Merge commit '8af23def1d6' into object-storage-ee-to-ce-backport

22 files changed, 223 insertions, 74 deletions

diff --git a/config/application.rb b/config/application.rb
index 1110199b888..751307de975 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -6,6 +6,7 @@ Bundler.require(:default, Rails.env)
 
 module Gitlab
   class Application < Rails::Application
+    require_dependency Rails.root.join('lib/gitlab/redis/wrapper')
     require_dependency Rails.root.join('lib/gitlab/redis/cache')
     require_dependency Rails.root.join('lib/gitlab/redis/queues')
     require_dependency Rails.root.join('lib/gitlab/redis/shared_state')
@@ -61,6 +62,7 @@ module Gitlab
     # - Any parameter containing `secret`
     # - Two-factor tokens (:otp_attempt)
     # - Repo/Project Import URLs (:import_url)
+    # - Build traces (:trace)
     # - Build variables (:variables)
     # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
     # - Webhook URLs (:hook)
@@ -75,6 +77,7 @@ module Gitlab
       key
       otp_attempt
       sentry_dsn
+      trace
       variables
     )
 
@@ -96,10 +99,11 @@ module Gitlab
 
     # Enable the asset pipeline
     config.assets.enabled = true
+
     # Support legacy unicode file named img emojis, `1F939.png`
     config.assets.paths << Gemojione.images_path
-    config.assets.paths << "vendor/assets/fonts"
-    config.assets.precompile << "*.png"
+    config.assets.paths << "#{config.root}/vendor/assets/fonts"
+
     config.assets.precompile << "print.css"
     config.assets.precompile << "notify.css"
     config.assets.precompile << "mailers/*.css"
@@ -108,7 +112,6 @@ module Gitlab
     config.assets.precompile << "xterm/xterm.css"
     config.assets.precompile << "performance_bar.css"
     config.assets.precompile << "lib/ace.js"
-    config.assets.precompile << "vendor/assets/fonts/*"
     config.assets.precompile << "test.css"
     config.assets.precompile << "locale/**/app.js"
 
@@ -149,6 +152,7 @@ module Gitlab
       caching_config_hash[:pool_size] = Sidekiq.options[:concurrency] + 5
       caching_config_hash[:pool_timeout] = 1
     end
+
     config.cache_store = :redis_store, caching_config_hash
 
     config.active_record.raise_in_transactional_callbacks = true
diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml
index 60df92a44fc..778cca4297f 100644
--- a/config/dependency_decisions.yml
+++ b/config/dependency_decisions.yml
@@ -467,8 +467,8 @@
 - - :license
   - pikaday
   - MIT
-  - :who: 
-    :why: 
+  - :who:
+    :why:
     :versions: []
     :when: 2017-10-17 17:46:12.367554000 Z
 - - :license
@@ -503,3 +503,16 @@
     :versions:
     - 1.0.9
     :when: 2017-11-16 13:02:06.765282000 Z
+- - :license
+  - JSONStream
+  - MIT
+  - :who: Tim Zallmann
+    :why: https://github.com/dominictarr/JSONStream/blob/master/LICENSE.MIT
+    :versions: []
+    :when: 2018-01-17 22:46:12.367554000 Z
+- - :approve
+  - uws
+  - :who: Tim Zallmann
+    :why: zlib license + Development Lib + https://github.com/uNetworking/uWebSockets/blob/master/LICENSE
+    :versions: []
+    :when: 2018-01-17 23:46:12.367554000 Z
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index c360c42509a..65b4d63df2f 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -216,14 +216,16 @@ production: &base
     host: 'https://mattermost.example.com'
 
   ## Gravatar
-  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
+  ## If using gravatar.com, there's nothing to change here. For Libravatar
+  ## you'll need to provide the custom URLs. For more information,
+  ## see: https://docs.gitlab.com/ee/customization/libravatar.html
   gravatar:
-    # gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
-    # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+    # Gravatar/Libravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username}
+    # plain_url: "http://..."     # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
     # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
 
