Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-16 18:08:22 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-16 18:08:22 +0000
commit: 123c68a7cf788ace140e57e478a12c5b7ac893ae (patch)
tree: b36e565ecd895ee46c1713f3734308cfce0e6ba9 /spec
parent: 862d225ca0d8eb452e56b8fe5a0109aac796e872 (diff)
download: gitlab-ce-123c68a7cf788ace140e57e478a12c5b7ac893ae.tar.gz
49 files changed, 553 insertions, 596 deletions
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index f35babc1b56..ff15e685007 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -196,24 +196,39 @@ describe UploadsController do
 
   describe "GET show" do
     context 'Content-Disposition security measures' do
+      let(:expected_disposition) { 'inline;' }
       let(:project) { create(:project, :public) }
 
-      context 'for PNG files' do
-        it 'returns Content-Disposition: inline' do
-          note = create(:note, :with_attachment, project: project)
-          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
+      shared_examples_for 'uploaded file with disposition' do
+        it 'returns correct Content-Disposition' do
+          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: filename }
 
-          expect(response['Content-Disposition']).to start_with('inline;')
+          expect(response['Content-Disposition']).to start_with(expected_disposition)
         end
       end
 
+      context 'for PNG files' do
+        let(:filename) { 'dk.png' }
+        let(:expected_disposition) { 'inline;' }
+        let(:note) { create(:note, :with_attachment, project: project) }
+
+        it_behaves_like 'uploaded file with disposition'
+      end
+
+      context 'for PDF files' do
+        let(:filename) { 'git-cheat-sheet.pdf' }
+        let(:expected_disposition) { 'inline;' }
+        let(:note) { create(:note, :with_pdf_attachment, project: project) }
+
+        it_behaves_like 'uploaded file with disposition'
+      end
+
       context 'for SVG files' do
-        it 'returns Content-Disposition: attachment' do
-          note = create(:note, :with_svg_attachment, project: project)
-          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'unsanitized.svg' }
+        let(:filename) { 'unsanitized.svg' }
+        let(:expected_disposition) { 'attachment;' }
+        let(:note) { create(:note, :with_svg_attachment, project: project) }
 
-          expect(response['Content-Disposition']).to start_with('attachment;')
-        end
+        it_behaves_like 'uploaded file with disposition'
       end
     end
 
diff --git a/spec/factories/ci/builds.rb b/spec/factories/ci/builds.rb
index a38935c89ba..ecb1f1996d9 100644
--- a/spec/factories/ci/builds.rb
+++ b/spec/factories/ci/builds.rb
@@ -207,14 +207,6 @@ FactoryBot.define do
       trigger_request factory: :ci_trigger_request
     end
 
-    trait :resource_group do
-      waiting_for_resource_at { 5.minutes.ago }
-
-      after(:build) do |build, evaluator|
-        build.resource_group = create(:ci_resource_group, project: build.project)
-      end
-    end
-
     after(:build) do |build, evaluator|
       build.project ||= build.pipeline.project
     end
diff --git a/spec/factories/ci/resource.rb b/spec/factories/ci/resource.rb
deleted file mode 100644
index d47b3ba4635..00000000000
--- a/spec/factories/ci/resource.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-FactoryBot.define do
-  factory :ci_resource, class: Ci::Resource do
-    resource_group factory: :ci_resource_group
-
-    trait(:retained) do
-      build factory: :ci_build
-    end
-  end
-end
diff --git a/spec/factories/ci/resource_group.rb b/spec/factories/ci/resource_group.rb
deleted file mode 100644
index bdfc0740a45..00000000000
--- a/spec/factories/ci/resource_group.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-FactoryBot.define do
-  factory :ci_resource_group, class: Ci::ResourceGroup do
-    project
-    sequence(:key) { |n| "IOS_#{n}" }
-  end
-end
diff --git a/spec/factories/notes.rb b/spec/factories/notes.rb
index 2f02acca794..330f5276422 100644
--- a/spec/factories/notes.rb
+++ b/spec/factories/notes.rb
@@ -167,6 +167,10 @@ FactoryBot.define do
       attachment { fixture_file_upload("spec/fixtures/unsanitized.svg", "image/svg+xml") }
     end
 
+    trait :with_pdf_attachment do
+      attachment { fixture_file_upload("spec/fixtures/git-cheat-sheet.pdf", "application/pdf") }
+    end
+
     transient do
       in_reply_to { nil }
     end
diff --git a/spec/features/users/show_spec.rb b/spec/features/users/show_spec.rb
index 932c1d8d4bd..8c2b555305a 100644
--- a/spec/features/users/show_spec.rb
+++ b/spec/features/users/show_spec.rb
@@ -59,6 +59,42 @@ describe 'User page' do
     end
   end
 
+  context 'with blocked profile' do
+    let(:user) { create(:user, state: :blocked) }
+
+    it 'shows no tab' do
+      visit(user_path(user))
+
+      expect(page).to have_css("div.profile-header")
+      expect(page).not_to have_css("ul.nav-links")
+    end
+
+    it 'shows blocked message' do
+      visit(user_path(user))
+
+      expect(page).to have_content("This user is blocked")
+    end
+
+    it 'shows user name as blocked' do
+      visit(user_path(user))
+
+      expect(page).to have_css(".cover-title", text: 'Blocked user')
+    end
+
+    it 'shows no additional fields' do
+      visit(user_path(user))
+
+      expect(page).not_to have_css(".profile-user-bio")
+      expect(page).not_to have_css(".profile-link-holder")
+    end
+
+    it 'shows username' do
+      visit(user_path(user))
+
+      expect(page).to have_content("@#{user.username}")
+    end
+  end
+
   it 'shows the status if there was one' do
     create(:user_status, user: user, message: "Working hard!")
 
diff --git a/spec/fixtures/lib/gitlab/import_export/complex/project.json b/spec/fixtures/lib/gitlab/import_export/complex/project.json
index acfd6a6924a..583d6c7b78a 100644
--- a/spec/fixtures/lib/gitlab/import_export/complex/project.json
+++ b/spec/fixtures/lib/gitlab/import_export/complex/project.json
@@ -6757,6 +6757,17 @@
       "updated_at": "2017-01-16T15:25:29.637Z"
     }
   ],
+  "container_expiration_policy": {
+    "created_at": "2019-12-13 13:45:04 UTC",
+    "updated_at": "2019-12-13 13:45:04 UTC",
+    "next_run_at": null,
+    "project_id": 5,
+    "name_regex": null,
+    "cadence": "3month",
+    "older_than": null,
+    "keep_n": 100,
+    "enabled": false
+  },
   "deploy_keys": [],
   "services": [
     {
diff --git a/spec/frontend/error_tracking/components/error_tracking_list_spec.js b/spec/frontend/error_tracking/components/error_tracking_list_spec.js
index 9ec3d42f0d4..581581405b6 100644
--- a/spec/frontend/error_tracking/components/error_tracking_list_spec.js
+++ b/spec/frontend/error_tracking/components/error_tracking_list_spec.js
@@ -8,8 +8,8 @@ import {
   GlFormInput,
   GlDropdown,
   GlDropdownItem,
+  GlPagination,
 } from '@gitlab/ui';
-import createListState from '~/error_tracking/store/list/state';
 import ErrorTrackingList from '~/error_tracking/components/error_tracking_list.vue';
 import errorsList from './list_mock.json';
 
@@ -27,13 +27,16 @@ describe('ErrorTrackingList', () => {
   const findRecentSearchesDropdown = () =>
     wrapper.find('.filtered-search-history-dropdown-wrapper');
   const findLoadingIcon = () => wrapper.find(GlLoadingIcon);
+  const findPagination = () => wrapper.find(GlPagination);
 
   function mountComponent({
     errorTrackingEnabled = true,
     userCanEnableErrorTracking = true,
+    sync = true,
     stubs = {
       'gl-link': GlLink,
       'gl-table': GlTable,
+      'gl-pagination': GlPagination,
       'gl-dropdown': GlDropdown,
       'gl-dropdown-item': GlDropdownItem,
     },
@@ -41,6 +44,7 @@ describe('ErrorTrackingList', () => {
     wrapper = shallowMount(ErrorTrackingList, {
       localVue,
       store,
+      sync,
       propsData: {
         indexPath: '/path',
         enableErrorTrackingLink: '/link',
@@ -69,7 +73,20 @@ describe('ErrorTrackingList', () => {
       sortByField: jest.fn(),
     };
 
-    const state = createListState();
+    const state = {
+      indexPath: '',
+      recentSearches: [],
+      errors: errorsList,
+      loading: true,
+      pagination: {
+        previous: {
+          cursor: 'previousCursor',
+        },
+        next: {
+          cursor: 'nextCursor',
+        },
+      },
+    };
 
