Merge remote-tracking branch 'upstream/master' into 30634-protected-pipeline

* upstream/master: (1168 commits)
  Job details won't scroll horizontally to show long lines
  Bring back branches badge to main project page
  Limit OpenGraph image size to 64x64
  Improve changelog
  Split up MergeRequestsController
  Add parent_id back to the tests
  Make changelog more descriptive
  Improve tests text
  Rename members_count to members_count_with_descendants and expose only to group admins
  Fix a bug where an invalid sort param value was passed to Gitaly
  Drop default ORDER scope when calling a find method on a Sortable model
  Add tests for project import state transition: [:started] => [:finished]
  Add CHANGELOG
  Perform housekeeping only when an import of a fresh project is completed
  Strip trailing whitespace in relative submodule URL
  Adjust projects spec on namespace fields
  Add "members_count" and "parent_id" data on namespaces API
  Removes redundant pending delete checks
  Fix gitaly ref encoding bugs
  Add ProjectWiki#ensure_repository
  ...

38 files changed, 1092 insertions, 342 deletions

diff --git a/spec/requests/api/award_emoji_spec.rb b/spec/requests/api/award_emoji_spec.rb
index bbdef0aeb1b..6d822b5cb4f 100644
--- a/spec/requests/api/award_emoji_spec.rb
+++ b/spec/requests/api/award_emoji_spec.rb
@@ -9,7 +9,9 @@ describe API::AwardEmoji do
   let!(:downvote)       { create(:award_emoji, :downvote, awardable: merge_request, user: user) }
   let!(:note)           { create(:note, project: project, noteable: issue) }
 
-  before { project.team << [user, :master] }
+  before do
+    project.team << [user, :master]
+  end
 
   describe "GET /projects/:id/awardable/:awardable_id/award_emoji" do
     context 'on an issue' do
diff --git a/spec/requests/api/commit_statuses_spec.rb b/spec/requests/api/commit_statuses_spec.rb
index 6b637a03b6f..cdb60fc0d1a 100644
--- a/spec/requests/api/commit_statuses_spec.rb
+++ b/spec/requests/api/commit_statuses_spec.rb
@@ -34,7 +34,9 @@ describe API::CommitStatuses do
         let!(:status6) { create_status(master, status: 'success') }
 
         context 'latest commit statuses' do
-          before { get api(get_url, reporter) }
+          before do
+            get api(get_url, reporter)
+          end
 
           it 'returns latest commit statuses' do
             expect(response).to have_http_status(200)
@@ -48,7 +50,9 @@ describe API::CommitStatuses do
         end
 
         context 'all commit statuses' do
-          before { get api(get_url, reporter), all: 1 }
+          before do
+            get api(get_url, reporter), all: 1
+          end
 
           it 'returns all commit statuses' do
             expect(response).to have_http_status(200)
@@ -61,7 +65,9 @@ describe API::CommitStatuses do
         end
 
         context 'latest commit statuses for specific ref' do
-          before { get api(get_url, reporter), ref: 'develop' }
+          before do
+            get api(get_url, reporter), ref: 'develop'
+          end
 
           it 'returns latest commit statuses for specific ref' do
             expect(response).to have_http_status(200)
@@ -72,7 +78,9 @@ describe API::CommitStatuses do
         end
 
         context 'latest commit statues for specific name' do
-          before { get api(get_url, reporter), name: 'coverage' }
+          before do
+            get api(get_url, reporter), name: 'coverage'
+          end
 
           it 'return latest commit statuses for specific name' do
             expect(response).to have_http_status(200)
@@ -85,7 +93,9 @@ describe API::CommitStatuses do
     end
 
     context 'ci commit does not exist' do
-      before { get api(get_url, reporter) }
+      before do
+        get api(get_url, reporter)
+      end
 
       it 'returns empty array' do
         expect(response.status).to eq 200
@@ -95,7 +105,9 @@ describe API::CommitStatuses do
     end
 
     context "guest user" do
-      before { get api(get_url, guest) }
+      before do
+        get api(get_url, guest)
+      end
 
       it "does not return project commits" do
         expect(response).to have_http_status(403)
@@ -103,7 +115,9 @@ describe API::CommitStatuses do
     end
 
     context "unauthorized user" do
-      before { get api(get_url) }
+      before do
+        get api(get_url)
+      end
 
       it "does not return project commits" do
         expect(response).to have_http_status(401)
@@ -150,25 +164,40 @@ describe API::CommitStatuses do
 
       context 'with all optional parameters' do
         context 'when creating a commit status' do
-          it 'creates commit status' do
+          subject do
             post api(post_url, developer), {
               state: 'success',
               context: 'coverage',
-              ref: 'develop',
+              ref: 'master',
               description: 'test',
               coverage: 80.0,
               target_url: 'http://gitlab.com/status'
             }
+          end
+
+          it 'creates commit status' do
+            subject
 
             expect(response).to have_http_status(201)
             expect(json_response['sha']).to eq(commit.id)
             expect(json_response['status']).to eq('success')
             expect(json_response['name']).to eq('coverage')
-            expect(json_response['ref']).to eq('develop')
+            expect(json_response['ref']).to eq('master')
             expect(json_response['coverage']).to eq(80.0)
             expect(json_response['description']).to eq('test')
             expect(json_response['target_url']).to eq('http://gitlab.com/status')
           end
+
+          context 'when merge request exists for given branch' do
+            let!(:merge_request) { create(:merge_request, source_project: project, source_branch: 'master', target_branch: 'develop') }
+
+            it 'sets head pipeline' do
+              subject
+
+              expect(response).to have_http_status(201)
+              expect(merge_request.reload.head_pipeline).not_to be_nil
+            end
+          end
         end
 
         context 'when updatig a commit status' do
@@ -176,7 +205,7 @@ describe API::CommitStatuses do
             post api(post_url, developer), {
               state: 'running',
               context: 'coverage',
-              ref: 'develop',
+              ref: 'master',
               description: 'coverage test',
               coverage: 0.0,
               target_url: 'http://gitlab.com/status'
@@ -185,7 +214,7 @@ describe API::CommitStatuses do
             post api(post_url, developer), {
               state: 'success',
               name: 'coverage',
-              ref: 'develop',
+              ref: 'master',
               description: 'new description',
               coverage: 90.0
             }
@@ -196,7 +225,7 @@ describe API::CommitStatuses do
             expect(json_response['sha']).to eq(commit.id)
             expect(json_response['status']).to eq('success')
             expect(json_response['name']).to eq('coverage')
-            expect(json_response['ref']).to eq('develop')
+            expect(json_response['ref']).to eq('master')
             expect(json_response['coverage']).to eq(90.0)
             expect(json_response['description']).to eq('new description')
             expect(json_response['target_url']).to eq('http://gitlab.com/status')
@@ -209,7 +238,9 @@ describe API::CommitStatuses do
       end
 
       context 'when status is invalid' do
-        before { post api(post_url, developer), state: 'invalid' }
+        before do
+          post api(post_url, developer), state: 'invalid'
+        end
 
         it 'does not create commit status' do
           expect(response).to have_http_status(400)
@@ -217,7 +248,9 @@ describe API::CommitStatuses do
       end
 
       context 'when request without a state made' do
-        before { post api(post_url, developer) }
+        before do
+          post api(post_url, developer)
+        end
 
         it 'does not create commit status' do
           expect(response).to have_http_status(400)
@@ -226,7 +259,10 @@ describe API::CommitStatuses do
 
       context 'when commit SHA is invalid' do
         let(:sha) { 'invalid_sha' }
-        before { post api(post_url, developer), state: 'running' }
+
+        before do
+          post api(post_url, developer), state: 'running'
+        end
 
         it 'returns not found error' do
           expect(response).to have_http_status(404)
@@ -248,7 +284,9 @@ describe API::CommitStatuses do
     end
 
     context 'reporter user' do
-      before { post api(post_url, reporter), state: 'running' }
+      before do
+        post api(post_url, reporter), state: 'running'
+      end
 
       it 'does not create commit status' do
         expect(response).to have_http_status(403)
@@ -256,7 +294,9 @@ describe API::CommitStatuses do
     end
 
     context 'guest user' do
-      before { post api(post_url, guest), state: 'running' }
+      before do
+        post api(post_url, guest), state: 'running'
+      end
 
       it 'does not create commit status' do
         expect(response).to have_http_status(403)
@@ -264,7 +304,9 @@ describe API::CommitStatuses do
     end
 
     context 'unauthorized user' do
-      before { post api(post_url) }
+      before do
+        post api(post_url)
+      end
 
       it 'does not create commit status' do
         expect(response).to have_http_status(401)
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index b0c265b6453..0dad547735d 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -9,11 +9,15 @@ describe API::Commits do
   let!(:note) { create(:note_on_commit, author: user, project: project, commit_id: project.repository.commit.id, note: 'a comment on a commit') }
   let!(:another_note) { create(:note_on_commit, author: user, project: project, commit_id: project.repository.commit.id, note: 'another comment on a commit') }
 
-  before { project.team << [user, :reporter] }
+  before do
+    project.team << [user, :reporter]
+  end
 
   describe "List repository commits" do
     context "authorized user" do
-      before { project.team << [user2, :reporter] }
+      before do
+        project.team << [user2, :reporter]
+      end
 
       it "returns project commits" do
         commit = project.repository.commit
@@ -514,7 +518,9 @@ describe API::Commits do
 
   describe "Get the diff of a commit" do
     context "authorized user" do
-      before { project.team << [user2, :reporter] }
+      before do
+        project.team << [user2, :reporter]
+      end
 
       it "returns the diff of the selected commit" do
         get api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/diff", user)
diff --git a/spec/requests/api/deploy_keys_spec.rb b/spec/requests/api/deploy_keys_spec.rb
index 843e9862b0c..32439981b60 100644
--- a/spec/requests/api/deploy_keys_spec.rb
+++ b/spec/requests/api/deploy_keys_spec.rb
@@ -13,7 +13,7 @@ describe API::DeployKeys do
 
   describe 'GET /deploy_keys' do
     context 'when unauthenticated' do
-      it 'should return authentication error' do
+      it 'returns authentication error' do
         get api('/deploy_keys')
 
         expect(response.status).to eq(401)
@@ -21,7 +21,7 @@ describe API::DeployKeys do
     end
 
     context 'when authenticated as non-admin user' do
-      it 'should return a 403 error' do
+      it 'returns a 403 error' do
         get api('/deploy_keys', user)
 
         expect(response.status).to eq(403)
@@ -29,7 +29,7 @@ describe API::DeployKeys do
     end
 
     context 'when authenticated as admin' do
-      it 'should return all deploy keys' do
+      it 'returns all deploy keys' do
         get api('/deploy_keys', admin)
 
         expect(response.status).to eq(200)
@@ -41,9 +41,11 @@ describe API::DeployKeys do
   end
 
   describe 'GET /projects/:id/deploy_keys' do
-    before { deploy_key }
+    before do
+      deploy_key
+    end
 
-    it 'should return array of ssh keys' do
+    it 'returns array of ssh keys' do
       get api("/projects/#{project.id}/deploy_keys", admin)
 
       expect(response).to have_http_status(200)
@@ -54,14 +56,14 @@ describe API::DeployKeys do
   end
 
   describe 'GET /projects/:id/deploy_keys/:key_id' do
-    it 'should return a single key' do
+    it 'returns a single key' do
       get api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin)
 
       expect(response).to have_http_status(200)
       expect(json_response['title']).to eq(deploy_key.title)
     end
 
-    it 'should return 404 Not Found with invalid ID' do
+    it 'returns 404 Not Found with invalid ID' do
       get api("/projects/#{project.id}/deploy_keys/404", admin)
 
       expect(response).to have_http_status(404)
@@ -69,26 +71,26 @@ describe API::DeployKeys do
   end
 
   describe 'POST /projects/:id/deploy_keys' do
-    it 'should not create an invalid ssh key' do
+    it 'does not create an invalid ssh key' do
       post api("/projects/#{project.id}/deploy_keys", admin), { title: 'invalid key' }
 
       expect(response).to have_http_status(400)
       expect(json_response['error']).to eq('key is missing')
     end
 
-    it 'should not create a key without title' do
+    it 'does not create a key without title' do
       post api("/projects/#{project.id}/deploy_keys", admin), key: 'some key'
 
       expect(response).to have_http_status(400)
       expect(json_response['error']).to eq('title is missing')
     end
 
-    it 'should create new ssh key' do
+    it 'creates new ssh key' do
       key_attrs = attributes_for :another_key
 
       expect do
         post api("/projects/#{project.id}/deploy_keys", admin), key_attrs
-      end.to change{ project.deploy_keys.count }.by(1)
+      end.to change { project.deploy_keys.count }.by(1)
     end
 
     it 'returns an existing ssh key when attempting to add a duplicate' do
@@ -117,10 +119,65 @@ describe API::DeployKeys do
     end
   end
 
+  describe 'PUT /projects/:id/deploy_keys/:key_id' do
+    let(:private_deploy_key) { create(:another_deploy_key, public: false) }
+    let(:project_private_deploy_key) do
+      create(:deploy_keys_project, project: project, deploy_key: private_deploy_key)
+    end
+
+    it 'updates a public deploy key as admin' do
+      expect do
+        put api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin), { title: 'new title' }
+      end.not_to change(deploy_key, :title)
+
+      expect(response).to have_http_status(200)
+    end
+
+    it 'does not update a public deploy key as non admin' do
+      expect do
+        put api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", user), { title: 'new title' }
+      end.not_to change(deploy_key, :title)
+
+      expect(response).to have_http_status(404)
+    end
+
+    it 'does not update a private key with invalid title' do
+      project_private_deploy_key
+
+      expect do
+        put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), { title: '' }
+      end.not_to change(deploy_key, :title)
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'updates a private ssh key with correct attributes' do
+      project_private_deploy_key
+
+      put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), { title: 'new title', can_push: true }
+
+      expect(json_response['id']).to eq(private_deploy_key.id)
+      expect(json_response['title']).to eq('new title')
+      expect(json_response['can_push']).to eq(true)
+    end
+
+    it 'updates a private ssh key from projects user has access with correct attributes' do
+      create(:deploy_keys_project, project: project2, deploy_key: private_deploy_key)
+
+      put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), { title: 'new title', can_push: true }
+
+      expect(json_response['id']).to eq(private_deploy_key.id)
+      expect(json_response['title']).to eq('new title')
+      expect(json_response['can_push']).to eq(true)
+    end
+  end
+
   describe 'DELETE /projects/:id/deploy_keys/:key_id' do
-    before { deploy_key }
+    before do
+      deploy_key
+    end
 
