys.rb
+++ b/lib/api/v3/deploy_keys.rb
@@ -3,6 +3,16 @@ module API
     class DeployKeys < Grape::API
       before { authenticate! }
 
+      helpers do
+        def add_deploy_keys_project(project, attrs = {})
+          project.deploy_keys_projects.create(attrs)
+        end
+
+        def find_by_deploy_key(project, key_id)
+          project.deploy_keys_projects.find_by!(deploy_key: key_id)
+        end
+      end
+
       get "deploy_keys" do
         authenticated_as_admin!
 
@@ -18,25 +28,28 @@ module API
 
         %w(keys deploy_keys).each do |path|
           desc "Get a specific project's deploy keys" do
-            success ::API::Entities::SSHKey
+            success ::API::Entities::DeployKeysProject
           end
           get ":id/#{path}" do
-            present user_project.deploy_keys, with: ::API::Entities::SSHKey
+            keys = user_project.deploy_keys_projects.preload(:deploy_key)
+
+            present keys, with: ::API::Entities::DeployKeysProject
           end
 
           desc 'Get single deploy key' do
-            success ::API::Entities::SSHKey
+            success ::API::Entities::DeployKeysProject
           end
           params do
             requires :key_id, type: Integer, desc: 'The ID of the deploy key'
           end
           get ":id/#{path}/:key_id" do
-            key = user_project.deploy_keys.find params[:key_id]
-            present key, with: ::API::Entities::SSHKey
+            key = find_by_deploy_key(user_project, params[:key_id])
+
+            present key, with: ::API::Entities::DeployKeysProject
           end
 
           desc 'Add new deploy key to currently authenticated user' do
-            success ::API::Entities::SSHKey
+            success ::API::Entities::DeployKeysProject
           end
           params do
             requires :key, type: String, desc: 'The new deploy key'
@@ -47,24 +60,31 @@ module API
             params[:key].strip!
 
             # Check for an existing key joined to this project
-            key = user_project.deploy_keys.find_by(key: params[:key])
+            key = user_project.deploy_keys_projects
+                              .joins(:deploy_key)
+                              .find_by(keys: { key: params[:key] })
+
             if key
-              present key, with: ::API::Entities::SSHKey
+              present key, with: ::API::Entities::DeployKeysProject
               break
             end
 
             # Check for available deploy keys in other projects
             key = current_user.accessible_deploy_keys.find_by(key: params[:key])
             if key
-              user_project.deploy_keys << key
-              present key, with: ::API::Entities::SSHKey
+              added_key = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push])
+
+              present added_key, with: ::API::Entities::DeployKeysProject
               break
             end
 
             # Create a new deploy key
-            key = DeployKey.new(declared_params(include_missing: false))
-            if key.valid? && user_project.deploy_keys << key
-              present key, with: ::API::Entities::SSHKey
+            key_attributes = { can_push: !!params[:can_push],
+                               deploy_key_attributes: declared_params.except(:can_push) }
+            key = add_deploy_keys_project(user_project, key_attributes)
+
+            if key.valid?
+              present key, with: ::API::Entities::DeployKeysProject
             else
               render_validation_error!(key)
             end
diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb
index 64758dae7d3..2ccbb9da1c5 100644
--- a/lib/api/v3/entities.rb
+++ b/lib/api/v3/entities.rb
@@ -257,10 +257,7 @@ module API
         expose :job_events, as: :build_events
         # Expose serialized properties
         expose :properties do |service, options|
-          field_names = service.fields
-            .select { |field| options[:include_passwords] || field[:type] != 'password' }
-            .map { |field| field[:name] }
-          service.properties.slice(*field_names)
+          service.properties.slice(*service.api_field_names)
         end
       end
 
diff --git a/lib/api/v3/services.rb b/lib/api/v3/services.rb
index 44ed94d2869..20ca1021c71 100644
--- a/lib/api/v3/services.rb
+++ b/lib/api/v3/services.rb
@@ -622,7 +622,7 @@ module API
         end
         get ":id/services/:service_slug" do
           service = user_project.find_or_initialize_service(params[:service_slug].underscore)
-          present service, with: Entities::ProjectService, include_passwords: current_user.admin?
+          present service, with: Entities::ProjectService
         end
       end
 
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index 05aa79dc160..f27ce4d2b2b 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -108,7 +108,10 @@ module Backup
           $progress.puts "Please make sure that file name ends with #{FILE_NAME_SUFFIX}"
           exit 1
         elsif backup_file_list.many? && ENV["BACKUP"].nil?
-          $progress.puts 'Found more than one backup, please specify which one you want to restore:'
+          $progress.puts 'Found more than one backup:'
+          # print list of available backups
+          $progress.puts " " + available_timestamps.join("\n ")
+          $progress.puts 'Please specify which one you want to restore:'
           $progress.puts 'rake gitlab:backup:restore BACKUP=timestamp_of_backup'
           exit 1
         end
@@ -169,6 +172,10 @@ module Backup
       @backup_file_list ||= Dir.glob("*#{FILE_NAME_SUFFIX}")
     end
 
+    def available_timestamps
+      @backup_file_list.map {|item| item.gsub("#{FILE_NAME_SUFFIX}", "")}
+    end
+
     def connect_to_remote_directory(connection_settings)
       # our settings use string keys, but Fog expects symbols
       connection = ::Fog::Storage.new(connection_settings.symbolize_keys)
diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb
index 5c197afd782..f6169b2c85d 100644
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -50,15 +50,22 @@ module Banzai
       end
 
       def process_link_to_upload_attr(html_attr)
-        uri_parts = [html_attr.value]
+        path_parts = [html_attr.value]
 
         if group
-          uri_parts.unshift(relative_url_root, 'groups', group.full_path, '-')
+          path_parts.unshift(relative_url_root, 'groups', group.full_path, '-')
         elsif project
-          uri_parts.unshift(relative_url_root, project.full_path)
+          path_parts.unshift(relative_url_root, project.full_path)
         end
 
-        html_attr.value = File.join(*uri_parts)
+        path = File.join(*path_parts)
+
+        html_attr.value =
+          if context[:only_path]
+            path
+          else
+            URI.join(Gitlab.config.gitlab.base_url, path).to_s
+          end
       end
 
       def process_link_to_repository_attr(html_attr)
diff --git a/lib/banzai/filter/wiki_link_filter/rewriter.rb b/lib/banzai/filter/wiki_link_filter/rewriter.rb
index e7a1ec8457d..072d24e5a11 100644
--- a/lib/banzai/filter/wiki_link_filter/rewriter.rb
+++ b/lib/banzai/filter/wiki_link_filter/rewriter.rb
@@ -9,6 +9,10 @@ module Banzai
         end
 
         def apply_rules
+          # Special case: relative URLs beginning with `/uploads/` refer to
+          # user-uploaded files and will be handled elsewhere.
+          return @uri.to_s if @uri.relative? && @uri.path.starts_with?('/uploads/')
+
           apply_file_link_rules!
           apply_hierarchical_link_rules!
           apply_relative_link_rules!
diff --git a/lib/gitlab/auth/blocked_user_tracker.rb b/lib/gitlab/auth/blocked_user_tracker.rb
new file mode 100644
index 00000000000..dae03a179e4
--- /dev/null
+++ b/lib/gitlab/auth/blocked_user_tracker.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module Gitlab
+  module Auth
+    class BlockedUserTracker
+      ACTIVE_RECORD_REQUEST_PARAMS = 'action_dispatch.request.request_parameters'
+
+      def self.log_if_user_blocked(env)
+        message = env.dig('warden.options', :message)
+
+        # Devise calls User#active_for_authentication? on the User model and then
+        # throws an exception to Warden with User#inactive_message:
+        # https://github.com/plataformatec/devise/blob/v4.2.1/lib/devise/hooks/activatable.rb#L8
+        #
+        # Since Warden doesn't pass the user record to the failure handler, we
+        # need to do a database lookup with the username. We can limit the
+        # lookups to happen when the user was blocked by checking the inactive
+        # message passed along by Warden.
+        return unless message == User::BLOCKED_MESSAGE
+
+        login = env.dig(ACTIVE_RECORD_REQUEST_PARAMS, 'user', 'login')
+
+        return unless login.present?
+
+        user = User.by_login(login)
+
+        return unless user&.blocked?
+
+        Gitlab::AppLogger.info("Failed login for blocked user: user=#{user.username} ip=#{env['REMOTE_ADDR']}")
+        SystemHooksService.new.execute_hooks_for(user, :failed_login)
+
+        true
+      rescue TypeError
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb
index b4114a3ac96..cf02030c577 100644
--- a/lib/gitlab/auth/user_auth_finders.rb
+++ b/lib/gitlab/auth/user_auth_finders.rb
@@ -96,9 +96,7 @@ module Gitlab
       end
 
       def ensure_action_dispatch_request(request)
-        return request if request.is_a?(ActionDispatch::Request)
-
-        ActionDispatch::Request.new(request.env)
+        ActionDispatch::Request.new(request.env.dup)
       end
 
       def current_request
diff --git a/lib/gitlab/background_migration/prepare_untracked_uploads.rb b/lib/gitlab/background_migration/prepare_untracked_uploads.rb
index 476c46341ae..4e0121ca34d 100644
--- a/lib/gitlab/background_migration/prepare_untracked_uploads.rb
+++ b/lib/gitlab/background_migration/prepare_untracked_uploads.rb
@@ -7,6 +7,7 @@ module Gitlab
     class PrepareUntrackedUploads # rubocop:disable Metrics/ClassLength
       # For bulk_queue_background_migration_jobs_by_range
       include Database::MigrationHelpers
+      include ::Gitlab::Utils::StrongMemoize
 
       FIND_BATCH_SIZE = 500
       RELATIVE_UPLOAD_DIR = "uploads".freeze
@@ -142,7 +143,9 @@ module Gitlab
       end
 
       def postgresql?
-        @postgresql ||= Gitlab::Database.postgresql?
+        strong_memoize(:postgresql) do
+          Gitlab::Database.postgresql?
+        end
       end
 
       def can_bulk_insert_and_ignore_duplicates?
@@ -150,8 +153,9 @@ module Gitlab
       end
 
       def postgresql_pre_9_5?
-        @postgresql_pre_9_5 ||= postgresql? &&
-          Gitlab::Database.version.to_f < 9.5
+        strong_memoize(:postgresql_pre_9_5) do
+          postgresql? && Gitlab::Database.version.to_f < 9.5
+        end
       end
 
       def schedule_populate_untracked_uploads_jobs
diff --git a/lib/gitlab/bare_repository_import/repository.rb b/lib/gitlab/bare_repository_import/repository.rb
index 85b79362196..c0c666dfb7b 100644
--- a/lib/gitlab/bare_repository_import/repository.rb
+++ b/lib/gitlab/bare_repository_import/repository.rb
@@ -1,6 +1,8 @@
 module Gitlab
   module BareRepositoryImport
     class Repository
+      include ::Gitlab::Utils::StrongMemoize
+
       attr_reader :group_path, :project_name, :repo_path
 
       def initialize(root_path, repo_path)
@@ -41,11 +43,15 @@ module Gitlab
       private
 
       def wiki?
-        @wiki ||= repo_path.end_with?('.wiki.git')
+        strong_memoize(:wiki) do
+          repo_path.end_with?('.wiki.git')
+        end
       end
 
       def hashed?
-        @hashed ||= repo_relative_path.include?('@hashed')
+        strong_memoize(:hashed) do
+          repo_relative_path.include?('@hashed')
+        end
       end
 
       def repo_relative_path
diff --git a/lib/gitlab/ci/config/entry/validators.rb b/lib/gitlab/ci/config/entry/validators.rb
index eb606b57667..55658900628 100644
--- a/lib/gitlab/ci/config/entry/validators.rb
+++ b/lib/gitlab/ci/config/entry/validators.rb
@@ -64,10 +64,24 @@ module Gitlab
             include LegacyValidationHelpers
 
             def validate_each(record, attribute, value)
-              unless validate_string(value)
+              if validate_string(value)
+                validate_path(record, attribute, value)
+              else
                 record.errors.add(attribute, 'should be a string or symbol')
               end
             end
+
+            private
+
+            def validate_path(record, attribute, value)
+              path = CGI.unescape(value.to_s)
+
+              if path.include?('/')
+                record.errors.add(attribute, 'cannot contain the "/" character')
+              elsif path == '.' || path == '..'
+                record.errors.add(attribute, 'cannot be "." or ".."')
+              end
+            end
           end
 
           class RegexpValidator < ActiveModel::EachValidator
diff --git a/lib/gitlab/ci/pipeline/chain/skip.rb b/lib/gitlab/ci/pipeline/chain/skip.rb
index 9a72de87bab..32cbb7ca6af 100644
--- a/lib/gitlab/ci/pipeline/chain/skip.rb
+++ b/lib/gitlab/ci/pipeline/chain/skip.rb
@@ -3,6 +3,8 @@ module Gitlab
     module Pipeline
       module Chain
         class Skip < Chain::Base
+          include ::Gitlab::Utils::StrongMemoize
+
           SKIP_PATTERN = /\[(ci[ _-]skip|skip[ _-]ci)\]/i
 
           def perform!
@@ -24,7 +26,9 @@ module Gitlab
           def commit_message_skips_ci?
             return false unless @pipeline.git_commit_message
 
-            @skipped ||= !!(@pipeline.git_commit_message =~ SKIP_PATTERN)
+            strong_memoize(:commit_message_skips_ci) do
+              !!(@pipeline.git_commit_message =~ SKIP_PATTERN)
+            end
           end
         end
       end
diff --git a/lib/gitlab/ci/stage/seed.rb b/lib/gitlab/ci/stage/seed.rb
index bc97aa63b02..f33c87f554d 100644
--- a/lib/gitlab/ci/stage/seed.rb
+++ b/lib/gitlab/ci/stage/seed.rb
@@ -2,6 +2,8 @@ module Gitlab
   module Ci
     module Stage
       class Seed
+        include ::Gitlab::Utils::StrongMemoize
+
         attr_reader :pipeline
 
         delegate :project, to: :pipeline
@@ -50,7 +52,9 @@ module Gitlab
         private
 
         def protected_ref?
-          @protected_ref ||= project.protected_for?(pipeline.ref)
+          strong_memoize(:protected_ref) do
+            project.protected_for?(pipeline.ref)
+          end
         end
       end
     end
diff --git a/lib/gitlab/ci/status/build/action.rb b/lib/gitlab/ci/status/build/action.rb
index 45fd0d4aa07..6c9125647ad 100644
--- a/lib/gitlab/ci/status/build/action.rb
+++ b/lib/gitlab/ci/status/build/action.rb
@@ -2,6 +2,9 @@ module Gitlab
   module Ci
     module Status
       module Build
+        ##
+        # Extended status for playable manual actions.
+        #
         class Action < Status::Extended
           def label
             if has_action?
@@ -12,7 +15,7 @@ module Gitlab
           end
 
           def self.matches?(build, user)
-            build.action?
+            build.playable?
           end
         end
       end
diff --git a/lib/gitlab/git/commit.rb b/lib/gitlab/git/commit.rb
index 016437b2419..46e0c0e82a2 100644
--- a/lib/gitlab/git/commit.rb
+++ b/lib/gitlab/git/commit.rb
@@ -436,6 +436,16 @@ module Gitlab
         parent_ids.size > 1
       end
 
+      def tree_entry(path)
+        @repository.gitaly_migrate(:commit_tree_entry) do |is_migrated|
+          if is_migrated
+            gitaly_tree_entry(path)
+          else
+            rugged_tree_entry(path)
+          end
+        end
+      end
+
       def to_gitaly_commit
         return raw_commit if raw_commit.is_a?(Gitaly::GitCommit)
 
@@ -450,11 +460,6 @@ module Gitlab
         )
       end
 
-      # Is this the same as Blob.find_entry_by_path ?
-      def rugged_tree_entry(path)
-        rugged_commit.tree.path(path)
-      end
-
       private
 
       def init_from_hash(hash)
@@ -501,6 +506,28 @@ module Gitlab
         SERIALIZE_KEYS
       end
 
+      def gitaly_tree_entry(path)
+        # We're only interested in metadata, so limit actual data to 1 byte
+        # since Gitaly doesn't support "send no data" option.
+        entry = @repository.gitaly_commit_client.tree_entry(id, path, 1)
+        return unless entry
+
+        # To be compatible with the rugged format
+        entry = entry.to_h
+        entry.delete(:data)
+        entry[:name] = File.basename(path)
+        entry[:type] = entry[:type].downcase
+
+        entry
+      end
+
+      # Is this the same as Blob.find_entry_by_path ?
+      def rugged_tree_entry(path)
+        rugged_commit.tree.path(path)
+      rescue Rugged::TreeError
+        nil
+      end
+
       def gitaly_commit_author_from_rugged(author_or_committer)
         Gitaly::CommitAuthor.new(
           name: author_or_committer[:name].b,
diff --git a/lib/gitlab/git/conflict/resolver.rb b/lib/gitlab/git/conflict/resolver.rb
index 74c9874d590..07b7e811a34 100644
--- a/lib/gitlab/git/conflict/resolver.rb
+++ b/lib/gitlab/git/conflict/resolver.rb
@@ -15,7 +15,7 @@ module Gitlab
           @conflicts ||= begin
             @target_repository.gitaly_migrate(:conflicts_list_conflict_files) do |is_enabled|
               if is_enabled
-                gitaly_conflicts_client(@target_repository).list_conflict_files
+                gitaly_conflicts_client(@target_repository).list_conflict_files.to_a
               else
                 rugged_list_conflict_files
               end
diff --git a/lib/gitlab/git/gitlab_projects.rb b/lib/gitlab/git/gitlab_projects.rb
index 976fa1ddfe6..e5a747cb987 100644
--- a/lib/gitlab/git/gitlab_projects.rb
+++ b/lib/gitlab/git/gitlab_projects.rb
@@ -44,29 +44,13 @@ module Gitlab
       # Import project via git clone --bare
       # URL must be publicly cloneable
       def import_project(source, timeout)
-        # Skip import if repo already exists
-        return false if File.exist?(repository_absolute_path)
-
-        masked_source = mask_password_in_url(source)
-
-        logger.info "Importing project from <#{masked_source}> to <#{repository_absolute_path}>."
-        cmd = %W(git clone --bare -- #{source} #{repository_absolute_path})
-
-        success = run_with_timeout(cmd, timeout, nil)
-
-        unless success
-          logger.error("Importing project from <#{masked_source}> to <#{repository_absolute_path}> failed.")
-          FileUtils.rm_rf(repository_absolute_path)
-          return false
+        Gitlab::GitalyClient.migrate(:import_repository) do |is_enabled|
+          if is_enabled
+            gitaly_import_repository(source)
+          else
+            git_import_repository(source, timeout)
+          end
         end
-
-        Gitlab::Git::Repository.create_hooks(repository_absolute_path, global_hooks_path)
-
-        # The project was imported successfully.
-        # Remove the origin URL since it may contain password.
-        remove_origin_in_repo
-
-        true
       end
 
       def fork_repository(new_shard_path, new_repository_relative_path)
@@ -231,6 +215,42 @@ module Gitlab
           raise(ShardNameNotFoundError, "no shard found for path '#{shard_path}'")
       end
 
+      def git_import_repository(source, timeout)
+        # Skip import if repo already exists
+        return false if File.exist?(repository_absolute_path)
+
+        masked_source = mask_password_in_url(source)
+
+        logger.info "Importing project from <#{masked_source}> to <#{repository_absolute_path}>."
+        cmd = %W(git clone --bare -- #{source} #{repository_absolute_path})
+
+        success = run_with_timeout(cmd, timeout, nil)
+
+        unless success
+          logger.error("Importing project from <#{masked_source}> to <#{repository_absolute_path}> failed.")
+          FileUtils.rm_rf(repository_absolute_path)
+          return false
+        end
+
+        Gitlab::Git::Repository.create_hooks(repository_absolute_path, global_hooks_path)
+
+        # The project was imported successfully.
+        # Remove the origin URL since it may contain password.
+        remove_origin_in_repo
+
+        true
+      end
+
+      def gitaly_import_repository(source)
+        raw_repository = Gitlab::Git::Repository.new(shard_name, repository_relative_path, nil)
+
+        Gitlab::GitalyClient::RepositoryService.new(raw_repository).import_repository(source)
+        true
+      rescue GRPC::BadStatus => e
+        @output << e.message
+        false
+      end
+
       def git_fork_repository(new_shard_path, new_repository_relative_path)
         from_path = repository_absolute_path
         to_path = File.join(new_shard_path, new_repository_relative_path)
diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb
index 6ada9a145db..c5d5c3a72c0 100644
--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -621,37 +621,6 @@ module Gitlab
         end
       end
 
-      # Returns branch names collection that contains the special commit(SHA1
-      # or name)
-      #
-      # Ex.
-      #   repo.branch_names_contains('master')
-      #
-      def branch_names_contains(commit)
-        branches_contains(commit).map { |c| c.name }
-      end
-
-      # Returns branch collection that contains the special commit(SHA1 or name)
-      #
-      # Ex.
-      #   repo.branch_names_contains('master')
-      #
-      def branches_contains(commit)
-        commit_obj = rugged.rev_parse(commit)
-        parent = commit_obj.parents.first unless commit_obj.parents.empty?
-
-        walker = Rugged::Walker.new(rugged)
-
-        rugged.branches.select do |branch|
-          walker.push(branch.target_id)
-          walker.hide(parent) if parent
-          result = walker.any? { |c| c.oid == commit_obj.oid }
-          walker.reset
-
-          result
-        end
-      end
-
       # Get refs hash which key is SHA1
       # and value is a Rugged::Reference
       def refs_hash
@@ -1236,33 +1205,31 @@ module Gitlab
       end
 
       def rebase(user, rebase_id, branch:, branch_sha:, remote_repository:, remote_branch:)
-        rebase_path = worktree_path(REBASE_WORKTREE_PREFIX, rebase_id)
-        env = git_env_for_user(user)
-
-        if remote_repository.is_a?(RemoteRepository)
-          env.merge!(remote_repository.fetch_env)
-          remote_repo_path = GITALY_INTERNAL_URL
-        else
-          remote_repo_path = remote_repository.path
-        end
-
-        with_worktree(rebase_path, branch, env: env) do
-          run_git!(
-            %W(pull --rebase #{remote_repo_path} #{remote_branch}),
-            chdir: rebase_path, env: env
-          )
-
-          rebase_sha = run_git!(%w(rev-parse HEAD), chdir: rebase_path, env: env).strip
-
-          Gitlab::Git::OperationService.new(user, self)
-            .update_branch(branch, rebase_sha, branch_sha)
-
-          rebase_sha
+        gitaly_migrate(:rebase) do |is_enabled|
+          if is_enabled
+            gitaly_rebase(user, rebase_id,
+                          branch: branch,
+                          branch_sha: branch_sha,
+                          remote_repository: remote_repository,
+                          remote_branch: remote_branch)
+          else
+            git_rebase(user, rebase_id,
+                       branch: branch,
+                       branch_sha: branch_sha,
+                       remote_repository: remote_repository,
+                       remote_branch: remote_branch)
+          end
         end
       end
 
       def rebase_in_progress?(rebase_id)
-        fresh_worktree?(worktree_path(REBASE_WORKTREE_PREFIX, rebase_id))
+        gitaly_migrate(:rebase_in_progress) do |is_enabled|
+          if is_enabled
+            gitaly_repository_client.rebase_in_progress?(rebase_id)
+          else
+            fresh_worktree?(worktree_path(REBASE_WORKTREE_PREFIX, rebase_id))
+          end
+        end
       end
 
       def squash(user, squash_id, branch:, start_sha:, end_sha:, author:, message:)
@@ -2039,6 +2006,40 @@ module Gitlab
         tree_id
       end
 
+      def gitaly_rebase(user, rebase_id, branch:, branch_sha:, remote_repository:, remote_branch:)
+        gitaly_operation_client.user_rebase(user, rebase_id,
+                                            branch: branch,
+                                            branch_sha: branch_sha,
+                                            remote_repository: remote_repository,
+                                            remote_branch: remote_branch)
+      end
+
+      def git_rebase(user, rebase_id, branch:, branch_sha:, remote_repository:, remote_branch:)
+        rebase_path = worktree_path(REBASE_WORKTREE_PREFIX, rebase_id)
+        env = git_env_for_user(user)
+
+        if remote_repository.is_a?(RemoteRepository)
+          env.merge!(remote_repository.fetch_env)
+          remote_repo_path = GITALY_INTERNAL_URL
+        else
+          remote_repo_path = remote_repository.path
+        end
+
+        with_worktree(rebase_path, branch, env: env) do
+          run_git!(
+            %W(pull --rebase #{remote_repo_path} #{remote_branch}),
+            chdir: rebase_path, env: env
+          )
+
+          rebase_sha = run_git!(%w(rev-parse HEAD), chdir: rebase_path, env: env).strip
+
+          Gitlab::Git::OperationService.new(user, self)
+            .update_branch(branch, rebase_sha, branch_sha)
+
+          rebase_sha
+        end
+      end
+
       def local_fetch_ref(source_path, source_ref:, target_ref:)
         args = %W(fetch --no-tags -f #{source_path} #{source_ref}:#{target_ref})
         run_git(args)
diff --git a/lib/gitlab/git/rev_list.rb b/lib/gitlab/git/rev_list.rb
index 4974205b8fd..f8b2e7e0e21 100644
--- a/lib/gitlab/git/rev_list.rb
+++ b/lib/gitlab/git/rev_list.rb
@@ -95,7 +95,7 @@ module Gitlab
         object_output.map do |output_line|
           sha, path = output_line.split(' ', 2)
 
-          next if require_path && path.blank?
+          next if require_path && path.to_s.empty?
 
           sha
         end.reject(&:nil?)
diff --git a/lib/gitlab/gitaly_client/commit_service.rb b/lib/gitlab/gitaly_client/commit_service.rb
index fed05bb6c64..71b212023d6 100644
--- a/lib/gitlab/gitaly_client/commit_service.rb
+++ b/lib/gitlab/gitaly_client/commit_service.rb
@@ -177,7 +177,7 @@ module Gitlab
 
         response = GitalyClient.call(@repository.storage, :commit_service, :list_commits_by_oid, request, timeout: GitalyClient.medium_timeout)
         consume_commits_response(response)
-      rescue GRPC::Unknown # If no repository is found, happens mainly during testing
+      rescue GRPC::NotFound # If no repository is found, happens mainly during testing
         []
       end
 
diff --git a/lib/gitlab/gitaly_client/conflict_files_stitcher.rb b/lib/gitlab/gitaly_client/conflict_files_stitcher.rb
new file mode 100644
index 00000000000..97c13d1fdb0
--- /dev/null
+++ b/lib/gitlab/gitaly_client/conflict_files_stitcher.rb
@@ -0,0 +1,47 @@
+module Gitlab
+  module GitalyClient
+    class ConflictFilesStitcher
+      include Enumerable
+
+      def initialize(rpc_response)
+        @rpc_response = rpc_response
+      end
+
+      def each
+        current_file = nil
+
+        @rpc_response.each do |msg|
+          msg.files.each do |gitaly_file|
+            if gitaly_file.header
+              yield current_file if current_file
+
+              current_file = file_from_gitaly_header(gitaly_file.header)
+            else
+              current_file.content << gitaly_file.content
+            end
+          end
+        end
+
+        yield current_file if current_file
+      end
+
+      private
+
+      def file_from_gitaly_header(header)
+        Gitlab::Git::Conflict::File.new(
+          Gitlab::GitalyClient::Util.git_repository(header.repository),
+          header.commit_oid,
+          conflict_from_gitaly_file_header(header),
+          ''
+        )
+      end
+
+      def conflict_from_gitaly_file_header(header)
+        {
+          ours: { path: header.our_path, mode: header.our_mode },
+          theirs: { path: header.their_path }
+        }
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/gitaly_client/conflicts_service.rb b/lib/gitlab/gitaly_client/conflicts_service.rb
index 40f032cf873..2565d537aff 100644
--- a/lib/gitlab/gitaly_client/conflicts_service.rb
+++ b/lib/gitlab/gitaly_client/conflicts_service.rb
@@ -20,7 +20,11 @@ module Gitlab
         )
         response = GitalyClient.call(@repository.storage, :conflicts_service, :list_conflict_files, request)
 