     store = new Vuex.Store({
       modules: {
@@ -252,4 +269,65 @@ describe('ErrorTrackingList', () => {
       });
     });
   });
+
+  describe('When pagination is not required', () => {
+    beforeEach(() => {
+      store.state.list.pagination = {};
+      mountComponent();
+    });
+
+    it('should not render the pagination component', () => {
+      expect(findPagination().exists()).toBe(false);
+    });
+  });
+
+  describe('When pagination is required', () => {
+    describe('and the user is on the first page', () => {
+      beforeEach(() => {
+        mountComponent({ sync: false });
+      });
+
+      it('shows a disabled Prev button', () => {
+        expect(wrapper.find('.prev-page-item').attributes('aria-disabled')).toBe('true');
+      });
+    });
+
+    describe('and the user is not on the first page', () => {
+      describe('and the previous button is clicked', () => {
+        beforeEach(() => {
+          mountComponent({ sync: false });
+          wrapper.setData({ pageValue: 2 });
+        });
+
+        it('fetches the previous page of results', () => {
+          expect(wrapper.find('.prev-page-item').attributes('aria-disabled')).toBe(undefined);
+          wrapper.vm.goToPrevPage();
+          expect(actions.startPolling).toHaveBeenCalledTimes(2);
+          expect(actions.startPolling).toHaveBeenLastCalledWith(
+            expect.anything(),
+            '/path?cursor=previousCursor',
+            undefined,
+          );
+        });
+      });
+
+      describe('and the next page button is clicked', () => {
+        beforeEach(() => {
+          mountComponent({ sync: false });
+        });
+
+        it('fetches the next page of results', () => {
+          window.scrollTo = jest.fn();
+          findPagination().vm.$emit('input', 2);
+          expect(window.scrollTo).toHaveBeenCalledWith(0, 0);
+          expect(actions.startPolling).toHaveBeenCalledTimes(2);
+          expect(actions.startPolling).toHaveBeenLastCalledWith(
+            expect.anything(),
+            '/path?cursor=nextCursor',
+            undefined,
+          );
+        });
+      });
+    });
+  });
 });
diff --git a/spec/frontend/error_tracking/store/list/actions_spec.js b/spec/frontend/error_tracking/store/list/actions_spec.js
index fb659db9ab5..7906738f5b0 100644
--- a/spec/frontend/error_tracking/store/list/actions_spec.js
+++ b/spec/frontend/error_tracking/store/list/actions_spec.js
@@ -30,6 +30,7 @@ describe('error tracking actions', () => {
         {},
         [
           { type: types.SET_LOADING, payload: true },
+          { type: types.SET_PAGINATION, payload: payload.pagination },
           { type: types.SET_ERRORS, payload: payload.errors },
           { type: types.SET_LOADING, payload: false },
         ],
diff --git a/spec/frontend/notes/mock_data.js b/spec/frontend/notes/mock_data.js
index 01cb70d395c..9ed79c61c22 100644
--- a/spec/frontend/notes/mock_data.js
+++ b/spec/frontend/notes/mock_data.js
@@ -52,7 +52,7 @@ export const noteableDataMock = {
   time_estimate: 0,
   title: '14',
   total_time_spent: 0,
-  noteable_note_url: '/group/project/merge_requests/1#note_1',
+  noteable_note_url: '/group/project/-/merge_requests/1#note_1',
   updated_at: '2017-08-04T09:53:01.226Z',
   updated_by_id: 1,
   web_url: '/gitlab-org/gitlab-foss/issues/26',
@@ -101,8 +101,8 @@ export const individualNote = {
         { name: 'art', user: { id: 1, name: 'Root', username: 'root' } },
       ],
       toggle_award_path: '/gitlab-org/gitlab-foss/notes/1390/toggle_award_emoji',
-      noteable_note_url: '/group/project/merge_requests/1#note_1',
-      note_url: '/group/project/merge_requests/1#note_1',
+      noteable_note_url: '/group/project/-/merge_requests/1#note_1',
+      note_url: '/group/project/-/merge_requests/1#note_1',
       report_abuse_path:
         '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1390&user_id=1',
       path: '/gitlab-org/gitlab-foss/notes/1390',
@@ -161,8 +161,8 @@ export const note = {
     },
   ],
   toggle_award_path: '/gitlab-org/gitlab-foss/notes/546/toggle_award_emoji',
-  note_url: '/group/project/merge_requests/1#note_1',
-  noteable_note_url: '/group/project/merge_requests/1#note_1',
+  note_url: '/group/project/-/merge_requests/1#note_1',
+  noteable_note_url: '/group/project/-/merge_requests/1#note_1',
   report_abuse_path:
     '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F7%23note_546&user_id=1',
   path: '/gitlab-org/gitlab-foss/notes/546',
@@ -205,7 +205,7 @@ export const discussionMock = {
       discussion_id: '9e3bd2f71a01de45fd166e6719eb380ad9f270b1',
       emoji_awardable: true,
       award_emoji: [],
-      noteable_note_url: '/group/project/merge_requests/1#note_1',
+      noteable_note_url: '/group/project/-/merge_requests/1#note_1',
       toggle_award_path: '/gitlab-org/gitlab-foss/notes/1395/toggle_award_emoji',
       report_abuse_path:
         '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1395&user_id=1',
@@ -253,7 +253,7 @@ export const discussionMock = {
       emoji_awardable: true,
       award_emoji: [],
       toggle_award_path: '/gitlab-org/gitlab-foss/notes/1396/toggle_award_emoji',
-      noteable_note_url: '/group/project/merge_requests/1#note_1',
+      noteable_note_url: '/group/project/-/merge_requests/1#note_1',
       report_abuse_path:
         '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1396&user_id=1',
       path: '/gitlab-org/gitlab-foss/notes/1396',
@@ -299,7 +299,7 @@ export const discussionMock = {
       discussion_id: '9e3bd2f71a01de45fd166e6719eb380ad9f270b1',
       emoji_awardable: true,
       award_emoji: [],
-      noteable_note_url: '/group/project/merge_requests/1#note_1',
+      noteable_note_url: '/group/project/-/merge_requests/1#note_1',
       toggle_award_path: '/gitlab-org/gitlab-foss/notes/1437/toggle_award_emoji',
       report_abuse_path:
         '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1437&user_id=1',
@@ -349,7 +349,7 @@ export const loggedOutnoteableData = {
     can_create_note: false,
     can_update: false,
   },
-  noteable_note_url: '/group/project/merge_requests/1#note_1',
+  noteable_note_url: '/group/project/-/merge_requests/1#note_1',
   create_note_path: '/gitlab-org/gitlab-foss/notes?target_id=98&target_type=issue',
   preview_note_path: '/gitlab-org/gitlab-foss/preview_markdown?target_id=98&target_type=Issue',
 };
@@ -483,7 +483,7 @@ export const INDIVIDUAL_NOTE_RESPONSE_MAP = {
                 },
               },
             ],
-            noteable_note_url: '/group/project/merge_requests/1#note_1',
+            noteable_note_url: '/group/project/-/merge_requests/1#note_1',
             toggle_award_path: '/gitlab-org/gitlab-foss/notes/1390/toggle_award_emoji',
             report_abuse_path:
               '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1390\u0026user_id=1',
@@ -528,7 +528,7 @@ export const INDIVIDUAL_NOTE_RESPONSE_MAP = {
             discussion_id: '70d5c92a4039a36c70100c6691c18c27e4b0a790',
             emoji_awardable: true,
             award_emoji: [],
-            noteable_note_url: '/group/project/merge_requests/1#note_1',
+            noteable_note_url: '/group/project/-/merge_requests/1#note_1',
             toggle_award_path: '/gitlab-org/gitlab-foss/notes/1391/toggle_award_emoji',
             report_abuse_path:
               '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F26%23note_1391\u0026user_id=1',
@@ -583,7 +583,7 @@ export const INDIVIDUAL_NOTE_RESPONSE_MAP = {
       discussion_id: 'a3ed36e29b1957efb3b68c53e2d7a2b24b1df052',
       emoji_awardable: true,
       award_emoji: [],
-      noteable_note_url: '/group/project/merge_requests/1#note_1',
+      noteable_note_url: '/group/project/-/merge_requests/1#note_1',
       toggle_award_path: '/gitlab-org/gitlab-foss/notes/1471/toggle_award_emoji',
       report_abuse_path:
         '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F29%23note_1471\u0026user_id=1',
@@ -635,7 +635,7 @@ export const DISCUSSION_NOTE_RESPONSE_MAP = {
             emoji_awardable: true,
             award_emoji: [],
             toggle_award_path: '/gitlab-org/gitlab-foss/notes/1471/toggle_award_emoji',
-            noteable_note_url: '/group/project/merge_requests/1#note_1',
+            noteable_note_url: '/group/project/-/merge_requests/1#note_1',
             report_abuse_path:
               '/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F29%23note_1471\u0026user_id=1',
             path: '/gitlab-org/gitlab-foss/notes/1471',
diff --git a/spec/graphql/types/permission_types/snippet_spec.rb b/spec/graphql/types/permission_types/snippet_spec.rb
index 71843153d43..66e9fa6dfdb 100644
--- a/spec/graphql/types/permission_types/snippet_spec.rb
+++ b/spec/graphql/types/permission_types/snippet_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 describe Types::PermissionTypes::Snippet do
   it 'returns the snippets permissions' do
     expected_permissions = [
-      :create_note, :award_emoji, :read_snippet, :update_snippet, :admin_snippet
+      :create_note, :award_emoji, :read_snippet, :update_snippet, :admin_snippet, :report_snippet
     ]
 
     expected_permissions.each do |permission|
diff --git a/spec/helpers/award_emoji_helper_spec.rb b/spec/helpers/award_emoji_helper_spec.rb
index 2ad6b68a34c..975f32edd42 100644
--- a/spec/helpers/award_emoji_helper_spec.rb
+++ b/spec/helpers/award_emoji_helper_spec.rb
@@ -51,7 +51,7 @@ describe AwardEmojiHelper do
       it 'returns correct url' do
         @project = merge_request.project
 
-        expected_url = "/#{@project.namespace.path}/#{@project.path}/merge_requests/#{merge_request.iid}/toggle_award_emoji"
+        expected_url = "/#{@project.namespace.path}/#{@project.path}/-/merge_requests/#{merge_request.iid}/toggle_award_emoji"
 
         expect(subject).to eq(expected_url)
       end
diff --git a/spec/helpers/events_helper_spec.rb b/spec/helpers/events_helper_spec.rb
index 7853617c3ed..63a37a1f113 100644
--- a/spec/helpers/events_helper_spec.rb
+++ b/spec/helpers/events_helper_spec.rb
@@ -115,7 +115,7 @@ describe EventsHelper do
     it 'returns a merge request url' do
       event.target = create(:note_on_merge_request, note: 'LGTM!')
 
