Merge branch 'master' into assign-to-issuable-opener

37 files changed, 503 insertions, 174 deletions

diff --git a/app/services/base_service.rb b/app/services/base_service.rb
index 8563633816c..0d55ba5a981 100644
--- a/app/services/base_service.rb
+++ b/app/services/base_service.rb
@@ -43,12 +43,9 @@ class BaseService
   def deny_visibility_level(model, denied_visibility_level = nil)
     denied_visibility_level ||= model.visibility_level
 
-    level_name = Gitlab::VisibilityLevel.level_name(denied_visibility_level)
+    level_name = Gitlab::VisibilityLevel.level_name(denied_visibility_level).downcase
 
-    model.errors.add(
-      :visibility_level,
-      "#{level_name} visibility has been restricted by your GitLab administrator"
-    )
+    model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator")
   end
 
   private
diff --git a/app/services/ci/create_builds_service.rb b/app/services/ci/create_builds_service.rb
index 002f7ba1278..2cd51a7610f 100644
--- a/app/services/ci/create_builds_service.rb
+++ b/app/services/ci/create_builds_service.rb
@@ -1,7 +1,7 @@
 module Ci
   class CreateBuildsService
     def execute(commit, stage, ref, tag, user, trigger_request, status)
-      builds_attrs = commit.config_processor.builds_for_stage_and_ref(stage, ref, tag)
+      builds_attrs = commit.config_processor.builds_for_stage_and_ref(stage, ref, tag, trigger_request)
 
       # check when to create next build
       builds_attrs = builds_attrs.select do |build_attrs|
diff --git a/app/services/ci/image_for_build_service.rb b/app/services/ci/image_for_build_service.rb
index 005a5c4661c..50c95ced8a7 100644
--- a/app/services/ci/image_for_build_service.rb
+++ b/app/services/ci/image_for_build_service.rb
@@ -3,7 +3,7 @@ module Ci
     def execute(project, opts)
       sha = opts[:sha] || ref_sha(project, opts[:ref])
 
-      commit = project.ci_commits.ordered.find_by(sha: sha)
+      commit = project.ci_commits.find_by(sha: sha)
       image_name = image_for_commit(commit)
 
       image_path = Rails.root.join('public/ci', image_name)
diff --git a/app/services/commits/revert_service.rb b/app/services/commits/revert_service.rb
index 43d1c766e35..a3c950ede1f 100644
--- a/app/services/commits/revert_service.rb
+++ b/app/services/commits/revert_service.rb
@@ -9,7 +9,8 @@ module Commits
       @commit = params[:commit]
       @create_merge_request = params[:create_merge_request].present?
 
-      validate and commit
+      check_push_permissions unless @create_merge_request
+      commit
     rescue Repository::CommitError, Gitlab::Git::Repository::InvalidBlobName, GitHooksService::PreReceiveError,
            ValidationError, ReversionError => ex
       error(ex.message)
@@ -17,39 +18,39 @@ module Commits
 
     def commit
       revert_into = @create_merge_request ? @commit.revert_branch_name : @target_branch
+      revert_tree_id = repository.check_revert_content(@commit, @target_branch)
 
-      if @create_merge_request
-        # Temporary branch exists and contains the revert commit
-        return success if repository.find_branch(revert_into)
+      if revert_tree_id
+        create_target_branch(revert_into) if @create_merge_request
 
-        create_target_branch
-      end
-
-      unless repository.revert(current_user, @commit, revert_into)
+        repository.revert(current_user, @commit, revert_into, revert_tree_id)
+        success
+      else
         error_msg = "Sorry, we cannot revert this #{params[:revert_type_title]} automatically.
                      It may have already been reverted, or a more recent commit may have updated some of its content."
         raise ReversionError, error_msg
       end
-
-      success
     end
 
     private
 
-    def create_target_branch
+    def create_target_branch(new_branch)
+      # Temporary branch exists and contains the revert commit
+      return success if repository.find_branch(new_branch)
+
       result = CreateBranchService.new(@project, current_user)
-                                  .execute(@commit.revert_branch_name, @target_branch, source_project: @source_project)
+                                  .execute(new_branch, @target_branch, source_project: @source_project)
 
       if result[:status] == :error
         raise ReversionError, "There was an error creating the source branch: #{result[:message]}"
       end
     end
 
-    def validate
+    def check_push_permissions
       allowed = ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(@target_branch)
 
       unless allowed
-        raise_error('You are not allowed to push into this branch')
+        raise ValidationError.new('You are not allowed to push into this branch')
       end
 
       true
diff --git a/app/services/compare_service.rb b/app/services/compare_service.rb
index ec581658fc1..e2bccbdbcc3 100644
--- a/app/services/compare_service.rb
+++ b/app/services/compare_service.rb
@@ -1,7 +1,7 @@
 require 'securerandom'
 
 # Compare 2 branches for one repo or between repositories
-# and return Gitlab::CompareResult object that responds to commits and diffs
+# and return Gitlab::Git::Compare object that responds to commits and diffs
 class CompareService
   def execute(source_project, source_branch, target_project, target_branch, diff_options = {})
     source_commit = source_project.commit(source_branch)
@@ -20,12 +20,10 @@ class CompareService
       )
     end
 
-    Gitlab::CompareResult.new(
-      Gitlab::Git::Compare.new(
-        target_project.repository.raw_repository,
-        target_branch,
-        source_sha,
-      ), diff_options
+    Gitlab::Git::Compare.new(
+      target_project.repository.raw_repository,
+      target_branch,
+      source_sha,
     )
   end
 end
diff --git a/app/services/create_commit_builds_service.rb b/app/services/create_commit_builds_service.rb
index 31b407efeb1..69d5c42a877 100644
--- a/app/services/create_commit_builds_service.rb
+++ b/app/services/create_commit_builds_service.rb
@@ -33,7 +33,6 @@ class CreateCommitBuildsService
     unless commit.skip_ci?
       # Create builds for commit
       tag = Gitlab::Git.tag_ref?(origin_ref)
-      commit.update_committed!
       commit.create_builds(ref, tag, user)
     end
 
diff --git a/app/services/create_snippet_service.rb b/app/services/create_snippet_service.rb
index 101a3df5eee..9884cb96661 100644
--- a/app/services/create_snippet_service.rb
+++ b/app/services/create_snippet_service.rb
@@ -6,8 +6,7 @@ class CreateSnippetService < BaseService
       snippet = project.snippets.build(params)
     end
 
