Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into category-search-dropdown

# Conflicts: # app/assets/javascripts/lib/common_utils.js.coffee
author: Fatih Acet <acetfatih@gmail.com> 2016-06-16 02:04:09 +0300
committer: Fatih Acet <acetfatih@gmail.com> 2016-06-16 02:04:09 +0300
commit: fe125f8dc9925a61d20913ffdd15d2ae03cbde75 (patch)
tree: 5a0671ad5f2a5c06c7ed6d6e74d8d6ff521d7f3a /spec
parent: 6f8626de0609da6c789457153b2b19dc79db2c95 (diff)
parent: 5d16d50cebb115773c1a16a141adab150eec8764 (diff)
download: gitlab-ce-fe125f8dc9925a61d20913ffdd15d2ae03cbde75.tar.gz
78 files changed, 3147 insertions, 294 deletions
diff --git a/spec/controllers/blob_controller_spec.rb b/spec/controllers/blob_controller_spec.rb
index eb91e577b87..465013231f9 100644
--- a/spec/controllers/blob_controller_spec.rb
+++ b/spec/controllers/blob_controller_spec.rb
@@ -38,6 +38,11 @@ describe Projects::BlobController do
       let(:id) { 'invalid-branch/README.md' }
       it { is_expected.to respond_with(:not_found) }
     end
+
+    context "binary file" do
+      let(:id) { 'binary-encoding/encoding/binary-1.bin' }
+      it { is_expected.to respond_with(:success) }
+    end
   end
 
   describe 'GET show with tree path' do
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index a5986598715..89c2c26a367 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -4,17 +4,211 @@ describe Groups::GroupMembersController do
   let(:user)  { create(:user) }
   let(:group) { create(:group) }
 
-  context "index" do
+  describe '#index' do
     before do
       group.add_owner(user)
       stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
     end
 
     it 'renders index with group members' do
-      get :index, group_id: group.path
+      get :index, group_id: group
 
       expect(response.status).to eq(200)
       expect(response).to render_template(:index)
     end
   end
+
+  describe '#destroy' do
+    let(:group) { create(:group, :public) }
+
+    context 'when member is not found' do
+      it 'returns 403' do
+        delete :destroy, group_id: group,
+                         id: 42
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'when member is found' do
+      let(:user) { create(:user) }
+      let(:group_user) { create(:user) }
+      let(:member) do
+        group.add_developer(group_user)
+        group.members.find_by(user_id: group_user)
+      end
+
+      context 'when user does not have enough rights' do
+        before do
+          group.add_developer(user)
+          sign_in(user)
+        end
+
+        it 'returns 403' do
+          delete :destroy, group_id: group,
+                           id: member
+
+          expect(response.status).to eq(403)
+          expect(group.users).to include group_user
+        end
+      end
+
+      context 'when user has enough rights' do
+        before do
+          group.add_owner(user)
+          sign_in(user)
+        end
+
+        it '[HTML] removes user from members' do
+          delete :destroy, group_id: group,
+                           id: member
+
+          expect(response).to set_flash.to 'User was successfully removed from group.'
+          expect(response).to redirect_to(group_group_members_path(group))
+          expect(group.users).not_to include group_user
+        end
+
+        it '[JS] removes user from members' do
+          xhr :delete, :destroy, group_id: group,
+                                 id: member
+
+          expect(response).to be_success
+          expect(group.users).not_to include group_user
+        end
+      end
+    end
+  end
+
+  describe '#leave' do
+    let(:group) { create(:group, :public) }
+    let(:user) { create(:user) }
+
+    context 'when member is not found' do
+      before { sign_in(user) }
+
+      it 'returns 403' do
+        delete :leave, group_id: group
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'when member is found' do
+      context 'and is not an owner' do
+        before do
+          group.add_developer(user)
+          sign_in(user)
+        end
+
+        it 'removes user from members' do
+          delete :leave, group_id: group
+
+          expect(response).to set_flash.to "You left the \"#{group.name}\" group."
+          expect(response).to redirect_to(dashboard_groups_path)
+          expect(group.users).not_to include user
+        end
+      end
+
+      context 'and is an owner' do
+        before do
+          group.add_owner(user)
+          sign_in(user)
+        end
+
+        it 'cannot removes himself from the group' do
+          delete :leave, group_id: group
+
+          expect(response).to redirect_to(group_path(group))
+          expect(response).to set_flash[:alert].to "You can not leave the \"#{group.name}\" group. Transfer or delete the group."
+          expect(group.users).to include user
+        end
+      end
+
+      context 'and is a requester' do
+        before do
+          group.request_access(user)
+          sign_in(user)
+        end
+
+        it 'removes user from members' do
+          delete :leave, group_id: group
+
+          expect(response).to set_flash.to 'Your access request to the group has been withdrawn.'
+          expect(response).to redirect_to(dashboard_groups_path)
+          expect(group.members.request).to be_empty
+          expect(group.users).not_to include user
+        end
+      end
+    end
+  end
+
+  describe '#request_access' do
+    let(:group) { create(:group, :public) }
+    let(:user) { create(:user) }
+
+    before do
+      sign_in(user)
+    end
+
+    it 'creates a new GroupMember that is not a team member' do
+      post :request_access, group_id: group
+
+      expect(response).to set_flash.to 'Your request for access has been queued for review.'
+      expect(response).to redirect_to(group_path(group))
+      expect(group.members.request.exists?(user_id: user)).to be_truthy
+      expect(group.users).not_to include user
+    end
+  end
+
+  describe '#approve_access_request' do
+    let(:group) { create(:group, :public) }
+
+    context 'when member is not found' do
+      it 'returns 403' do
+        post :approve_access_request, group_id: group,
+                                      id: 42
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'when member is found' do
+      let(:user) { create(:user) }
+      let(:group_requester) { create(:user) }
+      let(:member) do
+        group.request_access(group_requester)
+        group.members.request.find_by(user_id: group_requester)
+      end
+
+      context 'when user does not have enough rights' do
+        before do
+          group.add_developer(user)
+          sign_in(user)
+        end
+
+        it 'returns 403' do
+          post :approve_access_request, group_id: group,
+                                        id: member
+
+          expect(response.status).to eq(403)
+          expect(group.users).not_to include group_requester
+        end
+      end
+
+      context 'when user has enough rights' do
+        before do
+          group.add_owner(user)
+          sign_in(user)
+        end
+
+        it 'adds user to members' do
+          post :approve_access_request, group_id: group,
+                                        id: member
+
+          expect(response).to redirect_to(group_group_members_path(group))
+          expect(group.users).to include group_requester
+        end
+      end
+    end
+  end
 end
diff --git a/spec/controllers/projects/commit_controller_spec.rb b/spec/controllers/projects/commit_controller_spec.rb
index 438e776ec4b..6e3db10e451 100644
--- a/spec/controllers/projects/commit_controller_spec.rb
+++ b/spec/controllers/projects/commit_controller_spec.rb
@@ -2,6 +2,8 @@ require 'rails_helper'
 
 describe Projects::CommitController do
   describe 'GET show' do
+    render_views
+
     let(:project) { create(:project) }
 
     before do
@@ -27,6 +29,16 @@ describe Projects::CommitController do
       end
     end
 
+    it 'handles binary files' do
+      get(:show,
+          namespace_id: project.namespace.to_param,
+          project_id: project.to_param,
+          id: TestEnv::BRANCH_SHA['binary-encoding'],
+          format: "html")
+
+      expect(response).to be_success
+    end
+
     def go(id:)
       get :show,
         namespace_id: project.namespace.to_param,
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 78be7e3dc35..cbaa3e0b7b2 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -105,6 +105,15 @@ describe Projects::IssuesController do
         expect(assigns(:issues)).to eq [issue]
       end
 
+      it 'should not list confidential issues for project members with guest role' do
+        sign_in(member)
+        project.team << [member, :guest]
+
+        get_issues
+
+        expect(assigns(:issues)).to eq [issue]
+      end
+
       it 'should list confidential issues for author' do
         sign_in(author)
         get_issues
@@ -148,7 +157,7 @@ describe Projects::IssuesController do
 
     shared_examples_for 'restricted action' do |http_status|
       it 'returns 404 for guests' do
-        sign_out :user
+        sign_out(:user)
         go(id: unescaped_parameter_value.to_param)
 
         expect(response).to have_http_status :not_found
@@ -161,6 +170,14 @@ describe Projects::IssuesController do
         expect(response).to have_http_status :not_found
       end
 
+      it 'returns 404 for project members with guest role' do
+        sign_in(member)
+        project.team << [member, :guest]
+        go(id: unescaped_parameter_value.to_param)
+
+        expect(response).to have_http_status :not_found
+      end
+
       it "returns #{http_status[:success]} for author" do
         sign_in(author)
         go(id: unescaped_parameter_value.to_param)
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 750fbecdd07..fc5f458e795 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -1,22 +1,22 @@
 require('spec_helper')
 
 describe Projects::ProjectMembersController do
-  let(:project) { create(:project) }
-  let(:another_project) { create(:project, :private) }
-  let(:user) { create(:user) }
-  let(:member) { create(:user) }
-
-  before do
-    project.team << [user, :master]
-    another_project.team << [member, :guest]
-    sign_in(user)
-  end
-
   describe '#apply_import' do
+    let(:project) { create(:project) }
+    let(:another_project) { create(:project, :private) }
+    let(:user) { create(:user) }
+    let(:member) { create(:user) }
+
+    before do
+      project.team << [user, :master]
+      another_project.team << [member, :guest]
+      sign_in(user)
+    end
+
     shared_context 'import applied' do
       before do
-        post(:apply_import, namespace_id: project.namespace.to_param,
-                            project_id: project.to_param,
+        post(:apply_import, namespace_id: project.namespace,
+                            project_id: project,
                             source_project_id: another_project.id)
       end
     end
@@ -48,18 +48,231 @@ describe Projects::ProjectMembersController do
   end
 
   describe '#index' do
-    let(:project) { create(:project, :private) }
-
     context 'when user is member' do
-      let(:member) { create(:user) }
-
       before do
+        project = create(:project, :private)
+        member = create(:user)
         project.team << [member, :guest]
         sign_in(member)
-        get :index, namespace_id: project.namespace.to_param, project_id: project.to_param
+
+        get :index, namespace_id: project.namespace, project_id: project
       end
 
       it { expect(response.status).to eq(200) }
     end
   end
+
+  describe '#destroy' do
+    let(:project) { create(:project, :public) }
+
+    context 'when member is not found' do
+      it 'returns 404' do
+        delete :destroy, namespace_id: project.namespace,
+                         project_id: project,
+                         id: 42
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'when member is found' do
+      let(:user) { create(:user) }
+      let(:team_user) { create(:user) }
+      let(:member) do
+        project.team << [team_user, :developer]
+        project.members.find_by(user_id: team_user.id)
+      end
+
+      context 'when user does not have enough rights' do
+        before do
+          project.team << [user, :developer]
+          sign_in(user)
+        end
+
+        it 'returns 404' do
+          delete :destroy, namespace_id: project.namespace,
+                           project_id: project,
+                           id: member
+
+          expect(response.status).to eq(404)
+          expect(project.users).to include team_user
+        end
+      end
+
+      context 'when user has enough rights' do
+        before do
+          project.team << [user, :master]
+          sign_in(user)
+        end
+
+        it '[HTML] removes user from members' do
+          delete :destroy, namespace_id: project.namespace,
+                           project_id: project,
+                           id: member
+
+          expect(response).to redirect_to(
+            namespace_project_project_members_path(project.namespace, project)
+          )
+          expect(project.users).not_to include team_user
+        end
+
+        it '[JS] removes user from members' do
+          xhr :delete, :destroy, namespace_id: project.namespace,
+                                 project_id: project,
+                                 id: member
+
+          expect(response).to be_success
+          expect(project.users).not_to include team_user
+        end
+      end
+    end
+  end
+
+  describe '#leave' do
+    let(:project) { create(:project, :public) }
+    let(:user) { create(:user) }
+
+    context 'when member is not found' do
+      before { sign_in(user) }
+
+      it 'returns 403' do
+        delete :leave, namespace_id: project.namespace,
+                       project_id: project
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'when member is found' do
+      context 'and is not an owner' do
+        before do
+          project.team << [user, :developer]
+          sign_in(user)
+        end
+
+        it 'removes user from members' do
+          delete :leave, namespace_id: project.namespace,
+                         project_id: project
+
+          expect(response).to set_flash.to "You left the \"#{project.human_name}\" project."
+          expect(response).to redirect_to(dashboard_projects_path)
+          expect(project.users).not_to include user
+        end
+      end
+
+      context 'and is an owner' do
+        before do
+          project.update(namespace_id: user.namespace_id)
+          project.team << [user, :master, user]
+          sign_in(user)
+        end
+
+        it 'cannot remove himself from the project' do
+          delete :leave, namespace_id: project.namespace,
+                         project_id: project
+
+          expect(response).to redirect_to(
+            namespace_project_path(project.namespace, project)
+          )
+          expect(response).to set_flash[:alert].to "You can not leave the \"#{project.human_name}\" project. Transfer or delete the project."
+          expect(project.users).to include user
+        end
+      end
+
+      context 'and is a requester' do
+        before do
+          project.request_access(user)
+          sign_in(user)
+        end
+
+        it 'removes user from members' do
+          delete :leave, namespace_id: project.namespace,
+                         project_id: project
+
+          expect(response).to set_flash.to 'Your access request to the project has been withdrawn.'
+          expect(response).to redirect_to(dashboard_projects_path)
+          expect(project.members.request).to be_empty
+          expect(project.users).not_to include user
+        end
+      end
+    end
+  end
+
+  describe '#request_access' do
+    let(:project) { create(:project, :public) }
+    let(:user) { create(:user) }
+
+    before do
+      sign_in(user)
+    end
+
+    it 'creates a new ProjectMember that is not a team member' do
+      post :request_access, namespace_id: project.namespace,
+                            project_id: project
+
+      expect(response).to set_flash.to 'Your request for access has been queued for review.'
+      expect(response).to redirect_to(
+        namespace_project_path(project.namespace, project)
+      )
+      expect(project.members.request.exists?(user_id: user)).to be_truthy
+      expect(project.users).not_to include user
+    end
+  end
+
+  describe '#approve' do
+    let(:project) { create(:project, :public) }
+
+    context 'when member is not found' do
+      it 'returns 404' do
+        post :approve_access_request, namespace_id: project.namespace,
+                                      project_id: project,
+                                      id: 42
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'when member is found' do
+      let(:user) { create(:user) }
+      let(:team_requester) { create(:user) }
+      let(:member) do
+        project.request_access(team_requester)
+        project.members.request.find_by(user_id: team_requester.id)
+      end
+
+      context 'when user does not have enough rights' do
+        before do
+          project.team << [user, :developer]
+          sign_in(user)
+        end
+
+        it 'returns 404' do
+          post :approve_access_request, namespace_id: project.namespace,
+                                        project_id: project,
+                                        id: member
+
+          expect(response.status).to eq(404)
+          expect(project.users).not_to include team_requester
+        end
+      end
+
+      context 'when user has enough rights' do
+        before do
+          project.team << [user, :master]
+          sign_in(user)
+        end
+
+        it 'adds user to members' do
+          post :approve_access_request, namespace_id: project.namespace,
+                                        project_id: project,
+                                        id: member
+
+          expect(response).to redirect_to(
+            namespace_project_project_members_path(project.namespace, project)
+          )
+          expect(project.users).to include team_requester
+        end
+      end
+    end
+  end
 end
diff --git a/spec/factories/deployments.rb b/spec/factories/deployments.rb
new file mode 100644
index 00000000000..82591604fcb
--- /dev/null
+++ b/spec/factories/deployments.rb
@@ -0,0 +1,13 @@
+FactoryGirl.define do
+  factory :deployment, class: Deployment do
+    sha '97de212e80737a608d939f648d959671fb0a0142'
+    ref 'master'
+    tag false
+
+    environment factory: :environment
+
+    after(:build) do |deployment, evaluator|
+      deployment.project = deployment.environment.project
+    end
+  end
+end
diff --git a/spec/factories/environments.rb b/spec/factories/environments.rb
new file mode 100644
index 00000000000..07265c26ca3
--- /dev/null
+++ b/spec/factories/environments.rb
@@ -0,0 +1,7 @@
+FactoryGirl.define do
+  factory :environment, class: Environment do
+    sequence(:name) { |n| "environment#{n}" }
+
+    project factory: :empty_project
+  end
+end
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb
index da8d97c9f82..5c8ddbebf0d 100644
--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -67,9 +67,6 @@ FactoryGirl.define do
           'new_issue_url' => 'http://redmine/projects/project_name_in_redmine/issues/new'
         }
       )
-
-      project.issues_tracker = 'redmine'
-      project.issues_tracker_id = 'project_name_in_redmine'
     end
   end
 
@@ -84,9 +81,6 @@ FactoryGirl.define do
           'new_issue_url' => 'http://jira.example/secure/CreateIssue.jspa'
         }
       )
-
-      project.issues_tracker = 'jira'
-      project.issues_tracker_id = 'project_name_in_jira'
     end
   end
 end
diff --git a/spec/features/admin/admin_hooks_spec.rb b/spec/features/admin/admin_hooks_spec.rb
index 7265cdac7a7..31633817d53 100644
--- a/spec/features/admin/admin_hooks_spec.rb
+++ b/spec/features/admin/admin_hooks_spec.rb
@@ -12,9 +12,11 @@ describe "Admin::Hooks", feature: true do
   describe "GET /admin/hooks" do
     it "should be ok" do
       visit admin_root_path
-      page.within ".sidebar-wrapper" do
+
+      page.within ".layout-nav" do
         click_on "Hooks"
       end
+
       expect(current_path).to eq(admin_hooks_path)
     end
 
diff --git a/spec/features/atom/dashboard_issues_spec.rb b/spec/features/atom/dashboard_issues_spec.rb
index b710cb3c72f..4dd9548cfc5 100644
--- a/spec/features/atom/dashboard_issues_spec.rb
+++ b/spec/features/atom/dashboard_issues_spec.rb
@@ -5,8 +5,6 @@ describe "Dashboard Issues Feed", feature: true  do
     let!(:user)     { create(:user) }
     let!(:project1) { create(:project) }
     let!(:project2) { create(:project) }
-    let!(:issue1)   { create(:issue, author: user, assignee: user, project: project1) }
-    let!(:issue2)   { create(:issue, author: user, assignee: user, project: project2) }
 
     before do
       project1.team << [user, :master]
@@ -14,16 +12,51 @@ describe "Dashboard Issues Feed", feature: true  do
     end
 
     describe "atom feed" do
-      it "should render atom feed via private token" do
+      it "renders atom feed via private token" do
         visit issues_dashboard_path(:atom, private_token: user.private_token)
 
-        expect(response_headers['Content-Type']).
-          to have_content('application/atom+xml')
+        expect(response_headers['Content-Type']).to have_content('application/atom+xml')
         expect(body).to have_selector('title', text: "#{user.name} issues")
-        expect(body).to have_selector('author email', text: issue1.author_email)
-        expect(body).to have_selector('entry summary', text: issue1.title)
-        expect(body).to have_selector('author email', text: issue2.author_email)
-        expect(body).to have_selector('entry summary', text: issue2.title)
+      end
+
+      context "issue with basic fields" do
+        let!(:issue2) { create(:issue, author: user, assignee: user, project: project2, description: 'test desc') }
+
+        it "renders issue fields" do
+          visit issues_dashboard_path(:atom, private_token: user.private_token)
+
+          entry = find(:xpath, "//feed/entry[contains(summary/text(),'#{issue2.title}')]")
+
+          expect(entry).to be_present
+          expect(entry).to have_selector('author email', text: issue2.author_email)
+          expect(entry).to have_selector('assignee email', text: issue2.author_email)
+          expect(entry).not_to have_selector('labels')
+          expect(entry).not_to have_selector('milestone')
+          expect(entry).to have_selector('description', text: issue2.description)
+        end
+      end
+
+      context "issue with label and milestone" do
+        let!(:milestone1) { create(:milestone, project: project1, title: 'v1') }
+        let!(:label1)     { create(:label, project: project1, title: 'label1') }
+        let!(:issue1)     { create(:issue, author: user, assignee: user, project: project1, milestone: milestone1) }
+
+        before do
+          issue1.labels << label1
+        end
+
+        it "renders issue label and milestone info" do
+          visit issues_dashboard_path(:atom, private_token: user.private_token)
+
+          entry = find(:xpath, "//feed/entry[contains(summary/text(),'#{issue1.title}')]")
+
+          expect(entry).to be_present
+          expect(entry).to have_selector('author email', text: issue1.author_email)
+          expect(entry).to have_selector('assignee email', text: issue1.author_email)
+          expect(entry).to have_selector('labels label', text: label1.title)
+          expect(entry).to have_selector('milestone', text: milestone1.title)
+          expect(entry).not_to have_selector('description')
+        end
       end
     end
   end
diff --git a/spec/features/builds_spec.rb b/spec/features/builds_spec.rb
index b8ecc356b4d..16832c297ac 100644
--- a/spec/features/builds_spec.rb
+++ b/spec/features/builds_spec.rb
@@ -97,6 +97,42 @@ describe "Builds" do
       end
     end
 