-      expect(subject).to eq("#{project_base_url}/merge_requests/#{event.note_target.iid}#note_#{event.target.id}")
+      expect(subject).to eq("#{project_base_url}/-/merge_requests/#{event.note_target.iid}#note_#{event.target.id}")
     end
   end
 end
diff --git a/spec/helpers/labels_helper_spec.rb b/spec/helpers/labels_helper_spec.rb
index 3238743ee26..e2dff05cfaa 100644
--- a/spec/helpers/labels_helper_spec.rb
+++ b/spec/helpers/labels_helper_spec.rb
@@ -78,13 +78,21 @@ describe LabelsHelper do
     end
 
     context 'with a type argument' do
-      ['issue', :issue, 'merge_request', :merge_request].each do |type|
+      ['issue', :issue].each do |type|
         context "set to #{type}" do
           it 'links to correct page' do
             expect(link_to_label(label_presenter, type: type)).to match %r{<a href="/#{label.project.full_path}/#{type.to_s.pluralize}\?label_name%5B%5D=#{label.name}">.*</a>}
           end
         end
       end
+
+      ['merge_request', :merge_request].each do |type|
+        context "set to #{type}" do
+          it 'links to correct page' do
+            expect(link_to_label(label_presenter, type: type)).to match %r{<a href="/#{label.project.full_path}/-/#{type.to_s.pluralize}\?label_name%5B%5D=#{label.name}">.*</a>}
+          end
+        end
+      end
     end
 
     context 'with a tooltip argument' do
diff --git a/spec/javascripts/ide/stores/modules/commit/actions_spec.js b/spec/javascripts/ide/stores/modules/commit/actions_spec.js
index cbc2401262f..557244e237e 100644
--- a/spec/javascripts/ide/stores/modules/commit/actions_spec.js
+++ b/spec/javascripts/ide/stores/modules/commit/actions_spec.js
@@ -461,7 +461,7 @@ describe('IDE commit module actions', () => {
             .dispatch('commit/commitChanges')
             .then(() => {
               expect(visitUrl).toHaveBeenCalledWith(
-                `webUrl/merge_requests/new?merge_request[source_branch]=${
+                `webUrl/-/merge_requests/new?merge_request[source_branch]=${
                   store.getters['commit/placeholderBranchName']
                 }&merge_request[target_branch]=master&nav_source=webide`,
               );
diff --git a/spec/javascripts/jobs/components/stages_dropdown_spec.js b/spec/javascripts/jobs/components/stages_dropdown_spec.js
index e091aece564..f1a01530104 100644
--- a/spec/javascripts/jobs/components/stages_dropdown_spec.js
+++ b/spec/javascripts/jobs/components/stages_dropdown_spec.js
@@ -27,7 +27,7 @@ describe('Stages Dropdown', () => {
     },
     merge_request: {
       iid: 1234,
-      path: '/root/detached-merge-request-pipelines/merge_requests/1',
+      path: '/root/detached-merge-request-pipelines/-/merge_requests/1',
       title: 'Update README.md',
       source_branch: 'feature-1234',
       source_branch_path: '/root/detached-merge-request-pipelines/branches/feature-1234',
diff --git a/spec/javascripts/merge_request_spec.js b/spec/javascripts/merge_request_spec.js
index dc61482fdf3..b6173b9b171 100644
--- a/spec/javascripts/merge_request_spec.js
+++ b/spec/javascripts/merge_request_spec.js
@@ -17,7 +17,7 @@ describe('MergeRequest', function() {
       mock = new MockAdapter(axios);
 
       mock
-        .onPatch(`${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/merge_requests/1.json`)
+        .onPatch(`${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/-/merge_requests/1.json`)
         .reply(200, {});
 
       this.merge = new MergeRequest();
@@ -75,7 +75,7 @@ describe('MergeRequest', function() {
 
         setTimeout(() => {
           expect(axios.patch).toHaveBeenCalledWith(
-            `${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/merge_requests/1.json`,
+            `${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/-/merge_requests/1.json`,
             {
               merge_request: {
                 description: '- [ ] Task List Item\n- [ ]   \n- [ ] Task List Item 2\n',
@@ -93,7 +93,9 @@ describe('MergeRequest', function() {
       // eslint-disable-next-line jasmine/no-disabled-tests
       xit('shows an error notification when tasklist update failed', done => {
         mock
-          .onPatch(`${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/merge_requests/1.json`)
+          .onPatch(
+            `${gl.TEST_HOST}/frontend-fixtures/merge-requests-project/-/merge_requests/1.json`,
+          )
           .reply(409, {});
 
         $('.js-task-list-field').trigger({
diff --git a/spec/javascripts/merge_request_tabs_spec.js b/spec/javascripts/merge_request_tabs_spec.js
index 73b1ea4d36f..1672cf69485 100644
--- a/spec/javascripts/merge_request_tabs_spec.js
+++ b/spec/javascripts/merge_request_tabs_spec.js
@@ -147,53 +147,53 @@ describe('MergeRequestTabs', function() {
 
     it('changes from commits', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1/commits',
+        pathname: '/foo/bar/-/merge_requests/1/commits',
       });
 
-      expect(this.subject('show')).toBe('/foo/bar/merge_requests/1');
-      expect(this.subject('diffs')).toBe('/foo/bar/merge_requests/1/diffs');
+      expect(this.subject('show')).toBe('/foo/bar/-/merge_requests/1');
+      expect(this.subject('diffs')).toBe('/foo/bar/-/merge_requests/1/diffs');
     });
 
     it('changes from diffs', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1/diffs',
+        pathname: '/foo/bar/-/merge_requests/1/diffs',
       });
 
-      expect(this.subject('show')).toBe('/foo/bar/merge_requests/1');
-      expect(this.subject('commits')).toBe('/foo/bar/merge_requests/1/commits');
+      expect(this.subject('show')).toBe('/foo/bar/-/merge_requests/1');
+      expect(this.subject('commits')).toBe('/foo/bar/-/merge_requests/1/commits');
     });
 
     it('changes from diffs.html', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1/diffs.html',
+        pathname: '/foo/bar/-/merge_requests/1/diffs.html',
       });
 
-      expect(this.subject('show')).toBe('/foo/bar/merge_requests/1');
-      expect(this.subject('commits')).toBe('/foo/bar/merge_requests/1/commits');
+      expect(this.subject('show')).toBe('/foo/bar/-/merge_requests/1');
+      expect(this.subject('commits')).toBe('/foo/bar/-/merge_requests/1/commits');
     });
 
     it('changes from notes', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1',
+        pathname: '/foo/bar/-/merge_requests/1',
       });
 
-      expect(this.subject('diffs')).toBe('/foo/bar/merge_requests/1/diffs');
-      expect(this.subject('commits')).toBe('/foo/bar/merge_requests/1/commits');
+      expect(this.subject('diffs')).toBe('/foo/bar/-/merge_requests/1/diffs');
+      expect(this.subject('commits')).toBe('/foo/bar/-/merge_requests/1/commits');
     });
 
     it('includes search parameters and hash string', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1/diffs',
+        pathname: '/foo/bar/-/merge_requests/1/diffs',
         search: '?view=parallel',
         hash: '#L15-35',
       });
 
-      expect(this.subject('show')).toBe('/foo/bar/merge_requests/1?view=parallel#L15-35');
+      expect(this.subject('show')).toBe('/foo/bar/-/merge_requests/1?view=parallel#L15-35');
     });
 
     it('replaces the current history state', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1',
+        pathname: '/foo/bar/-/merge_requests/1',
       });
       const newState = this.subject('commits');
 
@@ -208,10 +208,10 @@ describe('MergeRequestTabs', function() {
 
     it('treats "show" like "notes"', function() {
       setLocation({
-        pathname: '/foo/bar/merge_requests/1/commits',
+        pathname: '/foo/bar/-/merge_requests/1/commits',
       });
 
-      expect(this.subject('show')).toBe('/foo/bar/merge_requests/1');
+      expect(this.subject('show')).toBe('/foo/bar/-/merge_requests/1');
     });
   });
 
diff --git a/spec/javascripts/notes/components/note_actions_spec.js b/spec/javascripts/notes/components/note_actions_spec.js
index 2e0694869ba..a65e2fc31ad 100644
--- a/spec/javascripts/notes/components/note_actions_spec.js
+++ b/spec/javascripts/notes/components/note_actions_spec.js
@@ -30,7 +30,7 @@ describe('noteActions', () => {
       canAwardEmoji: true,
       canReportAsAbuse: true,
       noteId: '539',
-      noteUrl: `${TEST_HOST}/group/project/merge_requests/1#note_1`,
+      noteUrl: `${TEST_HOST}/group/project/-/merge_requests/1#note_1`,
       reportAbusePath: `${TEST_HOST}/abuse_reports/new?ref_url=http%3A%2F%2Flocalhost%3A3000%2Fgitlab-org%2Fgitlab-ce%2Fissues%2F7%23note_539&user_id=26`,
       showReply: false,
     };
diff --git a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb
new file mode 100644
index 00000000000..317ac7ef854
--- /dev/null
+++ b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Banzai::Filter::BroadcastMessageSanitizationFilter do
+  include FilterSpecHelper
+
+  it_behaves_like 'default whitelist'
+
+  describe 'custom whitelist' do
+    it_behaves_like 'XSS prevention'
+    it_behaves_like 'sanitize link'
+
+    subject { filter(exp).to_html }
+
+    context 'allows `a` elements' do
+      let(:exp) { %q{<a href="/">Link</a>} }
+
+      it { is_expected.to eq(exp) }
+    end
+
+    context 'allows `br` elements' do
+      let(:exp) { %q{Hello<br>World} }
+
+      it { is_expected.to eq(exp) }
+    end
+
+    context 'when `a` elements have `style` attribute' do
+      let(:whitelisted_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' }
+
+      context 'allows specific properties' do
+        let(:exp) { %{<a href="#" style="#{whitelisted_style}">Stylish Link</a>} }
+
+        it { is_expected.to eq(exp) }
+      end
+
+      it 'disallows other properties in `style` attribute on `a` elements' do
+        style = [whitelisted_style, 'position: fixed'].join(';')
+        doc = filter(%{<a href="#" style="#{style}">Stylish Link</a>})
+
+        expect(doc.at_css('a')['style']).to eq(whitelisted_style)
+      end
+    end
+
+    context 'allows `class` on `a` elements' do
+      let(:exp) { %q{<a href="#" class="btn">Button Link</a>} }
+
+      it { is_expected.to eq(exp) }
+    end
+  end
+end
diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb
index a17a645d4d0..1efca647b8b 100644
--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -157,7 +157,7 @@ describe Banzai::Filter::RelativeLinkFilter do
     end
 
     it 'does not modify relative URLs in system notes' do
-      path = "#{project_path}/merge_requests/1/diffs"
+      path = "#{project_path}/-/merge_requests/1/diffs"
       doc = filter(link(path), system_note: true)
 
       expect(doc.at_css('a')['href']).to eq path
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index 8a4b819e4d6..607dc3fda47 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -5,48 +5,12 @@ require 'spec_helper'
 describe Banzai::Filter::SanitizationFilter do
   include FilterSpecHelper
 