-    unless Gitlab::VisibilityLevel.allowed_for?(current_user,
-                                                params[:visibility_level])
+    unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
       deny_visibility_level(snippet)
       return snippet
     end
diff --git a/app/services/delete_user_service.rb b/app/services/delete_user_service.rb
index 173e50c9206..ce79287e35a 100644
--- a/app/services/delete_user_service.rb
+++ b/app/services/delete_user_service.rb
@@ -5,18 +5,22 @@ class DeleteUserService
     @current_user = current_user
   end
 
-  def execute(user)
-    if user.solo_owned_groups.present?
+  def execute(user, options = {})
+    if !options[:delete_solo_owned_groups] && user.solo_owned_groups.present?
       user.errors[:base] << 'You must transfer ownership or delete groups before you can remove user'
-      user
-    else
-      user.personal_projects.each do |project|
-        # Skip repository removal because we remove directory with namespace
-        # that contain all this repositories
-        ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
-      end
+      return user
+    end
+
+    user.solo_owned_groups.each do |group|
+      DestroyGroupService.new(group, current_user).execute
+    end
 
-      user.destroy
+    user.personal_projects.each do |project|
+      # Skip repository removal because we remove directory with namespace
+      # that contain all this repositories
+      ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
     end
+
+    user.destroy
   end
 end
diff --git a/app/services/destroy_group_service.rb b/app/services/destroy_group_service.rb
index 9189de390a2..3c42ac61be4 100644
--- a/app/services/destroy_group_service.rb
+++ b/app/services/destroy_group_service.rb
@@ -6,12 +6,12 @@ class DestroyGroupService
   end
 
   def execute
-    @group.projects.each do |project|
+    group.projects.each do |project|
       # Skip repository removal because we remove directory with namespace
       # that contain all this repositories
       ::Projects::DestroyService.new(project, current_user, skip_repo: true).pending_delete!
     end
 
-    @group.destroy
+    group.destroy
   end
 end
diff --git a/app/services/git_push_service.rb b/app/services/git_push_service.rb
index a1711d234ff..c007d648dd6 100644
--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -12,17 +12,18 @@ class GitPushService < BaseService
   #  1. Creates the push event
   #  2. Updates merge requests
   #  3. Recognizes cross-references from commit messages
-  #  4. Executes the project's web hooks
+  #  4. Executes the project's webhooks
   #  5. Executes the project's services
+  #  6. Checks if the project's main language has changed
   #
   def execute
-    @project.repository.expire_cache(branch_name)
+    @project.repository.after_push_commit(branch_name, params[:newrev])
 
     if push_remove_branch?
-      @project.repository.expire_has_visible_content_cache
+      @project.repository.after_remove_branch
       @push_commits = []
     elsif push_to_new_branch?
-      @project.repository.expire_has_visible_content_cache
+      @project.repository.after_create_branch
 
       # Re-find the pushed commits.
       if is_default_branch?
@@ -42,9 +43,24 @@ class GitPushService < BaseService
       @push_commits = @project.repository.commits_between(params[:oldrev], params[:newrev])
       process_commit_messages
     end
+    # Checks if the main language has changed in the project and if so
+    # it updates it accordingly
+    update_main_language
     # Update merge requests that may be affected by this push. A new branch
     # could cause the last commit of a merge request to change.
     update_merge_requests
+
+    perform_housekeeping
+  end
+
+  def update_main_language
+    current_language = @project.repository.main_language
+
+    unless current_language == @project.main_language
+      return @project.update_attributes(main_language: current_language)
+    end
+
+    true
   end
 
   protected
@@ -59,6 +75,13 @@ class GitPushService < BaseService
     ProjectCacheWorker.perform_async(@project.id)
   end
 
+  def perform_housekeeping
+    housekeeping = Projects::HousekeepingService.new(@project)
+    housekeeping.increment!
+    housekeeping.execute if housekeeping.needed?
+  rescue Projects::HousekeepingService::LeaseTaken
+  end
+
   def process_default_branch
     @push_commits = project.repository.commits(params[:newrev])
 
@@ -66,7 +89,7 @@ class GitPushService < BaseService
     project.change_head(branch_name)
 
     # Set protection on the default branch if configured
-    if (current_application_settings.default_branch_protection != PROTECTION_NONE)
+    if current_application_settings.default_branch_protection != PROTECTION_NONE
       developers_can_push = current_application_settings.default_branch_protection == PROTECTION_DEV_CAN_PUSH ? true : false
       @project.protected_branches.create({ name: @project.default_branch, developers_can_push: developers_can_push })
     end
@@ -96,7 +119,9 @@ class GitPushService < BaseService
         # a different branch.
         closed_issues = commit.closes_issues(current_user)
         closed_issues.each do |issue|
-          Issues::CloseService.new(project, authors[commit], {}).execute(issue, commit)
+          if can?(current_user, :update_issue, issue)
+            Issues::CloseService.new(project, authors[commit], {}).execute(issue, commit: commit)
+          end
         end
       end
 
diff --git a/app/services/git_tag_push_service.rb b/app/services/git_tag_push_service.rb
index 4144c7111d0..c88c7672805 100644
--- a/app/services/git_tag_push_service.rb
+++ b/app/services/git_tag_push_service.rb
@@ -2,7 +2,7 @@ class GitTagPushService
   attr_accessor :project, :user, :push_data
 
   def execute(project, user, oldrev, newrev, ref)
-    project.repository.expire_cache
+    project.repository.before_push_tag
 