   ## Auxiliary jobs
-  # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
+  # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
   # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
   cron_jobs:
     # Flag stuck CI jobs as failed
@@ -725,8 +727,6 @@ test:
     # user: YOUR_USERNAME
   pages:
     path: tmp/tests/pages
-  artifacts:
-    path: tmp/tests/artifacts
   repositories:
     storages:
       default:
diff --git a/config/initializers/0_post_deployment_migrations.rb b/config/initializers/0_post_deployment_migrations.rb
index 0068a03d214..3d81b869b52 100644
--- a/config/initializers/0_post_deployment_migrations.rb
+++ b/config/initializers/0_post_deployment_migrations.rb
@@ -2,11 +2,13 @@
 # before other initializers as Rails may otherwise memoize a list of migrations
 # excluding the post deployment migrations.
 unless ENV['SKIP_POST_DEPLOYMENT_MIGRATIONS']
-  path = Rails.root.join('db', 'post_migrate').to_s
+  Rails.application.config.paths['db'].each do |db_path|
+    path = Rails.root.join(db_path, 'post_migrate').to_s
 
-  Rails.application.config.paths['db/migrate'] << path
+    Rails.application.config.paths['db/migrate'] << path
 
-  # Rails memoizes migrations at certain points where it won't read the above
-  # path just yet. As such we must also update the following list of paths.
-  ActiveRecord::Migrator.migrations_paths << path
+    # Rails memoizes migrations at certain points where it won't read the above
+    # path just yet. As such we must also update the following list of paths.
+    ActiveRecord::Migrator.migrations_paths << path
+  end
 end
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index ab953583df9..c1d4669b3c5 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -68,6 +68,7 @@ class Settings < Settingslogic
         end
         values.delete_if { |value| value.nil? }
       end
+
       values
     end
 
@@ -78,6 +79,7 @@ class Settings < Settingslogic
       if current.is_a? String
         value = modul.const_get(current.upcase) rescue default
       end
+
       value
     end
 
@@ -108,7 +110,7 @@ class Settings < Settingslogic
       url = "http://#{url}" unless url.start_with?('http')
 
       # Get rid of the path so that we don't even have to encode it
-      url_without_path = url.sub(%r{(https?://[^\/]+)/?.*}, '\1')
+      url_without_path = url.sub(%r{(https?://[^/]+)/?.*}, '\1')
 
       URI.parse(url_without_path).host
     end
@@ -376,7 +378,7 @@ Settings.mattermost['host'] = nil unless Settings.mattermost.enabled
 #
 Settings['gravatar'] ||= Settingslogic.new({})
 Settings.gravatar['enabled']      = true if Settings.gravatar['enabled'].nil?
-Settings.gravatar['plain_url']  ||= 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
+Settings.gravatar['plain_url']  ||= 'https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
 Settings.gravatar['ssl_url']    ||= 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
 Settings.gravatar['host']         = Settings.host_without_www(Settings.gravatar['plain_url'])
 
@@ -495,10 +497,10 @@ end
 # repository_downloads_path value.
 #
 repositories_storages          = Settings.repositories.storages.values
-repository_downloads_path      = Settings.gitlab['repository_downloads_path'].to_s.gsub(/\/$/, '')
+repository_downloads_path      = Settings.gitlab['repository_downloads_path'].to_s.gsub(%r{/$}, '')
 repository_downloads_full_path = File.expand_path(repository_downloads_path, Settings.gitlab['user_home'])
 
-if repository_downloads_path.blank? || repositories_storages.any? { |rs| [repository_downloads_path, repository_downloads_full_path].include?(rs['path'].gsub(/\/$/, '')) }
+if repository_downloads_path.blank? || repositories_storages.any? { |rs| [repository_downloads_path, repository_downloads_full_path].include?(rs['path'].gsub(%r{/$}, '')) }
   Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive')
 end
 
diff --git a/config/initializers/active_record_data_types.rb b/config/initializers/active_record_data_types.rb
index 0359e14b232..fda13d0c4cb 100644
--- a/config/initializers/active_record_data_types.rb
+++ b/config/initializers/active_record_data_types.rb
@@ -54,7 +54,7 @@ elsif Gitlab::Database.mysql?
     def initialize_type_map(mapping)
       super mapping
 