-  describe 'default whitelist' do
-    it 'sanitizes tags that are not whitelisted' do
-      act = %q{<textarea>no inputs</textarea> and <blink>no blinks</blink>}
-      exp = 'no inputs and no blinks'
-      expect(filter(act).to_html).to eq exp
-    end
-
-    it 'sanitizes tag attributes' do
-      act = %q{<a href="http://example.com/bar.html" onclick="bar">Text</a>}
-      exp = %q{<a href="http://example.com/bar.html">Text</a>}
-      expect(filter(act).to_html).to eq exp
-    end
-
-    it 'sanitizes javascript in attributes' do
-      act = %q(<a href="javascript:alert('foo')">Text</a>)
-      exp = '<a>Text</a>'
-      expect(filter(act).to_html).to eq exp
-    end
-
-    it 'sanitizes mixed-cased javascript in attributes' do
-      act = %q(<a href="javaScript:alert('foo')">Text</a>)
-      exp = '<a>Text</a>'
-      expect(filter(act).to_html).to eq exp
-    end
-
-    it 'allows whitelisted HTML tags from the user' do
-      exp = act = "<dl>\n<dt>Term</dt>\n<dd>Definition</dd>\n</dl>"
-      expect(filter(act).to_html).to eq exp
-    end
-
-    it 'sanitizes `class` attribute on any element' do
-      act = %q{<strong class="foo">Strong</strong>}
-      expect(filter(act).to_html).to eq %q{<strong>Strong</strong>}
-    end
-
-    it 'sanitizes `id` attribute on any element' do
-      act = %q{<em id="foo">Emphasis</em>}
-      expect(filter(act).to_html).to eq %q{<em>Emphasis</em>}
-    end
-  end
+  it_behaves_like 'default whitelist'
 
   describe 'custom whitelist' do
+    it_behaves_like 'XSS prevention'
+    it_behaves_like 'sanitize link'
+
     it 'customizes the whitelist only once' do
       instance = described_class.new('Foo')
       control_count = instance.whitelist[:transformers].size
@@ -167,142 +131,6 @@ describe Banzai::Filter::SanitizationFilter do
       expect(filter(html).to_html).to eq(output)
     end
 
-    it 'removes `rel` attribute from `a` elements' do
-      act = %q{<a href="#" rel="nofollow">Link</a>}
-      exp = %q{<a href="#">Link</a>}
-
-      expect(filter(act).to_html).to eq exp
-    end
-
-    # Adapted from the Sanitize test suite: http://git.io/vczrM
-    protocols = {
-      'protocol-based JS injection: simple, no spaces' => {
-        input:  '<a href="javascript:alert(\'XSS\');">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: simple, spaces before' => {
-        input:  '<a href="javascript    :alert(\'XSS\');">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: simple, spaces after' => {
-        input:  '<a href="javascript:    alert(\'XSS\');">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: simple, spaces before and after' => {
-        input:  '<a href="javascript    :   alert(\'XSS\');">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: preceding colon' => {
-        input:  '<a href=":javascript:alert(\'XSS\');">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: UTF-8 encoding' => {
-        input:  '<a href="javascript&#58;">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: long UTF-8 encoding' => {
-        input:  '<a href="javascript&#0058;">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: long UTF-8 encoding without semicolons' => {
-        input:  '<a href=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: hex encoding' => {
-        input:  '<a href="javascript&#x3A;">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: long hex encoding' => {
-        input:  '<a href="javascript&#x003A;">foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: hex encoding without semicolons' => {
-        input:  '<a href=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>foo</a>',
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: null char' => {
-        input:  "<a href=java\0script:alert(\"XSS\")>foo</a>",
-        output: '<a href="java"></a>'
-      },
-
-      'protocol-based JS injection: invalid URL char' => {
-        input: '<img src=java\script:alert("XSS")>',
-        output: '<img>'
-      },
-
-      'protocol-based JS injection: Unicode' => {
-        input: %Q(<a href="\u0001java\u0003script:alert('XSS')">foo</a>),
-        output: '<a>foo</a>'
-      },
-
-      'protocol-based JS injection: spaces and entities' => {
-        input:  '<a href=" &#14;  javascript:alert(\'XSS\');">foo</a>',
-        output: '<a href="">foo</a>'
-      },
-
-      'protocol whitespace' => {
-        input: '<a href=" http://example.com/"></a>',
-        output: '<a href="http://example.com/"></a>'
-      }
-    }
-
-    protocols.each do |name, data|
-      it "disallows #{name}" do
-        doc = filter(data[:input])
-
-        expect(doc.to_html).to eq data[:output]
-      end
-    end
-
-    it 'disallows data links' do
-      input = '<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">XSS</a>'
-      output = filter(input)
-
-      expect(output.to_html).to eq '<a>XSS</a>'
-    end
-
-    it 'disallows vbscript links' do
-      input = '<a href="vbscript:alert(document.domain)">XSS</a>'
-      output = filter(input)
-
-      expect(output.to_html).to eq '<a>XSS</a>'
-    end
-
-    it 'disallows invalid URIs' do
-      expect(Addressable::URI).to receive(:parse).with('foo://example.com')
-        .and_raise(Addressable::URI::InvalidURIError)
-
-      input = '<a href="foo://example.com">Foo</a>'
-      output = filter(input)
-
-      expect(output.to_html).to eq '<a>Foo</a>'
-    end
-
-    it 'allows non-standard anchor schemes' do
-      exp = %q{<a href="irc://irc.freenode.net/git">IRC</a>}
-      act = filter(exp)
-
-      expect(act.to_html).to eq exp
-    end
-
-    it 'allows relative links' do
-      exp = %q{<a href="foo/bar.md">foo/bar.md</a>}
-      act = filter(exp)
-
-      expect(act.to_html).to eq exp
-    end
-
     it 'allows the `data-sourcepos` attribute globally' do
       exp = %q{<p data-sourcepos="1:1-1:10">foo/bar.md</p>}
       act = filter(exp)
diff --git a/spec/lib/banzai/pipeline/broadcast_message_pipeline_spec.rb b/spec/lib/banzai/pipeline/broadcast_message_pipeline_spec.rb
new file mode 100644
index 00000000000..9832b132b58
--- /dev/null
+++ b/spec/lib/banzai/pipeline/broadcast_message_pipeline_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Banzai::Pipeline::BroadcastMessagePipeline do
+  before do
+    stub_commonmark_sourcepos_disabled
+  end
+
+  subject { described_class.to_html(exp, project: spy) }
+
+  context "allows `a` elements" do
+    let(:exp) { "<a>Link</a>" }
+
+    it { is_expected.to eq("<p>#{exp}</p>") }
+  end
+
+  context "allows `br` elements" do
+    let(:exp) { "Hello<br>World" }
+
+    it { is_expected.to eq("<p>#{exp}</p>") }
+  end
+end
diff --git a/spec/lib/gitlab/ci/pipeline/seed/build/resource_group_spec.rb b/spec/lib/gitlab/ci/pipeline/seed/build/resource_group_spec.rb
deleted file mode 100644
index bf6985156d3..00000000000
--- a/spec/lib/gitlab/ci/pipeline/seed/build/resource_group_spec.rb
+++ /dev/null
@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Gitlab::Ci::Pipeline::Seed::Build::ResourceGroup do
-  let_it_be(:project) { create(:project) }
-  let(:job) { build(:ci_build, project: project) }
-  let(:seed) { described_class.new(job, resource_group_key) }
-
-  describe '#to_resource' do
-    subject { seed.to_resource }
-
-    context 'when resource group key is specified' do
-      let(:resource_group_key) { 'iOS' }
-
-      it 'returns a resource group object' do
-        is_expected.to be_a(Ci::ResourceGroup)
-        expect(subject.key).to eq('iOS')
-      end
-
-      context 'when environment has an invalid URL' do
-        let(:resource_group_key) { ':::' }
-
-        it 'returns nothing' do
-          is_expected.to be_nil
-        end
-      end
-
-      context 'when there is a resource group already' do
-        let!(:resource_group) { create(:ci_resource_group, project: project, key: 'iOS') }
-
-        it 'does not create a new resource group' do
-          expect { subject }.not_to change { Ci::ResourceGroup.count }
-        end
-      end
-    end
-
-    context 'when resource group key is nil' do
-      let(:resource_group_key) { nil }
-
-      it 'returns nothing' do
-        is_expected.to be_nil
-      end
-    end
-  end
-end
diff --git a/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb b/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb
index 5526ec9e16f..2ae513aea1b 100644
--- a/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb
@@ -231,15 +231,6 @@ describe Gitlab::Ci::Pipeline::Seed::Build do
           end
         end
       end
-
-      context 'when job belongs to a resource group' do
-        let(:attributes) { { name: 'rspec', ref: 'master', resource_group_key: 'iOS' } }
-
-        it 'returns a job with resource group' do
-          expect(subject.resource_group).not_to be_nil
-          expect(subject.resource_group.key).to eq('iOS')
-        end
-      end
     end
 