     @project, @user = project, user
     @push_data = build_push_data(oldrev, newrev, ref)
diff --git a/app/services/groups/base_service.rb b/app/services/groups/base_service.rb
new file mode 100644
index 00000000000..a8fa098246a
--- /dev/null
+++ b/app/services/groups/base_service.rb
@@ -0,0 +1,9 @@
+module Groups
+  class BaseService < ::BaseService
+    attr_accessor :group, :current_user, :params
+
+    def initialize(group, user, params = {})
+      @group, @current_user, @params = group, user, params.dup
+    end
+  end
+end
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
new file mode 100644
index 00000000000..2bccd584dde
--- /dev/null
+++ b/app/services/groups/create_service.rb
@@ -0,0 +1,21 @@
+module Groups
+  class CreateService < Groups::BaseService
+    def initialize(user, params = {})
+      @current_user, @params = user, params.dup
+    end
+
+    def execute
+      @group = Group.new(params)
+
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+        deny_visibility_level(@group)
+        return @group
+      end
+
+      @group.name ||= @group.path.dup
+      @group.save
+      @group.add_owner(current_user)
+      @group
+    end
+  end
+end
diff --git a/app/services/groups/update_service.rb b/app/services/groups/update_service.rb
new file mode 100644
index 00000000000..99ad12b1003
--- /dev/null
+++ b/app/services/groups/update_service.rb
@@ -0,0 +1,20 @@
+module Groups
+  class UpdateService < Groups::BaseService
+    def execute
+      # check that user is allowed to set specified visibility_level
+      new_visibility = params[:visibility_level]
+      if new_visibility && new_visibility.to_i != group.visibility_level
+        unless can?(current_user, :change_visibility_level, group) &&
+          Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
+
+          deny_visibility_level(group, new_visibility)
+          return group
+        end
+      end
+
+      group.assign_attributes(params)
+
+      group.save
+    end
+  end
+end
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index ca87dca4a70..18f76d3f650 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -11,7 +11,10 @@ class IssuableBaseService < BaseService
       issuable, issuable.project, current_user, issuable.milestone)
   end
 
-  def create_labels_note(issuable, added_labels, removed_labels)
+  def create_labels_note(issuable, old_labels)
+    added_labels = issuable.labels - old_labels
+    removed_labels = old_labels - issuable.labels
+
     SystemNoteService.change_label(
       issuable, issuable.project, current_user, added_labels, removed_labels)
   end
@@ -71,20 +74,19 @@ class IssuableBaseService < BaseService
     end
   end
 
-  def has_changes?(issuable, options = {})
+  def has_changes?(issuable, old_labels: [])
     valid_attrs = [:title, :description, :assignee_id, :milestone_id, :target_branch]
 
     attrs_changed = valid_attrs.any? do |attr|
       issuable.previous_changes.include?(attr.to_s)
     end
 
-    old_labels = options[:old_labels]
-    labels_changed = old_labels && issuable.labels != old_labels
+    labels_changed = issuable.labels != old_labels
 
     attrs_changed || labels_changed
   end
 
-  def handle_common_system_notes(issuable, options = {})
+  def handle_common_system_notes(issuable, old_labels: [])
     if issuable.previous_changes.include?('title')
       create_title_change_note(issuable, issuable.previous_changes['title'].first)
     end
@@ -93,9 +95,6 @@ class IssuableBaseService < BaseService
       create_task_status_note(issuable)
     end
 
-    old_labels = options[:old_labels]
-    if old_labels && (issuable.labels != old_labels)
-      create_labels_note(issuable, issuable.labels - old_labels, old_labels - issuable.labels)
-    end
+    create_labels_note(issuable, old_labels) if issuable.labels != old_labels
   end
 end
diff --git a/app/services/issues/close_service.rb b/app/services/issues/close_service.rb
index 78254b49af3..859c934ea3b 100644
--- a/app/services/issues/close_service.rb
+++ b/app/services/issues/close_service.rb
@@ -1,6 +1,6 @@
 module Issues
   class CloseService < Issues::BaseService
-    def execute(issue, commit = nil)
+    def execute(issue, commit: nil, notifications: true, system_note: true)
       if project.jira_tracker? && project.jira_service.active
         project.jira_service.execute(commit, issue)
         todo_service.close_issue(issue, current_user)
@@ -9,8 +9,8 @@ module Issues
 
       if project.default_issues_tracker? && issue.close
         event_service.close_issue(issue, current_user)
-        create_note(issue, commit)
-        notification_service.close_issue(issue, current_user)
+        create_note(issue, commit) if system_note
+        notification_service.close_issue(issue, current_user) if notifications
         todo_service.close_issue(issue, current_user)
         execute_hooks(issue, 'close')
       end
diff --git a/app/services/issues/create_service.rb b/app/services/issues/create_service.rb
index 10787e8873c..e63e1af8766 100644
--- a/app/services/issues/create_service.rb
+++ b/app/services/issues/create_service.rb
@@ -4,7 +4,7 @@ module Issues
       filter_params
       label_params = params[:label_ids]
       issue = project.issues.new(params.except(:label_ids))
-      issue.author = current_user
+      issue.author = params[:author] || current_user
 