-        files_from_response(response).to_a
+        GitalyClient::ConflictFilesStitcher.new(response)
+      end
+
+      def conflicts?
+        list_conflict_files.any?
       end
 
       def resolve_conflicts(target_repository, resolution, source_branch, target_branch)
@@ -58,38 +62,6 @@ module Gitlab
           user: Gitlab::Git::User.from_gitlab(resolution.user).to_gitaly
         )
       end
-
-      def files_from_response(response)
-        files = []
-
-        response.each do |msg|
-          msg.files.each do |gitaly_file|
-            if gitaly_file.header
-              files << file_from_gitaly_header(gitaly_file.header)
-            else
-              files.last.content << gitaly_file.content
-            end
-          end
-        end
-
-        files
-      end
-
-      def file_from_gitaly_header(header)
-        Gitlab::Git::Conflict::File.new(
-          Gitlab::GitalyClient::Util.git_repository(header.repository),
-          header.commit_oid,
-          conflict_from_gitaly_file_header(header),
-          ''
-        )
-      end
-
-      def conflict_from_gitaly_file_header(header)
-        {
-          ours: { path: header.our_path, mode: header.our_mode },
-          theirs: { path: header.their_path }
-        }
-      end
     end
   end
 end
diff --git a/lib/gitlab/gitaly_client/operation_service.rb b/lib/gitlab/gitaly_client/operation_service.rb
index 37ba1af8d6f..7319de69d13 100644
--- a/lib/gitlab/gitaly_client/operation_service.rb
+++ b/lib/gitlab/gitaly_client/operation_service.rb
@@ -147,6 +147,34 @@ module Gitlab
                                    start_repository: start_repository)
       end
 
+      def user_rebase(user, rebase_id, branch:, branch_sha:, remote_repository:, remote_branch:)
+        request = Gitaly::UserRebaseRequest.new(
+          repository: @gitaly_repo,
+          user: Gitlab::Git::User.from_gitlab(user).to_gitaly,
+          rebase_id: rebase_id.to_s,
+          branch: encode_binary(branch),
+          branch_sha: branch_sha,
+          remote_repository: remote_repository.gitaly_repository,
+          remote_branch: encode_binary(remote_branch)
+        )
+
+        response = GitalyClient.call(
+          @repository.storage,
+          :operation_service,
+          :user_rebase,
+          request,
+          remote_storage: remote_repository.storage
+        )
+
+        if response.pre_receive_error.presence
+          raise Gitlab::Git::HooksService::PreReceiveError, response.pre_receive_error
+        elsif response.git_error.presence
+          raise Gitlab::Git::Repository::GitError, response.git_error
+        else
+          response.rebase_sha
+        end
+      end
+
       private
 
       def call_cherry_pick_or_revert(rpc, user:, commit:, branch_name:, message:, start_branch_name:, start_repository:)
diff --git a/lib/gitlab/gitaly_client/repository_service.rb b/lib/gitlab/gitaly_client/repository_service.rb
index 66006f5dc5b..12016aee2a6 100644
--- a/lib/gitlab/gitaly_client/repository_service.rb
+++ b/lib/gitlab/gitaly_client/repository_service.rb
@@ -100,6 +100,38 @@ module Gitlab
         )
       end
 
+      def import_repository(source)
+        request = Gitaly::CreateRepositoryFromURLRequest.new(
+          repository: @gitaly_repo,
+          url: source
+        )
+
+        GitalyClient.call(
+          @storage,
+          :repository_service,
+          :create_repository_from_url,
+          request,
+          timeout: GitalyClient.default_timeout
+        )
+      end
+
+      def rebase_in_progress?(rebase_id)
+        request = Gitaly::IsRebaseInProgressRequest.new(
+          repository: @gitaly_repo,
+          rebase_id: rebase_id.to_s
+        )
+
+        response = GitalyClient.call(
+          @storage,
+          :repository_service,
+          :is_rebase_in_progress,
+          request,
+          timeout: GitalyClient.default_timeout
+        )
+
+        response.in_progress
+      end
+
       def fetch_source_branch(source_repository, source_branch, local_ref)
         request = Gitaly::FetchSourceBranchRequest.new(
           repository: @gitaly_repo,
diff --git a/lib/gitlab/github_import/client.rb b/lib/gitlab/github_import/client.rb
index 5da9befa08e..4f160e4a447 100644
--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@@ -14,6 +14,8 @@ module Gitlab
     #       puts label.name
     #     end
     class Client
+      include ::Gitlab::Utils::StrongMemoize
+
       attr_reader :octokit
 
       # A single page of data and the corresponding page number.
@@ -173,7 +175,9 @@ module Gitlab
       end
 
       def rate_limiting_enabled?
-        @rate_limiting_enabled ||= api_endpoint.include?('.github.com')
+        strong_memoize(:rate_limiting_enabled) do
+          api_endpoint.include?('.github.com')
+        end
       end
 
       def api_endpoint
diff --git a/lib/gitlab/import_export/file_importer.rb b/lib/gitlab/import_export/file_importer.rb
index 989342389bc..5c971564a73 100644
--- a/lib/gitlab/import_export/file_importer.rb
+++ b/lib/gitlab/import_export/file_importer.rb
@@ -17,12 +17,16 @@ module Gitlab
       def import
         mkdir_p(@shared.export_path)
 
+        remove_symlinks!
+
         wait_for_archived_file do
           decompress_archive
         end
       rescue => e
         @shared.error(e)
         false
+      ensure
+        remove_symlinks!
       end
 
       private
@@ -43,7 +47,7 @@ module Gitlab
 
         raise Projects::ImportService::Error.new("Unable to decompress #{@archive_file} into #{@shared.export_path}") unless result
 
-        remove_symlinks!
+        result
       end
 
       def remove_symlinks!
diff --git a/lib/gitlab/import_export/saver.rb b/lib/gitlab/import_export/saver.rb
index 6130c124dd1..2daeba90a51 100644
--- a/lib/gitlab/import_export/saver.rb
+++ b/lib/gitlab/import_export/saver.rb
@@ -37,7 +37,7 @@ module Gitlab
       end
 
       def archive_file
-        @archive_file ||= File.join(@shared.export_path, '..', Gitlab::ImportExport.export_filename(project: @project))
+        @archive_file ||= File.join(@shared.archive_path, Gitlab::ImportExport.export_filename(project: @project))
       end
     end
   end
diff --git a/lib/gitlab/import_export/shared.rb b/lib/gitlab/import_export/shared.rb
index 9fd0b709ef2..d03cbc880fd 100644
--- a/lib/gitlab/import_export/shared.rb
+++ b/lib/gitlab/import_export/shared.rb
@@ -9,7 +9,11 @@ module Gitlab
       end
 
       def export_path
-        @export_path ||= Gitlab::ImportExport.export_path(relative_path: opts[:relative_path])
+        @export_path ||= Gitlab::ImportExport.export_path(relative_path: relative_path)
+      end
+
+      def archive_path
+        @archive_path ||= Gitlab::ImportExport.export_path(relative_path: relative_archive_path)
       end
 
       def error(error)
@@ -21,6 +25,14 @@ module Gitlab
 
       private
 
+      def relative_path
+        File.join(opts[:relative_path], SecureRandom.hex)
+      end
+
+      def relative_archive_path
+        File.join(opts[:relative_path], '..')
+      end
+
       def error_out(message, caller)
         Rails.logger.error("Import/Export error raised on #{caller}: #{message}")
       end
diff --git a/lib/gitlab/kubernetes/helm/install_command.rb b/lib/gitlab/kubernetes/helm/install_command.rb
index 8d8c441a4b1..bf6981035f4 100644
--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -36,7 +36,11 @@ module Gitlab
         def complete_command(namespace_name)
           return unless chart
 
-          "helm install #{chart} --name #{name} --namespace #{namespace_name} >/dev/null"
+          if chart_values_file
+            "helm install #{chart} --name #{name} --namespace #{namespace_name} -f /data/helm/#{name}/config/values.yaml >/dev/null"
+          else
+            "helm install #{chart} --name #{name} --namespace #{namespace_name} >/dev/null"
+          end
         end
 
         def install_dps_command
diff --git a/lib/gitlab/kubernetes/helm/pod.rb b/lib/gitlab/kubernetes/helm/pod.rb
index 97ad3c97e95..a3216759cae 100644
--- a/lib/gitlab/kubernetes/helm/pod.rb
+++ b/lib/gitlab/kubernetes/helm/pod.rb
@@ -10,9 +10,10 @@ module Gitlab
 
         def generate
           spec = { containers: [container_specification], restartPolicy: 'Never' }
+
           if command.chart_values_file
-            generate_config_map
-            spec['volumes'] = volumes_specification
+            create_config_map
+            spec[:volumes] = volumes_specification
           end
 
           ::Kubeclient::Resource.new(metadata: metadata, spec: spec)
@@ -35,19 +36,39 @@ module Gitlab
         end
 
         def labels
-          { 'gitlab.org/action': 'install', 'gitlab.org/application': command.name }
+          {
+            'gitlab.org/action': 'install',
+            'gitlab.org/application': command.name
+          }
         end
 
         def metadata
-          { name: command.pod_name, namespace: namespace_name, labels: labels }
+          {
+            name: command.pod_name,
+            namespace: namespace_name,
+            labels: labels
+          }
         end
 
         def volume_mounts_specification
-          [{ name: 'config-volume', mountPath: '/etc/config' }]
+          [
+            {
+              name: 'configuration-volume',
+              mountPath: "/data/helm/#{command.name}/config"
+            }
+          ]
         end
 
         def volumes_specification
-          [{ name: 'config-volume', configMap: { name: 'values-config' } }]
+          [
+            {
+              name: 'configuration-volume',
+              configMap: {
+                name: 'values-content-configuration',
+                items: [{ key: 'values', path: 'values.yaml' }]
+              }
+            }
+          ]
         end
 
         def generate_pod_env(command)
@@ -58,10 +79,10 @@ module Gitlab
           }.map { |key, value| { name: key, value: value } }
         end
 
-        def generate_config_map
+        def create_config_map
           resource = ::Kubeclient::Resource.new
-          resource.metadata = { name: 'values-config', namespace: namespace_name }
-          resource.data = YAML.load_file(command.chart_values_file)
+          resource.metadata = { name: 'values-content-configuration', namespace: namespace_name, labels: { name: 'values-content-configuration' } }
+          resource.data = { values: File.read(command.chart_values_file) }
           kubeclient.create_config_map(resource)
         end
       end
diff --git a/lib/gitlab/o_auth.rb b/lib/gitlab/o_auth.rb
new file mode 100644
index 00000000000..5ad8d83bd6e
--- /dev/null
+++ b/lib/gitlab/o_auth.rb
@@ -0,0 +1,6 @@
+module Gitlab
+  module OAuth
+    SignupDisabledError = Class.new(StandardError)
+    SigninDisabledForProviderError = Class.new(StandardError)
+  end
+end
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index d33f33d192f..fff9360ea27 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -5,8 +5,6 @@
 #
 module Gitlab
   module OAuth
-    SignupDisabledError = Class.new(StandardError)
-
     class User
       attr_accessor :auth_hash, :gl_user
 
@@ -29,7 +27,8 @@ module Gitlab
       end
 
       def save(provider = 'OAuth')
-        unauthorized_to_create unless gl_user
+        raise SigninDisabledForProviderError if oauth_provider_disabled?
+        raise SignupDisabledError unless gl_user
 
         block_after_save = needs_blocking?
 
@@ -226,8 +225,10 @@ module Gitlab
         Gitlab::AppLogger
       end
 
-      def unauthorized_to_create
-        raise SignupDisabledError
+      def oauth_provider_disabled?
+        Gitlab::CurrentSettings.current_application_settings
+                               .disabled_oauth_sign_in_sources
+                               .include?(auth_hash.provider)
       end
     end
   end
diff --git a/lib/gitlab/performance_bar.rb b/lib/gitlab/performance_bar.rb
index e73245b82c1..e29e168fc5a 100644
--- a/lib/gitlab/performance_bar.rb
+++ b/lib/gitlab/performance_bar.rb
@@ -6,6 +6,7 @@ module Gitlab
     EXPIRY_TIME = 5.minutes
 
     def self.enabled?(user = nil)
+      return true if Rails.env.development?
       return false unless user && allowed_group_id
 
       allowed_user_ids.include?(user.id)
diff --git a/lib/gitlab/project_search_results.rb b/lib/gitlab/project_search_results.rb
index e2662fc362b..7771b15069b 100644
--- a/lib/gitlab/project_search_results.rb
+++ b/lib/gitlab/project_search_results.rb
@@ -44,25 +44,20 @@ module Gitlab
       ref = nil
       filename = nil
       basename = nil
+      data = ""
       startline = 0
 
-      result.each_line.each_with_index do |line, index|
-        matches = line.match(/^(?<ref>[^:]*):(?<filename>.*):(?<startline>\d+):/)
-        if matches
+      result.strip.each_line.each_with_index do |line, index|
+        prefix ||= line.match(/^(?<ref>[^:]*):(?<filename>.*)\x00(?<startline>\d+)\x00/)&.tap do |matches|
           ref = matches[:ref]
           filename = matches[:filename]
           startline = matches[:startline]
           startline = startline.to_i - index
           extname = Regexp.escape(File.extname(filename))
           basename = filename.sub(/#{extname}$/, '')
-          break
         end
-      end
-
-      data = ""
 
-      result.each_line do |line|
-        data << line.sub(ref, '').sub(filename, '').sub(/^:-\d+-/, '').sub(/^::\d+:/, '')
+        data << line.sub(prefix.to_s, '')
       end
 
       FoundBlob.new(
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb
index 0002c7da8f1..7ab85e1c35c 100644
--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -67,7 +67,7 @@ module Gitlab
     end
 
     def build_trace_section_regex
-      @build_trace_section_regexp ||= /section_((?:start)|(?:end)):(\d+):([^\r]+)\r\033\[0K/.freeze
+      @build_trace_section_regexp ||= /section_((?:start)|(?:end)):(\d+):([a-zA-Z0-9_.-]+)\r\033\[0K/.freeze
     end
   end
 end
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index d9a5af09f08..f357488ac61 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -16,8 +16,10 @@ module Gitlab
     def can_do_action?(action)
       return false unless can_access_git?
 
-      @permission_cache ||= {}
-      @permission_cache[action] ||= user.can?(action, project)
+      permission_cache[action] =
+        permission_cache.fetch(action) do
+          user.can?(action, project)
+        end
     end
 
     def cannot_do_action?(action)
@@ -88,6 +90,10 @@ module Gitlab
 
     private
 
+    def permission_cache
+      @permission_cache ||= {}
+    end
+
     def can_access_git?
       user && user.can?(:access_git)
     end
diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb
index b3baaf036d8..fa22f0e37b2 100644
--- a/lib/gitlab/utils.rb
+++ b/lib/gitlab/utils.rb
@@ -27,6 +27,10 @@ module Gitlab
         .gsub(/(\A-+|-+\z)/, '')
     end
 
+    def remove_line_breaks(str)
+      str.gsub(/\r?\n/, '')
+    end
+
     def to_boolean(value)
       return value if [true, false].include?(value)
       return true if value =~ /^(true|t|yes|y|1|on)$/i
diff --git a/lib/gitlab/utils/override.rb b/lib/gitlab/utils/override.rb
new file mode 100644
index 00000000000..8bf6bcb1fe2
--- /dev/null
+++ b/lib/gitlab/utils/override.rb
@@ -0,0 +1,111 @@
+module Gitlab
+  module Utils
+    module Override
+      class Extension
+        def self.verify_class!(klass, method_name)
+          instance_method_defined?(klass, method_name) ||
+            raise(
+              NotImplementedError.new(
+                "#{klass}\##{method_name} doesn't exist!"))
+        end
+
+        def self.instance_method_defined?(klass, name, include_super: true)
+          klass.instance_methods(include_super).include?(name) ||
+            klass.private_instance_methods(include_super).include?(name)
+        end
+
+        attr_reader :subject
+
+        def initialize(subject)
+          @subject = subject
+        end
+
+        def add_method_name(method_name)
+          method_names << method_name
+        end
+
+        def add_class(klass)
+          classes << klass
+        end
+
+        def verify!
+          classes.each do |klass|
+            index = klass.ancestors.index(subject)
+            parents = klass.ancestors.drop(index + 1)
+
+            method_names.each do |method_name|
+              parents.any? do |parent|
+                self.class.instance_method_defined?(
+                  parent, method_name, include_super: false)
+              end ||
+                raise(
+                  NotImplementedError.new(
+                    "#{klass}\##{method_name} doesn't exist!"))
+            end
+          end
+        end
+
+        private
+
+        def method_names
+          @method_names ||= []
+        end
+
+        def classes
+          @classes ||= []
+        end
+      end
+
+      # Instead of writing patterns like this:
+      #
+      #     def f
+      #       raise NotImplementedError unless defined?(super)
+      #
+      #       true
+      #     end
+      #
+      # We could write it like:
+      #
+      #     extend ::Gitlab::Utils::Override
+      #
+      #     override :f
+      #     def f
+      #       true
+      #     end
+      #
+      # This would make sure we're overriding something. See:
+      # https://gitlab.com/gitlab-org/gitlab-ee/issues/1819
+      def override(method_name)
+        return unless ENV['STATIC_VERIFICATION']
+
+        if is_a?(Class)
+          Extension.verify_class!(self, method_name)
+        else # We delay the check for modules
+          Override.extensions[self] ||= Extension.new(self)
+          Override.extensions[self].add_method_name(method_name)
+        end
+      end
+
+      def included(base = nil)
+        return super if base.nil? # Rails concern, ignoring it
+
+        super
+
+        if base.is_a?(Class) # We could check for Class in `override`
+          # This could be `nil` if `override` was never called
+          Override.extensions[self]&.add_class(base)
+        end
+      end
+
+      alias_method :prepended, :included
+
+      def self.extensions
+        @extensions ||= {}
+      end
+
+      def self.verify!
+        extensions.values.each(&:verify!)
+      end
+    end
+  end
+end
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index e65609d7001..4beb94eeb8e 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -7,4 +7,9 @@ namespace :dev do
     Rake::Task["gitlab:setup"].invoke
     Rake::Task["gitlab:shell:setup"].invoke
   end
+
+  desc "GitLab | Eager load application"
+  task load: :environment do
+    Rails.application.eager_load!
+  end
 end
diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake
index 0e6aed32c52..12ae4199b69 100644
--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@@ -54,16 +54,6 @@ namespace :gitlab do
       # (Re)create hooks
       Rake::Task['gitlab:shell:create_hooks'].invoke
 
-      # Required for debian packaging with PKGR: Setup .ssh/environment with
-      # the current PATH, so that the correct ruby version gets loaded
-      # Requires to set "PermitUserEnvironment yes" in sshd config (should not
-      # be an issue since it is more than likely that there are no "normal"
-      # user accounts on a gitlab server). The alternative is for the admin to
-      # install a ruby (1.9.3+) in the global path.
-      File.open(File.join(user_home, ".ssh", "environment"), "w+") do |f|
-        f.puts "PATH=#{ENV['PATH']}"
-      end
-
       Gitlab::Shell.ensure_secret_token!
     end
 
diff --git a/lib/tasks/lint.rake b/lib/tasks/lint.rake
index 7b63e93db0e..3ab406eff2c 100644
--- a/lib/tasks/lint.rake
+++ b/lib/tasks/lint.rake
@@ -1,5 +1,17 @@
 unless Rails.env.production?
   namespace :lint do
+    task :static_verification_env do
+      ENV['STATIC_VERIFICATION'] = 'true'
+    end
+
+    desc "GitLab | lint | Static verification"
+    task static_verification: %w[
+      lint:static_verification_env
+      dev:load
+    ] do
+      Gitlab::Utils::Override.verify!
+    end
+
     desc "GitLab | lint | Lint JavaScript files using ESLint"
     task :javascript do
       Rake::Task['eslint'].invoke
diff --git a/package.json b/package.json
index 4759ae76817..c9778865e93 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "js-cookie": "^2.1.3",
     "jszip": "^3.1.3",
     "jszip-utils": "^0.0.2",
-    "marked": "^0.3.6",
+    "marked": "^0.3.12",
     "monaco-editor": "0.10.0",
     "mousetrap": "^1.4.6",
     "name-all-modules-plugin": "^1.0.1",
@@ -64,6 +64,7 @@
     "raven-js": "^3.14.0",
     "raw-loader": "^0.5.1",
     "react-dev-utils": "^0.5.2",
+    "sanitize-html": "^1.16.1",
     "select2": "3.5.2-browserify",
     "sql.js": "^0.4.0",
     "svg4everybody": "2.1.9",
diff --git a/qa/README.md b/qa/README.md
index 8fa04e80825..3c1b61900d9 100644
--- a/qa/README.md
+++ b/qa/README.md
@@ -17,6 +17,17 @@ against any existing instance.
 1. Along with GitLab Docker Images we also build and publish GitLab QA images.
 1. GitLab QA project uses these images to execute integration tests.
 
+## Validating GitLab views / partials / selectors in merge requests
+
+We recently added a new CI job that is going to be triggered for every push
+event in CE and EE projects. The job is called `qa:selectors` and it will
+verify coupling between page objects implemented as a part of GitLab QA
+and corresponding views / partials / selectors in CE / EE.
+
+Whenever `qa:selectors` job fails in your merge request, you are supposed to
+fix [page objects](qa/page/README.md). You should also trigger end-to-end tests
+using `package-qa` manual action, to test if everything works fine.
+
 ## How can I use it?
 
 You can use GitLab QA to exercise tests on any live instance! For example, the
diff --git a/qa/qa/page/project/settings/common.rb b/qa/qa/page/project/settings/common.rb
index 5d1d5120929..b4ef07e1540 100644
--- a/qa/qa/page/project/settings/common.rb
+++ b/qa/qa/page/project/settings/common.rb
@@ -3,9 +3,9 @@ module QA
     module Project
       module Settings
         module Common
-          def expand(selector)
+          def expand(element_name)
             page.within('#content-body') do
-              find(selector).click
+              click_element(element_name)
 
               yield
             end
diff --git a/qa/qa/page/project/settings/deploy_keys.rb b/qa/qa/page/project/settings/deploy_keys.rb
index a8d6f09777c..bf42767c707 100644
--- a/qa/qa/page/project/settings/deploy_keys.rb
+++ b/qa/qa/page/project/settings/deploy_keys.rb
@@ -3,12 +3,19 @@ module QA
     module Project
       module Settings
         class DeployKeys < Page::Base
-          ##
-          # TODO, define all selectors required by this page object
-          #
-          # See gitlab-org/gitlab-qa#154
-          #
-          view 'app/views/projects/deploy_keys/edit.html.haml'
+          view 'app/views/projects/deploy_keys/_form.html.haml' do
+            element :deploy_key_title, 'text_field :title'
+            element :deploy_key_key, 'text_area :key'
+          end
+
+          view 'app/assets/javascripts/deploy_keys/components/app.vue' do
+            element :deploy_keys_section, /class=".*deploy\-keys.*"/
+          end
+
+          view 'app/assets/javascripts/deploy_keys/components/key.vue' do
+            element :key_title, /class=".*title.*"/
+            element :key_title_field, '{{ deployKey.title }}'
+          end
 
           def fill_key_title(title)
             fill_in 'deploy_key_title', with: title
diff --git a/qa/qa/page/project/settings/repository.rb b/qa/qa/page/project/settings/repository.rb
index 524d87c6be9..6cc68358c8c 100644
--- a/qa/qa/page/project/settings/repository.rb
+++ b/qa/qa/page/project/settings/repository.rb
@@ -5,15 +5,12 @@ module QA
         class Repository < Page::Base
           include Common
 
-          ##
-          # TODO, define all selectors required by this page object
-          #
-          # See gitlab-org/gitlab-qa#154
-          #
-          view 'app/views/projects/settings/repository/show.html.haml'
+          view 'app/views/projects/deploy_keys/_index.html.haml' do
+            element :expand_deploy_keys
+          end
 
           def expand_deploy_keys(&block)
-            expand('.qa-expand-deploy-keys') do
+            expand(:expand_deploy_keys) do
               DeployKeys.perform(&block)
             end
           end
diff --git a/rubocop/cop/gitlab/predicate_memoization.rb b/rubocop/cop/gitlab/predicate_memoization.rb
new file mode 100644
index 00000000000..3c25d61d087
--- /dev/null
+++ b/rubocop/cop/gitlab/predicate_memoization.rb
@@ -0,0 +1,39 @@
+module RuboCop
+  module Cop
+    module Gitlab
+      class PredicateMemoization < RuboCop::Cop::Cop
+        MSG = <<~EOL.freeze
+          Avoid using `@value ||= query` inside predicate methods in order to
+          properly memoize `false` or `nil` values.
+          https://docs.gitlab.com/ee/development/utilities.html#strongmemoize
+        EOL
+
+        def on_def(node)
+          return unless predicate_method?(node)
+
+          select_offenses(node).each do |offense|
+            add_offense(offense, location: :expression)
+          end
+        end
+
+        private
+
+        def predicate_method?(node)
+          node.method_name.to_s.end_with?('?')
+        end
+
+        def or_ivar_assignment?(or_assignment)
+          lhs = or_assignment.each_child_node.first
+
+          lhs.ivasgn_type?
+        end
+
+        def select_offenses(node)
+          node.each_descendant(:or_asgn).select do |or_assignment|
+            or_ivar_assignment?(or_assignment)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/rubocop/rubocop.rb b/rubocop/rubocop.rb
index 57af87f7fb9..9110237c538 100644
--- a/rubocop/rubocop.rb
+++ b/rubocop/rubocop.rb
@@ -1,4 +1,5 @@
 require_relative 'cop/gitlab/module_with_instance_variables'
+require_relative 'cop/gitlab/predicate_memoization'
 require_relative 'cop/include_sidekiq_worker'
 require_relative 'cop/line_break_around_conditional_block'
 require_relative 'cop/migration/add_column'
diff --git a/scripts/add-code-formatters b/scripts/add-code-formatters
deleted file mode 100755
index 56bb8754d80..00000000000
--- a/scripts/add-code-formatters
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# Check if file exists with -f. Check if in in the gdk rook directory.
-if [ ! -f ../GDK_ROOT ]; then
-  echo "Please run script from gitlab (e.g. gitlab-development-kit/gitlab) root directory."
-  exit 1
-fi
-
-PRECOMMIT=$(git rev-parse --git-dir)/hooks/pre-commit
-
-# Check if symlink exists with -L. Check if script was already installed.
-if [ -L $PRECOMMIT ]; then
-  echo "Pre-commit script already installed."
-  exit 1
-fi
-
-ln -s ./pre-commit $PRECOMMIT
-echo "Pre-commit script installed successfully"
diff --git a/scripts/pre-commit b/scripts/pre-commit
deleted file mode 100644
index 48935e90a87..00000000000
--- a/scripts/pre-commit
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# Check if file exists with -f. Check if in in the gdk rook directory.
-if [ ! -f ../GDK_ROOT ]; then
-  echo "Please run pre-commit from gitlab (e.g. gitlab-development-kit/gitlab) root directory."
-  exit 1
-fi
-
-jsfiles=$(git diff --cached --name-only --diff-filter=ACM "*.js" | tr '\n' ' ')
-[ -z "$jsfiles" ] && exit 0
-
-# Prettify all staged .js files
-echo "$jsfiles" | xargs ./node_modules/.bin/prettier --write
-
-# Add back the modified/prettified files to staging
-echo "$jsfiles" | xargs git add
-
-exit 0
diff --git a/scripts/static-analysis b/scripts/static-analysis
index 2a2bc67800d..9690b42c788 100755
--- a/scripts/static-analysis
+++ b/scripts/static-analysis
@@ -10,9 +10,10 @@ tasks = [
   %w[bundle exec license_finder],
   %w[yarn run eslint],
   %w[bundle exec rubocop --parallel],
-  %w[scripts/lint-conflicts.sh],
   %w[bundle exec rake gettext:lint],
-  %w[scripts/lint-changelog-yaml]
+  %w[bundle exec rake lint:static_verification],
+  %w[scripts/lint-changelog-yaml],
+  %w[scripts/lint-conflicts.sh]
 ]
 