     context 'when job is a bridge' do
diff --git a/spec/lib/gitlab/ci/yaml_processor_spec.rb b/spec/lib/gitlab/ci/yaml_processor_spec.rb
index f61b28b06c8..8f9c5c74260 100644
--- a/spec/lib/gitlab/ci/yaml_processor_spec.rb
+++ b/spec/lib/gitlab/ci/yaml_processor_spec.rb
@@ -241,21 +241,6 @@ module Gitlab
             end
           end
         end
-
-        describe 'resource group' do
-          context 'when resource group is defined' do
-            let(:config) do
-              YAML.dump(rspec: {
-                script:   'test',
-                resource_group: 'iOS'
-              })
-            end
-
-            it 'has the attributes' do
-              expect(subject[:resource_group_key]).to eq 'iOS'
-            end
-          end
-        end
       end
 
       describe '#stages_attributes' do
diff --git a/spec/lib/gitlab/data_builder/pipeline_spec.rb b/spec/lib/gitlab/data_builder/pipeline_spec.rb
index 635bf56b72e..86ab7f888ca 100644
--- a/spec/lib/gitlab/data_builder/pipeline_spec.rb
+++ b/spec/lib/gitlab/data_builder/pipeline_spec.rb
@@ -77,7 +77,7 @@ describe Gitlab::DataBuilder::Pipeline do
         expect(merge_request_attrs[:target_project_id]).to eq(merge_request.target_project_id)
         expect(merge_request_attrs[:state]).to eq(merge_request.state)
         expect(merge_request_attrs[:merge_status]).to eq(merge_request.merge_status)
-        expect(merge_request_attrs[:url]).to eq("http://localhost/#{merge_request.target_project.full_path}/merge_requests/#{merge_request.iid}")
+        expect(merge_request_attrs[:url]).to eq("http://localhost/#{merge_request.target_project.full_path}/-/merge_requests/#{merge_request.iid}")
       end
     end
   end
diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml
index 16fe5f23d14..8d436fb28e0 100644
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -444,7 +444,6 @@ project:
 - service_desk_setting
 - import_failures
 - container_expiration_policy
-- resource_groups
 award_emoji:
 - awardable
 - user
diff --git a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
index f549216ccb0..ec1b935ad63 100644
--- a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
@@ -240,6 +240,16 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
         expect(sentry_issue.sentry_issue_identifier).to eq(1234567891)
       end
 
+      it 'restores container_expiration_policy' do
+        policy = Project.find_by_path('project').container_expiration_policy
+
+        aggregate_failures do
+          expect(policy).to be_an_instance_of(ContainerExpirationPolicy)
+          expect(policy).to be_persisted
+          expect(policy.cadence).to eq('3month')
+        end
+      end
+
       context 'Merge requests' do
         it 'always has the new project as a target' do
           expect(MergeRequest.find_by_title('MR1').target_project).to eq(@project)
diff --git a/spec/lib/gitlab/url_builder_spec.rb b/spec/lib/gitlab/url_builder_spec.rb
index 0aab02b6c4c..d349c2928b0 100644
--- a/spec/lib/gitlab/url_builder_spec.rb
+++ b/spec/lib/gitlab/url_builder_spec.rb
@@ -55,7 +55,7 @@ describe Gitlab::UrlBuilder do
 
         url = described_class.build(merge_request)
 
-        expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/merge_requests/#{merge_request.iid}"
+        expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/-/merge_requests/#{merge_request.iid}"
       end
     end
 
@@ -118,7 +118,7 @@ describe Gitlab::UrlBuilder do
 
           url = described_class.build(note)
 
-          expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/merge_requests/#{merge_request.iid}#note_#{note.id}"
+          expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/-/merge_requests/#{merge_request.iid}#note_#{note.id}"
         end
       end
 
@@ -129,7 +129,7 @@ describe Gitlab::UrlBuilder do
 
           url = described_class.build(note)
 
-          expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/merge_requests/#{merge_request.iid}#note_#{note.id}"
+          expect(url).to eq "#{Settings.gitlab['url']}/#{merge_request.project.full_path}/-/merge_requests/#{merge_request.iid}#note_#{note.id}"
         end
       end
 
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index 371982df2bb..8a701a461c0 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -1275,68 +1275,6 @@ describe Ci::Build do
       end
     end
 
-    describe '#requires_resource?' do
-      subject { build.requires_resource? }
-
-      context 'when build needs a resource from a resource group' do
-        let(:resource_group) { create(:ci_resource_group, project: project) }
-        let(:build) { create(:ci_build, resource_group: resource_group, project: project) }
-
-        context 'when build has not retained a resource' do
-          it { is_expected.to eq(true) }
-        end
-
-        context 'when build has retained a resource' do
-          before do
-            resource_group.retain_resource_for(build)
-          end
-
-          it { is_expected.to eq(false) }
-
-          context 'when ci_resource_group feature flag is disabled' do
-            before do
-              stub_feature_flags(ci_resource_group: false)
-            end
-
-            it { is_expected.to eq(false) }
-          end
-        end
-      end
-
-      context 'when build does not need a resource from a resource group' do
-        let(:build) { create(:ci_build, project: project) }
-
-        it { is_expected.to eq(false) }
-      end
-    end
-
-    describe '#retains_resource?' do
-      subject { build.retains_resource? }
-
-      context 'when build needs a resource from a resource group' do
-        let(:resource_group) { create(:ci_resource_group, project: project) }
-        let(:build) { create(:ci_build, resource_group: resource_group, project: project) }
-
-        context 'when build has retained a resource' do
-          before do
-            resource_group.retain_resource_for(build)
-          end
-
-          it { is_expected.to eq(true) }
-        end
-
-        context 'when build has not retained a resource' do
-          it { is_expected.to eq(false) }
-        end
-      end
-
-      context 'when build does not need a resource from a resource group' do
-        let(:build) { create(:ci_build, project: project) }
-
-        it { is_expected.to eq(false) }
-      end
-    end
-
     describe '#stops_environment?' do
       subject { build.stops_environment? }
 
diff --git a/spec/models/ci/resource_group_spec.rb b/spec/models/ci/resource_group_spec.rb
deleted file mode 100644
index 213a57c2d78..00000000000
--- a/spec/models/ci/resource_group_spec.rb
+++ /dev/null
@@ -1,88 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Ci::ResourceGroup do
-  describe 'validation' do
-    it 'valids when key includes allowed character' do
-      resource_group = build(:ci_resource_group, key: 'test')
-
-      expect(resource_group).to be_valid
-    end
-
-    it 'invalids when key includes invalid character' do
-      resource_group = build(:ci_resource_group, key: ':::')
-
-      expect(resource_group).not_to be_valid
-    end
-  end
-
-  describe '#ensure_resource' do
-    it 'creates one resource when resource group is created' do
-      resource_group = create(:ci_resource_group)
-
-      expect(resource_group.resources.count).to eq(1)
-      expect(resource_group.resources.all?(&:persisted?)).to eq(true)
-    end
-  end
-
-  describe '#retain_resource_for' do
-    subject { resource_group.retain_resource_for(build) }
-
-    let(:build) { create(:ci_build) }
-    let(:resource_group) { create(:ci_resource_group) }
-
-    it 'retains resource for the build' do
-      expect(resource_group.resources.first.build).to be_nil
-
-      is_expected.to eq(true)
-
-      expect(resource_group.resources.first.build).to eq(build)
-    end
-
-    context 'when there are no free resources' do
-      before do
-        resource_group.retain_resource_for(create(:ci_build))
-      end
-
-      it 'fails to retain resource' do
-        is_expected.to eq(false)
-      end
-    end
-
-    context 'when the build has already retained a resource' do
-      let!(:another_resource) { create(:ci_resource, resource_group: resource_group, build: build) }
-
-      it 'fails to retain resource' do
-        expect { subject }.to raise_error(ActiveRecord::RecordNotUnique)
-      end
-    end
-  end
-
-  describe '#release_resource_from' do
-    subject { resource_group.release_resource_from(build) }
-
-    let(:build) { create(:ci_build) }
-    let(:resource_group) { create(:ci_resource_group) }
-
-    context 'when the build has already retained a resource' do
-      before do
-        resource_group.retain_resource_for(build)
-      end
-
-      it 'releases resource from the build' do
-        expect(resource_group.resources.first.build).to eq(build)
-
-        is_expected.to eq(true)
-
-        expect(resource_group.resources.first.build).to be_nil
-      end
-    end
-
-    context 'when the build has already released a resource' do
-      it 'fails to release resource' do
-        is_expected.to eq(false)
-      end
-    end
-  end
-end
diff --git a/spec/models/ci/resource_spec.rb b/spec/models/ci/resource_spec.rb
deleted file mode 100644
index 27e512e2c45..00000000000
--- a/spec/models/ci/resource_spec.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Ci::Resource do
-  describe '.free' do
-    subject { described_class.free }
-
-    let(:resource_group) { create(:ci_resource_group) }
-    let!(:free_resource) { resource_group.resources.take }
-    let!(:retained_resource) { create(:ci_resource, :retained, resource_group: resource_group) }
-
-    it 'returns free resources' do
-      is_expected.to eq([free_resource])
-    end
-  end
-
-  describe '.retained_by' do
-    subject { described_class.retained_by(build) }
-
-    let(:build) { create(:ci_build) }
-    let!(:resource) { create(:ci_resource, build: build) }
-
-    it 'returns retained resources' do
-      is_expected.to eq([resource])
-    end
-  end
-end
diff --git a/spec/models/project_services/chat_message/merge_message_spec.rb b/spec/models/project_services/chat_message/merge_message_spec.rb
index b56eb19dd55..150ee6f7472 100644
--- a/spec/models/project_services/chat_message/merge_message_spec.rb
+++ b/spec/models/project_services/chat_message/merge_message_spec.rb
@@ -52,7 +52,7 @@ describe ChatMessage::MergeMessage do
     context 'open' do
       it 'returns a message regarding opening of merge requests' do
         expect(subject.pretext).to eq(
-          'Test User (test.user) opened <http://somewhere.com/merge_requests/100|!100 *Merge Request title*> in <http://somewhere.com|project_name>')
+          'Test User (test.user) opened <http://somewhere.com/-/merge_requests/100|!100 *Merge Request title*> in <http://somewhere.com|project_name>')
         expect(subject.attachments).to be_empty
       end
     end
@@ -63,7 +63,7 @@ describe ChatMessage::MergeMessage do
       end
       it 'returns a message regarding closing of merge requests' do
         expect(subject.pretext).to eq(
-          'Test User (test.user) closed <http://somewhere.com/merge_requests/100|!100 *Merge Request title*> in <http://somewhere.com|project_name>')
+          'Test User (test.user) closed <http://somewhere.com/-/merge_requests/100|!100 *Merge Request title*> in <http://somewhere.com|project_name>')
         expect(subject.attachments).to be_empty
       end
     end
@@ -77,12 +77,12 @@ describe ChatMessage::MergeMessage do
     context 'open' do
       it 'returns a message regarding opening of merge requests' do
         expect(subject.pretext).to eq(
-          'Test User (test.user) opened [!100 *Merge Request title*](http://somewhere.com/merge_requests/100) in [project_name](http://somewhere.com)')
+          'Test User (test.user) opened [!100 *Merge Request title*](http://somewhere.com/-/merge_requests/100) in [project_name](http://somewhere.com)')
         expect(subject.attachments).to be_empty
         expect(subject.activity).to eq({
           title: 'Merge Request opened by Test User (test.user)',
           subtitle: 'in [project_name](http://somewhere.com)',
-          text: '[!100 *Merge Request title*](http://somewhere.com/merge_requests/100)',
+          text: '[!100 *Merge Request title*](http://somewhere.com/-/merge_requests/100)',
           image: 'http://someavatar.com'
         })
       end
@@ -95,12 +95,12 @@ describe ChatMessage::MergeMessage do
 
