Add latest changes from gitlab-org/gitlab@12-3-stable-ee

26 files changed, 365 insertions, 36 deletions

diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 94d7d2cdaa4..ec842856d00 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -121,5 +121,5 @@
 .only-ee:
   only:
     variables:
-      - $CI_PROJECT_NAME == "gitlab-ee"
-      - $CI_PROJECT_NAME == "gitlab"  # New name of gitlab-ee after the single codebase migration
+      - $CI_PROJECT_NAME == "gitlab"
+      - $CI_PROJECT_NAME == "gitlab-ee"  # Support former project name for forks/mirrors
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index c7b79dac9dd..893e3feea48 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -114,7 +114,8 @@ schedule:review-deploy:
   needs: ["schedule:review-build-cng"]
 
 review-stop:
-  extends: review-deploy
+  extends:
+    - .review-deploy-base
   when: manual
   environment:
     action: stop
@@ -137,7 +138,6 @@ review-cleanup-failed-deployment:
   extends: review-stop
   stage: prepare
   when: on_success
-  needs: []
   allow_failure: false
   script:
     - delete_failed_release
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index 129913a9f2d..861f3f1af5b 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -43,5 +43,6 @@ no_ee_check:
     - scripts/no-ee-check
   only:
     variables:
-      - $CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAME == "gitlab-foss"
-      - $CI_SERVER_HOST == "dev.gitlab.org" && $CI_PROJECT_NAME == "gitlabhq"
+      - $CI_PROJECT_NAME == "gitlab-foss"
+      - $CI_PROJECT_NAME == "gitlab-ce"  # Support former project name for forks/mirrors
+      - $CI_PROJECT_NAME == "gitlabhq"  # Support former project name for dev
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md
index 23859102610..b5a8d2fa308 100644
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -1,5 +1,46 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+## 12.3.6
+
+### Security (4 changes)
+
+- Do not index system notes for issue update.
+- Redact search results based on Ability.allowed?.
+- Do not show private cross references in epic notes.
+- Filter out packages the user does'nt have permission to see at group level.
+
+
+## 12.3.5
+
+- No changes.
+
+## 12.3.4
+
+### Fixed (2 changes)
+
+- Fix replies to service desk emails for projects with issue access as Only Project Members. !17401
+- Geo: LFS not being synced. !17633
+
+
+## 12.3.3
+
+### Security (1 change)
+
+- Restrict access for security reports in MR widget.
+
+
+## 12.3.2
+
+### Security (2 changes)
+
+- Hide approvers if a rule has any hidden groups.
+- Prevent IDOR when adding groups to protected environments.
+
+
+## 12.3.1
+
+- No changes.
+
 ## 12.3.0
 
 ### Security (3 changes)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc35154362c..0f3c30f6044 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ entry.
 
 ## 12.3.6
 
-### Security (14 changes)
+### Security (15 changes)
 
 - Standardize error response when route is missing.
 - Do not display project labels that are not visible for user accessing group labels.
@@ -17,6 +17,7 @@ entry.
 - Return 404 on LFS request if project doesn't exist.
 - Mask sentry auth token in Error Tracking dashboard.
 - Fixes a Open Redirect issue in `InternalRedirect`.
+- Remove deploy access level when project/group link is deleted.
 - Sanitize search text to prevent XSS.
 - Sanitize all wiki markup formats with GitLab sanitization pipelines.
 - Fix stored XSS issue for grafana_url.
@@ -24,11 +25,18 @@ entry.
 
 ## 12.3.5
 
-- No changes.
+### Security (1 change)
+
+- Limit search for IID to a type to avoid leaking records with the same IID that the user does not have access to.
+
 
 ## 12.3.4
 
-- No changes.
+### Fixed (2 changes)
+
+- Fix cannot merge icon showing in dropdown for users who can merge. !17306
+- Fix pipelines for merge requests in project exports. !17844
+
 
 ## 12.3.3
 
@@ -39,16 +47,18 @@ entry.
 