-      mapping.register_type(%r(timestamp)i) do |sql_type|
+      mapping.register_type(/timestamp/i) do |sql_type|
         precision = extract_precision(sql_type)
         ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::MysqlDateTimeWithTimeZone.new(precision: precision)
       end
diff --git a/config/initializers/ar5_pg_10_support.rb b/config/initializers/ar5_pg_10_support.rb
new file mode 100644
index 00000000000..a529c74a8ce
--- /dev/null
+++ b/config/initializers/ar5_pg_10_support.rb
@@ -0,0 +1,59 @@
+raise "Vendored ActiveRecord 5 code! Delete #{__FILE__}!" if ActiveRecord::VERSION::MAJOR >= 5
+
+if Gitlab::Database.postgresql?
+  require 'active_record/connection_adapters/postgresql_adapter'
+  require 'active_record/connection_adapters/postgresql/schema_statements'
+
+  #
+  # Monkey-patch the refused Rails 4.2 patch at https://github.com/rails/rails/pull/31330
+  #
+  # Updates sequence logic to support PostgreSQL 10.
+  #
+  # rubocop:disable all
+  module ActiveRecord
+    module ConnectionAdapters
+
+      # We need #postgresql_version to be public as in ActiveRecord 5 for seed_fu
+      # to work. In ActiveRecord 4, it is protected.
+      # https://github.com/mbleigh/seed-fu/issues/123
+      class PostgreSQLAdapter
+        public :postgresql_version
+      end
+
+      module PostgreSQL
+        module SchemaStatements
+          # Resets the sequence of a table's primary key to the maximum value.
+          def reset_pk_sequence!(table, pk = nil, sequence = nil) #:nodoc:
+            unless pk and sequence
+              default_pk, default_sequence = pk_and_sequence_for(table)
+
+              pk ||= default_pk
+              sequence ||= default_sequence
+            end
+
+            if @logger && pk && !sequence
+              @logger.warn "#{table} has primary key #{pk} with no default sequence"
+            end
+
+            if pk && sequence
+              quoted_sequence = quote_table_name(sequence)
+              max_pk = select_value("SELECT MAX(#{quote_column_name pk}) FROM #{quote_table_name(table)}")
+              if max_pk.nil?
+                if postgresql_version >= 100000
+                  minvalue = select_value("SELECT seqmin FROM pg_sequence WHERE seqrelid = #{quote(quoted_sequence)}::regclass")
+                else
+                  minvalue = select_value("SELECT min_value FROM #{quoted_sequence}")
+                end
+              end
+
+              select_value <<-end_sql, 'SCHEMA'
+                SELECT setval(#{quote(quoted_sequence)}, #{max_pk ? max_pk : minvalue}, #{max_pk ? true : false})
+              end_sql
+            end
+          end
+        end
+      end
+    end
+  end
+  # rubocop:enable all
+end
diff --git a/config/initializers/date_time_formats.rb b/config/initializers/date_time_formats.rb
index 57568203cab..1939ced512d 100644
--- a/config/initializers/date_time_formats.rb
+++ b/config/initializers/date_time_formats.rb
@@ -2,8 +2,10 @@
 # :medium - Nov 10, 2007
 # :long   - November 10, 2007
 Date::DATE_FORMATS[:medium] = '%b %-d, %Y'
+Date::DATE_FORMATS[:csv] = '%Y-%m-%d'
 
