Merge branch 'master' into backstage/gb/migrate-pipeline-stages-index

* master: (106 commits)

57 files changed, 1038 insertions, 484 deletions

diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb
index de6ef919221..c621eb69171 100644
--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -125,7 +125,7 @@ describe ProfilesController, :request_store do
         user.reload
 
         expect(response.status).to eq(302)
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{new_username}/#{project.path}.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{new_username}/#{project.path}.git")).to be_truthy
       end
     end
 
@@ -143,7 +143,7 @@ describe ProfilesController, :request_store do
         user.reload
 
         expect(response.status).to eq(302)
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_truthy
         expect(before_disk_path).to eq(project.disk_path)
       end
     end
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb
index 803498d3b19..1904615778c 100644
--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -147,7 +147,8 @@ FactoryBot.define do
 
         # We delete hooks so that gitlab-shell will not try to authenticate with
         # an API that isn't running
-        FileUtils.rm_r(File.join(project.repository_storage_path, "#{project.disk_path}.git", 'hooks'))
+        project.gitlab_shell.rm_directory(project.repository_storage,
+                                          File.join("#{project.disk_path}.git", 'hooks'))
       end
     end
 
@@ -172,7 +173,8 @@ FactoryBot.define do
       after(:create) do |project|
         raise "Failed to create repository!" unless project.create_repository
 
-        FileUtils.rm_r(File.join(project.repository_storage_path, "#{project.disk_path}.git", 'refs'))
+        project.gitlab_shell.rm_directory(project.repository_storage,
+                                          File.join("#{project.disk_path}.git", 'refs'))
       end
     end
 
diff --git a/spec/features/dashboard/groups_list_spec.rb b/spec/features/dashboard/groups_list_spec.rb
index a71020002dc..ed47f7ed390 100644
--- a/spec/features/dashboard/groups_list_spec.rb
+++ b/spec/features/dashboard/groups_list_spec.rb
@@ -40,7 +40,7 @@ feature 'Dashboard Groups page', :js do
     expect(page).to have_content(nested_group.name)
   end
 
-  describe 'when filtering groups', :nested_groups do
+  context 'when filtering groups', :nested_groups do
     before do
       group.add_owner(user)
       nested_group.add_owner(user)
@@ -75,7 +75,7 @@ feature 'Dashboard Groups page', :js do
     end
   end
 
-  describe 'group with subgroups', :nested_groups do
+  context 'with subgroups', :nested_groups do
     let!(:subgroup) { create(:group, :public, parent: group) }
 
     before do
@@ -106,7 +106,7 @@ feature 'Dashboard Groups page', :js do
     end
   end
 
-  describe 'when using pagination' do
+  context 'when using pagination' do
     let(:group)  { create(:group, created_at: 5.days.ago) }
     let(:group2) { create(:group, created_at: 2.days.ago) }
 
@@ -141,4 +141,20 @@ feature 'Dashboard Groups page', :js do
       expect(page).not_to have_selector("#group-#{group2.id}")
     end
   end
+
+  context 'when signed in as admin' do
+    let(:admin) { create(:admin) }
+
+    it 'shows only groups admin is member of' do
+      group.add_owner(admin)
+      expect(another_group).to be_persisted
+
+      sign_in(admin)
+      visit dashboard_groups_path
+      wait_for_requests
+
+      expect(page).to have_content(group.name)
+      expect(page).not_to have_content(another_group.name)
+    end
+  end
 end
diff --git a/spec/features/dashboard/milestone_filter_spec.rb b/spec/features/dashboard/milestone_filter_spec.rb
index c965b565ca3..8cd57f4f327 100644
--- a/spec/features/dashboard/milestone_filter_spec.rb
+++ b/spec/features/dashboard/milestone_filter_spec.rb
@@ -10,13 +10,16 @@ feature 'Dashboard > milestone filter', :js do
   let!(:issue) { create :issue, author: user, project: project, milestone: milestone }
   let!(:issue2) { create :issue, author: user, project: project, milestone: milestone2 }
 
+  dropdown_toggle_button = '.js-milestone-select'
+
   before do
     sign_in(user)
-    visit issues_dashboard_path(author_id: user.id)
   end
 
   context 'default state' do
     it 'shows issues with Any Milestone' do
+      visit issues_dashboard_path(author_id: user.id)
+
       page.all('.issue-info').each do |issue_info|
         expect(issue_info.text).to match(/v\d.0/)
       end
@@ -24,31 +27,51 @@ feature 'Dashboard > milestone filter', :js do
   end
 
   context 'filtering by milestone' do
-    milestone_select_selector = '.js-milestone-select'
-
     before do
-      filter_item_select('v1.0', milestone_select_selector)
-      find(milestone_select_selector).click
+      visit issues_dashboard_path(author_id: user.id)
+      filter_item_select('v1.0', dropdown_toggle_button)
+      find(dropdown_toggle_button).click
       wait_for_requests
     end
 
     it 'shows issues with Milestone v1.0' do
       expect(find('.issues-list')).to have_selector('.issue', count: 1)
-      expect(find('.dropdown-content')).to have_selector('a.is-active', count: 1)
+      expect(find('.milestone-filter .dropdown-content')).to have_selector('a.is-active', count: 1)
     end
 
     it 'should not change active Milestone unless clicked' do
-      expect(find('.dropdown-content')).to have_selector('a.is-active', count: 1)
+      page.within '.milestone-filter' do
+        expect(find('.dropdown-content')).to have_selector('a.is-active', count: 1)
+
+        find('.dropdown-menu-close').click
 
-      # open & close dropdown
-      find('.dropdown-menu-close').click
+        expect(page).not_to have_selector('.dropdown.open')
+
+        find(dropdown_toggle_button).click
+
+        expect(find('.dropdown-content')).to have_selector('a.is-active', count: 1)
+        expect(find('.dropdown-content a.is-active')).to have_content('v1.0')
+      end
+    end
+  end
+
+  context 'with milestone filter in URL' do
+    before do
+      visit issues_dashboard_path(author_id: user.id, milestone_title: milestone.title)
+      find(dropdown_toggle_button).click
+      wait_for_requests
+    end
+
+    it 'has milestone selected' do
+      expect(find('.milestone-filter .dropdown-content')).to have_css('.is-active', text: milestone.title)
+    end
 
-      expect(find('.milestone-filter')).not_to have_selector('.dropdown.open')
+    it 'removes milestone filter from URL after clicking "Any Milestone"' do
+      expect(current_url).to include("milestone_title=#{milestone.title}")
 
-      find(milestone_select_selector).click
+      find('.milestone-filter .dropdown-content li', text: 'Any Milestone').click
 
-      expect(find('.dropdown-content')).to have_selector('a.is-active', count: 1)
-      expect(find('.dropdown-content a.is-active')).to have_content('v1.0')
+      expect(current_url).not_to include('milestone_title')
     end
   end
 end
diff --git a/spec/features/groups/members/manage_access_requests_spec.rb b/spec/features/groups/members/manage_access_requests_spec.rb
deleted file mode 100644
index b83cd657ef7..00000000000
--- a/spec/features/groups/members/manage_access_requests_spec.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-require 'spec_helper'
-
-feature 'Groups > Members > Manage access requests' do
-  let(:user) { create(:user) }
-  let(:owner) { create(:user) }
-  let(:group) { create(:group, :public, :access_requestable) }
-
-  background do
-    group.request_access(user)
-    group.add_owner(owner)
-    sign_in(owner)
-  end
-
-  scenario 'owner can see access requests' do
-    visit group_group_members_path(group)
-
-    expect_visible_access_request(group, user)
-  end
-
-  scenario 'owner can grant access' do
-    visit group_group_members_path(group)
-
-    expect_visible_access_request(group, user)
-
-    perform_enqueued_jobs { click_on 'Grant access' }
-
-    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
-    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was granted"
-  end
-
-  scenario 'owner can deny access' do
-    visit group_group_members_path(group)
-
-    expect_visible_access_request(group, user)
-
-    perform_enqueued_jobs { click_on 'Deny access' }
-
-    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
-    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{group.name} group was denied"
-  end
-
-  def expect_visible_access_request(group, user)
-    expect(group.requesters.exists?(user_id: user)).to be_truthy
-    expect(page).to have_content "Users requesting access to #{group.name} 1"
-    expect(page).to have_content user.name
-  end
-end
diff --git a/spec/features/groups/members/master_manages_access_requests_spec.rb b/spec/features/groups/members/master_manages_access_requests_spec.rb
new file mode 100644
index 00000000000..2fd6d1ec599
--- /dev/null
+++ b/spec/features/groups/members/master_manages_access_requests_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+feature 'Groups > Members > Master manages access requests' do
+  it_behaves_like 'Master manages access requests' do
+    let(:entity) { create(:group, :public, :access_requestable) }
+    let(:members_page_path) { group_group_members_path(entity) }
+  end
+end
diff --git a/spec/features/projects/issues/user_toggles_subscription_spec.rb b/spec/features/projects/issues/user_toggles_subscription_spec.rb
index 117a614b980..c2b2a193682 100644
--- a/spec/features/projects/issues/user_toggles_subscription_spec.rb
+++ b/spec/features/projects/issues/user_toggles_subscription_spec.rb
@@ -1,9 +1,9 @@
 require "spec_helper"
 
 describe "User toggles subscription", :js do
-  set(:project) { create(:project_empty_repo, :public) }
-  set(:user) { create(:user) }
-  set(:issue) { create(:issue, project: project, author: user) }
+  let(:project) { create(:project_empty_repo, :public) }
+  let(:user) { create(:user) }
+  let(:issue) { create(:issue, project: project, author: user) }
 
   before do
     project.add_developer(user)
@@ -12,7 +12,7 @@ describe "User toggles subscription", :js do
     visit(project_issue_path(project, issue))
   end
 
-  it "unsibscribes from issue" do
+  it "unsubscribes from issue" do
     subscription_button = find(".js-issuable-subscribe-button")
 
     # Check we're subscribed.
diff --git a/spec/features/projects/members/master_manages_access_requests_spec.rb b/spec/features/projects/members/master_manages_access_requests_spec.rb
index 1f4eec0a317..3ac6ca4fc86 100644
--- a/spec/features/projects/members/master_manages_access_requests_spec.rb
+++ b/spec/features/projects/members/master_manages_access_requests_spec.rb
@@ -1,47 +1,8 @@
 require 'spec_helper'
 
 feature 'Projects > Members > Master manages access requests' do
-  let(:user) { create(:user) }
-  let(:master) { create(:user) }
-  let(:project) { create(:project, :public, :access_requestable) }
-
-  background do
-    project.request_access(user)
-    project.add_master(master)
-    sign_in(master)
-  end
-
-  scenario 'master can see access requests' do
-    visit project_project_members_path(project)
-
-    expect_visible_access_request(project, user)
-  end
-
-  scenario 'master can grant access' do
-    visit project_project_members_path(project)
-
-    expect_visible_access_request(project, user)
-
-    perform_enqueued_jobs { click_on 'Grant access' }
-
-    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
-    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.full_name} project was granted"
-  end
-
-  scenario 'master can deny access' do
-    visit project_project_members_path(project)
-
-    expect_visible_access_request(project, user)
-
-    perform_enqueued_jobs { click_on 'Deny access' }
-
-    expect(ActionMailer::Base.deliveries.last.to).to eq [user.notification_email]
-    expect(ActionMailer::Base.deliveries.last.subject).to match "Access to the #{project.full_name} project was denied"
-  end
-
-  def expect_visible_access_request(project, user)
-    expect(project.requesters.exists?(user_id: user)).to be_truthy
-    expect(page).to have_content "Users requesting access to #{project.name} 1"
-    expect(page).to have_content user.name
+  it_behaves_like 'Master manages access requests' do
+    let(:entity) { create(:project, :public, :access_requestable) }
+    let(:members_page_path) { project_project_members_path(entity) }
   end
 end
diff --git a/spec/features/projects/tree/upload_file_spec.rb b/spec/features/projects/tree/upload_file_spec.rb
index 8e53ae15700..4dfc325b37e 100644
--- a/spec/features/projects/tree/upload_file_spec.rb
+++ b/spec/features/projects/tree/upload_file_spec.rb
@@ -35,17 +35,4 @@ feature 'Multi-file editor upload file', :js do
     expect(page).to have_selector('.multi-file-tab', text: 'doc_sample.txt')
     expect(find('.blob-editor-container .lines-content')['innerText']).to have_content(File.open(txt_file, &:readline))
   end
-
-  it 'uploads image file' do
-    find('.add-to-tree').click
-
-    # make the field visible so capybara can use it
-    execute_script('document.querySelector("#file-upload").classList.remove("hidden")')
-    attach_file('file-upload', img_file)
-
-    find('.add-to-tree').click
-
-    expect(page).to have_selector('.multi-file-tab', text: 'dk.png')
-    expect(page).not_to have_selector('.monaco-editor')
-  end
 end
diff --git a/spec/finders/groups_finder_spec.rb b/spec/finders/groups_finder_spec.rb
index abc470788e1..16c0d418d98 100644
--- a/spec/finders/groups_finder_spec.rb
+++ b/spec/finders/groups_finder_spec.rb
@@ -2,43 +2,71 @@ require 'spec_helper'
 