 failed_tasks = tasks.reduce({}) do |failures, task|
diff --git a/spec/controllers/import/gitlab_projects_controller_spec.rb b/spec/controllers/import/gitlab_projects_controller_spec.rb
new file mode 100644
index 00000000000..8759d3c0b97
--- /dev/null
+++ b/spec/controllers/import/gitlab_projects_controller_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe Import::GitlabProjectsController do
+  set(:namespace) { create(:namespace) }
+  set(:user) { namespace.owner }
+  let(:file) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
+
+  before do
+    sign_in(user)
+  end
+
+  describe 'POST create' do
+    context 'with an invalid path' do
+      it 'redirects with an error' do
+        post :create, namespace_id: namespace.id, path: '/test', file: file
+
+        expect(flash[:alert]).to start_with('Project could not be imported')
+        expect(response).to have_gitlab_http_status(302)
+      end
+
+      it 'redirects with an error when a relative path is used' do
+        post :create, namespace_id: namespace.id, path: '../test', file: file
+
+        expect(flash[:alert]).to start_with('Project could not be imported')
+        expect(response).to have_gitlab_http_status(302)
+      end
+    end
+
+    context 'with a valid path' do
+      it 'redirects to the new project path' do
+        post :create, namespace_id: namespace.id, path: 'test', file: file
+
+        expect(flash[:notice]).to include('is being imported')
+        expect(response).to have_gitlab_http_status(302)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb
new file mode 100644
index 00000000000..c639ad32ec6
--- /dev/null
+++ b/spec/controllers/omniauth_callbacks_controller_spec.rb
@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe OmniauthCallbacksController do
+  include LoginHelpers
+
+  let(:user) { create(:omniauth_user, extern_uid: 'my-uid', provider: provider) }
+  let(:provider) { :github }
+
+  before do
+    mock_auth_hash(provider.to_s, 'my-uid', user.email)
+    stub_omniauth_provider(provider, context: request)
+  end
+
+  it 'allows sign in' do
+    post provider
+
+    expect(request.env['warden']).to be_authenticated
+  end
+
+  shared_context 'sign_up' do
+    let(:user) { double(email: 'new@example.com') }
+
+    before do
+      stub_omniauth_setting(block_auto_created_users: false)
+    end
+  end
+
+  context 'sign up' do
+    include_context 'sign_up'
+
+    it 'is allowed' do
+      post provider
+
+      expect(request.env['warden']).to be_authenticated
+    end
+  end
+
+  context 'when OAuth is disabled' do
+    before do
+      stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+      settings = Gitlab::CurrentSettings.current_application_settings
+      settings.update(disabled_oauth_sign_in_sources: [provider.to_s])
+    end
+
+    it 'prevents login via POST' do
+      post provider
+
+      expect(request.env['warden']).not_to be_authenticated
+    end
+
+    it 'shows warning when attempting login' do
+      post provider
+
+      expect(response).to redirect_to new_user_session_path
+      expect(flash[:alert]).to eq('Signing in using GitHub has been disabled')
+    end
+
+    it 'allows linking the disabled provider' do
+      user.identities.destroy_all
+      sign_in(user)
+
+      expect { post provider }.to change { user.reload.identities.count }.by(1)
+    end
+
+    context 'sign up' do
+      include_context 'sign_up'
+
+      it 'is prevented' do
+        post provider
+
+        expect(request.env['warden']).not_to be_authenticated
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/merge_requests/creations_controller_spec.rb b/spec/controllers/projects/merge_requests/creations_controller_spec.rb
index 7e2366847f4..92db7284e0e 100644
--- a/spec/controllers/projects/merge_requests/creations_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests/creations_controller_spec.rb
@@ -4,6 +4,16 @@ describe Projects::MergeRequests::CreationsController do
   let(:project) { create(:project, :repository) }
   let(:user)    { project.owner }
   let(:fork_project) { create(:forked_project_with_submodules) }
+  let(:get_diff_params) do
+    {
+      namespace_id: fork_project.namespace.to_param,
+      project_id: fork_project,
+      merge_request: {
+        source_branch: 'remove-submodule',
+        target_branch: 'master'
+      }
+    }
+  end
 
   before do
     fork_project.add_master(user)
@@ -13,18 +23,23 @@ describe Projects::MergeRequests::CreationsController do
 
   describe 'GET new' do
     context 'merge request that removes a submodule' do
-      render_views
-
       it 'renders new merge request widget template' do
-        get :new,
-            namespace_id: fork_project.namespace.to_param,
-            project_id: fork_project,
-            merge_request: {
-              source_branch: 'remove-submodule',
-              target_branch: 'master'
-            }
+        get :new, get_diff_params
+
+        expect(response).to be_success
+      end
+    end
+  end
+
+  describe 'GET diffs' do
+    context 'when merge request cannot be created' do
+      it 'does not assign diffs var' do
+        allow_any_instance_of(MergeRequest).to receive(:can_be_created).and_return(false)
+
+        get :diffs, get_diff_params.merge(format: 'json')
 
         expect(response).to be_success
+        expect(assigns[:diffs]).to be_nil
       end
     end
   end
@@ -37,14 +52,7 @@ describe Projects::MergeRequests::CreationsController do
     end
 
     it 'renders JSON including serialized pipelines' do
-      get :pipelines,
-          namespace_id: fork_project.namespace.to_param,
-          project_id: fork_project,
-          merge_request: {
-            source_branch: 'remove-submodule',
-            target_branch: 'master'
-          },
-          format: :json
+      get :pipelines, get_diff_params.merge(format: 'json')
 
       expect(response).to be_ok
       expect(json_response).to have_key 'pipelines'
diff --git a/spec/factories/deploy_keys_projects.rb b/spec/factories/deploy_keys_projects.rb
index 30a6d468ed3..4350652fb79 100644
--- a/spec/factories/deploy_keys_projects.rb
+++ b/spec/factories/deploy_keys_projects.rb
@@ -2,5 +2,9 @@ FactoryBot.define do
   factory :deploy_keys_project do
     deploy_key
     project
+
+    trait :write_access do
+      can_push true
+    end
   end
 end
diff --git a/spec/factories/keys.rb b/spec/factories/keys.rb
index 552b4b7e06e..f0c43f3d6f5 100644
--- a/spec/factories/keys.rb
+++ b/spec/factories/keys.rb
@@ -15,10 +15,6 @@ FactoryBot.define do
       factory :another_deploy_key, class: 'DeployKey'
     end
 
-    factory :write_access_key, class: 'DeployKey' do
-      can_push true
-    end
-
     factory :rsa_key_2048 do
       key do
         <<~KEY.delete("\n")
diff --git a/spec/factories/redirect_routes.rb b/spec/factories/redirect_routes.rb
new file mode 100644
index 00000000000..c29c81c5df9
--- /dev/null
+++ b/spec/factories/redirect_routes.rb
@@ -0,0 +1,15 @@
+FactoryBot.define do
+  factory :redirect_route do
+    sequence(:path) { |n| "redirect#{n}" }
+    source factory: :group
+    permanent false
+
+    trait :permanent do
+      permanent true
+    end
+
+    trait :temporary do
+      permanent false
+    end
+  end
+end
diff --git a/spec/features/admin/admin_deploy_keys_spec.rb b/spec/features/admin/admin_deploy_keys_spec.rb
index 241c7cbc34e..cb96830cb7c 100644
--- a/spec/features/admin/admin_deploy_keys_spec.rb
+++ b/spec/features/admin/admin_deploy_keys_spec.rb
@@ -17,6 +17,16 @@ RSpec.describe 'admin deploy keys' do
     end
   end
 
+  it 'shows all the projects the deploy key has write access' do
+    write_key = create(:deploy_keys_project, :write_access, deploy_key: deploy_key)
+
+    visit admin_deploy_keys_path
+
+    page.within(find('.deploy-keys-list', match: :first)) do
+      expect(page).to have_content(write_key.project.full_name)
+    end
+  end
+
   describe 'create a new deploy key' do
     let(:new_ssh_key) { attributes_for(:key)[:key] }
 
@@ -28,14 +38,12 @@ RSpec.describe 'admin deploy keys' do
     it 'creates a new deploy key' do
       fill_in 'deploy_key_title', with: 'laptop'
       fill_in 'deploy_key_key', with: new_ssh_key
-      check 'deploy_key_can_push'
       click_button 'Create'
 
       expect(current_path).to eq admin_deploy_keys_path
 
       page.within(find('.deploy-keys-list', match: :first)) do
         expect(page).to have_content('laptop')
-        expect(page).to have_content('Yes')
       end
     end
   end
@@ -48,14 +56,12 @@ RSpec.describe 'admin deploy keys' do
 
     it 'updates an existing deploy key' do
       fill_in 'deploy_key_title', with: 'new-title'
-      check 'deploy_key_can_push'
       click_button 'Save changes'
 
       expect(current_path).to eq admin_deploy_keys_path
 
       page.within(find('.deploy-keys-list', match: :first)) do
         expect(page).to have_content('new-title')
-        expect(page).to have_content('Yes')
       end
     end
   end
diff --git a/spec/features/boards/sidebar_spec.rb b/spec/features/boards/sidebar_spec.rb
index 205900615c4..b2dbfcd0031 100644
--- a/spec/features/boards/sidebar_spec.rb
+++ b/spec/features/boards/sidebar_spec.rb
@@ -334,14 +334,14 @@ describe 'Issue Boards', :js do
       wait_for_requests
 
       page.within('.subscriptions') do
-        click_button 'Subscribe'
+        find('.js-issuable-subscribe-button button:not(.is-checked)').click
         wait_for_requests
 
-        expect(page).to have_content('Unsubscribe')
+        expect(page).to have_css('.js-issuable-subscribe-button button.is-checked')
       end
     end
 
-    it 'has "Unsubscribe" button when already subscribed' do
+    it 'has checked subscription toggle when already subscribed' do
       create(:subscription, user: user, project: project, subscribable: issue2, subscribed: true)
       visit project_board_path(project, board)
       wait_for_requests
@@ -350,10 +350,10 @@ describe 'Issue Boards', :js do
       wait_for_requests
 
       page.within('.subscriptions') do
-        click_button 'Unsubscribe'
+        find('.js-issuable-subscribe-button button.is-checked').click
         wait_for_requests
 
-        expect(page).to have_content('Subscribe')
+        expect(page).to have_css('.js-issuable-subscribe-button button:not(.is-checked)')
       end
     end
   end
diff --git a/spec/features/copy_as_gfm_spec.rb b/spec/features/copy_as_gfm_spec.rb
index d8f1a919522..f82ed6300cc 100644
--- a/spec/features/copy_as_gfm_spec.rb
+++ b/spec/features/copy_as_gfm_spec.rb
@@ -750,7 +750,7 @@ describe 'Copy as GFM', :js do
     js = <<-JS.strip_heredoc
       (function(selector) {
         var els = document.querySelectorAll(selector);
-        var htmls = _.map(els, function(el) { return el.outerHTML; });
+        var htmls = [].slice.call(els).map(function(el) { return el.outerHTML; });
         return htmls.join("\\n");
       })("#{escape_javascript(selector)}")
     JS
diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb
index d36954954b6..510677ecf56 100644
--- a/spec/features/cycle_analytics_spec.rb
+++ b/spec/features/cycle_analytics_spec.rb
@@ -113,6 +113,7 @@ feature 'Cycle Analytics', :js do
 
   context "as a guest" do
     before do
+      project.add_developer(user)
       project.add_guest(guest)
 
       allow_any_instance_of(Gitlab::ReferenceExtractor).to receive(:issues).and_return([issue])
diff --git a/spec/features/issues/issue_sidebar_spec.rb b/spec/features/issues/issue_sidebar_spec.rb
index a5c9d0bde5d..64b4f9e7e67 100644
--- a/spec/features/issues/issue_sidebar_spec.rb
+++ b/spec/features/issues/issue_sidebar_spec.rb
@@ -8,6 +8,7 @@ feature 'Issue Sidebar' do
   let(:issue) { create(:issue, project: project) }
   let!(:user) { create(:user)}
   let!(:label) { create(:label, project: project, title: 'bug') }
+  let!(:xss_label) { create(:label, project: project, title: '&lt;script&gt;alert("xss");&lt;&#x2F;script&gt;') }
 
   before do
     sign_in(user)
@@ -99,6 +100,14 @@ feature 'Issue Sidebar' do
         restore_window_size
         open_issue_sidebar
       end
+
+      it 'escapes XSS when viewing issue labels' do
+        page.within('.block.labels') do
+          find('.edit-link').click
+
+          expect(page).to have_content '<script>alert("xss");</script>'
+        end
+      end
     end
 
     context 'editing issue labels', :js do
diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb
index 49d8e52f861..a5e325ee2e3 100644
--- a/spec/features/oauth_login_spec.rb
+++ b/spec/features/oauth_login_spec.rb
@@ -10,8 +10,7 @@ feature 'OAuth Login', :js, :allow_forgery_protection do
 
   def stub_omniauth_config(provider)
     OmniAuth.config.add_mock(provider, OmniAuth::AuthHash.new(provider: provider.to_s, uid: "12345"))
-    set_devise_mapping(context: Rails.application)
-    Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
+    stub_omniauth_provider(provider)
   end
 
   providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
diff --git a/spec/features/projects/import_export/import_file_spec.rb b/spec/features/projects/import_export/import_file_spec.rb
index af125e1b9d3..e8bb9c6a86c 100644
--- a/spec/features/projects/import_export/import_file_spec.rb
+++ b/spec/features/projects/import_export/import_file_spec.rb
@@ -32,7 +32,7 @@ feature 'Import/Export - project import integration test', :js do
 
         expect(page).to have_content('Import an exported GitLab project')
         expect(URI.parse(current_url).query).to eq("namespace_id=#{namespace.id}&path=#{project_path}")
-        expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}_test-project-path\h*\z/).and_call_original
+        expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}\z/).and_call_original
 
         attach_file('file', file)
         click_on 'Import project'
diff --git a/spec/features/projects/jobs_spec.rb b/spec/features/projects/jobs_spec.rb
index 9a6b27c00f8..a5cd858b11a 100644
--- a/spec/features/projects/jobs_spec.rb
+++ b/spec/features/projects/jobs_spec.rb
@@ -380,9 +380,18 @@ feature 'Jobs' do
 
       it 'shows manual action empty state' do
         expect(page).to have_content('This job requires a manual action')
-        expect(page).to have_content('This job depends on a user to trigger its process. Often they are used to deploy code to production environments.')
+        expect(page).to have_content('This job depends on a user to trigger its process. Often they are used to deploy code to production environments')
         expect(page).to have_link('Trigger this manual action')
       end
+
+      it 'plays manual action', :js do
+        click_link 'Trigger this manual action'
+
+        wait_for_requests
+        expect(page).to have_content('This job has not been triggered')
+        expect(page).to have_content('This job is stuck, because the project doesn\'t have any runners online assigned to it.')
+        expect(page).to have_content('pending')
+      end
     end
 
     context 'Non triggered job' do
@@ -392,9 +401,8 @@ feature 'Jobs' do
         visit project_job_path(project, job)
       end
 
-      it 'shows manual action empty state' do
+      it 'shows empty state' do
         expect(page).to have_content('This job has not been triggered yet')
-        expect(page).to have_content('This job depends on upstream jobs that need to succeed in order for this job to be triggered.')
       end
     end
   end
diff --git a/spec/features/projects/merge_requests/user_manages_subscription_spec.rb b/spec/features/projects/merge_requests/user_manages_subscription_spec.rb
index 4ca435491cb..f55eb5c6664 100644
--- a/spec/features/projects/merge_requests/user_manages_subscription_spec.rb
+++ b/spec/features/projects/merge_requests/user_manages_subscription_spec.rb
@@ -13,20 +13,18 @@ describe 'User manages subscription', :js do
   end
 
   it 'toggles subscription' do
-    subscribe_button = find('.js-issuable-subscribe-button')
+    page.within('.js-issuable-subscribe-button') do
+      expect(page).to have_css 'button:not(.is-checked)'
+      find('button:not(.is-checked)').click
 
-    expect(subscribe_button).to have_content('Subscribe')
+      wait_for_requests
 
-    click_on('Subscribe')
+      expect(page).to have_css 'button.is-checked'
+      find('button.is-checked').click
 
-    wait_for_requests
+      wait_for_requests
 
-    expect(subscribe_button).to have_content('Unsubscribe')
-
-    click_on('Unsubscribe')
-
-    wait_for_requests
-
-    expect(subscribe_button).to have_content('Subscribe')
+      expect(page).to have_css 'button:not(.is-checked)'
+    end
   end
 end
diff --git a/spec/features/projects/settings/repository_settings_spec.rb b/spec/features/projects/settings/repository_settings_spec.rb
index 81b282502fc..14670e91006 100644
--- a/spec/features/projects/settings/repository_settings_spec.rb
+++ b/spec/features/projects/settings/repository_settings_spec.rb
@@ -43,7 +43,7 @@ feature 'Repository settings' do
 
         fill_in 'deploy_key_title', with: 'new_deploy_key'
         fill_in 'deploy_key_key', with: new_ssh_key
-        check 'deploy_key_can_push'
+        check 'deploy_key_deploy_keys_projects_attributes_0_can_push'
         click_button 'Add key'
 
         expect(page).to have_content('new_deploy_key')
@@ -57,7 +57,7 @@ feature 'Repository settings' do
         find('li', text: private_deploy_key.title).click_link('Edit')
 
         fill_in 'deploy_key_title', with: 'updated_deploy_key'
-        check 'deploy_key_can_push'
+        check 'deploy_key_deploy_keys_projects_attributes_0_can_push'
         click_button 'Save changes'
 
         expect(page).to have_content('updated_deploy_key')
@@ -74,11 +74,9 @@ feature 'Repository settings' do
         find('li', text: private_deploy_key.title).click_link('Edit')
 
         fill_in 'deploy_key_title', with: 'updated_deploy_key'
-        check 'deploy_key_can_push'
         click_button 'Save changes'
 
         expect(page).to have_content('updated_deploy_key')
-        expect(page).to have_content('Write access allowed')
       end
 
       scenario 'remove an existing deploy key' do
diff --git a/spec/features/user_can_display_performance_bar_spec.rb b/spec/features/user_can_display_performance_bar_spec.rb
index 670e8dda916..975c157bcf5 100644
--- a/spec/features/user_can_display_performance_bar_spec.rb
+++ b/spec/features/user_can_display_performance_bar_spec.rb
@@ -1,7 +1,7 @@
 require 'rails_helper'
 
 describe 'User can display performance bar', :js do
-  shared_examples 'performance bar is disabled' do
+  shared_examples 'performance bar cannot be displayed' do
     it 'does not show the performance bar by default' do
       expect(page).not_to have_css('#peek')
     end
@@ -17,7 +17,7 @@ describe 'User can display performance bar', :js do
     end
   end
 
-  shared_examples 'performance bar is enabled' do
+  shared_examples 'performance bar can be displayed' do
     it 'does not show the performance bar by default' do
       expect(page).not_to have_css('#peek')
     end
@@ -33,6 +33,18 @@ describe 'User can display performance bar', :js do
     end
   end
 
+  shared_examples 'performance bar is enabled by default in development' do
+    before do
+      allow(Rails.env).to receive(:development?).and_return(true)
+    end
+
+    it 'shows the performance bar by default' do
+      refresh # Because we're stubbing Rails.env after the 1st visit to root_path
+
+      expect(page).to have_css('#peek')
+    end
+  end
+
   let(:group) { create(:group) }
 
   context 'when user is logged-out' do
@@ -45,7 +57,7 @@ describe 'User can display performance bar', :js do
         stub_application_setting(performance_bar_allowed_group_id: nil)
       end
 
-      it_behaves_like 'performance bar is disabled'
+      it_behaves_like 'performance bar cannot be displayed'
     end
 
     context 'when the performance_bar feature is enabled' do
@@ -53,7 +65,7 @@ describe 'User can display performance bar', :js do
         stub_application_setting(performance_bar_allowed_group_id: group.id)
       end
 
-      it_behaves_like 'performance bar is disabled'
+      it_behaves_like 'performance bar cannot be displayed'
     end
   end
 
@@ -72,7 +84,8 @@ describe 'User can display performance bar', :js do
         stub_application_setting(performance_bar_allowed_group_id: nil)
       end
 
-      it_behaves_like 'performance bar is disabled'
+      it_behaves_like 'performance bar cannot be displayed'
+      it_behaves_like 'performance bar is enabled by default in development'
     end
 
     context 'when the performance_bar feature is enabled' do
@@ -80,7 +93,8 @@ describe 'User can display performance bar', :js do
         stub_application_setting(performance_bar_allowed_group_id: group.id)
       end
 
-      it_behaves_like 'performance bar is enabled'
+      it_behaves_like 'performance bar is enabled by default in development'
+      it_behaves_like 'performance bar can be displayed'
     end
   end
 end
diff --git a/spec/finders/milestones_finder_spec.rb b/spec/finders/milestones_finder_spec.rb
index 8ae08656e01..0b3cf7ece5f 100644
--- a/spec/finders/milestones_finder_spec.rb
+++ b/spec/finders/milestones_finder_spec.rb
@@ -21,10 +21,19 @@ describe MilestonesFinder do
     expect(result).to contain_exactly(milestone_1, milestone_2)
   end
 
-  it 'returns milestones for groups and projects' do
-    result = described_class.new(project_ids: [project_1.id, project_2.id], group_ids: group.id, state: 'all').execute
+  context 'milestones for groups and project' do
+    let(:result) do
+      described_class.new(project_ids: [project_1.id, project_2.id], group_ids: group.id, state: 'all').execute
+    end
+
+    it 'returns milestones for groups and projects' do
+      expect(result).to contain_exactly(milestone_1, milestone_2, milestone_3, milestone_4)
+    end
 
-    expect(result).to contain_exactly(milestone_1, milestone_2, milestone_3, milestone_4)
+    it 'orders milestones by due date' do
+      expect(result.first).to eq(milestone_1)
+      expect(result.second).to eq(milestone_3)
+    end
   end
 
   context 'with filters' do
@@ -61,30 +70,4 @@ describe MilestonesFinder do
       expect(result.to_a).to contain_exactly(milestone_1)
     end
   end
-
-  context 'with order' do
-    let(:params) do
-      {
-        project_ids: [project_1.id, project_2.id],
-        group_ids: group.id,
-        state: 'all'
-      }
-    end
-
-    it "default orders by due date" do
-      result = described_class.new(params).execute
-
-      expect(result.first).to eq(milestone_1)
-      expect(result.second).to eq(milestone_3)
-    end
-
-    it "orders by parameter" do
-      result = described_class.new(params.merge(order: 'id DESC')).execute
-
-      expect(result.first).to eq(milestone_4)
-      expect(result.second).to eq(milestone_3)
-      expect(result.third).to eq(milestone_2)
-      expect(result.fourth).to eq(milestone_1)
-    end
-  end
 end
diff --git a/spec/helpers/blob_helper_spec.rb b/spec/helpers/blob_helper_spec.rb
index 04620f6d88c..a030796c54e 100644
--- a/spec/helpers/blob_helper_spec.rb
+++ b/spec/helpers/blob_helper_spec.rb
@@ -22,6 +22,13 @@ describe BlobHelper do
       expect(result).to eq(%[<pre class="code highlight"><code><span id="LC1" class="line" lang="">:type "assem"))</span></code></pre>])
     end
 
+    it 'returns plaintext for long blobs' do
+      stub_const('Blob::MAXIMUM_TEXT_HIGHLIGHT_SIZE', 1)
+      result = helper.highlight(blob_name, blob_content)
+
+      expect(result).to eq(%[<pre class="code highlight"><code><span id="LC1" class="line" lang="">(make-pathname :defaults name</span>\n<span id="LC2" class="line" lang="">:type "assem"))</span></code></pre>])
+    end
+
     it 'highlights single block' do
       expected = %Q[<pre class="code highlight"><code><span id="LC1" class="line" lang="common_lisp"><span class="p">(</span><span class="nb">make-pathname</span> <span class="ss">:defaults</span> <span class="nv">name</span></span>
 <span id="LC2" class="line" lang="common_lisp"><span class="ss">:type</span> <span class="s">"assem"</span><span class="p">))</span></span></code></pre>]
diff --git a/spec/javascripts/boards/list_spec.js b/spec/javascripts/boards/list_spec.js
index 645ce831b53..e5e7b48228b 100644
--- a/spec/javascripts/boards/list_spec.js
+++ b/spec/javascripts/boards/list_spec.js
@@ -5,7 +5,7 @@
 
 import MockAdapter from 'axios-mock-adapter';
 import axios from '~/lib/utils/axios_utils';
-
+import _ from 'underscore';
 import '~/boards/models/issue';
 import '~/boards/models/label';
 import '~/boards/models/list';
diff --git a/spec/javascripts/boards/mock_data.js b/spec/javascripts/boards/mock_data.js
index 9ae2d535398..0671facb285 100644
--- a/spec/javascripts/boards/mock_data.js
+++ b/spec/javascripts/boards/mock_data.js
@@ -1,5 +1,6 @@
 /* global BoardService */
 /* eslint-disable comma-dangle, no-unused-vars, quote-props */
+import _ from 'underscore';
 
 export const listObj = {
   id: 300,
diff --git a/spec/javascripts/commit/pipelines/pipelines_spec.js b/spec/javascripts/commit/pipelines/pipelines_spec.js
index 9fc047b1f5e..d62c2966a8b 100644
--- a/spec/javascripts/commit/pipelines/pipelines_spec.js
+++ b/spec/javascripts/commit/pipelines/pipelines_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import pipelinesTable from '~/commit/pipelines/pipelines_table.vue';
 
diff --git a/spec/javascripts/commit_merge_requests_spec.js b/spec/javascripts/commit_merge_requests_spec.js
new file mode 100644
index 00000000000..3466ef51ea8
--- /dev/null
+++ b/spec/javascripts/commit_merge_requests_spec.js
@@ -0,0 +1,60 @@
+import * as CommitMergeRequests from '~/commit_merge_requests';
+
+describe('CommitMergeRequests', () => {
+  describe('createContent', () => {
+    it('should return created content', () => {
+      const content1 = CommitMergeRequests.createContent([{ iid: 1, path: '/path1', title: 'foo' }, { iid: 2, path: '/path2', title: 'baz' }])[0];
+      expect(content1.tagName).toEqual('SPAN');
+      expect(content1.childElementCount).toEqual(4);
+
+      const content2 = CommitMergeRequests.createContent([])[0];
+      expect(content2.tagName).toEqual('SPAN');
+      expect(content2.childElementCount).toEqual(0);
+      expect(content2.innerText).toEqual('No related merge requests found');
+    });
+  });
+
+  describe('getHeaderText', () => {
+    it('should return header text', () => {
+      expect(CommitMergeRequests.getHeaderText(0, 1)).toEqual('1 merge request');
+      expect(CommitMergeRequests.getHeaderText(0, 2)).toEqual('2 merge requests');
+      expect(CommitMergeRequests.getHeaderText(1, 1)).toEqual(',');
+      expect(CommitMergeRequests.getHeaderText(1, 2)).toEqual(',');
+    });
+  });
+
+  describe('createHeader', () => {
+    it('should return created header', () => {
+      const header = CommitMergeRequests.createHeader(0, 1)[0];
+      expect(header.tagName).toEqual('SPAN');
+      expect(header.innerText).toEqual('1 merge request');
+    });
+  });
+
+  describe('createItem', () => {
+    it('should return created item', () => {
+      const item = CommitMergeRequests.createItem({ iid: 1, path: '/path', title: 'foo' })[0];
+      expect(item.tagName).toEqual('SPAN');
+      expect(item.childElementCount).toEqual(2);
+      expect(item.children[0].tagName).toEqual('A');
+      expect(item.children[1].tagName).toEqual('SPAN');
+    });
+  });
+
+  describe('createLink', () => {
+    it('should return created link', () => {
+      const link = CommitMergeRequests.createLink({ iid: 1, path: '/path', title: 'foo' })[0];
+      expect(link.tagName).toEqual('A');
+      expect(link.href).toMatch(/\/path$/);
+      expect(link.innerText).toEqual('!1');
+    });
+  });
+
+  describe('createTitle', () => {
+    it('should return created title', () => {
+      const title = CommitMergeRequests.createTitle({ iid: 1, path: '/path', title: 'foo' })[0];
+      expect(title.tagName).toEqual('SPAN');
+      expect(title.innerText).toEqual('foo');
+    });
+  });
+});
diff --git a/spec/javascripts/deploy_keys/components/app_spec.js b/spec/javascripts/deploy_keys/components/app_spec.js
index 0ca9290d3d2..b870f87eab9 100644
--- a/spec/javascripts/deploy_keys/components/app_spec.js
+++ b/spec/javascripts/deploy_keys/components/app_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import eventHub from '~/deploy_keys/eventhub';
 import deployKeysApp from '~/deploy_keys/components/app.vue';
diff --git a/spec/javascripts/deploy_keys/components/key_spec.js b/spec/javascripts/deploy_keys/components/key_spec.js
index 2f28c5bbf01..b7aadf604a4 100644
--- a/spec/javascripts/deploy_keys/components/key_spec.js
+++ b/spec/javascripts/deploy_keys/components/key_spec.js
@@ -53,18 +53,24 @@ describe('Deploy keys key', () => {
       ).toBe('Remove');
     });
 