       if issue.save
         issue.update_attributes(label_ids: label_params)
diff --git a/app/services/issues/move_service.rb b/app/services/issues/move_service.rb
new file mode 100644
index 00000000000..a5efb21fab6
--- /dev/null
+++ b/app/services/issues/move_service.rb
@@ -0,0 +1,97 @@
+module Issues
+  class MoveService < Issues::BaseService
+    class MoveError < StandardError; end
+
+    def execute(issue, new_project)
+      @old_issue = issue
+      @old_project = @project
+      @new_project = new_project
+
+      unless issue.can_move?(current_user, new_project)
+        raise MoveError, 'Cannot move issue due to insufficient permissions!'
+      end
+
+      if @project == new_project
+        raise MoveError, 'Cannot move issue to project it originates from!'
+      end
+
+      # Using transaction because of a high resources footprint
+      # on rewriting notes (unfolding references)
+      #
+      ActiveRecord::Base.transaction do
+        # New issue tasks
+        #
+        @new_issue = create_new_issue
+
+        rewrite_notes
+        add_note_moved_from
+
+        # Old issue tasks
+        #
+        add_note_moved_to
+        close_issue
+        mark_as_moved
+      end
+
+      notify_participants
+
+      @new_issue
+    end
+
+    private
+
+    def create_new_issue
+      new_params = { id: nil, iid: nil, label_ids: [], milestone: nil,
+                     project: @new_project, author: @old_issue.author,
+                     description: unfold_references(@old_issue.description) }
+
+      new_params = @old_issue.serializable_hash.merge(new_params)
+      CreateService.new(@new_project, @current_user, new_params).execute
+    end
+
+    def rewrite_notes
+      @old_issue.notes.find_each do |note|
+        new_note = note.dup
+        new_params = { project: @new_project, noteable: @new_issue,
+                       note: unfold_references(new_note.note),
+                       created_at: note.created_at,
+                       updated_at: note.updated_at }
+
+        new_note.update(new_params)
+      end
+    end
+
+    def close_issue
+      close_service = CloseService.new(@old_project, @current_user)
+      close_service.execute(@old_issue, notifications: false, system_note: false)
+    end
+
+    def add_note_moved_from
+      SystemNoteService.noteable_moved(@new_issue, @new_project,
+                                       @old_issue, @current_user,
+                                       direction: :from)
+    end
+
+    def add_note_moved_to
+      SystemNoteService.noteable_moved(@old_issue, @old_project,
+                                       @new_issue, @current_user,
+                                       direction: :to)
+    end
+
+    def unfold_references(content)
+      return unless content
+
+      rewriter = Gitlab::Gfm::ReferenceRewriter.new(content, @old_project,
+                                                    @current_user)
+      rewriter.rewrite(@new_project)
+    end
+
+    def notify_participants
+      notification_service.issue_moved(@old_issue, @new_issue, @current_user)
+    end
+
+    def mark_as_moved
+      @old_issue.update(moved_to: @new_issue)
+    end
+  end
+end
diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb
index 51ef9dfe610..3563cbaa997 100644
--- a/app/services/issues/update_service.rb
+++ b/app/services/issues/update_service.rb
@@ -4,8 +4,8 @@ module Issues
       update(issue)
     end
 
-    def handle_changes(issue, options = {})
-      if has_changes?(issue, options)
+    def handle_changes(issue, old_labels: [])
+      if has_changes?(issue, old_labels: old_labels)
         todo_service.mark_pending_todos_as_done(issue, current_user)
       end
 
@@ -23,6 +23,11 @@ module Issues
         notification_service.reassigned_issue(issue, current_user)
         todo_service.reassigned_issue(issue, current_user)
       end
+
+      added_labels = issue.labels - old_labels
+      if added_labels.present?
+        notification_service.relabeled_issue(issue, added_labels, current_user)
+      end
     end
 
     def reopen_service
diff --git a/app/services/merge_requests/base_service.rb b/app/services/merge_requests/base_service.rb
index 7b306a8a531..ac5b58db862 100644
--- a/app/services/merge_requests/base_service.rb
+++ b/app/services/merge_requests/base_service.rb
@@ -5,6 +5,19 @@ module MergeRequests
       SystemNoteService.change_status(merge_request, merge_request.target_project, current_user, merge_request.state, nil)
     end
 
+    def create_title_change_note(issuable, old_title)
+      removed_wip = old_title =~ MergeRequest::WIP_REGEX && !issuable.work_in_progress?
+      added_wip = old_title !~ MergeRequest::WIP_REGEX && issuable.work_in_progress?
+
+      if removed_wip
+        SystemNoteService.remove_merge_request_wip(issuable, issuable.project, current_user)
+      elsif added_wip
+        SystemNoteService.add_merge_request_wip(issuable, issuable.project, current_user)
+      else
+        super
+      end
+    end
+
     def hook_data(merge_request, action)
       hook_data = merge_request.to_hook_data(current_user)
       merge_request_url = Gitlab::UrlBuilder.new(:merge_request).build(merge_request.id)
diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb
index c0700d953dd..6e9152e444e 100644
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@@ -5,9 +5,7 @@ module MergeRequests
 
       # Set MR attributes
       merge_request.can_be_created = false
-      merge_request.compare_failed = false
       merge_request.compare_commits = []
-      merge_request.compare_diffs = []
       merge_request.source_project = project unless merge_request.source_project
       merge_request.target_project ||= (project.forked_from_project || project)
       merge_request.target_branch ||= merge_request.target_project.default_branch
@@ -21,35 +19,23 @@ module MergeRequests
         return build_failed(merge_request, message)
       end
 
-      compare_result = CompareService.new.execute(
+      compare = CompareService.new.execute(
         merge_request.source_project,
         merge_request.source_branch,
         merge_request.target_project,
         merge_request.target_branch,
       )
 
-      commits = compare_result.commits
+      commits = compare.commits
 
       # At this point we decide if merge request can be created
       # If we have at least one commit to merge -> creation allowed
       if commits.present?
         merge_request.compare_commits = Commit.decorate(commits, merge_request.source_project)
         merge_request.can_be_created = true
-        merge_request.compare_failed = false
-
-        # Try to collect diff for merge request.
-        diffs = compare_result.diffs
-
-        if diffs.present?
-          merge_request.compare_diffs = diffs
-
-        elsif diffs == false
-          merge_request.can_be_created = false
-          merge_request.compare_failed = true
-        end
+        merge_request.compare = compare
       else
         merge_request.can_be_created = false
-        merge_request.compare_failed = false
       end
 
       commits = merge_request.compare_commits
@@ -61,6 +47,21 @@ module MergeRequests
         merge_request.title = merge_request.source_branch.titleize.humanize
       end
 