 describe GroupsFinder do
   describe '#execute' do
-    let(:user)            { create(:user) }
-
-    context 'root level groups' do
-      let!(:private_group)  { create(:group, :private) }
-      let!(:internal_group) { create(:group, :internal) }
-      let!(:public_group)   { create(:group, :public) }
-
-      context 'without a user' do
-        subject { described_class.new.execute }
-
-        it { is_expected.to eq([public_group]) }
+    let(:user) { create(:user) }
+
+    describe 'root level groups' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:user_type, :params, :results) do
+        nil | { all_available: true  } | %i(public_group user_public_group)
+        nil | { all_available: false  } | %i(public_group user_public_group)
+        nil | {} | %i(public_group user_public_group)
+
+        :regular | { all_available: true  } | %i(public_group internal_group user_public_group user_internal_group
+                                                 user_private_group)
+        :regular | { all_available: false  } | %i(user_public_group user_internal_group user_private_group)
+        :regular | {} | %i(public_group internal_group user_public_group user_internal_group user_private_group)
+
+        :external | { all_available: true  } | %i(public_group user_public_group user_internal_group user_private_group)
+        :external | { all_available: false  } | %i(user_public_group user_internal_group user_private_group)
+        :external | {} | %i(public_group user_public_group user_internal_group user_private_group)
+
+        :admin | { all_available: true  } | %i(public_group internal_group private_group user_public_group
+                                               user_internal_group user_private_group)
+        :admin | { all_available: false  } | %i(user_public_group user_internal_group user_private_group)
+        :admin | {} | %i(public_group internal_group private_group user_public_group user_internal_group
+                         user_private_group)
       end
 
-      context 'with a user' do
-        subject { described_class.new(user).execute }
-
-        context 'normal user' do
-          it { is_expected.to contain_exactly(public_group, internal_group) }
-        end
-
-        context 'external user' do
-          let(:user) { create(:user, external: true) }
-
-          it { is_expected.to contain_exactly(public_group) }
+      with_them do
+        before do
+          # Fixme: Because of an issue: https://github.com/tomykaira/rspec-parameterized/issues/8#issuecomment-381888428
+          # The groups need to be created here, not with let syntax, and also compared by name and not ids
+
+          @groups = {
+            private_group: create(:group, :private, name: 'private_group'),
+            internal_group: create(:group, :internal, name: 'internal_group'),
+            public_group: create(:group, :public, name: 'public_group'),
+
+            user_private_group: create(:group, :private, name: 'user_private_group'),
+            user_internal_group: create(:group, :internal, name: 'user_internal_group'),
+            user_public_group: create(:group, :public, name: 'user_public_group')
+          }
+
+          if user_type
+            user =
+              case user_type
+              when :regular
+                create(:user)
+              when :external
+                create(:user, external: true)
+              when :admin
+                create(:user, :admin)
+              end
+            @groups.values_at(:user_private_group, :user_internal_group, :user_public_group).each do |group|
+              group.add_developer(user)
+            end
+          end
         end
 
-        context 'user is member of the private group' do
-          before do
-            private_group.add_guest(user)
-          end
+        subject { described_class.new(User.last, params).execute.to_a }
 
-          it { is_expected.to contain_exactly(public_group, internal_group, private_group) }
-        end
+        it { is_expected.to match_array(@groups.values_at(*results)) }
       end
     end
 
     context 'subgroups', :nested_groups do
+      let(:user) { create(:user) }
       let!(:parent_group) { create(:group, :public) }
       let!(:public_subgroup) { create(:group, :public, parent: parent_group) }
       let!(:internal_subgroup) { create(:group, :internal, parent: parent_group) }
diff --git a/spec/finders/pipelines_finder_spec.rb b/spec/finders/pipelines_finder_spec.rb
index 2b19cda35b0..d6253b605b9 100644
--- a/spec/finders/pipelines_finder_spec.rb
+++ b/spec/finders/pipelines_finder_spec.rb
@@ -203,5 +203,25 @@ describe PipelinesFinder do
         end
       end
     end
+
+    context 'when sha is specified' do
+      let!(:pipeline) { create(:ci_pipeline, project: project, sha: '97de212e80737a608d939f648d959671fb0a0142') }
+
+      context 'when sha exists' do
+        let(:params) { { sha: '97de212e80737a608d939f648d959671fb0a0142' } }
+
+        it 'returns matched pipelines' do
+          is_expected.to eq([pipeline])
+        end
+      end
+
+      context 'when sha does not exist' do
+        let(:params) { { sha: 'invalid-sha' } }
+
+        it 'returns empty' do
+          is_expected.to be_empty
+        end
+      end
+    end
   end
 end
diff --git a/spec/helpers/auth_helper_spec.rb b/spec/helpers/auth_helper_spec.rb
index c94fedd615b..120b23e66ac 100644
--- a/spec/helpers/auth_helper_spec.rb
+++ b/spec/helpers/auth_helper_spec.rb
@@ -18,6 +18,30 @@ describe AuthHelper do
     end
   end
 
+  describe "providers_for_base_controller" do
+    it 'returns all enabled providers from devise' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :github] }
+      expect(helper.providers_for_base_controller).to include(*[:twitter, :github])
+    end
+
+    it 'excludes ldap providers' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
+      expect(helper.providers_for_base_controller).not_to include(:ldapmain)
+    end
+  end
+
+  describe "form_based_providers" do
+    it 'includes LDAP providers' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
+      expect(helper.form_based_providers).to eq %i(ldapmain)
+    end
+
+    it 'includes crowd provider' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :crowd] }
+      expect(helper.form_based_providers).to eq %i(crowd)
+    end
+  end
+
   describe 'enabled_button_based_providers' do
     before do
       allow(helper).to receive(:auth_providers) { [:twitter, :github] }
diff --git a/spec/helpers/blob_helper_spec.rb b/spec/helpers/blob_helper_spec.rb
index 1fa194fe1b8..8de615ad8c2 100644
--- a/spec/helpers/blob_helper_spec.rb
+++ b/spec/helpers/blob_helper_spec.rb
@@ -242,4 +242,29 @@ describe BlobHelper do
       end
     end
   end
+
+  describe '#ide_edit_path' do
+    let(:project) { create(:project) }
+
+    around do |example|
+      old_script_name = Rails.application.routes.default_url_options[:script_name]
+      begin
+        example.run
+      ensure
+        Rails.application.routes.default_url_options[:script_name] = old_script_name
+      end
+    end
+
+    it 'returns full IDE path' do
+      Rails.application.routes.default_url_options[:script_name] = nil
+
+      expect(helper.ide_edit_path(project, "master", "")).to eq("/-/ide/project/#{project.namespace.path}/#{project.path}/edit/master/")
+    end
+
+    it 'returns IDE path without relative_url_root' do
+      Rails.application.routes.default_url_options[:script_name] = "/gitlab"
+
+      expect(helper.ide_edit_path(project, "master", "")).to eq("/gitlab/-/ide/project/#{project.namespace.path}/#{project.path}/edit/master/")
+    end
+  end
 end
diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb
index 46c55da24f8..8fcb175416f 100644
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -274,16 +274,16 @@ describe ProjectsHelper do
     end
   end
 
-  describe '#sanitized_import_error' do
+  describe '#sanitizerepo_repo_path' do
     let(:project) { create(:project, :repository) }
+    let(:storage_path) { Gitlab.config.repositories.storages.default.legacy_disk_path }
 
     before do
-      allow(project).to receive(:repository_storage_path).and_return('/base/repo/path')
       allow(Settings.shared).to receive(:[]).with('path').and_return('/base/repo/export/path')
     end
 
     it 'removes the repo path' do
-      repo = '/base/repo/path/namespace/test.git'
+      repo = "#{storage_path}/namespace/test.git"
       import_error = "Could not clone #{repo}\n"
 
       expect(sanitize_repo_path(project, import_error)).to eq('Could not clone [REPOS PATH]/namespace/test.git')
diff --git a/spec/javascripts/ide/components/new_dropdown/index_spec.js b/spec/javascripts/ide/components/new_dropdown/index_spec.js
index e08abe7d849..7b637f37eba 100644
--- a/spec/javascripts/ide/components/new_dropdown/index_spec.js
+++ b/spec/javascripts/ide/components/new_dropdown/index_spec.js
@@ -32,12 +32,8 @@ describe('new dropdown component', () => {
 
   it('renders new file, upload and new directory links', () => {
     expect(vm.$el.querySelectorAll('a')[0].textContent.trim()).toBe('New file');
-    expect(vm.$el.querySelectorAll('a')[1].textContent.trim()).toBe(
-      'Upload file',
-    );
-    expect(vm.$el.querySelectorAll('a')[2].textContent.trim()).toBe(
-      'New directory',
-    );
+    expect(vm.$el.querySelectorAll('a')[1].textContent.trim()).toBe('Upload file');
+    expect(vm.$el.querySelectorAll('a')[2].textContent.trim()).toBe('New directory');
   });
 
   describe('createNewItem', () => {
@@ -81,4 +77,18 @@ describe('new dropdown component', () => {
         .catch(done.fail);
     });
   });
+
+  describe('dropdownOpen', () => {
+    it('scrolls dropdown into view', done => {
+      spyOn(vm.$refs.dropdownMenu, 'scrollIntoView');
+
+      vm.dropdownOpen = true;
+
+      setTimeout(() => {
+        expect(vm.$refs.dropdownMenu.scrollIntoView).toHaveBeenCalled();
+
+        done();
+      });
+    });
+  });
 });
diff --git a/spec/javascripts/ide/components/new_dropdown/modal_spec.js b/spec/javascripts/ide/components/new_dropdown/modal_spec.js
index a6e1e5a0d35..f362ed4db65 100644
--- a/spec/javascripts/ide/components/new_dropdown/modal_spec.js
+++ b/spec/javascripts/ide/components/new_dropdown/modal_spec.js
@@ -25,25 +25,17 @@ describe('new file modal component', () => {
       it(`sets modal title as ${type}`, () => {
         const title = type === 'tree' ? 'directory' : 'file';
 
-        expect(vm.$el.querySelector('.modal-title').textContent.trim()).toBe(
-          `Create new ${title}`,
-        );
+        expect(vm.$el.querySelector('.modal-title').textContent.trim()).toBe(`Create new ${title}`);
       });
 
       it(`sets button label as ${type}`, () => {
         const title = type === 'tree' ? 'directory' : 'file';
 
-        expect(vm.$el.querySelector('.btn-success').textContent.trim()).toBe(
-          `Create ${title}`,
-        );
+        expect(vm.$el.querySelector('.btn-success').textContent.trim()).toBe(`Create ${title}`);
       });
 
       it(`sets form label as ${type}`, () => {
-        const title = type === 'tree' ? 'Directory' : 'File';
-
-        expect(vm.$el.querySelector('.label-light').textContent.trim()).toBe(
-          `${title} name`,
-        );
+        expect(vm.$el.querySelector('.label-light').textContent.trim()).toBe('Name');
       });
 
       describe('createEntryInStore', () => {
diff --git a/spec/javascripts/ide/stores/actions_spec.js b/spec/javascripts/ide/stores/actions_spec.js
index b6eadf56f9d..a64af5b941b 100644
--- a/spec/javascripts/ide/stores/actions_spec.js
+++ b/spec/javascripts/ide/stores/actions_spec.js
@@ -1,4 +1,9 @@
-import actions, { stageAllChanges, unstageAllChanges, toggleFileFinder } from '~/ide/stores/actions';
+import actions, {
+  stageAllChanges,
+  unstageAllChanges,
+  toggleFileFinder,
+  updateTempFlagForEntry,
+} from '~/ide/stores/actions';
 import store from '~/ide/stores';
 import * as types from '~/ide/stores/mutation_types';
 import router from '~/ide/ide_router';
@@ -340,6 +345,49 @@ describe('Multi-file store actions', () => {
     });
   });
 
