Merge remote-tracking branch 'origin/master' into ci-commit-as-pipeline

# Conflicts:
#	db/schema.rb

10 files changed, 112 insertions, 39 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 052cd874733..36f88154232 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -153,7 +153,8 @@ class ApplicationSetting < ActiveRecord::Base
       require_two_factor_authentication: false,
       two_factor_grace_period: 48,
       recaptcha_enabled: false,
-      akismet_enabled: false
+      akismet_enabled: false,
+      repository_checks_enabled: true,
     )
   end
 
diff --git a/app/models/commit.rb b/app/models/commit.rb
index 9ffdcc59128..7090909006d 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -154,7 +154,7 @@ class Commit
       id: id,
       message: safe_message,
       timestamp: committed_date.xmlschema,
-      url: commit_url,
+      url: Gitlab::UrlBuilder.build(self),
       author: {
         name: author_name,
         email: author_email
@@ -168,10 +168,6 @@ class Commit
     data
   end
 
-  def commit_url
-    project.present? ? "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/commit/#{id}" : ""
-  end
-
   # Discover issues should be closed when this commit is pushed to a project's
   # default branch.
   def closes_issues(current_user = self.committer)
diff --git a/app/models/issue.rb b/app/models/issue.rb
index e064b0f8b95..3f188e04770 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -106,7 +106,7 @@ class Issue < ActiveRecord::Base
 
   def related_branches
     project.repository.branch_names.select do |branch|
-      branch.end_with?("-#{iid}")
+      branch =~ /\A#{iid}-(?!\d+-stable)/i
     end
   end
 
@@ -151,7 +151,7 @@ class Issue < ActiveRecord::Base
   end
 
   def to_branch_name
-    "#{title.parameterize}-#{iid}"
+    "#{iid}-#{title.parameterize}"
   end
 
   def can_be_worked_on?(current_user)
diff --git a/app/models/oauth_access_token.rb b/app/models/oauth_access_token.rb
new file mode 100644
index 00000000000..c78c7f4aa0e
--- /dev/null
+++ b/app/models/oauth_access_token.rb
@@ -0,0 +1,19 @@
+# == Schema Information
+#
+# Table name: oauth_access_tokens
+#
+#  id                :integer          not null, primary key
+#  resource_owner_id :integer
+#  application_id    :integer
+#  token             :string           not null
+#  refresh_token     :string
+#  expires_in        :integer
+#  revoked_at        :datetime
+#  created_at        :datetime         not null
+#  scopes            :string
+#
+
+class OauthAccessToken < ActiveRecord::Base
+  belongs_to :resource_owner, class_name: 'User'
+  belongs_to :application, class_name: 'Doorkeeper::Application'
+end
diff --git a/app/models/project.rb b/app/models/project.rb
index e48830115bc..95eb7c51b80 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -409,6 +409,35 @@ class Project < ActiveRecord::Base
     self.import_data.destroy if self.import_data
   end
 
+  def import_url=(value)
+    import_url = Gitlab::ImportUrl.new(value)
+    create_or_update_import_data(credentials: import_url.credentials)
+    super(import_url.sanitized_url)
+  end
+
+  def import_url
+    if import_data && super
+      import_url = Gitlab::ImportUrl.new(super, credentials: import_data.credentials)
+      import_url.full_url
+    else
+      super
+    end
+  end
+
+  def create_or_update_import_data(data: nil, credentials: nil)
+    project_import_data = import_data || build_import_data
+    if data
+      project_import_data.data ||= {}
+      project_import_data.data = project_import_data.data.merge(data)
+    end
+    if credentials
+      project_import_data.credentials ||= {}
+      project_import_data.credentials = project_import_data.credentials.merge(credentials)
+    end
+
+    project_import_data.save
+  end
+
   def import?
     external_import? || forked?
   end
@@ -865,7 +894,9 @@ class Project < ActiveRecord::Base
 
   def change_head(branch)
     repository.before_change_head
-    gitlab_shell.update_repository_head(self.path_with_namespace, branch)
+    repository.rugged.references.create('HEAD',
+                                        "refs/heads/#{branch}",
+                                        force: true)
     reload_default_branch
   end
 
diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index cd3319f077e..79efb403058 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -12,8 +12,20 @@ require 'file_size_validator'
 
 class ProjectImportData < ActiveRecord::Base
   belongs_to :project
-  
+  attr_encrypted :credentials,
+                 key: Gitlab::Application.secrets.db_key_base,
+                 marshal: true,
+                 encode: true,
+                 mode: :per_attribute_iv_and_salt
+
   serialize :data, JSON
 
   validates :project, presence: true
+
+  before_validation :symbolize_credentials
+
+  def symbolize_credentials
+    # bang doesn't work here - attr_encrypted makes it not to work
+    self.credentials = self.credentials.deep_symbolize_keys unless self.credentials.blank?
+  end
 end
diff --git a/app/models/project_services/bamboo_service.rb b/app/models/project_services/bamboo_service.rb
index 9e7f642180e..060062aaf7a 100644
--- a/app/models/project_services/bamboo_service.rb
+++ b/app/models/project_services/bamboo_service.rb
@@ -82,17 +82,17 @@ class BambooService < CiService
   end
 
   def build_info(sha)
-    url = URI.parse("#{bamboo_url}/rest/api/latest/result?label=#{sha}")
+    url = URI.join(bamboo_url, "/rest/api/latest/result?label=#{sha}").to_s
 
     if username.blank? && password.blank?
-      @response = HTTParty.get(parsed_url.to_s, verify: false)
+      @response = HTTParty.get(url, verify: false)
     else
-      get_url = "#{url}&os_authType=basic"
+      url << '&os_authType=basic'
       auth = {
-          username: username,
-          password: password,
+        username: username,
+        password: password
       }
-      @response = HTTParty.get(get_url, verify: false, basic_auth: auth)
+      @response = HTTParty.get(url, verify: false, basic_auth: auth)
     end
   end
 