 ## 12.3.2
 
-### Security (10 changes)
+### Security (12 changes)
 
 - Fix Gitaly SearchBlobs flag RPC injection.
 - Add a policy check for system notes that may not be visible due to cross references to private items.
 - Display only participants that user has permission to see on milestone page.
 - Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Check permissions before showing head pipeline blocking merge requests.
 - Fix new project path being disclosed through unsubscribe link of issue/merge requests.
 - Prevent bypassing email verification using Salesforce.
 - Do not show resource label events referencing not accessible labels.
 - Cancel all running CI jobs triggered by the user who is just blocked.
+- Fix Gitaly SearchBlobs flag RPC injection.
 - Only render fixed number of mermaid blocks.
 - Prevent GitLab accounts takeover if SAML is configured.
 
diff --git a/VERSION b/VERSION
index 73bedb8c67f..eb0c5e6ee16 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-12.3.6
+12.3.6-ee
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js
index e78ca56be0e..8df513c948f 100644
--- a/app/assets/javascripts/users_select.js
+++ b/app/assets/javascripts/users_select.js
@@ -7,6 +7,7 @@ import _ from 'underscore';
 import axios from './lib/utils/axios_utils';
 import { s__, __, sprintf } from './locale';
 import ModalStore from './boards/stores/modal_store';
+import { parseBoolean } from './lib/utils/common_utils';
 
 // TODO: remove eventHub hack after code splitting refactor
 window.emitSidebarEvent = window.emitSidebarEvent || $.noop;
@@ -279,12 +280,13 @@ function UsersSelect(currentUser, els, options = {}) {
                 })
                 .map(input => {
                   const userId = parseInt(input.value, 10);
-                  const { avatarUrl, avatar_url, name, username } = input.dataset;
+                  const { avatarUrl, avatar_url, name, username, canMerge } = input.dataset;
                   return {
                     avatar_url: avatarUrl || avatar_url,
                     id: userId,
                     name,
                     username,
+                    can_merge: parseBoolean(canMerge),
                   };
                 });
 
diff --git a/app/controllers/concerns/renders_assignees.rb b/app/controllers/concerns/renders_assignees.rb
new file mode 100644
index 00000000000..e9583a7a530
--- /dev/null
+++ b/app/controllers/concerns/renders_assignees.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module RendersAssignees
+  def preload_assignees_for_render(merge_request)
+    merge_request.project.team.max_member_access_for_user_ids(merge_request.assignees.map(&:id))
+  end
+end
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index e51ce752233..2f73fccabcf 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -5,6 +5,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   include IssuableActions
   include RendersNotes
   include RendersCommits
+  include RendersAssignees
   include ToggleAwardEmoji
   include IssuableCollections
   include RecordUserLastActivity
@@ -41,6 +42,8 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
         # use next to appease Rubocop
         next render('invalid') if target_branch_missing?
 
+        preload_assignees_for_render(@merge_request)
+
         # Build a note object for comment form
         @note = @project.notes.new(noteable: @merge_request)
 
diff --git a/app/helpers/issuables_helper.rb b/app/helpers/issuables_helper.rb
index 014523b54cb..df16ef09234 100644
--- a/app/helpers/issuables_helper.rb
+++ b/app/helpers/issuables_helper.rb
@@ -372,6 +372,12 @@ module IssuablesHelper
     finder.class.scalar_params.any? { |p| params[p].present? }
   end
 
+  def assignee_sidebar_data(assignee, merge_request: nil)
+    { avatar_url: assignee.avatar_url, name: assignee.name, username: assignee.username }.tap do |data|
+      data[:can_merge] = merge_request.can_be_merged_by?(assignee) if merge_request
+    end
+  end
+
   private
 
   def sidebar_gutter_collapsed?
diff --git a/app/views/shared/issuable/_sidebar_assignees.html.haml b/app/views/shared/issuable/_sidebar_assignees.html.haml
index dfb0e7ed297..e6b8e299e1c 100644
--- a/app/views/shared/issuable/_sidebar_assignees.html.haml
+++ b/app/views/shared/issuable/_sidebar_assignees.html.haml
@@ -11,7 +11,7 @@
     = hidden_field_tag "#{issuable_type}[assignee_ids][]", 0, id: nil
   - else
     - assignees.each do |assignee|
-      = hidden_field_tag "#{issuable_type}[assignee_ids][]", assignee.id, id: nil, data: { avatar_url: assignee.avatar_url, name: assignee.name, username: assignee.username }
+      = hidden_field_tag "#{issuable_type}[assignee_ids][]", assignee.id, id: nil, data: assignee_sidebar_data(assignee, merge_request: @merge_request)
 