+  describe('updateTempFlagForEntry', () => {
+    it('commits UPDATE_TEMP_FLAG', done => {
+      const f = {
+        ...file(),
+        path: 'test',
+        tempFile: true,
+      };
+      store.state.entries[f.path] = f;
+
+      testAction(
+        updateTempFlagForEntry,
+        { file: f, tempFile: false },
+        store.state,
+        [{ type: 'UPDATE_TEMP_FLAG', payload: { path: f.path, tempFile: false } }],
+        [],
+        done,
+      );
+    });
+
+    it('commits UPDATE_TEMP_FLAG and dispatches for parent', done => {
+      const parent = {
+        ...file(),
+        path: 'testing',
+      };
+      const f = {
+        ...file(),
+        path: 'test',
+        parentPath: 'testing',
+      };
+      store.state.entries[parent.path] = parent;
+      store.state.entries[f.path] = f;
+
+      testAction(
+        updateTempFlagForEntry,
+        { file: f, tempFile: false },
+        store.state,
+        [{ type: 'UPDATE_TEMP_FLAG', payload: { path: f.path, tempFile: false } }],
+        [{ type: 'updateTempFlagForEntry', payload: { file: parent, tempFile: false } }],
+        done,
+      );
+    });
+  });
+
   describe('toggleFileFinder', () => {
     it('commits TOGGLE_FILE_FINDER', done => {
       testAction(
diff --git a/spec/javascripts/ide/stores/mutations_spec.js b/spec/javascripts/ide/stores/mutations_spec.js
index 575039e755e..997711d1e19 100644
--- a/spec/javascripts/ide/stores/mutations_spec.js
+++ b/spec/javascripts/ide/stores/mutations_spec.js
@@ -87,6 +87,28 @@ describe('Multi-file store mutations', () => {
     });
   });
 
+  describe('UPDATE_TEMP_FLAG', () => {
+    beforeEach(() => {
+      localState.entries.test = {
+        ...file(),
+        tempFile: true,
+        changed: true,
+      };
+    });
+
+    it('updates tempFile flag', () => {
+      mutations.UPDATE_TEMP_FLAG(localState, { path: 'test', tempFile: false });
+
+      expect(localState.entries.test.tempFile).toBe(false);
+    });
+
+    it('updates changed flag', () => {
+      mutations.UPDATE_TEMP_FLAG(localState, { path: 'test', tempFile: false });
+
+      expect(localState.entries.test.changed).toBe(false);
+    });
+  });
+
   describe('TOGGLE_FILE_FINDER', () => {
     it('updates fileFindVisible', () => {
       mutations.TOGGLE_FILE_FINDER(localState, true);
diff --git a/spec/javascripts/sidebar/mock_data.js b/spec/javascripts/sidebar/mock_data.js
index 8b6e8b24f00..fcd7bea3f6d 100644
--- a/spec/javascripts/sidebar/mock_data.js
+++ b/spec/javascripts/sidebar/mock_data.js
@@ -138,7 +138,7 @@ const RESPONSE_MAP = {
       },
       {
         id: 20,
-        name_with_namespace: 'foo / bar',
+        name_with_namespace: '<img src=x onerror=alert(document.domain)> foo / bar',
       },
     ],
   },
diff --git a/spec/javascripts/sidebar/sidebar_move_issue_spec.js b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
index a3fb965fbab..00847df4b60 100644
--- a/spec/javascripts/sidebar/sidebar_move_issue_spec.js
+++ b/spec/javascripts/sidebar/sidebar_move_issue_spec.js
@@ -69,6 +69,15 @@ describe('SidebarMoveIssue', function () {
 
       expect($.fn.glDropdown).toHaveBeenCalled();
     });
+
+    it('escapes html from project name', (done) => {
+      this.$toggleButton.dropdown('toggle');
+
+      setTimeout(() => {
+        expect(this.$content.find('.js-move-issue-dropdown-item')[1].innerHTML.trim()).toEqual('&lt;img src=x onerror=alert(document.domain)&gt; foo / bar');
+        done();
+      });
+    });
   });
 
   describe('onConfirmClicked', () => {
diff --git a/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js b/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js
index dd1d62cd4ed..a0a74648328 100644
--- a/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js
+++ b/spec/javascripts/vue_mr_widget/components/states/mr_widget_failed_to_merge_spec.js
@@ -4,21 +4,37 @@ import eventHub from '~/vue_merge_request_widget/event_hub';
 import mountComponent from 'spec/helpers/vue_mount_component_helper';
 
 describe('MRWidgetFailedToMerge', () => {
+  const dummyIntervalId = 1337;
   let Component;
   let vm;
 
   beforeEach(() => {
     Component = Vue.extend(failedToMergeComponent);
     spyOn(eventHub, '$emit');
-    vm = mountComponent(Component, { mr: {
-      mergeError: 'Merge error happened.',
-    } });
+    spyOn(window, 'setInterval').and.returnValue(dummyIntervalId);
+    spyOn(window, 'clearInterval').and.stub();
+    vm = mountComponent(Component, {
+      mr: {
+        mergeError: 'Merge error happened.',
+      },
+    });
   });
 
   afterEach(() => {
     vm.$destroy();
   });
 
+  it('sets interval to refresh', () => {
+    expect(window.setInterval).toHaveBeenCalledWith(vm.updateTimer, 1000);
+    expect(vm.intervalId).toBe(dummyIntervalId);
+  });
+
+  it('clears interval when destroying ', () => {
+    vm.$destroy();
+
+    expect(window.clearInterval).toHaveBeenCalledWith(dummyIntervalId);
+  });
+
   describe('computed', () => {
     describe('timerText', () => {
       it('should return correct timer text', () => {
@@ -65,11 +81,13 @@ describe('MRWidgetFailedToMerge', () => {
   });
 
   describe('while it is refreshing', () => {
-    it('renders Refresing now', (done) => {
+    it('renders Refresing now', done => {
       vm.isRefreshing = true;
 
       Vue.nextTick(() => {
-        expect(vm.$el.querySelector('.js-refresh-label').textContent.trim()).toEqual('Refreshing now');
+        expect(vm.$el.querySelector('.js-refresh-label').textContent.trim()).toEqual(
+          'Refreshing now',
+        );
         done();
       });
     });
@@ -78,11 +96,15 @@ describe('MRWidgetFailedToMerge', () => {
   describe('while it is not regresing', () => {
     it('renders warning icon and disabled merge button', () => {
       expect(vm.$el.querySelector('.js-ci-status-icon-warning')).not.toBeNull();
-      expect(vm.$el.querySelector('.js-disabled-merge-button').getAttribute('disabled')).toEqual('disabled');
+      expect(vm.$el.querySelector('.js-disabled-merge-button').getAttribute('disabled')).toEqual(
+        'disabled',
+      );
     });
 
     it('renders given error', () => {
-      expect(vm.$el.querySelector('.has-error-message').textContent.trim()).toEqual('Merge error happened..');
+      expect(vm.$el.querySelector('.has-error-message').textContent.trim()).toEqual(
+        'Merge error happened..',
+      );
     });
 
     it('renders refresh button', () => {
@@ -90,13 +112,13 @@ describe('MRWidgetFailedToMerge', () => {
     });
 
     it('renders remaining time', () => {
-      expect(
-        vm.$el.querySelector('.has-custom-error').textContent.trim(),
-      ).toEqual('Refreshing in 10 seconds to show the updated status...');
+      expect(vm.$el.querySelector('.has-custom-error').textContent.trim()).toEqual(
+        'Refreshing in 10 seconds to show the updated status...',
+      );
     });
   });
 
-  it('should just generic merge failed message if merge_error is not available', (done) => {
+  it('should just generic merge failed message if merge_error is not available', done => {
     vm.mr.mergeError = null;
 
     Vue.nextTick(() => {
@@ -106,7 +128,7 @@ describe('MRWidgetFailedToMerge', () => {
     });
   });
 
-  it('should show refresh label when refresh requested', (done) => {
+  it('should show refresh label when refresh requested', done => {
     vm.refresh();
     Vue.nextTick(() => {
       expect(vm.$el.innerText).not.toContain('Merge failed. Refreshing');
diff --git a/spec/lib/gitlab/bare_repository_import/importer_spec.rb b/spec/lib/gitlab/bare_repository_import/importer_spec.rb
index eb4b9d8b12f..5c8a19a53bc 100644
--- a/spec/lib/gitlab/bare_repository_import/importer_spec.rb
+++ b/spec/lib/gitlab/bare_repository_import/importer_spec.rb
@@ -4,6 +4,7 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do
   let!(:admin) { create(:admin) }
   let!(:base_dir) { Dir.mktmpdir + '/' }
   let(:bare_repository) { Gitlab::BareRepositoryImport::Repository.new(base_dir, File.join(base_dir, "#{project_path}.git")) }
+  let(:gitlab_shell) { Gitlab::Shell.new }
 
   subject(:importer) { described_class.new(admin, bare_repository) }
 
@@ -84,12 +85,14 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do
         importer.create_project_if_needed
 
         project = Project.find_by_full_path(project_path)
-        repo_path = File.join(project.repository_storage_path, project.disk_path + '.git')
+        repo_path = "#{project.disk_path}.git"
         hook_path = File.join(repo_path, 'hooks')
 
-        expect(File).to exist(repo_path)
-        expect(File.symlink?(hook_path)).to be true
-        expect(File.readlink(hook_path)).to eq(Gitlab.config.gitlab_shell.hooks_path)
+        expect(gitlab_shell.exists?(project.repository_storage, repo_path)).to be(true)
+        expect(gitlab_shell.exists?(project.repository_storage, hook_path)).to be(true)
+
+        full_hook_path = File.join(project.repository.path_to_repo, 'hooks')
+        expect(File.readlink(full_hook_path)).to eq(Gitlab.config.gitlab_shell.hooks_path)
       end
 
       context 'hashed storage enabled' do
@@ -144,8 +147,8 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do
 
       project = Project.find_by_full_path("#{admin.full_path}/#{project_path}")
 
-      expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.git'))
-      expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.wiki.git'))
+      expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.git')).to be(true)
+      expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.wiki.git')).to be(true)
     end
 
     it 'moves an existing project to the correct path' do
@@ -155,7 +158,9 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do
       project = build(:project, :legacy_storage, :repository)
       original_commit_count = project.repository.commit_count
 
-      bare_repo = Gitlab::BareRepositoryImport::Repository.new(project.repository_storage_path, project.repository.path)
+      legacy_path = Gitlab.config.repositories.storages[project.repository_storage].legacy_disk_path
+
+      bare_repo = Gitlab::BareRepositoryImport::Repository.new(legacy_path, project.repository.path)
       gitlab_importer = described_class.new(admin, bare_repo)
 
       expect(gitlab_importer).to receive(:create_project).and_call_original
@@ -183,7 +188,7 @@ describe Gitlab::BareRepositoryImport::Importer, repository: true do
 
       project = Project.find_by_full_path(project_path)
 
-      expect(File).to exist(File.join(project.repository_storage_path, project.disk_path + '.wiki.git'))
+      expect(gitlab_shell.exists?(project.repository_storage, project.disk_path + '.wiki.git')).to be(true)
     end
   end
 
diff --git a/spec/lib/gitlab/bare_repository_import/repository_spec.rb b/spec/lib/gitlab/bare_repository_import/repository_spec.rb
index 0dc3705825d..1504826c7a5 100644
--- a/spec/lib/gitlab/bare_repository_import/repository_spec.rb
+++ b/spec/lib/gitlab/bare_repository_import/repository_spec.rb
@@ -67,7 +67,7 @@ describe ::Gitlab::BareRepositoryImport::Repository do
     end
 
     after do
-      gitlab_shell.remove_repository(root_path, hashed_path)
+      gitlab_shell.remove_repository(repository_storage, hashed_path)
     end
 
     subject { described_class.new(root_path, repo_path) }
diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
index 8312fa47cfa..4d7d6951a51 100644
--- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
@@ -35,11 +35,6 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
     it 'populates pipeline with stages' do
       expect(pipeline.stages).to be_one
       expect(pipeline.stages.first).not_to be_persisted
-    end
-
-    it 'populates pipeline with builds' do
-      expect(pipeline.builds).to be_one
-      expect(pipeline.builds.first).not_to be_persisted
       expect(pipeline.stages.first.builds).to be_one
       expect(pipeline.stages.first.builds.first).not_to be_persisted
     end
@@ -151,8 +146,8 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
       step.perform!
 
       expect(pipeline.stages.size).to eq 1
-      expect(pipeline.builds.size).to eq 1
-      expect(pipeline.builds.first.name).to eq 'rspec'
+      expect(pipeline.stages.first.builds.size).to eq 1
+      expect(pipeline.stages.first.builds.first.name).to eq 'rspec'
     end
   end
 end
diff --git a/spec/lib/gitlab/git/repository_spec.rb b/spec/lib/gitlab/git/repository_spec.rb
index 5acf40ea5ce..9924641f829 100644
--- a/spec/lib/gitlab/git/repository_spec.rb
+++ b/spec/lib/gitlab/git/repository_spec.rb
@@ -234,59 +234,72 @@ describe Gitlab::Git::Repository, seed_helper: true do
     it_behaves_like 'wrapping gRPC errors', Gitlab::GitalyClient::RefService, :tag_names
   end
 