       it 'returns a message regarding closing of merge requests' do
         expect(subject.pretext).to eq(
-          'Test User (test.user) closed [!100 *Merge Request title*](http://somewhere.com/merge_requests/100) in [project_name](http://somewhere.com)')
+          'Test User (test.user) closed [!100 *Merge Request title*](http://somewhere.com/-/merge_requests/100) in [project_name](http://somewhere.com)')
         expect(subject.attachments).to be_empty
         expect(subject.activity).to eq({
           title: 'Merge Request closed by Test User (test.user)',
           subtitle: 'in [project_name](http://somewhere.com)',
-          text: '[!100 *Merge Request title*](http://somewhere.com/merge_requests/100)',
+          text: '[!100 *Merge Request title*](http://somewhere.com/-/merge_requests/100)',
           image: 'http://someavatar.com'
         })
       end
diff --git a/spec/presenters/merge_request_presenter_spec.rb b/spec/presenters/merge_request_presenter_spec.rb
index ce437090d43..6ce6f84cf61 100644
--- a/spec/presenters/merge_request_presenter_spec.rb
+++ b/spec/presenters/merge_request_presenter_spec.rb
@@ -101,7 +101,7 @@ describe MergeRequestPresenter do
         allow(presenter).to receive_message_chain(:conflicts, :can_be_resolved_by?).with(user) { true }
 
         expect(path)
-          .to eq("/#{project.full_path}/merge_requests/#{resource.iid}/conflicts")
+          .to eq("/#{project.full_path}/-/merge_requests/#{resource.iid}/conflicts")
       end
     end
   end
@@ -179,7 +179,7 @@ describe MergeRequestPresenter do
 
         it 'returns correct link with correct text' do
           is_expected
-            .to match("#{project.full_path}/merge_requests/#{resource.iid}/assign_related_issues")
+            .to match("#{project.full_path}/-/merge_requests/#{resource.iid}/assign_related_issues")
 
           is_expected
             .to match("Assign yourself to this issue")
@@ -192,7 +192,7 @@ describe MergeRequestPresenter do
 
         it 'returns correct link with correct text' do
           is_expected
-            .to match("#{project.full_path}/merge_requests/#{resource.iid}/assign_related_issues")
+            .to match("#{project.full_path}/-/merge_requests/#{resource.iid}/assign_related_issues")
 
           is_expected
             .to match("Assign yourself to these issues")
@@ -221,7 +221,7 @@ describe MergeRequestPresenter do
           .with(user)
           .and_return(true)
 
-        is_expected.to eq("/#{resource.project.full_path}/merge_requests/#{resource.iid}/cancel_auto_merge")
+        is_expected.to eq("/#{resource.project.full_path}/-/merge_requests/#{resource.iid}/cancel_auto_merge")
       end
     end
 
@@ -248,7 +248,7 @@ describe MergeRequestPresenter do
           .and_return(true)
 
         is_expected
-          .to eq("/#{resource.project.full_path}/merge_requests/#{resource.iid}/merge")
+          .to eq("/#{resource.project.full_path}/-/merge_requests/#{resource.iid}/merge")
       end
     end
 
@@ -312,7 +312,7 @@ describe MergeRequestPresenter do
         project.add_maintainer(user)
 
         is_expected
-          .to eq("/#{resource.project.full_path}/merge_requests/#{resource.iid}/remove_wip")
+          .to eq("/#{resource.project.full_path}/-/merge_requests/#{resource.iid}/remove_wip")
       end
     end
 
@@ -535,7 +535,7 @@ describe MergeRequestPresenter do
 
       it 'returns path' do
         is_expected
-          .to eq("/#{project.full_path}/merge_requests/#{resource.iid}/rebase")
+          .to eq("/#{project.full_path}/-/merge_requests/#{resource.iid}/rebase")
       end
     end
 
diff --git a/spec/presenters/snippet_presenter_spec.rb b/spec/presenters/snippet_presenter_spec.rb
index d874dbcc279..87f2220979c 100644
--- a/spec/presenters/snippet_presenter_spec.rb
+++ b/spec/presenters/snippet_presenter_spec.rb
@@ -127,4 +127,20 @@ describe SnippetPresenter do
       end
     end
   end
+
+  describe '#can_report_as_spam' do
+    let(:snippet) { personal_snippet }
+
+    subject { presenter.can_report_as_spam? }
+
+    it 'returns false if the user cannot submit the snippet as spam' do
+      expect(subject).to be_falsey
+    end
+
+    it 'returns true if the user can submit the snippet as spam' do
+      allow(snippet).to receive(:submittable_as_spam_by?).and_return(true)
+
+      expect(subject).to be_truthy
+    end
+  end
 end
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index ecbb81294a0..d38b7eafe97 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -852,7 +852,7 @@ describe API::Internal::Base do
 
       message = <<~MESSAGE.strip
         To create a merge request for #{branch_name}, visit:
-          http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/new?merge_request%5Bsource_branch%5D=#{branch_name}
+          http://#{Gitlab.config.gitlab.host}/#{project.full_path}/-/merge_requests/new?merge_request%5Bsource_branch%5D=#{branch_name}
       MESSAGE
 
       expect(json_response['messages']).to include(build_basic_message(message))
@@ -909,7 +909,7 @@ describe API::Internal::Base do
 
         message = <<~MESSAGE.strip
           View merge request for #{branch_name}:
-            http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/1
+            http://#{Gitlab.config.gitlab.host}/#{project.full_path}/-/merge_requests/1
         MESSAGE
 
         expect(json_response['messages']).to include(build_basic_message(message))
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index da04e852795..534dced16bf 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -76,7 +76,7 @@ describe API::Releases do
         mr_uri = URI.parse(links['merge_requests_url'])
         issue_uri = URI.parse(links['issues_url'])
 
-        expect(mr_uri.path).to eq("#{path_base}/merge_requests")
+        expect(mr_uri.path).to eq("#{path_base}/-/merge_requests")
         expect(issue_uri.path).to eq("#{path_base}/issues")
         expect(mr_uri.query).to eq(expected_query)
         expect(issue_uri.query).to eq(expected_query)
diff --git a/spec/requests/projects/merge_requests_discussions_spec.rb b/spec/requests/projects/merge_requests_discussions_spec.rb
index 5945561aa7b..ffc98d09e5c 100644
--- a/spec/requests/projects/merge_requests_discussions_spec.rb
+++ b/spec/requests/projects/merge_requests_discussions_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
 
 describe 'merge requests discussions' do
   # Further tests can be found at merge_requests_controller_spec.rb
-  describe 'GET /:namespace/:project/merge_requests/:iid/discussions' do
+  describe 'GET /:namespace/:project/-/merge_requests/:iid/discussions' do
     let(:project) { create(:project, :repository) }
     let(:user) { project.owner }
     let(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }
diff --git a/spec/requests/user_activity_spec.rb b/spec/requests/user_activity_spec.rb
index 15666e00b9f..3cd4911098a 100644
--- a/spec/requests/user_activity_spec.rb
+++ b/spec/requests/user_activity_spec.rb
@@ -26,8 +26,8 @@ describe 'Update of user activity' do
     '/dashboard/todos',
     '/group/project/issues',
     '/group/project/issues/10',
-    '/group/project/merge_requests',
-    '/group/project/merge_requests/15'
+    '/group/project/-/merge_requests',
+    '/group/project/-/merge_requests/15'
   ]
 
   context 'without an authenticated user' do
diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb
index 287db20448a..96956d85de4 100644
--- a/spec/routing/project_routing_spec.rb
+++ b/spec/routing/project_routing_spec.rb
@@ -292,71 +292,77 @@ describe 'project routing' do
 
   describe Projects::MergeRequestsController, 'routing' do
     it 'to #commits' do
-      expect(get('/gitlab/gitlabhq/merge_requests/1/commits.json')).to route_to('projects/merge_requests#commits', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/commits.json')).to route_to('projects/merge_requests#commits', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
     end
 
     it 'to #pipelines' do
-      expect(get('/gitlab/gitlabhq/merge_requests/1/pipelines.json')).to route_to('projects/merge_requests#pipelines', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/pipelines.json')).to route_to('projects/merge_requests#pipelines', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
     end
 