-    it 'should delete existing key' do
+    it 'deletes existing key' do
       expect do
         delete api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin)
 
@@ -128,7 +185,7 @@ describe API::DeployKeys do
       end.to change{ project.deploy_keys.count }.by(-1)
     end
 
-    it 'should return 404 Not Found with invalid ID' do
+    it 'returns 404 Not Found with invalid ID' do
       delete api("/projects/#{project.id}/deploy_keys/404", admin)
 
       expect(response).to have_http_status(404)
@@ -150,7 +207,7 @@ describe API::DeployKeys do
     end
 
     context 'when authenticated as non-admin user' do
-      it 'should return a 404 error' do
+      it 'returns a 404 error' do
         post api("/projects/#{project2.id}/deploy_keys/#{deploy_key.id}/enable", user)
 
         expect(response).to have_http_status(404)
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb
index d325c6eff9d..9e268adf950 100644
--- a/spec/requests/api/files_spec.rb
+++ b/spec/requests/api/files_spec.rb
@@ -13,7 +13,9 @@ describe API::Files do
   let(:author_email) { 'user@example.org' }
   let(:author_name) { 'John Doe' }
 
-  before { project.team << [user, :developer] }
+  before do
+    project.team << [user, :developer]
+  end
 
   def route(file_path = nil)
     "/projects/#{project.id}/repository/files/#{file_path}"
@@ -203,8 +205,8 @@ describe API::Files do
     end
 
     it "returns a 400 if editor fails to create file" do
-      allow_any_instance_of(Repository).to receive(:create_file).
-        and_raise(Repository::CommitError, 'Cannot create file')
+      allow_any_instance_of(Repository).to receive(:create_file)
+        .and_raise(Repository::CommitError, 'Cannot create file')
 
       post api(route("any%2Etxt"), user), valid_params
 
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index bb53796cbd7..656f098aea8 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -513,8 +513,8 @@ describe API::Groups do
     let(:project_path) { project.full_path.gsub('/', '%2F') }
 
     before(:each) do
-      allow_any_instance_of(Projects::TransferService).
-        to receive(:execute).and_return(true)
+      allow_any_instance_of(Projects::TransferService)
+        .to receive(:execute).and_return(true)
     end
 
     context "when authenticated as user" do
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index ed392acc607..191c60aba31 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -55,40 +55,62 @@ describe API::Helpers do
     subject { current_user }
 
     describe "Warden authentication" do
-      before { doorkeeper_guard_returns false }
+      before do
+        doorkeeper_guard_returns false
+      end
 
       context "with invalid credentials" do
         context "GET request" do
-          before { env['REQUEST_METHOD'] = 'GET' }
+          before do
+            env['REQUEST_METHOD'] = 'GET'
+          end
+
           it { is_expected.to be_nil }
         end
       end
 
       context "with valid credentials" do
-        before { warden_authenticate_returns user }
+        before do
+          warden_authenticate_returns user
+        end
 
         context "GET request" do
-          before { env['REQUEST_METHOD'] = 'GET' }
+          before do
+            env['REQUEST_METHOD'] = 'GET'
+          end
+
           it { is_expected.to eq(user) }
         end
 
         context "HEAD request" do
-          before { env['REQUEST_METHOD'] = 'HEAD' }
+          before do
+            env['REQUEST_METHOD'] = 'HEAD'
+          end
+
           it { is_expected.to eq(user) }
         end
 
         context "PUT request" do
-          before { env['REQUEST_METHOD'] = 'PUT' }
+          before do
+            env['REQUEST_METHOD'] = 'PUT'
+          end
+
           it { is_expected.to be_nil }
         end
 
         context "POST request" do
-          before { env['REQUEST_METHOD'] = 'POST' }
+          before do
+            env['REQUEST_METHOD'] = 'POST'
+          end
+
           it { is_expected.to be_nil }
         end
 
         context "DELETE request" do
-          before { env['REQUEST_METHOD'] = 'DELETE' }
+          before do
+            env['REQUEST_METHOD'] = 'DELETE'
+          end
+
           it { is_expected.to be_nil }
         end
       end
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb
index cf232e7ff69..6deaea956e0 100644
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -15,21 +15,43 @@ describe API::Internal do
     end
   end
 
-  describe "GET /internal/broadcast_message" do
-    context "broadcast message exists" do
-      let!(:broadcast_message) { create(:broadcast_message, starts_at: Time.now.yesterday, ends_at: Time.now.tomorrow ) }
+  describe 'GET /internal/broadcast_message' do
+    context 'broadcast message exists' do
+      let!(:broadcast_message) { create(:broadcast_message, starts_at: 1.day.ago, ends_at: 1.day.from_now ) }
 
-      it do
-        get api("/internal/broadcast_message"), secret_token: secret_token
+      it 'returns one broadcast message'  do
+        get api('/internal/broadcast_message'), secret_token: secret_token
 
         expect(response).to have_http_status(200)
-        expect(json_response["message"]).to eq(broadcast_message.message)
+        expect(json_response['message']).to eq(broadcast_message.message)
       end
     end
 
-    context "broadcast message doesn't exist" do
-      it do
-        get api("/internal/broadcast_message"), secret_token: secret_token
+    context 'broadcast message does not exist' do
+      it 'returns nothing'  do
+        get api('/internal/broadcast_message'), secret_token: secret_token
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_empty
+      end
+    end
+  end
+
+  describe 'GET /internal/broadcast_messages' do
+    context 'broadcast message(s) exist' do
+      let!(:broadcast_message) { create(:broadcast_message, starts_at: 1.day.ago, ends_at: 1.day.from_now ) }
+
+      it 'returns active broadcast message(s)' do
+        get api('/internal/broadcast_messages'), secret_token: secret_token
+
+        expect(response).to have_http_status(200)
+        expect(json_response[0]['message']).to eq(broadcast_message.message)
+      end
+    end
+
+    context 'broadcast message does not exist' do
+      it 'returns nothing' do
+        get api('/internal/broadcast_messages'), secret_token: secret_token
 
         expect(response).to have_http_status(200)
         expect(json_response).to be_empty
@@ -299,8 +321,6 @@ describe API::Internal do
     end
 
     context "archived project" do
-      let(:personal_project) { create(:empty_project, namespace: user.namespace) }
-
       before do
         project.team << [user, :developer]
         project.archive!
@@ -423,6 +443,42 @@ describe API::Internal do
         expect(json_response['status']).to be_truthy
       end
     end
+
+    context 'the project path was changed' do
+      let!(:old_path_to_repo) { project.repository.path_to_repo }
+      let!(:old_full_path) { project.full_path }
+      let(:project_moved_message) do
+        <<-MSG.strip_heredoc
+          Project '#{old_full_path}' was moved to '#{project.full_path}'.
+
+          Please update your Git remote and try again:
+
+            git remote set-url origin #{project.ssh_url_to_repo}
+        MSG
+      end
+
+      before do
+        project.team << [user, :developer]
+        project.path = 'new_path'
+        project.save!
+      end
+
+      it 'rejects the push' do
+        push_with_path(key, old_path_to_repo)
+
+        expect(response).to have_http_status(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq(project_moved_message)
+      end
+
+      it 'rejects the SSH pull' do
+        pull_with_path(key, old_path_to_repo)
+
+        expect(response).to have_http_status(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq(project_moved_message)
+      end
+    end
   end
 
   describe 'GET /internal/merge_request_urls' do
@@ -565,6 +621,17 @@ describe API::Internal do
     )
   end
 
+  def pull_with_path(key, path_to_repo, protocol = 'ssh')
+    post(
+      api("/internal/allowed"),
+      key_id: key.id,
+      project: path_to_repo,
+      action: 'git-upload-pack',
+      secret_token: secret_token,
+      protocol: protocol
+    )
+  end
+
   def push(key, project, protocol = 'ssh', env: nil)
     post(
       api("/internal/allowed"),
@@ -578,6 +645,19 @@ describe API::Internal do
     )
   end
 
+  def push_with_path(key, path_to_repo, protocol = 'ssh', env: nil)
+    post(
+      api("/internal/allowed"),
+      changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
+      key_id: key.id,
+      project: path_to_repo,
+      action: 'git-receive-pack',
+      secret_token: secret_token,
+      protocol: protocol,
+      env: env
+    )
+  end
+
   def archive(key, project)
     post(
       api("/internal/allowed"),
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb
index e5e5872dc1f..8d647eb1c7e 100644
--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
@@ -11,7 +11,7 @@ describe API::Jobs, :api do
                                ref: project.default_branch)
   end
 
-  let!(:build) { create(:ci_build, pipeline: pipeline) }
+  let!(:job) { create(:ci_build, pipeline: pipeline) }
 
   let(:user) { create(:user) }
   let(:api_user) { user }
@@ -42,13 +42,13 @@ describe API::Jobs, :api do
       end
 
       it 'returns pipeline data' do
-        json_build = json_response.first
+        json_job = json_response.first
 
-        expect(json_build['pipeline']).not_to be_empty
-        expect(json_build['pipeline']['id']).to eq build.pipeline.id
-        expect(json_build['pipeline']['ref']).to eq build.pipeline.ref
-        expect(json_build['pipeline']['sha']).to eq build.pipeline.sha
-        expect(json_build['pipeline']['status']).to eq build.pipeline.status
+        expect(json_job['pipeline']).not_to be_empty
+        expect(json_job['pipeline']['id']).to eq job.pipeline.id
+        expect(json_job['pipeline']['ref']).to eq job.pipeline.ref
+        expect(json_job['pipeline']['sha']).to eq job.pipeline.sha
+        expect(json_job['pipeline']['status']).to eq job.pipeline.status
       end
 
       context 'filter project with one scope element' do
@@ -79,7 +79,7 @@ describe API::Jobs, :api do
     context 'unauthorized user' do
       let(:api_user) { nil }
 
-      it 'does not return project builds' do
+      it 'does not return project jobs' do
         expect(response).to have_http_status(401)
       end
     end
@@ -105,13 +105,13 @@ describe API::Jobs, :api do
       end
 
       it 'returns pipeline data' do
-        json_build = json_response.first
+        json_job = json_response.first
 
-        expect(json_build['pipeline']).not_to be_empty
-        expect(json_build['pipeline']['id']).to eq build.pipeline.id
-        expect(json_build['pipeline']['ref']).to eq build.pipeline.ref
-        expect(json_build['pipeline']['sha']).to eq build.pipeline.sha
-        expect(json_build['pipeline']['status']).to eq build.pipeline.status
+        expect(json_job['pipeline']).not_to be_empty
+        expect(json_job['pipeline']['id']).to eq job.pipeline.id
+        expect(json_job['pipeline']['ref']).to eq job.pipeline.ref
+        expect(json_job['pipeline']['sha']).to eq job.pipeline.sha
+        expect(json_job['pipeline']['status']).to eq job.pipeline.status
       end
 
       context 'filter jobs with one scope element' do
@@ -140,7 +140,7 @@ describe API::Jobs, :api do
 
       context 'jobs in different pipelines' do
         let!(:pipeline2) { create(:ci_empty_pipeline, project: project) }
-        let!(:build2) { create(:ci_build, pipeline: pipeline2) }
+        let!(:job2) { create(:ci_build, pipeline: pipeline2) }
 
         it 'excludes jobs from other pipelines' do
           json_response.each { |job| expect(job['pipeline']['id']).to eq(pipeline.id) }
@@ -159,7 +159,7 @@ describe API::Jobs, :api do
 
   describe 'GET /projects/:id/jobs/:job_id' do
     before do
-      get api("/projects/#{project.id}/jobs/#{build.id}", api_user)
+      get api("/projects/#{project.id}/jobs/#{job.id}", api_user)
     end
 
     context 'authorized user' do
@@ -169,12 +169,13 @@ describe API::Jobs, :api do
       end
 
       it 'returns pipeline data' do
-        json_build = json_response
-        expect(json_build['pipeline']).not_to be_empty
-        expect(json_build['pipeline']['id']).to eq build.pipeline.id
-        expect(json_build['pipeline']['ref']).to eq build.pipeline.ref
-        expect(json_build['pipeline']['sha']).to eq build.pipeline.sha
-        expect(json_build['pipeline']['status']).to eq build.pipeline.status
+        json_job = json_response
+
+        expect(json_job['pipeline']).not_to be_empty
+        expect(json_job['pipeline']['id']).to eq job.pipeline.id
+        expect(json_job['pipeline']['ref']).to eq job.pipeline.ref
+        expect(json_job['pipeline']['sha']).to eq job.pipeline.sha
+        expect(json_job['pipeline']['status']).to eq job.pipeline.status
       end
     end
 