-  shared_examples 'archive check' do |extenstion|
-    it { expect(metadata['ArchivePath']).to match(%r{tmp/gitlab-git-test.git/gitlab-git-test-master-#{SeedRepo::LastCommit::ID}}) }
-    it { expect(metadata['ArchivePath']).to end_with extenstion }
-  end
+  describe '#archive_metadata' do
+    let(:storage_path) { '/tmp' }
+    let(:cache_key) { File.join(repository.gl_repository, SeedRepo::LastCommit::ID) }
 
-  describe '#archive_prefix' do
-    let(:project_name) { 'project-name'}
+    let(:append_sha) { true }
+    let(:ref) { 'master' }
+    let(:format) { nil }
 
-    before do
-      expect(repository).to receive(:name).once.and_return(project_name)
-    end
+    let(:expected_extension) { 'tar.gz' }
+    let(:expected_filename) { "#{expected_prefix}.#{expected_extension}" }
+    let(:expected_path) { File.join(storage_path, cache_key, expected_filename) }
+    let(:expected_prefix) { "gitlab-git-test-#{ref}-#{SeedRepo::LastCommit::ID}" }
 
-    it 'returns parameterised string for a ref containing slashes' do
-      prefix = repository.archive_prefix('test/branch', 'SHA', append_sha: nil)
+    subject(:metadata) { repository.archive_metadata(ref, storage_path, format, append_sha: append_sha) }
 
-      expect(prefix).to eq("#{project_name}-test-branch-SHA")
+    it 'sets RepoPath to the repository path' do
+      expect(metadata['RepoPath']).to eq(repository.path)
     end
 
-    it 'returns correct string for a ref containing dots' do
-      prefix = repository.archive_prefix('test.branch', 'SHA', append_sha: nil)
-
-      expect(prefix).to eq("#{project_name}-test.branch-SHA")
+    it 'sets CommitId to the commit SHA' do
+      expect(metadata['CommitId']).to eq(SeedRepo::LastCommit::ID)
     end
 
-    it 'returns string with sha when append_sha is false' do
-      prefix = repository.archive_prefix('test.branch', 'SHA', append_sha: false)
-
-      expect(prefix).to eq("#{project_name}-test.branch")
+    it 'sets ArchivePrefix to the expected prefix' do
+      expect(metadata['ArchivePrefix']).to eq(expected_prefix)
     end
-  end
 
-  describe '#archive' do
-    let(:metadata) { repository.archive_metadata('master', '/tmp', append_sha: true) }
+    it 'sets ArchivePath to the expected globally-unique path' do
+      # This is really important from a security perspective. Think carefully
+      # before changing it: https://gitlab.com/gitlab-org/gitlab-ce/issues/45689
+      expect(expected_path).to include(File.join(repository.gl_repository, SeedRepo::LastCommit::ID))
 
-    it_should_behave_like 'archive check', '.tar.gz'
-  end
-
-  describe '#archive_zip' do
-    let(:metadata) { repository.archive_metadata('master', '/tmp', 'zip', append_sha: true) }
+      expect(metadata['ArchivePath']).to eq(expected_path)
+    end
 
-    it_should_behave_like 'archive check', '.zip'
-  end
+    context 'append_sha varies archive path and filename' do
+      where(:append_sha, :ref, :expected_prefix) do
+        sha = SeedRepo::LastCommit::ID
 
-  describe '#archive_bz2' do
-    let(:metadata) { repository.archive_metadata('master', '/tmp', 'tbz2', append_sha: true) }
+        true  | 'master' | "gitlab-git-test-master-#{sha}"
+        true  | sha      | "gitlab-git-test-#{sha}-#{sha}"
+        false | 'master' | "gitlab-git-test-master"
+        false | sha      | "gitlab-git-test-#{sha}"
+        nil   | 'master' | "gitlab-git-test-master-#{sha}"
+        nil   | sha      | "gitlab-git-test-#{sha}"
+      end
 
-    it_should_behave_like 'archive check', '.tar.bz2'
-  end
+      with_them do
+        it { expect(metadata['ArchivePrefix']).to eq(expected_prefix) }
+        it { expect(metadata['ArchivePath']).to eq(expected_path) }
+      end
+    end
 
-  describe '#archive_fallback' do
-    let(:metadata) { repository.archive_metadata('master', '/tmp', 'madeup', append_sha: true) }
+    context 'format varies archive path and filename' do
+      where(:format, :expected_extension) do
+        nil      | 'tar.gz'
+        'madeup' | 'tar.gz'
+        'tbz2'   | 'tar.bz2'
+        'zip'    | 'zip'
+      end
 
-    it_should_behave_like 'archive check', '.tar.gz'
+      with_them do
+        it { expect(metadata['ArchivePrefix']).to eq(expected_prefix) }
+        it { expect(metadata['ArchivePath']).to eq(expected_path) }
+      end
+    end
   end
 
   describe '#size' do
@@ -689,7 +702,7 @@ describe Gitlab::Git::Repository, seed_helper: true do
     end
 
     after do
-      Gitlab::Shell.new.remove_repository(storage_path, 'my_project')
+      Gitlab::Shell.new.remove_repository('default', 'my_project')
     end
 
     shared_examples 'repository mirror fecthing' do
diff --git a/spec/lib/gitlab/import_export/wiki_restorer_spec.rb b/spec/lib/gitlab/import_export/wiki_restorer_spec.rb
index 5c01ee0ebb8..f99f198da33 100644
--- a/spec/lib/gitlab/import_export/wiki_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/wiki_restorer_spec.rb
@@ -24,8 +24,8 @@ describe Gitlab::ImportExport::WikiRestorer do
 
     after do
       FileUtils.rm_rf(export_path)
-      Gitlab::Shell.new.remove_repository(project_with_wiki.wiki.repository_storage_path, project_with_wiki.wiki.disk_path)
-      Gitlab::Shell.new.remove_repository(project.wiki.repository_storage_path, project.wiki.disk_path)
+      Gitlab::Shell.new.remove_repository(project_with_wiki.wiki.repository_storage, project_with_wiki.wiki.disk_path)
+      Gitlab::Shell.new.remove_repository(project.wiki.repository_storage, project.wiki.disk_path)
     end
 
     it 'restores the wiki repo successfully' do
diff --git a/spec/lib/gitlab/pages_client_spec.rb b/spec/lib/gitlab/pages_client_spec.rb
new file mode 100644
index 00000000000..da6d26f4aee
--- /dev/null
+++ b/spec/lib/gitlab/pages_client_spec.rb
@@ -0,0 +1,172 @@
+require 'spec_helper'
+
+describe Gitlab::PagesClient do
+  subject { described_class }
+
+  describe '.token' do
+    it 'returns the token as it is on disk' do
+      pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466'
+      expect(subject.token).to eq(File.read('.gitlab_pages_secret'))
+    end
+  end
+
+  describe '.read_or_create_token' do
+    subject { described_class.read_or_create_token }
+    let(:token_path) { 'tmp/tests/gitlab-pages-secret' }
+    before do
+      allow(described_class).to receive(:token_path).and_return(token_path)
+      FileUtils.rm_f(token_path)
+    end
+
+    it 'uses the existing token file if it exists' do
+      secret = 'existing secret'
+      File.write(token_path, secret)
+
+      subject
+      expect(described_class.token).to eq(secret)
+    end
+
+    it 'creates one if none exists' do
+      pending 'add omnibus support for generating the secret file https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/2466'
+
+      old_token = described_class.token
+      # sanity check
+      expect(File.exist?(token_path)).to eq(false)
+
+      subject
+      expect(described_class.token.bytesize).to eq(64)
+      expect(described_class.token).not_to eq(old_token)
+    end
+  end
+
+  describe '.write_token' do
+    let(:token_path) { 'tmp/tests/gitlab-pages-secret' }
+    before do
+      allow(described_class).to receive(:token_path).and_return(token_path)
+      FileUtils.rm_f(token_path)
+    end
+
+    it 'writes the secret' do
+      new_secret = 'hello new secret'
+      expect(File.exist?(token_path)).to eq(false)
+
+      described_class.send(:write_token, new_secret)
+
+      expect(File.read(token_path)).to eq(new_secret)
+    end
+
+    it 'does nothing if the file already exists' do
+      existing_secret = 'hello secret'
+      File.write(token_path, existing_secret)
+
+      described_class.send(:write_token, 'new secret')
+
+      expect(File.read(token_path)).to eq(existing_secret)
+    end
+  end
+
+  describe '.load_certificate' do
+    subject { described_class.load_certificate }
+    before do
+      allow(described_class).to receive(:config).and_return(config)
+    end
+
+    context 'with no certificate in the config' do
+      let(:config) { double(:config, certificate: '') }
+
+      it 'does not set @certificate' do
+        subject
+
+        expect(described_class.certificate).to be_nil
+      end
+    end
+
+    context 'with a certificate path in the config' do
+      let(:certificate_path) { 'tmp/tests/fake-certificate' }
+      let(:config) { double(:config, certificate: certificate_path) }
+
+      it 'sets @certificate' do
+        certificate_data = "--- BEGIN CERTIFICATE ---\nbla\n--- END CERTIFICATE ---\n"
+        File.write(certificate_path, certificate_data)
+        subject
+
+        expect(described_class.certificate).to eq(certificate_data)
+      end
+    end
+  end
+
+  describe '.request_kwargs' do
+    let(:token) { 'secret token' }
+    let(:auth_header) { 'Bearer c2VjcmV0IHRva2Vu' }
+    before do
+      allow(described_class).to receive(:token).and_return(token)
+    end
+
+    context 'without timeout' do
+      it { expect(subject.send(:request_kwargs, nil)[:metadata]['authorization']).to eq(auth_header) }
+    end
+
+    context 'with timeout' do
+      let(:timeout) { 1.second }
+
+      it 'still sets the authorization header' do
+        expect(subject.send(:request_kwargs, timeout)[:metadata]['authorization']).to eq(auth_header)
+      end
+
+      it 'sets a deadline value' do
+        now = Time.now
+        deadline = subject.send(:request_kwargs, timeout)[:deadline]
+
+        expect(deadline).to be_between(now, now + 2 * timeout)
+      end
+    end
+  end
+
+  describe '.stub' do
+    before do
+      allow(described_class).to receive(:address).and_return('unix:/foo/bar')
+    end
+
+    it { expect(subject.send(:stub, :health_check)).to be_a(Grpc::Health::V1::Health::Stub) }
+  end
+
+  describe '.address' do
+    subject { described_class.send(:address) }
+
+    before do
+      allow(described_class).to receive(:config).and_return(config)
+    end
+
+    context 'with a unix: address' do
+      let(:config) { double(:config, address: 'unix:/foo/bar') }
+
+      it { expect(subject).to eq('unix:/foo/bar') }
+    end
+
+    context 'with a tcp:// address' do
+      let(:config) { double(:config, address: 'tcp://localhost:1234') }
+
+      it { expect(subject).to eq('localhost:1234') }
+    end
+  end
+
+  describe '.grpc_creds' do
+    subject { described_class.send(:grpc_creds) }
+
+    before do
+      allow(described_class).to receive(:config).and_return(config)
+    end
+
+    context 'with a unix: address' do
+      let(:config) { double(:config, address: 'unix:/foo/bar') }
+
+      it { expect(subject).to eq(:this_channel_is_insecure) }
+    end
+
+    context 'with a tcp:// address' do
+      let(:config) { double(:config, address: 'tcp://localhost:1234') }
+
+      it { expect(subject).to be_a(GRPC::Core::ChannelCredentials) }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/shell_spec.rb b/spec/lib/gitlab/shell_spec.rb
index 7f579df1c36..bf6ee4b0b59 100644
--- a/spec/lib/gitlab/shell_spec.rb
+++ b/spec/lib/gitlab/shell_spec.rb
@@ -447,18 +447,18 @@ describe Gitlab::Shell do
       let(:disk_path) { "#{project.disk_path}.git" }
 
       it 'returns true when the command succeeds' do
-        expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(true)
+        expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(true)
 
-        expect(gitlab_shell.remove_repository(project.repository_storage_path, project.disk_path)).to be(true)
+        expect(gitlab_shell.remove_repository(project.repository_storage, project.disk_path)).to be(true)
 
-        expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(false)
+        expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(false)
       end
 
       it 'keeps the namespace directory' do
-        gitlab_shell.remove_repository(project.repository_storage_path, project.disk_path)
+        gitlab_shell.remove_repository(project.repository_storage, project.disk_path)
 
-        expect(gitlab_shell.exists?(project.repository_storage_path, disk_path)).to be(false)
-        expect(gitlab_shell.exists?(project.repository_storage_path, project.disk_path.gsub(project.name, ''))).to be(true)
+        expect(gitlab_shell.exists?(project.repository_storage, disk_path)).to be(false)
+        expect(gitlab_shell.exists?(project.repository_storage, project.disk_path.gsub(project.name, ''))).to be(true)
       end
     end
 
@@ -469,18 +469,18 @@ describe Gitlab::Shell do
         old_path = project2.disk_path
         new_path = "project/new_path"
 