 # :short  - 18 Jan 06:10
 # :medium - Jan 18, 2007 6:10am
 # :long   - January 18, 2007 06:10
 Time::DATE_FORMATS[:medium] = '%b %-d, %Y %-I:%M%P'
+Time::DATE_FORMATS[:csv] = '%Y-%m-%d %H:%M:%S'
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 051ef93b205..fa25f3778fa 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -241,6 +241,7 @@ Devise.setup do |config|
           true
         end
       end
+
       if provider['name'] == 'authentiq'
         provider['args'][:remote_sign_out_handler] = lambda do |request|
           authentiq_session = request.params['sid']
diff --git a/config/initializers/gollum.rb b/config/initializers/gollum.rb
index f1066f83dd9..0b86cac51a7 100644
--- a/config/initializers/gollum.rb
+++ b/config/initializers/gollum.rb
@@ -36,6 +36,26 @@ module Gollum
       end
     end
   end
+
+  module Git
+    class Git
+      def tree_entry(commit, path)
+        pathname = Pathname.new(path)
+        tmp_entry = nil
+
+        pathname.each_filename do |dir|
+          tmp_entry = if tmp_entry.nil?
+                        commit.tree[dir]
+                      else
+                        @repo.lookup(tmp_entry[:oid])[dir]
+                      end
+
+          return nil unless tmp_entry
+        end
+        tmp_entry
+      end
+    end
+  end
 end
 
 Rails.application.configure do
diff --git a/config/initializers/grape_route_helpers_fix.rb b/config/initializers/grape_route_helpers_fix.rb
index d3cf9e453d0..612cca3dfbd 100644
--- a/config/initializers/grape_route_helpers_fix.rb
+++ b/config/initializers/grape_route_helpers_fix.rb
@@ -1,5 +1,21 @@
 if defined?(GrapeRouteHelpers)
   module GrapeRouteHelpers
+    module AllRoutes
+      # Bringing in PR https://github.com/reprah/grape-route-helpers/pull/21 due to abandonment.
+      #
+      # Without the following fix, when two helper methods are the same, but have different arguments
+      # (for example: api_v1_cats_owners_path(id: 1) vs api_v1_cats_owners_path(id: 1, owner_id: 2))
+      # if the helper method with the least number of arguments is defined first (because the route was defined first)
+      # then it will shadow the longer route.
+      #
+      # The fix is to sort descending by amount of arguments
+      def decorated_routes
+        @decorated_routes ||= all_routes
+                                .map { |r| DecoratedRoute.new(r) }
+                                .sort_by { |r| -r.dynamic_path_segments.count }
+      end
+    end
+
     class DecoratedRoute
       # GrapeRouteHelpers gem tries to parse the versions
       # from a string, not supporting Grape `version` array definition.
diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb
index 581397b26f8..11759801112 100644
--- a/config/initializers/peek.rb
+++ b/config/initializers/peek.rb
@@ -2,15 +2,19 @@ Rails.application.config.peek.adapter = :redis, { client: ::Redis.new(Gitlab::Re
 
 Peek.into Peek::Views::Host
 Peek.into Peek::Views::PerformanceBar
+
 if Gitlab::Database.mysql?
   require 'peek-mysql2'
   PEEK_DB_CLIENT = ::Mysql2::Client
   PEEK_DB_VIEW = Peek::Views::Mysql2
-else
+elsif Gitlab::Database.postgresql?
   require 'peek-pg'
   PEEK_DB_CLIENT = ::PG::Connection
   PEEK_DB_VIEW = Peek::Views::PG
+else
+  raise "Unsupported database adapter for peek!"
 end
+
 Peek.into PEEK_DB_VIEW
 Peek.into Peek::Views::Redis
 Peek.into Peek::Views::Sidekiq
diff --git a/config/initializers/rugged_use_gitlab_git_attributes.rb b/config/initializers/rugged_use_gitlab_git_attributes.rb
deleted file mode 100644
index 1cfb3bcb4bd..00000000000
--- a/config/initializers/rugged_use_gitlab_git_attributes.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-# We don't want to ever call Rugged::Repository#fetch_attributes, because it has
-# a lot of I/O overhead:
-# <https://gitlab.com/gitlab-org/gitlab_git/commit/340e111e040ae847b614d35b4d3173ec48329015>
-#
-# While we don't do this from within the GitLab source itself, the Linguist gem
-# has a dependency on Rugged and uses the gitattributes file when calculating
-# repository-wide language statistics:
-# <https://github.com/github/linguist/blob/v4.7.0/lib/linguist/lazy_blob.rb#L33-L36>
-#
-# The options passed by Linguist are those assumed by Gitlab::Git::Attributes
-# anyway, and there is no great efficiency gain from just fetching the listed
-# attributes with our implementation, so we ignore the additional arguments.
-#
-module Rugged
-  class Repository
-    module UseGitlabGitAttributes
-      def fetch_attributes(name, *)
-        attributes.attributes(name)
-      end
-
-      def attributes
-        @attributes ||= Gitlab::Git::Attributes.new(path)
-      end
-    end
-
-    prepend UseGitlabGitAttributes
-  end
-end
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 3d83fb92d56..ee034d21eae 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -2,4 +2,8 @@ Rails.application.configure do |config|
   Warden::Manager.after_set_user do |user, auth, opts|
     Gitlab::Auth::UniqueIpsLimiter.limit_user!(user)
   end
+
+  Warden::Manager.before_failure do |env, opts|
+    Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
+  end
 end
diff --git a/config/karma.config.js b/config/karma.config.js
index 9f018d14b8f..a101d35704e 100644
--- a/config/karma.config.js
+++ b/config/karma.config.js
@@ -18,6 +18,8 @@ webpackConfig.devtool = 'cheap-inline-source-map';
 