@@ -189,11 +190,11 @@ describe API::Jobs, :api do
 
   describe 'GET /projects/:id/jobs/:job_id/artifacts' do
     before do
-      get api("/projects/#{project.id}/jobs/#{build.id}/artifacts", api_user)
+      get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
     end
 
     context 'job with artifacts' do
-      let(:build) { create(:ci_build, :artifacts, pipeline: pipeline) }
+      let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }
 
       context 'authorized user' do
         let(:download_headers) do
@@ -204,7 +205,7 @@ describe API::Jobs, :api do
         it 'returns specific job artifacts' do
           expect(response).to have_http_status(200)
           expect(response.headers).to include(download_headers)
-          expect(response.body).to match_file(build.artifacts_file.file.file)
+          expect(response.body).to match_file(job.artifacts_file.file.file)
         end
       end
 
@@ -224,14 +225,14 @@ describe API::Jobs, :api do
 
   describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do
     let(:api_user) { reporter }
-    let(:build) { create(:ci_build, :artifacts, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }
 
     before do
-      build.success
+      job.success
     end
 
-    def get_for_ref(ref = pipeline.ref, job = build.name)
-      get api("/projects/#{project.id}/jobs/artifacts/#{ref}/download", api_user), job: job
+    def get_for_ref(ref = pipeline.ref, job_name = job.name)
+      get api("/projects/#{project.id}/jobs/artifacts/#{ref}/download", api_user), job: job_name
     end
 
     context 'when not logged in' do
@@ -285,7 +286,7 @@ describe API::Jobs, :api do
         let(:download_headers) do
           { 'Content-Transfer-Encoding' => 'binary',
             'Content-Disposition' =>
-              "attachment; filename=#{build.artifacts_file.filename}" }
+              "attachment; filename=#{job.artifacts_file.filename}" }
         end
 
         it { expect(response).to have_http_status(200) }
@@ -321,16 +322,16 @@ describe API::Jobs, :api do
   end
 
   describe 'GET /projects/:id/jobs/:job_id/trace' do
-    let(:build) { create(:ci_build, :trace, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :trace, pipeline: pipeline) }
 
     before do
-      get api("/projects/#{project.id}/jobs/#{build.id}/trace", api_user)
+      get api("/projects/#{project.id}/jobs/#{job.id}/trace", api_user)
     end
 
     context 'authorized user' do
       it 'returns specific job trace' do
         expect(response).to have_http_status(200)
-        expect(response.body).to eq(build.trace.raw)
+        expect(response.body).to eq(job.trace.raw)
       end
     end
 
@@ -345,7 +346,7 @@ describe API::Jobs, :api do
 
   describe 'POST /projects/:id/jobs/:job_id/cancel' do
     before do
-      post api("/projects/#{project.id}/jobs/#{build.id}/cancel", api_user)
+      post api("/projects/#{project.id}/jobs/#{job.id}/cancel", api_user)
     end
 
     context 'authorized user' do
@@ -375,10 +376,10 @@ describe API::Jobs, :api do
   end
 
   describe 'POST /projects/:id/jobs/:job_id/retry' do
-    let(:build) { create(:ci_build, :canceled, pipeline: pipeline) }
+    let(:job) { create(:ci_build, :canceled, pipeline: pipeline) }
 
     before do
-      post api("/projects/#{project.id}/jobs/#{build.id}/retry", api_user)
+      post api("/projects/#{project.id}/jobs/#{job.id}/retry", api_user)
     end
 
     context 'authorized user' do
@@ -410,28 +411,29 @@ describe API::Jobs, :api do
 
   describe 'POST /projects/:id/jobs/:job_id/erase' do
     before do
-      post api("/projects/#{project.id}/jobs/#{build.id}/erase", user)
+      post api("/projects/#{project.id}/jobs/#{job.id}/erase", user)
     end
 
     context 'job is erasable' do
-      let(:build) { create(:ci_build, :trace, :artifacts, :success, project: project, pipeline: pipeline) }
+      let(:job) { create(:ci_build, :trace, :artifacts, :success, project: project, pipeline: pipeline) }
 
       it 'erases job content' do
         expect(response).to have_http_status(201)
-        expect(build).not_to have_trace
-        expect(build.artifacts_file.exists?).to be_falsy
-        expect(build.artifacts_metadata.exists?).to be_falsy
+        expect(job).not_to have_trace
+        expect(job.artifacts_file.exists?).to be_falsy
+        expect(job.artifacts_metadata.exists?).to be_falsy
       end
 
       it 'updates job' do
-        build.reload
-        expect(build.erased_at).to be_truthy
-        expect(build.erased_by).to eq(user)
+        job.reload
+
+        expect(job.erased_at).to be_truthy
+        expect(job.erased_by).to eq(user)
       end
     end
 
     context 'job is not erasable' do
-      let(:build) { create(:ci_build, :trace, project: project, pipeline: pipeline) }
+      let(:job) { create(:ci_build, :trace, project: project, pipeline: pipeline) }
 
       it 'responds with forbidden' do
         expect(response).to have_http_status(403)
@@ -439,25 +441,25 @@ describe API::Jobs, :api do
     end
   end
 
-  describe 'POST /projects/:id/jobs/:build_id/artifacts/keep' do
+  describe 'POST /projects/:id/jobs/:job_id/artifacts/keep' do
     before do
-      post api("/projects/#{project.id}/jobs/#{build.id}/artifacts/keep", user)
+      post api("/projects/#{project.id}/jobs/#{job.id}/artifacts/keep", user)
     end
 
     context 'artifacts did not expire' do
-      let(:build) do
+      let(:job) do
         create(:ci_build, :trace, :artifacts, :success,
                project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days)
       end
 
       it 'keeps artifacts' do
         expect(response).to have_http_status(200)
-        expect(build.reload.artifacts_expire_at).to be_nil
+        expect(job.reload.artifacts_expire_at).to be_nil
       end
     end
 
     context 'no artifacts' do
-      let(:build) { create(:ci_build, project: project, pipeline: pipeline) }
+      let(:job) { create(:ci_build, project: project, pipeline: pipeline) }
 
       it 'responds with not found' do
         expect(response).to have_http_status(404)
@@ -467,18 +469,18 @@ describe API::Jobs, :api do
 
   describe 'POST /projects/:id/jobs/:job_id/play' do
     before do
-      post api("/projects/#{project.id}/jobs/#{build.id}/play", api_user)
+      post api("/projects/#{project.id}/jobs/#{job.id}/play", api_user)
     end
 
     context 'on an playable job' do
-      let(:build) { create(:ci_build, :manual, project: project, pipeline: pipeline) }
+      let(:job) { create(:ci_build, :manual, project: project, pipeline: pipeline) }
 
       context 'when user is authorized to trigger a manual action' do
         it 'plays the job' do
           expect(response).to have_http_status(200)
           expect(json_response['user']['id']).to eq(user.id)
-          expect(json_response['id']).to eq(build.id)
-          expect(build.reload).to be_pending
+          expect(json_response['id']).to eq(job.id)
+          expect(job.reload).to be_pending
         end
       end
 
@@ -487,7 +489,7 @@ describe API::Jobs, :api do
           let(:api_user) { create(:user) }
 
           it 'does not trigger a manual action' do
-            expect(build.reload).to be_manual
+            expect(job.reload).to be_manual
             expect(response).to have_http_status(404)
           end
         end
@@ -496,7 +498,7 @@ describe API::Jobs, :api do
           let(:api_user) { reporter }
 
           it 'does not trigger a manual action' do
-            expect(build.reload).to be_manual
+            expect(job.reload).to be_manual
             expect(response).to have_http_status(403)
           end
         end
diff --git a/spec/requests/api/keys_spec.rb b/spec/requests/api/keys_spec.rb
index ab957c72984..f534332ca6c 100644
--- a/spec/requests/api/keys_spec.rb
+++ b/spec/requests/api/keys_spec.rb
@@ -4,11 +4,9 @@ describe API::Keys do
   let(:user)  { create(:user) }
   let(:admin) { create(:admin) }
   let(:key)   { create(:key, user: user) }
-  let(:email)   { create(:email, user: user) }
+  let(:email) { create(:email, user: user) }
 
   describe 'GET /keys/:uid' do
-    before { admin }
-
     context 'when unauthenticated' do
       it 'returns authentication error' do
         get api("/keys/#{key.id}")
diff --git a/spec/requests/api/labels_spec.rb b/spec/requests/api/labels_spec.rb
index 0c6b55c1630..f7e2f1908bb 100644
--- a/spec/requests/api/labels_spec.rb
+++ b/spec/requests/api/labels_spec.rb
@@ -339,7 +339,9 @@ describe API::Labels do
     end
 
     context "when user is already subscribed to label" do
-      before { label1.subscribe(user, project) }
+      before do
+        label1.subscribe(user, project)
+      end
 
       it "returns 304" do
         post api("/projects/#{project.id}/labels/#{label1.id}/subscribe", user)
@@ -358,7 +360,9 @@ describe API::Labels do
   end
 
   describe "POST /projects/:id/labels/:label_id/unsubscribe" do
-    before { label1.subscribe(user, project) }
+    before do
+      label1.subscribe(user, project)
+    end
 
     context "when label_id is a label title" do
       it "unsubscribes from the label" do
@@ -381,7 +385,9 @@ describe API::Labels do
     end
 
     context "when user is already unsubscribed from label" do
-      before { label1.unsubscribe(user, project) }
+      before do
+        label1.unsubscribe(user, project)
+      end
 
       it "returns 304" do
         post api("/projects/#{project.id}/labels/#{label1.id}/unsubscribe", user)
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 16e5efb2f5b..4d0bd67c571 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -334,14 +334,13 @@ describe API::MergeRequests do
              target_branch: 'master',
              author: user,
              labels: 'label, label2',
-             milestone_id: milestone.id,
-             remove_source_branch: true
+             milestone_id: milestone.id
 
         expect(response).to have_http_status(201)
         expect(json_response['title']).to eq('Test merge_request')
         expect(json_response['labels']).to eq(%w(label label2))
         expect(json_response['milestone']['id']).to eq(milestone.id)
-        expect(json_response['force_remove_source_branch']).to be_truthy
+        expect(json_response['force_remove_source_branch']).to be_falsy
       end
 
       it "returns 422 when source_branch equals target_branch" do
@@ -404,6 +403,27 @@ describe API::MergeRequests do
           expect(response).to have_http_status(409)
         end
       end
+
+      context 'accepts remove_source_branch parameter' do
+        let(:params) do
+          { title: 'Test merge_request',
+            source_branch: 'markdown',
+            target_branch: 'master',
+            author: user }
+        end
+
+        it 'sets force_remove_source_branch to false' do
+          post api("/projects/#{project.id}/merge_requests", user), params.merge(remove_source_branch: false)
+
+          expect(json_response['force_remove_source_branch']).to be_falsy
+        end
+
+        it 'sets force_remove_source_branch to true' do
+          post api("/projects/#{project.id}/merge_requests", user), params.merge(remove_source_branch: true)
+
+          expect(json_response['force_remove_source_branch']).to be_truthy
+        end
+      end
     end
 
     context 'forked projects' do
@@ -540,8 +560,8 @@ describe API::MergeRequests do
     end
 
     it "returns 406 if branch can't be merged" do
-      allow_any_instance_of(MergeRequest).
-        to receive(:can_be_merged?).and_return(false)
+      allow_any_instance_of(MergeRequest)
+        .to receive(:can_be_merged?).and_return(false)
 
       put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user)
 
diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb
index dd74351a2b1..ab5ea3e8f2c 100644
--- a/spec/requests/api/milestones_spec.rb
+++ b/spec/requests/api/milestones_spec.rb
@@ -5,8 +5,13 @@ describe API::Milestones do
   let!(:project) { create(:empty_project, namespace: user.namespace ) }
   let!(:closed_milestone) { create(:closed_milestone, project: project, title: 'version1', description: 'closed milestone') }
   let!(:milestone) { create(:milestone, project: project, title: 'version2', description: 'open milestone') }
+  let(:label_1) { create(:label, title: 'label_1', project: project, priority: 1) }
+  let(:label_2) { create(:label, title: 'label_2', project: project, priority: 2) }
+  let(:label_3) { create(:label, title: 'label_3', project: project) }
 
-  before { project.team << [user, :developer] }
+  before do
+    project.team << [user, :developer]
+  end
 
   describe 'GET /projects/:id/milestones' do
     it 'returns project milestones' do
@@ -226,6 +231,18 @@ describe API::Milestones do
       expect(json_response.first['milestone']['title']).to eq(milestone.title)
     end
 
+    it 'returns project issues sorted by label priority' do
+      issue_1 = create(:labeled_issue, project: project, milestone: milestone, labels: [label_3])
+      issue_2 = create(:labeled_issue, project: project, milestone: milestone, labels: [label_1])
+      issue_3 = create(:labeled_issue, project: project, milestone: milestone, labels: [label_2])
+
+      get api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user)
+
+      expect(json_response.first['id']).to eq(issue_2.id)
+      expect(json_response.second['id']).to eq(issue_3.id)
+      expect(json_response.third['id']).to eq(issue_1.id)
+    end
+
     it 'matches V4 response schema for a list of issues' do
       get api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user)
 
@@ -242,8 +259,8 @@ describe API::Milestones do
     describe 'confidential issues' do
       let(:public_project) { create(:empty_project, :public) }
       let(:milestone) { create(:milestone, project: public_project) }
-      let(:issue) { create(:issue, project: public_project, position: 2) }
-      let(:confidential_issue) { create(:issue, confidential: true, project: public_project, position: 1) }
+      let(:issue) { create(:issue, project: public_project) }
+      let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
 
       before do
         public_project.team << [user, :developer]
@@ -283,7 +300,10 @@ describe API::Milestones do
         expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
       end
 