-        expect(gitlab_shell.exists?(project2.repository_storage_path, "#{old_path}.git")).to be(true)
-        expect(gitlab_shell.exists?(project2.repository_storage_path, "#{new_path}.git")).to be(false)
+        expect(gitlab_shell.exists?(project2.repository_storage, "#{old_path}.git")).to be(true)
+        expect(gitlab_shell.exists?(project2.repository_storage, "#{new_path}.git")).to be(false)
 
-        expect(gitlab_shell.mv_repository(project2.repository_storage_path, old_path, new_path)).to be_truthy
+        expect(gitlab_shell.mv_repository(project2.repository_storage, old_path, new_path)).to be_truthy
 
-        expect(gitlab_shell.exists?(project2.repository_storage_path, "#{old_path}.git")).to be(false)
-        expect(gitlab_shell.exists?(project2.repository_storage_path, "#{new_path}.git")).to be(true)
+        expect(gitlab_shell.exists?(project2.repository_storage, "#{old_path}.git")).to be(false)
+        expect(gitlab_shell.exists?(project2.repository_storage, "#{new_path}.git")).to be(true)
       end
 
       it 'returns false when the command fails' do
-        expect(gitlab_shell.mv_repository(project2.repository_storage_path, project2.disk_path, '')).to be_falsy
-        expect(gitlab_shell.exists?(project2.repository_storage_path, "#{project2.disk_path}.git")).to be(true)
+        expect(gitlab_shell.mv_repository(project2.repository_storage, project2.disk_path, '')).to be_falsy
+        expect(gitlab_shell.exists?(project2.repository_storage, "#{project2.disk_path}.git")).to be(true)
       end
     end
 
@@ -679,48 +679,48 @@ describe Gitlab::Shell do
 
   describe 'namespace actions' do
     subject { described_class.new }
-    let(:storage_path) { Gitlab.config.repositories.storages.default.legacy_disk_path }
+    let(:storage) { Gitlab.config.repositories.storages.keys.first }
 
     describe '#add_namespace' do
       it 'creates a namespace' do
-        subject.add_namespace(storage_path, "mepmep")
+        subject.add_namespace(storage, "mepmep")
 
-        expect(subject.exists?(storage_path, "mepmep")).to be(true)
+        expect(subject.exists?(storage, "mepmep")).to be(true)
       end
     end
 
     describe '#exists?' do
       context 'when the namespace does not exist' do
         it 'returns false' do
-          expect(subject.exists?(storage_path, "non-existing")).to be(false)
+          expect(subject.exists?(storage, "non-existing")).to be(false)
         end
       end
 
       context 'when the namespace exists' do
         it 'returns true' do
-          subject.add_namespace(storage_path, "mepmep")
+          subject.add_namespace(storage, "mepmep")
 
-          expect(subject.exists?(storage_path, "mepmep")).to be(true)
+          expect(subject.exists?(storage, "mepmep")).to be(true)
         end
       end
     end
 
     describe '#remove' do
       it 'removes the namespace' do
-        subject.add_namespace(storage_path, "mepmep")
-        subject.rm_namespace(storage_path, "mepmep")
+        subject.add_namespace(storage, "mepmep")
+        subject.rm_namespace(storage, "mepmep")
 
-        expect(subject.exists?(storage_path, "mepmep")).to be(false)
+        expect(subject.exists?(storage, "mepmep")).to be(false)
       end
     end
 
     describe '#mv_namespace' do
       it 'renames the namespace' do
-        subject.add_namespace(storage_path, "mepmep")
-        subject.mv_namespace(storage_path, "mepmep", "2mep")
+        subject.add_namespace(storage, "mepmep")
+        subject.mv_namespace(storage, "mepmep", "2mep")
 
-        expect(subject.exists?(storage_path, "mepmep")).to be(false)
-        expect(subject.exists?(storage_path, "2mep")).to be(true)
+        expect(subject.exists?(storage, "mepmep")).to be(false)
+        expect(subject.exists?(storage, "2mep")).to be(true)
       end
     end
   end
diff --git a/spec/lib/omni_auth/strategies/jwt_spec.rb b/spec/lib/omni_auth/strategies/jwt_spec.rb
new file mode 100644
index 00000000000..23485fbcb18
--- /dev/null
+++ b/spec/lib/omni_auth/strategies/jwt_spec.rb
@@ -0,0 +1,87 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Jwt do
+  include Rack::Test::Methods
+  include DeviseHelpers
+
+  context '.decoded' do
+    let(:strategy) { described_class.new({}) }
+    let(:timestamp) { Time.now.to_i }
+    let(:jwt_config) { Devise.omniauth_configs[:jwt] }
+    let(:key) { JWT.encode(claims, jwt_config.strategy.secret) }
+
+    let(:claims) do
+      {
+        id: 123,
+        name: "user_example",
+        email: "user@example.com",
+        iat: timestamp
+      }
+    end
+
+    before do
+      allow_any_instance_of(OmniAuth::Strategy).to receive(:options).and_return(jwt_config.strategy)
+      allow_any_instance_of(Rack::Request).to receive(:params).and_return({ 'jwt' => key })
+    end
+
+    it 'decodes the user information' do
+      result = strategy.decoded
+
+      expect(result["id"]).to eq(123)
+      expect(result["name"]).to eq("user_example")
+      expect(result["email"]).to eq("user@example.com")
+      expect(result["iat"]).to eq(timestamp)
+    end
+
+    context 'required claims is missing' do
+      let(:claims) do
+        {
+          id: 123,
+          email: "user@example.com",
+          iat: timestamp
+        }
+      end
+
+      it 'raises error' do
+        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid)
+      end
+    end
+
+    context 'when valid_within is specified but iat attribute is missing in response' do
+      let(:claims) do
+        {
+          id: 123,
+          name: "user_example",
+          email: "user@example.com"
+        }
+      end
+
+      before do
+        jwt_config.strategy.valid_within = Time.now.to_i
+      end
+
+      it 'raises error' do
+        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid)
+      end
+    end
+
+    context 'when timestamp claim is too skewed from present' do
+      let(:claims) do
+        {
+          id: 123,
+          name: "user_example",
+          email: "user@example.com",
+          iat: timestamp - 10.minutes.to_i
+        }
+      end
+
+      before do
+        jwt_config.strategy.valid_within = 2.seconds
+      end
+
+      it 'raises error' do
+        expect { strategy.decoded }.to raise_error(OmniAuth::Strategies::JWT::ClaimInvalid)
+      end
+    end
+  end
+end
diff --git a/spec/models/members/group_member_spec.rb b/spec/models/members/group_member_spec.rb
index 5a3b5b1f517..ffc78015f94 100644
--- a/spec/models/members/group_member_spec.rb
+++ b/spec/models/members/group_member_spec.rb
@@ -28,52 +28,12 @@ describe GroupMember do
     end
   end
 
-  describe 'notifications' do
-    describe "#after_create" do
-      it "sends email to user" do
-        membership = build(:group_member)
+  it_behaves_like 'members notifications', :group
 
-        allow(membership).to receive(:notification_service)
-          .and_return(double('NotificationService').as_null_object)
-        expect(membership).to receive(:notification_service)
+  describe '#real_source_type' do
+    subject { create(:group_member).real_source_type }
 
-        membership.save
-      end
-    end
-
-    describe "#after_update" do
-      before do
-        @group_member = create :group_member
-        allow(@group_member).to receive(:notification_service)
-          .and_return(double('NotificationService').as_null_object)
-      end
-
-      it "sends email to user" do
-        expect(@group_member).to receive(:notification_service)
-        @group_member.update_attribute(:access_level, GroupMember::MASTER)
-      end
-
-      it "does not send an email when the access level has not changed" do
-        expect(@group_member).not_to receive(:notification_service)
-        @group_member.update_attribute(:access_level, GroupMember::OWNER)
-      end
-    end
-
-    describe '#after_accept_request' do
-      it 'calls NotificationService.accept_group_access_request' do
-        member = create(:group_member, user: build(:user), requested_at: Time.now)
-
-        expect_any_instance_of(NotificationService).to receive(:new_group_member)
-
-        member.__send__(:after_accept_request)
-      end
-    end
-
-    describe '#real_source_type' do
-      subject { create(:group_member).real_source_type }
-
-      it { is_expected.to eq 'Group' }
-    end
+    it { is_expected.to eq 'Group' }
   end
 
   describe '#update_two_factor_requirement' do
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index b8b0e63f92e..574eb468e4c 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -123,15 +123,5 @@ describe ProjectMember do
     it { expect(@project_2.users).to be_empty }
   end
 
-  describe 'notifications' do
-    describe '#after_accept_request' do
-      it 'calls NotificationService.new_project_member' do
-        member = create(:project_member, user: create(:user), requested_at: Time.now)
-
-        expect_any_instance_of(NotificationService).to receive(:new_project_member)
-
-        member.__send__(:after_accept_request)
-      end
-    end
-  end
+  it_behaves_like 'members notifications', :project
 end
diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index 62e95a622eb..506057dce87 100644
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -5,6 +5,7 @@ describe Namespace do
 
   let!(:namespace) { create(:namespace) }
   let(:gitlab_shell) { Gitlab::Shell.new }
+  let(:repository_storage) { 'default' }
 
   describe 'associations' do
     it { is_expected.to have_many :projects }
@@ -201,7 +202,7 @@ describe Namespace do
       it "moves dir if path changed" do
         namespace.update_attributes(path: namespace.full_path + '_new')
 
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{namespace.path}/#{project.path}.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{namespace.path}/#{project.path}.git")).to be_truthy
       end
 
       context 'with subgroups', :nested_groups do
@@ -281,7 +282,7 @@ describe Namespace do
         namespace.update_attributes(path: namespace.full_path + '_new')
 
         expect(before_disk_path).to eq(project.disk_path)
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_truthy
       end
     end
 
@@ -322,7 +323,7 @@ describe Namespace do
       end
 
       it 'schedules the namespace for deletion' do
-        expect(GitlabShellWorker).to receive(:perform_in).with(5.minutes, :rm_namespace, repository_storage_path, deleted_path)
+        expect(GitlabShellWorker).to receive(:perform_in).with(5.minutes, :rm_namespace, repository_storage, deleted_path)
 
         namespace.destroy
       end
@@ -344,7 +345,7 @@ describe Namespace do
         end
 
         it 'schedules the namespace for deletion' do
-          expect(GitlabShellWorker).to receive(:perform_in).with(5.minutes, :rm_namespace, repository_storage_path, deleted_path)
+          expect(GitlabShellWorker).to receive(:perform_in).with(5.minutes, :rm_namespace, repository_storage, deleted_path)
 
           child.destroy
         end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 127eb998abe..a9587b1005e 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -449,14 +449,6 @@ describe Project do
     end
   end
 
-  describe '#repository_storage_path' do
-    let(:project) { create(:project) }
-
-    it 'returns the repository storage path' do
-      expect(Dir.exist?(project.repository_storage_path)).to be(true)
-    end
-  end
-
   it 'returns valid url to repo' do
     project = described_class.new(path: 'somewhere')
     expect(project.url_to_repo).to eq(Gitlab.config.gitlab_shell.ssh_path_prefix + 'somewhere.git')
@@ -1108,7 +1100,7 @@ describe Project do
   end
 
   context 'repository storage by default' do
-    let(:project) { create(:project) }
+    let(:project) { build(:project) }
 
     before do
       storages = {
@@ -1461,7 +1453,7 @@ describe Project do
         .and_return(false)
 
       allow(shell).to receive(:create_repository)
-        .with(project.repository_storage_path, project.disk_path)
+        .with(project.repository_storage, project.disk_path)
         .and_return(true)
 
       expect(project).to receive(:create_repository).with(force: true)
@@ -2636,7 +2628,7 @@ describe Project do
 
     describe '#ensure_storage_path_exists' do
       it 'delegates to gitlab_shell to ensure namespace is created' do
-        expect(gitlab_shell).to receive(:add_namespace).with(project.repository_storage_path, project.base_dir)
+        expect(gitlab_shell).to receive(:add_namespace).with(project.repository_storage, project.base_dir)
 
         project.ensure_storage_path_exists
       end
@@ -2675,12 +2667,12 @@ describe Project do
 
         expect(gitlab_shell).to receive(:mv_repository)
           .ordered
-          .with(project.repository_storage_path, "#{project.namespace.full_path}/foo", "#{project.full_path}")
+          .with(project.repository_storage, "#{project.namespace.full_path}/foo", "#{project.full_path}")
           .and_return(true)
 
         expect(gitlab_shell).to receive(:mv_repository)
           .ordered
-          .with(project.repository_storage_path, "#{project.namespace.full_path}/foo.wiki", "#{project.full_path}.wiki")
+          .with(project.repository_storage, "#{project.namespace.full_path}/foo.wiki", "#{project.full_path}.wiki")
           .and_return(true)
 
         expect_any_instance_of(SystemHooksService)
@@ -2829,7 +2821,7 @@ describe Project do
       it 'delegates to gitlab_shell to ensure namespace is created' do
         allow(project).to receive(:gitlab_shell).and_return(gitlab_shell)
 