     it 'to #merge' do
-      expect(post('/gitlab/gitlabhq/merge_requests/1/merge')).to route_to(
+      expect(post('/gitlab/gitlabhq/-/merge_requests/1/merge')).to route_to(
         'projects/merge_requests#merge',
         namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1'
       )
     end
 
     it 'to #show' do
-      expect(get('/gitlab/gitlabhq/merge_requests/1.diff')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'diff')
-      expect(get('/gitlab/gitlabhq/merge_requests/1.patch')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'patch')
-      expect(get('/gitlab/gitlabhq/merge_requests/1/diffs')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'diffs')
-      expect(get('/gitlab/gitlabhq/merge_requests/1/commits')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'commits')
-      expect(get('/gitlab/gitlabhq/merge_requests/1/pipelines')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'pipelines')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1.diff')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'diff')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1.patch')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'patch')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/diffs')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'diffs')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/commits')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'commits')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/pipelines')).to route_to('projects/merge_requests#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', tab: 'pipelines')
     end
 
     it_behaves_like 'RESTful project resources' do
       let(:controller) { 'merge_requests' }
       let(:actions) { [:index, :edit, :show, :update] }
+      let(:controller_path) { '/-/merge_requests' }
     end
+
+    it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/merge_requests", "/gitlab/gitlabhq/-/merge_requests"
+    it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/merge_requests/1/diffs", "/gitlab/gitlabhq/-/merge_requests/1/diffs"
   end
 
   describe Projects::MergeRequests::CreationsController, 'routing' do
     it 'to #new' do
-      expect(get('/gitlab/gitlabhq/merge_requests/new')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq')
-      expect(get('/gitlab/gitlabhq/merge_requests/new/diffs')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq', tab: 'diffs')
-      expect(get('/gitlab/gitlabhq/merge_requests/new/pipelines')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq', tab: 'pipelines')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/diffs')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq', tab: 'diffs')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/pipelines')).to route_to('projects/merge_requests/creations#new', namespace_id: 'gitlab', project_id: 'gitlabhq', tab: 'pipelines')
     end
 
     it 'to #create' do
-      expect(post('/gitlab/gitlabhq/merge_requests')).to route_to('projects/merge_requests/creations#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(post('/gitlab/gitlabhq/-/merge_requests')).to route_to('projects/merge_requests/creations#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
 
     it 'to #branch_from' do
-      expect(get('/gitlab/gitlabhq/merge_requests/new/branch_from')).to route_to('projects/merge_requests/creations#branch_from', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/branch_from')).to route_to('projects/merge_requests/creations#branch_from', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
 
     it 'to #branch_to' do
-      expect(get('/gitlab/gitlabhq/merge_requests/new/branch_to')).to route_to('projects/merge_requests/creations#branch_to', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/branch_to')).to route_to('projects/merge_requests/creations#branch_to', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
 
     it 'to #pipelines' do
-      expect(get('/gitlab/gitlabhq/merge_requests/new/pipelines.json')).to route_to('projects/merge_requests/creations#pipelines', namespace_id: 'gitlab', project_id: 'gitlabhq', format: 'json')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/pipelines.json')).to route_to('projects/merge_requests/creations#pipelines', namespace_id: 'gitlab', project_id: 'gitlabhq', format: 'json')
     end
 
     it 'to #diffs' do
-      expect(get('/gitlab/gitlabhq/merge_requests/new/diffs.json')).to route_to('projects/merge_requests/creations#diffs', namespace_id: 'gitlab', project_id: 'gitlabhq', format: 'json')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/new/diffs.json')).to route_to('projects/merge_requests/creations#diffs', namespace_id: 'gitlab', project_id: 'gitlabhq', format: 'json')
     end
+
+    it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/merge_requests/new", "/gitlab/gitlabhq/-/merge_requests/new"
   end
 
   describe Projects::MergeRequests::DiffsController, 'routing' do
     it 'to #show' do
-      expect(get('/gitlab/gitlabhq/merge_requests/1/diffs.json')).to route_to('projects/merge_requests/diffs#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/diffs.json')).to route_to('projects/merge_requests/diffs#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1', format: 'json')
     end
   end
 
   describe Projects::MergeRequests::ConflictsController, 'routing' do
     it 'to #show' do
-      expect(get('/gitlab/gitlabhq/merge_requests/1/conflicts')).to route_to('projects/merge_requests/conflicts#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
+      expect(get('/gitlab/gitlabhq/-/merge_requests/1/conflicts')).to route_to('projects/merge_requests/conflicts#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
     end
   end
   #  raw_project_snippet GET    /:project_id/snippets/:id/raw(.:format)  snippets#raw
diff --git a/spec/serializers/merge_request_widget_entity_spec.rb b/spec/serializers/merge_request_widget_entity_spec.rb
index 22232682be1..80f59ef90ca 100644
--- a/spec/serializers/merge_request_widget_entity_spec.rb
+++ b/spec/serializers/merge_request_widget_entity_spec.rb
@@ -45,12 +45,12 @@ describe MergeRequestWidgetEntity do
 
   it 'has email_patches_path' do
     expect(subject[:email_patches_path])
-      .to eq("/#{resource.project.full_path}/merge_requests/#{resource.iid}.patch")
+      .to eq("/#{resource.project.full_path}/-/merge_requests/#{resource.iid}.patch")
   end
 
   it 'has plain_diff_path' do
     expect(subject[:plain_diff_path])
-      .to eq("/#{resource.project.full_path}/merge_requests/#{resource.iid}.diff")
+      .to eq("/#{resource.project.full_path}/-/merge_requests/#{resource.iid}.diff")
   end
 
   describe 'when source project is deleted' do
diff --git a/spec/serializers/paginated_diff_entity_spec.rb b/spec/serializers/paginated_diff_entity_spec.rb
index 7432e072318..77569aaa4bc 100644
--- a/spec/serializers/paginated_diff_entity_spec.rb
+++ b/spec/serializers/paginated_diff_entity_spec.rb
@@ -26,7 +26,7 @@ describe PaginatedDiffEntity do
     expect(subject[:pagination]).to eq(
       current_page: 2,
       next_page: 3,
-      next_page_href: "/#{merge_request.project.full_path}/merge_requests/#{merge_request.iid}/diffs_batch.json?page=3",
+      next_page_href: "/#{merge_request.project.full_path}/-/merge_requests/#{merge_request.iid}/diffs_batch.json?page=3",
       total_pages: 7
     )
   end
diff --git a/spec/services/ci/create_pipeline_service_spec.rb b/spec/services/ci/create_pipeline_service_spec.rb
index 4f624368215..04e57b1a2d4 100644
--- a/spec/services/ci/create_pipeline_service_spec.rb
+++ b/spec/services/ci/create_pipeline_service_spec.rb
@@ -914,44 +914,6 @@ describe Ci::CreatePipelineService do
       end
     end
 
-    context 'with resource group' do
-      context 'when resource group is defined' do
-        before do
-          config = YAML.dump(
-            test: { stage: 'test', script: 'ls', resource_group: resource_group_key }
-          )
-
-          stub_ci_pipeline_yaml_file(config)
-        end
-
-        let(:resource_group_key) { 'iOS' }
-
-        it 'persists the association correctly' do
-          result = execute_service
-          deploy_job = result.builds.find_by_name!(:test)
-          resource_group = project.resource_groups.find_by_key!(resource_group_key)
-
-          expect(result).to be_persisted
-          expect(deploy_job.resource_group.key).to eq(resource_group_key)
-          expect(project.resource_groups.count).to eq(1)
-          expect(resource_group.builds.count).to eq(1)
-          expect(resource_group.resources.count).to eq(1)
-          expect(resource_group.resources.first.build).to eq(nil)
-        end
-
-        context 'when resourc group key includes predefined variables' do
-          let(:resource_group_key) { '$CI_COMMIT_REF_NAME-$CI_JOB_NAME' }
-
-          it 'interpolates the variables into the key correctly' do
-            result = execute_service
-
-            expect(result).to be_persisted
-            expect(project.resource_groups.exists?(key: 'master-test')).to eq(true)
-          end
-        end
-      end
-    end
-
     context 'with timeout' do
       context 'when builds with custom timeouts are configured' do
         before do
diff --git a/spec/services/ci/expire_pipeline_cache_service_spec.rb b/spec/services/ci/expire_pipeline_cache_service_spec.rb
index ff2d286465a..f7fc73d9f9c 100644
--- a/spec/services/ci/expire_pipeline_cache_service_spec.rb
+++ b/spec/services/ci/expire_pipeline_cache_service_spec.rb
@@ -11,7 +11,7 @@ describe Ci::ExpirePipelineCacheService do
   describe '#execute' do
     it 'invalidates Etag caching for project pipelines path' do
       pipelines_path = "/#{project.full_path}/pipelines.json"
-      new_mr_pipelines_path = "/#{project.full_path}/merge_requests/new.json"
+      new_mr_pipelines_path = "/#{project.full_path}/-/merge_requests/new.json"
       pipeline_path = "/#{project.full_path}/pipelines/#{pipeline.id}.json"
 
       expect_any_instance_of(Gitlab::EtagCaching::Store).to receive(:touch).with(pipelines_path)
@@ -24,7 +24,7 @@ describe Ci::ExpirePipelineCacheService do
     it 'invalidates Etag caching for merge request pipelines if pipeline runs on any commit of that source branch' do
       pipeline = create(:ci_empty_pipeline, status: 'created', project: project, ref: 'master')
       merge_request = create(:merge_request, source_project: project, source_branch: pipeline.ref)
-      merge_request_pipelines_path = "/#{project.full_path}/merge_requests/#{merge_request.iid}/pipelines.json"
+      merge_request_pipelines_path = "/#{project.full_path}/-/merge_requests/#{merge_request.iid}/pipelines.json"
 
       allow_any_instance_of(Gitlab::EtagCaching::Store).to receive(:touch)
       expect_any_instance_of(Gitlab::EtagCaching::Store).to receive(:touch).with(merge_request_pipelines_path)
diff --git a/spec/services/ci/retry_build_service_spec.rb b/spec/services/ci/retry_build_service_spec.rb
index 76fe6f53a11..b1368f7776b 100644
--- a/spec/services/ci/retry_build_service_spec.rb
+++ b/spec/services/ci/retry_build_service_spec.rb
@@ -31,7 +31,7 @@ describe Ci::RetryBuildService do
        job_artifacts_container_scanning job_artifacts_dast
        job_artifacts_license_management job_artifacts_performance
        job_artifacts_codequality job_artifacts_metrics scheduled_at
-       job_variables waiting_for_resource_at].freeze
+       job_variables].freeze
 
