10 files changed, 188 insertions, 51 deletions

diff --git a/lib/api/search.rb b/lib/api/search.rb
index 60095300ea1..1cab1a97186 100644
--- a/lib/api/search.rb
+++ b/lib/api/search.rb
@@ -112,12 +112,13 @@ module API
           type: String,
           desc: 'The scope of the search',
           values: Helpers::SearchHelpers.project_search_scopes
+        optional :ref, type: String, desc: 'The name of a repository branch or tag. If not given, the default branch is used'
         use :pagination
       end
       get ':id/(-/)search' do
         check_users_search_allowed!
 
-        present search(project_id: user_project.id), with: entity
+        present search({ project_id: user_project.id, repository_ref: params[:ref] }), with: entity
       end
     end
   end
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
index 9d99d04d263..876f53c66ba 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
@@ -338,7 +338,6 @@ rollout 100%:
       image_tag=${CI_APPLICATION_TAG:-$CI_COMMIT_TAG}
     fi
 
-    replicas="1"
     service_enabled="true"
     postgres_enabled="$POSTGRES_ENABLED"
 
diff --git a/lib/gitlab/ci/templates/dotNET-Core.yml b/lib/gitlab/ci/templates/dotNET-Core.yml
index 558ca3d22e1..708b75f83e8 100644
--- a/lib/gitlab/ci/templates/dotNET-Core.yml
+++ b/lib/gitlab/ci/templates/dotNET-Core.yml
@@ -3,10 +3,11 @@
 
 # ### Specify the Docker image
 #
-# Instead of installing .NET Core SDK manually, a docker image is used 
-# with already pre-installed .NET Core SDK. 
-# The 'latest' tag targets the latest available version of .NET Core SDK image. 
-# If preferred, you can explicitly specify version of .NET Core e.g. using '2.2-sdk' tag.
+# Instead of installing .NET Core SDK manually, a docker image is used
+# with already pre-installed .NET Core SDK.
+#
+# The 'latest' tag targets the latest available version of .NET Core SDK image.
+# If preferred, you can explicitly specify version of .NET Core (e.g. using '2.2-sdk' tag).
 #
 # See other available tags for .NET Core: https://hub.docker.com/r/microsoft/dotnet
 # Learn more about Docker tags: https://docs.docker.com/glossary/?term=tag
@@ -17,16 +18,16 @@ image: microsoft/dotnet:latest
 #
 variables:
  # 1) Name of directory where restore and build objects are stored.
- OBJECTS_DIRECTORY: 'obj'    
- # 2) Name of directory used for keeping restored dependencies.        
+ OBJECTS_DIRECTORY: 'obj'
+ # 2) Name of directory used for keeping restored dependencies.
  NUGET_PACKAGES_DIRECTORY: '.nuget'
  # 3) A relative path to the source code from project repository root.
  # NOTE: Please edit this path so it matches the structure of your project!
- SOURCE_CODE_PATH: '*/*/'             
+ SOURCE_CODE_PATH: '*/*/'
 
 # ### Define stage list
 #
-# In this example there are only two stages. 
+# In this example there are only two stages.
 # Initially, the project will be built and then tested.
 stages:
  - build
@@ -34,47 +35,55 @@ stages:
 