-        expect(gitlab_shell).to receive(:add_namespace).with(project.repository_storage_path, hashed_prefix)
+        expect(gitlab_shell).to receive(:add_namespace).with(project.repository_storage, hashed_prefix)
 
         project.ensure_storage_path_exists
       end
diff --git a/spec/models/project_wiki_spec.rb b/spec/models/project_wiki_spec.rb
index 4e83f4353cf..cbe7d111fcd 100644
--- a/spec/models/project_wiki_spec.rb
+++ b/spec/models/project_wiki_spec.rb
@@ -11,7 +11,7 @@ describe ProjectWiki do
   subject { project_wiki }
 
   it { is_expected.to delegate_method(:empty?).to :pages }
-  it { is_expected.to delegate_method(:repository_storage_path).to :project }
+  it { is_expected.to delegate_method(:repository_storage).to :project }
   it { is_expected.to delegate_method(:hashed_storage?).to :project }
 
   describe "#full_path" do
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index e45fe7db1e7..630b9e0519f 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -1224,15 +1224,15 @@ describe Repository do
     end
   end
 
-  shared_examples 'repo exists check' do
+  describe '#exists?' do
     it 'returns true when a repository exists' do
-      expect(repository.exists?).to eq(true)
+      expect(repository.exists?).to be(true)
     end
 
     it 'returns false if no full path can be constructed' do
       allow(repository).to receive(:full_path).and_return(nil)
 
-      expect(repository.exists?).to eq(false)
+      expect(repository.exists?).to be(false)
     end
 
     context 'with broken storage', :broken_storage do
@@ -1242,16 +1242,6 @@ describe Repository do
     end
   end
 
-  describe '#exists?' do
-    context 'when repository_exists is disabled' do
-      it_behaves_like 'repo exists check'
-    end
-
-    context 'when repository_exists is enabled', :skip_gitaly_mock do
-      it_behaves_like 'repo exists check'
-    end
-  end
-
   describe '#has_visible_content?' do
     before do
       # If raw_repository.has_visible_content? gets called more than once then
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 6bed8e812c0..cd1a6cfc427 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -153,4 +153,13 @@ describe 'OpenID Connect requests' do
       end
     end
   end
+
+  context 'OpenID configuration information' do
+    it 'correctly returns the configuration' do
+      get '/.well-known/openid-configuration'
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response).to have_key('issuer')
+    end
+  end
 end
diff --git a/spec/services/groups/destroy_service_spec.rb b/spec/services/groups/destroy_service_spec.rb
index e8216abb08b..a9baccd061a 100644
--- a/spec/services/groups/destroy_service_spec.rb
+++ b/spec/services/groups/destroy_service_spec.rb
@@ -53,8 +53,8 @@ describe Groups::DestroyService do
         end
 
         it 'verifies that paths have been deleted' do
-          expect(gitlab_shell.exists?(project.repository_storage_path, group.path)).to be_falsey
-          expect(gitlab_shell.exists?(project.repository_storage_path, remove_path)).to be_falsey
+          expect(gitlab_shell.exists?(project.repository_storage, group.path)).to be_falsey
+          expect(gitlab_shell.exists?(project.repository_storage, remove_path)).to be_falsey
         end
       end
     end
@@ -71,13 +71,13 @@ describe Groups::DestroyService do
 
       after do
         # Clean up stale directories
-        gitlab_shell.rm_namespace(project.repository_storage_path, group.path)
-        gitlab_shell.rm_namespace(project.repository_storage_path, remove_path)
+        gitlab_shell.rm_namespace(project.repository_storage, group.path)
+        gitlab_shell.rm_namespace(project.repository_storage, remove_path)
       end
 
       it 'verifies original paths and projects still exist' do
-        expect(gitlab_shell.exists?(project.repository_storage_path, group.path)).to be_truthy
-        expect(gitlab_shell.exists?(project.repository_storage_path, remove_path)).to be_falsey
+        expect(gitlab_shell.exists?(project.repository_storage, group.path)).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, remove_path)).to be_falsey
         expect(Project.unscoped.count).to eq(1)
         expect(Group.unscoped.count).to eq(2)
       end
@@ -144,7 +144,7 @@ describe Groups::DestroyService do
       let!(:project) { create(:project, :legacy_storage, :empty_repo, namespace: group) }
 
       it 'removes repository' do
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_falsey
+        expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_falsey
       end
     end
 
@@ -152,7 +152,7 @@ describe Groups::DestroyService do
       let!(:project) { create(:project, :empty_repo, namespace: group) }
 
       it 'removes repository' do
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_falsey
+        expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_falsey
       end
     end
   end
diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb
index 55bbe954491..48ef5f3c115 100644
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
@@ -96,6 +96,37 @@ describe NotificationService, :mailer do
     it_should_behave_like 'participating by assignee notification'
   end
 
+  describe '#async' do
+    let(:async) { notification.async }
+    set(:key) { create(:personal_key) }
+
+    it 'returns an Async object with the correct parent' do
+      expect(async).to be_a(described_class::Async)
+      expect(async.parent).to eq(notification)
+    end
+
+    context 'when receiving a public method' do
+      it 'schedules a MailScheduler::NotificationServiceWorker' do
+        expect(MailScheduler::NotificationServiceWorker)
+          .to receive(:perform_async).with('new_key', key)
+
+        async.new_key(key)
+      end
+    end
+
+    context 'when receiving a private method' do
+      it 'raises NoMethodError' do
+        expect { async.notifiable?(key) }.to raise_error(NoMethodError)
+      end
+    end
+
+    context 'when recieving a non-existent method' do
+      it 'raises NoMethodError' do
+        expect { async.foo(key) }.to raise_error(NoMethodError)
+      end
+    end
+  end
+
   describe 'Keys' do
     describe '#new_key' do
       let(:key_options) { {} }
@@ -982,6 +1013,8 @@ describe NotificationService, :mailer do
     let(:merge_request) { create :merge_request, source_project: project, assignee: create(:user), description: 'cc @participant' }
 
     before do
+      project.add_master(merge_request.author)
+      project.add_master(merge_request.assignee)
       build_team(merge_request.target_project)
       add_users_with_subscription(merge_request.target_project, merge_request)
       update_custom_notification(:new_merge_request, @u_guest_custom, resource: project)
@@ -1093,15 +1126,18 @@ describe NotificationService, :mailer do
     end
 
     describe '#reassigned_merge_request' do
+      let(:current_user) { create(:user) }
+
       before do
         update_custom_notification(:reassign_merge_request, @u_guest_custom, resource: project)
         update_custom_notification(:reassign_merge_request, @u_custom_global)
       end
 
       it do
-        notification.reassigned_merge_request(merge_request, merge_request.author)
+        notification.reassigned_merge_request(merge_request, current_user, merge_request.author)
 
         should_email(merge_request.assignee)
+        should_email(merge_request.author)
         should_email(@u_watcher)
         should_email(@u_participant_mentioned)
         should_email(@subscriber)
@@ -1116,7 +1152,7 @@ describe NotificationService, :mailer do
       end
 
       it 'adds "assigned" reason for new assignee' do
-        notification.reassigned_merge_request(merge_request, merge_request.author)
+        notification.reassigned_merge_request(merge_request, current_user, merge_request.author)
 
         email = find_email_for(merge_request.assignee)
 
@@ -1126,7 +1162,7 @@ describe NotificationService, :mailer do
       it_behaves_like 'participating notifications' do
         let(:participant) { create(:user, username: 'user-participant') }
         let(:issuable) { merge_request }
-        let(:notification_trigger) { notification.reassigned_merge_request(merge_request, @u_disabled) }
+        let(:notification_trigger) { notification.reassigned_merge_request(merge_request, current_user, merge_request.author) }
       end
     end
 
diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb
index e35f0f6337a..a8f003b1073 100644
--- a/spec/services/projects/create_service_spec.rb
+++ b/spec/services/projects/create_service_spec.rb
@@ -171,7 +171,6 @@ describe Projects::CreateService, '#execute' do
 
     context 'when another repository already exists on disk' do
       let(:repository_storage) { 'default' }
-      let(:repository_storage_path) { Gitlab.config.repositories.storages[repository_storage].legacy_disk_path }
 
       let(:opts) do
         {
@@ -186,7 +185,7 @@ describe Projects::CreateService, '#execute' do
         end
 
         after do
-          gitlab_shell.remove_repository(repository_storage_path, "#{user.namespace.full_path}/existing")
+          gitlab_shell.remove_repository(repository_storage, "#{user.namespace.full_path}/existing")
         end
 
         it 'does not allow to create a project when path matches existing repository on disk' do
@@ -222,7 +221,7 @@ describe Projects::CreateService, '#execute' do
         end
 
         after do
-          gitlab_shell.remove_repository(repository_storage_path, hashed_path)
+          gitlab_shell.remove_repository(repository_storage, hashed_path)
         end
 
         it 'does not allow to create a project when path matches existing repository on disk' do
diff --git a/spec/services/projects/destroy_service_spec.rb b/spec/services/projects/destroy_service_spec.rb
index a66e3c5e995..b2c52214f48 100644
--- a/spec/services/projects/destroy_service_spec.rb
+++ b/spec/services/projects/destroy_service_spec.rb
@@ -18,8 +18,8 @@ describe Projects::DestroyService do
     it 'deletes the project' do
       expect(Project.unscoped.all).not_to include(project)
 
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, path + '.git')).to be_falsey
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, remove_path + '.git')).to be_falsey
+      expect(project.gitlab_shell.exists?(project.repository_storage, path + '.git')).to be_falsey
+      expect(project.gitlab_shell.exists?(project.repository_storage, remove_path + '.git')).to be_falsey
     end
   end
 
@@ -252,21 +252,21 @@ describe Projects::DestroyService do
     let(:path) { project.disk_path + '.git' }
 
     before do
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, path)).to be_truthy
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, remove_path)).to be_falsey
+      expect(project.gitlab_shell.exists?(project.repository_storage, path)).to be_truthy
+      expect(project.gitlab_shell.exists?(project.repository_storage, remove_path)).to be_falsey
 
       # Dont run sidekiq to check if renamed repository exists
       Sidekiq::Testing.fake! { destroy_project(project, user, {}) }
 
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, path)).to be_falsey
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, remove_path)).to be_truthy
+      expect(project.gitlab_shell.exists?(project.repository_storage, path)).to be_falsey
+      expect(project.gitlab_shell.exists?(project.repository_storage, remove_path)).to be_truthy
     end
 
     it 'restores the repositories' do
       Sidekiq::Testing.fake! { described_class.new(project, user).attempt_repositories_rollback }
 
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, path)).to be_truthy
-      expect(project.gitlab_shell.exists?(project.repository_storage_path, remove_path)).to be_falsey
+      expect(project.gitlab_shell.exists?(project.repository_storage, path)).to be_truthy
+      expect(project.gitlab_shell.exists?(project.repository_storage, remove_path)).to be_falsey
     end
   end
 
diff --git a/spec/services/projects/fork_service_spec.rb b/spec/services/projects/fork_service_spec.rb
index 0f7c46367d0..a93f6f1ddc2 100644
--- a/spec/services/projects/fork_service_spec.rb
+++ b/spec/services/projects/fork_service_spec.rb
@@ -112,7 +112,7 @@ describe Projects::ForkService do
         end
 
         after do
-          gitlab_shell.remove_repository(repository_storage_path, "#{@to_user.namespace.full_path}/#{@from_project.path}")
+          gitlab_shell.remove_repository(repository_storage, "#{@to_user.namespace.full_path}/#{@from_project.path}")
         end
 
         it 'does not allow creation' do
diff --git a/spec/services/projects/hashed_storage/migrate_repository_service_spec.rb b/spec/services/projects/hashed_storage/migrate_repository_service_spec.rb
index 747bd4529a0..7dca81eb59e 100644
--- a/spec/services/projects/hashed_storage/migrate_repository_service_spec.rb
+++ b/spec/services/projects/hashed_storage/migrate_repository_service_spec.rb
@@ -16,8 +16,8 @@ describe Projects::HashedStorage::MigrateRepositoryService do
       it 'renames project and wiki repositories' do
         service.execute
 
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{hashed_storage.disk_path}.git")).to be_truthy
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{hashed_storage.disk_path}.wiki.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{hashed_storage.disk_path}.git")).to be_truthy
+        expect(gitlab_shell.exists?(project.repository_storage, "#{hashed_storage.disk_path}.wiki.git")).to be_truthy
       end
 
       it 'updates project to be hashed and not read-only' do
@@ -52,8 +52,8 @@ describe Projects::HashedStorage::MigrateRepositoryService do
 
         service.execute
 
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{hashed_storage.disk_path}.git")).to be_falsey
-        expect(gitlab_shell.exists?(project.repository_storage_path, "#{hashed_storage.disk_path}.wiki.git")).to be_falsey
+        expect(gitlab_shell.exists?(project.repository_storage, "#{hashed_storage.disk_path}.git")).to be_falsey
+        expect(gitlab_shell.exists?(project.repository_storage, "#{hashed_storage.disk_path}.wiki.git")).to be_falsey
         expect(project.repository_read_only?).to be_falsey
       end
 