-    it('shows write access text when key has write access', (done) => {
-      vm.deployKey.can_push = true;
+    it('shows write access title when key has write access', (done) => {
+      vm.deployKey.deploy_keys_projects[0].can_push = true;
 
       Vue.nextTick(() => {
         expect(
-          vm.$el.querySelector('.write-access-allowed'),
-        ).not.toBeNull();
-
-        expect(
-          vm.$el.querySelector('.write-access-allowed').textContent.trim(),
+          vm.$el.querySelector('.deploy-project-label').getAttribute('data-original-title'),
         ).toBe('Write access allowed');
+        done();
+      });
+    });
+
+    it('does not show write access title when key has write access', (done) => {
+      vm.deployKey.deploy_keys_projects[0].can_push = false;
 
+      Vue.nextTick(() => {
+        expect(
+          vm.$el.querySelector('.deploy-project-label').getAttribute('data-original-title'),
+        ).toBe('Read access only');
         done();
       });
     });
diff --git a/spec/javascripts/environments/environments_app_spec.js b/spec/javascripts/environments/environments_app_spec.js
index d02adb25b4e..a41a4e5a3f7 100644
--- a/spec/javascripts/environments/environments_app_spec.js
+++ b/spec/javascripts/environments/environments_app_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import environmentsComponent from '~/environments/components/environments_app.vue';
 import { environment, folder } from './mock_data';
diff --git a/spec/javascripts/environments/folder/environments_folder_view_spec.js b/spec/javascripts/environments/folder/environments_folder_view_spec.js
index 4ea4d9d7499..a085074d312 100644
--- a/spec/javascripts/environments/folder/environments_folder_view_spec.js
+++ b/spec/javascripts/environments/folder/environments_folder_view_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import environmentsFolderViewComponent from '~/environments/folder/environments_folder_view.vue';
 import { environmentsList } from '../mock_data';
diff --git a/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js b/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
index 2ecb64d84b5..0684c3498a2 100644
--- a/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
+++ b/spec/javascripts/filtered_search/filtered_search_visual_tokens_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import AjaxCache from '~/lib/utils/ajax_cache';
 import UsersCache from '~/lib/utils/users_cache';
 
diff --git a/spec/javascripts/issue_show/components/fields/description_template_spec.js b/spec/javascripts/issue_show/components/fields/description_template_spec.js
index 2b7ee65094b..30441faf844 100644
--- a/spec/javascripts/issue_show/components/fields/description_template_spec.js
+++ b/spec/javascripts/issue_show/components/fields/description_template_spec.js
@@ -1,7 +1,5 @@
 import Vue from 'vue';
 import descriptionTemplate from '~/issue_show/components/fields/description_template.vue';
-import '~/templates/issuable_template_selector';
-import '~/templates/issuable_template_selectors';
 
 describe('Issue description template component', () => {
   let vm;
diff --git a/spec/javascripts/issue_show/components/form_spec.js b/spec/javascripts/issue_show/components/form_spec.js
index 000b53af016..50ce019c32a 100644
--- a/spec/javascripts/issue_show/components/form_spec.js
+++ b/spec/javascripts/issue_show/components/form_spec.js
@@ -1,7 +1,5 @@
 import Vue from 'vue';
 import formComponent from '~/issue_show/components/form.vue';
-import '~/templates/issuable_template_selector';
-import '~/templates/issuable_template_selectors';
 
 describe('Inline edit form component', () => {
   let vm;
diff --git a/spec/javascripts/job_spec.js b/spec/javascripts/job_spec.js
index b740c9ed893..feb341d22e6 100644
--- a/spec/javascripts/job_spec.js
+++ b/spec/javascripts/job_spec.js
@@ -52,11 +52,6 @@ describe('Job', () => {
         expect($('.build-job[data-stage="test"]').is(':visible')).toBe(false);
         expect($('.build-job[data-stage="deploy"]').is(':visible')).toBe(false);
       });
-
-      it('displays the remove date correctly', () => {
-        const removeDateElement = document.querySelector('.js-artifacts-remove');
-        expect(removeDateElement.innerText.trim()).toBe('1 year remaining');
-      });
     });
 
     describe('running build', () => {
diff --git a/spec/javascripts/jobs/header_spec.js b/spec/javascripts/jobs/header_spec.js
index 83395ea451e..a9df0418d5d 100644
--- a/spec/javascripts/jobs/header_spec.js
+++ b/spec/javascripts/jobs/header_spec.js
@@ -31,6 +31,7 @@ describe('Job details header', () => {
           email: 'foo@bar.com',
           avatar_url: 'link',
         },
+        started: '2018-01-08T09:48:27.319Z',
         new_issue_path: 'path',
       },
       isLoading: false,
@@ -43,15 +44,32 @@ describe('Job details header', () => {
     vm.$destroy();
   });
 
-  it('should render provided job information', () => {
-    expect(
-      vm.$el.querySelector('.header-main-content').textContent.replace(/\s+/g, ' ').trim(),
-    ).toEqual('failed Job #123 triggered 3 weeks ago by Foo');
+  describe('triggered job', () => {
+    beforeEach(() => {
+      vm = mountComponent(HeaderComponent, props);
+    });
+
+    it('should render provided job information', () => {
+      expect(
+        vm.$el.querySelector('.header-main-content').textContent.replace(/\s+/g, ' ').trim(),
+      ).toEqual('failed Job #123 triggered 3 weeks ago by Foo');
+    });
+
+    it('should render new issue link', () => {
+      expect(
+        vm.$el.querySelector('.js-new-issue').getAttribute('href'),
+      ).toEqual(props.job.new_issue_path);
+    });
   });
 
-  it('should render new issue link', () => {
-    expect(
-      vm.$el.querySelector('.js-new-issue').getAttribute('href'),
-    ).toEqual(props.job.new_issue_path);
+  describe('created job', () => {
+    it('should render created key', () => {
+      props.job.started = false;
+      vm = mountComponent(HeaderComponent, props);
+
+      expect(
+        vm.$el.querySelector('.header-main-content').textContent.replace(/\s+/g, ' ').trim(),
+      ).toEqual('failed Job #123 created 3 weeks ago by Foo');
+    });
   });
 });
diff --git a/spec/javascripts/merge_request_notes_spec.js b/spec/javascripts/merge_request_notes_spec.js
index e983e4de3fc..5d0ee91d977 100644
--- a/spec/javascripts/merge_request_notes_spec.js
+++ b/spec/javascripts/merge_request_notes_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import 'autosize';
 import '~/gl_form';
 import '~/lib/utils/text_utility';
diff --git a/spec/javascripts/merge_request_spec.js b/spec/javascripts/merge_request_spec.js
index 9d6ea3781bc..bae3219b043 100644
--- a/spec/javascripts/merge_request_spec.js
+++ b/spec/javascripts/merge_request_spec.js
@@ -70,8 +70,8 @@ import IssuablesHelper from '~/helpers/issuables_helper';
         beforeEach(() => {
           loadFixtures('merge_requests/merge_request_with_task_list.html.raw');
           this.el = document.querySelector('.js-issuable-actions');
-          const merge = new MergeRequest();
-          merge.hideCloseButton();
+          new MergeRequest(); // eslint-disable-line no-new
+          MergeRequest.hideCloseButton();
         });
 
         it('hides the dropdown close item and selects the next item', () => {
@@ -90,8 +90,7 @@ import IssuablesHelper from '~/helpers/issuables_helper';
         beforeEach(() => {
           loadFixtures('merge_requests/merge_request_of_current_user.html.raw');
           this.el = document.querySelector('.js-issuable-actions');
-          const merge = new MergeRequest();
-          merge.hideCloseButton();
+          MergeRequest.hideCloseButton();
         });
 
         it('hides the close button', () => {
diff --git a/spec/javascripts/notebook/cells/markdown_spec.js b/spec/javascripts/notebook/cells/markdown_spec.js
index a88e9ed3d99..02304bf5d7d 100644
--- a/spec/javascripts/notebook/cells/markdown_spec.js
+++ b/spec/javascripts/notebook/cells/markdown_spec.js
@@ -42,6 +42,18 @@ describe('Markdown component', () => {
     expect(vm.$el.querySelector('.markdown h1')).not.toBeNull();
   });
 
+  it('sanitizes output', (done) => {
+    Object.assign(cell, {
+      source: ['[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+Cg==)\n'],
+    });
+
+    Vue.nextTick(() => {
+      expect(vm.$el.querySelector('a')).toBeNull();
+
+      done();
+    });
+  });
+
   describe('katex', () => {
     beforeEach(() => {
       json = getJSONFixture('blob/notebook/math.json');
diff --git a/spec/javascripts/notebook/cells/output/html_sanitize_tests.js b/spec/javascripts/notebook/cells/output/html_sanitize_tests.js
new file mode 100644
index 00000000000..d587573fc9e
--- /dev/null
+++ b/spec/javascripts/notebook/cells/output/html_sanitize_tests.js
@@ -0,0 +1,66 @@
+export default {
+  'protocol-based JS injection: simple, no spaces': {
+    input: '<a href="javascript:alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: simple, spaces before': {
+    input: '<a href="javascript    :alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: simple, spaces after': {
+    input: '<a href="javascript:    alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: simple, spaces before and after': {
+    input: '<a href="javascript    :   alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: preceding colon': {
+    input: '<a href=":javascript:alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: UTF-8 encoding': {
+    input: '<a href="javascript&#58;">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: long UTF-8 encoding': {
+    input: '<a href="javascript&#0058;">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: long UTF-8 encoding without semicolons': {
+    input: '<a href=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: hex encoding': {
+    input: '<a href="javascript&#x3A;">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: long hex encoding': {
+    input: '<a href="javascript&#x003A;">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: hex encoding without semicolons': {
+    input: '<a href=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: null char': {
+    input: '<a href=java\0script:alert("XSS")>foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: invalid URL char': {
+    input: '<img src=java\script:alert("XSS")>', // eslint-disable-line no-useless-escape
+    output: '<img>',
+  },
+  'protocol-based JS injection: Unicode': {
+    input: '<a href="\u0001java\u0003script:alert(\'XSS\')">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'protocol-based JS injection: spaces and entities': {
+    input: '<a href=" &#14;  javascript:alert(\'XSS\');">foo</a>',
+    output: '<a>foo</a>',
+  },
+  'img on error': {
+    input: '<img src="x" onerror="alert(document.domain)" />',
+    output: '<img src="x">',
+  },
+};
diff --git a/spec/javascripts/notebook/cells/output/html_spec.js b/spec/javascripts/notebook/cells/output/html_spec.js
new file mode 100644
index 00000000000..9c5385f2922
--- /dev/null
+++ b/spec/javascripts/notebook/cells/output/html_spec.js
@@ -0,0 +1,29 @@
+import Vue from 'vue';
+import htmlOutput from '~/notebook/cells/output/html.vue';
+import sanitizeTests from './html_sanitize_tests';
+
+describe('html output cell', () => {
+  function createComponent(rawCode) {
+    const Component = Vue.extend(htmlOutput);
+
+    return new Component({
+      propsData: {
+        rawCode,
+      },
+    }).$mount();
+  }
+
+  describe('sanitizes output', () => {
+    Object.keys(sanitizeTests).forEach((key) => {
+      it(key, () => {
+        const test = sanitizeTests[key];
+        const vm = createComponent(test.input);
+        const outputEl = [...vm.$el.querySelectorAll('div')].pop();
+
+        expect(outputEl.innerHTML).toEqual(test.output);
+
+        vm.$destroy();
+      });
+    });
+  });
+});
diff --git a/spec/javascripts/notes/components/comment_form_spec.js b/spec/javascripts/notes/components/comment_form_spec.js
index 20e352dd8bd..104d03377b6 100644
--- a/spec/javascripts/notes/components/comment_form_spec.js
+++ b/spec/javascripts/notes/components/comment_form_spec.js
@@ -139,13 +139,21 @@ describe('issue_comment_form component', () => {
       });
 
       describe('event enter', () => {
-        it('should save note when cmd/ctrl+enter is pressed', () => {
+        it('should save note when cmd+enter is pressed', () => {
           spyOn(vm, 'handleSave').and.callThrough();
           vm.$el.querySelector('.js-main-target-form textarea').value = 'Foo';
           vm.$el.querySelector('.js-main-target-form textarea').dispatchEvent(keyboardDownEvent(13, true));
 
           expect(vm.handleSave).toHaveBeenCalled();
         });
+
+        it('should save note when ctrl+enter is pressed', () => {
+          spyOn(vm, 'handleSave').and.callThrough();
+          vm.$el.querySelector('.js-main-target-form textarea').value = 'Foo';
+          vm.$el.querySelector('.js-main-target-form textarea').dispatchEvent(keyboardDownEvent(13, false, true));
+
+          expect(vm.handleSave).toHaveBeenCalled();
+        });
       });
     });
 
diff --git a/spec/javascripts/notes/components/note_app_spec.js b/spec/javascripts/notes/components/note_app_spec.js
index 7c8d6685ee1..36c56cd3862 100644
--- a/spec/javascripts/notes/components/note_app_spec.js
+++ b/spec/javascripts/notes/components/note_app_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import notesApp from '~/notes/components/notes_app.vue';
 import service from '~/notes/services/notes_service';
diff --git a/spec/javascripts/notes/components/note_form_spec.js b/spec/javascripts/notes/components/note_form_spec.js
index 86e9e2a32a9..f841a408d09 100644
--- a/spec/javascripts/notes/components/note_form_spec.js
+++ b/spec/javascripts/notes/components/note_form_spec.js
@@ -69,13 +69,20 @@ describe('issue_note_form component', () => {
       });
 
       describe('enter', () => {
-        it('should submit note', () => {
+        it('should save note when cmd+enter is pressed', () => {
           spyOn(vm, 'handleUpdate').and.callThrough();
           vm.$el.querySelector('textarea').value = 'Foo';
           vm.$el.querySelector('textarea').dispatchEvent(keyboardDownEvent(13, true));
 
           expect(vm.handleUpdate).toHaveBeenCalled();
         });
+        it('should save note when ctrl+enter is pressed', () => {
+          spyOn(vm, 'handleUpdate').and.callThrough();
+          vm.$el.querySelector('textarea').value = 'Foo';
+          vm.$el.querySelector('textarea').dispatchEvent(keyboardDownEvent(13, false, true));
+
+          expect(vm.handleUpdate).toHaveBeenCalled();
+        });
       });
     });
 
diff --git a/spec/javascripts/notes/components/noteable_note_spec.js b/spec/javascripts/notes/components/noteable_note_spec.js
index c8a6cb7e612..cb63b64724d 100644
--- a/spec/javascripts/notes/components/noteable_note_spec.js
+++ b/spec/javascripts/notes/components/noteable_note_spec.js
@@ -1,4 +1,4 @@
-
+import _ from 'underscore';
 import Vue from 'vue';
 import store from '~/notes/stores';
 import issueNote from '~/notes/components/noteable_note.vue';
diff --git a/spec/javascripts/notes_spec.js b/spec/javascripts/notes_spec.js
index 167f074fb9b..a40821a5693 100644
--- a/spec/javascripts/notes_spec.js
+++ b/spec/javascripts/notes_spec.js
@@ -1,4 +1,5 @@
 /* eslint-disable space-before-function-paren, no-unused-expressions, no-var, object-shorthand, comma-dangle, max-len */
+import _ from 'underscore';
 import * as urlUtils from '~/lib/utils/url_utility';
 import 'autosize';
 import '~/gl_form';
diff --git a/spec/javascripts/pipelines/async_button_spec.js b/spec/javascripts/pipelines/async_button_spec.js
index 48620898357..d010d897642 100644
--- a/spec/javascripts/pipelines/async_button_spec.js
+++ b/spec/javascripts/pipelines/async_button_spec.js
@@ -13,7 +13,7 @@ describe('Pipelines Async Button', () => {
       propsData: {
         endpoint: '/foo',
         title: 'Foo',
-        icon: 'fa fa-foo',
+        icon: 'repeat',
         cssClass: 'bar',
       },
     }).$mount();
@@ -23,8 +23,8 @@ describe('Pipelines Async Button', () => {
     expect(component.$el.tagName).toEqual('BUTTON');
   });
 
-  it('should render the provided icon', () => {
-    expect(component.$el.querySelector('i').getAttribute('class')).toContain('fa fa-foo');
+  it('should render svg icon', () => {
+    expect(component.$el.querySelector('svg')).not.toBeNull();
   });
 
   it('should render the provided title', () => {
diff --git a/spec/javascripts/pipelines/pipeline_details_mediator_spec.js b/spec/javascripts/pipelines/pipeline_details_mediator_spec.js
index 9fec2f61f78..bc6413a159f 100644
--- a/spec/javascripts/pipelines/pipeline_details_mediator_spec.js
+++ b/spec/javascripts/pipelines/pipeline_details_mediator_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import PipelineMediator from '~/pipelines/pipeline_details_mediatior';
 
diff --git a/spec/javascripts/pipelines/pipelines_spec.js b/spec/javascripts/pipelines/pipelines_spec.js
index 367b42cefb0..a99ebc4e51a 100644
--- a/spec/javascripts/pipelines/pipelines_spec.js
+++ b/spec/javascripts/pipelines/pipelines_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import pipelinesComp from '~/pipelines/components/pipelines.vue';
 import Store from '~/pipelines/stores/pipelines_store';
diff --git a/spec/javascripts/pipelines/stage_spec.js b/spec/javascripts/pipelines/stage_spec.js
index 1b96b2e3d51..61c2f783acc 100644
--- a/spec/javascripts/pipelines/stage_spec.js
+++ b/spec/javascripts/pipelines/stage_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import stage from '~/pipelines/components/stage.vue';
 
diff --git a/spec/javascripts/registry/components/app_spec.js b/spec/javascripts/registry/components/app_spec.js
index 87259fe0bab..6a8a85e3dfb 100644
--- a/spec/javascripts/registry/components/app_spec.js
+++ b/spec/javascripts/registry/components/app_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import registry from '~/registry/components/app.vue';
 import mountComponent from '../../helpers/vue_mount_component_helper';
diff --git a/spec/javascripts/sidebar/sidebar_assignees_spec.js b/spec/javascripts/sidebar/sidebar_assignees_spec.js
index b97e24d9dcf..6bb6d639f24 100644
--- a/spec/javascripts/sidebar/sidebar_assignees_spec.js
+++ b/spec/javascripts/sidebar/sidebar_assignees_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import SidebarAssignees from '~/sidebar/components/assignees/sidebar_assignees';
 import SidebarMediator from '~/sidebar/sidebar_mediator';
diff --git a/spec/javascripts/sidebar/sidebar_mediator_spec.js b/spec/javascripts/sidebar/sidebar_mediator_spec.js
index 9efd109b996..afa18cc127e 100644
--- a/spec/javascripts/sidebar/sidebar_mediator_spec.js
+++ b/spec/javascripts/sidebar/sidebar_mediator_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import * as urlUtils from '~/lib/utils/url_utility';
 import SidebarMediator from '~/sidebar/sidebar_mediator';
diff --git a/spec/javascripts/sidebar/sidebar_move_issue_spec.js b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
index 8b0d51bbcc8..97f762d07a7 100644
--- a/spec/javascripts/sidebar/sidebar_move_issue_spec.js
+++ b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import SidebarMediator from '~/sidebar/sidebar_mediator';
 import SidebarStore from '~/sidebar/stores/sidebar_store';
diff --git a/spec/javascripts/sidebar/subscriptions_spec.js b/spec/javascripts/sidebar/subscriptions_spec.js
index 9b33dd02fb9..79db05f04ed 100644
--- a/spec/javascripts/sidebar/subscriptions_spec.js
+++ b/spec/javascripts/sidebar/subscriptions_spec.js
@@ -20,23 +20,23 @@ describe('Subscriptions', function () {
       subscribed: undefined,
     });
 
-    expect(vm.$refs.loadingButton.loading).toBe(true);
-    expect(vm.$refs.loadingButton.label).toBeUndefined();
+    expect(vm.$refs.toggleButton.isLoading).toBe(true);
+    expect(vm.$refs.toggleButton.$el.querySelector('.project-feature-toggle')).toHaveClass('is-loading');
   });
 
-  it('has "Subscribe" text when currently not subscribed', () => {
+  it('is toggled "off" when currently not subscribed', () => {
     vm = mountComponent(Subscriptions, {
       subscribed: false,
     });
 
-    expect(vm.$refs.loadingButton.label).toBe('Subscribe');
+    expect(vm.$refs.toggleButton.$el.querySelector('.project-feature-toggle')).not.toHaveClass('is-checked');
   });
 
-  it('has "Unsubscribe" text when currently not subscribed', () => {
+  it('is toggled "on" when currently subscribed', () => {
     vm = mountComponent(Subscriptions, {
       subscribed: true,
     });
 
-    expect(vm.$refs.loadingButton.label).toBe('Unsubscribe');
+    expect(vm.$refs.toggleButton.$el.querySelector('.project-feature-toggle')).toHaveClass('is-checked');
   });
 });
diff --git a/spec/javascripts/smart_interval_spec.js b/spec/javascripts/smart_interval_spec.js
index 1c87fcec245..7265e1b6cb5 100644
--- a/spec/javascripts/smart_interval_spec.js
+++ b/spec/javascripts/smart_interval_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import SmartInterval from '~/smart_interval';
 
 describe('SmartInterval', function () {
diff --git a/spec/javascripts/test_bundle.js b/spec/javascripts/test_bundle.js
index 6897c991066..2f6691df9cd 100644
--- a/spec/javascripts/test_bundle.js
+++ b/spec/javascripts/test_bundle.js
@@ -1,6 +1,5 @@
 /* eslint-disable jasmine/no-global-setup */
 import $ from 'jquery';
-import _ from 'underscore';
 import 'jasmine-jquery';
 import '~/commons';
 
@@ -31,7 +30,6 @@ jasmine.getJSONFixtures().fixturesPath = '/base/spec/javascripts/fixtures';
 
 // globalize common libraries
 window.$ = window.jQuery = $;
-window._ = _;
 
 // stub expected globals
 window.gl = window.gl || {};
diff --git a/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js b/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
index 1127576617b..9230b5874df 100644
--- a/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
+++ b/spec/javascripts/vue_mr_widget/components/states/mr_widget_ready_to_merge_spec.js
@@ -371,6 +371,10 @@ describe('MRWidgetReadyToMerge', () => {
         });
       });
 
+      beforeEach(() => {
+        loadFixtures('merge_requests/merge_request_of_current_user.html.raw');
+      });
+
       it('should call start and stop polling when MR merged', (done) => {
         spyOn(eventHub, '$emit');
         spyOn(vm.service, 'poll').and.returnValue(returnPromise('merged'));
@@ -392,6 +396,47 @@ describe('MRWidgetReadyToMerge', () => {
         }, 333);
       });
 
+      it('updates status box', (done) => {
+        spyOn(vm.service, 'poll').and.returnValue(returnPromise('merged'));
+        spyOn(vm, 'initiateRemoveSourceBranchPolling');
+
+        vm.handleMergePolling(() => {}, () => {});
+
+        setTimeout(() => {
+          const statusBox = document.querySelector('.status-box');
+          expect(statusBox.classList.contains('status-box-mr-merged')).toBeTruthy();
+          expect(statusBox.textContent).toContain('Merged');
+
+          done();
+        });
+      });
+
+      it('hides close button', (done) => {
+        spyOn(vm.service, 'poll').and.returnValue(returnPromise('merged'));
+        spyOn(vm, 'initiateRemoveSourceBranchPolling');
+
+        vm.handleMergePolling(() => {}, () => {});
+
+        setTimeout(() => {
+          expect(document.querySelector('.btn-close').classList.contains('hidden')).toBeTruthy();
+
+          done();
+        });
+      });
+
+      it('updates merge request count badge', (done) => {
+        spyOn(vm.service, 'poll').and.returnValue(returnPromise('merged'));
+        spyOn(vm, 'initiateRemoveSourceBranchPolling');
+
+        vm.handleMergePolling(() => {}, () => {});
+
+        setTimeout(() => {
+          expect(document.querySelector('.js-merge-counter').textContent).toBe('0');
+
+          done();
+        });
+      });
+
       it('should continue polling until MR is merged', (done) => {
         spyOn(vm.service, 'poll').and.returnValue(returnPromise('some_other_state'));
         spyOn(vm, 'initiateRemoveSourceBranchPolling');
diff --git a/spec/javascripts/vue_shared/components/stacked_progress_bar_spec.js b/spec/javascripts/vue_shared/components/stacked_progress_bar_spec.js
new file mode 100644
index 00000000000..6940b04573e
--- /dev/null
+++ b/spec/javascripts/vue_shared/components/stacked_progress_bar_spec.js
@@ -0,0 +1,77 @@
+import Vue from 'vue';
+
+import stackedProgressBarComponent from '~/vue_shared/components/stacked_progress_bar.vue';
+
+import mountComponent from '../../helpers/vue_mount_component_helper';
+
+const createComponent = (config) => {
+  const Component = Vue.extend(stackedProgressBarComponent);
+  const defaultConfig = Object.assign({}, {
+    successLabel: 'Synced',
+    failureLabel: 'Failed',
+    neutralLabel: 'Out of sync',
+    successCount: 10,
+    failureCount: 5,
+    totalCount: 20,
+  }, config);
+
+  return mountComponent(Component, defaultConfig);
+};
+
+describe('StackedProgressBarComponent', () => {
+  let vm;
+
+  beforeEach(() => {
+    vm = createComponent();
+  });
+
+  afterEach(() => {
+    vm.$destroy();
+  });
+
+  describe('computed', () => {
+    describe('neutralCount', () => {
+      it('returns neutralCount based on totalCount, successCount and failureCount', () => {
+        expect(vm.neutralCount).toBe(5); // 20 - 10 - 5
+      });
+    });
+  });
+
+  describe('methods', () => {
+    describe('getPercent', () => {
+      it('returns percentage from provided count based on `totalCount`', () => {
+        expect(vm.getPercent(10)).toBe(50);
+      });
+    });
+
+    describe('barStyle', () => {
+      it('returns style string based on percentage provided', () => {
+        expect(vm.barStyle(50)).toBe('width: 50%;');
+      });
+    });
+
+    describe('getTooltip', () => {
+      it('returns label string based on label and count provided', () => {
+        expect(vm.getTooltip('Synced', 10)).toBe('Synced: 10');
+      });
+    });
+  });
+
+  describe('template', () => {
+    it('renders container element', () => {
+      expect(vm.$el.classList.contains('stacked-progress-bar')).toBeTruthy();
+    });
+
+    it('renders empty state when count is unavailable', () => {
+      const vmX = createComponent({ totalCount: 0, successCount: 0, failureCount: 0 });
+      expect(vmX.$el.querySelectorAll('.status-unavailable').length).not.toBe(0);
+      vmX.$destroy();
+    });
+
+    it('renders bar elements when count is available', () => {
+      expect(vm.$el.querySelectorAll('.status-green').length).not.toBe(0);
+      expect(vm.$el.querySelectorAll('.status-neutral').length).not.toBe(0);
+      expect(vm.$el.querySelectorAll('.status-red').length).not.toBe(0);
+    });
+  });
+});
diff --git a/spec/javascripts/vue_shared/components/user_avatar/user_avatar_link_spec.js b/spec/javascripts/vue_shared/components/user_avatar/user_avatar_link_spec.js
index 8450ad9dbcb..adf80d0c2bb 100644
--- a/spec/javascripts/vue_shared/components/user_avatar/user_avatar_link_spec.js
+++ b/spec/javascripts/vue_shared/components/user_avatar/user_avatar_link_spec.js
@@ -1,3 +1,4 @@
+import _ from 'underscore';
 import Vue from 'vue';
 import UserAvatarLink from '~/vue_shared/components/user_avatar/user_avatar_link.vue';
 
diff --git a/spec/javascripts/zen_mode_spec.js b/spec/javascripts/zen_mode_spec.js
index 45a0bb0650f..8edba1f47a3 100644
--- a/spec/javascripts/zen_mode_spec.js
+++ b/spec/javascripts/zen_mode_spec.js
@@ -1,4 +1,4 @@
-/* global Mousetrap */
+import Mousetrap from 'mousetrap';
 import Dropzone from 'dropzone';
 import ZenMode from '~/zen_mode';
 
diff --git a/spec/lib/backup/manager_spec.rb b/spec/lib/backup/manager_spec.rb
index b68301a066a..5100f5737c2 100644
--- a/spec/lib/backup/manager_spec.rb
+++ b/spec/lib/backup/manager_spec.rb
@@ -194,6 +194,12 @@ describe Backup::Manager do
         )
       end
 