   IGNORE_ACCESSORS =
     %i[type lock_version target_url base_tags trace_sections
@@ -40,14 +40,14 @@ describe Ci::RetryBuildService do
        user_id auto_canceled_by_id retried failure_reason
        sourced_pipelines artifacts_file_store artifacts_metadata_store
        metadata runner_session trace_chunks upstream_pipeline_id
-       artifacts_file artifacts_metadata artifacts_size commands resource resource_group_id].freeze
+       artifacts_file artifacts_metadata artifacts_size commands].freeze
 
   shared_examples 'build duplication' do
     let(:another_pipeline) { create(:ci_empty_pipeline, project: project) }
 
     let(:build) do
       create(:ci_build, :failed, :expired, :erased, :queued, :coverage, :tags,
-             :allowed_to_fail, :on_tag, :triggered, :teardown_environment, :resource_group,
+             :allowed_to_fail, :on_tag, :triggered, :teardown_environment,
              description: 'my-job', stage: 'test', stage_id: stage.id,
              pipeline: pipeline, auto_canceled_by: another_pipeline,
              scheduled_at: 10.seconds.since)
diff --git a/spec/services/merge_requests/get_urls_service_spec.rb b/spec/services/merge_requests/get_urls_service_spec.rb
index dcb8c8080a1..8500aa2b852 100644
--- a/spec/services/merge_requests/get_urls_service_spec.rb
+++ b/spec/services/merge_requests/get_urls_service_spec.rb
@@ -8,8 +8,8 @@ describe MergeRequests::GetUrlsService do
   let(:project) { create(:project, :public, :repository) }
   let(:service) { described_class.new(project) }
   let(:source_branch) { "merge-test" }
-  let(:new_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/new?merge_request%5Bsource_branch%5D=#{source_branch}" }
-  let(:show_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/#{merge_request.iid}" }
+  let(:new_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/-/merge_requests/new?merge_request%5Bsource_branch%5D=#{source_branch}" }
+  let(:show_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/-/merge_requests/#{merge_request.iid}" }
   let(:new_branch_changes) { "#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/#{source_branch}" }
   let(:deleted_branch_changes) { "d14d6c0abdd253381df51a723d58691b2ee1ab08 #{Gitlab::Git::BLANK_SHA} refs/heads/#{source_branch}" }
   let(:existing_branch_changes) { "d14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/#{source_branch}" }
@@ -127,7 +127,7 @@ describe MergeRequests::GetUrlsService do
       let(:new_branch_changes) { "#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/new_branch" }
       let(:existing_branch_changes) { "d14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/markdown" }
       let(:changes) { "#{new_branch_changes}\n#{existing_branch_changes}" }
-      let(:new_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/new?merge_request%5Bsource_branch%5D=new_branch" }
+      let(:new_merge_request_url) { "http://#{Gitlab.config.gitlab.host}/#{project.full_path}/-/merge_requests/new?merge_request%5Bsource_branch%5D=new_branch" }
 
       it 'returns 2 urls for both creating new and showing merge request' do
         result = service.execute(changes)
diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb
index a952e26e338..21bf4545f34 100644
--- a/spec/services/system_note_service_spec.rb
+++ b/spec/services/system_note_service_spec.rb
@@ -328,7 +328,7 @@ describe SystemNoteService do
         url = if type == 'commit'
                 "#{Settings.gitlab.base_url}/#{project.namespace.path}/#{project.path}/commit/#{commit.id}"
               else
-                "#{Settings.gitlab.base_url}/#{project.namespace.path}/#{project.path}/merge_requests/#{merge_request.iid}"
+                "#{Settings.gitlab.base_url}/#{project.namespace.path}/#{project.path}/-/merge_requests/#{merge_request.iid}"
               end
 
         link = double(object: { 'url' => url })
diff --git a/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb b/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb
new file mode 100644
index 00000000000..134e38833cf
--- /dev/null
+++ b/spec/support/shared_examples/lib/banzai/filters/sanitization_filter_shared_examples.rb
@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'default whitelist' do
+  it 'sanitizes tags that are not whitelisted' do
+    act = %q{<textarea>no inputs</textarea> and <blink>no blinks</blink>}
+    exp = 'no inputs and no blinks'
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'sanitizes tag attributes' do
+    act = %q{<a href="http://example.com/bar.html" onclick="bar">Text</a>}
+    exp = %q{<a href="http://example.com/bar.html">Text</a>}
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'sanitizes javascript in attributes' do
+    act = %q(<a href="javascript:alert('foo')">Text</a>)
+    exp = '<a>Text</a>'
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'sanitizes mixed-cased javascript in attributes' do
+    act = %q(<a href="javaScript:alert('foo')">Text</a>)
+    exp = '<a>Text</a>'
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'allows whitelisted HTML tags from the user' do
+    exp = act = "<dl>\n<dt>Term</dt>\n<dd>Definition</dd>\n</dl>"
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'sanitizes `class` attribute on any element' do
+    act = %q{<strong class="foo">Strong</strong>}
+    expect(filter(act).to_html).to eq %q{<strong>Strong</strong>}
+  end
+
+  it 'sanitizes `id` attribute on any element' do
+    act = %q{<em id="foo">Emphasis</em>}
+    expect(filter(act).to_html).to eq %q{<em>Emphasis</em>}
+  end
+end
+
+RSpec.shared_examples 'XSS prevention' do
+  # Adapted from the Sanitize test suite: http://git.io/vczrM
+  protocols = {
+    'protocol-based JS injection: simple, no spaces' => {
+      input:  '<a href="javascript:alert(\'XSS\');">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: simple, spaces before' => {
+      input:  '<a href="javascript    :alert(\'XSS\');">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: simple, spaces after' => {
+      input:  '<a href="javascript:    alert(\'XSS\');">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: simple, spaces before and after' => {
+      input:  '<a href="javascript    :   alert(\'XSS\');">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: preceding colon' => {
+      input:  '<a href=":javascript:alert(\'XSS\');">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: UTF-8 encoding' => {
+      input:  '<a href="javascript&#58;">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: long UTF-8 encoding' => {
+      input:  '<a href="javascript&#0058;">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: long UTF-8 encoding without semicolons' => {
+      input:  '<a href=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: hex encoding' => {
+      input:  '<a href="javascript&#x3A;">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: long hex encoding' => {
+      input:  '<a href="javascript&#x003A;">foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: hex encoding without semicolons' => {
+      input:  '<a href=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>foo</a>',
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: null char' => {
+      input:  "<a href=java\0script:alert(\"XSS\")>foo</a>",
+      output: '<a href="java"></a>'
+    },
+
+    'protocol-based JS injection: invalid URL char' => {
+      input: '<img src=java\script:alert("XSS")>',
+      output: '<img>'
+    },
+
+    'protocol-based JS injection: Unicode' => {
+      input: %Q(<a href="\u0001java\u0003script:alert('XSS')">foo</a>),
+      output: '<a>foo</a>'
+    },
+
+    'protocol-based JS injection: spaces and entities' => {
+      input:  '<a href=" &#14;  javascript:alert(\'XSS\');">foo</a>',
+      output: '<a href="">foo</a>'
+    },
+
+    'protocol whitespace' => {
+      input: '<a href=" http://example.com/"></a>',
+      output: '<a href="http://example.com/"></a>'
+    }
+  }
+
+  protocols.each do |name, data|
+    it "disallows #{name}" do
+      doc = filter(data[:input])
+
+      expect(doc.to_html).to eq data[:output]
+    end
+  end
+
+  it 'disallows data links' do
+    input = '<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">XSS</a>'
+    output = filter(input)
+
+    expect(output.to_html).to eq '<a>XSS</a>'
+  end
+
+  it 'disallows vbscript links' do
+    input = '<a href="vbscript:alert(document.domain)">XSS</a>'
+    output = filter(input)
+
+    expect(output.to_html).to eq '<a>XSS</a>'
+  end
+end
+
+RSpec.shared_examples 'sanitize link' do
+  it 'removes `rel` attribute from `a` elements' do
+    act = %q{<a href="#" rel="nofollow">Link</a>}
+    exp = %q{<a href="#">Link</a>}
+
+    expect(filter(act).to_html).to eq exp
+  end
+
+  it 'disallows invalid URIs' do
+    expect(Addressable::URI).to receive(:parse).with('foo://example.com')
+      .and_raise(Addressable::URI::InvalidURIError)
+
+    input = '<a href="foo://example.com">Foo</a>'
+    output = filter(input)
+
+    expect(output.to_html).to eq '<a>Foo</a>'
+  end
+
+  it 'allows non-standard anchor schemes' do
+    exp = %q{<a href="irc://irc.freenode.net/git">IRC</a>}
+    act = filter(exp)
+
+    expect(act.to_html).to eq exp
+  end
+
+  it 'allows relative links' do
+    exp = %q{<a href="foo/bar.md">foo/bar.md</a>}
+    act = filter(exp)
+
+    expect(act.to_html).to eq exp
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-16 18:08:22 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-16 18:08:22 +0000
commit	123c68a7cf788ace140e57e478a12c5b7ac893ae (patch)
tree	b36e565ecd895ee46c1713f3734308cfce0e6ba9 /spec
parent	862d225ca0d8eb452e56b8fe5a0109aac796e872 (diff)
download	gitlab-ce-123c68a7cf788ace140e57e478a12c5b7ac893ae.tar.gz