@@ -63,11 +63,11 @@ describe Projects::HashedStorage::MigrateRepositoryService do
 
         before do
           hashed_storage.ensure_storage_path_exists
-          gitlab_shell.mv_repository(project.repository_storage_path, from_name, to_name)
+          gitlab_shell.mv_repository(project.repository_storage, from_name, to_name)
         end
 
         it 'does not try to move nil repository over hashed' do
-          expect(gitlab_shell).not_to receive(:mv_repository).with(project.repository_storage_path, from_name, to_name)
+          expect(gitlab_shell).not_to receive(:mv_repository).with(project.repository_storage, from_name, to_name)
           expect_move_repository("#{project.disk_path}.wiki", "#{hashed_storage.disk_path}.wiki")
 
           service.execute
@@ -76,7 +76,7 @@ describe Projects::HashedStorage::MigrateRepositoryService do
     end
 
     def expect_move_repository(from_name, to_name)
-      expect(gitlab_shell).to receive(:mv_repository).with(project.repository_storage_path, from_name, to_name).and_call_original
+      expect(gitlab_shell).to receive(:mv_repository).with(project.repository_storage, from_name, to_name).and_call_original
     end
   end
 end
diff --git a/spec/services/projects/transfer_service_spec.rb b/spec/services/projects/transfer_service_spec.rb
index ff9b2372a35..3e6483d7e28 100644
--- a/spec/services/projects/transfer_service_spec.rb
+++ b/spec/services/projects/transfer_service_spec.rb
@@ -84,7 +84,7 @@ describe Projects::TransferService do
     end
 
     def project_path(project)
-      File.join(project.repository_storage_path, "#{project.disk_path}.git")
+      project.repository.path_to_repo
     end
 
     def current_path
@@ -94,7 +94,7 @@ describe Projects::TransferService do
     it 'rolls back repo location' do
       attempt_project_transfer
 
-      expect(Dir.exist?(original_path)).to be_truthy
+      expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be(true)
       expect(original_path).to eq current_path
     end
 
@@ -165,7 +165,7 @@ describe Projects::TransferService do
     end
 
     after do
-      gitlab_shell.remove_repository(repository_storage_path, "#{group.full_path}/#{project.path}")
+      gitlab_shell.remove_repository(repository_storage, "#{group.full_path}/#{project.path}")
     end
 
     it { expect(@result).to eq false }
diff --git a/spec/services/projects/update_pages_service_spec.rb b/spec/services/projects/update_pages_service_spec.rb
index 1b6caeab15d..a418808fd26 100644
--- a/spec/services/projects/update_pages_service_spec.rb
+++ b/spec/services/projects/update_pages_service_spec.rb
@@ -29,25 +29,10 @@ describe Projects::UpdatePagesService do
     end
 
     describe 'pages artifacts' do
-      context 'with expiry date' do
-        before do
-          build.artifacts_expire_in = "2 days"
-          build.save!
-        end
-
-        it "doesn't delete artifacts" do
-          expect(execute).to eq(:success)
-
-          expect(build.reload.artifacts?).to eq(true)
-        end
-      end
-
-      context 'without expiry date' do
-        it "does delete artifacts" do
-          expect(execute).to eq(:success)
+      it "doesn't delete artifacts after deploying" do
+        expect(execute).to eq(:success)
 
-          expect(build.reload.artifacts?).to eq(false)
-        end
+        expect(build.reload.artifacts?).to eq(true)
       end
     end
 
@@ -100,25 +85,10 @@ describe Projects::UpdatePagesService do
       end
 
       describe 'pages artifacts' do
-        context 'with expiry date' do
-          before do
-            build.artifacts_expire_in = "2 days"
-            build.save!
-          end
-
-          it "doesn't delete artifacts" do
-            expect(execute).to eq(:success)
-
-            expect(build.artifacts?).to eq(true)
-          end
-        end
-
-        context 'without expiry date' do
-          it "does delete artifacts" do
-            expect(execute).to eq(:success)
+        it "doesn't delete artifacts after deploying" do
+          expect(execute).to eq(:success)
 
-            expect(build.reload.artifacts?).to eq(false)
-          end
+          expect(build.artifacts?).to eq(true)
         end
       end
 
@@ -171,13 +141,12 @@ describe Projects::UpdatePagesService do
 
           build.reload
           expect(deploy_status).to be_failed
-          expect(build.artifacts?).to be_truthy
         end
       end
 
       context 'when failed to extract zip artifacts' do
         before do
-          allow_any_instance_of(described_class)
+          expect_any_instance_of(described_class)
             .to receive(:extract_zip_archive!)
             .and_raise(Projects::UpdatePagesService::FailedToExtractError)
         end
@@ -188,21 +157,19 @@ describe Projects::UpdatePagesService do
 
           build.reload
           expect(deploy_status).to be_failed
-          expect(build.artifacts?).to be_truthy
         end
       end
 
       context 'when missing artifacts metadata' do
         before do
-          allow(build).to receive(:artifacts_metadata?).and_return(false)
+          expect(build).to receive(:artifacts_metadata?).and_return(false)
         end
 
-        it 'does not raise an error and remove artifacts as failed job' do
+        it 'does not raise an error as failed job' do
           execute
 
           build.reload
           expect(deploy_status).to be_failed
-          expect(build.artifacts?).to be_falsey
         end
       end
     end
diff --git a/spec/services/projects/update_service_spec.rb b/spec/services/projects/update_service_spec.rb
index f48d466d263..3e6073b9861 100644
--- a/spec/services/projects/update_service_spec.rb
+++ b/spec/services/projects/update_service_spec.rb
@@ -200,7 +200,7 @@ describe Projects::UpdateService do
         end
 
         after do
-          gitlab_shell.remove_repository(repository_storage_path, "#{user.namespace.full_path}/existing")
+          gitlab_shell.remove_repository(repository_storage, "#{user.namespace.full_path}/existing")
         end
 
         it 'does not allow renaming when new path matches existing repository on disk' do
diff --git a/spec/services/repository_archive_clean_up_service_spec.rb b/spec/services/repository_archive_clean_up_service_spec.rb
index 2d7fa3f80f7..ab1c638fc39 100644
--- a/spec/services/repository_archive_clean_up_service_spec.rb
+++ b/spec/services/repository_archive_clean_up_service_spec.rb
@@ -1,15 +1,47 @@
 require 'spec_helper'
 
 describe RepositoryArchiveCleanUpService do
-  describe '#execute' do
-    subject(:service) { described_class.new }
+  subject(:service) { described_class.new }
 
+  describe '#execute (new archive locations)' do
+    let(:sha) { "0" * 40 }
+
+    it 'removes outdated archives and directories in a new-style path' do
+      in_directory_with_files("project-999/#{sha}", %w[tar tar.bz2 tar.gz zip], 3.hours) do |dirname, files|
+        service.execute
+
+        files.each { |filename| expect(File.exist?(filename)).to be_falsy }
+        expect(File.directory?(dirname)).to be_falsy
+        expect(File.directory?(File.dirname(dirname))).to be_falsy
+      end
+    end
+
+    it 'does not remove directories when they contain outdated non-archives' do
+      in_directory_with_files("project-999/#{sha}", %w[tar conf rb], 2.hours) do |dirname, files|
+        service.execute
+
+        expect(File.directory?(dirname)).to be_truthy
+      end
+    end
+
+    it 'does not remove in-date archives in a new-style path' do
+      in_directory_with_files("project-999/#{sha}", %w[tar tar.bz2 tar.gz zip], 1.hour) do |dirname, files|
+        service.execute
+
+        files.each { |filename| expect(File.exist?(filename)).to be_truthy }
+      end
+    end
+  end
+
+  describe '#execute (legacy archive locations)' do
     context 'when the downloads directory does not exist' do
       it 'does not remove any archives' do
         path = '/invalid/path/'
         stub_repository_downloads_path(path)
 
+        allow(File).to receive(:directory?).and_call_original
         expect(File).to receive(:directory?).with(path).and_return(false)
+
         expect(service).not_to receive(:clean_up_old_archives)
         expect(service).not_to receive(:clean_up_empty_directories)
 
@@ -19,7 +51,7 @@ describe RepositoryArchiveCleanUpService do
 
     context 'when the downloads directory exists' do
       shared_examples 'invalid archive files' do |dirname, extensions, mtime|
-        it 'does not remove files and directoy' do
+        it 'does not remove files and directory' do
           in_directory_with_files(dirname, extensions, mtime) do |dir, files|
             service.execute
 
@@ -43,7 +75,7 @@ describe RepositoryArchiveCleanUpService do
       end
 
       context 'with files older than 2 hours inside invalid directories' do
-        it_behaves_like 'invalid archive files', 'john_doe/sample.git', %w[conf rb tar tar.gz], 2.hours
+        it_behaves_like 'invalid archive files', 'john/doe/sample.git', %w[conf rb tar tar.gz], 2.hours
       end
 
       context 'with files newer than 2 hours that matches valid archive extensions' do
@@ -58,24 +90,24 @@ describe RepositoryArchiveCleanUpService do
         it_behaves_like 'invalid archive files', 'sample.git', %w[conf rb tar tar.gz], 1.hour
       end
     end
+  end
 
-    def in_directory_with_files(dirname, extensions, mtime)
-      Dir.mktmpdir do |tmpdir|
-        stub_repository_downloads_path(tmpdir)
-        dir = File.join(tmpdir, dirname)
-        files = create_temporary_files(dir, extensions, mtime)
+  def in_directory_with_files(dirname, extensions, mtime)
+    Dir.mktmpdir do |tmpdir|
+      stub_repository_downloads_path(tmpdir)
+      dir = File.join(tmpdir, dirname)
+      files = create_temporary_files(dir, extensions, mtime)
 
-        yield(dir, files)
-      end
+      yield(dir, files)
     end
+  end
 
-    def stub_repository_downloads_path(path)
-      allow(Gitlab.config.gitlab).to receive(:repository_downloads_path).and_return(path)
-    end
+  def stub_repository_downloads_path(path)
+    allow(Gitlab.config.gitlab).to receive(:repository_downloads_path).and_return(path)
+  end
 
-    def create_temporary_files(dir, extensions, mtime)
-      FileUtils.mkdir_p(dir)
-      FileUtils.touch(extensions.map { |ext| File.join(dir, "sample.#{ext}") }, mtime: Time.now - mtime)
-    end
+  def create_temporary_files(dir, extensions, mtime)
+    FileUtils.mkdir_p(dir)
+    FileUtils.touch(extensions.map { |ext| File.join(dir, "sample.#{ext}") }, mtime: Time.now - mtime)
   end
 end
diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb
index 893804f1470..e28b0ea5cf2 100644
--- a/spec/services/system_note_service_spec.rb
+++ b/spec/services/system_note_service_spec.rb
@@ -909,13 +909,7 @@ describe SystemNoteService do
       it 'sets the note text' do
         noteable.update_attribute(:time_estimate, 277200)
 
-        expect(subject.note).to eq "changed time estimate to 1w 4d 5h,"
-      end
-
-      it 'appends a comma to separate the note from the update_at time' do
-        noteable.update_attribute(:time_estimate, 277200)
-
-        expect(subject.note).to end_with(',')
+        expect(subject.note).to eq "changed time estimate to 1w 4d 5h"
       end
     end
 
diff --git a/spec/services/users/destroy_service_spec.rb b/spec/services/users/destroy_service_spec.rb
index 11c75ddfcf8..76f1e625fda 100644
--- a/spec/services/users/destroy_service_spec.rb
+++ b/spec/services/users/destroy_service_spec.rb
@@ -176,7 +176,7 @@ describe Users::DestroyService do
         let!(:project) { create(:project, :empty_repo, :legacy_storage, namespace: user.namespace) }
 
         it 'removes repository' do
-          expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_falsey
+          expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_falsey
         end
       end
 
@@ -184,7 +184,7 @@ describe Users::DestroyService do
         let!(:project) { create(:project, :empty_repo, namespace: user.namespace) }
 
         it 'removes repository' do
-          expect(gitlab_shell.exists?(project.repository_storage_path, "#{project.disk_path}.git")).to be_falsey
+          expect(gitlab_shell.exists?(project.repository_storage, "#{project.disk_path}.git")).to be_falsey
         end
       end
     end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 53045815a6a..cc61cd7d838 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -113,10 +113,10 @@ RSpec.configure do |config|
       m.call(*args)
 
       shard_name, repository_relative_path = args
-      shard_path = Gitlab.config.repositories.storages.fetch(shard_name).legacy_disk_path
       # We can't leave the hooks in place after a fork, as those would fail in tests
       # The "internal" API is not available
-      FileUtils.rm_rf(File.join(shard_path, repository_relative_path, 'hooks'))
+      Gitlab::Shell.new.rm_directory(shard_name,
+                                     File.join(repository_relative_path, 'hooks'))
     end
 