-      it 'returns issues ordered by position asc' do
+      it 'returns issues ordered by label priority' do
+        issue.labels << label_2
+        confidential_issue.labels << label_1
+
         get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
 
         expect(response).to have_http_status(200)
@@ -297,8 +317,8 @@ describe API::Milestones do
   end
 
   describe 'GET /projects/:id/milestones/:milestone_id/merge_requests' do
-    let(:merge_request) { create(:merge_request, source_project: project, position: 2) }
-    let(:another_merge_request) { create(:merge_request, :simple, source_project: project, position: 1) }
+    let(:merge_request) { create(:merge_request, source_project: project) }
+    let(:another_merge_request) { create(:merge_request, :simple, source_project: project) }
 
     before do
       milestone.merge_requests << merge_request
@@ -316,6 +336,18 @@ describe API::Milestones do
       expect(json_response.first['milestone']['title']).to eq(milestone.title)
     end
 
+    it 'returns project merge_requests sorted by label priority' do
+      merge_request_1 = create(:labeled_merge_request, source_branch: 'branch_1', source_project: project, milestone: milestone, labels: [label_2])
+      merge_request_2 = create(:labeled_merge_request, source_branch: 'branch_2', source_project: project, milestone: milestone, labels: [label_1])
+      merge_request_3 = create(:labeled_merge_request, source_branch: 'branch_3', source_project: project, milestone: milestone, labels: [label_3])
+
+      get api("/projects/#{project.id}/milestones/#{milestone.id}/merge_requests", user)
+
+      expect(json_response.first['id']).to eq(merge_request_2.id)
+      expect(json_response.second['id']).to eq(merge_request_1.id)
+      expect(json_response.third['id']).to eq(merge_request_3.id)
+    end
+
     it 'returns a 404 error if milestone id not found' do
       get api("/projects/#{project.id}/milestones/1234/merge_requests", user)
 
@@ -337,6 +369,8 @@ describe API::Milestones do
 
     it 'returns merge_requests ordered by position asc' do
       milestone.merge_requests << another_merge_request
+      another_merge_request.labels << label_1
+      merge_request.labels << label_2
 
       get api("/projects/#{project.id}/milestones/#{milestone.id}/merge_requests", user)
 
diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb
index 3bf16a3ae27..26cf653ca8e 100644
--- a/spec/requests/api/namespaces_spec.rb
+++ b/spec/requests/api/namespaces_spec.rb
@@ -15,6 +15,20 @@ describe API::Namespaces do
     end
 
     context "when authenticated as admin" do
+      it "returns correct attributes" do
+        get api("/namespaces", admin)
+
+        group_kind_json_response = json_response.find { |resource| resource['kind'] == 'group' }
+        user_kind_json_response = json_response.find { |resource| resource['kind'] == 'user' }
+
+        expect(response).to have_http_status(200)
+        expect(response).to include_pagination_headers
+        expect(group_kind_json_response.keys).to contain_exactly('id', 'kind', 'name', 'path', 'full_path',
+                                                                 'parent_id', 'members_count_with_descendants')
+
+        expect(user_kind_json_response.keys).to contain_exactly('id', 'kind', 'name', 'path', 'full_path', 'parent_id')
+      end
+
       it "admin: returns an array of all namespaces" do
         get api("/namespaces", admin)
 
@@ -37,6 +51,27 @@ describe API::Namespaces do
     end
 
     context "when authenticated as a regular user" do
+      it "returns correct attributes when user can admin group" do
+        group1.add_owner(user)
+
+        get api("/namespaces", user)
+
+        owned_group_response = json_response.find { |resource| resource['id'] == group1.id }
+
+        expect(owned_group_response.keys).to contain_exactly('id', 'kind', 'name', 'path', 'full_path',
+                                                             'parent_id', 'members_count_with_descendants')
+      end
+
+      it "returns correct attributes when user cannot admin group" do
+        group1.add_guest(user)
+
+        get api("/namespaces", user)
+
+        guest_group_response = json_response.find { |resource| resource['id'] == group1.id }
+
+        expect(guest_group_response.keys).to contain_exactly('id', 'kind', 'name', 'path', 'full_path', 'parent_id')
+      end
+
       it "user: returns an array of namespaces" do
         get api("/namespaces", user)
 
diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb
index 6afcd237c3c..4701ad585c9 100644
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
@@ -13,8 +13,8 @@ describe API::Notes do
   # For testing the cross-reference of a private issue in a public issue
   let(:private_user)    { create(:user) }
   let(:private_project) do
-    create(:empty_project, namespace: private_user.namespace).
-    tap { |p| p.team << [private_user, :master] }
+    create(:empty_project, namespace: private_user.namespace)
+    .tap { |p| p.team << [private_user, :master] }
   end
   let(:private_issue)    { create(:issue, project: private_project) }
 
@@ -28,7 +28,9 @@ describe API::Notes do
     system: true
   end
 
-  before { project.team << [user, :reporter] }
+  before do
+    project.team << [user, :reporter]
+  end
 
   describe "GET /projects/:id/noteable/:noteable_id/notes" do
     context "when noteable is an Issue" do
@@ -58,7 +60,9 @@ describe API::Notes do
         end
 
         context "and issue is confidential" do
-          before { ext_issue.update_attributes(confidential: true) }
+          before do
+            ext_issue.update_attributes(confidential: true)
+          end
 
           it "returns 404" do
             get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)
@@ -150,7 +154,9 @@ describe API::Notes do
         end
 
         context "when issue is confidential" do
-          before { issue.update_attributes(confidential: true) }
+          before do
+            issue.update_attributes(confidential: true)
+          end
 
           it "returns 404" do
             get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", private_user)
diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb
index 9e6957e9922..258085e503f 100644
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -10,7 +10,9 @@ describe API::Pipelines do
                                ref: project.default_branch, user: user)
   end
 
-  before { project.team << [user, :master] }
+  before do
+    project.team << [user, :master]
+  end
 
   describe 'GET /projects/:id/pipelines ' do
     context 'authorized user' do
@@ -285,7 +287,9 @@ describe API::Pipelines do
   describe 'POST /projects/:id/pipeline ' do
     context 'authorized user' do
       context 'with gitlab-ci.yml' do
-        before { stub_ci_pipeline_to_return_yaml_file }
+        before do
+          stub_ci_pipeline_to_return_yaml_file
+        end
 
         it 'creates and returns a new pipeline' do
           expect do
@@ -419,7 +423,9 @@ describe API::Pipelines do
     context 'user without proper access rights' do
       let!(:reporter) { create(:user) }
 
-      before { project.team << [reporter, :reporter] }
+      before do
+        project.team << [reporter, :reporter]
+      end
 
       it 'rejects the action' do
         post api("/projects/#{project.id}/pipelines/#{pipeline.id}/cancel", reporter)
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index 3ab1764f5c3..518639f45a2 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -36,11 +36,34 @@ describe API::ProjectSnippets do
     end
   end
 
+  describe 'GET /projects/:project_id/snippets/:id' do
+    let(:user) { create(:user) }
+    let(:snippet) {  create(:project_snippet, :public, project: project) }
+
+    it 'returns snippet json' do
+      get api("/projects/#{project.id}/snippets/#{snippet.id}", user)
+
+      expect(response).to have_http_status(200)
+
+      expect(json_response['title']).to eq(snippet.title)
+      expect(json_response['description']).to eq(snippet.description)
+      expect(json_response['file_name']).to eq(snippet.file_name)
+    end
+
+    it 'returns 404 for invalid snippet id' do
+      get api("/projects/#{project.id}/snippets/1234", user)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Not found')
+    end
+  end
+
   describe 'POST /projects/:project_id/snippets/' do
     let(:params) do
       {
         title: 'Test Title',
         file_name: 'test.rb',
+        description: 'test description',
         code: 'puts "hello world"',
         visibility: 'public'
       }
@@ -52,6 +75,7 @@ describe API::ProjectSnippets do
       expect(response).to have_http_status(201)
       snippet = ProjectSnippet.find(json_response['id'])
       expect(snippet.content).to eq(params[:code])
+      expect(snippet.description).to eq(params[:description])
       expect(snippet.title).to eq(params[:title])
       expect(snippet.file_name).to eq(params[:file_name])
       expect(snippet.visibility_level).to eq(Snippet::PUBLIC)
@@ -78,23 +102,23 @@ describe API::ProjectSnippets do
 
       context 'when the snippet is private' do
         it 'creates the snippet' do
-          expect { create_snippet(project, visibility: 'private') }.
-            to change { Snippet.count }.by(1)
+          expect { create_snippet(project, visibility: 'private') }
+            .to change { Snippet.count }.by(1)
         end
       end
 
       context 'when the snippet is public' do
         it 'rejects the snippet' do
-          expect { create_snippet(project, visibility: 'public') }.
-            not_to change { Snippet.count }
+          expect { create_snippet(project, visibility: 'public') }
+            .not_to change { Snippet.count }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { create_snippet(project, visibility: 'public') }.
-            to change { SpamLog.count }.by(1)
+          expect { create_snippet(project, visibility: 'public') }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
@@ -106,12 +130,14 @@ describe API::ProjectSnippets do
 
     it 'updates snippet' do
       new_content = 'New content'
+      new_description = 'New description'
 
-      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content
+      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content, description: new_description
 
       expect(response).to have_http_status(200)
       snippet.reload
       expect(snippet.content).to eq(new_content)
+      expect(snippet.description).to eq(new_description)
     end
 
     it 'returns 404 for invalid snippet id' do
@@ -140,8 +166,8 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'creates the snippet' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { snippet.reload.title }.to('Foo')
+          expect { update_snippet(title: 'Foo') }
+            .to change { snippet.reload.title }.to('Foo')
         end
       end
 
@@ -149,13 +175,13 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PUBLIC }
 
         it 'rejects the snippet' do
-          expect { update_snippet(title: 'Foo') }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo') }
+            .not_to change { snippet.reload.title }
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo') }
+            .to change { SpamLog.count }.by(1)
         end
       end
 
@@ -163,16 +189,16 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'rejects the snippet' do
-          expect { update_snippet(title: 'Foo', visibility: 'public') }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo', visibility: 'public') }
+            .not_to change { snippet.reload.title }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo', visibility: 'public') }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo', visibility: 'public') }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 86c57204971..14dec3d45b1 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -288,15 +288,15 @@ describe API::Projects do
     context 'maximum number of projects reached' do
       it 'does not create new project and respond with 403' do
         allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0)
-        expect { post api('/projects', user2), name: 'foo' }.
-          to change {Project.count}.by(0)
+        expect { post api('/projects', user2), name: 'foo' }
+          .to change {Project.count}.by(0)
         expect(response).to have_http_status(403)
       end
     end
 
     it 'creates new project without path but with name and returns 201' do
-      expect { post api('/projects', user), name: 'Foo Project' }.
-        to change { Project.count }.by(1)
+      expect { post api('/projects', user), name: 'Foo Project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -306,8 +306,8 @@ describe API::Projects do
     end
 
     it 'creates new project without name but with path and returns 201' do
-      expect { post api('/projects', user), path: 'foo_project' }.
-        to change { Project.count }.by(1)
+      expect { post api('/projects', user), path: 'foo_project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -317,8 +317,8 @@ describe API::Projects do
     end
 
     it 'creates new project with name and path and returns 201' do
-      expect { post api('/projects', user), path: 'path-project-Foo', name: 'Foo Project' }.
-        to change { Project.count }.by(1)
+      expect { post api('/projects', user), path: 'path-project-Foo', name: 'Foo Project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -398,6 +398,15 @@ describe API::Projects do
       expect(json_response['tag_list']).to eq(%w[tagFirst tagSecond])
     end
 
+    it 'uploads avatar for project a project' do
+      project = attributes_for(:project, avatar: fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif'))
+
+      post api('/projects', user), project
+
+      project_id = json_response['id']
+      expect(json_response['avatar_url']).to eq("http://localhost/uploads/system/project/avatar/#{project_id}/banana_sample.gif")
+    end
+
     it 'sets a project as allowing merge even if build fails' do
       project = attributes_for(:project, { only_allow_merge_if_pipeline_succeeds: false })
       post api('/projects', user), project
@@ -467,8 +476,9 @@ describe API::Projects do
   end
 
   describe 'POST /projects/user/:id' do
-    before { project }
-    before { admin }
+    before do
+      expect(project).to be_persisted
+    end
 
     it 'creates new project without path but with name and return 201' do
       expect { post api("/projects/user/#{user.id}", admin), name: 'Foo Project' }.to change {Project.count}.by(1)
@@ -481,8 +491,8 @@ describe API::Projects do
     end
 
     it 'creates new project with name and path and returns 201' do
-      expect { post api("/projects/user/#{user.id}", admin), path: 'path-project-Foo', name: 'Foo Project' }.
-        to change { Project.count }.by(1)
+      expect { post api("/projects/user/#{user.id}", admin), path: 'path-project-Foo', name: 'Foo Project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -492,8 +502,8 @@ describe API::Projects do
     end
 
     it 'responds with 400 on failure and not project' do
-      expect { post api("/projects/user/#{user.id}", admin) }.
-        not_to change { Project.count }
+      expect { post api("/projects/user/#{user.id}", admin) }
+        .not_to change { Project.count }
 
       expect(response).to have_http_status(400)
       expect(json_response['error']).to eq('name is missing')
@@ -572,7 +582,9 @@ describe API::Projects do
   end
 
   describe "POST /projects/:id/uploads" do
-    before { project }
+    before do
+      project
+    end
 
     it "uploads the file and returns its info" do
       post api("/projects/#{project.id}/uploads", user), file: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")
@@ -686,7 +698,8 @@ describe API::Projects do
           'name' => user.namespace.name,
           'path' => user.namespace.path,
           'kind' => user.namespace.kind,
-          'full_path' => user.namespace.full_path
+          'full_path' => user.namespace.full_path,
+          'parent_id' => nil
         })
       end
 