+      it 'prints the list of available backups' do
+        expect { subject.unpack }.to raise_error SystemExit
+        expect(progress).to have_received(:puts)
+          .with(a_string_matching('1451606400_2016_01_01_1.2.3\n 1451520000_2015_12_31'))
+      end
+
       it 'fails the operation and prints an error' do
         expect { subject.unpack }.to raise_error SystemExit
         expect(progress).to have_received(:puts)
diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb
index f38f0776303..7e17457ce70 100644
--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -8,7 +8,8 @@ describe Banzai::Filter::RelativeLinkFilter do
       group:          group,
       project_wiki:   project_wiki,
       ref:            ref,
-      requested_path: requested_path
+      requested_path: requested_path,
+      only_path:      only_path
     })
 
     described_class.call(doc, contexts)
@@ -37,6 +38,7 @@ describe Banzai::Filter::RelativeLinkFilter do
   let(:commit)         { project.commit(ref) }
   let(:project_wiki)   { nil }
   let(:requested_path) { '/' }
+  let(:only_path)      { true }
 
   shared_examples :preserve_unchanged do
     it 'does not modify any relative URL in anchor' do
@@ -240,26 +242,35 @@ describe Banzai::Filter::RelativeLinkFilter do
     let(:commit) { nil }
     let(:ref) { nil }
     let(:requested_path) { nil }
+    let(:upload_path) { '/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg' }
+    let(:relative_path) { "/#{project.full_path}#{upload_path}" }
 
     context 'to a project upload' do
+      context 'with an absolute URL' do
+        let(:absolute_path) { Gitlab.config.gitlab.url + relative_path }
+        let(:only_path) { false }
+
+        it 'rewrites the link correctly' do
+          doc = filter(link(upload_path))
+
+          expect(doc.at_css('a')['href']).to eq(absolute_path)
+        end
+      end
+
       it 'rebuilds relative URL for a link' do
-        doc = filter(link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
-        expect(doc.at_css('a')['href'])
-          .to eq "/#{project.full_path}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
+        doc = filter(link(upload_path))
+        expect(doc.at_css('a')['href']).to eq(relative_path)
 
-        doc = filter(nested(link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg')))
-        expect(doc.at_css('a')['href'])
-          .to eq "/#{project.full_path}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
+        doc = filter(nested(link(upload_path)))
+        expect(doc.at_css('a')['href']).to eq(relative_path)
       end
 
       it 'rebuilds relative URL for an image' do
-        doc = filter(image('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
-        expect(doc.at_css('img')['src'])
-          .to eq "/#{project.full_path}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
+        doc = filter(image(upload_path))
+        expect(doc.at_css('img')['src']).to eq(relative_path)
 
-        doc = filter(nested(image('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg')))
-        expect(doc.at_css('img')['src'])
-          .to eq "/#{project.full_path}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
+        doc = filter(nested(image(upload_path)))
+        expect(doc.at_css('img')['src']).to eq(relative_path)
       end
 
       it 'does not modify absolute URL' do
@@ -288,6 +299,17 @@ describe Banzai::Filter::RelativeLinkFilter do
       let(:project) { nil }
       let(:relative_path) { "/groups/#{group.full_path}/-/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg" }
 
+      context 'with an absolute URL' do
+        let(:absolute_path) { Gitlab.config.gitlab.url + relative_path }
+        let(:only_path) { false }
+
+        it 'rewrites the link correctly' do
+          doc = filter(upload_link)
+
+          expect(doc.at_css('a')['href']).to eq(absolute_path)
+        end
+      end
+
       it 'rewrites the link correctly' do
         doc = filter(upload_link)
 
diff --git a/spec/lib/banzai/filter/wiki_link_filter_spec.rb b/spec/lib/banzai/filter/wiki_link_filter_spec.rb
index 9596f004052..50d053011b3 100644
--- a/spec/lib/banzai/filter/wiki_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/wiki_link_filter_spec.rb
@@ -10,15 +10,23 @@ describe Banzai::Filter::WikiLinkFilter do
 
   it "doesn't rewrite absolute links" do
     filtered_link = filter("<a href='http://example.com:8000/'>Link</a>", project_wiki: wiki).children[0]
+
     expect(filtered_link.attribute('href').value).to eq('http://example.com:8000/')
   end
 
+  it "doesn't rewrite links to project uploads" do
+    filtered_link = filter("<a href='/uploads/a.test'>Link</a>", project_wiki: wiki).children[0]
+
+    expect(filtered_link.attribute('href').value).to eq('/uploads/a.test')
+  end
+
   describe "invalid links" do
     invalid_links = ["http://:8080", "http://", "http://:8080/path"]
 
     invalid_links.each do |invalid_link|
       it "doesn't rewrite invalid invalid_links like #{invalid_link}" do
         filtered_link = filter("<a href='#{invalid_link}'>Link</a>", project_wiki: wiki).children[0]
+
         expect(filtered_link.attribute('href').value).to eq(invalid_link)
       end
     end
diff --git a/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb b/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb
new file mode 100644
index 00000000000..726a3c1c83a
--- /dev/null
+++ b/spec/lib/gitlab/auth/blocked_user_tracker_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Gitlab::Auth::BlockedUserTracker do
+  set(:user) { create(:user) }
+
+  describe '.log_if_user_blocked' do
+    it 'does not log if user failed to login due to undefined reason' do
+      expect_any_instance_of(SystemHooksService).not_to receive(:execute_hooks_for)
+
+      expect(described_class.log_if_user_blocked({})).to be_nil
+    end
+
+    it 'gracefully handles malformed environment variables' do
+      env = { 'warden.options' => 'test' }
+
+      expect(described_class.log_if_user_blocked(env)).to be_nil
+    end
+
+    context 'failed login due to blocked user' do
+      let(:env) do
+        {
+          'warden.options' => { message: User::BLOCKED_MESSAGE },
+          described_class::ACTIVE_RECORD_REQUEST_PARAMS => { 'user' => { 'login' => user.username } }
+        }
+      end
+
+      subject { described_class.log_if_user_blocked(env) }
+
+      before do
+        expect_any_instance_of(SystemHooksService).to receive(:execute_hooks_for).with(user, :failed_login)
+      end
+
+      it 'logs a blocked user' do
+        user.block!
+
+        expect(subject).to be_truthy
+      end
+
+      it 'logs a blocked user by e-mail' do
+        user.block!
+        env[described_class::ACTIVE_RECORD_REQUEST_PARAMS]['user']['login'] = user.email
+
+        expect(subject).to be_truthy
+      end
+
+      it 'logs a LDAP blocked user' do
+        user.ldap_block!
+
+        expect(subject).to be_truthy
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
index 4637816570c..2733eef6611 100644
--- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb
@@ -76,6 +76,16 @@ describe Gitlab::Auth::UserAuthFinders do
         expect(find_user_from_rss_token).to be_nil
       end
     end
+
+    context 'when the request format is empty' do
+      it 'the method call does not modify the original value' do
+        env['action_dispatch.request.formats'] = nil
+
+        find_user_from_rss_token
+
+        expect(env['action_dispatch.request.formats']).to be_nil
+      end
+    end
   end
 
   describe '#find_user_from_access_token' do
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index a6fbec295b5..cc202ce8bca 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -136,8 +136,8 @@ describe Gitlab::Auth do
 
       it 'grants deploy key write permissions' do
         project = create(:project)
-        key = create(:deploy_key, can_push: true)
-        create(:deploy_keys_project, deploy_key: key, project: project)
+        key = create(:deploy_key)
+        create(:deploy_keys_project, :write_access, deploy_key: key, project: project)
         token = Gitlab::LfsToken.new(key).token
 
         expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: "lfs+deploy-key-#{key.id}")
@@ -146,7 +146,7 @@ describe Gitlab::Auth do
 
       it 'does not grant deploy key write permissions' do
         project = create(:project)
-        key = create(:deploy_key, can_push: true)
+        key = create(:deploy_key)
         token = Gitlab::LfsToken.new(key).token
 
         expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: "lfs+deploy-key-#{key.id}")
diff --git a/spec/lib/gitlab/background_migration/deserialize_merge_request_diffs_and_commits_spec.rb b/spec/lib/gitlab/background_migration/deserialize_merge_request_diffs_and_commits_spec.rb
index 98730602863..d21183b668b 100644
--- a/spec/lib/gitlab/background_migration/deserialize_merge_request_diffs_and_commits_spec.rb
+++ b/spec/lib/gitlab/background_migration/deserialize_merge_request_diffs_and_commits_spec.rb
@@ -15,6 +15,10 @@ describe Gitlab::BackgroundMigration::DeserializeMergeRequestDiffsAndCommits, :t
         .to receive(:commits_count=).and_return(nil)
     end
 
+    after do
+      [Project, MergeRequest, MergeRequestDiff].each(&:reset_column_information)
+    end
+
     def diffs_to_hashes(diffs)
       diffs.as_json(only: Gitlab::Git::Diff::SERIALIZE_KEYS).map(&:with_indifferent_access)
     end
diff --git a/spec/lib/gitlab/ci/ansi2html_spec.rb b/spec/lib/gitlab/ci/ansi2html_spec.rb
index 05e2d94cbd6..7549e9941b6 100644
--- a/spec/lib/gitlab/ci/ansi2html_spec.rb
+++ b/spec/lib/gitlab/ci/ansi2html_spec.rb
@@ -217,11 +217,58 @@ describe Gitlab::Ci::Ansi2html do
       "#{section_end[0...-5]}</div>"
     end
 
-    it "prints light red" do
-      text = "#{section_start}\e[91mHello\e[0m\n#{section_end}"
-      html = %{#{section_start_html}<span class="term-fg-l-red">Hello</span><br>#{section_end_html}}
+    shared_examples 'forbidden char in section_name' do
+      it 'ignores sections' do
+        text = "#{section_start}Some text#{section_end}"
+        html = text.gsub("\033[0K", '').gsub('<', '&lt;')
 
-      expect(convert_html(text)).to eq(html)
+        expect(convert_html(text)).to eq(html)
+      end
+    end
+
+    shared_examples 'a legit section' do
+      let(:text) { "#{section_start}Some text#{section_end}" }
+
+      it 'prints light red' do
+        text = "#{section_start}\e[91mHello\e[0m\n#{section_end}"
+        html = %{#{section_start_html}<span class="term-fg-l-red">Hello</span><br>#{section_end_html}}
+
+        expect(convert_html(text)).to eq(html)
+      end
+
+      it 'begins with a section_start html marker' do
+        expect(convert_html(text)).to start_with(section_start_html)
+      end
+
+      it 'ends with a section_end html marker' do
+        expect(convert_html(text)).to end_with(section_end_html)
+      end
+    end
+
+    it_behaves_like 'a legit section'
+
+    context 'section name includes $' do
+      let(:section_name) { 'my_$ection'}
+
+      it_behaves_like 'forbidden char in section_name'
+    end
+
+    context 'section name includes <' do
+      let(:section_name) { '<a_tag>'}
+
+      it_behaves_like 'forbidden char in section_name'
+    end
+
+    context 'section name contains .-_' do
+      let(:section_name) { 'a.Legit-SeCtIoN_namE' }
+
+      it_behaves_like 'a legit section'
+    end
+
+    it 'do not allow XSS injections' do
+      text = "#{section_start}section_end:1:2<script>alert('XSS Hack!');</script>#{section_end}"
+
+      expect(convert_html(text)).not_to include('<script>')
     end
   end
 
diff --git a/spec/lib/gitlab/ci/config/entry/key_spec.rb b/spec/lib/gitlab/ci/config/entry/key_spec.rb
index 5d4de60bc8a..3cbf19bea8b 100644
--- a/spec/lib/gitlab/ci/config/entry/key_spec.rb
+++ b/spec/lib/gitlab/ci/config/entry/key_spec.rb
@@ -4,6 +4,26 @@ describe Gitlab::Ci::Config::Entry::Key do
   let(:entry) { described_class.new(config) }
 
   describe 'validations' do
+    shared_examples 'key with slash' do
+      it 'is invalid' do
+        expect(entry).not_to be_valid
+      end
+
+      it 'reports errors with config value' do
+        expect(entry.errors).to include 'key config cannot contain the "/" character'
+      end
+    end
+
+    shared_examples 'key with only dots' do
+      it 'is invalid' do
+        expect(entry).not_to be_valid
+      end
+
+      it 'reports errors with config value' do
+        expect(entry.errors).to include 'key config cannot be "." or ".."'
+      end
+    end
+
     context 'when entry config value is correct' do
       let(:config) { 'test' }
 
@@ -30,6 +50,48 @@ describe Gitlab::Ci::Config::Entry::Key do
         end
       end
     end
+
+    context 'when entry value contains slash' do
+      let(:config) { 'key/with/some/slashes' }
+
+      it_behaves_like 'key with slash'
+    end
+
+    context 'when entry value contains URI encoded slash (%2F)' do
+      let(:config) { 'key%2Fwith%2Fsome%2Fslashes' }
+
+      it_behaves_like 'key with slash'
+    end
+
+    context 'when entry value is a dot' do
+      let(:config) { '.' }
+
+      it_behaves_like 'key with only dots'
+    end
+
+    context 'when entry value is two dots' do
+      let(:config) { '..' }
+
+      it_behaves_like 'key with only dots'
+    end
+
+    context 'when entry value is a URI encoded dot (%2E)' do
+      let(:config) { '%2e' }
+
+      it_behaves_like 'key with only dots'
+    end
+
+    context 'when entry value is two URI encoded dots (%2E)' do
+      let(:config) { '%2E%2e' }
+
+      it_behaves_like 'key with only dots'
+    end
+
+    context 'when entry value is one dot and one URI encoded dot' do
+      let(:config) { '.%2e' }
+
+      it_behaves_like 'key with only dots'
+    end
   end
 
   describe '.default' do
diff --git a/spec/lib/gitlab/ci/status/build/action_spec.rb b/spec/lib/gitlab/ci/status/build/action_spec.rb
index 8c25f72804b..d612d29e3e0 100644
--- a/spec/lib/gitlab/ci/status/build/action_spec.rb
+++ b/spec/lib/gitlab/ci/status/build/action_spec.rb
@@ -37,16 +37,16 @@ describe Gitlab::Ci::Status::Build::Action do
   describe '.matches?' do
     subject { described_class.matches?(build, user) }
 
-    context 'when build is an action' do
-      let(:build) { create(:ci_build, :manual) }
+    context 'when build is playable action' do
+      let(:build) { create(:ci_build, :playable) }
 
       it 'is a correct match' do
         expect(subject).to be true
       end
     end
 
-    context 'when build is not manual' do
-      let(:build) { create(:ci_build) }
+    context 'when build is not playable action' do
+      let(:build) { create(:ci_build, :non_playable) }
 
       it 'does not match' do
         expect(subject).to be false
diff --git a/spec/lib/gitlab/git/gitlab_projects_spec.rb b/spec/lib/gitlab/git/gitlab_projects_spec.rb
index beef843537d..78e4fbca28e 100644
--- a/spec/lib/gitlab/git/gitlab_projects_spec.rb
+++ b/spec/lib/gitlab/git/gitlab_projects_spec.rb
@@ -158,39 +158,55 @@ describe Gitlab::Git::GitlabProjects do
 
     subject { gl_projects.import_project(import_url, timeout) }
 
-    context 'success import' do
-      it 'imports a repo' do
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+    shared_examples 'importing repository' do
+      context 'success import' do
+        it 'imports a repo' do
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
 
-        message = "Importing project from <#{import_url}> to <#{tmp_repo_path}>."
-        expect(logger).to receive(:info).with(message)
+          is_expected.to be_truthy
 
-        is_expected.to be_truthy
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_truthy
+        end
+      end
 
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_truthy
+      context 'already exists' do
+        it "doesn't import" do
+          FileUtils.mkdir_p(tmp_repo_path)
+
+          is_expected.to be_falsy
+        end
       end
     end
 
-    context 'already exists' do
-      it "doesn't import" do
-        FileUtils.mkdir_p(tmp_repo_path)
+    context 'when Gitaly import_repository feature is enabled' do
+      it_behaves_like 'importing repository'
+    end
+
+    context 'when Gitaly import_repository feature is disabled', :disable_gitaly do
+      describe 'logging' do
+        it 'imports a repo' do
+          message = "Importing project from <#{import_url}> to <#{tmp_repo_path}>."
+          expect(logger).to receive(:info).with(message)
 
-        is_expected.to be_falsy
+          subject
+        end
       end
-    end
 
-    context 'timeout' do
-      it 'does not import a repo' do
-        stub_spawn_timeout(cmd, timeout, nil)
+      context 'timeout' do
+        it 'does not import a repo' do
+          stub_spawn_timeout(cmd, timeout, nil)
 
-        message = "Importing project from <#{import_url}> to <#{tmp_repo_path}> failed."
-        expect(logger).to receive(:error).with(message)
+          message = "Importing project from <#{import_url}> to <#{tmp_repo_path}> failed."
+          expect(logger).to receive(:error).with(message)
 
-        is_expected.to be_falsy
+          is_expected.to be_falsy
 
-        expect(gl_projects.output).to eq("Timed out\n")
-        expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+          expect(gl_projects.output).to eq("Timed out\n")
+          expect(File.exist?(File.join(tmp_repo_path, 'HEAD'))).to be_falsy
+        end
       end
+
+      it_behaves_like 'importing repository'
     end
   end
 
diff --git a/spec/lib/gitlab/git/repository_spec.rb b/spec/lib/gitlab/git/repository_spec.rb
index f4e781c599e..3cf165716bd 100644
--- a/spec/lib/gitlab/git/repository_spec.rb
+++ b/spec/lib/gitlab/git/repository_spec.rb
@@ -1104,14 +1104,6 @@ describe Gitlab::Git::Repository, seed_helper: true do
     end
   end
 
-  describe "branch_names_contains" do
-    subject { repository.branch_names_contains(SeedRepo::LastCommit::ID) }
-
-    it { is_expected.to include('master') }
-    it { is_expected.not_to include('feature') }
-    it { is_expected.not_to include('fix') }
-  end
-
   describe '#autocrlf' do
     before(:all) do
       @repo = Gitlab::Git::Repository.new('default', TEST_MUTABLE_REPO_PATH, '')
diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb
index eaf74951b0e..90fbef9d248 100644
--- a/spec/lib/gitlab/git/rev_list_spec.rb
+++ b/spec/lib/gitlab/git/rev_list_spec.rb
@@ -39,7 +39,7 @@ describe Gitlab::Git::RevList do
     ]
 
     expect(rev_list).to receive(:popen).with(*params) do |*_, lazy_block:|
-      lazy_block.call(output.split("\n").lazy)
+      lazy_block.call(output.lines.lazy.map(&:chomp))
     end
   end
 
@@ -64,6 +64,15 @@ describe Gitlab::Git::RevList do
       expect(rev_list.new_objects(require_path: true)).to eq(%w[sha2])
     end
 
+    it 'can handle non utf-8 paths' do
+      non_utf_char = [0x89].pack("c*").force_encoding("UTF-8")
+      stub_lazy_popen_rev_list('newrev', '--not', '--all', '--objects', output: "sha2 πå†h/†ø/ƒîlé#{non_utf_char}\nsha1")
+
+      rev_list.new_objects(require_path: true) do |object_ids|
+        expect(object_ids.force).to eq(%w[sha2])
+      end
+    end
+
     it 'can yield a lazy enumerator' do
       stub_lazy_popen_rev_list('newrev', '--not', '--all', '--objects', output: "sha1\nsha2")
 
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 4290fbb0087..2009a8ac48c 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -51,12 +51,12 @@ describe Gitlab::GitAccess do
     context 'when the project exists' do
       context 'when actor exists' do
         context 'when actor is a DeployKey' do
-          let(:deploy_key) { create(:deploy_key, user: user, can_push: true) }
+          let(:deploy_key) { create(:deploy_key, user: user) }
           let(:actor) { deploy_key }
 
           context 'when the DeployKey has access to the project' do
             before do
-              deploy_key.projects << project
+              deploy_key.deploy_keys_projects.create(project: project, can_push: true)
             end
 
             it 'allows push and pull access' do
@@ -696,15 +696,13 @@ describe Gitlab::GitAccess do
   end
 
   describe 'deploy key permissions' do
-    let(:key) { create(:deploy_key, user: user, can_push: can_push) }
+    let(:key) { create(:deploy_key, user: user) }
     let(:actor) { key }
 
     context 'when deploy_key can push' do
-      let(:can_push) { true }
-
       context 'when project is authorized' do
         before do
-          key.projects << project
+          key.deploy_keys_projects.create(project: project, can_push: true)
         end
 
         it { expect { push_access_check }.not_to raise_error }
@@ -732,11 +730,9 @@ describe Gitlab::GitAccess do
     end
 
     context 'when deploy_key cannot push' do
-      let(:can_push) { false }
-
       context 'when project is authorized' do
         before do
-          key.projects << project
+          key.deploy_keys_projects.create(project: project, can_push: false)
         end
 
         it { expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:deploy_key_upload]) }
diff --git a/spec/lib/gitlab/gitaly_client/conflict_files_stitcher_spec.rb b/spec/lib/gitlab/gitaly_client/conflict_files_stitcher_spec.rb
new file mode 100644
index 00000000000..1c933410bd5
--- /dev/null
+++ b/spec/lib/gitlab/gitaly_client/conflict_files_stitcher_spec.rb
@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe Gitlab::GitalyClient::ConflictFilesStitcher do
+  describe 'enumeration' do
+    it 'combines segregated ConflictFile messages together' do
+      target_project = create(:project, :repository)
+      target_repository = target_project.repository.raw
+      target_gitaly_repository = target_repository.gitaly_repository
+
+      our_path_1 = 'our/path/1'
+      their_path_1 = 'their/path/1'
+      our_mode_1 = 0744
+      commit_oid_1 = 'f00'
+      content_1 = 'content of the first file'
+
+      our_path_2 = 'our/path/2'
+      their_path_2 = 'their/path/2'
+      our_mode_2 = 0600
+      commit_oid_2 = 'ba7'
+      content_2 = 'content of the second file'
+
+      header_1 = double(repository: target_gitaly_repository, commit_oid: commit_oid_1,
+                        our_path: our_path_1, their_path: their_path_1, our_mode: our_mode_1)
+      header_2 = double(repository: target_gitaly_repository, commit_oid: commit_oid_2,
+                        our_path: our_path_2, their_path: their_path_2, our_mode: our_mode_2)
+
+      messages = [
+        double(files: [double(header: header_1), double(header: nil, content: content_1[0..5])]),
+        double(files: [double(header: nil, content: content_1[6..-1])]),
+        double(files: [double(header: header_2)]),
+        double(files: [double(header: nil, content: content_2[0..5]), double(header: nil, content: content_2[6..10])]),
+        double(files: [double(header: nil, content: content_2[11..-1])])
+      ]
+
+      conflict_files = described_class.new(messages).to_a
+
+      expect(conflict_files.size).to be(2)
+
+      expect(conflict_files[0].content).to eq(content_1)
+      expect(conflict_files[0].their_path).to eq(their_path_1)
+      expect(conflict_files[0].our_path).to eq(our_path_1)
+      expect(conflict_files[0].our_mode).to be(our_mode_1)
+      expect(conflict_files[0].repository).to eq(target_repository)
+      expect(conflict_files[0].commit_oid).to eq(commit_oid_1)
+
+      expect(conflict_files[1].content).to eq(content_2)
+      expect(conflict_files[1].their_path).to eq(their_path_2)
+      expect(conflict_files[1].our_path).to eq(our_path_2)
+      expect(conflict_files[1].our_mode).to be(our_mode_2)
+      expect(conflict_files[1].repository).to eq(target_repository)
+      expect(conflict_files[1].commit_oid).to eq(commit_oid_2)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/gitaly_client/conflicts_service_spec.rb b/spec/lib/gitlab/gitaly_client/conflicts_service_spec.rb
index b9641de7eda..e4fe01a671f 100644
--- a/spec/lib/gitlab/gitaly_client/conflicts_service_spec.rb
+++ b/spec/lib/gitlab/gitaly_client/conflicts_service_spec.rb
@@ -19,41 +19,12 @@ describe Gitlab::GitalyClient::ConflictsService do
         their_commit_oid: their_commit_oid
       )
     end
-    let(:our_path) { 'our/path' }
-    let(:their_path) { 'their/path' }
-    let(:our_mode) { 0744 }
-    let(:header) do
-      double(repository: target_gitaly_repository, commit_oid: our_commit_oid,
-             our_path: our_path, our_mode: 0744, their_path: their_path)
-    end
-    let(:response) do
-      [
-        double(files: [double(header: header), double(content: 'foo', header: nil)]),
-        double(files: [double(content: 'bar', header: nil)])
-      ]
-    end
-    let(:file) { subject[0] }
-
-    subject { client.list_conflict_files }
 
     it 'sends an RPC request' do
       expect_any_instance_of(Gitaly::ConflictsService::Stub).to receive(:list_conflict_files)
-        .with(request, kind_of(Hash)).and_return([])
-
-      subject
-    end
-
-    it 'forms a Gitlab::Git::ConflictFile collection from the response' do
-      allow_any_instance_of(Gitaly::ConflictsService::Stub).to receive(:list_conflict_files)
-        .with(request, kind_of(Hash)).and_return(response)
+        .with(request, kind_of(Hash)).and_return([].to_enum)
 
-      expect(subject.size).to be(1)
-      expect(file.content).to eq('foobar')
-      expect(file.their_path).to eq(their_path)
-      expect(file.our_path).to eq(our_path)
-      expect(file.our_mode).to be(our_mode)
-      expect(file.repository).to eq(target_repository)
-      expect(file.commit_oid).to eq(our_commit_oid)
+      client.list_conflict_files
     end
   end
 
diff --git a/spec/lib/gitlab/import_export/file_importer_spec.rb b/spec/lib/gitlab/import_export/file_importer_spec.rb
index 162b776e107..5cdc5138fda 100644
--- a/spec/lib/gitlab/import_export/file_importer_spec.rb
+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb
@@ -12,30 +12,61 @@ describe Gitlab::ImportExport::FileImporter do
     stub_const('Gitlab::ImportExport::FileImporter::MAX_RETRIES', 0)
     allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
     allow_any_instance_of(Gitlab::ImportExport::CommandLineUtil).to receive(:untar_zxf).and_return(true)
-
+    allow(SecureRandom).to receive(:hex).and_return('abcd')
     setup_files
-
-    described_class.import(archive_file: '', shared: shared)
   end
 
   after do
     FileUtils.rm_rf(export_path)
   end
 
-  it 'removes symlinks in root folder' do
-    expect(File.exist?(symlink_file)).to be false
-  end
+  context 'normal run' do
+    before do
+      described_class.import(archive_file: '', shared: shared)
+    end
 
-  it 'removes hidden symlinks in root folder' do
-    expect(File.exist?(hidden_symlink_file)).to be false
-  end
+    it 'removes symlinks in root folder' do
+      expect(File.exist?(symlink_file)).to be false
+    end
+
+    it 'removes hidden symlinks in root folder' do
+      expect(File.exist?(hidden_symlink_file)).to be false
+    end
+
+    it 'removes symlinks in subfolders' do
+      expect(File.exist?(subfolder_symlink_file)).to be false
+    end
 
-  it 'removes symlinks in subfolders' do
-    expect(File.exist?(subfolder_symlink_file)).to be false
+    it 'does not remove a valid file' do
+      expect(File.exist?(valid_file)).to be true
+    end
+
+    it 'creates the file in the right subfolder' do
+      expect(shared.export_path).to include('test/abcd')
+    end
   end
 