     # Enable all features by default for testing
diff --git a/spec/support/helpers/javascript_fixtures_helpers.rb b/spec/support/helpers/javascript_fixtures_helpers.rb
index 2197bc9d853..086a345dca8 100644
--- a/spec/support/helpers/javascript_fixtures_helpers.rb
+++ b/spec/support/helpers/javascript_fixtures_helpers.rb
@@ -31,7 +31,7 @@ module JavaScriptFixturesHelpers
   end
 
   def remove_repository(project)
-    Gitlab::Shell.new.remove_repository(project.repository_storage_path, project.disk_path)
+    Gitlab::Shell.new.remove_repository(project.repository_storage, project.disk_path)
   end
 
   private
diff --git a/spec/support/helpers/test_env.rb b/spec/support/helpers/test_env.rb
index d87f265cdf0..1dad39fdab3 100644
--- a/spec/support/helpers/test_env.rb
+++ b/spec/support/helpers/test_env.rb
@@ -218,7 +218,8 @@ module TestEnv
   end
 
   def copy_repo(project, bare_repo:, refs:)
-    target_repo_path = File.expand_path(project.repository_storage_path + "/#{project.disk_path}.git")
+    target_repo_path = File.expand_path(repos_path + "/#{project.disk_path}.git")
+
     FileUtils.mkdir_p(target_repo_path)
     FileUtils.cp_r("#{File.expand_path(bare_repo)}/.", target_repo_path)
     FileUtils.chmod_R 0755, target_repo_path
@@ -226,7 +227,7 @@ module TestEnv
   end
 
   def repos_path
-    Gitlab.config.repositories.storages[REPOS_STORAGE].legacy_disk_path
+    @repos_path ||= Gitlab.config.repositories.storages[REPOS_STORAGE].legacy_disk_path
   end
 
   def backup_path
diff --git a/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb b/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb
new file mode 100644
index 00000000000..b29bb3c2fc0
--- /dev/null
+++ b/spec/support/shared_examples/features/master_manages_access_requests_shared_example.rb
@@ -0,0 +1,52 @@
+RSpec.shared_examples 'Master manages access requests' do
+  let(:user) { create(:user) }
+  let(:master) { create(:user) }
+
+  before do
+    entity.request_access(user)
+    entity.respond_to?(:add_owner) ? entity.add_owner(master) : entity.add_master(master)
+    sign_in(master)
+  end
+
+  it 'master can see access requests' do
+    visit members_page_path
+
+    expect_visible_access_request(entity, user)
+  end
+
+  it 'master can grant access', :js do
+    visit members_page_path
+
+    expect_visible_access_request(entity, user)
+
+    accept_confirm { click_on 'Grant access' }
+
+    expect_no_visible_access_request(entity, user)
+
+    page.within('.members-list') do
+      expect(page).to have_content user.name
+    end
+  end
+
+  it 'master can deny access', :js do
+    visit members_page_path
+
+    expect_visible_access_request(entity, user)
+
+    accept_confirm { click_on 'Deny access' }
+
+    expect_no_visible_access_request(entity, user)
+    expect(page).not_to have_content user.name
+  end
+
+  def expect_visible_access_request(entity, user)
+    expect(entity.requesters.exists?(user_id: user)).to be_truthy
+    expect(page).to have_content "Users requesting access to #{entity.name} 1"
+    expect(page).to have_content user.name
+  end
+
+  def expect_no_visible_access_request(entity, user)
+    expect(entity.requesters.exists?(user_id: user)).to be_falsy
+    expect(page).not_to have_content "Users requesting access to #{entity.name}"
+  end
+end
diff --git a/spec/support/shared_examples/models/members_notifications_shared_example.rb b/spec/support/shared_examples/models/members_notifications_shared_example.rb
new file mode 100644
index 00000000000..76611e54306
--- /dev/null
+++ b/spec/support/shared_examples/models/members_notifications_shared_example.rb
@@ -0,0 +1,63 @@
+RSpec.shared_examples 'members notifications' do |entity_type|
+  let(:notification_service) { double('NotificationService').as_null_object }
+
+  before do
+    allow(member).to receive(:notification_service).and_return(notification_service)
+  end
+
+  describe "#after_create" do
+    let(:member) { build(:"#{entity_type}_member") }
+
+    it "sends email to user" do
+      expect(notification_service).to receive(:"new_#{entity_type}_member").with(member)
+
+      member.save
+    end
+  end
+
+  describe "#after_update" do
+    let(:member) { create(:"#{entity_type}_member", :developer) }
+
+    it "calls NotificationService.update_#{entity_type}_member" do
+      expect(notification_service).to receive(:"update_#{entity_type}_member").with(member)
+
+      member.update_attribute(:access_level, Member::MASTER)
+    end
+
+    it "does not send an email when the access level has not changed" do
+      expect(notification_service).not_to receive(:"update_#{entity_type}_member")
+
+      member.touch
+    end
+  end
+
+  describe '#accept_request' do
+    let(:member) { create(:"#{entity_type}_member", :access_request) }
+
+    it "calls NotificationService.new_#{entity_type}_member" do
+      expect(notification_service).to receive(:"new_#{entity_type}_member").with(member)
+
+      member.accept_request
+    end
+  end
+
+  describe "#accept_invite!" do
+    let(:member) { create(:"#{entity_type}_member", :invited) }
+
+    it "calls NotificationService.accept_#{entity_type}_invite" do
+      expect(notification_service).to receive(:"accept_#{entity_type}_invite").with(member)
+
+      member.accept_invite!(build(:user))
+    end
+  end
+
+  describe "#decline_invite!" do
+    let(:member) { create(:"#{entity_type}_member", :invited) }
+
+    it "calls NotificationService.decline_#{entity_type}_invite" do
+      expect(notification_service).to receive(:"decline_#{entity_type}_invite").with(member)
+
+      member.decline_invite!
+    end
+  end
+end
diff --git a/spec/tasks/gitlab/backup_rake_spec.rb b/spec/tasks/gitlab/backup_rake_spec.rb
index 0d24782f317..a2e5642a72c 100644
--- a/spec/tasks/gitlab/backup_rake_spec.rb
+++ b/spec/tasks/gitlab/backup_rake_spec.rb
@@ -195,15 +195,12 @@ describe 'gitlab:app namespace rake task' do
     end
 
     context 'multiple repository storages' do
-      let(:storage_default) do
-        Gitlab::GitalyClient::StorageSettings.new(@default_storage_hash.merge('path' => 'tmp/tests/default_storage'))
-      end
       let(:test_second_storage) do
         Gitlab::GitalyClient::StorageSettings.new(@default_storage_hash.merge('path' => 'tmp/tests/custom_storage'))
       end
       let(:storages) do
         {
-          'default' => storage_default,
+          'default' => Gitlab.config.repositories.storages.default,
           'test_second_storage' => test_second_storage
         }
       end
@@ -215,8 +212,7 @@ describe 'gitlab:app namespace rake task' do
       before do
         # We only need a backup of the repositories for this test
         stub_env('SKIP', 'db,uploads,builds,artifacts,lfs,registry')
-        FileUtils.mkdir(Settings.absolute('tmp/tests/default_storage'))
-        FileUtils.mkdir(Settings.absolute('tmp/tests/custom_storage'))
+
         allow(Gitlab.config.repositories).to receive(:storages).and_return(storages)
 
         # Avoid asking gitaly about the root ref (which will fail beacuse of the
@@ -225,14 +221,23 @@ describe 'gitlab:app namespace rake task' do
       end
 
       after do
-        FileUtils.rm_rf(Settings.absolute('tmp/tests/default_storage'))
         FileUtils.rm_rf(Settings.absolute('tmp/tests/custom_storage'))
       end
 
       it 'includes repositories in all repository storages' do
-        project_a = create(:project, :repository, repository_storage: 'default')
+        project_a = create(:project, :repository)
         project_b = create(:project, :repository, repository_storage: 'test_second_storage')
 
+        b_storage_dir = File.join(Settings.absolute('tmp/tests/custom_storage'), File.dirname(project_b.disk_path))
+
+        FileUtils.mkdir_p(b_storage_dir)
+
+        # Even when overriding the storage, we have to move it there, so it exists
+        FileUtils.mv(
+          File.join(Settings.absolute(storages['default'].legacy_disk_path), project_b.repository.disk_path + '.git'),
+          Rails.root.join(storages['test_second_storage'].legacy_disk_path, project_b.repository.disk_path + '.git')
+        )
+
         expect { run_rake_task('gitlab:backup:create') }.to output.to_stdout
 
         tar_contents, exit_status = Gitlab::Popen.popen(
diff --git a/spec/workers/mail_scheduler/issue_due_worker_spec.rb b/spec/workers/mail_scheduler/issue_due_worker_spec.rb
index 48ac1b8a1a4..1026ae5b4bf 100644
--- a/spec/workers/mail_scheduler/issue_due_worker_spec.rb
+++ b/spec/workers/mail_scheduler/issue_due_worker_spec.rb
@@ -12,8 +12,8 @@ describe MailScheduler::IssueDueWorker do
       create(:issue, :opened, project: project, due_date: 2.days.from_now) # due on another day
       create(:issue, :opened, due_date: Date.tomorrow) # different project
 
-      expect_any_instance_of(NotificationService).to receive(:issue_due).with(issue1)
-      expect_any_instance_of(NotificationService).to receive(:issue_due).with(issue2)
+      expect(worker.notification_service).to receive(:issue_due).with(issue1)
+      expect(worker.notification_service).to receive(:issue_due).with(issue2)
 
       worker.perform(project.id)
     end
diff --git a/spec/workers/mail_scheduler/notification_service_worker_spec.rb b/spec/workers/mail_scheduler/notification_service_worker_spec.rb
new file mode 100644
index 00000000000..f725c8763a0
--- /dev/null
+++ b/spec/workers/mail_scheduler/notification_service_worker_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe MailScheduler::NotificationServiceWorker do
+  let(:worker) { described_class.new }
+  let(:method) { 'new_key' }
+  set(:key) { create(:personal_key) }
+
+  def serialize(*args)
+    ActiveJob::Arguments.serialize(args)
+  end
+
+  describe '#perform' do
+    it 'deserializes arguments from global IDs' do
+      expect(worker.notification_service).to receive(method).with(key)
+
+      worker.perform(method, *serialize(key))
+    end
+
+    context 'when the arguments cannot be deserialized' do
+      it 'does nothing' do
+        expect(worker.notification_service).not_to receive(method)
+
+        worker.perform(method, key.to_global_id.to_s.succ)
+      end
+    end
+
+    context 'when the method is not a public method' do
+      it 'raises NoMethodError' do
+        expect { worker.perform('notifiable?', *serialize(key)) }.to raise_error(NoMethodError)
+      end
+    end
+  end
+
+  describe '.perform_async' do
+    it 'serializes arguments as global IDs when scheduling' do
+      Sidekiq::Testing.fake! do
+        described_class.perform_async(method, key)
+
+        expect(described_class.jobs.count).to eq(1)
+        expect(described_class.jobs.first).to include('args' => [method, *serialize(key)])
+      end
+    end
+  end
+end
diff --git a/spec/workers/namespaceless_project_destroy_worker_spec.rb b/spec/workers/namespaceless_project_destroy_worker_spec.rb
index 479d9396eca..eec110dfbfb 100644
--- a/spec/workers/namespaceless_project_destroy_worker_spec.rb
+++ b/spec/workers/namespaceless_project_destroy_worker_spec.rb
@@ -22,13 +22,11 @@ describe NamespacelessProjectDestroyWorker do
       end
     end
 
-    # Only possible with schema 20180222043024 and lower.
-    # Project#namespace_id has not null constraint since then
-    context 'project has no namespace', :migration, schema: 20180222043024 do
-      let!(:project) do
-        project = build(:project, namespace_id: nil)
-        project.save(validate: false)
-        project
+    context 'project has no namespace' do
+      let!(:project) { create(:project) }
+
+      before do
+        allow_any_instance_of(Project).to receive(:namespace).and_return(nil)
       end
 
       context 'project not a fork of another project' do
@@ -61,8 +59,7 @@ describe NamespacelessProjectDestroyWorker do
         let!(:parent_project) { create(:project) }
         let(:project) do
           namespaceless_project = fork_project(parent_project)
-          namespaceless_project.namespace_id = nil
-          namespaceless_project.save(validate: false)
+          namespaceless_project.save
           namespaceless_project
         end