@@ -720,14 +733,16 @@ describe API::Projects do
 
       describe 'permissions' do
         context 'all projects' do
-          before { project.team << [user, :master] }
+          before do
+            project.team << [user, :master]
+          end
 
           it 'contains permission information' do
             get api("/projects", user)
 
             expect(response).to have_http_status(200)
-            expect(json_response.first['permissions']['project_access']['access_level']).
-            to eq(Gitlab::Access::MASTER)
+            expect(json_response.first['permissions']['project_access']['access_level'])
+            .to eq(Gitlab::Access::MASTER)
             expect(json_response.first['permissions']['group_access']).to be_nil
           end
         end
@@ -738,8 +753,8 @@ describe API::Projects do
             get api("/projects/#{project.id}", user)
 
             expect(response).to have_http_status(200)
-            expect(json_response['permissions']['project_access']['access_level']).
-            to eq(Gitlab::Access::MASTER)
+            expect(json_response['permissions']['project_access']['access_level'])
+            .to eq(Gitlab::Access::MASTER)
             expect(json_response['permissions']['group_access']).to be_nil
           end
         end
@@ -747,15 +762,17 @@ describe API::Projects do
         context 'group project' do
           let(:project2) { create(:empty_project, group: create(:group)) }
 
-          before { project2.group.add_owner(user) }
+          before do
+            project2.group.add_owner(user)
+          end
 
           it 'sets the owner and return 200' do
             get api("/projects/#{project2.id}", user)
 
             expect(response).to have_http_status(200)
             expect(json_response['permissions']['project_access']).to be_nil
-            expect(json_response['permissions']['group_access']['access_level']).
-            to eq(Gitlab::Access::OWNER)
+            expect(json_response['permissions']['group_access']['access_level'])
+            .to eq(Gitlab::Access::OWNER)
           end
         end
       end
@@ -813,7 +830,9 @@ describe API::Projects do
   end
 
   describe 'GET /projects/:id/snippets' do
-    before { snippet }
+    before do
+      snippet
+    end
 
     it 'returns an array of project snippets' do
       get api("/projects/#{project.id}/snippets", user)
@@ -870,7 +889,9 @@ describe API::Projects do
   end
 
   describe 'DELETE /projects/:id/snippets/:snippet_id' do
-    before { snippet }
+    before do
+      snippet
+    end
 
     it 'deletes existing project snippet' do
       expect do
@@ -1065,14 +1086,16 @@ describe API::Projects do
   end
 
   describe 'PUT /projects/:id' do
-    before { project }
-    before { user }
-    before { user3 }
-    before { user4 }
-    before { project3 }
-    before { project4 }
-    before { project_member2 }
-    before { project_member }
+    before do
+      expect(project).to be_persisted
+      expect(user).to be_persisted
+      expect(user3).to be_persisted
+      expect(user4).to be_persisted
+      expect(project3).to be_persisted
+      expect(project4).to be_persisted
+      expect(project_member2).to be_persisted
+      expect(project_member).to be_persisted
+    end
 
     it 'returns 400 when nothing sent' do
       project_param = {}
diff --git a/spec/requests/api/runner_spec.rb b/spec/requests/api/runner_spec.rb
index be83514ed9c..339a57a1f20 100644
--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -190,17 +190,23 @@ describe API::Runner do
              pipeline: pipeline, name: 'spinach', stage: 'test', stage_idx: 0, commands: "ls\ndate")
     end
 
-    before { project.runners << runner }
+    before do
+      project.runners << runner
+    end
 
     describe 'POST /api/v4/jobs/request' do
       let!(:last_update) {}
       let!(:new_update) { }
       let(:user_agent) { 'gitlab-runner 9.0.0 (9-0-stable; go1.7.4; linux/amd64)' }
 
-      before { stub_container_registry_config(enabled: false) }
+      before do
+        stub_container_registry_config(enabled: false)
+      end
 
       shared_examples 'no jobs available' do
-        before { request_job }
+        before do
+          request_job
+        end
 
         context 'when runner sends version in User-Agent' do
           context 'for stable version' do
@@ -277,7 +283,9 @@ describe API::Runner do
         end
 
         context 'when jobs are finished' do
-          before { job.success }
+          before do
+            job.success
+          end
 
           it_behaves_like 'no jobs available'
         end
@@ -356,8 +364,11 @@ describe API::Runner do
             expect(json_response['token']).to eq(job.token)
             expect(json_response['job_info']).to eq(expected_job_info)
             expect(json_response['git_info']).to eq(expected_git_info)
-            expect(json_response['image']).to eq({ 'name' => 'ruby:2.1' })
-            expect(json_response['services']).to eq([{ 'name' => 'postgres' }])
+            expect(json_response['image']).to eq({ 'name' => 'ruby:2.1', 'entrypoint' => '/bin/sh' })
+            expect(json_response['services']).to eq([{ 'name' => 'postgres', 'entrypoint' => nil,
+                                                       'alias' => nil, 'command' => nil },
+                                                     { 'name' => 'docker:dind', 'entrypoint' => '/bin/sh',
+                                                       'alias' => 'docker', 'command' => 'sleep 30' }])
             expect(json_response['steps']).to eq(expected_steps)
             expect(json_response['artifacts']).to eq(expected_artifacts)
             expect(json_response['cache']).to eq(expected_cache)
@@ -403,8 +414,8 @@ describe API::Runner do
 
           context 'when concurrently updating a job' do
             before do
-              expect_any_instance_of(Ci::Build).to receive(:run!).
-                  and_raise(ActiveRecord::StaleObjectError.new(nil, nil))
+              expect_any_instance_of(Ci::Build).to receive(:run!)
+                  .and_raise(ActiveRecord::StaleObjectError.new(nil, nil))
             end
 
             it 'returns a conflict' do
@@ -431,8 +442,29 @@ describe API::Runner do
               expect(response).to have_http_status(201)
               expect(json_response['id']).to eq(test_job.id)
               expect(json_response['dependencies'].count).to eq(2)
-              expect(json_response['dependencies']).to include({ 'id' => job.id, 'name' => job.name, 'token' => job.token },
-                                                               { 'id' => job2.id, 'name' => job2.name, 'token' => job2.token })
+              expect(json_response['dependencies']).to include(
+                { 'id' => job.id, 'name' => job.name, 'token' => job.token },
+                { 'id' => job2.id, 'name' => job2.name, 'token' => job2.token })
+            end
+          end
+
+          context 'when pipeline have jobs with artifacts' do
+            let!(:job) { create(:ci_build_tag, :artifacts, pipeline: pipeline, name: 'spinach', stage: 'test', stage_idx: 0) }
+            let!(:test_job) { create(:ci_build, pipeline: pipeline, name: 'deploy', stage: 'deploy', stage_idx: 1) }
+
+            before do
+              job.success
+            end
+
+            it 'returns dependent jobs' do
+              request_job
+
+              expect(response).to have_http_status(201)
+              expect(json_response['id']).to eq(test_job.id)
+              expect(json_response['dependencies'].count).to eq(1)
+              expect(json_response['dependencies']).to include(
+                { 'id' => job.id, 'name' => job.name, 'token' => job.token,
+                  'artifacts_file' => { 'filename' => 'ci_build_artifacts.zip', 'size' => 106365 } })
             end
           end
 
@@ -484,10 +516,14 @@ describe API::Runner do
           end
 
           context 'when job has no tags' do
-            before { job.update(tags: []) }
+            before do
+              job.update(tags: [])
+            end
 
             context 'when runner is allowed to pick untagged jobs' do
-              before { runner.update_column(:run_untagged, true) }
+              before do
+                runner.update_column(:run_untagged, true)
+              end
 
               it 'picks job' do
                 request_job
@@ -497,7 +533,9 @@ describe API::Runner do
             end
 
             context 'when runner is not allowed to pick untagged jobs' do
-              before { runner.update_column(:run_untagged, false) }
+              before do
+                runner.update_column(:run_untagged, false)
+              end
 
               it_behaves_like 'no jobs available'
             end
@@ -537,7 +575,9 @@ describe API::Runner do
             end
 
             context 'when registry is enabled' do
-              before { stub_container_registry_config(enabled: true, host_port: registry_url) }
+              before do
+                stub_container_registry_config(enabled: true, host_port: registry_url)
+              end
 
               it 'sends registry credentials key' do
                 request_job
@@ -548,7 +588,9 @@ describe API::Runner do
             end
 
             context 'when registry is disabled' do
-              before { stub_container_registry_config(enabled: false, host_port: registry_url) }
+              before do
+                stub_container_registry_config(enabled: false, host_port: registry_url)
+              end
 
               it 'does not send registry credentials' do
                 request_job
@@ -570,7 +612,9 @@ describe API::Runner do
     describe 'PUT /api/v4/jobs/:id' do
       let(:job) { create(:ci_build, :pending, :trace, pipeline: pipeline, runner_id: runner.id) }
 
-      before { job.run! }
+      before do
+        job.run!
+      end
 
       context 'when status is given' do
         it 'mark job as succeeded' do
@@ -625,7 +669,9 @@ describe API::Runner do
       let(:headers_with_range) { headers.merge({ 'Content-Range' => '11-20' }) }
       let(:update_interval) { 10.seconds.to_i }
 
-      before { initial_patch_the_trace }
+      before do
+        initial_patch_the_trace
+      end
 
       context 'when request is valid' do
         it 'gets correct response' do
@@ -767,7 +813,9 @@ describe API::Runner do
       let(:file_upload) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
       let(:file_upload2) { fixture_file_upload(Rails.root + 'spec/fixtures/dk.png', 'image/gif') }
 
-      before { job.run! }
+      before do
+        job.run!
+      end
 
       describe 'POST /api/v4/jobs/:id/artifacts/authorize' do
         context 'when using token as parameter' do
@@ -873,13 +921,17 @@ describe API::Runner do
             end
 
             context 'when uses regular file post' do
-              before { upload_artifacts(file_upload, headers_with_token, false) }
+              before do
+                upload_artifacts(file_upload, headers_with_token, false)
+              end
 
               it_behaves_like 'successful artifacts upload'
             end
 
             context 'when uses accelerated file post' do
-              before { upload_artifacts(file_upload, headers_with_token, true) }
+              before do
+                upload_artifacts(file_upload, headers_with_token, true)
+              end
 
               it_behaves_like 'successful artifacts upload'
             end
@@ -1033,7 +1085,9 @@ describe API::Runner do
             allow(ArtifactUploader).to receive(:artifacts_upload_path).and_return(@tmpdir)
           end
 
-          after { FileUtils.remove_entry @tmpdir }
+          after do
+            FileUtils.remove_entry @tmpdir
+          end
 
           it' "fails to post artifacts for outside of tmp path"' do
             upload_artifacts(file_upload, headers_with_token)
@@ -1055,7 +1109,9 @@ describe API::Runner do
       describe 'GET /api/v4/jobs/:id/artifacts' do
         let(:token) { job.token }
 
-        before { download_artifact }
+        before do
+          download_artifact
+        end
 
         context 'when job has artifacts' do
           let(:job) { create(:ci_build, :artifacts) }
diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb
index 2398ae6219c..ede48b1c888 100644
--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -40,7 +40,10 @@ describe API::Settings, 'Settings' do
           plantuml_url: 'http://plantuml.example.com',
           default_snippet_visibility: 'internal',
           restricted_visibility_levels: ['public'],
-          default_artifacts_expire_in: '2 days'
+          default_artifacts_expire_in: '2 days',
+          help_page_text: 'custom help text',
+          help_page_hide_commercial_content: true,
+          help_page_support_url: 'http://example.com/help'
         expect(response).to have_http_status(200)
         expect(json_response['default_projects_limit']).to eq(3)
         expect(json_response['signin_enabled']).to be_falsey
@@ -53,6 +56,9 @@ describe API::Settings, 'Settings' do
         expect(json_response['default_snippet_visibility']).to eq('internal')
         expect(json_response['restricted_visibility_levels']).to eq(['public'])
         expect(json_response['default_artifacts_expire_in']).to eq('2 days')
+        expect(json_response['help_page_text']).to eq('custom help text')
+        expect(json_response['help_page_hide_commercial_content']).to be_truthy
+        expect(json_response['help_page_support_url']).to eq('http://example.com/help')
       end
     end
 
diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb
index e429cddcf6a..b20a187acfe 100644
--- a/spec/requests/api/snippets_spec.rb
+++ b/spec/requests/api/snippets_spec.rb
@@ -80,11 +80,33 @@ describe API::Snippets do
     end
   end
 
+  describe 'GET /snippets/:id' do
+    let(:snippet) { create(:personal_snippet, author: user) }
+
+    it 'returns snippet json' do
+      get api("/snippets/#{snippet.id}", user)
+
+      expect(response).to have_http_status(200)
+
+      expect(json_response['title']).to eq(snippet.title)
+      expect(json_response['description']).to eq(snippet.description)
+      expect(json_response['file_name']).to eq(snippet.file_name)
+    end
+
+    it 'returns 404 for invalid snippet id' do
+      get api("/snippets/1234", user)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Not found')
+    end
+  end
+
   describe 'POST /snippets/' do
     let(:params) do
       {
         title: 'Test Title',
         file_name: 'test.rb',
+        description: 'test description',
         content: 'puts "hello world"',
         visibility: 'public'
       }
@@ -97,6 +119,7 @@ describe API::Snippets do
 
       expect(response).to have_http_status(201)
       expect(json_response['title']).to eq(params[:title])
+      expect(json_response['description']).to eq(params[:description])
       expect(json_response['file_name']).to eq(params[:file_name])
     end
 