 // Karma configuration
 module.exports = function(config) {
+  process.env.TZ = 'Etc/UTC';
+
   var progressReporter = process.env.CI ? 'mocha' : 'progress';
 
   var karmaConfig = {
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 8932db138d9..795e5d4e6bc 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2,6 +2,18 @@
 # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
 
 en:
+  hello: "Hello world"
+  activerecord:
+    attributes:
+      issue_link:
+        source: Source issue
+        target: Target issue
+  errors:
+    messages:
+      label_already_exists_at_group_level: "already exists at group level for %{group}. Please choose another one."
+      wrong_size: "is the wrong size (should be %{file_size})"
+      size_too_small: "is too small (should be at least %{file_size})"
+      size_too_big: "is too big (should be at most %{file_size})"
   views:
     pagination:
       previous: "Prev"
diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index e22fb440abc..3cca1210e39 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -1,5 +1,5 @@
 namespace :admin do
-  resources :users, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
+  resources :users, constraints: { id: %r{[a-zA-Z./0-9_\-]+} } do
     resources :keys, only: [:show, :destroy]
     resources :identities, except: [:show]
     resources :impersonation_tokens, only: [:index, :create] do
@@ -24,6 +24,8 @@ namespace :admin do
   resource :impersonation, only: :destroy
 
   resources :abuse_reports, only: [:index, :destroy]
+  resources :gitaly_servers, only: [:index]
+
   resources :spam_logs, only: [:index, :destroy] do
     member do
       post :mark_as_ham
diff --git a/config/routes/group.rb b/config/routes/group.rb
index 976837a246d..24c76bc55ab 100644
--- a/config/routes/group.rb
+++ b/config/routes/group.rb
@@ -35,7 +35,7 @@ constraints(GroupUrlConstrainer.new) do
       post :toggle_subscription, on: :member
     end
 
-    resources :milestones, constraints: { id: /[^\/]+/ }, only: [:index, :show, :edit, :update, :new, :create] do
+    resources :milestones, constraints: { id: %r{[^/]+} }, only: [:index, :show, :edit, :update, :new, :create] do
       member do
         get :merge_requests
         get :participants
@@ -52,7 +52,7 @@ constraints(GroupUrlConstrainer.new) do
 
     resources :uploads, only: [:create] do
       collection do
-        get ":secret/:filename", action: :show, as: :show, constraints: { filename: /[^\/]+/ }
+        get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }
       end
     end
   end
diff --git a/config/routes/project.rb b/config/routes/project.rb
index bdf4b199c0a..bcaa68c8ce5 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -40,7 +40,7 @@ constraints(ProjectUrlConstrainer.new) do
       #
       # Templates
       #
-      get '/templates/:template_type/:key' => 'templates#show', as: :template
+      get '/templates/:template_type/:key' => 'templates#show', as: :template, constraints: { key: %r{[^/]+} }
 