   - options = { toggle_class: 'js-user-search js-author-search',
     title: _('Assign to'),
diff --git a/db/post_migrate/20190905091812_schedule_project_any_approval_rule_migration.rb b/db/post_migrate/20190905091812_schedule_project_any_approval_rule_migration.rb
index ef1cb452c26..be47e4dfdf5 100644
--- a/db/post_migrate/20190905091812_schedule_project_any_approval_rule_migration.rb
+++ b/db/post_migrate/20190905091812_schedule_project_any_approval_rule_migration.rb
@@ -22,6 +22,8 @@ class ScheduleProjectAnyApprovalRuleMigration < ActiveRecord::Migration[5.2]
   end
 
   def up
+    return unless Gitlab.ee?
+
     add_concurrent_index :projects, :id,
       name: 'tmp_projects_with_approvals_before_merge',
       where: 'approvals_before_merge <> 0'
diff --git a/db/post_migrate/20190905091831_schedule_merge_request_any_approval_rule_migration.rb b/db/post_migrate/20190905091831_schedule_merge_request_any_approval_rule_migration.rb
index 4a8398a9eea..cdec87270f0 100644
--- a/db/post_migrate/20190905091831_schedule_merge_request_any_approval_rule_migration.rb
+++ b/db/post_migrate/20190905091831_schedule_merge_request_any_approval_rule_migration.rb
@@ -22,6 +22,8 @@ class ScheduleMergeRequestAnyApprovalRuleMigration < ActiveRecord::Migration[5.2
   end
 
   def up
+    return unless Gitlab.ee?
+
     add_concurrent_index :merge_requests, :id,
       name: 'tmp_merge_requests_with_approvals_before_merge',
       where: 'approvals_before_merge <> 0'
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 0e52496ec43..d1d46e6ef96 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -151,7 +151,7 @@ Clicking on this button will create a merge request to apply the solution onto t
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.2.
 
 Merge Request Approvals can be configured to require approval from a member
-of your security team when a vulnerability would be introduced by a merge request.
+of your security team when a vulnerability, or a software license compliance violation would be introduced by a merge request.
 
 This threshold is defined as `high`, `critical`, or `unknown`
 severity. When any vulnerabilities are present within a merge request, an
@@ -178,6 +178,29 @@ An approval will be optional when a security report:
 - Contains no new vulnerabilities.
 - Contains only new vulnerabilities of `low` or `medium` severity.
 
+### Enabling License Approvals within a project
+
+To enable License Approvals, a [project approval rule](../project/merge_requests/merge_request_approvals.md#multiple-approval-rules-premium)
+must be created with the case-sensitive name `License-Check`. This approval
+group must be set with an "Approvals required" count greater than zero.
+
+Once this group has been added to your project, the approval rule will be enabled
+for all Merge Requests. To configure how this rule behaves, you can choose which
+licenses to `approve` or `blacklist` in the
+[project policies for License Compliance](license_compliance/index.md#project-policies-for-license-compliance) section.
+
+Any code changes made will cause the count of approvals required to reset.
+
+An approval will be required when a license report:
+
+- Contains a dependency that includes a software license that is `blacklisted`.
+- Is not generated during pipeline execution.
+
+An approval will be optional when a license report:
+
+- Contains no software license violations.
+- Contains only new licenses that are `approved` or unknown.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/project/merge_requests/merge_request_approvals.md b/doc/user/project/merge_requests/merge_request_approvals.md
index 6f8d821e1c6..942747c8d81 100644
--- a/doc/user/project/merge_requests/merge_request_approvals.md
+++ b/doc/user/project/merge_requests/merge_request_approvals.md
@@ -337,6 +337,16 @@ of your security team when a vulnerability would be introduced by a merge reques
 For more information, see
 [Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate).
 
+## License compliance approvals in merge requests **(ULTIMATE)**
+
+> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.3.
+
+Merge Request Approvals can be configured to require approval from a member
+of your security team when a blacklisted software license would be introduced by a merge request.
+
+For more information, see
+[Security approvals in merge requests](../../application_security/index.md#security-approvals-in-merge-requests-ultimate).
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/lib/gitlab/danger/helper.rb b/lib/gitlab/danger/helper.rb
index e2911b4e6c8..a977cdadf4d 100644
--- a/lib/gitlab/danger/helper.rb
+++ b/lib/gitlab/danger/helper.rb
@@ -35,7 +35,8 @@ module Gitlab
       end
 