+      # When your branch name starts with an iid followed by a dash this pattern will
+      # be interpreted as the use wants to close that issue on this project
+      # Pattern example: 112-fix-mep-mep
+      # Will lead to appending `Closes #112` to the description
+      if match = merge_request.source_branch.match(/-(\d+)\z/)
+        iid = match[1]
+        closes_issue = "Closes ##{iid}"
+
+        if merge_request.description.present?
+          merge_request.description << closes_issue.prepend("\n")
+        else
+          merge_request.description = closes_issue
+        end
+      end
+
       merge_request
     end
 
diff --git a/app/services/merge_requests/merge_when_build_succeeds_service.rb b/app/services/merge_requests/merge_when_build_succeeds_service.rb
index 531bbc9b067..d6af12f9739 100644
--- a/app/services/merge_requests/merge_when_build_succeeds_service.rb
+++ b/app/services/merge_requests/merge_when_build_succeeds_service.rb
@@ -24,10 +24,14 @@ module MergeRequests
 
       merge_requests.each do |merge_request|
         next unless merge_request.merge_when_build_succeeds?
+        next unless merge_request.mergeable?
 
-        if merge_request.ci_commit && merge_request.ci_commit.success? && merge_request.mergeable?
-          MergeWorker.perform_async(merge_request.id, merge_request.merge_user_id, merge_request.merge_params)
-        end
+        ci_commit = merge_request.ci_commit
+        next unless ci_commit
+        next unless ci_commit.sha == commit_status.sha
+        next unless ci_commit.success?
+
+        MergeWorker.perform_async(merge_request.id, merge_request.merge_user_id, merge_request.merge_params)
       end
     end
 
@@ -51,6 +55,8 @@ module MergeRequests
       # This is for ref-less builds
       branches ||= @project.repository.branch_names_contains(commit_status.sha)
 
+      return [] if branches.blank?
+
       merge_requests = @project.origin_merge_requests.opened.where(source_branch: branches).to_a
       merge_requests += @project.fork_merge_requests.opened.where(source_branch: branches).to_a
 
diff --git a/app/services/merge_requests/post_merge_service.rb b/app/services/merge_requests/post_merge_service.rb
index 8f25c5e2496..064910f81f7 100644
--- a/app/services/merge_requests/post_merge_service.rb
+++ b/app/services/merge_requests/post_merge_service.rb
@@ -21,7 +21,9 @@ module MergeRequests
 
       closed_issues = merge_request.closes_issues(current_user)
       closed_issues.each do |issue|
-        Issues::CloseService.new(project, current_user, {}).execute(issue, merge_request)
+        if can?(current_user, :update_issue, issue)
+          Issues::CloseService.new(project, current_user, {}).execute(issue, commit: merge_request)
+        end
       end
     end
 
diff --git a/app/services/merge_requests/update_service.rb b/app/services/merge_requests/update_service.rb
index 6319ad805b6..477c64e7377 100644
--- a/app/services/merge_requests/update_service.rb
+++ b/app/services/merge_requests/update_service.rb
@@ -14,8 +14,8 @@ module MergeRequests
       update(merge_request)
     end
 
-    def handle_changes(merge_request, options = {})
-      if has_changes?(merge_request, options)
+    def handle_changes(merge_request, old_labels: [])
+      if has_changes?(merge_request, old_labels: old_labels)
         todo_service.mark_pending_todos_as_done(merge_request, current_user)
       end
 
@@ -44,6 +44,15 @@ module MergeRequests
           merge_request.previous_changes.include?('source_branch')
         merge_request.mark_as_unchecked
       end
+
+      added_labels = merge_request.labels - old_labels
+      if added_labels.present?
+        notification_service.relabeled_merge_request(
+          merge_request,
+          added_labels,
+          current_user
+        )
+      end
     end
 
     def reopen_service
diff --git a/app/services/notes/create_service.rb b/app/services/notes/create_service.rb
index b970439b921..2bb312bb252 100644
--- a/app/services/notes/create_service.rb
+++ b/app/services/notes/create_service.rb
@@ -13,6 +13,5 @@ module Notes
 
       note
     end
-
   end
 end
diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb
index ca8a41d93b8..eff0d96f93d 100644
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -24,16 +24,17 @@ class NotificationService
     end
   end
 
-  # When create an issue we should send next emails:
+  # When create an issue we should send an email to:
   #
   #  * issue assignee if their notification level is not Disabled
   #  * project team members with notification level higher then Participating
+  #  * watchers of the issue's labels
   #
   def new_issue(issue, current_user)
     new_resource_email(issue, issue.project, 'new_issue_email')
   end
 
-  # When we close an issue we should send next emails:
+  # When we close an issue we should send an email to:
   #
   #  * issue author if their notification level is not Disabled
   #  * issue assignee if their notification level is not Disabled
@@ -43,7 +44,7 @@ class NotificationService
     close_resource_email(issue, issue.project, current_user, 'closed_issue_email')
   end
 
-  # When we reassign an issue we should send next emails:
+  # When we reassign an issue we should send an email to:
   #
   #  * issue old assignee if their notification level is not Disabled
   #  * issue new assignee if their notification level is not Disabled
@@ -52,16 +53,25 @@ class NotificationService
     reassign_resource_email(issue, issue.project, current_user, 'reassigned_issue_email')
   end
 
+  # When we add labels to an issue we should send an email to:
+  #
+  #  * watchers of the issue's labels
+  #
+  def relabeled_issue(issue, added_labels, current_user)
+    relabeled_resource_email(issue, added_labels, current_user, 'relabeled_issue_email')
+  end
 