@@ -119,23 +142,23 @@ describe API::Snippets do
 
       context 'when the snippet is private' do
         it 'creates the snippet' do
-          expect { create_snippet(visibility: 'private') }.
-            to change { Snippet.count }.by(1)
+          expect { create_snippet(visibility: 'private') }
+            .to change { Snippet.count }.by(1)
         end
       end
 
       context 'when the snippet is public' do
         it 'rejects the shippet' do
-          expect { create_snippet(visibility: 'public') }.
-            not_to change { Snippet.count }
+          expect { create_snippet(visibility: 'public') }
+            .not_to change { Snippet.count }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { create_snippet(visibility: 'public') }.
-            to change { SpamLog.count }.by(1)
+          expect { create_snippet(visibility: 'public') }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
@@ -150,12 +173,14 @@ describe API::Snippets do
 
     it 'updates snippet' do
       new_content = 'New content'
+      new_description = 'New description'
 
-      put api("/snippets/#{snippet.id}", user), content: new_content
+      put api("/snippets/#{snippet.id}", user), content: new_content, description: new_description
 
       expect(response).to have_http_status(200)
       snippet.reload
       expect(snippet.content).to eq(new_content)
+      expect(snippet.description).to eq(new_description)
     end
 
     it 'returns 404 for invalid snippet id' do
@@ -191,8 +216,8 @@ describe API::Snippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'updates the snippet' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { snippet.reload.title }.to('Foo')
+          expect { update_snippet(title: 'Foo') }
+            .to change { snippet.reload.title }.to('Foo')
         end
       end
 
@@ -200,16 +225,16 @@ describe API::Snippets do
         let(:visibility_level) { Snippet::PUBLIC }
 
         it 'rejects the shippet' do
-          expect { update_snippet(title: 'Foo') }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo') }
+            .not_to change { snippet.reload.title }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo') }
+            .to change { SpamLog.count }.by(1)
         end
       end
 
@@ -217,13 +242,13 @@ describe API::Snippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'rejects the snippet' do
-          expect { update_snippet(title: 'Foo', visibility: 'public') }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo', visibility: 'public') }
+            .not_to change { snippet.reload.title }
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo', visibility: 'public') }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo', visibility: 'public') }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
diff --git a/spec/requests/api/system_hooks_spec.rb b/spec/requests/api/system_hooks_spec.rb
index 2eb191d6049..f65b475fe44 100644
--- a/spec/requests/api/system_hooks_spec.rb
+++ b/spec/requests/api/system_hooks_spec.rb
@@ -5,7 +5,9 @@ describe API::SystemHooks do
   let(:admin) { create(:admin) }
   let!(:hook) { create(:system_hook, url: "http://example.com") }
 
-  before { stub_request(:post, hook.url) }
+  before do
+    stub_request(:post, hook.url)
+  end
 
   describe "GET /hooks" do
     context "when no user" do
diff --git a/spec/requests/api/templates_spec.rb b/spec/requests/api/templates_spec.rb
index cb55985e3f5..f8af9295842 100644
--- a/spec/requests/api/templates_spec.rb
+++ b/spec/requests/api/templates_spec.rb
@@ -2,14 +2,18 @@ require 'spec_helper'
 
 describe API::Templates do
   context 'the Template Entity' do
-    before { get api('/templates/gitignores/Ruby') }
+    before do
+      get api('/templates/gitignores/Ruby')
+    end
 
     it { expect(json_response['name']).to eq('Ruby') }
     it { expect(json_response['content']).to include('*.gem') }
   end
 
   context 'the TemplateList Entity' do
-    before { get api('/templates/gitignores') }
+    before do
+      get api('/templates/gitignores')
+    end
 
     it { expect(json_response.first['name']).not_to be_nil }
     it { expect(json_response.first['content']).to be_nil }
@@ -47,7 +51,9 @@ describe API::Templates do
   end
 
   context 'the License Template Entity' do
-    before { get api('/templates/licenses/mit') }
+    before do
+      get api('/templates/licenses/mit')
+    end
 
     it 'returns a license template' do
       expect(json_response['key']).to eq('mit')
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 4efc3e1a1e2..c0174b304c8 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -11,7 +11,7 @@ describe API::Users do
   let(:not_existing_user_id) { (User.maximum('id') || 0 ) + 10 }
   let(:not_existing_pat_id) { (PersonalAccessToken.maximum('id') || 0 ) + 10 }
 
-  describe "GET /users" do
+  describe 'GET /users' do
     context "when unauthenticated" do
       it "returns authentication error" do
         get api("/users")
@@ -76,6 +76,12 @@ describe API::Users do
 
         expect(response).to have_http_status(403)
       end
+
+      it 'does not reveal the `is_admin` flag of the user' do
+        get api('/users', user)
+
+        expect(json_response.first.keys).not_to include 'is_admin'
+      end
     end
 
     context "when admin" do
@@ -92,6 +98,7 @@ describe API::Users do
         expect(json_response.first.keys).to include 'two_factor_enabled'
         expect(json_response.first.keys).to include 'last_sign_in_at'
         expect(json_response.first.keys).to include 'confirmed_at'
+        expect(json_response.first.keys).to include 'is_admin'
       end
 
       it "returns an array of external users" do
@@ -160,7 +167,9 @@ describe API::Users do
   end
 
   describe "POST /users" do
-    before { admin }
+    before do
+      admin
+    end
 
     it "creates user" do
       expect do
@@ -280,14 +289,14 @@ describe API::Users do
            bio: 'g' * 256,
            projects_limit: -1
       expect(response).to have_http_status(400)
-      expect(json_response['message']['password']).
-        to eq(['is too short (minimum is 8 characters)'])
-      expect(json_response['message']['bio']).
-        to eq(['is too long (maximum is 255 characters)'])
-      expect(json_response['message']['projects_limit']).
-        to eq(['must be greater than or equal to 0'])
-      expect(json_response['message']['username']).
-        to eq([Gitlab::PathRegex.namespace_format_message])
+      expect(json_response['message']['password'])
+        .to eq(['is too short (minimum is 8 characters)'])
+      expect(json_response['message']['bio'])
+        .to eq(['is too long (maximum is 255 characters)'])
+      expect(json_response['message']['projects_limit'])
+        .to eq(['must be greater than or equal to 0'])
+      expect(json_response['message']['username'])
+        .to eq([Gitlab::PathRegex.namespace_format_message])
     end
 
     it "is not available for non admin users" do
@@ -349,10 +358,13 @@ describe API::Users do
   describe "PUT /users/:id" do
     let!(:admin_user) { create(:admin) }
 
-    before { admin }
+    before do
+      admin
+    end
 
     it "updates user with new bio" do
       put api("/users/#{user.id}", admin), { bio: 'new test bio' }
+
       expect(response).to have_http_status(200)
       expect(json_response['bio']).to eq('new test bio')
       expect(user.reload.bio).to eq('new test bio')
@@ -373,15 +385,34 @@ describe API::Users do
       expect(user.reload.organization).to eq('GitLab')
     end
 
+    it 'updates user with avatar' do
+      put api("/users/#{user.id}", admin), { avatar: fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') }
+
+      user.reload
+
+      expect(user.avatar).to be_present
+      expect(response).to have_http_status(200)
+      expect(json_response['avatar_url']).to include(user.avatar_path)
+    end
+
     it 'updates user with his own email' do
       put api("/users/#{user.id}", admin), email: user.email
+
       expect(response).to have_http_status(200)
       expect(json_response['email']).to eq(user.email)
       expect(user.reload.email).to eq(user.email)
     end
 
+    it 'updates user with a new email' do
+      put api("/users/#{user.id}", admin), email: 'new@email.com'
+
+      expect(response).to have_http_status(200)
+      expect(user.reload.notification_email).to eq('new@email.com')
+    end
+
     it 'updates user with his own username' do
       put api("/users/#{user.id}", admin), username: user.username
+
       expect(response).to have_http_status(200)
       expect(json_response['username']).to eq(user.username)
       expect(user.reload.username).to eq(user.username)
@@ -389,12 +420,14 @@ describe API::Users do
 
     it "updates user's existing identity" do
       put api("/users/#{omniauth_user.id}", admin), provider: 'ldapmain', extern_uid: '654321'
+
       expect(response).to have_http_status(200)
       expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321')
     end
 
     it 'updates user with new identity' do
       put api("/users/#{user.id}", admin), provider: 'github', extern_uid: 'john'
+
       expect(response).to have_http_status(200)
       expect(user.reload.identities.first.extern_uid).to eq('john')
       expect(user.reload.identities.first.provider).to eq('github')
@@ -402,12 +435,14 @@ describe API::Users do
 
     it "updates admin status" do
       put api("/users/#{user.id}", admin), { admin: true }
+
       expect(response).to have_http_status(200)
       expect(user.reload.admin).to eq(true)
     end
 
     it "updates external status" do
       put api("/users/#{user.id}", admin), { external: true }
+
       expect(response.status).to eq 200
       expect(json_response['external']).to eq(true)
       expect(user.reload.external?).to be_truthy
@@ -415,6 +450,7 @@ describe API::Users do
 
     it "does not update admin status" do
       put api("/users/#{admin_user.id}", admin), { can_create_group: false }
+
       expect(response).to have_http_status(200)
       expect(admin_user.reload.admin).to eq(true)
       expect(admin_user.can_create_group).to eq(false)
@@ -422,17 +458,24 @@ describe API::Users do
 
     it "does not allow invalid update" do
       put api("/users/#{user.id}", admin), { email: 'invalid email' }
+
       expect(response).to have_http_status(400)
       expect(user.reload.email).not_to eq('invalid email')
     end
 
-    it "is not available for non admin users" do
-      put api("/users/#{user.id}", user), attributes_for(:user)
-      expect(response).to have_http_status(403)
+    context 'when the current user is not an admin' do
+      it "is not available" do
+        expect do
+          put api("/users/#{user.id}", user), attributes_for(:user)
+        end.not_to change { user.reload.attributes }
+
+        expect(response).to have_http_status(403)
+      end
     end
 
     it "returns 404 for non-existing user" do
       put api("/users/999999", admin), { bio: 'update should fail' }
+
       expect(response).to have_http_status(404)
       expect(json_response['message']).to eq('404 User Not Found')
     end
@@ -452,14 +495,14 @@ describe API::Users do
           bio: 'g' * 256,
           projects_limit: -1
       expect(response).to have_http_status(400)
-      expect(json_response['message']['password']).
-        to eq(['is too short (minimum is 8 characters)'])
-      expect(json_response['message']['bio']).
-        to eq(['is too long (maximum is 255 characters)'])
-      expect(json_response['message']['projects_limit']).
-        to eq(['must be greater than or equal to 0'])
-      expect(json_response['message']['username']).
-        to eq([Gitlab::PathRegex.namespace_format_message])
+      expect(json_response['message']['password'])
+        .to eq(['is too short (minimum is 8 characters)'])
+      expect(json_response['message']['bio'])
+        .to eq(['is too long (maximum is 255 characters)'])
+      expect(json_response['message']['projects_limit'])
+        .to eq(['must be greater than or equal to 0'])
+      expect(json_response['message']['username'])
+        .to eq([Gitlab::PathRegex.namespace_format_message])
     end
 
     it 'returns 400 if provider is missing for identity update' do
@@ -483,6 +526,7 @@ describe API::Users do
 
       it 'returns 409 conflict error if email address exists' do
         put api("/users/#{@user.id}", admin), email: 'test@example.com'
+
         expect(response).to have_http_status(409)
         expect(@user.reload.email).to eq(@user.email)
       end
@@ -490,6 +534,7 @@ describe API::Users do
       it 'returns 409 conflict error if username taken' do
         @user_id = User.all.last.id
         put api("/users/#{@user.id}", admin), username: 'test'
+
         expect(response).to have_http_status(409)
         expect(@user.reload.username).to eq(@user.username)
       end
@@ -497,7 +542,9 @@ describe API::Users do
   end
 
   describe "POST /users/:id/keys" do
-    before { admin }
+    before do
+      admin
+    end
 
     it "does not create invalid ssh key" do
       post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
@@ -527,7 +574,9 @@ describe API::Users do
   end
 
   describe 'GET /user/:id/keys' do
-    before { admin }
+    before do
+      admin
+    end
 
     context 'when unauthenticated' do
       it 'returns authentication error' do
@@ -558,7 +607,9 @@ describe API::Users do
   end
 
   describe 'DELETE /user/:id/keys/:key_id' do
-    before { admin }
+    before do
+      admin
+    end
 
     context 'when unauthenticated' do
       it 'returns authentication error' do
@@ -596,7 +647,9 @@ describe API::Users do
   end
 
   describe "POST /users/:id/emails" do
-    before { admin }
+    before do
+      admin
+    end
 
     it "does not create invalid email" do
       post api("/users/#{user.id}/emails", admin), {}
@@ -620,7 +673,9 @@ describe API::Users do
   end
 
   describe 'GET /user/:id/emails' do
-    before { admin }
+    before do
+      admin
+    end
 
     context 'when unauthenticated' do
       it 'returns authentication error' do
@@ -649,7 +704,7 @@ describe API::Users do
       end
 
       it "returns a 404 for invalid ID" do
-        put api("/users/ASDF/emails", admin)
+        get api("/users/ASDF/emails", admin)
 
         expect(response).to have_http_status(404)
       end
@@ -657,7 +712,9 @@ describe API::Users do
   end
 
   describe 'DELETE /user/:id/emails/:email_id' do
-    before { admin }
+    before do
+      admin
+    end
 
     context 'when unauthenticated' do
       it 'returns authentication error' do
@@ -703,7 +760,10 @@ describe API::Users do
   describe "DELETE /users/:id" do
     let!(:namespace) { user.namespace }
     let!(:issue) { create(:issue, author: user) }
-    before { admin }
+
+    before do
+      admin
+    end
 
     it "deletes user" do
       Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) }
@@ -1063,7 +1123,10 @@ describe API::Users do
   end
 