 # ### Define global cache rule
 #
-# Before building the project, all dependencies (e.g. third-party NuGet packages) 
-# must be restored. Jobs on GitLab.com's Shared Runners are executed on autoscaled machines. 
-# Each machine is used only once (for security reasons) and after that it is removed. 
-# What that means is that before every job a dependency restore must be performed 
+# Before building the project, all dependencies (e.g. third-party NuGet packages)
+# must be restored. Jobs on GitLab.com's Shared Runners are executed on autoscaled machines.
+#
+# Each machine is used only once (for security reasons) and after that is removed.
+# This means that, before every job, a dependency restore must be performed
 # because restored dependencies are removed along with machines. Fortunately,
 # GitLab provides cache mechanism with the aim of keeping restored dependencies
-# for other jobs. This example shows how to configure cache to pass over restored 
+# for other jobs.
+#
+# This example shows how to configure cache to pass over restored
 # dependencies for re-use.
 #
 # With global cache rule, cached dependencies will be downloaded before every job
 # and then unpacked to the paths as specified below.
 cache:
  # Per-stage and per-branch caching.
- key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG" 
+ key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
  paths:
   # Specify three paths that should be cached:
   #
   # 1) Main JSON file holding information about package dependency tree, packages versions,
   # frameworks etc. It also holds information where to the dependencies were restored.
-  - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/project.assets.json'  
+  - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/project.assets.json'
   # 2) Other NuGet and MSBuild related files. Also needed.
-  - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/*.csproj.nuget.*'    
+  - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/*.csproj.nuget.*'
   # 3) Path to the directory where restored dependencies are kept.
-  - '$NUGET_PACKAGES_DIRECTORY'   
- # 'pull-push' policy means that latest cache will be downloaded (if exists) 
- # before executing the job, and a newer version will be uploaded afterwards. 
- # Such setting saves time when there are no changes in referenced third-party 
- # packages. For example if you run a pipeline with changes in your code, 
- # but with no changes within third-party packages which your project is using, 
- # then project restore will happen in next to no time as all required dependencies 
- # will already be there — unzipped from cache. 'pull-push' policy is a default 
- # cache policy, you do not have to specify it explicitly.
- policy: pull-push 
+  - '$NUGET_PACKAGES_DIRECTORY'
+ #
+ # 'pull-push' policy means that latest cache will be downloaded (if it exists)
+ # before executing the job, and a newer version will be uploaded afterwards.
+ # Such a setting saves time when there are no changes in referenced third-party
+ # packages.
+ #
+ # For example, if you run a pipeline with changes in your code,
+ # but with no changes within third-party packages which your project is using,
+ # then project restore will happen quickly as all required dependencies
+ # will already be there — unzipped from cache.
+
+ # 'pull-push' policy is the default cache policy, you do not have to specify it explicitly.
+ policy: pull-push
 
 # ### Restore project dependencies
 #
-# NuGet packages by default are restored to '.nuget/packages' directory 
-# in the user's home directory. That directory is out of scope of GitLab caching. 
-# To get around this a custom path can be specified using '--packages <PATH>' option 
-# for 'dotnet restore' command. In this example a temporary directory is created 
-# in the root of project repository, so it's content can be cached.
+# NuGet packages by default are restored to '.nuget/packages' directory
+# in the user's home directory. That directory is out of scope of GitLab caching.
+#
+# To get around this, a custom path can be specified using the '--packages <PATH>' option
+# for 'dotnet restore' command. In this example, a temporary directory is created
+# in the root of project repository, so its content can be cached.
 #
 # Learn more about GitLab cache: https://docs.gitlab.com/ee/ci/caching/index.html
 before_script:
@@ -82,26 +91,26 @@ before_script:
 
 build:
  stage: build
- # ### Build all projects discovered from solution file. 
+ # ### Build all projects discovered from solution file.
  #
- # Note: this will fail if you have any projects in your solution that are not 
- # .NET Core based projects e.g. WCF service, which is based on .NET Framework, 
- # not .NET Core. In such scenario you will need to build every .NET Core based 
- # project by explicitly specifying a relative path to the directory 
- # where it is located e.g. 'dotnet build ./src/ConsoleApp'. 
+ # Note: this will fail if you have any projects in your solution that are not
+ # .NET Core-based projects (e.g. WCF service), which is based on .NET Framework,
+ # not .NET Core. In this scenario, you will need to build every .NET Core-based
+ # project by explicitly specifying a relative path to the directory
+ # where it is located (e.g. 'dotnet build ./src/ConsoleApp').
  # Only one project path can be passed as a parameter to 'dotnet build' command.
  script:
-  - 'dotnet build --no-restore' 
+  - 'dotnet build --no-restore'
 