-  # When create a merge request we should send next emails:
+  # When create a merge request we should send an email to:
   #
   #  * mr assignee if their notification level is not Disabled
+  #  * project team members with notification level higher then Participating
+  #  * watchers of the mr's labels
   #
   def new_merge_request(merge_request, current_user)
     new_resource_email(merge_request, merge_request.target_project, 'new_merge_request_email')
   end
 
-  # When we reassign a merge_request we should send next emails:
+  # When we reassign a merge_request we should send an email to:
   #
   #  * merge_request old assignee if their notification level is not Disabled
   #  * merge_request assignee if their notification level is not Disabled
@@ -70,6 +80,14 @@ class NotificationService
     reassign_resource_email(merge_request, merge_request.target_project, current_user, 'reassigned_merge_request_email')
   end
 
+  # When we add labels to a merge request we should send an email to:
+  #
+  #  * watchers of the mr's labels
+  #
+  def relabeled_merge_request(merge_request, added_labels, current_user)
+    relabeled_resource_email(merge_request, added_labels, current_user, 'relabeled_merge_request_email')
+  end
+
   def close_mr(merge_request, current_user)
     close_resource_email(merge_request, merge_request.target_project, current_user, 'closed_merge_request_email')
   end
@@ -91,7 +109,8 @@ class NotificationService
     reopen_resource_email(
       merge_request,
       merge_request.target_project,
-      current_user, 'merge_request_status_email',
+      current_user,
+      'merge_request_status_email',
       'reopened'
     )
   end
@@ -143,6 +162,7 @@ class NotificationService
 
     recipients = add_subscribed_users(recipients, note.noteable)
     recipients = reject_unsubscribed_users(recipients, note.noteable)
+    recipients = reject_users_without_access(recipients, note.noteable)
 
     recipients.delete(note.author)
     recipients = recipients.uniq
@@ -217,6 +237,16 @@ class NotificationService
     end
   end
 
+  def issue_moved(issue, new_issue, current_user)
+    recipients = build_recipients(issue, issue.project, current_user)
+
+    recipients.map do |recipient|
+      email = mailer.issue_moved_email(recipient, issue, new_issue, current_user)
+      email.deliver_later
+      email
+    end
+  end
+
   protected
 
   # Get project users with WATCH notification level
@@ -347,20 +377,32 @@ class NotificationService
     end
   end
 
+  def reject_users_without_access(recipients, target)
+    return recipients unless target.is_a?(Issue)
+
+    recipients.select do |user|
+      user.can?(:read_issue, target)
+    end
+  end
+
   def add_subscribed_users(recipients, target)
-    return recipients unless target.respond_to? :subscriptions
+    return recipients unless target.respond_to? :subscribers
 
-    subscriptions = target.subscriptions
+    recipients + target.subscribers
+  end
 
-    if subscriptions.any?
-      recipients + subscriptions.where(subscribed: true).map(&:user)
-    else
-      recipients
+  def add_labels_subscribers(recipients, target, labels: nil)
+    return recipients unless target.respond_to? :labels
+
+    (labels || target.labels).each do |label|
+      recipients += label.subscribers
     end
+
+    recipients
   end
 
   def new_resource_email(target, project, method)
-    recipients = build_recipients(target, project, target.author)
+    recipients = build_recipients(target, project, target.author, action: :new)
 
     recipients.each do |recipient|
       mailer.send(method, recipient.id, target.id).deliver_later
@@ -392,6 +434,15 @@ class NotificationService
     end
   end
 
+  def relabeled_resource_email(target, labels, current_user, method)
+    recipients = build_relabeled_recipients(target, current_user, labels: labels)
+    label_names = labels.map(&:name)
+
+    recipients.each do |recipient|
+      mailer.send(method, recipient.id, target.id, label_names, current_user.id).deliver_later
+    end
+  end
+
   def reopen_resource_email(target, project, current_user, method, status)
     recipients = build_recipients(target, project, current_user)
 
@@ -416,10 +467,23 @@ class NotificationService
 
     recipients = reject_muted_users(recipients, project)
     recipients = add_subscribed_users(recipients, target)
+
+    if action == :new
+      recipients = add_labels_subscribers(recipients, target)
+    end
+
     recipients = reject_unsubscribed_users(recipients, target)
+    recipients = reject_users_without_access(recipients, target)
 
     recipients.delete(current_user)
+    recipients.uniq
+  end
 
+  def build_relabeled_recipients(target, current_user, labels:)
+    recipients = add_labels_subscribers([], target, labels: labels)
+    recipients = reject_unsubscribed_users(recipients, target)
+    recipients = reject_users_without_access(recipients, target)
+    recipients.delete(current_user)
     recipients.uniq
   end
 
diff --git a/app/services/projects/autocomplete_service.rb b/app/services/projects/autocomplete_service.rb
index 7408e09ed1e..ba50305dbd5 100644
--- a/app/services/projects/autocomplete_service.rb
+++ b/app/services/projects/autocomplete_service.rb
@@ -1,11 +1,7 @@
 module Projects
   class AutocompleteService < BaseService
-    def initialize(project)
-      @project = project
-    end
-
     def issues
-      @project.issues.opened.select([:iid, :title])
+      @project.issues.visible_to_user(current_user).opened.select([:iid, :title])
     end
 
     def merge_requests
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index a6820183bee..501e58c1407 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -9,10 +9,8 @@ module Projects
 
       @project = Project.new(params)
 