+    context 'Artifacts expire date' do
+      before do
+        @build.update_attributes(artifacts_file: artifacts_file, artifacts_expire_at: expire_at)
+        visit namespace_project_build_path(@project.namespace, @project, @build)
+      end
+
+      context 'no expire date defined' do
+        let(:expire_at) { nil }
+
+        it 'does not have the Keep button' do
+          expect(page).not_to have_content 'Keep'
+        end
+      end
+
+      context 'when expire date is defined' do
+        let(:expire_at) { Time.now + 7.days }
+
+        it 'keeps artifacts when Keep button is clicked' do
+          expect(page).to have_content 'The artifacts will be removed'
+          click_link 'Keep'
+
+          expect(page).not_to have_link 'Keep'
+          expect(page).not_to have_content 'The artifacts will be removed'
+        end
+      end
+
+      context 'when artifacts expired' do
+        let(:expire_at) { Time.now - 7.days }
+
+        it 'does not have the Keep button' do
+          expect(page).to have_content 'The artifacts were removed'
+          expect(page).not_to have_link 'Keep'
+        end
+      end
+    end
+
     context 'Build raw trace' do
       before do
         @build.run!
diff --git a/spec/features/environments_spec.rb b/spec/features/environments_spec.rb
new file mode 100644
index 00000000000..40fea5211e9
--- /dev/null
+++ b/spec/features/environments_spec.rb
@@ -0,0 +1,160 @@
+require 'spec_helper'
+
+feature 'Environments', feature: true do
+  given(:project) { create(:empty_project) }
+  given(:user) { create(:user) }
+  given(:role) { :developer }
+
+  background do
+    login_as(user)
+    project.team << [user, role]
+  end
+
+  describe 'when showing environments' do
+    given!(:environment) { }
+    given!(:deployment) { }
+
+    before do
+      visit namespace_project_environments_path(project.namespace, project)
+    end
+
+    context 'without environments' do
+      scenario 'does show no environments' do
+        expect(page).to have_content('No environments to show')
+      end
+    end
+
+    context 'with environments' do
+      given(:environment) { create(:environment, project: project) }
+
+      scenario 'does show environment name' do
+        expect(page).to have_link(environment.name)
+      end
+
+      context 'without deployments' do
+        scenario 'does show no deployments' do
+          expect(page).to have_content('No deployments yet')
+        end
+      end
+
+      context 'with deployments' do
+        given(:deployment) { create(:deployment, environment: environment) }
+
+        scenario 'does show deployment SHA' do
+          expect(page).to have_link(deployment.short_sha)
+        end
+      end
+    end
+
+    scenario 'does have a New environment button' do
+      expect(page).to have_link('New environment')
+    end
+  end
+
+  describe 'when showing the environment' do
+    given(:environment) { create(:environment, project: project) }
+    given!(:deployment) { }
+
+    before do
+      visit namespace_project_environment_path(project.namespace, project, environment)
+    end
+
+    context 'without deployments' do
+      scenario 'does show no deployments' do
+        expect(page).to have_content('No deployments for')
+      end
+    end
+
+    context 'with deployments' do
+      given(:deployment) { create(:deployment, environment: environment) }
+
+      scenario 'does show deployment SHA' do
+        expect(page).to have_link(deployment.short_sha)
+      end
+
+      scenario 'does not show a retry button for deployment without build' do
+        expect(page).not_to have_link('Retry')
+      end
+
+      context 'with build' do
+        given(:build) { create(:ci_build, project: project) }
+        given(:deployment) { create(:deployment, environment: environment, deployable: build) }
+
+        scenario 'does show build name' do
+          expect(page).to have_link("#{build.name} (##{build.id})")
+        end
+
+        scenario 'does show retry button' do
+          expect(page).to have_link('Retry')
+        end
+      end
+    end
+  end
+
+  describe 'when creating a new environment' do
+    before do
+      visit namespace_project_environments_path(project.namespace, project)
+    end
+
+    context 'when logged as developer' do
+      before do
+        click_link 'New environment'
+      end
+
+      context 'for valid name' do
+        before do
+          fill_in('Name', with: 'production')
+          click_on 'Create environment'
+        end
+
+        scenario 'does create a new pipeline' do
+          expect(page).to have_content('production')
+        end
+      end
+
+      context 'for invalid name' do
+        before do
+          fill_in('Name', with: 'name with spaces')
+          click_on 'Create environment'
+        end
+
+        scenario 'does show errors' do
+          expect(page).to have_content('Name can contain only letters')
+        end
+      end
+    end
+
+    context 'when logged as reporter' do
+      given(:role) { :reporter }
+
+      scenario 'does not have a New environment link' do
+        expect(page).not_to have_link('New environment')
+      end
+    end
+  end
+
+  describe 'when deleting existing environment' do
+    given(:environment) { create(:environment, project: project) }
+
+    before do
+      visit namespace_project_environment_path(project.namespace, project, environment)
+    end
+
+    context 'when logged as master' do
+      given(:role) { :master }
+
+      scenario 'does delete environment' do
+        click_link 'Destroy'
+        expect(page).not_to have_link(environment.name)
+      end
+    end
+
+    context 'when logged as developer' do
+      given(:role) { :developer }
+
+      scenario 'does not have a Destroy link' do
+        expect(page).not_to have_link('Destroy')
+      end
+    end
+  end
+end
diff --git a/spec/features/groups/members/owner_manages_access_requests_spec.rb b/spec/features/groups/members/owner_manages_access_requests_spec.rb
new file mode 100644
index 00000000000..22525ce530b
--- /dev/null
+++ b/spec/features/groups/members/owner_manages_access_requests_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+feature 'Groups > Members > Owner manages access requests', feature: true do
+  let(:user) { create(:user) }
+  let(:owner) { create(:user) }
+  let(:group) { create(:group, :public) }
+
+  background do
+    group.request_access(user)
+    group.add_owner(owner)
+    login_as(owner)
+  end
+
+  scenario 'owner can see access requests' do
+    visit group_group_members_path(group)
+
+    expect_visible_access_request(group, user)
+  end
+
+  scenario 'master can grant access' do
+    visit group_group_members_path(group)
+
+    expect_visible_access_request(group, user)
+
+    perform_enqueued_jobs { click_on 'Grant access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was granted"
+  end
+
+  scenario 'master can deny access' do
+    visit group_group_members_path(group)
+
+    expect_visible_access_request(group, user)
+
+    perform_enqueued_jobs { click_on 'Deny access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was denied"
+  end
+
+
+  def expect_visible_access_request(group, user)
+    expect(group.members.request.exists?(user_id: user)).to be_truthy
+    expect(page).to have_content "#{group.name} access requests (1)"
+    expect(page).to have_content user.name
+  end
+end
diff --git a/spec/features/groups/members/user_requests_access_spec.rb b/spec/features/groups/members/user_requests_access_spec.rb
new file mode 100644
index 00000000000..a878a96b6ee
--- /dev/null
+++ b/spec/features/groups/members/user_requests_access_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+feature 'Groups > Members > User requests access', feature: true do
+  let(:user) { create(:user) }
+  let(:owner) { create(:user) }
+  let(:group) { create(:group, :public) }
+
+  background do
+    group.add_owner(owner)
+    login_as(user)
+    visit group_path(group)
+  end
+
+  scenario 'user can request access to a group' do
+    perform_enqueued_jobs { click_link 'Request Access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [owner.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to match "Request to join the #{group.name} group"
+
+    expect(group.members.request.exists?(user_id: user)).to be_truthy
+    expect(page).to have_content 'Your request for access has been queued for review.'
+
+    expect(page).to have_content 'Withdraw Access Request'
+  end
+
+  scenario 'user is not listed in the group members page' do
+    click_link 'Request Access'
+
+    expect(group.members.request.exists?(user_id: user)).to be_truthy
+
+    click_link 'Members'
+
+    page.within('.content') do
+      expect(page).not_to have_content(user.name)
+    end
+  end
+
+  scenario 'user can withdraw its request for access' do
+    click_link 'Request Access'
+
+    expect(group.members.request.exists?(user_id: user)).to be_truthy
+
+    click_link 'Withdraw Access Request'
+
+    expect(group.members.request.exists?(user_id: user)).to be_falsey
+    expect(page).to have_content 'Your access request to the group has been withdrawn.'
+  end
+end
diff --git a/spec/features/issues/bulk_assigment_labels_spec.rb b/spec/features/issues/bulk_assigment_labels_spec.rb
index c58b87281a3..0fbc2062e39 100644
--- a/spec/features/issues/bulk_assigment_labels_spec.rb
+++ b/spec/features/issues/bulk_assigment_labels_spec.rb
@@ -83,6 +83,23 @@ feature 'Issues > Labels bulk assignment', feature: true do
       end
     end
 
+    context 'can assign a label to all issues when label is present' do
+      before do
+        issue2.labels << bug
+        issue2.labels << feature
+        visit namespace_project_issues_path(project.namespace, project)
+
+        check 'check_all_issues'
+        open_labels_dropdown ['bug']
+        update_issues
+      end
+
+      it do
+        expect(find("#issue_#{issue1.id}")).to have_content 'bug'
+        expect(find("#issue_#{issue2.id}")).to have_content 'bug'
+      end
+    end
+
     context 'can bulk un-assign' do
       context 'all labels to all issues' do
         before do
diff --git a/spec/features/issues/filter_by_labels_spec.rb b/spec/features/issues/filter_by_labels_spec.rb
index 16c619c9288..5ea02b8d39c 100644
--- a/spec/features/issues/filter_by_labels_spec.rb
+++ b/spec/features/issues/filter_by_labels_spec.rb
@@ -56,8 +56,9 @@ feature 'Issue filtering by Labels', feature: true do
     end
 
     it 'should remove label "bug"' do
-      first('.js-label-filter-remove').click
-      expect(find('.filtered-labels')).to have_no_content "bug"
+      find('.js-label-filter-remove').click
+      wait_for_ajax
+      expect(find('.filtered-labels', visible: false)).to have_no_content "bug"
     end
   end
 
@@ -142,7 +143,8 @@ feature 'Issue filtering by Labels', feature: true do
     end
 
     it 'should remove label "enhancement"' do
-      first('.js-label-filter-remove').click
+      find('.js-label-filter-remove', match: :first).click
+      wait_for_ajax
       expect(find('.filtered-labels')).to have_no_content "enhancement"
     end
   end
@@ -179,6 +181,7 @@ feature 'Issue filtering by Labels', feature: true do
     before do
       page.within '.labels-filter' do
         click_button 'Label'
+        wait_for_ajax
         click_link 'bug'
         find('.dropdown-menu-close').click
       end
@@ -189,14 +192,11 @@ feature 'Issue filtering by Labels', feature: true do
     end
 
     it 'should allow user to remove filtered labels' do
-      page.within '.filtered-labels' do
-        first('.js-label-filter-remove').click
-        expect(page).not_to have_content 'bug'
-      end
+      first('.js-label-filter-remove').click
+      wait_for_ajax
 
-      page.within '.labels-filter' do
-        expect(page).not_to have_content 'bug'
-      end
+      expect(find('.filtered-labels', visible: false)).not_to have_content 'bug'
+      expect(find('.labels-filter')).not_to have_content 'bug'
     end
   end
 
diff --git a/spec/features/issues/filter_issues_spec.rb b/spec/features/issues/filter_issues_spec.rb
index 1f0594e6b02..4bcb105b17d 100644
--- a/spec/features/issues/filter_issues_spec.rb
+++ b/spec/features/issues/filter_issues_spec.rb
@@ -1,6 +1,7 @@
 require 'rails_helper'
 
 describe 'Filter issues', feature: true do
+  include WaitForAjax
 
   let!(:project)   { create(:project) }
   let!(:user)      { create(:user)}
@@ -21,7 +22,7 @@ describe 'Filter issues', feature: true do
 
       find('.dropdown-menu-user-link', text: user.username).click
 
-      sleep 2
+      wait_for_ajax
     end
 
     context 'assignee', js: true do
@@ -53,7 +54,7 @@ describe 'Filter issues', feature: true do
 
       find('.milestone-filter .dropdown-content a', text: milestone.title).click
 
-      sleep 2
+      wait_for_ajax
     end
 
     context 'milestone', js: true do
@@ -80,23 +81,21 @@ describe 'Filter issues', feature: true do
     before do
       visit namespace_project_issues_path(project.namespace, project)
       find('.js-label-select').click
+      wait_for_ajax
     end
 
     it 'should filter by any label' do
       find('.dropdown-menu-labels a', text: 'Any Label').click
       page.first('.labels-filter .dropdown-title .dropdown-menu-close-icon').click
-      sleep 2
+      wait_for_ajax
 
-      page.within '.labels-filter' do
-        expect(page).to have_content 'Any Label'
-      end
-      expect(find('.js-label-select .dropdown-toggle-text')).to have_content('Any Label')
+      expect(find('.labels-filter')).to have_content 'Label'
     end
 
     it 'should filter by no label' do
       find('.dropdown-menu-labels a', text: 'No Label').click
       page.first('.labels-filter .dropdown-title .dropdown-menu-close-icon').click
-      sleep 2
+      wait_for_ajax
 
       page.within '.labels-filter' do
         expect(page).to have_content 'No Label'
@@ -122,14 +121,14 @@ describe 'Filter issues', feature: true do
 
       find('.dropdown-menu-user-link', text: user.username).click
 
-      sleep 2
+      wait_for_ajax
 
       find('.js-label-select').click
 
       find('.dropdown-menu-labels .dropdown-content a', text: label.title).click
       page.first('.labels-filter .dropdown-title .dropdown-menu-close-icon').click
 
-      sleep 2
+      wait_for_ajax
     end
 
     context 'assignee and label', js: true do
@@ -276,9 +275,12 @@ describe 'Filter issues', feature: true do
 
     it 'should be able to filter and sort issues' do
       click_button 'Label'
+      wait_for_ajax
       page.within '.labels-filter' do
         click_link 'bug'
       end
+      find('.dropdown-menu-close-icon').click
+      wait_for_ajax
 
       page.within '.issues-list' do
         expect(page).to have_selector('.issue', count: 2)
@@ -288,6 +290,7 @@ describe 'Filter issues', feature: true do
       page.within '.dropdown-menu-sort' do
         click_link 'Oldest created'
       end
+      wait_for_ajax
 
       page.within '.issues-list' do
         expect(first('.issue')).to have_content('Frontend')
diff --git a/spec/features/issues/move_spec.rb b/spec/features/issues/move_spec.rb
index c7019c5aea1..7773c486b4e 100644
--- a/spec/features/issues/move_spec.rb
+++ b/spec/features/issues/move_spec.rb
@@ -26,6 +26,7 @@ feature 'issue move to another project' do
   context 'user has permission to move issue' do
     let!(:mr) { create(:merge_request, source_project: old_project) }
     let(:new_project) { create(:project) }
+    let(:new_project_search) { create(:project) }
     let(:text) { 'Text with !1' }
     let(:cross_reference) { old_project.to_reference }
 
@@ -47,6 +48,21 @@ feature 'issue move to another project' do
       expect(page).to have_content(issue.title)
     end
 
+    scenario 'searching project dropdown', js: true do
+      new_project_search.team << [user, :reporter]
+
+      page.within '.js-move-dropdown' do
+        first('.select2-choice').click
+      end
+
+      fill_in('s2id_autogen2_search', with: new_project_search.name)
+
+      page.within '.select2-drop' do
+        expect(page).to have_content(new_project_search.name)
+        expect(page).not_to have_content(new_project.name)
+      end
+    end
+
     context 'user does not have permission to move the issue to a project', js: true do
       let!(:private_project) { create(:project, :private) }
       let(:another_project) { create(:project) }
diff --git a/spec/features/issues/todo_spec.rb b/spec/features/issues/todo_spec.rb
new file mode 100644
index 00000000000..b69cce3e7d7
--- /dev/null
+++ b/spec/features/issues/todo_spec.rb
@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+feature 'Manually create a todo item from issue', feature: true, js: true do
+  let!(:project)   { create(:project) }
+  let!(:issue)     { create(:issue, project: project) }
+  let!(:user)      { create(:user)}
+
+  before do
+    project.team << [user, :master]
+    login_as(user)
+    visit namespace_project_issue_path(project.namespace, project, issue)
+  end
+
+  it 'should create todo when clicking button' do
+    page.within '.issuable-sidebar' do
+      click_button 'Add Todo'
+      expect(page).to have_content 'Mark Done'
+    end
+
+    page.within '.header-content .todos-pending-count' do
+      expect(page).to have_content '1'
+    end
+  end
+
+  it 'should mark a todo as done' do
+    page.within '.issuable-sidebar' do
+      click_button 'Add Todo'
+      click_button 'Mark Done'
+    end
+
+    expect(page).to have_selector('.todos-pending-count', visible: false)
+  end
+end
diff --git a/spec/features/issues_spec.rb b/spec/features/issues_spec.rb
index f6fb6a72d22..c3cb3379440 100644
--- a/spec/features/issues_spec.rb
+++ b/spec/features/issues_spec.rb
@@ -396,6 +396,27 @@ describe 'Issues', feature: true do
           expect(page).to have_content @user.name
         end
       end
+
+      it 'allows user to unselect themselves', js: true do
+        issue2 = create(:issue, project: project, author: @user)
+        visit namespace_project_issue_path(project.namespace, project, issue2)
+
+        page.within '.assignee' do
+          click_link 'Edit'
+          click_link @user.name
+
+          page.within '.value' do
+            expect(page).to have_content @user.name
+          end
+
+          click_link 'Edit'
+          click_link @user.name
+
+          page.within '.value' do
+            expect(page).to have_content "No assignee"
+          end
+        end
+      end
     end
 
     context 'by unauthorized user' do
@@ -440,6 +461,26 @@ describe 'Issues', feature: true do
 
         expect(issue.reload.milestone).to be_nil
       end
+
+      it 'allows user to de-select milestone', js: true do
+        visit namespace_project_issue_path(project.namespace, project, issue)
+
+        page.within('.milestone') do
+          click_link 'Edit'
+          click_link milestone.title
+
+          page.within '.value' do
+            expect(page).to have_content milestone.title
+          end
+
+          click_link 'Edit'
+          click_link milestone.title
+
+          page.within '.value' do
+            expect(page).to have_content 'None'
+          end
+        end
+      end
     end
 
     context 'by unauthorized user' do
@@ -515,10 +556,10 @@ describe 'Issues', feature: true do
             first('.ui-state-default').click
           end
 
-          expect(page).to have_no_content 'None'
+          expect(page).to have_no_content 'No due date'
 
           click_link 'remove due date'
-          expect(page).to have_content 'None'
+          expect(page).to have_content 'No due date'
         end
       end
     end
diff --git a/spec/features/projects/members/master_manages_access_requests_spec.rb b/spec/features/projects/members/master_manages_access_requests_spec.rb
new file mode 100644
index 00000000000..5fe4caa12f0
--- /dev/null
+++ b/spec/features/projects/members/master_manages_access_requests_spec.rb
@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+feature 'Projects > Members > Master manages access requests', feature: true do
+  let(:user) { create(:user) }
+  let(:master) { create(:user) }
+  let(:project) { create(:project, :public) }
+
+  background do
+    project.request_access(user)
+    project.team << [master, :master]
+    login_as(master)
+  end
+
+  scenario 'master can see access requests' do
+    visit namespace_project_project_members_path(project.namespace, project)
+
+    expect_visible_access_request(project, user)
+  end
+
+  scenario 'master can grant access' do
+    visit namespace_project_project_members_path(project.namespace, project)
+
+    expect_visible_access_request(project, user)
+
+    perform_enqueued_jobs { click_on 'Grant access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.name_with_namespace} project was granted"
+  end
+
+  scenario 'master can deny access' do
+    visit namespace_project_project_members_path(project.namespace, project)
+
+    expect_visible_access_request(project, user)
+
+    perform_enqueued_jobs { click_on 'Deny access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.name_with_namespace} project was denied"
+  end
+
+  def expect_visible_access_request(project, user)
+    expect(project.members.request.exists?(user_id: user)).to be_truthy
+    expect(page).to have_content "#{project.name} access requests (1)"
+    expect(page).to have_content user.name
+  end
+end
diff --git a/spec/features/projects/members/user_requests_access_spec.rb b/spec/features/projects/members/user_requests_access_spec.rb
new file mode 100644
index 00000000000..fd92a3a2f0c
--- /dev/null
+++ b/spec/features/projects/members/user_requests_access_spec.rb
@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+feature 'Projects > Members > User requests access', feature: true do
+  let(:user) { create(:user) }
+  let(:master) { create(:user) }
+  let(:project) { create(:project, :public) }
+
+  background do
+    project.team << [master, :master]
+    login_as(user)
+    visit namespace_project_path(project.namespace, project)
+  end
+
+  scenario 'user can request access to a project' do
+    perform_enqueued_jobs { click_link 'Request Access' }
+
+    expect(ActionMailer::Base.deliveries.last.to).to eq [master.notification_email]
+    expect(ActionMailer::Base.deliveries.last.subject).to eq "Request to join the #{project.name_with_namespace} project"
+
+    expect(project.members.request.exists?(user_id: user)).to be_truthy
+    expect(page).to have_content 'Your request for access has been queued for review.'
+
+    expect(page).to have_content 'Withdraw Access Request'
+  end
+
+  scenario 'user is not listed in the project members page' do
+    click_link 'Request Access'
+
+    expect(project.members.request.exists?(user_id: user)).to be_truthy
+
+    open_project_settings_menu
+    click_link 'Members'
+
+    visit namespace_project_project_members_path(project.namespace, project)
+    page.within('.content') do
+      expect(page).not_to have_content(user.name)
+    end
+  end
+
+  scenario 'user can withdraw its request for access' do
+    click_link 'Request Access'
+
+    expect(project.members.request.exists?(user_id: user)).to be_truthy
+
+    click_link 'Withdraw Access Request'
+
+    expect(project.members.request.exists?(user_id: user)).to be_falsey
+    expect(page).to have_content 'Your access request to the project has been withdrawn.'
+  end
+
+  def open_project_settings_menu
+    find('#project-settings-button').click
+  end
+end
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index c5f741709ad..f6c6687e162 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -175,6 +175,49 @@ describe "Public Project Access", feature: true  do
     end
   end
 