 tests:
  stage: test
  # ### Run the tests
  #
- # You can either run tests for all test projects that are defined in your solution 
+ # You can either run tests for all test projects that are defined in your solution
  # with 'dotnet test' or run tests only for specific project by specifying
- # a relative path to the directory where it is located e.g. 'dotnet test ./test/UnitTests'. 
+ # a relative path to the directory where it is located (e.g. 'dotnet test ./test/UnitTests').
  #
  # You may want to define separate testing jobs for different types of testing
- # e.g. integration tests, unit tests etc.
+ # (e.g. integration tests, unit tests etc).
  script:
  - 'dotnet test --no-restore'
diff --git a/lib/gitlab/danger/helper.rb b/lib/gitlab/danger/helper.rb
index 3ef19d801b7..f0ca397609d 100644
--- a/lib/gitlab/danger/helper.rb
+++ b/lib/gitlab/danger/helper.rb
@@ -121,6 +121,8 @@ module Gitlab
           \.prettierrc |
           \.scss-lint.yml |
           \.stylelintrc |
+          \.haml-lint.yml |
+          \.haml-lint_todo.yml |
           babel\.config\.js |
           jest\.config\.js |
           karma\.config\.js |
diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb
index fc9bcbdcca2..455588f3c66 100644
--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -500,7 +500,7 @@ module Gitlab
       end
 
       # Return total diverging commits count
-      def diverging_commit_count(from, to, max_count:)
+      def diverging_commit_count(from, to, max_count: 0)
         wrapped_gitaly_errors do
           gitaly_commit_client.diverging_commit_count(from, to, max_count: max_count)
         end
diff --git a/lib/gitlab/lets_encrypt/challenge.rb b/lib/gitlab/lets_encrypt/challenge.rb
new file mode 100644
index 00000000000..6a7f5e965c5
--- /dev/null
+++ b/lib/gitlab/lets_encrypt/challenge.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module LetsEncrypt
+    class Challenge
+      def initialize(acme_challenge)
+        @acme_challenge = acme_challenge
+      end
+
+      delegate :url, :token, :file_content, :status, :request_validation, to: :acme_challenge
+
+      private
+
+      attr_reader :acme_challenge
+    end
+  end
+end
diff --git a/lib/gitlab/lets_encrypt/client.rb b/lib/gitlab/lets_encrypt/client.rb
new file mode 100644
index 00000000000..d7468b06767
--- /dev/null
+++ b/lib/gitlab/lets_encrypt/client.rb
@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module LetsEncrypt
+    class Client
+      PRODUCTION_DIRECTORY_URL = 'https://acme-v02.api.letsencrypt.org/directory'
+      STAGING_DIRECTORY_URL = 'https://acme-staging-v02.api.letsencrypt.org/directory'
+
+      def new_order(domain_name)
+        ensure_account
+
+        acme_order = acme_client.new_order(identifiers: [domain_name])
+
+        ::Gitlab::LetsEncrypt::Order.new(acme_order)
+      end
+
+      def load_order(url)
+        ensure_account
+
+        # rubocop: disable CodeReuse/ActiveRecord
+        ::Gitlab::LetsEncrypt::Order.new(acme_client.order(url: url))
+        # rubocop: enable CodeReuse/ActiveRecord
+      end
+
+      def load_challenge(url)
+        ensure_account
+
+        ::Gitlab::LetsEncrypt::Challenge.new(acme_client.challenge(url: url))
+      end
+
+      def terms_of_service_url
+        acme_client.terms_of_service
+      end
+
+      def enabled?
+        return false unless Feature.enabled?(:pages_auto_ssl)
+
+        Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
+      end
+
+      private
+
+      def acme_client
+        @acme_client ||= ::Acme::Client.new(private_key: private_key, directory: acme_api_directory_url)
+      end
+
+      def private_key
+        @private_key ||= OpenSSL::PKey.read(Gitlab::Application.secrets.lets_encrypt_private_key)
+      end
+
+      def admin_email
+        Gitlab::CurrentSettings.lets_encrypt_notification_email
+      end
+
+      def contact
+        "mailto:#{admin_email}"
+      end
+
+      def ensure_account
+        raise 'Acme integration is disabled' unless enabled?
+
+        @acme_account ||= acme_client.new_account(contact: contact, terms_of_service_agreed: true)
+      end
+
+      def acme_api_directory_url
+        if Rails.env.production?
+          PRODUCTION_DIRECTORY_URL
+        else
+          STAGING_DIRECTORY_URL
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/lets_encrypt/order.rb b/lib/gitlab/lets_encrypt/order.rb
new file mode 100644
index 00000000000..5109b5e9843
--- /dev/null
+++ b/lib/gitlab/lets_encrypt/order.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module LetsEncrypt
+    class Order
+      def initialize(acme_order)
+        @acme_order = acme_order
+      end
+
+      def new_challenge
+        authorization = @acme_order.authorizations.first
+        challenge = authorization.http
+        ::Gitlab::LetsEncrypt::Challenge.new(challenge)
+      end
+
+      delegate :url, :status, to: :acme_order
+
+      private
+
+      attr_reader :acme_order
+    end
+  end
+end
diff --git a/lib/gitlab/sentry.rb b/lib/gitlab/sentry.rb
index 356e6445e0e..72c44114001 100644
--- a/lib/gitlab/sentry.rb
+++ b/lib/gitlab/sentry.rb
@@ -10,7 +10,7 @@ module Gitlab
     def self.context(current_user = nil)
       return unless enabled?
 