-  it 'does not remove a valid file' do
-    expect(File.exist?(valid_file)).to be true
+  context 'error' do
+    before do
+      allow_any_instance_of(described_class).to receive(:wait_for_archived_file).and_raise(StandardError)
+      described_class.import(archive_file: '', shared: shared)
+    end
+
+    it 'removes symlinks in root folder' do
+      expect(File.exist?(symlink_file)).to be false
+    end
+
+    it 'removes hidden symlinks in root folder' do
+      expect(File.exist?(hidden_symlink_file)).to be false
+    end
+
+    it 'removes symlinks in subfolders' do
+      expect(File.exist?(subfolder_symlink_file)).to be false
+    end
+
+    it 'does not remove a valid file' do
+      expect(File.exist?(valid_file)).to be true
+    end
   end
 
   def setup_files
diff --git a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
index 4afe48e72ad..63997a40d52 100644
--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -100,6 +100,25 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
         is_expected.to eq(command)
       end
     end
+
+    context 'when chart values file is present' do
+      let(:install_command) { described_class.new(prometheus.name, chart: prometheus.chart, chart_values_file: prometheus.chart_values_file) }
+      let(:command) do
+        <<~MSG.chomp
+        set -eo pipefail
+        apk add -U ca-certificates openssl >/dev/null
+        wget -q -O - https://kubernetes-helm.storage.googleapis.com/helm-v2.7.0-linux-amd64.tar.gz | tar zxC /tmp >/dev/null
+        mv /tmp/linux-amd64/helm /usr/bin/
+
+        helm init --client-only >/dev/null
+        helm install #{prometheus.chart} --name #{prometheus.name} --namespace #{namespace.name} -f /data/helm/#{prometheus.name}/config/values.yaml >/dev/null
+        MSG
+      end
+
+      it 'should return appropriate command' do
+        is_expected.to eq(command)
+      end
+    end
   end
 
   describe "#pod_name" do
diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
index 906b10b96d4..0b8e97b8948 100644
--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -52,18 +52,20 @@ describe Gitlab::Kubernetes::Helm::Pod do
 
       it 'should include volumes for the container' do
         container = subject.generate.spec.containers.first
-        expect(container.volumeMounts.first['name']).to eq('config-volume')
-        expect(container.volumeMounts.first['mountPath']).to eq('/etc/config')
+        expect(container.volumeMounts.first['name']).to eq('configuration-volume')
+        expect(container.volumeMounts.first['mountPath']).to eq("/data/helm/#{app.name}/config")
       end
 
       it 'should include a volume inside the specification' do
         spec = subject.generate.spec
-        expect(spec.volumes.first['name']).to eq('config-volume')
+        expect(spec.volumes.first['name']).to eq('configuration-volume')
       end
 
       it 'should mount configMap specification in the volume' do
         spec = subject.generate.spec
-        expect(spec.volumes.first.configMap['name']).to eq('values-config')
+        expect(spec.volumes.first.configMap['name']).to eq('values-content-configuration')
+        expect(spec.volumes.first.configMap['items'].first['key']).to eq('values')
+        expect(spec.volumes.first.configMap['items'].first['path']).to eq('values.yaml')
       end
     end
 
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index 17937726f2c..1ebb0105cf5 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -70,15 +70,6 @@ describe Gitlab::ProjectSearchResults do
 
       subject { described_class.parse_search_result(search_result) }
 
-      it 'can correctly parse filenames including ":"' do
-        special_char_result = "\nmaster:testdata/project::function1.yaml-1----\nmaster:testdata/project::function1.yaml:2:test: data1\n"
-
-        blob = described_class.parse_search_result(special_char_result)
-
-        expect(blob.ref).to eq('master')
-        expect(blob.filename).to eq('testdata/project::function1.yaml')
-      end
-
       it "returns a valid FoundBlob" do
         is_expected.to be_an Gitlab::SearchResults::FoundBlob
         expect(subject.id).to be_nil
@@ -90,8 +81,32 @@ describe Gitlab::ProjectSearchResults do
         expect(subject.data.lines[2]).to eq("  - Feature: Replace teams with group membership\n")
       end
 
+      context 'when the matching filename contains a colon' do
+        let(:search_result) { "\nmaster:testdata/project::function1.yaml\x001\x00---\n" }
+
+        it 'returns a valid FoundBlob' do
+          expect(subject.filename).to eq('testdata/project::function1.yaml')
+          expect(subject.basename).to eq('testdata/project::function1')
+          expect(subject.ref).to eq('master')
+          expect(subject.startline).to eq(1)
+          expect(subject.data).to eq('---')
+        end
+      end
+
+      context 'when the matching content contains a number surrounded by colons' do
+        let(:search_result) { "\nmaster:testdata/foo.txt\x001\x00blah:9:blah" }
+
+        it 'returns a valid FoundBlob' do
+          expect(subject.filename).to eq('testdata/foo.txt')
+          expect(subject.basename).to eq('testdata/foo')
+          expect(subject.ref).to eq('master')
+          expect(subject.startline).to eq(1)
+          expect(subject.data).to eq('blah:9:blah')
+        end
+      end
+
       context "when filename has extension" do
-        let(:search_result) { "master:CONTRIBUTE.md:5:- [Contribute to GitLab](#contribute-to-gitlab)\n" }
+        let(:search_result) { "master:CONTRIBUTE.md\x005\x00- [Contribute to GitLab](#contribute-to-gitlab)\n" }
 
         it { expect(subject.path).to eq('CONTRIBUTE.md') }
         it { expect(subject.filename).to eq('CONTRIBUTE.md') }
@@ -99,7 +114,7 @@ describe Gitlab::ProjectSearchResults do
       end
 
       context "when file under directory" do
-        let(:search_result) { "master:a/b/c.md:5:a b c\n" }
+        let(:search_result) { "master:a/b/c.md\x005\x00a b c\n" }
 
         it { expect(subject.path).to eq('a/b/c.md') }
         it { expect(subject.filename).to eq('a/b/c.md') }
@@ -144,7 +159,7 @@ describe Gitlab::ProjectSearchResults do
     end
 
     it 'finds by content' do
-      expect(results).to include("master:Title.md:1:Content\n")
+      expect(results).to include("master:Title.md\x001\x00Content\n")
     end
   end
 
diff --git a/spec/lib/gitlab/utils/override_spec.rb b/spec/lib/gitlab/utils/override_spec.rb
new file mode 100644
index 00000000000..7c97cee982a
--- /dev/null
+++ b/spec/lib/gitlab/utils/override_spec.rb
@@ -0,0 +1,158 @@
+require 'spec_helper'
+
+describe Gitlab::Utils::Override do
+  let(:base) { Struct.new(:good) }
+
+  let(:derived) { Class.new(base).tap { |m| m.extend described_class } }
+  let(:extension) { Module.new.tap { |m| m.extend described_class } }
+
+  let(:prepending_class) { base.tap { |m| m.prepend extension } }
+  let(:including_class) { base.tap { |m| m.include extension } }
+
+  let(:klass) { subject }
+
+  def good(mod)
+    mod.module_eval do
+      override :good
+      def good
+        super.succ
+      end
+    end
+
+    mod
+  end
+
+  def bad(mod)
+    mod.module_eval do
+      override :bad
+      def bad
+        true
+      end
+    end
+
+    mod
+  end
+
+  shared_examples 'checking as intended' do
+    it 'checks ok for overriding method' do
+      good(subject)
+      result = klass.new(0).good
+
+      expect(result).to eq(1)
+      described_class.verify!
+    end
+
+    it 'raises NotImplementedError when it is not overriding anything' do
+      expect do
+        bad(subject)
+        klass.new(0).bad
+        described_class.verify!
+      end.to raise_error(NotImplementedError)
+    end
+  end
+
+  shared_examples 'nothing happened' do
+    it 'does not complain when it is overriding something' do
+      good(subject)
+      result = klass.new(0).good
+
+      expect(result).to eq(1)
+      described_class.verify!
+    end
+
+    it 'does not complain when it is not overriding anything' do
+      bad(subject)
+      result = klass.new(0).bad
+
+      expect(result).to eq(true)
+      described_class.verify!
+    end
+  end
+
+  before do
+    # Make sure we're not touching the internal cache
+    allow(described_class).to receive(:extensions).and_return({})
+  end
+
+  describe '#override' do
+    context 'when STATIC_VERIFICATION is set' do
+      before do
+        stub_env('STATIC_VERIFICATION', 'true')
+      end
+
+      context 'when subject is a class' do
+        subject { derived }
+
+        it_behaves_like 'checking as intended'
+      end
+
+      context 'when subject is a module, and class is prepending it' do
+        subject { extension }
+        let(:klass) { prepending_class }
+
+        it_behaves_like 'checking as intended'
+      end
+
+      context 'when subject is a module, and class is including it' do
+        subject { extension }
+        let(:klass) { including_class }
+
+        it 'raises NotImplementedError because it is not overriding it' do
+          expect do
+            good(subject)
+            klass.new(0).good
+            described_class.verify!
+          end.to raise_error(NotImplementedError)
+        end
+
+        it 'raises NotImplementedError when it is not overriding anything' do
+          expect do
+            bad(subject)
+            klass.new(0).bad
+            described_class.verify!
+          end.to raise_error(NotImplementedError)
+        end
+      end
+    end
+  end
+
+  context 'when STATIC_VERIFICATION is not set' do
+    before do
+      stub_env('STATIC_VERIFICATION', nil)
+    end
+
+    context 'when subject is a class' do
+      subject { derived }
+
+      it_behaves_like 'nothing happened'
+    end
+
+    context 'when subject is a module, and class is prepending it' do
+      subject { extension }
+      let(:klass) { prepending_class }
+
+      it_behaves_like 'nothing happened'
+    end
+
+    context 'when subject is a module, and class is including it' do
+      subject { extension }
+      let(:klass) { including_class }
+
+      it 'does not complain when it is overriding something' do
+        good(subject)
+        result = klass.new(0).good
+
+        expect(result).to eq(0)
+        described_class.verify!
+      end
+
+      it 'does not complain when it is not overriding anything' do
+        bad(subject)
+        result = klass.new(0).bad
+
+        expect(result).to eq(true)
+        described_class.verify!
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/utils_spec.rb b/spec/lib/gitlab/utils_spec.rb
index e872a5290c5..bda239b7871 100644
--- a/spec/lib/gitlab/utils_spec.rb
+++ b/spec/lib/gitlab/utils_spec.rb
@@ -17,6 +17,22 @@ describe Gitlab::Utils do
     end
   end
 
+  describe '.remove_line_breaks' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:original, :expected) do
+      "foo\nbar\nbaz"     | "foobarbaz"
+      "foo\r\nbar\r\nbaz" | "foobarbaz"
+      "foobar"            | "foobar"
+    end
+
+    with_them do
+      it "replace line breaks with an empty string" do
+        expect(described_class.remove_line_breaks(original)).to eq(expected)
+      end
+    end
+  end
+
   describe '.to_boolean' do
     it 'accepts booleans' do
       expect(to_boolean(true)).to be(true)
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index 3eaeeebf97d..45a606c1ea8 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -25,6 +25,13 @@ describe Ci::Build do
 
   it { is_expected.to be_a(ArtifactMigratable) }
 
+  describe 'associations' do
+    it 'has a bidirectional relationship with projects' do
+      expect(described_class.reflect_on_association(:project).has_inverse?).to eq(:builds)
+      expect(Project.reflect_on_association(:builds).has_inverse?).to eq(:project)
+    end
+  end
+
   describe 'callbacks' do
     context 'when running after_create callback' do
       it 'triggers asynchronous build hooks worker' do
diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb
index 7bef798a782..14d234f6aab 100644
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -28,6 +28,13 @@ describe Ci::Pipeline, :mailer do
   it { is_expected.to respond_to :short_sha }
   it { is_expected.to delegate_method(:full_path).to(:project).with_prefix }
 
+  describe 'associations' do
+    it 'has a bidirectional relationship with projects' do
+      expect(described_class.reflect_on_association(:project).has_inverse?).to eq(:pipelines)
+      expect(Project.reflect_on_association(:pipelines).has_inverse?).to eq(:project)
+    end
+  end
+
   describe '#source' do
     context 'when creating new pipeline' do
       let(:pipeline) do
diff --git a/spec/models/commit_range_spec.rb b/spec/models/commit_range_spec.rb
index 38829773599..f2efcd9d0e9 100644
--- a/spec/models/commit_range_spec.rb
+++ b/spec/models/commit_range_spec.rb
@@ -151,11 +151,11 @@ describe CommitRange do
         .with(commit1, user)
         .and_return(true)
 
-      expect(commit1.has_been_reverted?(user, issue)).to eq(true)
+      expect(commit1.has_been_reverted?(user, issue.notes_with_associations)).to eq(true)
     end
 
-    it 'returns false a commit has not been reverted' do
-      expect(commit1.has_been_reverted?(user, issue)).to eq(false)
+    it 'returns false if the commit has not been reverted' do
+      expect(commit1.has_been_reverted?(user, issue.notes_with_associations)).to eq(false)
     end
   end
 end
diff --git a/spec/models/commit_spec.rb b/spec/models/commit_spec.rb
index 817254c7d1e..f8a98b43e46 100644
--- a/spec/models/commit_spec.rb
+++ b/spec/models/commit_spec.rb
@@ -439,15 +439,25 @@ eos
   end
 
   describe '#uri_type' do
-    it 'returns the URI type at the given path' do
-      expect(commit.uri_type('files/html')).to be(:tree)
-      expect(commit.uri_type('files/images/logo-black.png')).to be(:raw)
-      expect(project.commit('video').uri_type('files/videos/intro.mp4')).to be(:raw)
-      expect(commit.uri_type('files/js/application.js')).to be(:blob)
+    shared_examples 'URI type' do
+      it 'returns the URI type at the given path' do
+        expect(commit.uri_type('files/html')).to be(:tree)
+        expect(commit.uri_type('files/images/logo-black.png')).to be(:raw)
+        expect(project.commit('video').uri_type('files/videos/intro.mp4')).to be(:raw)
+        expect(commit.uri_type('files/js/application.js')).to be(:blob)
+      end
+
+      it "returns nil if the path doesn't exists" do
+        expect(commit.uri_type('this/path/doesnt/exist')).to be_nil
+      end
+    end
+
+    context 'when Gitaly commit_tree_entry feature is enabled' do
+      it_behaves_like 'URI type'
     end
 
-    it "returns nil if the path doesn't exists" do
-      expect(commit.uri_type('this/path/doesnt/exist')).to be_nil
+    context 'when Gitaly commit_tree_entry feature is disabled', :disable_gitaly do
+      it_behaves_like 'URI type'
     end
   end
 
@@ -513,4 +523,17 @@ eos
       expect(described_class.valid_hash?('a' * 41)).to be false
     end
   end
+
+  describe '#merge_requests' do
+    let!(:project) { create(:project, :repository) }
+    let!(:merge_request1) { create(:merge_request, source_project: project, source_branch: 'master', target_branch: 'feature') }
+    let!(:merge_request2) { create(:merge_request, source_project: project, source_branch: 'merged-target', target_branch: 'feature') }
+    let(:commit1) { merge_request1.merge_request_diff.commits.last }
+    let(:commit2) { merge_request1.merge_request_diff.commits.first }
+
+    it 'returns merge_requests that introduced that commit' do
+      expect(commit1.merge_requests).to eq([merge_request1, merge_request2])
+      expect(commit2.merge_requests).to eq([merge_request1])
+    end
+  end
 end
diff --git a/spec/models/deploy_keys_project_spec.rb b/spec/models/deploy_keys_project_spec.rb
index 0345fefb254..fca3090ff4a 100644
--- a/spec/models/deploy_keys_project_spec.rb
+++ b/spec/models/deploy_keys_project_spec.rb
@@ -8,7 +8,7 @@ describe DeployKeysProject do
 
   describe "Validation" do
     it { is_expected.to validate_presence_of(:project_id) }
-    it { is_expected.to validate_presence_of(:deploy_key_id) }
+    it { is_expected.to validate_presence_of(:deploy_key) }
   end
 
   describe "Destroying" do
diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb
index 388120160ab..ea6d6e53ef5 100644
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -29,6 +29,12 @@ describe WebHook do
         expect(hook.url).to eq('https://example.com')
       end
     end
+
+    describe 'token' do
+      it { is_expected.to allow_value("foobar").for(:token) }
+
+      it { is_expected.not_to allow_values("foo\nbar", "foo\r\nbar").for(:token) }
+    end
   end
 
   describe 'execute' do
diff --git a/spec/models/merge_request_diff_spec.rb b/spec/models/merge_request_diff_spec.rb
index d556004eccf..b4249d72fc8 100644
--- a/spec/models/merge_request_diff_spec.rb
+++ b/spec/models/merge_request_diff_spec.rb
@@ -15,6 +15,28 @@ describe MergeRequestDiff do
     it { expect(subject.start_commit_sha).to eq('0b4bc9a49b562e85de7cc9e834518ea6828729b9') }
   end
 
+  describe '.by_commit_sha' do
+    subject(:by_commit_sha) { described_class.by_commit_sha(sha) }
+
+    let!(:merge_request) { create(:merge_request, :with_diffs) }
+
+    context 'with sha contained in' do
+      let(:sha) { 'b83d6e391c22777fca1ed3012fce84f633d7fed0' }
+
+      it 'returns merge request diffs' do
+        expect(by_commit_sha).to eq([merge_request.merge_request_diff])
+      end
+    end
+
+    context 'with sha not contained in' do
+      let(:sha) { 'b83d6e3' }
+
+      it 'returns empty result' do
+        expect(by_commit_sha).to be_empty
+      end
+    end
+  end
+
   describe '#latest' do
     let!(:mr) { create(:merge_request, :with_diffs) }
     let!(:first_diff) { mr.merge_request_diff }
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 27e9c477d61..c76f32b3989 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -87,6 +87,39 @@ describe MergeRequest do
     it { is_expected.to respond_to(:merge_when_pipeline_succeeds) }
   end
 
+  describe '.by_commit_sha' do
+    subject(:by_commit_sha) { described_class.by_commit_sha(sha) }
+
+    let!(:merge_request) { create(:merge_request, :with_diffs) }
+
+    context 'with sha contained in latest merge request diff' do
+      let(:sha) { 'b83d6e391c22777fca1ed3012fce84f633d7fed0' }
+
+      it 'returns merge requests' do
+        expect(by_commit_sha).to eq([merge_request])
+      end
+    end
+
+    context 'with sha contained not in latest merge request diff' do
+      let(:sha) { 'b83d6e391c22777fca1ed3012fce84f633d7fed0' }
+
+      it 'returns empty requests' do
+        latest_merge_request_diff = merge_request.merge_request_diffs.create
+        latest_merge_request_diff.merge_request_diff_commits.where(sha: 'b83d6e391c22777fca1ed3012fce84f633d7fed0').delete_all
+
+        expect(by_commit_sha).to be_empty
+      end
+    end
+
+    context 'with sha not contained in' do
+      let(:sha) { 'b83d6e3' }
+
+      it 'returns empty result' do
+        expect(by_commit_sha).to be_empty
+      end
+    end
+  end
+
   describe '.in_projects' do
     it 'returns the merge requests for a set of projects' do
       expect(described_class.in_projects(Project.all)).to eq([subject])
@@ -1030,6 +1063,83 @@ describe MergeRequest do
     end
   end
 
+  describe '#can_be_reverted?' do
+    context 'when there is no merged_at for the MR' do
+      before do
+        subject.metrics.update!(merged_at: nil)
+      end
+
+      it 'returns false' do
+        expect(subject.can_be_reverted?(nil)).to be_falsey
+      end
+    end
+
+    context 'when there is no merge_commit for the MR' do
+      before do
+        subject.metrics.update!(merged_at: Time.now.utc)
+      end
+
+      it 'returns false' do
+        expect(subject.can_be_reverted?(nil)).to be_falsey
+      end
+    end
+
+    context 'when the MR has been merged' do
+      before do
+        MergeRequests::MergeService
+          .new(subject.target_project, subject.author)
+          .execute(subject)
+      end
+
+      context 'when there is no revert commit' do
+        it 'returns true' do
+          expect(subject.can_be_reverted?(nil)).to be_truthy
+        end
+      end
+
+      context 'when there is a revert commit' do
+        let(:current_user) { subject.author }
+        let(:branch) { subject.target_branch }
+        let(:project) { subject.target_project }
+
+        let(:revert_commit_id) do
+          params = {
+            commit: subject.merge_commit,
+            branch_name: branch,
+            start_branch: branch
+          }
+
+          Commits::RevertService.new(project, current_user, params).execute[:result]
+        end
+
+        before do
+          project.add_master(current_user)
+
+          ProcessCommitWorker.new.perform(project.id,
+                                          current_user.id,
+                                          project.commit(revert_commit_id).to_hash,
+                                          project.default_branch == branch)
+        end
+
+        context 'when the revert commit is mentioned in a note after the MR was merged' do
+          it 'returns false' do
+            expect(subject.can_be_reverted?(current_user)).to be_falsey
+          end
+        end
+
+        context 'when the revert commit is mentioned in a note before the MR was merged' do
+          before do
+            subject.notes.last.update!(created_at: subject.metrics.merged_at - 1.second)
+          end
+
+          it 'returns true' do
+            expect(subject.can_be_reverted?(current_user)).to be_truthy
+          end
+        end
+      end
+    end
+  end
+
   describe '#participants' do
     let(:project) { create(:project, :public) }
 
@@ -1910,38 +2020,44 @@ describe MergeRequest do
   end
 
   describe '#rebase_in_progress?' do
-    # Create merge request and project before we stub file calls
-    before do
-      subject
-    end
+    shared_examples 'checking whether a rebase is in progress' do
+      let(:repo_path) { subject.source_project.repository.path }
+      let(:rebase_path) { File.join(repo_path, "gitlab-worktree", "rebase-#{subject.id}") }
 
-    it 'returns true when there is a current rebase directory' do
-      allow(File).to receive(:exist?).and_return(true)
-      allow(File).to receive(:mtime).and_return(Time.now)
+      before do
+        system(*%W(#{Gitlab.config.git.bin_path} -C #{repo_path} worktree add --detach #{rebase_path} master))
+      end
 
-      expect(subject.rebase_in_progress?).to be_truthy
-    end
+      it 'returns true when there is a current rebase directory' do
+        expect(subject.rebase_in_progress?).to be_truthy
+      end
 
-    it 'returns false when there is no rebase directory' do
-      allow(File).to receive(:exist?).and_return(false)
+      it 'returns false when there is no rebase directory' do
+        FileUtils.rm_rf(rebase_path)
 
-      expect(subject.rebase_in_progress?).to be_falsey
-    end
+        expect(subject.rebase_in_progress?).to be_falsey
+      end
+
+      it 'returns false when the rebase directory has expired' do
+        time = 20.minutes.ago.to_time
+        File.utime(time, time, rebase_path)
+
+        expect(subject.rebase_in_progress?).to be_falsey
+      end
 
-    it 'returns false when the rebase directory has expired' do
-      allow(File).to receive(:exist?).and_return(true)
-      allow(File).to receive(:mtime).and_return(20.minutes.ago)
+      it 'returns false when the source project has been removed' do
+        allow(subject).to receive(:source_project).and_return(nil)
 
-      expect(subject.rebase_in_progress?).to be_falsey
+        expect(subject.rebase_in_progress?).to be_falsey
+      end
     end
 
-    it 'returns false when the source project has been removed' do
-      allow(subject).to receive(:source_project).and_return(nil)
-      allow(File).to receive(:exist?).and_return(true)
-      allow(File).to receive(:mtime).and_return(Time.now)
+    context 'when Gitaly rebase_in_progress is enabled' do
+      it_behaves_like 'checking whether a rebase is in progress'
+    end
 
-      expect(File).not_to have_received(:exist?)
-      expect(subject.rebase_in_progress?).to be_falsey
+    context 'when Gitaly rebase_in_progress is enabled', :disable_gitaly do
+      it_behaves_like 'checking whether a rebase is in progress'
     end
   end
 end
diff --git a/spec/models/project_services/microsoft_teams_service_spec.rb b/spec/models/project_services/microsoft_teams_service_spec.rb
index 6a5d0decfec..733086e258f 100644
--- a/spec/models/project_services/microsoft_teams_service_spec.rb
+++ b/spec/models/project_services/microsoft_teams_service_spec.rb
@@ -92,6 +92,10 @@ describe MicrosoftTeamsService do
         service.hook_data(merge_request, 'open')
       end
 
+      before do
+        project.add_developer(user)
+      end
+
       it "calls Microsoft Teams API" do
         chat_service.execute(merge_sample_data)
 
diff --git a/spec/models/push_event_spec.rb b/spec/models/push_event_spec.rb
index ad3c3a406d9..bfe7a30b96a 100644
--- a/spec/models/push_event_spec.rb
+++ b/spec/models/push_event_spec.rb
@@ -63,12 +63,14 @@ describe PushEvent do
     let(:event2) { create(:push_event, project: project) }
     let(:event3) { create(:push_event, project: project) }
     let(:event4) { create(:push_event, project: project) }
+    let(:event5) { create(:push_event, project: project) }
 
     before do
       create(:push_event_payload, event: event1, ref: 'foo', action: :created)
       create(:push_event_payload, event: event2, ref: 'bar', action: :created)
-      create(:push_event_payload, event: event3, ref: 'baz', action: :removed)
-      create(:push_event_payload, event: event4, ref: 'baz', ref_type: :tag)
+      create(:push_event_payload, event: event3, ref: 'qux', action: :created)
+      create(:push_event_payload, event: event4, ref: 'baz', action: :removed)
+      create(:push_event_payload, event: event5, ref: 'baz', ref_type: :tag)
 
       project.repository.create_branch('bar', 'master')
 
@@ -78,6 +80,16 @@ describe PushEvent do
         target_project: project,
         source_branch: 'bar'
       )
+
+      project.repository.create_branch('qux', 'master')
+
+      create(
+        :merge_request,
+        :closed,
+        source_project: project,
+        target_project: project,
+        source_branch: 'qux'
+      )
     end
 
     let(:relation) { described_class.without_existing_merge_requests }
@@ -86,16 +98,20 @@ describe PushEvent do
       expect(relation).to include(event1)
     end
 
-    it 'does not include events that have a corresponding merge request' do
+    it 'does not include events that have a corresponding open merge request' do
       expect(relation).not_to include(event2)
     end
 
+    it 'includes events that has corresponding closed/merged merge requests' do
+      expect(relation).to include(event3)
+    end
+
     it 'does not include events for removed refs' do
-      expect(relation).not_to include(event3)
+      expect(relation).not_to include(event4)
     end
 
     it 'does not include events for pushing to tags' do
-      expect(relation).not_to include(event4)
+      expect(relation).not_to include(event5)
     end
   end
 
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index edd981752d9..baaa9e3ef44 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -358,28 +358,38 @@ describe Repository do
   end
 
   describe '#can_be_merged?' do
-    context 'mergeable branches' do
-      subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }
+    shared_examples 'can be merged' do
+      context 'mergeable branches' do
+        subject { repository.can_be_merged?('0b4bc9a49b562e85de7cc9e834518ea6828729b9', 'master') }
 
-      it { is_expected.to be_truthy }
-    end
+        it { is_expected.to be_truthy }
+      end
 
-    context 'non-mergeable branches' do
-      subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }
+      context 'non-mergeable branches' do
+        subject { repository.can_be_merged?('bb5206fee213d983da88c47f9cf4cc6caf9c66dc', 'feature') }
 
-      it { is_expected.to be_falsey }
-    end
+        it { is_expected.to be_falsey }
+      end
 
-    context 'non merged branch' do
-      subject { repository.merged_to_root_ref?('fix') }
+      context 'non merged branch' do
+        subject { repository.merged_to_root_ref?('fix') }
 
-      it { is_expected.to be_falsey }
+        it { is_expected.to be_falsey }
+      end
+
+      context 'non existent branch' do
+        subject { repository.merged_to_root_ref?('non_existent_branch') }
+
+        it { is_expected.to be_nil }
+      end
     end
 
-    context 'non existent branch' do
-      subject { repository.merged_to_root_ref?('non_existent_branch') }
+    context 'when Gitaly can_be_merged feature is enabled' do
+      it_behaves_like 'can be merged'
+    end
 
-      it { is_expected.to be_nil }
+    context 'when Gitaly can_be_merged feature is disabled', :disable_gitaly do
+      it_behaves_like 'can be merged'
     end
   end
 
@@ -647,7 +657,7 @@ describe Repository do
       subject { results.first }
 
       it { is_expected.to be_an String }
-      it { expect(subject.lines[2]).to eq("master:CHANGELOG:190:  - Feature: Replace teams with group membership\n") }
+      it { expect(subject.lines[2]).to eq("master:CHANGELOG\x00190\x00  - Feature: Replace teams with group membership\n") }
     end
   end
 