       resource  :avatar, only: [:show, :destroy]
       resources :commit, only: [:show], constraints: { id: /\h{7,40}/ } do
@@ -50,11 +50,12 @@ constraints(ProjectUrlConstrainer.new) do
           post :revert
           post :cherry_pick
           get :diff_for_path
+          get :merge_requests
         end
       end
 
       resource :pages, only: [:show, :destroy] do
-        resources :domains, only: [:show, :new, :create, :destroy], controller: 'pages_domains', constraints: { id: /[^\/]+/ }
+        resources :domains, only: [:show, :new, :create, :destroy], controller: 'pages_domains', constraints: { id: %r{[^/]+} }
       end
 
       resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do
@@ -64,7 +65,7 @@ constraints(ProjectUrlConstrainer.new) do
         end
       end
 
-      resources :services, constraints: { id: /[^\/]+/ }, only: [:index, :edit, :update] do
+      resources :services, constraints: { id: %r{[^/]+} }, only: [:index, :edit, :update] do
         member do
           put :test
         end
@@ -345,7 +346,7 @@ constraints(ProjectUrlConstrainer.new) do
         end
       end
 
-      resources :project_members, except: [:show, :new, :edit], constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ }, concerns: :access_requestable do
+      resources :project_members, except: [:show, :new, :edit], constraints: { id: %r{[a-zA-Z./0-9_\-#%+]+} }, concerns: :access_requestable do
         collection do
           delete :leave
 
@@ -378,7 +379,7 @@ constraints(ProjectUrlConstrainer.new) do
 
       resources :uploads, only: [:create] do
         collection do
-          get ":secret/:filename", action: :show, as: :show, constraints: { filename: /[^\/]+/ }
+          get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }
         end
       end
 
diff --git a/config/routes/uploads.rb b/config/routes/uploads.rb
index d7bca8310e4..6370645bcb9 100644
--- a/config/routes/uploads.rb
+++ b/config/routes/uploads.rb
@@ -2,17 +2,17 @@ scope path: :uploads do
   # Note attachments and User/Group/Project avatars
   get "-/system/:model/:mounted_as/:id/:filename",
       to:           "uploads#show",
-      constraints:  { model: /note|user|group|project/, mounted_as: /avatar|attachment/, filename: /[^\/]+/ }
+      constraints:  { model: /note|user|group|project/, mounted_as: /avatar|attachment/, filename: %r{[^/]+} }
 
   # show uploads for models, snippets (notes) available for now
   get '-/system/:model/:id/:secret/:filename',
     to: 'uploads#show',
-    constraints: { model: /personal_snippet/, id: /\d+/, filename: /[^\/]+/ }
+    constraints: { model: /personal_snippet/, id: /\d+/, filename: %r{[^/]+} }
 
   # show temporary uploads
   get '-/system/temp/:secret/:filename',
     to: 'uploads#show',
-    constraints: { filename: /[^\/]+/ }
+    constraints: { filename: %r{[^/]+} }
 
   # Appearance
   get "-/system/:model/:mounted_as/:id/:filename",
@@ -22,7 +22,7 @@ scope path: :uploads do
   # Project markdown uploads
   get ":namespace_id/:project_id/:secret/:filename",
     to:           "projects/uploads#show",
-    constraints:  { namespace_id: /[a-zA-Z.0-9_\-]+/, project_id: /[a-zA-Z.0-9_\-]+/, filename: /[^\/]+/ }
+    constraints:  { namespace_id: /[a-zA-Z.0-9_\-]+/, project_id: /[a-zA-Z.0-9_\-]+/, filename: %r{[^/]+} }
 