+  describe "GET /:project_path/environments" do
+    subject { namespace_project_environments_path(project.namespace, project) }
+
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_allowed_for owner }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :external }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/environments/:id" do
+    let(:environment) { create(:environment, project: project) }
+    subject { namespace_project_environments_path(project.namespace, project, environment) }
+
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_allowed_for owner }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :external }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/environments/new" do
+    subject { new_namespace_project_environment_path(project.namespace, project) }
+
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_allowed_for owner }
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_denied_for reporter }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :external }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
   describe "GET /:project_path/blob" do
     let(:commit) { project.repository.commit }
 
diff --git a/spec/features/u2f_spec.rb b/spec/features/u2f_spec.rb
index 366a90228b1..14613754f74 100644
--- a/spec/features/u2f_spec.rb
+++ b/spec/features/u2f_spec.rb
@@ -12,39 +12,24 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
 
   describe "registration" do
     let(:user) { create(:user) }
-    before { login_as(user) }
 
-    describe 'when 2FA via OTP is disabled' do
-      it 'allows registering a new device' do
-        visit profile_account_path
-        click_on 'Enable Two-Factor Authentication'
-
-        register_u2f_device
+    before do
+      login_as(user)
+      user.update_attribute(:otp_required_for_login, true)
+    end
 
-        expect(page.body).to match('Your U2F device was registered')
-      end
+    describe 'when 2FA via OTP is disabled' do
+      before { user.update_attribute(:otp_required_for_login, false) }
 
-      it 'allows registering more than one device' do
+      it 'does not allow registering a new device' do
         visit profile_account_path
-
-        # First device
         click_on 'Enable Two-Factor Authentication'
-        register_u2f_device
-        expect(page.body).to match('Your U2F device was registered')
-
-        # Second device
-        click_on 'Manage Two-Factor Authentication'
-        register_u2f_device
-        expect(page.body).to match('Your U2F device was registered')
-        click_on 'Manage Two-Factor Authentication'
 
-        expect(page.body).to match('You have 2 U2F devices registered')
+        expect(page).to have_button('Setup New U2F Device', disabled: true)
       end
     end
 
     describe 'when 2FA via OTP is enabled' do
-      before { user.update_attributes(otp_required_for_login: true) }
-
       it 'allows registering a new device' do
         visit profile_account_path
         click_on 'Manage Two-Factor Authentication'
@@ -67,7 +52,6 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
         click_on 'Manage Two-Factor Authentication'
         register_u2f_device
         expect(page.body).to match('Your U2F device was registered')
-
         click_on 'Manage Two-Factor Authentication'
         expect(page.body).to match('You have 2 U2F devices registered')
       end
@@ -76,15 +60,16 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
     it 'allows the same device to be registered for multiple users' do
       # First user
       visit profile_account_path
-      click_on 'Enable Two-Factor Authentication'
+      click_on 'Manage Two-Factor Authentication'
       u2f_device = register_u2f_device
       expect(page.body).to match('Your U2F device was registered')
       logout
 
       # Second user
-      login_as(:user)
+      user = login_as(:user)
+      user.update_attribute(:otp_required_for_login, true)
       visit profile_account_path
-      click_on 'Enable Two-Factor Authentication'
+      click_on 'Manage Two-Factor Authentication'
       register_u2f_device(u2f_device)
       expect(page.body).to match('Your U2F device was registered')
 
@@ -94,7 +79,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
     context "when there are form errors" do
       it "doesn't register the device if there are errors" do
         visit profile_account_path
-        click_on 'Enable Two-Factor Authentication'
+        click_on 'Manage Two-Factor Authentication'
 
         # Have the "u2f device" respond with bad data
         page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };")
@@ -109,7 +94,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
 
       it "allows retrying registration" do
         visit profile_account_path
-        click_on 'Enable Two-Factor Authentication'
+        click_on 'Manage Two-Factor Authentication'
 
         # Failed registration
         page.execute_script("u2f.register = function(_,_,_,callback) { callback('bad response'); };")
@@ -133,8 +118,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
     before do
       # Register and logout
       login_as(user)
+      user.update_attribute(:otp_required_for_login, true)
       visit profile_account_path
-      click_on 'Enable Two-Factor Authentication'
+      click_on 'Manage Two-Factor Authentication'
       @u2f_device = register_u2f_device
       logout
     end
@@ -154,7 +140,7 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
 
     describe "when 2FA via OTP is enabled" do
       it "allows logging in with the U2F device" do
-        user.update_attributes(otp_required_for_login: true)
+        user.update_attribute(:otp_required_for_login, true)
         login_with(user)
 
         @u2f_device.respond_to_u2f_authentication
@@ -171,8 +157,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
         it "does not allow logging in with that particular device" do
           # Register current user with the different U2F device
           current_user = login_as(:user)
+          current_user.update_attribute(:otp_required_for_login, true)
           visit profile_account_path
-          click_on 'Enable Two-Factor Authentication'
+          click_on 'Manage Two-Factor Authentication'
           register_u2f_device
           logout
 
@@ -191,8 +178,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
         it "allows logging in with that particular device" do
           # Register current user with the same U2F device
           current_user = login_as(:user)
+          current_user.update_attribute(:otp_required_for_login, true)
           visit profile_account_path
-          click_on 'Enable Two-Factor Authentication'
+          click_on 'Manage Two-Factor Authentication'
           register_u2f_device(@u2f_device)
           logout
 
@@ -227,8 +215,9 @@ feature 'Using U2F (Universal 2nd Factor) Devices for Authentication', feature:
 
     before do
       login_as(user)
+      user.update_attribute(:otp_required_for_login, true)
       visit profile_account_path
-      click_on 'Enable Two-Factor Authentication'
+      click_on 'Manage Two-Factor Authentication'
       register_u2f_device
     end
 
diff --git a/spec/finders/notes_finder_spec.rb b/spec/finders/notes_finder_spec.rb
index c83824b900d..639b28d49ee 100644
--- a/spec/finders/notes_finder_spec.rb
+++ b/spec/finders/notes_finder_spec.rb
@@ -34,5 +34,21 @@ describe NotesFinder do
       notes = NotesFinder.new.execute(project, user, params)
       expect(notes).to eq([note1])
     end
+
+    context 'confidential issue notes' do
+      let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
+      let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) }
+
+      let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } }
+
+      it 'returns notes if user can see the issue' do
+        expect(NotesFinder.new.execute(project, user, params)).to eq([confidential_note])
+      end
+
+      it 'raises an error if user can not see the issue' do
+        user = create(:user)
+        expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
   end
 end
diff --git a/spec/fixtures/container_registry/tag_manifest_1.json b/spec/fixtures/container_registry/tag_manifest_1.json
new file mode 100644
index 00000000000..d09ede5bea7
--- /dev/null
+++ b/spec/fixtures/container_registry/tag_manifest_1.json
@@ -0,0 +1,32 @@
+{
+  "schemaVersion": 1,
+  "name": "library/alpine",
+  "tag": "2.6",
+  "architecture": "amd64",
+  "fsLayers": [
+    {
+      "blobSum": "sha256:2a3ebcb7fbcc29bf40c4f62863008bb573acdea963454834d9483b3e5300c45d"
+    }
+  ],
+  "history": [
+    {
+      "v1Compatibility": "{\"id\":\"dd807873c9a21bcc82e30317c283e6601d7e19f5cf7867eec34cdd1aeb3f099e\",\"created\":\"2016-01-18T18:32:39.162138276Z\",\"container\":\"556a728876db7b0e621adc029c87c649d32520804f8f15defd67bb070dc1a88d\",\"container_config\":{\"Hostname\":\"556a728876db\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) ADD file:7dee8a455bcc39013aa168d27ece9227aad155adbaacbd153d94ca60113f59fc in /\"],\"Image\":\"\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"docker_version\":\"1.8.3\",\"config\":{\"Hostname\":\"556a728876db\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":null,\"Cmd\":null,\"Image\":\"\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":4501436}"
+    }
+  ],
+  "signatures": [
+    {
+      "header": {
+        "jwk": {
+          "crv": "P-256",
+          "kid": "4MZL:Z5ZP:2RPA:Q3TD:QOHA:743L:EM2G:QY6Q:ZJCX:BSD7:CRYC:LQ6T",
+          "kty": "EC",
+          "x": "qmWOaxPUk7QsE5iTPdeG1e9yNE-wranvQEnWzz9FhWM",
+          "y": "WeeBpjTOYnTNrfCIxtFY5qMrJNNk9C1vc5ryxbbMD_M"
+        },
+        "alg": "ES256"
+      },
+      "signature": "0zmjTJ4m21yVwAeteLc3SsQ0miScViCDktFPR67W-ozGjjI3iBjlDjwOl6o2sds5ZI9U6bSIKOeLDinGOhHoOQ",
+      "protected": "eyJmb3JtYXRMZW5ndGgiOjEzNzIsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNi0wNi0xNVQxMDo0NDoxNFoifQ"
+    }
+  ]
+}
diff --git a/spec/helpers/gitlab_routing_helper_spec.rb b/spec/helpers/gitlab_routing_helper_spec.rb
new file mode 100644
index 00000000000..14847d0a49e
--- /dev/null
+++ b/spec/helpers/gitlab_routing_helper_spec.rb
@@ -0,0 +1,79 @@
+require 'spec_helper'
+
+describe GitlabRoutingHelper do
+  describe 'Project URL helpers' do
+    describe '#project_members_url' do
+      let(:project) { build_stubbed(:empty_project) }
+
+      it { expect(project_members_url(project)).to eq namespace_project_project_members_url(project.namespace, project) }
+    end
+
+    describe '#project_member_path' do
+      let(:project_member) { create(:project_member) }
+
+      it { expect(project_member_path(project_member)).to eq namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member) }
+    end
+
+    describe '#request_access_project_members_path' do
+      let(:project) { build_stubbed(:empty_project) }
+
+      it { expect(request_access_project_members_path(project)).to eq request_access_namespace_project_project_members_path(project.namespace, project) }
+    end
+
+    describe '#leave_project_members_path' do
+      let(:project) { build_stubbed(:empty_project) }
+
+      it { expect(leave_project_members_path(project)).to eq leave_namespace_project_project_members_path(project.namespace, project) }
+    end
+
+    describe '#approve_access_request_project_member_path' do
+      let(:project_member) { create(:project_member) }
+
+      it { expect(approve_access_request_project_member_path(project_member)).to eq approve_access_request_namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member) }
+    end
+
+    describe '#resend_invite_project_member_path' do
+      let(:project_member) { create(:project_member) }
+
+      it { expect(resend_invite_project_member_path(project_member)).to eq resend_invite_namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member) }
+    end
+  end
+
+  describe 'Group URL helpers' do
+    describe '#group_members_url' do
+      let(:group) { build_stubbed(:group) }
+
+      it { expect(group_members_url(group)).to eq group_group_members_url(group) }
+    end
+
+    describe '#group_member_path' do
+      let(:group_member) { create(:group_member) }
+
+      it { expect(group_member_path(group_member)).to eq group_group_member_path(group_member.source, group_member) }
+    end
+
+    describe '#request_access_group_members_path' do
+      let(:group) { build_stubbed(:group) }
+
+      it { expect(request_access_group_members_path(group)).to eq request_access_group_group_members_path(group) }
+    end
+
+    describe '#leave_group_members_path' do
+      let(:group) { build_stubbed(:group) }
+
+      it { expect(leave_group_members_path(group)).to eq leave_group_group_members_path(group) }
+    end
+
+    describe '#approve_access_request_group_member_path' do
+      let(:group_member) { create(:group_member) }
+
+      it { expect(approve_access_request_group_member_path(group_member)).to eq approve_access_request_group_group_member_path(group_member.source, group_member) }
+    end
+
+    describe '#resend_invite_group_member_path' do
+      let(:group_member) { create(:group_member) }
+
+      it { expect(resend_invite_group_member_path(group_member)).to eq resend_invite_group_group_member_path(group_member.source, group_member) }
+    end
+  end
+end
diff --git a/spec/helpers/issues_helper_spec.rb b/spec/helpers/issues_helper_spec.rb
index eae61a54dfc..831ae7fb69c 100644
--- a/spec/helpers/issues_helper_spec.rb
+++ b/spec/helpers/issues_helper_spec.rb
@@ -7,10 +7,7 @@ describe IssuesHelper do
 
   describe "url_for_project_issues" do
     let(:project_url) { ext_project.external_issue_tracker.project_url }
-    let(:ext_expected) do
-      project_url.gsub(':project_id', ext_project.id.to_s)
-                 .gsub(':issues_tracker_id', ext_project.issues_tracker_id.to_s)
-    end
+    let(:ext_expected) { project_url.gsub(':project_id', ext_project.id.to_s) }
     let(:int_expected) { polymorphic_path([@project.namespace, project]) }
 
     it "should return internal path if used internal tracker" do
@@ -56,11 +53,7 @@ describe IssuesHelper do
 
   describe "url_for_issue" do
     let(:issues_url) { ext_project.external_issue_tracker.issues_url}
-    let(:ext_expected) do
-      issues_url.gsub(':id', issue.iid.to_s)
-        .gsub(':project_id', ext_project.id.to_s)
-        .gsub(':issues_tracker_id', ext_project.issues_tracker_id.to_s)
-    end
+    let(:ext_expected) { issues_url.gsub(':id', issue.iid.to_s).gsub(':project_id', ext_project.id.to_s) }
     let(:int_expected) { polymorphic_path([@project.namespace, project, issue]) }
 
     it "should return internal path if used internal tracker" do
@@ -106,10 +99,7 @@ describe IssuesHelper do
 
   describe 'url_for_new_issue' do
     let(:issues_url) { ext_project.external_issue_tracker.new_issue_url }
-    let(:ext_expected) do
-      issues_url.gsub(':project_id', ext_project.id.to_s)
-        .gsub(':issues_tracker_id', ext_project.issues_tracker_id.to_s)
-    end
+    let(:ext_expected) { issues_url.gsub(':project_id', ext_project.id.to_s) }
     let(:int_expected) { new_namespace_project_issue_path(project.namespace, project) }
 
     it "should return internal path if used internal tracker" do
diff --git a/spec/helpers/members_helper_spec.rb b/spec/helpers/members_helper_spec.rb
new file mode 100644
index 00000000000..0b1a76156e0
--- /dev/null
+++ b/spec/helpers/members_helper_spec.rb
@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe MembersHelper do
+  describe '#action_member_permission' do
+    let(:project_member) { build(:project_member) }
+    let(:group_member) { build(:group_member) }
+
+    it { expect(action_member_permission(:admin, project_member)).to eq :admin_project_member }
+    it { expect(action_member_permission(:admin, group_member)).to eq :admin_group_member }
+  end
+
+  describe '#can_see_member_roles?' do
+    let(:project) { create(:empty_project) }
+    let(:group) { create(:group) }
+    let(:user) { build(:user) }
+    let(:admin) { build(:user, :admin) }
+    let(:project_member) { create(:project_member, project: project) }
+    let(:group_member) { create(:group_member, group: group) }
+
+    it { expect(can_see_member_roles?(source: project, user: nil)).to be_falsy }
+    it { expect(can_see_member_roles?(source: group, user: nil)).to be_falsy }
+    it { expect(can_see_member_roles?(source: project, user: admin)).to be_truthy }
+    it { expect(can_see_member_roles?(source: group, user: admin)).to be_truthy }
+    it { expect(can_see_member_roles?(source: project, user: project_member.user)).to be_truthy }
+    it { expect(can_see_member_roles?(source: group, user: group_member.user)).to be_truthy }
+  end
+
+  describe '#remove_member_message' do
+    let(:requester) { build(:user) }
+    let(:project) { create(:project) }
+    let(:project_member) { build(:project_member, project: project) }
+    let(:project_member_invite) { build(:project_member, project: project).tap { |m| m.generate_invite_token! } }
+    let(:project_member_request) { project.request_access(requester) }
+    let(:group) { create(:group) }
+    let(:group_member) { build(:group_member, group: group) }
+    let(:group_member_invite) { build(:group_member, group: group).tap { |m| m.generate_invite_token! } }
+    let(:group_member_request) { group.request_access(requester) }
+
+    it { expect(remove_member_message(project_member)).to eq "Are you sure you want to remove #{project_member.user.name} from the #{project.name_with_namespace} project?" }
+    it { expect(remove_member_message(project_member_invite)).to eq "Are you sure you want to revoke the invitation for #{project_member_invite.invite_email} to join the #{project.name_with_namespace} project?" }
+    it { expect(remove_member_message(project_member_request)).to eq "Are you sure you want to deny #{requester.name}'s request to join the #{project.name_with_namespace} project?" }
+    it { expect(remove_member_message(project_member_request, user: requester)).to eq "Are you sure you want to withdraw your access request for the #{project.name_with_namespace} project?" }
+    it { expect(remove_member_message(group_member)).to eq "Are you sure you want to remove #{group_member.user.name} from the #{group.name} group?" }
+    it { expect(remove_member_message(group_member_invite)).to eq "Are you sure you want to revoke the invitation for #{group_member_invite.invite_email} to join the #{group.name} group?" }
+    it { expect(remove_member_message(group_member_request)).to eq "Are you sure you want to deny #{requester.name}'s request to join the #{group.name} group?" }
+    it { expect(remove_member_message(group_member_request, user: requester)).to eq "Are you sure you want to withdraw your access request for the #{group.name} group?" }
+  end
+
+  describe '#remove_member_title' do
+    let(:requester) { build(:user) }
+    let(:project) { create(:project) }
+    let(:project_member) { build(:project_member, project: project) }
+    let(:project_member_request) { project.request_access(requester) }
+    let(:group) { create(:group) }
+    let(:group_member) { build(:group_member, group: group) }
+    let(:group_member_request) { group.request_access(requester) }
+
+    it { expect(remove_member_title(project_member)).to eq 'Remove user from project' }
+    it { expect(remove_member_title(project_member_request)).to eq 'Deny access request from project' }
+    it { expect(remove_member_title(group_member)).to eq 'Remove user from group' }
+    it { expect(remove_member_title(group_member_request)).to eq 'Deny access request from group' }
+  end
+
+  describe '#leave_confirmation_message' do
+    let(:project) { build_stubbed(:project) }
+    let(:group) { build_stubbed(:group) }
+    let(:user) { build_stubbed(:user) }
+
+    it { expect(leave_confirmation_message(project)).to eq "Are you sure you want to leave the \"#{project.name_with_namespace}\" project?" }
+    it { expect(leave_confirmation_message(group)).to eq "Are you sure you want to leave the \"#{group.name}\" group?" }
+  end
+end
diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb
index ac5af8740dc..09e0bbfd00b 100644
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -45,16 +45,6 @@ describe ProjectsHelper do
     end
   end
 