   describe 'POST /users/:id/block' do
-    before { admin }
+    before do
+      admin
+    end
+
     it 'blocks existing user' do
       post api("/users/#{user.id}/block", admin)
       expect(response).to have_http_status(201)
@@ -1091,7 +1154,10 @@ describe API::Users do
 
   describe 'POST /users/:id/unblock' do
     let(:blocked_user)  { create(:user, state: 'blocked') }
-    before { admin }
+
+    before do
+      admin
+    end
 
     it 'unblocks existing user' do
       post api("/users/#{user.id}/unblock", admin)
diff --git a/spec/requests/api/v3/files_spec.rb b/spec/requests/api/v3/files_spec.rb
index 378ca1720ff..8b2d165c763 100644
--- a/spec/requests/api/v3/files_spec.rb
+++ b/spec/requests/api/v3/files_spec.rb
@@ -126,8 +126,8 @@ describe API::V3::Files do
     end
 
     it "returns a 400 if editor fails to create file" do
-      allow_any_instance_of(Repository).to receive(:create_file).
-        and_raise(Repository::CommitError, 'Cannot create file')
+      allow_any_instance_of(Repository).to receive(:create_file)
+        .and_raise(Repository::CommitError, 'Cannot create file')
 
       post v3_api("/projects/#{project.id}/repository/files", user), valid_params
 
diff --git a/spec/requests/api/v3/groups_spec.rb b/spec/requests/api/v3/groups_spec.rb
index 98e8c954909..63c5707b2e4 100644
--- a/spec/requests/api/v3/groups_spec.rb
+++ b/spec/requests/api/v3/groups_spec.rb
@@ -505,8 +505,8 @@ describe API::V3::Groups do
     let(:project_path) { "#{project.namespace.path}%2F#{project.path}" }
 
     before(:each) do
-      allow_any_instance_of(Projects::TransferService).
-        to receive(:execute).and_return(true)
+      allow_any_instance_of(Projects::TransferService)
+        .to receive(:execute).and_return(true)
     end
 
     context "when authenticated as user" do
diff --git a/spec/requests/api/v3/merge_requests_spec.rb b/spec/requests/api/v3/merge_requests_spec.rb
index f6ff96be566..4f9e63f2ace 100644
--- a/spec/requests/api/v3/merge_requests_spec.rb
+++ b/spec/requests/api/v3/merge_requests_spec.rb
@@ -432,8 +432,8 @@ describe API::MergeRequests do
     end
 
     it "returns 406 if branch can't be merged" do
-      allow_any_instance_of(MergeRequest).
-        to receive(:can_be_merged?).and_return(false)
+      allow_any_instance_of(MergeRequest)
+        .to receive(:can_be_merged?).and_return(false)
 
       put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user)
 
diff --git a/spec/requests/api/v3/notes_spec.rb b/spec/requests/api/v3/notes_spec.rb
index 2bae4a60931..b5f98a9a545 100644
--- a/spec/requests/api/v3/notes_spec.rb
+++ b/spec/requests/api/v3/notes_spec.rb
@@ -13,8 +13,8 @@ describe API::V3::Notes do
   # For testing the cross-reference of a private issue in a public issue
   let(:private_user)    { create(:user) }
   let(:private_project) do
-    create(:empty_project, namespace: private_user.namespace).
-    tap { |p| p.team << [private_user, :master] }
+    create(:empty_project, namespace: private_user.namespace)
+    .tap { |p| p.team << [private_user, :master] }
   end
   let(:private_issue)    { create(:issue, project: private_project) }
 
diff --git a/spec/requests/api/v3/project_snippets_spec.rb b/spec/requests/api/v3/project_snippets_spec.rb
index 365e7365fda..1950c64c690 100644
--- a/spec/requests/api/v3/project_snippets_spec.rb
+++ b/spec/requests/api/v3/project_snippets_spec.rb
@@ -85,23 +85,23 @@ describe API::ProjectSnippets do
 
       context 'when the snippet is private' do
         it 'creates the snippet' do
-          expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
-            to change { Snippet.count }.by(1)
+          expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }
+            .to change { Snippet.count }.by(1)
         end
       end
 
       context 'when the snippet is public' do
         it 'rejects the shippet' do
-          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-            not_to change { Snippet.count }
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
+            .not_to change { Snippet.count }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-            to change { SpamLog.count }.by(1)
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
@@ -147,8 +147,8 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'creates the snippet' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { snippet.reload.title }.to('Foo')
+          expect { update_snippet(title: 'Foo') }
+            .to change { snippet.reload.title }.to('Foo')
         end
       end
 
@@ -156,13 +156,13 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PUBLIC }
 
         it 'rejects the snippet' do
-          expect { update_snippet(title: 'Foo') }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo') }
+            .not_to change { snippet.reload.title }
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo') }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo') }
+            .to change { SpamLog.count }.by(1)
         end
       end
 
@@ -170,16 +170,16 @@ describe API::ProjectSnippets do
         let(:visibility_level) { Snippet::PRIVATE }
 
         it 'rejects the snippet' do
-          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
-            not_to change { snippet.reload.title }
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
+            .not_to change { snippet.reload.title }
 
           expect(response).to have_http_status(400)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
-            to change { SpamLog.count }.by(1)
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
diff --git a/spec/requests/api/v3/projects_spec.rb b/spec/requests/api/v3/projects_spec.rb
index 47cca4275af..af44ffa2331 100644
--- a/spec/requests/api/v3/projects_spec.rb
+++ b/spec/requests/api/v3/projects_spec.rb
@@ -124,6 +124,36 @@ describe API::V3::Projects do
         end
       end
 
+      context 'and using archived' do
+        let!(:archived_project) { create(:empty_project, creator_id: user.id, namespace: user.namespace, archived: true) }
+
+        it 'returns archived project' do
+          get v3_api('/projects?archived=true', user)
+
+          expect(response).to have_http_status(200)
+          expect(json_response).to be_an Array
+          expect(json_response.length).to eq(1)
+          expect(json_response.first['id']).to eq(archived_project.id)
+        end
+
+        it 'returns non-archived project' do
+          get v3_api('/projects?archived=false', user)
+
+          expect(response).to have_http_status(200)
+          expect(json_response).to be_an Array
+          expect(json_response.length).to eq(1)
+          expect(json_response.first['id']).to eq(project.id)
+        end
+
+        it 'returns all project' do
+          get v3_api('/projects', user)
+
+          expect(response).to have_http_status(200)
+          expect(json_response).to be_an Array
+          expect(json_response.length).to eq(2)
+        end
+      end
+
       context 'and using sorting' do
         before do
           project2
@@ -301,15 +331,15 @@ describe API::V3::Projects do
     context 'maximum number of projects reached' do
       it 'does not create new project and respond with 403' do
         allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0)
-        expect { post v3_api('/projects', user2), name: 'foo' }.
-          to change {Project.count}.by(0)
+        expect { post v3_api('/projects', user2), name: 'foo' }
+          .to change {Project.count}.by(0)
         expect(response).to have_http_status(403)
       end
     end
 
     it 'creates new project without path but with name and returns 201' do
-      expect { post v3_api('/projects', user), name: 'Foo Project' }.
-        to change { Project.count }.by(1)
+      expect { post v3_api('/projects', user), name: 'Foo Project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -319,8 +349,8 @@ describe API::V3::Projects do
     end
 
     it 'creates new project without name but with path and returns 201' do
-      expect { post v3_api('/projects', user), path: 'foo_project' }.
-        to change { Project.count }.by(1)
+      expect { post v3_api('/projects', user), path: 'foo_project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -330,8 +360,8 @@ describe API::V3::Projects do
     end
 
     it 'creates new project name and path and returns 201' do
-      expect { post v3_api('/projects', user), path: 'foo-Project', name: 'Foo Project' }.
-        to change { Project.count }.by(1)
+      expect { post v3_api('/projects', user), path: 'foo-Project', name: 'Foo Project' }
+        .to change { Project.count }.by(1)
       expect(response).to have_http_status(201)
 
       project = Project.first
@@ -489,8 +519,8 @@ describe API::V3::Projects do
     end
 
     it 'responds with 400 on failure and not project' do
-      expect { post v3_api("/projects/user/#{user.id}", admin) }.
-        not_to change { Project.count }
+      expect { post v3_api("/projects/user/#{user.id}", admin) }
+        .not_to change { Project.count }
 
       expect(response).to have_http_status(400)
       expect(json_response['error']).to eq('name is missing')
@@ -704,7 +734,8 @@ describe API::V3::Projects do
           'name' => user.namespace.name,
           'path' => user.namespace.path,
           'kind' => user.namespace.kind,
-          'full_path' => user.namespace.full_path
+          'full_path' => user.namespace.full_path,
+          'parent_id' => nil
         })
       end
 
@@ -716,8 +747,8 @@ describe API::V3::Projects do
             get v3_api("/projects", user)
 
             expect(response).to have_http_status(200)
-            expect(json_response.first['permissions']['project_access']['access_level']).
-            to eq(Gitlab::Access::MASTER)
+            expect(json_response.first['permissions']['project_access']['access_level'])
+            .to eq(Gitlab::Access::MASTER)
             expect(json_response.first['permissions']['group_access']).to be_nil
           end
         end
@@ -728,8 +759,8 @@ describe API::V3::Projects do
             get v3_api("/projects/#{project.id}", user)
 
             expect(response).to have_http_status(200)
-            expect(json_response['permissions']['project_access']['access_level']).
-            to eq(Gitlab::Access::MASTER)
+            expect(json_response['permissions']['project_access']['access_level'])
+            .to eq(Gitlab::Access::MASTER)
             expect(json_response['permissions']['group_access']).to be_nil
           end
         end
@@ -744,8 +775,8 @@ describe API::V3::Projects do
 
             expect(response).to have_http_status(200)
             expect(json_response['permissions']['project_access']).to be_nil
-            expect(json_response['permissions']['group_access']['access_level']).
-            to eq(Gitlab::Access::OWNER)
+            expect(json_response['permissions']['group_access']['access_level'])
+            .to eq(Gitlab::Access::OWNER)
           end
         end
       end
diff --git a/spec/requests/api/v3/snippets_spec.rb b/spec/requests/api/v3/snippets_spec.rb
index 4f02b7b1a54..1bc2258ebd3 100644
--- a/spec/requests/api/v3/snippets_spec.rb
+++ b/spec/requests/api/v3/snippets_spec.rb
@@ -112,21 +112,21 @@ describe API::V3::Snippets do
 
       context 'when the snippet is private' do
         it 'creates the snippet' do
-          expect { create_snippet(visibility_level: Snippet::PRIVATE) }.
-            to change { Snippet.count }.by(1)
+          expect { create_snippet(visibility_level: Snippet::PRIVATE) }
+            .to change { Snippet.count }.by(1)
         end
       end
 
       context 'when the snippet is public' do
         it 'rejects the shippet' do
-          expect { create_snippet(visibility_level: Snippet::PUBLIC) }.
-            not_to change { Snippet.count }
+          expect { create_snippet(visibility_level: Snippet::PUBLIC) }
+            .not_to change { Snippet.count }
           expect(response).to have_http_status(400)
         end
 
         it 'creates a spam log' do
-          expect { create_snippet(visibility_level: Snippet::PUBLIC) }.
-            to change { SpamLog.count }.by(1)
+          expect { create_snippet(visibility_level: Snippet::PUBLIC) }
+            .to change { SpamLog.count }.by(1)
         end
       end
     end
diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb
index e9c57f7c6c3..6d7401f9764 100644
--- a/spec/requests/api/v3/users_spec.rb
+++ b/spec/requests/api/v3/users_spec.rb
@@ -7,6 +7,38 @@ describe API::V3::Users do
   let(:email)   { create(:email, user: user) }
   let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
 
+  describe 'GET /users' do
+    context 'when authenticated' do
+      it 'returns an array of users' do
+        get v3_api('/users', user)
+
+        expect(response).to have_http_status(200)
+        expect(response).to include_pagination_headers
+        expect(json_response).to be_an Array
+        username = user.username
+        expect(json_response.detect do |user|
+          user['username'] == username
+        end['username']).to eq(username)
+      end
+    end
+
+    context 'when authenticated as user' do
+      it 'does not reveal the `is_admin` flag of the user' do
+        get v3_api('/users', user)
+
+        expect(json_response.first.keys).not_to include 'is_admin'
+      end
+    end
+
+    context 'when authenticated as admin' do
+      it 'reveals the `is_admin` flag of the user' do
+        get v3_api('/users', admin)
+
+        expect(json_response.first.keys).to include 'is_admin'
+      end
+    end
+  end
+
   describe 'GET /user/:id/keys' do
     before { admin }
 
diff --git a/spec/requests/api/variables_spec.rb b/spec/requests/api/variables_spec.rb
index 83673864fe7..e0975024b80 100644
--- a/spec/requests/api/variables_spec.rb
+++ b/spec/requests/api/variables_spec.rb
@@ -82,6 +82,17 @@ describe API::Variables do
         expect(json_response['protected']).to be_truthy
       end
 