   # create uploads for models, snippets (notes) available for now
   post ':model',
@@ -34,4 +34,4 @@ end
 # Redirect old note attachments path to new uploads path.
 get "files/note/:id/:filename",
   to:           redirect("uploads/note/attachment/%{id}/%{filename}"),
-  constraints:  { filename: /[^\/]+/ }
+  constraints:  { filename: %r{[^/]+} }
diff --git a/config/unicorn.rb.example.development b/config/unicorn.rb.example.development
index 3cd00d53a15..0df028648d1 100644
--- a/config/unicorn.rb.example.development
+++ b/config/unicorn.rb.example.development
@@ -1,2 +1,15 @@
 worker_processes 2
 timeout 60
+
+before_fork do |server, worker|
+  if /darwin/ =~ RUBY_PLATFORM
+    require 'fiddle'
+
+    # Dynamically load Foundation.framework, ~implicitly~ initialising
+    # the Objective-C runtime before any forking happens in Unicorn
+    #
+    # From https://bugs.ruby-lang.org/issues/14009
+    Fiddle.dlopen '/System/Library/Frameworks/Foundation.framework/Foundation'
+  end
+end
+
diff --git a/config/webpack.config.js b/config/webpack.config.js
index 5f95255334c..783677b5b8d 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -1,5 +1,6 @@
 'use strict';
 
+var crypto = require('crypto');
 var fs = require('fs');
 var path = require('path');
 var webpack = require('webpack');
@@ -43,9 +44,6 @@ var config = {
     graphs:               './graphs/graphs_bundle.js',
     graphs_charts:        './graphs/graphs_charts.js',
     graphs_show:          './graphs/graphs_show.js',
-    group:                './group.js',
-    groups:               './groups/index.js',
-    groups_list:          './groups_list.js',
     help:                 './help/help.js',
     how_to_merge:         './how_to_merge.js',
     issue_show:           './issue_show/index.js',
@@ -65,7 +63,6 @@ var config = {
     pipelines_times:      './pipelines/pipelines_times.js',
     profile:              './profile/profile_bundle.js',
     project_import_gl:    './projects/project_import_gitlab_project.js',
-    project_new:          './projects/project_new.js',
     prometheus_metrics:   './prometheus_metrics',
     protected_branches:   './protected_branches',
     protected_tags:       './protected_tags',
@@ -85,7 +82,6 @@ var config = {
     test:                 './test.js',
     two_factor_auth:      './two_factor_auth.js',
     users:                './users/index.js',
-    performance_bar:      './performance_bar.js',
     webpack_runtime:      './webpack.js',
   },
 
@@ -119,7 +115,12 @@ var config = {
       {
         test: /\_worker\.js$/,
         use: [
-          { loader: 'worker-loader' },
+          {
+            loader: 'worker-loader',
+            options: {
+              inline: true
+            }
+          },
           { loader: 'babel-loader' },
         ],
       },
@@ -179,15 +180,34 @@ var config = {
       if (chunk.name) {
         return chunk.name;
       }
-      return chunk.mapModules((m) => {
+
+      const moduleNames = [];
+
+      function collectModuleNames(m) {
+        // handle ConcatenatedModule which does not have resource nor context set
+        if (m.modules) {
+          m.modules.forEach(collectModuleNames);
+          return;
+        }
+
         const pagesBase = path.join(ROOT_PATH, 'app/assets/javascripts/pages');
+
         if (m.resource.indexOf(pagesBase) === 0) {
-          return path.relative(pagesBase, m.resource)
+          moduleNames.push(path.relative(pagesBase, m.resource)
             .replace(/\/index\.[a-z]+$/, '')
-            .replace(/\//g, '__');
+            .replace(/\//g, '__'));
+        } else {
+          moduleNames.push(path.relative(m.context, m.resource));
         }
-        return path.relative(m.context, m.resource);
-      }).join('_');
+      }
+
+      chunk.forEachModule(collectModuleNames);
+
+      const hash = crypto.createHash('sha256')
+        .update(moduleNames.join('_'))
+        .digest('hex');
+
+      return `${moduleNames[0]}-${hash.substr(0, 6)}`;
     }),
 
     // create cacheable common library bundle for all vue chunks