-  describe 'user_max_access_in_project' do
-    let(:project) { create(:project) }
-    let(:user) { create(:user) }
-    before do
-      project.team.add_user(user, Gitlab::Access::MASTER)
-    end
-
-    it { expect(helper.user_max_access_in_project(user.id, project)).to eq('Master') }
-  end
-
   describe "readme_cache_key" do
     let(:project) { create(:project) }
 
diff --git a/spec/javascripts/application_spec.js.coffee b/spec/javascripts/application_spec.js.coffee
new file mode 100644
index 00000000000..8af39c41f2f
--- /dev/null
+++ b/spec/javascripts/application_spec.js.coffee
@@ -0,0 +1,30 @@
+#= require lib/common_utils
+
+describe 'Application', ->
+  describe 'disable buttons', ->
+    fixture.preload('application.html')
+
+    beforeEach ->
+      fixture.load('application.html')
+
+    it 'should prevent default action for disabled buttons', ->
+
+      gl.utils.preventDisabledButtons()
+
+      isClicked = false
+      $button   = $ '#test-button'
+
+      $button.click -> isClicked = true
+      $button.trigger 'click'
+
+      expect(isClicked).toBe false
+
+
+    it 'should be on the same page if a disabled link clicked', ->
+
+      locationBeforeLinkClick = window.location.href
+      gl.utils.preventDisabledButtons()
+
+      $('#test-link').click()
+
+      expect(window.location.href).toBe locationBeforeLinkClick
diff --git a/spec/javascripts/fixtures/application.html.haml b/spec/javascripts/fixtures/application.html.haml
new file mode 100644
index 00000000000..3fc6114407d
--- /dev/null
+++ b/spec/javascripts/fixtures/application.html.haml
@@ -0,0 +1,2 @@
+%a#test-link.btn.disabled{:href => "/foo"} Test link
+%button#test-button.btn.disabled Test Button
diff --git a/spec/javascripts/fixtures/u2f/register.html.haml b/spec/javascripts/fixtures/u2f/register.html.haml
index 393c0613fd3..5ed51be689c 100644
--- a/spec/javascripts/fixtures/u2f/register.html.haml
+++ b/spec/javascripts/fixtures/u2f/register.html.haml
@@ -1 +1,2 @@
-= render partial: "u2f/register", locals: { create_u2f_profile_two_factor_auth_path: '/profile/two_factor_auth/create_u2f' }
+- user = FactoryGirl.build(:user, :two_factor_via_otp)
+= render partial: "u2f/register", locals: { create_u2f_profile_two_factor_auth_path: '/profile/two_factor_auth/create_u2f', current_user: user }
diff --git a/spec/lib/banzai/filter/redactor_filter_spec.rb b/spec/lib/banzai/filter/redactor_filter_spec.rb
index 697d10bbf70..f181125156b 100644
--- a/spec/lib/banzai/filter/redactor_filter_spec.rb
+++ b/spec/lib/banzai/filter/redactor_filter_spec.rb
@@ -69,6 +69,18 @@ describe Banzai::Filter::RedactorFilter, lib: true do
         expect(doc.css('a').length).to eq 0
       end
 
+      it 'removes references for project members with guest role' do
+        member = create(:user)
+        project = create(:empty_project, :public)
+        project.team << [member, :guest]
+        issue = create(:issue, :confidential, project: project)
+
+        link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
+        doc = filter(link, current_user: member)
+
+        expect(doc.css('a').length).to eq 0
+      end
+
       it 'allows references for author' do
         author = create(:user)
         project = create(:empty_project, :public)
diff --git a/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb b/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
index 7375539cf17..143e2e6d238 100644
--- a/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
+++ b/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
@@ -26,7 +26,8 @@ module Ci
           tag_list: [],
           options: {},
           allow_failure: false,
-          when: "on_success"
+          when: "on_success",
+          environment: nil,
         })
       end
 
@@ -387,7 +388,8 @@ module Ci
             services: ["mysql"]
           },
           allow_failure: false,
-          when: "on_success"
+          when: "on_success",
+          environment: nil,
         })
       end
 
@@ -415,7 +417,8 @@ module Ci
             services: ["postgresql"]
           },
           allow_failure: false,
-          when: "on_success"
+          when: "on_success",
+          environment: nil,
         })
       end
     end
@@ -501,6 +504,7 @@ module Ci
                              })
 
           config_processor = GitlabCiYamlProcessor.new(config, path)
+
           builds = config_processor.builds_for_stage_and_ref("test", "master")
           expect(builds.size).to eq(1)
           expect(builds.first[:when]).to eq(when_state)
@@ -572,7 +576,12 @@ module Ci
                              services:      ["mysql"],
                              before_script: ["pwd"],
                              rspec:         {
-                               artifacts: { paths: ["logs/", "binaries/"], untracked: true, name: "custom_name" },
+                               artifacts: {
+                                 paths: ["logs/", "binaries/"],
+                                 untracked: true,
+                                 name: "custom_name",
+                                 expire_in: "7d"
+                               },
                                script: "rspec"
                              }
                            })
@@ -594,13 +603,77 @@ module Ci
             artifacts: {
               name: "custom_name",
               paths: ["logs/", "binaries/"],
-              untracked: true
+              untracked: true,
+              expire_in: "7d"
             }
           },
           when: "on_success",
-          allow_failure: false
+          allow_failure: false,
+          environment: nil,
         })
       end
+
+      %w[on_success on_failure always].each do |when_state|
+        it "returns artifacts for when #{when_state}  defined" do
+          config = YAML.dump({
+                               rspec: {
+                                 script: "rspec",
+                                 artifacts: { paths: ["logs/", "binaries/"], when: when_state }
+                               }
+                             })
+
+          config_processor = GitlabCiYamlProcessor.new(config, path)
+
+          builds = config_processor.builds_for_stage_and_ref("test", "master")
+          expect(builds.size).to eq(1)
+          expect(builds.first[:options][:artifacts][:when]).to eq(when_state)
+        end
+      end
+    end
+
+    describe '#environment' do
+      let(:config) do
+        {
+          deploy_to_production: { stage: 'deploy', script: 'test', environment: environment }
+        }
+      end
+
+      let(:processor) { GitlabCiYamlProcessor.new(YAML.dump(config)) }
+      let(:builds) { processor.builds_for_stage_and_ref('deploy', 'master') }
+
+      context 'when a production environment is specified' do
+        let(:environment) { 'production' }
+
+        it 'does return production' do
+          expect(builds.size).to eq(1)
+          expect(builds.first[:environment]).to eq(environment)
+        end
+      end
+
+      context 'when no environment is specified' do
+        let(:environment) { nil }
+
+        it 'does return nil environment' do
+          expect(builds.size).to eq(1)
+          expect(builds.first[:environment]).to be_nil
+        end
+      end
+
+      context 'is not a string' do
+        let(:environment) { 1 }
+
+        it 'raises error' do
+          expect { builds }.to raise_error("deploy_to_production job: environment parameter #{Gitlab::Regex.environment_name_regex_message}")
+        end
+      end
+
+      context 'is not a valid string' do
+        let(:environment) { 'production staging' }
+
+        it 'raises error' do
+          expect { builds }.to raise_error("deploy_to_production job: environment parameter #{Gitlab::Regex.environment_name_regex_message}")
+        end
+      end
     end
 
     describe "Dependencies" do
@@ -664,7 +737,8 @@ module Ci
             tag_list: [],
             options: {},
             when: "on_success",
-            allow_failure: false
+            allow_failure: false,
+            environment: nil,
           })
         end
       end
@@ -709,7 +783,8 @@ module Ci
             tag_list: [],
             options: {},
             when: "on_success",
-            allow_failure: false
+            allow_failure: false,
+            environment: nil,
           })
           expect(subject.second).to eq({
             except: nil,
@@ -721,7 +796,8 @@ module Ci
             tag_list: [],
             options: {},
             when: "on_success",
-            allow_failure: false
+            allow_failure: false,
+            environment: nil,
           })
         end
       end
@@ -967,6 +1043,27 @@ EOT
         end.to raise_error(GitlabCiYamlProcessor::ValidationError, "rspec job: artifacts:name parameter should be a string")
       end
 
+      it "returns errors if job artifacts:when is not an a predefined value" do
+        config = YAML.dump({ types: ["build", "test"], rspec: { script: "test", artifacts: { when: 1 } } })
+        expect do
+          GitlabCiYamlProcessor.new(config)
+        end.to raise_error(GitlabCiYamlProcessor::ValidationError, "rspec job: artifacts:when parameter should be on_success, on_failure or always")
+      end
+
+      it "returns errors if job artifacts:expire_in is not an a string" do
+        config = YAML.dump({ types: ["build", "test"], rspec: { script: "test", artifacts: { expire_in: 1 } } })
+        expect do
+          GitlabCiYamlProcessor.new(config)
+        end.to raise_error(GitlabCiYamlProcessor::ValidationError, "rspec job: artifacts:expire_in parameter should be a duration")
+      end
+
+      it "returns errors if job artifacts:expire_in is not an a valid duration" do
+        config = YAML.dump({ types: ["build", "test"], rspec: { script: "test", artifacts: { expire_in: "7 elephants" } } })
+        expect do
+          GitlabCiYamlProcessor.new(config)
+        end.to raise_error(GitlabCiYamlProcessor::ValidationError, "rspec job: artifacts:expire_in parameter should be a duration")
+      end
+
       it "returns errors if job artifacts:untracked is not an array of strings" do
         config = YAML.dump({ types: ["build", "test"], rspec: { script: "test", artifacts: { untracked: "string" } } })
         expect do
diff --git a/spec/lib/container_registry/tag_spec.rb b/spec/lib/container_registry/tag_spec.rb
index 858cb0bb134..c7324c2bf77 100644
--- a/spec/lib/container_registry/tag_spec.rb
+++ b/spec/lib/container_registry/tag_spec.rb
@@ -17,46 +17,85 @@ describe ContainerRegistry::Tag do
   end
 
   context 'manifest processing' do
-    before do
-      stub_request(:get, 'http://example.com/v2/group/test/manifests/tag').
-        with(headers: headers).
-        to_return(
-          status: 200,
-          body: File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'),
-          headers: { 'Content-Type' => 'application/vnd.docker.distribution.manifest.v2+json' })
-    end
+    context 'schema v1' do
+      before do
+        stub_request(:get, 'http://example.com/v2/group/test/manifests/tag').
+          with(headers: headers).
+          to_return(
+            status: 200,
+            body: File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest_1.json'),
+            headers: { 'Content-Type' => 'application/vnd.docker.distribution.manifest.v1+prettyjws' })
+      end
 
-    context '#layers' do
-      subject { tag.layers }
+      context '#layers' do
+        subject { tag.layers }
 
-      it { expect(subject.length).to eq(1) }
-    end
+        it { expect(subject.length).to eq(1) }
+      end
+
+      context '#total_size' do
+        subject { tag.total_size }
 
-    context '#total_size' do
-      subject { tag.total_size }
+        it { is_expected.to be_nil }
+      end
 
-      it { is_expected.to eq(2319870) }
+      context 'config processing' do
+        context '#config' do
+          subject { tag.config }
+
+          it { is_expected.to be_nil }
+        end
+
+        context '#created_at' do
+          subject { tag.created_at }
+
+          it { is_expected.to be_nil }
+        end
+      end
     end
 
-    context 'config processing' do
+    context 'schema v2' do
       before do
-        stub_request(:get, 'http://example.com/v2/group/test/blobs/sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac').
-          with(headers: { 'Accept' => 'application/octet-stream' }).
+        stub_request(:get, 'http://example.com/v2/group/test/manifests/tag').
+          with(headers: headers).
           to_return(
             status: 200,
-            body: File.read(Rails.root + 'spec/fixtures/container_registry/config_blob.json'))
+            body: File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'),
+            headers: { 'Content-Type' => 'application/vnd.docker.distribution.manifest.v2+json' })
       end
 
-      context '#config' do
-        subject { tag.config }
+      context '#layers' do
+        subject { tag.layers }
 
-        it { is_expected.not_to be_nil }
+        it { expect(subject.length).to eq(1) }
       end
 
-      context '#created_at' do
-        subject { tag.created_at }
+      context '#total_size' do
+        subject { tag.total_size }
+
+        it { is_expected.to eq(2319870) }
+      end
+
+      context 'config processing' do
+        before do
+          stub_request(:get, 'http://example.com/v2/group/test/blobs/sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac').
+            with(headers: { 'Accept' => 'application/octet-stream' }).
+            to_return(
+              status: 200,
+              body: File.read(Rails.root + 'spec/fixtures/container_registry/config_blob.json'))
+        end
+
+        context '#config' do
+          subject { tag.config }
+
+          it { is_expected.not_to be_nil }
+        end
+
+        context '#created_at' do
+          subject { tag.created_at }
 
-        it { is_expected.not_to be_nil }
+          it { is_expected.not_to be_nil }
+        end
       end
     end
   end
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index a814ad2a4e7..7bec1367156 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -3,7 +3,7 @@ require 'spec_helper'
 describe Gitlab::Auth, lib: true do
   let(:gl_auth) { described_class }
 
-  describe 'find' do
+  describe 'find_for_git_client' do
     it 'recognizes CI' do
       token = '123'
       project = create(:empty_project)
@@ -11,7 +11,7 @@ describe Gitlab::Auth, lib: true do
       ip = 'ip'
 
       expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'gitlab-ci-token')
-      expect(gl_auth.find('gitlab-ci-token', token, project: project, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, :ci))
+      expect(gl_auth.find_for_git_client('gitlab-ci-token', token, project: project, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, :ci))
     end
 
     it 'recognizes master passwords' do
@@ -19,7 +19,7 @@ describe Gitlab::Auth, lib: true do
       ip = 'ip'
 
       expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
-      expect(gl_auth.find(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :gitlab_or_ldap))
+      expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :gitlab_or_ldap))
     end
 
     it 'recognizes OAuth tokens' do
@@ -29,7 +29,7 @@ describe Gitlab::Auth, lib: true do
       ip = 'ip'
 
       expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'oauth2')
-      expect(gl_auth.find("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :oauth))
+      expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :oauth))
     end
 
     it 'returns double nil for invalid credentials' do
@@ -37,11 +37,11 @@ describe Gitlab::Auth, lib: true do
       ip = 'ip'
 
       expect(gl_auth).to receive(:rate_limit!).with(ip, success: false, login: login)
-      expect(gl_auth.find(login, 'bar', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new)
+      expect(gl_auth.find_for_git_client(login, 'bar', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new)
     end
   end
 
-  describe 'find_in_gitlab_or_ldap' do
+  describe 'find_with_user_password' do
     let!(:user) do
       create(:user,
         username: username,
@@ -52,25 +52,25 @@ describe Gitlab::Auth, lib: true do
     let(:password) { 'my-secret' }
 
     it "should find user by valid login/password" do
-      expect( gl_auth.find_in_gitlab_or_ldap(username, password) ).to eql user
+      expect( gl_auth.find_with_user_password(username, password) ).to eql user
     end
 
     it 'should find user by valid email/password with case-insensitive email' do
-      expect(gl_auth.find_in_gitlab_or_ldap(user.email.upcase, password)).to eql user
+      expect(gl_auth.find_with_user_password(user.email.upcase, password)).to eql user
     end
 
     it 'should find user by valid username/password with case-insensitive username' do
-      expect(gl_auth.find_in_gitlab_or_ldap(username.upcase, password)).to eql user
+      expect(gl_auth.find_with_user_password(username.upcase, password)).to eql user
     end
 
     it "should not find user with invalid password" do
       password = 'wrong'
-      expect( gl_auth.find_in_gitlab_or_ldap(username, password) ).not_to eql user
+      expect( gl_auth.find_with_user_password(username, password) ).not_to eql user
     end
 
     it "should not find user with invalid login" do
       user = 'wrong'
-      expect( gl_auth.find_in_gitlab_or_ldap(username, password) ).not_to eql user
+      expect( gl_auth.find_with_user_password(username, password) ).not_to eql user
     end
 
     context "with ldap enabled" do
@@ -81,13 +81,13 @@ describe Gitlab::Auth, lib: true do
       it "tries to autheticate with db before ldap" do
         expect(Gitlab::LDAP::Authentication).not_to receive(:login)
 
-        gl_auth.find_in_gitlab_or_ldap(username, password)
+        gl_auth.find_with_user_password(username, password)
       end
 
       it "uses ldap as fallback to for authentication" do
         expect(Gitlab::LDAP::Authentication).to receive(:login)
 
-        gl_auth.find_in_gitlab_or_ldap('ldap_user', 'password')
+        gl_auth.find_with_user_password('ldap_user', 'password')
       end
     end
   end
diff --git a/spec/lib/gitlab/ci/config/node/configurable_spec.rb b/spec/lib/gitlab/ci/config/node/configurable_spec.rb
new file mode 100644
index 00000000000..47c68f96dc8
--- /dev/null
+++ b/spec/lib/gitlab/ci/config/node/configurable_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe Gitlab::Ci::Config::Node::Configurable do
+  let(:node) { Class.new }
+
+  before do
+    node.include(described_class)
+  end
+
+  describe 'allowed nodes' do
+    before do
+      node.class_eval do
+        allow_node :object, Object, description: 'test object'
+      end
+    end
+
+    describe '#allowed_nodes' do
+      it 'has valid allowed nodes' do
+        expect(node.allowed_nodes).to include :object
+      end
+
+      it 'creates a node factory' do
+        expect(node.allowed_nodes[:object])
+          .to be_an_instance_of Gitlab::Ci::Config::Node::Factory
+      end
+
+      it 'returns a duplicated factory object' do
+        first_factory = node.allowed_nodes[:object]
+        second_factory = node.allowed_nodes[:object]
+
+        expect(first_factory).not_to be_equal(second_factory)
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/config/node/factory_spec.rb b/spec/lib/gitlab/ci/config/node/factory_spec.rb
new file mode 100644
index 00000000000..d681aa32456
--- /dev/null
+++ b/spec/lib/gitlab/ci/config/node/factory_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe Gitlab::Ci::Config::Node::Factory do
+  describe '#create!' do
+    let(:factory) { described_class.new(entry_class) }
+    let(:entry_class) { Gitlab::Ci::Config::Node::Script }
+
+    context 'when value setting value' do
+      it 'creates entry with valid value' do
+        entry = factory
+          .with(value: ['ls', 'pwd'])
+          .create!
+
+        expect(entry.value).to eq "ls\npwd"
+      end
+
+      context 'when setting description' do
+        it 'creates entry with description' do
+          entry = factory
+            .with(value: ['ls', 'pwd'])
+            .with(description: 'test description')
+            .create!
+
+          expect(entry.value).to eq "ls\npwd"
+          expect(entry.description).to eq 'test description'
+        end
+      end
+    end
+
+    context 'when not setting value' do
+      it 'raises error' do
+        expect { factory.create! }.to raise_error(
+          Gitlab::Ci::Config::Node::Factory::InvalidFactory
+        )
+      end
+    end
+
+    context 'when creating a null entry' do
+      it 'creates a null entry' do
+        entry = factory
+          .with(value: nil)
+          .nullify!
+          .create!
+
+        expect(entry).to be_an_instance_of Gitlab::Ci::Config::Node::Null
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/config/node/global_spec.rb b/spec/lib/gitlab/ci/config/node/global_spec.rb
new file mode 100644
index 00000000000..b1972172435
--- /dev/null
+++ b/spec/lib/gitlab/ci/config/node/global_spec.rb
@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+describe Gitlab::Ci::Config::Node::Global do
+  let(:global) { described_class.new(hash) }
+
+  describe '#allowed_nodes' do
+    it 'can contain global config keys' do
+      expect(global.allowed_nodes).to include :before_script
+    end
+
+    it 'returns a hash' do
+      expect(global.allowed_nodes).to be_a Hash
+    end
+  end
+
+  context 'when hash is valid' do
+    let(:hash) do
+      { before_script: ['ls', 'pwd'] }
+    end
+
+    describe '#process!' do
+      before { global.process! }
+
+      it 'creates nodes hash' do
+        expect(global.nodes).to be_an Array
+      end
+
+      it 'creates node object for each entry' do
+        expect(global.nodes.count).to eq 1
+      end
+
+      it 'creates node object using valid class' do
+        expect(global.nodes.first)
+          .to be_an_instance_of Gitlab::Ci::Config::Node::Script
+      end
+
+      it 'sets correct description for nodes' do
+        expect(global.nodes.first.description)
+          .to eq 'Script that will be executed before each job.'
+      end
+    end
+
+    describe '#leaf?' do
+      it 'is not leaf' do
+        expect(global).not_to be_leaf
+      end
+    end
+
+    describe '#before_script' do
+      context 'when processed' do
+        before { global.process! }
+
+        it 'returns correct script' do
+          expect(global.before_script).to eq "ls\npwd"
+        end
+      end
+
+      context 'when not processed' do
+        it 'returns nil' do
+          expect(global.before_script).to be nil
+        end
+      end
+    end
+  end
+
+  context 'when hash is not valid' do
+    before { global.process! }
+
+    let(:hash) do
+      { before_script: 'ls' }
+    end
+
+    describe '#valid?' do
+      it 'is not valid' do
+        expect(global).not_to be_valid
+      end
+    end
+
+    describe '#errors' do
+      it 'reports errors from child nodes' do
+        expect(global.errors)
+          .to include 'before_script should be an array of strings'
+      end
+    end
+
+    describe '#before_script' do
+      it 'raises error' do
+        expect { global.before_script }.to raise_error(
+          Gitlab::Ci::Config::Node::Entry::InvalidError
+        )
+      end
+    end
+  end
+
+  context 'when value is not a hash' do
+    let(:hash) { [] }
+
+    describe '#valid?' do
+      it 'is not valid' do
+        expect(global).not_to be_valid
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/config/node/null_spec.rb b/spec/lib/gitlab/ci/config/node/null_spec.rb
new file mode 100644
index 00000000000..36101c62462
--- /dev/null
+++ b/spec/lib/gitlab/ci/config/node/null_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Gitlab::Ci::Config::Node::Null do
+  let(:entry) { described_class.new(nil) }
+
+  describe '#leaf?' do
+    it 'is leaf node' do
+      expect(entry).to be_leaf
+    end
+  end
+
+  describe '#any_method' do
+    it 'responds with nil' do
+      expect(entry.any_method).to be nil
+    end
+  end
+
+  describe '#value' do
+    it 'returns nil' do
+      expect(entry.value).to be nil
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/config/node/script_spec.rb b/spec/lib/gitlab/ci/config/node/script_spec.rb
new file mode 100644
index 00000000000..e4d6481f8a5
--- /dev/null
+++ b/spec/lib/gitlab/ci/config/node/script_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe Gitlab::Ci::Config::Node::Script do
+  let(:entry) { described_class.new(value) }
+
+  describe '#validate!' do
+    before { entry.validate! }
+
+    context 'when entry value is correct' do
+      let(:value) { ['ls', 'pwd'] }
+
+      describe '#value' do
+        it 'returns concatenated command' do
+          expect(entry.value).to eq "ls\npwd"
+        end
+      end
+
+      describe '#errors' do
+        it 'does not append errors' do
+          expect(entry.errors).to be_empty
+        end
+      end
+
+      describe '#valid?' do
+        it 'is valid' do
+          expect(entry).to be_valid
+        end
+      end
+    end
+
+    context 'when entry value is not correct' do
+      let(:value) { 'ls' }
+
+      describe '#errors' do
+        it 'saves errors' do
+          expect(entry.errors)
+            .to include /should be an array of strings/
+        end
+      end
+
+      describe '#valid?' do
+        it 'is not valid' do
+          expect(entry).not_to be_valid
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/ci/config_spec.rb b/spec/lib/gitlab/ci/config_spec.rb
index 4d46abe520f..3871d939feb 100644
--- a/spec/lib/gitlab/ci/config_spec.rb
+++ b/spec/lib/gitlab/ci/config_spec.rb
@@ -29,17 +29,43 @@ describe Gitlab::Ci::Config do
 
         expect(config.to_hash).to eq hash
       end
+
+      describe '#valid?' do
+        it 'is valid' do
+          expect(config).to be_valid
+        end
+
+        it 'has no errors' do
+          expect(config.errors).to be_empty
+        end
+      end
     end
 
     context 'when config is invalid' do
-      let(:yml) { '// invalid' }
-
-      describe '.new' do
-        it 'raises error' do
-          expect { config }.to raise_error(
-            Gitlab::Ci::Config::Loader::FormatError,
-            /Invalid configuration format/
-          )
+      context 'when yml is incorrect' do
+        let(:yml) { '// invalid' }
+
+        describe '.new' do
+          it 'raises error' do
+            expect { config }.to raise_error(
+              Gitlab::Ci::Config::Loader::FormatError,
+              /Invalid configuration format/
+            )
+          end
+        end
+      end
+
+      context 'when config logic is incorrect' do
+        let(:yml) { 'before_script: "ls"' }
+
+        describe '#valid?' do
+          it 'is not valid' do
+            expect(config).not_to be_valid
+          end
+
+          it 'has errors' do
+            expect(config.errors).not_to be_empty
+          end
         end
       end
     end
diff --git a/spec/lib/gitlab/metrics/instrumentation_spec.rb b/spec/lib/gitlab/metrics/instrumentation_spec.rb
index 220e86924a2..cdf641341cb 100644
--- a/spec/lib/gitlab/metrics/instrumentation_spec.rb
+++ b/spec/lib/gitlab/metrics/instrumentation_spec.rb
@@ -9,9 +9,31 @@ describe Gitlab::Metrics::Instrumentation do
         text
       end
 