+      it 'creates variable with optional attributes' do
+        expect do
+          post api("/projects/#{project.id}/variables", user), key: 'TEST_VARIABLE_2', value: 'VALUE_2'
+        end.to change{project.variables.count}.by(1)
+
+        expect(response).to have_http_status(201)
+        expect(json_response['key']).to eq('TEST_VARIABLE_2')
+        expect(json_response['value']).to eq('VALUE_2')
+        expect(json_response['protected']).to be_falsey
+      end
+
       it 'does not allow to duplicate variable key' do
         expect do
           post api("/projects/#{project.id}/variables", user), key: variable.key, value: 'VALUE_2'
diff --git a/spec/requests/ci/api/builds_spec.rb b/spec/requests/ci/api/builds_spec.rb
index 286de277ae7..c969d08d0dd 100644
--- a/spec/requests/ci/api/builds_spec.rb
+++ b/spec/requests/ci/api/builds_spec.rb
@@ -91,8 +91,8 @@ describe Ci::API::Builds do
 
         context 'when concurrently updating build' do
           before do
-            expect_any_instance_of(Ci::Build).to receive(:run!).
-              and_raise(ActiveRecord::StaleObjectError.new(nil, nil))
+            expect_any_instance_of(Ci::Build).to receive(:run!)
+              .and_raise(ActiveRecord::StaleObjectError.new(nil, nil))
           end
 
           it 'returns a conflict' do
@@ -137,6 +137,18 @@ describe Ci::API::Builds do
             end
           end
         end
+
+        context 'when docker configuration options are used' do
+          let!(:build) { create(:ci_build, :extended_options, pipeline: pipeline, name: 'spinach', stage: 'test', stage_idx: 0) }
+
+          it 'starts a build' do
+            register_builds info: { platform: :darwin }
+
+            expect(response).to have_http_status(201)
+            expect(json_response['options']['image']).to eq('ruby:2.1')
+            expect(json_response['options']['services']).to eq(['postgres', 'docker:dind'])
+          end
+        end
       end
 
       context 'when builds are finished' do
@@ -229,7 +241,9 @@ describe Ci::API::Builds do
         end
 
         context 'when runner is allowed to pick untagged builds' do
-          before { runner.update_column(:run_untagged, true) }
+          before do
+            runner.update_column(:run_untagged, true)
+          end
 
           it 'picks build' do
             register_builds
@@ -455,7 +469,9 @@ describe Ci::API::Builds do
       let(:token) { build.token }
       let(:headers_with_token) { headers.merge(Ci::API::Helpers::BUILD_TOKEN_HEADER => token) }
 
-      before { build.run! }
+      before do
+        build.run!
+      end
 
       describe "POST /builds/:id/artifacts/authorize" do
         context "authorizes posting artifact to running build" do
@@ -511,7 +527,9 @@ describe Ci::API::Builds do
         end
 
         context 'authorization token is invalid' do
-          before { post authorize_url, { token: 'invalid', filesize: 100 } }
+          before do
+            post authorize_url, { token: 'invalid', filesize: 100 }
+          end
 
           it 'responds with forbidden' do
             expect(response).to have_http_status(403)
@@ -652,8 +670,8 @@ describe Ci::API::Builds do
                 build.reload
                 expect(response).to have_http_status(201)
                 expect(json_response['artifacts_expire_at']).not_to be_empty
-                expect(build.artifacts_expire_at).
-                  to be_within(5.minutes).of(7.days.from_now)
+                expect(build.artifacts_expire_at)
+                  .to be_within(5.minutes).of(7.days.from_now)
               end
             end
 
diff --git a/spec/requests/ci/api/runners_spec.rb b/spec/requests/ci/api/runners_spec.rb
index 0b9733221d8..78b2be350cd 100644
--- a/spec/requests/ci/api/runners_spec.rb
+++ b/spec/requests/ci/api/runners_spec.rb
@@ -12,7 +12,9 @@ describe Ci::API::Runners do
 
   describe "POST /runners/register" do
     context 'when runner token is provided' do
-      before { post ci_api("/runners/register"), token: registration_token }
+      before do
+        post ci_api("/runners/register"), token: registration_token
+      end
 
       it 'creates runner with default values' do
         expect(response).to have_http_status 201
@@ -69,7 +71,10 @@ describe Ci::API::Runners do
 
     context 'when project token is provided' do
       let(:project) { FactoryGirl.create(:empty_project) }
-      before { post ci_api("/runners/register"), token: project.runners_token }
+
+      before do
+        post ci_api("/runners/register"), token: project.runners_token
+      end
 
       it 'creates runner' do
         expect(response).to have_http_status 201
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index f018b48ceb2..185679e1a0f 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -316,6 +316,26 @@ describe 'Git HTTP requests', lib: true do
             it_behaves_like 'pushes require Basic HTTP Authentication'
           end
         end
+
+        context 'and the user requests a redirected path' do
+          let!(:redirect) { project.route.create_redirect('foo/bar') }
+          let(:path) { "#{redirect.path}.git" }
+          let(:project_moved_message) do
+            <<-MSG.strip_heredoc
+              Project '#{redirect.path}' was moved to '#{project.full_path}'.
+
+              Please update your Git remote and try again:
+
+                git remote set-url origin #{project.http_url_to_repo}
+            MSG
+          end
+
+          it 'downloads get status 404 with "project was moved" message' do
+            clone_get(path, {})
+            expect(response).to have_http_status(:not_found)
+            expect(response.body).to match(project_moved_message)
+          end
+        end
       end
 
       context "when the project is private" do
@@ -418,17 +438,17 @@ describe 'Git HTTP requests', lib: true do
                 end
 
                 context 'when username and password are provided' do
-                  it 'rejects pulls with 2FA error message' do
+                  it 'rejects pulls with personal access token error message' do
                     download(path, user: user.username, password: user.password) do |response|
                       expect(response).to have_http_status(:unauthorized)
-                      expect(response.body).to include('You have 2FA enabled, please use a personal access token for Git over HTTP')
+                      expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
                     end
                   end
 
-                  it 'rejects the push attempt' do
+                  it 'rejects the push attempt with personal access token error message' do
                     upload(path, user: user.username, password: user.password) do |response|
                       expect(response).to have_http_status(:unauthorized)
-                      expect(response.body).to include('You have 2FA enabled, please use a personal access token for Git over HTTP')
+                      expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
                     end
                   end
                 end
@@ -441,6 +461,41 @@ describe 'Git HTTP requests', lib: true do
                 end
               end
 
+              context 'when internal auth is disabled' do
+                before do
+                  allow_any_instance_of(ApplicationSetting).to receive(:signin_enabled?) { false }
+                end
+
+                it 'rejects pulls with personal access token error message' do
+                  download(path, user: 'foo', password: 'bar') do |response|
+                    expect(response).to have_http_status(:unauthorized)
+                    expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
+                  end
+                end
+
+                it 'rejects pushes with personal access token error message' do
+                  upload(path, user: 'foo', password: 'bar') do |response|
+                    expect(response).to have_http_status(:unauthorized)
+                    expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
+                  end
+                end
+
+                context 'when LDAP is configured' do
+                  before do
+                    allow(Gitlab::LDAP::Config).to receive(:enabled?).and_return(true)
+                    allow_any_instance_of(Gitlab::LDAP::Authentication)
+                      .to receive(:login).and_return(nil)
+                  end
+
+                  it 'does not display the personal access token error message' do
+                    upload(path, user: 'foo', password: 'bar') do |response|
+                      expect(response).to have_http_status(:unauthorized)
+                      expect(response.body).not_to include('You must use a personal access token with \'api\' scope for Git over HTTP')
+                    end
+                  end
+                end
+              end
+
               context "when blank password attempts follow a valid login" do
                 def attempt_login(include_password)
                   password = include_password ? user.password : ""
@@ -470,6 +525,33 @@ describe 'Git HTTP requests', lib: true do
                   Rack::Attack::Allow2Ban.reset(ip, options)
                 end
               end
+
+              context 'and the user requests a redirected path' do
+                let!(:redirect) { project.route.create_redirect('foo/bar') }
+                let(:path) { "#{redirect.path}.git" }
+                let(:project_moved_message) do
+                  <<-MSG.strip_heredoc
+                    Project '#{redirect.path}' was moved to '#{project.full_path}'.
+
+                    Please update your Git remote and try again:
+
+                      git remote set-url origin #{project.http_url_to_repo}
+                  MSG
+                end
+
+                it 'downloads get status 404 with "project was moved" message' do
+                  clone_get(path, env)
+                  expect(response).to have_http_status(:not_found)
+                  expect(response.body).to match(project_moved_message)
+                end
+
+                it 'uploads get status 404 with "project was moved" message' do
+                  upload(path, env) do |response|
+                    expect(response).to have_http_status(:not_found)
+                    expect(response.body).to match(project_moved_message)
+                  end
+                end
+              end
             end
 
             context "when the user doesn't have access to the project" do
@@ -592,7 +674,9 @@ describe 'Git HTTP requests', lib: true do
           let(:path) { "/#{project.path_with_namespace}/info/refs" }
 
           context "when no params are added" do
-            before { get path }
+            before do
+              get path
+            end
 
             it "redirects to the .git suffix version" do
               expect(response).to redirect_to("/#{project.path_with_namespace}.git/info/refs")
@@ -601,7 +685,10 @@ describe 'Git HTTP requests', lib: true do
 
           context "when the upload-pack service is requested" do
             let(:params) { { service: 'git-upload-pack' } }
-            before { get path, params }
+
+            before do
+              get path, params
+            end
 
             it "redirects to the .git suffix version" do
               expect(response).to redirect_to("/#{project.path_with_namespace}.git/info/refs?service=#{params[:service]}")
@@ -610,7 +697,10 @@ describe 'Git HTTP requests', lib: true do
 
           context "when the receive-pack service is requested" do
             let(:params) { { service: 'git-receive-pack' } }
-            before { get path, params }
+
+            before do
+              get path, params
+            end
 
             it "redirects to the .git suffix version" do
               expect(response).to redirect_to("/#{project.path_with_namespace}.git/info/refs?service=#{params[:service]}")
@@ -619,7 +709,10 @@ describe 'Git HTTP requests', lib: true do
 
           context "when the params are anything else" do
             let(:params) { { service: 'git-implode-pack' } }
-            before { get path, params }
+
+            before do
+              get path, params
+            end
 
             it "redirects to the sign-in page" do
               expect(response).to redirect_to(new_user_session_path)
@@ -634,7 +727,7 @@ describe 'Git HTTP requests', lib: true do
         end
 
         context "POST git-receive-pack" do
-          it "failes to find a route" do
+          it "fails to find a route" do
             expect { push_post(project.path_with_namespace) }.to raise_error(ActionController::RoutingError)
           end
         end
@@ -648,7 +741,7 @@ describe 'Git HTTP requests', lib: true do
             # Provide a dummy file in its place
             allow_any_instance_of(Repository).to receive(:blob_at).and_call_original
             allow_any_instance_of(Repository).to receive(:blob_at).with('b83d6e391c22777fca1ed3012fce84f633d7fed0', 'info/refs') do
-              Gitlab::Git::Blob.find(project.repository, 'master', 'bar/branch-test.txt')
+              Blob.decorate(Gitlab::Git::Blob.find(project.repository, 'master', 'bar/branch-test.txt'), project)
             end
 
             get "/#{project.path_with_namespace}/blob/master/info/refs"
@@ -660,7 +753,9 @@ describe 'Git HTTP requests', lib: true do
         end
 
         context "when the file does not exist" do
-          before { get "/#{project.path_with_namespace}/blob/master/info/refs" }
+          before do
+            get "/#{project.path_with_namespace}/blob/master/info/refs"
+          end
 
           it "returns not found" do
             expect(response).to have_http_status(:not_found)
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
index a3e7844b2f3..5e4cf05748e 100644
--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -6,7 +6,9 @@ describe JwtController do
   let(:service_name) { 'test' }
   let(:parameters) { { service: service_name } }
 
-  before { stub_const('JwtController::SERVICES', service_name => service_class) }
+  before do
+    stub_const('JwtController::SERVICES', service_name => service_class)
+  end
 
   context 'existing service' do
     subject! { get '/jwt/auth', parameters }
@@ -41,6 +43,19 @@ describe JwtController do
 
         it { expect(response).to have_http_status(401) }
       end
+
+      context 'using personal access tokens' do
+        let(:user) { create(:user) }
+        let(:pat) { create(:personal_access_token, user: user, scopes: ['read_registry']) }
+        let(:headers) { { authorization: credentials('personal_access_token', pat.token) } }
+
+        subject! { get '/jwt/auth', parameters, headers }
+
+        it 'authenticates correctly' do
+          expect(response).to have_http_status(200)
+          expect(service_class).to have_received(:new).with(nil, user, parameters)
+        end
+      end
     end
 
     context 'using User login' do
@@ -57,7 +72,7 @@ describe JwtController do
         context 'without personal token' do
           it 'rejects the authorization attempt' do
             expect(response).to have_http_status(401)
-            expect(response.body).to include('You have 2FA enabled, please use a personal access token for Git over HTTP')
+            expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
           end
         end
 
@@ -75,9 +90,24 @@ describe JwtController do
     context 'using invalid login' do
       let(:headers) { { authorization: credentials('invalid', 'password') } }
 
-      subject! { get '/jwt/auth', parameters, headers }
+      context 'when internal auth is enabled' do
+        it 'rejects the authorization attempt' do
+          get '/jwt/auth', parameters, headers
+
+          expect(response).to have_http_status(401)
+          expect(response.body).not_to include('You must use a personal access token with \'api\' scope for Git over HTTP')
+        end
+      end
 
-      it { expect(response).to have_http_status(401) }
+      context 'when internal auth is disabled' do
+        it 'rejects the authorization attempt with personal access token message' do
+          allow_any_instance_of(ApplicationSetting).to receive(:signin_enabled?) { false }
+          get '/jwt/auth', parameters, headers
+
+          expect(response).to have_http_status(401)
+          expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
+        end
+      end
     end
   end
 
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 05176c3beaa..6d1f0b24196 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -79,7 +79,7 @@ describe 'OpenID Connect requests' do
           'email_verified' => true,
           'website'        => 'https://example.com',
           'profile'        => 'http://localhost/alice',
-          'picture'        => "http://localhost/uploads/user/avatar/#{user.id}/dk.png"
+          'picture'        => "http://localhost/uploads/system/user/avatar/#{user.id}/dk.png"
         })
       end
     end