       def ee?
-        ENV['CI_PROJECT_NAME'] == 'gitlab-ee' || File.exist?('../../CHANGELOG-EE.md')
+        # Support former project name for `dev` and support local Danger run
+        %w[gitlab gitlab-ee].include?(ENV['CI_PROJECT_NAME']) || Dir.exist?('../../ee')
       end
 
       def gitlab_helper
@@ -52,7 +53,7 @@ module Gitlab
       end
 
       def project_name
-        ee? ? 'gitlab-ee' : 'gitlab-ce'
+        ee? ? 'gitlab' : 'gitlab-foss'
       end
 
       def markdown_list(items)
diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml
index 511b702553e..c9855969c95 100644
--- a/lib/gitlab/import_export/import_export.yml
+++ b/lib/gitlab/import_export/import_export.yml
@@ -66,6 +66,7 @@ tree:
       - stages:
         - :statuses
       - :external_pull_request
+      - :merge_request
     - :external_pull_requests
     - :auto_devops
     - :triggers
@@ -166,6 +167,12 @@ excluded_attributes:
     - :external_diff_size
   issues:
     - :milestone_id
+  merge_request:
+    - :milestone_id
+    - :ref_fetched
+    - :merge_jid
+    - :rebase_jid
+    - :latest_merge_request_diff_id
   merge_requests:
     - :milestone_id
     - :ref_fetched
diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb
index 1e9dff405c5..baae6166f53 100644
--- a/lib/gitlab/import_export/relation_factory.rb
+++ b/lib/gitlab/import_export/relation_factory.rb
@@ -38,7 +38,7 @@ module Gitlab
 
       IMPORTED_OBJECT_MAX_RETRIES = 5.freeze
 
-      EXISTING_OBJECT_CHECK = %i[milestone milestones label labels project_label project_labels group_label group_labels project_feature].freeze
+      EXISTING_OBJECT_CHECK = %i[milestone milestones label labels project_label project_labels group_label group_labels project_feature merge_request].freeze
 
       TOKEN_RESET_MODELS = %w[Project Namespace Ci::Trigger Ci::Build Ci::Runner ProjectHook].freeze
 
@@ -289,6 +289,7 @@ module Gitlab
 
       def find_or_create_object!
         return relation_class.find_or_create_by(project_id: @project.id) if @relation_name == :project_feature
+        return find_or_create_merge_request! if @relation_name == :merge_request
 
         # Can't use IDs as validation exists calling `group` or `project` attributes
         finder_hash = parsed_relation_hash.tap do |hash|
@@ -299,6 +300,11 @@ module Gitlab
 
         GroupProjectObjectBuilder.build(relation_class, finder_hash)
       end
+
+      def find_or_create_merge_request!
+        @project.merge_requests.find_by(iid: parsed_relation_hash['iid']) ||
+          relation_class.new(parsed_relation_hash)
+      end
     end
   end
 end
diff --git a/scripts/review_apps/automated_cleanup.rb b/scripts/review_apps/automated_cleanup.rb
index 4166070f7cd..9edc1a2b857 100755
--- a/scripts/review_apps/automated_cleanup.rb
+++ b/scripts/review_apps/automated_cleanup.rb
@@ -18,7 +18,8 @@ class AutomatedCleanup
   ].freeze
 
   def self.ee?
-    ENV['CI_PROJECT_NAME'] == 'gitlab-ee' || File.exist?('CHANGELOG-EE.md')
+    # Support former project name for `dev`
+    %w[gitlab gitlab-ee].include?(ENV['CI_PROJECT_NAME'])
   end
 
   def initialize(project_path: ENV['CI_PROJECT_PATH'], gitlab_token: ENV['GITLAB_BOT_REVIEW_APPS_CLEANUP_TOKEN'])
diff --git a/scripts/trigger-build b/scripts/trigger-build
index 4d8110fce10..fe036dae99e 100755
--- a/scripts/trigger-build
+++ b/scripts/trigger-build
@@ -12,7 +12,8 @@ end
 
 module Trigger
   def self.ee?
-    ENV['CI_PROJECT_NAME'] == 'gitlab-ee' || File.exist?('CHANGELOG-EE.md')
+    # Support former project name for `dev`
+    %w[gitlab gitlab-ee].include?(ENV['CI_PROJECT_NAME'])
   end
 