-      Raven.tags_context(locale: I18n.locale)
+      Raven.tags_context(default_tags)
 
       if current_user
         Raven.user_context(
@@ -44,16 +44,19 @@ module Gitlab
         extra[:issue_url] = issue_url if issue_url
         context # Make sure we've set everything we know in the context
 
-        tags = {
-          Labkit::Correlation::CorrelationId::LOG_KEY.to_sym => Labkit::Correlation::CorrelationId.current_id
-        }
-
-        Raven.capture_exception(exception, tags: tags, extra: extra)
+        Raven.capture_exception(exception, tags: default_tags, extra: extra)
       end
     end
 
     def self.should_raise_for_dev?
       Rails.env.development? || Rails.env.test?
     end
+
+    def self.default_tags
+      {
+        Labkit::Correlation::CorrelationId::LOG_KEY.to_sym => Labkit::Correlation::CorrelationId.current_id,
+        locale: I18n.locale
+      }
+    end
   end
 end
diff --git a/lib/gitlab/usage_data.rb b/lib/gitlab/usage_data.rb
index 08156d7ffa6..9aa2e972adf 100644
--- a/lib/gitlab/usage_data.rb
+++ b/lib/gitlab/usage_data.rb
@@ -26,7 +26,7 @@ module Gitlab
           uuid: Gitlab::CurrentSettings.uuid,
           hostname: Gitlab.config.gitlab.host,
           version: Gitlab::VERSION,
-          installation_type: Gitlab::INSTALLATION_TYPE,
+          installation_type: installation_type,
           active_user_count: count(User.active),
           recorded_at: Time.now,
           edition: 'CE'
@@ -81,6 +81,7 @@ module Gitlab
             milestone_lists: count(List.milestone),
             milestones: count(Milestone),
             pages_domains: count(PagesDomain),
+            pool_repositories: count(PoolRepository),
             projects: count(Project),
             projects_imported_from_github: count(Project.where(import_type: 'github')),
             projects_with_repositories_enabled: count(ProjectFeature.where('repository_access_level > ?', ProjectFeature::DISABLED)),
@@ -190,6 +191,14 @@ module Gitlab
           result[key] = approx_counts[model] || -1
         end
       end
+
+      def installation_type
+        if Rails.env.production?
+          Gitlab::INSTALLATION_TYPE
+        else
+          "gitlab-development-kit"
+        end
+      end
     end
   end
 end