+      class << self
+        def buzz(text = 'buzz')
+          text
+        end
+        private :buzz
+
+        def flaky(text = 'flaky')
+          text
+        end
+        protected :flaky
+      end
+
       def bar(text = 'bar')
         text
       end
+
+      def wadus(text = 'wadus')
+        text
+      end
+      private :wadus
+
+      def chaf(text = 'chaf')
+        text
+      end
+      protected :chaf
     end
 
     allow(@dummy).to receive(:name).and_return('Dummy')
@@ -57,7 +79,7 @@ describe Gitlab::Metrics::Instrumentation do
           and_return(transaction)
 
         expect(transaction).to receive(:add_metric).
-          with(described_class::SERIES, an_instance_of(Hash),
+          with(described_class::SERIES, hash_including(:duration, :cpu_duration),
                method: 'Dummy.foo')
 
         @dummy.foo
@@ -137,7 +159,7 @@ describe Gitlab::Metrics::Instrumentation do
           and_return(transaction)
 
         expect(transaction).to receive(:add_metric).
-          with(described_class::SERIES, an_instance_of(Hash),
+          with(described_class::SERIES, hash_including(:duration, :cpu_duration),
                method: 'Dummy#bar')
 
         @dummy.new.bar
@@ -208,6 +230,21 @@ describe Gitlab::Metrics::Instrumentation do
       described_class.instrument_methods(@dummy)
 
       expect(described_class.instrumented?(@dummy.singleton_class)).to eq(true)
+      expect(@dummy.method(:foo).source_location.first).to match(/instrumentation\.rb/)
+    end
+
+    it 'instruments all protected class methods' do
+      described_class.instrument_methods(@dummy)
+
+      expect(described_class.instrumented?(@dummy.singleton_class)).to eq(true)
+      expect(@dummy.method(:flaky).source_location.first).to match(/instrumentation\.rb/)
+    end
+
+    it 'instruments all private instance methods' do
+      described_class.instrument_methods(@dummy)
+
+      expect(described_class.instrumented?(@dummy.singleton_class)).to eq(true)
+      expect(@dummy.method(:buzz).source_location.first).to match(/instrumentation\.rb/)
     end
 
     it 'only instruments methods directly defined in the module' do
@@ -241,6 +278,21 @@ describe Gitlab::Metrics::Instrumentation do
       described_class.instrument_instance_methods(@dummy)
 
       expect(described_class.instrumented?(@dummy)).to eq(true)
+      expect(@dummy.new.method(:bar).source_location.first).to match(/instrumentation\.rb/)
+    end
+
+    it 'instruments all protected instance methods' do
+      described_class.instrument_instance_methods(@dummy)
+
+      expect(described_class.instrumented?(@dummy)).to eq(true)
+      expect(@dummy.new.method(:chaf).source_location.first).to match(/instrumentation\.rb/)
+    end
+
+    it 'instruments all private instance methods' do
+      described_class.instrument_instance_methods(@dummy)
+
+      expect(described_class.instrumented?(@dummy)).to eq(true)
+      expect(@dummy.new.method(:wadus).source_location.first).to match(/instrumentation\.rb/)
     end
 
     it 'only instruments methods directly defined in the module' do
@@ -253,7 +305,7 @@ describe Gitlab::Metrics::Instrumentation do
 
       described_class.instrument_instance_methods(@dummy)
 
-      expect(@dummy.method_defined?(:_original_kittens)).to eq(false)
+      expect(@dummy.new.method(:kittens).source_location.first).not_to match(/instrumentation\.rb/)
     end
 
     it 'can take a block to determine if a method should be instrumented' do
@@ -261,7 +313,7 @@ describe Gitlab::Metrics::Instrumentation do
         false
       end
 
-      expect(@dummy.method_defined?(:_original_bar)).to eq(false)
+      expect(@dummy.new.method(:bar).source_location.first).not_to match(/instrumentation\.rb/)
     end
   end
 end
diff --git a/spec/lib/gitlab/metrics/rack_middleware_spec.rb b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
index b99be4e1060..40289f8b972 100644
--- a/spec/lib/gitlab/metrics/rack_middleware_spec.rb
+++ b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
@@ -31,6 +31,20 @@ describe Gitlab::Metrics::RackMiddleware do
 
       middleware.call(env)
     end
+
+    it 'tags a transaction with the method andpath of the route in the grape endpoint' do
+      route    = double(:route, route_method: "GET", route_path: "/:version/projects/:id/archive(.:format)")
+      endpoint = double(:endpoint, route: route)
+
+      env['api.endpoint'] = endpoint
+
+      allow(app).to receive(:call).with(env)
+
+      expect(middleware).to receive(:tag_endpoint).
+        with(an_instance_of(Gitlab::Metrics::Transaction), env)
+
+      middleware.call(env)
+    end
   end
 
   describe '#transaction_from_env' do
@@ -60,4 +74,19 @@ describe Gitlab::Metrics::RackMiddleware do
       expect(transaction.action).to eq('TestController#show')
     end
   end
+
+  describe '#tag_endpoint' do
+    let(:transaction) { middleware.transaction_from_env(env) }
+
+    it 'tags a transaction with the method and path of the route in the grape endpount' do
+      route    = double(:route, route_method: "GET", route_path: "/:version/projects/:id/archive(.:format)")
+      endpoint = double(:endpoint, route: route)
+
+      env['api.endpoint'] = endpoint
+
+      middleware.tag_endpoint(transaction, env)
+
+      expect(transaction.action).to eq('Grape#GET /projects/:id/archive')
+    end
+  end
 end
diff --git a/spec/lib/gitlab/metrics/sampler_spec.rb b/spec/lib/gitlab/metrics/sampler_spec.rb
index 59db127674a..1ab923b58cf 100644
--- a/spec/lib/gitlab/metrics/sampler_spec.rb
+++ b/spec/lib/gitlab/metrics/sampler_spec.rb
@@ -72,14 +72,25 @@ describe Gitlab::Metrics::Sampler do
     end
   end
 
-  describe '#sample_objects' do
-    it 'adds a metric containing the amount of allocated objects' do
-      expect(sampler).to receive(:add_metric).
-        with(/object_counts/, an_instance_of(Hash), an_instance_of(Hash)).
-        at_least(:once).
-        and_call_original
+  if Gitlab::Metrics.mri?
+    describe '#sample_objects' do
+      it 'adds a metric containing the amount of allocated objects' do
+        expect(sampler).to receive(:add_metric).
+          with(/object_counts/, an_instance_of(Hash), an_instance_of(Hash)).
+          at_least(:once).
+          and_call_original
+
+        sampler.sample_objects
+      end
 
-      sampler.sample_objects
+      it 'ignores classes without a name' do
+        expect(Allocations).to receive(:to_hash).and_return({ Class.new => 4 })
+
+        expect(sampler).not_to receive(:add_metric).
+          with('object_counts', an_instance_of(Hash), type: nil)
+
+        sampler.sample_objects
+      end
     end
   end
 
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index db0ff95b4f5..270b89972d7 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -43,6 +43,18 @@ describe Gitlab::ProjectSearchResults, lib: true do
       expect(results.issues_count).to eq 1
     end
 
+    it 'should not list project confidential issues for project members with guest role' do
+      project.team << [member, :guest]
+
+      results = described_class.new(member, project, query)
+      issues = results.objects('issues')
+
+      expect(issues).to include issue
+      expect(issues).not_to include security_issue_1
+      expect(issues).not_to include security_issue_2
+      expect(results.issues_count).to eq 1
+    end
+
     it 'should list project confidential issues for author' do
       results = described_class.new(author, project, query)
       issues = results.objects('issues')
diff --git a/spec/lib/gitlab/search_results_spec.rb b/spec/lib/gitlab/search_results_spec.rb
index f4afe597e8d..1bb444bf34f 100644
--- a/spec/lib/gitlab/search_results_spec.rb
+++ b/spec/lib/gitlab/search_results_spec.rb
@@ -86,6 +86,22 @@ describe Gitlab::SearchResults do
       expect(results.issues_count).to eq 1
     end
 
+    it 'should not list confidential issues for project members with guest role' do
+      project_1.team << [member, :guest]
+      project_2.team << [member, :guest]
+
+      results = described_class.new(member, limit_projects, query)
+      issues = results.objects('issues')
+
+      expect(issues).to include issue
+      expect(issues).not_to include security_issue_1
+      expect(issues).not_to include security_issue_2
+      expect(issues).not_to include security_issue_3
+      expect(issues).not_to include security_issue_4
+      expect(issues).not_to include security_issue_5
+      expect(results.issues_count).to eq 1
+    end
+
     it 'should list confidential issues for author' do
       results = described_class.new(author, limit_projects, query)
       issues = results.objects('issues')
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index 818825b1477..1e6eb20ab39 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -400,26 +400,136 @@ describe Notify do
       end
     end
 
+    describe 'project access requested' do
+      let(:project) { create(:project) }
+      let(:user) { create(:user) }
+      let(:project_member) do
+        project.request_access(user)
+        project.members.request.find_by(user_id: user.id)
+      end
+      subject { Notify.member_access_requested_email('project', project_member.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Request to join the #{project.name_with_namespace} project"
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{namespace_project_project_members_url(project.namespace, project)}/
+        is_expected.to have_body_text /#{project_member.human_access}/
+      end
+    end
+
+    describe 'project access denied' do
+      let(:project) { create(:project) }
+      let(:user) { create(:user) }
+      let(:project_member) do
+        project.request_access(user)
+        project.members.request.find_by(user_id: user.id)
+      end
+      subject { Notify.member_access_denied_email('project', project.id, user.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Access to the #{project.name_with_namespace} project was denied"
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{project.web_url}/
+      end
+    end
+
     describe 'project access changed' do
       let(:project) { create(:project) }
       let(:user) { create(:user) }
       let(:project_member) { create(:project_member, project: project, user: user) }
-      subject { Notify.project_access_granted_email(project_member.id) }
+      subject { Notify.member_access_granted_email('project', project_member.id) }
 
       it_behaves_like 'an email sent from GitLab'
       it_behaves_like 'it should not have Gmail Actions links'
       it_behaves_like "a user cannot unsubscribe through footer link"
 
-      it 'has the correct subject' do
-        is_expected.to have_subject /Access to project was granted/
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Access to the #{project.name_with_namespace} project was granted"
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{project.web_url}/
+        is_expected.to have_body_text /#{project_member.human_access}/
       end
+    end
 
-      it 'contains name of project' do
-        is_expected.to have_body_text /#{project.name}/
-      end
+    def invite_to_project(project:, email:, inviter:)
+      ProjectMember.add_user(project.project_members, 'toto@example.com', Gitlab::Access::DEVELOPER, inviter)
 
-      it 'contains new user role' do
+      project.project_members.invite.last
+    end
+
+    describe 'project invitation' do
+      let(:project) { create(:project) }
+      let(:master) { create(:user).tap { |u| project.team << [u, :master] } }
+      let(:project_member) { invite_to_project(project: project, email: 'toto@example.com', inviter: master) }
+
+      subject { Notify.member_invited_email('project', project_member.id, project_member.invite_token) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Invitation to join the #{project.name_with_namespace} project"
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{project.web_url}/
         is_expected.to have_body_text /#{project_member.human_access}/
+        is_expected.to have_body_text /#{project_member.invite_token}/
+      end
+    end
+
+    describe 'project invitation accepted' do
+      let(:project) { create(:project) }
+      let(:invited_user) { create(:user) }
+      let(:master) { create(:user).tap { |u| project.team << [u, :master] } }
+      let(:project_member) do
+        invitee = invite_to_project(project: project, email: 'toto@example.com', inviter: master)
+        invitee.accept_invite!(invited_user)
+        invitee
+      end
+
+      subject { Notify.member_invite_accepted_email('project', project_member.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject 'Invitation accepted'
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{project.web_url}/
+        is_expected.to have_body_text /#{project_member.invite_email}/
+        is_expected.to have_body_text /#{invited_user.name}/
+      end
+    end
+
+    describe 'project invitation declined' do
+      let(:project) { create(:project) }
+      let(:master) { create(:user).tap { |u| project.team << [u, :master] } }
+      let(:project_member) do
+        invitee = invite_to_project(project: project, email: 'toto@example.com', inviter: master)
+        invitee.decline_invite!
+        invitee
+      end
+
+      subject { Notify.member_invite_declined_email('project', project.id, project_member.invite_email, master.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject 'Invitation declined'
+        is_expected.to have_body_text /#{project.name_with_namespace}/
+        is_expected.to have_body_text /#{project.web_url}/
+        is_expected.to have_body_text /#{project_member.invite_email}/
       end
     end
 
@@ -535,27 +645,139 @@ describe Notify do
     end
   end
 
-  describe 'group access changed' do
-    let(:group) { create(:group) }
-    let(:user) { create(:user) }
-    let(:membership) { create(:group_member, group: group, user: user) }
+  context 'for a group' do
+    describe 'group access requested' do
+      let(:group) { create(:group) }
+      let(:user) { create(:user) }
+      let(:group_member) do
+        group.request_access(user)
+        group.members.request.find_by(user_id: user.id)
+      end
+      subject { Notify.member_access_requested_email('group', group_member.id) }
 
-    subject { Notify.group_access_granted_email(membership.id) }
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
 
-    it_behaves_like 'an email sent from GitLab'
-    it_behaves_like 'it should not have Gmail Actions links'
-    it_behaves_like "a user cannot unsubscribe through footer link"
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Request to join the #{group.name} group"
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group_group_members_url(group)}/
+        is_expected.to have_body_text /#{group_member.human_access}/
+      end
+    end
 
-    it 'has the correct subject' do
-      is_expected.to have_subject /Access to group was granted/
+    describe 'group access denied' do
+      let(:group) { create(:group) }
+      let(:user) { create(:user) }
+      let(:group_member) do
+        group.request_access(user)
+        group.members.request.find_by(user_id: user.id)
+      end
+      subject { Notify.member_access_denied_email('group', group.id, user.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Access to the #{group.name} group was denied"
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group.web_url}/
+      end
+    end
+
+    describe 'group access changed' do
+      let(:group) { create(:group) }
+      let(:user) { create(:user) }
+      let(:group_member) { create(:group_member, group: group, user: user) }
+
+      subject { Notify.member_access_granted_email('group', group_member.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Access to the #{group.name} group was granted"
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group.web_url}/
+        is_expected.to have_body_text /#{group_member.human_access}/
+      end
+    end
+
+    def invite_to_group(group:, email:, inviter:)
+      GroupMember.add_user(group.group_members, 'toto@example.com', Gitlab::Access::DEVELOPER, inviter)
+
+      group.group_members.invite.last
     end
 
-    it 'contains name of project' do
-      is_expected.to have_body_text /#{group.name}/
+    describe 'group invitation' do
+      let(:group) { create(:group) }
+      let(:owner) { create(:user).tap { |u| group.add_user(u, Gitlab::Access::OWNER) } }
+      let(:group_member) { invite_to_group(group: group, email: 'toto@example.com', inviter: owner) }
+
+      subject { Notify.member_invited_email('group', group_member.id, group_member.invite_token) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject "Invitation to join the #{group.name} group"
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group.web_url}/
+        is_expected.to have_body_text /#{group_member.human_access}/
+        is_expected.to have_body_text /#{group_member.invite_token}/
+      end
     end
 
-    it 'contains new user role' do
-      is_expected.to have_body_text /#{membership.human_access}/
+    describe 'group invitation accepted' do
+      let(:group) { create(:group) }
+      let(:invited_user) { create(:user) }
+      let(:owner) { create(:user).tap { |u| group.add_user(u, Gitlab::Access::OWNER) } }
+      let(:group_member) do
+        invitee = invite_to_group(group: group, email: 'toto@example.com', inviter: owner)
+        invitee.accept_invite!(invited_user)
+        invitee
+      end
+
+      subject { Notify.member_invite_accepted_email('group', group_member.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject 'Invitation accepted'
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group.web_url}/
+        is_expected.to have_body_text /#{group_member.invite_email}/
+        is_expected.to have_body_text /#{invited_user.name}/
+      end
+    end
+
+    describe 'group invitation declined' do
+      let(:group) { create(:group) }
+      let(:owner) { create(:user).tap { |u| group.add_user(u, Gitlab::Access::OWNER) } }
+      let(:group_member) do
+        invitee = invite_to_group(group: group, email: 'toto@example.com', inviter: owner)
+        invitee.decline_invite!
+        invitee
+      end
+
+      subject { Notify.member_invite_declined_email('group', group.id, group_member.invite_email, owner.id) }
+
+      it_behaves_like 'an email sent from GitLab'
+      it_behaves_like 'it should not have Gmail Actions links'
+      it_behaves_like "a user cannot unsubscribe through footer link"
+
+      it 'contains all the useful information' do
+        is_expected.to have_subject 'Invitation declined'
+        is_expected.to have_body_text /#{group.name}/
+        is_expected.to have_body_text /#{group.web_url}/
+        is_expected.to have_body_text /#{group_member.invite_email}/
+      end
     end
   end
 
diff --git a/spec/models/build_spec.rb b/spec/models/build_spec.rb
index 2beb6cc598d..5d1fa8226e5 100644
--- a/spec/models/build_spec.rb
+++ b/spec/models/build_spec.rb
@@ -397,9 +397,34 @@ describe Ci::Build, models: true do
     context 'artifacts archive exists' do
       let(:build) { create(:ci_build, :artifacts) }
       it { is_expected.to be_truthy }
+
+      context 'is expired' do
+        before { build.update(artifacts_expire_at: Time.now - 7.days)  }
+        it { is_expected.to be_falsy }
+      end
+
+      context 'is not expired' do
+        before { build.update(artifacts_expire_at: Time.now + 7.days)  }
+        it { is_expected.to be_truthy }
+      end
     end
   end
 
+  describe '#artifacts_expired?' do
+    subject { build.artifacts_expired? }
+
+    context 'is expired' do
+      before { build.update(artifacts_expire_at: Time.now - 7.days)  }
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'is not expired' do
+      before { build.update(artifacts_expire_at: Time.now + 7.days)  }
+
+      it { is_expected.to be_falsey }
+    end
+  end
 
   describe '#artifacts_metadata?' do
     subject { build.artifacts_metadata? }
@@ -412,7 +437,6 @@ describe Ci::Build, models: true do
       it { is_expected.to be_truthy }
     end
   end
-
   describe '#repo_url' do
     let(:build) { create(:ci_build) }
     let(:project) { build.project }
@@ -427,6 +451,50 @@ describe Ci::Build, models: true do
     it { is_expected.to include(project.web_url[7..-1]) }
   end
 