   class Base
diff --git a/spec/features/merge_request/user_edits_assignees_sidebar_spec.rb b/spec/features/merge_request/user_edits_assignees_sidebar_spec.rb
new file mode 100644
index 00000000000..59c20f4ec6b
--- /dev/null
+++ b/spec/features/merge_request/user_edits_assignees_sidebar_spec.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Merge request > User edits assignees sidebar', :js do
+  let(:project) { create(:project, :public, :repository) }
+  let(:protected_branch) { create(:protected_branch, :maintainers_can_push, name: 'master', project: project) }
+  let(:merge_request) { create(:merge_request, :simple, source_project: project, target_branch: protected_branch.name) }
+
+  let(:users_find_limit) { 5 }
+
+  # Insert more than limit so that response doesn't include assigned user
+  let(:project_developers) { Array.new(users_find_limit + 1) { create(:user).tap { |u| project.add_developer(u) } } }
+  let(:project_maintainers) { Array.new(users_find_limit + 1) { create(:user).tap { |u| project.add_maintainer(u) } } }
+
+  # DOM finders to simplify and improve readability
+  let(:sidebar_assignee_block) { page.find('.js-issuable-sidebar .assignee') }
+  let(:sidebar_assignee_avatar_link) { sidebar_assignee_block.find_all('a').find { |a| a['href'].include? assignee.username } }
+  let(:sidebar_assignee_tooltip) { sidebar_assignee_avatar_link['data-original-title'] || '' }
+  let(:sidebar_assignee_dropdown_item) { sidebar_assignee_block.find(".dropdown-menu li[data-user-id=\"#{assignee.id}\"]") }
+  let(:sidebar_assignee_dropdown_tooltip) { sidebar_assignee_dropdown_item.find('a')['data-title'] || '' }
+
+  before do
+    stub_const('Autocomplete::UsersFinder::LIMIT', users_find_limit)
+
+    sign_in(project.owner)
+
+    merge_request.assignees << assignee
+
+    visit project_merge_request_path(project, merge_request)
+
+    wait_for_requests
+  end
+
+  shared_examples 'when assigned' do |expected_tooltip: ''|
+    it 'shows assignee name' do
+      expect(sidebar_assignee_block).to have_text(assignee.name)
+    end
+
+    it "shows assignee tooltip '#{expected_tooltip}'" do
+      expect(sidebar_assignee_tooltip).to eql(expected_tooltip)
+    end
+
+    context 'when edit is clicked' do
+      before do
+        sidebar_assignee_block.click_link('Edit')
+
+        wait_for_requests
+      end
+
+      it "shows assignee tooltip '#{expected_tooltip}" do
+        expect(sidebar_assignee_dropdown_tooltip).to eql(expected_tooltip)
+      end
+    end
+  end
+
+  context 'when assigned to maintainer' do
+    let(:assignee) { project_maintainers.last }
+
+    it_behaves_like 'when assigned', expected_tooltip: ''
+  end
+
+  context 'when assigned to developer' do
+    let(:assignee) { project_developers.last }
+
+    it_behaves_like 'when assigned', expected_tooltip: 'Cannot merge'
+  end
+end
diff --git a/spec/finders/labels_finder_spec.rb b/spec/finders/labels_finder_spec.rb
index 024bfe4d97b..611e7f566f7 100644
--- a/spec/finders/labels_finder_spec.rb
+++ b/spec/finders/labels_finder_spec.rb
@@ -126,6 +126,89 @@ describe LabelsFinder do
           expect(finder.execute).to eq [private_subgroup_label_1]
         end
       end
+
+      context 'when including labels from group projects with limited visibility' do
+        let(:finder)                     { described_class.new(user, group_id: group_4.id) }
+        let(:group_4)                    { create(:group) }
+        let(:limited_visibility_project) { create(:project, :public, group: group_4) }
+        let(:visible_project)            { create(:project, :public, group: group_4) }
+        let!(:group_label_1)             { create(:group_label, group: group_4) }
+        let!(:limited_visibility_label)  { create(:label, project: limited_visibility_project) }
+        let!(:visible_label)             { create(:label, project: visible_project) }
+
+        shared_examples 'with full visibility' do
+          it 'returns all projects labels' do
+            expect(finder.execute).to eq [group_label_1, limited_visibility_label, visible_label]
+          end
+        end
+
+        shared_examples 'with limited visibility' do
+          it 'returns only authorized projects labels' do
+            expect(finder.execute).to eq [group_label_1, visible_label]
+          end
+        end
+
+        context 'when merge requests and issues are not visible for non members' do
+          before do
+            limited_visibility_project.project_feature.update!(
+              merge_requests_access_level: ProjectFeature::PRIVATE,
+              issues_access_level: ProjectFeature::PRIVATE
+            )
+          end
+
+          context 'when user is not a group member' do
+            it_behaves_like 'with limited visibility'
+          end
+
+          context 'when user is a group member' do
+            before do
+              group_4.add_developer(user)
+            end
+
+            it_behaves_like 'with full visibility'
+          end
+        end
+
+        context 'when merge requests are not visible for non members' do
+          before do
+            limited_visibility_project.project_feature.update!(
+              merge_requests_access_level: ProjectFeature::PRIVATE
+            )
+          end
+
+          context 'when user is not a group member' do
+            it_behaves_like 'with full visibility'
+          end
+
+          context 'when user is a group member' do
+            before do
+              group_4.add_developer(user)
+            end
+
+            it_behaves_like 'with full visibility'
+          end
+        end
+
+        context 'when issues are not visible for non members' do
+          before do
+            limited_visibility_project.project_feature.update!(
+              issues_access_level: ProjectFeature::PRIVATE
+            )
+          end
+
+          context 'when user is not a group member' do
+            it_behaves_like 'with full visibility'
+          end
+
+          context 'when user is a group member' do
+            before do
+              group_4.add_developer(user)
+            end
+
+            it_behaves_like 'with full visibility'
+          end
+        end
+      end
     end
     context 'when including labels from group projects with limited visibility' do
       let(:finder)                     { described_class.new(user, group_id: group_4.id) }
diff --git a/spec/helpers/issuables_helper_spec.rb b/spec/helpers/issuables_helper_spec.rb
index 3c8179460ac..ead454f5a24 100644
--- a/spec/helpers/issuables_helper_spec.rb
+++ b/spec/helpers/issuables_helper_spec.rb
@@ -244,4 +244,32 @@ describe IssuablesHelper do
       end
     end
   end
+
+  describe '#assignee_sidebar_data' do
+    let(:user) { create(:user) }
+    let(:merge_request) { nil }
+    subject { helper.assignee_sidebar_data(user, merge_request: merge_request) }
+
+    it 'returns hash of assignee data' do
+      is_expected.to eql({
+        avatar_url: user.avatar_url,
+        name: user.name,
+        username: user.username
+      })
+    end
+
+    context 'with merge_request' do
+      let(:merge_request) { build_stubbed(:merge_request) }
+
+      where(can_merge: [true, false])
+
+      with_them do
+        before do
+          allow(merge_request).to receive(:can_be_merged_by?).and_return(can_merge)
+        end
+
+        it { is_expected.to include({ can_merge: can_merge })}
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/danger/helper_spec.rb b/spec/lib/gitlab/danger/helper_spec.rb
index 1b4d366ce7b..d570ae90270 100644
--- a/spec/lib/gitlab/danger/helper_spec.rb
+++ b/spec/lib/gitlab/danger/helper_spec.rb
@@ -86,30 +86,30 @@ describe Gitlab::Danger::Helper do
   describe '#ee?' do
     subject { helper.ee? }
 