-      # Make sure that the user is allowed to use the specified visibility
-      # level
-      unless Gitlab::VisibilityLevel.allowed_for?(current_user,
-                                                  params[:visibility_level])
+      # Make sure that the user is allowed to use the specified visibility level
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
         deny_visibility_level(@project)
         return @project
       end
@@ -55,9 +53,7 @@ module Projects
         @project.save
 
         if @project.persisted? && !@project.import?
-          unless @project.create_repository
-            raise 'Failed to create repository'
-          end
+          raise 'Failed to create repository' unless @project.create_repository
         end
       end
 
diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb
index f4dcb142850..df5054f08d7 100644
--- a/app/services/projects/destroy_service.rb
+++ b/app/services/projects/destroy_service.rb
@@ -76,11 +76,9 @@ module Projects
     end
 
     def flush_caches(project, wiki_path)
-      project.repository.expire_all_caches! if project.repository.exists?
+      project.repository.before_delete
 
-      wiki_repo = Repository.new(wiki_path, project)
-
-      wiki_repo.expire_all_caches! if wiki_repo.exists?
+      Repository.new(wiki_path, project).before_delete
     end
   end
 end
diff --git a/app/services/projects/housekeeping_service.rb b/app/services/projects/housekeeping_service.rb
index 0db85ac2142..a0973c5d260 100644
--- a/app/services/projects/housekeeping_service.rb
+++ b/app/services/projects/housekeeping_service.rb
@@ -9,12 +9,39 @@ module Projects
   class HousekeepingService < BaseService
     include Gitlab::ShellAdapter
 
+    LEASE_TIMEOUT = 3600
+
+    class LeaseTaken < StandardError
+      def to_s
+        "Somebody already triggered housekeeping for this project in the past #{LEASE_TIMEOUT / 60} minutes"
+      end
+    end
+
     def initialize(project)
       @project = project
     end
 
     def execute
-      GitlabShellWorker.perform_async(:gc, @project.path_with_namespace)
+      raise LeaseTaken if !try_obtain_lease
+
+      GitlabShellOneShotWorker.perform_async(:gc, @project.path_with_namespace)
+    ensure
+      @project.update_column(:pushes_since_gc, 0)
+    end
+
+    def needed?
+      @project.pushes_since_gc >= 10
+    end
+
+    def increment!
+      @project.increment!(:pushes_since_gc)
+    end
+
+    private
+
+    def try_obtain_lease
+      lease = ::Gitlab::ExclusiveLease.new("project_housekeeping:#{@project.id}", timeout: LEASE_TIMEOUT)
+      lease.try_obtain
     end
   end
 end
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index 895e089bea3..941df08995c 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -3,16 +3,13 @@ module Projects
     def execute
       # check that user is allowed to set specified visibility_level
       new_visibility = params[:visibility_level]
-      if new_visibility
-        if new_visibility.to_i != project.visibility_level
-          unless can?(current_user, :change_visibility_level, project) &&
-            Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
-            deny_visibility_level(project, new_visibility)
-            return project
-          end
+      if new_visibility && new_visibility.to_i != project.visibility_level
+        unless can?(current_user, :change_visibility_level, project) &&
+          Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
+          
+          deny_visibility_level(project, new_visibility)
+          return project
         end
-
-        return false unless visibility_level_allowed?(new_visibility)
       end
 
       new_branch = params[:default_branch]
@@ -27,19 +24,5 @@ module Projects
         end
       end
     end
-
-    private
-
-    def visibility_level_allowed?(level)
-      return true if project.visibility_level_allowed?(level)
-
-      level_name = Gitlab::VisibilityLevel.level_name(level)
-      project.errors.add(
-        :visibility_level,
-        "#{level_name} could not be set as visibility level of this project - parent project settings are more restrictive"
-      )
-
-      false
-    end
   end
 end
diff --git a/app/services/search/global_service.rb b/app/services/search/global_service.rb
index e904cb6c6fc..aa9837038a6 100644
--- a/app/services/search/global_service.rb
+++ b/app/services/search/global_service.rb
@@ -10,9 +10,8 @@ module Search
       group = Group.find_by(id: params[:group_id]) if params[:group_id].present?
       projects = ProjectsFinder.new.execute(current_user)
       projects = projects.in_namespace(group.id) if group
-      project_ids = projects.pluck(:id)
 
-      Gitlab::SearchResults.new(project_ids, params[:search])
+      Gitlab::SearchResults.new(current_user, projects, params[:search])
     end
   end
 end
diff --git a/app/services/search/project_service.rb b/app/services/search/project_service.rb
index f630c0a3790..4b500914cfb 100644
--- a/app/services/search/project_service.rb
+++ b/app/services/search/project_service.rb
@@ -7,7 +7,8 @@ module Search
     end
 
     def execute
-      Gitlab::ProjectSearchResults.new(project.id,
+      Gitlab::ProjectSearchResults.new(current_user,
+                                       project,
                                        params[:search],
                                        params[:repository_ref])
     end
diff --git a/app/services/search/snippet_service.rb b/app/services/search/snippet_service.rb
index 8ca0877321d..0b3e713e220 100644
--- a/app/services/search/snippet_service.rb
+++ b/app/services/search/snippet_service.rb
@@ -7,8 +7,9 @@ module Search
     end
 
     def execute
-      snippet_ids = Snippet.accessible_to(current_user).pluck(:id)
-      Gitlab::SnippetSearchResults.new(snippet_ids, params[:search])
+      snippets = Snippet.accessible_to(current_user)
+
+      Gitlab::SnippetSearchResults.new(snippets, params[:search])
     end
   end
 end
diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index edced010811..e022a046c48 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -66,7 +66,7 @@ class SystemNoteService
   def self.change_label(noteable, project, author, added_labels, removed_labels)
     labels_count = added_labels.count + removed_labels.count
 
-    references     = ->(label) { label.to_reference(:id) }
+    references     = ->(label) { label.to_reference(format: :id) }
     added_labels   = added_labels.map(&references).join(' ')
     removed_labels = removed_labels.map(&references).join(' ')
 
@@ -144,6 +144,18 @@ class SystemNoteService
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
 