+  describe '#artifacts_expire_in' do
+    subject { build.artifacts_expire_in }
+    it { is_expected.to be_nil }
+
+    context 'when artifacts_expire_at is specified' do
+      let(:expire_at) { Time.now + 7.days }
+
+      before { build.artifacts_expire_at = expire_at }
+
+      it { is_expected.to be_within(5).of(expire_at - Time.now) }
+    end
+  end
+
+  describe '#artifacts_expire_in=' do
+    subject { build.artifacts_expire_in }
+
+    it 'when assigning valid duration' do
+      build.artifacts_expire_in = '7 days'
+
+      is_expected.to be_within(10).of(7.days.to_i)
+    end
+
+    it 'when assigning invalid duration' do
+      expect { build.artifacts_expire_in = '7 elephants' }.to raise_error(ChronicDuration::DurationParseError)
+      is_expected.to be_nil
+    end
+
+    it 'when resseting value' do
+      build.artifacts_expire_in = nil
+
+      is_expected.to be_nil
+    end
+  end
+
+  describe '#keep_artifacts!' do
+    let(:build) { create(:ci_build, artifacts_expire_at: Time.now + 7.days) }
+
+    it 'to reset expire_at' do
+      build.keep_artifacts!
+
+      expect(build.artifacts_expire_at).to be_nil
+    end
+  end
+
   describe '#depends_on_builds' do
     let!(:build) { create(:ci_build, pipeline: pipeline, name: 'build', stage_idx: 0, stage: 'build') }
     let!(:rspec_test) { create(:ci_build, pipeline: pipeline, name: 'rspec', stage_idx: 1, stage: 'test') }
diff --git a/spec/models/concerns/access_requestable_spec.rb b/spec/models/concerns/access_requestable_spec.rb
new file mode 100644
index 00000000000..98307876962
--- /dev/null
+++ b/spec/models/concerns/access_requestable_spec.rb
@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe AccessRequestable do
+  describe 'Group' do
+    describe '#request_access' do
+      let(:group) { create(:group, :public) }
+      let(:user) { create(:user) }
+
+      it { expect(group.request_access(user)).to be_a(GroupMember) }
+      it { expect(group.request_access(user).user).to eq(user) }
+    end
+
+    describe '#access_requested?' do
+      let(:group) { create(:group, :public) }
+      let(:user) { create(:user) }
+
+      before { group.request_access(user) }
+
+      it { expect(group.members.request.exists?(user_id: user)).to be_truthy }
+    end
+  end
+
+  describe 'Project' do
+    describe '#request_access' do
+      let(:project) { create(:empty_project, :public) }
+      let(:user) { create(:user) }
+
+      it { expect(project.request_access(user)).to be_a(ProjectMember) }
+    end
+
+    describe '#access_requested?' do
+      let(:project) { create(:empty_project, :public) }
+      let(:user) { create(:user) }
+
+      before { project.request_access(user) }
+
+      it { expect(project.members.request.exists?(user_id: user)).to be_truthy }
+    end
+  end
+end
diff --git a/spec/models/concerns/milestoneish_spec.rb b/spec/models/concerns/milestoneish_spec.rb
index 47c3be673c5..7e9ab8940cf 100644
--- a/spec/models/concerns/milestoneish_spec.rb
+++ b/spec/models/concerns/milestoneish_spec.rb
@@ -5,6 +5,7 @@ describe Milestone, 'Milestoneish' do
   let(:assignee) { create(:user) }
   let(:non_member) { create(:user) }
   let(:member) { create(:user) }
+  let(:guest) { create(:user) }
   let(:admin) { create(:admin) }
   let(:project) { create(:project, :public) }
   let(:milestone) { create(:milestone, project: project) }
@@ -21,6 +22,7 @@ describe Milestone, 'Milestoneish' do
 
   before do
     project.team << [member, :developer]
+    project.team << [guest, :guest]
   end
 
   describe '#closed_items_count' do
@@ -28,6 +30,10 @@ describe Milestone, 'Milestoneish' do
       expect(milestone.closed_items_count(non_member)).to eq 2
     end
 
+    it 'should not count confidential issues for project members with guest role' do
+      expect(milestone.closed_items_count(guest)).to eq 2
+    end
+
     it 'should count confidential issues for author' do
       expect(milestone.closed_items_count(author)).to eq 4
     end
@@ -50,6 +56,10 @@ describe Milestone, 'Milestoneish' do
       expect(milestone.total_items_count(non_member)).to eq 4
     end
 
+    it 'should not count confidential issues for project members with guest role' do
+      expect(milestone.total_items_count(guest)).to eq 4
+    end
+
     it 'should count confidential issues for author' do
       expect(milestone.total_items_count(author)).to eq 7
     end
@@ -85,6 +95,10 @@ describe Milestone, 'Milestoneish' do
       expect(milestone.percent_complete(non_member)).to eq 50
     end
 
+    it 'should not count confidential issues for project members with guest role' do
+      expect(milestone.percent_complete(guest)).to eq 50
+    end
+
     it 'should count confidential issues for author' do
       expect(milestone.percent_complete(author)).to eq 57
     end
diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb
new file mode 100644
index 00000000000..b273018707f
--- /dev/null
+++ b/spec/models/deployment_spec.rb
@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe Deployment, models: true do
+  subject { build(:deployment) }
+
+  it { is_expected.to belong_to(:project) }
+  it { is_expected.to belong_to(:environment) }
+  it { is_expected.to belong_to(:user) }
+  it { is_expected.to belong_to(:deployable) }
+
+  it { is_expected.to delegate_method(:name).to(:environment).with_prefix }
+  it { is_expected.to delegate_method(:commit).to(:project) }
+  it { is_expected.to delegate_method(:commit_title).to(:commit).as(:try) }
+
+  it { is_expected.to validate_presence_of(:ref) }
+  it { is_expected.to validate_presence_of(:sha) }
+end
diff --git a/spec/models/environment_spec.rb b/spec/models/environment_spec.rb
new file mode 100644
index 00000000000..7629af6a570
--- /dev/null
+++ b/spec/models/environment_spec.rb
@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+describe Environment, models: true do
+  let(:environment) { create(:environment) }
+
+  it { is_expected.to belong_to(:project) }
+  it { is_expected.to have_many(:deployments) }
+
+  it { is_expected.to delegate_method(:last_deployment).to(:deployments).as(:last) }
+
+  it { is_expected.to validate_presence_of(:name) }
+  it { is_expected.to validate_uniqueness_of(:name).scoped_to(:project_id) }
+  it { is_expected.to validate_length_of(:name).is_within(0..255) }
+end
diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb
index b0e76fec693..166a1dc4ddb 100644
--- a/spec/models/event_spec.rb
+++ b/spec/models/event_spec.rb
@@ -50,6 +50,7 @@ describe Event, models: true do
     let(:project) { create(:empty_project, :public) }
     let(:non_member) { create(:user) }
     let(:member)  { create(:user) }
+    let(:guest)  { create(:user) }
     let(:author) { create(:author) }
     let(:assignee) { create(:user) }
     let(:admin) { create(:admin) }
@@ -61,6 +62,7 @@ describe Event, models: true do
 
     before do
       project.team << [member, :developer]
+      project.team << [guest, :guest]
     end
 
     context 'issue event' do
@@ -71,6 +73,7 @@ describe Event, models: true do
         it { expect(event.visible_to_user?(author)).to eq true }
         it { expect(event.visible_to_user?(assignee)).to eq true }
         it { expect(event.visible_to_user?(member)).to eq true }
+        it { expect(event.visible_to_user?(guest)).to eq true }
         it { expect(event.visible_to_user?(admin)).to eq true }
       end
 
@@ -81,6 +84,7 @@ describe Event, models: true do
         it { expect(event.visible_to_user?(author)).to eq true }
         it { expect(event.visible_to_user?(assignee)).to eq true }
         it { expect(event.visible_to_user?(member)).to eq true }
+        it { expect(event.visible_to_user?(guest)).to eq false }
         it { expect(event.visible_to_user?(admin)).to eq true }
       end
     end
@@ -93,6 +97,7 @@ describe Event, models: true do
         it { expect(event.visible_to_user?(author)).to eq true }
         it { expect(event.visible_to_user?(assignee)).to eq true }
         it { expect(event.visible_to_user?(member)).to eq true }
+        it { expect(event.visible_to_user?(guest)).to eq true }
         it { expect(event.visible_to_user?(admin)).to eq true }
       end
 
@@ -103,6 +108,7 @@ describe Event, models: true do
         it { expect(event.visible_to_user?(author)).to eq true }
         it { expect(event.visible_to_user?(assignee)).to eq true }
         it { expect(event.visible_to_user?(member)).to eq true }
+        it { expect(event.visible_to_user?(guest)).to eq false }
         it { expect(event.visible_to_user?(admin)).to eq true }
       end
     end
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 6fa16be7f04..ccdcb29f773 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -5,7 +5,11 @@ describe Group, models: true do
 
   describe 'associations' do
     it { is_expected.to have_many :projects }
-    it { is_expected.to have_many :group_members }
+    it { is_expected.to have_many(:group_members).dependent(:destroy) }
+    it { is_expected.to have_many(:users).through(:group_members) }
+    it { is_expected.to have_many(:project_group_links).dependent(:destroy) }
+    it { is_expected.to have_many(:shared_projects).through(:project_group_links) }
+    it { is_expected.to have_many(:notification_settings).dependent(:destroy) }
   end
 
   describe 'modules' do
@@ -131,4 +135,46 @@ describe Group, models: true do
       expect(described_class.search(group.path.upcase)).to eq([group])
     end
   end
+
+  describe '#has_owner?' do
+    before { @members = setup_group_members(group) }
+
+    it { expect(group.has_owner?(@members[:owner])).to be_truthy }
+    it { expect(group.has_owner?(@members[:master])).to be_falsey }
+    it { expect(group.has_owner?(@members[:developer])).to be_falsey }
+    it { expect(group.has_owner?(@members[:reporter])).to be_falsey }
+    it { expect(group.has_owner?(@members[:guest])).to be_falsey }
+    it { expect(group.has_owner?(@members[:requester])).to be_falsey }
+  end
+
+  describe '#has_master?' do
+    before { @members = setup_group_members(group) }
+
+    it { expect(group.has_master?(@members[:owner])).to be_falsey }
+    it { expect(group.has_master?(@members[:master])).to be_truthy }
+    it { expect(group.has_master?(@members[:developer])).to be_falsey }
+    it { expect(group.has_master?(@members[:reporter])).to be_falsey }
+    it { expect(group.has_master?(@members[:guest])).to be_falsey }
+    it { expect(group.has_master?(@members[:requester])).to be_falsey }
+  end
+
+  def setup_group_members(group)
+    members = {
+      owner: create(:user),
+      master: create(:user),
+      developer: create(:user),
+      reporter: create(:user),
+      guest: create(:user),
+      requester: create(:user)
+    }
+
+    group.add_user(members[:owner], GroupMember::OWNER)
+    group.add_user(members[:master], GroupMember::MASTER)
+    group.add_user(members[:developer], GroupMember::DEVELOPER)
+    group.add_user(members[:reporter], GroupMember::REPORTER)
+    group.add_user(members[:guest], GroupMember::GUEST)
+    group.request_access(members[:requester])
+
+    members
+  end
 end
diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb
index 6e51730eecd..3ed3202ac6c 100644
--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -55,11 +55,97 @@ describe Member, models: true do
     end
   end
 
+  describe 'Scopes & finders' do
+    before do
+      project = create(:project)
+      group = create(:group)
+      @owner_user = create(:user).tap { |u| group.add_owner(u) }
+      @owner = group.members.find_by(user_id: @owner_user.id)
+
+      @master_user = create(:user).tap { |u| project.team << [u, :master] }
+      @master = project.members.find_by(user_id: @master_user.id)
+
+      ProjectMember.add_user(project.members, 'toto1@example.com', Gitlab::Access::DEVELOPER, @master_user)
+      @invited_member = project.members.invite.find_by_invite_email('toto1@example.com')
+
+      accepted_invite_user = build(:user)
+      ProjectMember.add_user(project.members, 'toto2@example.com', Gitlab::Access::DEVELOPER, @master_user)
+      @accepted_invite_member = project.members.invite.find_by_invite_email('toto2@example.com').tap { |u| u.accept_invite!(accepted_invite_user) }
+
+      requested_user = create(:user).tap { |u| project.request_access(u) }
+      @requested_member = project.members.request.find_by(user_id: requested_user.id)
+
+      accepted_request_user = create(:user).tap { |u| project.request_access(u) }
+      @accepted_request_member = project.members.request.find_by(user_id: accepted_request_user.id).tap { |m| m.accept_request }
+    end
+
+    describe '.invite' do
+      it { expect(described_class.invite).not_to include @master }
+      it { expect(described_class.invite).to include @invited_member }
+      it { expect(described_class.invite).not_to include @accepted_invite_member }
+      it { expect(described_class.invite).not_to include @requested_member }
+      it { expect(described_class.invite).not_to include @accepted_request_member }
+    end
+
+    describe '.non_invite' do
+      it { expect(described_class.non_invite).to include @master }
+      it { expect(described_class.non_invite).not_to include @invited_member }
+      it { expect(described_class.non_invite).to include @accepted_invite_member }
+      it { expect(described_class.non_invite).to include @requested_member }
+      it { expect(described_class.non_invite).to include @accepted_request_member }
+    end
+
+    describe '.request' do
+      it { expect(described_class.request).not_to include @master }
+      it { expect(described_class.request).not_to include @invited_member }
+      it { expect(described_class.request).not_to include @accepted_invite_member }
+      it { expect(described_class.request).to include @requested_member }
+      it { expect(described_class.request).not_to include @accepted_request_member }
+    end
+
+    describe '.non_request' do
+      it { expect(described_class.non_request).to include @master }
+      it { expect(described_class.non_request).to include @invited_member }
+      it { expect(described_class.non_request).to include @accepted_invite_member }
+      it { expect(described_class.non_request).not_to include @requested_member }
+      it { expect(described_class.non_request).to include @accepted_request_member }
+    end
+
+    describe '.non_pending' do
+      it { expect(described_class.non_pending).to include @master }
+      it { expect(described_class.non_pending).not_to include @invited_member }
+      it { expect(described_class.non_pending).to include @accepted_invite_member }
+      it { expect(described_class.non_pending).not_to include @requested_member }
+      it { expect(described_class.non_pending).to include @accepted_request_member }
+    end
+
+    describe '.owners_and_masters' do
+      it { expect(described_class.owners_and_masters).to include @owner }
+      it { expect(described_class.owners_and_masters).to include @master }
+      it { expect(described_class.owners_and_masters).not_to include @invited_member }
+      it { expect(described_class.owners_and_masters).not_to include @accepted_invite_member }
+      it { expect(described_class.owners_and_masters).not_to include @requested_member }
+      it { expect(described_class.owners_and_masters).not_to include @accepted_request_member }
+    end
+  end
+
   describe "Delegate methods" do
     it { is_expected.to respond_to(:user_name) }
     it { is_expected.to respond_to(:user_email) }
   end
 
+  describe 'Callbacks' do
+    describe 'after_destroy :post_decline_request, if: :request?' do
+      let(:member) { create(:project_member, requested_at: Time.now.utc) }
+
+      it 'calls #post_decline_request' do
+        expect(member).to receive(:post_decline_request)
+
+        member.destroy
+      end
+    end
+  end
+
   describe ".add_user" do
     let!(:user)    { create(:user) }
     let(:project) { create(:project) }
@@ -97,6 +183,44 @@ describe Member, models: true do
     end
   end
 
+  describe '#accept_request' do
+    let(:member) { create(:project_member, requested_at: Time.now.utc) }
+
+    it { expect(member.accept_request).to be_truthy }
+
+    it 'clears requested_at' do
+      member.accept_request
+
+      expect(member.requested_at).to be_nil
+    end
+
+    it 'calls #after_accept_request' do
+      expect(member).to receive(:after_accept_request)
+
+      member.accept_request
+    end
+  end
+
+  describe '#invite?' do
+    subject { create(:project_member, invite_email: "user@example.com", user: nil) }
+
+    it { is_expected.to be_invite }
+  end
+
+  describe '#request?' do
+    subject { create(:project_member, requested_at: Time.now.utc) }
+
+    it { is_expected.to be_request }
+  end
+
+  describe '#pending?' do
+    let(:invited_member) { create(:project_member, invite_email: "user@example.com", user: nil) }
+    let(:requester) { create(:project_member, requested_at: Time.now.utc) }
+
+    it { expect(invited_member).to be_invite }
+    it { expect(requester).to be_pending }
+  end
+
   describe "#accept_invite!" do
     let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
     let(:user) { create(:user) }
diff --git a/spec/models/members/group_member_spec.rb b/spec/models/members/group_member_spec.rb
index 5424c9b9cba..eeb74a462ac 100644
--- a/spec/models/members/group_member_spec.rb
+++ b/spec/models/members/group_member_spec.rb
@@ -20,7 +20,7 @@
 require 'spec_helper'
 
 describe GroupMember, models: true do
-  context 'notification' do
+  describe 'notifications' do
     describe "#after_create" do
       it "should send email to user" do
         membership = build(:group_member)
@@ -50,5 +50,31 @@ describe GroupMember, models: true do
         @group_member.update_attribute(:access_level, GroupMember::OWNER)
       end
     end
+
+    describe '#after_accept_request' do
+      it 'calls NotificationService.accept_group_access_request' do
+        member = create(:group_member, user: build_stubbed(:user), requested_at: Time.now)
+
+        expect_any_instance_of(NotificationService).to receive(:new_group_member)
+
+        member.__send__(:after_accept_request)
+      end
+    end
+
+    describe '#post_decline_request' do
+      it 'calls NotificationService.decline_group_access_request' do
+        member = create(:group_member, user: build_stubbed(:user), requested_at: Time.now)
+
+        expect_any_instance_of(NotificationService).to receive(:decline_group_access_request)
+
+        member.__send__(:post_decline_request)
+      end
+    end
+
+    describe '#real_source_type' do
+      subject { create(:group_member).real_source_type }
+
+      it { is_expected.to eq 'Group' }
+    end
   end
 end
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index 9f13874b532..1e466f9c620 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -33,6 +33,12 @@ describe ProjectMember, models: true do
     it { is_expected.to include_module(Gitlab::ShellAdapter) }
   end
 
+  describe '#real_source_type' do
+    subject { create(:project_member).real_source_type }
+
+    it { is_expected.to eq 'Project' }
+  end
+
   describe "#destroy" do
     let(:owner)   { create(:project_member, access_level: ProjectMember::OWNER) }
     let(:project) { owner.project }
@@ -135,4 +141,26 @@ describe ProjectMember, models: true do
     it { expect(@project_1.users).to be_empty }
     it { expect(@project_2.users).to be_empty }
   end
+
+  describe 'notifications' do
+    describe '#after_accept_request' do
+      it 'calls NotificationService.new_project_member' do
+        member = create(:project_member, user: build_stubbed(:user), requested_at: Time.now)
+
+        expect_any_instance_of(NotificationService).to receive(:new_project_member)
+
+        member.__send__(:after_accept_request)
+      end
+    end
+
+    describe '#post_decline_request' do
+      it 'calls NotificationService.decline_project_access_request' do
+        member = create(:project_member, user: build_stubbed(:user), requested_at: Time.now)
+
+        expect_any_instance_of(NotificationService).to receive(:decline_project_access_request)
+
+        member.__send__(:post_decline_request)
+      end
+    end
+  end
 end
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index f15e96714b2..285ab19cfaf 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -162,16 +162,23 @@ describe Note, models: true do
     end
 
     context "confidential issues" do
-      let(:user) { create :user }
-      let(:confidential_issue) { create(:issue, :confidential, author: user) }
-      let(:confidential_note) { create :note, note: "Random", noteable: confidential_issue, project: confidential_issue.project }
+      let(:user) { create(:user) }
+      let(:project) { create(:project) }
+      let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
+      let(:confidential_note) { create(:note, note: "Random", noteable: confidential_issue, project: confidential_issue.project) }
 
       it "returns notes with matching content if user can see the issue" do
         expect(described_class.search(confidential_note.note, as_user: user)).to eq([confidential_note])
       end
 
       it "does not return notes with matching content if user can not see the issue" do
-        user = create :user
+        user = create(:user)
+        expect(described_class.search(confidential_note.note, as_user: user)).to be_empty
+      end
+
+      it "does not return notes with matching content for project members with guest role" do
+        user = create(:user)
+        project.team << [user, :guest]
         expect(described_class.search(confidential_note.note, as_user: user)).to be_empty
       end
 
diff --git a/spec/models/project_services/bamboo_service_spec.rb b/spec/models/project_services/bamboo_service_spec.rb
index ec81f05fc7a..9ae461f8c2d 100644
--- a/spec/models/project_services/bamboo_service_spec.rb
+++ b/spec/models/project_services/bamboo_service_spec.rb
@@ -126,25 +126,25 @@ describe BambooService, models: true do
     it 'returns a specific URL when status is 500' do
       stub_request(status: 500)
 