@@ -658,6 +668,18 @@ describe Repository do
       expect(results.first).to eq('files/html/500.html')
     end
 
+    it 'ignores leading slashes' do
+      results = repository.search_files_by_name('/files', 'master')
+
+      expect(results.first).to eq('files/html/500.html')
+    end
+
+    it 'properly handles when query is only slashes' do
+      results = repository.search_files_by_name('//', 'master')
+
+      expect(results).to match_array([])
+    end
+
     it 'properly handles when query is not present' do
       results = repository.search_files_by_name('', 'master')
 
diff --git a/spec/models/route_spec.rb b/spec/models/route_spec.rb
index ddad6862a63..8a3b1034f3c 100644
--- a/spec/models/route_spec.rb
+++ b/spec/models/route_spec.rb
@@ -16,6 +16,66 @@ describe Route do
     it { is_expected.to validate_presence_of(:source) }
     it { is_expected.to validate_presence_of(:path) }
     it { is_expected.to validate_uniqueness_of(:path).case_insensitive }
+
+    describe '#ensure_permanent_paths' do
+      context 'when the route is not yet persisted' do
+        let(:new_route) { described_class.new(path: 'foo', source: build(:group)) }
+
+        context 'when permanent conflicting redirects exist' do
+          it 'is invalid' do
+            redirect = build(:redirect_route, :permanent, path: 'foo/bar/baz')
+            redirect.save!(validate: false)
+
+            expect(new_route.valid?).to be_falsey
+            expect(new_route.errors.first[1]).to eq('foo has been taken before. Please use another one')
+          end
+        end
+
+        context 'when no permanent conflicting redirects exist' do
+          it 'is valid' do
+            expect(new_route.valid?).to be_truthy
+          end
+        end
+      end
+
+      context 'when path has changed' do
+        before do
+          route.path = 'foo'
+        end
+
+        context 'when permanent conflicting redirects exist' do
+          it 'is invalid' do
+            redirect = build(:redirect_route, :permanent, path: 'foo/bar/baz')
+            redirect.save!(validate: false)
+
+            expect(route.valid?).to be_falsey
+            expect(route.errors.first[1]).to eq('foo has been taken before. Please use another one')
+          end
+        end
+
+        context 'when no permanent conflicting redirects exist' do
+          it 'is valid' do
+            expect(route.valid?).to be_truthy
+          end
+        end
+      end
+
+      context 'when path has not changed' do
+        context 'when permanent conflicting redirects exist' do
+          it 'is valid' do
+            redirect = build(:redirect_route, :permanent, path: 'git_lab/foo/bar')
+            redirect.save!(validate: false)
+
+            expect(route.valid?).to be_truthy
+          end
+        end
+        context 'when no permanent conflicting redirects exist' do
+          it 'is valid' do
+            expect(route.valid?).to be_truthy
+          end
+        end
+      end
+    end
   end
 
   describe 'callbacks' do
diff --git a/spec/models/service_spec.rb b/spec/models/service_spec.rb
index ab6678cab38..79f25dc4360 100644
--- a/spec/models/service_spec.rb
+++ b/spec/models/service_spec.rb
@@ -280,4 +280,38 @@ describe Service do
       expect(KubernetesService.find_by_template).to eq(kubernetes_service)
     end
   end
+
+  describe '#api_field_names' do
+    let(:fake_service) do
+      Class.new(Service) do
+        def fields
+          [
+            { name: 'token' },
+            { name: 'api_token' },
+            { name: 'key' },
+            { name: 'api_key' },
+            { name: 'password' },
+            { name: 'password_field' },
+            { name: 'safe_field' }
+          ]
+        end
+      end
+    end
+
+    let(:service) do
+      fake_service.new(properties: [
+        { token: 'token-value' },
+        { api_token: 'api_token-value' },
+        { key: 'key-value' },
+        { api_key: 'api_key-value' },
+        { password: 'password-value' },
+        { password_field: 'password_field-value' },
+        { safe_field: 'safe_field-value' }
+      ])
+    end
+
+    it 'filters out sensitive fields' do
+      expect(service.api_field_names).to eq(['safe_field'])
+    end
+  end
 end
diff --git a/spec/requests/api/deploy_keys_spec.rb b/spec/requests/api/deploy_keys_spec.rb
index 1f1e6ea17e4..0772b3f2e64 100644
--- a/spec/requests/api/deploy_keys_spec.rb
+++ b/spec/requests/api/deploy_keys_spec.rb
@@ -110,7 +110,7 @@ describe API::DeployKeys do
     end
 
     it 'accepts can_push parameter' do
-      key_attrs = attributes_for :write_access_key
+      key_attrs = attributes_for(:another_key).merge(can_push: true)
 
       post api("/projects/#{project.id}/deploy_keys", admin), key_attrs
 
@@ -160,16 +160,6 @@ describe API::DeployKeys do
       expect(json_response['title']).to eq('new title')
       expect(json_response['can_push']).to eq(true)
     end
-
-    it 'updates a private ssh key from projects user has access with correct attributes' do
-      create(:deploy_keys_project, project: project2, deploy_key: private_deploy_key)
-
-      put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), { title: 'new title', can_push: true }
-
-      expect(json_response['id']).to eq(private_deploy_key.id)
-      expect(json_response['title']).to eq('new title')
-      expect(json_response['can_push']).to eq(true)
-    end
   end
 
   describe 'DELETE /projects/:id/deploy_keys/:key_id' do
diff --git a/spec/requests/api/deployments_spec.rb b/spec/requests/api/deployments_spec.rb
index 6732c99e329..51b70fda148 100644
--- a/spec/requests/api/deployments_spec.rb
+++ b/spec/requests/api/deployments_spec.rb
@@ -3,24 +3,65 @@ require 'spec_helper'
 describe API::Deployments do
   let(:user)        { create(:user) }
   let(:non_member)  { create(:user) }
-  let(:project)     { deployment.environment.project }
-  let!(:deployment) { create(:deployment) }
 
   before do
     project.add_master(user)
   end
 
   describe 'GET /projects/:id/deployments' do
+    let(:project) { create(:project) }
+    let!(:deployment_1) { create(:deployment, project: project, iid: 11, ref: 'master', created_at: Time.now) }
+    let!(:deployment_2) { create(:deployment, project: project, iid: 12, ref: 'feature', created_at: 1.day.ago) }
+    let!(:deployment_3) { create(:deployment, project: project, iid: 8, ref: 'feature', created_at: 2.days.ago) }
+
     context 'as member of the project' do
-      it 'returns projects deployments' do
+      it 'returns projects deployments sorted by id asc' do
         get api("/projects/#{project.id}/deployments", user)
 
         expect(response).to have_gitlab_http_status(200)
         expect(response).to include_pagination_headers
         expect(json_response).to be_an Array
-        expect(json_response.size).to eq(1)
-        expect(json_response.first['iid']).to eq(deployment.iid)
+        expect(json_response.size).to eq(3)
+        expect(json_response.first['iid']).to eq(deployment_1.iid)
         expect(json_response.first['sha']).to match /\A\h{40}\z/
+        expect(json_response.second['iid']).to eq(deployment_2.iid)
+        expect(json_response.last['iid']).to eq(deployment_3.iid)
+      end
+
+      describe 'ordering' do
+        using RSpec::Parameterized::TableSyntax
+
+        let(:order_by) { nil }
+        let(:sort) { nil }
+
+        subject { get api("/projects/#{project.id}/deployments?order_by=#{order_by}&sort=#{sort}", user) }
+
+        def expect_deployments(ordered_deployments)
+          json_response.each_with_index do |deployment_json, index|
+            expect(deployment_json['id']).to eq(public_send(ordered_deployments[index]).id)
+          end
+        end
+
+        before do
+          subject
+        end
+
+        where(:order_by, :sort, :ordered_deployments) do
+          'created_at' | 'asc'  | [:deployment_3, :deployment_2, :deployment_1]
+          'created_at' | 'desc' | [:deployment_1, :deployment_2, :deployment_3]
+          'id'         | 'asc'  | [:deployment_1, :deployment_2, :deployment_3]
+          'id'         | 'desc' | [:deployment_3, :deployment_2, :deployment_1]
+          'iid'        | 'asc'  | [:deployment_3, :deployment_1, :deployment_2]
+          'iid'        | 'desc' | [:deployment_2, :deployment_1, :deployment_3]
+          'ref'        | 'asc'  | [:deployment_2, :deployment_3, :deployment_1]
+          'ref'        | 'desc' | [:deployment_1, :deployment_2, :deployment_3]
+        end
+
+        with_them do
+          it 'returns the deployments ordered' do
+            expect_deployments(ordered_deployments)
+          end
+        end
       end
     end
 
@@ -34,6 +75,9 @@ describe API::Deployments do
   end
 
   describe 'GET /projects/:id/deployments/:deployment_id' do
+    let(:project)     { deployment.environment.project }
+    let!(:deployment) { create(:deployment) }
+
     context 'as a member of the project' do
       it 'returns the projects deployment' do
         get api("/projects/#{project.id}/deployments/#{deployment.id}", user)
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index 320217f2032..43218755f4f 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -847,6 +847,15 @@ describe API::Issues, :mailer do
         expect(json_response['assignee']['name']).to eq(user2.name)
         expect(json_response['assignees'].first['name']).to eq(user2.name)
       end
+
+      it 'creates a new project issue when assignee_id is empty' do
+        post api("/projects/#{project.id}/issues", user),
+          title: 'new issue', assignee_id: ''
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['title']).to eq('new issue')
+        expect(json_response['assignee']).to be_nil
+      end
     end
 
     context 'single assignee restrictions' do
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb
index 805496e4a54..e211c347266 100644
--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
@@ -25,8 +25,10 @@ describe API::Jobs do
   describe 'GET /projects/:id/jobs' do
     let(:query) { Hash.new }
 
-    before do
-      get api("/projects/#{project.id}/jobs", api_user), query
+    before do |example|
+      unless example.metadata[:skip_before_request]
+        get api("/projects/#{project.id}/jobs", api_user), query
+      end
     end
 
     context 'authorized user' do
@@ -51,6 +53,23 @@ describe API::Jobs do
         expect(json_job['pipeline']['status']).to eq job.pipeline.status
       end
 
+      it 'avoids N+1 queries', skip_before_request: true do
+        first_build = create(:ci_build, :artifacts, pipeline: pipeline)
+        first_build.runner = create(:ci_runner)
+        first_build.user = create(:user)
+        first_build.save
+
+        control_count = ActiveRecord::QueryRecorder.new { go }.count
+
+        second_pipeline = create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch)
+        second_build = create(:ci_build, :artifacts, pipeline: second_pipeline)
+        second_build.runner = create(:ci_runner)
+        second_build.user = create(:user)
+        second_build.save
+
+        expect { go }.not_to exceed_query_limit(control_count)
+      end
+
       context 'filter project with one scope element' do
         let(:query) { { 'scope' => 'pending' } }
 
@@ -83,6 +102,10 @@ describe API::Jobs do
         expect(response).to have_gitlab_http_status(401)
       end
     end
+
+    def go
+      get api("/projects/#{project.id}/jobs", api_user), query
+    end
   end
 
   describe 'GET /projects/:id/pipelines/:pipeline_id/jobs' do
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 4eae3e50602..8e2982f1a5d 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -754,16 +754,28 @@ describe API::MergeRequests do
         expect(response).to have_gitlab_http_status(400)
       end
 
-      context 'when target_branch is specified' do
+      context 'when target_branch and target_project_id is specified' do
+        let(:params) do
+          { title: 'Test merge_request',
+            target_branch: 'master',
+            source_branch: 'markdown',
+            author: user2,
+            target_project_id: unrelated_project.id }
+        end
+
         it 'returns 422 if targeting a different fork' do
-          post api("/projects/#{forked_project.id}/merge_requests", user2),
-               title: 'Test merge_request',
-               target_branch: 'master',
-               source_branch: 'markdown',
-               author: user2,
-               target_project_id: unrelated_project.id
+          unrelated_project.add_developer(user2)
+
+          post api("/projects/#{forked_project.id}/merge_requests", user2), params
+
           expect(response).to have_gitlab_http_status(422)
         end
+
+        it 'returns 403 if targeting a different fork which user can not access' do
+          post api("/projects/#{forked_project.id}/merge_requests", user2), params
+
+          expect(response).to have_gitlab_http_status(403)
+        end
       end
 
       it "returns 201 when target_branch is specified and for the same project" do
diff --git a/spec/requests/api/project_milestones_spec.rb b/spec/requests/api/project_milestones_spec.rb
index 08ea7314bb3..6c05c166bd6 100644
--- a/spec/requests/api/project_milestones_spec.rb
+++ b/spec/requests/api/project_milestones_spec.rb
@@ -14,6 +14,46 @@ describe API::ProjectMilestones do
     let(:route) { "/projects/#{project.id}/milestones" }
   end
 
+  describe 'DELETE /projects/:id/milestones/:milestone_id' do
+    let(:guest) { create(:user) }
+    let(:reporter) { create(:user) }
+
+    before do
+      project.add_reporter(reporter)
+    end
+
+    it 'returns 404 response when the project does not exists' do
+      delete api("/projects/999/milestones/#{milestone.id}", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'returns 404 response when the milestone does not exists' do
+      delete api("/projects/#{project.id}/milestones/999", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it "returns 404 from guest user deleting a milestone" do
+      delete api("/projects/#{project.id}/milestones/#{milestone.id}", guest)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it "rejects a member with reporter access from deleting a milestone" do
+      delete api("/projects/#{project.id}/milestones/#{milestone.id}", reporter)
+
+      expect(response).to have_gitlab_http_status(403)
+    end
+
+    it 'deletes the milestone when the user has developer access to the project' do
+      delete api("/projects/#{project.id}/milestones/#{milestone.id}", user)
+
+      expect(project.milestones.find_by_id(milestone.id)).to be_nil
+      expect(response).to have_gitlab_http_status(204)
+    end
+  end
+
   describe 'PUT /projects/:id/milestones/:milestone_id to test observer on close' do
     it 'creates an activity event when an milestone is closed' do
       expect(Event).to receive(:create!)
diff --git a/spec/requests/api/services_spec.rb b/spec/requests/api/services_spec.rb
index 26d56c04862..236f8d7faf5 100644
--- a/spec/requests/api/services_spec.rb
+++ b/spec/requests/api/services_spec.rb
@@ -83,14 +83,14 @@ describe API::Services do
         get api("/projects/#{project.id}/services/#{dashed_service}", admin)
 
         expect(response).to have_gitlab_http_status(200)
-        expect(json_response['properties'].keys.map(&:to_sym)).to match_array(service_attrs_list.map)
+        expect(json_response['properties'].keys).to match_array(service_instance.api_field_names)
       end
 
       it "returns properties of service #{service} other than passwords when authenticated as project owner" do
         get api("/projects/#{project.id}/services/#{dashed_service}", user)
 
         expect(response).to have_gitlab_http_status(200)
-        expect(json_response['properties'].keys.map(&:to_sym)).to match_array(service_attrs_list_without_passwords)
+        expect(json_response['properties'].keys).to match_array(service_instance.api_field_names)
       end
 
       it "returns error when authenticated but not a project owner" do
diff --git a/spec/requests/api/v3/builds_spec.rb b/spec/requests/api/v3/builds_spec.rb
index a73bb456b52..cdbc5692e19 100644
--- a/spec/requests/api/v3/builds_spec.rb
+++ b/spec/requests/api/v3/builds_spec.rb
@@ -13,10 +13,12 @@ describe API::V3::Builds do
   describe 'GET /projects/:id/builds ' do
     let(:query) { '' }
 
-    before do
+    before do |example|
       create(:ci_build, :skipped, pipeline: pipeline)
 
-      get v3_api("/projects/#{project.id}/builds?#{query}", api_user)
+      unless example.metadata[:skip_before_request]
+        get v3_api("/projects/#{project.id}/builds?#{query}", api_user)
+      end
     end
 
     context 'authorized user' do
@@ -40,6 +42,23 @@ describe API::V3::Builds do
         expect(json_build['pipeline']['status']).to eq build.pipeline.status
       end
 
+      it 'avoids N+1 queries', skip_before_request: true do
+        first_build = create(:ci_build, :artifacts, pipeline: pipeline)
+        first_build.runner = create(:ci_runner)
+        first_build.user = create(:user)
+        first_build.save
+
+        control_count = ActiveRecord::QueryRecorder.new { go }.count
+
+        second_pipeline = create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch)
+        second_build = create(:ci_build, :artifacts, pipeline: second_pipeline)
+        second_build.runner = create(:ci_runner)
+        second_build.user = create(:user)
+        second_build.save
+
+        expect { go }.not_to exceed_query_limit(control_count)
+      end
+
       context 'filter project with one scope element' do
         let(:query) { 'scope=pending' }
 
@@ -84,6 +103,10 @@ describe API::V3::Builds do
         expect(response).to have_gitlab_http_status(401)
       end
     end
+
+    def go
+      get v3_api("/projects/#{project.id}/builds?#{query}", api_user)
+    end
   end
 
   describe 'GET /projects/:id/repository/commits/:sha/builds' do
diff --git a/spec/requests/api/v3/deploy_keys_spec.rb b/spec/requests/api/v3/deploy_keys_spec.rb
index 785bc1eb4ba..501af587ad4 100644
--- a/spec/requests/api/v3/deploy_keys_spec.rb
+++ b/spec/requests/api/v3/deploy_keys_spec.rb
@@ -107,7 +107,7 @@ describe API::V3::DeployKeys do
       end
 
       it 'accepts can_push parameter' do
-        key_attrs = attributes_for :write_access_key
+        key_attrs = attributes_for(:another_key).merge(can_push: true)
 
         post v3_api("/projects/#{project.id}/#{path}", admin), key_attrs
 
diff --git a/spec/requests/api/v3/merge_requests_spec.rb b/spec/requests/api/v3/merge_requests_spec.rb
index b8b7d9d1c40..6b748369f0d 100644
--- a/spec/requests/api/v3/merge_requests_spec.rb
+++ b/spec/requests/api/v3/merge_requests_spec.rb
@@ -371,16 +371,28 @@ describe API::MergeRequests do
         expect(response).to have_gitlab_http_status(400)
       end
 
-      context 'when target_branch is specified' do
+      context 'when target_branch and target_project_id is specified' do
+        let(:params) do
+          { title: 'Test merge_request',
+            target_branch: 'master',
+            source_branch: 'markdown',
+            author: user2,
+            target_project_id: unrelated_project.id }
+        end
+
         it 'returns 422 if targeting a different fork' do
-          post v3_api("/projects/#{forked_project.id}/merge_requests", user2),
-               title: 'Test merge_request',
-               target_branch: 'master',
-               source_branch: 'markdown',
-               author: user2,
-               target_project_id: unrelated_project.id
+          unrelated_project.add_developer(user2)
+
+          post v3_api("/projects/#{forked_project.id}/merge_requests", user2), params
+
           expect(response).to have_gitlab_http_status(422)
         end
+
+        it 'returns 403 if targeting a different fork which user can not access' do
+          post v3_api("/projects/#{forked_project.id}/merge_requests", user2), params
+
+          expect(response).to have_gitlab_http_status(403)
+        end
       end
 
       it "returns 201 when target_branch is specified and for the same project" do
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index 5e59bb0d585..bee918a20aa 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -781,11 +781,11 @@ describe 'Git LFS API and storage' do
         end
 
         context 'when deploy key has project push access' do
-          let(:key) { create(:deploy_key, can_push: true) }
+          let(:key) { create(:deploy_key) }
           let(:authorization) { authorize_deploy_key }
 
           let(:update_user_permissions) do
-            project.deploy_keys << key
+            project.deploy_keys_projects.create(deploy_key: key, can_push: true)
           end
 
           it_behaves_like 'pushes new LFS objects'
diff --git a/spec/rubocop/cop/gitlab/predicate_memoization_spec.rb b/spec/rubocop/cop/gitlab/predicate_memoization_spec.rb
new file mode 100644
index 00000000000..21fc4584654
--- /dev/null
+++ b/spec/rubocop/cop/gitlab/predicate_memoization_spec.rb
@@ -0,0 +1,100 @@
+require 'spec_helper'
+require 'rubocop'
+require 'rubocop/rspec/support'
+require_relative '../../../../rubocop/cop/gitlab/predicate_memoization'
+
+describe RuboCop::Cop::Gitlab::PredicateMemoization do
+  include CopHelper
+
+  subject(:cop) { described_class.new }
+
+  shared_examples('registering offense') do |options|
+    let(:offending_lines) { options[:offending_lines] }
+
+    it 'registers an offense when a predicate method is memoizing via ivar' do
+      inspect_source(source)
+
+      aggregate_failures do
+        expect(cop.offenses.size).to eq(offending_lines.size)
+        expect(cop.offenses.map(&:line)).to eq(offending_lines)
+      end
+    end
+  end
+
+  shared_examples('not registering offense') do
+    it 'does not register offenses' do
+      inspect_source(source)
+
+      expect(cop.offenses).to be_empty
+    end
+  end
+
+  context 'when source is a predicate method memoizing via ivar' do
+    it_behaves_like 'registering offense', offending_lines: [3] do
+      let(:source) do
+        <<~RUBY
+          class C
+            def really?
+              @really ||= true
+            end
+          end
+        RUBY
+      end
+    end
+
+    it_behaves_like 'registering offense', offending_lines: [4] do
+      let(:source) do
+        <<~RUBY
+          class C
+            def really?
+              value = true
+              @really ||= value
+            end
+          end
+        RUBY
+      end
+    end
+  end
+
+  context 'when source is a predicate method using ivar with assignment' do
+    it_behaves_like 'not registering offense' do
+      let(:source) do
+        <<~RUBY
+          class C
+            def really?
+              @really = true
+            end
+          end
+        RUBY
+      end
+    end
+  end
+
+  context 'when source is a predicate method using local with ||=' do
+    it_behaves_like 'not registering offense' do
+      let(:source) do
+        <<~RUBY
+          class C
+            def really?
+              really ||= true
+            end
+          end
+        RUBY
+      end
+    end
+  end
+
+  context 'when source is a regular method memoizing via ivar' do
+    it_behaves_like 'not registering offense' do
+      let(:source) do
+        <<~RUBY
+          class C
+            def really
+              @really ||= true
+            end
+          end
+        RUBY
+      end
+    end
+  end
+end
diff --git a/spec/serializers/deploy_key_entity_spec.rb b/spec/serializers/deploy_key_entity_spec.rb
index d3aefa2c9eb..2bd8162d1b7 100644
--- a/spec/serializers/deploy_key_entity_spec.rb
+++ b/spec/serializers/deploy_key_entity_spec.rb
@@ -21,18 +21,21 @@ describe DeployKeyEntity do
         user_id: deploy_key.user_id,
         title: deploy_key.title,
         fingerprint: deploy_key.fingerprint,
-        can_push: deploy_key.can_push,
         destroyed_when_orphaned: true,
         almost_orphaned: false,
         created_at: deploy_key.created_at,
         updated_at: deploy_key.updated_at,
         can_edit: false,
-        projects: [
+        deploy_keys_projects: [
           {
-            id: project.id,
-            name: project.name,
-            full_path: project_path(project),
-            full_name: project.full_name
+            can_push: false,
+            project:
+            {
+              id: project.id,
+              name: project.name,
+              full_path: project_path(project),
+              full_name: project.full_name
+            }
           }
         ]
       }
diff --git a/spec/services/labels/promote_service_spec.rb b/spec/services/labels/promote_service_spec.rb
index 8809b282127..aa9aba6bdff 100644
--- a/spec/services/labels/promote_service_spec.rb
+++ b/spec/services/labels/promote_service_spec.rb
@@ -85,6 +85,19 @@ describe Labels::PromoteService do
           change(project_3.labels, :count).by(-1)
       end
 
+      it 'keeps users\' subscriptions' do
+        user2 = create(:user)
+        project_label_1_1.subscriptions.create(user: user, subscribed: true)
+        project_label_2_1.subscriptions.create(user: user, subscribed: true)
+        project_label_3_2.subscriptions.create(user: user, subscribed: true)
+        project_label_2_1.subscriptions.create(user: user2, subscribed: true)
+
+        expect { service.execute(project_label_1_1) }.to change { Subscription.count }.from(4).to(3)
+
+        expect(new_label.subscribed?(user)).to be_truthy
+        expect(new_label.subscribed?(user2)).to be_truthy
+      end
+
       it 'recreates priorities' do
         service.execute(project_label_1_1)
 
diff --git a/spec/services/merge_requests/create_from_issue_service_spec.rb b/spec/services/merge_requests/create_from_issue_service_spec.rb
index 623b182b205..75553afc033 100644
--- a/spec/services/merge_requests/create_from_issue_service_spec.rb
+++ b/spec/services/merge_requests/create_from_issue_service_spec.rb
@@ -112,5 +112,24 @@ describe MergeRequests::CreateFromIssueService do
 
       expect(result[:merge_request].assignee).to eq(user)
     end
+
+    context 'when ref branch is set' do
+      subject { described_class.new(project, user, issue_iid: issue.iid, ref: 'feature').execute }
+
+      it 'sets the merge request source branch to the new issue branch' do
+        expect(subject[:merge_request].source_branch).to eq(issue.to_branch_name)
+      end
+
+      it 'sets the merge request target branch to the ref branch' do
+        expect(subject[:merge_request].target_branch).to eq('feature')
+      end
+
+      context 'when ref branch does not exist' do
+        it 'does not create a merge request' do
+          expect { described_class.new(project, user, issue_iid: issue.iid, ref: 'nobr').execute }
+            .not_to change { project.merge_requests.count }
+        end
+      end
+    end
   end
 end
diff --git a/spec/services/merge_requests/create_service_spec.rb b/spec/services/merge_requests/create_service_spec.rb
index dd8c803a2f7..5d226f34d2d 100644
--- a/spec/services/merge_requests/create_service_spec.rb
+++ b/spec/services/merge_requests/create_service_spec.rb
@@ -263,5 +263,66 @@ describe MergeRequests::CreateService do
         expect(issue_ids).to match_array([first_issue.id, second_issue.id])
       end
     end
+
+    context 'when source and target projects are different' do
+      let(:target_project) { create(:project) }
+
+      let(:opts) do
+        {
+          title: 'Awesome merge_request',
+          source_branch: 'feature',
+          target_branch: 'master',
+          target_project_id: target_project.id
+        }
+      end
+
+      context 'when user can not access source project' do
+        before do
+          target_project.add_developer(assignee)
+          target_project.add_master(user)
+        end
+
+        it 'raises an error' do
+          expect { described_class.new(project, user, opts).execute }
+            .to raise_error Gitlab::Access::AccessDeniedError
+        end
+      end
+
+      context 'when user can not access target project' do
+        before do
+          target_project.add_developer(assignee)
+          target_project.add_master(user)
+        end
+
+        it 'raises an error' do
+          expect { described_class.new(project, user, opts).execute }
+            .to raise_error Gitlab::Access::AccessDeniedError
+        end
+      end
+    end
+
+    context 'when user sets source project id' do
+      let(:another_project) { create(:project) }
+
+      let(:opts) do
+        {
+          title: 'Awesome merge_request',
+          source_branch: 'feature',
+          target_branch: 'master',
+          source_project_id: another_project.id
+        }
+      end
+
+      before do
+        project.add_developer(assignee)
+        project.add_master(user)
+      end
+
+      it 'ignores source_project_id' do
+        merge_request = described_class.new(project, user, opts).execute
+
+        expect(merge_request.source_project_id).to eq(project.id)
+      end
+    end
   end
 end
diff --git a/spec/services/merge_requests/rebase_service_spec.rb b/spec/services/merge_requests/rebase_service_spec.rb
index 5f047e61c31..fc1c3d67203 100644
--- a/spec/services/merge_requests/rebase_service_spec.rb
+++ b/spec/services/merge_requests/rebase_service_spec.rb
@@ -36,7 +36,7 @@ describe MergeRequests::RebaseService do
       end
     end
 
-    context 'when unexpected error occurs' do
+    context 'when unexpected error occurs', :disable_gitaly do
       before do
         allow(repository).to receive(:run_git!).and_raise('Something went wrong')
       end
@@ -53,7 +53,7 @@ describe MergeRequests::RebaseService do
       end
     end
 
-    context 'with git command failure' do
+    context 'with git command failure', :disable_gitaly do
       before do
         allow(repository).to receive(:run_git!).and_raise(Gitlab::Git::Repository::GitError, 'Something went wrong')
       end
@@ -71,31 +71,41 @@ describe MergeRequests::RebaseService do
     end
 
     context 'valid params' do
-      before do
-        service.execute(merge_request)
-      end
+      shared_examples 'successful rebase' do
+        before do
+          service.execute(merge_request)
+        end
 