+  def self.remove_merge_request_wip(noteable, project, author)
+    body = 'Unmarked this merge request as a Work In Progress'
+
+    create_note(noteable: noteable, project: project, author: author, note: body)
+  end
+
+  def self.add_merge_request_wip(noteable, project, author)
+    body = 'Marked this merge request as a **Work In Progress**'
+
+    create_note(noteable: noteable, project: project, author: author, note: body)
+  end
+
   # Called when the title of a Noteable is changed
   #
   # noteable  - Noteable object that responds to `title`
@@ -207,6 +219,18 @@ class SystemNoteService
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
 
+  # Called when a branch is created from the 'new branch' button on a issue
+  # Example note text:
+  #
+  #   "Started branch `issue-branch-button-201`"
+  def self.new_issue_branch(issue, project, author, branch)
+    h = Gitlab::Application.routes.url_helpers
+    link = h.namespace_project_compare_url(project.namespace, project, from: project.default_branch, to: branch)
+
+    body = "Started branch [`#{branch}`](#{link})"
+    create_note(noteable: issue, project: project, author: author, note: body)
+  end
+
   # Called when a Mentionable references a Noteable
   #
   # noteable  - Noteable object being referenced
@@ -387,4 +411,26 @@ class SystemNoteService
     body = "Marked the task **#{new_task.source}** as #{status_label}"
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
+
+  # Called when noteable has been moved to another project
+  #
+  # direction    - symbol, :to or :from
+  # noteable     - Noteable object
+  # noteable_ref - Referenced noteable
+  # author       - User performing the move
+  #
+  # Example Note text:
+  #
+  #   "Moved to some_namespace/project_new#11"
+  #
+  # Returns the created Note object
+  def self.noteable_moved(noteable, project, noteable_ref, author, direction:)
+    unless [:to, :from].include?(direction)
+      raise ArgumentError, "Invalid direction `#{direction}`"
+    end
+
+    cross_reference = noteable_ref.to_reference(project)
+    body = "Moved #{direction} #{cross_reference}"
+    create_note(noteable: noteable, project: project, author: author, note: body)
+  end
 end
diff --git a/app/services/todo_service.rb b/app/services/todo_service.rb
index dc270602ebc..f2662922e90 100644
--- a/app/services/todo_service.rb
+++ b/app/services/todo_service.rb
@@ -103,24 +103,16 @@ class TodoService
   #  * mark all pending todos related to the target for the current user as done
   #
   def mark_pending_todos_as_done(target, user)
-    pending_todos(user, target.project, target).update_all(state: :done)
+    attributes = attributes_for_target(target)
+    pending_todos(user, attributes).update_all(state: :done)
   end
 
   private
 
-  def create_todos(project, target, author, users, action, note = nil)
+  def create_todos(users, attributes)
     Array(users).each do |user|
-      next if pending_todos(user, project, target).exists?
-
-      Todo.create(
-        project: project,
-        user_id: user.id,
-        author_id: author.id,
-        target_id: target.id,
-        target_type: target.class.name,
-        action: action,
-        note: note
-      )
+      next if pending_todos(user, attributes).exists?
+      Todo.create(attributes.merge(user_id: user.id))
     end
   end
 
@@ -130,8 +122,8 @@ class TodoService
   end
 
   def handle_note(note, author)
-    # Skip system notes, like status changes and cross-references
-    return if note.system
+    # Skip system notes, and notes on project snippet
+    return if note.system? || note.for_project_snippet?
 
     project = note.project
     target  = note.noteable
@@ -142,13 +134,39 @@ class TodoService
 
   def create_assignment_todo(issuable, author)
     if issuable.assignee && issuable.assignee != author
-      create_todos(issuable.project, issuable, author, issuable.assignee, Todo::ASSIGNED)
+      attributes = attributes_for_todo(issuable.project, issuable, author, Todo::ASSIGNED)
+      create_todos(issuable.assignee, attributes)
     end
   end
 
-  def create_mention_todos(project, issuable, author, note = nil)
-    mentioned_users = filter_mentioned_users(project, note || issuable, author)
-    create_todos(project, issuable, author, mentioned_users, Todo::MENTIONED, note)
+  def create_mention_todos(project, target, author, note = nil)
+    mentioned_users = filter_mentioned_users(project, note || target, author)
+    attributes = attributes_for_todo(project, target, author, Todo::MENTIONED, note)
+    create_todos(mentioned_users, attributes)
+  end
+
+  def attributes_for_target(target)
+    attributes = {
+      project_id: target.project.id,
+      target_id: target.id,
+      target_type: target.class.name,
+      commit_id: nil
+    }
+
+    if target.is_a?(Commit)
+      attributes.merge!(target_id: nil, commit_id: target.id)
+    end
+
+    attributes
+  end
+
+  def attributes_for_todo(project, target, author, action, note = nil)
+    attributes_for_target(target).merge!(
+      project_id: project.id,
+      author_id: author.id,
+      action: action,
+      note: note
+    )
   end
 
   def filter_mentioned_users(project, target, author)
@@ -160,11 +178,8 @@ class TodoService
     mentioned_users.uniq
   end
 
-  def pending_todos(user, project, target)
-    user.todos.pending.where(
-      project_id: project.id,
-      target_id: target.id,
-      target_type: target.class.name
-    )
+  def pending_todos(user, criteria = {})
+    valid_keys = [:project_id, :target_id, :target_type, :commit_id]
+    user.todos.pending.where(criteria.slice(*valid_keys))
   end
 end
diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb
index e9328bb7323..93af8f21972 100644
--- a/app/services/update_snippet_service.rb
+++ b/app/services/update_snippet_service.rb
@@ -9,7 +9,6 @@ class UpdateSnippetService < BaseService
   def execute
     # check that user is allowed to set specified visibility_level
     new_visibility = params[:visibility_level]
-
     if new_visibility && new_visibility.to_i != snippet.visibility_level
       unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
         deny_visibility_level(snippet, new_visibility)