-      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/browse/foo')
+      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/bamboo/browse/foo')
     end
 
     it 'returns a specific URL when response has no results' do
       stub_request(body: %Q({"results":{"results":{"size":"0"}}}))
 
-      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/browse/foo')
+      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/bamboo/browse/foo')
     end
 
     it 'returns a build URL when bamboo_url has no trailing slash' do
       stub_request(body: %Q({"results":{"results":{"result":{"planResultKey":{"key":"42"}}}}}))
 
-      expect(service(bamboo_url: 'http://gitlab.com').build_page('123', 'unused')).to eq('http://gitlab.com/browse/42')
+      expect(service(bamboo_url: 'http://gitlab.com/bamboo').build_page('123', 'unused')).to eq('http://gitlab.com/bamboo/browse/42')
     end
 
     it 'returns a build URL when bamboo_url has a trailing slash' do
       stub_request(body: %Q({"results":{"results":{"result":{"planResultKey":{"key":"42"}}}}}))
 
-      expect(service(bamboo_url: 'http://gitlab.com/').build_page('123', 'unused')).to eq('http://gitlab.com/browse/42')
+      expect(service(bamboo_url: 'http://gitlab.com/bamboo/').build_page('123', 'unused')).to eq('http://gitlab.com/bamboo/browse/42')
     end
   end
 
@@ -192,7 +192,7 @@ describe BambooService, models: true do
     end
   end
 
-  def service(bamboo_url: 'http://gitlab.com')
+  def service(bamboo_url: 'http://gitlab.com/bamboo')
     described_class.create(
       project: create(:empty_project),
       properties: {
@@ -205,7 +205,7 @@ describe BambooService, models: true do
   end
 
   def stub_request(status: 200, body: nil, build_state: 'success')
-    bamboo_full_url = 'http://mic:password@gitlab.com/rest/api/latest/result?label=123&os_authType=basic'
+    bamboo_full_url = 'http://mic:password@gitlab.com/bamboo/rest/api/latest/result?label=123&os_authType=basic'
     body ||= %Q({"results":{"results":{"result":{"buildState":"#{build_state}"}}}})
 
     WebMock.stub_request(:get, bamboo_full_url).to_return(
diff --git a/spec/models/project_services/teamcity_service_spec.rb b/spec/models/project_services/teamcity_service_spec.rb
index 24a708ca849..474715d24c3 100644
--- a/spec/models/project_services/teamcity_service_spec.rb
+++ b/spec/models/project_services/teamcity_service_spec.rb
@@ -126,19 +126,19 @@ describe TeamcityService, models: true do
     it 'returns a specific URL when status is 500' do
       stub_request(status: 500)
 
-      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/viewLog.html?buildTypeId=foo')
+      expect(service.build_page('123', 'unused')).to eq('http://gitlab.com/teamcity/viewLog.html?buildTypeId=foo')
     end
 
     it 'returns a build URL when teamcity_url has no trailing slash' do
       stub_request(body: %Q({"build":{"id":"666"}}))
 
-      expect(service(teamcity_url: 'http://gitlab.com').build_page('123', 'unused')).to eq('http://gitlab.com/viewLog.html?buildId=666&buildTypeId=foo')
+      expect(service(teamcity_url: 'http://gitlab.com/teamcity').build_page('123', 'unused')).to eq('http://gitlab.com/teamcity/viewLog.html?buildId=666&buildTypeId=foo')
     end
 
     it 'returns a build URL when teamcity_url has a trailing slash' do
       stub_request(body: %Q({"build":{"id":"666"}}))
 
-      expect(service(teamcity_url: 'http://gitlab.com/').build_page('123', 'unused')).to eq('http://gitlab.com/viewLog.html?buildId=666&buildTypeId=foo')
+      expect(service(teamcity_url: 'http://gitlab.com/teamcity/').build_page('123', 'unused')).to eq('http://gitlab.com/teamcity/viewLog.html?buildId=666&buildTypeId=foo')
     end
   end
 
@@ -180,7 +180,7 @@ describe TeamcityService, models: true do
     end
   end
 
-  def service(teamcity_url: 'http://gitlab.com')
+  def service(teamcity_url: 'http://gitlab.com/teamcity')
     described_class.create(
       project: create(:empty_project),
       properties: {
@@ -193,7 +193,7 @@ describe TeamcityService, models: true do
   end
 
   def stub_request(status: 200, body: nil, build_status: 'success')
-    teamcity_full_url = 'http://mic:password@gitlab.com/httpAuth/app/rest/builds/branch:unspecified:any,number:123'
+    teamcity_full_url = 'http://mic:password@gitlab.com/teamcity/httpAuth/app/rest/builds/branch:unspecified:any,number:123'
     body ||= %Q({"build":{"status":"#{build_status}","id":"666"}})
 
     WebMock.stub_request(:get, teamcity_full_url).to_return(
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index f3590f72cfe..fedab1f913b 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -28,6 +28,8 @@ describe Project, models: true do
     it { is_expected.to have_many(:runners) }
     it { is_expected.to have_many(:variables) }
     it { is_expected.to have_many(:triggers) }
+    it { is_expected.to have_many(:environments).dependent(:destroy) }
+    it { is_expected.to have_many(:deployments).dependent(:destroy) }
     it { is_expected.to have_many(:todos).dependent(:destroy) }
   end
 
@@ -53,7 +55,6 @@ describe Project, models: true do
     it { is_expected.to validate_length_of(:path).is_within(0..255) }
     it { is_expected.to validate_length_of(:description).is_within(0..2000) }
     it { is_expected.to validate_presence_of(:creator) }
-    it { is_expected.to validate_length_of(:issues_tracker_id).is_within(0..255) }
     it { is_expected.to validate_presence_of(:namespace) }
 
     it 'should not allow new projects beyond user limits' do
@@ -90,11 +91,17 @@ describe Project, models: true do
     it { is_expected.to respond_to(:repo_exists?) }
     it { is_expected.to respond_to(:update_merge_requests) }
     it { is_expected.to respond_to(:execute_hooks) }
-    it { is_expected.to respond_to(:name_with_namespace) }
     it { is_expected.to respond_to(:owner) }
     it { is_expected.to respond_to(:path_with_namespace) }
   end
 
+  describe '#name_with_namespace' do
+    let(:project) { build_stubbed(:empty_project) }
+
+    it { expect(project.name_with_namespace).to eq "#{project.namespace.human_name} / #{project.name}" }
+    it { expect(project.human_name).to eq project.name_with_namespace }
+  end
+
   describe '#to_reference' do
     let(:project) { create(:empty_project) }
 
@@ -321,27 +328,6 @@ describe Project, models: true do
     end
   end
 
-  describe :can_have_issues_tracker_id? do
-    let(:project) { create(:project) }
-    let(:ext_project) { create(:redmine_project) }
-
-    it 'should be true for projects with external issues tracker if issues enabled' do
-      expect(ext_project.can_have_issues_tracker_id?).to be_truthy
-    end
-
-    it 'should be false for projects with internal issue tracker if issues enabled' do
-      expect(project.can_have_issues_tracker_id?).to be_falsey
-    end
-
-    it 'should be always false if issues disabled' do
-      project.issues_enabled = false
-      ext_project.issues_enabled = false
-
-      expect(project.can_have_issues_tracker_id?).to be_falsey
-      expect(ext_project.can_have_issues_tracker_id?).to be_falsey
-    end
-  end
-
   describe :open_branches do
     let(:project) { create(:project) }
 
diff --git a/spec/models/project_team_spec.rb b/spec/models/project_team_spec.rb
index bacb17a8883..9262aeb6ed8 100644
--- a/spec/models/project_team_spec.rb
+++ b/spec/models/project_team_spec.rb
@@ -29,6 +29,9 @@ describe ProjectTeam, models: true do
       it { expect(project.team.master?(nonmember)).to be_falsey }
       it { expect(project.team.member?(nonmember)).to be_falsey }
       it { expect(project.team.member?(guest)).to be_truthy }
+      it { expect(project.team.member?(reporter, Gitlab::Access::REPORTER)).to be_truthy }
+      it { expect(project.team.member?(guest, Gitlab::Access::REPORTER)).to be_falsey }
+      it { expect(project.team.member?(nonmember, Gitlab::Access::GUEST)).to be_falsey }
     end
   end
 
@@ -64,50 +67,48 @@ describe ProjectTeam, models: true do
       it { expect(project.team.master?(nonmember)).to be_falsey }
       it { expect(project.team.member?(nonmember)).to be_falsey }
       it { expect(project.team.member?(guest)).to be_truthy }
+      it { expect(project.team.member?(guest, Gitlab::Access::MASTER)).to be_truthy }
+      it { expect(project.team.member?(reporter, Gitlab::Access::MASTER)).to be_falsey }
+      it { expect(project.team.member?(nonmember, Gitlab::Access::GUEST)).to be_falsey }
     end
   end
 
-  describe :max_invited_level do
-    let(:group) { create(:group) }
-    let(:project) { create(:empty_project) }
-
-    before do
-      project.project_group_links.create(
-        group: group,
-        group_access: Gitlab::Access::DEVELOPER
-      )
-
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-    end
-
-    it { expect(project.team.max_invited_level(master.id)).to eq(Gitlab::Access::DEVELOPER) }
-    it { expect(project.team.max_invited_level(reporter.id)).to eq(Gitlab::Access::REPORTER) }
-    it { expect(project.team.max_invited_level(nonmember.id)).to be_nil }
-  end
-
-  describe :max_member_access do
-    let(:group) { create(:group) }
-    let(:project) { create(:empty_project) }
-
-    before do
-      project.project_group_links.create(
-        group: group,
-        group_access: Gitlab::Access::DEVELOPER
-      )
-
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
+  describe '#find_member' do
+    context 'personal project' do
+      let(:project) { create(:empty_project) }
+      let(:requester) { create(:user) }
+
+      before do
+        project.team << [master, :master]
+        project.team << [reporter, :reporter]
+        project.team << [guest, :guest]
+        project.request_access(requester)
+      end
+
+      it { expect(project.team.find_member(master.id)).to be_a(ProjectMember) }
+      it { expect(project.team.find_member(reporter.id)).to be_a(ProjectMember) }
+      it { expect(project.team.find_member(guest.id)).to be_a(ProjectMember) }
+      it { expect(project.team.find_member(nonmember.id)).to be_nil }
+      it { expect(project.team.find_member(requester.id)).to be_nil }
     end
 
-    it { expect(project.team.max_member_access(master.id)).to eq(Gitlab::Access::DEVELOPER) }
-    it { expect(project.team.max_member_access(reporter.id)).to eq(Gitlab::Access::REPORTER) }
-    it { expect(project.team.max_member_access(nonmember.id)).to be_nil }
-
-    it "does not have an access" do
-      project.namespace.update(share_with_group_lock: true)
-      expect(project.team.max_member_access(master.id)).to be_nil
-      expect(project.team.max_member_access(reporter.id)).to be_nil
+    context 'group project' do
+      let(:group) { create(:group) }
+      let(:project) { create(:empty_project, group: group) }
+      let(:requester) { create(:user) }
+
+      before do
+        group.add_master(master)
+        group.add_reporter(reporter)
+        group.add_guest(guest)
+        group.request_access(requester)
+      end
+
+      it { expect(project.team.find_member(master.id)).to be_a(GroupMember) }
+      it { expect(project.team.find_member(reporter.id)).to be_a(GroupMember) }
+      it { expect(project.team.find_member(guest.id)).to be_a(GroupMember) }
+      it { expect(project.team.find_member(nonmember.id)).to be_nil }
+      it { expect(project.team.find_member(requester.id)).to be_nil }
     end
   end
 
@@ -132,4 +133,69 @@ describe ProjectTeam, models: true do
       expect(project.team.human_max_access(user.id)).to eq 'Owner'
     end
   end
+
+  describe '#max_member_access' do
+    let(:requester) { create(:user) }
+
+    context 'personal project' do
+      let(:project) { create(:empty_project) }
+
+      context 'when project is not shared with group' do
+        before do
+          project.team << [master, :master]
+          project.team << [reporter, :reporter]
+          project.team << [guest, :guest]
+          project.request_access(requester)
+        end
+
+        it { expect(project.team.max_member_access(master.id)).to eq(Gitlab::Access::MASTER) }
+        it { expect(project.team.max_member_access(reporter.id)).to eq(Gitlab::Access::REPORTER) }
+        it { expect(project.team.max_member_access(guest.id)).to eq(Gitlab::Access::GUEST) }
+        it { expect(project.team.max_member_access(nonmember.id)).to be_nil }
+        it { expect(project.team.max_member_access(requester.id)).to be_nil }
+      end
+
+      context 'when project is shared with group' do
+        before do
+          group = create(:group)
+          project.project_group_links.create(
+            group: group,
+            group_access: Gitlab::Access::DEVELOPER)
+
+          group.add_master(master)
+          group.add_reporter(reporter)
+        end
+
+        it { expect(project.team.max_member_access(master.id)).to eq(Gitlab::Access::DEVELOPER) }
+        it { expect(project.team.max_member_access(reporter.id)).to eq(Gitlab::Access::REPORTER) }
+        it { expect(project.team.max_member_access(nonmember.id)).to be_nil }
+        it { expect(project.team.max_member_access(requester.id)).to be_nil }
+
+        context 'but share_with_group_lock is true' do
+          before { project.namespace.update(share_with_group_lock: true) }
+
+          it { expect(project.team.max_member_access(master.id)).to be_nil }
+          it { expect(project.team.max_member_access(reporter.id)).to be_nil }
+        end
+      end
+    end
+
+    context 'group project' do
+      let(:group) { create(:group) }
+      let(:project) { create(:empty_project, group: group) }
+
+      before do
+        group.add_master(master)
+        group.add_reporter(reporter)
+        group.add_guest(guest)
+        group.request_access(requester)
+      end
+
+      it { expect(project.team.max_member_access(master.id)).to eq(Gitlab::Access::MASTER) }
+      it { expect(project.team.max_member_access(reporter.id)).to eq(Gitlab::Access::REPORTER) }
+      it { expect(project.team.max_member_access(guest.id)).to eq(Gitlab::Access::GUEST) }
+      it { expect(project.team.max_member_access(nonmember.id)).to be_nil }
+      it { expect(project.team.max_member_access(requester.id)).to be_nil }
+    end
+  end
 end
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb
index 6cb7be188ef..ac85f340922 100644
--- a/spec/requests/api/builds_spec.rb
+++ b/spec/requests/api/builds_spec.rb
@@ -241,4 +241,30 @@ describe API::API, api: true  do
       end
     end
   end
+
+  describe 'POST /projects/:id/builds/:build_id/artifacts/keep' do
+    before do
+      post api("/projects/#{project.id}/builds/#{build.id}/artifacts/keep", user)
+    end
+
+    context 'artifacts did not expire' do
+      let(:build) do
+        create(:ci_build, :trace, :artifacts, :success,
+               project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days)
+      end
+
+      it 'keeps artifacts' do
+        expect(response.status).to eq 200
+        expect(build.reload.artifacts_expire_at).to be_nil
+      end
+    end
+
+    context 'no artifacts' do
+      let(:build) { create(:ci_build, project: project, pipeline: pipeline) }
+
+      it 'responds with not found' do
+        expect(response.status).to eq 404
+      end
+    end
+  end
 end
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index bb926172593..59e557c5b2a 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -5,6 +5,7 @@ describe API::API, api: true  do
   let(:user)        { create(:user) }
   let(:user2)       { create(:user) }
   let(:non_member)  { create(:user) }
+  let(:guest)       { create(:user) }
   let(:author)      { create(:author) }
   let(:assignee)    { create(:assignee) }
   let(:admin)       { create(:user, :admin) }
@@ -41,7 +42,10 @@ describe API::API, api: true  do
   end
   let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
 
-  before { project.team << [user, :reporter] }
+  before do
+    project.team << [user, :reporter]
+    project.team << [guest, :guest]
+  end
 
   describe "GET /issues" do
     context "when unauthenticated" do
@@ -144,6 +148,14 @@ describe API::API, api: true  do
       expect(json_response.first['title']).to eq(issue.title)
     end
 
+    it 'should return project issues without confidential issues for project members with guest role' do
+      get api("#{base_url}/issues", guest)
+      expect(response.status).to eq(200)
+      expect(json_response).to be_an Array
+      expect(json_response.length).to eq(2)
+      expect(json_response.first['title']).to eq(issue.title)
+    end
+
     it 'should return project confidential issues for author' do
       get api("#{base_url}/issues", author)
       expect(response.status).to eq(200)
@@ -278,6 +290,11 @@ describe API::API, api: true  do
         expect(response.status).to eq(404)
       end
 
+      it "should return 404 for project members with guest role" do
+        get api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest)
+        expect(response.status).to eq(404)
+      end
+
       it "should return confidential issue for project members" do
         get api("/projects/#{project.id}/issues/#{confidential_issue.id}", user)
         expect(response.status).to eq(200)
@@ -413,6 +430,12 @@ describe API::API, api: true  do
         expect(response.status).to eq(403)
       end
 
+      it "should return 403 for project members with guest role" do
+        put api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest),
+          title: 'updated title'
+        expect(response.status).to eq(403)
+      end
+
       it "should update a confidential issue for project members" do
         put api("/projects/#{project.id}/issues/#{confidential_issue.id}", user),
           title: 'updated title'
diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb
index 241995041bb..0154d1c62cc 100644
--- a/spec/requests/api/milestones_spec.rb
+++ b/spec/requests/api/milestones_spec.rb
@@ -146,6 +146,7 @@ describe API::API, api: true  do
       let(:milestone) { create(:milestone, project: public_project) }
       let(:issue) { create(:issue, project: public_project) }
       let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
+
       before do
         public_project.team << [user, :developer]
         milestone.issues << issue << confidential_issue
@@ -160,6 +161,18 @@ describe API::API, api: true  do
         expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
       end
 
+      it 'does not return confidential issues to team members with guest role' do
+        member = create(:user)
+        project.team << [member, :guest]
+
+        get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", member)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+      end
+
       it 'does not return confidential issues to regular users' do
         get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
 
diff --git a/spec/requests/ci/api/builds_spec.rb b/spec/requests/ci/api/builds_spec.rb
index e8508f8f950..7e50bea90d1 100644
--- a/spec/requests/ci/api/builds_spec.rb
+++ b/spec/requests/ci/api/builds_spec.rb
@@ -364,6 +364,42 @@ describe Ci::API::API do
             end
           end
 
+          context 'with an expire date' do
+            let!(:artifacts) { file_upload }
+
+            let(:post_data) do
+              { 'file.path' => artifacts.path,
+                'file.name' => artifacts.original_filename,
+                'expire_in' => expire_in }
+            end
+
+            before do
+              post(post_url, post_data, headers_with_token)
+            end
+
+            context 'with an expire_in given' do
+              let(:expire_in) { '7 days' }
+
+              it 'updates when specified' do
+                build.reload
+                expect(response.status).to eq(201)
+                expect(json_response['artifacts_expire_at']).not_to be_empty
+                expect(build.artifacts_expire_at).to be_within(5.minutes).of(Time.now + 7.days)
+              end
+            end
+
+            context 'with no expire_in given' do
+              let(:expire_in) { nil }
+
+              it 'ignores if not specified' do
+                build.reload
+                expect(response.status).to eq(201)
+                expect(json_response['artifacts_expire_at']).to be_nil
+                expect(build.artifacts_expire_at).to be_nil
+              end
+            end
+          end
+
           context "artifacts file is too large" do
             it "should fail to post too large artifact" do
               stub_application_setting(max_artifacts_size: 0)
diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb
index c44a4a7a1fc..fd26ca97818 100644
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -340,7 +340,7 @@ describe 'Git HTTP requests', lib: true do
       end
     end
 
-    context "when the file exists" do
+    context "when the file does not exist" do
       before { get "/#{project.path_with_namespace}/blob/master/info/refs" }
 
       it "returns not found" do
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
index c995993a853..d2d4a9eca18 100644
--- a/spec/requests/jwt_controller_spec.rb
+++ b/spec/requests/jwt_controller_spec.rb
@@ -44,7 +44,7 @@ describe JwtController do
       let(:user) { create(:user) }
       let(:headers) { { authorization: credentials('user', 'password') } }
 
-      before { expect(Gitlab::Auth).to receive(:find_in_gitlab_or_ldap).with('user', 'password').and_return(user) }
+      before { expect(Gitlab::Auth).to receive(:find_with_user_password).with('user', 'password').and_return(user) }
 
       subject! { get '/jwt/auth', parameters, headers }
 
diff --git a/spec/services/ci/register_build_service_spec.rb b/spec/services/ci/register_build_service_spec.rb
index d91fc574299..f28f2f1438d 100644
--- a/spec/services/ci/register_build_service_spec.rb
+++ b/spec/services/ci/register_build_service_spec.rb
@@ -45,11 +45,73 @@ module Ci
         end
       end
 