-    it 'returns true if CI_PROJECT_NAME if set to gitlab-ee' do
-      stub_env('CI_PROJECT_NAME', 'gitlab-ee')
-      expect(File).not_to receive(:exist?)
+    it 'returns true if CI_PROJECT_NAME if set to gitlab' do
+      stub_env('CI_PROJECT_NAME', 'gitlab')
+      expect(Dir).not_to receive(:exist?)
 
       is_expected.to be_truthy
     end
 
     it 'delegates to CHANGELOG-EE.md existence if CI_PROJECT_NAME is set to something else' do
       stub_env('CI_PROJECT_NAME', 'something else')
-      expect(File).to receive(:exist?).with('../../CHANGELOG-EE.md') { true }
+      expect(Dir).to receive(:exist?).with('../../ee') { true }
 
       is_expected.to be_truthy
     end
 
-    it 'returns true if CHANGELOG-EE.md exists' do
+    it 'returns true if ee exists' do
       stub_env('CI_PROJECT_NAME', nil)
-      expect(File).to receive(:exist?).with('../../CHANGELOG-EE.md') { true }
+      expect(Dir).to receive(:exist?).with('../../ee') { true }
 
       is_expected.to be_truthy
     end
 
-    it "returns false if CHANGELOG-EE.md doesn't exist" do
+    it "returns false if ee doesn't exist" do
       stub_env('CI_PROJECT_NAME', nil)
-      expect(File).to receive(:exist?).with('../../CHANGELOG-EE.md') { false }
+      expect(Dir).to receive(:exist?).with('../../ee') { false }
 
       is_expected.to be_falsy
     end
@@ -118,16 +118,16 @@ describe Gitlab::Danger::Helper do
   describe '#project_name' do
     subject { helper.project_name }
 