-      it 'rebases source branch' do
-        parent_sha = merge_request.source_project.repository.commit(merge_request.source_branch).parents.first.sha
-        target_branch_sha = merge_request.target_project.repository.commit(merge_request.target_branch).sha
-        expect(parent_sha).to eq(target_branch_sha)
-      end
+        it 'rebases source branch' do
+          parent_sha = merge_request.source_project.repository.commit(merge_request.source_branch).parents.first.sha
+          target_branch_sha = merge_request.target_project.repository.commit(merge_request.target_branch).sha
+          expect(parent_sha).to eq(target_branch_sha)
+        end
 
-      it 'records the new SHA on the merge request' do
-        head_sha = merge_request.source_project.repository.commit(merge_request.source_branch).sha
-        expect(merge_request.reload.rebase_commit_sha).to eq(head_sha)
+        it 'records the new SHA on the merge request' do
+          head_sha = merge_request.source_project.repository.commit(merge_request.source_branch).sha
+          expect(merge_request.reload.rebase_commit_sha).to eq(head_sha)
+        end
+
+        it 'logs correct author and commiter' do
+          head_commit = merge_request.source_project.repository.commit(merge_request.source_branch)
+
+          expect(head_commit.author_email).to eq('dmitriy.zaporozhets@gmail.com')
+          expect(head_commit.author_name).to eq('Dmitriy Zaporozhets')
+          expect(head_commit.committer_email).to eq(user.email)
+          expect(head_commit.committer_name).to eq(user.name)
+        end
       end
 
-      it 'logs correct author and commiter' do
-        head_commit = merge_request.source_project.repository.commit(merge_request.source_branch)
+      context 'when Gitaly rebase feature is enabled' do
+        it_behaves_like 'successful rebase'
+      end
 
-        expect(head_commit.author_email).to eq('dmitriy.zaporozhets@gmail.com')
-        expect(head_commit.author_name).to eq('Dmitriy Zaporozhets')
-        expect(head_commit.committer_email).to eq(user.email)
-        expect(head_commit.committer_name).to eq(user.name)
+      context 'when Gitaly rebase feature is disabled', :disable_gitaly do
+        it_behaves_like 'successful rebase'
       end
 
-      context 'git commands' do
+      context 'git commands', :disable_gitaly do
         it 'sets GL_REPOSITORY env variable when calling git commands' do
           expect(repository).to receive(:popen).exactly(3)
             .with(anything, anything, hash_including('GL_REPOSITORY'))
@@ -106,27 +116,37 @@ describe MergeRequests::RebaseService do
       end
 
       context 'fork' do
-        let(:forked_project) do
-          fork_project(project, user, repository: true)
+        shared_examples 'successful fork rebase' do
+          let(:forked_project) do
+            fork_project(project, user, repository: true)
+          end
+
+          let(:merge_request_from_fork) do
+            forked_project.repository.create_file(
+              user,
+              'new-file-to-target',
+              '',
+              message: 'Add new file to target',
+              branch_name: 'master')
+
+            create(:merge_request,
+                  source_branch: 'master', source_project: forked_project,
+                  target_branch: 'master', target_project: project)
+          end
+
+          it 'rebases source branch' do
+            parent_sha = forked_project.repository.commit(merge_request_from_fork.source_branch).parents.first.sha
+            target_branch_sha = project.repository.commit(merge_request_from_fork.target_branch).sha
+            expect(parent_sha).to eq(target_branch_sha)
+          end
         end
 
-        let(:merge_request_from_fork) do
-          forked_project.repository.create_file(
-            user,
-            'new-file-to-target',
-            '',
-            message: 'Add new file to target',
-            branch_name: 'master')
-
-          create(:merge_request,
-                 source_branch: 'master', source_project: forked_project,
-                 target_branch: 'master', target_project: project)
+        context 'when Gitaly rebase feature is enabled' do
+          it_behaves_like 'successful fork rebase'
         end
 
-        it 'rebases source branch' do
-          parent_sha = forked_project.repository.commit(merge_request_from_fork.source_branch).parents.first.sha
-          target_branch_sha = project.repository.commit(merge_request_from_fork.target_branch).sha
-          expect(parent_sha).to eq(target_branch_sha)
+        context 'when Gitaly rebase feature is disabled', :disable_gitaly do
+          it_behaves_like 'successful fork rebase'
         end
       end
     end
diff --git a/spec/services/projects/autocomplete_service_spec.rb b/spec/services/projects/autocomplete_service_spec.rb
index 7a8c54673f7..f7ff8b80bd7 100644
--- a/spec/services/projects/autocomplete_service_spec.rb
+++ b/spec/services/projects/autocomplete_service_spec.rb
@@ -93,26 +93,27 @@ describe Projects::AutocompleteService do
     let(:user) { create(:user) }
     let(:group) { create(:group) }
     let(:project) { create(:project, group: group) }
-    let!(:group_milestone) { create(:milestone, group: group) }
-    let!(:project_milestone) { create(:milestone, project: project) }
+    let!(:group_milestone1) { create(:milestone, group: group, due_date: '2017-01-01', title: 'Second Title') }
+    let!(:group_milestone2) { create(:milestone, group: group, due_date: '2017-01-01', title: 'First Title') }
+    let!(:project_milestone) { create(:milestone, project: project, due_date: '2016-01-01') }
 
     let(:milestone_titles) { described_class.new(project, user).milestones.map(&:title) }
 
-    it 'includes project and group milestones' do
-      expect(milestone_titles).to eq([group_milestone.title, project_milestone.title])
+    it 'includes project and group milestones and sorts them correctly' do
+      expect(milestone_titles).to eq([project_milestone.title, group_milestone2.title, group_milestone1.title])
     end
 
     it 'does not include closed milestones' do
-      group_milestone.close
+      group_milestone1.close
 
-      expect(milestone_titles).to eq([project_milestone.title])
+      expect(milestone_titles).to eq([project_milestone.title, group_milestone2.title])
     end
 
     it 'does not include milestones from other projects in the group' do
       other_project = create(:project, group: group)
       project_milestone.update!(project: other_project)
 
-      expect(milestone_titles).to eq([group_milestone.title])
+      expect(milestone_titles).to eq([group_milestone2.title, group_milestone1.title])
     end
   end
 end
diff --git a/spec/services/projects/gitlab_projects_import_service_spec.rb b/spec/services/projects/gitlab_projects_import_service_spec.rb
new file mode 100644
index 00000000000..bb0e274c93e
--- /dev/null
+++ b/spec/services/projects/gitlab_projects_import_service_spec.rb
@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe Projects::GitlabProjectsImportService do
+  set(:namespace) { build(:namespace) }
+  let(:file) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
+  subject { described_class.new(namespace.owner, { namespace_id: namespace.id, path: path, file: file }) }
+
+  describe '#execute' do
+    context 'with an invalid path' do
+      let(:path) { '/invalid-path/' }
+
+      it 'returns an invalid project' do
+        project = subject.execute
+
+        expect(project).not_to be_persisted
+        expect(project).not_to be_valid
+      end
+    end
+
+    context 'with a valid path' do
+      let(:path) { 'test-path' }
+
+      it 'creates a project' do
+        project = subject.execute
+
+        expect(project).to be_persisted
+        expect(project).to be_valid
+      end
+    end
+  end
+end
diff --git a/spec/services/system_hooks_service_spec.rb b/spec/services/system_hooks_service_spec.rb
index 46cd10cdc12..c40cd5b7548 100644
--- a/spec/services/system_hooks_service_spec.rb
+++ b/spec/services/system_hooks_service_spec.rb
@@ -105,12 +105,25 @@ describe SystemHooksService do
         expect(data[:old_username]).to eq(user.username_was)
       end
     end
+
+    context 'user_failed_login' do
+      it 'contains state of user' do
+        user.ldap_block!
+
+        data = event_data(user, :failed_login)
+
+        expect(data).to include(:event_name, :name, :created_at, :updated_at, :email, :user_id, :username, :state)
+        expect(data[:username]).to eq(user.username)
+        expect(data[:state]).to eq('ldap_blocked')
+      end
+    end
   end
 
   context 'event names' do
     it { expect(event_name(user, :create)).to eq "user_create" }
     it { expect(event_name(user, :destroy)).to eq "user_destroy" }
     it { expect(event_name(user, :rename)).to eq 'user_rename' }
+    it { expect(event_name(user, :failed_login)).to eq 'user_failed_login' }
     it { expect(event_name(project, :create)).to eq "project_create" }
     it { expect(event_name(project, :destroy)).to eq "project_destroy" }
     it { expect(event_name(project, :rename)).to eq "project_rename" }
diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb
index 965fd39c967..ab3a257f36f 100644
--- a/spec/services/system_note_service_spec.rb
+++ b/spec/services/system_note_service_spec.rb
@@ -158,7 +158,7 @@ describe SystemNoteService do
     end
 
     it 'builds a correct phrase when assignee removed' do
-      expect(build_note([assignee1], [])).to eq 'removed assignee'
+      expect(build_note([assignee1], [])).to eq "unassigned @#{assignee1.username}"
     end
 
     it 'builds a correct phrase when assignees changed' do
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index f51bb44086b..6186fb92bad 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -97,10 +97,6 @@ RSpec.configure do |config|
     TestEnv.init
   end
 
-  config.after(:suite) do
-    TestEnv.cleanup
-  end
-
   config.before(:example) do
     # Skip pre-receive hook check so we can use the web editor and merge.
     allow_any_instance_of(Gitlab::Git::Hook).to receive(:trigger).and_return([true, nil])
diff --git a/spec/support/devise_helpers.rb b/spec/support/devise_helpers.rb
index 890a2d9d287..66874e10f38 100644
--- a/spec/support/devise_helpers.rb
+++ b/spec/support/devise_helpers.rb
@@ -2,13 +2,16 @@ module DeviseHelpers
   # explicitly tells Devise which mapping to use
   # this is needed when we are testing a Devise controller bypassing the router
   def set_devise_mapping(context:)
-    env =
-      if context.respond_to?(:env_config)
-        context.env_config
-      elsif context.respond_to?(:env)
-        context.env
-      end
+    env = env_from_context(context)
 
     env['devise.mapping'] = Devise.mappings[:user] if env
   end
+
+  def env_from_context(context)
+    if context.respond_to?(:env_config)
+      context.env_config
+    elsif context.respond_to?(:env)
+      context.env
+    end
+  end
 end
diff --git a/spec/support/login_helpers.rb b/spec/support/login_helpers.rb
index 50702a0ac88..b52b6a28c54 100644
--- a/spec/support/login_helpers.rb
+++ b/spec/support/login_helpers.rb
@@ -125,6 +125,13 @@ module LoginHelpers
     })
   end
 
+  def stub_omniauth_provider(provider, context: Rails.application)
+    env = env_from_context(context)
+
+    set_devise_mapping(context: context)
+    env['omniauth.auth'] = OmniAuth.config.mock_auth[provider]
+  end
+
   def stub_omniauth_saml_config(messages)
     set_devise_mapping(context: Rails.application)
     Rails.application.routes.disable_clear_and_finalize = true
diff --git a/spec/support/services_shared_context.rb b/spec/support/services_shared_context.rb
index 3f1fd169b72..23f9b46ae0c 100644
--- a/spec/support/services_shared_context.rb
+++ b/spec/support/services_shared_context.rb
@@ -3,13 +3,9 @@ Service.available_services_names.each do |service|
     let(:dashed_service) { service.dasherize }
     let(:service_method) { "#{service}_service".to_sym }
     let(:service_klass) { "#{service}_service".classify.constantize }
-    let(:service_fields) { service_klass.new.fields }
+    let(:service_instance) { service_klass.new }
+    let(:service_fields) { service_instance.fields }
     let(:service_attrs_list) { service_fields.inject([]) {|arr, hash| arr << hash[:name].to_sym } }
-    let(:service_attrs_list_without_passwords) do
-      service_fields
-        .select { |field| field[:type] != 'password' }
-        .map { |field| field[:name].to_sym}
-    end
     let(:service_attrs) do
       service_attrs_list.inject({}) do |hash, k|
         if k =~ /^(token*|.*_token|.*_key)/
diff --git a/spec/support/slack_mattermost_notifications_shared_examples.rb b/spec/support/slack_mattermost_notifications_shared_examples.rb
index 17f3a861ba8..e827a8da0b7 100644
--- a/spec/support/slack_mattermost_notifications_shared_examples.rb
+++ b/spec/support/slack_mattermost_notifications_shared_examples.rb
@@ -57,6 +57,7 @@ RSpec.shared_examples 'slack or mattermost notifications' do
       @issue = issue_service.execute
       @issues_sample_data = issue_service.hook_data(@issue, 'open')
 
+      project.add_developer(user)
       opts = {
         title: 'Awesome merge_request',
         description: 'please fix',
diff --git a/spec/support/test_env.rb b/spec/support/test_env.rb
index 25ff6094408..fd6368e7b40 100644
--- a/spec/support/test_env.rb
+++ b/spec/support/test_env.rb
@@ -90,10 +90,6 @@ module TestEnv
     setup_forked_repo
   end
 
-  def cleanup
-    stop_gitaly
-  end
-
   def disable_mailer
     allow_any_instance_of(NotificationService).to receive(:mailer)
       .and_return(double.as_null_object)
@@ -163,6 +159,8 @@ module TestEnv
 
     spawn_script = Rails.root.join('scripts/gitaly-test-spawn').to_s
     @gitaly_pid = Bundler.with_original_env { IO.popen([spawn_script], &:read).to_i }
+    Kernel.at_exit { stop_gitaly }
+
     wait_gitaly
   end
 
@@ -309,7 +307,7 @@ module TestEnv
 
       # Before we used Git clone's --mirror option, bare repos could end up
       # with missing refs, clearing them and retrying should fix the issue.
-      cleanup && clean_gitlab_test_path && init unless reset.call
+      clean_gitlab_test_path && init unless reset.call
     end
   end
 
diff --git a/spec/workers/repository_fork_worker_spec.rb b/spec/workers/repository_fork_worker_spec.rb
index 31598586f59..4912baa348c 100644
--- a/spec/workers/repository_fork_worker_spec.rb
+++ b/spec/workers/repository_fork_worker_spec.rb
@@ -47,6 +47,14 @@ describe RepositoryForkWorker do
       perform!
     end
 
+    it 'protects the default branch' do
+      expect_fork_repository.and_return(true)
+
+      perform!
+
+      expect(fork_project.protected_branches.first.name).to eq(fork_project.default_branch)
+    end
+
     it 'flushes various caches' do
       expect_fork_repository.and_return(true)
 
diff --git a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
index 75de266369d..eec356b9f47 100644
--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@@ -90,10 +90,14 @@ codequality:
 
 performance:
   stage: performance
-  image: 
-    name: sitespeedio/sitespeed.io:6.0.3
-    entrypoint: [""]
+  image: docker:latest
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:dind
   script:
+    - setup_docker
     - performance
   artifacts:
     paths:
@@ -112,7 +116,7 @@ sast:
     - sast .
   artifacts:
     paths: [gl-sast-report.json]
-    
+
 sast:container:
   image: docker:latest
   variables:
@@ -260,7 +264,7 @@ production:
   export CI_APPLICATION_TAG=$CI_COMMIT_SHA
   export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID}
   export TILLER_NAMESPACE=$KUBE_NAMESPACE
-  
+
   function sast_container() {
     docker run -d --name db arminc/clair-db:latest
     docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
@@ -466,26 +470,26 @@ production:
       --docker-email="$GITLAB_USER_EMAIL" \
       -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
   }
-  
+
   function performance() {
     export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
-    
+
     mkdir gitlab-exporter
     wget -O gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/10-3/index.js
-    
+
     mkdir sitespeed-results
-    
+
     if [ -f .gitlab-urls.txt ]
     then
       sed -i -e 's@^@'"$CI_ENVIRONMENT_URL"'@' .gitlab-urls.txt
-      /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt
+      docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.0.3 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt
     else
-      /start.sh --plugins.add gitlab-exporter --outputFolder sitespeed-results $CI_ENVIRONMENT_URL
+      docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.0.3 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "$CI_ENVIRONMENT_URL"
     fi
-    
+
     mv sitespeed-results/data/performance.json performance.json
   }
-  
+
   function persist_environment_url() {
       echo $CI_ENVIRONMENT_URL > environment_url.txt
   }
diff --git a/vendor/prometheus/values.yaml b/vendor/prometheus/values.yaml
index dd9496deb4d..5249449c7f8 100644
--- a/vendor/prometheus/values.yaml
+++ b/vendor/prometheus/values.yaml
@@ -1,134 +1,117 @@
-alertmanager: |
+alertmanager:
   enabled: false
 
-kubeStateMetrics: |
-  enabled: 'false'
+kubeStateMetrics:
+  enabled: false
 
-nodeExporter: |
-  enabled: 'false'
+nodeExporter:
+  enabled: false
 
-pushgateway: |
-  enabled: 'false'
+pushgateway:
+  enabled: false
 
-serverFiles: |
-  alerts: ''
-  rules: ''
+serverFiles:
+  alerts: ""
+  rules: ""
 
   prometheus.yml: |-
-    rule_files: |
+    rule_files:
       - /etc/config/rules
       - /etc/config/alerts
-    scrape_configs: |
+    scrape_configs:
       - job_name: prometheus
-        static_configs: |
+        static_configs:
           - targets:
             - localhost:9090
-
-      - job_name: 'kubernetes-apiservers'
-        kubernetes_sd_configs: |
-          - role: endpoints
+      - job_name: kubernetes-cadvisor
         scheme: https
-
         tls_config:
-          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
           insecure_skip_verify: true
-        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+        bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        kubernetes_sd_configs:
+        - role: node
+          api_server: https://kubernetes.default.svc:443
+          tls_config:
+            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+          bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
         relabel_configs:
-          - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-            action: keep
-            regex: default;kubernetes;https
-      - job_name: 'kubernetes-nodes'
+        - action: labelmap
+          regex: __meta_kubernetes_node_label_(.+)
+        - target_label: __address__
+          replacement: kubernetes.default.svc:443
+        - source_labels:
+          - __meta_kubernetes_node_name
+          regex: "(.+)"
+          target_label: __metrics_path__
+          replacement: "/api/v1/nodes/${1}/proxy/metrics/cadvisor"
+        metric_relabel_configs:
+        - source_labels:
+          - pod_name
+          target_label: environment
+          regex: "(.+)-.+-.+"
+      - job_name: kubernetes-nodes
         scheme: https
         tls_config:
-          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
           insecure_skip_verify: true
-        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+        bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
         kubernetes_sd_configs:
-          - role: node
+        - role: node
+          api_server: https://kubernetes.default.svc:443
+          tls_config:
+            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+          bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
         relabel_configs:
-          - action: labelmap
-            regex: __meta_kubernetes_node_label_(.+)
-          - target_label: __address__
-            replacement: kubernetes.default.svc:443
-          - source_labels: [__meta_kubernetes_node_name]
-            regex: (.+)
-            target_label: __metrics_path__
-            replacement: /api/v1/nodes/${1}/proxy/metrics
- 
-      - job_name: 'kubernetes-service-endpoints'
-        kubernetes_sd_configs:
-          - role: endpoints
-        relabel_configs: |
-          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
-            action: keep
-            regex: 'true'
-          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-            action: replace
-            target_label: __scheme__
-            regex: (https?)
-          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-            action: replace
-            target_label: __metrics_path__
-            regex: (.+)
-          - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-            action: replace
-            target_label: __address__
-            regex: (.+)(?::\d+);(\d+)
-            replacement: $1:$2
-          - action: labelmap
-            regex: __meta_kubernetes_service_label_(.+)
-          - source_labels: [__meta_kubernetes_namespace]
-            action: replace
-            target_label: kubernetes_namespace
-          - source_labels: [__meta_kubernetes_service_name]
-            action: replace
-            target_label: kubernetes_name
-      - job_name: 'prometheus-pushgateway'
-        honor_labels: true
-        kubernetes_sd_configs: |
-          - role: service
-        relabel_configs: |
-          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
-            action: keep
-            regex: pushgateway
-      - job_name: 'kubernetes-services'
-        metrics_path: /probe
-        params: |
-          module: [http_2xx]
-        kubernetes_sd_configs: |
-          - role: service
-        relabel_configs: |
-          - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
-            action: keep
-            regex: 'true'
-          - source_labels: [__address__]
-            target_label: __param_target
-          - target_label: __address__
-            replacement: blackbox
-          - source_labels: [__param_target]
-            target_label: instance
-          - action: labelmap
-            regex: __meta_kubernetes_service_label_(.+)
-          - source_labels: [__meta_kubernetes_namespace]
-            target_label: kubernetes_namespace
-          - source_labels: [__meta_kubernetes_service_name]
-            target_label: kubernetes_name
-      - job_name: 'kubernetes-pods'
+        - action: labelmap
+          regex: __meta_kubernetes_node_label_(.+)
+        - target_label: __address__
+          replacement: kubernetes.default.svc:443
+        - source_labels:
+          - __meta_kubernetes_node_name
+          regex: "(.+)"
+          target_label: __metrics_path__
+          replacement: "/api/v1/nodes/${1}/proxy/metrics"
+        metric_relabel_configs:
+        - source_labels:
+          - pod_name
+          target_label: environment
+          regex: "(.+)-.+-.+"
+      - job_name: kubernetes-pods
+        tls_config:
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+          insecure_skip_verify: true
+        bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
         kubernetes_sd_configs:
-          - role: pod
+        - role: pod
+          api_server: https://kubernetes.default.svc:443
+          tls_config:
+            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+          bearer_token_file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
         relabel_configs:
-          - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-            action: keep
-            regex: 'true'
-          - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-            action: replace
-            target_label: __metrics_path__
-            regex: (.+)
-          - action: labelmap
-            regex: __meta_kubernetes_pod_label_(.+)
-          - source_labels: [__meta_kubernetes_namespace]
-            action: replace
-            target_label: kubernetes_namespace
-          - source_labels: [__meta_kubernetes_pod_name]
-            action: replace
-            target_label: kubernetes_pod_name
+        - source_labels:
+          - __meta_kubernetes_pod_annotation_prometheus_io_scrape
+          action: keep
+          regex: 'true'
+        - source_labels:
+          - __meta_kubernetes_pod_annotation_prometheus_io_path
+          action: replace
+          target_label: __metrics_path__
+          regex: "(.+)"
+        - source_labels:
+          - __address__
+          - __meta_kubernetes_pod_annotation_prometheus_io_port
+          action: replace
+          regex: "([^:]+)(?::[0-9]+)?;([0-9]+)"
+          replacement: "$1:$2"
+          target_label: __address__
+        - action: labelmap
+          regex: __meta_kubernetes_pod_label_(.+)
+        - source_labels:
+          - __meta_kubernetes_namespace
+          action: replace
+          target_label: kubernetes_namespace
+        - source_labels:
+          - __meta_kubernetes_pod_name
+          action: replace
+          target_label: kubernetes_pod_name
diff --git a/yarn.lock b/yarn.lock
index 5d40e833889..693f7123e8c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -237,7 +237,7 @@ array-union@^1.0.1:
   dependencies:
     array-uniq "^1.0.1"
 
-array-uniq@^1.0.1:
+array-uniq@^1.0.1, array-uniq@^1.0.2:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
 
@@ -3198,7 +3198,7 @@ html-entities@1.2.0, html-entities@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.2.0.tgz#41948caf85ce82fed36e4e6a0ed371a6664379e2"
 
-htmlparser2@^3.8.2:
+htmlparser2@^3.8.2, htmlparser2@^3.9.0:
   version "3.9.2"
   resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
   dependencies:
@@ -4054,6 +4054,10 @@ lodash.capitalize@^4.0.0:
   version "4.2.1"
   resolved "https://registry.yarnpkg.com/lodash.capitalize/-/lodash.capitalize-4.2.1.tgz#f826c9b4e2a8511d84e3aca29db05e1a4f3b72a9"
 
+lodash.clonedeep@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
+
 lodash.cond@^4.3.0:
   version "4.5.2"
   resolved "https://registry.yarnpkg.com/lodash.cond/-/lodash.cond-4.5.2.tgz#f471a1da486be60f6ab955d17115523dd1d255d5"
@@ -4069,6 +4073,10 @@ lodash.defaults@^3.1.2:
     lodash.assign "^3.0.0"
     lodash.restparam "^3.0.0"
 
+lodash.escaperegexp@^4.1.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz#64762c48618082518ac3df4ccf5d5886dae20347"
+
 lodash.get@^3.7.0:
   version "3.7.0"
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-3.7.0.tgz#3ce68ae2c91683b281cc5394128303cbf75e691f"
@@ -4103,6 +4111,10 @@ lodash.memoize@^4.1.2:
   version "4.1.2"
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
 
+lodash.mergewith@^4.6.0:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz#150cf0a16791f5903b8891eab154609274bdea55"
+
 lodash.restparam@^3.0.0:
   version "3.6.1"
   resolved "https://registry.yarnpkg.com/lodash.restparam/-/lodash.restparam-3.6.1.tgz#936a4e309ef330a7645ed4145986c85ae5b20805"
@@ -4191,9 +4203,9 @@ map-stream@~0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/map-stream/-/map-stream-0.1.0.tgz#e56aa94c4c8055a16404a0674b78f215f7c8e194"
 
-marked@^0.3.6:
-  version "0.3.6"
-  resolved "https://registry.yarnpkg.com/marked/-/marked-0.3.6.tgz#b2c6c618fccece4ef86c4fc6cb8a7cbf5aeda8d7"
+marked@^0.3.12:
+  version "0.3.12"
+  resolved "https://registry.yarnpkg.com/marked/-/marked-0.3.12.tgz#7cf25ff2252632f3fe2406bde258e94eee927519"
 
 math-expression-evaluator@^1.2.14:
   version "1.2.16"
@@ -5155,6 +5167,14 @@ postcss@^5.0.10, postcss@^5.0.11, postcss@^5.0.12, postcss@^5.0.13, postcss@^5.0
     source-map "^0.5.6"
     supports-color "^3.2.3"
 
+postcss@^6.0.14:
+  version "6.0.15"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.15.tgz#f460cd6269fede0d1bf6defff0b934a9845d974d"
+  dependencies:
+    chalk "^2.3.0"
+    source-map "^0.6.1"
+    supports-color "^5.1.0"
+
 postcss@^6.0.8:
   version "6.0.14"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.14.tgz#5534c72114739e75d0afcf017db853099f562885"
@@ -5669,6 +5689,18 @@ safe-buffer@^5.0.1, safe-buffer@~5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7"
 
+sanitize-html@^1.16.1:
+  version "1.16.3"
+  resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.16.3.tgz#96c1b44a36ff7312e1c22a14b05274370ac8bd56"
+  dependencies:
+    htmlparser2 "^3.9.0"
+    lodash.clonedeep "^4.5.0"
+    lodash.escaperegexp "^4.1.2"
+    lodash.mergewith "^4.6.0"
+    postcss "^6.0.14"
+    srcset "^1.0.0"
+    xtend "^4.0.0"
+
 sax@~1.2.1:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.2.tgz#fd8631a23bc7826bef5d871bdb87378c95647828"
@@ -5982,6 +6014,13 @@ sql.js@^0.4.0:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/sql.js/-/sql.js-0.4.0.tgz#23be9635520eb0ff43a741e7e830397266e88445"
 
+srcset@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/srcset/-/srcset-1.0.0.tgz#a5669de12b42f3b1d5e83ed03c71046fc48f41ef"
+  dependencies:
+    array-uniq "^1.0.2"
+    number-is-nan "^1.0.0"
+
 sshpk@^1.7.0:
   version "1.13.1"
   resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.13.1.tgz#512df6da6287144316dc4c18fe1cf1d940739be3"
@@ -6126,6 +6165,12 @@ supports-color@^4.2.1:
   dependencies:
     has-flag "^2.0.0"
 
+supports-color@^5.1.0:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.1.0.tgz#058a021d1b619f7ddf3980d712ea3590ce7de3d5"
+  dependencies:
+    has-flag "^2.0.0"
+
 svg4everybody@2.1.9:
   version "2.1.9"
   resolved "https://registry.yarnpkg.com/svg4everybody/-/svg4everybody-2.1.9.tgz#5bd9f6defc133859a044646d4743fabc28db7e2d"