+      context 'deleted projects' do
+        before do
+          project.update(pending_delete: true)
+        end
+
+        context 'for shared runners' do
+          before do
+            project.update(shared_runners_enabled: true)
+          end
+
+          it 'does not pick a build' do
+            expect(service.execute(shared_runner)).to be_nil
+          end
+        end
+
+        context 'for specific runner' do
+          it 'does not pick a build' do
+            expect(service.execute(specific_runner)).to be_nil
+          end
+        end
+      end
+
       context 'allow shared runners' do
         before do
           project.update(shared_runners_enabled: true)
         end
 
+        context 'for multiple builds' do
+          let!(:project2) { create :empty_project, shared_runners_enabled: true }
+          let!(:pipeline2) { create :ci_pipeline, project: project2 }
+          let!(:project3) { create :empty_project, shared_runners_enabled: true }
+          let!(:pipeline3) { create :ci_pipeline, project: project3 }
+          let!(:build1_project1) { pending_build }
+          let!(:build2_project1) { FactoryGirl.create :ci_build, pipeline: pipeline }
+          let!(:build3_project1) { FactoryGirl.create :ci_build, pipeline: pipeline }
+          let!(:build1_project2) { FactoryGirl.create :ci_build, pipeline: pipeline2 }
+          let!(:build2_project2) { FactoryGirl.create :ci_build, pipeline: pipeline2 }
+          let!(:build1_project3) { FactoryGirl.create :ci_build, pipeline: pipeline3 }
+
+          it 'prefers projects without builds first' do
+            # it gets for one build from each of the projects
+            expect(service.execute(shared_runner)).to eq(build1_project1)
+            expect(service.execute(shared_runner)).to eq(build1_project2)
+            expect(service.execute(shared_runner)).to eq(build1_project3)
+
+            # then it gets a second build from each of the projects
+            expect(service.execute(shared_runner)).to eq(build2_project1)
+            expect(service.execute(shared_runner)).to eq(build2_project2)
+
+            # in the end the third build
+            expect(service.execute(shared_runner)).to eq(build3_project1)
+          end
+
+          it 'equalises number of running builds' do
+            # after finishing the first build for project 1, get a second build from the same project
+            expect(service.execute(shared_runner)).to eq(build1_project1)
+            build1_project1.success
+            expect(service.execute(shared_runner)).to eq(build2_project1)
+
+            expect(service.execute(shared_runner)).to eq(build1_project2)
+            build1_project2.success
+            expect(service.execute(shared_runner)).to eq(build2_project2)
+            expect(service.execute(shared_runner)).to eq(build1_project3)
+            expect(service.execute(shared_runner)).to eq(build3_project1)
+          end
+        end
+
         context 'shared runner' do
           let(:build) { service.execute(shared_runner) }
 
diff --git a/spec/services/create_deployment_service_spec.rb b/spec/services/create_deployment_service_spec.rb
new file mode 100644
index 00000000000..654e441f3cd
--- /dev/null
+++ b/spec/services/create_deployment_service_spec.rb
@@ -0,0 +1,119 @@
+require 'spec_helper'
+
+describe CreateDeploymentService, services: true do
+  let(:project) { create(:empty_project) }
+  let(:user) { create(:user) }
+
+  let(:service) { described_class.new(project, user, params) }
+
+  describe '#execute' do
+    let(:params) do
+      { environment: 'production',
+        ref: 'master',
+        tag: false,
+        sha: '97de212e80737a608d939f648d959671fb0a0142',
+      }
+    end
+
+    subject { service.execute }
+
+    context 'when no environments exist' do
+      it 'does create a new environment' do
+        expect { subject }.to change { Environment.count }.by(1)
+      end
+
+      it 'does create a deployment' do
+        expect(subject).to be_persisted
+      end
+    end
+
+    context 'when environment exist' do
+      before { create(:environment, project: project, name: 'production') }
+
+      it 'does not create a new environment' do
+        expect { subject }.not_to change { Environment.count }
+      end
+
+      it 'does create a deployment' do
+        expect(subject).to be_persisted
+      end
+    end
+
+    context 'for environment with invalid name' do
+      let(:params) do
+        { environment: 'name with spaces',
+          ref: 'master',
+          tag: false,
+          sha: '97de212e80737a608d939f648d959671fb0a0142',
+        }
+      end
+
+      it 'does not create a new environment' do
+        expect { subject }.not_to change { Environment.count }
+      end
+
+      it 'does not create a deployment' do
+        expect(subject).not_to be_persisted
+      end
+    end
+  end
+  
+  describe 'processing of builds' do
+    let(:environment) { nil }
+    
+    shared_examples 'does not create environment and deployment' do
+      it 'does not create a new environment' do
+        expect { subject }.not_to change { Environment.count }
+      end
+
+      it 'does not create a new deployment' do
+        expect { subject }.not_to change { Deployment.count }
+      end
+
+      it 'does not call a service' do
+        expect_any_instance_of(described_class).not_to receive(:execute)
+        subject
+      end
+    end
+
+    shared_examples 'does create environment and deployment' do
+      it 'does create a new environment' do
+        expect { subject }.to change { Environment.count }.by(1)
+      end
+
+      it 'does create a new deployment' do
+        expect { subject }.to change { Deployment.count }.by(1)
+      end
+
+      it 'does call a service' do
+        expect_any_instance_of(described_class).to receive(:execute)
+        subject
+      end
+    end
+
+    context 'without environment specified' do
+      let(:build) { create(:ci_build, project: project) }
+      
+      it_behaves_like 'does not create environment and deployment' do
+        subject { build.success }
+      end
+    end
+    
+    context 'when environment is specified' do
+      let(:pipeline) { create(:ci_pipeline, project: project) }
+      let(:build) { create(:ci_build, pipeline: pipeline, environment: 'production') }
+
+      context 'when build succeeds' do
+        it_behaves_like 'does create environment and deployment' do
+          subject { build.success }
+        end
+      end
+
+      context 'when build fails' do
+        it_behaves_like 'does not create environment and deployment' do
+          subject { build.drop }
+        end
+      end
+    end
+  end
+end
diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb
index b99e02ba678..e871a103d42 100644
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
@@ -132,12 +132,14 @@ describe NotificationService, services: true do
       let(:assignee) { create(:user) }
       let(:non_member) { create(:user) }
       let(:member) { create(:user) }
+      let(:guest) { create(:user) }
       let(:admin) { create(:admin) }
       let(:confidential_issue) { create(:issue, :confidential, project: project, author: author, assignee: assignee) }
       let(:note) { create(:note_on_issue, noteable: confidential_issue, project: project, note: "#{author.to_reference} #{assignee.to_reference} #{non_member.to_reference} #{member.to_reference} #{admin.to_reference}") }
 
       it 'filters out users that can not read the issue' do
         project.team << [member, :developer]
+        project.team << [guest, :guest]
 
         expect(SentNotification).to receive(:record).with(confidential_issue, any_args).exactly(4).times
 
@@ -146,6 +148,7 @@ describe NotificationService, services: true do
         notification.new_note(note)
 
         should_not_email(non_member)
+        should_not_email(guest)
         should_email(author)
         should_email(assignee)
         should_email(member)
@@ -322,17 +325,20 @@ describe NotificationService, services: true do
         let(:assignee) { create(:user) }
         let(:non_member) { create(:user) }
         let(:member) { create(:user) }
+        let(:guest) { create(:user) }
         let(:admin) { create(:admin) }
         let(:confidential_issue) { create(:issue, :confidential, project: project, title: 'Confidential issue', author: author, assignee: assignee) }
 
         it "emails subscribers of the issue's labels that can read the issue" do
           project.team << [member, :developer]
+          project.team << [guest, :guest]
 
           label = create(:label, issues: [confidential_issue])
           label.toggle_subscription(non_member)
           label.toggle_subscription(author)
           label.toggle_subscription(assignee)
           label.toggle_subscription(member)
+          label.toggle_subscription(guest)
           label.toggle_subscription(admin)
 
           ActionMailer::Base.deliveries.clear
@@ -341,6 +347,7 @@ describe NotificationService, services: true do
 
           should_not_email(non_member)
           should_not_email(author)
+          should_not_email(guest)
           should_email(assignee)
           should_email(member)
           should_email(admin)
@@ -490,6 +497,7 @@ describe NotificationService, services: true do
         let(:assignee) { create(:user) }
         let(:non_member) { create(:user) }
         let(:member) { create(:user) }
+        let(:guest) { create(:user) }
         let(:admin) { create(:admin) }
         let(:confidential_issue) { create(:issue, :confidential, project: project, title: 'Confidential issue', author: author, assignee: assignee) }
         let!(:label_1) { create(:label, issues: [confidential_issue]) }
@@ -497,11 +505,13 @@ describe NotificationService, services: true do
 
         it "emails subscribers of the issue's labels that can read the issue" do
           project.team << [member, :developer]
+          project.team << [guest, :guest]
 
           label_2.toggle_subscription(non_member)
           label_2.toggle_subscription(author)
           label_2.toggle_subscription(assignee)
           label_2.toggle_subscription(member)
+          label_2.toggle_subscription(guest)
           label_2.toggle_subscription(admin)
 
           ActionMailer::Base.deliveries.clear
@@ -509,6 +519,7 @@ describe NotificationService, services: true do
           notification.relabeled_issue(confidential_issue, [label_2], @u_disabled)
 
           should_not_email(non_member)
+          should_not_email(guest)
           should_email(author)
           should_email(assignee)
           should_email(member)
diff --git a/spec/services/projects/autocomplete_service_spec.rb b/spec/services/projects/autocomplete_service_spec.rb
index 6108c26a78b..0971fec2e9f 100644
--- a/spec/services/projects/autocomplete_service_spec.rb
+++ b/spec/services/projects/autocomplete_service_spec.rb
@@ -33,6 +33,18 @@ describe Projects::AutocompleteService, services: true do
         expect(issues.count).to eq 1
       end
 
+      it 'should not list project confidential issues for project members with guest role' do
+        project.team << [member, :guest]
+
+        autocomplete = described_class.new(project, non_member)
+        issues = autocomplete.issues.map(&:iid)
+
+        expect(issues).to include issue.iid
+        expect(issues).not_to include security_issue_1.iid
+        expect(issues).not_to include security_issue_2.iid
+        expect(issues.count).to eq 1
+      end
+
       it 'should list project confidential issues for author' do
         autocomplete = described_class.new(project, author)
         issues = autocomplete.issues.map(&:iid)
diff --git a/spec/services/todo_service_spec.rb b/spec/services/todo_service_spec.rb
index 489c920f19f..26f09cdbaf9 100644
--- a/spec/services/todo_service_spec.rb
+++ b/spec/services/todo_service_spec.rb
@@ -5,13 +5,15 @@ describe TodoService, services: true do
   let(:assignee) { create(:user) }
   let(:non_member) { create(:user) }
   let(:member) { create(:user) }
+  let(:guest) { create(:user) }
   let(:admin) { create(:admin) }
   let(:john_doe) { create(:user) }
   let(:project) { create(:project) }
-  let(:mentions) { [author, assignee, john_doe, member, non_member, admin].map(&:to_reference).join(' ') }
+  let(:mentions) { [author, assignee, john_doe, member, guest, non_member, admin].map(&:to_reference).join(' ') }
   let(:service) { described_class.new }
 
   before do
+    project.team << [guest, :guest]
     project.team << [author, :developer]
     project.team << [member, :developer]
     project.team << [john_doe, :developer]
@@ -41,18 +43,20 @@ describe TodoService, services: true do
         service.new_issue(issue, author)
 
         should_create_todo(user: member, target: issue, action: Todo::MENTIONED)
+        should_create_todo(user: guest, target: issue, action: Todo::MENTIONED)
         should_not_create_todo(user: author, target: issue, action: Todo::MENTIONED)
         should_not_create_todo(user: john_doe, target: issue, action: Todo::MENTIONED)
         should_not_create_todo(user: non_member, target: issue, action: Todo::MENTIONED)
       end
 
-      it 'does not create todo for non project members when issue is confidential' do
+      it 'does not create todo if user can not see the issue when issue is confidential' do
         service.new_issue(confidential_issue, john_doe)
 
         should_create_todo(user: assignee, target: confidential_issue, author: john_doe, action: Todo::ASSIGNED)
         should_create_todo(user: author, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_create_todo(user: member, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_create_todo(user: admin, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
+        should_not_create_todo(user: guest, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_not_create_todo(user: john_doe, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
       end
 
@@ -81,6 +85,7 @@ describe TodoService, services: true do
         service.update_issue(issue, author)
 
         should_create_todo(user: member, target: issue, action: Todo::MENTIONED)
+        should_create_todo(user: guest, target: issue, action: Todo::MENTIONED)
         should_create_todo(user: john_doe, target: issue, action: Todo::MENTIONED)
         should_not_create_todo(user: author, target: issue, action: Todo::MENTIONED)
         should_not_create_todo(user: non_member, target: issue, action: Todo::MENTIONED)
@@ -92,13 +97,14 @@ describe TodoService, services: true do
         expect { service.update_issue(issue, author) }.not_to change(member.todos, :count)
       end
 
-      it 'does not create todo for non project members when issue is confidential' do
+      it 'does not create todo if user can not see the issue when issue is confidential' do
         service.update_issue(confidential_issue, john_doe)
 
         should_create_todo(user: author, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_create_todo(user: assignee, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_create_todo(user: member, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_create_todo(user: admin, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
+        should_not_create_todo(user: guest, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_not_create_todo(user: john_doe, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
       end
 
@@ -192,18 +198,20 @@ describe TodoService, services: true do
         service.new_note(note, john_doe)
 
         should_create_todo(user: member, target: issue, author: john_doe, action: Todo::MENTIONED, note: note)
+        should_create_todo(user: guest, target: issue, author: john_doe, action: Todo::MENTIONED, note: note)
         should_create_todo(user: author, target: issue, author: john_doe, action: Todo::MENTIONED, note: note)
         should_not_create_todo(user: john_doe, target: issue, author: john_doe, action: Todo::MENTIONED, note: note)
         should_not_create_todo(user: non_member, target: issue, author: john_doe, action: Todo::MENTIONED, note: note)
       end
 
-      it 'does not create todo for non project members when leaving a note on a confidential issue' do
+      it 'does not create todo if user can not see the issue when leaving a note on a confidential issue' do
         service.new_note(note_on_confidential_issue, john_doe)
 
         should_create_todo(user: author, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
         should_create_todo(user: assignee, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
         should_create_todo(user: member, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
         should_create_todo(user: admin, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
+        should_not_create_todo(user: guest, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
         should_not_create_todo(user: john_doe, target: confidential_issue, author: john_doe, action: Todo::MENTIONED, note: note_on_confidential_issue)
       end
 
@@ -220,6 +228,14 @@ describe TodoService, services: true do
         should_not_create_any_todo { service.new_note(note_on_project_snippet, john_doe) }
       end
     end
+
+    describe '#mark_todo' do
+      it 'creates a todo from a issue' do
+        service.mark_todo(unassigned_issue, author)
+
+        should_create_todo(user: author, target: unassigned_issue, action: Todo::MARKED)
+      end
+    end
   end
 
   describe 'Merge Requests' do
@@ -245,6 +261,7 @@ describe TodoService, services: true do
         service.new_merge_request(mr_assigned, author)
 
         should_create_todo(user: member, target: mr_assigned, action: Todo::MENTIONED)
+        should_create_todo(user: guest, target: mr_assigned, action: Todo::MENTIONED)
         should_not_create_todo(user: author, target: mr_assigned, action: Todo::MENTIONED)
         should_not_create_todo(user: john_doe, target: mr_assigned, action: Todo::MENTIONED)
         should_not_create_todo(user: non_member, target: mr_assigned, action: Todo::MENTIONED)
@@ -256,6 +273,7 @@ describe TodoService, services: true do
         service.update_merge_request(mr_assigned, author)
 
         should_create_todo(user: member, target: mr_assigned, action: Todo::MENTIONED)
+        should_create_todo(user: guest, target: mr_assigned, action: Todo::MENTIONED)
         should_create_todo(user: john_doe, target: mr_assigned, action: Todo::MENTIONED)
         should_not_create_todo(user: author, target: mr_assigned, action: Todo::MENTIONED)
         should_not_create_todo(user: non_member, target: mr_assigned, action: Todo::MENTIONED)
@@ -351,6 +369,14 @@ describe TodoService, services: true do
         expect(second_todo.reload).not_to be_done
       end
     end
+
+    describe '#mark_todo' do
+      it 'creates a todo from a merge request' do
+        service.mark_todo(mr_unassigned, author)
+
+        should_create_todo(user: author, target: mr_unassigned, action: Todo::MARKED)
+      end
+    end
   end
 
   def should_create_todo(attributes = {})
diff --git a/spec/support/test_env.rb b/spec/support/test_env.rb
index 71664bb192e..498bd4bf800 100644
--- a/spec/support/test_env.rb
+++ b/spec/support/test_env.rb
@@ -16,6 +16,7 @@ module TestEnv
     'master'           => '5937ac0',
     "'test'"           => 'e56497b',
     'orphaned-branch'  => '45127a9',
+    'binary-encoding'  => '7b1cf43',
   }
 
   # gitlab-test-fork is a fork of gitlab-fork, but we don't necessarily
diff --git a/spec/workers/expire_build_artifacts_worker_spec.rb b/spec/workers/expire_build_artifacts_worker_spec.rb
new file mode 100644
index 00000000000..e3827cae9a6
--- /dev/null
+++ b/spec/workers/expire_build_artifacts_worker_spec.rb
@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe ExpireBuildArtifactsWorker do
+  include RepoHelpers
+
+  let(:worker) { described_class.new }
+
+  describe '#perform' do
+    before { build }
+
+    subject! { worker.perform }
+
+    context 'with expired artifacts' do
+      let(:build) { create(:ci_build, :artifacts, artifacts_expire_at: Time.now - 7.days) }
+
+      it 'does expire' do
+        expect(build.reload.artifacts_expired?).to be_truthy
+      end
+
+      it 'does remove files' do
+        expect(build.reload.artifacts_file.exists?).to be_falsey
+      end
+    end
+
+    context 'with not yet expired artifacts' do
+      let(:build) { create(:ci_build, :artifacts, artifacts_expire_at: Time.now + 7.days) }
+
+      it 'does not expire' do
+        expect(build.reload.artifacts_expired?).to be_falsey
+      end
+
+      it 'does not remove files' do
+        expect(build.reload.artifacts_file.exists?).to be_truthy
+      end
+    end
+
+    context 'without expire date' do
+      let(:build) { create(:ci_build, :artifacts) }
+
+      it 'does not expire' do
+        expect(build.reload.artifacts_expired?).to be_falsey
+      end
+
+      it 'does not remove files' do
+        expect(build.reload.artifacts_file.exists?).to be_truthy
+      end
+    end
+
+    context 'for expired artifacts' do
+      let(:build) { create(:ci_build, artifacts_expire_at: Time.now - 7.days) }
+
+      it 'is still expired' do
+        expect(build.reload.artifacts_expired?).to be_truthy
+      end
+    end
+  end
+end
diff --git a/spec/workers/stuck_ci_builds_worker_spec.rb b/spec/workers/stuck_ci_builds_worker_spec.rb
index 665ec20f224..801fa31b45d 100644
--- a/spec/workers/stuck_ci_builds_worker_spec.rb
+++ b/spec/workers/stuck_ci_builds_worker_spec.rb
@@ -2,6 +2,7 @@ require "spec_helper"
 
 describe StuckCiBuildsWorker do
   let!(:build) { create :ci_build }
+  let(:worker) { described_class.new }
 
   subject do
     build.reload
@@ -16,13 +17,13 @@ describe StuckCiBuildsWorker do
 
       it 'gets dropped if it was updated over 2 days ago' do
         build.update!(updated_at: 2.days.ago)
-        StuckCiBuildsWorker.new.perform
+        worker.perform
         is_expected.to eq('failed')
       end
 
       it "is still #{status}" do
         build.update!(updated_at: 1.minute.ago)
-        StuckCiBuildsWorker.new.perform
+        worker.perform
         is_expected.to eq(status)
       end
     end
@@ -36,9 +37,21 @@ describe StuckCiBuildsWorker do
 
       it "is still #{status}" do
         build.update!(updated_at: 2.days.ago)
-        StuckCiBuildsWorker.new.perform
+        worker.perform
         is_expected.to eq(status)
       end
     end
   end
+
+  context "for deleted project" do
+    before do
+      build.update!(status: :running, updated_at: 2.days.ago)
+      build.project.update(pending_delete: true)
+    end
+
+    it "does not drop build" do
+      expect_any_instance_of(Ci::Build).not_to receive(:drop)
+      worker.perform
+    end
+  end
 end
author	Fatih Acet <acetfatih@gmail.com>	2016-06-16 02:04:09 +0300
committer	Fatih Acet <acetfatih@gmail.com>	2016-06-16 02:04:09 +0300
commit	fe125f8dc9925a61d20913ffdd15d2ae03cbde75 (patch)
tree	5a0671ad5f2a5c06c7ed6d6e74d8d6ff521d7f3a /spec
parent	6f8626de0609da6c789457153b2b19dc79db2c95 (diff)
parent	5d16d50cebb115773c1a16a141adab150eec8764 (diff)
download	gitlab-ce-fe125f8dc9925a61d20913ffdd15d2ae03cbde75.tar.gz