-    it 'returns gitlab-ee if ee? returns true' do
+    it 'returns gitlab if ee? returns true' do
       expect(helper).to receive(:ee?) { true }
 
-      is_expected.to eq('gitlab-ee')
+      is_expected.to eq('gitlab')
     end
 
     it 'returns gitlab-ce if ee? returns false' do
       expect(helper).to receive(:ee?) { false }
 
-      is_expected.to eq('gitlab-ce')
+      is_expected.to eq('gitlab-foss')
     end
   end
 
diff --git a/spec/lib/gitlab/import_export/model_configuration_spec.rb b/spec/lib/gitlab/import_export/model_configuration_spec.rb
index 3442e22c11f..4426e68b474 100644
--- a/spec/lib/gitlab/import_export/model_configuration_spec.rb
+++ b/spec/lib/gitlab/import_export/model_configuration_spec.rb
@@ -12,9 +12,9 @@ describe 'Import/Export model configuration' do
 
     # Remove duplicated or add missing models
     # - project is not part of the tree, so it has to be added manually.
-    # - milestone, labels have both singular and plural versions in the tree, so remove the duplicates.
+    # - milestone, labels, merge_request have both singular and plural versions in the tree, so remove the duplicates.
     # - User, Author... Models we do not care about for checking models
-    names.flatten.uniq - %w(milestones labels user author) + ['project']
+    names.flatten.uniq - %w(milestones labels user author merge_request) + ['project']
   end
   let(:all_models_yml) { 'spec/lib/gitlab/import_export/all_models.yml' }
   let(:all_models_hash) { YAML.load_file(all_models_yml) }
diff --git a/spec/lib/gitlab/import_export/project.json b/spec/lib/gitlab/import_export/project.json
index 5f4bf18c743..4544c38f39a 100644
--- a/spec/lib/gitlab/import_export/project.json
+++ b/spec/lib/gitlab/import_export/project.json
@@ -6161,7 +6161,7 @@
     {
       "id": 36,
       "project_id": 5,
-      "ref": "master",
+      "ref": null,
       "sha": "sha-notes",
       "before_sha": null,
       "push_data": null,
@@ -6289,19 +6289,21 @@
     {
       "id": 37,
       "project_id": 5,
-      "ref": null,
+      "ref": "master",
       "sha": "048721d90c449b244b7b4c53a9186b04330174ec",
       "before_sha": null,
       "push_data": null,
       "created_at": "2016-03-22T15:20:35.757Z",
       "updated_at": "2016-03-22T15:20:35.757Z",
-      "tag": null,
+      "tag": false,
       "yaml_errors": null,
       "committed_at": null,
       "status": "failed",
       "started_at": null,
       "finished_at": null,
       "duration": null,
+      "source": "merge_request_event",
+      "merge_request_id": 27,
       "stages": [
         {
           "id": 21,
@@ -6372,7 +6374,32 @@
             }
           ]
         }
-      ]
+      ],
+      "merge_request": {
+        "id": 27,
+        "target_branch": "feature",
+        "source_branch": "feature_conflict",
+        "source_project_id": 999,
+        "author_id": 1,
+        "assignee_id": null,
+        "title": "MR1",
+        "created_at": "2016-06-14T15:02:36.568Z",
+        "updated_at": "2016-06-14T15:02:56.815Z",
+        "state": "opened",
+        "merge_status": "unchecked",
+        "target_project_id": 5,
+        "iid": 9,
+        "description": null,
+        "position": 0,
+        "updated_by_id": null,
+        "merge_error": null,
+        "diff_head_sha": "HEAD",
+        "source_branch_sha": "ABCD",
+        "target_branch_sha": "DCBA",
+        "merge_params": {
+          "force_remove_source_branch": null
+        }
+      }
     },
     {
       "id": 38,