@@ -101,11 +101,11 @@ class BambooService < CiService
 
     if @response.code != 200 || @response['results']['results']['size'] == '0'
       # If actual build link can't be determined, send user to build summary page.
-      "#{bamboo_url}/browse/#{build_key}"
+      URI.join(bamboo_url, "/browse/#{build_key}").to_s
     else
       # If actual build link is available, go to build result page.
       result_key = @response['results']['results']['result']['planResultKey']['key']
-      "#{bamboo_url}/browse/#{result_key}"
+      URI.join(bamboo_url, "/browse/#{result_key}").to_s
     end
   end
 
@@ -134,7 +134,7 @@ class BambooService < CiService
     return unless supported_events.include?(data[:object_kind])
 
     # Bamboo requires a GET and does not take any data.
-    self.class.get("#{bamboo_url}/updateAndBuild.action?buildKey=#{build_key}",
-                   verify: false)
+    url = URI.join(bamboo_url, "/updateAndBuild.action?buildKey=#{build_key}").to_s
+    self.class.get(url, verify: false)
   end
 end
diff --git a/app/models/project_services/builds_email_service.rb b/app/models/project_services/builds_email_service.rb
index f9f04838766..6ab6d7417b7 100644
--- a/app/models/project_services/builds_email_service.rb
+++ b/app/models/project_services/builds_email_service.rb
@@ -23,7 +23,7 @@ class BuildsEmailService < Service
   prop_accessor :recipients
   boolean_accessor :add_pusher
   boolean_accessor :notify_only_broken_builds
-  validates :recipients, presence: true, if: :activated?
+  validates :recipients, presence: true, if: ->(s) { s.activated? && !s.add_pusher? }
 
   def initialize_properties
     if properties.nil?
@@ -87,10 +87,14 @@ class BuildsEmailService < Service
   end
 
   def all_recipients(data)
-    all_recipients = recipients.split(',').compact.reject(&:blank?)
+    all_recipients = []
+
+    unless recipients.blank?
+      all_recipients += recipients.split(',').compact.reject(&:blank?)
+    end
 
     if add_pusher? && data[:user][:email]
-      all_recipients << "#{data[:user][:email]}"
+      all_recipients << data[:user][:email]
     end
 
     all_recipients
diff --git a/app/models/project_services/teamcity_service.rb b/app/models/project_services/teamcity_service.rb
index b8e9416131a..8dceee5e2c5 100644
--- a/app/models/project_services/teamcity_service.rb
+++ b/app/models/project_services/teamcity_service.rb
@@ -85,13 +85,15 @@ class TeamcityService < CiService
   end
 
   def build_info(sha)
-    url = URI.parse("#{teamcity_url}/httpAuth/app/rest/builds/"\
-                    "branch:unspecified:any,number:#{sha}")
+    url = URI.join(
+      teamcity_url,
+      "/httpAuth/app/rest/builds/branch:unspecified:any,number:#{sha}"
+    ).to_s
     auth = {
       username: username,
-      password: password,
+      password: password
     }
-    @response = HTTParty.get("#{url}", verify: false, basic_auth: auth)
+    @response = HTTParty.get(url, verify: false, basic_auth: auth)
   end
 
   def build_page(sha, ref)
@@ -100,12 +102,14 @@ class TeamcityService < CiService
     if @response.code != 200
       # If actual build link can't be determined,
       # send user to build summary page.
-      "#{teamcity_url}/viewLog.html?buildTypeId=#{build_type}"
+      URI.join(teamcity_url, "/viewLog.html?buildTypeId=#{build_type}").to_s
     else
       # If actual build link is available, go to build result page.
       built_id = @response['build']['id']
-      "#{teamcity_url}/viewLog.html?buildId=#{built_id}"\
-      "&buildTypeId=#{build_type}"
+      URI.join(
+        teamcity_url,
+        "/viewLog.html?buildId=#{built_id}&buildTypeId=#{build_type}"
+      ).to_s
     end
   end
 
@@ -140,12 +144,13 @@ class TeamcityService < CiService
 
     branch = Gitlab::Git.ref_name(data[:ref])
 
-    self.class.post("#{teamcity_url}/httpAuth/app/rest/buildQueue",
-                    body: "<build branchName=\"#{branch}\">"\
-                          "<buildType id=\"#{build_type}\"/>"\
-                          '</build>',
-                    headers: { 'Content-type' => 'application/xml' },
-                    basic_auth: auth
-                   )
+    self.class.post(
+      URI.join(teamcity_url, '/httpAuth/app/rest/buildQueue').to_s,
+      body: "<build branchName=\"#{branch}\">"\
+            "<buildType id=\"#{build_type}\"/>"\
+            '</build>',
+      headers: { 'Content-type' => 'application/xml' },
+      basic_auth: auth
+    )
   end
 end
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 0b2289cfa39..308c590e3f8 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -169,7 +169,12 @@ class Repository
   def rm_tag(tag_name)
     before_remove_tag
 
-    gitlab_shell.rm_tag(path_with_namespace, tag_name)
+    begin
+      rugged.tags.delete(tag_name)
+      true
+    rescue Rugged::ReferenceError
+      false
+    end
   end
 
   def branch_names
@@ -797,7 +802,7 @@ class Repository
 
   def search_files(query, ref)
     offset = 2
-    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{query} #{ref || root_ref})
+    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{Regexp.escape(query)} #{ref || root_ref})
     Gitlab::Popen.popen(args, path_to_repo).first.scrub.split(/^--$/)
   end